k8s使用CSI-NFS驱动

NFS不支持扩容!!!!!!!!

创建驱动管理器

创建文件csi-nfs-driverinfo.yaml,内容如下

---
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
  name: nfs.csi.k8s.io
spec:
  attachRequired: false
  volumeLifecycleModes:
    - Persistent
  podInfoOnMount: true

创建控制器

创建文件csi-nfs-controller.yaml,内容如下

kind: Deployment
apiVersion: apps/v1
metadata:
  name: csi-nfs-controller
  namespace: kube-system
spec:
  replicas: 2
  selector:
    matchLabels:
      app: csi-nfs-controller
  template:
    metadata:
      labels:
        app: csi-nfs-controller
    spec:
      serviceAccountName: csi-nfs-controller-sa
      nodeSelector:
        kubernetes.io/os: linux
      priorityClassName: system-cluster-critical
      tolerations:
        - key: "node-role.kubernetes.io/master"
          operator: "Equal"
          value: "true"
          effect: "NoSchedule"
      containers:
        - name: csi-provisioner
          # k8s.gcr.io/sig-storage/csi-provisioner:v2.0.4
          image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:v2.0.4
          args:
            - "-v=5"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
          resources:
            limits:
              cpu: 100m
              memory: 100Mi
            requests:
              cpu: 10m
              memory: 20Mi
        - name: liveness-probe
          # k8s.gcr.io/sig-storage/livenessprobe:v2.1.0
          image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:v2.1.0
          args:
            - --csi-address=/csi/csi.sock
            - --probe-timeout=3s
            - --health-port=29642
            - --v=5
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          resources:
            limits:
              cpu: 100m
              memory: 100Mi
            requests:
              cpu: 10m
              memory: 20Mi
        - name: nfs
          # gcr.io/k8s-staging-sig-storage/nfsplugin:amd64-linux-canary
          image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:amd64-linux-canary
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
            allowPrivilegeEscalation: true
          imagePullPolicy: IfNotPresent
          args:
            - "-v=5"
            - "--nodeid=$(NODE_ID)"
            - "--endpoint=$(CSI_ENDPOINT)"
          env:
            - name: NODE_ID
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
          volumeMounts:
            - name: pods-mount-dir
              mountPath: /var/lib/kubelet/pods
              mountPropagation: "Bidirectional"
            - mountPath: /csi
              name: socket-dir
          resources:
            limits:
              cpu: 200m
              memory: 200Mi
            requests:
              cpu: 10m
              memory: 20Mi
      volumes:
        - name: pods-mount-dir
          hostPath:
            path: /var/lib/kubelet/pods
            type: Directory
        - name: socket-dir
          emptyDir: {}

创建node

创建文件csi-nfs-node.yaml,内容如下

kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: csi-nfs-node
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: csi-nfs-node
  template:
    metadata:
      labels:
        app: csi-nfs-node
    spec:
      tolerations: # 使其可以运行在k8s主节点上
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
      serviceAccountName: csi-nfs-controller-sa
      hostNetwork: true  # original nfs connection would be broken without hostNetwork setting
      dnsPolicy: ClusterFirstWithHostNet
      containers:
        - name: liveness-probe
          # k8s.gcr.io/sig-storage/livenessprobe:v2.1.0
          image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:v2.1.0
          args:
            - --csi-address=/csi/csi.sock
            - --probe-timeout=3s
            - --health-port=29642
            - --v=5
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          resources:
            limits:
              cpu: 100m
              memory: 100Mi
            requests:
              cpu: 10m
              memory: 20Mi
        - name: node-driver-registrar
          # k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1
          image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:v2.0.1
          lifecycle:
            preStop:
              exec:
                command: ["/bin/sh", "-c", "rm -rf /registration/csi-nfsplugin /registration/csi-nfsplugin-reg.sock"]
          args:
            - --v=5
            - --csi-address=/csi/csi.sock
            - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-nfsplugin/csi.sock
          env:
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - name: registration-dir
              mountPath: /registration
        - name: nfs
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
            allowPrivilegeEscalation: true
            # gcr.io/k8s-staging-sig-storage/nfsplugin:amd64-linux-canary
          image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:amd64-linux-canary
          args:
            - "-v=5"
            - "--nodeid=$(NODE_ID)"
            - "--endpoint=$(CSI_ENDPOINT)"
          env:
            - name: NODE_ID
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - name: pods-mount-dir
              mountPath: /var/lib/kubelet/pods
              mountPropagation: "Bidirectional"
      volumes:
        - name: socket-dir
          hostPath:
            path: /var/lib/kubelet/plugins/csi-nfsplugin
            type: DirectoryOrCreate
        - name: pods-mount-dir
          hostPath:
            path: /var/lib/kubelet/pods
            type: Directory
        - hostPath:
            path: /var/lib/kubelet/plugins_registry
            type: Directory
          name: registration-dir

创建角色文件

创建文件rbac-csi-nfs-controller.yaml,内容如下

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: csi-nfs-controller-sa
  namespace: kube-system

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-external-provisioner-role
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["csinodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-csi-provisioner-binding
subjects:
  - kind: ServiceAccount
    name: csi-nfs-controller-sa
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: nfs-external-provisioner-role
  apiGroup: rbac.authorization.k8s.io

执行部署脚本

#!/bin/bash
#-----> 初始化只需要执行一次即可
# 初始化 nfs 角色组
kubectl apply -f rbac-csi-nfs-controller.yaml
# 初始化 存储驱动
kubectl apply -f csi-nfs-driverinfo.yaml

# 初始化 节点信息
kubectl apply -f csi-nfs-node.yaml

# 初始化 控制器
kubectl apply -f csi-nfs-controller.yaml

使用demo—–sc

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-csi-mnt-log-${name}
  # 和上面的驱动名称保持一致
provisioner: nfs.csi.k8s.io
parameters:
  server: ${NFS_SERVER}  # todo 修改为自己的nfs的服务器地址
  share: ${NFS_SHARE_PATH}  # todo 修改为nfs的目录
reclaimPolicy: Retain  # only retain is supported,目前这个回收策略只支持Retain
volumeBindingMode: Immediate
# 是否支持动态扩容
allowVolumeExpansion: true
mountOptions:
  - nolock
  - vers=3
  - noresvport

使用demo—-pod

apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: ${name}
  name: ${name}
  namespace: ${NAME_SPACE}
spec:
  replicas: 1
  serviceName: ${name}-service
  selector:
    matchLabels:
      app: ${name}
  template:
    metadata:
      labels:
        app: ${name}
    spec:
      imagePullSecrets:
        # 仓库授权码标记
        - name: ${SECRETS}
      containers:
        - name: ${name}
          image: ${DOCKER_REPOSITORY}/${name}:${version}
          imagePullPolicy: Always
          resources:
            limits:
              memory: "2000Mi"
              cpu: "2"
            requests
              cpu: "1"
              memory: "2000Mi"
          securityContext:
            privileged: true
          ports:
            - containerPort: 8080
              protocol: TCP
            - containerPort: ${debug_port}
              protocol: TCP
          env:
            - name: CATALINA_OPTS
              value: " -server -Dfile.encoding=UTF-8 -Xms2g -Xmx2g ${debug_param} "
            - name: TZ
              value: Asia/Shanghai
          volumeMounts:
            - name: tomcat-logs
              mountPath: /apache-tomcat-9.0.53/logs
  volumeClaimTemplates:
    - metadata:
        name: tomcat-logs
      spec:
        accessModes: [ "ReadWriteMany" ]
        storageClassName: "nfs-csi-tomcat-log-${name}" # 指定存储器名称
        resources:
          requests:
            storage: 5Gi

版权声明:本文为weixin_42321034原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。