k8s

k8s/environments/nfs/deployment.yaml

@@ -0,0 +1,46 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: nfs-provisioner-deployment
+  labels:
+    env: production
+    tier: storage
+    app: nfs
+    name: nfs-provisioner-deployment
+spec:
+  selector:
+    matchLabels:
+      env: production
+      tier: storage
+      app: nfs
+      name: nfs-provisioner-pod
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        env: production
+        tier: storage
+        app: nfs
+        name: nfs-provisioner-pod
+    spec:
+      serviceAccountName: nfs-provisioner-sa
+      containers:
+        - name: nfs-provisioner
+          image: quay.io/external_storage/nfs-client-provisioner:latest
+          env:
+            - name: PROVISIONER_NAME
+              value: nfs-provisioner
+            - name: NFS_SERVER
+              value: 192.168.56.21
+            - name: NFS_PATH
+              value: /srv/nfs
+          volumeMounts:
+            - name: nfs-volume
+              mountPath: /persistentvolumes
+      volumes:
+       - name: nfs-volume
+         nfs:
+           server: 192.168.56.21
+           path: /srv/nfs

k8s/environments/nfs/nfs-client.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# NFS 클라이언트 패키지를 설치한다.
+sudo apt install -y nfs-common
+
+# 마운트할 디렉터리를 만든다.
+sudo mkdir /srv/nfs
+
+# 디렉터리를 마운트한다.
+sudo mount -t nfs 192.168.56.21:/srv/nfs /srv/nfs
+
+# 디스크를 확인한다.
+df -h

k8s/environments/nfs/nfs-server.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# NFS 서버 패키지를 설치한다.
+sudo apt install -y nfs-kernel-server
+
+# 공유 디렉터리를 만든다.
+sudo mkdir /srv/nfs
+
+# 공유 디렉터리에 권한을 부여한다.
+sudo chown -R nobody:nogroup /srv/nfs
+sudo chmod 777 /srv/nfs
+
+# 공유 디렉터리 내보내기를 설정한다.
+echo "/srv/nfs *(rw,sync,no_subtree_check)" | sudo tee /etc/exports
+
+# NFS 서버를 재시작하고 상태를 확인한다.
+sudo systemctl restart nfs-kernel-server
+sudo systemctl status nfs-kernel-server
+
+# NFS 포트를 방화벽에서 허용한다.
+sudo iptables -A INPUT -p tcp --dport 2049 -j ACCEPT
+sudo iptables -A INPUT -p udp --dport 2049 -j ACCEPT

k8s/environments/nfs/sa.yaml

@@ -0,0 +1,89 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: nfs-provisioner-sa
+  labels:
+    env: production
+    tier: storage
+    app: nfs
+    name: nfs-provisioner-sa
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1 
+metadata:
+  name: nfs-provisioner-cr
+  labels:
+    env: production
+    tier: storage
+    app: nfs
+    name: nfs-provisioner-cr
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["services", "endpoints"]
+    verbs: ["get"]
+  - apiGroups: ["extensions"]
+    resources: ["podsecuritypolicies"]
+    resourceNames: ["nfs-provisioner"]
+    verbs: ["use"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: nfs-provisioner-crb
+  labels:
+    env: production
+    tier: storage
+    app: nfs
+    name: nfs-provisioner-crb
+subjects:
+  - kind: ServiceAccount
+    name: nfs-provisioner-sa
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: nfs-provisioner-cr
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: nfs-provisioner-r
+  labels:
+    env: production
+    tier: storage
+    app: nfs
+    name: nfs-provisioner-r
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: nfs-provisioner-rb
+  labels:
+    env: production
+    tier: storage
+    app: nfs
+    name: nfs-provisioner-rb
+subjects:
+  - kind: ServiceAccount
+    name: nfs-provisioner-sa
+    namespace: default
+roleRef:
+  kind: Role
+  name: nfs-provisioner-r
+  apiGroup: rbac.authorization.k8s.io

k8s/environments/nfs/sc.yaml

@@ -0,0 +1,12 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: nfs
+  labels:
+    env: production
+    tier: storage
+    app: nfs
+    name: nfs
+provisioner: nfs-provisioner
+parameters:
+  archiveOnDelete: "false"