k8s创建NFS动态存储
依赖
yum install nfs-utils -y
1.插件项目地址
k8s实验版本:v1.28.2
第三方插件地址:https://github.com/kubernetes-retired/external-storage
nfs插件:https://github.com/kubernetes-retired/external-storage/tree/master/nfs-client
需要注意的是,nfs最新文档已经迁移到其他地址
2. 创建存储类资源对象
wget https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/class.yaml
cat class.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-client #class名称,调用时需要
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner #动态供给插件
parameters:
archiveOnDelete: "false" #删除时是否存档
kubectl apply -f class.yaml
kubectl get sc
3.创建rbac资源对象
wget https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/rbac.yaml
kubectl apply -f rbac.yaml #无需修改
4.创建NFS provisioner
wget https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/deployment.yaml
vim deployment.yaml #修改NFS相关配置,如果无法使用k8s官方镜像,需要替换镜像仓库地址
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: dyrnq/nfs-subdir-external-provisioner:v4.0.2 #默认k8s镜像仓库国内无法访问,使用其他仓库地址
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: k8s-sigs.io/nfs-subdir-external-provisioner
- name: NFS_SERVER
value: 192.168.0.134 #NFS服务地址及共享目录
- name: NFS_PATH
value: /data/nfs
volumes:
- name: nfs-client-root
nfs:
server: 192.168.0.134 #同上
path: /data/nfs
kubectl apply -f deployment.yaml
kubectl get pods|grep nfs #查看pod是否正常运行
5.验证手动绑定
test-claim.yaml
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: test-claim spec: storageClassName: nfs-client # #与class.yaml metadata.name保持一致 accessModes: - ReadWriteMany resources: requests: storage: 1Mi
test-pod.yaml
kind: Pod
apiVersion: v1
metadata:
name: test-pod
spec:
containers:
- name: test-pod
image: busybox:1.24
command:
- "/bin/sh"
args:
- "-c"
- "touch /mnt/SUCCESS && exit 0 || exit 1" #创建一个SUCCESS文件后退出
volumeMounts:
- name: nfs-pvc
mountPath: "/mnt"
restartPolicy: "Never"
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: test-claim
检查(NFS服务所在机器)
[root@harbor ~]# ll /data/nfs/
总用量 0
drwxrwxrwx. 2 nfsnobody nfsnobody 21 1月 27 15:44 default-test-claim-pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10
[root@harbor ~]# ll /data/nfs/default-test-claim-pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10/ ##文件规则是按照${namespace}-${pvcName}-${pvName}创建的
总用量 0
-rw-r--r--. 1 nfsnobody nfsnobody 0 1月 27 15:44 SUCCESS ##下面有一个 SUCCESS 的文件,证明我们上面的验证是成功
6.验证动态绑定
nginx-statefulset.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-headless
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: ikubernetes/myapp:v1
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "nfs-client" #和创建的名称保持一致
resources:
requests:
storage: 1Gi
检查
[root@k8s-master sci]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
test-claim Bound pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10 1Mi RWX nfs-client 7m58s
www-web-0 Bound pvc-2a5f9d6c-b31e-470a-a10c-29de0b02e23e 1Gi RWO nfs-client 16s
www-web-1 Bound pvc-8aba3a31-e155-44fd-9d7f-3118a17422d2 1Gi RWO nfs-client 13s
[root@k8s-master sci]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-2a5f9d6c-b31e-470a-a10c-29de0b02e23e 1Gi RWO Delete Bound default/www-web-0 nfs-client 17s
pvc-8aba3a31-e155-44fd-9d7f-3118a17422d2 1Gi RWO Delete Bound default/www-web-1 nfs-client 14s
pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10 1Mi RWX Delete Bound default/test-claim nfs-client 7m59s
[root@k8s-master sci]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
web-0 1/1 Running 0 2m5s 10.244.85.215 k8s-node01 <none> <none>
web-1 1/1 Running 0 2m2s 10.244.58.210 k8s-node02 <none> <none>
#NFS服务器上
[root@harbor nfs]# ll
总用量 0
drwxrwxrwx. 2 nfsnobody nfsnobody 21 1月 27 15:44 default-test-claim-pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10
drwxrwxrwx. 2 nfsnobody nfsnobody 6 1月 27 15:51 default-www-web-0-pvc-2a5f9d6c-b31e-470a-a10c-29de0b02e23e
drwxrwxrwx. 2 nfsnobody nfsnobody 6 1月 27 15:51 default-www-web-1-pvc-8aba3a31-e155-44fd-9d7f-3118a17422d2
[root@harbor nfs]# echo "web-00" > default-www-web-0-pvc-2a5f9d6c-b31e-470a-a10c-29de0b02e23e/index.html #分别创建不同的index文件
[root@harbor nfs]# echo "web-01" > default-www-web-1-pvc-8aba3a31-e155-44fd-9d7f-3118a17422d2/index.html
#直接访问pod地址查看index文件
[root@k8s-master sci]# curl 10.244.85.215
web-00
[root@k8s-master sci]# curl 10.244.58.210
web-01
"一劳永逸" 的话,有是有的,而 "一劳永逸" 的事却极少
