Ko te Atanga Rokiroki Ipu (CSI) he atanga whakakotahi i waenga i nga Kubernetes me nga punaha rokiroki. Kua korero poto matou mo tena
Ko te tuhinga e whakarato ana i nga tauira pono, ahakoa he iti noa nga tauira mo te ngawari o te tirohanga. Kaore matou e whakaaro ki te whakauru me te whirihora i nga tautau Ceph me Kubernetes.
Kei te miharo koe me pehea te mahi?
Na, kei a koe he kahui Kubernetes kei o maihao, kua tukuna, hei tauira,
Mena kei a koe enei mea katoa, me haere!
Tuatahi, me haere tatou ki tetahi o nga kohinga kohinga Ceph ka tirohia kei te pai nga mea katoa:
ceph health
ceph -s
I muri mai, ka hangaia e matou he puna mo nga kopae RBD:
ceph osd pool create kube 32
ceph osd pool application enable kube rbd
Me neke atu ki te roopu Kubernetes. I reira, tuatahi, ka whakauruhia e matou te taraiwa Ceph CSI mo RBD. Ka whakauruhia e matou, pera me te tumanako, ma te Helm.
Ka taapirihia he putunga me te tūtohi, ka whiwhi i te huinga taurangi mo te tūtohi ceph-csi-rbd:
helm repo add ceph-csi https://ceph.github.io/csi-charts
helm inspect values ceph-csi/ceph-csi-rbd > cephrbd.yml
Inaianei me whakaki e koe te konae cephrbd.yml. Ki te mahi i tenei, rapua te ID tautau me nga wahitau IP o nga kaitirotiro i Ceph:
ceph fsid # так мы узнаем clusterID
ceph mon dump # а так увидим IP-адреса мониторов
Ka whakauruhia e matou nga uara kua whiwhi ki te konae cephrbd.yml. I te ara, ka taea e matou te hanga kaupapa here PSP (Pod Security Policies). Nga whiringa i nga waahanga nodeplugin и kaiwhakawhiwhi kei roto kē i te konae, ka taea te whakatika penei i raro nei:
csiConfig:
- clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
monitors:
- "v2:172.18.8.5:3300/0,v1:172.18.8.5:6789/0"
- "v2:172.18.8.6:3300/0,v1:172.18.8.6:6789/0"
- "v2:172.18.8.7:3300/0,v1:172.18.8.7:6789/0"
nodeplugin:
podSecurityPolicy:
enabled: true
provisioner:
podSecurityPolicy:
enabled: true
I muri mai, ko nga mea katoa e toe ana ma matou ko te whakauru i te tūtohi ki te roopu Kubernetes.
helm upgrade -i ceph-csi-rbd ceph-csi/ceph-csi-rbd -f cephrbd.yml -n ceph-csi-rbd --create-namespace
He pai, kei te mahi te taraiwa RBD!
Me hanga he Rokirokinga hou ki Kubernetes. Ko tenei ano me whai waahi ki a Ceph.
Ka hangaia e matou he kaiwhakamahi hou ki Ceph ka hoatu ki a ia nga mana ki te tuhi ki te puna poraka:
ceph auth get-or-create client.rbdkube mon 'profile rbd' osd 'profile rbd pool=kube'
Inaianei kia kite tatou kei reira tonu te kī uru:
ceph auth get-key client.rbdkube
Ka whakaputahia e te whakahau tetahi mea penei:
AQCO9NJbhYipKRAAMqZsnqqS/T8OYQX20xIa9A==
Me taapiri tenei uara ki te mea ngaro i te roopu Kubernetes - kei hea e hiahia ana Kīwhakamahi:
---
apiVersion: v1
kind: Secret
metadata:
name: csi-rbd-secret
namespace: ceph-csi-rbd
stringData:
# Значения ключей соответствуют имени пользователя и его ключу, как указано в
# кластере Ceph. ID юзера должен иметь доступ к пулу,
# указанному в storage class
userID: rbdkube
userKey: <user-key>
Na ka hanga e matou ta matou mea ngaro:
kubectl apply -f secret.yaml
I muri mai, ka hiahia matou ki te Whakaaturanga StorageClass penei:
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-rbd-sc
provisioner: rbd.csi.ceph.com
parameters:
clusterID: <cluster-id>
pool: kube
imageFeatures: layering
# Эти секреты должны содержать данные для авторизации
# в ваш пул.
csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secret
csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/fstype: ext4
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- discard
Me whakakī clusterID, kua akohia e matou e te kapa kep fsid, ka hoatu tenei whakaaturanga ki te roopu Kubernetes:
kubectl apply -f storageclass.yaml
Hei tirotiro me pehea te mahi tahi o nga tautau, me hanga e tatou te PVC e whai ake nei (Kereeme Rorohiko Tonu):
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rbd-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: csi-rbd-sc
Kia kite tonu tatou me pehea i hanga ai e Kubernetes te pukapuka i tonohia i Ceph:
kubectl get pvc
kubectl get pv
He pai nga mea katoa! He aha te ahua o tenei ki te taha Ceph?
Ka whiwhi matou i te rarangi o nga pukapuka i roto i te puna kaukau me te tiro i nga korero mo to matou rōrahi:
rbd ls -p kube
rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653 # тут, конечно же, будет другой ID тома, который выдала предыдущая команда
Inaianei kia kite tatou me pehea te whakarereke i te rahinga RBD.
Hurihia te rahi o te rōrahi i te whakaaturanga pvc.yaml ki te 2Gi ka whakamahi:
kubectl apply -f pvc.yaml
Tatari kia whai mana nga huringa ka titiro ano ki te rahi o te rōrahi.
rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653
kubectl get pv
kubectl get pvc
Ka kite tatou kaore i rereke te rahi o te PVC. Kia mohio ai koe he aha, ka taea e koe te patai ki a Kubernetes mo te whakaahuatanga YAML mo te PVC:
kubectl get pvc rbd-pvc -o yaml
Anei te raru:
karere: E tatari ana mo te kaiwhakamahi ki te (anō) tīmata i te pākākano ki te whakaoti i te rahi o te rōrahi o te rōrahi o te pūnaha kōnae ki te kōpuku. momo: FileSystemResizePending
Arā, kua tipu te kōpae, engari ko te punaha konae kei runga kaore.
Hei whakatipu i te punaha konae, me whakairi koe i te rōrahi. I to tatou whenua, ko te PVC / PV i hangaia kaore i te whakamahia i tenei wa i tetahi huarahi.
Ka taea e tatou te hanga Pod whakamatautau, hei tauira penei:
---
apiVersion: v1
kind: Pod
metadata:
name: csi-rbd-demo-pod
spec:
containers:
- name: web-server
image: nginx:1.17.6
volumeMounts:
- name: mypvc
mountPath: /data
volumes:
- name: mypvc
persistentVolumeClaim:
claimName: rbd-pvc
readOnly: false
Na inaianei ka titiro tatou ki te PVC:
kubectl get pvc
Kua rereke te rahi, he pai nga mea katoa.
I te wahanga tuatahi, i mahi tahi matou me te taputapu paraka RBD (e tu ana mo te Rados Block Device), engari kaore e taea te mahi mena me mahi nga momo miihini rereke me tenei kōpae i te wa kotahi. Ko te CephFS he pai ake mo te mahi me nga konae kaore i nga whakaahua kōpae.
Ma te whakamahi i te tauira o nga tautau Ceph me Kubernetes, ka whirihorahia e matou te CSI me etahi atu hinonga e tika ana kia mahi tahi me CephFS.
Tikina nga uara mai i te tūtohi Helm hou e hiahiatia ana:
helm inspect values ceph-csi/ceph-csi-cephfs > cephfs.yml
Me whakaki ano koe i te konae cephfs.yml. Ka rite ki o mua, ka awhina nga whakahau a Ceph:
ceph fsid
ceph mon dump
Whakakiia te konae ki nga uara penei:
csiConfig:
- clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
monitors:
- "172.18.8.5:6789"
- "172.18.8.6:6789"
- "172.18.8.7:6789"
nodeplugin:
httpMetrics:
enabled: true
containerPort: 8091
podSecurityPolicy:
enabled: true
provisioner:
replicaCount: 1
podSecurityPolicy:
enabled: true
Kia mahara ko nga wahitau aroturuki kua tohua i roto i te wahitau puka ngawari: tauranga. Hei whakairi i nga cephfs i runga i te node, ka whakawhitia enei wahitau ki te koowai kernel, kaore ano kia mohio ki te mahi me te kawa aroturuki v2.
Ka hurihia e matou te tauranga mo te httpMetrics (Ka haere a Prometheus ki reira mo te aro turuki i nga inenga) kia kore ai e taupatupatu ki te nginx-proxy, kua whakauruhia e Kubespray. Kaore pea koe e hiahia ki tenei.
Tāutahia te tūtohi Helm ki te kāhui Kubernetes:
helm upgrade -i ceph-csi-cephfs ceph-csi/ceph-csi-cephfs -f cephfs.yml -n ceph-csi-cephfs --create-namespace
Me haere ki te toa raraunga Ceph ki te hanga i tetahi kaiwhakamahi motuhake ki reira. E kii ana te tuhinga ko te Kaituku CephFS e hiahia ana kia uru atu ki nga kaiwhakahaere roopu. Engari ka hanga e matou he kaiwhakamahi motuhake fs whai mana iti:
ceph auth get-or-create client.fs mon 'allow r' mgr 'allow rw' mds 'allow rws' osd 'allow rw pool=cephfs_data, allow rw pool=cephfs_metadata'
A ka titiro tonu tatou ki tana taviri uru, ka hiahia tatou i muri mai:
ceph auth get-key client.fs
Me hanga he mea huna me te StorageClass motuhake.
Kaore he mea hou, kua kite tatou i tenei i roto i te tauira o RBD:
---
apiVersion: v1
kind: Secret
metadata:
name: csi-cephfs-secret
namespace: ceph-csi-cephfs
stringData:
# Необходимо для динамически создаваемых томов
adminID: fs
adminKey: <вывод предыдущей команды>
Te tono i te whakaaturanga:
kubectl apply -f secret.yaml
Na inaianei - he StorageClass motuhake:
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-cephfs-sc
provisioner: cephfs.csi.ceph.com
parameters:
clusterID: <cluster-id>
# Имя файловой системы CephFS, в которой будет создан том
fsName: cephfs
# (необязательно) Пул Ceph, в котором будут храниться данные тома
# pool: cephfs_data
# (необязательно) Разделенные запятыми опции монтирования для Ceph-fuse
# например:
# fuseMountOptions: debug
# (необязательно) Разделенные запятыми опции монтирования CephFS для ядра
# См. man mount.ceph чтобы узнать список этих опций. Например:
# kernelMountOptions: readdir_max_bytes=1048576,norbytes
# Секреты должны содержать доступы для админа и/или юзера Ceph.
csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-cephfs
csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-cephfs
csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-cephfs
# (необязательно) Драйвер может использовать либо ceph-fuse (fuse),
# либо ceph kernelclient (kernel).
# Если не указано, будет использоваться монтирование томов по умолчанию,
# это определяется поиском ceph-fuse и mount.ceph
# mounter: kernel
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- debug
Me whakaki i konei clusterID me te tika ki Kubernetes:
kubectl apply -f storageclass.yaml
tirohanga
Hei tirotiro, penei i te tauira o mua, me hanga he PVC:
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: csi-cephfs-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: csi-cephfs-sc
A ka tirohia te aroaro o PVC/PV:
kubectl get pvc
kubectl get pv
Mena kei te pirangi koe ki te titiro ki nga konae me nga raarangi i CephFS, ka taea e koe te whakanoho i tenei punaha konae ki tetahi waahi. Hei tauira penei i raro nei.
Me haere tatou ki tetahi o nga kohinga kohinga Ceph ka mahia nga mahi e whai ake nei:
# Точка монтирования
mkdir -p /mnt/cephfs
# Создаём файл с ключом администратора
ceph auth get-key client.admin >/etc/ceph/secret.key
# Добавляем запись в /etc/fstab
# !! Изменяем ip адрес на адрес нашего узла
echo "172.18.8.6:6789:/ /mnt/cephfs ceph name=admin,secretfile=/etc/ceph/secret.key,noatime,_netdev 0 2" >> /etc/fstab
mount /mnt/cephfs
Ko te tikanga, ko te whakauru i te FS i runga i te node Ceph penei he pai noa mo nga kaupapa whakangungu, ko ta maatau e mahi
Ka mutu, kia tirohia me pehea te mahi me te whakarereke i te rahi o nga pukapuka i roto i te keehi o CephFS. Me hoki ano ki Kubernetes ka whakatika i ta tatou whakaaturanga mo PVC - whakanuia te rahi ki reira, hei tauira, ki te 7Gi.
Me tono te konae kua whakatikahia:
kubectl apply -f pvc.yaml
Me titiro ki te whaiaronga kua whakairihia kia kite i te huringa o te motunga:
getfattr -n ceph.quota.max_bytes <каталог-с-данными>
Kia mahi ai tenei whakahau, me whakauru pea koe i te kete ki to punaha attr.
Ka wehi nga kanohi, ka wehi nga ringa
Ko enei karakia me nga whakaaturanga roa o te YAML he ahua uaua i runga i te mata, engari i roto i nga mahi, ka tino tere nga akonga Slurm.
I roto i tenei tuhinga kaore matou i uru ki roto i te ngahere - he tuhinga whaimana mo tera. Mena kei te pirangi koe ki nga korero mo te whakatuu rokiroki Ceph me te roopu Kubernetes, ka awhina enei hononga:
I runga i te akoranga Slurm
A, ki te hiahia koe ki te rokiroki raraunga, ka haina mo
Kaituhi o te tuhinga: Alexander Shvalov, mahi miihini
Source: will.com