上面介紹的PV和PVC模式是需要運(yùn)維人員先創(chuàng)建好PV捂齐,然后開(kāi)發(fā)人員定義好PVC進(jìn)行一對(duì)一的Bond慧脱,但是如果PVC請(qǐng)求成千上萬(wàn)酬滤,那么就需要?jiǎng)?chuàng)建成千上萬(wàn)的PV镜廉,對(duì)于運(yùn)維人員來(lái)說(shuō)維護(hù)成本很高弄诲,Kubernetes提供一種自動(dòng)創(chuàng)建PV的機(jī)制,叫StorageClass娇唯,它的作用就是創(chuàng)建PV的模板齐遵。
具體來(lái)說(shuō),StorageClass會(huì)定義一下兩部分:
- PV的屬性 塔插,比如存儲(chǔ)的大小梗摇、類(lèi)型等;
- 創(chuàng)建這種PV需要使用到的存儲(chǔ)插件想许,比如Ceph等伶授;
有了這兩部分信息,Kubernetes就能夠根據(jù)用戶提交的PVC流纹,找到對(duì)應(yīng)的StorageClass糜烹,然后Kubernetes就會(huì)調(diào)用 StorageClass聲明的存儲(chǔ)插件,創(chuàng)建出需要的PV漱凝。
這里我們以NFS為例疮蹦,要使用NFS,我們就需要一個(gè)nfs-client的自動(dòng)裝載程序碉哑,我們稱(chēng)之為Provisioner挚币,這個(gè)程序會(huì)使用我們已經(jīng)配置好的NFS服務(wù)器自動(dòng)創(chuàng)建持久卷,也就是自動(dòng)幫我們創(chuàng)建PV扣典。
說(shuō)明:
- 自動(dòng)創(chuàng)建的PV會(huì)以
{pvcName}-${pvName}的目錄格式放到NFS服務(wù)器上妆毕;
- 如果這個(gè)PV被回收,則會(huì)以archieved-
詳細(xì)可以參考:https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client
在部署之前笛粘,首先得確保有可用得NFS服務(wù)器,這里默認(rèn)已經(jīng)有可用得NFS服務(wù)器了。
1薪前、創(chuàng)建ServiceAccount润努,為nfs-client授權(quán)。
nfs-client-sa.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nfs-client-provisioner-clusterrole
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nfs-client-provisioner-clusterrolebinding
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-clusterrole
apiGroup: rbac.authorization.k8s.io
通過(guò)上面得配置示括,設(shè)置nfs-client對(duì)PV铺浇,PVC,StorageClass等得規(guī)則垛膝。接下來(lái)我們創(chuàng)建這個(gè)YAML文件:
[root@master storageclass]# kubectl apply -f nfs-client-sa.yaml
serviceaccount/nfs-client-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-clusterrole created
clusterrolebinding.rbac.authorization.k8s.io/nfs-client-provisioner-clusterrolebinding created
2鳍侣、創(chuàng)建nfs-client
使用Deployment來(lái)創(chuàng)建nfs-client,配置如下:
nfs-client.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nfs-client-prosioner
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-prosioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-prosioner
image: registry.cn-hangzhou.aliyuncs.com/rookieops/nfs-client-provisioner:v0.1
imagePullPolicy: IfNotPresent
volumeMounts:
- name: nfs-client-root
mountPath: /data/pv
env:
- name: PROVISIONER_NAME
value: rookieops/nfs
- name: NFS_SERVER
value: 122.51.79.172
- name: NFS_PATH
value: /data/k8s/prometheus
volumes:
- name: nfs-client-root
nfs:
server: 122.51.79.172
path: /data/k8s/prometheus
然后創(chuàng)建這個(gè)YAML文件吼拥。
[root@master storageclass]# kubectl apply -f nfs-client.yaml
deployment.extensions/nfs-client-prosioner created
查看其狀態(tài):
[root@master storageclass]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nfs-client-prosioner-66c9bb7f88-q2qm4 1/1 Running 0 52m
3倚聚、上面得創(chuàng)建完成后就可以創(chuàng)建StorageClass了。
nfs-client-storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-client-storageclass
provisioner: rookieops/nfs
注意provisioner必須和上面得Deployment的YAML文件中PROVISIONER_NAME的值保持一致凿可。
創(chuàng)建這個(gè)YAML文件:
[root@master storageclass]# kubectl apply -f nfs-client-storageclass.yaml
storageclass.storage.k8s.io/nfs-client-storageclass created
[root@master storageclass]# kubectl get storageclass
NAME PROVISIONER AGE
nfs-client-storageclass fuseim.pri/ifs 15s
4惑折、創(chuàng)建PVC
test-nfs-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: test-nfs-pvc2
annotations:
volume.beta.kubernetes.io/storage-class: "nfs-client-storageclass"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
annotations的作用是在PVC里聲明一個(gè)StorageClass對(duì)象的標(biāo)識(shí)。
創(chuàng)建這個(gè)YAML文件,觀察其狀態(tài):
[root@master storageclass]# kubectl apply -f test-pvc.yaml
persistentvolumeclaim/test-nfs-pvc created
[root@master storageclass]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
test-nfs-pvc Bound pvc-e5b8765b-1d7b-4529-860f-bbe34e0b4109 1Mi RWX nfs-client-storageclass 2m16s
我們看到該P(yáng)VC自動(dòng)申請(qǐng)到空間,其STORAGECLASS就是我們創(chuàng)建的nfs-client-storageclass下梢。
5、創(chuàng)建一個(gè)Pod敞咧,進(jìn)行測(cè)試<br />test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-storageclass-pod
spec:
containers:
- name: busybox
image: busybox:latest
imagePullPolicy: IfNotPresent
command:
- "/bin/sh"
- "-c"
args:
- "sleep 3600"
volumeMounts:
- name: nfs-pvc
mountPath: /mnt
restartPolicy: Never
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: test-nfs-pvc2
然后查看NFS服務(wù)器上是否生成對(duì)應(yīng)的目錄:
[root@master k8s]# ll
total 0
drwxrwxrwx 2 root root 6 Oct 29 17:21 default-test-nfs-pvc2-pvc-91671ba7-8da8-4611-8bd5-3673f63d15cb
我們可以看到生成了對(duì)應(yīng)的目錄,格式和我們上面說(shuō)的一致」枷伲現(xiàn)在進(jìn)Pod向該目錄下寫(xiě)一個(gè)文件休建,然后查看NFS服務(wù)器上是否存在該文件:
[root@master storageclass]# kubectl exec -it test-storageclass-pod -- /bin/sh
/ # cd /mnt/
/mnt # echo "hello,I am NFS Server!" > test
/mnt # ls
test
[root@master default-test-nfs-pvc2-pvc-91671ba7-8da8-4611-8bd5-3673f63d15cb]# ls
test
[root@master default-test-nfs-pvc2-pvc-91671ba7-8da8-4611-8bd5-3673f63d15cb]# cat test
hello,I am NFS Server!
我們發(fā)現(xiàn)NFS服務(wù)器上存在,說(shuō)明我們驗(yàn)證成功评疗。
另外我們可以看到我們這里是手動(dòng)創(chuàng)建的一個(gè) PVC 對(duì)象测砂,在實(shí)際工作中,使用 StorageClass 更多的是 StatefulSet 類(lèi)型的服務(wù)百匆,StatefulSet 類(lèi)型的服務(wù)我們也可以通過(guò)一個(gè) volumeClaimTemplates 屬性來(lái)直接使用 StorageClass砌些,如下:(test-statefulset-nfs.yaml)
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: nfs-web
spec:
serviceName: "nginx"
replicas: 2
template:
metadata:
labels:
app: nfs-web
spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx
image: nginx:1.7.9
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
annotations:
volume.beta.kubernetes.io/storage-class: nfs-client-storageclass
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
可以看到volumeClaimTemplates就是我們上面的PVC模板。然后我們創(chuàng)建這個(gè)文件:
[root@master storageclass]# kubectl apply -f test-statefulset.yaml
statefulset.apps/nfs-web created
[root@master storageclass]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
www-nfs-web-0 Bound pvc-5df69dbe-8b54-45dd-acd0-769c0c9ee1b8 1Gi RWO nfs-client-storageclass 7s
www-nfs-web-1 Bound pvc-0e83fef9-ec16-4e02-8482-7e04b7c81c92 1Gi RWO nfs-client-storageclass 3s
可以看到會(huì)自動(dòng)生成兩個(gè)PVC加匈。
在NFS服務(wù)器上也可以看到正常創(chuàng)建了目錄:
[root@master k8s]# ll
total 0
drwxrwxrwx 2 root root 18 Oct 29 17:29 default-test-nfs-pvc2-pvc-91671ba7-8da8-4611-8bd5-3673f63d15cb
drwxrwxrwx 2 root root 6 Oct 29 17:34 default-www-nfs-web-0-pvc-5df69dbe-8b54-45dd-acd0-769c0c9ee1b8
drwxrwxrwx 2 root root 6 Oct 29 17:34 default-www-nfs-web-1-pvc-0e83fef9-ec16-4e02-8482-7e04b7c81c92
-----------------------
公眾號(hào):?jiǎn)踢吂适拢↖D:qiaobiangushi)
知乎: 喬邊故事
頭條號(hào):?jiǎn)踢吂适?/strong>
只要臉皮夠厚存璃,整個(gè)世界都將被你踩在腳下。
-----------------------
