EKS 训练营-存储卷 EFS(11)
# 介绍
Amazon Elastic File System (Amazon EFS) 提供了一个简单的设置即用式无服务器弹性文件系统,说白了就是 NFS,让您无需预置或管理存储即可共享文件数据。它可与 AWS 云服务和本地资源配合使用,并且可按需扩展至 PB 级,而不中断应用程序。借助 Amazon EFS,您可以在添加和删除文件时自动扩展和缩减文件系统,无需预置和管理容量以适应增长。
# 创建 EFS
简便期间,我们通过 console 来进行创建吧
![image-20210608141012196](https://imgs.wzlinux.com/blog/202106/08/141012-801536.png)
创建起来非常简单,我们使用的和 EKS 同一个 VPC,也是 AWS 默认的 VPC,稍等几分钟,就会创建好。
![image-20210608141401375](https://imgs.wzlinux.com/blog/202106/08/141402-914535.png)
请记住这里的 EFS ID,fs-350dac01 后面会用到。
# 部署 EBS CSI 驱动
在 EKS 平台上,有个开源的组件 [EFS Container Storage Interface (CSI) driver](https://github.com/kubernetes-sigs/aws-efs-csi-driver) 支持把 EFS 附加到 Pod上 使用,所以,我们需要先安装这个组件。
## 1.配置 CSI 策略
```bash
mkdir ~/environment/efs_csi_driver && cd ~/environment/efs_csi_driver
curl -o iam-policy-example.json https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/v1.2.0/docs/iam-policy-example.json
aws iam create-policy \
--region eu-west-1 \
--policy-name Amazon_EFS_CSI_Driver \
--policy-document file://iam-policy-example.json
```
## 2.配置 IAM 角色和 SA 匹配
我们后面创建的 pod `efs-csi-controller` 默认的 serviceAccount 就是`efs-csi-controller-sa`,因为需要这个 CSI 来创建 EFS 卷,所以我们把附有权限的 serviceAccount 提前创建好。
```bash
eksctl create iamserviceaccount \
--cluster my-cluster \
--name efs-csi-controller-sa \
--namespace kube-system \
--attach-policy-arn arn:aws:iam::921283538843:policy/Amazon_EFS_CSI_Driver \
--override-existing-serviceaccounts \
--approve
```
## 3.部署 EFS CSI 驱动
部署方式非常简单
```bash
kubectl kustomize \
"github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/ecr?ref=release-1.2" > driver.yaml
kubectl apply -f driver.yaml
```
部署内容如下
```bash
serviceaccount/efs-csi-controller-sa configured
clusterrole.rbac.authorization.k8s.io/efs-csi-external-provisioner-role created
clusterrolebinding.rbac.authorization.k8s.io/efs-csi-provisioner-binding created
deployment.apps/efs-csi-controller created
daemonset.apps/efs-csi-node created
csidriver.storage.k8s.io/efs.csi.aws.com created
```
# 动态卷配置
## 1.创建 StorageClass
通过 K8s 的 [Dynamic Volume Provisioning](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) 可以按需的给 Pod 挂载存储卷组。在把存储卷组挂载到 Pod 之前,需要先定义 [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/#aws-ebs)。
定义一个 yaml 文件 `storageclass.yml`。
```bash
curl -o storageclass.yaml https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/master/examples/kubernetes/dynamic_provisioning/specs/storageclass.yaml
```
编辑文件,替换`fileSystemId`将替换为您的文件系统 ID,内容如下:
```yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
parameters:
provisioningMode: efs-ap
fileSystemId: fs-350dac01
directoryPerms: "700"
gidRangeStart: "1000" # optional
gidRangeEnd: "2000" # optional
basePath: "/dynamic_provisioning" # optional
```
部署并查看
```bash
kubectl create -f ~/environment/efs_csi_driver/storageclass.yaml
kubectl describe storageclass efs-sc
```
## 2.创建 PVC
下载 yaml 文件
```bash
wget https://raw.githubusercontent.com/wangzan18/jenkins-agent-k8s-cicd/master/storage/efs-pvc.yaml
```
其内容如下
```yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
```
部署并查看
```bash
kubectl create -f ~/environment/efs_csi_driver/efs-pvc.yaml
kubectl describe pvc efs-claim
```
## 3.创建 Pod
下载 yaml 文件
```bash
wget https://raw.githubusercontent.com/wangzan18/jenkins-agent-k8s-cicd/master/storage/efs-writer.yaml
wget https://raw.githubusercontent.com/wangzan18/jenkins-agent-k8s-cicd/master/storage/efs-reader.yaml
```
其内容如下,申请了一个 EFS 的 PVC,分别挂到两个 Pod 的 /share 目录下面,两个 Pod 都可以看到相同的内容。
```yaml
apiVersion: v1
kind: Pod
metadata:
name: efs-writer
namespace: storage
spec:
containers:
- name: efs-writer
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo $POD_NAME.$POD_NAMESPACE - $(date -u) >> /shared/out.txt; sleep 5; done"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: efs-pvc
mountPath: /shared
volumes:
- name: efs-pvc
persistentVolumeClaim:
claimName: efs-claim
```
部署并查看
```bash
kubectl create -f ~/environment/efs_csi_driver/efs-writer.yaml
kubectl create -f ~/environment/efs_csi_driver/efs-reader.yaml
```
## 4.验证
查看 write 这个 pod 里面的内容:
```bash
kubectl exec -it efs-writer -- tail /shared/out.txt
```
输出内容如下:
```bash
efs-writer.default - Tue Jun 8 07:28:12 UTC 2021
efs-writer.default - Tue Jun 8 07:28:17 UTC 2021
efs-writer.default - Tue Jun 8 07:28:22 UTC 2021
efs-writer.default - Tue Jun 8 07:28:27 UTC 2021
efs-writer.default - Tue Jun 8 07:28:32 UTC 2021
efs-writer.default - Tue Jun 8 07:28:37 UTC 2021
efs-writer.default - Tue Jun 8 07:28:42 UTC 2021
efs-writer.default - Tue Jun 8 07:28:47 UTC 2021
efs-writer.default - Tue Jun 8 07:28:52 UTC 2021
efs-writer.default - Tue Jun 8 07:28:57 UTC 2021
```
然后查看另一个容器的文件。
```bash
kubectl exec -it efs-reader -- tail /shared/out.txt
```
也可以看到 Pod 写入的内容
```bash
efs-writer.default - Tue Jun 8 07:30:12 UTC 2021
efs-writer.default - Tue Jun 8 07:30:17 UTC 2021
efs-writer.default - Tue Jun 8 07:30:22 UTC 2021
efs-writer.default - Tue Jun 8 07:30:27 UTC 2021
efs-writer.default - Tue Jun 8 07:30:32 UTC 2021
efs-writer.default - Tue Jun 8 07:30:37 UTC 2021
efs-writer.default - Tue Jun 8 07:30:42 UTC 2021
```
# 清理
```bash
cd ~/environment/efs_csi_driver/
kubectl delete -f efs-reader.yaml
kubectl delete -f efs-writer.yaml
kubectl delete -f efs-pvc.yaml
```
# 欢迎大家扫码关注,获取更多信息
![](https://imgs.wzlinux.com/wechat/wechat-8.jpg)