什么是storageclass?
1.storageclass(存储类)概念
storageclass是一个存储类,k8s集群管理员通过创建storageclass可以动态生成一个存储卷供k8s用户使用。
2.storageclass资源定义
每个StorageClass都包含字段provisioner,parameters和reclaimPolicy,当需要动态配置属于该类的PersistentVolume时使用这些字段。
StorageClass对象的名称很重要,是用户可以请求特定类的方式。管理员在首次创建StorageClass对象时设置类的名称和其他参数,并且在创建对象后无法更新这些对象。
管理员可以为不请求任何特定类绑定的PVC指定默认的StorageClass
(1)yaml文件示例说明:
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: standard provisioner: kubernetes.io/aws-ebs parameters: type: gp2 reclaimPolicy: Retain mountOptions: - debug volumeBindingMode: Immediate
(2)Provisioner
storageclass需要有一个供应者,用来确定我们使用什么样的存储来创建pv
常见的provisioner供应者如下:
provisioner既可以是内部供应程序,也可以由外部供应商提供,如果是外部供应商可以参考https://github.com/kubernetes-incubator/external-storage/下提供的方法创建storageclass的provisioner,例如,NFS不提供内部配置程序,但可以使用外部配置程序。一些外部供应商列在存储库https://github.com/kubernetes-incubator/external-storage下。
nfs的provisioner:
https://github.com/kubernetes-incubator/external-storage/tree/master/nfs/deploy/kubernetes
Reclaim Policy
由存储类动态创建持久化存储卷(pv)时可以指定reclaimPolicy字段,这个字段中指定的回收策略可以是Delete或Retain。如果在创建StorageClass对象时未指定reclaimPolicy,则默认为Delete。
Mount Options(挂载选项)
如果Volume Plugin不支持这个挂载选项,但是指定了,就会使provisioner创建失败
Volume Binding Mode
这个字段用来说明什么时候进行卷绑定和动态配置;
默认情况下,立即模式表示一旦创建了PersistentVolumeClaim,就会发生卷绑定和动态配置。对于受拓扑约束且无法从群集中的所有节点全局访问的存储后端,将在不知道Pod的调度要求的情况下绑定或配置PersistentVolumes。这可能导致不可调度的Pod。
集群管理员可以通过指定WaitForFirstConsumer模式来解决此问题,该模式将延迟绑定和配置PersistentVolume,直到创建使用PersistentVolumeClaim的Pod。将根据Pod的调度约束指定的拓扑选择或配置PersistentVolumes。这些包括但不限于资源需求,节点选择器,pod亲和力和反亲和力,以及污点和容忍度。
通过nfs实现存储类的动态供给
1.安装nfs服务
选择自己的任意一台机器,我选择k8s的master1节点,对应的机器ip是192.168.0.6,在192.168.0.6上执行如下步骤,大家在自己环境找一台k8s节点的机器安装就可以了~
(1)yum安装nfs
yum install nfs-utils -y
systemctl start nfs
chkconfig nfs on
(2)在master1上创建一个nfs共享目录
mkdir /data/nfs_pro -p
#修改/etc/exports文件,把刚才生成的共享目录添加到这个文件里
cat /etc/exports
/data/nfs_pro 192.168.0.0/24(rw,no_root_squash)
让刚才配置文件生效
exportfs -arv
systemctl restart nfs
(3)k8s的各个node节点也需要安装nfs
yum install nfs-utils -y
systemctl start nfs
chkconfig nfs on
2.创建运行nfs-provisioner的sa账号
cat serviceaccount.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: nfs-provisioner
通过kubectl更新yaml文件
kubectl apply -f serviceaccount.yaml
3.对sa账号做rbac授权
cat service-rbac.yaml
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-provisioner-runner rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] - apiGroups: [""] resources: ["services", "endpoints"] verbs: ["get"] - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] resourceNames: ["nfs-provisioner"] verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: run-nfs-provisioner subjects: - kind: ServiceAccount name: nfs-provisioner namespace: default roleRef: kind: ClusterRole name: nfs-provisioner-runner apiGroup: rbac.authorization.k8s.io --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-provisioner rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-provisioner subjects: - kind: ServiceAccount name: nfs-provisioner namespace: default roleRef: kind: Role name: leader-locking-nfs-provisioner apiGroup: rbac.authorization.k8s.io
通过kubectl更新yaml文件
kubectl apply -f service-rbac.yaml
4.通过deployment创建pod用来运行nfs-provisioner
cat deployment.yaml
kind: Deployment apiVersion: apps/v1 metadata: name: nfs-provisioner spec: selector: matchLabels: app: nfs-provisioner replicas: 1 strategy: type: Recreate template: metadata: labels: app: nfs-provisioner spec: serviceAccount: nfs-provisioner containers: - name: nfs-provisioner image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner:latest volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes env: - name: PROVISIONER_NAME value: example.com/nfs - name: NFS_SERVER value: 192.168.0.6 - name: NFS_PATH value: /data/storage volumes: - name: nfs-client-root nfs: server: 192.168.0.6 path: /data/storage
通过kubectl更新yaml文件
kubectl apply -f deployment.yaml
查看nfs provisioner的pod是否创建成功
kubectl get pods
显示如下,说明创建成功
NAME READY STATUS RESTARTS AGE nfs-provisioner-7d6859cc59-pzr7n 1/1 Running 0 72s
创建storageclass
cat class.yaml
通过kubectl更新yaml文件 kubectl apply -f deployment.yaml 查看nfs provisioner的pod是否创建成功 kubectl get pods 显示如下,说明创建成功 NAME READY STATUS RESTARTS AGE nfs-provisioner-7d6859cc59-pzr7n 1/1 Running 0 72s 创建storageclass cat class.yaml
通过kubectl更新yaml文件
kubectl apply -f class.yaml
查看storageclass是否创建成功
kubectl get storageclass
显示如下,说明创建成功
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE nfs-storage example.com/nfs Delete Immediate false 11h
创建pvc-测试storageclass动态生成pvc
cat claim.yaml
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: test-claim1 spec: accessModes: - ReadWriteMany resources: requests: storage: 1Mi storageClassName: nfs-storage
通过kubectl更新yaml文件
kubectl apply -f claim.yaml
查看pvc是否创建成功
kubectl get pvc |grep test
显示如下,说明pvc创建成功,并且自动绑定到了storageclass创建的pv上了
test-claim1 Bound pvc-5092a033-8f01-409c-aa7d-3e90b7bf964b 1Mi RWX nfs-storage 29s
测试pod挂载pvc
cat read-pod.yaml
kind: Pod apiVersion: v1 metadata: name: read-pod spec: containers: - name: read-pod image: nginx volumeMounts: - name: nfs-pvc mountPath: /usr/share/nginx/html restartPolicy: "Never" volumes: - name: nfs-pvc persistentVolumeClaim: claimName: test-claim1
更新yaml文件
kubectl apply -f read-pod.yaml
创建statefulset,通过volumeClaimTemplate动态生成pv、pvc
cat statefulset-storage.yaml
apiVersion: v1 kind: Service metadata: name: storage labels: app: storage spec: selector: matchLabels: app: storage ports: - port: 80 name: web clusterIP: None selector: app: storage --- apiVersion: apps/v1 kind: StatefulSet metadata: name: storage spec: selector: matchLabels: app: storage serviceName: "storage" replicas: 2 template: metadata: labels: app: storage spec: containers: - name: nginx image: nginx ports: - containerPort: 80 name: web volumeMounts: - name: www mountPath: /usr/share/nginx/html volumeClaimTemplates: - metadata: name: www annotations: volume.beta.kubernetes.io/storage-class: "nfs-storage" spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 2Gi
更新yaml文件
kubectl apply -f statefulset-storage.yaml
查看pod是否创建成功
kubectl get pods | grep storage
显示如下,说明创建成功
storage-0 1/1 Running 0 2m49s storage-1 1/1 Running 0
查看生成的pv
kubectl get pv | grep www-storage
显示如下,说明已经给pod动态生成对应的pv了
pvc-02974ea1-a954-4c21-af24-f02eea389eb3 2Gi RWO Delete Bound default/www-storage-1 nfs-storage 3m56s pvc-de5f92fa-26ec-4850-a2a5-b13fe2ef1e1e 2Gi RWO Delete Bound default/www-storage-0 nfs-storage 3m56s
查看生成的pvc
kubectl get pvc | grep www-storage
显示如下,可看到已经为pod生成对应的pvc,并且绑定到了pv
www-storage-0 Bound pvc-de5f92fa-26ec-4850-a2a5-b13fe2ef1e1e 2Gi RWO nfs-storage 6m52s www-storage-1 Bound pvc-02974ea1-a954-4c21-af24-f02eea389eb3 2Gi RWO nfs-storage 6m2s
