Longhorn
Kubernetes云原生分布式块存储解决方案
安装前的准备
最低要求
在安装了 Longhorn 的 Kubernetes 集群中,每个节点都必须满足以下要求:
– 与 Kubernetes 兼容的容器运行时(Docker v1.13+、containerd v1.3.7+ 等)
– Kubernetes v1.18+
– open-iscsi已安装,并且守护程序正在所有节点上运行。这是必要的,因为 Longhorn 依赖于主机为 Kubernetes 提供持久卷
– RWX 支持要求每个节点都安装了 NFSv4 客户端
– 主机文件系统支持存储数据的功能。目前支持ext4
、xfs
– 必须安装bash
、curl
、findmnt
、grep
、awk
、blkid
、lsblk
– 必须启用Deploying CSI Driver on Kubernetes
Longhorn 工作负载必须能够以 root 用户身份运行,以便 Longhorn 能够正确部署和运行。
使用环境检查脚本
此脚本可用于检查 Longhorn 环境中是否存在潜在问题。
注意在运行环境检查脚本之前可能需要在本地安装jq
curl -sSfL https://raw.githubusercontent.com/longhorn/longhorn/v1.2.4/scripts/environment_check.sh | bash
示例结果:
[root@master01 ChiuYut]# bash environment_check.sh daemonset.apps/longhorn-environment-check created waiting for pods to become ready (0/0) waiting for pods to become ready (0/2) waiting for pods to become ready (0/2) waiting for pods to become ready (0/2) waiting for pods to become ready (0/2) waiting for pods to become ready (1/2) waiting for pods to become ready (1/2) waiting for pods to become ready (1/2) waiting for pods to become ready (1/2) waiting for pods to become ready (1/2) waiting for pods to become ready (1/2) waiting for pods to become ready (1/2) waiting for pods to become ready (1/2) all pods ready (2/2) MountPropagation is enabled! cleaning up... daemonset.apps "longhorn-environment-check" deleted clean up complete
此外,Longhorn 使用命令在主机上执行命令。例如,该命令是检查主机的磁盘空间使用情况nsenter
stat /var/lib/longhorn/ -fc '{"path":"%n","fsid":"%i","type":"%T","freeBlock":%f,"totalBlock":%b,"blockSize":%s}'
安装open-iscsi
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.2.4/deploy/prerequisite/longhorn-iscsi-installation.yaml
部署完成后,运行以下命令以检查容器的安装程序状态:
[root@master01 ChiuYut]# kubectl get pod | grep longhorn-iscsi-installation longhorn-iscsi-installation-98fh8 1/1 Running 0 25s longhorn-iscsi-installation-w7p56 1/1 Running 0 26s
并且还可以使用以下命令检查日志以查看安装结果:
[root@master01 ChiuYut]# kubectl logs longhorn-iscsi-installation-98fh8 -c iscsi-installation Package iscsi-initiator-utils-6.2.0.874-22.el7_9.x86_64 already installed and latest version iscsi install successfully [root@master01 ChiuYut]# kubectl logs longhorn-iscsi-installation-w7p56 -c iscsi-installation Package iscsi-initiator-utils-6.2.0.874-22.el7_9.x86_64 already installed and latest version iscsi install successfully
安装 NFSv4 客户端
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.2.4/deploy/prerequisite/longhorn-nfs-installation.yaml
部署完成后,运行以下命令以检查容器的安装程序状态:
[root@master01 ChiuYut]# kubectl get pod | grep longhorn-nfs-installation longhorn-nfs-installation-6n8bb 1/1 Running 0 17s longhorn-nfs-installation-hh5kl 1/1 Running 0 18s
并且还可以使用以下命令检查日志以查看安装结果:
[root@master01 ChiuYut]# kubectl logs longhorn-nfs-installation-6n8bb -c nfs-installation Package 1:nfs-utils-1.3.0-0.68.el7.2.x86_64 already installed and latest version nfs install successfully [root@master01 ChiuYut]# kubectl logs longhorn-nfs-installation-hh5kl -c nfs-installation Package 1:nfs-utils-1.3.0-0.68.el7.2.x86_64 already installed and latest version nfs install successfully
使用 Kubectl 安装
将安装 Longhorn 的 Kubernetes 集群中的每个节点都必须满足上面的最低要求,并且执行了上述所有步骤。
安装Longhorn
1.使用以下命令在任何 Kubernetes 集群上安装 Longhorn:
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.2.4/deploy/longhorn.yaml
监视安装进度的一种方法是观察在命名空间中创建的 Pod:longhorn-system
kubectl get pods \ --namespace longhorn-system \ --watch
2.检查部署是否成功:
[root@master01 ChiuYut]# kubectl -n longhorn-system get pod NAME READY STATUS RESTARTS AGE csi-attacher-f948665c5-fksjp 1/1 Running 0 5m9s csi-attacher-f948665c5-hljqf 1/1 Running 0 5m9s csi-attacher-f948665c5-kdnqm 1/1 Running 0 5m9s csi-provisioner-7877cd48c9-lt6sd 1/1 Running 0 5m9s csi-provisioner-7877cd48c9-nxrcd 1/1 Running 0 5m9s csi-provisioner-7877cd48c9-rl6qw 1/1 Running 0 5m9s csi-resizer-5f549cd7-5rhrm 1/1 Running 0 5m8s csi-resizer-5f549cd7-9bjln 1/1 Running 0 5m8s csi-resizer-5f549cd7-dtb8s 1/1 Running 0 5m8s csi-snapshotter-645cf6bd97-88cj7 1/1 Running 0 5m8s csi-snapshotter-645cf6bd97-ll844 1/1 Running 0 5m8s csi-snapshotter-645cf6bd97-sbft4 1/1 Running 0 5m8s engine-image-ei-fa2dfbf0-dftlr 1/1 Running 0 5m30s engine-image-ei-fa2dfbf0-vc22z 1/1 Running 0 5m30s instance-manager-e-4dc7382f 1/1 Running 0 5m30s instance-manager-e-d36449da 1/1 Running 0 5m25s instance-manager-r-5f32ff8f 1/1 Running 0 5m24s instance-manager-r-c8e46cad 1/1 Running 0 5m29s longhorn-csi-plugin-gfzvj 2/2 Running 0 5m8s longhorn-csi-plugin-kl5z2 2/2 Running 0 5m8s longhorn-driver-deployer-784546d78d-gbfgd 1/1 Running 0 6m20s longhorn-manager-jcdsf 1/1 Running 1 6m22s longhorn-manager-kr262 1/1 Running 0 6m22s longhorn-ui-9fdb94f9-h5xh9 1/1 Running 0 6m21s
3.要启用对 Longhorn UI 的访问,您需要设置入口控制器。默认情况下,对 Longhorn UI 的身份验证处于未启用状态。
4.使用以下步骤访问 Longhorn UI。
使用基本身份验证创建入口 (nginx)
如果您在使用 kubectl 或 Helm 的 Kubernetes 集群上安装 Longhorn,则需要创建一个 Ingress 以允许外部流量到达 Longhorn UI。
默认情况下,不为 kubectl 和 Helm 安装启用身份验证。在这些步骤中,您将学习如何使用 nginx 入口控制器的注释创建具有基本身份验证的入口。
1. 创建基本身份验证文件 。重要的是生成的文件被命名为auth(实际上 – 机密有一个密钥),否则入口返回503。auth
data.auth
USER=<USERNAME_HERE>; PASSWORD=<PASSWORD_HERE>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
例如:
USER=admin; PASSWORD=ChiuYut; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
输出:
[root@master01 ChiuYut]# ll 总用量 52 -rw-r--r-- 1 root root 44 3月 17 15:44 auth -rw-r--r-- 1 root root 2959 3月 17 14:25 environment_check.sh -rw-r--r-- 1 root root 1561 3月 17 14:44 longhorn-iscsi-installation.yaml -rw-r--r-- 1 root root 1259 3月 17 14:47 longhorn-nfs-installation.yaml -rw-r--r-- 1 root root 32807 3月 17 14:52 longhorn.yaml [root@master01 ChiuYut]# ll auth -rw-r--r-- 1 root root 44 3月 17 15:44 auth [root@master01 ChiuYut]# cat auth admin:$apr1$XL6keOrW$9naVuwfgToYXuik2sTpbe/ [root@master01 ChiuYut]#
2. 创建密钥:
kubectl -n longhorn-system create secret generic basic-auth --from-file=auth
输出:
[root@master01 ChiuYut]# kubectl -n longhorn-system create secret generic basic-auth --from-file=auth secret/basic-auth created
3. 创建入口清单 :longhorn-ingress.yml
从 v1.2.0 开始,Longhorn 支持从 UI 上传支持图像,因此请按如下方式指定,以确保上传图像按预期工作。nginx.ingress.kubernetes.io/proxy-body-size: 10000m
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: longhorn-ingress namespace: longhorn-system annotations: # type of authentication nginx.ingress.kubernetes.io/auth-type: basic # prevent the controller from redirecting (308) to HTTPS nginx.ingress.kubernetes.io/ssl-redirect: 'false' # name of the secret that contains the user/password definitions nginx.ingress.kubernetes.io/auth-secret: basic-auth # message to display with an appropriate context why the authentication is required nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required ' # custom max body size for file uploading like backing image uploading nginx.ingress.kubernetes.io/proxy-body-size: 10000m spec: rules: - http: paths: - pathType: Prefix path: "/" backend: service: name: longhorn-frontend port: number: 80
4. 创建入口:
kubectl -n longhorn-system apply -f longhorn-ingress.yml
查看:
[root@master01 ChiuYut]# kubectl -n longhorn-system get ingress Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress NAME CLASS HOSTS ADDRESS PORTS AGE longhorn-ingress <none> * 80 93s
访问用户界面
ChiuYut
2022年03月23日