环境:背景:NFS存储卷用于持久化存储需要保存的redis文件1.部署NFS服务器#Server安装nfs服务,提供nfs存储功能1.安装nfs-utilsyuinstallnfs-utils(centos)或apt-getinstallnfs-kernel-server(ubuntu)2.启动服务systemctlenablenfs-serversystemctlstartnfs-server3。创建共享目录并完成共享配置mkdir/home/nfs#创建共享目录4.编辑共享配置vim/etc/exports#语法格式:共享文件路径clientaddress(Permission)#这里的client地址可以是IP,网段,域名,或者任意*/home/nfs*(rw,async,no_root_squash)服务自检命令exportfs-arv5,重启服务systemctlrestartnfs-server6,这个查看机器上的nfs共享目录#showmount-e服务器IP地址(如果提示命令不存在,需要yuminstallshowmount)showmount-e127.0.0.1/home/nfs*7,client模拟挂载【所有k8s节点都需要安装Client】[root@master-1~]#yuminstallnfs-utils(centos)或apt-getinstallnfs-common(ubuntu)[root@master-1~]#mkdir/test[root@master-1~]#mount-tnfs172.16.201.209:/home/nfs/test#Unmount[root@master-1~]#umount/test2.配置PV动态供给(NFSStorageClass),创建pv??c#DeployNFS自动创建PV插件:共有4个yaml文件已经设计好了,官方文档有详细的说明。https://github.com/kubernetes-incubator/external-storageroot@k8s-master1:~#mkdir/root/pvcroot@k8s-master1:~#cd/root/pvc创建rbac.yaml文件root@k8s-master1:pvc#catrbac.yamlkind:ServiceAccountapiVersion:v1metadata:name:nfs-client-provisioner---kind:ClusterRoleapiVersion:rbac.authorization.k8s.io/v1metadata:name:nfs-client-provisioner-runnerrules:-apiGroups:[""]资源:[“persistentvolumes”]verbs:[“get”,“list”,“watch”,“create”,“delete”]-apiGroups:[“”]resources:[“persistentvolumeclaims”]verbs:[“get”,“list”","watch","update"]-apiGroups:["storage.k8s.io"]资源:["storageclasses"]verbs:["get","list","watch"]-apiGroups:[""]资源:[“事件”]动词:[“创建”,“更新”,“补丁”]---种类:ClusterRoleBindingapiVersion:rbac.authorization.k8s.io/v1metadata:名称:run-nfs-client-provisionersubjects:-kind:ServiceAccountname:nfs-client-provisionernamespace:defaultroleRef:kind:ClusterRolename:nfs-client-provisioner-runnerapiGroup:rbac.authorization.k8s.io---kind:RoleapiVersion:rbac.authorization.k8s.io/v1metadata:name:leader-locking-nfs-client-provisionerrules:-apiGroups:[""]资源:[“端点”]verbs:[“get”,“list”,“watch”,“create”,“update”,“patch”]---种类:RoleBindingapiVersion:rbac.authorization.k8s.io/v1metadata:名称:leader-locking-nfs-client-provisionersubjects:-kind:ServiceAccountname:nfs-client-provisioner#replacewithnamespacewhereprovisionerisdeployednamespace:defaultroleRef:kind:Rolename:leader-locking-nfs-client-provisionerapiGroup:rbac.authorization.k8s.io创建部署文件#官方默认镜像地址,国内可能下载不到,可以用image:fxkjnj/nfs-client-provisioner:latest#定义NFS服务器地址,共享目录名root@k8s-master1:pvc#catdeployment.yamlapiVersion:v1kind:ServiceAccountmetadata:name:nfs-client-provisioner---kind:DeploymentapiVersion:apps/v1metadata:name:nfs-client-provisionerspec:replicas:1strategy:type:Recreateselector:matchLabels:app:nfs-client-provisionertemplate:metadata:labels:app:nfs-client-provisionerspec:serviceAccountName:nfs-client-provisionercontainers:-name:nfs-client-provisionerimage:fxkjnj/nfs-client-provisioner:latestvolumeMounts:-name:nfs-client-rootmountPath:/persistentvolumesenv:-name:PROVISIONER_NAMEvalue:fuseim.pri/ifs-name:NFS_SERVERvalue:172.16.201.209-name:NFS_PATHvalue:/home/nfsvolumes:-name:nfs-client-rootnfs:server:172.16.201.209path:/home/nfscreateclass.yaml#archiveOnDelete:"true"表示删除PVC时,不会直接删除后端数据,而是归档root@k8s-master1:pvc#catclass.yamlapiVersion:storage.k8s.io/v1kind:StorageClassmetadata:name:managed-nfs-storageprovisioner:fuseim.pri/ifs#orchooseanothername,mustmatchdeployment'senvPROVISIONER_NAME'parameters:archiveOnDelete:"true"创建pvc.yaml#specifystorageClassName存储卷名称#requests:storage:100Gi指定需要多少存储#注意,这里pvc,我们在redis命名空间下创建,如果没有redis,需要先创建,kubectlcreatenamespaceredisroot@k8s-master1:pvc#catpvc.yamlapiVersion:v1kind:PersistentVolumeClaimmetadata:name:nfs-redisnamespace:redisspec:storageClassName:"managed-nfs-storage"访问模式:-ReadWriteManyresources:requests:storage:100Gi#deploymentroot@k8s-master1:pvc#kubectlapply-f.#查看存储卷root@k8s-master1:pvc#kubectlgetscNAMEPROVISIONERRECLAIMPOLICYVOLUMEBINDINGMODEALLOWVOLUMEEXPANSIONAGEmanaged-nfs-storagefuseim.pri/ifsDeleteImmediatefalse25h#查看pvcroot@k8s-master1:pvc#kubectlgetpvc-nredisNAMESTATUSVOLUMECAPACITYACCESSMODESSTORAGECLASSAGEnfs-redisBoundpvc-8eacbe25-3875-4f78-91ca-ba83b6967a8a100GiRWXmanaged-nfs-storage21h3.编写redisyaml文件root@k8s-master1:~#mkdir/root/redisroot@k8s-master1:~#cd/root/redis编写redis.conf配置文件,挂载到容器中configmap的形式#require配置redis密码#save51表示每5秒一个keychange会写入dump.rdb文件#appendonlyno表示dump.rdb可以用来恢复redis快照n的数据exttime#注意namespace是redisroot@k8s-master1:redis#catredis-configmap-rdb.ymlkind:ConfigMapapiVersion:v1metadata:name:redis-confignamespace:redislabels:app:redisdata:redis.conf:|-protected-modenoport6379tcp-backlog511timeout0tcp-keepalive300daemonizenosupervisednopidfile/data/redis_6379.pidloglevelnoticelogfile""databases16always-show-logoyessave51save30010save6010000stop-writes-on-bgsave-erroryesrdbcompressionyesrdbchecksumyesdbfilenamedump.rdbdir/datareplica-serve-stale-datayesreplica-read-onlyyesrepl-diskless-syncnorepl-diskless-sync-delay5repl-disable-tcp-nodelaynoreplica-priority100requirepass123lazyfree-lazy-evictionnolazyfree-lazy-expirenolazyfree-lazy-server-delnoreplica-lazy-flushnoappendonlynoappendfilename"appendonly.aof"appendfsynceverysec-on-appendfsync-on-append-rewritenauto-aof-rewrite-percentage100auto-aof-rewrite-min-size64mbaof-load-truncatedyesaof-use-rdb-preambleyeslua-time-limit5000slowlog-log-slower-than10000slowlog-max-len128latency-monitor-threshold0notify-keyspace-events""hash-max-ziplist-entries512hash-max-ziplist-value64list-max-ziplist-size-2list-compress-depth0set-max-intset-entries512zset-max-ziplist-entries128zset-max-ziplist-value64hll-sparse-max-bytes3000stream-node-max-bytes4096stream-node-max-entries100activerehashingyesclient-output-buffer-limitnormal000client-output-buffer-limitreplica256mb64mb60client-output-buffer-limitpubsub32mb8mb60hz10dynamic-hzyesaof-rewrite-incremental-fsyncyesrdb-save-incremental-fsyncyes编写redis-deployment.yml#注意命名空间为redisroot@k8s-master1:delapyVmaster.redis#catredision:apps/v1kind:Deploymentmetadata:name:redisnamespace:redislabels:app:redisspec:replicas:3selector:matchLabels:app:redistemplate:metadata:labels:app:redisspec:#执行初始化操作,修改系统配置,解决Redis时的提示启动警告消息initContainers:-name:system-initimage:busybox:1.32imagePullPolicy:IfNotPresentcommand:-"sh"-"-c"-"echo2048>/proc/sys/net/core/somaxconn&&echonever>/sys/kernel/mm/transparent_hugepage/enabled"securityContext:privileged:truerunAsUser:0volumeMounts:-name:sysmountPath:/syscontainers:-name:redisimage:redis:5.0.8command:-"sh"-"-c"-"redis-server/usr/local/etc/redis/redis.conf"ports:-containerPort:6379resources:limits:cpu:1000mmemory:1024Mirequests:cpu:1000mmemory:1024MilivenessProbe:tcpSocket:port:6379initialDelaySeconds:300timeoutSeconds:1periodSeconds:10successThreshold:1failureThreshold:3readinessProbe:tcpSocket:port:6379initialDelaySeconds:5timeoutSeconds:1periodSeconds:10successThreshold:1failureThreshold:3volumeMounts:-name:datamountPath:/data-name:configmountPath:/usr/local/etc/redis/redis.confsubPath:redis.confvolumes:-name:datapersistentVolumeClaim:claimName:nfs-redis-name:configconfigMap:name:redis-config-name:syshostPath:path:/sys编写redis-service.yml#注意命名空间为redis#部属root@k8s-master1:~/kubernetes/redis#kubectlgetpod-nredisNAMEREADYSTATUSRESTARTSAGEredis-65f75db6bc-5skgr1/1Running021hredis-65c715dbhredis-65c715db665f75db6bc-cp6cx1/1Running021hroot@k8s-master1:~/kubernetes/redis#kubectlgetsvc-nredisNAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGEredis-frontNodePort10.0.0.169
