一、前言
k8s在阿里云上使用,推荐还是使用阿里云的ack。无论是从稳定性,以及后期的维护来说,ack 都是最优的方案,自建k8s 阿里云不提供任何帮助,一旦集群出现问题(主要是网络问题)很难进行排查。
如果出于特殊原因,希望在阿里云上进行自建k8s当然也可以。自建k8s需要集成阿里云两个重要的插件cloud-controller-manager(负载均衡插件),csi(存储插件)。下面只介绍csi 存储插安装。
二、部署
1、准备操作:
1.1 自建k8s集群添加节点标签
- 手动添加
# 获取providerID
META_EP=http://100.100.100.200/latest/meta-data &&
echo `curl -s $META_EP/region-id`.`curl -s $META_EP/instance-id`
# 打标签,注意修改node节点名称和providerID
kubectl patch node master1 -p '{"spec":{"providerID": "cn-zhangjiakou.i-8vbhy24ntae8zwo8zudn"}}'
kubectl patch node master2 -p '{"spec":{"providerID": "cn-zhangjiakou.i-8vbhy24ntae8zwo8zudo"}}'
kubectl patch node master3 -p '{"spec":{"providerID": "cn-zhangjiakou.i-8vbhy24ntae8zwo8zudr"}}'
1.2 配置CSI组建的RAM权限
创建RAM用户
创建并给予RAM用户自定义权限
{ "Version": "1", "Statement": [ { "Action": [ "ecs:AttachDisk", "ecs:DetachDisk", "ecs:DescribeDisks", "ecs:CreateDisk", "ecs:ResizeDisk", "ecs:CreateSnapshot", "ecs:DeleteSnapshot", "ecs:CreateAutoSnapshotPolicy", "ecs:ApplyAutoSnapshotPolicy", "ecs:CancelAutoSnapshotPolicy", "ecs:DeleteAutoSnapshotPolicy", "ecs:DescribeAutoSnapshotPolicyEX", "ecs:ModifyAutoSnapshotPolicyEx", "ecs:AddTags", "ecs:DescribeTags", "ecs:DescribeSnapshots", "ecs:ListTagResources", "ecs:TagResources", "ecs:UntagResources", "ecs:ModifyDiskSpec", "ecs:CreateSnapshot", "ecs:DeleteDisk", "ecs:DescribeInstanceAttribute", "ecs:DescribeInstances" ], "Resource": [ "*" ], "Effect": "Allow" }, { "Action": [ "nas:DescribeFileSystems", "nas:DescribeMountTargets", "nas:AddTags", "nas:DescribeTags", "nas:RemoveTags", "nas:CreateFileSystem", "nas:DeleteFileSystem", "nas:ModifyFileSystem", "nas:CreateMountTarget", "nas:DeleteMountTarget", "nas:ModifyMountTarget", "nas:TagResources", "nas:SetDirQuota", "nas:EnableRecycleBin", "nas:GetRecycleBinAttribute" ], "Resource": [ "*" ], "Effect": "Allow" }, { "Action": [ "oss:PutBucket", "oss:GetObjectTagging", "oss:ListBuckets", "oss:PutBucketTags", "oss:GetBucketTags", "oss:PutBucketEncryption", "oss:GetBucketInfo" ], "Resource": [ "*" ], "Effect": "Allow" } ] }为RAM用户创建AccessKsy。
2、安装CSI组件
下载ACK相关组件,支持块存储、NAS和OSS
2.1 配置AK
kubectl -n kube-system create secret generic alibaba-addon-secret --from-literal='access-key-id=xxxxx' --from-literal='access-key-secret=xxxxx'
2.2 CSI插件下载
阿里云csi插件地址:
git clone https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver.gitrbac.yaml,csi-plugin.yaml,csi-provisioner.yaml 三个文件都需要。
wget https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver/blob/master/deploy/rbac.yaml wget https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver/blob/master/deploy/ack/csi-plugin.yaml https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver/blob/master/deploy/ack/csi-provisioner.yaml2.3 编辑配置
在csi-plugin.yaml、csi-provisioner.yaml中添加如下env参数
- name: ACCESS_KEY_ID valueFrom: secretKeyRef: key: access-key-id name: alibaba-addon-secret - name: ACCESS_KEY_SECRET valueFrom: secretKeyRef: key: access-key-secret name: alibaba-addon-secret2.4 部署rbac.yaml
部署
kubectl apply -f rbac.yaml查看生成的 secrets 的csi token 名字
kubectl get secrets -A |grep csi替换两个csi*.yaml文件中secretName为上一步sc的名字,比如csi-admin-token-ssflh
2.5 部署CSI
kubectl apply -f csi-plugin.yaml kubectl apply -f csi-provisioner.yaml2.6 查看部署情况
kubectl get pods -A |grep csi
三、使用
1、创建StorageClass
SC已在csi-provisioner.yaml中创建成功。
2、创建PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: aliyun-csi-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: alicloud-disk-essd
resources:
requests:
storage: 20Gi
然后执行kubectl apply -f pvc.yaml
3、创建Pod
apiVersion: v1
kind: Pod
metadata:
name: nginx-aliyun-csi
spec:
containers:
- name: webserver
image: nginx
volumeMounts:
- name: mypvc
mountPath: /usr/share/nginx/html
volumes:
- name: mypvc
persistentVolumeClaim:
claimName: aliyun-csi-pvc
readOnly: false
然后执行kubectl apply -f nginx-pod.yaml
4、查看创建情况
# 查看pvc创建和绑定情况
kubectl get pvc
# 查看pod创建情况
kubectl get pod
5、验证
- 登录阿里云控制台查看云盘创建和挂载情况
- 登录nginx-pod用
df -h && fdisk -l && mount等命令查看阿里云盘挂载情况
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 lxwno.1@163.com
