4.2.5. 安装nfs-storage-class-Kubernetes合辑1-安装Kubernetes

当前位置:　首页>> 技术小册>> Kubernetes合辑1-安装Kubernetes

通常情况下，都需要为Kubernetes配置storage class，测试环境中使用 NFS 居多，下面以 NFS 为案例，Gitlab 地址 https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner

# middle-89 提供NFS存储，各个节点进行挂载。这些节点都需要安装 nfs相关工具
[root@maxiaoke deploy-kubernetes]# gosh cmd -i all.ip "yum install -y nfs-utils" 
[root@middle-89 ~]# echo '/data/nfs 10.4.7.0/24(rw,sync,no_wdelay,no_root_squash)' > /etc/exports
[root@middle-89 ~]# mkdir /data/nfs
[root@middle-89 ~]# systemctl start nfs
[root@middle-89 ~]# systemctl enable nfs
[root@middle-89 ~]# showmount -e
Export list for middle-89:
/data/nfs 10.4.7.0/24

deployment.yaml:

---
apiVersion: v1
kind: Namespace
metadata:
  name: infra-storage
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfs-client-provisioner
  labels:
    app: nfs-client-provisioner
  namespace: infra-storage
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nfs-client-provisioner
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: linuxmaxiaoke/nfs-subdir-external-provisioner:v4.0.1
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: default-nfs-provisioner
            - name: NFS_SERVER
              value: 10.4.7.89
            - name: NFS_PATH
              value: /data/nfs
            - name: TZ
              value: Asia/Shanghai
      volumes:
        - name: nfs-client-root
          nfs:
            server: 10.4.7.89
            path: /data/nfs

rbac.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: infra-storage
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: infra-storage
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: infra-storage
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: infra-storage
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: infra-storage
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io

class.yaml:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: managed-nfs-storage
provisioner: default-nfs-provisioner
parameters:
  archiveOnDelete: "false"

验证NFS存储

test-claim.yaml:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-claim
spec:
  storageClassName: managed-nfs-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Mi

test-pod.yaml:

kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  containers:
  - name: test-pod
    image: gcr.io/google_containers/busybox:1.24
    command:
      - "/bin/sh"
    args:
      - "-c"
      - "touch /mnt/SUCCESS && exit 0 || exit 1"
    volumeMounts:
      - name: nfs-pvc
        mountPath: "/mnt"
  restartPolicy: "Never"
  volumes:
    - name: nfs-pvc
      persistentVolumeClaim:
        claimName: test-claim

[root@maxiaoke nfs-provisorner]# kubectl apply -f test-claim.yaml -f test-pod
[root@maxiaoke nfs-provisorner]# kubectl get pod
NAME       READY   STATUS      RESTARTS   AGE
test-pod   0/1     Completed   0          17s
[root@maxiaoke nfs-provisorner]# kubectl get pvc
NAME         STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS          AGE
test-claim   Bound    pvc-baf4603c-fea5-4ea6-93ac-b3387a1f150c   1Mi        RWX            managed-nfs-storage   34s

该分类下的相关小册推荐：

Kubernets合辑4-kubernetes入门

云原生-K8S入门实战

Kubernetes中文教程(三)

Kubernets合辑10-网络

Kubernetes中文教程(一)

Kubernets合辑11-持续集成

Kubernets合辑13-集群监控

Kubernetes中文教程(六)

Kubernets合辑15-持续部署

Kubernets合辑7-存储

Kubernets合辑14-日志收集

Kubernets合辑5-Pod控制器