# 介绍 Amazon Elastic File System (Amazon EFS) 提供了一个简单的设置即用式无服务器弹性文件系统，说白了就是 NFS，让您无需预置或管理存储即可共享文件数据。它可与 AWS 云服务和本地资源配合使用，并且可按需扩展至 PB 级，而不中断应用程序。借助 Amazon EFS，您可以在添加和删除文件时自动扩展和缩减文件系统，无需预置和管理容量以适应增长。 # 创建 EFS 简便期间，我们通过 console 来进行创建吧  创建起来非常简单，我们使用的和 EKS 同一个 VPC，也是 AWS 默认的 VPC，稍等几分钟，就会创建好。  请记住这里的 EFS ID，fs-350dac01 后面会用到。 # 部署 EBS CSI 驱动 在 EKS 平台上，有个开源的组件 [EFS Container Storage Interface (CSI) driver](https://github.com/kubernetes-sigs/aws-efs-csi-driver) 支持把 EFS 附加到 Pod上 使用，所以，我们需要先安装这个组件。 ## 1.配置 CSI 策略 ```bash mkdir ~/environment/efs_csi_driver && cd ~/environment/efs_csi_driver curl -o iam-policy-example.json https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/v1.2.0/docs/iam-policy-example.json aws iam create-policy \ --region eu-west-1 \ --policy-name Amazon_EFS_CSI_Driver \ --policy-document file://iam-policy-example.json ``` ## 2.配置 IAM 角色和 SA 匹配 我们后面创建的 pod `efs-csi-controller` 默认的 serviceAccount 就是`efs-csi-controller-sa`，因为需要这个 CSI 来创建 EFS 卷，所以我们把附有权限的 serviceAccount 提前创建好。 ```bash eksctl create iamserviceaccount \ --cluster my-cluster \ --name efs-csi-controller-sa \ --namespace kube-system \ --attach-policy-arn arn:aws:iam::921283538843:policy/Amazon_EFS_CSI_Driver \ --override-existing-serviceaccounts \ --approve ``` ## 3.部署 EFS CSI 驱动 部署方式非常简单 ```bash kubectl kustomize \ "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/ecr?ref=release-1.2" > driver.yaml kubectl apply -f driver.yaml ``` 部署内容如下 ```bash serviceaccount/efs-csi-controller-sa configured clusterrole.rbac.authorization.k8s.io/efs-csi-external-provisioner-role created clusterrolebinding.rbac.authorization.k8s.io/efs-csi-provisioner-binding created deployment.apps/efs-csi-controller created daemonset.apps/efs-csi-node created csidriver.storage.k8s.io/efs.csi.aws.com created ``` # 动态卷配置 ## 1.创建 StorageClass 通过 K8s 的 [Dynamic Volume Provisioning](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) 可以按需的给 Pod 挂载存储卷组。在把存储卷组挂载到 Pod 之前，需要先定义 [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/#aws-ebs)。 定义一个 yaml 文件 `storageclass.yml`。 ```bash curl -o storageclass.yaml https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/master/examples/kubernetes/dynamic_provisioning/specs/storageclass.yaml ``` 编辑文件，替换`fileSystemId`将替换为您的文件系统 ID，内容如下： ```yaml kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: efs-sc provisioner: efs.csi.aws.com parameters: provisioningMode: efs-ap fileSystemId: fs-350dac01 directoryPerms: "700" gidRangeStart: "1000" # optional gidRangeEnd: "2000" # optional basePath: "/dynamic_provisioning" # optional ``` 部署并查看 ```bash kubectl create -f ~/environment/efs_csi_driver/storageclass.yaml kubectl describe storageclass efs-sc ``` ## 2.创建 PVC 下载 yaml 文件 ```bash wget https://raw.githubusercontent.com/wangzan18/jenkins-agent-k8s-cicd/master/storage/efs-pvc.yaml ``` 其内容如下 ```yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: efs-claim spec: accessModes: - ReadWriteMany storageClassName: efs-sc resources: requests: storage: 5Gi ``` 部署并查看 ```bash kubectl create -f ~/environment/efs_csi_driver/efs-pvc.yaml kubectl describe pvc efs-claim ``` ## 3.创建 Pod 下载 yaml 文件 ```bash wget https://raw.githubusercontent.com/wangzan18/jenkins-agent-k8s-cicd/master/storage/efs-writer.yaml wget https://raw.githubusercontent.com/wangzan18/jenkins-agent-k8s-cicd/master/storage/efs-reader.yaml ``` 其内容如下，申请了一个 EFS 的 PVC，分别挂到两个 Pod 的 /share 目录下面，两个 Pod 都可以看到相同的内容。 ```yaml apiVersion: v1 kind: Pod metadata: name: efs-writer namespace: storage spec: containers: - name: efs-writer image: busybox command: ["/bin/sh"] args: ["-c", "while true; do echo $POD_NAME.$POD_NAMESPACE - $(date -u) >> /shared/out.txt; sleep 5; done"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: efs-pvc mountPath: /shared volumes: - name: efs-pvc persistentVolumeClaim: claimName: efs-claim ``` 部署并查看 ```bash kubectl create -f ~/environment/efs_csi_driver/efs-writer.yaml kubectl create -f ~/environment/efs_csi_driver/efs-reader.yaml ``` ## 4.验证 查看 write 这个 pod 里面的内容： ```bash kubectl exec -it efs-writer -- tail /shared/out.txt ``` 输出内容如下： ```bash efs-writer.default - Tue Jun 8 07:28:12 UTC 2021 efs-writer.default - Tue Jun 8 07:28:17 UTC 2021 efs-writer.default - Tue Jun 8 07:28:22 UTC 2021 efs-writer.default - Tue Jun 8 07:28:27 UTC 2021 efs-writer.default - Tue Jun 8 07:28:32 UTC 2021 efs-writer.default - Tue Jun 8 07:28:37 UTC 2021 efs-writer.default - Tue Jun 8 07:28:42 UTC 2021 efs-writer.default - Tue Jun 8 07:28:47 UTC 2021 efs-writer.default - Tue Jun 8 07:28:52 UTC 2021 efs-writer.default - Tue Jun 8 07:28:57 UTC 2021 ``` 然后查看另一个容器的文件。 ```bash kubectl exec -it efs-reader -- tail /shared/out.txt ``` 也可以看到 Pod 写入的内容 ```bash efs-writer.default - Tue Jun 8 07:30:12 UTC 2021 efs-writer.default - Tue Jun 8 07:30:17 UTC 2021 efs-writer.default - Tue Jun 8 07:30:22 UTC 2021 efs-writer.default - Tue Jun 8 07:30:27 UTC 2021 efs-writer.default - Tue Jun 8 07:30:32 UTC 2021 efs-writer.default - Tue Jun 8 07:30:37 UTC 2021 efs-writer.default - Tue Jun 8 07:30:42 UTC 2021 ``` # 清理 ```bash cd ~/environment/efs_csi_driver/ kubectl delete -f efs-reader.yaml kubectl delete -f efs-writer.yaml kubectl delete -f efs-pvc.yaml ``` # 欢迎大家扫码关注，获取更多信息