目录
简介
Trident 是由 NetApp 开发并支持的一个开源项目,专为容器化环境量身打造的持久化存储方案,用于满足各种复杂的容器存储需求。
目前 Trident 支持 k8s 和 Docker。支持 ONTAP (AFF/FAS/Select/Cloud)、 Element (HCI/SolidFire)、SANtricity (E/EF-Series) data management software、 Azure NetApp Files 、 Cloud Volumes Service for AWS 、 Cloud Volumes Service for GCP 等。
Trident 原生支持 k8s 的 persistent volume 架构,相比其他的存储解决方案,Trident 有以下特点:
1、第一款免费、out-of-process 的 storage provisioner。通过监控 Kubernetes API Server 的 events 来工作,因此具有很大的灵活性和可见性。
2、同一个界面中可以统一调度多个平台,有了 Trident 后用户无需针对每个特定存储系统来申请 PV,Trident 会自动根据存储的higher-level quality选择合适的存储。
3、Trident 与 k8s 高度集成,用户可以使用 k8s 兼容的方式来进行配置。支持 PVC Expansion 功能。
安装
1.资源需求
- 一个k8s集群以及完整的访问权限
- NetApp 存储控制权限
- k8s 所有worker node具备挂载权限
- kubectl
- 启用 Feature Gates (根据 Trident 和 k8s 版本去决定应该启用哪些功能,例如 CSI Trident、Volumes Snapshot)
2.验证K8s集群
# 检查 Kubernetes 版本?
kubectl version
# 检查当前用户的权限?
kubectl auth can-i '*' '*' --all-namespaces
# 是否可以正确拉去镜像,pod 是否可以访问到存储
kubectl run -i --tty ping --image=busybox --restart=Never --rm -- \
ping <management IP>
3.下载并解压安装器
Trident 安装器用于部署 Trident pod、创建 CRD、初始化 CSI sidecar(用于制备和挂载存储)。
下载链接:https://github.com/NetApp/trident/releases/latest
wget https://github.com/NetApp/trident/releases/download/v20.01.0/trident-installer-20.01.0.tar.gz
tar -xf trident-installer-20.01.0.tar.gz
cd trident-installer
4.安装 Trident
创建namespace
kubectl create namespace trident
apiVersion: v1
kind: Namespace
metadata:
name: trident
labels:
app: trident
使用 ./tridentctl install 来安装
$ ./tridentctl install -n trident --etcd-image=rancher/coreos-etcd:v3.4.3-rancher1 -d
#-d 为开启Debug模式
....
INFO Starting Trident installation. namespace=trident
INFO Created service account.
INFO Created cluster role.
INFO Created cluster role binding.
INFO Added finalizers to custom resource definitions.
INFO Created Trident service.
INFO Created Trident secret.
INFO Created Trident deployment.
INFO Created Trident daemonset.
INFO Waiting for Trident pod to start.
INFO Trident pod started. namespace=trident pod=trident-csi-679648bd45-cv2mx
INFO Waiting for Trident REST interface.
INFO Trident REST interface is up. version=20.01.0
INFO Trident installation succeeded.
....
注意:
如果是离线安装,则需要提前准备好以下 image,给集群中所有主机加载:
https://hub.docker.com/r/netapp/trident/
等待命令执行完即可。
$ kubectl get pod -n trident
NAME READY STATUS RESTARTS AGE
trident-csi-679648bd45-cv2mx 4/4 Running 0 5m29s
trident-csi-vgc8n 2/2 Running 0 5m29s
$ ./tridentctl -n trident version
+----------------+----------------+
| SERVER VERSION | CLIENT VERSION |
+----------------+----------------+
| 20.01.0 | 20.01.0 |
+----------------+----------------+
tridentctl 的其他参数
–trident-image : 明确指定 trident 的 image,用于离线安装
–image-registry:指定私有镜像仓库,格式为
–kubelet-dir:指定kubelet目录(默认为/var/lib/kubelet)
–generate-custom-yaml:如果以上参数不够,可以将 trident 文件导出成 yaml 文件,存放在 setup 目录中,使用 ./tridentctl install -n trident --use-custom-yaml 来进行安装
5.创建并验证 Trident 后端
在 sample-input 中有个样例文件 backend.json,可以参考 backend 配置文件进行修改。
和本地的 NetApp 存储连接,需要使用 ONTAP 。
ONTAP (AFF/FAS/Select/Cloud) 驱
1、选择合适的驱动,目前有下列驱动:
| Driver | Protocol |
|---|---|
| ontap-nas | NFS |
| ontap-nas-economy | NFS |
| ontap-nas-flexgroup | NFS |
| ontap-san | iSCSI |
| ontap-san-economy | iSCSI |
ontap-nas 和 ontap-san 会针对每个 PV 创建一个 FlexVol,每个 cluster node 支持最大 1000 个 Flexvol,每个集群最大支持 12000 个。如果需求的 PV 数可以满足,推荐使用这两个驱动,他们具备细颗粒度的数据管理功能。
如果以上限制无法满足需求,可以使用 ontap-nas-economy 和 ontap-san-economy 驱动。
ontap-nas-economy 会将 PV 创建为 ONTAP Qtrees,支持 100000/node,2400000/cluster。
ontap-san-economy 会将 PV 创建为 ONTAP LUN,支持的 PV 数量取决于存储型号,每个集群支持 8192 个,使用 HA 时支持 16384个。
ontap-nas-flexgroup 适合于 AI/ML/DL 等场景,单个 volume 支持 PB 级别、数十亿个文件。
将 aggregates 分配给 SVM(在 NetApp 上创建)
在创建 FlexVol 时,必须关联一个 SVM,需要使用哪个 aggregate 来提供存储资源。
如果一个 SVM 下关联了多个 aggregate,则在配置 volume 时只能选择一个 aggregate,通过这种方式可以防止多个 volume 共用一个后端存储导致资源争夺。
Storage Virtual Machine (SVM, 之前叫做 Vserver)。
- 通过下列命令检查已经分配了的 aggregates:
vserver show -fields aggr-list
注: 如果看到 -,则表示为分配 aggregates。
- 使用下列命令将 aggregates 分配给 SVM:
vserver modify -vserver vserver_name -aggr-list aggr_name
例如:vserver modify -vserver vs1 -aggr-list aggr1,aggr2
创建 backend
cp sample-input/<backend template>.json backend.json
# Fill out the template for your backend
cat backend.json
{
"version": 1,
"storageDriverName": "ontap-nas",
"managementLIF": "10.0.0.1",
"dataLIF": "10.0.0.2",
"svm": "svm_nfs",
"username": "admin",
"password": "secret",
"nfsMountOptions": "nfsvers=4",
}
参数说明:
| Parameter | Description | Default |
|---|---|---|
| version | Always 1 | |
| storageDriverName | “ontap-nas”, “ontap-nas-economy”, “ontap-nas-flexgroup”, “ontap-san”, “ontap-san-economy” | |
| backendName | Custom name for the storage backend | Driver name + “_” + dataLIF |
| managementLIF | IP address of a cluster or SVM management LIF | “10.0.0.1”, “[2001:1234:abcd::fefe]” |
| dataLIF | IP address of protocol LIF | Derived by the SVM unless specified |
| svm | Storage virtual machine to use | Derived if an SVM managementLIF is specified |
| igroupName | Name of the igroup for SAN volumes to use | “trident” |
| username | Username to connect to the cluster/SVM | |
| password | Password to connect to the cluster/SVM | |
| storagePrefix | Prefix used when provisioning new volumes in the SVM | “trident” |
| limitAggregateUsage | Fail provisioning if usage is above this percentage | “” (not enforced by default) |
| limitVolumeSize | Fail provisioning if requested volume size is above this value | “” (not enforced by default) |
| nfsMountOptions | Comma-separated list of NFS mount options (except ontap-san) | “” |
./tridentctl -n trident create backend -f backend.json
+-------------+----------------+--------------------------------------+--------+---------+
| NAME | STORAGE DRIVER | UUID | STATE | VOLUMES |
+-------------+----------------+--------------------------------------+--------+---------+
| nas-backend | ontap-nas | 98e19b74-aec7-4a3d-8dcf-128e5033b214 | online | 0 |
+-------------+----------------+--------------------------------------+--------+---------+
如果安装失败,通过下列命令排除
./tridentctl -n trident logs
安装失败后可能会有遗留的 CSI pod,可以用下列命令删除:
./tridentctl uninstall -n trident
INFO Deleted Trident deployment.
INFO Deleted cluster role binding.
INFO Deleted cluster role.
INFO Deleted service account.
INFO Removed Trident user from security context constraint.
INFO Trident uninstallation succeeded.
6.添加存储类
cp sample-input/storage-class-csi.yaml.templ sample-input/storage-class-basic.yaml
cat sample-input/storage-class-basic.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: basic
provisioner: netapp.io/trident
parameters:
backendType: "ontap-nas"
kubectl create -f sample-input/storage-class-basic.yaml
kubectl get sc basic
NAME PROVISIONER AGE
basic csi.trident.netapp.io 15h
7.为 worker 节点添加 NFS client
yum install nfs-utils -y
systemctl start nfs-utils
挂载验证
mount -o vers=3 -t nfs <your nfs server ip address>:<nfs server path> <local path>
8.创建PVC
默认 sample-input 目录下有个 pvc 配置文件,使用这个进行测试
cat sample-input/pvc-basic.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: basic
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: basic
kubectl create -f sample-input/pvc-basic.yaml
kubectl get pvc --watch
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
basic Pending basic 1s
basic Pending pvc-3acb0d1c-b1ae-11e9-8d9f-5254004dfdb7 0 basic 5s
basic Bound pvc-3acb0d1c-b1ae-11e9-8d9f-5254004dfdb7 1Gi RWO basic 7s
9.为 pod 挂载 PV
cat << EOF > task-pv-pod.yaml
kind: Pod
apiVersion: v1
metadata:
name: task-pv-pod
spec:
volumes:
- name: task-pv-storage
persistentVolumeClaim:
claimName: basic
containers:
- name: task-pv-container
image: nginx
ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: task-pv-storage
EOF
kubectl create -f task-pv-pod.yaml
# 等待pod启动
kubectl get pod --watch
# 验证 pv 已经挂载到 /usr/share/nginx/html
kubectl exec -it task-pv-pod -- df -h /usr/share/nginx/html
Filesystem Size Used Avail Use% Mounted on
10.xx.xx.xx:/trid_1907_pvc_254004dfdb7 1.0G 256K 1.0G 1% /usr/share/nginx/html
# 删除 pod
kubectl delete pod task-pv-pod
测试完成后删除 pvc
kubectl delete pvc basic
PVC expansion
自 k8s 1.11 版本后,通过 Storage Class 创建的 PVC 支持扩展大小。但是对应的 Storage Class 需要添加:allowVolumeExpansion: true 配置。
NFS PVC 扩容
对于 NetApp Trident,从 v18.10开始支持 NFS PV 扩容,对应的后端有 ontap-nas、ontap-nas-economy、ontap-nas-flexgroup、aws-cvs、gcp-cvs 和 azure-netapp-files。
步骤1:为 Storage Class 添加 allowVolumeExpansion: true
$ cat storageclass-ontapnas.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ontapnas
provisioner: csi.trident.netapp.io
parameters:
backendType: ontap-nas
allowVolumeExpansion: true
步骤2 : 创建一个 PVC
$ cat pvc-ontapnas.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: ontapnas20mb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Mi
storageClassName: ontapnas
创建完成后检查已经为 Bound:
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
ontapnas20mb Bound pvc-08f3d561-b199-11e9-8d9f-5254004dfdb7 20Mi RWO ontapnas 9s
$ kubectl get pv pvc-08f3d561-b199-11e9-8d9f-5254004dfdb7
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-08f3d561-b199-11e9-8d9f-5254004dfdb7 20Mi RWO Delete Bound default/ontapnas20mb ontapnas 2m42s
步骤3 :使用 kubectl edit pvc编辑 PVC 大小,将其改为 1G。
$ kubectl edit pvc ontapnas20mb
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
pv.kubernetes.io/bind-completed: "yes"
pv.kubernetes.io/bound-by-controller: "yes"
volume.beta.kubernetes.io/storage-provisioner: csi.trident.netapp.io
creationTimestamp: 2018-08-21T18:26:44Z
finalizers:
- kubernetes.io/pvc-protection
name: ontapnas20mb
namespace: default
resourceVersion: "1958015"
selfLink: /api/v1/namespaces/default/persistentvolumeclaims/ontapnas20mb
uid: c1bd7fa5-a56f-11e8-b8d7-fa163e59eaab
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
...
查看 PVC 以及 PV 大小成功修改:
$ kubectl get pvc ontapnas20mb
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
ontapnas20mb Bound pvc-08f3d561-b199-11e9-8d9f-5254004dfdb7 1Gi RWO ontapnas 4m44s
$ kubectl get pv pvc-08f3d561-b199-11e9-8d9f-5254004dfdb7
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-08f3d561-b199-11e9-8d9f-5254004dfdb7 1Gi RWO Delete Bound default/ontapnas20mb ontapnas 5m35s
$ tridentctl get volume pvc-08f3d561-b199-11e9-8d9f-5254004dfdb7 -n trident
+------------------------------------------+---------+---------------+----------+--------------------------------------+--------+---------+
| NAME | SIZE | STORAGE CLASS | PROTOCOL | BACKEND UUID | STATE | MANAGED |
+------------------------------------------+---------+---------------+----------+--------------------------------------+--------+---------+
| pvc-08f3d561-b199-11e9-8d9f-5254004dfdb7 | 1.0 GiB | ontapnas | file | c5a6f6a4-b052-423b-80d4-8fb491a14a22 | online | true |
+------------------------------------------+---------+---------------+----------+--------------------------------------+--------+---------+
具体配置见:
iSCSI PVC 扩容
操作步骤和 NFS PVC 类似,唯一的不同时 iSCSI 是块存储,牵扯到文件系统的扩展(类似于 Linux 下虽然添加了磁盘,但是还是要加入 LVM 或者更改分区大小)。
Trident 的操作如下:
如果有 pod 挂载了 PV,则 Trident 会在存储后端扩展 volume,重新扫描设备并扩展文件系统。
如果 pod 暂未 挂载 PV,则 Trident 会在存储后端扩展 volume,当有 POD 使用对应的 PVC 时,Trident 重新扫描设备并扩展文件系统
具体配置见:
关于 iSCSI 文件系统格式,请见:
示例:
{
"version": 1,
"storageDriverName": "ontap-san-economy",
"managementLIF": "10.0.0.1",
"dataLIF": "10.0.0.3",
"svm": "svm_iscsi_eco",
"username": "vsadmin",
"password": "secret",
"aggregate": "aggr1",
"igroupName": "myigroup"
"fileSystemType": "xfs"
# 默认文件系统为 ext4
}
参考资料
https://netapp-trident.readthedocs.io/en/stable-v20.01/kubernetes/index.html
https://netapp-trident.readthedocs.io/en/stable-v20.01/kubernetes/operations/tasks/worker.html#nfs