github.com/qsunny/k8s@v0.0.0-20220101153623-e6dca256d5bf/examples-master/volumes/iscsi/README.md (about) 1 ## Introduction 2 3 The Kubernetes iSCSI implementation can connect to iSCSI devices via open-iscsi and multipathd on Linux. 4 Currently supported features are 5 * Connecting to one portal 6 * Mounting a device directly or via multipathd 7 * Formatting and partitioning any new device connected 8 * CHAP authentication 9 10 ## Prerequisites 11 12 This example expects there to be a working iSCSI target to connect to. 13 If there isn't one in place then it is possible to setup a software version on Linux by following these guides 14 15 * [Setup a iSCSI target on Fedora](http://www.server-world.info/en/note?os=Fedora_21&p=iscsi) 16 * [Install the iSCSI initiator on Fedora](http://www.server-world.info/en/note?os=Fedora_21&p=iscsi&f=2) 17 * [Install multipathd for mpio support if required](http://www.linuxstories.eu/2014/07/how-to-setup-dm-multipath-on-rhel.html) 18 19 20 ## Creating the pod with iSCSI persistent storage 21 22 Once you have configured the iSCSI initiator, you can create a pod based on the example *iscsi.yaml*. In the pod YAML, you need to provide *targetPortal* (the iSCSI target's **IP** address and *port* if not the default port 3260), target's *iqn*, *lun*, and the type of the filesystem that has been created on the lun, and *readOnly* boolean. No initiator information is required. If you have more than one target portals for a single IQN, you can mention other portal IPs in *portals* field. 23 24 If you want to use an iSCSI offload card or other open-iscsi transports besides tcp, setup an iSCSI interface and provide *iscsiInterface* in the pod YAML. The default name for an iscsi iface (open-iscsi parameter iface.iscsi\_ifacename) is in the format transport\_name.hwaddress when generated by iscsiadm. See [open-iscsi](http://www.open-iscsi.org/docs/README) or [openstack](http://docs.openstack.org/kilo/config-reference/content/iscsi-iface-config.html) for detailed configuration information. 25 26 **Note:** If you have followed the instructions in the links above you 27 may have partitioned the device, the iSCSI volume plugin does not 28 currently support partitions so format the device as one partition or leave the device raw and Kubernetes will partition and format it one first mount. 29 30 ### CHAP Authentication 31 32 To enable one-way or two-way CHAP authentication for discovery or session, following these steps. 33 34 * Set `chapAuthDiscovery` to `true` for discovery authentication. 35 * Set `chapAuthSession` to `true` for session authentication. 36 * Create a CHAP secret and set `secretRef` to reference the CHAP secret. 37 38 39 Example can be found at [iscsi-chap.yaml](iscsi-chap.yaml) 40 41 ### CHAP Secret 42 43 As illustrated in [chap-secret.yaml](chap-secret.yaml), the secret must have type `kubernetes.io/iscsi-chap` and consists of the following keys: 44 45 ```yaml 46 --- 47 apiVersion: v1 48 kind: Secret 49 metadata: 50 name: chap-secret 51 type: "kubernetes.io/iscsi-chap" 52 data: 53 discovery.sendtargets.auth.username: 54 discovery.sendtargets.auth.password: 55 discovery.sendtargets.auth.username_in: 56 discovery.sendtargets.auth.password_in: 57 node.session.auth.username: 58 node.session.auth.password: 59 node.session.auth.username_in: 60 node.session.auth.password_in: 61 ``` 62 63 These keys map to those used by Open-iSCSI initiator. Detailed documents on these keys can be found at [Open-iSCSI](https://github.com/open-iscsi/open-iscsi/blob/master/etc/iscsid.conf) 64 65 #### Create CHAP secret before creating iSCSI volumes and Pods 66 67 ```console 68 # kubectl create -f examples/volumes/iscsi/chap-iscsi.yaml 69 ``` 70 71 72 73 Once the pod config is created, run it on the Kubernetes master: 74 75 ```console 76 kubectl create -f ./your_new_pod.yaml 77 ``` 78 79 Here is the example pod created and expected output: 80 81 ```console 82 # kubectl create -f examples/volumes/iscsi/iscsi.yaml 83 # kubectl get pods 84 NAME READY STATUS RESTARTS AGE 85 iscsipd 2/2 RUNNING 0 2m 86 ``` 87 88 On the Kubernetes node, verify the mount output 89 90 For a non mpio device the output should look like the following 91 92 ```console 93 # mount |grep kub 94 /dev/sdb on /var/lib/kubelet/plugins/kubernetes.io/iscsi/10.0.2.15:3260-iqn.2001-04.com.example:storage.kube.sys1.xyz-lun-0 type ext4 (rw,relatime,data=ordered) 95 /dev/sdb on /var/lib/kubelet/pods/f527ca5b-6d87-11e5-aa7e-080027ff6387/volumes/kubernetes.io~iscsi/iscsipd-rw type ext4 (ro,relatime,data=ordered) 96 /dev/sdc on /var/lib/kubelet/plugins/kubernetes.io/iscsi/10.0.2.16:3260-iqn.2001-04.com.example:storage.kube.sys1.xyz-lun-0 type ext4 (rw,relatime,data=ordered) 97 /dev/sdc on /var/lib/kubelet/pods/f527ca5b-6d87-11e5-aa7e-080027ff6387/volumes/kubernetes.io~iscsi/iscsipd-rw type ext4 (rw,relatime,data=ordered) 98 /dev/sdd on /var/lib/kubelet/plugins/kubernetes.io/iscsi/10.0.2.17:3260-iqn.2001-04.com.example:storage.kube.sys1.xyz-lun-0 type ext4 (rw,relatime,data=ordered) 99 /dev/sdd on /var/lib/kubelet/pods/f527ca5b-6d87-11e5-aa7e-080027ff6387/volumes/kubernetes.io~iscsi/iscsipd-rw type ext4 (rw,relatime,data=ordered) 100 ``` 101 102 And for a node with mpio enabled the expected output would be similar to the following 103 104 ```console 105 # mount |grep kub 106 /dev/mapper/mpatha on /var/lib/kubelet/plugins/kubernetes.io/iscsi/10.0.2.15:3260-iqn.2001-04.com.example:storage.kube.sys1.xyz-lun-0 type ext4 (rw,relatime,data=ordered) 107 /dev/mapper/mpatha on /var/lib/kubelet/pods/f527ca5b-6d87-11e5-aa7e-080027ff6387/volumes/kubernetes.io~iscsi/iscsipd-ro type ext4 (ro,relatime,data=ordered) 108 /dev/mapper/mpathb on /var/lib/kubelet/plugins/kubernetes.io/iscsi/10.0.2.16:3260-iqn.2001-04.com.example:storage.kube.sys1.xyz-lun-0 type ext4 (rw,relatime,data=ordered) 109 /dev/mapper/mpathb on /var/lib/kubelet/pods/f527ca5b-6d87-11e5-aa7e-080027ff6387/volumes/kubernetes.io~iscsi/iscsipd-rw type ext4 (rw,relatime,data=ordered) 110 /dev/mapper/mpathc on /var/lib/kubelet/plugins/kubernetes.io/iscsi/10.0.2.17:3260-iqn.2001-04.com.example:storage.kube.sys1.xyz-lun-0 type ext4 (rw,relatime,data=ordered) 111 /dev/mapper/mpathb on /var/lib/kubelet/pods/f527ca5b-6d87-11e5-aa7e-080027ff6387/volumes/kubernetes.io~iscsi/iscsipd-rw type ext4 (rw,relatime,data=ordered) 112 ``` 113 114 115 If you ssh to that machine, you can run `docker ps` to see the actual pod. 116 117 ```console 118 # docker ps 119 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 120 3b8a772515d2 kubernetes/pause "/pause" 6 minutes ago Up 6 minutes k8s_iscsipd-rw.ed58ec4e_iscsipd_default_f527ca5b-6d87-11e5-aa7e-080027ff6387_d25592c5 121 ``` 122 123 Run *docker inspect* and verify the container mounted the host directory into the their */mnt/iscsipd* directory. 124 125 ```console 126 # docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/mnt/iscsipd" }}{{ .Source }}{{ end }}{{ end }}' f855336407f4 127 /var/lib/kubelet/pods/f527ca5b-6d87-11e5-aa7e-080027ff6387/volumes/kubernetes.io~iscsi/iscsipd-ro 128 129 # docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/mnt/iscsipd" }}{{ .Source }}{{ end }}{{ end }}' 3b8a772515d2 130 /var/lib/kubelet/pods/f527ca5b-6d87-11e5-aa7e-080027ff6387/volumes/kubernetes.io~iscsi/iscsipd-rw 131 ``` 132 133 134 <!-- BEGIN MUNGE: GENERATED_ANALYTICS --> 135 []() 136 <!-- END MUNGE: GENERATED_ANALYTICS -->