動(dòng)態(tài)存儲(chǔ)是什么

Openshift持久化存儲(chǔ)（PV）有兩種丹壕，一種是靜態(tài)的，另一種是動(dòng)態(tài)薇溃。

• 靜態(tài)存儲(chǔ)：需要管理員手動(dòng)創(chuàng)建PV菌赖，供PVC掛載調(diào)用
• 動(dòng)態(tài)存儲(chǔ)：通過(guò)一個(gè)稱作 Storage Class的對(duì)象由存儲(chǔ)系統(tǒng)根據(jù)PVC的要求自動(dòng)創(chuàng)建。

StorageClass是什么

• StorageClass是Openshfit中的一個(gè)資源對(duì)象沐序，它主要用于描述請(qǐng)求的存儲(chǔ)琉用，并提供按需傳遞動(dòng)態(tài)預(yù)配置存儲(chǔ)的參數(shù)的方法。
• StorageClass對(duì)象還可以用作控制不同級(jí)別的存儲(chǔ)和對(duì)存儲(chǔ)的訪問(wèn)的管理機(jī)制策幼。
• 有了StorageClass后辕羽，管理員無(wú)需手動(dòng)創(chuàng)建PV。Openshift的使用者在創(chuàng)建PVC時(shí)只需要指定StorageClass,會(huì)自動(dòng)按照對(duì)應(yīng)的StorageClass配置垄惧，調(diào)用對(duì)應(yīng)的Dynamic provisioning來(lái)創(chuàng)建需要的存儲(chǔ)

沒(méi)有StorageClass時(shí)代刁愿，如何使用NFS

每次需要手動(dòng)創(chuàng)建PV，一句話：麻煩到逊。

StorageClass時(shí)代來(lái)了

一次配置铣口，永久自動(dòng)，無(wú)需手動(dòng)創(chuàng)建PV觉壶，一句話：方便脑题。

NFS Provisioner原理

NFS Provisioner原理

1. 新建PVC時(shí)，指定為默認(rèn)驅(qū)動(dòng)铜靶，或者指定storageclass為nfs storage
2. 運(yùn)行nfs client provisioner的pod會(huì)根據(jù)配置叔遂，在共享的NFS目錄下創(chuàng)建新的文件夾，同時(shí)創(chuàng)建新的PV指向該文件夾
3. 將新建的PVC與2中新建的PV關(guān)聯(lián)，完成PVC的創(chuàng)建
4. 該P(yáng)VC就可以被調(diào)用的Pod掛載了已艰。

NFS StorageClass具體配置步驟

1. 準(zhǔn)備NFS服務(wù)

$ yum install nfs -y
$ mkdir -p /nfsdata/share
$ chown nfsnobody:nfsnobody /nfsdata/share
$ chmod 700 /nfsdata/share

$ #開(kāi)放nfs訪問(wèn)的端口
$ iptables -A INPUT -p tcp --dport 111 -j ACCEPT
$ iptables -A INPUT -p udp --dport 111 -j ACCEPT
$ iptables -A INPUT -p tcp --dport 2049 -j ACCEPT
$ iptables -A INPUT -p udp --dport 2049 -j ACCEPT

$ # 配置NFS
$ echo "/nfsdata/share *(rw,async,no_root_squash)" >> /etc/exports
$ exportfs -a #加載共享目錄配置
$ showmount -e #查看當(dāng)前可用的共享目錄

$ # 啟動(dòng)NFS
$ systemctl restart nfs

2. 確定Provisioner安裝的project（默認(rèn)為default）
   如果使用default project的話

$ oc project default

如果希望將它部署在自定義的project中痊末，則新建project

$ oc new-project nfs-provisoner

3. 如果安裝的project不是default的話，需要更改配置rbac.yaml,再設(shè)置權(quán)限

$ cat rbac.yaml
kind: ServiceAccount
apiVersion: v1
metadata:
  name: nfs-client-provisioner
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io

$ NAMESPACE=`oc project -q`
$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml

$ oc create -f deploy/rbac.yaml
$ oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner

4. 更新deploy/deployment.yaml哩掺，設(shè)置NFS Server的配置

$ cat << EOF | oc create -f -
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: nfs-client-provisioner
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: docker.io/xhuaustc/nfs-client-provisioner:latest
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: fuseim.pri/ifs
            - name: NFS_SERVER
              value: <YOUR NFS SERVER HOSTNAME>
            - name: NFS_PATH
              value: /nfsdata/share
      volumes:
        - name: nfs-client-root
          nfs:
            server: <YOUR NFS SERVER HOSTNAME>
            path: /nfsdata/share
EOF

5. 創(chuàng)建storageclass

$ cat << EOF | oc create -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: managed-nfs-storage
  annotations:
    storageclass.kubernetes.io/is-default-class: "true" # 設(shè)置該storageclass為PVC創(chuàng)建時(shí)默認(rèn)使用的存儲(chǔ)機(jī)制
provisioner: fuseim.pri/ifs # 匹配deployment中的環(huán)境變量'PROVISIONER_NAME'
parameters:
  archiveOnDelete: "true" # "false" 刪除PVC時(shí)不會(huì)保留數(shù)據(jù)凿叠，"true"將保留PVC數(shù)據(jù)
reclaimPolicy: Delete
EOF

NFS StorageClass使用

1. 創(chuàng)建PVC

$ cat << EOF | oc create -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    volume.beta.kubernetes.io/storage-class: managed-nfs-storage
    volume.beta.kubernetes.io/storage-provisioner: fuseim.pri/ifs
  name: testpvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
EOF

如果storageclass中設(shè)置了storageclass.kubernetes.io/is-default-class: "true"，可以更簡(jiǎn)單地創(chuàng)建PVC

$ cat << EOF | oc create -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: hello-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
EOF

2. 查看PVC

$ oc get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS     CLAIM                            STORAGECLASS          REASON    AGE
pvc-fb952566-4bed-11e9-9007-525400ad3b43   1Gi        RWO            Delete           Bound      test/hello-pvc                 managed-nfs-storage             5m

$ oc get pvc
hello-pvc   Bound     pvc-fb952566-4bed-11e9-9007-525400ad3b43   1Gi        RWO            managed-nfs-storage   4m

3. 如果storageclass中設(shè)置了archiveOnDelete: "true"嚼吞，在刪除PVC時(shí)盒件，會(huì)將數(shù)據(jù)目錄歸檔

$ ls /nfsdata/share
test-hello-pvc-pvc-fb952566-4bed-11e9-9007-525400ad3b43

$ oc delete pvc hello-pvc
$ ls /nfsdata/share
archived-test-hello-pvc-pvc-fb952566-4bed-11e9-9007-525400ad3b43
$ #數(shù)據(jù)目錄被改名為以archived開(kāi)頭的文件夾，同時(shí)刪除了對(duì)應(yīng)的PV和PVC

總結(jié)

有了NFS StorageClass后舱禽，創(chuàng)建存儲(chǔ)就非常簡(jiǎn)單方便了炒刁。
Openshift NFS動(dòng)態(tài)存儲(chǔ)代碼 https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client

引用自：https://mp.weixin.qq.com/s/HgDCDgYjkX5en7ORNeG0yA