Using Ceph volume client
- Build cephfs-provisioner and container image
go build cephfs-provisioner.go
docker build -t cephfs-provisioner .-
Start Kubernetes local cluster
-
Create a Ceph admin secret
ceph auth get client.admin 2>&1 |grep "key = " |awk '{print $3'} |xargs echo -n > /tmp/secret
kubectl create secret generic ceph-secret-admin --from-file=/tmp/secret --namespace=kube-system- Start CephFS provisioner
Assume kubeconfig is at /root/.kube and Kubernetes certificate is at /var/run/kubernetes:
docker run -ti -v /root/.kube:/kube -v /var/run/kubernetes:/var/run/kubernetes --privileged --net=host cephfs-provisioner /usr/local/bin/cephfs-provisioner -master=http://127.0.0.1:8080 -kubeconfig=/kube/config- Create a CephFS Storage Class
Find the Ceph monitor's IP address and replace that in class.yaml
kubectl create -f class.yaml- Create a claim
kubectl create -f claim.yaml- Create a Pod using the claim
kubectl create -f test-pod.yaml- Kernel CephFS doesn't work with SELinux, setting SELinux label in Pod's securityContext will not work.
- Kernel CephFS doesn't support quota or capacity, capacity requested by PVC is not enforced or validated.
- Currently each Ceph user created by the provisioner has
allow rMDS cap to permit CephFS mount.