标签:PV name 创建 client nfs io provisioner NFS k8s
前言
Storageclass解决PV手动创建需求
当每次创建 PVC 声明使用存储时,都需要去手动的创建 PV,来满足 PVC 的使用。
可以用一种机制来根据用户声明的存储使用量(PVC)来动态的创建对应的持久化存储卷(PV)。k8s 用 StorageClass 来实现动态创建 持久化存储。
实现原理:
存储控制器 Volume Controller,是用来专门处理持久化存储的控制器,其一个子控制循环 PersistentVolumeController 负责实现 PV 和 PVC 的绑定。
PersistentVolumeController 会 watch
kube-apiserver 的 PVC 对象。如果发现有 PVC对象创建,则会查看所有可用的 PV,
如果有则绑定,若没有,则会使用 StorageClass 的配置和 PVC 的描述创建 PV 进行绑定。所谓将一个 PV 与 PVC 进行“绑定”,其实就是将这个PV对象的名字,填在了 PVC 对象的spec.volumeName 字段上
一、搭建NFS服务
在这里我建k8s master01节点作为NFS server服务
[root@k8s-master01 ~]# yum install -y nfs-utils #所有master都要安装 [root@k8s-master01 ~]# cat /etc/exports /nfsdata *(rw,sync,no_root_squash) [root@k8s-master01 ~]# mkdir /nfsdata [root@k8s-master01 ~]# systemctl start rpcbind [root@k8s-master01 ~]# systemctl status rpcbind
root@k8s-master01 ~]# systemctl enable --now nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /u:qsr/lib/systemd/system/nfs-server.ser
Master节点创建共享挂载目录
#mkdir -p /data/volumes/{v1,v2,v3}
编辑master节点/etc/exports文件,将目录共享到192.168.126.0/24这个网段中(网段可根据自己环境来填写,exports文件需要在每台master节点上进行配置)
#vim /etc/exports
/data/volumes/v1 192.168.126.0/24(rw,no_root_squash,no_all_squash)
/data/volumes/v2 192.168.126.0/24(rw,no_root_squash,no_all_squash)
/data/volumes/v3 192.168.126.0/24(rw,no_root_squash,no_all_squash)
发布
#exportfs -arv
exporting 192.168.126.0/24:/data/volumes/v3
exporting 192.168.126.0/24:/data/volumes/v2
exporting 192.168.126.0/24:/data/volumes/v1
查看
#showmounte -e
Export list for k8s-master01:
/data/volumes/v3 192.168.126.0/24
/data/volumes/v2 192.168.126.0/24
/data/volumes/v1 192.168.126.0/24
[root@k8s-master01 nfs]#
二、创建StorageClass存储类型
#vim class.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: nfs-storage
annotations:
storageclass.beta.kubernetes.io/is-default-class: 'true'
storageclass.kubernetes.io/is-default-class: 'true'
provisioner: fuseim.pri/ifs
reclaimPolicy: Delete
volumeBindingMode: Immediate
#kubectl apply -f class.yaml
注意:如果SC存储不是默认的,可以标记一个StorageClass为默认的(根据自己实际名称标记即可)
#kubectl patch storageclass managed-nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
二、创建RBAC权限
rbac(基于角色的访问控制,就是用户通过角色与权限进行关联),是一个从认证---->授权-----》准入机制
#vim rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
#将上述编写好的yaml文件创建出来
[root@k8s-master01 nfs-damon]# kubectl apply -f rbac.yaml
serviceaccount/nfs-client-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner created
role.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
rolebinding.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
三、创建基于NFS类型的Deployment
#vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
labels:
app: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
#image: quay.io/external_storage/nfs-client-provisioner:latest
#image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:latest
image: gmoney23/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: fuseim.pri/ifs #这里必须要填写storageclass中的PROVISIONER名称信息一致
- name: NFS_SERVER
value: 192.168.126.131 #指定NFS服务器的IP地址
- name: NFS_PAT
value: /data/volumes/v1 #指定NFS服务器中的共享挂载目录
volumes:
- name: nfs-client-root #定义持久化卷的名称,必须要上面volumeMounts挂载的名称一致
nfs:
server: 192.168.126.131 #指定NFS所在的IP地址
path: /data/volumes/v1 #指定NFS服务器中的共享挂载目录
[root@k8s-master01 nfs-damon]# kubectl apply -f deployment.yaml
deployment.apps/nfs-client-provisioner created
通过检查容器日志查看启动的NFS插件是否正常
#kubectl logs pod nfs-client-provisioner-f755d8ffd-d6swv
四、创建PVC持久化卷
#vim test-claim.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim
namespace: default
spec:
storageClassName: nfs-storage
accessModes:
- ReadWriteMany
resources:
requests:
storage: 256Mi
#kubectl apply -f test-claim.yaml
查看PVC是否已经与Storageclass挂载绑定
#kubectl get pvc
五、创建测试文件
#vim statefulset-nfs.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nfs-web
spec:
serviceName: "nginx"
replicas: 3
selector:
matchLabels:
app: nfs-web # has to match .spec.template.metadata.labels
template:
metadata:
labels:
app: nfs-web
spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
annotations:
volume.beta.kubernetes.io/storage-class: nfs-storage
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Mi
#kubectl apply -f statefulset-nfs.yaml
验证是否自动创建PV
查看PVC
查看PV
查看NFS-server 数据信息
标签:PV,name,创建,client,nfs,io,provisioner,NFS,k8s 来源: https://www.cnblogs.com/bixiaoyu/p/16444458.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。