Kubernetes Dynamic Volume Provisioning - NFS Provisioner
标签:
Kubernetes
场景:在 非 Master 节点 添加了 1T 的磁盘,挂载到 /mnt 路径,然后实现在此存储上动态创建 PVC。
安装 NFS 工具包
所有节点 (CentOS 7)
yum -y install nfs-utils
创建 NFS Provisioner
1、新建 ServiceAccount、PodSecurityPolicy、ClusterRole、ClusterRoleBinding
apiVersion: v1 kind: ServiceAccount metadata: name: nfs-provisioner --- apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: nfs-provisioner spec: fsGroup: rule: RunAsAny allowedCapabilities: - DAC_READ_SEARCH - SYS_RESOURCE runAsUser: rule: RunAsAny seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny volumes: - configMap - downwardAPI - emptyDir - persistentVolumeClaim - secret - hostPath --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-provisioner-runner rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["services", "endpoints"] verbs: ["get"] - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] resourceNames: ["nfs-provisioner"] verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: run-nfs-provisioner namespace: defaultsubjects: - kind: ServiceAccount name: nfs-provisioner namespace: defaultroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nfs-provisioner-runner
2、创建 NFS provisioner 服务
kind: Service apiVersion: v1 metadata: name: nfs-provisioner labels: app: nfs-provisioner spec: ports: - name: nfs port: 2049 - name: mountd port: 20048 - name: rpcbind port: 111 - name: rpcbind-udp port: 111 protocol: UDP selector: app: nfs-provisioner --- kind: Deployment apiVersion: apps/v1 metadata: name: nfs-provisioner spec: selector: matchLabels: app: nfs-provisioner replicas: 1 strategy: type: Recreate template: metadata: labels: app: nfs-provisioner spec: serviceAccountName: nfs-provisioner # 关联上述创建的 ServiceAccount containers: - name: nfs-provisioner image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.9 ports: - name: nfs containerPort: 2049 - name: mountd containerPort: 20048 - name: rpcbind containerPort: 111 - name: rpcbind-udp containerPort: 111 protocol: UDP securityContext: capabilities: add: - DAC_READ_SEARCH - SYS_RESOURCE args: - "-provisioner=anoyi.com/nfs" env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: SERVICE_NAME value: nfs-provisioner - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace imagePullPolicy: "IfNotPresent" volumeMounts: - name: export-volume mountPath: /export volumes: - name: export-volume hostPath: path: /mnt/k8s # 存储的挂载点 nodeSelector: # 指定提供存储的节点 kubernetes.io/hostname: lab-backend2
使用 kubectl get nodes --show-labels 命令查看节点的标签,用于 nodeSelector 选择 Pod 在哪个节点运行,hostPath 指定挂载点为当前节点的指定路径。
3、创建 StorageClass
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: nfs provisioner: anoyi.com/nfs
4、创建 2 个 PVC
# 创建持久化存储卷apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc01 annotations: volume.beta.kubernetes.io/storage-class: "nfs"spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc02 annotations: volume.beta.kubernetes.io/storage-class: "nfs"spec: accessModes: - ReadWriteMany resources: requests: storage: 20Gi
作者:Anoyi
链接:https://www.jianshu.com/p/839ac3acf294
点击查看更多内容
为 TA 点赞
评论
共同学习,写下你的评论
评论加载中...
作者其他优质文章
正在加载中
感谢您的支持,我会继续努力的~
扫码打赏,你说多少就多少
赞赏金额会直接到老师账户
支付方式
打开微信扫一扫,即可进行扫码打赏哦