热门标签
热门文章
- 1软件测试VS软件开发 IT行业两大高薪岗位全方位对比 看完就知道选谁了_软件测试和程序员哪个更吃香
- 2参数传递过程中:函数形参 int a 与 int& a 的区别_int &a
- 3python --阿里短信服务_python阿里云定时短信
- 4django 用户认证_django 认证
- 5C++面试题汇总 数据库_c++软件开发工程师面试关于数据库部分的
- 6java的byte[]数组转成字符串并且再转回byte[]数组_java实现将byte[]转换为字符串进行存储传输,然后在利用该字符串还原为byte[],不能
- 7CVPR2020论文列表(中英对照)_perception consistency ultrasound image super-reso
- 8CUDA out of memory怎么解决
- 9Spark安装部署_export spark_worker_opts
- 10SpringBoot整合Zookeeper客户端Curator_springboot整合curator
当前位置: article > 正文
k8s存储卷之动态
作者:逻辑思维 | 2024-01-17 08:45:25
赞
踩
k8s存储卷之动态
动态pv需要两个组件
1、卷插件,k8s本身支持的动态pv创建不包含NFS,需要声明和安装一个外部插件
Provisioner 存储分配器,动态创建pv,然后根据pvc的请求自动绑定和使用2、StorageClass,用来定义pv的属性,存储类型,大小,回收策略
使用NFS来实现动态pv,NFS支持的方式nfs-cli,Provisioner来适配nfs-client
nfs-client-Provisioner 卷插件
部署动态
1、在Harbor上部署
- 进入opt目录下
- mkdir k8s
- chmod 777 k8s
- vim /etc/exports
-
- /opt/k8s 20.0.0.0/24(rw,no_root_squash,sync)
-
-
- systemctl restart rpcbind
- systemctl restart nfs
-
- 在本机上测试
- [root@k8s4 opt]# showmount -e
- Export list for k8s4:
- /opt/k8s 20.0.0.0/24
-
- 在节点上测试
- [root@node02 ~]# showmount -e 20.0.0.73
- Export list for 20.0.0.73:
- /opt/k8s 20.0.0.0/24
2、在主节点上部署serviceAccount Nfs-privisioner storageclasses
部署serviceAccount
NFS PRovisioner是一个插件,没有权限是无法再集群当中获取k8s的消息,插件要有权限能够监听APIserver,获取getlist
rbac Role-based Access Control
定义角色在集群当中可以使用的权限
- vim nfs-client-rbac.yaml
- #定义角色
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: nfs-client-provisioner
- ---
- #定义角色的权限
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: nfs-client-provisioner-role
- rules:
- - apiGroups: [""]
- #apiGroups定义了规则使用那个API的组,空字符"",直接使用API的核心组的资源
- resources: ["persistentvolumes"]
- verbs: ["get","list","watch","create","delete"]
- #表示权限的动作
- - apiGroups: [""]
- resources: ["persistentvolumeclaims"]
- verbs: ["watch","get","list","update"]
- - apiGroups: ["storage.k8s.io"]
- resources: ["storageclasses"]
- verbs: ["get","list","watch"]
- - apiGroups: [""]
- #获取所有事件信息
- resources: ["events"]
- verbs: ["list","watch","create","update","patch"]
- - apiGroups: [""]
- resources: ["endpoints"]
- verbs: ["create","delete","get","list","watch","patch","update"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: nfs-client-provisioner-bind
- subjects:
- - kind: ServiceAccount
- name: nfs-client-provisioner
- namespace: default
- roleRef:
- kind: ClusterRole
- name: nfs-client-provisioner-role
- apiGroup: rbac.authorization.k8s.io
部署Nfs-privisioner
部署插件:
Nfs-privisioner deployment来创建插件 pod
1.20之后有一个新的机制
selfLink api的资源对象之一,表示资源对象在集群当中自身的一个连接,self-link是一个唯一标识符号,可以用于标识k8s集群当中
每个资源的对象
self -link的值是一个URL,指向该资源对象的k8s api的路径
更好的实现资源对象的查找和引用
- vim /etc/kubernetes/manifests/kube-apiserver.yaml
- ...........
- spec:
- containers:
- - command:
- - kube-apiserver
- - --feature-gates=RemoveSelfLink=false
- - --advertise-address=20.0.0.70
- ............
-
-
- - --feature-gates=RemoveSelfLink=false
- feature-gates 在不破坏现有有规则以及功能基础上引用新功能或者修改现有功能的机制,禁用不影响之前的规则
-
-
- 生成一个新的APIserver
- kubectl apply -f /etc/kubernetes/manifests/kube-apiserver.yaml
-
- 删除旧的apiserver
- kubectl delete pod -n kube-system kube-apiserver
-
- [root@master01 opt]# kubectl get pod -n kube-system
- NAME READY STATUS RESTARTS AGE
- coredns-7f89b7bc75-vhmhn 1/1 Running 1 2d1h
- coredns-7f89b7bc75-vrsqz 1/1 Running 0 2d2h
- etcd-master01 1/1 Running 1 13d
- kube-apiserver-master01 1/1 Running 0 3h45m
- kube-controller-manager-master01 1/1 Running 11 13d
- kube-flannel-ds-btmh8 1/1 Running 1 13d
- kube-flannel-ds-kpfhw 1/1 Running 0 2d1h
- kube-flannel-ds-nn558 1/1 Running 1 2d2h
- kube-proxy-46rbj 1/1 Running 1 13d
- kube-proxy-khngm 1/1 Running 1 13d
- kube-proxy-lq8lh 1/1 Running 1 13d
- kube-scheduler-master01 1/1 Running 11 13d
provisioner的yaml文件
- vim nfs-client-provisioner.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: nfs-provisioner
- labels:
- app: nfs1
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: nfs1
- template:
- metadata:
- labels:
- app: nfs1
- spec:
- serviceAccountName: nfs-client-provisioner
- containers:
- - name: nfs1
- image: quay.io/external_storage/nfs-client-provisioner:latest
- volumeMounts:
- - name: nfs
- mountPath: /persistentvolumes
- env:
- - name: PROVISIONER_NAME
- value: nfs-storage
- #配置provisioner的账户名称,要和storageclass的资源名称一致
- - name: NFS_SERVER
- #指定的是nfs共享服务器的地址
- value: 20.0.0.73
- - name: NFS_PATH
- value: /opt/k8s
- volumes:
- - name: nfs
- nfs:
- server: 20.0.0.73
- path: /opt/k8s
-
-
- 部署nfs-provisioner的插件
- nfs的PRovisioner的客户端已pod的方式运行在集群当中,监听k8s集群当中pv的请求,动态的创建于NFS服务器相关的pv
- 容器里使用的配置,在PRovisioner当中定义好环境变量,传给容器,storageclass的名称,nfs服务器的地址,nfs的目录
部署storageclass(定义pv的存储卷)
- vim nfs-client-storageclass.yaml
-
- apiVersion: storage.k8s.io/v1
- kind: StorageClass
- metadata:
- name: nfs-client-storageclass
- #匹配provisioner
- provisioner: nfs-storage
- parameters:
- archiveOnDelete: "false"
- #当pvc被删除之后,pv的状态,定义的是false,pvc被删除,pv的状态将是released,可以人工调整继续使用,如果是true,pv的状态将是Archived,表示pv不再可
- 用
- reclaimPolicy: Delete
- #定义pv的回收的策略,retain,delete,不支持回收
- allowVolumeExpansion: true
- #pv的存储空间可以动态的扩缩容
-
- 查看storageclasses
- [root@master01 opt]# kubectl get storageclasses.storage.k8s.io
- NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
- nfs-client-storageclass nfs-storage Retain Immediate true 16s
- NAME storageclasses的名称
- PROVISIONER 对应的创建pv的 PROVISIONER的插件
- RECLAIMPOLICY 回收策略,保留
- VOLUMEBINDINGMODE 卷绑定模式,Immediate表示pvc请求创建pv时,系统会立即绑定一个可用pv
- waitFirstConsumer:第一个使用者出现之后再绑pv
- ALLOWVOLUMEEXPANSION true表示可以在运行时对pv进行扩容
pod
- apiVersion: v1
- kind: PersistentVolumeClaim
- metadata:
- name: nfs-pvc
- spec:
- accessModes:
- - ReadWriteMany
- storageClassName: nfs-client-storageclass
- resources:
- requests:
- storage: 2Gi
-
- ---
-
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: nginx1
- labels:
- app: nginx1
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: nginx1
- template:
- metadata:
- labels:
- app: nginx1
- spec:
- containers:
- - name: nginx1
- image: nginx:1.22
- volumeMounts:
- - name: html
- mountPath: /usr/share/nginx/html
- volumes:
- - name: html
- persistentVolumeClaim:
- claimName: nfs-pvc
三者之间的关系
动态pv的默认策略是删除,delete
查看pv
- [root@master01 opt]# kubectl get pv
- NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
- pvc-da0b10f1-be7c-4553-9eb6-edd07b573058 2Gi RWX Retain Bound default/nfs-pvc nfs-client-storageclass 169m
查看挂载目录
- [root@k8s4 k8s]# ls
- default-nfs-pvc-pvc-da0b10f1-be7c-4553-9eb6-edd07b573058
- [root@k8s4 default-nfs-pvc-pvc-da0b10f1-be7c-4553-9eb6-edd07b573058]# echo 123 > index.html
-
- 访问
- [root@master01 opt]# curl 10.244.2.63
- 123
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/article/detail/40631
推荐阅读
相关标签
