k8s 与ceph结合
一、创建相应的poolceph osd pool create k8s 4096 4096
二、创建ceph的对k8s pool的用户
ceph auth get-or-create client.k8s mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=k8s' -o /etc/ceph/ceph.client.k8s.keyring
#ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
三、对k8s用户进行base64加密
echo "keyring " | base64
四、创建基于keyring 的secret资源
root@master:~# cat ceph-secret.yaml apiVersion: v1
kind: Secretmetadata:
name: ceph-secret
data:
key: QVFBbW5SbFgyenJxRFJBQU9pdU9zMnNJSXRHaEFQNnRORGEzVmc9PQo= #base64后的key kubectlcreate -f ceph-secret.yaml
kubectl get secret
五、编辑一个可用的ReplicationController 让rbdpod跑起来
apiVersion: v1
kind: PersistentVolume
metadata:
name: ceph-rbd-pv-onduty-redis-data
namespace: devops
labels:
onduty: redis-data
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
rbd:
monitors:
- 10.0.0.4:6789
- 10.0.0.5:6789
- 10.0.0.6:6789
pool: k8s
image: onduty-redis-data
user: admin
secretRef:
name: ceph-secret
fsType: ext4
readOnly: false
persistentVolumeReclaimPolicy: Retain
页:
[1]