NFS动态持久化存储-storageclass

Posted 2021-03-01 ipyanthony

PVC 描述的，是 Pod 想要使用的持久化存储的属性，比如存储的大小、读写权限等。

PV 描述的，则是一个具体的 Volume 的属性，比如 Volume 的类型、挂载目录、远程存储服务器地址等。

StorageClass 的作用，则是充当 PV 的模板。并且，只有同属于一个 StorageClass 的 PV 和 PVC，才可以绑定在一起。当然，StorageClass 的另一个重要作用，是指定 PV 的 Provisioner（存储插件）。这时候，如果你的存储插件支持 Dynamic Provisioning 的话，Kubernetes 就可以自动为你创建 PV 了。

为nfs-client-provisioner授权

cat 1-rbac.yaml 

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: nfs-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-provisioner
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: Role
  name: leader-locking-nfs-provisioner
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-provisioner

部署nfs-client-provisioner服务,并绑定角色权限

cat 2-deployment-nfs-client.yaml 

kind: Deployment                                                                                                                                                                                                                           
apiVersion: extensions/v1beta1                                                                                                                                                                                                             
metadata:                                                                                                                                                                                                                                  
  name: nfs-client-provisioner                                                                                                                                                                                                             
spec:                                                                                                                                                                                                                                      
  replicas: 1                                                                                                                                                                                                                              
  strategy:                                                                                                                                                                                                                                
    type: Recreate                                                                                                                                                                                                                         
  template:                                                                                                                                                                                                                                
    metadata:                                                                                                                                                                                                                              
      labels:                                                                                                                                                                                                                              
        app: nfs-client-provisioner                                                                                                                                                                                                        
    spec:                                                                                                                                                                                                                                  
      serviceAccount: nfs-provisioner
      containers:                                                                                                                                                                                                                          
        - name: nfs-client-provisioner                                                                                                                                                                                                     
          image: harbor.yutang.cn/public/nfs-client-provisioner:latest                                                                                                                                                                    
          volumeMounts:                                                                                                                                                                                                                    
            - name: nfs-client-root                                                                                                                                                                                                        
              mountPath: /persistentvolumes                                                                                                                                                                                                
          env:                                                                                                                                                                                                                             
            - name: PROVISIONER_NAME                                                                                                                                                                                                       
              value: example.com/nfs                                                                                                                                                                                                        
            - name: NFS_SERVER                                                                                                                                                                                                             
              value: yutang2-181                                                                                                                                                                                                           
            - name: NFS_PATH                                                                                                                                                                                                               
              value: /data/nfs-volume/nfs_client_provisioner                                                                                                                                                                            
      volumes:                                                                                                                                                                                                                             
        - name: nfs-client-root                                                                                                                                                                                                            
          nfs:                                                                                                                                                                                                                             
            server: yutang2-181                                                                                                                                                                                                            
            path: /data/nfs-volume/nfs_client_provisioner           

定义storageclass供应商

cat 3-storageclass-nfs-pv.yaml 
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: nfs
provisioner: example.com/nfs

声明storageclass资源和定义属性

cat 4-test-claim.yaml 

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-claim1
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 500Mi
  storageClassName: nfs

创建pod应用,检测动态持久化存储是否生效

cat 5-test-pod.yaml 
kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  containers:
  - name: test-pod
    image: busybox
    command:
      - "/bin/sh"
    args:
      - "-c"
      - "touch /mnt/SUCCESS && exit 0 || exit 1"
    volumeMounts:
      - name: nfs-pvc
        mountPath: "/mnt"
  restartPolicy: "Never"
  volumes:
    - name: nfs-pvc
      persistentVolumeClaim:
        claimName: test-claim1

创建有状态应用,检测动态持久化存储是否生效

cat 6-StatefulSet.yaml

apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: web
spec:
  serviceName: "nginx1"
  replicas: 2
  volumeClaimTemplates:
  - metadata:
      name: test
      annotations:
        volume.beta.kubernetes.io/storage-class: "nfs"
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 1Gi
  template:
    metadata:
      labels:
        app: nginx1
    spec:
      serviceAccount: nfs-provisioner
      containers:
      - name: nginx1
        image: nginx
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - mountPath: "/persistentvolumes"
          name: test