https://www.cnblogs.com/00986014w/p/9406962.html
先搭建好nfs,本次nfs服务器为10.10.101.175
使用rbac认证的
1,创建serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-serviceaccount #名字随意,下面会用到
[root@10 vitess]# kubectl get serviceaccount | grep nfs-serviceaccount
nfs-serviceaccount 1 17s [root@10 vitess]#
2,部署nfs-client.yaml
kind: Deployment apiVersion: apps/v1 metadata: name: default-nfs-client spec: selector: matchLabels: app: default-nfs-client replicas: 1 strategy: type: Recreate template: metadata: labels: app: default-nfs-client spec: serviceAccount: nfs-serviceaccount #与上面创建的serviceaccount名字对应 containers: - name: nfs-client image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes env: - name: PROVISIONER_NAME value: default/nfs #这个名字后面要用,可以随便写,但要和storageclass对应 - name: NFS_SERVER value: 10.10.101.175 #nfs服务器地址 - name: NFS_PATH value: /nfs #nfs目录 volumes: - name: nfs-client-root nfs: server: 10.10.101.175 #nfs服务器地址 path: /nfs #nfs目录
[root@10 vitess]# kubectl get deploy | grep default-nfs-client
default-nfs-client 1/1 1 1 19m [root@10 vitess]#
3、创建集群角色clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-clusterrole
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
[root@10 vitess]# kubectl get ClusterRole | grep nfs-clusterrole
nfs-clusterrole 16s
[root@10 vitess]#
4、创建集群绑定规则clusterrolebinding.yaml
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-clusterrolebinding subjects: - kind: ServiceAccount name: nfs-serviceaccount #第一步创建的serviceaccount
namespace: default roleRef: kind: ClusterRole name: nfs-clusterrole #第三步创建的clusterrole apiGroup: rbac.authorization.k8s.io
[root@10 vitess]# kubectl get ClusterRoleBinding | grep nfs-clusterrolebinding nfs-clusterrolebinding 65s [root@10 vitess]#
5,创建storageclass
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: nfs-storageclass provisioner: default/nfs #与nfs-client.yaml里env下PROVISIONER_NAME名字对应
[root@10 pvc]# kubectl get storageclass | grep default/nfs nfs-storageclass default/nfs Delete Immediate false 38s [root@10 pvc]#
这样没有基于rbac的storageclass 动态存储就创建好了
注意:
集群所有节点必须安装了nfs客户端,否则挂载pod且pod使用pv时会报下面错误
yum install -y nfs-utils #安装客户端
6、接下来要创建测试的pvc,以检测StorageClass能否正常工作,
创建pvc,storageClassName应确保与上面创建的StorageClass名称一致。
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: vitess-pvc spec: accessModes: - ReadWriteOnce resources: #定义资源要求PV满足这个PVC的要求才会被匹配到 requests: storage: 10Mi
storageClassName: vitess-storageclass #与第五步创建的storageclass名字对应
可以看到已经绑定了
[root@10 pvc]# kubectl get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE vitess-pvc Bound pvc-fc9e6191-9126-4500-838b-b214b1dfed76 10Mi RWO vitess-storageclass 107m
7、创建pod使用这个PVC
kind: Pod apiVersion: v1 metadata: name: test-pod spec: containers: - name: test-pod image: busybox command: - "/bin/sh" args: - "-c" - "touch /mnt/SUCCESS && exit 0 || exit 1" volumeMounts: - name: nfs-pvc mountPath: "/mnt" restartPolicy: "Never" volumes: - name: nfs-pvc persistentVolumeClaim: claimName: vitess-pvc #与上面pvc名字对应
查看Pod状态是否变为Completed。如果是,则应该能在NFS系统的共享路径中看到一个SUCCESS文件。
登录nfs服务器,切换到/nfs/hadoop目录,可以看到有default-hadoop-pvc-pvc-e33bc091-088a-433e-8516-834c5422e0b2目录,他下面有个SUCCESS文件,说明已经成功了
这个文件夹的命名方式和我们上面的规则:${namespace}-${pvcName}-${pvName}是一样的
[root@10 nfs]# ll 总用量 12 drwxrwxrwx 2 root root 6 4月 9 16:23 archived-default-hadoop-ha-pvc-hadoop-0-pvc-dd0db528-1f41-4cd9-83d8-43016bbae5ed drwxr-xr-x 3 root root 16 4月 9 16:57 backup drwxrwxrwx 2 root root 21 4月 9 16:33 default-vitess-pvc-pvc-e33bc091-088a-433e-8516-834c5422e0b2 drwxr-xr-x. 8 root root 8192 4月 9 16:59 dev drwxrwxrwx 3 root root 73 4月 9 17:10 hadoop [root@10 nfs]# ll default-hadoop-pvc-pvc-e33bc091-088a-433e-8516-834c5422e0b2/ 总用量 0 -rw-r--r-- 1 root root 0 4月 9 16:57 SUCCESS
这样,StorageClass动态创建PV的功能就成功实现了。
9、statefulset 实例
apiVersion: v1 kind: Service metadata: name: hadoop labels: app: hadoop spec: ports: - name: ssh port: 22 - name: zk-client port: 2181 - name: zk-listen port: 2881 - name: zk-leader port: 3881 - name: nn-journalnode1 port: 8280 - name: nn-journalnode2 port: 8485 - name: webhdfs port: 9870 clusterIP: None selector: app: hadoop--- apiVersion: apps/v1 kind: StatefulSet metadata: name: hadoop spec: serviceName: "hadoop" replicas: 3 selector: matchLabels: app: hadoop template: metadata: labels: app: hadoop spec: containers: - name: hadoop image: 10.10.101.175/onlineshop/hadoop-ha:v2 ports: - name: ssh containerPort: 22 - name: zk-client containerPort: 21181 - name: zk-listen containerPort: 2881 - name: zk-leader containerPort: 3881 - name: nn-journalnode1 containerPort: 8280 - name: nn-journalnode2 containerPort: 8485 - name: webhdfs containerPort: 9870 command: - "/bin/bash" - "/opt/start.sh" - "-d" volumeMounts: - name: hadoop-volume #与volumeClaimTemplate定义的名字一致 mountPath: /tmp volumeClaimTemplates: - metadata: name: hadoop-volume #名字随便 spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Mi storageClassName: vitess-storageclass #第五步创建的storageclass
StatefulSet为每个Pod副本创建了一个DNS域名,这个域名的格式为:$(podname).(headless server name).namespace.svc.cluster.local
,也就意味着服务间是通过Pod域名来通信而非Pod IP,因为当Pod所在Node发生故障时,Pod会被飘移到其它Node上,Pod IP会发生变化,但是Pod域名不会有变化。
本例域名为hadoop-0.hadoop.default.svc.cluster.local,可以简写为hadoop-0.hadoop
sh-4.2$ telnet hadoop-0.hadoop 22 Trying 10.168.114.193... Connected to hadoop-0.hadoop. Escape character is '^]'. SSH-2.0-OpenSSH_7.4
其他sc
hostpath
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: annotations: storageLimit: "50" storageUsed: "0" type: HostPath name: host-path-mysql provisioner: kubernetes.io/no-provisioner reclaimPolicy: Delete volumeBindingMode: Immediate
lvm
allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: annotations: storageLimit: "100" type: CSI-LVM name: middleware-lvm parameters: fsType: ext4 lvmType: striping vgName: vg_middleware volumeType: LVM provisioner: localplugin.csi.alibabacloud.com reclaimPolicy: Delete volumeBindingMode: WaitForFirstConsumer
这个需要在节点上创建名为vg_middleware的vg
步骤
mkfs.ext4 /dev/vdb pvcreate /dev/vdb vgcreate vg_middleware /dev/vdb
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。