Kubernetes学习目录
1、准备工作
1.1、官方文档
支持的存储制备器 :https://kubernetes.io/zh-cn/docs/concepts/storage/storage-classes/#provisioner
NFS provisioner: https://kubernetes.io/zh-cn/docs/concepts/storage/storage-classes/#nfs
1.2、nfs-subdir-external-provisioner项目地址
https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
1.3、下载项目至本地
wget https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner.git
2、部署nfs-subdir-external-provisioner
2.1、创建RBAC资源
2.1.1、定义资源配置清单
cat > rbac.yaml <<'EOF'
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
EOF
2.1.2、应用资源配置清单
deploy]# kubectl apply -f rbac.yaml
serviceaccount/nfs-client-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner created
role.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
rolebinding.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
2.2、准备离线镜像
docker pull registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
docker tag registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 192.168.10.33:80/k8s/sig-storage/nfs-subdir-external-provisioner:v4.0.2
docker push 192.168.10.33:80/k8s/sig-storage/nfs-subdir-external-provisioner:v4.0.2
2.3、创建deployment资源
2.3.1、定义资源配置清单
cat > deployment.yaml <<'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
labels:
app: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: 192.168.10.33:80/k8s/sig-storage/nfs-subdir-external-provisioner:v4.0.2
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: k8s-sigs.io/nfs-subdir-external-provisioner
- name: NFS_SERVER
value: 192.168.10.33
- name: NFS_PATH
value: /nfs-data/promtheus_data
volumes:
- name: nfs-client-root
nfs:
server: 192.168.10.33
path: /nfs-data/promtheus_data
EOF
# 属性解析:NFS_SERVER、NFS_PATH 配置nfs信息 ,PROVISIONER_NAME
2.3.2、应用资源配置清单
deploy]# kubectl apply -f deployment.yaml
deployment.apps/nfs-client-provisioner created
2.3.3、查询deployment运行状态
deploy]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-f9465f6c4-w8gf5 1/1 Running 0 4m9s
2.3.4、查询运行日志
deploy]# kubectl logs nfs-client-provisioner-f9465f6c4-w8gf5
I0414 14:47:49.501029 1 leaderelection.go:242] attempting to acquire leader lease default/k8s-sigs.io-nfs-subdir-external-provisioner...
I0414 14:47:49.507138 1 leaderelection.go:252] successfully acquired lease default/k8s-sigs.io-nfs-subdir-external-provisioner
I0414 14:47:49.507374 1 controller.go:820] Starting provisioner controller k8s-sigs.io/nfs-subdir-external-provisioner_nfs-client-provisioner-f9465f6c4-w8gf5_9c86b64e-b49c-4873-b344-c8d6d3a83240!
I0414 14:47:49.508515 1 event.go:278] Event(v1.ObjectReference{Kind:"Endpoints", Namespace:"default", Name:"k8s-sigs.io-nfs-subdir-external-provisioner", UID:"21e32682-a95a-4e7b-96e7-c285bd35e110",
APIVersion:"v1", ResourceVersion:"40247", FieldPath:""}): type: 'Normal' reason: 'LeaderElection' nfs-client-provisioner-f9465f6c4-w8gf5_9c86b64e-b49c-4873-b344-c8d6d3a83240 became leader
I0414 14:47:49.608224 1 controller.go:869] Started provisioner controller k8s-sigs.io/nfs-subdir-external-provisioner_nfs-client-provisioner-f9465f6c4-w8gf5_9c86b64e-b49c-4873-b344-c8d6d3a83240!
2.4、NFS配置
2.4.1、exports
]# cat /etc/exports
/nfs-data/promtheus_data *(rw,all_squash,anonuid=1000,anongid=1000)
/nfs-data/alertmanager_data *(rw,all_squash,anonuid=1000,anongid=1000)
2.4.2、创建用户
groupadd -g 1000 nfs
useradd -u 1000 -g 1000 nfs
]# id nfs
uid=1000(nfs) gid=1000(nfs) groups=1000(nfs)
2.4.3、目录修改所属组
# 注意:需要修改所属用户和组
chown -R nfs.nfs alertmanager_data promtheus_data
]# ll /nfs-data/
drwxr-xr-x 2 nfs nfs 4096 Apr 14 00:30 alertmanager_data
drwxr-xr-x 3 nfs nfs 4096 Apr 14 23:14 promtheus_data
2.4.4、重启nfs服务
2.4、创建StorageClass资源
2.4.1、定义资源配置清单
cat > class.yaml <<EOF
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-sc
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
parameters:
archiveOnDelete: "true"
EOF
# provisioner名字要和PROVISIONER_NAME 环境变量保持一致。
2.4.2、应用资源配置清单
deploy]# kubectl apply -f class.yaml
storageclass.storage.k8s.io/nfs-sc created
2.4.3、查询sc资源
deploy]# kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
nfs-sc k8s-sigs.io/nfs-subdir-external-provisioner Delete Immediate false 11s
3、创建PVC资源-测试-实践
3.1、目标
1、主要确认pv是否自动创建和删除
2、删除pvc的时候,数据是否会被清空
3.2、创建pvc资源
3.2.1、定义资源配置清单
cat > test-claim.yaml <<EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim
spec:
storageClassName: nfs-sc
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
EOF
3.2.2、应用资源配置清单
deploy]# kubectl apply -f test-claim.yaml
persistentvolumeclaim/test-claim created
3.3、分析运行情况
3.3.1、查询nfs-client-provisioner日志
~]# kubectl logs nfs-client-provisioner-f9465f6c4-w8gf5
I0414 15:28:31.580103 1 controller.go:1317] provision "default/test-claim" class "nfs-sc": started
I0414 15:28:31.582795 1 event.go:278] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"test-claim", UID:"cac9523c-e952-46c6-9c9d-2fbbd45a0177",
APIVersion:"v1", ResourceVersion:"45275", FieldPath:""}): type: 'Normal' reason: 'Provisioning' External provisioner is provisioning volume for claim "default/test-claim"
I0414 15:28:31.587202 1 controller.go:1420] provision "default/test-claim" class "nfs-sc": volume "pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177" provisioned
I0414 15:28:31.587257 1 controller.go:1437] provision "default/test-claim" class "nfs-sc": succeeded
I0414 15:28:31.587262 1 volume_store.go:212] Trying to save persistentvolume "pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177"
I0414 15:28:31.590381 1 volume_store.go:219] persistentvolume "pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177" saved
I0414 15:28:31.590614 1 event.go:278] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"test-claim", UID:"cac9523c-e952-46c6-9c9d-2fbbd45a0177",
APIVersion:"v1", ResourceVersion:"45275", FieldPath:""}): type: 'Normal' reason: 'ProvisioningSucceeded' Successfully provisioned volume pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177
# 说明:已经自动创建成功PV
3.3.2、查询pv资源
~]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177 1Mi RWX Delete Bound default/test-claim nfs-sc 2m38s
3.3.3、查询nfs的目录
nfs-data]# tree
.
├── alertmanager_data
├── lost+found
└── promtheus_data
└── default-test-claim-pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177
# 自动创建一个标记文件
3.4、删除pvc进行分析
3.4.1、删除pvc
deploy]# kubectl delete -f test-claim.yaml
persistentvolumeclaim "test-claim" deleted
3.4.2、查询nfs-client-provisioner日志
I0414 15:35:59.999635 1 controller.go:1450] delete "pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177": started
I0414 15:36:00.006549 1 controller.go:1478] delete "pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177": volume deleted
I0414 15:36:00.010271 1 controller.go:1524] delete "pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177": persistentvolume deleted
I0414 15:36:00.010294 1 controller.go:1526] delete "pvc-cac9523c-e952-46c6-9c9d-2fbbd45a0177": succeeded
# 说明已经删除成功
3.4.3、查询nfs目录
nfs-data]# tree
.
├── alertmanager_data
├── lost+found
└── promtheus_data
# 标记已经被删除
4、创建Pod-测试-实践
4.1、目标
1、验证pod的挂载写数据
2、需要再次创建pvc,请看小节:【3.2.1、定义资源配置清单】
4.2、创建Pod
4.2.1、定义资源配置清单
cat > test-claim.yaml <<EOF
kind: Pod
apiVersion: v1
metadata:
name: test-pod
spec:
containers:
- name: test-pod
image: busybox:stable
command:
- "/bin/sh"
args:
- "-c"
- "touch /mnt/SUCCESS && exit 0 || exit 1"
volumeMounts:
- name: nfs-pvc
mountPath: "/mnt"
restartPolicy: "Never"
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: test-claim
EOF
4.2.2、应用资源配置清单
deploy]# kubectl apply -f test-pod.yaml
pod/test-pod created
4.3、分析运行情况
4.3.1、查询pod运行状态
deploy]# kubectl get pod -w
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-f9465f6c4-w8gf5 1/1 Running 0 55m
test-pod 0/1 ContainerCreating 0 12s
test-pod 0/1 Completed 0 27s
test-pod 0/1 Completed 0 29s
# 挂载好目录,写入文件,就结束pod
4.3.2、查询NFS目录数据
nfs-data]# tree
.
├── alertmanager_data
├── lost+found
└── promtheus_data
└── default-test-claim-pvc-55088be5-f8c3-43e8-871f-5c38e482639b
└── SUCCESS # 说明,已经成功挂载写入数据
5、关于StorageClass回收策略对数据的影响
5.1、archiveOnDelete: false & reclaimPolicy: Delete
archiveOnDelete: "false"
reclaimPolicy: Delete #默认没有配置,默认值为Delete
结果
1、pod删除重建后数据依然存在,旧pod名称及数据依然保留给新pod使用
2、sc删除重建后数据依然存在,旧pod名称及数据依然保留给新pod使用
3、删除PVC后,PV被删除且NFS Server对应数据被删除
5.2、archiveOnDelete: true & reclaimPolicy: Delete
archiveOnDelete: "ture"
reclaimPolicy: Delete
1、pod删除重建后数据依然存在,旧pod名称及数据依然保留给新pod使用
2、sc删除重建后数据依然存在,旧pod名称及数据依然保留给新pod使用
3、删除PVC后,PV不会别删除,且状态由Bound变为Released,NFS Server对应数据被保留
4、重建sc后,新建PVC会绑定新的pv,旧数据可以通过拷贝到新的PV中
5.3、archiveOnDelete: false & reclaimPolicy: Retain
archiveOnDelete: "false"
reclaimPolicy: Retain
1、pod删除重建后数据依然存在,旧pod名称及数据依然保留给新pod使用
2、sc删除重建后数据依然存在,旧pod名称及数据依然保留给新pod使用
3、删除PVC后,PV不会别删除,且状态由Bound变为Released,NFS Server对应数据被保留
4、重建sc后,新建PVC会绑定新的pv,旧数据可以通过拷贝到新的PV中
5.4、archiveOnDelete: true & reclaimPolicy: Retain
archiveOnDelete: "ture"
reclaimPolicy: Retain
1、pod删除重建后数据依然存在,旧pod名称及数据依然保留给新pod使用
2、sc删除重建后数据依然存在,旧pod名称及数据依然保留给新pod使用
3、删除PVC后,PV不会别删除,且状态由Bound变为Released,NFS Server对应数据被保留
4、重建sc后,新建PVC会绑定新的pv,旧数据可以通过拷贝到新的PV中
5.5、小结
除以第一种配置外,其他三种配置在PV/PVC被删除后数据依然保留