k8s搭建nfs共享存儲(chǔ)實(shí)踐

更新時(shí)間：2025年09月22日 16:31:39 作者：九制橘皮茶

本文介紹NFS服務(wù)端搭建與客戶端配置,涵蓋安裝工具、目錄設(shè)置及服務(wù)啟動(dòng),隨后講解K8S中NFS動(dòng)態(tài)存儲(chǔ)部署,包括創(chuàng)建命名空間、ServiceAccount、RBAC權(quán)限和StorageClass,實(shí)現(xiàn)存儲(chǔ)驗(yàn)證

1. NFS搭建

nfs服務(wù)端	nfs客戶端
192.168.48.19	192.168.48.0/24

1.1 部署NFS服務(wù)端

NFS 是Network File System的縮寫，即網(wǎng)絡(luò)文件系統(tǒng)。英文Network File System(NFS)，是基于TCP/IP協(xié)議的應(yīng)用，可以通過(guò)網(wǎng)絡(luò)，讓不同的機(jī)器、不同的操作系統(tǒng)可以共享彼此的文件。

NFS在文件傳送或信息傳送過(guò)程中依賴于RPC服務(wù)。

RPC：遠(yuǎn)程過(guò)程調(diào)用 (Remote Procedure Call) 是能使客戶端執(zhí)行其他系統(tǒng)中程序的一種機(jī)制。

NFS服務(wù)器可以看作是一個(gè)FILE SERVER。它可以讓你的機(jī)器（客戶端）通過(guò)網(wǎng)絡(luò)將遠(yuǎn)端的NFS SERVER共享目錄MOUNT到自己的系統(tǒng)中。

1.1.1 下載nfs-utils和rpcbind

yum -y install nfs-utils rpcbind

1.1.2 創(chuàng)鍵共享目錄

mkdir -p /data/k8s_data
chmod 777 /data/k8s_data

1.1.3 修改配置文件

cat > /etc/exports <<'EOF'
/data/k8s_data 192.168.48.0/24(rw,sync,no_root_squash,no_subtree_check)
EOF

1.1.4 啟動(dòng)nfs服務(wù)端

systemctl start rpcbind # 啟動(dòng)rpc
systemctl start nfs-server #啟動(dòng)nfs
exportfs -arv #使配置生效
systemctl enable rpcbind  #設(shè)置開機(jī)自啟
systemctl enable nfs-server #設(shè)置開機(jī)自啟

1.2 部署NFS客戶端

yum -y install nfs-utils rpcbind
systemctl start rpcbind # 啟動(dòng)rpc
systemctl start nfs-server #啟動(dòng)nfs
systemctl enable rpcbind  #設(shè)置開機(jī)自啟
systemctl enable nfs-server #設(shè)置開機(jī)自啟

1.3 檢測(cè)NFS是否正常

showmount -e 192.168.48.19

正常輸出：

[root@master1 k8s-nfs]# showmount -e 192.168.48.19
Export list for 192.168.48.19:
/data/k8s_data 192.168.48.0/24

2. K8S部署NFS Dynamic Provisioning

2.1 創(chuàng)建namespace

kubectl create namespace nfs-storageclass

2.2 創(chuàng)建SeviceAccount和RBAC權(quán)限

vim nfs-rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: nfs-storageclass
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: nfs-storageclass
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: nfs-storageclass
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: nfs-storageclass
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: nfs-storageclass
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io

2.3 部署NFS Provisioner

先拉取鏡像：

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2  registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2

vim nfs-deployment.yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: nfs-client-provisioner
  namespace: nfs-storageclass
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nfs-client-provisioner
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: k8s-sigs.io/nfs-subdir-external-provisioner
            - name: NFS_SERVER
              # value: <YOUR NFS SERVER HOSTNAME>
              value: 192.168.48.19
            - name: NFS_PATH
              # value: /var/nfs
              value: /data/k8s_data
      volumes:
        - name: nfs-client-root
          nfs:
            # server: <YOUR NFS SERVER HOSTNAME>
            server: 192.168.48.19
            # share nfs path
            path: /data/k8s_data

2.4 創(chuàng)建StorageClass

vim nfs-sc.yaml

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-client
  namespace: nfs-storageclass
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
parameters:
  pathPattern: ${.PVC.namespace}/${.PVC.name}
  onDelete: delete

2.5 驗(yàn)證NFS存儲(chǔ)

2.5.1 創(chuàng)建PVC

vim nfs-pvc.yaml

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
 name: nfs
spec:
 storageClassName: nfs-client
 accessModes:
   - ReadWriteMany
 resources:
   requests:
     storage: 1Mi

2.5.2 創(chuàng)建PV

vim nfs-pv.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv
  namespace: kube-system
spec:
  capacity:
    storage: 30Gi  # 存儲(chǔ)容量
  accessModes:
    - ReadWriteMany  # 支持多節(jié)點(diǎn)讀寫
  persistentVolumeReclaimPolicy: Retain  # 刪除PVC后保留PV數(shù)據(jù)
  storageClassName: nfs-client  # 指定存儲(chǔ)類名稱（可自定義）
  nfs:
    server: 192.168.48.19  # NFS服務(wù)器IP
    path: /data/k8s_data  # NFS共享路徑

執(zhí)行所有yaml文件：

kubectl apply -f ./

3. 驗(yàn)證

[root@master1 k8s-nfs]# kubectl get all -n nfs-storageclass 
NAME                                         READY   STATUS    RESTARTS   AGE
pod/nfs-client-provisioner-c8b7f495d-b2zpk   1/1     Running   0          64m
?
NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nfs-client-provisioner   1/1     1            1           82m
?
NAME                                               DESIRED   CURRENT   READY   AGE
replicaset.apps/nfs-client-provisioner-c8b7f495d   1         1         1       82m
[root@master1 k8s-nfs]# kubectl get sc
NAME         PROVISIONER                                   RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-client   k8s-sigs.io/nfs-subdir-external-provisioner   Delete          Immediate           false                  83m
[root@master1 k8s-nfs]# kubectl get pvc
NAME   STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
nfs    Bound    nfs-pv   30Gi       RWX            nfs-client     <unset>                 83m
[root@master1 k8s-nfs]# kubectl get pv
NAME     CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM         STORAGECLASS   VOLUMEATTRIBUTESCLASS   REASON   AGE
nfs-pv   30Gi       RWX            Retain           Bound    default/nfs   nfs-client     <unset>                          84m