qnap-dev/QNAP-CSI-PlugIn
TS-230 で Kubernetes CSI をやる公式っぽいCSI
https://www.qnap.com/solution/virtualization/ja-jp/ からリンクがあるので多分公式
https://github.com/qnap-dev/QNAP-CSI-PlugIn
QTS 5系 (Linux kernel 5系) で動くらしい
直接PVCを作るとQNAP上のLUNが作成されるのでアーキテクチャがシンプルで良い
しかしtridentってNetAppのもののはずなんだよなあ ( https://github.com/NetApp/trident )
検証時点: https://github.com/qnap-dev/QNAP-CSI-PlugIn/commit/72ab65fcb3b69c00febb0b1a569c0c0e6f2e9dc2
やる
4. Verify that your NAS has created a storage pool and iSCSI service is enabled.
- To check storage pools on your NAS, open Storage & Snapshots and go to Storage > Storage/Snapshots.
- To check iSCSI service on your NAS, open iSCSI & Fibre Channel and verify that the toggle button is on.
code:bash
$ git clone https://github.com/qnap-dev/QNAP-CSI-PlugIn.git
Overview
とりあえずtrident-operatorをデプロイ
backend_sample.json でバックエンドをデプロイ
Sample/StorageClass/sc.yaml でstorageclassをデプロイ
code:bash
# READMEどおり
$ helm install qnap-trident ./Helm/trident -n trident --create-namespace
# ダメそうな雰囲気を出し始める
$ kubectl logs -n trident trident-operator-xxx
(snip)
time="2024-04-15T13:23:07Z" level=error msg="found unsupported configuration, needs manual intervention to fix the issue;error syncing 'trident': unsupported configuration; Operator cannot proceed with the installation due to alpha snapshot CRDs volumesnapshots.snapshot.storage.k8s.io volumesnapshotclasses.snapshot.storage.k8s.io volumesnapshotcontents.snapshot.storage.k8s.io; run tridentctl obliviate alpha-snapshot-crd to remove previous kubernetes snapshot CRDs; for details, please refer to Trident's online documentation, not requeuing"
(snip)
# とりあえずやってみる
$ ./bin/tridentctl obliviate alpha-snapshot-crd
WARN0000 Could not get all server resources. error="unable to retrieve the complete list of server APIs: webhook.cert-manager.io/v1beta1: the server is currently unable to handle the request" requestID=0726ef65-33e8-4f71-bcee-7db7e6f868b1 requestSource=Unknown workflow="k8s_client=trace_api"
INFO0000 CRD deleted after removing finalizers. CRD=volumesnapshotclasses.snapshot.storage.k8s.io
INFO0000 CRD deleted after removing finalizers. CRD=volumesnapshotcontents.snapshot.storage.k8s.io
INFO0000 CRD deleted. CRD=volumesnapshots.snapshot.storage.k8s.io
helmでCRD入れたはずなのに、なぜ??
待ってたら trident-csi コンテナが上がってきた
code:bash
$ kubectl get pod -n trident
NAME READY STATUS RESTARTS AGE
trident-controller-7c885fbf49-mtnlg 6/6 Running 0 21m
trident-node-linux-mk7x6 2/2 Running 0 21m
trident-operator-7cb7ccc9bf-hvllt 1/1 Running 0 41m
backendを追加する
code:bash
$ cat backend_sample.json
{
"version": 1,
"storageDriverName": "qnap-iscsi",
"backendName": "xxxx",
"storageAddress": "xxxxxx",
"username": "admin",
"password": "PASSWORD",
"debugTraceFlags": {"method":true},
"storage": [
{
"labels": {"storage": "renjo"},
"serviceLevel": "Any"
}
]
}
$ ./bin/tridentctl create backend -f backend_sample.json -n trident
$ ./bin/tridentctl get backend -n trident
+-------+----------------+--------------------------------------+--------+---------+
| NAME | STORAGE DRIVER | UUID | STATE | VOLUMES |
+-------+----------------+--------------------------------------+--------+---------+
| xxxx | qnap-iscsi | 4e25fa25-4cbf-4e11-9a9f-04b562eab4cf | online | 0 |
+-------+----------------+--------------------------------------+--------+---------+
$ cat Samples/StorageClass/sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: trident-basic
provisioner: csi.trident.qnap.io
allowVolumeExpansion: true
ためしに作る
code:bash
$ cat Samples/Volumes/pvc-basic.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-basic
annotations:
# thin allocate & threshold is customized
trident.qnap.io/threshold: "90"
trident.qnap.io/ThinAllocate: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: trident-basic
$ kubectl apply -f Samples/Volumes/pvc-basic.yaml
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
pvc-basic Bound pvc-46167d66-cbd5-44bc-87ef-989871cc4058 5Gi RWO trident-basic 18m
できた
TS-230 のWebUIから確認すると 「iSCSI & ファイバーチャネル」で5GBのシンLUNが出来ていることを確認
その後cybozu-go/mocoをデプロイしようとしたら上手くいかない、ということで調べていた
code:bash
$ kubectl logs -n middleware moco-yellow-coral-0 moco-init
mysqld: Can't create directory '/var/lib/mysql/data/' (OS errno 13 - Permission denied)
2024-04-20T14:54:22.706845Z 0 System MY-013169 Server /usr/local/mysql/bin/mysqld (mysqld 8.0.34) initializing of server in progress as process 10
2024-04-20T14:54:22.801599Z 0 ERROR MY-013236 Server The designated data directory /var/lib/mysql/data/ is unusable. You can remove all files that the server added to it.
2024-04-20T14:54:22.801668Z 0 ERROR MY-010119 Server Aborting
2024-04-20T14:54:22.801927Z 0 System MY-010910 Server /usr/local/mysql/bin/mysqld: Shutdown complete (mysqld 8.0.34) Source distribution.
exit status 1
Error: exit status 1
KubernetesはPodTemplate.spec.securityContext.fsGroupを設定することで、外部ディスクをマウントする際に権限を変更することができる。mocoはDockerfile上でrootユーザを利用しないように設定されているので合わせる必要がある。
ただ設定入っているのにうまくできないなあと思って調べていたが、どうもfsTypeがext4のときはダメでxfsのときはfsGroupがちゃんと切り替わるっぽい。のでStorageClasを変更してxfsでマウントされるようにしておく
code:bash
$ cat sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: trident-basic
provisioner: csi.trident.qnap.io
allowVolumeExpansion: true
parameters:
fsType: xfs
これで無事動いた