---

應用	服務器IP
nfs-server	192.168.1.5
k8s-master01	192.168.1.1
k8s-node01	192.168.1.2
k8s-node02	192.168.1.3

一、部署NFS

1、在NFS服務端和k8s所有節點部署nfs-utils
因為客戶端去掛載nfs服務端的共享目錄時，需要支持nfs客戶端協議，所以客戶端也需要安裝這個utils包

[root@localhost ~]# yum -y install nfs-utils

2、在nfs服務端編輯nfs配置文件

[root@localhost ~]# vim /etc/exports
/data/NFS/kubernetes *(rw,no_root_squash)
#"/data/NFS/kubernetes"  //-代表nfs要共享的目錄，需要創建；
#"*"  //-代表誰可以訪問,這里可以指定某個ip或者某個網段，我這里是都可以訪問；
#"rw"  //-可以對這個共享目錄具備讀寫權限；
#"no_root_squash"  //-以root的模式去工作的；

3、nfs服務端本地創建要共享目錄“/data/NFS/kubernetes”

[root@localhost ~]# mkdir -pv /data/NFS/kubernetes

4、啟動nfs服務端并設置開機啟動

[root@localhost ~]# systemctl start nfs 
[root@localhost ~]# systemctl enable nfs 

5、使用客戶端掛載測試

#將nfs服務端的共享目錄“/hqtwww/hqtbj/NFS/kubernetes”掛載到客戶端本地的/mnt目錄下
[root@k8s-node01 ~]# mount -t nfs 192.168.1.5:/data/NFS/kubernetes /mnt
[root@k8s-node01 ~]# df -h | grep /mnt
192.168.1.5:/data/NFS/kubernetes   17G  2.0G   16G   12% /mnt#進入/mnt目錄創建個aaa文件測試下
[root@k8s-node01 ~]# cd /mnt/
[root@k8s-node01 mnt]# touch aaa
#創建完后就可以在nfs服務端共享目錄下看到aaa

取消掛載

[root@k8s-node01 ~]# umount /mnt  
#/mnt為掛載的共享目錄  取消掛載在初期也需要進行測試下；

二、k8s環境部署csi-nfs

https://github.com/kubernetes-csi/csi-driver-nfs/releases
1、下載csi-nfs插件并解壓

[root@k8s-master01 ~]# wget -c https://github.com/kubernetes-csi/csi-driver-nfs/archive/refs/tags/v4.11.0.tar.gz
[root@k8s-master01 ~]# tar -zxf v4.11.0.tar.gz
[root@k8s-master01 ~]# ll 
drwxrwxr-x. 13 root root     4096 3月  18 13:48 csi-driver-nfs-4.11.0
[root@k8s-master01 ~]# cd csi-driver-nfs-4.11.0/

2、替換鏡像源
所有要部署的yaml文件在deploy目錄下
要修改的鏡像如下：

[root@k8s-master01 csi-driver-nfs-4.11.0]# sed -i 's/registry.k8s.io/k8s.m.daocloud.io/g' deploy/*.yaml

修改后的鏡像

3、部署nfs插件
這里可以直接使用官方提供的腳本

如果直接需要快照的話可以使用./deploy-script.sh master local snapshot直接安裝

[root@k8s-master01 csi-driver-nfs-4.11.0]# pwd
/root/csi-driver-nfs-4.11.0
[root@k8s-master01 csi-driver-nfs-4.11.0]# ./deploy/install-driver.sh master local 
Installing NFS CSI driver, version: master ...
serviceaccount/csi-nfs-controller-sa created
serviceaccount/csi-nfs-node-sa created
clusterrole.rbac.authorization.k8s.io/nfs-external-provisioner-role created
clusterrolebinding.rbac.authorization.k8s.io/nfs-csi-provisioner-binding created
clusterrole.rbac.authorization.k8s.io/nfs-external-resizer-role created
clusterrolebinding.rbac.authorization.k8s.io/nfs-csi-resizer-role created
csidriver.storage.k8s.io/nfs.csi.k8s.io created
deployment.apps/csi-nfs-controller created
daemonset.apps/csi-nfs-node created
NFS CSI driver installed successfully.

等待nfs相關資源Running即部署成功

[root@k8s-master01 csi-driver-nfs-4.11.0]# kubectl get pod -n kube-system -w
NAME                                       READY   STATUS    RESTARTS        AGE
...
csi-nfs-controller-78469d7f6c-2t2zv        5/5     Running   3 (57s ago)     5m11s
csi-nfs-node-hsfqx                         3/3     Running   1 (3m11s ago)   5m11s
csi-nfs-node-wzlk8                         3/3     Running   1 (2m9s ago)    5m11s
csi-nfs-node-zmj8t                         3/3     Running   1 (78s ago)     5m11s
...

4、編輯存儲類資源，創建nfs存儲類

[root@k8s-master01 csi-driver-nfs-4.11.0]# vim deploy/storageclass.yaml
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: nfs-csi
provisioner: nfs.csi.k8s.io
parameters:#nfs-server的連接地址;server: 192.168.1.5#nfs-server的共享目錄;share: /data/NFS/kubernetes/#在nfs-csi驅動刪除pv時，不刪除nfs服務器上的數據！（類似nfs-subdir-external-provisioner插件上面的archiveOnDelete:"true"）;onDelete: retain#定義存儲在nfs服務器上的目錄結構，根據命名空間-pvc名稱-pv名稱命名(這樣可以好區分，例如"default-web-sc-pvc-19890dfb-253b-4196-9a00-f021ac6690d7")，否則默認的為pv名稱;subDir: ${pvc.metadata.namespace}-${pvc.metadata.name}-${pv.metadata.name}# csi.storage.k8s.io/provisioner-secret is only needed for providing mountOptions in DeleteVolume# csi.storage.k8s.io/provisioner-secret-name: "mount-options"# csi.storage.k8s.io/provisioner-secret-namespace: "default"
#回收策略：Delete（刪除）與pv相連的后端存儲目錄同時刪除；當定義了onDelete： retain時，才可以使用Delete，否則使用Retain；
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:- nfsvers=4.1[root@k8s-master01 csi-driver-nfs-4.11.0]# kubectl apply -f deploy/storageclass.yaml[root@k8s-master01 csi-driver-nfs-4.11.0]# kubectl get sc 
NAME      PROVISIONER      RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-csi   nfs.csi.k8s.io   Delete          Immediate           true                   33s

三、測試動態供給

創建ngx的deployment并將數據持久化到pv，定義pvc使用剛創建的nfs-csi，運行看是否會自動創建pvc

[root@k8s-master01 ~]# vim nginx-pvc.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: web-sc
apiVersion: apps/v1
kind: Deployment
metadata:name: web-sc
spec:selector:matchLabels:app: nginxreplicas: 2template:metadata:labels:app: nginxspec:containers:- name: nginximage: nginxvolumeMounts:- name: wwwrootmountPath: /usr/share/nginx/html #將nfs存儲目錄掛載到nginx/html目錄下volumes:- name: wwwrootpersistentVolumeClaim:claimName: web-sc #要掛載到的pvc名字---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: web-sc #pvc的名字
spec:storageClassName: "nfs-csi" #nfs動態供給存儲類的名字,可用使用kubectl get sc 查看到;accessModes:- ReadWriteMany #訪問模式resources:requests:storage: 5Gi #請求的容量[root@k8s-master01 ~]# kubectl apply -f nginx-pvc.yaml
[root@k8s-master01 ~]# kubectl get pod,pv,pvc
NAME                          READY   STATUS    RESTARTS   AGE
pod/web-sc-59786d9c6d-h6tjn   1/1     Running   0          5s
pod/web-sc-59786d9c6d-wlr5k   1/1     Running   0          5sNAME                                                        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS     CLAIM            STORAGECLASS   VOLUMEATTRIBUTESCLASS   REASON   AGE
persistentvolume/pvc-c3a7b1ec-9d76-4811-adf9-dc4892db259a   5Gi        RWX            Delete           Bound      default/web-sc   nfs-csi        <unset>                          5sNAME                           STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
persistentvolumeclaim/web-sc   Bound    pvc-c3a7b1ec-9d76-4811-adf9-dc4892db259a   5Gi        RWX            nfs-csi        <unset>                 5s

如上可以看到pvc被自動創建，并在nfs server共享目錄里被創建

---

補充