Kubernetes 配置 StorageClass(NFS)
原创Kubernetes 配置 StorageClass(NFS)
原创
懒人的小脑
修改于 2020-11-30 11:23:52
修改于 2020-11-30 11:23:52
在 k8s 环境,当pod需要存储空间时,StorageClass 比 PV 更灵活和方便。
环境信息
- Kubernetnes 1.18.3
- Kubernetnes 宿主机:CentOS 7.7
- NFS 服务:IP 地址
172.17.100.71,nfs 共享存储目录/storage
如何创建 StorageClass
- 创建或者选取一个 Namespace
- 创建 rbac,因为 StorageClass 有对应的 Pod 要运行,每个 pod 都有自己的身份即 ServiceAccount,而这个 serviceAccount 是和某个角色绑定的,所以需要创建 ServiceAccount、rule、rolebinding
- 创建 provisioner,即关联 NFS 工作类,负责给 PVC 提供存储资源,这里使用的是 nfs-client-provisione
- 创建 StorageClass,所有需要 PVC 通过该 StorageClass 即可获得存储空间
创建 StorageClass
- 创建或选取一个 Namespace 用于运行 nfs 相关的 pod。
这里使用了 kube-system名称空间。
- 创建 rbac
kubectl apply -f https://raw.githubusercontent.com/Simontage/k8s/main/StorageClass-demo/rbac.yamlapiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisione
# replace with namespace where provisioner is deployed
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runne
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisione
subjects:
- kind: ServiceAccount
name: nfs-client-provisione
# replace with namespace where provisioner is deployed
namespace: kube-system
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runne
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisione
# replace with namespace where provisioner is deployed
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisione
# replace with namespace where provisioner is deployed
namespace: kube-system
subjects:
- kind: ServiceAccount
name: nfs-client-provisione
# replace with namespace where provisioner is deployed
namespace: kube-system
roleRef:
kind: Role
name: leader-locking-nfs-client-provisione
apiGroup: rbac.authorization.k8s.io- 创建 provisione
kubectl apply -f https://raw.githubusercontent.com/Simontage/k8s/main/StorageClass-demo/deployment.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisione
labels:
app: nfs-client-provisione
# replace with namespace where provisioner is deployed
namespace: kube-system
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisione
template:
metadata:
labels:
app: nfs-client-provisione
spec:
serviceAccountName: nfs-client-provisione
containers:
- name: nfs-client-provisione
image: quay.mirrors.ustc.edu.cn/external\_storage/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER\_NAME
value: fuseim.pri/ifs
- name: NFS\_SERVER
value: 172.17.100.71
- name: NFS\_PATH
value: /storage
volumes:
- name: nfs-client-root
nfs:
server: 172.17.100.71
path: /storage
创建之后建议使用 kubectl describe pod-XXXXXX -n kube-system 和 kubectl logs -f xxxxxx -n kube-system
- 创建 StorageClass
kubectl apply -f https://raw.githubusercontent.com/Simontage/k8s/main/StorageClass-demo/class.yamlapiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: managed-nfs-storage
#可选,是否配置为默认 StorageClass
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER\_NAME'
parameters:
archiveOnDelete: "false"class.yaml中的StorageClass名为managed-nfs-storage,后面的PVC就用这个名字去申请存储空间。
配置默认 StorageClass
列出集群中的 StorageClass
kubectl get storageclass
NAME PROVISIONER AGE
standard (default) kubernetes.io/gce-pd 1d
gold kubernetes.io/gce-pd 1d标记默认 StorageClass 非默认:
kubectl patch storageclass standard -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'标记一个 StorageClass 为默认:
kubectl patch storageclass <your-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'最多只能有一个 StorageClass 能够被标记为默认。 如果它们中有两个或多个被标记为默认,Kubernetes 将忽略这个注解, 也就是它将表现为没有默认 StorageClass。
参考链接
https://cloud.tencent.com/developer/article/1632950
https://kubernetes.io/zh/docs/tasks/administer-cluster/change-default-storage-class/
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读