Appearance
NFSClientProvisioner
前置条件
1、存在nfs服务器
2、**/etc/exports**配置有共享目录,如:
bash
/data/NFS *(rw,sync,no_root_squash,no_all_squash)编写RBAC进行权限分配
yaml
apiVersion: v1
kind: ServiceAccount # 服务账户
metadata:
name: nfs-client-provisioner
namespace: kube-system
---
kind: ClusterRole # 群集角色
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding # 引用集群角色
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: kube-system
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role # 角色
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding # 角色引用
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: kube-system
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: kube-system
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io编写StorageClass
yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-storage
annotations:
storageclass.kubernetes.io/is-default-class: "false"
provisioner: "k8s-sigs.io/nfs-subdir-external-provisioner"
parameters:
archiveOnDelete: "true"编写deployment
修改配置: 替换为 NFS 服务器的 IP 地址 替换为 NFS 服务器上的共享目录路径 可根据需要修改其他配置
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
namespace: kube-system
labels:
app: nfs-client-provisioner
spec:
replicas: 1
strategy:
type: Recreate ## 设置升级策略为删除再创建(默认为滚动更新)
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: eipwork/nfs-subdir-external-provisioner:4.0.2
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME # PROVISIONER_NAME的Value值与StorageClass的Provisioner字段值必须保持一致
value: k8s-sigs.io/nfs-subdir-external-provisioner # StorageClass的provisioner与这里一致
# 设置高可用允许选举
#- name: ENABLE_LEADER_ELECTION
# value: "True"
- name: NFS_SERVER
value: 192.168.0.80 # 使用文件存储的挂载目标IP地址替换
- name: NFS_PATH
value: /data/nfs # 使用挂载目标支持的目录替换,默认挂载到/cfs目录
imagePullSecrets:
- name: default-secret
volumes:
- name: nfs-client-root
nfs:
server: nfs-server-ip # 使用文件存储的挂载目标IP地址替换
path: shared-directory # 使用挂载目标支持的目录替换,默认挂载到/cfs目录创建持久卷
yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-name
spec:
storageClassName: nfs-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Mi