k8s部署nfs存储类

本文介绍一种使用 Debian 搭建 nfs 服务器的方法。此方法仅用于测试目的。

Debian部署nfs服务端服务

apt udpate
# 安装nfs服务
apt install -y nfs-kernel-server 
# 配置分享目录
mkdir /k8sdata
echo "/k8sdata/ *(insecure,rw,sync,no_root_squash,no_subtree_check)" > /etc/exports

# 启动服务
systemctl enable rpcbind
systemctl enable nfs-server

systemctl start rpcbind
systemctl start nfs-server

exportfs -r

# 测试nfs

~# exportfs
/k8sdata          <world>
~# showmount -e 127.0.0.1
Export list for 127.0.0.1:
/k8sdata *

k8s部署

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: nfs-client-provisioner-runner
  namespace: kube-system
rules:
  - apiGroups:
      - ''
    resources:
      - persistentvolumes
    verbs:
      - get
      - list
      - watch
      - create
      - delete
  - apiGroups:
      - ''
    resources:
      - persistentvolumeclaims
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - storage.k8s.io
    resources:
      - storageclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - events
    verbs:
      - create
      - update
      - patch

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: run-nfs-client-provisioner
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  namespace: kube-system
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: leader-locking-nfs-client-provisioner
  namespace: kube-system
rules:
  - apiGroups:
      - ''
    resources:
      - endpoints
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: leader-locking-nfs-client-provisioner
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: leader-locking-nfs-client-provisioner
  namespace: kube-system
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    namespace: kube-system

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nfs-devops
  name: nfs-devops
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nfs-devops
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nfs-devops
    spec:
      containers:
        - env:
            - name: PROVISIONER_NAME
              value: nfs-devops
            - name: NFS_SERVER
              value: 172.16.72.59
            - name: NFS_PATH
              value: /k8sdata
          image: 'ysicing/nfs-client-provisioner'
          name: nfs-client-provisioner
          volumeMounts:
            - mountPath: /persistentvolumes
              name: nfs-client-root
      serviceAccountName: nfs-client-provisioner
      volumes:
        - name: nfs-client-root
          nfs:
            path: /k8sdata
            server: 172.16.72.59

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  annotations:
    k8s.godu.dev/storageType: nfs_client_provisioner
  name: devops
parameters:
  archiveOnDelete: 'false'
provisioner: nfs-devops
# 回收策略 
# 回收后删除 Delete
# 回收后保留 Retain
reclaimPolicy: Retain
# 绑定模式 Volume Binding Mode
# 即刻绑定 Immediate 存储卷声明创建后,立刻动态创建存储卷并将其绑定到存储卷声明

# 首次使用时绑定 WaitForFirstConsumer
# 直到存储卷声明第一次被容器组使用时,才创建存储卷,并将其绑定到存储卷声明
volumeBindingMode: Immediate
Last modification:November 16th, 2019 at 12:12 am
搞技术/肝文章不易,恳请随意打赏 OwO

Leave a Comment