LAB-13:创建PVC
LAB 概述
创建一个名字为 pv-volume 的 pvc,指定 storageClass 为 csi-hostpath-sc,大小为10Mi。
然后创建一个 Pod,名字为 web-server,镜像为 nginx,并且挂载该 PVC 至 /usr/share/nginx/html,挂载的权限为 ReadWriteOnce。
之后通过 kubectl edit 或者 kubectl path 将 pvc 改成 70Mi,并且记录修改记录。
LAB 预配
# 使用 NFS 配置 storageClass # 1、配置 NFS 共享存储 # 创建 NFS 服务器 user1@k8s-master:~$ sudo apt-get install -y nfs-kernel-server # 配置 NFS 文件共享。 user1@k8s-master:~$ sudo mkdir /nfs-server user1@k8s-master:~$ cat /etc/exports /nfs-server *(rw,sync,no_root_squash) user1@k8s-master:~$ sudo chmod 700 /nfs-server/ user1@k8s-master:~$ sudo service nfs-kernel-server restart user1@k8s-master:~$ sudo service nfs-kernel-server status # 验证NFS服务。 user1@k8s-master:~$ sudo showmount -e 127.0.0.1 Export list for 127.0.0.1: /nfs-server * # 在所有 node 节点也要安装 nfs client 软件。并且测试一下 nfs 存储 user1@k8s-node-2:~$ sudo apt-get install -y nfs-kernel-server user1@k8s-node-2:~$ sudo showmount -e k8s-master Export list for k8s-master: /nfs-server * # 2、配置 storageClass # 需要一个对应的 provisioner 来自动创建 PV,这里使用的 NFS 存储,则可以使用 nfs-subdir-external-provisioner 这个 Provisioner,它使用现有的和已配置的 NFS 服务器来支持通过 PVC 动态配置 PV。链接如下:https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/deploy # 创建 ServiceAccount 解决权限问题。 # 编写 RBAC 资源清单文件 user1@k8s-master:~/cka-2022-05-01/13$ cat rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: nfs-client-provisioner namespace: default --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-client-provisioner-runner rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: run-nfs-client-provisioner subjects: - kind: ServiceAccount name: nfs-client-provisioner namespace: default roleRef: kind: ClusterRole name: nfs-client-provisioner-runner apiGroup: rbac.authorization.k8s.io --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner namespace: default rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner subjects: - kind: ServiceAccount name: nfs-client-provisioner namespace: default roleRef: kind: Role name: leader-locking-nfs-client-provisioner apiGroup: rbac.authorization.k8s.io # 创建 RBAC 资源 user1@k8s-master:~/cka-2022-05-01/13$ kubectl apply -f rbac.yaml # 编写 nfs-client 的资源清单文件 user1@k8s-master:~/cka-2022-05-01/13$ cat nfs-client-provisioner.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nfs-client-provisioner labels: app: nfs-client-provisioner namespace: default spec: replicas: 1 selector: matchLabels: app: nfs-client-provisioner strategy: type: Recreate selector: matchLabels: app: nfs-client-provisioner template: metadata: labels: app: nfs-client-provisioner spec: serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: quay.io/external_storage/nfs-client-provisioner:latest volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes env: - name: PROVISIONER_NAME value: nfs-storage # provisioner 的名称,后面创建SC使用 - name: NFS_SERVER value: k8s-master # nfs server: k8s-master - name: NFS_PATH value: /nfs-server # nfs 共享的目录 volumes: - name: nfs-client-root nfs: server: k8s-master path: /nfs-server # 创建 nfs-client 资源 user1@k8s-master:~/cka-2022-05-01/13$ kubectl apply -f nfs-client-provisioner.yaml # 查看 nfs-client 的 pod user1@k8s-master:~$ kubectl get pod nfs-client-provisioner-6546c4b76-zw2k2 NAME READY STATUS RESTARTS AGE nfs-client-provisioner-6546c4b76-zw2k2 1/1 Running 0 30s # 编写 storageclass 资源清单 # 注意: allowVolumeExpansion 可以根据情况是否设置为 true (默认为 false ), allowVolumeExpansion 为 flase 时不能动态扩容(例如不能直接修改 pvc 大小,当 allowVolumeExpansion 为 true 时可以修改) user1@k8s-master:~/cka-2022-05-01/13$ cat managed-nfs-storageclass.yaml apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: csi-hostpath-sc provisioner: nfs-storage allowVolumeExpansion: true # 创建 storageclass 资源 user1@k8s-master:~/cka-2022-05-01/13$ kubectl apply -f managed-nfs-storageclass.yaml storageclass.storage.k8s.io/csi-hostpath-sc created # 查看 storageclass 资源 user1@k8s-master:~$ kubectl get storageclasses.storage.k8s.io csi-hostpath-sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE csi-hostpath-sc nfs-storage Delete Immediate true 36s # 有可能出现错误:k8s升级到1.20.X以上版本时,nfs-client-provisioner 启动中出现了报错,可以修改 /etc/kubernetes/manifests/kube-apiserver.yaml,增加’–feature-gates=RemoveSelfLink=false’的参数。 user1@k8s-master:~$ sudo cat /etc/kubernetes/manifests/kube-apiserver.yaml apiVersion: v1 ··· - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key - --feature-gates=RemoveSelfLink=false # 添加这个配置 # 重启 kubelet.service user1@k8s-master:~$ sudo systemctl restart kubelet.service # 具体错误如下: $ kubectl describe pod nfs-client-provisioner-6546c4b76-mgxv7 ...... persistentvolume-controller waiting for a volume to be created, either by external provisioner "nfs-storage" or manually created by system administrator # pvc pending 状态 $ kubectl describe pvc pv-volume Normal ExternalProvisioning 13s (x3 over 35s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "nfs-storage" or manually created by system administrator
LAB 答案
# 切换 content $ kubectl config use-context k8s # 编写 yaml 文件 $ cat pv-volume.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pv-volume spec: storageClassName: csi-hostpath-sc accessModes: - ReadWriteOnce resources: requests: storage: 10Mi --- apiVersion: v1 kind: Pod metadata: name: web-server spec: volumes: - name: task-pv-storage persistentVolumeClaim: claimName: pv-volume containers: - name: web-server image: nginx:1.18.0 ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/usr/share/nginx/html" name: task-pv-storage # 执行 yaml 文件 user1@k8s-master:~/cka-2022-05-01/13$ kubectl apply -f pv-volume.yaml # 扩容(注,NFS 不支持扩容)修改为70Mi # 方式1: Patch $ kubectl patch pvc pv-volume -p '{"spec":{"resources":{"requests":{"storage": "70Mi"}}}}' --record # 方式2: edit $ kubectl edit pvc pv-volume
LAB 验证
# 查看 PVC user1@k8s-master:~$ kubectl get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE pv-volume Bound pvc-39e0aef5-21da-4af3-b375-6e9744da3f78 10Mi RWO csi-hostpath-sc 6m54s # 查看 nfs 上多了一个目录 user1@k8s-master:~$ sudo ls -d /nfs-server/default-pv-volume-pvc-39e0aef5-21da-4af3-b375-6e9744da3f78 /nfs-server/default-pv-volume-pvc-39e0aef5-21da-4af3-b375-6e9744da3f78 # 在 NFS 上写入 index.html user1@k8s-master:~$ sudo sh -c 'echo "http-server storageclass" > /nfs-server/default-pv-volume-pvc-39e0aef5-21da-4af3-b375-6e9744da3f78/index.html' # 测试访问 user1@k8s-master:~$ kubectl get pod web-server -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES web-server 1/1 Running 0 16m 10.244.76.155 k8s-node-3 <none> <none> user1@k8s-master:~$ curl 10.244.76.155 http-server storageclass
参考资料
- https://kubernetes.io/zh/docs/tasks/configure-pod-container/configure-persistent-volume-storage/