kubernetes external storage nfs client

一、kubernetes storage class是什么？

如果你要使用不固定大小、容量的PV存储卷，前提是集群管理员已通过 Storage Class 指定了外部存储供 动态PV 使用。简单来说就是，Storage Class是使用动态PV的前提条件。

这里的学习笔记有详细介绍kubernetes存储

kubernetes github 外部存储代码库

二、kubernetes 使用 nfs 提供动态存储类

2.1 准备nfs服务端

NFS服务的部署和使用就是几行命令的事儿，可自行google

2.2 创建 provisioner、storageclass

provisioner 用来决定使用哪种外部卷插件为 动态PV 提供存储

使用动态pv就必须创建storageclass，创建storageclass就必须通过provisioner指定外部存储类型

如果想要在kubernetes中使用StorageClass，就得安装对应的自动配置程序，这个自动配置程序就叫做Provisioner。而使用nfs作为后端存储，自然也需要使用一个叫 nfs-client 的自动配置程序。这个程序帮我们在配置好的 nfs 服务器上⾃动创建持久卷，也就是⾃动帮我们创建PV。⾃动创建的PV以${namespace}-${pvcName}-${pvName}这样的命名格式创建在NFS服务器上的共享数据⽬录中，⽽当这个PV被回收后会以archieved-$-$-$这样的命名格式存在于NFS服务器上。

# 首先从github仓库下载一下 nfs-client provisioner 的模板文件
git clone https://github.com/kubernetes-retired/external-storage.git

# 截止发文前目录结构是这样的，如果日后目录结构变化了，可以手动去查找一下
cd external-storage/nfs-client/deploy

# 这个目录中的yaml文件就是使用nfs作为storageclass需要的各种资源的资源清单
ls
class.yaml  deployment-arm.yaml  deployment.yaml  objects  rbac.yaml  test-claim.yaml  test-pod.yaml

cat rbac.com
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: xxxxxx
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: xxxxxx
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: xxxxxx
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: xxxxxx
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: xxxxxx
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io


cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfs-client-provisioner
  labels:
    app: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: xxxxxxx
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nfs-client-provisioner
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: quay.io/external_storage/nfs-client-provisioner:latest
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              # 与storageclass的 provisioner 字段保持一致
              value: fuseim.pri/ifs
            - name: NFS_SERVER
              # 修改nfs地址
              value: x.x.x.x
            - name: NFS_PATH
              # 修改nfs路径
              value: /anywhere
      volumes:
        - name: nfs-client-root
          nfs:
            # 修改nfs地址和路径
            server: x.x.x.x
            path: /anywhere

cat class.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: managed-nfs-storage
# provisioner name, must match deployment's env PROVISIONER_NAME'
  provisioner: fuseim.pri/ifs 
parameters:
  archiveOnDelete: "false"

# 分别创建rbac、nfs-client deployment、storageclass
kubectl apply rbac.yaml deployment.yaml class.yaml

# 查看创建的storageclass
kubectl get sc
 NAME                  PROVISIONER      AGE
harbor-storageclass   fuseim.pri/ifs   4s

2.3 创建pvc使用基于nfs的storageclass

因为nfs-client程序会自动帮我们创建pv，所以我们如果要使用刚才基于nfs创建storageclass，只用创建一个pvc声明就行了。

cat claim.yaml 
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-claim
  # 修改名称空间
  namespace: xxxx
  annotations:
    # 这里是storageclass的name
    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 80Gi

# 查看创建的pvc
kubectl get pvc xxx -n xxx
NAME         STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS          AGE
test-claim   Bound    pvc-8df65737-b533-414d-aaf3-73f8b508139c   80Gi       RWX            managed-nfs-storage   19m

参考来源：

1、https://jimmysong.io/kubernetes-handbook/practice/using-nfs-for-persistent-storage.html

2、https://blog.csdn.net/dayi_123/article/details/107946953