Skip to content

Instantly share code, notes, and snippets.

@sandipchitale

sandipchitale/nfs-client-provisioner.yml

Created June 20, 2019 20:58
Show Gist options
  • Save sandipchitale/52a6b6c39d631aa4efe7c2c9b4eb4a08 to your computer and use it in GitHub Desktop.
Save sandipchitale/52a6b6c39d631aa4efe7c2c9b4eb4a08 to your computer and use it in GitHub Desktop.
Download ZIP
NFS Server + dynamic NFS Client provisioner
Raw
nfs-client-provisioner.yml
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: nfs-client-provisioner
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: dynamic-nfs-storage
provisioner: dynamic-nfs # or choose another name, must match deployment's env PROVISIONER_NAME'
parameters:
archiveOnDelete: "false"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: nfs-client-provisioner
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: quay.io/external_storage/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: dynamic-nfs
- name: NFS_SERVER
value: 10.15.240.65
- name: NFS_PATH
value: /exports
volumes:
- name: nfs-client-root
nfs:
server: 10.15.240.65
path: /exports
Raw
nfs-server.yml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: dynamic-nfs-pvc
labels:
product: dynamic
component: nfs
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 600Gi
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: dynamic-nfs-server
spec:
replicas: 1
selector:
matchLabels:
component: nfs-server
template:
metadata:
labels:
product: dynamic
component: nfs-server
spec:
containers:
- name: dynamic-nfs-server
image: k8s.gcr.io/volume-nfs:0.8
ports:
- name: nfs
containerPort: 2049
- name: mountd
containerPort: 20048
- name: rpcbind
containerPort: 111
securityContext:
privileged: true
volumeMounts:
- mountPath: /exports
name: dynamic-nfs
volumes:
- name: dynamic-nfs
persistentVolumeClaim:
claimName: dynamic-nfs-pvc
---
kind: Service
apiVersion: v1
metadata:
name: dynamic-nfs-server
spec:
ports:
- name: nfs
port: 2049
- name: mountd
port: 20048
- name: rpcbind
port: 111
selector:
product: dynamic
component: nfs-server
Raw
test-deployment.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: test-deployment
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
name: test-pod
creationTimestamp: null
labels:
run: test
spec:
securityContext:
fsGroup: 3000
runAsGroup: 4000
nodeSelector:
product: infoarchive
component: mgmt
volumes:
- name: nfs-pvc-1
persistentVolumeClaim:
claimName: test-claim-1
- name: nfs-pvc-2
persistentVolumeClaim:
claimName: test-claim-2
initContainers:
- name: owner-and-group-init-container
image: gcr.io/google_containers/busybox:1.24
command: ["/bin/sh", "-c", "chown -R 1000:3000 /mnt1 && chown -R 2000:3000 /mnt2 || :"]
volumeMounts:
- name: nfs-pvc-1
mountPath: "/mnt1"
- name: nfs-pvc-2
mountPath: "/mnt2"
containers:
- name: test-container-1
image: gcr.io/google_containers/busybox:1.24
securityContext:
runAsUser: 1000
command:
- "/bin/sh"
args:
- "-c"
- "tail -f < /dev/null"
volumeMounts:
- name: nfs-pvc-1
mountPath: "/mnt1"
- name: nfs-pvc-2
mountPath: "/mnt2"
- name: test-container-2
image: gcr.io/google_containers/busybox:1.24
securityContext:
runAsUser: 2000
command:
- "/bin/sh"
args:
- "-c"
- "tail -f < /dev/null"
volumeMounts:
- name: nfs-pvc-1
mountPath: "/mnt1"
- name: nfs-pvc-2
mountPath: "/mnt2"
Raw
test-pvc.yml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim-1
annotations:
volume.beta.kubernetes.io/storage-class: "dynamic-nfs-storage"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim-2
annotations:
volume.beta.kubernetes.io/storage-class: "dynamic-nfs-storage"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment