k8s 之storageclass使用nfs动态申请PV
文章目录
要在 Kubernetes 中使用 StorageClass 来创建 NFS 存储,首先你需要确保 NFS 服务器已经设置好并且可以访问。然后,你可以创建一个自定义的 StorageClass,并利用它来动态创建多个 PersistentVolume (PV),每个 PersistentVolume 都会使用 NFS 存储。
配置角色权限
就是用户通过角色与权限进行关联。
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get"]
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
resourceNames: ["nfs-provisioner"]
verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: ClusterRole
name: nfs-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-provisioner
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-provisioner
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-provisioner
namespace: default
kubectl apply -f rbac.yaml
部署nfs-client-provisioner
新增 nfs 的 Deployment 配置 deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
labels:
app: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-provisioner
containers:
- name: nfs-client-provisioner
image: gmoney23/nfs-client-provisioner
imagePullPolicy: IfNotPresent
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: nfs-diy # StorageClass 三个重要字段之一 Provisioner,名字自己指定
- name: NFS_SERVER
value: 192.168.56.115 # nfs 服务器地址
- name: NFS_PATH
value: /mnt/nfs # nfs 共享文件夹
volumes:
- name: nfs-client-root
nfs:
server: 192.168.56.115 # nfs 服务器地址
path: /mnt/nfs # nfs 共享文件夹
创建 NFS StorageClass
首先,我们需要创建一个 StorageClass,它指定使用 NFS 存储后端。以下是一个示例 YAML 文件,它定义了一个名为 nfs-storage 的 StorageClass,使用 NFS 动态 Provisioning 来创建 PV。
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-storage
provisioner: nfs-diy # 和 deployment.yaml 中 env.PROVISIONER_NAME 保持一致
reclaimPolicy: Retain
parameters:
archiveOnDelete: "false"
创建 PVC 来动态申请 PV
你可以创建一个 PersistentVolumeClaim (PVC),它会根据指定的 StorageClass 动态申请一个 PV。以下是一个示例 YAML 文件,它请求一个大小为 1Mi 的 PVC,并且使用刚才创建的 nfs-storage StorageClass:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim
annotations:
volume.beta.kubernetes.io/storage-class: "nfs-storage"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
storageClassName: nfs-storage # 使用我们创建的 StorageClass
在 Pod 中使用 PVC
当你有了 PVC 和 PV 后,可以在 Pod 中使用 PVC 来挂载存储。以下是一个示例 Pod,它使用了 test-claim PVC 来挂载 NFS 存储:
kind: Pod
apiVersion: v1
metadata:
name: test-pod-nginx
spec:
containers:
- name: test-pod-nginx-containers
image: nginx:latest
ports:
- containerPort: 80
name: "http-server"
hostPort: 80
volumeMounts:
- name: test-pod-nginx-storage
mountPath: "/usr/share/nginx/html"
restartPolicy: "Never"
volumes:
- name: test-pod-nginx-storage
persistentVolumeClaim:
claimName: test-claim
验证存储是否正确挂载
部署 Pod 后,你可以通过执行 kubectl exec 命令进入 Pod,检查 NFS 存储是否正确挂载:
kubectl exec -it test-pod-nginx /bin/bash
cd /mnt/nfs/default-test-claim-pvc-d07ea120-55ca-40d1-8fa3-01d01eb32193
echo "hello" > index.html
访问 http://192.168.56.115/
使用 kubectl 和 jq 筛选 PVC
你也可以通过 kubectl get pvc -o json 并结合 jq 工具来筛选所有使用指定 StorageClass 的 PVC。例如:
kubectl get pvc -o json | jq '.items[] | select(.spec.storageClassName == "nfs-storage") | .metadata.name'
这将输出所有使用 nfs-storage StorageClass 的 PVC 名称。
waiting for a volume to be created, either by external provisioner “nfs-diy” or manually created by system administrator
如果是 v1.20 版本以上 apiserver 默认禁止使用 selfLink,需要手动配置- --feature-gates=RemoveSelfLink=false 开启。
修改kube-apiserver.yaml 文件:
[root@master nfs]# cat /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.25.100:6443
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --advertise-address=192.168.25.100
- --feature-gates=RemoveSelfLink=false # 添加这条信息
- --allow-privileged=true
原文地址:https://blog.csdn.net/qq_37362891/article/details/144290194
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!