K8S 集群部署NFS共享存储

NFS服务器端配置

1. 安装NFS服务端

   # CentOS/RedHat
   yum install -y nfs-utils rpcbind
   # Ubuntu/Debian
   apt install -y nfs-kernel-server

2. 创建共享目录并配置权限

   mkdir -p /data/nfs
   chmod 777 /data/nfs

3. 编辑NFS配置文件
   修改/etc/exports，添加共享规则：

/data/nfs *(rw,sync,no_root_squash,no_all_squash)

重启NFS服务：

systemctl restart nfs-server && systemctl enable nfs-server

4. 开放防火墙（如启用）

   firewall-cmd --add-service=nfs --permanent
   firewall-cmd --reload

---

Kubernetes集群节点配置

所有K8S节点安装NFS客户端工具：

yum install -y nfs-utils  # CentOS/RedHat
apt install -y nfs-common  # Ubuntu/Debian

---

部署NFS动态存储供给（Dynamic Provisioning)

1. 创建ServiceAccount和RBAC权限

apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-provisioner
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-role
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "watch", "list", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-role-binding
subjects:
  - kind: ServiceAccount
    name: nfs-provisioner
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: nfs-provisioner-role
  apiGroup: rbac.authorization.k8s.io

2. 部署NFS Provisioner
   使用nfs-client-provisioner的Deployment：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfs-provisioner
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nfs-provisioner
  template:
    metadata:
      labels:
        app: nfs-provisioner
    spec:
      serviceAccountName: nfs-provisioner
      containers:
        - name: nfs-provisioner
          image: registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
          env:
            - name: PROVISIONER_NAME
              value: example.com/nfs
            - name: NFS_SERVER
              value: 192.168.1.11  # 替换为实际NFS服务器IP
            - name: NFS_PATH
              value: /data/nfs     # 替换为NFS共享目录
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.1.11
            path: /data/nfs

3. 创建StorageClass

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-dynamic
provisioner: example.com/nfs  # 必须与PROVISIONER_NAME一致
parameters:
  archiveOnDelete: "false"

---

验证NFS存储

1. 创建PVC

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: test-dynamic-pvc
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: nfs-dynamic
  resources:
    requests:
      storage: 1Gi

2. 部署测试Pod

   apiVersion: v1
   kind: Pod
   metadata:
     name: test-pod
   spec:
     containers:
       - name: busybox
         image: busybox
         command: ["/bin/sh", "-c", "sleep 3600"]
         volumeMounts:
           - name: nfs-volume
             mountPath: /mnt
     volumes:
       - name: nfs-volume
         persistentVolumeClaim:
           claimName: test-pvc

部署完成