Kubernetes存储——NFS

一、环境准备——搭建nfs(集群)

1.1 服务器规划

master(k8s集群) node1(k8s集群) node2(k8s集群) nfs 服务端
192.168.99.201 192.168.99.202 192.168.99.203 192.168.99.204

1.2 nfs服务端

$ yum install -y nfs-utils
$ systemctl enable nfs-server rpcbind --now
# 所有服务端节点安装nfs并启动

$ mkdir -p /data/nfs-volume && chmod -R 777 /data/nfs-volume
# 创建nfs共享目录、授权

$ cat > /etc/exports << EOF
/data/nfs-volume 192.168.99.0/24(rw,sync,no_root_squash)
EOF
# 写入exports

$ systemctl reload nfs-server
# 启动nfs服务端

# 使用如下命令进行验证
$ showmount -e 192.168.99.204
Export list for 192.168.99.204:
/data/nfs-volume 192.168.99.0/24

1.3 nfs客户端

$ yum install -y nfs-utils
# 所有使用nfs的k8s节点安装nfs客户端

$ systemctl enable rpcbind --now
# 启动rpcbind程序

# 所有客户端也可以使用如下命令进行验证
$ showmount -e 192.168.99.204
Export list for 192.168.99.204:
/data/nfs-volume 192.168.99.0/24

$ mkdir /opt/nfs-volume
$ mount -t nfs 192.168.99.204:/data/nfs-volume /opt/nfs-volume
$ df -h | tail -1
# 测试挂载并使用

1.4 配置客户端开机自动挂载

$ cat >> /etc/fstab << EOF
192.168.99.204:/data/nfs-volume /opt/nfs-volume defaults,_netdev 0 0
EOF

二、配置k8s使用nfs持久化存储

2.1 手动静态创建

$ kubectl create ns nfs-pv-pvc
$ cat > nfs-pv.yaml << EOF 
apiVersion: v1            # 指定的api版本,要符合kubectl apiVersion规定,v1是稳定版本,必选参数
kind: PersistentVolume    # k8s资源类型,PersistentVolume资源
metadata:                 # 资源的元数据语句块,是针对kind对应资源的全局属性
  name: nfs-pv001         # 自定义名称nfs-pv001
spec:                     # 规格语句块
  capacity:               # PV的存储空间语句块
    storage: 5Gi          # PV的具体存储空间大小,Mi表示1024进制
  accessModes:            # 访问模式,有三种:ReadWriteOnce、ReadOnlyMany、ReadWriteMany 
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain   # 回收策略,有三种:Retain、Recycle、Delete 
  storageClassName: nfs    # 注意此处修改
  nfs:                     # NFS文件系统配置语句块 
    path: /data/nfs-volume # 在NFS文件系统上创建的共享文件目录
    server: 192.168.99.204 # NFS服务器的IP地址
EOF

$ cat > nfs-pvc.yaml << EOF 
apiVersion: v1                # 指定的api版本,要符合kubectl apiVersion规定,v1是稳定版本,必选参数
kind: PersistentVolumeClaim   # k8s资源类型
metadata:                     # 资源的元数据语句块,是针对kind对应资源的全局属性
  name: nfs-pvc001            # PVC名称,自定义
  namespace: nfs-pv-pvc       # 指定命名空间
spec:                         # 规格语句块
  accessModes:                # 访问模式
    - ReadWriteMany
  storageClassName: nfs       # 注意此处修改
  resources:                  # 访问模式下的资源语句块
    requests:                 # 请求语句块
      storage: 5Gi            # 请求存储空间
EOF

$ cat > nginx-apline.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: nfs-pv-pvc
  labels:
    app: nginx
spec:
  replicas: 1    # 注意此处修改
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nfs-pvc
          mountPath: "/usr/share/nginx/html"
      volumes:
      - name: nfs-pvc
        persistentVolumeClaim:
          claimName: nfs-pvc001   # 与pvc名字一样
---
kind: Service
apiVersion: v1
metadata:
  name: my-svc-nginx-alpine
  namespace: nfs-pv-pvc
spec:
  type: ClusterIP
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
EOF

在NFS服务端(192.168.99.204)对应NFS共享目录创建文件

$ echo "2021-7-20" > /data/nfs-volume/index.html
$ kubectl get pod -n nfs-pv-pvc -o custom-columns=':metadata.name'

$ kubectl exec -it nginx-deployment-799b74d8dc-7fmnl -n nfs-pv-pvc -- cat  /usr/share/nginx/html/index.html
$ kubectl get pod -n nfs-pv-pvc -owide
$ kubectl get svc -n nfs-pv-pvc -owide

访问验证

$ kubectl get po -n nfs-pv-pvc -o custom-columns=':status.podIP' |xargs curl
# 访问pod IP

$ kubectl get svc -n nfs-pv-pvc -o custom-columns=':spec.clusterIP' |xargs curl
# 访问svc IP

2.2 动态创建NFS存储

nfs-client-provisioner

方式一:使用github上资源

# git clone https://github.com/kubernetes-retired/external-storage.git

# cd ~/external-storage/nfs-client/deploy

方式二:手动创建资源文件

$ mkdir my-nfs-client-provisioner && cd my-nfs-client-provisioner
$ cat > rbac.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: default
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: default
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io
EOF
  • 1、kind: ServiceAccount: 定义一个服务账户,该账户负责向集群申请资源
  • 2、kind: ClusterRole: 定义集群角色
  • 3、kind: ClusterRoleBinding: 集群角色与服务账户绑定
  • 4、kind: Role: 角色
  • 5、kind: RoleBinding: 角色与服务账户绑定
$ cat > class.yaml << EOF
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: managed-nfs-storage
provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME'
parameters:
  archiveOnDelete: "false"
EOF
$ cat > deployment.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfs-client-provisioner
  labels:
    app: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: default
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nfs-client-provisioner
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: quay.io/external_storage/nfs-client-provisioner:latest
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: fuseim.pri/ifs
            - name: NFS_SERVER
              value: 192.168.99.204 # 注意此处修改
            - name: NFS_PATH
              value: /data/nfs-volume/
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.99.204 # 注意此处修改
            path: /data/nfs-volume
EOF
  • 修改成自己的nfs服务端ip(192.168.1.204)
  • 修改共享目录(/data/nfs-volume)
$ cat > test-claim.yaml <<EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-claim
  annotations:
    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Mi
EOF
$ cat > test-pod.yaml << EOF
kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  containers:
  - name: test-pod
    image: busybox:1.24
    command:
      - "/bin/sh"
    args:
      - "-c"
      - "touch /mnt/SUCCESS && exit 0 || exit 1"
    volumeMounts:
      - name: nfs-pvc
        mountPath: "/mnt"
  restartPolicy: "Never"
  volumes:
    - name: nfs-pvc
      persistentVolumeClaim:
        claimName: test-claim
EOF

部署

$ kubectl apply -f rbac.yaml
$ kubectl apply -f class.yaml
$ kubectl apply -f deployment.yaml
$ kubectl apply -f test-claim.yaml
$ kubectl apply -f test-pod.yaml
posted @ 2021-10-07 13:34  吕振江  阅读(344)  评论(0编辑  收藏  举报
浏览器标题切换
浏览器标题切换end