本繁體中文版使用機器翻譯,譯文僅供參考,若與英文版本牴觸,應以英文版本為準。
Google Cloud NetApp Volumes 後端組態選項和範例
貢獻者
建議變更
PDF
瞭解 Google Cloud NetApp Volumes 的 NFS 後端組態選項、並檢閱組態範例。
後端組態選項
每個後端都會在單一Google Cloud區域中配置磁碟區。若要在其他區域建立磁碟區、您可以定義其他後端。
| 參數 | 說明 | 預設 |
|---|---|---|
「分度」 |
永遠為1 |
|
「torageDriverName」 |
儲存驅動程式名稱 |
的值 |
「後端名稱」 |
(選用)儲存後端的自訂名稱 |
驅動程式名稱+「_」+ API金鑰的一部分 |
|
選用參數、用於指定用於建立磁碟區的儲存資源池。 |
|
「ProjectNumber」 |
Google Cloud帳戶專案編號。此值可在Google Cloud入口網站首頁找到。 |
|
位置 |
Trident 建立 GCNV Volume 的 Google Cloud 位置。建立跨區域 Kubernetes 叢集時、在中建立的磁碟區 |
|
「apiKey」 |
具有此角色的 Google Cloud 服務帳戶的 API 金鑰 |
|
「nfsMountOptions」 |
精細控制NFS掛載選項。 |
"nfsves=3" |
《限制Volume大小》 |
如果要求的磁碟區大小高於此值、則資源配置失敗。 |
""(預設不強制執行) |
《服務層級》 |
儲存池及其磁碟區的服務層級。這些值包括 |
|
網路 |
用於 GCNV Volume 的 Google Cloud 網路。 |
|
「DebugTraceFlags」 |
疑難排解時要使用的偵錯旗標。範例: |
null |
|
代表此後端所支援的區域和區域清單。如需詳細資訊、請 "使用「csi拓撲」"參閱。例如: |
Volume資源配置選項
您可以在中控制預設的Volume資源配置 defaults 組態檔的一節。
| 參數 | 說明 | 預設 |
|---|---|---|
「匯出規則」 |
新磁碟區的匯出規則。必須是以逗號分隔的任何 IPv4 位址組合清單。 |
「0.00.0.0/0」 |
「napshotDir |
存取「.snapshot」目錄 |
針對 NFSv3 的 NFSv4 "false" 為 "true" |
「快照保留區」 |
保留給快照的磁碟區百分比 |
" (接受預設值 0 ) |
「unixPermissions」 |
新磁碟區的UNIX權限(4個八進位數字)。 |
" |
組態範例
下列範例顯示基本組態、讓大部分參數保留預設值。這是定義後端最簡單的方法。
最小組態
這是絕對最低的後端組態。有了這項組態、 Trident 會探索您在設定位置中委派給 Google Cloud NetApp Volumes 的所有儲存池、並隨機將新磁碟區放在其中一個集區上。由於省略、因此 nasType nfs 會套用預設值、而後端會為 NFS 磁碟區進行資源配置。
當您剛開始使用 Google Cloud NetApp Volumes 並試用時、這項組態非常理想、但實際上您很可能需要為您所配置的 Volume 提供額外的範圍。
---
apiVersion: v1
kind: Secret
metadata:
name: backend-tbc-gcnv-secret
type: Opaque
stringData:
private_key_id: 'f2cb6ed6d7cc10c453f7d3406fc700c5df0ab9ec'
private_key: |
-----BEGIN PRIVATE KEY-----\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n
XsYg6gyxy4zq7OlwWgLwGa==\n
-----END PRIVATE KEY-----\n
---
apiVersion: trident.netapp.io/v1
kind: TridentBackendConfig
metadata:
name: backend-tbc-gcnv
spec:
version: 1
storageDriverName: google-cloud-netapp-volumes
projectNumber: '123455380079'
location: europe-west6
serviceLevel: premium
apiKey:
type: service_account
project_id: my-gcnv-project
client_email: myproject-prod@my-gcnv-project.iam.gserviceaccount.com
client_id: '103346282737811234567'
auth_uri: https://accounts.google.com/o/oauth2/auth
token_uri: https://oauth2.googleapis.com/token
auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/myproject-prod%40my-gcnv-project.iam.gserviceaccount.com
credentials:
name: backend-tbc-gcnv-secret
使用 StoragePools 篩選器進行組態
apiVersion: v1
kind: Secret
metadata:
name: backend-tbc-gcnv-secret
type: Opaque
stringData:
private_key_id: 'f2cb6ed6d7cc10c453f7d3406fc700c5df0ab9ec'
private_key: |
-----BEGIN PRIVATE KEY-----
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
XsYg6gyxy4zq7OlwWgLwGa==
-----END PRIVATE KEY-----
---
apiVersion: trident.netapp.io/v1
kind: TridentBackendConfig
metadata:
name: backend-tbc-gcnv
spec:
version: 1
storageDriverName: google-cloud-netapp-volumes
projectNumber: '123455380079'
location: europe-west6
serviceLevel: premium
storagePools:
- premium-pool1-europe-west6
- premium-pool2-europe-west6
apiKey:
type: service_account
project_id: my-gcnv-project
client_email: myproject-prod@my-gcnv-project.iam.gserviceaccount.com
client_id: '103346282737811234567'
auth_uri: https://accounts.google.com/o/oauth2/auth
token_uri: https://oauth2.googleapis.com/token
auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/myproject-prod%40my-gcnv-project.iam.gserviceaccount.com
credentials:
name: backend-tbc-gcnv-secret
虛擬集區組態
此後端組態會在單一檔案中定義多個虛擬集區。虛擬集區是在一節中定義 storage 。當您有多個儲存集區支援不同的服務層級、而且您想要在 Kubernetes 中建立代表這些層級的儲存類別時、這些功能就很有用。虛擬集區標籤用於區分集區。例如、在下面的範例中、 performance 標籤和 serviceLevel 類型是用來區分虛擬集區。
您也可以將某些預設值設定為適用於所有虛擬集區、並覆寫個別虛擬集區的預設值。在下列範例中 snapshotReserve 、並 exportRule 做為所有虛擬集區的預設值。
如需詳細資訊、請 "虛擬資源池"參閱。
---
apiVersion: v1
kind: Secret
metadata:
name: backend-tbc-gcnv-secret
type: Opaque
stringData:
private_key_id: 'f2cb6ed6d7cc10c453f7d3406fc700c5df0ab9ec'
private_key: |
-----BEGIN PRIVATE KEY-----
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m
XsYg6gyxy4zq7OlwWgLwGa==
-----END PRIVATE KEY-----
---
apiVersion: trident.netapp.io/v1
kind: TridentBackendConfig
metadata:
name: backend-tbc-gcnv
spec:
version: 1
storageDriverName: google-cloud-netapp-volumes
projectNumber: '123455380079'
location: europe-west6
apiKey:
type: service_account
project_id: my-gcnv-project
client_email: myproject-prod@my-gcnv-project.iam.gserviceaccount.com
client_id: '103346282737811234567'
auth_uri: https://accounts.google.com/o/oauth2/auth
token_uri: https://oauth2.googleapis.com/token
auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/myproject-prod%40my-gcnv-project.iam.gserviceaccount.com
credentials:
name: backend-tbc-gcnv-secret
defaults:
snapshotReserve: '10'
exportRule: 10.0.0.0/24
storage:
- labels:
performance: extreme
serviceLevel: extreme
defaults:
snapshotReserve: '5'
exportRule: 0.0.0.0/0
- labels:
performance: premium
serviceLevel: premium
- labels:
performance: standard
serviceLevel: standard
GKE 的雲端身分識別
apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: backend-tbc-gcp-gcnv spec: version: 1 storageDriverName: google-cloud-netapp-volumes projectNumber: '012345678901' network: gcnv-network location: us-west2 serviceLevel: Premium storagePool: pool-premium1
支援的拓撲組態
Trident 可根據地區和可用性區域、為工作負載提供更多資源。 `supportedTopologies`此後端組態中的區塊用於提供每個後端的區域和區域清單。此處指定的區域和區域值必須符合每個 Kubernetes 叢集節點上標籤的區域和區域值。這些區域和區域代表可在儲存類別中提供的允許值清單。對於包含後端所提供區域和區域子集的儲存類別、 Trident 會在所述區域和區域中建立磁碟區。如需詳細資訊、請 "使用「csi拓撲」"參閱。
--- version: 1 storageDriverName: google-cloud-netapp-volumes subscriptionID: 9f87c765-4774-fake-ae98-a721add45451 tenantID: 68e4f836-edc1-fake-bff9-b2d865ee56cf clientID: dd043f63-bf8e-fake-8076-8de91e5713aa clientSecret: SECRET location: asia-east1 serviceLevel: flex supportedTopologies: - topology.kubernetes.io/region: asia-east1 topology.kubernetes.io/zone: asia-east1-a - topology.kubernetes.io/region: asia-east1 topology.kubernetes.io/zone: asia-east1-b
接下來呢?
建立後端組態檔之後、請執行下列命令:
kubectl create -f <backend-file>
若要確認後端已成功建立、請執行下列命令:
kubectl get tridentbackendconfig NAME BACKEND NAME BACKEND UUID PHASE STATUS backend-tbc-gcnv backend-tbc-gcnv b2fd1ff9-b234-477e-88fd-713913294f65 Bound Success
如果後端建立失敗、表示後端組態有問題。您可以使用命令來描述後端 kubectl get tridentbackendconfig <backend-name> 、或是執行下列命令來檢視記錄以判斷原因:
tridentctl logs
識別並修正組態檔的問題之後、您可以刪除後端、然後再次執行 create 命令。
更多範例
儲存類別定義範例
以下是上述後端的基本 StorageClass 定義。
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: gcnv-nfs-sc provisioner: csi.trident.netapp.io parameters: backendType: "google-cloud-netapp-volumes"
-
使用欄位的範例定義
parameter.selector: *
使用、 parameter.selector 您可以為用於裝載 Volume 的每個指定 StorageClass "虛擬集區" 。該磁碟區會在所選的資源池中定義各個層面。
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: extreme-sc provisioner: csi.trident.netapp.io parameters: selector: "performance=extreme" backendType: "google-cloud-netapp-volumes" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: premium-sc provisioner: csi.trident.netapp.io parameters: selector: "performance=premium" backendType: "google-cloud-netapp-volumes" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: standard-sc provisioner: csi.trident.netapp.io parameters: selector: "performance=standard" backendType: "google-cloud-netapp-volumes"
如需儲存類別的詳細資訊、請 "建立儲存類別"參閱。
PVC 定義範例
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gcnv-nfs-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
storageClassName: gcnv-nfs-sc
若要驗證 PVC 是否受限、請執行下列命令:
kubectl get pvc gcnv-nfs-pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE gcnv-nfs-pvc Bound pvc-b00f2414-e229-40e6-9b16-ee03eb79a213 100Gi RWX gcnv-nfs-sc 1m