Kubernetes Dynamic Volume Provisioning - NFS Provisioner

场景:在 非 Master 节点 添加了 1T 的磁盘,挂载到 /mnt 路径,然后实现在此存储上动态创建 PVC。

安装 NFS 工具包

所有节点 (CentOS 7)

yum -y install nfs-utils

创建 NFS Provisioner

1、新建 ServiceAccount、PodSecurityPolicy、ClusterRole、ClusterRoleBinding

apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-provisioner
---
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
  name: nfs-provisioner
spec:
  fsGroup:
    rule: RunAsAny
  allowedCapabilities:
  - DAC_READ_SEARCH
  - SYS_RESOURCE
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  volumes:
  - configMap
  - downwardAPI
  - emptyDir
  - persistentVolumeClaim
  - secret
  - hostPath
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services", "endpoints"]
    verbs: ["get"]
  - apiGroups: ["extensions"]
    resources: ["podsecuritypolicies"]
    resourceNames: ["nfs-provisioner"]
    verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-provisioner
  namespace: default
subjects:
  - kind: ServiceAccount
    name: nfs-provisioner
    namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: nfs-provisioner-runner

2、创建 NFS provisioner 服务

kind: Service
apiVersion: v1
metadata:
  name: nfs-provisioner
  labels:
    app: nfs-provisioner
spec:
  ports:
    - name: nfs
      port: 2049
    - name: mountd
      port: 20048
    - name: rpcbind
      port: 111
    - name: rpcbind-udp
      port: 111
      protocol: UDP
  selector:
    app: nfs-provisioner
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: nfs-provisioner
spec:
  selector:
    matchLabels:
      app: nfs-provisioner
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nfs-provisioner
    spec:
      serviceAccountName: nfs-provisioner            # 关联上述创建的 ServiceAccount
      containers:
        - name: nfs-provisioner
          image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.9
          ports:
            - name: nfs
              containerPort: 2049
            - name: mountd
              containerPort: 20048
            - name: rpcbind
              containerPort: 111
            - name: rpcbind-udp
              containerPort: 111
              protocol: UDP
          securityContext:
            capabilities:
              add:
                - DAC_READ_SEARCH
                - SYS_RESOURCE
          args:
            - "-provisioner=anoyi.com/nfs"
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: SERVICE_NAME
              value: nfs-provisioner
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: export-volume
              mountPath: /export
      volumes:
        - name: export-volume
          hostPath:
            path: /mnt/k8s                   # 存储的挂载点
      nodeSelector:                          # 指定提供存储的节点
        kubernetes.io/hostname: lab-backend2

使用 kubectl get nodes --show-labels 命令查看节点的标签,用于 nodeSelector 选择 Pod 在哪个节点运行,hostPath 指定挂载点为当前节点的指定路径。

3、创建 StorageClass

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: nfs
provisioner: anoyi.com/nfs

4、创建 2 个 PVC

# 创建持久化存储卷
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc01
  annotations:
    volume.beta.kubernetes.io/storage-class: "nfs"
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc02
  annotations:
    volume.beta.kubernetes.io/storage-class: "nfs"
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 20Gi

参考资料

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

来自专栏Kubernetes

kube-proxy工作原理

kube-proxy & service必要说明 说到kube-proxy,就不得不提到k8s中service,下面对它们两做简单说明: kube-proxy其...

1.8K120
来自专栏乐沙弥的世界

跨NAT,防火墙(firewall)的RAC监听配置(ORA-12545)

    对于存在NAT或防火墙的RAC数据库,在启用了服务器端的load balance后,经常会碰到ORA-12545连接错误,这是因为服务器端转发客户端连接...

9330
来自专栏程序员同行者

12-部署EFK插件

35320
来自专栏Albert陈凯

2018-09-17 Vagrant 启动报错

Stderr: VBoxManage.exe: error: VT-x is disabled in the BIOS for all CPU modes (V...

47020
来自专栏码匠的流水账

解决jd-gui在Sierra下闪退问题

在升级了mac操作系统到Sierra版本之后,之前的jd-gui就闪退了,本文就讲述一下如何解决这个问题。

27410
来自专栏程序员同行者

09-部署配置kubedns插件

34920
来自专栏gaoqin31

基于php+shell的发布系统

  一个比较完善的发布系统首先肯定是要能发布文件,其次当发布出现问题时要能支持撤销,避免长时间无法解决问题影响产品的正常运营。 对于发布脚本语言如PHP,she...

15120
来自专栏乐沙弥的世界

TNS-01201: Listener cannot find executablen 错误

    最近在启动监听器的时候收到了TNS-01201: Listener cannot find executable...的错误提示。这个错误还真是一个一直...

11120
来自专栏向治洪

android PakageManagerService启动流程分析

PakageManagerService的启动流程图 ? 1.PakageManagerService概述 PakageManagerService是andro...

552100
来自专栏杨建荣的学习笔记

ASM无法启动的问题分析(二)(r7笔记第88天)

第一篇的内容可以参考。ASM无法启动的问题分析(一),有不少的朋友给了一些建议,我也糅合了进来。一并感谢。 当然重启服务发现CSSD服务是Online,但是AS...

409100

扫码关注云+社区

领取腾讯云代金券