K8s 使用 nfs-client-provisioner

nfs-client-provisioner 是一个Kubernetes的简易NFS的外部provisioner，本身不提供NFS，需要现有的NFS服务器提供存储
这里的 k8s 版本为 v1.16.9

安装 nfs 工具

yum install nfs-common  nfs-utils -y 

showmount -e 192.168.52.174
# 运行结果
Export list for 192.168.52.174:
/nfs *

创建deployment

mkdir /data/nfs_provisioner && cd /data/nfs_provisioner

cat nfs-client-provisioner.yaml 

kind: Deployment
apiVersion: apps/v1
metadata:
  name: nfs-client-provisioner
  namespace: kube-system
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nfs-client-provisioner
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: quay.io/external_storage/nfs-client-provisioner:latest
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: mynfs                 # 根据自己的名称来修改
            - name: NFS_SERVER
              value: 192.168.52.174        # NFS服务器所在的 ip
            - name: NFS_PATH
              value: /nfs                  # 共享存储目录
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.52.174         # NFS服务器所在的 ip
            path: /nfs                     # 共享存储目录

创建 RBAC 授权

cat rbac.yaml 

apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: kube-system
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: kube-system
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io

创建storageclass

名称为nfs，并且 provisioner 需要与 deployment 中的 PROVISIONER_NAME对应

cat storageclass.yaml 

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs
provisioner: mynfs

测试

1.创建 pvc

cat pvc.yaml 

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-claim
  annotations:
    volume.beta.kubernetes.io/storage-class: "nfs"
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Mi

2.创建test-pods

cat test-pod.yaml 

kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  containers:
  - name: test-pod
    image: busybox:1.24
    command:
      - "/bin/sh"
    args:
      - "-c"
      - "touch /mnt/SUCCESS && exit 0 || exit 1"
    volumeMounts:
      - name: nfs-pvc
        mountPath: "/mnt"
  restartPolicy: "Never"
  volumes:
    - name: nfs-pvc
      persistentVolumeClaim:
        claimName: test-claim

检查

kubectl get pvc
NAME         STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
test-claim   Bound    pvc-aedf6a82-0feb-4bc5-b800-5ecc4cbfbf58   1Mi        RWX            nfs            142m

在 nfs server 上查看, SUCCESS 文件成功创建

[root@localhost /]# cd /nfs/
[root@localhost nfs]# ls
default-test-claim-pvc-aedf6a82-0feb-4bc5-b800-5ecc4cbfbf58
[root@localhost nfs]# cd default-test-claim-pvc-aedf6a82-0feb-4bc5-b800-5ecc4cbfbf58/
[root@localhost default-test-claim-pvc-aedf6a82-0feb-4bc5-b800-5ecc4cbfbf58]# ls
SUCCESS

[root@k8s-master01 jenkins]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                          AGE
jenkins      NodePort    10.104.132.242   <none>        8080:32001/TCP,50000:32002/TCP   87m
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP                          7h12m

使用浏览器访问 http://192.168.52.172:32001/jenkins