ProHoster > Ibhulogi > Ulawulo > Umzekelo osebenzayo wokudibanisa i-Ceph-based storage ukuya kwiqela le-Kubernetes

Umzekelo osebenzayo wokudibanisa i-Ceph-based storage ukuya kwiqela le-Kubernetes

IsiBonelelo sokuGcinwa kweSikhongozeli (CSI) lunxibelelwano olumanyeneyo phakathi kweKubernetes kunye neenkqubo zokugcina. Sele sithethile ngayo ngokufutshane uxelelwe, kwaye namhlanje siza kujonga ngakumbi ukudibanisa kweCSI kunye neCeph: siya kubonisa indlela qhagamshela iCeph yokugcina ukuya kwiqela leKubernetes.
Inqaku libonelela ngemizekelo yokwenyani, nangona yenziwe lula kancinane ukuze kube lula ukuqonda. Asicingi ngokufaka kunye nokuqwalasela amaqela e-Ceph kunye ne-Kubernetes.

Ngaba uyazibuza ukuba isebenza njani?

Umzekelo osebenzayo wokudibanisa i-Ceph-based storage ukuya kwiqela le-Kubernetes

Ke, uneqela le-Kubernetes ezandleni zakho, ibekwe, umzekelo, kubespray. Kukho iqela leCeph elisebenza kufutshane - ungayifaka kwakhona, umzekelo, ngale nto iseti yeencwadi zokudlala. Ndiyathemba ukuba akukho mfuneko yokukhankanya ukuba ukuveliswa phakathi kwabo kufuneka kubekho inethiwekhi ene-bandwidth ubuncinane ye-10 Gbit / s.

Ukuba unayo yonke le nto, masihambe!

Okokuqala, masiye kwenye yeenodi zeqela leCeph kwaye sijonge ukuba yonke into ilungile na:

ceph health
ceph -s

Okulandelayo, ngokukhawuleza siza kudala ichibi leediski ze-RBD:

ceph osd pool create kube 32
ceph osd pool application enable kube rbd

Masiqhubele phambili kwiqela leKubernetes. Apho, okokuqala, siya kufaka umqhubi weCeph CSI weRBD. Siza kufaka, njengoko kulindelekile, ngeHelm.
Songeza indawo yokugcina kunye netshati, sifumana uluhlu lwezinto eziguquguqukayo zetshathi ye-ceph-csi-rbd:

helm repo add ceph-csi https://ceph.github.io/csi-charts
helm inspect values ceph-csi/ceph-csi-rbd > cephrbd.yml

Ngoku kufuneka ugcwalise ifayile ye-cephrbd.yml. Ukwenza oku, fumana i-ID yeqela kunye needilesi ze-IP zabahloli kwi-Ceph:

ceph fsid  # Ρ‚Π°ΠΊ ΠΌΡ‹ ΡƒΠ·Π½Π°Π΅ΠΌ clusterID
ceph mon dump  # Π° Ρ‚Π°ΠΊ ΡƒΠ²ΠΈΠ΄ΠΈΠΌ IP-адрСса ΠΌΠΎΠ½ΠΈΡ‚ΠΎΡ€ΠΎΠ²

Sifaka amaxabiso afunyenweyo kwifayile ye-cephrbd.yml. Ngexesha elifanayo, senza ukuba kuqulunqwe imigaqo-nkqubo ye-PSP (iPolisi zoKhuseleko lwePod). Iinketho kumacandelo nodeplugin ΠΈ umboneleli sele ikwifayile, inokulungiswa njengoko kubonisiwe ngezantsi:

csiConfig:
  - clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
    monitors:
      - "v2:172.18.8.5:3300/0,v1:172.18.8.5:6789/0"
      - "v2:172.18.8.6:3300/0,v1:172.18.8.6:6789/0"
      - "v2:172.18.8.7:3300/0,v1:172.18.8.7:6789/0"

nodeplugin:
  podSecurityPolicy:
    enabled: true

provisioner:
  podSecurityPolicy:
    enabled: true

Okulandelayo, konke okuseleyo kuthi kukufakela itshati kwiqela leKubernetes.

helm upgrade -i ceph-csi-rbd ceph-csi/ceph-csi-rbd -f cephrbd.yml -n ceph-csi-rbd --create-namespace

Kakhulu, umqhubi weRBD uyasebenza!
Masenze iClass entsha yokuGcina kwiKubernetes. Oku kwakhona kufuna kancinci ukukhenketha noCeph.

Senza umsebenzisi omtsha kwiCeph kwaye simnike amalungelo okubhala echibini Ityhubhu:

ceph auth get-or-create client.rbdkube mon 'profile rbd' osd 'profile rbd pool=kube'

Ngoku makhe sibone ukuba isitshixo sokufikelela sisekho:

ceph auth get-key client.rbdkube

Umyalelo uya kukhupha into enje:

AQCO9NJbhYipKRAAMqZsnqqS/T8OYQX20xIa9A==

Masiyongeze eli xabiso kwiMfihlo kwiqela le-Kubernetes - apho silifuna khona owona msbenzisi:

---
apiVersion: v1
kind: Secret
metadata:
  name: csi-rbd-secret
  namespace: ceph-csi-rbd
stringData:
  # ЗначСния ΠΊΠ»ΡŽΡ‡Π΅ΠΉ ΡΠΎΠΎΡ‚Π²Π΅Ρ‚ΡΡ‚Π²ΡƒΡŽΡ‚ ΠΈΠΌΠ΅Π½ΠΈ ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»Ρ ΠΈ Π΅Π³ΠΎ ΠΊΠ»ΡŽΡ‡Ρƒ, ΠΊΠ°ΠΊ ΡƒΠΊΠ°Π·Π°Π½ΠΎ Π²
  # кластСрС Ceph. ID ΡŽΠ·Π΅Ρ€Π° Π΄ΠΎΠ»ΠΆΠ΅Π½ ΠΈΠΌΠ΅Ρ‚ΡŒ доступ ΠΊ ΠΏΡƒΠ»Ρƒ,
  # ΡƒΠΊΠ°Π·Π°Π½Π½ΠΎΠΌΡƒ Π² storage class
  userID: rbdkube
  userKey: <user-key>

Kwaye sidala imfihlo yethu:

kubectl apply -f secret.yaml

Okulandelayo, sifuna iStoreClass ibonakalise into enje:

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
   name: csi-rbd-sc
provisioner: rbd.csi.ceph.com
parameters:
   clusterID: <cluster-id>
   pool: kube

   imageFeatures: layering

   # Π­Ρ‚ΠΈ сСкрСты Π΄ΠΎΠ»ΠΆΠ½Ρ‹ ΡΠΎΠ΄Π΅Ρ€ΠΆΠ°Ρ‚ΡŒ Π΄Π°Π½Π½Ρ‹Π΅ для Π°Π²Ρ‚ΠΎΡ€ΠΈΠ·Π°Ρ†ΠΈΠΈ
   # Π² ваш ΠΏΡƒΠ».
   csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
   csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-rbd
   csi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secret
   csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-rbd
   csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
   csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-rbd

   csi.storage.k8s.io/fstype: ext4

reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
  - discard

Kufuneka izaliswe clusterID, esele siyifundile liqela ceph fsid, kwaye usebenzise le manifesto kwiqela leKubernetes:

kubectl apply -f storageclass.yaml

Ukujonga indlela amaqela asebenza ngayo kunye, makhe senze le PVC ilandelayo (iBango loMqulu oZingisayo):

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: rbd-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: csi-rbd-sc

Makhe sibone ngokukhawuleza ukuba uKubernetes udale njani umthamo oceliweyo kwiCeph:

kubectl get pvc
kubectl get pv

Yonke into ibonakala ilungile! Ijongeka njani lento kwicala likaCeph?
Sifumana uluhlu lwemithamo equleni kwaye sijonge ulwazi malunga nomthamo wethu:

rbd ls -p kube
rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653  # Ρ‚ΡƒΡ‚, ΠΊΠΎΠ½Π΅Ρ‡Π½ΠΎ ΠΆΠ΅, Π±ΡƒΠ΄Π΅Ρ‚ Π΄Ρ€ΡƒΠ³ΠΎΠΉ ID Ρ‚ΠΎΠΌΠ°, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ Π²Ρ‹Π΄Π°Π»Π° прСдыдущая ΠΊΠΎΠΌΠ°Π½Π΄Π°

Ngoku makhe sibone ukuba ukusebenza ngokutsha kwevolumu ye-RBD kusebenza njani.
Guqula ubungakanani bevolyum kwi-manifest ye-pvc.yaml ukuya ku-2Gi kwaye uyisebenzise:

kubectl apply -f pvc.yaml

Masilinde ukuba utshintsho lusebenze kwaye sijonge ubungakanani bevolumu kwakhona.

rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653

kubectl get pv
kubectl get pvc

Siyabona ukuba ubukhulu bePVC abukatshintshi. Ukufumanisa ukuba kutheni, ungabuza uKubernetes ngenkcazo ye-YAML yePVC:

kubectl get pvc rbd-pvc -o yaml

Nantsi ingxaki:

umyalezo: Ilindele umsebenzisi ukuba (aphinde) aqale i-pod ukugqiba isixokelelwano sefayile yobungakanani bobungakanani bomthamo kwindawo. uhlobo: FileSystemResizePending

Oko kukuthi, idiski ikhulile, kodwa inkqubo yefayile kuyo ayikhange.
Ukukhulisa inkqubo yefayile, kufuneka unyuse umthamo. Kwilizwe lethu, i-PVC / PV eyenziwe ngoku ayisetyenziswanga nangayiphi na indlela.

Sinokwenza iPod yovavanyo, umzekelo onje:

---
apiVersion: v1
kind: Pod
metadata:
  name: csi-rbd-demo-pod
spec:
  containers:
    - name: web-server
      image: nginx:1.17.6
      volumeMounts:
        - name: mypvc
          mountPath: /data
  volumes:
    - name: mypvc
      persistentVolumeClaim:
        claimName: rbd-pvc
        readOnly: false

Kwaye ngoku makhe sijonge iPVC:

kubectl get pvc

Ubungakanani butshintshile, yonke into ilungile.

Kwinxalenye yokuqala, sisebenze kunye nesixhobo sebhloko se-RBD (imele i-Rados Block Device), kodwa oku akunakwenziwa ukuba ii-microservices ezahlukeneyo kufuneka zisebenze nale diski ngaxeshanye. I-CephFS ilunge ngakumbi ekusebenzeni ngeefayile kunemifanekiso yedisk.
Ukusebenzisa umzekelo wamaqela e-Ceph kunye ne-Kubernetes, siya kumisela i-CSI kunye namanye amaziko ayimfuneko ukuze asebenze ne-CephFS.

Masifumane amaxabiso kwitshathi yeHelm entsha esiyidingayo:

helm inspect values ceph-csi/ceph-csi-cephfs > cephfs.yml

Kwakhona kufuneka ugcwalise ifayile ye-cephfs.yml. Njengangaphambili, imiyalelo kaCeph iya kunceda:

ceph fsid
ceph mon dump

Gcwalisa ifayile ngamaxabiso anje:

csiConfig:
  - clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
    monitors:
      - "172.18.8.5:6789"
      - "172.18.8.6:6789"
      - "172.18.8.7:6789"

nodeplugin:
  httpMetrics:
    enabled: true
    containerPort: 8091
  podSecurityPolicy:
    enabled: true

provisioner:
  replicaCount: 1
  podSecurityPolicy:
    enabled: true

Nceda uqaphele ukuba iidilesi zokubeka iliso zichazwe kwidilesi yefom elula: port. Ukunyusa i-cephfs kwi-node, ezi dilesi zigqithiselwa kwimodyuli ye-kernel, engekayazi indlela yokusebenza kunye ne-v2 monitor protocol.
Sitshintsha i-port ye-http Metrics (i-Prometheus iya kuya apho i-metrics esweni) ukuze ingangqubani ne-nginx-proxy, efakwe yi-Kubespray. Usenokungayifuni le nto.

Faka itshathi yeHelm kwiqela leKubernetes:

helm upgrade -i ceph-csi-cephfs ceph-csi/ceph-csi-cephfs -f cephfs.yml -n ceph-csi-cephfs --create-namespace

Makhe siye kwivenkile yedatha yeCeph ukwenza umsebenzisi owahlukileyo apho. Amaxwebhu achaza ukuba umboneleli weCephFS ufuna amalungelo okufikelela kumlawuli weqela. Kodwa siya kudala umsebenzisi owahlukileyo fs ngamalungelo alinganiselweyo:

ceph auth get-or-create client.fs mon 'allow r' mgr 'allow rw' mds 'allow rws' osd 'allow rw pool=cephfs_data, allow rw pool=cephfs_metadata'

Kwaye masijonge kwangoko isitshixo sakhe sokufikelela, siya kusidinga kamva:

ceph auth get-key client.fs

Masidale iMfihlo kunye neClass yokuGcina eyahlukileyo.
Akukho nto intsha, sele siyibonile oku kumzekelo we-RBD:

---
apiVersion: v1
kind: Secret
metadata:
  name: csi-cephfs-secret
  namespace: ceph-csi-cephfs
stringData:
  # НСобходимо для динамичСски создаваСмых Ρ‚ΠΎΠΌΠΎΠ²
  adminID: fs
  adminKey: <Π²Ρ‹Π²ΠΎΠ΄ ΠΏΡ€Π΅Π΄Ρ‹Π΄ΡƒΡ‰Π΅ΠΉ ΠΊΠΎΠΌΠ°Π½Π΄Ρ‹>

Ukusebenzisa i-manifest:

kubectl apply -f secret.yaml

Kwaye ngoku-Igumbi lokuGcina elahlukileyo:

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: csi-cephfs-sc
provisioner: cephfs.csi.ceph.com
parameters:
  clusterID: <cluster-id>

  # Имя Ρ„Π°ΠΉΠ»ΠΎΠ²ΠΎΠΉ систСмы CephFS, Π² ΠΊΠΎΡ‚ΠΎΡ€ΠΎΠΉ Π±ΡƒΠ΄Π΅Ρ‚ создан Ρ‚ΠΎΠΌ
  fsName: cephfs

  # (Π½Π΅ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ) ΠŸΡƒΠ» Ceph, Π² ΠΊΠΎΡ‚ΠΎΡ€ΠΎΠΌ Π±ΡƒΠ΄ΡƒΡ‚ Ρ…Ρ€Π°Π½ΠΈΡ‚ΡŒΡΡ Π΄Π°Π½Π½Ρ‹Π΅ Ρ‚ΠΎΠΌΠ°
  # pool: cephfs_data

  # (Π½Π΅ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ) Π Π°Π·Π΄Π΅Π»Π΅Π½Π½Ρ‹Π΅ запятыми ΠΎΠΏΡ†ΠΈΠΈ монтирования для Ceph-fuse
  # Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€:
  # fuseMountOptions: debug

  # (Π½Π΅ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ) Π Π°Π·Π΄Π΅Π»Π΅Π½Π½Ρ‹Π΅ запятыми ΠΎΠΏΡ†ΠΈΠΈ монтирования CephFS для ядра
  # Π‘ΠΌ. man mount.ceph Ρ‡Ρ‚ΠΎΠ±Ρ‹ ΡƒΠ·Π½Π°Ρ‚ΡŒ список этих ΠΎΠΏΡ†ΠΈΠΉ. НапримСр:
  # kernelMountOptions: readdir_max_bytes=1048576,norbytes

  # Π‘Π΅ΠΊΡ€Π΅Ρ‚Ρ‹ Π΄ΠΎΠ»ΠΆΠ½Ρ‹ ΡΠΎΠ΄Π΅Ρ€ΠΆΠ°Ρ‚ΡŒ доступы для Π°Π΄ΠΌΠΈΠ½Π° ΠΈ/ΠΈΠ»ΠΈ ΡŽΠ·Π΅Ρ€Π° Ceph.
  csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
  csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-cephfs
  csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
  csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-cephfs
  csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
  csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-cephfs

  # (Π½Π΅ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ) Π”Ρ€Π°ΠΉΠ²Π΅Ρ€ ΠΌΠΎΠΆΠ΅Ρ‚ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒ Π»ΠΈΠ±ΠΎ ceph-fuse (fuse), 
  # Π»ΠΈΠ±ΠΎ ceph kernelclient (kernel).
  # Если Π½Π΅ ΡƒΠΊΠ°Π·Π°Π½ΠΎ, Π±ΡƒΠ΄Π΅Ρ‚ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒΡΡ ΠΌΠΎΠ½Ρ‚ΠΈΡ€ΠΎΠ²Π°Π½ΠΈΠ΅ Ρ‚ΠΎΠΌΠΎΠ² ΠΏΠΎ ΡƒΠΌΠΎΠ»Ρ‡Π°Π½ΠΈΡŽ,
  # это опрСдСляСтся поиском ceph-fuse ΠΈ mount.ceph
  # mounter: kernel
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
  - debug

Masiyigcwalise apha clusterID kwaye iyasebenza eKubernetes:

kubectl apply -f storageclass.yaml

ukuhlola

Ukujonga, njengakumzekelo wangaphambili, masenze iPVC:

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: csi-cephfs-pvc
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  storageClassName: csi-cephfs-sc

Kwaye jonga ubukho bePVC/PV:

kubectl get pvc
kubectl get pv

Ukuba ufuna ukujonga iifayile kunye nabalawuli kwi-CephFS, ungayinyusa le nkqubo yefayile kwenye indawo. Umzekelo njengoko kubonisiwe ngezantsi.

Makhe siye kwenye yeenodi zeqela leCeph kwaye senze ezi ntshukumo zilandelayo:

# Π’ΠΎΡ‡ΠΊΠ° монтирования
mkdir -p /mnt/cephfs

# Π‘ΠΎΠ·Π΄Π°Ρ‘ΠΌ Ρ„Π°ΠΉΠ» с ΠΊΠ»ΡŽΡ‡ΠΎΠΌ администратора
ceph auth get-key client.admin >/etc/ceph/secret.key

# ДобавляСм запись Π² /etc/fstab
# !! ИзмСняСм ip адрСс Π½Π° адрСс нашСго ΡƒΠ·Π»Π°
echo "172.18.8.6:6789:/ /mnt/cephfs ceph name=admin,secretfile=/etc/ceph/secret.key,noatime,_netdev    0       2" >> /etc/fstab

mount /mnt/cephfs

Ewe kunjalo, ukufaka iFS kwindawo yeCeph efana nale ilungele kuphela iinjongo zoqeqesho, yile nto siyenzayo yethu. Izifundo ze-slurm. Andiqondi ukuba nabani na onokwenza oku kwimveliso; kukho umngcipheko omkhulu wokucima iifayile ezibalulekileyo ngengozi.

Kwaye okokugqibela, makhe sijonge ukuba izinto zisebenza njani ngohlengahlengiso lweevolumu kwimeko yeCephFS. Masibuyele kwi-Kubernetes kwaye sihlele i-manifest yethu ye-PVC-yandisa ubungakanani apho, umzekelo, ukuya kwi-7Gi.

Masisebenzise ifayile ehleliweyo:

kubectl apply -f pvc.yaml

Makhe sijonge kuluhlu olunyusiweyo ukuze sibone ukuba i-quota itshintshe njani:

getfattr -n ceph.quota.max_bytes <ΠΊΠ°Ρ‚Π°Π»ΠΎΠ³-с-Π΄Π°Π½Π½Ρ‹ΠΌΠΈ>

Ukuze lo myalelo usebenze, kungafuneka ufakele ipakethe kwindlela yakho attr.

Amehlo ayoyika, kodwa izandla ziyayoyika

Zonke ezi zipela kunye nokubonakaliswa okude kwe-YAML kubonakala kuntsonkothile kumphezulu, kodwa ngokuziqhelanisa, abafundi be-Slurm bafumana ukuxhoma kubo ngokukhawuleza.
Kweli nqaku asizange singene nzulu ehlathini - kukho amaxwebhu asemthethweni aloo nto. Ukuba unomdla kwiinkcukacha zokuseta i-Ceph yokugcina kunye neqela le-Kubernetes, la makhonkco aya kunceda:

Imigaqo ngokubanzi yeKubernetes esebenza ngemiqulu
Uxwebhu lweRBD
Ukudibanisa i-RBD kunye ne-Kubernetes ukusuka kumbono weCeph
Ukudibanisa i-RBD kunye ne-Kubernetes ukusuka kumbono we-CSI
Uxwebhu lweCephFS ngokubanzi
Ukudibanisa i-CephFS kunye ne-Kubernetes ukusuka kumbono we-CSI

Kwikhosi yeSlurm Kubernetes Base ungaya phambili kancinci kwaye usebenzise usetyenziso lokwenyani kwi-Kubernetes eya kusebenzisa i-CephFS njengogcino lwefayile. Ngezicelo ze-GET/POST uya kuba nako ukuthumela iifayile kwaye uzifumane kuCeph.

Kwaye ukuba unomdla ngakumbi kugcino lwedatha, ke ubhalisele ikhosi entsha kuCeph. Ngelixa uvavanyo lwe-beta luqhubeka, ikhosi inokufumaneka ngesaphulelo kwaye unokuphembelela umxholo wayo.

Umbhali wenqaku: Alexander Shvalov, injineli eqhubayo I-Southbridge, Umlawuli oqinisekisiweyo we-Kubernetes, umbhali kunye nomphuhlisi wezifundo ze-Slurm.

umthombo: www.habr.com