场景: 在 非 Master 节点 添加了 1T 的磁盘, 挂载到 /mnt 路径, 然后实现在此存储上动态创建 PVC.
安装 NFS 工具包
所有节点 (CentOS 7)
yum -y install nfs-utils
创建 NFS Provisioner
1, 新建 ServiceAccount,PodSecurityPolicy,ClusterRole,ClusterRoleBinding
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: nfs-provisioner
- ---
- apiVersion: extensions/v1beta1
- kind: PodSecurityPolicy
- metadata:
- name: nfs-provisioner
- spec:
- fsGroup:
- rule: RunAsAny
- allowedCapabilities:
- - DAC_READ_SEARCH
- - SYS_RESOURCE
- runAsUser:
- rule: RunAsAny
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- volumes:
- - configMap
- - downwardAPI
- - emptyDir
- - persistentVolumeClaim
- - secret
- - hostPath
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: nfs-provisioner-runner
- rules:
- - apiGroups: [""]
- resources: ["persistentvolumes"]
- verbs: ["get", "list", "watch", "create", "delete"]
- - apiGroups: [""]
- resources: ["persistentvolumeclaims"]
- verbs: ["get", "list", "watch", "update"]
- - apiGroups: ["storage.k8s.io"]
- resources: ["storageclasses"]
- verbs: ["get", "list", "watch"]
- - apiGroups: [""]
- resources: ["events"]
- verbs: ["list", "watch", "create", "update", "patch"]
- - apiGroups: [""]
- resources: ["services", "endpoints"]
- verbs: ["get"]
- - apiGroups: ["extensions"]
- resources: ["podsecuritypolicies"]
- resourceNames: ["nfs-provisioner"]
- verbs: ["use"]
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: run-nfs-provisioner
- namespace: default
- subjects:
- - kind: ServiceAccount
- name: nfs-provisioner
- namespace: default
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: nfs-provisioner-runner
2, 创建 NFS provisioner 服务
- kind: Service
- apiVersion: v1
- metadata:
- name: nfs-provisioner
- labels:
- app: nfs-provisioner
- spec:
- ports:
- - name: nfs
- port: 2049
- - name: mountd
- port: 20048
- - name: rpcbind
- port: 111
- - name: rpcbind-udp
- port: 111
- protocol: UDP
- selector:
- app: nfs-provisioner
- ---
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- name: nfs-provisioner
- spec:
- selector:
- matchLabels:
- app: nfs-provisioner
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- app: nfs-provisioner
- spec:
- serviceAccountName: nfs-provisioner # 关联上述创建的 ServiceAccount
- containers:
- - name: nfs-provisioner
- image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.9
- ports:
- - name: nfs
- containerPort: 2049
- - name: mountd
- containerPort: 20048
- - name: rpcbind
- containerPort: 111
- - name: rpcbind-udp
- containerPort: 111
- protocol: UDP
- securityContext:
- capabilities:
- add:
- - DAC_READ_SEARCH
- - SYS_RESOURCE
- args:
- - "-provisioner=anoyi.com/nfs"
- env:
- - name: POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: SERVICE_NAME
- value: nfs-provisioner
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- imagePullPolicy: "IfNotPresent"
- volumeMounts:
- - name: export-volume
- mountPath: /export
- volumes:
- - name: export-volume
- hostPath:
- path: /mnt/k8s # 存储的挂载点
- nodeSelector: # 指定提供存储的节点
- kubernetes.io/hostname: lab-backend2
使用
kubectl get nodes --show-labels
命令查看节点的标签, 用于 nodeSelector 选择 Pod 在哪个节点运行, hostPath 指定挂载点为当前节点的指定路径.
3, 创建 StorageClass
- kind: StorageClass
- apiVersion: storage.k8s.io/v1
- metadata:
- name: nfs
- provisioner: anoyi.com/nfs
4, 创建 2 个 PVC
- # 创建持久化存储卷
- apiVersion: v1
- kind: PersistentVolumeClaim
- metadata:
- name: pvc01
- annotations:
- volume.beta.kubernetes.io/storage-class: "nfs"
- spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 10Gi
- ---
- apiVersion: v1
- kind: PersistentVolumeClaim
- metadata:
- name: pvc02
- annotations:
- volume.beta.kubernetes.io/storage-class: "nfs"
- spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 20Gi
参考资料
- https://github.com/kubernetes-incubator/external-storage/tree/master/nfs
- Storage Classes https://kubernetes.io/docs/concepts/storage/storage-classes/
- Dynamic Volume Provisioning https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/
来源: http://www.jianshu.com/p/839ac3acf294