首頁(yè)
容器服務(wù) Kubernetes 版 ACK
ACK托管與專有集群
操作指南
存儲(chǔ)
遷移Flexvolume至CSI
將Flexvolume類(lèi)型的OSS靜態(tài)存儲(chǔ)卷遷移至CSI
將Flexvolume類(lèi)型的OSS靜態(tài)存儲(chǔ)卷遷移至CSI
更新時(shí)間:
由于Flexvolume存儲(chǔ)插件已棄用,新建集群已不再支持Flexvolume存儲(chǔ)插件。對(duì)于現(xiàn)有使用Flexvolume插件的集群,建議遷移改用CSI插件。本文介紹如何將Flexvolume類(lèi)型的OSS靜態(tài)存儲(chǔ)卷遷移至CSI。
索引
插件區(qū)別
CSI和Flexvolume存儲(chǔ)插件的區(qū)別如下表所示。
插件 | 組成 | kubelet參數(shù) | 相關(guān)文檔 |
CSI |
| 插件運(yùn)行依賴的kubelet參數(shù)不同。 配置kubelet的 | |
Flexvolume |
| 插件運(yùn)行依賴的kubelet參數(shù)不同。 配置kubelet的 |
使用場(chǎng)景
集群已使用Flexvolume掛載OSS靜態(tài)存儲(chǔ)卷,即當(dāng)前集群中包含F(xiàn)lexvolume類(lèi)型的OSS靜態(tài)存儲(chǔ)卷。如果您的集群中也有Flexvolume類(lèi)型的云盤(pán)存儲(chǔ)卷,請(qǐng)參考通過(guò)csi-compatible-controller組件遷移Flexvolume至CSI。
注意事項(xiàng)
插件遷移時(shí),PVC重建將導(dǎo)致Pod重建和業(yè)務(wù)中斷。您需要選擇合適時(shí)間對(duì)集群進(jìn)行插件遷移、PVC重建、應(yīng)用變更等一系列的重啟操作。
準(zhǔn)備工作
手動(dòng)安裝CSI插件
使用以下內(nèi)容,分別創(chuàng)建csi-plugin.yaml和csi-provisioner.yaml文件。
--- apiVersion: v1 kind: ServiceAccount metadata: name: csi-admin namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: alicloud-csi-plugin rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "create", "list"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["persistentvolumeclaims/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "watch", "list", "delete", "update", "create"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "watch", "list", "delete", "update", "create"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["csi.storage.k8s.io"] resources: ["csinodeinfos"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] verbs: ["get", "list", "watch", "create"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["create", "get", "list", "watch", "update", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete", "get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents/status"] verbs: ["update"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments/status"] verbs: ["patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots/status"] verbs: ["update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "list"] - apiGroups: [""] resources: ["pods","pods/exec"] verbs: ["create", "delete", "get", "post", "list", "watch", "patch", "udpate"] - apiGroups: ["storage.alibabacloud.com"] resources: ["rules"] verbs: ["get"] - apiGroups: ["storage.alibabacloud.com"] resources: ["containernetworkfilesystems"] verbs: ["get","list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: alicloud-csi-plugin subjects: - kind: ServiceAccount name: csi-admin namespace: kube-system roleRef: kind: ClusterRole name: alicloud-csi-plugin apiGroup: rbac.authorization.k8s.io --- apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: diskplugin.csi.alibabacloud.com spec: attachRequired: true podInfoOnMount: true --- apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: nasplugin.csi.alibabacloud.com spec: attachRequired: false podInfoOnMount: true --- apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: ossplugin.csi.alibabacloud.com spec: attachRequired: false podInfoOnMount: true --- kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-plugin namespace: kube-system spec: selector: matchLabels: app: csi-plugin template: metadata: labels: app: csi-plugin spec: tolerations: - operator: Exists affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: type operator: NotIn values: - virtual-kubelet nodeSelector: kubernetes.io/os: linux serviceAccount: csi-admin priorityClassName: system-node-critical hostNetwork: true hostPID: true dnsPolicy: ClusterFirst containers: - name: disk-driver-registrar image: registry.cn-hangzhou.aliyuncs.com/acs/csi-node-driver-registrar:v2.3.1-038aeb6-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 1024Mi args: - "--v=5" - "--csi-address=/var/lib/kubelet/csi-plugins/diskplugin.csi.alibabacloud.com/csi.sock" - "--kubelet-registration-path=/var/lib/kubelet/csi-plugins/diskplugin.csi.alibabacloud.com/csi.sock" volumeMounts: - name: kubelet-dir mountPath: /var/lib/kubelet - name: registration-dir mountPath: /registration - name: nas-driver-registrar image: registry.cn-hangzhou.aliyuncs.com/acs/csi-node-driver-registrar:v2.3.1-038aeb6-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 1024Mi args: - "--v=5" - "--csi-address=/var/lib/kubelet/csi-plugins/nasplugin.csi.alibabacloud.com/csi.sock" - "--kubelet-registration-path=/var/lib/kubelet/csi-plugins/nasplugin.csi.alibabacloud.com/csi.sock" volumeMounts: - name: kubelet-dir mountPath: /var/lib/kubelet/ - name: registration-dir mountPath: /registration - name: oss-driver-registrar image: registry.cn-hangzhou.aliyuncs.com/acs/csi-node-driver-registrar:v2.3.1-038aeb6-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 1024Mi args: - "--v=5" - "--csi-address=/var/lib/kubelet/csi-plugins/ossplugin.csi.alibabacloud.com/csi.sock" - "--kubelet-registration-path=/var/lib/kubelet/csi-plugins/ossplugin.csi.alibabacloud.com/csi.sock" volumeMounts: - name: kubelet-dir mountPath: /var/lib/kubelet/ - name: registration-dir mountPath: /registration - name: csi-plugin securityContext: privileged: true allowPrivilegeEscalation: true image: registry.cn-hangzhou.aliyuncs.com/acs/csi-plugin:v1.24.6-55c95dd-aliyun args: - "--endpoint=$(CSI_ENDPOINT)" - "--v=2" - "--driver=oss,nas,disk" env: - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix://var/lib/kubelet/csi-plugins/driverplugin.csi.alibabacloud.com-replace/csi.sock - name: MAX_VOLUMES_PERNODE value: "15" - name: SERVICE_TYPE value: "plugin" resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 1024Mi livenessProbe: httpGet: path: /healthz port: healthz scheme: HTTP initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 5 ports: - name: healthz containerPort: 11260 volumeMounts: - name: kubelet-dir mountPath: /var/lib/kubelet/ mountPropagation: "Bidirectional" - name: etc mountPath: /host/etc - name: host-log mountPath: /var/log/ - name: ossconnectordir mountPath: /host/usr/ - name: container-dir mountPath: /var/lib/container mountPropagation: "Bidirectional" - name: host-dev mountPath: /dev mountPropagation: "HostToContainer" - mountPath: /var/addon name: addon-token readOnly: true - mountPath: /host/var/run/ name: fuse-metrics-dir volumes: - name: fuse-metrics-dir hostPath: path: /var/run/ type: DirectoryOrCreate - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry type: DirectoryOrCreate - name: container-dir hostPath: path: /var/lib/container type: DirectoryOrCreate - name: kubelet-dir hostPath: path: /var/lib/kubelet type: Directory - name: host-dev hostPath: path: /dev - name: host-log hostPath: path: /var/log/ - name: etc hostPath: path: /etc - name: ossconnectordir hostPath: path: /usr/ - name: addon-token secret: defaultMode: 420 optional: true items: - key: addon.token.config path: token-config secretName: addon.csi.token updateStrategy: rollingUpdate: maxUnavailable: 30% type: RollingUpdate--- kind: Deployment apiVersion: apps/v1 metadata: name: csi-provisioner namespace: kube-system spec: selector: matchLabels: app: csi-provisioner strategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate replicas: 2 template: metadata: labels: app: csi-provisioner spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: node-role.kubernetes.io/master operator: Exists requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: type operator: NotIn values: - virtual-kubelet podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - csi-provisioner topologyKey: kubernetes.io/hostname tolerations: - effect: NoSchedule operator: Exists key: node-role.kubernetes.io/master - effect: NoSchedule operator: Exists key: node.cloudprovider.kubernetes.io/uninitialized serviceAccount: csi-admin hostPID: true priorityClassName: system-node-critical containers: - name: external-disk-provisioner image: registry.cn-hangzhou.aliyuncs.com/acs/csi-provisioner:v3.0.0-080f01e64-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 1024Mi args: - "--csi-address=$(ADDRESS)" - "--feature-gates=Topology=True" - "--volume-name-prefix=disk" - "--strict-topology=true" - "--timeout=150s" - "--leader-election=true" - "--retry-interval-start=500ms" - "--extra-create-metadata=true" - "--default-fstype=ext4" - "--v=5" env: - name: ADDRESS value: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com/csi.sock volumeMounts: - name: disk-provisioner-dir mountPath: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com - name: external-disk-attacher image: registry.cn-hangzhou.aliyuncs.com/acs/csi-attacher:v3.3-72dd428b-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 1024Mi args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--leader-election=true" env: - name: ADDRESS value: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com/csi.sock volumeMounts: - name: disk-provisioner-dir mountPath: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com - name: external-disk-resizer image: registry.cn-hangzhou.aliyuncs.com/acs/csi-resizer:v1.3-ca84e84-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 8Gi args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--leader-election" env: - name: ADDRESS value: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com/csi.sock volumeMounts: - name: disk-provisioner-dir mountPath: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com - name: external-nas-provisioner image: registry.cn-hangzhou.aliyuncs.com/acs/csi-provisioner:v3.0.0-080f01e64-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 1024Mi args: - "--csi-address=$(ADDRESS)" - "--volume-name-prefix=nas" - "--timeout=150s" - "--leader-election=true" - "--retry-interval-start=500ms" - "--default-fstype=nfs" - "--v=5" env: - name: ADDRESS value: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com/csi.sock volumeMounts: - name: nas-provisioner-dir mountPath: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com - name: external-nas-resizer image: registry.cn-hangzhou.aliyuncs.com/acs/csi-resizer:v1.3-ca84e84-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 8Gi args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--leader-election" env: - name: ADDRESS value: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com/csi.sock volumeMounts: - name: nas-provisioner-dir mountPath: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com - name: external-oss-provisioner args: - --csi-address=$(ADDRESS) - --volume-name-prefix=oss - --timeout=150s - --leader-election=true - --retry-interval-start=500ms - --default-fstype=ossfs - --v=5 env: - name: ADDRESS value: /var/lib/kubelet/csi-provisioner/ossplugin.csi.alibabacloud.com/csi.sock image: registry.cn-hangzhou.aliyuncs.com/acs/csi-provisioner:v3.0.0-080f01e64-aliyun resources: limits: cpu: 500m memory: 1Gi requests: cpu: 10m memory: 16Mi volumeMounts: - mountPath: /var/lib/kubelet/csi-provisioner/ossplugin.csi.alibabacloud.com name: oss-provisioner-dir - name: external-csi-snapshotter image: registry.cn-hangzhou.aliyuncs.com/acs/csi-snapshotter:v4.0.0-a230d5b3-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 1024Mi args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--leader-election=true" - "--extra-create-metadata=true" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - name: disk-provisioner-dir mountPath: /csi - name: external-snapshot-controller image: registry.cn-hangzhou.aliyuncs.com/acs/snapshot-controller:v4.0.0-a230d5b3-aliyun resources: requests: cpu: 10m memory: 16Mi limits: cpu: 500m memory: 1024Mi args: - "--v=5" - "--leader-election=true" - name: csi-provisioner securityContext: privileged: true image: registry.cn-hangzhou.aliyuncs.com/acs/csi-plugin:v1.24.6-55c95dd-aliyun args: - "--endpoint=$(CSI_ENDPOINT)" - "--v=2" - "--driver=nas,disk,oss" env: - name: CSI_ENDPOINT value: unix://var/lib/kubelet/csi-provisioner/driverplugin.csi.alibabacloud.com-replace/csi.sock - name: MAX_VOLUMES_PERNODE value: "15" - name: SERVICE_TYPE value: "provisioner" - name: "CLUSTER_ID" value: "CLUSTER_ID" livenessProbe: httpGet: path: /healthz port: healthz scheme: HTTP initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 5 periodSeconds: 20 ports: - name: healthz containerPort: 11270 volumeMounts: - name: host-log mountPath: /var/log/ - name: disk-provisioner-dir mountPath: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com - name: nas-provisioner-dir mountPath: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com - name: oss-provisioner-dir mountPath: /var/lib/kubelet/csi-provisioner/ossplugin.csi.alibabacloud.com - mountPath: /var/addon name: addon-token readOnly: true - mountPath: /mnt mountPropagation: Bidirectional name: host-dev - mountPath: /host/etc name: etc resources: limits: cpu: 500m memory: 1024Mi requests: cpu: 100m memory: 128Mi volumes: - name: disk-provisioner-dir emptyDir: {} - name: nas-provisioner-dir emptyDir: {} - name: oss-provisioner-dir emptyDir: {} - name: host-log hostPath: path: /var/log/ - name: etc hostPath: path: /etc type: "" - name: host-dev hostPath: path: /mnt type: "" - name: addon-token secret: defaultMode: 420 optional: true items: - key: addon.token.config path: token-config secretName: addon.csi.token執(zhí)行以下命令,在ACK集群中部署csi-plugin和csi-provisioner。
kubectl apply -f csi-plugin.yaml -f csi-provisioner.yaml執(zhí)行以下命令,查看CSI插件是否正常。
kubectl get pods -nkube-system | grep csi預(yù)期輸出:
csi-plugin-577mm 4/4 Running 0 3d20h csi-plugin-k9mzt 4/4 Running 0 41d csi-provisioner-6b58f46989-8wwl5 9/9 Running 0 41d csi-provisioner-6b58f46989-qzh8l 9/9 Running 0 6d20h存在以上預(yù)期輸出,說(shuō)明集群中CSI插件正常運(yùn)行。
本文以1個(gè)StatefulSet使用Flexvolume類(lèi)型的OSS靜態(tài)存儲(chǔ)卷,存儲(chǔ)卷的密鑰信息保存在oss-secret中為例,介紹如何將Flexvolume類(lèi)型的OSS靜態(tài)存儲(chǔ)卷遷移至CSI。流程如下圖所示。
步驟一:查看集群存儲(chǔ)狀態(tài)
執(zhí)行以下命令,查看Pod狀態(tài)。
kubectl get pod預(yù)期輸出:
NAME READY STATUS RESTARTS AGE oss-sts-1 1/1 Running 0 11m執(zhí)行以下命令,查看Pod使用的PVC。
kubectl describe pod oss-sts-1 |grep ClaimName預(yù)期輸出:
ClaimName: oss-pvc執(zhí)行以下命令,查看當(dāng)前PVC狀態(tài)。
kubectl get pvc預(yù)期輸出:
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE oss-pvc Bound oss-pv 5Gi RWX 7m23s
步驟二:創(chuàng)建CSI類(lèi)型OSS靜態(tài)存儲(chǔ)的PVC和PV
方式一:通過(guò)Flexvolume2CSI命令行工具轉(zhuǎn)換
將Flexvolume類(lèi)型的PVC和PV轉(zhuǎn)換為CSI類(lèi)型的PVC和PV。具體操作,請(qǐng)參見(jiàn)使用Flexvolume2CSI命令行工具批量轉(zhuǎn)換YAML。
執(zhí)行以下命令,創(chuàng)建CSI類(lèi)型OSS靜態(tài)存儲(chǔ)的PVC和PV對(duì)象。
其中,
oss-pv-pvc-csi.yaml文件為通過(guò)Flexvolume2CSI命令行工具轉(zhuǎn)換得到的CSI類(lèi)型的PVC和PV的YAML文件。kubectl apply -f oss-pv-pvc-csi.yaml執(zhí)行以下命令,查看當(dāng)前PVC狀態(tài)。
kubectl get pvc預(yù)期輸出:
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE oss-pvc-csi Bound oss-pv-csi 5Gi RWO 7m15s oss-pvc Bound oss-pv 5Gi RWX 52m
方式二:通過(guò)手動(dòng)保存Flexvolume類(lèi)型PVC和PV并修改存儲(chǔ)驅(qū)動(dòng)的方式轉(zhuǎn)換
保存Flexvolume類(lèi)型的PVC和PV模板。
執(zhí)行以下命令,保存Flexvolume類(lèi)型的PVC對(duì)象。
kubectl get pvc oss-pvc -oyaml > oss-pvc-flexvolume.yaml cat oss-pvc-flexvolume.yaml預(yù)期輸出:
apiVersion: v1 kind: PersistentVolumeClaim name: oss-pvc namespace: default spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi volumeMode: Filesystem volumeName: oss-pv執(zhí)行以下命令,保存Flexvolume類(lèi)型的PV對(duì)象。
kubectl get pv oss-pv -oyaml > oss-pv-flexvolume.yaml cat oss-pv-flexvolume.yaml預(yù)期輸出:
apiVersion: v1 kind: PersistentVolume metadata: name: oss-pv spec: accessModes: - ReadWriteMany capacity: storage: 5Gi claimRef: apiVersion: v1 kind: PersistentVolumeClaim name: oss-pvc namespace: default flexVolume: driver: alicloud/oss nodePublishSecretRef: name: oss-secret namespace: default options: bucket: xxx otherOpts: -o max_stat_cache_size=0 -o allow_other url: xxx.aliyuncs.com persistentVolumeReclaimPolicy: Retain volumeMode: Filesystem
創(chuàng)建CSI類(lèi)型OSS靜態(tài)存儲(chǔ)的PVC和PV。
使用以下YAML內(nèi)容,創(chuàng)建CSI類(lèi)型OSS靜態(tài)存儲(chǔ)的oss-pv-pvc-csi.yaml文件。
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: oss-pvc-csi spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi selector: matchLabels: alicloud-pvname: oss-pv-csi --- apiVersion: v1 kind: PersistentVolume metadata: name: oss-pv-csi labels: alicloud-pvname: oss-pv-csi spec: capacity: storage: 5Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain csi: driver: ossplugin.csi.alibabacloud.com volumeHandle: oss-pv-csi nodePublishSecretRef: name: oss-secret namespace: default volumeAttributes: bucket: "***" url: "***.aliyuncs.com" otherOpts: "-o max_stat_cache_size=0 -o allow_other"執(zhí)行以下命令,創(chuàng)建CSI類(lèi)型OSS靜態(tài)存儲(chǔ)的PVC和PV對(duì)象。
kubectl apply -f oss-pv-pvc-csi.yaml執(zhí)行以下命令,查看當(dāng)前PVC狀態(tài)。
kubectl get pvc預(yù)期輸出:
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE oss-pvc-csi Bound oss-pv-csi 5Gi RWO 7m15s oss-pvc Bound oss-pv 5Gi RWX 52m
步驟三:更新應(yīng)用關(guān)聯(lián)的PVC
執(zhí)行以下命令,編輯應(yīng)用配置文件。
kubectl edit sts oss-sts修改PVC配置內(nèi)容,將數(shù)據(jù)卷配置改為CSI類(lèi)型的PVC。
volumes: - name: oss persistentVolumeClaim: claimName: oss-pvc-csi執(zhí)行以下命令,查看Pod是否重啟成功。
kubectl get pod預(yù)期輸出:
NAME READY STATUS RESTARTS AGE oss-sts-1 1/1 Running 0 70s執(zhí)行以下命令,查看掛載信息。
kubectl exec oss-sts-1 -- mount |grep ossfs預(yù)期輸出:
# 查看掛載信息。 ***:/ on /var/lib/kubelet/pods/ac02ea3f-125f-4b38-9bcf-9b117f62eaf0/volumes/kubernetes.io~csi/oss-pv-csi/mount type ossfs (rw,relatime,max_stat_cache_size=0,allow_other)存在以上預(yù)期輸出,表示Pod遷移成功。
步驟四:卸載Flexvolume插件
登錄OpenAPI平臺(tái),調(diào)用UnInstallClusterAddons卸載Flexvolume插件。
ClusterId:您的集群ID。您可以通過(guò)集群的基本信息頁(yè)面,查看集群ID。
name:Flexvolume。
具體操作,請(qǐng)參見(jiàn)卸載集群組件。
執(zhí)行以下命令,刪除alicloud-disk-controller和alicloud-nas-controller。
kubectl delete deploy -nkube-system alicloud-disk-controller alicloud-nas-controller執(zhí)行以下命令,檢查集群中Flexvolume插件是否卸載完成。
kubectl get pods -n kube-system | grep 'flexvolume\|alicloud-disk-controller\|alicloud-nas-controller'輸出為空,說(shuō)明集群中Flexvolume插件已卸載完成。
執(zhí)行以下命令,刪除集群中Flexvolume類(lèi)型的StorageClass,F(xiàn)lexvolume類(lèi)型的StorageClass PROVISIONER類(lèi)型為alicloud/disk。
kubectl delete storageclass alicloud-disk-available alicloud-disk-efficiency alicloud-disk-essd alicloud-disk-ssd預(yù)期輸出:
storageclass.storage.k8s.io "alicloud-disk-available" deleted storageclass.storage.k8s.io "alicloud-disk-efficiency" deleted storageclass.storage.k8s.io "alicloud-disk-essd" deleted storageclass.storage.k8s.io "alicloud-disk-ssd" deleted存在以上輸出,說(shuō)明StorageClass刪除成功。
步驟五:使用OpenAPI安裝CSI插件
登錄OpenAPI平臺(tái),調(diào)用InstallClusterAddons安裝CSI插件。
ClusterId:您的集群ID。
name:csi-provisioner。
version:最新CSI插件版本。關(guān)于CSI版本信息,請(qǐng)參見(jiàn)csi-provisioner。
具體操作,請(qǐng)參見(jiàn)安裝集群組件。
執(zhí)行以下命令,檢查集群中CSI插件是否正常運(yùn)行。
kubectl get pods -nkube-system | grep csi預(yù)期輸出:
csi-plugin-577mm 4/4 Running 0 3d20h csi-plugin-k9mzt 4/4 Running 0 41d csi-provisioner-6b58f46989-8wwl5 9/9 Running 0 41d csi-provisioner-6b58f46989-qzh8l 9/9 Running 0 6d20h存在以上預(yù)期輸出,說(shuō)明集群中CSI插件正常運(yùn)行。
步驟六:修改現(xiàn)有節(jié)點(diǎn)配置
執(zhí)行以下YAML內(nèi)容,修改插件運(yùn)行依賴的kubelet參數(shù),使其匹配CSI插件的運(yùn)行要求。 該DaemonSet有將現(xiàn)有節(jié)點(diǎn)的kubelet參數(shù)--enable-controller-attach-detach修改為true的能力,當(dāng)本步驟操作執(zhí)行完成后,可以將該DaemonSet刪除。
重要
執(zhí)行以下YAML文件時(shí),會(huì)重啟kubelet,請(qǐng)?jiān)u估對(duì)現(xiàn)有應(yīng)用的影響。
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kubelet-set
spec:
selector:
matchLabels:
app: kubelet-set
template:
metadata:
labels:
app: kubelet-set
spec:
tolerations:
- operator: "Exists"
hostNetwork: true
hostPID: true
containers:
- name: kubelet-set
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: registry.cn-hangzhou.aliyuncs.com/acs/csi-plugin:v1.26.5-56d1e30-aliyun
imagePullPolicy: "Always"
env:
- name: enableADController
value: "true"
command: ["sh", "-c"]
args:
- echo "Starting kubelet flag set to $enableADController";
ifFlagTrueNum=`cat /host/etc/systemd/system/kubelet.service.d/10-kubeadm.conf | grep enable-controller-attach-detach=$enableADController | grep -v grep | wc -l`;
echo "ifFlagTrueNum is $ifFlagTrueNum";
if [ "$ifFlagTrueNum" = "0" ]; then
curValue="true";
if [ "$enableADController" = "true" ]; then
curValue="false";
fi;
sed -i "s/enable-controller-attach-detach=$curValue/enable-controller-attach-detach=$enableADController/" /host/etc/systemd/system/kubelet.service.d/10-kubeadm.conf;
restartKubelet="true";
echo "current value is $curValue, change to expect "$enableADController;
fi;
if [ "$restartKubelet" = "true" ]; then
/nsenter --mount=/proc/1/ns/mnt systemctl daemon-reload;
/nsenter --mount=/proc/1/ns/mnt service kubelet restart;
echo "restart kubelet";
fi;
while true;
do
sleep 5;
done;
volumeMounts:
- name: etc
mountPath: /host/etc
volumes:
- name: etc
hostPath:
path: /etc文檔內(nèi)容是否對(duì)您有幫助?