Linux下NFS安装：
https://www.cndba.cn/hbhe0316/article/5009

1.搭建NFS
2.创建StorageClass。
3.创建PVC绑定
搭建StorageClass+NFS,大致有以下几个步骤:

搭建一个可用的NFS Server
创建Service Account.这是用来管控NFS provisioner在k8s集群中运行的权限。
创建StorageClass.负责建立PV并调用NFS provisioner进行预定的工作,并让PV与PVC建立管理。
创建NFS provisioner.有两个功能,一个是在NFS共享目录下创建挂载点(volume),另一个则是建了PV并将PV与NFS的挂载点建立关联

1、配置授权
现在的 Kubernetes 集群大部分是基于 RBAC 的权限控制，所以创建一个一定权限的 ServiceAccount 与后面要创建的 “NFS Provisioner” 绑定，赋予一定的权限。

[root@master 0613]# cat nfs-rbac.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  namespace: dev
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    namespace: dev
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  namespace: dev
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  namespace: dev
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    namespace: dev
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io

2.修改 deployment.yaml 文件,这里修改的参数包括 NFS 服务器所在的 IP 地址（192.168.56.200），以及 NFS 服务器共享的路径（/nfsdata），两处都需要修改为你实际的 NFS 服务器和共享目录。另外修改 nfs-client-provisioner 镜像从七牛云拉取。

设置 NFS Provisioner 部署文件，这里将其部署到 “kube-system” Namespace 中

[root@master 0613]# cat nfs-provisioner-deploy.yaml 
kind: Deployment
apiVersion: apps/v1
metadata:
  name: nfs-client-provisioner
  namespace: dev
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nfs-client-provisioner
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: registry.cn-beijing.aliyuncs.com/mydlq/nfs-subdir-external-provisioner:v4.0.0
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: storage-nfs
            - name: NFS_SERVER
              value: 192.168.56.200
            - name: NFS_PATH
              value: /nfsdata
            - name: ENABLE_LEADER_ELECTION
              value: "true"
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.56.200
            path: /nfsdata

3.创建 StorageClass
storage class 的定义，需要注意的是：provisioner 属性要等于驱动所传入的环境变量PROVISIONER_NAME的值。否则，驱动不知道知道如何绑定 storage class。 此处可以不修改，或者修改 provisioner 的名字，需要与上面的 deployment 的PROVISIONER_NAME名字一致。http://www.cndba.cn/hbhe0316/article/131394

[root@master 0613]# cat nfs-storageclass.yaml 
cat: cat: No such file or directory
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  namespace: dev
  name: nfs-storage
  annotations:
    storageclass.kubernetes.io/is-default-class: "false"  
provisioner: storage-nfs
parameters:
  archiveOnDelete: "true" 
mountOptions: 
  - hard
  - nfsvers=4

4.创建PVChttp://www.cndba.cn/hbhe0316/article/131394

[root@master 0613]# cat storage-pvc.yaml 
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: storage-pvc
  namespace: dev
spec:
  storageClassName: nfs-storage 
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

[root@master 0613]# kubectl apply -f nfs-rbac.yaml 
serviceaccount/nfs-client-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner created
role.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
rolebinding.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
[root@master 0613]# kubectl apply -f nfs-provisioner-deploy.yaml 
deployment.apps/nfs-client-provisioner created
[root@master 0613]# kubectl apply -f nfs-storageclass.yaml 
storageclass.storage.k8s.io/nfs-storage created
[root@master 0613]# kubectl apply -f storage-pvc.yaml 
persistentvolumeclaim/storage-pvc created

```shell
[root@master 0613]# kubectl get sc -A
NAME          PROVISIONER   RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-storage   storage-nfs   Delete          Immediate           false                  2m31s

[root@master 0613]# kubectl get pvc --namespace=dev
NAME          STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
storage-pvc   Bound    pvc-fb376b03-4f35-4ebf-9053-6c67b1deca9d   10Gi       RWO            nfs-storage    2m38s

```

版权声明：本文为博主原创文章，未经博主允许不得转载。

k8s