Small knowledge, big challenge! This article is participating in the creation activity of “Essential Tips for Programmers”.
This article has participated in the “Digitalstar Project” and won a creative gift package to challenge the creative incentive money.
What is a StorageClass
The StorageClass object defines the following two parts:
- 1: PV attribute. For example, storage type,Volume size, etc
- 2: Create the storage plug-in needed for this PV
With these two pieces of information, Kubernetes can find a StorageClass based on the PVC submitted by the user, and then Kubernetes will call the storage plug-in declared by the StorageClass to create the required PV.
However, it is very simple to use, you just need to write YAML file according to your needs, and then use kubectl create command to execute.
process
- Create an available NFS Serve
- Create a Service Account. This is used to control the permission to run NFS Provisioner in the K8S cluster
- Create the StorageClass. Be responsible for setting up the PVC and calling the NFS provisioner to do the required work, and let the PV and PVC establish management
- Create NFS provisioner. It provides two functions, one is to create a volume of mount points in the NFS shared directory, and the other is to create a PV and associate the PV with the NFS mount point
| server | ip | comment |
|---|---|---|
| kubernetes-master | 172.20.5.10 | master |
| kubernetes-node1 | 172.20.5.11 | node1 |
| kubernetes-node2 | 172.20.5.12 | node2 |
| nfs-server | 172.20.2.10 | NFS |
Create StorageClass
Example Creating an NFS share service
[root@nfs nfsdata]# yum install -y nfs-utils
[root@nfs nfsdata]# mkdir /nfsdata
[root@nfs nfsdata]# chmod 755 /nfsdata
[root@nfs nfsdata]# chown nfsnobody:nfsnobody /nfsdata/
[root@nfs nfsdata]# echo "/nfsdata *(rw,sync,all_squash)" > /etc/exports
[root@nfs nfsdata]# systemctl enable nfs
[root@nfs nfsdata]# systemctl start nfs
[root@nfs nfsdata]# exportfs -rv
exporting *:/nfsdata
Copy the codeCreate an account and related rights
nfs-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-provisioner
# replace with namespace where provisioner is deployed
namespace: nfs-provisioner Set a namespace based on the actual environment
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get"."list"."watch"."create"."delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get"."list"."watch"."update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get"."list"."watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create"."update"."patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
# replace with namespace where provisioner is deployed
namespace: nfs-provisioner
roleRef:
kind: ClusterRole
name: nfs-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-provisioner
# replace with namespace where provisioner is deployed
namespace: nfs-provisioner
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"."list"."watch"."create"."update"."patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
# replace with namespace where provisioner is deployed
namespace: nfs-provisioner
roleRef:
kind: Role
name: leader-locking-nfs-provisioner
apiGroup: rbac.authorization.k8s.io
Copy the codeCreate an NFS resource StorageClass
nfs-storageclass.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: nfs
provisioner: example.com/nfs The name here must be the same as the environment variable PROVISIONER_NAME in the provisioner configuration file
Copy the codeCreate NFS Provisioner Deployment
nfs-deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-provisioner
namespace: nfs-provisioner
spec:
replicas: 1
selector:
matchLabels:
app: nfs-provisioner
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-provisioner
spec:
serviceAccount: nfs-provisioner
containers:
- name: nfs-provisioner
image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: example.com/nfs #provisioner name, make sure that this name is the same as the provisioner name in the nfs-storageclass. Yaml file
- name: NFS_SERVER
value: 172.202.10. #NFS Server IP address
- name: NFS_PATH
value: /nfsdata # NFS mount the volume
volumes:
- name: nfs-client-root
nfs:
server: 172.202.10. #NFS Server IP address
path: /nfsdata # NFS mount the volume
Copy the code[root@kubernetes-master nfs]# ll
total 20
-rw-r--r-- 1 root root 894 Dec 9 13:55 nfs-deployment.yaml
-rw-r--r-- 1 root root 65 Dec 9 14:50 nfs-namespace.yaml
-rw-r--r-- 1 root root 1449 Dec 9 15:15 nfs-rbac.yaml
-rw-r--r-- 1 root root 100 Dec 9 14:18 nfs-storageclass.yaml
Copy the codeCreate the Pod and check the deployment
pvc-nfs.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-nfs
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs
resources:
requests:
storage: 1Gi
Copy the code[root@kubernetes-master nfs]# kubectl apply -f pvc-nfs.yaml
persistentvolumeclaim/pvc-nfs created
[root@kubernetes-master nfs]# kubectl get pvcNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE pvc-nfs Bound pvc-7461b40b-f52e-4bf6-9d73-40432b77f108 1Gi RWO nfs 1sCopy the codeCreate a test pod to see if it can be mounted properly
kind: Pod
apiVersion: v1
metadata:
name: test-pod
spec:
containers:
- name: test-pod
image: Busybox: 1.24
command:
- "/bin/sh"
args:
- "-c"
- "touch /mnt/SUCCESS && exit 0 || exit 1" Create a SUCCESS file and exit
volumeMounts:
- name: pvc-nfs
mountPath: "/mnt"
restartPolicy: "Never"
volumes:
- name: pvc-nfs
persistentVolumeClaim:
claimName: pvc-nfs # Keep consistent with the PVC name
Copy the code[root@nfs nfsdata]# ll default-pvc-nfs-pvc-7461b40b-f52e-4bf6-9d73-40432b77f108/
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Dec 9 15:29 SUCCESS # here is a file of SUCCESS, which proves that the above verification was successful
Copy the code