Longhorn存储
Longhorn存储
目录
[TOC]
1、Longhorn
前面我们学习了本地存储、NFS共享存储,除了这些存储类型之外,还有一个块存储,同样为 Kubernetes 提供块存储的方案有很多,比如 Ceph RBD,今天我们为大家介绍的是 Rancher 开源的一款 Kubernetes 的云原生分布式块存储方案 - Longhorn。
使用 Longhorn,可以:
- 使用 Longhorn 卷作为 Kubernetes 集群中分布式有状态应用程序的持久存储
- 将你的块存储分区为 Longhorn 卷,以便你可以在有或没有云提供商的情况下使用 Kubernetes 卷
- 跨多个节点和数据中心复制块存储以提高可用性
- 将备份数据存储在 NFS 或 AWS S3 等外部存储中
- 创建跨集群灾难恢复卷,以便可以从第二个 Kubernetes 集群中的备份中快速恢复主 Kubernetes 集群中的数据
- 调度一个卷的快照,并将备份调度到 NFS 或 S3 兼容的二级存储
- 从备份还原卷
- 不中断持久卷的情况下升级 Longhorn
Longhorn 还带有独立的 UI,可以使用 Helm、kubectl 或 Rancher 应用程序目录进行安装。
2、架构
Longhorn 为每个卷创建一个专用的存储控制器,并在多个节点上存储的多个副本之间同步复制该卷。Longhorn 在整体上分为两层:数据平面和控制平面,Longhorn Engine是存储控制器,对应数据平面,Longhorn Manager对应控制平面。
Longhorn Manager 会以 DaemonSet的形式在 Longhorn 集群中的每个节点上运行,它负责在 Kubernetes 集群中创建和管理卷,并处理来自 UI 或 Kubernetes 卷插件的 API 调用,它是遵循 Kubernetes 控制器模式。
Longhorn Manager 通过与 Kubernetes APIServer 通信来创建新的 Longhorn volume CRD,然后 Longhorn Manager 会一直 Watch APIServer 的响应,当它看到发现创建了一个新的 Longhorn volume CRD 时,Longhorn Manager 就会去创建一个新的对应卷。当 Longhorn Manager 被要求创建一个卷时,它会在卷所连接的节点上创建一个 Longhorn Engine 实例,并在每个将放置副本的节点上创建一个副本,副本应放置在不同的主机上以确保最大可用性。副本的多条数据路径确保了 Longhorn 卷的高可用性,即使某个副本或引擎出现问题,也不会影响所有副本或 Pod 对卷的访问。
Longhorn Engine 始终与使用 Longhorn 卷的 Pod 在同一节点中运行,它在存储在多个节点上的多个副本之间同步复制卷。
如下图所示,描述了 Longhorn 卷、Longhorn Engine、副本实例和磁盘之间的读/写数据流:
- 上图中有3个 Longhorn 卷实例
- 每个卷都有一个专用控制器,称为 Longhorn Engine,并作为 Linux 进程运行
- 每个 Longhorn 卷有两个副本,每个副本也是一个 Linux 进程
- 图中的箭头表示卷、控制器实例、副本实例和磁盘之间的读/写数据流
- 通过为每个卷创建单独的 Longhorn Engine,如果一个控制器发生故障,其他卷的功能不会受到影响
在 Longhorn 中,每个 Engine 只需要服务一个卷,简化了存储控制器的设计,由于控制器软件的故障域与单个卷隔离,因此控制器崩溃只会影响一个卷。由于 Longhorn Engine 足够简单和轻便,因此我们可以创建多达 100000 个独立的 Engine,Kubernetes 去调度这些独立的 Engine,从一组共享的磁盘中提取资源,并与 Longhorn 合作形成一个弹性的分布式块存储系统。
因为每个卷都有自己的控制器,所以每个卷的控制器和副本实例也可以升级,而不会导致 IO 操作明显中断。Longhorn 可以创建一个长时间运行的 job 任务来协调所有卷的升级,而不会中断系统的运行。
Longhorn 是通过 CSI 驱动在 Kubernetes 中管理的,CSI 驱动通过调用 Longhorn 来创建卷,为 Kubernetes 工作负载创建持久性数据,CSI 插件可以让我们创建、删除、附加、分离、挂载卷,并对卷进行快照操作,Kubernetes 集群内部使用 CSI 接口与Longhorn CSI 驱动进行通信,而 Longhorn CSI 驱动是通过使用 Longhorn API 与 Longhorn Manager 进行通信。
此外 Longhorn 还提供一个 UI 界面程序,通过 Longhorn API 与 Longhorn Manager 进行交互,通过 Longhorn UI 可以管理快照、备份、节点和磁盘等,此外,集群工作节点的空间使用情况还可以通过 Longhorn UI 查看。
3、安装
💘 实战:Longhorn安装(测试成功)-2022.8.4
实验环境
实验环境:1、win10,vmwrokstation虚机;2、k8s集群:3台centos7.61810虚机,1个master节点,2个node节点k8sversion:v1.22.2containerd:➜curl-sSfLhttps:daemonset.apps/longhorn-environment-checkcreatedwaitingforpodstobecomeready(0/2)waitingforpodstobecomeready(0/2)allpodsready(2/2)MountPropagationisenabled!cleaningup...daemonset.apps"longhorn-environment-check"deletedcleanupcomplete如果没有检查通过会给出相关的提示信息。
(2)安装open-iscsi
- yum方式安装open-iscsi
要安装 open-iscsi,可以直接使用下面的命令即可:
# apt-get install open-iscsi # Debian 和 Ubuntu 系统命令➜yuminstall-yiscsi-initiator-utils- yaml方式安装open-iscsi(本次使用这个方式)
或者可以使用yaml文件部署:
Longhorn 官方还为我们还提供了一个 iscsi 安装程序,可以更轻松地自动安装 open-iscsi:
➜kubectlapply-fhttps:longhorn-iscsi-installation-49hd71/1Running021mlonghorn-iscsi-installation-pzb7r1/1Running039m也可以通过以下命令查看日志,查看安装结果:
➜kubectllogslonghorn-iscsi-installation-pzb7r-ciscsi-installation...Installed:iscsi-initiator-utils.x86_640:6.2.0.874-7.amzn2DependencyInstalled:iscsi-initiator-utils-iscsiuio.x86_640:6.2.0.874-7.amzn2Complete!Createdsymlinkfrom/etc/systemd/system/multi-user.target.wants/iscsid.serviceto/usr/lib/systemd/system/iscsid.service.iscsiinstallsuccessfully(3)安装NFSv4 客户端
同样要安装 NFSv4 客户端,可以直接使用下面的命令一键安装:
# apt-get install nfs-common # Debian 和 Ubuntu 系统命令➜yuminstallnfs-utils- 或者可以使用yaml文件部署:(本次使用这个方式)
同样 Longhorn 官方也提供了一个 nfs 客户端安装程序,可以更轻松地自动安装 nfs-client:
➜kubectlapply-fhttps:NAMEREADYSTATUSRESTARTSAGElonghorn-nfs-installation-t2v9v1/1Running0143mlonghorn-nfs-installation-7nphm1/1Running0143m也可以通过以下命令查看日志,查看安装结果:
➜kubectllogslonghorn-nfs-installation-t2v9v-cnfs-installation...nfsinstallsuccessfully相关依赖环境准备好过后就可以开始安装 Longhorn 了。
注意事项
如果使用yaml文件在k8s节点上安装上面iscsi-initiator-utils和nfs-utils软件时,使用这个yaml文件部署还是非常方便的,因为节点数越多使用这个效果就越明显。
记得要改下这2个yaml里镜像仓库地址
image:registry.aliyun.comcs/k8sxio/pause:3.5
完成,继续进行下一步。
2.部署
- loghorn github地址
(2)获取默认的 values 文件
然后可以根据自己的实际场景定制 values 文件,可以通过下面的命令获取默认的 values 文件:
➜curl-Lovalues.yamlhttps:persistence:defaultClass:truedefaultFsType:ext4defaultClassReplicaCount:2#修改点1:这里修改为2,因为我们是2个node节点……ingress:#修改点2:这里添加ingress配置信息## Set to true to enable ingress record generationenabled:true## Add ingressClassName to the Ingress## Can replace the kubernetes.io/ingress.class annotation on v1.18+ingressClassName:nginxhost:longhorn.k8s.localpath:/……annotations:nginx.ingress.kubernetes.io/proxy-body-size:10000m#修改点3:添加nginx的annotations信息# kubernetes.io/ingress.class:nginx# kubernetes.io/tls-acme:true……# Configure a pod security policy in the Longhorn namespace to allow privileged podsenablePSP:false#修改点4 ……全部配置:
# Default values for longhorn.# This is a YAML-formatted file.# Declare variables to be passed into your templates.global:cattle:systemDefaultRegistry:""image:longhorn:engine:repository:longhornio/longhorn-enginetag:v1.2.3manager:repository:longhornio/longhorn-managertag:v1.2.3ui:repository:longhornio/longhorn-uitag:v1.2.3instanceManager:repository:longhornio/longhorn-instance-managertag:v1_20211210shareManager:repository:longhornio/longhorn-share-managertag:v1_20211020backingImageManager:repository:longhornio/backing-image-managertag:v2_20210820csi:attacher:repository:longhornio/csi-attachertag:v3.2.1provisioner:repository:longhornio/csi-provisionertag:v2.1.2nodeDriverRegistrar:repository:longhornio/csi-node-driver-registrartag:v2.3.0resizer:repository:longhornio/csi-resizertag:v1.2.0snapshotter:repository:longhornio/csi-snapshottertag:v3.0.3pullPolicy:IfNotPresentservice:ui:type:ClusterIPnodePort:nullmanager:type:ClusterIPnodePort:""persistence:defaultClass:truedefaultFsType:ext4defaultClassReplicaCount:2#修改点1:这里修改为2,因为我们是2个node节点reclaimPolicy:DeleterecurringJobSelector:enable:falsejobList:[]backingImage:enable:falsename:~dataSourceType:~dataSourceParameters:~expectedChecksum:~csi:kubeletRootDir:~attacherReplicaCount:~provisionerReplicaCount:~resizerReplicaCount:~snapshotterReplicaCount:~defaultSettings:backupTarget:~backupTargetCredentialSecret:~allowRecurringJobWhileVolumeDetached:~createDefaultDiskLabeledNodes:~defaultDataPath:~defaultDataLocality:~replicaSoftAntiAffinity:~replicaAutoBalance:~storageOverProvisioningPercentage:~storageMinimalAvailablePercentage:~upgradeChecker:~defaultReplicaCount:~defaultLonghornStaticStorageClass:~backupstorePollInterval:~taintToleration:~systemManagedComponentsNodeSelector:~priorityClass:~autoSalvage:~autoDeletePodWhenVolumeDetachedUnexpectedly:~disableSchedulingOnCordonedNode:~replicaZoneSoftAntiAffinity:~nodeDownPodDeletionPolicy:~allowNodeDrainWithLastHealthyReplica:~mkfsExt4Parameters:~disableReplicaRebuild:~replicaReplenishmentWaitInterval:~concurrentReplicaRebuildPerNodeLimit:~disableRevisionCounter:~systemManagedPodsImagePullPolicy:~allowVolumeCreationWithDegradedAvailability:~autoCleanupSystemGeneratedSnapshot:~concurrentAutomaticEngineUpgradePerNodeLimit:~backingImageCleanupWaitInterval:~backingImageRecoveryWaitInterval:~guaranteedEngineManagerCPU:~guaranteedReplicaManagerCPU:~privateRegistry:registryUrl:~registryUser:~registryPasswd:~registrySecret:~longhornManager:priorityClass:~tolerations:[]## If you want to set tolerations for Longhorn Manager DaemonSet,delete the `[]` in the line above## and uncomment this example block# - key:"key"# operator:"Equal"# value:"value"# effect:"NoSchedule"nodeSelector:{}## If you want to set node selector for Longhorn Manager DaemonSet,delete the `{}` in the line above## and uncomment this example block# label-key1:"label-value1"# label-key2:"label-value2"longhornDriver:priorityClass:~tolerations:[]## If you want to set tolerations for Longhorn Driver Deployer Deployment,delete the `[]` in the line above## and uncomment this example block# - key:"key"# operator:"Equal"# value:"value"# effect:"NoSchedule"nodeSelector:{}## If you want to set node selector for Longhorn Driver Deployer Deployment,delete the `{}` in the line above## and uncomment this example block# label-key1:"label-value1"# label-key2:"label-value2"longhornUI:priorityClass:~tolerations:[]## If you want to set tolerations for Longhorn UI Deployment,delete the `[]` in the line above## and uncomment this example block# - key:"key"# operator:"Equal"# value:"value"# effect:"NoSchedule"nodeSelector:{}## If you want to set node selector for Longhorn UI Deployment,delete the `{}` in the line above## and uncomment this example block# label-key1:"label-value1"# label-key2:"label-value2"resources:{}# We usually recommend not to specify default resources and to leave this as a conscious# choice for the user. This also increases chances charts run on environments with little# resources,such as Minikube. If you do want to specify resources,uncomment the following# lines,adjust them as necessary,and remove the curly braces after 'resources:'.# limits:# cpu:100m# memory:128Mi# requests:# cpu:100m# memory:128Mi#ingress:#修改点2:这里添加ingress配置信息## Set to true to enable ingress record generationenabled:true## Add ingressClassName to the Ingress## Can replace the kubernetes.io/ingress.class annotation on v1.18+ingressClassName:nginxhost:longhorn.k8s.localpath:/## Set this to true in order to enable TLS on the ingress record## A side effect of this will be that the backend service will be connected at port 443tls:false## If TLS is set to true,you must declare what secret will store the key/certificate for TLStlsSecret:longhorn.local-tls## Ingress annotations done as key:value pairs## If you're using kube-lego,you will want to add:## kubernetes.io/tls-acme:true#### For a full list of possible ingress annotations,please see## ref:https:#### If tls is set to true,annotation ingress.kubernetes.io/secure-backends:"true"will automatically be setannotations:nginx.ingress.kubernetes.io/proxy-body-size:10000m#修改点3:添加nginx的annotations信息# kubernetes.io/ingress.class:nginx# kubernetes.io/tls-acme:truesecrets:## If you're providing your own certificates,please use this to add the certificates as secrets## key and certificate should start with -----BEGIN CERTIFICATE----- or## -----BEGIN RSA PRIVATE KEY-----#### name should line up with a tlsSecret set further up## If you're using kube-lego,this is unneeded,as it will create the secret for you if it is not set#### It is also possible to create and manage the certificates outside of this helm chart## Please see README.md for more information# - name:longhorn.local-tls# key:# certificate:# Configure a pod security policy in the Longhorn namespace to allow privileged podsenablePSP:false#修改点4## Specify override namespace,specifically this is useful for using longhorn as sub-chart## and its release namespace is not the `longhorn-system`namespaceOverride:""# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional.annotations:{}注意:
因为老师这里用到了Ingress nginx,so我要重新部署下这个ingress nginx,然后才开始安装longhorn,尽可能地和老师的步骤保持一致。
(4)验证
部署后可以查看 Pod 的运行状态来确保安装正确:
➜kubectlgetpods-nlonghorn-systemNAMEREADYSTATUSRESTARTSAGEcsi-attacher-5f46994f7-fqntq1/1Running033scsi-attacher-5f46994f7-ltxg81/1Running036mcsi-attacher-5f46994f7-vw75d1/1Running036mcsi-provisioner-6ccbfbf86f-bvc991/1Running033scsi-provisioner-6ccbfbf86f-k46hn1/1Running036mcsi-provisioner-6ccbfbf86f-lxm8h1/1Running036mcsi-resizer-6dd8bd4c97-52gmm1/1Running035mcsi-resizer-6dd8bd4c97-9btj61/1Running03scsi-resizer-6dd8bd4c97-fdjmp1/1Running035mcsi-snapshotter-86f65d8bc-5mjk21/1Running033scsi-snapshotter-86f65d8bc-5rrfs1/1Running035mcsi-snapshotter-86f65d8bc-bg6nv1/1Running035mengine-image-ei-fa2dfbf0-jrb2d1/1Running036mengine-image-ei-fa2dfbf0-m57991/1Running036minstance-manager-e-051171e61/1Running036minstance-manager-e-db94b4b71/1Running024minstance-manager-r-dd84ad5c1/1Running036minstance-manager-r-f5eefb8a1/1Running024mlonghorn-csi-plugin-mljt22/2Running035mlonghorn-csi-plugin-rfzcj2/2Running024mlonghorn-driver-deployer-6db849975f-dh4p41/1Running058mlonghorn-manager-bxks61/1Running024mlonghorn-manager-tj58k1/1Running02m50slonghorn-ui-6f547c964-k56xr1/1Running058m- 由于上面安装的时候我们添加了 Ingress 支持,所以可以通过配置的域名去访问 Longhorn UI:
➜kubectlgetingress-nlonghorn-systemNAMECLASSHOSTSADDRESSPORTSAGElonghorn-ingressnginxlonghorn.k8s.local172.29.9.51804m11s这里我们使用的 ingress-nginx 这个控制器,安装完成后在浏览器中直接访问 http:NAMEPROVISIONERRECLAIMPOLICYVOLUMEBINDINGMODEALLOWVOLUMEEXPANSIONAGElonghorn(default) driver.longhorn.io Delete Immediate true 19h[root@master1 ~]#kubectl get sc longhorn -oyamlallowVolumeExpansion:trueapiVersion:storage.k8s.io/v1kind:StorageClassmetadata:annotations:longhorn.io/last-applied-configmap:|kind:StorageClassapiVersion:storage.k8s.io/v1metadata:name:longhornannotations:storageclass.kubernetes.io/is-default-class:"true"provisioner:driver.longhorn.ioallowVolumeExpansion:truereclaimPolicy:"Delete"volumeBindingMode:Immediateparameters:numberOfReplicas:"2"staleReplicaTimeout:"30"fromBackup:""fsType:"ext4"storageclass.kubernetes.io/is-default-class:"true"creationTimestamp:"2022-02-23T14:02:29Z"name:longhornresourceVersion:"1515618"uid:ab7eaf7a-d178-45f3-826a-8fec4e4e5149parameters:fromBackup:""fsType:ext4numberOfReplicas:"2"staleReplicaTimeout:"30"provisioner:driver.longhorn.ioreclaimPolicy:DeletevolumeBindingMode:Immediate[root@master1 ~]#
