Data persistence process for the previous two to achieve k8s: nfs underlying storage structures === "Create PV ====" Create of PVC === "Create pod. The final pod in the container to achieve persistent data.
The above process, seemingly no problem, but in reflection, PVC when the PV application storage space, is to determine which specific to PV to apply for space pv according to the specified name, access mode, capacity, size, and if the PV capacity of 20G, the access mode is defined WRO (read only allow a single node to mount manner), and the storage application is 1OG PVC, that PVC is then once the space above the PV application, i.e. , the 10 G PV space is wasted, as it only allows a single node to be mounted. Even without considering this issue, we have to manually create each PV will be more troublesome thing, this time, we need an automated tool to back us create PV.
This thing is an open source image provided Ali "nfs-client-provisioner", this thing is driven by k8s built-in NFS mount a remote NFS server to a local directory, and then itself as a storage (storage).
Of course, PVC is not directly whereabouts of storage space nfs-client-provisioner As used herein, then, we need SC (storageClass) The resource object to apply the fundamental role of the SC is to be created automatically based on the value of PV PVC defined .
The following is an example of Nginx PV automatically created based on data persistence.
1, set up nfs service
For convenience, I am here to do nfs directly on the master.
[root@master ~]# yum -y install nfs-utils
[root@master ~]# systemctl enable rpcbind
[root@master lv]# mkdir -p /nfsdata
[root@master ~]# vim /etc/exports
/nfsdata *(rw,sync,no_root_squash)
[root@master ~]# systemctl start nfs-server
[root@master ~]# systemctl enable nfs-server
[root@master ~]# showmount -e
Export list for master:
/nfsdata *2. Create rbac authorization
This automatic creation pv way related to the rbac authorization.
[root@master ~]# vim rbac-rolebind.yaml #创建rbac授权用户,在以下文件必须指定名称空间,哪怕是default
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-provisioner
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nfs-provisioner-runner
namespace: default
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get","create","list", "watch","update"]
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
resourceNames: ["nfs-provisioner"]
verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-provisioner-runner
apiGroup: rbac.authorization.k8s.io
[root@master ~]# kubectl apply -f rbac-rolebind.yaml #执行yaml文件3. Create nfs-client-provisioner container
[root@master ~]# vim nfs-deployment.yaml #编写yaml文件
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nfs-client-provisioner
namespace: default
spec:
replicas: 1 #副本数量为1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccount: nfs-provisioner #指定账户
containers:
- name: nfs-client-provisioner
image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner #使用的是这个镜像
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes #指定容器内的挂载目录
env:
- name: PROVISIONER_NAME #这是这个容器内置的变量
value: ljz-test #这是上面变量的值(名字)
- name: NFS_SERVER #内置变量,用于指定nfs服务的IP
value: 192.168.20.6
- name: NFS_PATH #内置变量,指定的是nfs共享的目录
value: /nfsdata
volumes: #这下面是指定上面挂载到容器内的nfs的路径及IP
- name: nfs-client-root
nfs:
server: 192.168.20.6
path: /nfsdata
[root@master ~]# kubectl apply -f nfs-deployment.yaml #执行yaml文件4, create SC (StorageClass)
[root@master ~]# vim test-storageclass.yaml #编写yaml文件
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: statefu-nfs
namespace: default
provisioner: ljz-test #这里要和第三个nfs-client-provisioner的env环境变量中的value值对应。
reclaimPolicy: Retain #回收策略为:retain,还有一个默认的值为“default”
[root@master ~]# kubectl apply -f test-storageclass.yaml #执行yaml文件
5. Create a PVC
[root@master ~]# vim test-pvc.yaml #编写yaml文件
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: test-claim
namespace: default
spec:
storageClassName: statefu-nfs #定义存储类的名字,要和SC的名字对应
accessModes:
- ReadWriteMany #访问模式为RWM
resources:
requests:
storage: 500Mi
[root@master ~]# kubectl apply -f test-pvc.yaml #执行yaml文件
#查看是否自动创建了PV并为bound状态
[root@master ~]# kubectl get pv,pvc
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
persistentvolume/pvc-355593f0-2dfd-4b48-a3c6-c58d4843bcf4 500Mi RWX Delete Bound default/test-claim statefu-nfs 2m53s
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
persistentvolumeclaim/test-claim Bound pvc-355593f0-2dfd-4b48-a3c6-c58d4843bcf4 500Mi RWX statefu-nfs 2m53s
In fact, so far, we have achieved to automatically create an application storage space of PVC PV (local nfs shared directory has generated a directory name very long, is pv + pvc name defined directory name), as the PVC application the space is the use to which the pod, which was no longer valid.
6, create a mirror image of pod-based Nginx
[root@master ~]# vim nginx-pod.yaml #编写yaml文件
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: myweb
namespace: default
spec:
replicas: 3
template:
metadata:
labels:
app: web
spec:
containers:
- name: myweb
image: nginx:latest
volumeMounts:
- name: myweb-persistent-storage
mountPath: /usr/share/nginx/html/
volumes:
- name: myweb-persistent-storage
persistentVolumeClaim:
claimName: test-claim #这的名字要和PVC的名字一致
[root@master ~]# kubectl apply -f nginx-pod.yaml #执行yaml文件
After performing the above yaml file, nginx web directories in the container on the local and nfs shared directory linked up.