部署DBFS CSI插件

索引

• 前提条件

• 步骤一：RAM授权

• 步骤二：部署CSI插件

• 相关文档

前提条件

• 已创建Kubernetes托管版集群

• 已通过kubectl工具连接集群

步骤一：RAM授权

1. 创建RAM自定义权限策略csi-dbfs-mininal，包含CSI需要的最小DBFS权限集合。具体操作，请参见创建自定义权限策略。

   重要

   使用创建自定义权限策略中的通过脚本编辑模式创建自定义权限策略，并输入如下的权限策略内容。

   {
     "Version": "1",
     "Statement": [
       {
         "Effect": "Allow",
         "Action": [
           "dbfs:CreateDbfs",
           "dbfs:DetachDbfs",
           "dbfs:DeleteDbfs",
           "dbfs:AttachDbfs",
           "dbfs:GetDbfs",
           "dbfs:ResizeDbfs",
           "dbfs:CreateServiceLinkedRole"
         ],
         "Resource": "*"
       }
     ]
   }

2. 为ACK集群的Worker RAM角色新增授权。

   1. 登录容器服务管理控制台，在左侧导航栏选择集群。

   2. 在集群列表页面，单击目标集群名称，然后在左侧导航栏，选择集群信息。

   3. 在集群信息页面，单击集群资源页签，然后单击Worker RAM 角色右侧的链接，跳转至RAM控制台。

   4. 在角色页面的权限管理页签，单击新增授权，在选择权限区域的自定义策略页签，选择上一步已创建的自定义权限策略csi-dbfs-mininal。

   5. 单击确定，然后单击完成。

步骤二：部署CSI插件

1. 使用以下YAML内容，创建dbfs-csi.yaml文件，包含Provisioner和Plugin组件。

   请将以下代码中的镜像地域替换为您集群所在的地域。

   展开查看dbfs-csi.yaml文件

   apiVersion: storage.k8s.io/v1
   kind: CSIDriver
   metadata:
     name: dbfsplugin.csi.alibabacloud.com
   spec:
     attachRequired: true
     podInfoOnMount: true
   
   ---
   apiVersion: apps/v1
   kind: DaemonSet
   metadata:
     labels:
       app: csi-dbfs-plugin
     name: csi-dbfs-plugin
     namespace: kube-system
   spec:
     selector:
       matchLabels:
         app: csi-dbfs-plugin
     template:
       metadata:
         labels:
           app: csi-dbfs-plugin
       spec:
         affinity:
           nodeAffinity:
             requiredDuringSchedulingIgnoredDuringExecution:
               nodeSelectorTerms:
               - matchExpressions:
                 - key: type
                   operator: NotIn
                   values:
                   - virtual-kubelet
         containers:
         - args:
           - --v=5
           - --csi-address=/var/lib/kubelet/csi-plugins/dbfsplugin.csi.alibabacloud.com/csi.sock
           - --kubelet-registration-path=/var/lib/kubelet/csi-plugins/dbfsplugin.csi.alibabacloud.com/csi.sock
           image: registry.cn-hangzhou.aliyuncs.com/acs/csi-node-driver-registrar:v2.3.1-038aeb6-aliyun
           imagePullPolicy: Always
           name: dbfs-driver-registrar
           volumeMounts:
           - mountPath: /var/lib/kubelet
             name: kubelet-dir
           - mountPath: /registration
             name: registration-dir
         - args:
           - --endpoint=$(CSI_ENDPOINT)
           - --v=2
           - --driver=dbfsplugin.csi.alibabacloud.com
           env:
           - name: KUBE_NODE_NAME
             valueFrom:
               fieldRef:
                 apiVersion: v1
                 fieldPath: spec.nodeName
           - name: CSI_ENDPOINT
             value: unix://var/lib/kubelet/csi-plugins/dbfsplugin.csi.alibabacloud.com/csi.sock
           - name: MAX_VOLUMES_PERNODE
             value: "15"
           - name: SERVICE_TYPE
             value: plugin
           - name: SERVICE_PORT
             value: "11280"
           image: registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/csi-plugin:v1.24.11-5221f79-aliyun
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 5
             httpGet:
               path: /healthz
               port: healthz
               scheme: HTTP
             initialDelaySeconds: 10
             periodSeconds: 30
             successThreshold: 1
             timeoutSeconds: 5
           name: csi-plugin
           ports:
           - containerPort: 11280
             hostPort: 11280
             name: healthz
             protocol: TCP
           securityContext:
             allowPrivilegeEscalation: true
             capabilities:
               add:
               - SYS_ADMIN
             privileged: true
           volumeMounts:
           - mountPath: /var/lib/kubelet/
             mountPropagation: Bidirectional
             name: kubelet-dir
           - mountPath: /host/etc
             name: etc
           - mountPath: /var/log/
             name: host-log
           - mountPath: /var/lib/container
             mountPropagation: Bidirectional
             name: container-dir
           - mountPath: /mnt/dbfs
             mountPropagation: HostToContainer
             name: dbfs
           - mountPath: /opt/dbfs
             mountPropagation: HostToContainer
             name: dbfs-config
         hostNetwork: true
         hostPID: true
         nodeSelector:
           kubernetes.io/os: linux
         serviceAccount: admin
         serviceAccountName: admin
         tolerations:
         - operator: Exists
         volumes:
         - hostPath:
             path: /opt/dbfs
             type: DirectoryOrCreate
           name: dbfs-config
         - hostPath:
             path: /var/lib/kubelet/plugins_registry
             type: DirectoryOrCreate
           name: registration-dir
         - hostPath:
             path: /var/lib/container
             type: DirectoryOrCreate
           name: container-dir
         - hostPath:
             path: /var/lib/kubelet
             type: Directory
           name: kubelet-dir
         - hostPath:
             path: /mnt/dbfs
             type: ""
           name: dbfs
         - hostPath:
             path: /var/log/
             type: ""
           name: host-log
         - hostPath:
             path: /etc
             type: ""
           name: etc
     updateStrategy:
       rollingUpdate:
         maxUnavailable: 10%
       type: RollingUpdate
   
   ---
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app: csi-dbfs-provisioner
     name: csi-dbfs-provisioner
     namespace: kube-system
   spec:
     replicas: 1
     selector:
       matchLabels:
         app: csi-dbfs-provisioner
     strategy:
       rollingUpdate:
         maxSurge: 25%
         maxUnavailable: 25%
       type: RollingUpdate
     template:
       metadata:
         labels:
           app: csi-dbfs-provisioner
       spec:
         affinity:
           nodeAffinity:
             preferredDuringSchedulingIgnoredDuringExecution:
             - preference:
                 matchExpressions:
                 - key: node-role.kubernetes.io/master
                   operator: Exists
               weight: 1
             requiredDuringSchedulingIgnoredDuringExecution:
               nodeSelectorTerms:
               - matchExpressions:
                 - key: type
                   operator: NotIn
                   values:
                   - virtual-kubelet
         containers:
         - args:
           - --provisioner=dbfsplugin.csi.alibabacloud.com
           - --csi-address=$(ADDRESS)
           - --feature-gates=Topology=True
           - --volume-name-prefix=dbfs
           - --strict-topology=true
           - --timeout=150s
           - --enable-leader-election=true
           - --leader-election-type=leases
           - --retry-interval-start=500ms
           - --v=5
           env:
           - name: ADDRESS
             value: /var/lib/kubelet/csi-provisioner/dbfsplugin.csi.alibabacloud.com/csi.sock
           image: registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/csi-provisioner:v3.0.0-080f01e64-aliyun
           imagePullPolicy: Always
           name: external-dbfs-provisioner
           volumeMounts:
           - mountPath: /var/lib/kubelet/csi-provisioner/dbfsplugin.csi.alibabacloud.com
             name: dbfs-provisioner-dir
         - args:
           - --v=5
           - --csi-address=$(ADDRESS)
           - --leader-election=true
           env:
           - name: ADDRESS
             value: /var/lib/kubelet/csi-provisioner/dbfsplugin.csi.alibabacloud.com/csi.sock
           image: registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/csi-attacher:v3.3-72dd428b-aliyun
           imagePullPolicy: Always
           name: external-dbfs-attacher
           volumeMounts:
           - mountPath: /var/lib/kubelet/csi-provisioner/dbfsplugin.csi.alibabacloud.com
             name: dbfs-provisioner-dir
         - args:
           - --v=5
           - --csi-address=$(ADDRESS)
           - --leader-election
           env:
           - name: ADDRESS
             value: /var/lib/kubelet/csi-provisioner/dbfsplugin.csi.alibabacloud.com/csi.sock
           image: registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/csi-resizer:v1.3-ca84e84-aliyun
           imagePullPolicy: Always
           name: external-dbfs-resizer
           volumeMounts:
           - mountPath: /var/lib/kubelet/csi-provisioner/dbfsplugin.csi.alibabacloud.com
             name: dbfs-provisioner-dir
         - args:
           - --endpoint=$(CSI_ENDPOINT)
           - --v=2
           - --driver=dbfsplugin.csi.alibabacloud.com
           env:
           - name: CSI_ENDPOINT
             value: unix://var/lib/kubelet/csi-provisioner/dbfsplugin.csi.alibabacloud.com/csi.sock
           - name: MAX_VOLUMES_PERNODE
             value: "15"
           - name: ACCESS_KEY_ID
           - name: ACCESS_KEY_SECRET
           - name: SERVICE_TYPE
             value: provisioner
           - name: SERVICE_PORT
             value: "11290"
           image: registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/csi-plugin:v1.24.11-5221f79-aliyun
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 5
             httpGet:
               path: /healthz
               port: healthz
               scheme: HTTP
             initialDelaySeconds: 10
             periodSeconds: 60
             successThreshold: 1
             timeoutSeconds: 5
           name: csi-provisioner
           ports:
           - containerPort: 11290
             hostPort: 11290
             name: healthz
             protocol: TCP
           resources:
             limits:
               cpu: "1"
               memory: 1000Mi
             requests:
               cpu: 100m
               memory: 100Mi
           securityContext:
             allowPrivilegeEscalation: true
             capabilities:
               add:
               - SYS_ADMIN
             privileged: true
           volumeMounts:
           - mountPath: /var/log/
             name: host-log
           - mountPath: /host/etc
             name: etc
           - mountPath: /var/lib/kubelet/csi-provisioner/dbfsplugin.csi.alibabacloud.com
             name: dbfs-provisioner-dir
         dnsPolicy: ClusterFirst
         hostNetwork: true
         restartPolicy: Always
         serviceAccount: admin
         serviceAccountName: admin
         tolerations:
         - effect: NoSchedule
           key: node-role.kubernetes.io/master
           operator: Exists
         - effect: NoSchedule
           key: node.cloudprovider.kubernetes.io/uninitialized
           operator: Exists
         volumes:
         - emptyDir: {}
           name: dbfs-provisioner-dir
         - hostPath:
             path: /var/log/
             type: ""
           name: host-log
         - hostPath:
             path: /etc
             type: ""
           name: etc

2. 执行以下命令，部署CSI插件。

   kubectl apply -f dbfs-csi.yaml

3. 执行以下命令，确认CSI部署是否成功。

   kubectl get ds,deploy,po -l 'app in (csi-dbfs-plugin, csi-dbfs-provisioner)' -n kube-system

   预期输出：

   NAME                             DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
   daemonset.apps/csi-dbfs-plugin   3         3         3       3            3           kubernetes.io/os=linux   22s
   
   NAME                                   READY   UP-TO-DATE   AVAILABLE   AGE
   deployment.apps/csi-dbfs-provisioner   1/1     1            1           22s
   
   NAME                                        READY   STATUS    RESTARTS   AGE
   pod/csi-dbfs-provisioner-789497f944-98njh   4/4			Running		0					 22s
   pod/csi-dbfs-plugin-49hhv                   2/2     Running   0          22s
   pod/csi-dbfs-plugin-6zjtv                   2/2     Running   0          22s
   ...

   预期输出表明，CSI相关的Provisioner和Plugin组件已部署成功。

相关文档

• 使用DBFS静态存储卷

• 使用DBFS动态存储卷