基于 StorageClass 的 NFS 动态卷
172.16.1.64 K8s-Master and node 172.16.1.65 K8s-Master and node 172.16.1.66 K8s-Master and node and NFS Server
NFS 服务
# 安装 NFS server
yum -y install nfs-utils rpcbind
# k8s 所有节点 安装 NFS 客户端
yum -y install nfs-utils
配置 NFS 目录与权限
vi /etc/exports 增加 /opt/nfsdata 172.16.1.0/24(rw,sync,no_root_squash)
启动 NFS 服务
systemctl enable rpcbind.service systemctl enable nfs-server.service systemctl start rpcbind.service systemctl start nfs-server.service # 查看信息 showmount -e 172.16.1.66 Export list for 172.16.1.66: /opt/nfsdata 172.16.1.0/24
配置 NFS Client Provisioner
# 官网镜像地址 quay.io/external_storage/nfs-client-provisioner:latest # 个人镜像地址 jicki/nfs-client-provisioner:latest
# 配置一个 rbac.yaml --- apiVersion: v1 kind: ServiceAccount metadata: name: nfs-client-provisioner --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-client-provisioner-runner rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["services","endpoints"]
verbs: ["get","list","watch","create","delete"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: run-nfs-client-provisioner subjects: - kind: ServiceAccount name: nfs-client-provisioner namespace: default roleRef: kind: ClusterRole name: nfs-client-provisioner-runner apiGroup: rbac.authorization.k8s.io
# 配置一个 deployment 服务
kind: Deployment apiVersion: apps/v1 metadata: name: nfs-client-provisioner spec: replicas: 1 selector: matchLabels:
app: nfs-client-provisioner template: metadata: labels: app: nfs-client-provisioner spec: serviceAccount: nfs-client-provisioner containers: - name: nfs-client-provisioner image: jicki/nfs-client-provisioner:latest volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes env: - name: PROVISIONER_NAME value: fuseim.pri/ifs - name: NFS_SERVER value: 172.16.1.66 - name: NFS_PATH value: /opt/nfsdata volumes: - name: nfs-client-root nfs: server: 172.16.1.66 path: /opt/nfsdata
创建 服务
kubectl apply -f . serviceaccount "nfs-client-provisioner" created clusterrole "nfs-client-provisioner-runner" created clusterrolebinding "run-nfs-client-provisioner" created deployment "nfs-client-provisioner" created # 查看服务 kubectl get pods |grep nfs nfs-client-provisioner-8cdb56f4d-l8vmr 1/1 Running 0 26s
创建 StorageClass
# nfs-storageclass apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: nfs-storage provisioner: fuseim.pri/ifs # fuseim.pri/ifs 是 nfs-client-provisioner 服务中的一个 env
# 导入文件 kubectl apply -f nfs-storageclass.yaml storageclass "nfs-storage" created # 查看服务 kubectl get storageclass NAME PROVISIONER nfs-storage fuseim.pri/ifs
测试
创建一个 nginx StatefulSet
# nginx-statefulset apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: web spec: serviceName: "nginx" replicas: 2 volumeClaimTemplates: - metadata: name: html annotations: volume.beta.kubernetes.io/storage-class: "nfs-storage" # 这里配置 上面创建的 storageclass 的名称 spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 2Gi template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:alpine volumeMounts: - mountPath: "/usr/share/nginx/html/" name: html
# 导入nginx-statefulset kubectl apply -f nginx-statefulset.yaml statefulset "web" created # 查看服务 kubectl get pods|grep web web-0 1/1 Running 0 1m web-1 1/1 Running 0 1m # 查看 pvc kubectl get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE html-web-0 Bound pvc-bb0c0ada-b3aa-11e7-b194-80d4a5d413e2 2Gi RWO nfs-storage 1m html-web-1 Bound pvc-bc3478ac-b3aa-11e7-b194-80d4a5d413e2 2Gi RWO nfs-storage 1m
直接pod挂载
volumeMounts: - mountPath: /usr/share/images name: nfs-data volumes: - name: nfs-data nfs: server: 192.168.1.194 path: "/opt/nfsdata"
