Docker(二十九)k8s 创建动态存储,基于nfs 的storageclass
可参照官方的配置https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy
第一种 不使用rbac认证的
1,创建serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner 2,部署nfs client
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: nfs-provisioner
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-provisioner
spec:
serviceAccount: nfs-client-provisioner#这个要与刚才创建的serviceaccount 的名字一致
containers:
- name: nfs-provisioner
image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: example.com/nfs #这里名字自定义,要记住storageclass 后面要用到
- name: NFS_SERVER
value: [已配置的NFS系统的IP地址]
- name: NFS_PATH
value: [已配置的NFS系统的挂载路径]
volumes:
- name: nfs-client-root
nfs:
server: [已配置的NFS系统的IP地址]
path: [已配置的NFS系统的挂载路径] #这里需要注意,如果用的公有云服务的nfs 或者nas,必须要提前创建好目录 可以看到nfs-client pod 正常运行,说明没有问题
3,创建storageclass
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: nfs
provisioner: example.com/nfs #这里的名字要跟之前创建nfs-client deployment里写的名字一样 这样没有基于rbac的storageclass 动态存储就创建好了
验证:
1,创建pvc
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim1
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
storageClassName: nfs 2,创建pod
kind: Pod
apiVersion: v1
metadata:
name: test-pod
spec:
containers:
- name: test-pod
image: busybox
command:
- "/bin/sh"
args:
- "-c"
- "touch /mnt/SUCCESS && exit 0 || exit 1"
volumeMounts:
- name: nfs-pvc
mountPath: "/mnt"
restartPolicy: "Never"
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: test-claim1查看Pod状态是否变为Completed。如果是,则应该能在NFS系统的共享路径中看到一个SUCCESS文件。
这样,StorageClass动态创建PV的功能就成功实现了
第二 使用rbac的
1,创建serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
namespace: fabric8 2,创建nfs客户端deployment.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: nfs-client-provisioner
namespace: fabric8
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccount: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: quay.io/external_storage/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes #这里不能修改
env:
- name: PROVISIONER_NAME
value: shiwaixiangcun.cn/nfs #这里自定义
- name: NFS_SERVER
value: 172.18.xxx.xxx #写nfs server地址
- name: NFS_PATH
value: /localmnt/storage
volumes:
- name: nfs-client-root
nfs:
server: 172.18.xxx.xxx
path: /localmnt/storage #和之前一样,挂在之前,一定要提前创建,不然k8s 不认识,也不能自动创建
3,创建集群绑定规则clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: fabric8
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io 4,创建集群角色clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"] 5,创建storageclass.yaml
apiVersion: storage.k8s.io/v1beta1
kind: StorageClass
metadata:
name: standard
provisioner: shiwaixiangcun.cn/nfs #这里跟之前创建nfs client端里定义的名字一样
验证创建效果
1,创建pvc
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim
namespace: fabric8
annotations:
volume.beta.kubernetes.io/storage-class: "standard"spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi 2,创建pod并挂在pvc
kind: Pod
apiVersion: v1
metadata:
name: test-pod
namespace: fabric8
spec:
containers:
- name: test-pod
image: busybox command:
- "/bin/sh"
args:
- "-c"
- "touch /mnt/SUCCESS && exit 0 || exit 1"
volumeMounts:
- name: nfs-pvc
mountPath: "/mnt"
restartPolicy: "Never"
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: test-claim
最后创建StatefulSet案例
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx1"
replicas: 2
volumeClaimTemplates:
- metadata:
name: test
annotations:
volume.beta.kubernetes.io/storage-class: "nfs"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
template:
metadata:
labels:
app: nginx1
spec:
serviceAccount: nfs-provisioner
containers:
- name: nginx1
image: nginx
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: "/persistentvolumes"
name: test
页:
[1]