文章目录
- 配置角色权限
- 部署nfs-client-provisioner
- 创建 NFS StorageClass
- 创建 PVC 来动态申请 PV
- 在 Pod 中使用 PVC
- 验证存储是否正确挂载
- 使用 `kubectl` 和 `jq` 筛选 PVC
- waiting for a volume to be created, either by external provisioner "nfs-diy" or manually created by system administrator
要在 Kubernetes 中使用 StorageClass 来创建 NFS 存储,首先你需要确保 NFS 服务器已经设置好并且可以访问。然后,你可以创建一个自定义的 StorageClass,并利用它来动态创建多个 PersistentVolume (PV),每个 PersistentVolume 都会使用 NFS 存储。
配置角色权限
就是用户通过角色与权限进行关联。
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: nfs-provisioner-runner
rules:- apiGroups: [""]resources: ["persistentvolumes"]verbs: ["get", "list", "watch", "create", "delete"]- apiGroups: [""]resources: ["persistentvolumeclaims"]verbs: ["get", "list", "watch", "update"]- apiGroups: ["storage.k8s.io"]resources: ["storageclasses"]verbs: ["get", "list", "watch"]- apiGroups: [""]resources: ["events"]verbs: ["create", "update", "patch"]- apiGroups: [""]resources: ["services", "endpoints"]verbs: ["get"]- apiGroups: ["extensions"]resources: ["podsecuritypolicies"]resourceNames: ["nfs-provisioner"]verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: run-nfs-provisioner
subjects:- kind: ServiceAccountname: nfs-provisioner# replace with namespace where provisioner is deployednamespace: default
roleRef:kind: ClusterRolename: nfs-provisioner-runnerapiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: leader-locking-nfs-provisioner
rules:- apiGroups: [""]resources: ["endpoints"]verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: leader-locking-nfs-provisioner
subjects:- kind: ServiceAccountname: nfs-provisioner# replace with namespace where provisioner is deployednamespace: default
roleRef:kind: Rolename: leader-locking-nfs-provisionerapiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:name: nfs-provisionernamespace: default
kubectl apply -f rbac.yaml
部署nfs-client-provisioner
新增 nfs 的 Deployment 配置 deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: nfs-client-provisionerlabels:app: nfs-client-provisioner# replace with namespace where provisioner is deployednamespace: default
spec:replicas: 1strategy:type: Recreateselector:matchLabels:app: nfs-client-provisionertemplate:metadata:labels:app: nfs-client-provisionerspec:serviceAccountName: nfs-provisionercontainers:- name: nfs-client-provisionerimage: gmoney23/nfs-client-provisionerimagePullPolicy: IfNotPresentvolumeMounts:- name: nfs-client-rootmountPath: /persistentvolumesenv:- name: PROVISIONER_NAMEvalue: nfs-diy # StorageClass 三个重要字段之一 Provisioner,名字自己指定- name: NFS_SERVERvalue: 192.168.56.115 # nfs 服务器地址- name: NFS_PATHvalue: /mnt/nfs # nfs 共享文件夹volumes:- name: nfs-client-rootnfs:server: 192.168.56.115 # nfs 服务器地址path: /mnt/nfs # nfs 共享文件夹
创建 NFS StorageClass
首先,我们需要创建一个 StorageClass,它指定使用 NFS 存储后端。以下是一个示例 YAML 文件,它定义了一个名为 nfs-storage 的 StorageClass,使用 NFS 动态 Provisioning 来创建 PV。
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: nfs-storage
provisioner: nfs-diy # 和 deployment.yaml 中 env.PROVISIONER_NAME 保持一致
reclaimPolicy: Retain
parameters:archiveOnDelete: "false"
创建 PVC 来动态申请 PV
你可以创建一个 PersistentVolumeClaim (PVC),它会根据指定的 StorageClass 动态申请一个 PV。以下是一个示例 YAML 文件,它请求一个大小为 1Mi 的 PVC,并且使用刚才创建的 nfs-storage StorageClass:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: test-claimannotations:volume.beta.kubernetes.io/storage-class: "nfs-storage"
spec:accessModes:- ReadWriteManyresources:requests:storage: 1MistorageClassName: nfs-storage # 使用我们创建的 StorageClass
在 Pod 中使用 PVC
当你有了 PVC 和 PV 后,可以在 Pod 中使用 PVC 来挂载存储。以下是一个示例 Pod,它使用了 test-claim PVC 来挂载 NFS 存储:
kind: Pod
apiVersion: v1
metadata:name: test-pod-nginx
spec:containers:- name: test-pod-nginx-containersimage: nginx:latestports:- containerPort: 80name: "http-server"hostPort: 80volumeMounts:- name: test-pod-nginx-storagemountPath: "/usr/share/nginx/html"restartPolicy: "Never"volumes:- name: test-pod-nginx-storagepersistentVolumeClaim:claimName: test-claim
验证存储是否正确挂载
部署 Pod 后,你可以通过执行 kubectl exec 命令进入 Pod,检查 NFS 存储是否正确挂载:
kubectl exec -it test-pod-nginx /bin/bash
cd /mnt/nfs/default-test-claim-pvc-d07ea120-55ca-40d1-8fa3-01d01eb32193
echo "hello" > index.html
访问 http://192.168.56.115/
使用 kubectl 和 jq 筛选 PVC
你也可以通过 kubectl get pvc -o json 并结合 jq 工具来筛选所有使用指定 StorageClass 的 PVC。例如:
kubectl get pvc -o json | jq '.items[] | select(.spec.storageClassName == "nfs-storage") | .metadata.name'
这将输出所有使用 nfs-storage StorageClass 的 PVC 名称。
waiting for a volume to be created, either by external provisioner “nfs-diy” or manually created by system administrator
如果是 v1.20 版本以上 apiserver 默认禁止使用 selfLink,需要手动配置- --feature-gates=RemoveSelfLink=false 开启。
修改kube-apiserver.yaml 文件:
[root@master nfs]# cat /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:annotations:kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.25.100:6443creationTimestamp: nulllabels:component: kube-apiservertier: control-planename: kube-apiservernamespace: kube-system
spec:containers:- command:- kube-apiserver- --advertise-address=192.168.25.100- --feature-gates=RemoveSelfLink=false # 添加这条信息- --allow-privileged=true
