rpi4でも動的プロビジョニング (NFS)をしたい!
はじめに
raspberry pi 4 で Kubernetes : 動的プロビジョニング (NFS) をしようとしたけど、色々大変だったので備忘録
問題はhelm で入ってくる stable/nfs-client-provisioner のイメージがarm64に対応していないということ。
なのでKubernetes NFS-Client Provisionerをarm64にビルドする必要があります。ビルドしたものはこちらです。
なお、NFSサーバーは立っているものとし、 192.168.11.14のipに[/home/nfsshare] ディレクトリを共有ディレクトリとして設定します。
やり方
NFSサーバーの情報を変数に入れます。
NFS_SERVER=192.168.11.14
NFS_DIR=/home/nfsshare
nfs-client-provisionerのyamlを作成します。
これはhelm template nfs-client -n kube-system stable/nfs-client-provisionerから取得したものです
cat <<EOF | tee ./nfs-client-provisioner.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: nfs-client-provisioner
chart: nfs-client-provisioner-1.2.9
heritage: Helm
release: nfs-client
name: nfs-client-nfs-client-provisioner
---
# Source: nfs-client-provisioner/templates/storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
labels:
app: nfs-client-provisioner
chart: nfs-client-provisioner-1.2.9
heritage: Helm
release: nfs-client
name: nfs-client
provisioner: cluster.local/nfs-client-nfs-client-provisioner
allowVolumeExpansion: true
reclaimPolicy: Delete
parameters:
archiveOnDelete: "true"
---
# Source: nfs-client-provisioner/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: nfs-client-provisioner
chart: nfs-client-provisioner-1.2.9
heritage: Helm
release: nfs-client
name: nfs-client-nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
# Source: nfs-client-provisioner/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: nfs-client-provisioner
chart: nfs-client-provisioner-1.2.9
heritage: Helm
release: nfs-client
name: run-nfs-client-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-nfs-client-provisioner
namespace: kube-system
roleRef:
kind: ClusterRole
name: nfs-client-nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
# Source: nfs-client-provisioner/templates/role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: nfs-client-provisioner
chart: nfs-client-provisioner-1.2.9
heritage: Helm
release: nfs-client
name: leader-locking-nfs-client-nfs-client-provisioner
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
# Source: nfs-client-provisioner/templates/rolebinding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: nfs-client-provisioner
chart: nfs-client-provisioner-1.2.9
heritage: Helm
release: nfs-client
name: leader-locking-nfs-client-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-nfs-client-provisioner
namespace: kube-system
roleRef:
kind: Role
name: leader-locking-nfs-client-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
---
# Source: nfs-client-provisioner/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-nfs-client-provisioner
labels:
app: nfs-client-provisioner
chart: nfs-client-provisioner-1.2.9
heritage: Helm
release: nfs-client
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
release: nfs-client
template:
metadata:
annotations:
labels:
app: nfs-client-provisioner
release: nfs-client
spec:
serviceAccountName: nfs-client-nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: "penm000/nfs-client-provisioner-arm64"
imagePullPolicy: IfNotPresent
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: cluster.local/nfs-client-nfs-client-provisioner
- name: NFS_SERVER
value: ${NFS_SERVER}
- name: NFS_PATH
value: ${NFS_DIR}
volumes:
- name: nfs-client-root
nfs:
server: path: ${NFS_SERVER}
path: ${NFS_DIR}
EOF
次にnfs-client-provisionerを起動します。その際他のリソースにアクセスできる権限を与えます。
kubectl apply -f nfs-client-provisioner.yaml -n kube-system
kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=kube-system:nfs-client-nfs-client-provisioner
しばらくするとrunningになります。(x86の人は動かないので注意)
ubuntu@rpi4-node1:~/hoge$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
・・・略・・・
nfs-client-nfs-client-provisioner-c45667c87-pgmv6 1/1 Running 0 13m
現在の状態では、pv pvcともにありません。
ubuntu@rpi4-node1:~/hoge$ kubectl get pv
No resources found in default namespace.
ubuntu@rpi4-node1:~/hoge$ kubectl get pvc
No resources found in default namespace.
pvcのyamlを作成します。
cat <<EOF | tee my-pvc.yml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-provisioner
annotations:
# StorageClass の名称を指定
volume.beta.kubernetes.io/storage-class: nfs-client
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
# リクエストするボリュームサイズ5Mバイト
storage: 5M
EOF
mypvcを起動します。
kubectl apply -f my-pvc.yml
STATUSがboundになれば完了です。
ubuntu@rpi4-node1:~/hoge$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
my-provisioner Bound pvc-271840d5-0d55-46b4-833a-27419e5297a4 5M RWO nfs-client 4s
引き続きKubernetes : 動的プロビジョニング (NFS)をお楽しみください