rpi4でも動的プロビジョニング (NFS)をしたい!

はじめに

raspberry pi 4 で Kubernetes : 動的プロビジョニング (NFS) をしようとしたけど、色々大変だったので備忘録

問題はhelm で入ってくる stable/nfs-client-provisioner のイメージがarm64に対応していないということ。

なのでKubernetes NFS-Client Provisionerをarm64にビルドする必要があります。ビルドしたものはこちらです。

なお、NFSサーバーは立っているものとし、 192.168.11.14のipに[/home/nfsshare] ディレクトリを共有ディレクトリとして設定します。

やり方

NFSサーバーの情報を変数に入れます。

NFS_SERVER=192.168.11.14
NFS_DIR=/home/nfsshare

nfs-client-provisionerのyamlを作成します。

これはhelm template nfs-client -n kube-system stable/nfs-client-provisionerから取得したものです

cat <<EOF | tee ./nfs-client-provisioner.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: nfs-client-provisioner
    chart: nfs-client-provisioner-1.2.9
    heritage: Helm
    release: nfs-client
  name: nfs-client-nfs-client-provisioner
---
# Source: nfs-client-provisioner/templates/storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  labels:
    app: nfs-client-provisioner
    chart: nfs-client-provisioner-1.2.9
    heritage: Helm
    release: nfs-client
  name: nfs-client
provisioner: cluster.local/nfs-client-nfs-client-provisioner
allowVolumeExpansion: true
reclaimPolicy: Delete
parameters:
  archiveOnDelete: "true"
---
# Source: nfs-client-provisioner/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    app: nfs-client-provisioner
    chart: nfs-client-provisioner-1.2.9
    heritage: Helm
    release: nfs-client
  name: nfs-client-nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
# Source: nfs-client-provisioner/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    app: nfs-client-provisioner
    chart: nfs-client-provisioner-1.2.9
    heritage: Helm
    release: nfs-client
  name: run-nfs-client-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-nfs-client-provisioner
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: nfs-client-nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
# Source: nfs-client-provisioner/templates/role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    app: nfs-client-provisioner
    chart: nfs-client-provisioner-1.2.9
    heritage: Helm
    release: nfs-client
  name: leader-locking-nfs-client-nfs-client-provisioner
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
# Source: nfs-client-provisioner/templates/rolebinding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    app: nfs-client-provisioner
    chart: nfs-client-provisioner-1.2.9
    heritage: Helm
    release: nfs-client
  name: leader-locking-nfs-client-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-nfs-client-provisioner
    namespace: kube-system
roleRef:
  kind: Role
  name: leader-locking-nfs-client-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io
---
# Source: nfs-client-provisioner/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfs-client-nfs-client-provisioner
  labels:
    app: nfs-client-provisioner
    chart: nfs-client-provisioner-1.2.9
    heritage: Helm
    release: nfs-client
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nfs-client-provisioner
      release: nfs-client
  template:
    metadata:
      annotations:
      labels:
        app: nfs-client-provisioner
        release: nfs-client
    spec:
      serviceAccountName: nfs-client-nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: "penm000/nfs-client-provisioner-arm64"
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: cluster.local/nfs-client-nfs-client-provisioner
            - name: NFS_SERVER
              value: ${NFS_SERVER}
            - name: NFS_PATH
              value: ${NFS_DIR}
      volumes:
        - name: nfs-client-root
          nfs:
            server: path: ${NFS_SERVER}
            path: ${NFS_DIR}
EOF

次にnfs-client-provisionerを起動します。その際他のリソースにアクセスできる権限を与えます。

kubectl apply -f nfs-client-provisioner.yaml -n kube-system
kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=kube-system:nfs-client-nfs-client-provisioner

しばらくするとrunningになります。(x86の人は動かないので注意)

ubuntu@rpi4-node1:~/hoge$ kubectl get pods -n kube-system
NAME                                                READY   STATUS        RESTARTS   AGE
・・・略・・・
nfs-client-nfs-client-provisioner-c45667c87-pgmv6   1/1     Running       0          13m

現在の状態では、pv pvcともにありません。

ubuntu@rpi4-node1:~/hoge$ kubectl get pv
No resources found in default namespace.
ubuntu@rpi4-node1:~/hoge$ kubectl get pvc
No resources found in default namespace.

pvcのyamlを作成します。

cat <<EOF |  tee my-pvc.yml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-provisioner
  annotations:
    # StorageClass の名称を指定
    volume.beta.kubernetes.io/storage-class: nfs-client
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      # リクエストするボリュームサイズ5Mバイト
      storage: 5M
EOF

mypvcを起動します。

kubectl apply -f my-pvc.yml

STATUSがboundになれば完了です。

ubuntu@rpi4-node1:~/hoge$ kubectl get pvc
NAME             STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
my-provisioner   Bound    pvc-271840d5-0d55-46b4-833a-27419e5297a4   5M         RWO            nfs-client     4s

引き続きKubernetes : 動的プロビジョニング (NFS)をお楽しみください