NFS是一种分布式文件系统协议,由sun公司开发,旨在允许客户端主机可以像访问本地存储一样通过网络访问服务端文件
yum -y install nfs-utils rpcbind
mkdir -p /nfs/data
# 编辑export文件
vim /etc/exports
# 往export文件添加共享目录配置:NFS共享路径 客户机IP段(参数1,参数2,参数3,...,参数n)
# 如果指定*则所有能连接到NFS服务所在主机的所有客户端都能访问。如果指定某个IP端或者IP;则只有在IP段内的或者指定IP的客户端能访问NFS服务
/nfs/data *(rw,no_root_squash,sync)
# 使配置生效
exportfs -r
# 查看生效
exportfs
共享目录参数说明
systemctl start rpcbind && systemctl enable rpcbind
sudo systemctl enable nfs-server && sudo systemctl start nfs-server
rpcinfo -p localhost
showmount -e nfs服务器ip
yum -y install nfs-utils
sudo systemctl enable nfs-server && sudo systemctl start nfs-server
showmount -e nfs服务器ip
通过rbac资源对StorageClass、PV、PVC等资源进行权限控制
cat < rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update","patch"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["create", "delete", "get", "list","watch", "patch", "update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
EOF
# 执行如下指令创建RBAC资源
kubectl apply -f rbac.yaml
# 创建nfs provisioner资源描述文件
cat < nfs-client-provisioner.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
labels:
app: nfs-client-provisioner
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nfs-client-provisioner
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: hskp.io/nfs-client-provisioner
- name: NFS_SERVER
value: nfs文件服务器的Ip地址,不需要带端口
- name: NFS_PATH
value: nfs文件服务器共享的目录
volumes:
- name: nfs-client-root
nfs:
server: nfs文件服务器的Ip地址,不需要带端口
path: nfs文件服务器共享的目录
EOF
# 创建nfs provisioner资源
kubectl create -f nfs-client-provisioner.yaml
cat < managed-nfs-storage.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: managed-nfs-storage
provisioner: hskp.io/nfs-client-provisioner #对应nfs-client-provisioner.yaml文件中spec.template.spec.containers[0].env下的PROVISIONER_NAME配置的内容
EOF
# 使用如下指令创建StorageClass
kubectl create -f managed-nfs-storage.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim
spec:
storageClassName: managed-nfs-storage
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Mi
kind: Pod
apiVersion: v1
metadata:
name: test-pod
spec:
containers:
- name: test-pod
image: nginx:1.20.0
imagePullPolicy: IfNotPresent
volumeMounts:
- name: nfs-pvc
mountPath: "/usr/share/nginx/html"
restartPolicy: "Never"
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: test-claim
执行如下指令查看pvc资源列表
kubectl get pvc # 如果需要指定命名空间可以添加 -n 命名空间
kubectl get pv
如果pvc一直没有到Bound状态,可以查看nfs-client-provisioner pod日志,如果报以下类似错误,可以通过如下方式解决
E0209 04:58:34.682881 1 controller.go:1004] provision "mysql/www-nginx-0" class "managed-nfs-storage": unexpected error getting claim reference: selfLink was empty, can't make reference
SelfLink在Kubernetes v1.16引入,v1.20之前默认使用,在v1.20之后默认禁用,需要在/etc/kubernetes/manifests/kube-apiserver.yaml中添加如下指令参数启用SelfLink
spec:
containers:
- command:
- kube-apiserver
- --feature-gates=RemoveSelfLink=false
执行如下指令使参数生效
kubectl apply -f /etc/kubernetes/manifests/kube-apiserver.yaml