Kubernetes 硬盘持久化之 StorageClass

Kubernetes 硬盘持久化之 StorageClass

StorageClass 定义

StorageClass 为管理员提供了描述存储"类"的方法。 不同的类型可能会映射到不同的服务质量等级或备份策略，或是由集群管理员制定的任意策略。 这个类的概念在其他存储系统中有时被称为"配置文件"。每个 StorageClass 都包含 provisioner、parameters 和 reclaimPolicy 字段， 这些字段会在 StorageClass 需要动态制备 PersistentVolume 时会使用到。

StorageClass 使用

1. 创建 NFS 制备商账户 nfs-client-provisioner的 rabc.yaml权限文件

   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: nfs-client-provisioner
     # replace with namespace where provisioner is deployed
     namespace: default
   ---
   kind: ClusterRole
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     name: nfs-client-provisioner-runner
   rules:
     - apiGroups: [""]
       resources: ["nodes"]
       verbs: ["get", "list", "watch"]
     - apiGroups: [""]
       resources: ["persistentvolumes"]
       verbs: ["get", "list", "watch", "create", "delete"]
     - apiGroups: [""]
       resources: ["persistentvolumeclaims"]
       verbs: ["get", "list", "watch", "update"]
     - apiGroups: ["storage.k8s.io"]
       resources: ["storageclasses"]
       verbs: ["get", "list", "watch"]
     - apiGroups: [""]
       resources: ["events"]
       verbs: ["create", "update", "patch"]
   ---
   kind: ClusterRoleBinding
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     name: run-nfs-client-provisioner
   subjects:
     - kind: ServiceAccount
       name: nfs-client-provisioner
       # replace with namespace where provisioner is deployed
       namespace: default
   roleRef:
     kind: ClusterRole
     name: nfs-client-provisioner-runner
     apiGroup: rbac.authorization.k8s.io
   ---
   kind: Role
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     name: leader-locking-nfs-client-provisioner
     # replace with namespace where provisioner is deployed
     namespace: default
   rules:
     - apiGroups: [""]
       resources: ["endpoints"]
       verbs: ["get", "list", "watch", "create", "update", "patch"]
   ---
   kind: RoleBinding
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     name: leader-locking-nfs-client-provisioner
     # replace with namespace where provisioner is deployed
     namespace: default
   subjects:
     - kind: ServiceAccount
       name: nfs-client-provisioner
       # replace with namespace where provisioner is deployed
       namespace: default
   roleRef:
     kind: Role
     name: leader-locking-nfs-client-provisioner
     apiGroup: rbac.authorization.k8s.io
   

   root@k8s-master1:~# kubectl get sa
   NAME                     SECRETS   AGE
   default                  0         15d
   nfs-client-provisioner   0         5s
   

2. 创建 NFS 制备商 Pod

   kind: Deployment
   apiVersion: apps/v1
   metadata:
     name: nfs-client-provisioner
   spec:
     replicas: 1
     selector:
       matchLabels:
         app: nfs-client-provisioner
     strategy:
       type: Recreate
     template:
       metadata:
         labels:
           app: nfs-client-provisioner
       spec:
         serviceAccountName: nfs-client-provisioner
         containers:
           - name: nfs-client-provisioner
             image: registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
             volumeMounts:
               - name: nfs-client-root
                 mountPath: /persistentvolumes
             env:
               - name: PROVISIONER_NAME
                 value: k8s-sigs.io/nfs-subdir-external-provisioner
               - name: NFS_SERVER
                 value: 192.168.31.60
               - name: NFS_PATH
                 value: /nfs-test
         volumes:
           - name: nfs-client-root
             nfs:
               server: 192.168.31.60
               path: /nfs-test
   

3. 创建 NFS StorageClass

   apiVersion: storage.k8s.io/v1
   kind: StorageClass
   metadata:
     name: nfs-client
   provisioner: k8s-sigs.io/nfs-subdir-external-provisioner # or choose another name, must match deployment's env PROVISIONER_NAME'
   parameters:
     pathPattern: "${.PVC.namespace}/${.PVC.annotations.nfs.io/storage-path}" # waits for nfs.io/storage-path annotation, if not specified will accept as empty string.
     onDelete: delete
   

4. 创建 NFS PVC

   kind: PersistentVolumeClaim
   apiVersion: v1
   metadata:
     name: nfs-claim1
     annotations:
       nfs.io/storage-path: "pvc1"
   spec:
     storageClassName: nfs-client
     accessModes:
       - ReadWriteMany
     resources:
       requests:
         storage: 100Mi
   ---
   kind: PersistentVolumeClaim
   apiVersion: v1
   metadata:
     name: nfs-claim2
     annotations:
       nfs.io/storage-path: "pvc2"
   spec:
     storageClassName: nfs-client
     accessModes:
       - ReadOnlyMany
     resources:
       requests:
         storage: 100Mi
   

5. 创建测试 Pod

   kind: Pod
   apiVersion: v1
   metadata:
     name: pod-nfs-test1
   spec:
     containers:
       - name: nfs-test1
         image: busybox:stable
         command:
           - "/bin/sh"
         args:
           - "-c"
           - "echo hello > /mnt/SUCCESS1 && exit 0 || exit 1"
         volumeMounts:
           - name: nfs-pvc1
             mountPath: "/mnt"
     restartPolicy: "Never"
     volumes:
       - name: nfs-pvc1
         persistentVolumeClaim:
           claimName: nfs-claim1
   ---
   kind: Pod
   apiVersion: v1
   metadata:
     name: pod-nfs-test2
   spec:
     containers:
       - name: nfs-test2
         image: busybox:stable
         command:
           - "/bin/sh"
         args:
           - "-c"
           - "echo hello > /mnt/SUCCESS2 && exit 0 || exit 1"
         volumeMounts:
           - name: nfs-pvc2
             mountPath: "/mnt"
     restartPolicy: "Never"
     volumes:
       - name: nfs-pvc2
         persistentVolumeClaim:
           claimName: nfs-claim2