LAB-13:创建PVC
LAB 概述
创建一个名字为 pv-volume 的 pvc,指定 storageClass 为 csi-hostpath-sc,大小为10Mi。
然后创建一个 Pod,名字为 web-server,镜像为 nginx,并且挂载该 PVC 至 /usr/share/nginx/html,挂载的权限为 ReadWriteOnce。
之后通过 kubectl edit 或者 kubectl path 将 pvc 改成 70Mi,并且记录修改记录。
LAB 预配
# 使用 NFS 配置 storageClass
# 1、配置 NFS 共享存储
# 创建 NFS 服务器
user1@k8s-master:~$ sudo apt-get install -y nfs-kernel-server
# 配置 NFS 文件共享。
user1@k8s-master:~$ sudo mkdir /nfs-server
user1@k8s-master:~$ cat /etc/exports
/nfs-server *(rw,sync,no_root_squash)
user1@k8s-master:~$ sudo chmod 700 /nfs-server/
user1@k8s-master:~$ sudo service nfs-kernel-server restart
user1@k8s-master:~$ sudo service nfs-kernel-server status
# 验证NFS服务。
user1@k8s-master:~$ sudo showmount -e 127.0.0.1
Export list for 127.0.0.1:
/nfs-server *
# 在所有 node 节点也要安装 nfs client 软件。并且测试一下 nfs 存储
user1@k8s-node-2:~$ sudo apt-get install -y nfs-kernel-server
user1@k8s-node-2:~$ sudo showmount -e k8s-master
Export list for k8s-master:
/nfs-server *
# 2、配置 storageClass
# 需要一个对应的 provisioner 来自动创建 PV,这里使用的 NFS 存储,则可以使用 nfs-subdir-external-provisioner 这个 Provisioner,它使用现有的和已配置的 NFS 服务器来支持通过 PVC 动态配置 PV。链接如下:https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/deploy
# 创建 ServiceAccount 解决权限问题。
# 编写 RBAC 资源清单文件
user1@k8s-master:~/cka-2022-05-01/13$ cat rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
# 创建 RBAC 资源
user1@k8s-master:~/cka-2022-05-01/13$ kubectl apply -f rbac.yaml
# 编写 nfs-client 的资源清单文件
user1@k8s-master:~/cka-2022-05-01/13$ cat nfs-client-provisioner.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
labels:
app: nfs-client-provisioner
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nfs-client-provisioner
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: quay.io/external_storage/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: nfs-storage # provisioner 的名称,后面创建SC使用
- name: NFS_SERVER
value: k8s-master # nfs server: k8s-master
- name: NFS_PATH
value: /nfs-server # nfs 共享的目录
volumes:
- name: nfs-client-root
nfs:
server: k8s-master
path: /nfs-server
# 创建 nfs-client 资源
user1@k8s-master:~/cka-2022-05-01/13$ kubectl apply -f nfs-client-provisioner.yaml
# 查看 nfs-client 的 pod
user1@k8s-master:~$ kubectl get pod nfs-client-provisioner-6546c4b76-zw2k2
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-6546c4b76-zw2k2 1/1 Running 0 30s
# 编写 storageclass 资源清单
# 注意: allowVolumeExpansion 可以根据情况是否设置为 true (默认为 false ), allowVolumeExpansion 为 flase 时不能动态扩容(例如不能直接修改 pvc 大小,当 allowVolumeExpansion 为 true 时可以修改)
user1@k8s-master:~/cka-2022-05-01/13$ cat managed-nfs-storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-hostpath-sc
provisioner: nfs-storage
allowVolumeExpansion: true
# 创建 storageclass 资源
user1@k8s-master:~/cka-2022-05-01/13$ kubectl apply -f managed-nfs-storageclass.yaml
storageclass.storage.k8s.io/csi-hostpath-sc created
# 查看 storageclass 资源
user1@k8s-master:~$ kubectl get storageclasses.storage.k8s.io csi-hostpath-sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
csi-hostpath-sc nfs-storage Delete Immediate true 36s
# 有可能出现错误:k8s升级到1.20.X以上版本时,nfs-client-provisioner 启动中出现了报错,可以修改 /etc/kubernetes/manifests/kube-apiserver.yaml,增加’–feature-gates=RemoveSelfLink=false’的参数。
user1@k8s-master:~$ sudo cat /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
···
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
- --feature-gates=RemoveSelfLink=false # 添加这个配置
# 重启 kubelet.service
user1@k8s-master:~$ sudo systemctl restart kubelet.service
# 具体错误如下:
$ kubectl describe pod nfs-client-provisioner-6546c4b76-mgxv7
......
persistentvolume-controller waiting for a volume to be created, either by external provisioner "nfs-storage" or manually created by system administrator
# pvc pending 状态
$ kubectl describe pvc pv-volume
Normal ExternalProvisioning 13s (x3 over 35s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "nfs-storage" or manually created by system administrator
LAB 答案
# 切换 content
$ kubectl config use-context k8s
# 编写 yaml 文件
$ cat pv-volume.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pv-volume
spec:
storageClassName: csi-hostpath-sc
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Mi
---
apiVersion: v1
kind: Pod
metadata:
name: web-server
spec:
volumes:
- name: task-pv-storage
persistentVolumeClaim:
claimName: pv-volume
containers:
- name: web-server
image: nginx:1.18.0
ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: task-pv-storage
# 执行 yaml 文件
user1@k8s-master:~/cka-2022-05-01/13$ kubectl apply -f pv-volume.yaml
# 扩容(注,NFS 不支持扩容)修改为70Mi
# 方式1: Patch
$ kubectl patch pvc pv-volume -p '{"spec":{"resources":{"requests":{"storage": "70Mi"}}}}' --record
# 方式2: edit
$ kubectl edit pvc pv-volume
LAB 验证
# 查看 PVC user1@k8s-master:~$ kubectl get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE pv-volume Bound pvc-39e0aef5-21da-4af3-b375-6e9744da3f78 10Mi RWO csi-hostpath-sc 6m54s # 查看 nfs 上多了一个目录 user1@k8s-master:~$ sudo ls -d /nfs-server/default-pv-volume-pvc-39e0aef5-21da-4af3-b375-6e9744da3f78 /nfs-server/default-pv-volume-pvc-39e0aef5-21da-4af3-b375-6e9744da3f78 # 在 NFS 上写入 index.html user1@k8s-master:~$ sudo sh -c 'echo "http-server storageclass" > /nfs-server/default-pv-volume-pvc-39e0aef5-21da-4af3-b375-6e9744da3f78/index.html' # 测试访问 user1@k8s-master:~$ kubectl get pod web-server -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES web-server 1/1 Running 0 16m 10.244.76.155 k8s-node-3 <none> <none> user1@k8s-master:~$ curl 10.244.76.155 http-server storageclass
参考资料
- https://kubernetes.io/zh/docs/tasks/configure-pod-container/configure-persistent-volume-storage/