123 lines
3.0 KiB
Markdown
123 lines
3.0 KiB
Markdown
# Proxmox Kubernetes PVC
|
|
|
|
разворачиваем контроллер для создания Persistent Volume Claims из кластера talos в Proxmox
|
|
|
|
|
|
детально о плагине [proxmox-csi-plugin](https://github.com/sergelogvinov/proxmox-csi-plugin)
|
|
|
|
## настройка со стороны Proxmox
|
|
|
|
в общем случае:
|
|
|
|
```bash
|
|
pveum role add CSI -privs "VM.Audit VM.Config.Disk Datastore.Allocate Datastore.AllocateSpace Datastore.Audit"
|
|
```
|
|
для ZFS
|
|
|
|
```bash
|
|
pveum role add CSI -privs "VM.Audit VM.Allocate VM.Clone VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Options VM.Migrate VM.PowerMgmt Datastore.Allocate Datastore.AllocateSpace Datastore.Audit"
|
|
```
|
|
создаем пользователя
|
|
|
|
```bash
|
|
pveum user add kubernetes-csi@pve
|
|
pveum aclmod / -user kubernetes-csi@pve -role CSI
|
|
pveum user token add kubernetes-csi@pve csi -privsep 0
|
|
```
|
|
|
|
## настройка со стороны Kubernetes
|
|
|
|
1. проставляем метки на ноды кластера:
|
|
|
|
```bash
|
|
kubectl label nodes worker-1 worker-2 worker-3 topology.kubernetes.io/region=Region1
|
|
kubectl label nodes worker-1 worker-2 worker-3 topology.kubernetes.io/zone=pve2-nsk
|
|
```
|
|
|
|
2. неймспейс для CSI плагина:
|
|
|
|
```bash
|
|
kubectl create ns csi-proxmox
|
|
kubectl label ns csi-proxmox pod-security.kubernetes.io/enforce=privileged
|
|
```
|
|
|
|
3. готовим конфиг для CSI плагина:
|
|
|
|
```bash
|
|
cat <<EOF | kubectl -n csi-proxmox create secret generic proxmox-csi-plugin --from-file=config.yaml=/dev/stdin
|
|
clusters:
|
|
- url: https://192.168.8.10:8006/api2/json
|
|
insecure: true
|
|
token_id: "kubernetes-csi@pve!csi"
|
|
token_secret: "9d9bfb50-479d-442c-932d-6da73934ae2d"
|
|
region: Region1
|
|
features:
|
|
provider: default
|
|
EOF
|
|
```
|
|
|
|
ставим CSI плагин:
|
|
```bash
|
|
kubectl apply -f https://raw.githubusercontent.com/sergelogvinov/proxmox-csi-plugin/main/docs/deploy/proxmox-csi-plugin-release.yml
|
|
```
|
|
|
|
сетапим storage class
|
|
|
|
```bash
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: storage.k8s.io/v1
|
|
kind: StorageClass
|
|
metadata:
|
|
annotations:
|
|
storageclass.kubernetes.io/is-default-class: "false"
|
|
name: proxmox-csi
|
|
allowVolumeExpansion: true
|
|
parameters:
|
|
csi.storage.k8s.io/fstype: ext4
|
|
storage: local-lvm
|
|
provisioner: csi.proxmox.sinextra.dev
|
|
reclaimPolicy: Delete
|
|
volumeBindingMode: WaitForFirstConsumer
|
|
EOF
|
|
```
|
|
|
|
## деплоим тестовый PVC
|
|
|
|
```bash
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: test-pvc
|
|
spec:
|
|
storageClassName: proxmox-csi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
EOF
|
|
```
|
|
|
|
## деплоим тестовый под
|
|
|
|
```bash
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: test-pod
|
|
spec:
|
|
containers:
|
|
- name: test-container
|
|
image: nginx
|
|
volumeMounts:
|
|
- name: test-volume
|
|
mountPath: /data
|
|
volumes:
|
|
- name: test-volume
|
|
persistentVolumeClaim:
|
|
claimName: test-pvc
|
|
EOF
|
|
```
|