参考:
创建存储密钥
kubectl create secret generic ceph-secret --type="kubernetes.io/rbd" --from-literal=key=‘QVFEQ1pMdFhPUnQrSmhBQUFYaERWNHJsZ3BsMmNjcDR6RFZST0E9PQ==‘ --namespace=kube-system
或者:
ceph auth get-key client.admin > ./secret
kubectl create secret generic ceph-secret --from-file=./secret --namespace=kube-system
准备带有rbd客户端的hyperkube镜像替换kube-controller-manager镜像
可以使用阿里云的海外构建结合GitHub制作hyperkube镜像:
FROM k8s.gcr.io/hyperkube:v1.16.2
MAINTAINER varden
特别注意:集群所有节点也必须安装rbd客户端。
部署清单
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast
provisioner: kubernetes.io/rbd
parameters:
monitors: 10.16.153.105:6789,10.16.153.106:6789
adminId: kube
adminSecretName: ceph-secret
adminSecretNamespace: kube-system
pool: kube
userId: kube
userSecretName: ceph-secret-user
userSecretNamespace: default
fsType: ext4
imageFormat: "2"
imageFeatures: "layering"
reclaimPolicy: Retain
简单使用测试
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: rbd-pvc
spec:
storageClassName: fast
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
kind: Pod
apiVersion: v1
metadata:
name: rbd-test-pod
spec:
containers:
- name: rbd-test-pod
image: nginx
volumeMounts:
- name: pvc
mountPath: "/mnt"
volumes:
- name: pvc
persistentVolumeClaim:
claimName: rbd-pvc