动态供给 on Liangweidong's bloghttps://liangweidonggood.github.io/tags/%E5%8A%A8%E6%80%81%E4%BE%9B%E7%BB%99/Recent content in 动态供给 on Liangweidong's blogHugo -- gohugo.iozh-cnTue, 15 Nov 2016 00:00:00 +0800NFS 存储实战:单节点 + Keepalived 双机热备 + nfs-subdir 动态供给https://liangweidonggood.github.io/p/k8s-nfs-cunchu-shizhan-danjiedian-keepalived-shuangjirebei/Tue, 15 Nov 2016 00:00:00 +0800https://liangweidonggood.github.io/p/k8s-nfs-cunchu-shizhan-danjiedian-keepalived-shuangjirebei/<img src="https://liangweidonggood.github.io/p/k8s-nfs-cunchu-shizhan-danjiedian-keepalived-shuangjirebei/image/cover.jpg" alt="Featured image of post NFS 存储实战:单节点 + Keepalived 双机热备 + nfs-subdir 动态供给" /><h2 id="为什么-nfs-在-k8s-时代还有用">为什么 NFS 在 K8s 时代还有用 </h2><p>很多人觉得 K8s 时代应该用 Rook-Ceph / Longhorn 这类&quot;云原生存储&quot;,NFS 是&quot;老古董&quot;。但实际上:</p> <ul> <li><strong>NFS 在 RWX 场景</strong>(多个 Pod 同时读写同一份数据)依然是最稳的</li> <li><strong>NFS + nfs-subdir-external-provisioner</strong> 是 K8s 动态 PV 的&quot;最短路径&quot;——5 分钟搞定一个 StorageClass</li> <li><strong>NFS + Keepalived + rsync</strong> 组成&quot;穷人版&quot;高可用,<strong>不需要 3 副本</strong>,单机故障 30 秒恢复</li> <li>在国产化、私有化场景,NFS 是&quot;无 Ceph 也能跑&quot;的兜底方案</li> </ul> <blockquote> <p>适用版本:NFS 4.1 / nfs-subdir-external-provisioner 4.0.18 / Ubuntu 22.04</p> </blockquote> <hr> <h2 id="1-单节点-nfs-服务">1. 单节点 NFS 服务 </h2><h3 id="11-安装服务端">1.1 安装服务端 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">apt install -y nfs-kernel-server </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 验证</span> </span></span><span class="line"><span class="cl">systemctl is-enabled nfs-server </span></span><span class="line"><span class="cl">systemctl status nfs-server </span></span><span class="line"><span class="cl">cat /proc/fs/nfsd/versions </span></span><span class="line"><span class="cl"><span class="c1"># +3 +4 +4.1 +4.2</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="12-共享目录">1.2 共享目录 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">mkdir -p /home/nfs </span></span><span class="line"><span class="cl">chown -R nobody:nogroup /home/nfs </span></span><span class="line"><span class="cl">chmod <span class="m">777</span> /home/nfs </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">mkdir -p /nfs </span></span><span class="line"><span class="cl">chown -R nobody:nogroup /nfs </span></span><span class="line"><span class="cl">chmod <span class="m">777</span> /nfs </span></span></code></pre></td></tr></table> </div> </div><h3 id="13-配置-etcexports">1.3 配置 /etc/exports </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;/home/nfs *(rw,sync,no_root_squash,no_subtree_check)&#34;</span> &gt;&gt; /etc/exports </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;/nfs *(rw,sync,no_root_squash,no_subtree_check)&#34;</span> &gt;&gt; /etc/exports </span></span></code></pre></td></tr></table> </div> </div><p>参数解释:</p> <ul> <li><code>*</code>:所有网段可访问(生产应换成具体子网)</li> <li><code>rw</code>:读写</li> <li><code>sync</code>:同步写入内存和硬盘</li> <li><code>no_root_squash</code>:root 用户保留权限</li> <li><code>no_subtree_check</code>:不检查父目录权限</li> </ul> <p>应用:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">exportfs -a </span></span><span class="line"><span class="cl">systemctl restart nfs-server </span></span><span class="line"><span class="cl">exportfs -v </span></span><span class="line"><span class="cl">showmount -e </span></span></code></pre></td></tr></table> </div> </div><h3 id="14-所有节点安装客户端">1.4 所有节点安装客户端 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">apt install -y nfs-common </span></span><span class="line"><span class="cl">showmount -e &lt;nfs-server-ip&gt; </span></span><span class="line"><span class="cl"><span class="c1"># Export list for &lt;nfs-server-ip&gt;:</span> </span></span><span class="line"><span class="cl"><span class="c1"># /home/nfs *</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="15-客户端挂载测试">1.5 客户端挂载测试 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">mount -t nfs &lt;nfs-server-ip&gt;:/home/nfs /mnt </span></span><span class="line"><span class="cl">df -h </span></span><span class="line"><span class="cl">umount /mnt </span></span></code></pre></td></tr></table> </div> </div><h3 id="16-客户端常见挂不上">1.6 客户端常见挂不上 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 一些机器 mount 失败:mount.nfs: Connection timed out</span> </span></span><span class="line"><span class="cl"><span class="c1"># 解决:</span> </span></span><span class="line"><span class="cl">mount -t nfs -o <span class="nv">vers</span><span class="o">=</span>3,nolock,proto<span class="o">=</span>tcp &lt;nfs-server-ip&gt;:/nfs /mnt/nfs </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># K8s 上修改 StorageClass</span> </span></span><span class="line"><span class="cl">kubectl edit storageclass nfs-client </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">mountOptions: </span></span><span class="line"><span class="cl"> - <span class="nv">vers</span><span class="o">=</span><span class="m">3</span> </span></span><span class="line"><span class="cl"> - nolock </span></span><span class="line"><span class="cl"> - <span class="nv">proto</span><span class="o">=</span>tcp </span></span></code></pre></td></tr></table> </div> </div><hr> <h2 id="2-k8s-中使用-nfs-存储">2. K8s 中使用 NFS 存储 </h2><h3 id="21-直接在-pod-中引用-nfs">2.1 直接在 Pod 中引用 NFS </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">metadata</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">redis</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">spec</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">redis</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">redis</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">redis</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">redis</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">env</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">ALLOW_EMPTY_PASSWORD</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s2">&#34;yes&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">redis-persistent-storage</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/data</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">redis-persistent-storage</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nfs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/home/nfs</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="l">&lt;nfs-server-ip&gt;</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="22-静态-pv--pvc">2.2 静态 PV + PVC </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">PersistentVolume</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">metadata</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nfs-pv</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">go</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">spec</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">capacity</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="l">2Gi</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMode</span><span class="p">:</span><span class="w"> </span><span class="l">Filesystem</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">accessModes</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ReadWriteMany</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">persistentVolumeReclaimPolicy</span><span class="p">:</span><span class="w"> </span><span class="l">Recycle</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storageClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nfs</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountOptions</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">hard</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">nfsvers=4.1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nfs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/nfs</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="l">&lt;nfs-server-ip&gt;</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">PersistentVolumeClaim</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">metadata</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nfs-pvc</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">go</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">spec</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storageClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nfs</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">accessModes</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ReadWriteMany</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="l">2Gi</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><p>PV 卡在 Terminating 时的强删:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl patch pv nfs-pv -p <span class="s1">&#39;{&#34;metadata&#34;:{&#34;finalizers&#34;:null}}&#39;</span> -n go </span></span></code></pre></td></tr></table> </div> </div><h3 id="23-动态-storageclass推荐">2.3 动态 StorageClass(推荐) </h3><p><strong>nfs-subdir-external-provisioner</strong> 是 NFS 动态供给的标配——它会监听 PVC 自动在 NFS 上创建子目录。</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nb">cd</span> /data/softs </span></span><span class="line"><span class="cl">tar -xvf nfs-subdir-external-provisioner-4.0.18.tgz </span></span><span class="line"><span class="cl">mv nfs-subdir-external-provisioner /data/k8scnf/nfs/ </span></span><span class="line"><span class="cl"><span class="nb">cd</span> /data/k8scnf/nfs/nfs-subdir-external-provisioner/ </span></span></code></pre></td></tr></table> </div> </div><p>修改 <code>values.yaml</code>:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">repository</span><span class="p">:</span><span class="w"> </span><span class="l">registry.cn-shenzhen.aliyuncs.com/atomic/nfs-subdir-external-provisioner</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">nfs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="l">&lt;nfs-server-ip&gt;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/home/nfs</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><p>安装:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl create namespace nfs </span></span><span class="line"><span class="cl">helm install nfs-subdir-external-provisioner . -n nfs </span></span></code></pre></td></tr></table> </div> </div><p>设置默认 StorageClass:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl patch storageclass nfs-client -p <span class="s1">&#39;{&#34;metadata&#34;: {&#34;annotations&#34;:{&#34;storageclass.kubernetes.io/is-default-class&#34;:&#34;true&#34;}}}&#39;</span> </span></span></code></pre></td></tr></table> </div> </div><p>卸载:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">helm uninstall nfs-subdir-external-provisioner -n nfs </span></span><span class="line"><span class="cl">kubectl delete namespace nfs </span></span><span class="line"><span class="cl">kubectl delete serviceaccount nfs-client-provisioner -n nfs </span></span><span class="line"><span class="cl">kubectl delete clusterrolebinding run-nfs-subdir-external-provisioner </span></span><span class="line"><span class="cl">kubectl delete role/leader-locking-nfs-subdir-external-provisioner -n nfs </span></span><span class="line"><span class="cl">kubectl delete rolebinding/leader-locking-nfs-subdir-external-provisioner -n nfs </span></span><span class="line"><span class="cl">kubectl delete storageclass nfs-client </span></span></code></pre></td></tr></table> </div> </div><h3 id="24-测试动态-pv">2.4 测试动态 PV </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span><span class="lnt">40 </span><span class="lnt">41 </span><span class="lnt">42 </span><span class="lnt">43 </span><span class="lnt">44 </span><span class="lnt">45 </span><span class="lnt">46 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">cat &lt;&lt; <span class="s2">&#34;EOF&#34;</span> &gt; test-claim.yaml </span></span><span class="line"><span class="cl">apiVersion: v1 </span></span><span class="line"><span class="cl">kind: PersistentVolumeClaim </span></span><span class="line"><span class="cl">metadata: </span></span><span class="line"><span class="cl"> name: test-claim </span></span><span class="line"><span class="cl"> namespace: nfs </span></span><span class="line"><span class="cl">spec: </span></span><span class="line"><span class="cl"> accessModes: </span></span><span class="line"><span class="cl"> - ReadWriteMany </span></span><span class="line"><span class="cl"> resources: </span></span><span class="line"><span class="cl"> requests: </span></span><span class="line"><span class="cl"> storage: 1Mi </span></span><span class="line"><span class="cl"> storageClassName: nfs-client </span></span><span class="line"><span class="cl">EOF </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">cat &lt;&lt; <span class="s2">&#34;EOF&#34;</span> &gt; test-pod.yaml </span></span><span class="line"><span class="cl">apiVersion: v1 </span></span><span class="line"><span class="cl">kind: Pod </span></span><span class="line"><span class="cl">metadata: </span></span><span class="line"><span class="cl"> name: test-pod </span></span><span class="line"><span class="cl"> namespace: nfs </span></span><span class="line"><span class="cl">spec: </span></span><span class="line"><span class="cl"> containers: </span></span><span class="line"><span class="cl"> - name: test-pod </span></span><span class="line"><span class="cl"> image: busybox </span></span><span class="line"><span class="cl"> command: <span class="o">[</span><span class="s2">&#34;/bin/sh&#34;</span>, <span class="s2">&#34;-c&#34;</span>, <span class="s2">&#34;echo SUCCESS &gt; /data/SUCCESS; sleep 3600&#34;</span><span class="o">]</span> </span></span><span class="line"><span class="cl"> volumeMounts: </span></span><span class="line"><span class="cl"> - name: nfs-pvc </span></span><span class="line"><span class="cl"> mountPath: /data </span></span><span class="line"><span class="cl"> volumes: </span></span><span class="line"><span class="cl"> - name: nfs-pvc </span></span><span class="line"><span class="cl"> persistentVolumeClaim: </span></span><span class="line"><span class="cl"> claimName: test-claim </span></span><span class="line"><span class="cl"> restartPolicy: Never </span></span><span class="line"><span class="cl">EOF </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">kubectl apply -f test-claim.yaml </span></span><span class="line"><span class="cl">kubectl apply -f test-pod.yaml </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 等 1 分钟后</span> </span></span><span class="line"><span class="cl">ls /nfs/nfs-test-claim-pvc-*/ </span></span><span class="line"><span class="cl"><span class="c1"># 看到 SUCCESS 文件</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">kubectl delete -f test-pod.yaml </span></span><span class="line"><span class="cl">kubectl delete -f test-claim.yaml </span></span><span class="line"><span class="cl"><span class="c1"># NFS 上的 pvc 目录自动清理</span> </span></span></code></pre></td></tr></table> </div> </div><hr> <h2 id="3-双机热备--rsynclsyncd">3. 双机热备 + rsync/lsyncd </h2><h3 id="31-架构">3.1 架构 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">┌──────────────┐ keepalived ┌──────────────┐ </span></span><span class="line"><span class="cl">│ worker4 │ ←── VRRP VIP ────→ │ worker2 │ </span></span><span class="line"><span class="cl">│ nfs-server │ &lt;10.x.x.x&gt; │ nfs-server │ </span></span><span class="line"><span class="cl">│ rsync 主 │ │ rsync 备 │ </span></span><span class="line"><span class="cl">└──────────────┘ └──────────────┘ </span></span><span class="line"><span class="cl"> ↓ ↓ </span></span><span class="line"><span class="cl"> /nfs &lt;──── lsyncd + rsync 实时同步 ────/nfs </span></span></code></pre></td></tr></table> </div> </div><h3 id="32-两台机器都装-nfs--keepalived">3.2 两台机器都装 NFS + keepalived </h3><p>两台机器都跑 NFS 服务(同一份数据),keepalived 决定哪个 IP 在线。</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 两台都执行</span> </span></span><span class="line"><span class="cl">apt install -y nfs-kernel-server </span></span><span class="line"><span class="cl">mkdir -p /nfs </span></span><span class="line"><span class="cl">chown -R nobody:nogroup /nfs </span></span><span class="line"><span class="cl">chmod <span class="m">777</span> /nfs </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;/nfs *(rw,sync,no_root_squash,no_subtree_check)&#34;</span> &gt;&gt; /etc/exports </span></span><span class="line"><span class="cl">exportfs -a </span></span><span class="line"><span class="cl">systemctl restart nfs-server </span></span></code></pre></td></tr></table> </div> </div><h3 id="33-keepalived-配置必须-nopreempt">3.3 keepalived 配置(<strong>必须 nopreempt</strong>) </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span class="line"><span class="cl"><span class="k">vrrp_instance</span> <span class="s">VI_1</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kn">state</span> <span class="s">BACKUP</span> <span class="c1"># 两台都是 BACKUP(vs master) </span></span></span><span class="line"><span class="cl"> <span class="s">interface</span> <span class="s">enp3s0</span> </span></span><span class="line"><span class="cl"> <span class="s">virtual_router_id</span> <span class="mi">111</span> </span></span><span class="line"><span class="cl"> <span class="s">priority</span> <span class="mi">100</span> <span class="c1"># worker4 设 100 </span></span></span><span class="line"><span class="cl"> <span class="s">priority</span> <span class="mi">80</span> <span class="c1"># worker2 设 80 </span></span></span><span class="line"><span class="cl"> <span class="s">advert_int</span> <span class="mi">1</span> </span></span><span class="line"><span class="cl"> <span class="s">nopreempt</span> <span class="c1"># **必须**:防止主备反复切换时数据丢失 </span></span></span><span class="line"><span class="cl"> <span class="s">authentication</span> <span class="p">{</span> <span class="kn">auth_type</span> <span class="s">PASS</span><span class="p">;</span> <span class="kn">auth_pass</span> <span class="mi">1111</span><span class="p">;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="kn">virtual_ipaddress</span> <span class="p">{</span> <span class="kn">&lt;nfs-vip&gt;</span><span class="p">;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>健康检查脚本(nfs 挂了就把 keepalived 停掉,让 VIP 漂移):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="cp">#!/bin/bash </span></span></span><span class="line"><span class="cl"><span class="nv">A</span><span class="o">=</span><span class="sb">`</span>ps -C nfsd --no-header <span class="p">|</span> wc -l<span class="sb">`</span> </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="o">[</span> <span class="nv">$A</span> -eq <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"> systemctl restart nfs-server.service </span></span><span class="line"><span class="cl"> sleep <span class="m">2</span> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="o">[</span> <span class="sb">`</span>ps -C nfsd --no-header <span class="p">|</span> wc -l<span class="sb">`</span> -eq <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"> pkill keepalived </span></span><span class="line"><span class="cl"> <span class="k">fi</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span></code></pre></td></tr></table> </div> </div> <blockquote> <p><strong>NFS 双机热备的 nfs_check.sh 比 keepalived 自身的 chk_*.sh 更重要</strong>——必须让 NFS 挂了之后主动让出 VIP,否则客户端挂载会卡死。</p> </blockquote> <h3 id="34-rsync--lsyncd-实时同步">3.4 rsync + lsyncd 实时同步 </h3><p>lsyncd 监听 inotify 事件触发 rsync 同步,是 Linux 文件实时同步的&quot;标配&quot;。</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">apt install -y rsync lsyncd </span></span><span class="line"><span class="cl">systemctl <span class="nb">enable</span> --now rsync lsyncd </span></span></code></pre></td></tr></table> </div> </div><p><strong>内核参数优化</strong>(必做,否则 inotify 句柄不够):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">sysctl -w fs.inotify.max_queued_events<span class="o">=</span><span class="s2">&#34;99999999&#34;</span> </span></span><span class="line"><span class="cl">sysctl -w fs.inotify.max_user_watches<span class="o">=</span><span class="s2">&#34;99999999&#34;</span> </span></span><span class="line"><span class="cl">sysctl -w fs.inotify.max_user_instances<span class="o">=</span><span class="s2">&#34;65535&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">cat &gt;&gt; /etc/sysctl.conf &lt;&lt; <span class="s2">&#34;EOF&#34;</span> </span></span><span class="line"><span class="cl">fs.inotify.max_queued_events<span class="o">=</span><span class="m">99999999</span> </span></span><span class="line"><span class="cl">fs.inotify.max_user_watches<span class="o">=</span><span class="m">99999999</span> </span></span><span class="line"><span class="cl">fs.inotify.max_user_instances<span class="o">=</span><span class="m">65535</span> </span></span><span class="line"><span class="cl">EOF </span></span><span class="line"><span class="cl">sysctl -p </span></span></code></pre></td></tr></table> </div> </div><p><strong>rsync 配置文件</strong>(/etc/rsyncd.conf):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"><span class="line"><span class="cl"><span class="na">log file</span> <span class="o">=</span> <span class="s">/var/log/rsyncd.log</span> </span></span><span class="line"><span class="cl"><span class="na">pid file</span> <span class="o">=</span> <span class="s">/var/run/rsyncd.pid</span> </span></span><span class="line"><span class="cl"><span class="na">lock file</span> <span class="o">=</span> <span class="s">/var/run/rsyncd.lock</span> </span></span><span class="line"><span class="cl"><span class="k">[backup]</span> </span></span><span class="line"><span class="cl"><span class="na">path</span> <span class="o">=</span> <span class="s">/nfs</span> </span></span><span class="line"><span class="cl"><span class="na">comment</span> <span class="o">=</span> <span class="s">sync nfs from client</span> </span></span><span class="line"><span class="cl"><span class="na">uid</span> <span class="o">=</span> <span class="s">root</span> </span></span><span class="line"><span class="cl"><span class="na">gid</span> <span class="o">=</span> <span class="s">root</span> </span></span><span class="line"><span class="cl"><span class="na">port</span> <span class="o">=</span> <span class="s">873</span> </span></span><span class="line"><span class="cl"><span class="na">ignore errors</span> </span></span><span class="line"><span class="cl"><span class="na">use chroot</span> <span class="o">=</span> <span class="s">no</span> </span></span><span class="line"><span class="cl"><span class="na">read only</span> <span class="o">=</span> <span class="s">no</span> </span></span><span class="line"><span class="cl"><span class="na">list</span> <span class="o">=</span> <span class="s">no</span> </span></span><span class="line"><span class="cl"><span class="na">max connections</span> <span class="o">=</span> <span class="s">200</span> </span></span><span class="line"><span class="cl"><span class="na">timeout</span> <span class="o">=</span> <span class="s">600</span> </span></span><span class="line"><span class="cl"><span class="na">auth users</span> <span class="o">=</span> <span class="s">root</span> </span></span><span class="line"><span class="cl"><span class="na">secrets file</span> <span class="o">=</span> <span class="s">/etc/rsync.password</span> </span></span><span class="line"><span class="cl"><span class="na">hosts allow</span> <span class="o">=</span> <span class="s">10.0.0.0/8</span> </span></span></code></pre></td></tr></table> </div> </div><p><strong>密码文件</strong>:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s1">&#39;root:{{NFS_RSYNC_PASSWORD}}&#39;</span> &gt; /etc/rsync.password </span></span><span class="line"><span class="cl">chmod <span class="m">600</span> /etc/rsync.password </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;{{NFS_RSYNC_PASSWORD}}&#34;</span> &gt; /etc/rsyncd.password </span></span><span class="line"><span class="cl">chmod <span class="m">600</span> /etc/rsyncd.password </span></span></code></pre></td></tr></table> </div> </div> <blockquote> <p>实际密码用占位符 <code>{{NFS_RSYNC_PASSWORD}}</code> 替代,原密码登记在 <code>_drafts/私人笔记.md</code>。</p> </blockquote> <p><strong>lsyncd 配置</strong>(worker4 把 /nfs 推到 worker2):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-lua" data-lang="lua"><span class="line"><span class="cl"><span class="n">settings</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">logfile</span> <span class="o">=</span> <span class="s2">&#34;/var/log/lsyncd/lsyncd.log&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">statusFile</span> <span class="o">=</span> <span class="s2">&#34;/var/log/lsyncd/lsyncd.status&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">inotifyMode</span> <span class="o">=</span> <span class="s2">&#34;CloseWrite&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">maxProcesses</span> <span class="o">=</span> <span class="mi">8</span><span class="p">,</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="n">sync</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">default.rsync</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">source</span> <span class="o">=</span> <span class="s2">&#34;/nfs&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">target</span> <span class="o">=</span> <span class="s2">&#34;root@&lt;worker2-ip&gt;::backup&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">delete</span> <span class="o">=</span> <span class="kc">true</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">delay</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">exclude</span> <span class="o">=</span> <span class="p">{</span><span class="s2">&#34;.*&#34;</span><span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="n">rsync</span> <span class="o">=</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">binary</span> <span class="o">=</span> <span class="s2">&#34;/usr/bin/rsync&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">archive</span> <span class="o">=</span> <span class="kc">true</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">compress</span> <span class="o">=</span> <span class="kc">false</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">verbose</span> <span class="o">=</span> <span class="kc">true</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">password_file</span> <span class="o">=</span> <span class="s2">&#34;/etc/rsyncd.password&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">_extra</span> <span class="o">=</span> <span class="p">{</span><span class="s2">&#34;--bwlimit=20000&#34;</span><span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>worker2 的配置对称——把 target 指向 worker4。</p> <h3 id="35-验证">3.5 验证 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 在 worker4 上</span> </span></span><span class="line"><span class="cl">mount -t nfs &lt;nfs-vip&gt;:/nfs /mnt </span></span><span class="line"><span class="cl"><span class="nb">cd</span> /mnt </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;test&#34;</span> &gt; test.txt </span></span><span class="line"><span class="cl"><span class="nb">cd</span> ../ </span></span><span class="line"><span class="cl">umount /mnt </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 在 worker2 上</span> </span></span><span class="line"><span class="cl">ls /nfs </span></span><span class="line"><span class="cl"><span class="c1"># 应该能看到 test.txt</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="36-模拟故障">3.6 模拟故障 </h3><ol> <li>停 worker4 keepalived → VIP 飘到 worker2</li> <li>启 worker4 keepalived(<strong>nopreempt 不会让 VIP 回来</strong>)</li> <li>停 worker2 keepalived → VIP 飘回 worker4</li> <li>内网其他机器 ping VIP 一直是通的</li> </ol> <hr> <h2 id="4-ingress-持久化日志">4. Ingress 持久化日志 </h2><p>Ingress-nginx 容器本身是无状态的,access log 默认写到 stdout(容器内)。生产场景希望 log 落盘到 NFS,方便 ELK / Loki 采集。</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">cat &lt;&lt; <span class="s2">&#34;EOF&#34;</span> &gt; /data/k8scnf/ingress-nginx/ingress-nfs.yaml </span></span><span class="line"><span class="cl">apiVersion: v1 </span></span><span class="line"><span class="cl">kind: PersistentVolumeClaim </span></span><span class="line"><span class="cl">metadata: </span></span><span class="line"><span class="cl"> name: ingress-nfs </span></span><span class="line"><span class="cl"> namespace: ingress-nginx </span></span><span class="line"><span class="cl">spec: </span></span><span class="line"><span class="cl"> accessModes: </span></span><span class="line"><span class="cl"> - ReadWriteMany </span></span><span class="line"><span class="cl"> resources: </span></span><span class="line"><span class="cl"> requests: </span></span><span class="line"><span class="cl"> storage: 10Gi </span></span><span class="line"><span class="cl"> storageClassName: nfs-client </span></span><span class="line"><span class="cl">EOF </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">kubectl apply -f /data/k8scnf/ingress-nginx/ingress-nfs.yaml </span></span></code></pre></td></tr></table> </div> </div><p>修改 ingress-nginx-controller:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl edit -n ingress-nginx DaemonSet/ingress-nginx-controller </span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">volumeMounts</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/var/log/nginx/</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">ingress-nfs</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">volumes</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">ingress-nfs</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">persistentVolumeClaim</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">claimName</span><span class="p">:</span><span class="w"> </span><span class="l">ingress-nfs</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><p>修改 ConfigMap 改变日志格式:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl edit -n ingress-nginx configmaps/ingress-nginx-controller </span></span></code></pre></td></tr></table> </div> </div><p>NFS 上自动创建 <code>default-ingress-nfs-pvc-xxx/</code> 目录,所有 ingress-controller Pod 的 access log 都会落在这里。</p> <blockquote> <p><strong>单点故障注意</strong>:NFS 本身是单点,NFS 挂了 ingress 日志会卡。生产建议加 keepalived VIP(本文方案)。</p> </blockquote> <hr> <h2 id="5-排错">5. 排错 </h2><table> <thead> <tr> <th>现象</th> <th>原因</th> <th>解决</th> </tr> </thead> <tbody> <tr> <td><code>mount.nfs: Connection timed out</code></td> <td>防火墙</td> <td>放通 2049/111/20048</td> </tr> <tr> <td><code>mount.nfs: Operation not permitted</code></td> <td>NFS 版本不匹配</td> <td>加 <code>-o vers=3,nolock,proto=tcp</code></td> </tr> <tr> <td>PVC 一直 Pending</td> <td>节点没装 nfs-common</td> <td>所有节点 <code>apt install nfs-common</code></td> </tr> <tr> <td>nfs-subdir 装不上</td> <td>helm chart 镜像拉不到</td> <td>改国内源 + push 私有 harbor</td> </tr> <tr> <td>双机热备 VIP 频繁漂移</td> <td>没设 nopreempt</td> <td>keepalived.conf 加 <code>nopreempt</code></td> </tr> <tr> <td>lsyncd 同步延迟大</td> <td>inotify 句柄不够</td> <td>调 <code>fs.inotify.*</code> 参数</td> </tr> </tbody> </table> <hr> <h2 id="6-2024-nfs-现状">6. 2024 NFS 现状 </h2><p>本文 2016 年写时 NFS 还是 K8s 动态存储的&quot;<strong>穷人首选</strong>&quot;。8 年后(2024)回望,NFS 协议本身有了 NFS 4.2、pNFS 等增强,但更重要的是<strong>生态位发生了变化</strong>——长虹、Ceph/Longhorn/OpenEBS 等云原生存储在 K8s 场景蚕食了 NFS 的份额。下面是当前状态。</p> <h3 id="61-nfs-协议本身42-与-pnfs">6.1 NFS 协议本身:4.2 与 pNFS </h3><table> <thead> <tr> <th>NFS 版本</th> <th>发布时间</th> <th>关键特性</th> <th>2024 现状</th> </tr> </thead> <tbody> <tr> <td>NFSv3</td> <td>1995</td> <td>异步写、TCP 支持</td> <td>老系统兼容仍用</td> </tr> <tr> <td>NFSv4.0</td> <td>2003</td> <td>状态化、复合操作、Kerberos</td> <td>Linux 默认</td> </tr> <tr> <td>NFSv4.1</td> <td>2010</td> <td><strong>pNFS(并行 NFS)</strong>、会话</td> <td>主流</td> </tr> <tr> <td><strong>NFSv4.2</strong></td> <td>2016</td> <td><strong>服务器端复制、稀疏文件、空间预留、应用数据块(ADBs)</strong></td> <td>2024 标配</td> </tr> </tbody> </table> <p><strong>pNFS 的核心思想</strong>:把<strong>元数据</strong>和<strong>数据通道分离</strong>——元数据服务器只管 layout,客户端直接和多个存储节点传输数据,<strong>理论上</strong>能做到并行带宽聚合(类似 CephFS 的 striping)。</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 挂载 pNFS(需要服务端支持)</span> </span></span><span class="line"><span class="cl">mount -t nfs -o <span class="nv">nfsvers</span><span class="o">=</span>4.1,minorversion<span class="o">=</span><span class="m">1</span> &lt;server&gt;:/export /mnt </span></span><span class="line"><span class="cl"><span class="c1"># 或 nfsvers=4.2 启用 4.2 特性</span> </span></span></code></pre></td></tr></table> </div> </div><p><strong>实际部署率</strong>:pNFS 在企业存储(NetApp / Dell EMC Isilon / IBM Spectrum Scale)早就支持,但<strong>Linux 内核的 pNFS client 直到 5.x 才稳定</strong>,很多 K8s 节点跑的还是 NFSv3/4.1 而不是 pNFS。</p> <h3 id="62-nfs-subdir-external-provisioner-现状">6.2 nfs-subdir-external-provisioner 现状 </h3><table> <thead> <tr> <th>版本</th> <th>时间</th> <th>状态</th> </tr> </thead> <tbody> <tr> <td>v3.x</td> <td>2019-2021</td> <td>旧 API,CSI 转换中</td> </tr> <tr> <td>v4.0.x</td> <td>2022-2023</td> <td>当时主流</td> </tr> <tr> <td><strong>v4.0.18+</strong></td> <td>2023-2024</td> <td>当前推荐</td> </tr> <tr> <td><strong>v4.0.20+</strong></td> <td>2024</td> <td>k8s 1.28+ 兼容</td> </tr> </tbody> </table> <p><strong>v4.x 关键变化</strong>:</p> <ul> <li>完全重写为 <strong>CSI(Container Storage Interface)</strong> 驱动</li> <li>支持 <strong>Kubernetes 1.25+</strong>(旧的 in-tree NFS provisioner 已废弃)</li> <li>Helm chart 改为标准 <code>oci://</code> 仓库:</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 2024 推荐装法(Helm 3.8+)</span> </span></span><span class="line"><span class="cl">helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ </span></span><span class="line"><span class="cl">helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner <span class="se">\ </span></span></span><span class="line"><span class="cl"> --set nfs.server<span class="o">=</span>&lt;nfs-server-ip&gt; <span class="se">\ </span></span></span><span class="line"><span class="cl"> --set nfs.path<span class="o">=</span>/home/nfs <span class="se">\ </span></span></span><span class="line"><span class="cl"> -n nfs-client --create-namespace </span></span></code></pre></td></tr></table> </div> </div><h3 id="63-2024-替代方案对比">6.3 2024 替代方案对比 </h3><table> <thead> <tr> <th>方案</th> <th>类型</th> <th>适用场景</th> <th>复杂度</th> <th>性能</th> <th>HA</th> </tr> </thead> <tbody> <tr> <td><strong>NFS + nfs-subdir</strong></td> <td>文件(RWX)</td> <td>中小规模、传统业务</td> <td><strong>低</strong></td> <td>中</td> <td>需 keepalived 自建</td> </tr> <tr> <td><strong>Longhorn</strong></td> <td>块(RWX via NFS)</td> <td>K8s 云原生首选</td> <td>中</td> <td>中</td> <td><strong>内置</strong></td> </tr> <tr> <td><strong>Rook-Ceph</strong></td> <td>块/文件/对象</td> <td>大规模、混合负载</td> <td><strong>高</strong></td> <td>高</td> <td>内置(多副本)</td> </tr> <tr> <td><strong>OpenEBS</strong></td> <td>块/文件</td> <td>国产化、CSI 友好</td> <td>中</td> <td>中</td> <td>可选</td> </tr> <tr> <td><strong>CubeFS</strong></td> <td>文件/对象/块</td> <td>国产云原生</td> <td>中</td> <td>高</td> <td>内置</td> </tr> <tr> <td><strong>Vitess / TiDB</strong></td> <td>数据库专用</td> <td>持久化数据库</td> <td>高</td> <td>高</td> <td>内置</td> </tr> <tr> <td><strong>Local Path / HostPath</strong></td> <td>本地盘</td> <td>单节点 / StatefulSet</td> <td>低</td> <td><strong>最高</strong></td> <td><strong>无</strong></td> </tr> <tr> <td><strong>AWS EBS / GCP PD</strong></td> <td>云盘</td> <td>云上</td> <td>低</td> <td>高</td> <td>内置</td> </tr> <tr> <td><strong>NFS CSI driver for K8s</strong></td> <td>NFS 官方版</td> <td>NFS 4.1+</td> <td>低</td> <td>中</td> <td>自建</td> </tr> </tbody> </table> <h3 id="64-2024-选型建议">6.4 2024 选型建议 </h3><table> <thead> <tr> <th>业务场景</th> <th>推荐</th> </tr> </thead> <tbody> <tr> <td><strong>CI/CD 临时构建</strong>、<strong>多 Pod 共享配置</strong></td> <td><strong>NFS + nfs-subdir</strong> 仍最优(<strong>RWX 简单</strong>)</td> </tr> <tr> <td><strong>生产数据库</strong>(MySQL / PG / Redis)</td> <td><strong>云盘 / Rook-Ceph RBD / 本地盘</strong>(<strong>RWO 性能</strong>)</td> </tr> <tr> <td><strong>AI / 大数据</strong></td> <td><strong>CephFS / Lustre / JuiceFS</strong>(高带宽)</td> </tr> <tr> <td><strong>国产化</strong></td> <td><strong>CubeFS / 浪潮 AS13000</strong></td> </tr> <tr> <td><strong>小团队 + 简单</strong></td> <td><strong>Longhorn</strong>(一键装、UI 友好)</td> </tr> <tr> <td><strong>私有化 + 信创</strong></td> <td><strong>NFS + nfs-subdir</strong>(Linux 原生 + 国产 OS 兼容)</td> </tr> </tbody> </table> <h3 id="65-实战longhorn-一键装">6.5 实战:Longhorn 一键装 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Longhorn 是 Rancher 出品的云原生块存储</span> </span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.6.4/deploy/longhorn.yaml </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 默认 StorageClass</span> </span></span><span class="line"><span class="cl">kubectl get sc longhorn </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 创建一个 StatefulSet 用 Longhorn</span> </span></span><span class="line"><span class="cl">cat <span class="s">&lt;&lt;EOF | kubectl apply -f - </span></span></span><span class="line"><span class="cl"><span class="s">apiVersion: apps/v1 </span></span></span><span class="line"><span class="cl"><span class="s">kind: StatefulSet </span></span></span><span class="line"><span class="cl"><span class="s">metadata: </span></span></span><span class="line"><span class="cl"><span class="s"> name: pg </span></span></span><span class="line"><span class="cl"><span class="s">spec: </span></span></span><span class="line"><span class="cl"><span class="s"> serviceName: pg </span></span></span><span class="line"><span class="cl"><span class="s"> replicas: 1 </span></span></span><span class="line"><span class="cl"><span class="s"> selector: </span></span></span><span class="line"><span class="cl"><span class="s"> matchLabels: { app: pg } </span></span></span><span class="line"><span class="cl"><span class="s"> template: </span></span></span><span class="line"><span class="cl"><span class="s"> metadata: </span></span></span><span class="line"><span class="cl"><span class="s"> labels: { app: pg } </span></span></span><span class="line"><span class="cl"><span class="s"> spec: </span></span></span><span class="line"><span class="cl"><span class="s"> containers: </span></span></span><span class="line"><span class="cl"><span class="s"> - name: pg </span></span></span><span class="line"><span class="cl"><span class="s"> image: postgres:16 </span></span></span><span class="line"><span class="cl"><span class="s"> volumeMounts: </span></span></span><span class="line"><span class="cl"><span class="s"> - name: data </span></span></span><span class="line"><span class="cl"><span class="s"> mountPath: /var/lib/postgresql/data </span></span></span><span class="line"><span class="cl"><span class="s"> volumeClaimTemplates: </span></span></span><span class="line"><span class="cl"><span class="s"> - metadata: </span></span></span><span class="line"><span class="cl"><span class="s"> name: data </span></span></span><span class="line"><span class="cl"><span class="s"> spec: </span></span></span><span class="line"><span class="cl"><span class="s"> accessModes: [&#34;ReadWriteOnce&#34;] </span></span></span><span class="line"><span class="cl"><span class="s"> storageClassName: longhorn </span></span></span><span class="line"><span class="cl"><span class="s"> resources: </span></span></span><span class="line"><span class="cl"><span class="s"> requests: </span></span></span><span class="line"><span class="cl"><span class="s"> storage: 10Gi </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span></code></pre></td></tr></table> </div> </div> <blockquote> <p>Longhorn 自动做 3 副本 + 跨节点同步 + 在线扩容 + 备份——<strong>NFS 的 keepalived + rsync 全套都不用做</strong>。</p> </blockquote> <h3 id="66-nfs-2024-仍然有用的场景">6.6 NFS 2024 仍然&quot;有用&quot;的场景 </h3><p>虽然新项目优先选 Longhorn/Ceph,但<strong>以下场景 NFS 仍是最佳选择</strong>:</p> <ol> <li><strong>跨 namespace / 跨集群共享数据</strong>(Longhorn 默认单集群)</li> <li><strong>Windows + Linux 混合客户端</strong>(NFS 协议通用性强)</li> <li><strong>AI 训练</strong>把数据集放在 NFS,多个训练 Pod 同时读(<strong>RWX</strong>)</li> <li><strong>传统业务</strong>——银行 ERP、政府办公系统(必须 NFS、SMB 协议)</li> <li><strong>国产化 / 信创项目</strong>(NFS 是 Linux 内核自带,不依赖任何商业软件)</li> </ol> <h3 id="67-一句话总结">6.7 一句话总结 </h3> <blockquote> <p>2016 年的 NFS 4.1 + nfs-subdir + keepalived 方案在 <strong>2024 仍然能跑</strong>——但<strong>新项目</strong>建议直接用 <strong>Longhorn</strong>(块 + 简单)或 <strong>Ceph</strong>(大规模 + 混合)。</p> <p>NFS 不是&quot;过时&quot;了,而是<strong>从默认选择退到备选</strong>——<strong>看场景用</strong>。</p> </blockquote> <hr> <h2 id="7-小结">7. 小结 </h2><p>NFS 在 K8s 存储选型中仍然有一席之地:</p> <ol> <li><strong>动态 StorageClass</strong>(nfs-subdir)让 NFS 用法跟云盘一样简单</li> <li><strong>keepalived + rsync + lsyncd</strong> 组成&quot;穷人版&quot;高可用</li> <li><strong>NFS 单点风险</strong>依然存在,关键业务建议 Ceph / Longhorn</li> <li><strong>2024 新选择</strong>:Longhorn(首选)/ Rook-Ceph(大规模)/ 国产 CubeFS(信创)</li> </ol> <p>下一步:<a class="link" href="https://liangweidonggood.github.io/p/k8s-rook-ceph-fenbushi-cunchu-kuai-rbd-cephfs/" >Rook-Ceph 1.17 分布式存储:块存储 RBD + CephFS + OSD/MON</a>。 <strong>2024 推荐</strong>:先看 <a class="link" href="https://longhorn.io/docs/" target="_blank" rel="noopener" >Longhorn 官方文档</a>(一键装,3 副本 + 备份),再做 Ceph。</p>