本篇文章将手把手带你在 K8s 上搭建分布式存储集群(Rook/ceph)
默认k8s 已安装完成,采用kubeadm 容器化安装
ceph:v15.2.11
rook:1.6.3
lsblk -f
NAME FSTYPE LABEL UUID MOUNTPOINT
vda
└─vda1 xfs 6f15c206-f516-4ee8-a4b7-89ad880647db /
vdb
#确认安装lvm2
yum install lvm2 -y
#启用rbd模块
modprobe rbd
cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules
do
[ -x \$file ] && \$file
done
EOF
cat > /etc/sysconfig/modules/rbd.modules << EOF
modprobe rbd
EOF
chmod 755 /etc/sysconfig/modules/rbd.modules
lsmod |grep rbd
git clone --single-branch --branch v1.6.3 https://github.com/rook/rook.git
更改配置
cd rook/cluster/examples/kubernetes/ceph
修改Rook CSI镜像地址,原本的地址可能是gcr的镜像,但是gcr的镜像无法被国内访问,所以需要同步gcr的镜像到阿里云镜像仓库,本文档已经为大家完成同步,可以直接修改如下:
vim operator.yaml
将
改为:
ROOK_CSI_REGISTRAR_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-node-driver-registrar:v2.0.1"
ROOK_CSI_RESIZER_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-resizer:v1.0.1"
ROOK_CSI_PROVISIONER_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-provisioner:v2.0.4"
ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-snapshotter:v4.0.0"
ROOK_CSI_ATTACHER_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-attacher:v3.0.2"
还是operator文件,新版本rook默认关闭了自动发现容器的部署,可以找到ROOK_ENABLE_DISCOVERY_DAEMON改成true即可:
cd cluster/examples/kubernetes/ceph
kubectl create -f crds.yaml -f common.yaml -f operator.yaml
等待容器启动,只有都running才能进行下一步
[root@k8s-master01 ceph]# kubectl -n rook-ceph get pod
NAME READY STATUS RESTARTS AGE
rook-ceph-operator-675f59664d-b9nch 1/1 Running 0 32m
rook-discover-4m68r 1/1 Running 0 40m
rook-discover-chscc 1/1 Running 0 40m
rook-discover-mmk69 1/1 Running 0 40m
kubectl create -f cluster.yaml
创建完成后,可以查看pod的状态:
[root@k8s-master01 ceph]# kubectl -n rook-ceph get pod
NAME READY STATUS RESTARTS AGE
csi-cephfsplugin-8d6zn 3/3 Running 0 39m
csi-cephfsplugin-dr6wd 3/3 Running 0 39m
csi-cephfsplugin-gblpg 3/3 Running 0 39m
csi-cephfsplugin-provisioner-846ffc6cb4-qjv7s 6/6 Running 0 39m
csi-cephfsplugin-provisioner-846ffc6cb4-wbjzg 6/6 Running 0 39m
csi-rbdplugin-6bd9t 3/3 Running 0 39m
csi-rbdplugin-9b6gt 3/3 Running 0 39m
csi-rbdplugin-9vtpp 3/3 Running 0 39m
csi-rbdplugin-provisioner-75fd5c779f-9989z 6/6 Running 0 39m
csi-rbdplugin-provisioner-75fd5c779f-zx49t 6/6 Running 0 39m
rook-ceph-crashcollector-k8s-master01-75bb6c6dd9-lnncg 1/1 Running 0 38m
rook-ceph-crashcollector-k8s-node-90-84b555c8c8-5vt72 1/1 Running 0 38m
rook-ceph-crashcollector-k8s-node-94-798667dd4b-dzvbw 1/1 Running 0 31m
rook-ceph-mgr-a-86d4459f5b-8bk49 1/1 Running 0 38m
rook-ceph-mon-a-847d986b98-tff45 1/1 Running 0 39m
rook-ceph-mon-b-566894d545-nbw2t 1/1 Running 0 39m
rook-ceph-mon-c-58c5789c6-xz5l7 1/1 Running 0 38m
rook-ceph-operator-675f59664d-b9nch 1/1 Running 0 32m
rook-ceph-osd-0-76db9d477d-dz9kf 1/1 Running 0 38m
rook-ceph-osd-1-768487dbc8-g7zq9 1/1 Running 0 31m
rook-ceph-osd-2-5d9f8d6fb-bfwtk 1/1 Running 0 31m
rook-ceph-osd-prepare-k8s-master01-4b4mp 0/1 Completed 0 31m
rook-ceph-osd-prepare-k8s-node-90-7jg4n 0/1 Completed 0 31m
rook-ceph-osd-prepare-k8s-node-94-4mb7g 0/1 Completed 0 31m
rook-discover-4m68r 1/1 Running 0 40m
rook-discover-chscc 1/1 Running 0 40m
rook-discover-mmk69 1/1 Running 0 40m
其中osd-0、osd-1、osd-2容器必须是存在且正常的,如果上述pod均正常运行成功,则视为集群安装成功。
这个文件的路径还是在ceph文件夹下
kubectl create -f toolbox.yaml -n rook-ceph
待容器Running后,即可执行相关命令:
[root@k8s-master01 ~]# kubectl -n rook-ceph exec -it deploy/rook-ceph-tools -- bash
[root@rook-ceph-tools-fc5f9586c-m2wf5 /]# ceph status
cluster:
id: 9016340d-7f90-4634-9877-aadc927c4e81
health: HEALTH_WARN
mons are allowing insecure global_id reclaim
clock skew detected on mon.b
services:
mon: 3 daemons, quorum a,b,c (age 3m)
mgr: a(active, since 44m)
osd: 3 osds: 3 up (since 38m), 3 in (since 38m)
data:
pools: 1 pools, 1 pgs
objects: 0 objects, 0 B
usage: 3.0 GiB used, 57 GiB / 60 GiB avail
pgs: 1 active+clean
常用命令:
ceph status
ceph osd status
ceph df
rados df
默认的ceph 已经安装的ceph-dashboard,但是其svc地址为service clusterIP,并不能被外部访问
kubectl apply -f dashboard-external-https.yaml
创建NodePort类型就可以被外部访问了
[root@k8s-master01 ~]# kubectl get svc -n rook-ceph|grep dashboard
rook-ceph-mgr-dashboard ClusterIP 192.168.204.219 <none> 8443/TCP 49m
rook-ceph-mgr-dashboard-external-https NodePort 192.168.34.227 <none> 8443:32529/TCP 49m
浏览器访问(master01-ip换成自己的集群ip):
https://master01-ip:32529/#/login?returnUrl=%2Fdashboard
用户名默认是admin,至于密码可以通过以下代码获取:
kubectl -n rook-ceph get secret rook-ceph-dashboard-password -o jsonpath="{['data']['password']}"|base64 --decode && echo
kubectl -n rook-ceph delete cephcluster rook-ceph
确认上一步删除之后,查询一下
kubectl -n rook-ceph get cephcluster
kubectl delete -f operator.yaml
kubectl delete -f common.yaml
kubectl delete -f crds.yaml
rook创建cluster的时候会把部分数据卸载本机的/var/lib/rook(dataDirHostPath指定的目录)中,如果不删除会影响下次集群部署,rook据说下个版本会增加k8s 本地存储调用的功能,就不会直接存在硬盘上了
rm -rf /var/lib/rook
创建osd时被写入了数据,需要擦除,否则无法再次创建ceph集群,脚本中有各种硬盘的擦除命令,不需要全部执行成功,根据当前机器的硬盘情况确定。
vim clean-ceph.sh
#!/usr/bin/env bash
DISK="/dev/vdb"
sgdisk --zap-all $DISK
dd if=/dev/zero of="$DISK" bs=1M count=100 oflag=direct,dsync
blkdiscard $DISK
ls /dev/mapper/ceph-* | xargs -I% -- dmsetup remove %
rm -rf /dev/ceph-*
rm -rf /dev/mapper/ceph--*
NAMESPACE=rook-ceph
kubectl proxy &
kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize
#查看名称空间,已经删除
[root@k8s-master01 ~]# kubectl get ns
NAME STATUS AGE
default Active 22h
kube-node-lease Active 22h
kube-public Active 22h
kube-system Active 22h
#查看集群依然存在
[root@k8s-master01 ~]# kubectl -n rook-ceph get cephcluster
NAME DATADIRHOSTPATH MONCOUNT AGE PHASE MESSAGE HEALTH
rook-ceph /var/lib/rook 3 20h Progressing Configuring Ceph Mons
[root@k8s-master01 ~]# kubectl api-resources --namespaced=true -o name|xargs -n 1 kubectl get --show-kind --ignore-not-found -n rook-ceph
Error from server (MethodNotAllowed): the server does not allow this method on the requested resource
NAME TYPE DATA AGE
secret/default-token-lz6wh kubernetes.io/service-account-token 3 8m34s
NAME SECRETS AGE
serviceaccount/default 1 8m34s
Error from server (MethodNotAllowed): the server does not allow this method on the requested resource
NAME DATADIRHOSTPATH MONCOUNT AGE PHASE MESSAGE HEALTH
cephcluster.ceph.rook.io/rook-ceph /var/lib/rook 3 20h Progressing Configuring Ceph Mons
#解决办法:
kubectl edit cephcluster.ceph.rook.io -n rook-ceph
把finalizers的值删掉,cephcluster.ceph.rook.io便会自己删除
进入 ceph-tools 执行以下命令:
ceph config set mon auth_allow_insecure_global_id_reclaim false
其他常见警告解决链接:
https://docs.ceph.com/en/octopus/rados/operations/health-checks/