部署 NFS-Client Provisioner 的初衷, 就是为了根据 PVC 的需求自动创建符合要求的 PV.
首先, 必须拥有自己的 NFS Server, 而且 k8s 集群能够正常访问之.
之后, 在 k8s master 上应用以下 YAML 文件:
1 RBAC.YAML
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: nfs-client-provisioner-runner
- rules:
- - apiGroups: [""]
- resources: ["persistentvolumes"]
- verbs: ["get", "list", "watch", "create", "delete"]
- - apiGroups: [""]
- resources: ["persistentvolumeclaims"]
- verbs: ["get", "list", "watch", "update"]
- - apiGroups: ["storage.k8s.io"]
- resources: ["storageclasses"]
- verbs: ["get", "list", "watch"]
- - apiGroups: [""]
- resources: ["events"]
- verbs: ["create", "update", "patch"]
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: run-nfs-client-provisioner
- subjects:
- - kind: ServiceAccount
- name: nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- roleRef:
- kind: ClusterRole
- name: nfs-client-provisioner-runner
- apiGroup: rbac.authorization.k8s.io
- ---
- kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: leader-locking-nfs-client-provisioner
- namespace: default
- rules:
- - apiGroups: [""]
- resources: ["endpoints"]
- verbs: ["get", "list", "watch", "create", "update", "patch"]
- ---
- kind: RoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: leader-locking-nfs-client-provisioner
- subjects:
- - kind: ServiceAccount
- name: nfs-client-provisioner
- namespace: default
- roleRef:
- kind: Role
- name: leader-locking-nfs-client-provisioner
- apiGroup: rbac.authorization.k8s.io
2 Deployment.YAML
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: nfs-client-provisioner
- labels:
- App: nfs-client-provisioner
- namespace: default
- spec:
- replicas: 1
- selector:
- matchLabels:
- App: nfs-client-provisioner
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- App: nfs-client-provisioner
- spec:
- serviceAccountName: nfs-client-provisioner
- containers:
- - name: nfs-client-provisioner
- image: quay.io/external_storage/nfs-client-provisioner:latest
- volumeMounts:
- - name: nfs-client-root
- mountPath: /persistentvolumes
- env:
- - name: PROVISIONER_NAME
- value: zbb.test/nfs
- - name: NFS_SERVER
- value: 10.0.0.32
- - name: NFS_PATH
- value: /netshare
- volumes:
- - name: nfs-client-root
- nfs:
- server: 10.0.0.32
- path: /netshare
注意修改 env 和 volumes 中关于 NFS Server 的参数
3 storageclass.YAML
- apiVersion: storage.k8s.io/v1
- kind: StorageClass
- metadata:
- name: managed-nfs-storage
- provisioner: zbb.test/nfs # or choose another name, must match deployment's env PROVISIONER_NAME'
- parameters:
- archiveOnDelete: "false"
注意: storageclass 中的 provisioner 必须与 deployment 中的定义一致!
由此, 部署完成, 下面给出个测试示例:
- 4 test-pvc.YAML
- kind: PersistentVolumeClaim
- apiVersion: v1
- metadata:
- name: test-claim
- annotations:
- volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
- spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 1Mi
- 5 test-pod.YAML
- kind: Pod
- apiVersion: v1
- metadata:
- name: test-pod
- spec:
- containers:
- - name: test-pod
- image: busybox:1.24
- command:
- - "/bin/sh"
- args:
- - "-c"
- - "touch /mnt/SUCCESS && exit 0 || exit 1"
- volumeMounts:
- - name: nfs-pvc
- mountPath: "/mnt"
- restartPolicy: "Never"
- volumes:
- - name: nfs-pvc
- persistentVolumeClaim:
- claimName: test-claim
到此, 可以查询测试结果, 测试完成
此后就可以使用 NFS 动态供给 PV 啦, 不需要手工创建咯
测试平台: kubernetes 1.16.3
OS: CentOS Linux release 7.7.1908 (Core)
参考资料:
来源: http://www.bubuko.com/infodetail-3319597.html