.. _header-n0: ######################################## 使用secret连接PV至RBD ######################################## 获取admin用户keyring: .. code:: shell [root@renbin-new-1 ~]# ceph auth get-key client.admin |base64 QVFCRDhweGVYMFV6QmhBQWtWK1lUekdOU2ZTY3JiKzZGcDl3b3c9PQ== 创建kubernetes secret对象 ``cat ceph-secret.yaml`` .. code:: yaml apiVersion: v1 kind: Secret metadata: name: ceph-secret data: key: QVFCRDhweGVYMFV6QmhBQWtWK1lUekdOU2ZTY3JiKzZGcDl3b3c9PQ== 创建secret对象: .. code:: shell [root@renbin-new-1 volumes]# kubectl apply -f ceph-secret.yaml secret/ceph-secret created [root@renbin-new-1 volumes]# kubectl get secrets NAME TYPE DATA AGE ceph-secret kubernetes.io/rbd 1 5s 创建rbd image: .. code:: shell rbd create pv-test-image-300M -s 300M -p kubernetes rbd feature disable kubernetes/pv-test-image-300M object-map fast-diff deep-flatten exclusive-lock rbd info kubernetes/pv-test-image-300M 创建PV: .. code:: yaml apiVersion: v1 kind: PersistentVolume metadata: name: pv-test spec: capacity: storage: 300M accessModes: - ReadWriteOnce rbd: monitors: - '10.181.103.48:6789' - '10.181.103.36:6789' - '10.181.103.44:6789' pool: kubernetes image: pv-test-image-300M user: admin secretRef: name: ceph-secret fsType: xfs readOnly: false persistentVolumeReclaimPolicy: Recycle 创建PVC: .. code:: yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pv-test-claim spec: accessModes: - ReadWriteOnce resources: requests: storage: 100M 创建Pod测试: .. code:: yaml apiVersion: v1 kind: Pod metadata: name: ceph-busybox spec: containers: - name: ceph-busybox image: busybox command: ["sleep", "600000"] volumeMounts: - name: rbd-test mountPath: /usr/share/busybox readOnly: false volumes: - name: rbd-test persistentVolumeClaim: claimName: pv-test-claim 查看结果:docker inspect ceph-busybox .. code:: json "Mounts": [ { "Type": "bind", "Source": "/var/lib/kubelet/pods/6d762195-12ac-469b-938d-c96de19e24d5/volumes/kubernetes.io~rbd/pv-test", "Destination": "/usr/share/busybox", "Mode": "Z", "RW": true, "Propagation": "rprivate" },