一、建立相應的pool
ceph osd pool create k8s 4096 4096
二、建立ceph的對k8s pool的使用者
ceph auth get-or-create client.k8s mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=k8s' -o /etc/ceph/ceph.client.k8s.keyring
#ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
三、對k8s使用者進行base64加密
echo "keyring " | base64
四、建立基于keyring 的secret資源
root@master:~# cat ceph-secret.yaml apiVersion: v1
kind: Secretmetadata:
name: ceph-secret
data:
key: QVFBbW5SbFgyenJxRFJBQU9pdU9zMnNJSXRHaEFQNnRORGEzVmc9PQo= #base64後的key kubectl create -f ceph-secret.yaml
kubectl get secret
五、編輯一個可用的ReplicationController 讓rbdpod跑起來
apiVersion: v1
kind: PersistentVolume
metadata:
name: ceph-rbd-pv-onduty-redis-data
namespace: devops
labels:
onduty: redis-data
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
rbd:
monitors:
- 10.0.0.4:6789
- 10.0.0.5:6789
- 10.0.0.6:6789
pool: k8s
p_w_picpath: onduty-redis-data
user: admin
secretRef:
name: ceph-secret
fsType: ext4
![k8s系列(十一:執行個體)PV動态供給,configMap,secretsecre:建立pod通過env的方式引用configmap通過挂載存儲卷的方式引用configmap案例secret[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)