NFS不支持扩容!!!!!!!!
创建驱动管理器
创建文件csi-nfs-driverinfo.yaml,内容如下
---
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: nfs.csi.k8s.io
spec:
attachRequired: false
volumeLifecycleModes:
- Persistent
podInfoOnMount: true
创建控制器
创建文件csi-nfs-controller.yaml,内容如下
kind: Deployment
apiVersion: apps/v1
metadata:
name: csi-nfs-controller
namespace: kube-system
spec:
replicas: 2
selector:
matchLabels:
app: csi-nfs-controller
template:
metadata:
labels:
app: csi-nfs-controller
spec:
serviceAccountName: csi-nfs-controller-sa
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Equal"
value: "true"
effect: "NoSchedule"
containers:
- name: csi-provisioner
# k8s.gcr.io/sig-storage/csi-provisioner:v2.0.4
image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:v2.0.4
args:
- "-v=5"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- mountPath: /csi
name: socket-dir
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
- name: liveness-probe
# k8s.gcr.io/sig-storage/livenessprobe:v2.1.0
image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:v2.1.0
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
- --health-port=29642
- --v=5
volumeMounts:
- name: socket-dir
mountPath: /csi
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
- name: nfs
# gcr.io/k8s-staging-sig-storage/nfsplugin:amd64-linux-canary
image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:amd64-linux-canary
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
imagePullPolicy: IfNotPresent
args:
- "-v=5"
- "--nodeid=$(NODE_ID)"
- "--endpoint=$(CSI_ENDPOINT)"
env:
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
volumeMounts:
- name: pods-mount-dir
mountPath: /var/lib/kubelet/pods
mountPropagation: "Bidirectional"
- mountPath: /csi
name: socket-dir
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 10m
memory: 20Mi
volumes:
- name: pods-mount-dir
hostPath:
path: /var/lib/kubelet/pods
type: Directory
- name: socket-dir
emptyDir: {}
创建node
创建文件csi-nfs-node.yaml,内容如下
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: csi-nfs-node
namespace: kube-system
spec:
selector:
matchLabels:
app: csi-nfs-node
template:
metadata:
labels:
app: csi-nfs-node
spec:
tolerations: # 使其可以运行在k8s主节点上
- effect: NoSchedule
key: node-role.kubernetes.io/master
serviceAccountName: csi-nfs-controller-sa
hostNetwork: true # original nfs connection would be broken without hostNetwork setting
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: liveness-probe
# k8s.gcr.io/sig-storage/livenessprobe:v2.1.0
image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:v2.1.0
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
- --health-port=29642
- --v=5
volumeMounts:
- name: socket-dir
mountPath: /csi
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
- name: node-driver-registrar
# k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1
image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:v2.0.1
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/csi-nfsplugin /registration/csi-nfsplugin-reg.sock"]
args:
- --v=5
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi-nfsplugin/csi.sock
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
- name: nfs
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
# gcr.io/k8s-staging-sig-storage/nfsplugin:amd64-linux-canary
image: registry.cn-beijing.aliyuncs.com/lcy_docker_01/k8s:amd64-linux-canary
args:
- "-v=5"
- "--nodeid=$(NODE_ID)"
- "--endpoint=$(CSI_ENDPOINT)"
env:
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
imagePullPolicy: "IfNotPresent"
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: pods-mount-dir
mountPath: /var/lib/kubelet/pods
mountPropagation: "Bidirectional"
volumes:
- name: socket-dir
hostPath:
path: /var/lib/kubelet/plugins/csi-nfsplugin
type: DirectoryOrCreate
- name: pods-mount-dir
hostPath:
path: /var/lib/kubelet/pods
type: Directory
- hostPath:
path: /var/lib/kubelet/plugins_registry
type: Directory
name: registration-dir
创建角色文件
创建文件rbac-csi-nfs-controller.yaml,内容如下
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-nfs-controller-sa
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-external-provisioner-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-csi-provisioner-binding
subjects:
- kind: ServiceAccount
name: csi-nfs-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: nfs-external-provisioner-role
apiGroup: rbac.authorization.k8s.io
执行部署脚本
#!/bin/bash
#-----> 初始化只需要执行一次即可
# 初始化 nfs 角色组
kubectl apply -f rbac-csi-nfs-controller.yaml
# 初始化 存储驱动
kubectl apply -f csi-nfs-driverinfo.yaml
# 初始化 节点信息
kubectl apply -f csi-nfs-node.yaml
# 初始化 控制器
kubectl apply -f csi-nfs-controller.yaml
使用demo-----sc
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-csi-mnt-log-${name}
# 和上面的驱动名称保持一致
provisioner: nfs.csi.k8s.io
parameters:
server: ${NFS_SERVER} # todo 修改为自己的nfs的服务器地址
share: ${NFS_SHARE_PATH} # todo 修改为nfs的目录
reclaimPolicy: Retain # only retain is supported,目前这个回收策略只支持Retain
volumeBindingMode: Immediate
# 是否支持动态扩容
allowVolumeExpansion: true
mountOptions:
- nolock
- vers=3
- noresvport
使用demo----pod
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: ${name}
name: ${name}
namespace: ${NAME_SPACE}
spec:
replicas: 1
serviceName: ${name}-service
selector:
matchLabels:
app: ${name}
template:
metadata:
labels:
app: ${name}
spec:
imagePullSecrets:
# 仓库授权码标记
- name: ${SECRETS}
containers:
- name: ${name}
image: ${DOCKER_REPOSITORY}/${name}:${version}
imagePullPolicy: Always
resources:
limits:
memory: "2000Mi"
cpu: "2"
requests
cpu: "1"
memory: "2000Mi"
securityContext:
privileged: true
ports:
- containerPort: 8080
protocol: TCP
- containerPort: ${debug_port}
protocol: TCP
env:
- name: CATALINA_OPTS
value: " -server -Dfile.encoding=UTF-8 -Xms2g -Xmx2g ${debug_param} "
- name: TZ
value: Asia/Shanghai
volumeMounts:
- name: tomcat-logs
mountPath: /apache-tomcat-9.0.53/logs
volumeClaimTemplates:
- metadata:
name: tomcat-logs
spec:
accessModes: [ "ReadWriteMany" ]
storageClassName: "nfs-csi-tomcat-log-${name}" # 指定存储器名称
resources:
requests:
storage: 5Gi
版权声明:本文为weixin_42321034原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。