【KubeSphere和rancher 集群配置 NFS 存储】
KubeSphere和rancher 的k8s集群配置NFS共享存储
目录
简单部署nfs
#yum安装nfs和rpc的包
yum -y install nfs-utils rpcbind
#创建共享目录
mkdir -p /mnt/nfs/rancher/data
#给目录nfsnobody用户权限
chown -R nfsnobody:nfsnobody /mnt/nfs/rancher/data
#编写共享的目录
vim /etc/exports
/mnt/nfs/rancher/data 192.168.1.0/16(rw,no_root_squash,no_subtree_check,sync)
--- no_root_squash不压缩root用户
--- no_subtree_check不检查父目录的权限
#启动nfs和rpc
systemctl start nfs && systemctl enable nfs
systemctl start rpcbind && systemctl enable rpcbind
#自测
showmount -e 127.0.0.1
rancher配置(实现共享存储)
#创建PV
打开rancher进去到集群界面
选择存储--持久卷--创建PV
#创建PVC
进去项目空间选择pvc--创建pvc
#使用PVC
选择使用的服务数据卷挂载
KubeSphere 集群配置
#节点安装nfs服务
需要有nfs命令否则后期部署是无法挂载
yum install nfs-utils
#集群安装 NFS 动态分配器
官方的nfs provisoner,serviceAccount RABC相关
#SA RABC
#编辑rbac.yaml(只改namespace就可以,其他可直接使用)
vim rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
namespace: service
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: service
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: service
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: service
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: service
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
#命令启动
kubectl apply -f ./rbac.yaml
#返回开始创建信息
serviceaccount/nfs-client-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner created
role.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
rolebinding.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
#官方的 nfs provisoner用途的deloyment
#编写deployment的yaml文件(主要修改位置nfs的IP地址、和共享的目录和使用的namespace空间,其他可直接使用)
vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
labels:
app: nfs-client-provisioner
namespace: service
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: quay.io/external_storage/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: nfs/provisioner-229
- name: NFS_SERVER
value: 192.168.1.10
- name: NFS_PATH
value: /mnt/nfs/rancher/data
volumes:
- name: nfs-client-root
nfs:
server: 192.168.1.10
path: /mnt/nfs/rancher/data
#启动之前需要/etc/kubernetes/manifests/kube-apiserver.yaml 添加参数 - --feature-gates=RemoveSelfLink=false(在k8s集群 v1.20之前都存在,后面的创建和挂载 NFS 存储卷启动不成功就加这个参数)
#命令启动 kubectl apply -f deployment.yaml
#返回值
deployment.apps/nfs-client-provisioner created
#界面操作,直接把yaml文件复制进去就可以
#创建storageClass
# vim storageclass.yaml,需要注意值的对应,请根据上方deployment部署时候的provisioner_name做对应的修改,或者没有修改,就不用动
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: managed-nfs-storage
annotations:
"storageclass.kubernetes.io/is-default-class": "false"
provisioner: nfs/provisioner-229 # or choose another name, must match deployment'env PROVISIONER_NAME'
parameters:
archiveOnDelete: "false"
#界面操作,直接复制进来
#创建和挂载 NFS 存储卷
#vim yaml文件
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nfsce
namespace: service
annotations:
kubesphere.io/creator: admin
volume.beta.kubernetes.io/storage-provisioner: nfs/provisioner-229
finalizers:
- kubernetes.io/pvc-protection
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi #设施可使用的容量大小
storageClassName: managed-nfs-storage
volumeMode: Filesystem
#界面操作,直接复制进来
#使用
更多推荐
所有评论(0)