在kubernetes中使用nfs-provisioner动态存储卷

听闻少年二字,当与平庸相斥。这篇文章主要讲述在kubernetes中使用nfs-provisioner动态存储卷相关的知识,希望能为你提供帮助。
【在kubernetes中使用nfs-provisioner动态存储卷】

1.安装配置nfs-server端在使用nfs-provisioner以前,需要先完成nfs server的配置。
此处服务器的环境为:
操作系统:CentOS Linux release 7.6.1810 (Core)
IP地址:192.168.45.200
共享目录路径:/data/nfs_provisioner


1.1    通过yum安装nfs server端

yum -y install nfs-utils

1.2  启动服务和设置开机启动
systemctl enable nfs-server --now
#启动nfs-server,并加入开机启动
systemctl status nfs-server
#查看nfs server是否已经正常启动


1.3  编辑配置文件,设置共享目录
vim /etc/exports
/data/nfs_provisioner 192.168.45.0/24(rw,no_root_squash)
exportfs -arv
#不用重启nfs服务,配置文件就会生效

用于配置NFS服务程序配置文件的参数:
参数
作用
ro
只读
rw
读写
root_squash
当NFS客户端以root管理员访问时,映射为NFS服务器的匿名用户
no_root_squash
当NFS客户端以root管理员访问时,映射为NFS服务器的root管理员
all_squash
无论NFS客户端使用什么账户访问,均映射为NFS服务器的匿名用户
sync
同时将数据写入到内存与硬盘中,保证不丢失数据
async
优先将数据保存到内存,然后再写入硬盘;这样效率更高,但可能会丢失数据
1.4  客户端尝试挂载
客户端需要安装nfs-utils,否则将无法进行nfs的挂载
showmount -e 192.168.45.200
#查看nfs-server共享的目录


mkdir /nfs_data
#本地创建一个目录作为挂载点
mount-t nfs 192.168.45.200:/data/nfs_provisioner /nfs_data
#将nfs-server的共享目录挂载到本地
#通过df -Th




2. 部署nfs-provisioner2.1  创建ServiceAccount
cat nfs-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-provisioner

kubectl apply -f nfs-sa.yaml
2.2  创建RBAC授权
cat nfs-rabc.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nfs-provisioner-rbac
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get"]
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
resourceNames: ["nfs-provisioner"]
verbs: ["use"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
namespace: jenkins
roleRef:
kind: ClusterRole
name: nfs-provisioner-rbac
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-provisioner
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-provisioner
apiGroup: rbac.authorization.k8s.io

kubectl apply -f  nfs-rabc.yaml
2.3  把nfs-provisioner配置成一个deployment服务
cat nfs-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-provisioner
spec:
selector:
matchLabels:
app: nfs-provisioner
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-provisioner
spec:
serviceAccount: nfs-provisioner
containers:
- name: nfs-provisioner
image: registry.cn-hangzhou.aliyuncs.com/open-ali/xianchao/nfs-client-provisioner:v1
imagePullPolicy

    推荐阅读