K8s存储类(StorageClass)设计与Ceph集成实战:从入门到生产级部署缩略图Linux教程
- 存储池创建:
ceph osd pool create k8s-rbd 128 128 replicated
ceph osd pool application enable k8s-rbd rbd
- 用户授权:
ceph auth get-or-create client.k8s mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=k8s-rbd' -o /etc/ceph/ceph.client.k8s.keyring
- 下载资源文件:
git clone https://github.com/ceph/ceph-csi.git
cd ceph-csi/deploy/rbd/kubernetes
- 创建 ConfigMap 和 Secret:
kubectl create configmap ceph-config --from-file=ceph.conf -n kube-system
kubectl create secret generic ceph-secret --from-literal=key=$(ceph auth get-key client.k8s) -n kube-system
- 部署 RBAC 和 CSI 组件:
kubectl apply -f csi-provisioner-rbac.yaml -n kube-system
kubectl apply -f csi-nodeplugin-rbac.yaml -n kube-system
kubectl apply -f csi-rbdplugin-provisioner.yaml -n kube-system
kubectl apply -f csi-rbdplugin.yaml -n kube-system
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-rbd-sc
provisioner: rbd.csi.ceph.com
parameters:
clusterID: ceph-cluster
pool: k8s-rbd
imageFeatures: layering
csi.storage.k8s.io/provisioner-secret-name: ceph-secret
csi.storage.k8s.io/provisioner-secret-namespace: kube-system
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- discard
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rbd-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: csi-rbd-sc
apiVersion: v1
kind: Pod
metadata:
name: rbd-test-pod
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: rbd-volume
volumes:
- name: rbd-volume
persistentVolumeClaim:
claimName: rbd-pvc
kubectl apply -f pvc.yaml && kubectl apply -f pod.yaml
kubectl get pvc,pv,pod
rbd ls k8s-rbd
- 多副本配置:
parameters:
pool: k8s-rbd
imageFormat: "2"
imageFeatures: "layering"
副本数: "3"
- 多 CSI 控制器实例:
kubectl scale deployment csi-rbdplugin-provisioner -n kube-system --replicas=3
- OSD 参数优化:
ceph config set global osd_max_write_size 512
ceph config set global osd_journal_size 20000
- PG 数量计算:
ceph osd pool set k8s-rbd pg_num 256
ceph osd pool set k8s-rbd pgp_num 256
- Prometheus 监控配置:
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'ceph'
static_configs:
- targets: ['ceph-monitor:9283']
- Grafana 仪表盘:
导入 Ceph 官方仪表盘(ID: 11861),监控 OSD 利用率、IOPS、延迟等指标。
- Cephx 认证:
parameters:
csi.storage.k8s.io/provisioner-secret-name: ceph-secret
csi.storage.k8s.io/node-stage-secret-name: ceph-secret
- 网络策略:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ceph-csi-policy
spec:
podSelector:
matchLabels:
app: ceph-csi
ingress:
- from:
- podSelector:
matchLabels:
app: kubernetes
rbd snap create k8s-rbd/volume-name@snap1
rbd snap protect k8s-rbd/volume-name@snap1
rbd export k8s-rbd/volume-name - | s3cmd put - s3://backup-bucket/volume-name.export
rbd snap rollback k8s-rbd/volume-name@snap1
s3cmd get s3://backup-bucket/volume-name.export - | rbd import - k8s-rbd/volume-name
- 多租户隔离:
- 为每个租户创建独立的 Ceph 存储池和 IAM 账户
- 使用 Kubernetes 的 ResourceQuota 限制租户资源
- 资源配额管理:
apiVersion: v1
kind: ResourceQuota
metadata:
name: tenant-a-quota
spec:
hard:
persistentvolumeclaims: "10"
storage.csi.ceph.com/rbd: "50Gi"
- 滚动升级策略:
kubectl rollout strategy update deployment csi-rbdplugin-provisioner -n kube-system --type=RollingUpdate --rolling-update-max-unavailable=1
-
常见问题处理:
- 镜像拉取失败:检查 CSI 驱动镜像地址是否正确,确保私有仓库认证配置
- PV 绑定失败:查看 Provisioner 日志(kubectl logs csi-rbdplugin-provisioner-xxx -n kube-system)
- 性能瓶颈:使用 fio 工具进行压力测试,分析 Ceph 集群的 IOPS / 带宽瓶颈
-
Ceph 集群健康检查:
ceph -s
ceph osd tree
ceph df
通过以上步骤,您可以完成从 Kubernetes StorageClass 设计到 Ceph 集成的全流程部署,并在生产环境中实现高可用、高性能的存储解决方案。建议结合具体业务需求调整配置参数,并定期进行灾难恢复演练。
版权声明:
作者:SE-YangYao
链接:https://www.cnesa.cn/7463.html
文章版权归作者所有,未经允许请勿转载。
THE END
