27.16.2. 安装及设置
该功能由外部置备程序提供。您必须在 OpenShift Container Platform 集群中安装和配置它。
27.16.2.1. 启动外部调配器
外部置备程序服务以容器镜像形式发布,并可像平常一样在 OpenShift Container Platform 集群中运行。
要允许容器管理 API 对象,请以集群管理员身份配置所需的基于角色的访问控制(RBAC)规则:
创建一个
ServiceAccount:apiVersion: v1 kind: ServiceAccount metadata: name: manila-provisioner-runner
创建
ClusterRole:kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: manila-provisioner-role rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"]通过
ClusterRoleBinding绑定规则:apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: manila-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: manila-provisioner-role subjects: - kind: ServiceAccount name: manila-provisioner-runner namespace: default
创建新的
StorageClass:apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: "manila-share" provisioner: "externalstorage.k8s.io/manila" parameters: type: "default" 1 zones: "nova" 2
- 1
- 置备程序将为卷创建 Manila 共享类型。
- 2
- 在其中创建卷的 Manila 可用区集。
使用环境变量将置备程序配置为连接、验证并授权给 Manila servic。从以下列表中为您的安装选择适当的组合:
OS_USERNAME OS_PASSWORD OS_AUTH_URL OS_DOMAIN_NAME OS_TENANT_NAME
OS_USERID OS_PASSWORD OS_AUTH_URL OS_TENANT_ID
OS_USERNAME OS_PASSWORD OS_AUTH_URL OS_DOMAIN_ID OS_TENANT_NAME
OS_USERNAME OS_PASSWORD OS_AUTH_URL OS_DOMAIN_ID OS_TENANT_ID
要将变量传递给置备程序,请使用 Secret。以下示例显示了为第一个变量组合配置的 Secret
apiVersion: v1 kind: Secret metadata: name: manila-provisioner-env type: Opaque data: os_username: <base64 encoded Manila username> os_password: <base64 encoded password> os_auth_url: <base64 encoded OpenStack Keystone URL> os_domain_name: <base64 encoded Manila service Domain> os_tenant_name: <base64 encoded Manila service Tenant/Project name>
注意
较新的 OpenStack 版本使用 "project" 而不是 "tenant"。 但是,置备程序使用的环境变量必须在其名称中使用 TENANT。
最后一步是启动 provisioner 本身,例如使用部署:
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: manila-provisioner
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: manila-provisioner
spec:
serviceAccountName: manila-provisioner-runner
containers:
- image: "registry.redhat.io/openshift3/manila-provisioner:latest"
imagePullPolicy: "IfNotPresent"
name: manila-provisioner
env:
- name: "OS_USERNAME"
valueFrom:
secretKeyRef:
name: manila-provisioner-env
key: os_username
- name: "OS_PASSWORD"
valueFrom:
secretKeyRef:
name: manila-provisioner-env
key: os_password
- name: "OS_AUTH_URL"
valueFrom:
secretKeyRef:
name: manila-provisioner-env
key: os_auth_url
- name: "OS_DOMAIN_NAME"
valueFrom:
secretKeyRef:
name: manila-provisioner-env
key: os_domain_name
- name: "OS_TENANT_NAME"
valueFrom:
secretKeyRef:
name: manila-provisioner-env
key: os_tenant_name