cloud_engineer
cloud_engineer

k8s rbd 后端存储

github yaml克隆地址:https://github.com/kubernetes-retired/external-storage/tree/master/ceph/rbd/deploy/rbac

k8s使用rbd-provisioner插件对接 Ceph RBD作为后端存储

一、准备工作

Ceph版本:12.2.13 luminous稳定版,本步骤前2步在ceph集群操作。

1、Ceph上准备存储池
# ceph osd pool create kube 128 128
pool 'kube' created
# ceph osd pool ls | grep kube
kube
2、Ceph上准备K8S客户端账号

本环境中直接使用了Ceph的admin账号,当然生产环境中还是要根据不同功能客户端分配不同的账号:
ceph auth get-or-create client.kube mon ‘allow r’ osd ‘allow rwx pool=kube’ -o ceph.client.kube.keyring
获取账号的密钥:

# ceph auth get-key client.admin | base64
QVFBQmNLWmZNVUY5RkJBQWY5Z2NZVWtTMEtXL3B0Y09wSFBXeUE9PQ==
3、运行rbd-provisioner插件

使用StorageClass动态创建PV时,controller-manager会自动在Ceph上创建image,所以我们要为其准备好rbd-provisioner。

(1)如果集群是用kubeadm部署的,由于controller-manager官方镜像中没有rbd命令,所以我们要从github下载插件rbd-provisioner相关yaml并运行。

从github克隆yaml下来

git clone https://github.com/kubernetes-retired/external-storage/tree/master/ceph/rbd/deploy/rbac

clusterrolebinding.yaml

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-provisioner
subjects:
  - kind: ServiceAccount
    name: rbd-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: rbd-provisioner
  apiGroup: rbac.authorization.k8s.io

clusterrole.yaml

kind: ClusterRole 
apiVersion: rbac.authorization.k8s.io/v1 
metadata: 
  name: rbd-provisioner 
rules: 
  - apiGroups: [""] 
    resources: ["persistentvolumes"] 
    verbs: ["get", "list", "watch", "create", "delete"] 
  - apiGroups: [""] 
    resources: ["persistentvolumeclaims"] 
    verbs: ["get", "list", "watch", "update"] 
  - apiGroups: ["storage.k8s.io"] 
    resources: ["storageclasses"] 
    verbs: ["get", "list", "watch"] 
  - apiGroups: [""] 
    resources: ["events"] 
    verbs: ["create", "update", "patch"] 
  - apiGroups: [""] 
    resources: ["services"] 
    resourceNames: ["kube-dns","coredns"] 
    verbs: ["list", "get"]

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: rbd-provisioner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: rbd-provisioner
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: rbd-provisioner
    spec:
      containers:
      - name: rbd-provisioner
        image: "quay.io/external_storage/rbd-provisioner:latest"
        env:
        - name: PROVISIONER_NAME
          value: ceph.com/rbd
      serviceAccount: rbd-provisioner

rolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rbd-provisioner
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: rbd-provisioner
subjects:
- kind: ServiceAccount
  name: rbd-provisioner
  namespace: default

role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rbd-provisioner
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
- apiGroups: [""]
  resources: ["endpoints"]
  verbs: ["get", "list", "watch", "create", "update", "patch"]

serviceaccount.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rbd-provisioner
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
- apiGroups: [""]
  resources: ["endpoints"]
  verbs: ["get", "list", "watch", "create", "update", "patch"]
[root@kubesphere rbac]# 
[root@kubesphere rbac]# 
[root@kubesphere rbac]# 
[root@kubesphere rbac]# cat serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-provisioner

(2)如果集群是用二进制方式部署的,直接在master节点安装ceph-common即可。(二进制安装或者kubeadm都要执行)

yum install -y ceph-common

拷贝keyring文件
将ceph的ceph.client.admin.keyring及ceph.conf文件拷贝到k8s-master的/etc/ceph目录下。

备注:创建pod时,kubelet需要使用rbd命令去检测和挂载pv对应的ceph image,所以要在所有的worker节点安装ceph客户端ceph-common-13.2.5,使用L版本的ceph可以不需要安装13.2, yum默认版本即可。
4 执行运行rbd-provisioner

把yaml放在一个目录。

[root@kubesphere rbac]# ls 
clusterrolebinding.yaml  clusterrole.yaml  deployment.yaml  rolebinding.yaml  role.yaml  serviceaccount.yaml

执行kubectl命令:

kubectl apply -f .

查看pod运行情况:

kubectl get pod
NAME                               READY   STATUS    RESTARTS   AGE
rbd-provisioner-76f6bc6669-jxjmv   1/1     Running   1          13h

二、K8S上调用Ceph RBD存储

1、创建存储类

sc.yaml

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: rbd
  annotations:
    storageclass.beta.kubernetes.io/is-default-class: "false"
#provisioner: kubernetes.io/rbd
provisioner: ceph.com/rbd
reclaimPolicy: Retain
parameters:
  monitors: 192.168.3.61:6789,192.168.3.62:6789,192.168.3.63:6789
  adminId: admin
  adminSecretName: ceph-admin-secret
  adminSecretNamespace: default
  pool: kube
  userId: admin
  userSecretName: ceph-kube1-secret
  userSecretNamespace: default
  fsType: xfs
  imageFormat: "2"
  imageFeatures: "layering"
reclaimPolicy: Retain

执行:

kubectl apply -f sc.yaml

注意:provisioner的值要和rbd-provisioner设置的值一样

ceph-admin-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: ceph-admin-secret
  namespace: default
data:
  key: "QVFBQmNLWmZNVUY5RkJBQWY5Z2NZVWtTMEtXL3B0Y09wSFBXeUE9PQ=="
type: kubernetes.io/rbd

执行:

kubectl apply -f ceph-admin-secret.yaml
2、创建PVC

pvc.yaml

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: rbd-pvc1
  annotations:
    volume.beta.kubernetes.io/storage-class: "rbd"
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi

执行:

kubectl apply -f pvc.yaml

查看:

# kubectl get pvc
NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
rbd-pvc1   Bound    pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5   2Gi        RWO            rbd            13h
3 出现问题

出现以下问题:

[root@kubesphere rbd-provisioner]# kubectl describe pvc rbd-pvc1
Name:          rbd-pvc1
Namespace:     default
StorageClass:  rbd
Status:        Pending
Volume:        
Labels:        
Annotations:   volume.beta.kubernetes.io/storage-class: rbd
               volume.beta.kubernetes.io/storage-provisioner: ceph.com/rbd
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      
Access Modes:  
VolumeMode:    Filesystem
Used By:       
Events:
  Type    Reason                Age               From                         Message
  ----    ------                ----              ----                         -------
  Normal  ExternalProvisioning  2s (x4 over 30s)  persistentvolume-controller  waiting for a volume to be created, either by external provisioner "ceph.com/rbd" or manually created by system administrator

查看pod的log

[root@kubesphere rbd-provisioner]# kubectl describe pod rbd-provisioner-76f6bc6669-jxjmv
Name:         rbd-provisioner-76f6bc6669-jxjmv
Namespace:    default
Priority:     0
Node:         kubesphere/192.168.3.70
Start Time:   Fri, 18 Jun 2021 22:39:50 +0800
Labels:       app=rbd-provisioner
              pod-template-hash=76f6bc6669
Annotations:  cni.projectcalico.org/podIP: 10.233.122.54/32
              cni.projectcalico.org/podIPs: 10.233.122.54/32
Status:       Running
IP:           10.233.122.54
IPs:
  IP:           10.233.122.54
Controlled By:  ReplicaSet/rbd-provisioner-76f6bc6669
Containers:
  rbd-provisioner:
    Container ID:   docker://0fd023836307519e447ed1b6acfe8c4611ad23d27a3ed84b18024499d9fd6f27
    Image:          quay.io/external_storage/rbd-provisioner:latest
    Image ID:       docker-pullable://quay.io/external_storage/rbd-provisioner@sha256:94fd36b8625141b62ff1addfa914d45f7b39619e55891bad0294263ecd2ce09a
    Port:           
    Host Port:      
    State:          Running
      Started:      Fri, 18 Jun 2021 22:40:16 +0800
    Ready:          True
    Restart Count:  0
    Environment:
      PROVISIONER_NAME:  ceph.com/rbd
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from rbd-provisioner-token-vng7b (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  rbd-provisioner-token-vng7b:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  rbd-provisioner-token-vng7b
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  8m52s  default-scheduler  Successfully assigned default/rbd-provisioner-76f6bc6669-jxjmv to kubesphere
  Normal  Pulling    8m51s  kubelet            Pulling image "quay.io/external_storage/rbd-provisioner:latest"
  Normal  Pulled     8m27s  kubelet            Successfully pulled image "quay.io/external_storage/rbd-provisioner:latest" in 23.882600186s
  Normal  Created    8m27s  kubelet            Created container rbd-provisioner
  Normal  Started    8m26s  kubelet            Started container rbd-provisioner
[root@kubesphere rbd-provisioner]# kubectl logs pod/rbd-provisioner-76f6bc6669-jxjmv
I0618 14:40:16.264218       1 main.go:85] Creating RBD provisioner ceph.com/rbd with identity: ceph.com/rbd
I0618 14:40:16.265874       1 leaderelection.go:185] attempting to acquire leader lease  default/ceph.com-rbd...
E0618 14:40:16.276488       1 event.go:259] Could not construct reference to: '&v1.Endpoints{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"ceph.com-rbd", GenerateName:"", Namespace:"default", SelfLink:"", UID:"d996384c-1ce1-4fbe-9f31-d44ffce5706b", ResourceVersion:"414673", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:63759624016, loc:(*time.Location)(0x1bc94e0)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string{"control-plane.alpha.kubernetes.io/leader":"{\"holderIdentity\":\"rbd-provisioner-76f6bc6669-jxjmv_18d0bd2b-d043-11eb-a38e-365d0590d7f4\",\"leaseDurationSeconds\":15,\"acquireTime\":\"2021-06-18T14:40:16Z\",\"renewTime\":\"2021-06-18T14:40:16Z\",\"leaderTransitions\":0}"}, OwnerReferences:[]v1.OwnerReference(nil), Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:""}, Subsets:[]v1.EndpointSubset(nil)}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Normal' 'LeaderElection' 'rbd-provisioner-76f6bc6669-jxjmv_18d0bd2b-d043-11eb-a38e-365d0590d7f4 became leader'
I0618 14:40:16.276565       1 leaderelection.go:194] successfully acquired lease default/ceph.com-rbd
I0618 14:40:16.276610       1 controller.go:631] Starting provisioner controller ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_18d0bd2b-d043-11eb-a38e-365d0590d7f4!
I0618 14:40:16.377229       1 controller.go:680] Started provisioner controller ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_18d0bd2b-d043-11eb-a38e-365d0590d7f4!
I0618 14:47:17.806787       1 controller.go:987] provision "default/rbd-pvc1" class "rbd": started
E0618 14:47:17.814452       1 controller.go:1004] provision "default/rbd-pvc1" class "rbd": unexpected error getting claim reference: selfLink was empty, can't make reference

编辑 编辑/etc/kubernetes/manifests/kube-apiserver.yaml

在这里:

spec:
  containers:
  - command:
    - kube-apiserver

添加这一行:

- --feature-gates=RemoveSelfLink=false

重启容器:

[root@kubesphere rbd-provisioner]# docker ps | grep kube-apiserver-kubesphere
d8c2ab77fcae   ae5eb22e4a9d                                                        "kube-apiserver --ad…"   3 minutes ago       Up 3 minutes                 k8s_kube-apiserver_kube-apiserver-kubesphere_kube-system_9c4f15ddc36ae2c0aee73dac4e15953c_0
4c7b57c7706e   registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.2             "/pause"                 3 minutes ago       Up 3 minutes                 k8s_POD_kube-apiserver-kubesphere_kube-system_9c4f15ddc36ae2c0aee73dac4e15953c_0
您在 /var/spool/mail/root 中有新邮件
[root@kubesphere rbd-provisioner]# docker restart d8c2ab77fcae
d8c2ab77fcae
[root@kubesphere rbd-provisioner]# docker restart 4c7b57c7706e
4c7b57c7706e

查看pod log

kubectl logs pod/rbd-provisioner-76f6bc6669-jxjmv
I0618 14:57:08.186706       1 main.go:85] Creating RBD provisioner ceph.com/rbd with identity: ceph.com/rbd
I0618 14:57:08.189769       1 leaderelection.go:185] attempting to acquire leader lease  default/ceph.com-rbd...
I0618 14:57:25.664359       1 leaderelection.go:194] successfully acquired lease default/ceph.com-rbd
I0618 14:57:25.664747       1 controller.go:631] Starting provisioner controller ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4!
I0618 14:57:25.664852       1 event.go:221] Event(v1.ObjectReference{Kind:"Endpoints", Namespace:"default", Name:"ceph.com-rbd", UID:"d996384c-1ce1-4fbe-9f31-d44ffce5706b", APIVersion:"v1", ResourceVersion:"417887", FieldPath:""}): type: 'Normal' reason: 'LeaderElection' rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4 became leader
I0618 14:57:25.765923       1 controller.go:680] Started provisioner controller ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4!
I0618 14:57:25.766329       1 controller.go:987] provision "default/rbd-pvc1" class "rbd": started
I0618 14:57:25.776362       1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"rbd-pvc1", UID:"62a390b9-d41a-4aed-8274-3a5484cc34e5", APIVersion:"v1", ResourceVersion:"415893", FieldPath:""}): type: 'Normal' reason: 'Provisioning' External provisioner is provisioning volume for claim "default/rbd-pvc1"
I0618 14:57:26.034448       1 provision.go:132] successfully created rbd image "kubernetes-dynamic-pvc-7e7556b2-d045-11eb-b102-365d0590d7f4"
I0618 14:57:26.034581       1 controller.go:1087] provision "default/rbd-pvc1" class "rbd": volume "pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5" provisioned
I0618 14:57:26.034643       1 controller.go:1101] provision "default/rbd-pvc1" class "rbd": trying to save persistentvvolume "pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5"
I0618 14:57:26.068695       1 controller.go:1108] provision "default/rbd-pvc1" class "rbd": persistentvolume "pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5" saved
I0618 14:57:26.068775       1 controller.go:1149] provision "default/rbd-pvc1" class "rbd": succeeded
I0618 14:57:26.069769       1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"rbd-pvc1", UID:"62a390b9-d41a-4aed-8274-3a5484cc34e5", APIVersion:"v1", ResourceVersion:"415893", FieldPath:""}): type: 'Normal' reason: 'ProvisioningSucceeded' Successfully provisioned volume pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5
E0618 15:00:33.652532       1 streamwatcher.go:109] Unable to decode an event from the watch stream: http2: server sent GOAWAY and closed the connection; LastStreamID=409, ErrCode=NO_ERROR, debug=""
E0618 15:00:33.656205       1 streamwatcher.go:109] Unable to decode an event from the watch stream: http2: server sent GOAWAY and closed the connection; LastStreamID=409, ErrCode=NO_ERROR, debug=""
E0618 15:00:33.659797       1 reflector.go:322] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:668: Failed to watch *v1.StorageClass: Get https://10.233.0.1:443/apis/storage.k8s.io/v1/storageclasses?resourceVersion=417664&timeoutSeconds=390&watch=true: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:33.660592       1 reflector.go:322] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:662: Failed to watch *v1.PersistentVolumeClaim: Get https://10.233.0.1:443/api/v1/persistentvolumeclaims?resourceVersion=417930&timeoutSeconds=454&watch=true: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:33.664999       1 streamwatcher.go:109] Unable to decode an event from the watch stream: http2: server sent GOAWAY and closed the connection; LastStreamID=409, ErrCode=NO_ERROR, debug=""
E0618 15:00:33.665746       1 reflector.go:322] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:665: Failed to watch *v1.PersistentVolume: Get https://10.233.0.1:443/api/v1/persistentvolumes?resourceVersion=417928&timeoutSeconds=544&watch=true: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:33.970302       1 leaderelection.go:234] error retrieving resource lock default/ceph.com-rbd: Get https://10.233.0.1:443/api/v1/namespaces/default/endpoints/ceph.com-rbd: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:34.662192       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:668: Failed to list *v1.StorageClass: Get https://10.233.0.1:443/apis/storage.k8s.io/v1/storageclasses?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:34.663584       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:662: Failed to list *v1.PersistentVolumeClaim: Get https://10.233.0.1:443/api/v1/persistentvolumeclaims?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:34.667616       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:665: Failed to list *v1.PersistentVolume: Get https://10.233.0.1:443/api/v1/persistentvolumes?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:35.663249       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:668: Failed to list *v1.StorageClass: Get https://10.233.0.1:443/apis/storage.k8s.io/v1/storageclasses?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:35.664270       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:662: Failed to list *v1.PersistentVolumeClaim: Get https://10.233.0.1:443/api/v1/persistentvolumeclaims?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:35.668180       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:665: Failed to list *v1.PersistentVolume: Get https://10.233.0.1:443/api/v1/persistentvolumes?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused

查看pvc的log

kubectl describe pvc pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5
Error from server (NotFound): persistentvolumeclaims "pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5" not found
[root@kubesphere rbd-provisioner]# kubectl describe pvc rbd-pvc1
Name:          rbd-pvc1
Namespace:     default
StorageClass:  rbd
Status:        Bound
Volume:        pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5
Labels:        
Annotations:   pv.kubernetes.io/bind-completed: yes
               pv.kubernetes.io/bound-by-controller: yes
               volume.beta.kubernetes.io/storage-class: rbd
               volume.beta.kubernetes.io/storage-provisioner: ceph.com/rbd
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      2Gi
Access Modes:  RWO
VolumeMode:    Filesystem
Used By:       
Events:
  Type    Reason                 Age                 From                                                                                Message
  ----    ------                 ----                ----                                                                                -------
  Normal  ExternalProvisioning   13m (x26 over 19m)  persistentvolume-controller                                                         waiting for a volume to be created, either by external provisioner "ceph.com/rbd" or manually created by system administrator
  Normal  Provisioning           9m47s               ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4  External provisioner is provisioning volume for claim "default/rbd-pvc1"
  Normal  ProvisioningSucceeded  9m46s               ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4  Successfully provisioned volume pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5

参考文章:https://blog.51cto.com/fengjicheng/2401702

K8S使用rbd-csi创建快照

本次ceph插件选取最新发行版release-v3.3
最新发行版快照可支持v1版(之前版本为v1beta1)
在ceph-csi项目deploy/rbd/kubernetes目录下有官方给出的相关yaml文件,注意版本对应。另,如果对接的是cephfs则是在deploy/cephfs/kubernetes目录下,克隆地址如下:

默认版本:git clone https://github.com/ceph/ceph-csi.git
v3.3下载: git clone https://github.com/ceph/ceph-csi.git -b release-v3.3

一、安装ceph-rbd-csi

# pwd
/root/ceph-csi-release-v3.3/deploy/rbd/kubernetes
# ls
csi-config-map.yaml  csi-nodeplugin-psp.yaml   csi-provisioner-psp.yaml   csi-rbdplugin-provisioner.yaml
csidriver.yaml       csi-nodeplugin-rbac.yaml  csi-provisioner-rbac.yaml  csi-rbdplugin.yaml

以下为本次所需所有已修改yaml文件:

1 创建ConfigMap, csi-config-map.yaml 填入对应的"clusterID"和"monitors" 。

csi-config-map.yaml

---
apiVersion: v1
kind: ConfigMap
data:
  config.json: |-
    [
      {
        "clusterID": "319d2cce-b087-4de9-bd4a-13edc7644abc",
        "monitors": [
          "192.168.3.61:6789",
          "192.168.3.62:6789",
          "192.168.3.63:6789"
        ]
      }
    ]
metadata:
  name: ceph-csi-config
2 创建csidriver,新建或者编辑 csidriver.yaml
---
# if Kubernetes version is less than 1.18 change
# apiVersion to storage.k8s.io/v1betav1
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
  name: rbd.csi.ceph.com
spec:
  attachRequired: true
  podInfoOnMount: false
3 创建seviceAccount和RBAC等

csi-provisioner-rbac.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-csi-provisioner

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-external-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims/status"]
    verbs: ["update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots"]
    verbs: ["get", "list"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
    verbs: ["create", "get", "list", "watch", "update", "delete"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments/status"]
    verbs: ["patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["csinodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
    verbs: ["update"]
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-provisioner-role
subjects:
  - kind: ServiceAccount
    name: rbd-csi-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: rbd-external-provisioner-runner
  apiGroup: rbac.authorization.k8s.io

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  # replace with non-default namespace name
  namespace: default
  name: rbd-external-provisioner-cfg
rules:
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get", "list", "watch", "create", "update", "delete"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "watch", "list", "delete", "update", "create"]

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-provisioner-role-cfg
  # replace with non-default namespace name
  namespace: default
subjects:
  - kind: ServiceAccount
    name: rbd-csi-provisioner
    # replace with non-default namespace name
    namespace: default
roleRef:
  kind: Role
  name: rbd-external-provisioner-cfg
  apiGroup: rbac.authorization.k8s.io

csi-nodeplugin-rbac.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-csi-nodeplugin
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-nodeplugin
rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get"]
  # allow to read Vault Token and connection options from the Tenants namespace
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-nodeplugin
subjects:
  - kind: ServiceAccount
    name: rbd-csi-nodeplugin
    namespace: default
roleRef:
  kind: ClusterRole
  name: rbd-csi-nodeplugin
  apiGroup: rbac.authorization.k8s.io
4 创建PodSecurityPolicy:

csi-provisioner-psp.yaml

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: rbd-csi-provisioner-psp
spec:
  allowPrivilegeEscalation: true
  allowedCapabilities:
    - 'SYS_ADMIN'
  fsGroup:
    rule: RunAsAny
  privileged: true
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'projected'
    - 'secret'
    - 'downwardAPI'
    - 'hostPath'
  allowedHostPaths:
    - pathPrefix: '/dev'
      readOnly: false
    - pathPrefix: '/sys'
      readOnly: false
    - pathPrefix: '/lib/modules'
      readOnly: true

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  # replace with non-default namespace name
  namespace: default
  name: rbd-csi-provisioner-psp
rules:
  - apiGroups: ['policy']
    resources: ['podsecuritypolicies']
    verbs: ['use']
    resourceNames: ['rbd-csi-provisioner-psp']

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-provisioner-psp
  # replace with non-default namespace name
  namespace: default
subjects:
  - kind: ServiceAccount
    name: rbd-csi-provisioner
    # replace with non-default namespace name
    namespace: default
roleRef:
  kind: Role
  name: rbd-csi-provisioner-psp
  apiGroup: rbac.authorization.k8s.io

csi-nodeplugin-psp.yaml

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: rbd-csi-nodeplugin-psp
spec:
  allowPrivilegeEscalation: true
  allowedCapabilities:
    - 'SYS_ADMIN'
  fsGroup:
    rule: RunAsAny
  privileged: true
  hostNetwork: true
  hostPID: true
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'projected'
    - 'secret'
    - 'downwardAPI'
    - 'hostPath'
  allowedHostPaths:
    - pathPrefix: '/dev'
      readOnly: false
    - pathPrefix: '/run/mount'
      readOnly: false
    - pathPrefix: '/sys'
      readOnly: false
    - pathPrefix: '/lib/modules'
      readOnly: true
    - pathPrefix: '/var/lib/kubelet/pods'
      readOnly: false
    - pathPrefix: '/var/lib/kubelet/plugins/rbd.csi.ceph.com'
      readOnly: false
    - pathPrefix: '/var/lib/kubelet/plugins_registry'
      readOnly: false
    - pathPrefix: '/var/lib/kubelet/plugins'
      readOnly: false

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-nodeplugin-psp
  # replace with non-default namespace name
  namespace: default
rules:
  - apiGroups: ['policy']
    resources: ['podsecuritypolicies']
    verbs: ['use']
    resourceNames: ['rbd-csi-nodeplugin-psp']

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-nodeplugin-psp
  # replace with non-default namespace name
  namespace: default
subjects:
  - kind: ServiceAccount
    name: rbd-csi-nodeplugin
    # replace with non-default namespace name
    namespace: default
roleRef:
  kind: Role
  name: rbd-csi-nodeplugin-psp
  apiGroup: rbac.authorization.k8s.io
5 部署CSI sidecar containers和RBD CSI driver:

csi-rbdplugin-provisioner.yaml 文件中,将有关KMS相关注释掉,修改image为quay,谷歌的镜像中国下载不了。

将
# cat csi-rbdplugin-provisioner.yaml | grep k8s.gcr.io/sig-storage
          image: k8s.gcr.io/sig-storage/csi-provisioner:v2.0.4
          image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0
          image: k8s.gcr.io/sig-storage/csi-attacher:v3.0.2
          image: k8s.gcr.io/sig-storage/csi-resizer:v1.0.1
改成:
# cat csi-rbdplugin-provisioner.yaml | grep quay.io/k8scsi
          image: quay.io/k8scsi/csi-provisioner:v2.0.4
          image: quay.io/k8scsi/csi-snapshotter:v4.0.0
          image: quay.io/k8scsi/csi-attacher:v3.0.2
          image: quay.io/k8scsi/csi-resizer:v1.0.1

单节点需要将

将
kind: Deployment
apiVersion: apps/v1
metadata:
  name: csi-rbdplugin-provisioner
  namespace: kube-system
spec:
  replicas: 3
  
  
改成:
kind: Deployment
apiVersion: apps/v1
metadata:
  name: csi-rbdplugin-provisioner
  namespace: kube-system
spec:
  replicas: 1

csi-rbdplugin-provisioner.yaml

---
kind: Service
apiVersion: v1
metadata:
  name: csi-rbdplugin-provisioner
  labels:
    app: csi-metrics
spec:
  selector:
    app: csi-rbdplugin-provisioner
  ports:
    - name: http-metrics
      port: 8080
      protocol: TCP
      targetPort: 8680

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: csi-rbdplugin-provisioner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: csi-rbdplugin-provisioner
  template:
    metadata:
      labels:
        app: csi-rbdplugin-provisioner
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app
                    operator: In
                    values:
                      - csi-rbdplugin-provisioner
              topologyKey: "kubernetes.io/hostname"
      serviceAccountName: rbd-csi-provisioner
      priorityClassName: system-cluster-critical
      containers:
        - name: csi-provisioner
          image: quay.io/k8scsi/csi-provisioner:v2.0.4
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
            - "--timeout=150s"
            - "--retry-interval-start=500ms"
            - "--leader-election=true"
            #  set it to true to use topology based provisioning
            - "--feature-gates=Topology=false"
            # if fstype is not specified in storageclass, ext4 is default
            - "--default-fstype=ext4"
            - "--extra-create-metadata=true"
          env:
            - name: ADDRESS
              value: unix:///csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: csi-snapshotter
          image: quay.io/k8scsi/csi-snapshotter:v4.0.0
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
            - "--timeout=150s"
            - "--leader-election=true"
          env:
            - name: ADDRESS
              value: unix:///csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          securityContext:
            privileged: true
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: csi-attacher
          image: quay.io/k8scsi/csi-attacher:v3.0.2
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election=true"
            - "--retry-interval-start=500ms"
          env:
            - name: ADDRESS
              value: /csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: csi-resizer
          image: quay.io/k8scsi/csi-resizer:v1.0.1
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
            - "--timeout=150s"
            - "--leader-election"
            - "--retry-interval-start=500ms"
            - "--handle-volume-inuse-error=false"
          env:
            - name: ADDRESS
              value: unix:///csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: csi-rbdplugin
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
          # for stable functionality replace canary with latest release version
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--nodeid=$(NODE_ID)"
            - "--type=rbd"
            - "--controllerserver=true"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--v=5"
            - "--drivername=rbd.csi.ceph.com"
            - "--pidlimit=-1"
            - "--rbdhardmaxclonedepth=8"
            - "--rbdsoftmaxclonedepth=4"
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: NODE_ID
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # - name: POD_NAMESPACE
            #   valueFrom:
            #     fieldRef:
            #       fieldPath: spec.namespace
            # - name: KMS_CONFIGMAP_NAME
            #   value: encryptionConfig
            - name: CSI_ENDPOINT
              value: unix:///csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - mountPath: /dev
              name: host-dev
            - mountPath: /sys
              name: host-sys
            - mountPath: /lib/modules
              name: lib-modules
              readOnly: true
            - name: ceph-csi-config
              mountPath: /etc/ceph-csi-config/
            #- name: ceph-csi-encryption-kms-config
            #  mountPath: /etc/ceph-csi-encryption-kms-config/
            - name: keys-tmp-dir
              mountPath: /tmp/csi/keys
        - name: csi-rbdplugin-controller
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
          # for stable functionality replace canary with latest release version
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--type=controller"
            - "--v=5"
            - "--drivername=rbd.csi.ceph.com"
            - "--drivernamespace=$(DRIVER_NAMESPACE)"
          env:
            - name: DRIVER_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: ceph-csi-config
              mountPath: /etc/ceph-csi-config/
            - name: keys-tmp-dir
              mountPath: /tmp/csi/keys
        - name: liveness-prometheus
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--type=liveness"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--metricsport=8680"
            - "--metricspath=/metrics"
            - "--polltime=60s"
            - "--timeout=3s"
          env:
            - name: CSI_ENDPOINT
              value: unix:///csi/csi-provisioner.sock
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          imagePullPolicy: "IfNotPresent"
      volumes:
        - name: host-dev
          hostPath:
            path: /dev
        - name: host-sys
          hostPath:
            path: /sys
        - name: lib-modules
          hostPath:
            path: /lib/modules
        - name: socket-dir
          emptyDir: {
            medium: "Memory"
          }
        - name: ceph-csi-config
          configMap:
            name: ceph-csi-config
        #- name: ceph-csi-encryption-kms-config
        #  configMap:
        #    name: ceph-csi-encryption-kms-config
        - name: keys-tmp-dir
          emptyDir: {
            medium: "Memory"
          }

csi-rbdplugin.yaml 文件中,将有关KMS相关注释掉

csi-rbdplugin.yaml

---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: csi-rbdplugin
spec:
  selector:
    matchLabels:
      app: csi-rbdplugin
  template:
    metadata:
      labels:
        app: csi-rbdplugin
    spec:
      serviceAccountName: rbd-csi-nodeplugin
      hostNetwork: true
      hostPID: true
      priorityClassName: system-node-critical
      # to use e.g. Rook orchestrated cluster, and mons' FQDN is
      # resolved through k8s service, set dns policy to cluster first
      dnsPolicy: ClusterFirstWithHostNet
      containers:
        - name: driver-registrar
          # This is necessary only for systems with SELinux, where
          # non-privileged sidecar containers cannot access unix domain socket
          # created by privileged CSI driver container.
          securityContext:
            privileged: true
          image: quay.io/k8scsi/csi-node-driver-registrar:v2.0.1
          args:
            - "--v=5"
            - "--csi-address=/csi/csi.sock"
            - "--kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock"
          env:
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - name: registration-dir
              mountPath: /registration
        - name: csi-rbdplugin
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
            allowPrivilegeEscalation: true
          # for stable functionality replace canary with latest release version
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--nodeid=$(NODE_ID)"
            - "--type=rbd"
            - "--nodeserver=true"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--v=5"
            - "--drivername=rbd.csi.ceph.com"
            # If topology based provisioning is desired, configure required
            # node labels representing the nodes topology domain
            # and pass the label names below, for CSI to consume and advertise
            # its equivalent topology domain
            # - "--domainlabels=failure-domain/region,failure-domain/zone"
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: NODE_ID
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # - name: POD_NAMESPACE
            #   valueFrom:
            #     fieldRef:
            #       fieldPath: spec.namespace
            # - name: KMS_CONFIGMAP_NAME
            #   value: encryptionConfig
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - mountPath: /dev
              name: host-dev
            - mountPath: /sys
              name: host-sys
            - mountPath: /run/mount
              name: host-mount
            - mountPath: /lib/modules
              name: lib-modules
              readOnly: true
            - name: ceph-csi-config
              mountPath: /etc/ceph-csi-config/
            #- name: ceph-csi-encryption-kms-config
            #  mountPath: /etc/ceph-csi-encryption-kms-config/
            - name: plugin-dir
              mountPath: /var/lib/kubelet/plugins
              mountPropagation: "Bidirectional"
            - name: mountpoint-dir
              mountPath: /var/lib/kubelet/pods
              mountPropagation: "Bidirectional"
            - name: keys-tmp-dir
              mountPath: /tmp/csi/keys
        - name: liveness-prometheus
          securityContext:
            privileged: true
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--type=liveness"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--metricsport=8680"
            - "--metricspath=/metrics"
            - "--polltime=60s"
            - "--timeout=3s"
          env:
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          imagePullPolicy: "IfNotPresent"
      volumes:
        - name: socket-dir
          hostPath:
            path: /var/lib/kubelet/plugins/rbd.csi.ceph.com
            type: DirectoryOrCreate
        - name: plugin-dir
          hostPath:
            path: /var/lib/kubelet/plugins
            type: Directory
        - name: mountpoint-dir
          hostPath:
            path: /var/lib/kubelet/pods
            type: DirectoryOrCreate
        - name: registration-dir
          hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: Directory
        - name: host-dev
          hostPath:
            path: /dev
        - name: host-sys
          hostPath:
            path: /sys
        - name: host-mount
          hostPath:
            path: /run/mount
        - name: lib-modules
          hostPath:
            path: /lib/modules
        - name: ceph-csi-config
          configMap:
            name: ceph-csi-config
        #- name: ceph-csi-encryption-kms-config
        #  configMap:
        #    name: ceph-csi-encryption-kms-config
        - name: keys-tmp-dir
          emptyDir: {
            medium: "Memory"
          }
---
# This is a service to expose the liveness metrics
apiVersion: v1
kind: Service
metadata:
  name: csi-metrics-rbdplugin
  labels:
    app: csi-metrics
spec:
  ports:
    - name: http-metrics
      port: 8080
      protocol: TCP
      targetPort: 8680
  selector:
    app: csi-rbdplugin

1-5的yaml放在同一个目录,然后执行:

#kubectl apply -f .

二、创建rbd-sc

1 创建rbd的secret

csi-rbd-secret.yaml

---
apiVersion: v1
kind: Secret
metadata:
  name: csi-rbd-secret
  namespace: default
stringData:
  userID: admin
  userKey: AQABcKZfMUF9FBAAf9gcYUkS0KW/ptcOpHPWyA==

2 创建 csi-rbd的storageclass

csi-rbd-sc.yaml

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
   name: csi-rbd
provisioner: rbd.csi.ceph.com
parameters:
   clusterID: 319d2cce-b087-4de9-bd4a-13edc7644abc
   pool: kube
#   imageFeatures: layering
   csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
   csi.storage.k8s.io/provisioner-secret-namespace: default
   csi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secret
   csi.storage.k8s.io/controller-expand-secret-namespace: default
   csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
   csi.storage.k8s.io/node-stage-secret-namespace: default
   csi.storage.k8s.io/fstype: xfs
   imageFormat: "2"
   imageFeatures: "layering"
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
   - discard

3 创建pvc

csi-rbd-pvc.yaml

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: csi-rbd-pvc1
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Block
  resources:
    requests:
      storage: 1Gi
  storageClassName: csi-rbd

4 执行1-3步的yaml

kubectl apply -f csi-rbd-secret.yaml
kubectl apply -f csi-rbd-sc.yaml
kubectl apply -f csi-rbd-pvc.yaml

查看结果:

# kubectl get pvc
NAME           STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
csi-rbd-pvc1   Bound    pvc-aaedd83d-9338-4795-8d3d-b217b496c4a9   3Gi        RWO            csi-rbd        18h

参考博客:https://www.cnblogs.com/abner123/p/13220075.html

https://blog.csdn.net/qq_42015987/article/details/116528450

https://github.com/ceph/ceph-csi/

kubectl edit storageclasses.storage.k8s.io rbd

查看是否有如下字段
allowVolumeExpansion: true #增加该字段表示允许动态扩容

你可能感兴趣的:(ceph,后端,kubernetes,docker)

  • Docker Image 详细讲解 陈辰学长 docker容器运维
    DockerImage详细讲解DockerImage是Docker生态系统中的核心概念之一,它作为容器运行的基础,封装了应用运行所需的环境和依赖。本文将详细讲解DockerImage的定义、构建、存储、管理以及使用,帮助读者全面理解DockerImage。一、DockerImage概述DockerImage是一个轻量级、可执行的独立软件包,包含了运行某个软件所需要的所有内容,包括代码、运行时、库、
  • 深度解析智能问答系统:如何打造精准、高效的AI对话架构? 和老莫一起学AI 人工智能架构自然语言处理产品经理语言模型学习ai
    在人工智能的飞速发展中,智能问答系统(QA系统)逐渐成为了企业内部管理、客户服务、搜索引擎等多个领域中的关键技术。今天,我们将深入探讨一个基于大模型、自然语言处理、知识检索的智能问答系统的架构,详细介绍其技术原理、流程以及未来应用前景。一、系统整体概览在这个智能问答系统中,整个流程可以大致划分为两大部分:前端问答生成与后端离线数据处理。前端部分是用户交互的核心,通过用户的输入、关键词提取、检索和问
  • Java并发编程:线程安全的策略与实践 喵手 零基础学Javajava安全开发语言
    哈喽,各位小伙伴们,你们好呀,我是喵手。运营社区:C站/掘金/腾讯云/阿里云/华为云/51CTO;欢迎大家常来逛逛  今天我要给大家分享一些自己日常学习到的一些知识点,并以文字的形式跟大家一起交流,互相学习,一个人虽可以走的更快,但一群人可以走的更远。  我是一名后端开发爱好者,工作日常接触到最多的就是Java语言啦,所以我都尽量抽业余时间把自己所学到所会的,通过文章的形式进行输出,希望以这种方式
  • httpslocalhostindex 配置的nginx,一刷新就报404了 m0_74824112 nginx运维
    当你的Nginx配置导致页面刷新时报404错误时,通常是由于以下几个原因造成的:静态文件路径配置错误:Nginx没有正确地指向静态文件的目录。前端路由问题:如果是SPA(单页应用),刷新页面时Nginx没有正确地将请求重定向到入口文件(如index.html)。反向代理配置错误:如果Nginx作为反向代理,后端服务可能没有正确处理请求。检查和解决步骤1.检查静态文件路径配置确保Nginx配置文件中
  • 提高API性能的十个常见优化方法 花千树-010 分布式服务器分布式性能优化
    在当今数字化时代,API作为软件系统之间交互的关键接口,其性能直接关系到用户体验和业务效率。随着数据量的爆炸性增长和用户对响应速度的极致追求,API性能优化成为了软件开发中至关重要的一环。本文将详细介绍十种常见的API性能优化方法,帮助开发者提升系统性能,满足业务需求。一、缓存缓存是提高API性能的常用手段,尤其适用于读多写少的场景。通过在内存中存储热点数据的副本,减少对后端数据库的直接访问,从而
  • 前后端分离VUE3+Springboot项目集成PageOffice核心代码 wqqqianqian springbootjavapageofficevue在线编辑
    后端Springboot项目在项目的pom.xml中通过下面的代码引入PageOffice依赖。pageoffice.jar已发布到Maven中央仓库,建议使用最新版本。com.zhuozhengsoftpageoffice6.3.3.1-javax在项目的启动类Application类中添加一项@Bean配置,此为PageOffice服务器端的必要配置,代码如下:@Value("${posysp
  • 前后端分离VUE+Springboot项目集成PageOffice核心代码 wqqqianqian springbootvuepageoffice在线编辑
    后端Springboot项目在项目的pom.xml中通过下面的代码引入PageOffice依赖。pageoffice.jar已发布到Maven中央仓库,建议使用最新版本。com.zhuozhengsoftpageoffice6.3.3.1-javax在项目的启动类Application类中添加一项@Bean配置,此为PageOffice服务器端的必要配置,代码如下:@Value("${posysp
  • 从零开始用Docker构建自己的项目环境 IRUIRUI__ docker容器运维
    目录一、安装配置Docker1.环境配置step1安装依赖step2添加Docker的官方GPG密钥step3添加Docker的APT源step4更新APT包索引step5安装DockerCE验证安装step6配置Docker加速器2.创建容器step1准备一个镜像用于运行容器step2将镜像放到宿主机step3在刚才的目录内创建Dockerfilestep4构建新的镜像step5运行容器3.其他
  • 云原生周刊:K8s 生产环境架构设计及成本分析 云计算
    开源项目推荐KubeZoneNetKubeZoneNet旨在帮助监控和优化Kubernetes集群中的跨可用区(Cross-Zone)网络流量。这个项目提供了一种简便的方式来跟踪和分析Kubernetes集群中跨不同可用区的通信,帮助用户优化集群的网络架构、提高资源利用效率并减少网络延迟。通过实时监控和数据分析,KubeZoneNet能有效地识别跨可用区的网络瓶颈,并提供改进建议,以支持Kuber
  • 出海工具集 web前端进阶者 前端
    群聊分享的一个工具集合,看了几个,感觉有点子用,收藏一波,下面有GitHub的地址;吃水不忘挖井人;GitHub地址分类目录导航Web开发框架或模板Chrome插件开发前端开发后端开发数据库管理对象关系映射(ORM)样式与UI框架原型设计认证与授权支付集成邮件服务网站分析在线客服和反馈服务部署与托管网站管理域名注册文档管理协议生成图标资源字体资源图片视频素材图片视频处理工具屏幕录制短链或长链信息渠
  • jenkins持续集成入门18 - (Pipeline Script from SCM)流水线项目 用dockerfile-maven-plugin生成docker镜像并push到harbor私有仓库 小哇666 项目构建/代码管理dockermavenjenkinsharborci/cd
    前提或注意事项:adocker远程连接已开启idea集成docker实现远程连接,可视化操作_小哇-CSDN博客bHarbor先建立好一个项目,名称为haiwangcjenkins中建立的项目名要和idea中maven的项目名称保持一致ddockerfile-maven-plugin的权限Jenkins使用docker-maven-plugin进行编译时发现没有权限-if年少有为-博客园正式开始创
  • 微服务网关,如何选择? 淡黄的Cherry 闲聊云原生
    什么是API网关API网关(APIGateway)是微服务架构中的一个关键组件,它充当了客户端与后端服务之间的中间层。其主要功能包括请求路由、协议转换、负载均衡、安全认证、限流熔断等。通过API网关,客户端无需直接与多个微服务交互,而是通过统一的入口访问后端服务,从而简化了系统的复杂性。API网关的主要功能路由功能:路由是微服务网关的核心能力。通过路由功能微服务网关可以将请求转发到目标微服务。在微
  • 在Linux中修改vm.max_map_count参数的步骤 行路见知 linux运维
    使用docker安装es时报错,Elasticsearch需要更多的虚拟内存区域ERROR:[1]bootstrapchecksfailed.Youmustaddressthepointsdescribedinthefollowing[1]linesbeforestartingElasticsearch.bootstrapcheckfailure[1]of[1]:maxvirtualmemorya
  • Anthropic运维工程师的IT基础设施总结清单(上) CloudPilotAI IT基础设施运维kubernetes工程师
    Karpenter开源地址:https://github.com/kubernetes-sigs/karpenter本文由Anthropic工程师JackLindamood撰写,分享了他之前在一家初创公司中负责IT基础设施的经验,包括从中吸取的教训和一些最佳实践。过去四年里,我负责了一家初创公司的基础设施建设工作。这家公司当时正寻求快速扩大规模。从一开始,我们就做出了一些核心决策,这些决策在过去四
  • ubuntu20 docker安装 花椒且喵酱 Linuxdocker容器运维
    https://www.cnblogs.com/lqqgis/p/18276118#更新软件包索引sudoapt-getupdate#安装需要的软件包以使apt能够通过HTTPS使用仓库sudoapt-getinstallca-certificatescurlgnupglsb-release#添加阿里云官方GPG密钥curl-fsSLhttp://mirrors.aliyun.com/docker
  • Nginx反向代理时传递客户端真实IP&Nginx配置使用缓存机制&压力测试 Field_Yang Nginx服务器Nginx传递客户端真实IPNginx配置缓存机制Nginx压测
    win7客户端请求web服务,win7;nginx作为反向代理服务器:192.168.88.130:8080test.field.com;nginx作为后端web服务器:192.168.88.131:8080www.field.com;httpd作为后端web服务器:192.168.88.131:80www.field.com;1、Nginx反向代理时传递客户端真实IPngx_http_proxy
  • Arch - 架构安全性_验证(Verification) 小小工匠 【凤凰架构】架构验证Verification
    文章目录OverView导图1.引言:数据验证的重要性概述2.数据验证的基本概念3.数据验证的层次前端验证后端验证4.数据验证的标准做法5.自定义校验注解6.校验结果的处理7.性能考虑与副作用8.小结OverView即使只限定在“软件架构设计”这个语境下,系统安全仍然是一个很大的话题。接下来我们将对系统安全架构的各个方面进行详细分析,包括认证、授权、凭证、保密、传输安全和验证,结合案例实践,展示如
  • SpringBoot3使用Swagger3 m0_74825260 java
    SpringBoot3使用Swagger3项目中的后端接口进行简单的前端展示一、依赖引入二、快速启动1.在application.yml中配置2.或者properties文件,则配置3.启动项目访问swagger三、使用注解标注接口Swagger配置文件Swagger注解迁移举例五种常用@Api@ApiOperation@ApiImplicitParam@ApiModel@ApiModelProp
  • SpringBoot使用令牌桶算法+拦截器+自定义注解+自定义异常实现简单的限流 Java精选 算法springboot前端后端java
    令牌桶在高并发的情况下,限流是后端常用的手段之一,可以对系统限流、接口限流、用户限流等,本文就使用令牌桶算法+拦截器+自定义注解+自定义异常实现限流的demo。令牌桶思想大小固定的令牌桶可自行以恒定的速率源源不断地产生令牌。如果令牌不被消耗,或者被消耗的速度小于产生的速度,令牌就会不断地增多,直到把桶填满。后面再产生的令牌就会从桶中溢出。最后桶中可以保存的最大令牌数永远不会超过桶的大小。然后每个访
  • 【Docker】在 CentOS 上安装 Docker 的完整指南 丶2136 #dockerdockercentos
    目录一、准备工作二、检查系统版本三、安装Docker1.依赖包安装2.添加Docker仓库3.安装Docker四、启动与测试Docker1.启动Docker服务2.验证Docker是否安装成功3.运行HelloWorld容器五、设置Docker自动启动六、常用Docker命令七、卸载Docker总结Docker是现代软件开发中不可或缺的工具,它提供了一种轻量级的虚拟化解决方案,帮助开发者更方便地打
  • 【Docker】在 Ubuntu 上安装 Docker 的详细指南 丶2136 #dockerdockerubuntu
    目录一、准备工作二、检查系统版本三、安装Docker1.安装必要的依赖2.添加Docker的官方GPG密钥3.添加Docker的APT源4.更新APT包索引5.安装DockerCE6.验证Docker是否安装成功四、启动与测试Docker1.启动Docker服务2.运行HelloWorld容器五、设置Docker自动启动1.启用Docker服务2.检查服务状态3.启动Docker服务(如未运行)4
  • Microi 吾码与 JavaScript:前端低代码平台的强大组合 小周不想卷 javascript
    目录一、引言二、Microi吾码概述三、JavaScript在Microi吾码前端开发中的应用(一)前端V8引擎与JavaScript(二)接口引擎与JavaScript四、JavaScript在Microi吾码后端开发中的协同(一)与C#后端框架的交互(二)利用gRPC实现跨语言通信五、Microi吾码中JavaScript与数据库的交互六、Microi吾码中JavaScript在表单与模板引擎
  • Ubuntu系统上安装Docker教程 goomind 软件安装教程dockerubuntu容器
    文章目录前言一、Docker是什么?二、安装步骤结束语前言Docker是一种非常流行的容器化技术,可以帮助开发人员将应用程序和服务打包到容器中,实现跨平台的部署和运行。博主作为AI的科研人员,平时用的Linux发行版是Ubuntu,所以本文将介绍如何在Ubuntu系统上安装Docker,并配置Docker环境,以便在容器中运行应用程序和服务。无论是初学者还是有一定Docker使用经验的读者都能从中
  • 全新4.2版本多功能社交兴趣爱好圈子系统涵盖APP、小程序和H5三个端口 ,圈子系统小程序成品源码 前端后端小程序数据库
    圈子系统通常指的是社交平台或论坛中的一种功能模块,用于创建和管理兴趣小组或讨论群组。这种系统的源码会涉及到后端数据库设计、用户认证授权、消息传递、群组管理等多个模块。适用于多种场景语音匹配:(主要是匹配当前在线的异性,会主动发送弹窗,对方同意后,进入1v1双方语聊,默认6分钟,如果双方点喜欢按钮,可延长到30分钟。时间到了后,双方私聊即可)每次话费虚拟币。灵魂匹配:是根据采集的用户更多数据和心理测
  • JavaWeb 开发入门:从基础到应用 大梦百万秋 知识学爆java
    JavaWeb是基于Java技术构建的Web应用开发体系。得益于Java的跨平台性和强大的生态系统,JavaWeb长期以来一直是企业级开发的首选方案之一。本篇博客将从JavaWeb的基本概念、核心技术到实际项目开发,带你全面了解如何利用JavaWeb构建一个动态网站。什么是JavaWeb?JavaWeb是使用Java技术开发Web应用程序的总称,通常包括动态网页、交互式功能和后端逻辑。它支持开发以
  • docker-compose。yml文件简单编辑 㲸逆 #dockerdocker
    docker-compose.yml文件编辑文章目录docker-compose.yml文件编辑1compose文件的基本结构2compose编写操作首先拉取一个镜像为了方便yml文件的编写我们将镜像名字缩短进入docker-compose.yml中运行compose停止compose运行即停止并移除由docker-compose.yml文件定义的所有服务、网络和卷1compose文件的基本结构1
  • 解锁新技能:Windows Forms与ASP.NET API的梦幻联动 步、步、为营 windowsasp.net后端
    一、开篇引入嘿,各位开发小伙伴们!在日常开发的“战场”上,我们常常会遭遇一个棘手的难题:如何让前端应用与后端服务实现高效且稳定的交互呢?特别是在使用WindowsForms构建桌面应用程序时,这个问题尤为突出。想象一下,你精心打造了一个功能强大的WindowsForms应用,满心期待它能与后端的ASP.NETAPI顺畅“对话”,实现数据的实时获取与更新,为用户带来绝佳的体验。但现实却可能给你泼一盆
  • 云原生前端开发:打造现代化高性能的用户体验 大梦百万秋 知识学爆状态模式
    引言:前端开发的新风向在过去的几年中,前端开发领域经历了快速的演变,从早期的静态网页到如今复杂的单页应用(SPA),再到微前端架构和渐进式Web应用(PWA),前端技术一直处于技术变革的中心。而随着云原生的理念在后端开发中逐渐成熟,前端开发也迎来了新的机遇和挑战。云原生前端开发意味着应用的架构设计和开发方式需要更加注重现代化的开发工具链、灵活性、性能优化和可扩展性。本文将从技术角度讨论如何运用云原
  • 学生作业-学生选课系统,后端SpringBoot + maven,前端vue。涉及管理员、学生和教师三个角色。教师可设置课程信息以及学生成绩录入;学生可选课和查看成绩。源码中包含MySQ数据表sql。 程序员WANG vue.js前端springboot
    1、学生作业-学生选课系统,后端SpringBoot+maven,前端vue。涉及管理员、学生和教师三个角色。教师可设置课程信息以及学生成绩录入;学生可选课和查看成绩。2、源码中包含数据表,sql文件,mysql数据库,可一键导入。3、管理员账号和密码root、root;学生和教师的账号请查看数据表,密码均为123456。4、Management是后端代码,vue是前端vue代码,按照正常启动(v
  • npm install CERT_HAS_EXPIRED解决方法 奔跑吧邓邓子 常见问题解答(FAQ)npm前端node.jsexpirednpminstall
    提示:“奔跑吧邓邓子”的常见问题专栏聚焦于各类技术领域常见问题的解答。涵盖操作系统(如CentOS、Linux等)、开发工具(如AndroidStudio)、服务器软件(如Zabbix、JumpServer、RocketMQ等)以及远程桌面、代码克隆等多种场景。针对如远程桌面无法复制粘贴、Kubernetes报错、自启动报错、各类软件安装报错、内存占用问题、网络连接问题等提供了详细的问题描述与有效
  • jQuery 跨域访问的三种方式 No 'Access-Control-Allow-Origin' header is present on the reque qiaolevip 每天进步一点点学习永无止境跨域众观千象
    XMLHttpRequest cannot load http://v.xxx.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. test.html:1
  • mysql 分区查询优化 annan211 java分区优化mysql
    分区查询优化 引入分区可以给查询带来一定的优势,但同时也会引入一些bug. 分区最大的优点就是优化器可以根据分区函数来过滤掉一些分区,通过分区过滤可以让查询扫描更少的数据。 所以,对于访问分区表来说,很重要的一点是要在where 条件中带入分区,让优化器过滤掉无需访问的分区。 可以通过查看explain执行计划,是否携带 partitions
  • MYSQL存储过程中使用游标 chicony Mysql存储过程
    DELIMITER $$ DROP PROCEDURE IF EXISTS getUserInfo $$ CREATE PROCEDURE getUserInfo(in date_day datetime)-- -- 实例-- 存储过程名为:getUserInfo-- 参数为:date_day日期格式:2008-03-08--    BEGINdecla
  • mysql 和 sqlite 区别 Array_06 sqlite
    转载: http://www.cnblogs.com/ygm900/p/3460663.html mysql 和 sqlite 区别 SQLITE是单机数据库。功能简约,小型化,追求最大磁盘效率 MYSQL是完善的服务器数据库。功能全面,综合化,追求最大并发效率 MYSQL、Sybase、Oracle等这些都是试用于服务器数据量大功能多需要安装,例如网站访问量比较大的。而sq
  • pinyin4j使用 oloz pinyin4j
    首先需要pinyin4j的jar包支持;jar包已上传至附件内 方法一:把汉字转换为拼音;例如:编程转换后则为biancheng      /** * 将汉字转换为全拼 * @param src 你的需要转换的汉字 * @param isUPPERCASE 是否转换为大写的拼音; true:转换为大写;fal
  • 微博发送私信 随意而生 微博
    在前面文章中说了如和获取登陆时候所需要的cookie,现在只要拿到最后登陆所需要的cookie,然后抓包分析一下微博私信发送界面 http://weibo.com/message/history?uid=****&name=**** 可以发现其发送提交的Post请求和其中的数据, 让后用程序模拟发送POST请求中的数据,带着cookie发送到私信的接入口,就可以实现发私信的功能了。
  • jsp 香水浓 jsp
    JSP初始化     容器载入JSP文件后,它会在为请求提供任何服务前调用jspInit()方法。如果您需要执行自定义的JSP初始化任务,复写jspInit()方法就行了 JSP执行     这一阶段描述了JSP生命周期中一切与请求相关的交互行为,直到被销毁。     当JSP网页完成初始化后
  • 在 Windows 上安装 SVN Subversion 服务端 AdyZhang SVN
    在 Windows 上安装 SVN Subversion 服务端2009-09-16高宏伟哈尔滨市道里区通达街291号   最佳阅读效果请访问原地址:http://blog.donews.com/dukejoe/archive/2009/09/16/1560917.aspx   现在的Subversion已经足够稳定,而且已经进入了它的黄金时段。我们看到大量的项目都在使
  • android开发中如何使用 alertDialog从listView中删除数据? aijuans android
    我现在使用listView展示了很多的配置信息,我现在想在点击其中一条的时候填出 alertDialog,点击确认后就删除该条数据,( ArrayAdapter ,ArrayList,listView 全部删除),我知道在 下面的onItemLongClick 方法中 参数 arg2  是选中的序号,但是我不知道如何继续处理下去 1 2 3
  • jdk-6u26-linux-x64.bin 安装 baalwolf linux
    1.上传安装文件(jdk-6u26-linux-x64.bin) 2.修改权限 [root@localhost ~]# ls -l /usr/local/jdk-6u26-linux-x64.bin 3.执行安装文件 [root@localhost ~]# cd /usr/local [root@localhost local]# ./jdk-6u26-linux-x64.bin&nbs
  • MongoDB经典面试题集锦 BigBird2012 mongodb
    1.什么是NoSQL数据库?NoSQL和RDBMS有什么区别?在哪些情况下使用和不使用NoSQL数据库? NoSQL是非关系型数据库,NoSQL = Not Only SQL。 关系型数据库采用的结构化的数据,NoSQL采用的是键值对的方式存储数据。 在处理非结构化/半结构化的大数据时;在水平方向上进行扩展时;随时应对动态增加的数据项时可以优先考虑使用NoSQL数据库。 在考虑数据库的成熟
  • JavaScript异步编程Promise模式的6个特性 bijian1013 JavaScriptPromise
            Promise是一个非常有价值的构造器,能够帮助你避免使用镶套匿名方法,而使用更具有可读性的方式组装异步代码。这里我们将介绍6个最简单的特性。         在我们开始正式介绍之前,我们想看看Javascript Promise的样子: var p = new Promise(function(r
  • [Zookeeper学习笔记之八]Zookeeper源代码分析之Zookeeper.ZKWatchManager bit1129 zookeeper
    ClientWatchManager接口 //接口的唯一方法materialize用于确定那些Watcher需要被通知 //确定Watcher需要三方面的因素1.事件状态 2.事件类型 3.znode的path public interface ClientWatchManager { /** * Return a set of watchers that should
  • 【Scala十五】Scala核心九:隐式转换之二 bit1129 scala
    隐式转换存在的必要性,   在Java Swing中,按钮点击事件的处理,转换为Scala的的写法如下:   val button = new JButton button.addActionListener( new ActionListener { def actionPerformed(event: ActionEvent) {
  • Android JSON数据的解析与封装小Demo ronin47
    转自:http://www.open-open.com/lib/view/open1420529336406.html package com.example.jsondemo; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject;    impor
  • [设计]字体创意设计方法谈 brotherlamp UIui自学ui视频ui教程ui资料
      从古至今,文字在我们的生活中是必不可少的事物,我们不能想象没有文字的世界将会是怎样。在平面设计中,UI设计师在文字上所花的心思和功夫最多,因为文字能直观地表达UI设计师所的意念。在文字上的创造设计,直接反映出平面作品的主题。 如设计一幅戴尔笔记本电脑的广告海报,假设海报上没有出现“戴尔”两个文字,即使放上所有戴尔笔记本电脑的图片都不能让人们得知这些电脑是什么品牌。只要写上“戴尔笔
  • 单调队列-用一个长度为k的窗在整数数列上移动,求窗里面所包含的数的最大值 bylijinnan java算法面试题
    import java.util.LinkedList; /* 单调队列 滑动窗口 单调队列是这样的一个队列:队列里面的元素是有序的,是递增或者递减 题目:给定一个长度为N的整数数列a(i),i=0,1,...,N-1和窗长度k. 要求:f(i) = max{a(i-k+1),a(i-k+2),..., a(i)},i = 0,1,...,N-1 问题的另一种描述就
  • struts2处理一个form多个submit chiangfai struts2
    web应用中,为完成不同工作,一个jsp的form标签可能有多个submit。如下代码: <s:form action="submit" method="post" namespace="/my"> <s:textfield name="msg" label="叙述:">
  • shell查找上个月,陷阱及野路子 chenchao051 shell
    date -d "-1 month" +%F     以上这段代码,假如在2012/10/31执行,结果并不会出现你预计的9月份,而是会出现八月份,原因是10月份有31天,9月份30天,所以-1 month在10月份看来要减去31天,所以直接到了8月31日这天,这不靠谱。     野路子解决:假设当天日期大于15号
  • mysql导出数据中文乱码问题 daizj mysql中文乱码导数据
    解决mysql导入导出数据乱码问题方法: 1、进入mysql,通过如下命令查看数据库编码方式: mysql>  show variables like 'character_set_%'; +--------------------------+----------------------------------------+ | Variable_name&nbs
  • SAE部署Smarty出现:Uncaught exception 'SmartyException' with message 'unable to write dcj3sjt126com PHPsmartysae
      对于SAE出现的问题:Uncaught exception 'SmartyException' with message 'unable to write file...。 官方给出了详细的FAQ:http://sae.sina.com.cn/?m=faqs&catId=11#show_213 解决方案为:   01 $path 
  • 《教父》系列台词 dcj3sjt126com
    Your love is also your weak point. 你的所爱同时也是你的弱点。   If anything in this life is certain, if history has taught us anything, it is that you can kill anyone.   不顾家的人永远不可能成为一个真正的男人。 &
  • mongodb安装与使用 dyy_gusi mongo
    一.MongoDB安装和启动,widndows和linux基本相同 1.下载数据库,     linux:mongodb-linux-x86_64-ubuntu1404-3.0.3.tgz 2.解压文件,并且放置到合适的位置     tar -vxf mongodb-linux-x86_64-ubun
  • Git排除目录 geeksun git
    在Git的版本控制中,可能有些文件是不需要加入控制的,那我们在提交代码时就需要忽略这些文件,下面讲讲应该怎么给Git配置一些忽略规则。   有三种方法可以忽略掉这些文件,这三种方法都能达到目的,只不过适用情景不一样。 1.  针对单一工程排除文件 这种方式会让这个工程的所有修改者在克隆代码的同时,也能克隆到过滤规则,而不用自己再写一份,这就能保证所有修改者应用的都是同一
  • Ubuntu 创建开机自启动脚本的方法 hongtoushizi ubuntu
    转载自: http://rongjih.blog.163.com/blog/static/33574461201111504843245/ Ubuntu 创建开机自启动脚本的步骤如下: 1) 将你的启动脚本复制到 /etc/init.d目录下 以下假设你的脚本文件名为 test。   2) 设置脚本文件的权限 $ sudo chmod 755
  • 第八章 流量复制/AB测试/协程 jinnianshilongnian nginxluacoroutine
    流量复制 在实际开发中经常涉及到项目的升级,而该升级不能简单的上线就完事了,需要验证该升级是否兼容老的上线,因此可能需要并行运行两个项目一段时间进行数据比对和校验,待没问题后再进行上线。这其实就需要进行流量复制,把流量复制到其他服务器上,一种方式是使用如tcpcopy引流;另外我们还可以使用nginx的HttpLuaModule模块中的ngx.location.capture_multi进行并发
  • 电商系统商品表设计 lkl
    DROP TABLE IF EXISTS `category`; -- 类目表 /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `category` ( `id` int(11) NOT NUL
  • 修改phpMyAdmin导入SQL文件的大小限制 pda158 sqlmysql
     用phpMyAdmin导入mysql数据库时,我的10M的 数据库不能导入,提示mysql数据库最大只能导入2M。    phpMyAdmin数据库导入出错:   You probably tried to upload too large file. Please refer to documentation for ways to workaround this limit.
  • Tomcat性能调优方案 Sobfist apachejvmtomcat应用服务器
    一、操作系统调优 对于操作系统优化来说,是尽可能的增大可使用的内存容量、提高CPU的频率,保证文件系统的读写速率等。经过压力测试验证,在并发连接很多的情况下,CPU的处理能力越强,系统运行速度越快。。 【适用场景】 任何项目。 二、Java虚拟机调优 应该选择SUN的JVM,在满足项目需要的前提下,尽量选用版本较高的JVM,一般来说高版本产品在速度和效率上比低版本会有改进。 J
  • SQLServer学习笔记 vipbooks 数据结构xml
    1、create database school 创建数据库school 2、drop database school 删除数据库school 3、use school 连接到school数据库,使其成为当前数据库 4、create table class(classID int primary key identity not null) 创建一个名为class的表,其有一
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他