16 SUSE Storage #
SUSE Storage 是一款可靠、易用的轻量级分布式块存储系统,专为 Kubernetes 设计。它是基于 Longhorn 的一款产品,而 Longhorn 是一个开源项目,最初由 Rancher Labs 开发,目前在 CNCF 旗下孵化。
16.1 先决条件 #
如果您要学习本指南,事先需要做好以下准备:
至少一台装有 SUSE Linux Micro 6.2 的主机,可以是物理主机,也可以是虚拟主机
已安装一个 Kubernetes 群集,可以是 K3s 或 RKE2
Helm
16.2 手动安装 SUSE Storage #
16.2.1 安装 Open-iSCSI #
要部署并使用 SUSE Storage,需满足的一项核心要求是在所有 Kubernetes 节点上安装
open-iscsi 软件包并运行 iscsid
守护程序。之所以有此要求,是因为 Longhorn 依赖于主机上的 iscsiadm 来为 Kubernetes
提供持久卷。
我们来安装此软件包:
transactional-update pkg install open-iscsi请务必注意,在操作完成后,该软件包只会安装到新快照中,因为 SUSE Linux Micro 是不可变的操作系统。要加载该软件包并让
iscsid 守护程序开始运行,我们必须重引导至刚刚创建的新快照。准备就绪后,发出 reboot 命令:
reboot
16.2.2 安装 SUSE Storage #
可通过多种方式在 Kubernetes 群集上安装 SUSE Storage。本指南将介绍如何通过 Helm 进行安装,但如果您想要采用其他方法,请按照官方文档中的说明操作。
登录到 Rancher Application Collection:
helm registry login dp.apps.rancher.io --username $APPS.RANCHER.IO_USERNAME --password $APPS.RANCHER.IO_ACCESS_TOKEN在
longhorn-system名称空间中安装 SUSE Storage,并添加您的容器仓库身份凭证:helm install longhorn oci://dp.apps.rancher.io/charts/suse-storage \ --version 1.10.1 \ --namespace longhorn-system \ --create-namespace \ --set privateRegistry.createSecret=true \ --set privateRegistry.registryUrl=dp.apps.rancher.io \ --set privateRegistry.registryUser=$APPS.RANCHER.IO_USERNAME \ --set privateRegistry.registryPasswd=$APPS.RANCHER.IO_ACCESS_TOKEN \ --set privateRegistry.registrySecret=application-collection确认部署是否成功:
kubectl -n longhorn-system get podslocalhost:~ # kubectl -n longhorn-system get pods NAME READY STATUS RESTARTS AGE csi-attacher-7656559cf4-pkhh6 1/1 Running 0 103s csi-attacher-7656559cf4-pnzw5 1/1 Running 0 103s csi-attacher-7656559cf4-z94mm 1/1 Running 0 103s csi-provisioner-6d9cf6456d-kcwtq 1/1 Running 0 103s csi-provisioner-6d9cf6456d-mvvml 1/1 Running 0 103s csi-provisioner-6d9cf6456d-q4f88 1/1 Running 0 103s csi-resizer-f587cd467-clr2n 1/1 Running 0 103s csi-resizer-f587cd467-z28v4 1/1 Running 0 103s csi-resizer-f587cd467-zxmtx 1/1 Running 0 103s csi-snapshotter-6dcdf78684-757mg 1/1 Running 0 103s csi-snapshotter-6dcdf78684-8ktgc 1/1 Running 0 103s csi-snapshotter-6dcdf78684-ffsqr 1/1 Running 0 103s engine-image-ei-099f845a-lvdtr 1/1 Running 0 2m21s instance-manager-4adffddaffe02374cd5635b8a6113de7 1/1 Running 0 111s longhorn-csi-plugin-w7pwr 3/3 Running 0 103s longhorn-driver-deployer-6886fb84bc-wm9h6 1/1 Running 2 (2m32s ago) 2m45s longhorn-manager-zblbl 2/2 Running 0 2m45s longhorn-ui-6bcc65d4bd-mcn6r 1/1 Running 0 2m45s longhorn-ui-6bcc65d4bd-rwf97 1/1 Running 0 2m45s
16.3 创建 SUSE Storage 卷 #
SUSE Storage 利用名为 StorageClass 的 Kubernetes 资源来自动为 Pod 置备
PersistentVolume 对象。可以将 StorageClass
视为管理员描述其提供的存储类或配置文件的一种方式。
我们来创建一个采用默认选项的 StorageClass:
kubectl apply -f - <<EOF
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: longhorn-example
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "3"
staleReplicaTimeout: "2880" # 48 hours in minutes
fromBackup: ""
fsType: "ext4"
EOF创建 StorageClass 后,我们需要提供一个
PersistentVolumeClaim
来引用它。PersistentVolumeClaim (PVC) 是用户发出的存储请求。PVC 使用
PersistentVolume
资源。声明可以请求特定的大小和访问模式(例如,可以以读/写模式挂载声明一次,或以只读模式挂载声明多次)。
我们来创建 PersistentVolumeClaim:
kubectl apply -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: longhorn-volv-pvc
namespace: longhorn-system
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-example
resources:
requests:
storage: 2Gi
EOF大功告成!创建 PersistentVolumeClaim 后,我们可以继续将其挂接到
Pod。部署 Pod 时,如果有可用存储空间,Kubernetes 会创建
Longhorn 卷并将其绑定到 Pod。
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: volume-test
namespace: longhorn-system
spec:
containers:
- name: volume-test
image: nginx:stable-alpine
imagePullPolicy: IfNotPresent
volumeMounts:
- name: volv
mountPath: /data
ports:
- containerPort: 80
volumes:
- name: volv
persistentVolumeClaim:
claimName: longhorn-volv-pvc
EOF对于此示例,结果应如下所示:
localhost:~ # kubectl get storageclass
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
longhorn (default) driver.longhorn.io Delete Immediate true 12m
longhorn-example driver.longhorn.io Delete Immediate true 24s
localhost:~ # kubectl get pvc -n longhorn-system
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
longhorn-volv-pvc Bound pvc-f663a92e-ac32-49ae-b8e5-8a6cc29a7d1e 2Gi RWO longhorn-example 54s
localhost:~ # kubectl get pods -n longhorn-system
NAME READY STATUS RESTARTS AGE
csi-attacher-5c4bfdcf59-qmjtz 1/1 Running 0 14m
csi-attacher-5c4bfdcf59-s7n65 1/1 Running 0 14m
csi-attacher-5c4bfdcf59-w9xgs 1/1 Running 0 14m
csi-provisioner-667796df57-fmz2d 1/1 Running 0 14m
csi-provisioner-667796df57-p7rjr 1/1 Running 0 14m
csi-provisioner-667796df57-w9fdq 1/1 Running 0 14m
csi-resizer-694f8f5f64-2rb8v 1/1 Running 0 14m
csi-resizer-694f8f5f64-z9v9x 1/1 Running 0 14m
csi-resizer-694f8f5f64-zlncz 1/1 Running 0 14m
csi-snapshotter-959b69d4b-5dpvj 1/1 Running 0 14m
csi-snapshotter-959b69d4b-lwwkv 1/1 Running 0 14m
csi-snapshotter-959b69d4b-tzhwc 1/1 Running 0 14m
engine-image-ei-5cefaf2b-hvdv5 1/1 Running 0 14m
instance-manager-0ee452a2e9583753e35ad00602250c5b 1/1 Running 0 14m
longhorn-csi-plugin-gd2jx 3/3 Running 0 14m
longhorn-driver-deployer-9f4fc86-j6h2b 1/1 Running 0 15m
longhorn-manager-z4lnl 1/1 Running 0 15m
longhorn-ui-5f4b7bbf69-bln7h 1/1 Running 3 (14m ago) 15m
longhorn-ui-5f4b7bbf69-lh97n 1/1 Running 3 (14m ago) 15m
volume-test 1/1 Running 0 26s16.4 访问 UI #
如果您是通过 kubectl 或 Helm 安装 SUSE Storage 的,则需要设置入口控制器,以允许外部流量进入群集,该服务默认未启用身份验证功能。如果您是使用 Rancher 目录应用程序进行安装的,Rancher 会自动创建带有访问控制的入口控制器 (rancher-proxy)。
获取 Longhorn 的外部服务 IP 地址:
kubectl -n longhorn-system get svc检索到
longhorn-frontendIP 地址后,您可以通过在浏览器中导航到该前端来开始使用 UI。
16.5 使用 Edge Image Builder 进行安装 #
SUSE Edge 借助 第 11 章 “Edge Image Builder” 自定义基础的 SUSE Linux Micro 操作系统映像。接下来我们将演示如何完成该操作,从而置备搭载 SUSE Storage 的 RKE2 群集。
我们来创建定义文件:
export CONFIG_DIR=$HOME/eib
mkdir -p $CONFIG_DIR
cat << EOF > $CONFIG_DIR/iso-definition.yaml
apiVersion: 1.3
image:
imageType: iso
baseImage: SL-Micro.x86_64-6.2-Base-SelfInstall-GM.install.iso
arch: x86_64
outputImageName: eib-image.iso
kubernetes:
version: v1.34.2+rke2r1
helm:
charts:
- name: suse-storage
releaseName: longhorn
version: 1.10.1
repositoryName: rancher-application-collection
targetNamespace: longhorn-system
createNamespace: true
installationNamespace: kube-system
repositories:
- name: rancher-application-collection
url: oci://dp.apps.rancher.io/charts
authentication:
username: $APPS.RANCHER.IO_USERNAME
password: $APPS.RANCHER.IO_ACCESS_TOKEN
embeddedArtifactRegistry:
registries:
- uri: dp.apps.rancher.io
authentication:
username: $APPS.RANCHER.IO_USERNAME
password: $APPS.RANCHER.IO_ACCESS_TOKEN
images:
- name: dp.apps.rancher.io/containers/kubernetes-csi-external-attacher:4.10.0-8.8
- name: dp.apps.rancher.io/containers/kubernetes-csi-external-provisioner:5.3.0-8.8
- name: dp.apps.rancher.io/containers/kubernetes-csi-external-resizer:1.14.0-8.8
- name: dp.apps.rancher.io/containers/kubernetes-csi-external-snapshotter:8.4.0-8.9
- name: dp.apps.rancher.io/containers/kubernetes-csi-livenessprobe:2.17.0-8.8
- name: dp.apps.rancher.io/containers/kubernetes-csi-node-driver-registrar:2.15.0-8.8
- name: dp.apps.rancher.io/containers/longhorn-backing-image-manager:1.10.1-1.11
- name: dp.apps.rancher.io/containers/longhorn-engine:1.10.1-1.16
- name: dp.apps.rancher.io/containers/longhorn-instance-manager:1.10.1-1.17
- name: dp.apps.rancher.io/containers/longhorn-manager:1.10.1-1.9
- name: dp.apps.rancher.io/containers/longhorn-share-manager:1.10.1-1.8
- name: dp.apps.rancher.io/containers/longhorn-ui:1.10.1-1.8
- name: dp.apps.rancher.io/containers/rancher-support-bundle-kit:0.0.71-4.13
operatingSystem:
packages:
sccRegistrationCode: <reg-code>
packageList:
- open-iscsi
users:
- username: root
encryptedPassword: \$6\$jHugJNNd3HElGsUZ\$eodjVe4te5ps44SVcWshdfWizrP.xAyd71CVEXazBJ/.v799/WRCBXxfYmunlBO2yp1hm/zb4r8EmnrrNCF.P/
EOF
我们来构建映像:
podman run --rm --privileged -it -v $CONFIG_DIR:/eib registry.suse.com/edge/3.5/edge-image-builder:1.3.2 build --definition-file $CONFIG_DIR/iso-definition.yaml构建映像后,可以使用它在物理主机或虚拟主机上安装操作系统。置备完成后,可以使用 root:eib
身份凭证对登录到系统。
确保 SUSE Storage 已成功部署:
localhost:~ # /var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml -n longhorn-system get pods
NAME READY STATUS RESTARTS AGE
csi-attacher-5c4bfdcf59-qmjtz 1/1 Running 0 103s
csi-attacher-5c4bfdcf59-s7n65 1/1 Running 0 103s
csi-attacher-5c4bfdcf59-w9xgs 1/1 Running 0 103s
csi-provisioner-667796df57-fmz2d 1/1 Running 0 103s
csi-provisioner-667796df57-p7rjr 1/1 Running 0 103s
csi-provisioner-667796df57-w9fdq 1/1 Running 0 103s
csi-resizer-694f8f5f64-2rb8v 1/1 Running 0 103s
csi-resizer-694f8f5f64-z9v9x 1/1 Running 0 103s
csi-resizer-694f8f5f64-zlncz 1/1 Running 0 103s
csi-snapshotter-959b69d4b-5dpvj 1/1 Running 0 103s
csi-snapshotter-959b69d4b-lwwkv 1/1 Running 0 103s
csi-snapshotter-959b69d4b-tzhwc 1/1 Running 0 103s
engine-image-ei-5cefaf2b-hvdv5 1/1 Running 0 109s
instance-manager-0ee452a2e9583753e35ad00602250c5b 1/1 Running 0 109s
longhorn-csi-plugin-gd2jx 3/3 Running 0 103s
longhorn-driver-deployer-9f4fc86-j6h2b 1/1 Running 0 2m28s
longhorn-manager-z4lnl 1/1 Running 0 2m28s
longhorn-ui-5f4b7bbf69-bln7h 1/1 Running 3 (2m7s ago) 2m28s
longhorn-ui-5f4b7bbf69-lh97n 1/1 Running 3 (2m10s ago) 2m28s