cloud_engineer
cloud_engineer

k8s rbd 后端存储

github yaml克隆地址:https://github.com/kubernetes-retired/external-storage/tree/master/ceph/rbd/deploy/rbac

k8s使用rbd-provisioner插件对接 Ceph RBD作为后端存储

一、准备工作

Ceph版本:12.2.13 luminous稳定版,本步骤前2步在ceph集群操作。

1、Ceph上准备存储池
# ceph osd pool create kube 128 128
pool 'kube' created
# ceph osd pool ls | grep kube
kube
2、Ceph上准备K8S客户端账号

本环境中直接使用了Ceph的admin账号,当然生产环境中还是要根据不同功能客户端分配不同的账号:
ceph auth get-or-create client.kube mon ‘allow r’ osd ‘allow rwx pool=kube’ -o ceph.client.kube.keyring
获取账号的密钥:

# ceph auth get-key client.admin | base64
QVFBQmNLWmZNVUY5RkJBQWY5Z2NZVWtTMEtXL3B0Y09wSFBXeUE9PQ==
3、运行rbd-provisioner插件

使用StorageClass动态创建PV时,controller-manager会自动在Ceph上创建image,所以我们要为其准备好rbd-provisioner。

(1)如果集群是用kubeadm部署的,由于controller-manager官方镜像中没有rbd命令,所以我们要从github下载插件rbd-provisioner相关yaml并运行。

从github克隆yaml下来

git clone https://github.com/kubernetes-retired/external-storage/tree/master/ceph/rbd/deploy/rbac

clusterrolebinding.yaml

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-provisioner
subjects:
  - kind: ServiceAccount
    name: rbd-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: rbd-provisioner
  apiGroup: rbac.authorization.k8s.io

clusterrole.yaml

kind: ClusterRole 
apiVersion: rbac.authorization.k8s.io/v1 
metadata: 
  name: rbd-provisioner 
rules: 
  - apiGroups: [""] 
    resources: ["persistentvolumes"] 
    verbs: ["get", "list", "watch", "create", "delete"] 
  - apiGroups: [""] 
    resources: ["persistentvolumeclaims"] 
    verbs: ["get", "list", "watch", "update"] 
  - apiGroups: ["storage.k8s.io"] 
    resources: ["storageclasses"] 
    verbs: ["get", "list", "watch"] 
  - apiGroups: [""] 
    resources: ["events"] 
    verbs: ["create", "update", "patch"] 
  - apiGroups: [""] 
    resources: ["services"] 
    resourceNames: ["kube-dns","coredns"] 
    verbs: ["list", "get"]

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: rbd-provisioner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: rbd-provisioner
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: rbd-provisioner
    spec:
      containers:
      - name: rbd-provisioner
        image: "quay.io/external_storage/rbd-provisioner:latest"
        env:
        - name: PROVISIONER_NAME
          value: ceph.com/rbd
      serviceAccount: rbd-provisioner

rolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rbd-provisioner
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: rbd-provisioner
subjects:
- kind: ServiceAccount
  name: rbd-provisioner
  namespace: default

role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rbd-provisioner
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
- apiGroups: [""]
  resources: ["endpoints"]
  verbs: ["get", "list", "watch", "create", "update", "patch"]

serviceaccount.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rbd-provisioner
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
- apiGroups: [""]
  resources: ["endpoints"]
  verbs: ["get", "list", "watch", "create", "update", "patch"]
[root@kubesphere rbac]# 
[root@kubesphere rbac]# 
[root@kubesphere rbac]# 
[root@kubesphere rbac]# cat serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-provisioner

(2)如果集群是用二进制方式部署的,直接在master节点安装ceph-common即可。(二进制安装或者kubeadm都要执行)

yum install -y ceph-common

拷贝keyring文件
将ceph的ceph.client.admin.keyring及ceph.conf文件拷贝到k8s-master的/etc/ceph目录下。

备注:创建pod时,kubelet需要使用rbd命令去检测和挂载pv对应的ceph image,所以要在所有的worker节点安装ceph客户端ceph-common-13.2.5,使用L版本的ceph可以不需要安装13.2, yum默认版本即可。
4 执行运行rbd-provisioner

把yaml放在一个目录。

[root@kubesphere rbac]# ls 
clusterrolebinding.yaml  clusterrole.yaml  deployment.yaml  rolebinding.yaml  role.yaml  serviceaccount.yaml

执行kubectl命令:

kubectl apply -f .

查看pod运行情况:

kubectl get pod
NAME                               READY   STATUS    RESTARTS   AGE
rbd-provisioner-76f6bc6669-jxjmv   1/1     Running   1          13h

二、K8S上调用Ceph RBD存储

1、创建存储类

sc.yaml

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: rbd
  annotations:
    storageclass.beta.kubernetes.io/is-default-class: "false"
#provisioner: kubernetes.io/rbd
provisioner: ceph.com/rbd
reclaimPolicy: Retain
parameters:
  monitors: 192.168.3.61:6789,192.168.3.62:6789,192.168.3.63:6789
  adminId: admin
  adminSecretName: ceph-admin-secret
  adminSecretNamespace: default
  pool: kube
  userId: admin
  userSecretName: ceph-kube1-secret
  userSecretNamespace: default
  fsType: xfs
  imageFormat: "2"
  imageFeatures: "layering"
reclaimPolicy: Retain

执行:

kubectl apply -f sc.yaml

注意:provisioner的值要和rbd-provisioner设置的值一样

ceph-admin-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: ceph-admin-secret
  namespace: default
data:
  key: "QVFBQmNLWmZNVUY5RkJBQWY5Z2NZVWtTMEtXL3B0Y09wSFBXeUE9PQ=="
type: kubernetes.io/rbd

执行:

kubectl apply -f ceph-admin-secret.yaml
2、创建PVC

pvc.yaml

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: rbd-pvc1
  annotations:
    volume.beta.kubernetes.io/storage-class: "rbd"
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi

执行:

kubectl apply -f pvc.yaml

查看:

# kubectl get pvc
NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
rbd-pvc1   Bound    pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5   2Gi        RWO            rbd            13h
3 出现问题

出现以下问题:

[root@kubesphere rbd-provisioner]# kubectl describe pvc rbd-pvc1
Name:          rbd-pvc1
Namespace:     default
StorageClass:  rbd
Status:        Pending
Volume:        
Labels:        
Annotations:   volume.beta.kubernetes.io/storage-class: rbd
               volume.beta.kubernetes.io/storage-provisioner: ceph.com/rbd
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      
Access Modes:  
VolumeMode:    Filesystem
Used By:       
Events:
  Type    Reason                Age               From                         Message
  ----    ------                ----              ----                         -------
  Normal  ExternalProvisioning  2s (x4 over 30s)  persistentvolume-controller  waiting for a volume to be created, either by external provisioner "ceph.com/rbd" or manually created by system administrator

查看pod的log

[root@kubesphere rbd-provisioner]# kubectl describe pod rbd-provisioner-76f6bc6669-jxjmv
Name:         rbd-provisioner-76f6bc6669-jxjmv
Namespace:    default
Priority:     0
Node:         kubesphere/192.168.3.70
Start Time:   Fri, 18 Jun 2021 22:39:50 +0800
Labels:       app=rbd-provisioner
              pod-template-hash=76f6bc6669
Annotations:  cni.projectcalico.org/podIP: 10.233.122.54/32
              cni.projectcalico.org/podIPs: 10.233.122.54/32
Status:       Running
IP:           10.233.122.54
IPs:
  IP:           10.233.122.54
Controlled By:  ReplicaSet/rbd-provisioner-76f6bc6669
Containers:
  rbd-provisioner:
    Container ID:   docker://0fd023836307519e447ed1b6acfe8c4611ad23d27a3ed84b18024499d9fd6f27
    Image:          quay.io/external_storage/rbd-provisioner:latest
    Image ID:       docker-pullable://quay.io/external_storage/rbd-provisioner@sha256:94fd36b8625141b62ff1addfa914d45f7b39619e55891bad0294263ecd2ce09a
    Port:           
    Host Port:      
    State:          Running
      Started:      Fri, 18 Jun 2021 22:40:16 +0800
    Ready:          True
    Restart Count:  0
    Environment:
      PROVISIONER_NAME:  ceph.com/rbd
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from rbd-provisioner-token-vng7b (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  rbd-provisioner-token-vng7b:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  rbd-provisioner-token-vng7b
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  8m52s  default-scheduler  Successfully assigned default/rbd-provisioner-76f6bc6669-jxjmv to kubesphere
  Normal  Pulling    8m51s  kubelet            Pulling image "quay.io/external_storage/rbd-provisioner:latest"
  Normal  Pulled     8m27s  kubelet            Successfully pulled image "quay.io/external_storage/rbd-provisioner:latest" in 23.882600186s
  Normal  Created    8m27s  kubelet            Created container rbd-provisioner
  Normal  Started    8m26s  kubelet            Started container rbd-provisioner
[root@kubesphere rbd-provisioner]# kubectl logs pod/rbd-provisioner-76f6bc6669-jxjmv
I0618 14:40:16.264218       1 main.go:85] Creating RBD provisioner ceph.com/rbd with identity: ceph.com/rbd
I0618 14:40:16.265874       1 leaderelection.go:185] attempting to acquire leader lease  default/ceph.com-rbd...
E0618 14:40:16.276488       1 event.go:259] Could not construct reference to: '&v1.Endpoints{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"ceph.com-rbd", GenerateName:"", Namespace:"default", SelfLink:"", UID:"d996384c-1ce1-4fbe-9f31-d44ffce5706b", ResourceVersion:"414673", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:63759624016, loc:(*time.Location)(0x1bc94e0)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string{"control-plane.alpha.kubernetes.io/leader":"{\"holderIdentity\":\"rbd-provisioner-76f6bc6669-jxjmv_18d0bd2b-d043-11eb-a38e-365d0590d7f4\",\"leaseDurationSeconds\":15,\"acquireTime\":\"2021-06-18T14:40:16Z\",\"renewTime\":\"2021-06-18T14:40:16Z\",\"leaderTransitions\":0}"}, OwnerReferences:[]v1.OwnerReference(nil), Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:""}, Subsets:[]v1.EndpointSubset(nil)}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Normal' 'LeaderElection' 'rbd-provisioner-76f6bc6669-jxjmv_18d0bd2b-d043-11eb-a38e-365d0590d7f4 became leader'
I0618 14:40:16.276565       1 leaderelection.go:194] successfully acquired lease default/ceph.com-rbd
I0618 14:40:16.276610       1 controller.go:631] Starting provisioner controller ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_18d0bd2b-d043-11eb-a38e-365d0590d7f4!
I0618 14:40:16.377229       1 controller.go:680] Started provisioner controller ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_18d0bd2b-d043-11eb-a38e-365d0590d7f4!
I0618 14:47:17.806787       1 controller.go:987] provision "default/rbd-pvc1" class "rbd": started
E0618 14:47:17.814452       1 controller.go:1004] provision "default/rbd-pvc1" class "rbd": unexpected error getting claim reference: selfLink was empty, can't make reference

编辑 编辑/etc/kubernetes/manifests/kube-apiserver.yaml

在这里:

spec:
  containers:
  - command:
    - kube-apiserver

添加这一行:

- --feature-gates=RemoveSelfLink=false

重启容器:

[root@kubesphere rbd-provisioner]# docker ps | grep kube-apiserver-kubesphere
d8c2ab77fcae   ae5eb22e4a9d                                                        "kube-apiserver --ad…"   3 minutes ago       Up 3 minutes                 k8s_kube-apiserver_kube-apiserver-kubesphere_kube-system_9c4f15ddc36ae2c0aee73dac4e15953c_0
4c7b57c7706e   registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.2             "/pause"                 3 minutes ago       Up 3 minutes                 k8s_POD_kube-apiserver-kubesphere_kube-system_9c4f15ddc36ae2c0aee73dac4e15953c_0
您在 /var/spool/mail/root 中有新邮件
[root@kubesphere rbd-provisioner]# docker restart d8c2ab77fcae
d8c2ab77fcae
[root@kubesphere rbd-provisioner]# docker restart 4c7b57c7706e
4c7b57c7706e

查看pod log

kubectl logs pod/rbd-provisioner-76f6bc6669-jxjmv
I0618 14:57:08.186706       1 main.go:85] Creating RBD provisioner ceph.com/rbd with identity: ceph.com/rbd
I0618 14:57:08.189769       1 leaderelection.go:185] attempting to acquire leader lease  default/ceph.com-rbd...
I0618 14:57:25.664359       1 leaderelection.go:194] successfully acquired lease default/ceph.com-rbd
I0618 14:57:25.664747       1 controller.go:631] Starting provisioner controller ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4!
I0618 14:57:25.664852       1 event.go:221] Event(v1.ObjectReference{Kind:"Endpoints", Namespace:"default", Name:"ceph.com-rbd", UID:"d996384c-1ce1-4fbe-9f31-d44ffce5706b", APIVersion:"v1", ResourceVersion:"417887", FieldPath:""}): type: 'Normal' reason: 'LeaderElection' rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4 became leader
I0618 14:57:25.765923       1 controller.go:680] Started provisioner controller ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4!
I0618 14:57:25.766329       1 controller.go:987] provision "default/rbd-pvc1" class "rbd": started
I0618 14:57:25.776362       1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"rbd-pvc1", UID:"62a390b9-d41a-4aed-8274-3a5484cc34e5", APIVersion:"v1", ResourceVersion:"415893", FieldPath:""}): type: 'Normal' reason: 'Provisioning' External provisioner is provisioning volume for claim "default/rbd-pvc1"
I0618 14:57:26.034448       1 provision.go:132] successfully created rbd image "kubernetes-dynamic-pvc-7e7556b2-d045-11eb-b102-365d0590d7f4"
I0618 14:57:26.034581       1 controller.go:1087] provision "default/rbd-pvc1" class "rbd": volume "pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5" provisioned
I0618 14:57:26.034643       1 controller.go:1101] provision "default/rbd-pvc1" class "rbd": trying to save persistentvvolume "pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5"
I0618 14:57:26.068695       1 controller.go:1108] provision "default/rbd-pvc1" class "rbd": persistentvolume "pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5" saved
I0618 14:57:26.068775       1 controller.go:1149] provision "default/rbd-pvc1" class "rbd": succeeded
I0618 14:57:26.069769       1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"rbd-pvc1", UID:"62a390b9-d41a-4aed-8274-3a5484cc34e5", APIVersion:"v1", ResourceVersion:"415893", FieldPath:""}): type: 'Normal' reason: 'ProvisioningSucceeded' Successfully provisioned volume pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5
E0618 15:00:33.652532       1 streamwatcher.go:109] Unable to decode an event from the watch stream: http2: server sent GOAWAY and closed the connection; LastStreamID=409, ErrCode=NO_ERROR, debug=""
E0618 15:00:33.656205       1 streamwatcher.go:109] Unable to decode an event from the watch stream: http2: server sent GOAWAY and closed the connection; LastStreamID=409, ErrCode=NO_ERROR, debug=""
E0618 15:00:33.659797       1 reflector.go:322] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:668: Failed to watch *v1.StorageClass: Get https://10.233.0.1:443/apis/storage.k8s.io/v1/storageclasses?resourceVersion=417664&timeoutSeconds=390&watch=true: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:33.660592       1 reflector.go:322] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:662: Failed to watch *v1.PersistentVolumeClaim: Get https://10.233.0.1:443/api/v1/persistentvolumeclaims?resourceVersion=417930&timeoutSeconds=454&watch=true: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:33.664999       1 streamwatcher.go:109] Unable to decode an event from the watch stream: http2: server sent GOAWAY and closed the connection; LastStreamID=409, ErrCode=NO_ERROR, debug=""
E0618 15:00:33.665746       1 reflector.go:322] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:665: Failed to watch *v1.PersistentVolume: Get https://10.233.0.1:443/api/v1/persistentvolumes?resourceVersion=417928&timeoutSeconds=544&watch=true: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:33.970302       1 leaderelection.go:234] error retrieving resource lock default/ceph.com-rbd: Get https://10.233.0.1:443/api/v1/namespaces/default/endpoints/ceph.com-rbd: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:34.662192       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:668: Failed to list *v1.StorageClass: Get https://10.233.0.1:443/apis/storage.k8s.io/v1/storageclasses?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:34.663584       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:662: Failed to list *v1.PersistentVolumeClaim: Get https://10.233.0.1:443/api/v1/persistentvolumeclaims?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:34.667616       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:665: Failed to list *v1.PersistentVolume: Get https://10.233.0.1:443/api/v1/persistentvolumes?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:35.663249       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:668: Failed to list *v1.StorageClass: Get https://10.233.0.1:443/apis/storage.k8s.io/v1/storageclasses?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:35.664270       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:662: Failed to list *v1.PersistentVolumeClaim: Get https://10.233.0.1:443/api/v1/persistentvolumeclaims?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused
E0618 15:00:35.668180       1 reflector.go:205] github.com/kubernetes-incubator/external-storage/lib/controller/controller.go:665: Failed to list *v1.PersistentVolume: Get https://10.233.0.1:443/api/v1/persistentvolumes?limit=500&resourceVersion=0: dial tcp 10.233.0.1:443: connect: connection refused

查看pvc的log

kubectl describe pvc pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5
Error from server (NotFound): persistentvolumeclaims "pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5" not found
[root@kubesphere rbd-provisioner]# kubectl describe pvc rbd-pvc1
Name:          rbd-pvc1
Namespace:     default
StorageClass:  rbd
Status:        Bound
Volume:        pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5
Labels:        
Annotations:   pv.kubernetes.io/bind-completed: yes
               pv.kubernetes.io/bound-by-controller: yes
               volume.beta.kubernetes.io/storage-class: rbd
               volume.beta.kubernetes.io/storage-provisioner: ceph.com/rbd
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      2Gi
Access Modes:  RWO
VolumeMode:    Filesystem
Used By:       
Events:
  Type    Reason                 Age                 From                                                                                Message
  ----    ------                 ----                ----                                                                                -------
  Normal  ExternalProvisioning   13m (x26 over 19m)  persistentvolume-controller                                                         waiting for a volume to be created, either by external provisioner "ceph.com/rbd" or manually created by system administrator
  Normal  Provisioning           9m47s               ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4  External provisioner is provisioning volume for claim "default/rbd-pvc1"
  Normal  ProvisioningSucceeded  9m46s               ceph.com/rbd_rbd-provisioner-76f6bc6669-jxjmv_73f7f1df-d045-11eb-b102-365d0590d7f4  Successfully provisioned volume pvc-62a390b9-d41a-4aed-8274-3a5484cc34e5

参考文章:https://blog.51cto.com/fengjicheng/2401702

K8S使用rbd-csi创建快照

本次ceph插件选取最新发行版release-v3.3
最新发行版快照可支持v1版(之前版本为v1beta1)
在ceph-csi项目deploy/rbd/kubernetes目录下有官方给出的相关yaml文件,注意版本对应。另,如果对接的是cephfs则是在deploy/cephfs/kubernetes目录下,克隆地址如下:

默认版本:git clone https://github.com/ceph/ceph-csi.git
v3.3下载: git clone https://github.com/ceph/ceph-csi.git -b release-v3.3

一、安装ceph-rbd-csi

# pwd
/root/ceph-csi-release-v3.3/deploy/rbd/kubernetes
# ls
csi-config-map.yaml  csi-nodeplugin-psp.yaml   csi-provisioner-psp.yaml   csi-rbdplugin-provisioner.yaml
csidriver.yaml       csi-nodeplugin-rbac.yaml  csi-provisioner-rbac.yaml  csi-rbdplugin.yaml

以下为本次所需所有已修改yaml文件:

1 创建ConfigMap, csi-config-map.yaml 填入对应的"clusterID"和"monitors" 。

csi-config-map.yaml

---
apiVersion: v1
kind: ConfigMap
data:
  config.json: |-
    [
      {
        "clusterID": "319d2cce-b087-4de9-bd4a-13edc7644abc",
        "monitors": [
          "192.168.3.61:6789",
          "192.168.3.62:6789",
          "192.168.3.63:6789"
        ]
      }
    ]
metadata:
  name: ceph-csi-config
2 创建csidriver,新建或者编辑 csidriver.yaml
---
# if Kubernetes version is less than 1.18 change
# apiVersion to storage.k8s.io/v1betav1
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
  name: rbd.csi.ceph.com
spec:
  attachRequired: true
  podInfoOnMount: false
3 创建seviceAccount和RBAC等

csi-provisioner-rbac.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-csi-provisioner

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-external-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims/status"]
    verbs: ["update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots"]
    verbs: ["get", "list"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
    verbs: ["create", "get", "list", "watch", "update", "delete"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments/status"]
    verbs: ["patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["csinodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
    verbs: ["update"]
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-provisioner-role
subjects:
  - kind: ServiceAccount
    name: rbd-csi-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: rbd-external-provisioner-runner
  apiGroup: rbac.authorization.k8s.io

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  # replace with non-default namespace name
  namespace: default
  name: rbd-external-provisioner-cfg
rules:
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get", "list", "watch", "create", "update", "delete"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "watch", "list", "delete", "update", "create"]

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-provisioner-role-cfg
  # replace with non-default namespace name
  namespace: default
subjects:
  - kind: ServiceAccount
    name: rbd-csi-provisioner
    # replace with non-default namespace name
    namespace: default
roleRef:
  kind: Role
  name: rbd-external-provisioner-cfg
  apiGroup: rbac.authorization.k8s.io

csi-nodeplugin-rbac.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-csi-nodeplugin
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-nodeplugin
rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get"]
  # allow to read Vault Token and connection options from the Tenants namespace
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get"]
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-nodeplugin
subjects:
  - kind: ServiceAccount
    name: rbd-csi-nodeplugin
    namespace: default
roleRef:
  kind: ClusterRole
  name: rbd-csi-nodeplugin
  apiGroup: rbac.authorization.k8s.io
4 创建PodSecurityPolicy:

csi-provisioner-psp.yaml

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: rbd-csi-provisioner-psp
spec:
  allowPrivilegeEscalation: true
  allowedCapabilities:
    - 'SYS_ADMIN'
  fsGroup:
    rule: RunAsAny
  privileged: true
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'projected'
    - 'secret'
    - 'downwardAPI'
    - 'hostPath'
  allowedHostPaths:
    - pathPrefix: '/dev'
      readOnly: false
    - pathPrefix: '/sys'
      readOnly: false
    - pathPrefix: '/lib/modules'
      readOnly: true

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  # replace with non-default namespace name
  namespace: default
  name: rbd-csi-provisioner-psp
rules:
  - apiGroups: ['policy']
    resources: ['podsecuritypolicies']
    verbs: ['use']
    resourceNames: ['rbd-csi-provisioner-psp']

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-provisioner-psp
  # replace with non-default namespace name
  namespace: default
subjects:
  - kind: ServiceAccount
    name: rbd-csi-provisioner
    # replace with non-default namespace name
    namespace: default
roleRef:
  kind: Role
  name: rbd-csi-provisioner-psp
  apiGroup: rbac.authorization.k8s.io

csi-nodeplugin-psp.yaml

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: rbd-csi-nodeplugin-psp
spec:
  allowPrivilegeEscalation: true
  allowedCapabilities:
    - 'SYS_ADMIN'
  fsGroup:
    rule: RunAsAny
  privileged: true
  hostNetwork: true
  hostPID: true
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'projected'
    - 'secret'
    - 'downwardAPI'
    - 'hostPath'
  allowedHostPaths:
    - pathPrefix: '/dev'
      readOnly: false
    - pathPrefix: '/run/mount'
      readOnly: false
    - pathPrefix: '/sys'
      readOnly: false
    - pathPrefix: '/lib/modules'
      readOnly: true
    - pathPrefix: '/var/lib/kubelet/pods'
      readOnly: false
    - pathPrefix: '/var/lib/kubelet/plugins/rbd.csi.ceph.com'
      readOnly: false
    - pathPrefix: '/var/lib/kubelet/plugins_registry'
      readOnly: false
    - pathPrefix: '/var/lib/kubelet/plugins'
      readOnly: false

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-nodeplugin-psp
  # replace with non-default namespace name
  namespace: default
rules:
  - apiGroups: ['policy']
    resources: ['podsecuritypolicies']
    verbs: ['use']
    resourceNames: ['rbd-csi-nodeplugin-psp']

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-csi-nodeplugin-psp
  # replace with non-default namespace name
  namespace: default
subjects:
  - kind: ServiceAccount
    name: rbd-csi-nodeplugin
    # replace with non-default namespace name
    namespace: default
roleRef:
  kind: Role
  name: rbd-csi-nodeplugin-psp
  apiGroup: rbac.authorization.k8s.io
5 部署CSI sidecar containers和RBD CSI driver:

csi-rbdplugin-provisioner.yaml 文件中,将有关KMS相关注释掉,修改image为quay,谷歌的镜像中国下载不了。

将
# cat csi-rbdplugin-provisioner.yaml | grep k8s.gcr.io/sig-storage
          image: k8s.gcr.io/sig-storage/csi-provisioner:v2.0.4
          image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0
          image: k8s.gcr.io/sig-storage/csi-attacher:v3.0.2
          image: k8s.gcr.io/sig-storage/csi-resizer:v1.0.1
改成:
# cat csi-rbdplugin-provisioner.yaml | grep quay.io/k8scsi
          image: quay.io/k8scsi/csi-provisioner:v2.0.4
          image: quay.io/k8scsi/csi-snapshotter:v4.0.0
          image: quay.io/k8scsi/csi-attacher:v3.0.2
          image: quay.io/k8scsi/csi-resizer:v1.0.1

单节点需要将

将
kind: Deployment
apiVersion: apps/v1
metadata:
  name: csi-rbdplugin-provisioner
  namespace: kube-system
spec:
  replicas: 3
  
  
改成:
kind: Deployment
apiVersion: apps/v1
metadata:
  name: csi-rbdplugin-provisioner
  namespace: kube-system
spec:
  replicas: 1

csi-rbdplugin-provisioner.yaml

---
kind: Service
apiVersion: v1
metadata:
  name: csi-rbdplugin-provisioner
  labels:
    app: csi-metrics
spec:
  selector:
    app: csi-rbdplugin-provisioner
  ports:
    - name: http-metrics
      port: 8080
      protocol: TCP
      targetPort: 8680

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: csi-rbdplugin-provisioner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: csi-rbdplugin-provisioner
  template:
    metadata:
      labels:
        app: csi-rbdplugin-provisioner
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app
                    operator: In
                    values:
                      - csi-rbdplugin-provisioner
              topologyKey: "kubernetes.io/hostname"
      serviceAccountName: rbd-csi-provisioner
      priorityClassName: system-cluster-critical
      containers:
        - name: csi-provisioner
          image: quay.io/k8scsi/csi-provisioner:v2.0.4
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
            - "--timeout=150s"
            - "--retry-interval-start=500ms"
            - "--leader-election=true"
            #  set it to true to use topology based provisioning
            - "--feature-gates=Topology=false"
            # if fstype is not specified in storageclass, ext4 is default
            - "--default-fstype=ext4"
            - "--extra-create-metadata=true"
          env:
            - name: ADDRESS
              value: unix:///csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: csi-snapshotter
          image: quay.io/k8scsi/csi-snapshotter:v4.0.0
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
            - "--timeout=150s"
            - "--leader-election=true"
          env:
            - name: ADDRESS
              value: unix:///csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          securityContext:
            privileged: true
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: csi-attacher
          image: quay.io/k8scsi/csi-attacher:v3.0.2
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election=true"
            - "--retry-interval-start=500ms"
          env:
            - name: ADDRESS
              value: /csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: csi-resizer
          image: quay.io/k8scsi/csi-resizer:v1.0.1
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
            - "--timeout=150s"
            - "--leader-election"
            - "--retry-interval-start=500ms"
            - "--handle-volume-inuse-error=false"
          env:
            - name: ADDRESS
              value: unix:///csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: csi-rbdplugin
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
          # for stable functionality replace canary with latest release version
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--nodeid=$(NODE_ID)"
            - "--type=rbd"
            - "--controllerserver=true"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--v=5"
            - "--drivername=rbd.csi.ceph.com"
            - "--pidlimit=-1"
            - "--rbdhardmaxclonedepth=8"
            - "--rbdsoftmaxclonedepth=4"
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: NODE_ID
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # - name: POD_NAMESPACE
            #   valueFrom:
            #     fieldRef:
            #       fieldPath: spec.namespace
            # - name: KMS_CONFIGMAP_NAME
            #   value: encryptionConfig
            - name: CSI_ENDPOINT
              value: unix:///csi/csi-provisioner.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - mountPath: /dev
              name: host-dev
            - mountPath: /sys
              name: host-sys
            - mountPath: /lib/modules
              name: lib-modules
              readOnly: true
            - name: ceph-csi-config
              mountPath: /etc/ceph-csi-config/
            #- name: ceph-csi-encryption-kms-config
            #  mountPath: /etc/ceph-csi-encryption-kms-config/
            - name: keys-tmp-dir
              mountPath: /tmp/csi/keys
        - name: csi-rbdplugin-controller
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
          # for stable functionality replace canary with latest release version
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--type=controller"
            - "--v=5"
            - "--drivername=rbd.csi.ceph.com"
            - "--drivernamespace=$(DRIVER_NAMESPACE)"
          env:
            - name: DRIVER_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: ceph-csi-config
              mountPath: /etc/ceph-csi-config/
            - name: keys-tmp-dir
              mountPath: /tmp/csi/keys
        - name: liveness-prometheus
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--type=liveness"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--metricsport=8680"
            - "--metricspath=/metrics"
            - "--polltime=60s"
            - "--timeout=3s"
          env:
            - name: CSI_ENDPOINT
              value: unix:///csi/csi-provisioner.sock
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          imagePullPolicy: "IfNotPresent"
      volumes:
        - name: host-dev
          hostPath:
            path: /dev
        - name: host-sys
          hostPath:
            path: /sys
        - name: lib-modules
          hostPath:
            path: /lib/modules
        - name: socket-dir
          emptyDir: {
            medium: "Memory"
          }
        - name: ceph-csi-config
          configMap:
            name: ceph-csi-config
        #- name: ceph-csi-encryption-kms-config
        #  configMap:
        #    name: ceph-csi-encryption-kms-config
        - name: keys-tmp-dir
          emptyDir: {
            medium: "Memory"
          }

csi-rbdplugin.yaml 文件中,将有关KMS相关注释掉

csi-rbdplugin.yaml

---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: csi-rbdplugin
spec:
  selector:
    matchLabels:
      app: csi-rbdplugin
  template:
    metadata:
      labels:
        app: csi-rbdplugin
    spec:
      serviceAccountName: rbd-csi-nodeplugin
      hostNetwork: true
      hostPID: true
      priorityClassName: system-node-critical
      # to use e.g. Rook orchestrated cluster, and mons' FQDN is
      # resolved through k8s service, set dns policy to cluster first
      dnsPolicy: ClusterFirstWithHostNet
      containers:
        - name: driver-registrar
          # This is necessary only for systems with SELinux, where
          # non-privileged sidecar containers cannot access unix domain socket
          # created by privileged CSI driver container.
          securityContext:
            privileged: true
          image: quay.io/k8scsi/csi-node-driver-registrar:v2.0.1
          args:
            - "--v=5"
            - "--csi-address=/csi/csi.sock"
            - "--kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock"
          env:
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - name: registration-dir
              mountPath: /registration
        - name: csi-rbdplugin
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
            allowPrivilegeEscalation: true
          # for stable functionality replace canary with latest release version
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--nodeid=$(NODE_ID)"
            - "--type=rbd"
            - "--nodeserver=true"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--v=5"
            - "--drivername=rbd.csi.ceph.com"
            # If topology based provisioning is desired, configure required
            # node labels representing the nodes topology domain
            # and pass the label names below, for CSI to consume and advertise
            # its equivalent topology domain
            # - "--domainlabels=failure-domain/region,failure-domain/zone"
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: NODE_ID
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # - name: POD_NAMESPACE
            #   valueFrom:
            #     fieldRef:
            #       fieldPath: spec.namespace
            # - name: KMS_CONFIGMAP_NAME
            #   value: encryptionConfig
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - mountPath: /dev
              name: host-dev
            - mountPath: /sys
              name: host-sys
            - mountPath: /run/mount
              name: host-mount
            - mountPath: /lib/modules
              name: lib-modules
              readOnly: true
            - name: ceph-csi-config
              mountPath: /etc/ceph-csi-config/
            #- name: ceph-csi-encryption-kms-config
            #  mountPath: /etc/ceph-csi-encryption-kms-config/
            - name: plugin-dir
              mountPath: /var/lib/kubelet/plugins
              mountPropagation: "Bidirectional"
            - name: mountpoint-dir
              mountPath: /var/lib/kubelet/pods
              mountPropagation: "Bidirectional"
            - name: keys-tmp-dir
              mountPath: /tmp/csi/keys
        - name: liveness-prometheus
          securityContext:
            privileged: true
          image: quay.io/cephcsi/cephcsi:v3.3-canary
          args:
            - "--type=liveness"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--metricsport=8680"
            - "--metricspath=/metrics"
            - "--polltime=60s"
            - "--timeout=3s"
          env:
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          imagePullPolicy: "IfNotPresent"
      volumes:
        - name: socket-dir
          hostPath:
            path: /var/lib/kubelet/plugins/rbd.csi.ceph.com
            type: DirectoryOrCreate
        - name: plugin-dir
          hostPath:
            path: /var/lib/kubelet/plugins
            type: Directory
        - name: mountpoint-dir
          hostPath:
            path: /var/lib/kubelet/pods
            type: DirectoryOrCreate
        - name: registration-dir
          hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: Directory
        - name: host-dev
          hostPath:
            path: /dev
        - name: host-sys
          hostPath:
            path: /sys
        - name: host-mount
          hostPath:
            path: /run/mount
        - name: lib-modules
          hostPath:
            path: /lib/modules
        - name: ceph-csi-config
          configMap:
            name: ceph-csi-config
        #- name: ceph-csi-encryption-kms-config
        #  configMap:
        #    name: ceph-csi-encryption-kms-config
        - name: keys-tmp-dir
          emptyDir: {
            medium: "Memory"
          }
---
# This is a service to expose the liveness metrics
apiVersion: v1
kind: Service
metadata:
  name: csi-metrics-rbdplugin
  labels:
    app: csi-metrics
spec:
  ports:
    - name: http-metrics
      port: 8080
      protocol: TCP
      targetPort: 8680
  selector:
    app: csi-rbdplugin

1-5的yaml放在同一个目录,然后执行:

#kubectl apply -f .

二、创建rbd-sc

1 创建rbd的secret

csi-rbd-secret.yaml

---
apiVersion: v1
kind: Secret
metadata:
  name: csi-rbd-secret
  namespace: default
stringData:
  userID: admin
  userKey: AQABcKZfMUF9FBAAf9gcYUkS0KW/ptcOpHPWyA==

2 创建 csi-rbd的storageclass

csi-rbd-sc.yaml

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
   name: csi-rbd
provisioner: rbd.csi.ceph.com
parameters:
   clusterID: 319d2cce-b087-4de9-bd4a-13edc7644abc
   pool: kube
#   imageFeatures: layering
   csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
   csi.storage.k8s.io/provisioner-secret-namespace: default
   csi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secret
   csi.storage.k8s.io/controller-expand-secret-namespace: default
   csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
   csi.storage.k8s.io/node-stage-secret-namespace: default
   csi.storage.k8s.io/fstype: xfs
   imageFormat: "2"
   imageFeatures: "layering"
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
   - discard

3 创建pvc

csi-rbd-pvc.yaml

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: csi-rbd-pvc1
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Block
  resources:
    requests:
      storage: 1Gi
  storageClassName: csi-rbd

4 执行1-3步的yaml

kubectl apply -f csi-rbd-secret.yaml
kubectl apply -f csi-rbd-sc.yaml
kubectl apply -f csi-rbd-pvc.yaml

查看结果:

# kubectl get pvc
NAME           STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
csi-rbd-pvc1   Bound    pvc-aaedd83d-9338-4795-8d3d-b217b496c4a9   3Gi        RWO            csi-rbd        18h

参考博客:https://www.cnblogs.com/abner123/p/13220075.html

https://blog.csdn.net/qq_42015987/article/details/116528450

https://github.com/ceph/ceph-csi/

kubectl edit storageclasses.storage.k8s.io rbd

查看是否有如下字段
allowVolumeExpansion: true #增加该字段表示允许动态扩容

你可能感兴趣的:(ceph,后端,kubernetes,docker)

  • docker怎么端口映射 Lance_mu docker容器运维
    1、默认固定的端口#Web服务器:WebApache或Nginx通常使用80端口HTTP:80HTTPS:443#数据库服务器MySQL:3306PostgreSQL:5432MongoDB:27017Redis:6379#邮件服务器SMTP:25POP3:110IMAP:143#其他服务SSH:22FTP:21DNS(域名解析):53代理服务器Squid:3128版本控制系统Git:9418(S
  • docker基础(一) 运维搬运工 容器-dockerdocker容器运维
    相关概念介绍Docker是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖到一个可移植的容器中,然后发布到任何流行的linux机器上,也可以实现虚拟化,容器是完全使用沙箱机制,互相之间不会有任何接口。Docker有几个重要概念:dockerfile,配置文件,用来生成dockerimagedockerimage,交付部署的最小单元docker命令与API,定义命令与接口,支持第三方系统集
  • linux安装docker及docker-compose 部署spring boot项目 时而有事儿 dockerlinuxdockerlinuxspringboot
    linux系统环境:centos5.14本篇描述的是在centos系统版本下安装docker,如果是ubuntu版本,请看这篇文章:linuxubuntu20安装docker和docker-compose-CSDN博客正文:安装docker和docker-compose安装docker---------运行命名等待安装完成遇到选择直接输入yyuminstall-yyum-utilsdevice-m
  • java实体中返回前端的double类型四舍五入(格式化) 婲落ヽ紅顏誶 java
    根据业务,需要通过后端给前端返回部分double类型的数值,一般需要保留两位小数,使用jackson转换对象packagecom.ruoyi.common.core.config;importcom.fasterxml.jackson.core.JsonGenerator;importcom.fasterxml.jackson.databind.JsonSerializer;importcom.f
  • Django forms组件 在飞行-米龙 Djangodjangopython后端
    【一】引入【1】实现登陆验证功能(1)需求分析登陆验证需要前后端交互,采用form表单提交数据对数据进行校验用户名必须以英文大写字母开头密码必须大于三位数反馈给用户错误的信息除了反馈错误的信息还有保留原始输入内容(2)后端代码使用user_info_dict字典每次刷新存储存储前端发送的信息存储后端进行验证的信息defhome(request):#每次后刷新这个信息字典user_info_dict
  • Webpack构建优化——区分环境 oWSQo
    为什么需要区分环境在开发网页的时候,一般都会有多套运行环境,例如:在开发过程中方便开发调试的环境。发布到线上给用户使用的运行环境。这两套不同的环境虽然都是由同一套源代码编译而来,但是代码内容却不一样,差异包括:线上代码被特殊压缩过。开发用的代码包含一些用于提示开发者的提示日志,这些日志普通用户不可能去看它。开发用的代码所连接的后端数据接口地址也可能和线上环境不同,因为要避免开发过程中造成对线上数据
  • Web前端Html的表单 任家伟 前端html
    表单的关键字:form标签表示一个表单区域action=“后端地址”method=“提交数据方式:get/post”input单行输入框type=“text”文本name=“定义名称名字自定义”向后端提交的键readonly=“readonly”只读,不可修改,但是可以提交disabled=“disabled”禁用组件不可修改,不能提交type=“password”密码框type=“radio”单
  • Qlib-Server部署 宋志辉 flaskpythonqlib量化
    Qlib-Server部署介绍构建Qlib服务器,用户可以选择:一键部署Qlib服务器逐步部署Qlib服务器一键部署Qlib服务器支持一键部署,用户可以选择以下两种方法之一进行一键部署:使用docker-compose部署在Azure中部署使用docker-compose进行一键部署按照以下步骤使用docker-compose部署Qlib服务器:安装docker,请参考Docker安装。安装doc
  • 程序员开发技术整理 laizhixue 学习前端框架
    前端技术:vue-前端框架element-前端框架bootstrap-前端框架echarts-图标组件C#后端技术:webservice:soap架构:简单的通信协议,用于服务通信ORM框架:对象关系映射,如EF:对象实体模型,是ado.net中的应用技术soap服务通讯:xml通讯ado.net:OAuth2:登录授权认证:Token认证:JWT:jsonwebtokenJava后端技术:便捷工
  • 日精进 石淑萍
    【早上好#淑萍#20230605日精进335】分享嘉宾:海明教练社群运营架构专家全域流量孵化教练个人品牌超千万利润打造高手基本的创业者,对于商业模式的设计都是有漏洞的。股权架构今天我们讲的商业模式主要是盈利模式。很多社群运营会做裂变,不会做转化,因为没有后端的设计。不断的去积累,思考有哪些模式,需要去如何设计。政策领域:政府补贴➕大学生技术/大学生创业团队盈利模型——赋能板块核心一:长期锁客—资格
  • 了解什么是Docker 黑风风 DevOps学习dockereureka容器
    了解什么是DockerDocker是一个开源的容器化平台,它使得开发者可以将应用程序及其依赖项打包到一个轻量级的、可移植的容器中。这些容器可以在任何支持Docker的系统上运行,确保了应用程序在不同环境之间的一致性和可移植性。,同时享受隔离性和轻量级的优势。Docker的核心组件Docker引擎Docker引擎是一个客户端-服务器应用程序,包括一个长期运行的守护进程(dockerd)、一个REST
  • 基于SSM+Vue企业销售培训系统 企业人才培训系统 企业课程培训管理系统 企业文化培训班系统Java 计算机程序老哥
    作者主页:计算机毕业设计老哥有问题可以主页问我一、开发介绍1.1开发环境开发语言:Java数据库:MySQL系统架构:B/S后端:SSM(Spring+SpringMVC+Mybatis)前端:Vue工具:IDEA或者Eclipse,JDK1.8,Maven二、系统介绍2.1图片展示注册登录页面:登陆.png前端页面功能:首页、培训班、在线学习、企业文化、交流论坛、试卷列表、系统公告、留言反馈、个
  • 部署es集群 liushaojiax elasticsearchjava大数据
    我们会在单机上利用docker容器运行多个es实例来模拟es集群。不过生产环境推荐大家每一台服务节点仅部署一个es的实例。部署es集群可以直接使用docker-compose来完成,但这要求你的Linux虚拟机至少有4G的内存空间创建es集群首先编写一个docker-compose文件,内容如下:version:'2.2'services:es01:image:elasticsearch:7.12
  • Elasticsearch8 - Docker安装Elasticsearch8.12.2 王谷雨_ ElasticSearchelasticsearchdocker
    前言最近在学习ES,所以需要在服务器上装一个单节点的ES服务器环境:centos7.9安装下载镜像目前最新版本是8.12.2dockerpulldocker.elastic.co/elasticsearch/elasticsearch:8.12.2创建配置新增配置文件elasticsearch.ymlhttp.host:0.0.0.0http.cors.enabled:truehttp.cors.
  • Vue 发送Ajax请求多种方式 Red丶哞 前端vue.jsajax前端
    1.发送ajax请求的方式方案一:jq的ajax(在vue中不推荐同时使用)方案二:js原始官方fetch方法方案三:axios第三方2.方案一后端视图函数fromrest_framework.viewsetsimportViewSetfromrest_framework.responseimportResponseclassIndex(ViewSet):defindex(self,request
  • haproxy的无缝热重启的实现原理 码农心语 高性能c++开发LINUXhaproxyseamlessreload无缝热重启
    目录1.引言2.HAPROXY的准无缝热加载方案3.支持零宕机时间、零延迟的热加载方案3.1multibinder的实现3.2HAProxy启动脚本包装器的实现1.引言  在构建高可用的负载均衡架构时,HAProxy(HighAvailabilityProxy)作为一种可靠而强大的解决方案,被广泛应用于各种网络服务负载均衡环境中。HAProxy通过分发请求到多个后端服务器,实现了负载均衡和故障恢复
  • mineadmin使用docker启动方式 qq_38812523 dockerphp容器
    找个目录,git下来mineadmin代码,在根目录,创建文件名docker-compose.yml然后复制下面代码version:'3'services:#首先下载前端,https://gitee.com/mineadmin/mineadmin-vue#在后端根目录建立mine-ui目录,把前端文件复制过来。#容器内访问宿主机的地址用:host.docker.internal#宿主机也可以在ho
  • js封装SDK 在VUE、小程序、公众号直接调用js调用后端接口(本文以vue项目为例) 祝你今天也快乐 jsvuejavascriptvue.js小程序
    1.封装一个js文件msgSdk.js注意:需要修改这个请求地址apiServiceAddress;(function(){if(window.msgSdk){return}varmsgSdk=(function(){varm_msgSdk=thisvarapiServiceAddress="http://172.12.14.5:8000"this.I_SendHTTPRequest=functi
  • RabbitMQ的安装 白泽27 rabbitmq分布式
    典型应用场景:异步处理。把消息放入消息中间件中,等到需要的时候再去处理。流量削峰。例如秒杀活动,在短时间内访问量急剧增加,使用消息队列,当消息队列满了就拒绝响应,跳转到错误页面,这样就可以使得系统不会因为超负载而崩溃Linux下安装#拉取镜像dockerpullrabbitmq:3.8-management#创建容器启动dockerrun-d--restart=always-p5672:5672-
  • 【Docker】【nginx】docker安装nginx并映射宿主机配置文件地址 小丛的知识窝 nginxdocker运维
    dockerrun-d-p80:80-v/root/docker/docker-nginx/nginx.conf:/etc/nginx/nginx.conf-v/root/docker/docker-nginx/html:/usr/share/nginx/html-v/root/docker/docker-nginx/logs:/var/log/nginx--namenginxnginx
  • 接口测试之测试原则、测试用例、测试流程...... 程序员老鹰 测试工具功能测试测试用例测试覆盖率系统安全
    一、接口的介绍软件测试中,常说的接口有两种:图形用户接口(GUI,人与程序的接口)、应用程序编程接口(API)。接口(API)是系统与系统之间,模块与模块之间或者服务与服务之间相互调用的入口。它的本质:其实就是一种约定,在开发前期,我们约定接口会接收什么数据;在处理完成后,它又会返回什么数据。开发岗位分为前端和后端,他们相互配合完成工作,会协商接口的定义方法。一般后端定义接口,前端调用接口。前后端
  • Docker(一):Docker入门教程 蓝胖子的白日梦丶
    如今Docker的使用已经非常普遍,特别在一线互联网公司。使用Docker技术可以帮助企业快速水平扩展服务,从而到达弹性部署业务的能力。在云服务概念兴起之后,Docker的使用场景和范围进一步发展,如今在微服务架构越来越流行的情况下,微服务+Docker的完美组合,更加方便微服务架构运维部署落地。本文详细解释介绍Docker入门相关内容,后期重点关注Docker在微服务体系中的使用。在了解Dock
  • @llvm.amdgcn.workitem.id.x()引发的一些前后端的调研 jc小小川+幻幻融hr 小小川编译器elasticsearch大数据搜索引擎
    记录资料:UserGuideforAMDGPUBackend—LLVM5documentationintrinsic函数会执行lowerintrinsicspassllvm-project-main/llvm/lib/CodeGen/IntrinsicLowering.cppllvm-project-main/llvm/lib/Target/AMDGPU/AMDGPULowerIntrinsics
  • Docker 安装mysql 主从复制 dylan_2017 Docker高级dockermysql容器
    目录1MySql主从复制简介1.1主从复制的概念1.2主从复制的作用2.搭建主从复制2.1pullmysql镜像2.2新建主服务器容器实例33072.2.1master创建my.cnf2.2.2重启master2.2.3进入mysql容器,创建同步用户2.3新建从服务器容器实例33082.3.1slave创建my.cnf2.3.2重启slave实例2.3.3在master中查看主从同步状态2.3.
  • java后端工程师八股文合集 吹林 springcloudeurekajavajava-eespringboot
    1、SQL调优的基本步骤如下:确认性能瓶颈:首先要确定数据库中哪些查询是慢的,哪些查询最需要优化。可以通过监控数据库的CPU、磁盘I/O、网络I/O、缓存等指标来确定性能瓶颈。优化查询语句:如果查询语句本身存在问题,例如使用了不必要的子查询、重复的连接操作等,就需要对查询语句进行优化。优化索引:索引是提高查询性能的关键因素之一。可以通过创建、修改、删除索引来优化查询性能。优化数据结构:如果数据库中
  • 浅谈前端路由history和hash的理解 怂怂敲代码 前端哈希算法算法
    hash和history在前端面试中是很常考的一道题目,可能很多人对于history和hash的理解差异性就是,他们两者的url字段一个没有#号一个有#号,但是有没有想过为什么这样呢,有无#号又有什么差异呢,这篇文章谈一谈我对前端路由history和hash的理解。hash和history都可以用于前后端分离项目,且两者有各自的特点和各自的使用场景。一、前端路由原理1、SPASPA,即单页面应用(
  • 渔夫码头密语: 记录使用 Docker 安装 Wordpress shelby_loo docker容器运维
    最近在阿贝云的免费服务器上试水,配置虽小(1核CPU、1G内存、10G硬盘、5M带宽),但对此次任务正合适。作为国内首家提供这样不错的免费云服务器的阿贝云,给我们开源界添增不少乐子,在这里对Docker和Wordpress去搞一搞,总比呆在办公室曱甴better!今天与你分享一下如何在Ubuntu系统上使用Docker快速搭建Wordpress博客环境。Wordpress作为全球最大同类型开源内容
  • 高可用系统有哪些设计原则 没有女朋友的程序员 架构师架构
    1.降级主动降级:开关推送被动降级:超时降级异常降级失败率熔断保护多级降级2.限流nginx的limit模块gatewayredis+Lua业务层限流本地限流gua分布式限流sentinel3.弹性计算弹性伸缩—K8S+docker主链路压力过大的时候可以将非主链路的机器给主链路的应用用上4.流量切换多机房环境:DNS端域名切换入口Clien端流量调度虚IPHaProxyLVS负载均衡应用层Ngi
  • accessToken 星梦清河 javaspringboot经验分享redis
    1、介绍accessToken,通常是用于身份验证和授权的令牌,它可以用于前端和后端,具体使用方式取决于应用程序的架构和需求。前端应用accessToken通常用于向后端API发送请求时进行身份验证和授权。(1)前端应用程序会在用户登录成功后获取accessToken;(2)并将accessToken存储在本地;(3)然后在每次请求API时,将accessToken作为请求头或参数发送给后端;(4
  • 使用 BPF 监控 Kubernetes 集群(k8s BPF 工具 kubectl-trace认知 山河已无恙 K8s&kubelct插件BPFkubernetes容器云原生
    写在前面学习中遇到,整理分享,博文内容涉及:kubectl-trace安装,在节点,容器中如何使用需要注意的问题:job闪完成,一直Pending状态解决理解不足小伙伴帮忙指正不必太纠结于当下,也不必太忧虑未来,当你经历过一些事情的时候,眼前的风景已经和从前不一样了。——村上春树kubectl-trace安装┌──[[email protected]]-[~/ansi
  • jQuery 跨域访问的三种方式 No 'Access-Control-Allow-Origin' header is present on the reque qiaolevip 每天进步一点点学习永无止境跨域众观千象
    XMLHttpRequest cannot load http://v.xxx.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. test.html:1
  • mysql 分区查询优化 annan211 java分区优化mysql
    分区查询优化 引入分区可以给查询带来一定的优势,但同时也会引入一些bug. 分区最大的优点就是优化器可以根据分区函数来过滤掉一些分区,通过分区过滤可以让查询扫描更少的数据。 所以,对于访问分区表来说,很重要的一点是要在where 条件中带入分区,让优化器过滤掉无需访问的分区。 可以通过查看explain执行计划,是否携带 partitions
  • MYSQL存储过程中使用游标 chicony Mysql存储过程
    DELIMITER $$ DROP PROCEDURE IF EXISTS getUserInfo $$ CREATE PROCEDURE getUserInfo(in date_day datetime)-- -- 实例-- 存储过程名为:getUserInfo-- 参数为:date_day日期格式:2008-03-08--    BEGINdecla
  • mysql 和 sqlite 区别 Array_06 sqlite
    转载: http://www.cnblogs.com/ygm900/p/3460663.html mysql 和 sqlite 区别 SQLITE是单机数据库。功能简约,小型化,追求最大磁盘效率 MYSQL是完善的服务器数据库。功能全面,综合化,追求最大并发效率 MYSQL、Sybase、Oracle等这些都是试用于服务器数据量大功能多需要安装,例如网站访问量比较大的。而sq
  • pinyin4j使用 oloz pinyin4j
    首先需要pinyin4j的jar包支持;jar包已上传至附件内 方法一:把汉字转换为拼音;例如:编程转换后则为biancheng      /** * 将汉字转换为全拼 * @param src 你的需要转换的汉字 * @param isUPPERCASE 是否转换为大写的拼音; true:转换为大写;fal
  • 微博发送私信 随意而生 微博
    在前面文章中说了如和获取登陆时候所需要的cookie,现在只要拿到最后登陆所需要的cookie,然后抓包分析一下微博私信发送界面 http://weibo.com/message/history?uid=****&name=**** 可以发现其发送提交的Post请求和其中的数据, 让后用程序模拟发送POST请求中的数据,带着cookie发送到私信的接入口,就可以实现发私信的功能了。
  • jsp 香水浓 jsp
    JSP初始化     容器载入JSP文件后,它会在为请求提供任何服务前调用jspInit()方法。如果您需要执行自定义的JSP初始化任务,复写jspInit()方法就行了 JSP执行     这一阶段描述了JSP生命周期中一切与请求相关的交互行为,直到被销毁。     当JSP网页完成初始化后
  • 在 Windows 上安装 SVN Subversion 服务端 AdyZhang SVN
    在 Windows 上安装 SVN Subversion 服务端2009-09-16高宏伟哈尔滨市道里区通达街291号   最佳阅读效果请访问原地址:http://blog.donews.com/dukejoe/archive/2009/09/16/1560917.aspx   现在的Subversion已经足够稳定,而且已经进入了它的黄金时段。我们看到大量的项目都在使
  • android开发中如何使用 alertDialog从listView中删除数据? aijuans android
    我现在使用listView展示了很多的配置信息,我现在想在点击其中一条的时候填出 alertDialog,点击确认后就删除该条数据,( ArrayAdapter ,ArrayList,listView 全部删除),我知道在 下面的onItemLongClick 方法中 参数 arg2  是选中的序号,但是我不知道如何继续处理下去 1 2 3
  • jdk-6u26-linux-x64.bin 安装 baalwolf linux
    1.上传安装文件(jdk-6u26-linux-x64.bin) 2.修改权限 [root@localhost ~]# ls -l /usr/local/jdk-6u26-linux-x64.bin 3.执行安装文件 [root@localhost ~]# cd /usr/local [root@localhost local]# ./jdk-6u26-linux-x64.bin&nbs
  • MongoDB经典面试题集锦 BigBird2012 mongodb
    1.什么是NoSQL数据库?NoSQL和RDBMS有什么区别?在哪些情况下使用和不使用NoSQL数据库? NoSQL是非关系型数据库,NoSQL = Not Only SQL。 关系型数据库采用的结构化的数据,NoSQL采用的是键值对的方式存储数据。 在处理非结构化/半结构化的大数据时;在水平方向上进行扩展时;随时应对动态增加的数据项时可以优先考虑使用NoSQL数据库。 在考虑数据库的成熟
  • JavaScript异步编程Promise模式的6个特性 bijian1013 JavaScriptPromise
            Promise是一个非常有价值的构造器,能够帮助你避免使用镶套匿名方法,而使用更具有可读性的方式组装异步代码。这里我们将介绍6个最简单的特性。         在我们开始正式介绍之前,我们想看看Javascript Promise的样子: var p = new Promise(function(r
  • [Zookeeper学习笔记之八]Zookeeper源代码分析之Zookeeper.ZKWatchManager bit1129 zookeeper
    ClientWatchManager接口 //接口的唯一方法materialize用于确定那些Watcher需要被通知 //确定Watcher需要三方面的因素1.事件状态 2.事件类型 3.znode的path public interface ClientWatchManager { /** * Return a set of watchers that should
  • 【Scala十五】Scala核心九:隐式转换之二 bit1129 scala
    隐式转换存在的必要性,   在Java Swing中,按钮点击事件的处理,转换为Scala的的写法如下:   val button = new JButton button.addActionListener( new ActionListener { def actionPerformed(event: ActionEvent) {
  • Android JSON数据的解析与封装小Demo ronin47
    转自:http://www.open-open.com/lib/view/open1420529336406.html package com.example.jsondemo; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject;    impor
  • [设计]字体创意设计方法谈 brotherlamp UIui自学ui视频ui教程ui资料
      从古至今,文字在我们的生活中是必不可少的事物,我们不能想象没有文字的世界将会是怎样。在平面设计中,UI设计师在文字上所花的心思和功夫最多,因为文字能直观地表达UI设计师所的意念。在文字上的创造设计,直接反映出平面作品的主题。 如设计一幅戴尔笔记本电脑的广告海报,假设海报上没有出现“戴尔”两个文字,即使放上所有戴尔笔记本电脑的图片都不能让人们得知这些电脑是什么品牌。只要写上“戴尔笔
  • 单调队列-用一个长度为k的窗在整数数列上移动,求窗里面所包含的数的最大值 bylijinnan java算法面试题
    import java.util.LinkedList; /* 单调队列 滑动窗口 单调队列是这样的一个队列:队列里面的元素是有序的,是递增或者递减 题目:给定一个长度为N的整数数列a(i),i=0,1,...,N-1和窗长度k. 要求:f(i) = max{a(i-k+1),a(i-k+2),..., a(i)},i = 0,1,...,N-1 问题的另一种描述就
  • struts2处理一个form多个submit chiangfai struts2
    web应用中,为完成不同工作,一个jsp的form标签可能有多个submit。如下代码: <s:form action="submit" method="post" namespace="/my"> <s:textfield name="msg" label="叙述:">
  • shell查找上个月,陷阱及野路子 chenchao051 shell
    date -d "-1 month" +%F     以上这段代码,假如在2012/10/31执行,结果并不会出现你预计的9月份,而是会出现八月份,原因是10月份有31天,9月份30天,所以-1 month在10月份看来要减去31天,所以直接到了8月31日这天,这不靠谱。     野路子解决:假设当天日期大于15号
  • mysql导出数据中文乱码问题 daizj mysql中文乱码导数据
    解决mysql导入导出数据乱码问题方法: 1、进入mysql,通过如下命令查看数据库编码方式: mysql>  show variables like 'character_set_%'; +--------------------------+----------------------------------------+ | Variable_name&nbs
  • SAE部署Smarty出现:Uncaught exception 'SmartyException' with message 'unable to write dcj3sjt126com PHPsmartysae
      对于SAE出现的问题:Uncaught exception 'SmartyException' with message 'unable to write file...。 官方给出了详细的FAQ:http://sae.sina.com.cn/?m=faqs&catId=11#show_213 解决方案为:   01 $path 
  • 《教父》系列台词 dcj3sjt126com
    Your love is also your weak point. 你的所爱同时也是你的弱点。   If anything in this life is certain, if history has taught us anything, it is that you can kill anyone.   不顾家的人永远不可能成为一个真正的男人。 &
  • mongodb安装与使用 dyy_gusi mongo
    一.MongoDB安装和启动,widndows和linux基本相同 1.下载数据库,     linux:mongodb-linux-x86_64-ubuntu1404-3.0.3.tgz 2.解压文件,并且放置到合适的位置     tar -vxf mongodb-linux-x86_64-ubun
  • Git排除目录 geeksun git
    在Git的版本控制中,可能有些文件是不需要加入控制的,那我们在提交代码时就需要忽略这些文件,下面讲讲应该怎么给Git配置一些忽略规则。   有三种方法可以忽略掉这些文件,这三种方法都能达到目的,只不过适用情景不一样。 1.  针对单一工程排除文件 这种方式会让这个工程的所有修改者在克隆代码的同时,也能克隆到过滤规则,而不用自己再写一份,这就能保证所有修改者应用的都是同一
  • Ubuntu 创建开机自启动脚本的方法 hongtoushizi ubuntu
    转载自: http://rongjih.blog.163.com/blog/static/33574461201111504843245/ Ubuntu 创建开机自启动脚本的步骤如下: 1) 将你的启动脚本复制到 /etc/init.d目录下 以下假设你的脚本文件名为 test。   2) 设置脚本文件的权限 $ sudo chmod 755
  • 第八章 流量复制/AB测试/协程 jinnianshilongnian nginxluacoroutine
    流量复制 在实际开发中经常涉及到项目的升级,而该升级不能简单的上线就完事了,需要验证该升级是否兼容老的上线,因此可能需要并行运行两个项目一段时间进行数据比对和校验,待没问题后再进行上线。这其实就需要进行流量复制,把流量复制到其他服务器上,一种方式是使用如tcpcopy引流;另外我们还可以使用nginx的HttpLuaModule模块中的ngx.location.capture_multi进行并发
  • 电商系统商品表设计 lkl
    DROP TABLE IF EXISTS `category`; -- 类目表 /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `category` ( `id` int(11) NOT NUL
  • 修改phpMyAdmin导入SQL文件的大小限制 pda158 sqlmysql
     用phpMyAdmin导入mysql数据库时,我的10M的 数据库不能导入,提示mysql数据库最大只能导入2M。    phpMyAdmin数据库导入出错:   You probably tried to upload too large file. Please refer to documentation for ways to workaround this limit.
  • Tomcat性能调优方案 Sobfist apachejvmtomcat应用服务器
    一、操作系统调优 对于操作系统优化来说,是尽可能的增大可使用的内存容量、提高CPU的频率,保证文件系统的读写速率等。经过压力测试验证,在并发连接很多的情况下,CPU的处理能力越强,系统运行速度越快。。 【适用场景】 任何项目。 二、Java虚拟机调优 应该选择SUN的JVM,在满足项目需要的前提下,尽量选用版本较高的JVM,一般来说高版本产品在速度和效率上比低版本会有改进。 J
  • SQLServer学习笔记 vipbooks 数据结构xml
    1、create database school 创建数据库school 2、drop database school 删除数据库school 3、use school 连接到school数据库,使其成为当前数据库 4、create table class(classID int primary key identity not null) 创建一个名为class的表,其有一
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他