.. _kubernetes-dev: ======================================= Hacking on Ceph in Kubernetes with Rook ======================================= .. warning:: This is *not* official user documentation for setting up production Ceph clusters with Kubernetes. It is aimed at developers who want to hack on Ceph in Kubernetes. This guide is aimed at Ceph developers getting started with running in a Kubernetes environment. It assumes that you may be hacking on Rook, Ceph or both, so everything is built from source. TL;DR for hacking on MGR modules ================================ Make your changes to the Python code base and then from Ceph's ``build`` directory, run:: ../src/script/kubejacker/kubejacker.sh '192.168.122.1:5000' where ``'192.168.122.1:5000'`` is a local docker registry and Rook's ``CephCluster`` CR uses ``image: 192.168.122.1:5000/ceph/ceph:latest``. 1. Build a kubernetes cluster ============================= Before installing Ceph/Rook, make sure you've got a working kubernetes cluster with some nodes added (i.e. ``kubectl get nodes`` shows you something). The rest of this guide assumes that your development workstation has network access to your kubernetes cluster, such that ``kubectl`` works from your workstation. `There are many ways `_ to build a kubernetes cluster: here we include some tips/pointers on where to get started. `kubic-terraform-kvm `_ might also be an option. Or `Host your own `_ with ``kubeadm``. Some Tips --------- Here are some tips for a smoother ride with ``kubeadm``: - If you have previously added any yum/deb repos for kubernetes packages, disable them before trying to use the packages.cloud.google.com repository. If you don't, you'll get quite confusing conflicts. - Even if your distro already has docker, make sure you're installing it a version from docker.com that is within the range mentioned in the kubeadm install instructions. Especially, note that the docker in CentOS 7, 8 will *not* work. ``minikube``: - Start up minikube by passing local docker registry address:: ``minikube start --driver=docker --insecure-registry='192.168.122.1:5000'`` Hosted elsewhere ---------------- If you do not have any servers to hand, you might try a pure container provider such as Google Compute Engine. Your mileage may vary when it comes to what kinds of storage devices are visible to your kubernetes cluster. Make sure you check how much it's costing you before you spin up a big cluster! 2. Run a docker registry ======================== Run this somewhere accessible from both your workstation and your kubernetes cluster (i.e. so that ``docker push/pull`` just works everywhere). This is likely to be the same host you're using as your kubernetes master. 1. Install the ``docker-distribution`` package. 2. If you want to configure the port, edit ``/etc/docker-distribution/registry/config.yml`` 3. Enable the registry service: :: systemctl enable docker-distribution systemctl start docker-distribution You may need to mark the registry as **insecure**. 3. Build Rook ============= .. note:: Building Rook is **not required** to make changes to Ceph. Install Go if you don't already have it. Download the Rook source code: :: go get github.com/rook/rook # Ignore this warning, as Rook is not a conventional go package can't load package: package github.com/rook/rook: no Go files in /home/jspray/go/src/github.com/rook/rook You will now have a Rook source tree in ~/go/src/github.com/rook/rook -- you may be tempted to clone it elsewhere, but your life will be easier if you leave it in your GOPATH. Run ``make`` in the root of your Rook tree to build its binaries and containers: :: make ... === saving image build-9204c79b/ceph-amd64 === docker build build-9204c79b/ceph-toolbox-base-amd64 sha256:653bb4f8d26d6178570f146fe637278957e9371014ea9fce79d8935d108f1eaa === docker build build-9204c79b/ceph-toolbox-amd64 sha256:445d97b71e6f8de68ca1c40793058db0b7dd1ebb5d05789694307fd567e13863 === caching image build-9204c79b/ceph-toolbox-base-amd64 You can use ``docker image ls`` to see the resulting built images. The images you care about are the ones with tags ending "ceph-amd64" (used for the Rook operator and Ceph daemons) and "ceph-toolbox-amd64" (used for the "toolbox" container where the CLI is run). 4. Build Ceph ============= .. note:: Building Ceph is **not required** to make changes to MGR modules written in Python. The Rook containers and the Ceph containers are independent now. Note that Rook's Ceph client libraries need to communicate with the Ceph cluster, therefore a compatible major version is required. You can run a Registry docker container with access to your Ceph source tree using a command like: :: docker run -i -v /my/ceph/src:/my/ceph/src -p 192.168.122.1:5000:5000 -t --name registry registry:2 Once you have built Ceph, you can inject the resulting binaries into the Rook container image using the ``kubejacker.sh`` script (run from your build directory but from *outside* your build container). 5. Run Kubejacker ================= ``kubejacker`` needs access to your docker registry. Execute the script to build a docker image containing your latest Ceph binaries: :: build$ ../src/script/kubejacker/kubejacker.sh ":" Now you've got your freshly built Rook and freshly built Ceph into a single container image, ready to run. Next time you change something in Ceph, you can re-run this to update your image and restart your kubernetes containers. If you change something in Rook, then re-run the Rook build, and the Ceph build too. 5. Run a Rook cluster ===================== Please refer to `Rook's documentation `_ for setting up a Rook operator, a Ceph cluster and the toolbox. The Rook source tree includes example .yaml files in ``cluster/examples/kubernetes/ceph/``. Copy these into a working directory, and edit as necessary to configure the setup you want: - Ensure that ``spec.cephVersion.image`` points to your docker registry:: spec: cephVersion: allowUnsupported: true image: 192.168.122.1:5000/ceph/ceph:latest Then, load the configuration into the kubernetes API using ``kubectl``: :: kubectl apply -f ./cluster-test.yaml Use ``kubectl -n rook-ceph get pods`` to check the operator pod the Ceph daemons and toolbox are is coming up. Once everything is up and running, you should be able to open a shell in the toolbox container and run ``ceph status``. If your mon services start but the rest don't, it could be that they're unable to form a quorum due to a Kubernetes networking issue: check that containers in your Kubernetes cluster can ping containers on other nodes. Cheat sheet =========== Open a shell in your toolbox container:: kubectl -n rook-ceph exec -it $(kubectl -n rook-ceph get pod -l "app=rook-ceph-tools" -o jsonpath="{.items[0].metadata.name}") -- bash Inspect the Rook operator container's logs:: kubectl -n rook-ceph logs -l app=rook-ceph-operator Inspect the ceph-mgr container's logs:: kubectl -n rook-ceph logs -l app=rook-ceph-mgr