Shulou(Shulou.com)06/03 Report--

Build NFS underlying storage-- > create PV-- > create PVC-- > create pod

Finally, the container in pod is used to persist the data!

From the above process, there seems to be no problem, but after careful study, we will find that when PVC applies for storage space from PV, it decides which PV to apply for space according to the name, access mode and capacity of the specified PV.

For example, if the capacity of PV is 20g, the defined access mode is WRO (only allow mounting to a single node by read and write), and the storage space requested by PVC is 10G, then once the PVC is applied to the above PV, that is to say, 10G of space in PV is wasted because it only allows a single node to be mounted. This is a very serious problem. Even if we don't think about it, it's troublesome for us to create PV manually every time, so we need to use an automated solution to create PV for us. The solution to this automation is-- Storage Class!

Overview of Storage class (Storage Class)

Storage class (storage class) is one of the Kubernetes resource types. It is a logical group created by administrators to manage PV more conveniently. It can be classified according to storage system performance, comprehensive quality of service, backup strategy and so on. But Kubernetes itself does not know what the category is, this is a simple description!

One of the advantages of storage classes is that they support the dynamic creation of PV. When users use persistent storage, they do not have to create PV in advance, but directly create PVC, which is very convenient. At the same time, it avoids the waste of space!

Three important concepts of Storage class (storage class):

1) Provisioner (supplier, provider): a storage system that provides storage resources. Multiple suppliers within Kubernetes, whose names are prefixed with "kubernetes.io". And can also be customized.

2) Parameters (parameter): the storage class uses parameters to describe the storage volume to be associated with. Note that different supplier parameters are different.

3) Recycling policy of ReclaimPlicy:pv. Available values are Delete (default) and Retain

Let's learn more about the specific use of Storage Class through a nginx case of data persistence based on the automatic creation of PV!

1) build NFS shared storage

For convenience, deploy NFS storage directly on the master node!

[root@master ~] # yum-y install nfs-utils rpcbind [root@master ~] # vim / etc/exports/nfsdata * (rw,sync,no_root_squash) [root@master ~] # systemctl start nfs-server [root@master ~] # systemctl start rpcbind [root@master ~] # showmount-eExport list for master:/nfsdata * 2) create a rbac license

This way of automatically creating PV involves the rbac authorization mechanism, which will not be described in detail here and will be updated later.

[root@master ~] # vim rbac-rolebind.yamlkind: Namespace # create a namespace Create a service account named xiaojiang-testapiVersion: v1metadata: name: xiaojiang-test---apiVersion: v1 # for authentication: kind: ServiceAccountmetadata: name: nfs-provisioner namespace: xiaojiang-test---apiVersion: rbac.authorization.k8s.io/v1 # create a cluster rule kind: ClusterRolemetadata: name: nfs-provisioner-runner namespace: xiaojiang-testrules:-apiGroups: ["] Resources: ["persistentvolumes"] verbs: ["get" "list", "watch", "create", "delete"]-apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"]-apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list" "watch"]-apiGroups: [""] resources: ["events"] verbs: ["watch", "create", "update", "patch"]-apiGroups: [""] resources: ["services", "endpoints"] verbs: ["get", "create", "list", "watch" "update"]-apiGroups: ["extensions"] resources: ["podsecuritypolicies"] resourceNames: ["nfs-provisioner"] verbs: ["use"]-kind: ClusterRoleBinding # bind service authenticated users to cluster rules apiVersion: rbac.authorization.k8s.io/v1metadata: name: run-nfs-provisionersubjects:-kind: ServiceAccount name: nfs-provisioner namespace: xiaojiang-testroleRef : kind: ClusterRole name: nfs-provisioner-runner apiGroup: rbac.authorization.k8s.io [root@master ~] # kubectl apply-f rbac-rolebind.yaml # execute yaml file 3) create nfs-deployment. Resources

What nfs-deployment does: it is actually a NFS client. But it mounts the remote NFS server to the local directory (within the container) through the built-in NFS driver of K8S, and then associates itself with storage class as a storage provider.

[root@master ~] # vim nfs-deployment.yaml apiVersion: extensions/v1beta1kind: Deploymentmetadata: name: nfs-client-provisioner namespace: xiaojiang-testspec: replicas: 1 # specify the number of copies as 1 strategy: type: Recreate # specify the policy type to reset template: metadata: labels: app: nfs-client-provisioner spec: ServiceAccount: nfs-provisioner # specifies the image volumeMounts:-name: nfs-client-root mountPath: / persistentvolumes # specified by the authenticated user account containers:-name: nfs-client-provisioner image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner # created in the rbac yanl file The variable in the mounted directory env:-name: PROVISIONER_NAME # container is used to specify the name of the storage provided: value: lzj-test-name: NFS_SERVER # the variable in the container is used to specify the IP address of the nfs service value: 192.168.1.1 -name: NFS_PATH # variables in the container specify the directory corresponding to the nfs server value: / nfsdata volumes: # specify the path to the nfs mounted to the container and IP-name: nfs-client-root nfs: server : 192.168.1.1 path: / nfsdata [root@master ~] # kubectl apply-f nfs-deployment.yaml # execute yaml file [root@master ~] # kubectl get pod-n xiaojiang-test NAME READY STATUS RESTARTS AGEnfs-client-provisioner-7cf975c58b-sc2qc 1 Running 0 6s4) create SC (Storage Class) [root@master ~] # vim test-storageclass.yamlapiVersion: storage.k8s.io/v1kind: StorageClassmetadata: name: stateful-nfs namespace: xiaojiang-testprovisioner: lzj-test # this corresponds to the value of PROVISIONER_NAME in the env loop variable of nfs-client-provisioner. ReclaimPolicy: Retain # specify the recycling policy for Retain (manual release) [root@master ~] # kubectl apply-f test-storageclass.yaml5) create a PVC [root@master ~] # vim test-pvc.yamlapiVersion: v1kind: PersistentVolumeClaimmetadata: name: test-claim namespace: xiaojiang-testspec: storageClassName: stateful-nfs # define the name of the storage class The accessModes:-ReadWriteMany # access mode corresponding to the name of SC is RWM resources: requests: storage: 100Mi [root@master ~] # kubectl apply-f test-pvc.yaml [root@master ~] # kubectl get pvc- n xiaojiang-testNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEtest-claim Bound pvc-267b880d-5e0a -4e8e-aaff-3af46f21c6eb 100Mi RWX stateful-nfs 14s# ensures that the status of pvc is Bound Indicates that the association is successful [root@master ~] # ls / nfsdata/ # you can see that a corresponding directory xiaojiang-test-test-claim-pvc-267b880d-5e0a-4e8e-aaff-3af46f21c6eb is generated under the directory used for nfs storage

At this location, we have implemented the automatic creation of PV according to PVC's application storage space (a directory has been generated under the local nfs shared directory, the name is quite long, which is the directory name defined by the pv+pvc name). It doesn't matter which pod this PVC application space is for use!

6) create Pod [root@master ~] # vim nginx-pod.yamlapiVersion: v1kind: Podmetadata: name: myweb namespace: xiaojiang-testspec: containers:-name: myweb image: nginx:latest volumeMounts:-name: myweb-persistent-storage mountPath: / usr/share/nginx/html/ volumes:-name: myweb-persistent-storage persistentVolumeClaim: claimName: test-claim # specified PVC name based on nginx image Call [root@master] # kubectl apply-f nginx-pod.yaml [root@master ~] # kubectl get pod-n xiaojiang-test NAME READY STATUS RESTARTS AGEmyweb 1 38snfs-client-provisioner-7cf975c58b-sc2qc 1 Running 0 38snfs-client-provisioner-7cf975c58b-sc2qc 1 Running 0 60m7) test Verify that [root@master ~] # kubectl exec-it myweb-n xiaojiang-test / bin/bashroot@myweb:/# cd / usr/share/nginx/html/root@myweb:/usr/share/nginx/html# echo "hello world" > index.html# enters the container to insert data for testing [root@master ~] # cat / nfsdata/xiaojiang-test-test-claim-pvc-267b880d-5e0a-4e8e-aaff-3af46f21c6eb/index.html hello world# local directory test is no problem [root@master ~] # kubectl exec-it nfs-client-provisioner-7cf975c58b-sc2qc-n xiaojiang-test / bin/sh/ # ls nfs-client-provisioner nfs-client-provisioner # Executable program / # cat / persistentvolumes/xiaojiang-test-test-claim-pvc-267b880d-5e0a-4e8e-aaff-3af46f21c6eb/index.html hello world#nfs-client container that automatically creates pv also exists directory data

From the above tests, we can see that the web page directory in the nginx container, the local nfs shared directory, and the directory in the nfs-client container are all associated.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.