Ekuqaleni kwale nyanga, ngoMeyi 3, kwamenyezelwa ukukhululwa okukhulu “kohlelo lokuphatha lokusatshalaliswa kwedatha eKubernetes” -
Ngamafuphi, i-Rook iyisethi
Okwamanje ethuthuke kakhulu (kanye
Ukubhala: Phakathi kwezinguquko ezibalulekile ekukhishweni kwe-Rook 1.0.0 okuhlobene ne-Ceph, singaphawula ukusekelwa kwe-Ceph Nautilus kanye nekhono lokusebenzisa i-NFS kumabhakede e-CephFS noma e-RGW. Okugqamayo phakathi kokunye ukuvuthwa kokusekelwa kwe-EdgeFS kuya ezingeni le-beta.
Ngakho, kulesi sihloko:
- Ake siphendule umbuzo mayelana nokuthi yiziphi izinzuzo esizibonayo ekusebenziseni i-Rook ukuze kusetshenziswe i-Ceph kuqoqo le-Kubernetes;
- Sizokwabelana ngolwazi lwethu kanye nemibono yokusebenzisa i-Rook ekukhiqizeni;
- Ake sikutshele ukuthi kungani sithi “Yebo!” kuRook, nangezinhlelo zethu ngaye.
Ake siqale ngemiqondo evamile kanye nethiyori.
"Nginenzuzo ye-Rook eyodwa!" (umdlali we-chess ongaziwa)
Enye yezinzuzo eziyinhloko ze-Rook ukuthi ukusebenzisana nezitolo zedatha kwenziwa ngokusebenzisa izindlela ze-Kubernetes. Lokhu kusho ukuthi awusadingi ukukopisha imiyalo ukuze ulungiselele i-Ceph kusuka eshidini ukuya kukhonsoli.
- Uyafuna ukufaka i-CephFS kuqoqo? Vele ubhale ifayela le-YAML!
- Ini? Uyafuna futhi ukuphakela isitolo sezinto nge-S3 API? Vele ubhale ifayela lesibili le-YAML!
I-Rook idalwe ngokuvumelana nayo yonke imithetho yomqhubi ojwayelekile. Ukusebenzisana naye kwenzeka ngokusebenzisa
Ake sibheke okucacisiwe sisebenzisa isibonelo sokwenza Isitolo Sezinto, noma kunalokho - CephObjectStoreUser
.
apiVersion: ceph.rook.io/v1
kind: CephObjectStore
metadata:
name: {{ .Values.s3.crdName }}
namespace: kube-rook
spec:
metadataPool:
failureDomain: host
replicated:
size: 3
dataPool:
failureDomain: host
erasureCoded:
dataChunks: 2
codingChunks: 1
gateway:
type: s3
sslCertificateRef:
port: 80
securePort:
instances: 1
allNodes: false
---
apiVersion: ceph.rook.io/v1
kind: CephObjectStoreUser
metadata:
name: {{ .Values.s3.crdName }}
namespace: kube-rook
spec:
store: {{ .Values.s3.crdName }}
displayName: {{ .Values.s3.username }}
Amapharamitha akhonjiswe ohlwini ajwayelekile futhi awadingi ukuphawula, kodwa kufanelekile ukunaka ngokukhethekile lawo abelwe okuguquguqukayo kwezifanekiso.
Uhlelo olujwayelekile lomsebenzi lwehlela eqinisweni lokuthi “siyala” izinsiza ngefayela le-YAML, lapho u-opharetha enza khona imiyalo edingekayo futhi asibuyisele imfihlo “okungeyona eyangempela” esingaqhubeka ngayo sisebenze. (bona ngezansi). Futhi kusukela kokuguquguqukayo okubalwe ngenhla, umyalo negama eliyimfihlo lizohlanganiswa.
Iqembu elinjani leli? Lapho udala umsebenzisi wokugcina into, u-opharetha we-Rook ngaphakathi kwe-pod uzokwenza lokhu okulandelayo:
radosgw-admin user create --uid="rook-user" --display-name="{{ .Values.s3.username }}"
Umphumela wokwenza lo myalo uzoba isakhiwo se-JSON:
{
"user_id": "rook-user",
"display_name": "{{ .Values.s3.username }}",
"keys": [
{
"user": "rook-user",
"access_key": "NRWGT19TWMYOB1YDBV1Y",
"secret_key": "gr1VEGIV7rxcP3xvXDFCo4UDwwl2YoNrmtRlIAty"
}
],
...
}
Keys
- yiziphi izinhlelo zokusebenza zesikhathi esizayo ezizodinga ukufinyelela isitoreji sento nge-S3 API. Umsebenzisi we-Rook uwakhetha ngomusa futhi awabeke endaweni yakhe yamagama ngendlela eyimfihlo enegama rook-ceph-object-user-{{ $.Values.s3.crdName }}-{{ $.Values.s3.username }}
.
Ukuze usebenzise idatha evela kule mfihlo, vele uyengeze esitsheni njengokuguquguquka kwemvelo. Njengesibonelo, ngizonikeza isifanekiso somsebenzi, lapho sakha khona amabhakede ngokuzenzakalelayo endaweni ngayinye yomsebenzisi:
{{- range $bucket := $.Values.s3.bucketNames }}
apiVersion: batch/v1
kind: Job
metadata:
name: create-{{ $bucket }}-bucket-job
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "2"
spec:
template:
metadata:
name: create-{{ $bucket }}-bucket-job
spec:
restartPolicy: Never
initContainers:
- name: waitdns
image: alpine:3.6
command: ["/bin/sh", "-c", "while ! getent ahostsv4 rook-ceph-rgw-{{ $.Values.s3.crdName }}; do sleep 1; done" ]
- name: config
image: rook/ceph:v1.0.0
command: ["/bin/sh", "-c"]
args: ["s3cmd --configure --access_key=$(ACCESS-KEY) --secret_key=$(SECRET-KEY) -s --no-ssl --dump-config | tee /config/.s3cfg"]
volumeMounts:
- name: config
mountPath: /config
env:
- name: ACCESS-KEY
valueFrom:
secretKeyRef:
name: rook-ceph-object-user-{{ $.Values.s3.crdName }}-{{ $.Values.s3.username }}
key: AccessKey
- name: SECRET-KEY
valueFrom:
secretKeyRef:
name: rook-ceph-object-user-{{ $.Values.s3.crdName }}-{{ $.Values.s3.username }}
key: SecretKey
containers:
- name: create-bucket
image: rook/ceph:v1.0.0
command:
- "s3cmd"
- "mb"
- "--host=rook-ceph-rgw-{{ $.Values.s3.crdName }}"
- "--host-bucket= "
- "s3://{{ $bucket }}"
ports:
- name: s3-no-sll
containerPort: 80
volumeMounts:
- name: config
mountPath: /root
volumes:
- name: config
emptyDir: {}
---
{{- end }}
Zonke izenzo ezibalwe kulo Jobe zenziwa ngaphansi kohlaka lukaKubernetes. Izakhiwo ezichazwe kumafayela e-YAML zigcinwa endaweni yokugcina ye-Git futhi ziphinde zisetshenziswe izikhathi eziningi. Lokhu sikubona njengokuhlanganisa okukhulu konjiniyela be-DevOps kanye nenqubo ye-CI/CD iyonke.
Ngijabule ngoRook noRados
Ukusebenzisa inhlanganisela ye-Ceph + RBD kubeka imingcele ethile ekukhuphuleni amavolumu kuma-pods.
Ikakhulukazi, indawo yamagama kumele iqukathe imfihlo yokufinyelela i-Ceph ukuze izinhlelo zokusebenza ezisezingeni eliphezulu zisebenze. Kulungile uma unezindawo ezingu-2-3 ezindaweni zazo zamagama: ungahamba futhi ukopishe imfihlo ngokwenza. Kodwa kuthiwani uma isici ngasinye kwakheka indawo ehlukile enegama layo lonjiniyela?
Le nkinga siyixazulule ngokwethu sisebenzisa
#! /bin/bash
if [[ $1 == “--config” ]]; then
cat <<EOF
{"onKubernetesEvent":[
{"name": "OnNewNamespace",
"kind": "namespace",
"event": ["add"]
}
]}
EOF
else
NAMESPACE=$(kubectl get namespace -o json | jq '.items | max_by( .metadata.creationTimestamp ) | .metadata.name')
kubectl -n ${CEPH_SECRET_NAMESPACE} get secret ${CEPH_SECRET_NAME} -o json | jq ".metadata.namespace="${NAMESPACE}"" | kubectl apply -f -
fi
Kodwa-ke, uma usebenzisa i-Rook le nkinga ayikho. Inqubo ukukhweza kwenzeka usebenzisa abashayeli bayo esekelwe
I-Rook ixazulula izinkinga eziningi ngokuzenzakalelayo, okusikhuthaza ukuthi siyisebenzise kumaphrojekthi amasha.
Ukuvinjezelwa kweRook
Masiqedele ingxenye esebenzayo ngokuthumela u-Rook no-Ceph ukuze sikwazi ukwenza okwethu ukuhlola. Ukwenza kube lula ukuhlasela lo mbhoshongo ongangeneki, abathuthukisi balungiselele iphakethe le-Helm. Masiyilande:
$ helm fetch rook-master/rook-ceph --untar --version 1.0.0
Kufayela rook-ceph/values.yaml
ungathola izilungiselelo eziningi ezahlukene. Into ebaluleke kakhulu ukucacisa ukubekezelelwa kwama-ejenti nokusesha. Sichaze ngokuningiliziwe ukuthi indlela yokubekezelela ingasetshenziselwa ini
Ngamafuphi, asifuni ukuthi ama-pods ohlelo lweklayenti abekwe ezindaweni ezifanayo namadiski okugcina idatha. Isizathu silula: ngale ndlela umsebenzi we-Rook agents ngeke uthinte uhlelo lokusebenza ngokwalo.
Ngakho, vula ifayela rook-ceph/values.yaml
nomhleli wakho owuthandayo bese wengeza ibhulokhi elandelayo ekugcineni:
discover:
toleration: NoExecute
tolerationKey: node-role/storage
agent:
toleration: NoExecute
tolerationKey: node-role/storage
mountSecurityMode: Any
Kunodi ngayinye ibekelwe ukugcinwa kwedatha, engeza ukugcotshwa okuhambisanayo:
$ kubectl taint node ${NODE_NAME} node-role/storage="":NoExecute
Bese ufaka ishadi le-Helm ngomyalo:
$ helm install --namespace ${ROOK_NAMESPACE} ./rook-ceph
Manje udinga ukudala iqoqo futhi ucacise indawo
apiVersion: ceph.rook.io/v1
kind: CephCluster
metadata:
clusterName: "ceph"
finalizers:
- cephcluster.ceph.rook.io
generation: 1
name: rook-ceph
spec:
cephVersion:
image: ceph/ceph:v13
dashboard:
enabled: true
dataDirHostPath: /var/lib/rook/osd
mon:
allowMultiplePerNode: false
count: 3
network:
hostNetwork: true
rbdMirroring:
workers: 1
placement:
all:
tolerations:
- key: node-role/storage
operator: Exists
storage:
useAllNodes: false
useAllDevices: false
config:
osdsPerDevice: "1"
storeType: filestore
resources:
limits:
memory: "1024Mi"
requests:
memory: "1024Mi"
nodes:
- name: host-1
directories:
- path: "/mnt/osd"
- name: host-2
directories:
- path: "/mnt/osd"
- name: host-3
directories:
- path: "/mnt/osd"
Ihlola isimo se-Ceph - lindela ukubona HEALTH_OK
:
$ kubectl -n ${ROOK_NAMESPACE} exec $(kubectl -n ${ROOK_NAMESPACE} get pod -l app=rook-ceph-operator -o name -o jsonpath='{.items[0].metadata.name}') -- ceph -s
Ngasikhathi sinye, ake sihlole ukuthi ama-pods anohlelo lweklayenti awapheli kumanodi abekelwe i-Ceph:
$ kubectl -n ${APPLICATION_NAMESPACE} get pods -o custom-columns=NAME:.metadata.name,NODE:.spec.nodeName
Ngaphezu kwalokho, izingxenye ezengeziwe zingahlelwa ngendlela othanda ngayo. Imininingwane eminingi ngabo ikhonjisiwe ku
I-Rook namahhuku: ingabe i-Rook yanele yonke into?
Njengoba ubona, ukuthuthukiswa kwe-Rook kuhamba ngokugcwele. Kepha kusenezinkinga ezingasivumeli ukuthi silahle ngokuphelele ukucushwa kwe-Ceph:
- Akekho umshayeli we-Rook
ngeke ukuthekelisa amamethrikhi ekusetshenzisweni kwamabhulokhi agxunyekiwe, okusincisha ukuqapha. - I-Flexvolume ne-CSI
angazi kanjani shintsha usayizi wamavolumu (ngokungafani ne-RBD efanayo), ngakho u-Rook uncishwa ithuluzi eliwusizo (futhi ngezinye izikhathi elidingeka kakhulu!) - U-Rook akakaguquki njengeCeph evamile. Uma sifuna ukulungisa ichibi ukuze imethadatha ye-CephFS igcinwe ku-SSD, futhi idatha ngokwayo izogcinwa ku-HDD, sizodinga ukubhalisa amaqembu ahlukene wamadivayisi kumamephu we-CRUSH mathupha.
- Ngaphandle kweqiniso lokuthi i-rook-ceph-opharetha ibhekwa njengezinzile, okwamanje kunezinkinga ezithile lapho kuthuthukiswa i-Ceph kusuka kunguqulo 13 kuya ku-14.
okutholakele
“Njengamanje uRook uvalelwe ngaphandle yizimbangi, kodwa sikholwa ukuthi ngolunye usuku uzodlala indima ebalulekile kulo mdlalo!” (Ingcaphuno esungulwe ngokukhethekile lesi sihloko)
Iphrojekthi ye-Rook ngokungangabazeki izizuzile izinhliziyo zethu - sikholelwa ukuthi [nabo bonke ubuhle nobubi bayo] ikufanele nakanjani ukunakwa.
Izinhlelo zethu zesikhathi esizayo zigxila ekwenzeni i-rook-ceph ibe imojuli yayo
PS
Funda futhi kubhulogi yethu:
- «
I-Rook - indawo yokugcina idatha "yokuzisiza" ye-Kubernetes "; - «
Ukudala isitoreji esiqhubekayo ngokuhlinzekwa ku-Kubernetes okusekelwe ku-Ceph "; - «
Imininingo egciniwe kanye ne-Kubernetes (isibuyekezo kanye nombiko wevidiyo) "; - «
Sethula i-shell-opharetha: ukudala ama-opharetha e-Kubernetes sekulula "; - «
Ama-Opharetha e-Kubernetes: ukuthi zisebenza kanjani izinhlelo zokusebenza ezisezingeni eliphakeme ".
Source: www.habr.com