編寫rbac和storageclass資源清單

nfs-rbac.yaml

• rbac鑒權(quán)
• 設(shè)置nfs server
• 設(shè)置nfs客戶端與server端數(shù)據(jù)同步
  • mkdir -p /home/nfsmount && mount -t nfs 192.168.116.101:/nfs/data /home/nfsmount

--- apiVersion: v1 kind: ServiceAccount metadata:name: nfs-provisioner --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata:name: nfs-provisioner-runner rules:- apiGroups: [""]resources: ["persistentvolumes"]verbs: ["get", "list", "watch", "create", "delete"]- apiGroups: [""]resources: ["persistentvolumeclaims"]verbs: ["get", "list", "watch", "update"]- apiGroups: ["storage.k8s.io"]resources: ["storageclasses"]verbs: ["get", "list", "watch"]- apiGroups: [""]resources: ["events"]verbs: ["watch", "create", "update", "patch"]- apiGroups: [""]resources: ["services", "endpoints"]verbs: ["get","create","list", "watch","update"]- apiGroups: ["extensions"]resources: ["podsecuritypolicies"]resourceNames: ["nfs-provisioner"]verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata:name: run-nfs-provisioner subjects:- kind: ServiceAccountname: nfs-provisionernamespace: default roleRef:kind: ClusterRolename: nfs-provisioner-runnerapiGroup: rbac.authorization.k8s.io --- #vi nfs-deployment.yaml；創(chuàng)建nfs-client的授權(quán) kind: Deployment apiVersion: apps/v1 metadata:name: nfs-client-provisioner spec:replicas: 1strategy:type: Recreateselector:matchLabels:app: nfs-client-provisionertemplate:metadata:labels:app: nfs-client-provisionerspec:serviceAccount: nfs-provisionercontainers:- name: nfs-client-provisionerimage: 192.168.145.28:1603/kubesphere/nfs-client-provisioner:v3.1.0-k8s1.11volumeMounts:- name: nfs-client-rootmountPath: /persistentvolumesenv:- name: PROVISIONER_NAME #供應(yīng)者的名字value: storage.pri/nfs #名字雖然可以隨便起，以后引用要一致- name: NFS_SERVERvalue: 192.168.116.101- name: NFS_PATHvalue: /nfs/datavolumes:- name: nfs-client-rootnfs:server: 192.168.116.101path: /nfs/data

storageclass-nfs.yaml

apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:name: storage-nfs provisioner: storage.pri/nfs reclaimPolicy: Delete allowVolumeExpansion: True #允許pvc創(chuàng)建后擴(kuò)容

編寫部署腳本

• 部署nfs-provisioner
• 設(shè)置為默認(rèn)storageclass
  [root@m-1 kubesphere-install]# cat start.sh

sudo kubectl apply -f nfs-rbac.yaml -f storageclass-nfs.yaml sudo kubectl patch storageclass storage-nfs -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

測(cè)試

如下部署mysql有狀態(tài)服務(wù)中的部分就會(huì)使用nfs動(dòng)態(tài)供應(yīng)自動(dòng)創(chuàng)建pv：

volumeClaimTemplates:- metadata:name: mysql-dataspec:accessModes: ["ReadWriteOnce"]resources:requests:storage: 10Gi

mysql-sts：

apiVersion: apps/v1 kind: StatefulSet metadata:name: mysqlnamespace: dmgeo-lib spec:selector:matchLabels:app: mysqlserviceName: mysqlreplicas: 3template:metadata:labels:app: mysqlspec:initContainers:- name: init-mysqlimage: 192.168.145.28:1603/lego/mysql/mysql:5.7command:- bash- "-c"- |set -ex# Generate mysql server-id from pod ordinal index.[[ `hostname` =~ -([0-9]+)$ ]] || exit 1ordinal=${BASH_REMATCH[1]}echo [mysqld] > /mnt/conf.d/server-id.cnf# Add an offset to avoid reserved server-id=0 value.echo server-id=$((100 + $ordinal)) >> /mnt/conf.d/server-id.cnf# Copy appropriate conf.d files from config-map to emptyDir.if [[ $ordinal -eq 0 ]]; thencp /mnt/config-map/primary.cnf /mnt/conf.d/elsecp /mnt/config-map/replica.cnf /mnt/conf.d/fivolumeMounts:- name: mysql-confmountPath: /mnt/conf.d- name: mysql-configmapmountPath: /mnt/config-map- name: clone-mysqlimage: 192.168.145.28:1603/lego/mysql/twoeo/gcr.io-google-samples-xtrabackup:latestcommand:- bash- "-c"- |set -ex# Skip the clone if data already exists.[[ -d /var/lib/mysql/mysql ]] && exit 0# Skip the clone on primary (ordinal index 0).[[ `hostname` =~ -([0-9]+)$ ]] || exit 1ordinal=${BASH_REMATCH[1]}[[ $ordinal -eq 0 ]] && exit 0# Clone data from previous peer.ncat --recv-only mysql-$(($ordinal-1)).mysql 3307 | xbstream -x -C /var/lib/mysql# Prepare the backup.xtrabackup --prepare --target-dir=/var/lib/mysqlvolumeMounts:- name: mysql-datamountPath: /var/lib/mysqlsubPath: mysql- name: mysql-confmountPath: /etc/mysql/conf.dcontainers:- name: mysqlimage: 192.168.145.28:1603/lego/mysql/mysql:5.7env:- name: MYSQL_ROOT_PASSWORDvalue: 123456#- name: MYSQL_ALLOW_EMPTY_PASSWORD# value: "1"ports:- name: mysqlcontainerPort: 3306volumeMounts:- name: mysql-datamountPath: /var/lib/mysqlsubPath: mysql- name: mysql-confmountPath: /etc/mysql/conf.dresources:requests:cpu: 500mmemory: 1GilivenessProbe:exec:command: ["mysqladmin", "ping"]initialDelaySeconds: 30periodSeconds: 10timeoutSeconds: 5readinessProbe:exec:# Check we can execute queries over TCP (skip-networking is off).command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"]initialDelaySeconds: 5periodSeconds: 2timeoutSeconds: 1- name: xtrabackupimage: 192.168.145.28:1603/lego/mysql/twoeo/gcr.io-google-samples-xtrabackup:latestports:- name: xtrabackupcontainerPort: 3307command:- bash- "-c"- |set -excd /var/lib/mysql# Determine binlog position of cloned data, if any.if [[ -f xtrabackup_slave_info && "x$(<xtrabackup_slave_info)" != "x" ]]; then# XtraBackup already generated a partial "CHANGE MASTER TO" query# because we're cloning from an existing replica. (Need to remove the tailing semicolon!)cat xtrabackup_slave_info | sed -E 's/;$//g' > change_master_to.sql.in# Ignore xtrabackup_binlog_info in this case (it's useless).rm -f xtrabackup_slave_info xtrabackup_binlog_infoelif [[ -f xtrabackup_binlog_info ]]; then# We're cloning directly from primary. Parse binlog position.[[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1rm -f xtrabackup_binlog_info xtrabackup_slave_infoecho "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.infi# Check if we need to complete a clone by starting replication.if [[ -f change_master_to.sql.in ]]; thenecho "Waiting for mysqld to be ready (accepting connections)"until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; doneecho "Initializing replication from clone position"mysql -h 127.0.0.1 \-e "$(<change_master_to.sql.in), \MASTER_HOST='mysql-0.mysql', \MASTER_USER='root', \MASTER_PASSWORD='', \MASTER_CONNECT_RETRY=10; \START SLAVE;" || exit 1# In case of container restart, attempt this at-most-once.mv change_master_to.sql.in change_master_to.sql.origfi# Start a server to send backups when requested by peers.exec ncat --listen --keep-open --send-only --max-conns=1 3307 -c \"xtrabackup --backup --slave-info --stream=xbstream --host=127.0.0.1 --user=root"volumeMounts:- name: mysql-datamountPath: /var/lib/mysqlsubPath: mysql- name: mysql-confmountPath: /etc/mysql/conf.dresources:requests:cpu: 100mmemory: 100Mivolumes:- name: mysql-confemptyDir: {}- name: mysql-configmapconfigMap:name: mysql-configmapvolumeClaimTemplates:- metadata:name: mysql-dataspec:accessModes: ["ReadWriteOnce"]resources:requests:storage: 10Gi 與50位技術(shù)專家面對(duì)面20年技術(shù)見證，附贈(zèng)技術(shù)全景圖

總結(jié)

以上是生活随笔為你收集整理的k8s部署nfs-client-provisioner完整实践版（亲测有效）的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。