[kubernetes]持久化存储之StorageClass _KUBERNETES

学向勤中得，萤窗万卷书。这篇文章主要讲述[kubernetes]持久化存储之StorageClass相关的知识，希望能为你提供帮助。
熟悉了PV/PVC之后，我们知道PV和PVC是一一对应的，一旦PV被一个PVC关联之后，PV就不能被其他的PVC关联了。从这里可以看出，我们每使用一次PVC就要创建一次PV，有没有好的办法简化一些呢？有，那就是StorageClass(SC)，SC就好像是帮我们提供了一个存储池，当我们在这个存储池上创建PVC的时候，会自动创建PV，而且一个SC可以对应多个PVC，也就是说我们创建了一个SC后，就可以直接创建PVC了，不用再单独创建PV。
在用户视图上就变成了这样：

但实际上是这样的：

?01 创建StorageClass?
因为StorageClass可以实现自动配置，所以使用StorageClass之前，我们需要先安装存储驱动的自动配置程序，而这个配置程序必须拥有一定的权限去访问我们的kubernetes集群（类似dashboard一样，必须有权限访问各种api，才能实现管理）。
【[kubernetes]持久化存储之StorageClass】 1）创建rbac

cat rbac.yaml
apiVersion: v1
kind: ServiceAccount# 创建一个用户
metadata:
name: nfs-client-provisioner
namespace: kube-system

---
kind: ClusterRole# 创建一个集群角色
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:# 角色权限
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]

---
kind: ClusterRoleBinding# 将用户绑定到集群角色中
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: kube-system
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io

# 应用
[root@host21 sc]# kubectl apply -f rbac.yaml
serviceaccount/nfs-client-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner created

2）创建自动配置程序 -- nfs-provisioner

[root@host21 sc]# cat dp.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-provisioner-01
namespace: kube-system
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-provisioner-01
template:
metadata:
labels:
app: nfs-provisioner-01
spec:
serviceAccountName: nfs-client-provisioner# 用户名
containers:
- name: nfs-client-provisioner
image: harbor.od.com/public/nfs-client-provisioner:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:# 定义环境变量
- name: PROVISIONER_NAME
value: nfs-provisioner-01# 此处供应者名字供storageclass调用
- name: NFS_SERVER
value: host200# 填入NFS的地址
- name: NFS_PATH
value: /data/nfs-volume/sc-pool# 填入NFS挂载的目录
volumes:
- name: nfs-client-root
nfs:
server: host200# 填入NFS的地址
path: /data/nfs-volume/sc-pool# 填入NFS挂载的目录

# 应用
[root@host21 sc]# kubectl apply -f dp.yaml
deployment.apps/nfs-provisioner-01 created

# 查看
[root@host21 sc]# kubectl get pod -n kube-system | grep nfs
nfs-provisioner-01-684f9b4798-lzbhv1/1Running03m9s

3）配置StorageClass

[root@host21 sc]# cat sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-sc-pool
provisioner: nfs-provisioner-01# 这里的名字要和dp里面定义的名字一样
# Supported policies: Delete、 Retain ， default is Delete
reclaimPolicy: Retain
# 应用
[root@host21 sc]# kubectl apply -f sc.yaml
storageclass.storage.k8s.io/nfs-sc-pool created
# 查看
[root@host21 sc]# kubectl get sc
NAMEPROVISIONERAGE
nfs-sc-poolnfs-provisioner-0114s

02 测试
1）创建PVC

# pvc.yaml
[root@host21 sc]# cat pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc01-sc-pool
spec:
storageClassName: nfs-sc-pool# 指定storageclass
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
# 应用
[root@host21 sc]# kubectl apply -f pvc.yaml
persistentvolumeclaim/pvc01-sc-pool created
# 查看pvc
[root@host21 sc]# kubectl get pvc
NAMESTATUSVOLUMECAPACITYACCESS MODESSTORAGECLASSAGE
pvc01-sc-poolBoundpvc-e6d1021e-0db8-4dee-8149-4229c272e2031MiRWXnfs-sc-pool5s
# 查看pv
[root@host21 sc]# kubectl get pv
NAMECAPACITYACCESS MODESRECLAIM POLICYSTATUSCLAIMSTORAGECLASSREASONAGE
pvc-e6d1021e-0db8-4dee-8149-4229c272e2031MiRWXRetainBounddefault/pvc01-sc-poolnfs-sc-pool8s

通过上面可以看出我们创建了storageclass之后，就可以不用创建pv而直接创建pvc了。

2）查看pv

[root@host21 sc]# kubectl describe pv pvc-e6d1021e-0db8-4dee-8149-4229c272e203
Name:pvc-e6d1021e-0db8-4dee-8149-4229c272e203
Labels:< none>
Annotations:pv.kubernetes.io/provisioned-by: nfs-provisioner-01
Finalizers:[kubernetes.io/pv-protection]
StorageClass:nfs-sc-pool
Status:Bound
Claim:default/pvc01-sc-pool
Reclaim Policy:Retain
Access Modes:RWX
VolumeMode:Filesystem
Capacity:1Mi
Node Affinity:< none>
Message:
Source:
Type:NFS (an NFS mount that lasts the lifetime of a pod)
Server:host200
Path:/data/nfs-volume/sc-pool/default-pvc01-sc-pool-pvc-e6d1021e-0db8-4dee-8149-4229c272e203
ReadOnly:false
Events:< none>

可以看到，pv自动被自动创建后，还在nfs目录中自动创建了一个和pv名称一样的目录给该pv使用，这样我们就不用担心数据乱了。

3）生产应用

[root@host21 sc]# cat nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
volumeMounts:# 我们这里将nginx容器默认的页面目录挂载
- name: nginx-html
mountPath: "/usr/share/nginx/html"
volumes:
- name: nginx-html
persistentVolumeClaim:
claimName: nginx-html-pvc# 要和下面的pvc名称一样
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginx-html-pvc# pvc名称
spec:
storageClassName: nfs-sc-pool
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
# 应用
[root@host21 sc]# kubectl apply -f nginx.yaml
deployment.apps/nginx created
# 验证
[root@host21 sc]# kubectl get pod
NAMEREADYSTATUSRESTARTSAGE
nginx-b7db77fbb-b2mln1/1Running06m3s
[root@host21 sc]#kubectl get pv
NAMECAPACITYACCESS MODESRECLAIM POLICYSTATUSCLAIMSTORAGECLASSREASONAGE
pvc-3755c46c-34ee-452b-971a-d562511199d71MiRWXRetainBounddefault/nfs-nginx-pvcnfs-sc-pool6m6s
pvc-60d11564-9713-4d3a-88a5-f9955685bdb51MiRWXRetainBounddefault/nginx-html-pvcnfs-sc-pool4m49s
pvc-e6d1021e-0db8-4dee-8149-4229c272e2031MiRWXRetainBounddefault/pvc01-sc-poolnfs-sc-pool28m
[root@host21 sc]# kubectl get pvc
NAMESTATUSVOLUMECAPACITYACCESS MODESSTORAGECLASSAGE
nfs-nginx-pvcBoundpvc-3755c46c-34ee-452b-971a-d562511199d71MiRWXnfs-sc-pool6m8s
nginx-html-pvcBoundpvc-60d11564-9713-4d3a-88a5-f9955685bdb51MiRWXnfs-sc-pool4m52s
pvc01-sc-poolBoundpvc-e6d1021e-0db8-4dee-8149-4229c272e2031MiRWXnfs-sc-pool28m