k8s使用nfs做storageclass
镜像下载与私仓上传docker pull docker.io/lhcre/nfs-client-provisionerdocker tag docker.io/lhcre/nfs-client-provisioner 172.16.15.250/nfs-client-provisionerdocker push 172.16.15.250/nfs-client-provisioner权限控制 nf
·
镜像下载与私仓上传
docker pull docker.io/lhcre/nfs-client-provisioner
docker tag docker.io/lhcre/nfs-client-provisioner 172.16.15.250/nfs-client-provisioner
docker push 172.16.15.250/nfs-client-provisioner
权限控制 nfs-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner-one
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-one-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner-one
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner-one
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-one-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner-one
# replace with namespace where provisioner is deployed
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner-one
# replace with namespace where provisioner is deployed
namespace: defaultl
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner-one
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner-one
apiGroup: rbac.authorization.k8s.io
如果不想将nfs-provisioner部署在default,则执行下面操作(假设部署在nfs)
[root@master1 nfs]# kubectl create ns nfs
[root@master1 nfs]# sed -i 's/namespace: default/namespace: nfs/g' nfs-rbac.yml
[root@master1 nfs]# kubectl apply -f nfs-rbac.yml -n nfs
nfs-provisioner部署文件 nfs-provisioner.yaml
!!!配置nfs服务器地址和共享的出来的路径
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner-one
labels:
app: nfs-client-provisioner-one
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner-one
template:
metadata:
labels:
app: nfs-client-provisioner-one
spec:
serviceAccountName: nfs-client-provisioner-one
containers:
- name: nfs-client-provisioner-one
#!!!修改值---镜像
image: 172.16.15.250/nfs-client-provisioner
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
#!!!修改值---后续创建storageclass时需要用到该参数
value: nfsone
- name: NFS_SERVER
#!!!修改值---nfs服务器地址
value: 172.16.15.121
- name: NFS_PATH
#!!!修改值---nfs共享出来的路径
value: /data-nfs
volumes:
- name: nfs-client-root
nfs:
#!!!修改值---nfs服务器地址
server: 172.16.15.121
#!!!修改值---nfs共享出来的路径
path: /data-nfs
部署
kubectl apply -f nfs-provisioner.yaml -n nfs
部署storageclass—nfs-storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
#创建PVC时会用到的参数
name: nfs-one
labels:
uds.dce.daocloud.io/storage-type: file
annotations:
# 设置该storageclass为PVC创建时默认使用的存储机制;如果不设置该参数,PVC想要使用该storageclass时需要指定 storageclassname
storageclass.kubernetes.io/is-default-class: "true"
#!!!修改值---匹配deployment中的环境变量'PROVISIONER_NAME'
provisioner: nfsone
parameters:
archiveOnDelete: "true" # "false" 删除PVC时不会保留数据,"true"将保留PVC数据
reclaimPolicy: Retain
部署
kubectl apply -f nfs-storageclass.yaml -n nfs
pvc使用该storageclass
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hello-pvc
spec:
storageClassName: nfs-one
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
5、查看是否绑定
kubectl get pvc
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)