使用nfs制作动态分配存储卷

参考文献：https://yq.aliyun.com/articles/613036

相对于静态存储, 动态存储的优势:

                ● 管理员无需预先创建大量的PV作为存储资源;

                ● 静态存储需要用户申请PVC时保证容量和读写类型与预置PV的容量及读写类型完全匹配, 而动态存储则无需如此.

首先创建好nfs服务

1、创建ServiceAccount资源

$ vim serviceaccount.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-provisioner         # serviceaccount名称，与下文对应
  namespace: testing            # serviceaccount属于名称空间级别的资源  

2、创建ClusterRole资源

$ vim clusterrole.yaml

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-runner              # clusterrole名称，clusterrole属于集群级别的资源
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services", "endpoints"]
    verbs: ["get"]
  - apiGroups: ["extensions"]
    resources: ["podsecuritypolicies"]
    resourceNames: ["nfs-provisioner"]
    verbs: ["use"]

3、创建ClusterRoleBinding资源，将clusterrole与serviceaccount二者绑定

$ vim clusterrolebinding.yaml

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-provisioner               #clusterrolebinding的名称，后文会使用
subjects:
  - kind: ServiceAccount
    name: nfs-provisioner
    namespace: testing
roleRef:
  kind: ClusterRole
  name: nfs-provisioner-runner
  apiGroup: rbac.authorization.k8s.io

4、创建provisioner

$ vim deployment-provisioner.yaml 

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: nfs-client-provisioner
  namespace: testing
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccount: nfs-provisioner
      containers:
        - name: nfs-client-provisioner
          image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner                            # 此处使用阿里云镜像
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes           #此处写死
          env:
            - name: PROVISIONER_NAME
              value: fuseim.pri/ifs                        # 此处名称自定义，需与下文统一
            - name: NFS_SERVER
              value: 192.168.186.81                     # nfs服务主机
            - name: NFS_PATH
              value: /data/nfs                              # nfs共享路径
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.186.81                    # nfs服务主机
            path: /data/nfs                               # nfs共享路径

5、创建StorageClass资源

$ vim storageclass-nfs.yaml

apiVersion: storage.k8s.io/v1beta1
kind: StorageClass
metadata:
  name: managed-nfs-storage          #存储类的名称，后文使用
provisioner: fuseim.pri/ifs

6、创建pvc资源

$ vim pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: test-claim                      #存储类的名称
  namespace: testing                  #StorageClass属于名称空间级别资源
  annotations:
    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"   # 此处注解与之前创建的存储类关联
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Mi

7、创建pod资源，测试使用情况

$ vim pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: vol-sc-pod
  namespace: testing
spec:
  containers:
  - name: nginx
    image: nginx:1.12-alpine
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html
  - name: alpine
    image: alpine
    volumeMounts:
    - name: html
      mountPath: /html
    command: ["/bin/sh","-c"]
    args:
    - while true; do
        echo $(hostname) $(date) >> /html/index.html;
        sleep 10;
      done
  terminationGracePeriodSeconds: 30
  volumes:
  - name: html
    persistentVolumeClaim:
      claimName: test-claim              # 此处为pvc的名称