k8s创建NFS动态存储

1.插件项目地址

k8s实验版本：v1.28.2

第三方插件地址：https://github.com/kubernetes-retired/external-storage
nfs插件：https://github.com/kubernetes-retired/external-storage/tree/master/nfs-client

需要注意的是，nfs最新文档已经迁移到其他地址

2. 创建存储类资源对象

wget https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/class.yaml
cat class.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-client #class名称，调用时需要
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner  #动态供给插件
parameters:
  archiveOnDelete: "false" #删除时是否存档
kubectl apply -f class.yaml 
kubectl get sc

3.创建rbac资源对象

wget https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/rbac.yaml
kubectl apply -f  rbac.yaml   #无需修改

4.创建NFS provisioner

wget https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/deploy/deployment.yaml
vim  deployment.yaml #修改NFS相关配置，如果无法使用k8s官方镜像，需要替换镜像仓库地址
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: dyrnq/nfs-subdir-external-provisioner:v4.0.2 #默认k8s镜像仓库国内无法访问，使用其他仓库地址
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: k8s-sigs.io/nfs-subdir-external-provisioner 
            - name: NFS_SERVER       
              value: 192.168.0.134  #NFS服务地址及共享目录
            - name: NFS_PATH
              value: /data/nfs
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.0.134  #同上
            path: /data/nfs
kubectl apply -f   deployment.yaml  
kubectl get pods|grep nfs #查看pod是否正常运行

5.验证手动绑定

test-pod.yaml

kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  containers:
  - name: test-pod
    image: busybox:1.24
    command:
      - "/bin/sh"
    args:
      - "-c"
      - "touch /mnt/SUCCESS && exit 0 || exit 1"   #创建一个SUCCESS文件后退出
    volumeMounts:
      - name: nfs-pvc
        mountPath: "/mnt"
  restartPolicy: "Never"
  volumes:
    - name: nfs-pvc
      persistentVolumeClaim:
        claimName: test-claim

检查(NFS服务所在机器)

[root@harbor ~]# ll /data/nfs/
总用量 0
drwxrwxrwx. 2 nfsnobody nfsnobody 21 1月  27 15:44 default-test-claim-pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10
[root@harbor ~]# ll /data/nfs/default-test-claim-pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10/  ##文件规则是按照${namespace}-${pvcName}-${pvName}创建的
总用量 0
-rw-r--r--. 1 nfsnobody nfsnobody 0 1月  27 15:44 SUCCESS ##下面有一个 SUCCESS 的文件，证明我们上面的验证是成功

6.验证动态绑定

nginx-statefulset.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx-headless
  labels:
    app: nginx
spec:
  ports:
  - port: 80
    name: web
  clusterIP: None
  selector:
    app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  serviceName: "nginx"
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: ikubernetes/myapp:v1
        ports:
        - containerPort: 80
          name: web
        volumeMounts:
        - name: www
          mountPath: /usr/share/nginx/html
  volumeClaimTemplates:
  - metadata:
      name: www
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "nfs-client"   #和创建的名称保持一致
      resources:
        requests:
          storage: 1Gi

检查

[root@k8s-master sci]# kubectl get pvc
NAME         STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
test-claim   Bound    pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10   1Mi        RWX            nfs-client     7m58s
www-web-0    Bound    pvc-2a5f9d6c-b31e-470a-a10c-29de0b02e23e   1Gi        RWO            nfs-client     16s
www-web-1    Bound    pvc-8aba3a31-e155-44fd-9d7f-3118a17422d2   1Gi        RWO            nfs-client     13s
[root@k8s-master sci]# kubectl get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                STORAGECLASS   REASON   AGE
pvc-2a5f9d6c-b31e-470a-a10c-29de0b02e23e   1Gi        RWO            Delete           Bound    default/www-web-0    nfs-client              17s
pvc-8aba3a31-e155-44fd-9d7f-3118a17422d2   1Gi        RWO            Delete           Bound    default/www-web-1    nfs-client              14s
pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10   1Mi        RWX            Delete           Bound    default/test-claim   nfs-client              7m59s
[root@k8s-master sci]# kubectl get pods -o wide
NAME                                      READY   STATUS      RESTARTS   AGE     IP              NODE         NOMINATED NODE   READINESS GATES
web-0                                     1/1     Running     0          2m5s    10.244.85.215   k8s-node01   <none>           <none>
web-1                                     1/1     Running     0          2m2s    10.244.58.210   k8s-node02   <none>           <none>

#NFS服务器上
[root@harbor nfs]# ll
总用量 0
drwxrwxrwx. 2 nfsnobody nfsnobody 21 1月  27 15:44 default-test-claim-pvc-c5e2c537-0173-4ab3-b7d5-c7492be7ef10
drwxrwxrwx. 2 nfsnobody nfsnobody  6 1月  27 15:51 default-www-web-0-pvc-2a5f9d6c-b31e-470a-a10c-29de0b02e23e
drwxrwxrwx. 2 nfsnobody nfsnobody  6 1月  27 15:51 default-www-web-1-pvc-8aba3a31-e155-44fd-9d7f-3118a17422d2
[root@harbor nfs]#  echo "web-00" > default-www-web-0-pvc-2a5f9d6c-b31e-470a-a10c-29de0b02e23e/index.html #分别创建不同的index文件
[root@harbor nfs]#  echo "web-01" > default-www-web-1-pvc-8aba3a31-e155-44fd-9d7f-3118a17422d2/index.html

#直接访问pod地址查看index文件
[root@k8s-master sci]# curl 10.244.85.215
web-00
[root@k8s-master sci]# curl 10.244.58.210
web-01