kubernetes ceph-rbd挂载步骤 类型storageClass

由于kubelet本身并不支持rbd的命令，所以需要添加一个kube系统插件:

下载插件 quay.io/external_storage/rbd-provisioner

下载地址：

https://quay.io/repository/external_storage/rbd-provisioner?tag=latest&tab=tags

在k8s集群的node上面下载 docker pull quay.io/external_storage/rbd-provisioner:latest

只安装插件本身会报错:需要安装kube的角色和权限 以下是下载地址：

https://github.com/kubernetes-incubator/external-storage

https://github.com/kubernetes-incubator/external-storage/tree/master/ceph/rbd/deploy/rbac #下载kube的role的yaml文件

下载rbac文件夹：

使用：  kubectl  apply  -f rbac/

运行rbd-provisioner

如果报错：

报错因为rbd-provisioner的镜像中不能找到ceph的key和conf，需要把集群中key和conf拷贝进rbd-provisioner的镜像。

找到rbd-provisioner的镜像运行节点

docker cp  /etc/ceph/ceph.client.admin.keyring  <镜像名>：/etc/ceph/

docker cp  /etc/ceph/ceph.conf  <镜像名>：/etc/ceph/

如果又报错：

一直处于Pending，因为linux内核不支持 image format 1，所以我们要在sc中加入新建镜像时给他规定镜像的格式为2

在stroageclass中添加：

imageFormat: "2"

imageFeatures: "layering"

这样pvc就创建成功：

安装插件及角色（rbac）：

#clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-provisioner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["kube-dns"]
    verbs: ["list", "get"]
#clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-provisioner
subjects:
  - kind: ServiceAccount
    name: rbd-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: rbd-provisioner
  apiGroup: rbac.authorization.k8s.io
#deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: rbd-provisioner
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: rbd-provisioner
    spec:
      containers:
      - name: rbd-provisioner
        image: "quay.io/external_storage/rbd-provisioner:latest"
        env:
        - name: PROVISIONER_NAME
          value: ceph.com/rbd    #定义插件的名字
      serviceAccount: rbd-provisioner
#role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rbd-provisioner
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
#rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rbd-provisioner
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: rbd-provisioner
subjects:
- kind: ServiceAccount
  name: rbd-provisioner
  namespace: default
#serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-provisioner

创建storageClass：

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: rbd
provisioner: ceph.com/rbd    #使用插件来生成sc
parameters:
  monitors: 10.101.3.9:6789,10.101.3.11:6789,10.101.3.12:6789
  adminId: admin
  adminSecretName: ceph-k-secret
  adminSecretNamespace: default  #这里使用default 如果使用其他就要修改还要修改插件中的
  pool: rbd
  userId: admin
  userSecretName: ceph-k-secret
  fsType: ext4
  imageFormat: "2"
  imageFeatures: "layering"

创建PVC：

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ceph-rbd-dyn-pv-claim
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: rbd
  resources:
    requests:
      storage: 1Gi

原文地址：https://www.cnblogs.com/kuku0223/p/9232858.html