微信公众号搜索DevOps和k8s全栈技术 ,即可关注我的公众号,也可通过扫描文章最后的二维码关注,每天都会分享技术文章供大家参考阅读~,拥抱开源,同大家共同进步~!!!
什么是storageclass?
1.storageclass(存储类)概念
storageclass是一个存储类,k8s集群管理员通过创建storageclass可以动态生成一个存储卷供k8s用户使用。
2.storageclass资源定义
每个StorageClass都包含字段provisioner,parameters和reclaimPolicy,当需要动态配置属于该类的PersistentVolume时使用这些字段。
StorageClass对象的名称很重要,是用户可以请求特定类的方式。管理员在首次创建StorageClass对象时设置类的名称和其他参数,并且在创建对象后无法更新这些对象。
管理员可以为不请求任何特定类绑定的PVC指定默认的StorageClass
(1)yaml文件示例说明:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
reclaimPolicy: Retain
mountOptions:
- debug
volumeBindingMode: Immediate
(2)Provisioner
storageclass需要有一个供应者,用来确定我们使用什么样的存储来创建pv
常见的provisioner供应者如下:
provisioner既可以是内部供应程序,也可以由外部供应商提供,如果是外部供应商可以参考https://github.com/kubernetes-incubator/external-storage/下提供的方法创建storageclass的provisioner,例如,NFS不提供内部配置程序,但可以使用外部配置程序。一些外部供应商列在存储库https://github.com/kubernetes-incubator/external-storage下。
nfs的provisioner:
https://github.com/kubernetes-incubator/external-storage/tree/master/nfs/deploy/kubernetes
Reclaim Policy
由存储类动态创建持久化存储卷(pv)时可以指定reclaimPolicy字段,这个字段中指定的回收策略可以是Delete或Retain。如果在创建StorageClass对象时未指定reclaimPolicy,则默认为Delete。
Mount Options(挂载选项)
如果Volume Plugin不支持这个挂载选项,但是指定了,就会使provisioner创建失败
Volume Binding Mode
这个字段用来说明什么时候进行卷绑定和动态配置;
默认情况下,立即模式表示一旦创建了PersistentVolumeClaim,就会发生卷绑定和动态配置。对于受拓扑约束且无法从群集中的所有节点全局访问的存储后端,将在不知道Pod的调度要求的情况下绑定或配置PersistentVolumes。这可能导致不可调度的Pod。
集群管理员可以通过指定WaitForFirstConsumer模式来解决此问题,该模式将延迟绑定和配置PersistentVolume,直到创建使用PersistentVolumeClaim的Pod。将根据Pod的调度约束指定的拓扑选择或配置PersistentVolumes。这些包括但不限于资源需求,节点选择器,pod亲和力和反亲和力,以及污点和容忍度。
通过nfs实现存储类的动态供给
1.安装nfs服务
选择自己的任意一台机器,我选择k8s的master1节点,对应的机器ip是192.168.0.6,在192.168.0.6上执行如下步骤,大家在自己环境找一台k8s节点的机器安装就可以了~
(1)yum安装nfs
yum install nfs-utils -y
systemctl start nfs
chkconfig nfs on
(2)在master1上创建一个nfs共享目录
mkdir /data/nfs_pro -p
#修改/etc/exports文件,把刚才生成的共享目录添加到这个文件里
cat /etc/exports
/data/nfs_pro 192.168.0.0/24(rw,no_root_squash)
让刚才配置文件生效
exportfs -arv
systemctl restart nfs
(3)k8s的各个node节点也需要安装nfs
yum install nfs-utils -y
systemctl start nfs
chkconfig nfs on
2.创建运行nfs-provisioner的sa账号
cat serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-provisioner
通过kubectl更新yaml文件
kubectl apply -f serviceaccount.yaml
3.对sa账号做rbac授权
cat service-rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get"]
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
resourceNames: ["nfs-provisioner"]
verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-provisioner
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-provisioner
apiGroup: rbac.authorization.k8s.io
通过kubectl更新yaml文件
kubectl apply -f service-rbac.yaml
4.通过deployment创建pod用来运行nfs-provisioner
cat deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-provisioner
spec:
selector:
matchLabels:
app: nfs-provisioner
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-provisioner
spec:
serviceAccount: nfs-provisioner
containers:
- name: nfs-provisioner
image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: example.com/nfs
- name: NFS_SERVER
value: 192.168.0.6
- name: NFS_PATH
value: /data/storage
volumes:
- name: nfs-client-root
nfs:
server: 192.168.0.6
path: /data/storage
通过kubectl更新yaml文件
kubectl apply -f deployment.yaml
查看nfs provisioner的pod是否创建成功
kubectl get pods
显示如下,说明创建成功
NAME READY STATUS RESTARTS AGE
nfs-provisioner-7d6859cc59-pzr7n 1/1 Running 0 72s
创建storageclass
cat class.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: nfs-storage
provisioner: example.com/nfs
通过kubectl更新yaml文件
kubectl apply -f class.yaml
查看storageclass是否创建成功
kubectl get storageclass
显示如下,说明创建成功
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
nfs-storage example.com/nfs Delete Immediate false 11h
创建pvc-测试storageclass动态生成pvc
cat claim.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim1
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
storageClassName: nfs-storage
通过kubectl更新yaml文件
kubectl apply -f claim.yaml
查看pvc是否创建成功
kubectl get pvc |grep test
显示如下,说明pvc创建成功,并且自动绑定到了storageclass创建的pv上了
test-claim1 Bound pvc-5092a033-8f01-409c-aa7d-3e90b7bf964b 1Mi RWX nfs-storage 29s
测试pod挂载pvc
cat read-pod.yaml
kind: Pod
apiVersion: v1
metadata:
name: read-pod
spec:
containers:
- name: read-pod
image: nginx
volumeMounts:
- name: nfs-pvc
mountPath: /usr/share/nginx/html
restartPolicy: "Never"
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: test-claim1
更新yaml文件
kubectl apply -f read-pod.yaml
创建statefulset,通过volumeClaimTemplate动态生成pv、pvc
cat statefulset-storage.yaml
apiVersion: v1
kind: Service
metadata:
name: storage
labels:
app: storage
spec:
selector:
matchLabels:
app: storage
ports:
- port: 80
name: web
clusterIP: None
selector:
app: storage
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: storage
spec:
selector:
matchLabels:
app: storage
serviceName: "storage"
replicas: 2
template:
metadata:
labels:
app: storage
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
annotations:
volume.beta.kubernetes.io/storage-class: "nfs-storage"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 2Gi
更新yaml文件
kubectl apply -f statefulset-storage.yaml
查看pod是否创建成功
kubectl get pods | grep storage
显示如下,说明创建成功
storage-0 1/1 Running 0 2m49s
storage-1 1/1 Running 0 119s
查看生成的pv
kubectl get pv | grep www-storage
显示如下,说明已经给pod动态生成对应的pv了
pvc-02974ea1-a954-4c21-af24-f02eea389eb3 2Gi RWO Delete Bound default/www-storage-1 nfs-storage 3m56s
pvc-de5f92fa-26ec-4850-a2a5-b13fe2ef1e1e 2Gi RWO Delete Bound default/www-storage-0 nfs-storage 3m56s
查看生成的pvc
kubectl get pvc | grep www-storage
显示如下,可看到已经为pod生成对应的pvc,并且绑定到了pv
www-storage-0 Bound pvc-de5f92fa-26ec-4850-a2a5-b13fe2ef1e1e 2Gi RWO nfs-storage 6m52s
www-storage-1 Bound pvc-02974ea1-a954-4c21-af24-f02eea389eb3 2Gi RWO nfs-storage 6m2s
往期精彩文章
Prometheus+Grafana+Alertmanager搭建全方位的监控告警系统-超详细文档
k8s1.18多master节点高可用集群安装-超详细中文官方文档
Kubernetes Pod健康检查-livenessProbe和readinessProbe
kubernetes pod生命周期管理-postStart和preStop
运维常见问题汇总-tomcat部署java项目大量close_wait解决方案
使用ingress暴露kubernetes集群内部的pod服务
jenkins+kubernetes+harbor+gitlab构建企业级devops平台
技术交流群
可以加我微信:luckylucky421302 ,拉您进技术群交流,也可扫描下面的二维码直接进群,一起学习交流~
微信公众号
长按指纹关注公众号????
点击在看少个 bug????
3841
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
