# CephFS

## 安装依赖组件
    yum install ceph-common
    
## 获取 admin 秘钥
    ceph auth get-key client.admin | base64
    
## 创建密钥
    apiVersion: v1
    kind: Secret
    metadata:
      name: ceph-admin-secret
      namespace: kube-system
    data:
      key: "QVFDaE1lZGRvVDVwTGhBQXNCajN1OXhzaE9rdlhjY2hsbUJXL3c9PQ=="
      
## 创建命名空间
    apiVersion: v1
    kind: Namespace
    metadata:
       name: cephfs
       labels:
         name: cephfs
         
## 服务账号
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: cephfs-provisioner
    namespace: cephfs
    
## 角色
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      name: cephfs-provisioner
      namespace: cephfs
    rules:
      - apiGroups: [""]
        resources: ["secrets"]
        verbs: ["create", "get", "delete"]
      - apiGroups: [""]
        resources: ["endpoints"]
        verbs: ["get", "list", "watch", "create", "update", "patch"]
        
## 集群角色
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: cephfs-provisioner
      namespace: cephfs
    rules:
      - apiGroups: [""]
        resources: ["persistentvolumes"]
        verbs: ["get", "list", "watch", "create", "delete"]
      - apiGroups: [""]
        resources: ["persistentvolumeclaims"]
        verbs: ["get", "list", "watch", "update"]
      - apiGroups: ["storage.k8s.io"]
        resources: ["storageclasses"]
        verbs: ["get", "list", "watch"]
      - apiGroups: [""]
        resources: ["events"]
        verbs: ["create", "update", "patch"]
      - apiGroups: [""]
        resources: ["services"]
        resourceNames: ["kube-dns","coredns"]
        verbs: ["list", "get"]
      - apiGroups: [""]
        resources: ["secrets"]
        verbs: ["get", "create", "delete"]
      - apiGroups: ["policy"]
        resourceNames: ["cephfs-provisioner"]
        resources: ["podsecuritypolicies"]
        verbs: ["use"]
        
## 绑定角色
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: cephfs-provisioner
      namespace: cephfs
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: cephfs-provisioner
    subjects:
    - kind: ServiceAccount
      name: cephfs-provisioner
      
    ---
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: cephfs-provisioner
    subjects:
      - kind: ServiceAccount
        name: cephfs-provisioner
        namespace: cephfs
    roleRef:
      kind: ClusterRole
      name: cephfs-provisioner
      apiGroup: rbac.authorization.k8s.io
      
## 创建cephfs提供者
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: cephfs-provisioner
      namespace: cephfs
    spec:
      replicas: 1
      strategy:
        type: Recreate
      template:
        metadata:
          labels:
            app: cephfs-provisioner
        spec:
          containers:
          - name: cephfs-provisioner
            image: "mlamp1191/cephfs-provisioner:latest"
            env:
            - name: PROVISIONER_NAME
              value: mininglamp.com/cephfs
            command:
            - "/usr/local/bin/cephfs-provisioner"
            args:
            - "-id=cephfs-provisioner-1"
            - "-disable-ceph-namespace-isolation=true"
          serviceAccount: cephfs-provisioner
          
## 创建StorageClass
    kind: StorageClass
    apiVersion: storage.k8s.io/v1
    metadata:
      name: cephfs
    provisioner: mininglamp.com/cephfs
    parameters:
        monitors: 192.168.206.101:6789,192.168.206.102:6789,192.168.206.103:6789
        adminId: admin
        adminSecretName: ceph-admin-secret
        adminSecretNamespace: "kube-system"
        claimRoot: /volumes/k8s
        
## 验证
    参考nfs   apps/mongo集群.md