使用nfs文件系统实现kubernetes存储动态挂载1.安装服务器和客户端root@hello:~#aptinstallnfs-kernel-servernfs-common其中nfs-kernel-server是服务端, nfs-common是客户端。2、配置nfs共享目录root@hello:~#mkdir/nfsroot@hello:~#sudovim/etc/exports/nfs*(rw,sync,no_root_squash,no_subtree_check)字段解析如下:/nfs:directorytobeshared:指定可以访问共享目录的用户ip,*代表所有用户。192.168.3. 指定网段。192.168.3.29指定ip。rw:可读可写。如果只想读,可以指定ro。sync:文件同步写入内存和硬盘。async:文件会暂存在内存中,而不是直接写入硬盘。no_root_squash:如果登录nfs主机使用共享目录的用户是root,那么他对这个共享目录有root权限!此款“极不安全”,不推荐!但是如果需要在客户端写入nfs目录。您必须配置no_root_squash。便利性和安全性不能兼得。root_squash:如果登录nfs主机使用共享目录的用户是root,那么该用户的权限会被压缩成一个匿名用户,通常他的UID和GID会成为系统帐号nobody的身份。subtree_check:强制nfs检查父目录的权限(默认)no_subtree_check:不检查父目录的权限配置完成后,执行以下命令导出共享目录并重启nfs服务:root@hello:~#exportfs-aroot@hello:~#systemctlrestartnfs-kernel-serverroot@hello:~#root@hello:~#systemctlenablenfs-kernel-serverclientmountroot@hello:~#aptinstallnfs-commonroot@hello:~#mkdir-p/nfs/root@hello:~#mount-tnfs192.168.1.66:/nfs//nfs/root@hello:~#df-hTFilesystemTypeSizeUsedAvailUse%Mountedonudevdevtmpfs7.8G07.8G0%/devtmpfstmpfs1.6G2.9M1.6G1%/run/dev/mapper/ubuntu--vg-ubuntu--lvext497G9.9G83G11%/tmpfstmpfs7.9G07.9G0%/dev/shmtmpfstmpfs5.0M05.0M0%/run/locktmpfstmpfs7.9G07.9G0%/sys/fs/cgroup/dev/loop0squashfs56M56M0100%/snap/core18/2128/dev/loop1squashfs56M56M0100%/snap/core18/2246/dev/loop3squashfs33M33M0100%/snap/snapd/12704/dev/loop2squashfs62M62M0100%/snap/core20/1169/dev/loop4squashfs33M33M0100%/snap/snapd/13640/dev/loop6squashfs68M68M0100%/snap/lxd/21835/dev/loop5squashfs71M71M0100%/snap/lxd/21029/dev/sda2ext4976M107M803M12%/boottmpfstmpfs1.6G01.6G0%/run/user/0192.168.1.66:/nfsnfs497G6.4G86G7%/nfs创建配置节点默认存储[root-master~k8s-/yaml]#vimnfs-storage.yaml[root@k8s-master-node1~/yaml]#[root@k8s-master-node1~/yaml]#catnfs-storage.yamlapi版本:storage.k8s.io/v1kind:StorageClassmetadata:名称:nfs-storage注释:storageclass.kubernetes.io/is-default-class:"true"provisioner:k8s-sigs.io/nfs-subdir-external-provisionerparameters:archiveOnDelete:"true"##删除pv的时候,pv的内容是否要备份---apiVersion:apps/v1kind:Deploymentmetadata:name:nfs-client-provisionerlabels:app:nfs-client-provisioner#替换为配置器部署的命名空间namespace:defaultspec:replicas:1strategy:type:Recreateselector:matchLabels:app:nfs-client-provisionertemplate:metadata:labels:app:nfs-client-provisionerspec:serviceAccountName:nfs-client-provisioner容器:-name:nfs-client-provisionerimage:registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/nfs-subdir-external-provisioner:v4.0.2#resources:#limits:#cpu:10m#requests:#cpu:10mvolumeMounts:-name:nfs-client-root挂载路径:/persistentvolumesenv:-name:PROVISIONER_NAMEvalue:k8s-sigs.io/nfs-subdir-external-provisioner-name:NFS_SERVERvalue:192.168.1.66##指定自己nfs服务器地址-name:NFS_PATHvalue:/nfs/##nfs服务器共享的目录volumes:-name:nfs-client-rootnfs:server:192.168.1.66path:/nfs/---apiVersion:v1kind:ServiceAccountmetadata:name:nfs-client-provisioner#replacewithnamespacewhereprovisionerisdeployed命名空间:默认---种类:ClusterRoleapiVersion:rbac.authorization.k8s.io/v1metadata:名称:nfs-client-provisioner-runnerrules:-apiGroups:[“”]资源:[“节点”]动词:[“get”,"list","watch"]-apiGroups:[""]资源:["persistentvolumes"]动词:["get","list","watch","create","delete"]-apiGroups:[""]资源:["persistentvolumeclaims"]动词:["get"、"list"、"watch"、"update"]-apiGroups:["storage.k8s.io"]资源:["storageclasses"]动词:["get","list","watch"]-apiGroups:[""]资源:["events"]动词:["create","update","patch"]---kind:ClusterRoleBindingapiVersion:rbac.authorization.k8s.io/v1metadata:name:run-nfs-client-provisionersubjects:-kind:ServiceAccountname:nfs-client-provisioner#替换为命名空间provisioner部署的地方命名空间:defaultroleRef:kind:ClusterRolename:nfs-client-provisioner-runnerapiGroup:rbac.authorization.k8s.io---kind:RoleapiVersion:rbac.authorization.k8s.io/v1metadata:name:leader-locking-nfs-client-provisioner#替换为配置器部署的命名空间namespace:defaultrules:-apiGroups:[""]resources:["endpoints"]verbs:["get","list","watch","create","update","patch"]---kind:RoleBindingapiVersion:rbac.authorization.k8s.io/v1metadata:name:leader-locking-nfs-client-provisioner#替换为namespacewhereprovisionerisdeployednamespace:defaultsubjects:-kind:ServiceAccountname:nfs-client-provisioner#替换为部署provisioner的命名空间namespace:defaultroleRef:kind:Rolename:leader-locking-nfs-client-provisionerapiGroup:rbac.authorization.k8s.io创建[root@k8s-master-node1~/yaml]#kubectlapply-fnfs-storage.yamlstorageclass.storage.k8s.io/nfs-storagecreateddeployment.apps/nfs-client-provisionercreatedserviceaccount/nfs-client-provisionercreatedclusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runnercreatedclusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisionercreatedrole.rbac.authorization.k8s.io/leader-locking-nfs-client-provisionercreatedrolebinding.rbac.authorization.k8s.io/leader-locking-nfs-client-provisionercreated[root@k8s-master-node1~/yaml]#查看是否创建默认存储[root@k8s-master-node1~/yaml]#kubectlgetstorageclasses.storage.k8s.ioNAMEPROVISIONERRECLAIMPOLICYVOLUMEBINDINGMODEALLOWVOLUMEEXPANSIONAGEnfs-storage(default)k8s-sigs.io/nfs-subdir-external-provisionerDeleteImmediatefalse100s[root@k8s-master-node1~/yaml]#创建pvc进行测试[root@k8s-master-node1~/yaml]#vimpvc.yaml[root@k8s-master-node1~/yaml]#catpvc.yamlkind:PersistentVolumeClaimapiVersion:v1metadata:name:nginx-pvcspec:accessModes:-ReadWriteManyresources:requests:storage:200Mi[root@k8s-master-node1~/yaml]#[root@k8s-master-node1~/yaml]#kubectlapply-fpvc.yamlpersistentvolumeclaim/nginx-pvccreated[root@k8s-master-node1~/yaml]#查看pvc[root@k8s-master-node1~/yaml]#[root@k8s-master-node1~/yaml]#kubectlgetpvcNAMESTATUSVOLUMECAPACITYACCESSMODESSTORAGECLASSAGEnginx-pvcBoundpvc-8a4b6065-904a-4bae-bef9-1f3b5612986c200MiRWXnfs-storage4s[root@k8s-master-node1~/yaml]#Viewpv[root@k8s-master-node1~/yaml]#kubectlgetpvNAME容量访问模式RECLAIMPOLICYSTATUSCLAIMSTORAGECLASSREASONAGEpvc-8a4b6065-904a-4bae-bef9-1f3b5612986c200MiRWXDeleteBounddefault/nginx-pvcnfs-storage103s[root@k8s-master-node1~/yaml]#Linux运维交流社区Linux运维交流社区,互联网新闻与技术交流53原创内容公众号本文使用文章同步助手进行同步
