본문 바로가기
Kubernetes/Storage

NFS-Client Provisioner

by 여행을 떠나자! 2021. 9. 15.

2020.11.09

 

22.01.11: NFS 프로비저너를 구성시최신 버전(NFS subdir external provisioner)으로 구성할 것을 권고한다.

 

1. 개요

    - nfs-client is an automatic provisioner that use your existing and already configured NFS server

      to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims.

      Persistent volumes are provisioned as ${namespace}-${pvcName}-${pvName}.

    - 제약사항

      nfs-client는 PVC 생성시 설정한 size 값이 적용되지 않음

   - References

      https://blog.exxactcorp.com/deploying-dynamic-nfs-provisioning-in-kubernetes/

      https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner

 

 

2. Configure Dynamic NFS Provisioner

- Environment

  Kubernetes 1.16.15

  quay.io/external_storage/nfs-client-provisioner v3.1.0-k8s1.11

 

a. Deploying Service Account and Role Bindings

$ vi nfs-rbac.yaml
kind: ServiceAccount
apiVersion: v1
metadata:
  name: nfs-provisioner-sa
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 # auth API
metadata:
  name: nfs-provisioner-clusterRole
rules:
  - apiGroups: [""]                      # rules on persistentvolumes
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-rolebinding
subjects:
  - kind: ServiceAccount
    name: nfs-provisioner-sa
    namespace: kube-system
roleRef:                               # binding cluster role to service account
  kind: ClusterRole
  name: nfs-provisioner-clusterRole    # name defined in clusterRole
  apiGroup: rbac.authorization.k8s.io
---  
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-otherRoles
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch”]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-otherRoles
  namespace: kube-system
subjects:
  - kind: ServiceAccount
    name: nfs-provisioner-sa           # same as top of the file
                                       # replace with namespace where provisioner is deployed
    namespace: kube-system
roleRef:
  kind: Role
  name: nfs-provisioner-otherRoles
  apiGroup: rbac.authorization.k8s.io
$ kubectl apply -f nfs-rbac.yaml
...
$

 

b. Deploying Storage Class

- Storage class를 생성하고 default로 지정한다.

$ vi nfs-storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-sc-iap             # IMPORTANT pvc needs to mention this name
provisioner: nfs-provisioner   # name can be anything
parameters:
  archiveOnDelete: "false"
$ kubectl apply -f nfs-storageclass.yaml
...
$ k get storageclasses.storage.k8s.io nfs-sc-iap
NAME                   PROVISIONER        AGE
nfs-sc-iap             nfs-provisioner    3d5h
$
$ kubectl patch storageclass nfs-sc-iap -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
...
$ k get storageclasses.storage.k8s.io nfs-sc-iap
NAME                   PROVISIONER       AGE
nfs-sc-iap (default)   nfs-provisioner   3d5h
$

 

c. Deploying NFS Provisioner

$ df -h | egrep 'File|nfs'
Filesystem               Size  Used Avail Use% Mounted on
14.52.244.215:/nfs_01     21T   17G   21T   1% /nfs_01
14.52.244.215:/nfs_02     12T  1.4T   11T  11% /nfs_02
14.52.244.215:/nfs_03    3.0T  812M  3.0T   1% /nfs_03
$
$ vi nfs-provisioner.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
  name: nfs-provisioner
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: nfs-provisioner
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nfs-provisioner
    spec:
      serviceAccountName: nfs-provisioner-sa # name of service account
      containers:
        - name: nfs-provisioner
          image: quay.io/external_storage/nfs-client-provisioner:latest
          volumeMounts:
            - name: nfs-provisioner-volume
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME         # do not change
              value: nfs-provisioner         # SAME AS PROVISIONER NAME VALUE IN STORAGECLASS
            - name: NFS_SERVER               # do not change
              value: 14.52.244.215           # Ip of the NFS SERVER
            - name: NFS_PATH                 # do not change
              value: /nfs_01                 # path to nfs directory setup
      volumes:
       - name: nfs-provisioner-volume        # same as volumemouts name
         nfs:
           server: 14.52.244.215
           path: /nfs_01
$ kubectl apply -f nfs-provisioner.yaml
...
$

 

 

3.  Creating Persistent Volume and Persistent Volume Claims

    - Persistent Volume Claims are objects that request storage resources from your cluster. They’re similar to a voucher that your deployment can redeem for storage access.

    - Persistent Volume is resource that can be used by a pod to store data that will persist beyond the lifetime of the pod. It is a storage volume that in this case is a nfs volume.

$ cat nfs-test-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-test-pvc
spec:
  storageClassName: nfs-sc-iap
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 500Mi
$ k apply -f nfs-test-pvc.yaml
persistentvolumeclaim/nfs-test-pvc created
$
$ k get pvc | egrep 'NAME|nfs'
NAME          STATUS  VOLUME                                    CAPACITY  ACCESS MODES  STORAGECLASS  AGE
nfs-test-pvc  Bound   pvc-c94789b6-aabd-4e73-8f24-df33b784c407  500Mi     RWX           nfs-sc-iap    31s
$ k get pv | egrep 'NAME|nfs-test-pvc'
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                   STORAGECLASS    REASON   AGE
pvc-b0bdaeac-3e8e-434e-a683-daf6a7879085   500Mi      RWX            Delete           Bound    default/nfs-test-pvc    nfs-sc-iap               39s
$ ls -l /nfs_01
drwxrwxrwx. 2 root root 4096 10월 14 15:24 @Recently-Snapshot
drwxrwxrwx. 2 root root 4096 10월 14 15:24 @Recycle
drwxrwxrwx. 2 root root 4096 11월  9 13:57 default-nfs-test-pvc-pvc-c94789b6-aabd-4e73-8f24-df33b784c407
$

 

 

4. Trouble shooting

    - TS #1

      Problem: Docker image 설치 시 접근에러 발생

    $ kubectl describe pod nfs-provisioner-665cbd454b-br28k -n kube-system

      Cause:     

    # docker load -i /nfs_03/docker-images/quay.io_external_storage-nfs-client-provisioner_latest

    Loaded image: quay.io/external_storage/nfs-client-provisioner:latest

    # docker images | grep nfs

    quay.io/external_storage/nfs-client-provisioner     latest    16d2f904b0d8    2 years ago    45.5MB

    # docker pull quay.io/external_storage/nfs-client-provisioner:latest

    latest: Pulling from external_storage/nfs-client-provisioner

    a073c86ecf9e: Downloading

    d9d714ee28a7: Downloading

    36dfde95678a: Downloading

    dial tcp 99.84.238.50:443: i/o timeout

    # host 99.84.238.50

    50.238.84.99.in-addr.arpa domain name pointer server-99-84-238-50.sfo5.r.cloudfront.net.

    #

     Solution:

        방화벽 설정 : Outbound로 Any IP 요청 (docker image 설치 시마다 접속 IP(ex. 50.238.84.99)가 변경 되기 때문에)

                            Amazon CloudFront 인터넷 상의 빠른 컨텐츠 전달을 위한 CDN

'Kubernetes > Storage' 카테고리의 다른 글

Rook Ceph - OSD autoout  (0) 2021.09.16
Rook Ceph - failed to get status  (0) 2021.09.16
Rook Ceph 구성  (0) 2021.09.15
Rook-ceph - OSD/K8s Node 제거  (0) 2021.09.15
Rook ceph vs NFS  (3) 2021.09.15

댓글