Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "how Kubernetes shares Ceph storage". The editor shows you the operation process through an actual case. The operation method is simple, fast and practical. I hope this article "how Kubernetes shares Ceph storage" can help you solve the problem.

Kubernetes pod, combined with the use of Ceph rbd block devices, allows Docker data to be stored in Ceph. Restarting Docker or K8s RC rescheduling pod will not cause data to migrate back and forth.

The working principle is to get the key of the ceph cluster as authentication and mount the remote rbdmap mapping. Then you need to enable a key-based secret resource, and then K8s pod can specify the rbd to be used.

Environmental testing

My OS is ubuntu 14.04, a master, two minon nodes, and an image repository service, which ensures that the K8s cluster runs, and this process is skipped.

1. Kernel upgrade

The ceph version here installs 10.2.2. If the client kernel is too low, it will cause mount failure, mainly the minion node.

# curl-sSL https://get.docker.com | sh & & service docker restart# apt-get install linux-image-4.4.0-22-generic & & reboot

two。 Install ceph-common and let minion call rbd

Root@minion2:~# apt-get install python-rbd ceph-common

3. Save ceph-keyring and configuration files

Root@minion2:~# ll / etc/cephtotal 20drwxr-xr-x 2 root root 4096 Jun 22 2016. / drwxr-xr-x 93 root root 4096 Nov 11 11:18.. /-rw- 1 root root 63 Apr 25 2016 ceph.client.admin.keyring-rw-r--r-- 1 root root 249 Jun 22 2016 ceph.conf-rw-r--r-- 1 root root 92 Jun 14 2016 rbdmap

4. Get the base64 encoded string of ceph keyring

Root@minion2:~# ceph auth get-key client.adminAQAmnRlX2zrqDRAAOiuOs2sIItGhAP6tNDa3Vg==root@minion2:~#root@minion2:~# grep key / etc/ceph/ceph.client.admin.keyring | awk'{printf "% s", $NF} 'AQAmnRlX2zrqDRAAOiuOs2sIItGhAP6tNDa3Vg==root@minion2:~# grep key / etc/ceph/ceph.client.admin.keyring | awk' {printf "% s", $NF}'| base64QVFBbW5SbFgyenJxRFJBQU9pdU9zMnNJSXRHaEFQNnRORGEzVmc9PQ==

5. Create keyring-based secret resources

Root@master:~# cat ceph-secret.yamlapiVersion: v1kind: Secretmetadata: name: ceph-secretdata: key: QVFBbW5SbFgyenJxRFJBQU9pdU9zMnNJSXRHaEFQNnRORGEzVmc9PQo=root@master:~# kubectl create-f ceph-secret.yamlroot@master:~# kubectl get secretNAME TYPE DATA AGEceph-secret Opaque 1 187ddefault-token-rk17v kubernetes.io/service-account-token 3 208d

6. Edit an available ReplicationController to make rbdpod run

# kubectl create-f rbd-rc.yaml verification result

In this way, we start to run in pod. You can see the mount mount information, or you can go to the container to view it.

Root@minion2:~# docker ps | grep rbd4b8fc04501b1 nginx "nginx-g'daemon off" 6 months ago Up 6 months k8s_rbdpod.b1ab9160_rbpod-k3yxn_default_88540575-3847-11e6-a098-0a6a7c3a684c_f8caa4bc3c9c1240b72e gcr.io/google_containers/pause:2.0 "/ pause" 6 months ago Up 6 months k8s_POD.25c801ab_rbdpod-k3yxn_default_88540575-3847-11e6-a098-0a6a7c3a684c_c38f4ce7root@minion2:~# mount | grep rbd/dev/rbd0 on / var/lib/kubelet/plugins/kubernetes.io/rbd/rbd/data-image-wxq type ext4 (rw) / var/lib/kubelet/plugins/kubernetes.io/rbd/rbd/data-image-wxq on / var/lib/kubelet/pods/88540575-3847-11e6 -a098-0a6a7c3a684c/volumes/kubernetes.io~rbd/rbdpd type none (rw)

In this way, K8s perfectly combines Ceph block devices, and they can play happily together again, as for whether they have real feelings and look to the future.

This is the end of the introduction to "how Kubernetes shares Ceph storage". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.