首先nfs搭建:https://blog.csdn.net/weixin_41831919/article/details/118057550
已经有了 172.17.0.10:/btwo
创建sc
apiVersion: storage.k8s.io/v1beta1
kind: StorageClass
metadata:
# StorageClass名称
name: managed-nfs-storage
# # 默认不支持nfs存储,添加支持web插件标识
provisioner: fuseim.pri/ifs
创建rbac授权apiserver
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nfs-client-provisioner-runner
# 角色中可以访问的权限
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
---
# 角色绑定
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: run-nfs-client-provisioner
subjects:
# 绑定角色 ServiceAccount
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
创建nfs相关存储指定服务
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: nfs-client-provisioner
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
imagePullSecrets:
- name: registry-pull-secret
# 绑定角色定义的名称
serviceAccount: nfs-client-provisioner
containers:
# 镜像拉取
- name: nfs-client-provisioner
image: swr.cn-north-4.myhuaweicloud.com/try/nfs-client-provisioner:v2.0.0
# 自定义变量格式处理
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
# 指定标识插件的值
value: fuseim.pri/ifs
- name: NFS_SERVER
# nfs地址
value: 172.17.0.10
- name: NFS_PATH
# 挂在路径
value: /btwo
volumes:
- name: nfs-client-root
nfs:
# nfs地址
server: 172.17.0.10
# 共享路径
path: /btwo
需要修改的地方
创建容器
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: nginx-statefulset
namespace: default
spec:
serviceName: nginx
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "managed-nfs-storage"
resources:
requests:
storage: 1Gi