k8s storageClass对接nfs

时间:2022-01-26 08:44:20

前提:已存在一个nfs服务

192.168.137.11:/home/nfs_data

下面以rbac方式对接nfs

1、创建/root/k8s-nfs-rbac/serviceaccount.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: nfs-client-provisioner

2、创建/root/k8s-nfs-rbac/rbac.yaml

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: nfs-provisioner-runner

rules:

  - apiGroups: [""]

    resources: ["persistentvolumes"]

    verbs: ["get", "list", "watch", "create", "delete"]

  - apiGroups: [""]

    resources: ["persistentvolumeclaims"]

    verbs: ["get", "list", "watch", "update"]

  - apiGroups: ["storage.k8s.io"]

    resources: ["storageclasses"]

    verbs: ["get", "list", "watch"]

  - apiGroups: [""]

    resources: ["events"]

    verbs: ["list", "watch", "create", "update", "patch"]

  - apiGroups: [""]

    resources: ["services"]

    resourceNames: ["kube-dns","coredns"]

    verbs: ["list", "get"]

  - apiGroups: [""]

    resources: ["endpoints"]

    verbs: ["get", "list", "watch", "create", "update", "patch"]

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: run-nfs-provisioner

subjects:

  - kind: ServiceAccount

    name: nfs-provisioner

    namespace: default

roleRef:

  kind: ClusterRole

  name: nfs-provisioner-runner

  apiGroup: rbac.authorization.k8s.io

---

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: leader-locking-nfs-provisioner

rules:

  - apiGroups: [""]

    resources: ["endpoints"]

    verbs: ["get", "list", "watch", "create", "update", "patch"]

---

kind: RoleBinding

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: leader-locking-nfs-provisioner

subjects:

  - kind: ServiceAccount

    name: nfs-provisioner

    namespace: default

roleRef:

  kind: Role

  name: leader-locking-nfs-provisioner

  apiGroup: rbac.authorization.k8s.io

3、创建/root/k8s-nfs-rbac/deployment.yaml

kind: Deployment

apiVersion: extensions/v1beta1

metadata:

  name: nfs-provisioner

spec:

  replicas:

  strategy:

    type: Recreate

  template:

    metadata:

      labels:

        app: nfs-provisioner

    spec:

      serviceAccount: nfs-provisioner

      containers:

        - name: nfs-provisioner

          image: registry.cn-hangzhou.aliyuncs.com/boshen-ns/nfs-client-provisioner:latest

          imagePullPolicy: IfNotPresent

          volumeMounts:

            - name: nfs-client-root

              mountPath: /persistentvolumes

          env:

            - name: PROVISIONER_NAME

              value: example.com/nfs

            - name: NFS_SERVER

              value: 192.168.137.11

            - name: NFS_PATH

              value: /home/nfs_data

      volumes:

        - name: nfs-client-root

          nfs:

            server: 192.168.137.11

            path: /home/nfs_data

以上红色加粗的部分修改为真实的nfs服务的ip和path

4、执行以下命令创建资源

cd /root/

kubectl apply -f k8s-nfs-rbac/

k8s storageClass对接nfs

k8s storageClass对接nfs

5、创建一个pvc,看是否能成功

k8s storageClass对接nfs

状态为Bound,表示创建成功

6、去nfs服务器查看,是否真正的创建成功

k8s storageClass对接nfs

相关文章