k8s 与ceph结合

一、创建相应的pool 

ceph osd pool create k8s 4096 4096

二、创建ceph的对k8s pool的用户

ceph auth get-or-create client.k8s mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=k8s' -o /etc/ceph/ceph.client.k8s.keyring

#ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring

三、对k8s用户进行base64加密

echo "keyring " | base64

四、创建基于keyring 的secret资源

root@master:~# cat ceph-secret.yaml apiVersion: v1
kind: Secretmetadata:
  name: ceph-secret
data:

  key: QVFBbW5SbFgyenJxRFJBQU9pdU9zMnNJSXRHaEFQNnRORGEzVmc9PQo=           #base64后的key

kubectl  create -f ceph-secret.yaml

kubectl get secret

五、编辑一个可用的ReplicationController 让rbdpod跑起来

apiVersion: v1

kind: PersistentVolume

metadata:

  name: ceph-rbd-pv-onduty-redis-data

  namespace: devops

  labels: 

     onduty: redis-data

spec:

  capacity:

    storage: 50Gi

  accessModes:

    - ReadWriteOnce

  rbd:

    monitors:

      - 10.0.0.4:6789

      - 10.0.0.5:6789

      - 10.0.0.6:6789

    pool: k8s 

    p_w_picpath: onduty-redis-data

    user: admin

    secretRef:

      name: ceph-secret

    fsType: ext4

    readOnly: false

  persistentVolumeReclaimPolicy: Retain