NFS 安裝教學 - 取代 aws-ebs

# NFS 安裝教學 - 取代 aws-ebs ###### tags: `build wazuh` > 參考網頁：[網頁1](https://blog.devcloud.com.tw/ubuntu-nfs-install/)、[網頁2](https://blog.devcloud.com.tw/kubernetes-storage-class-nfs-external-provisioner-bu-shu/) ## 第一步：修改wazuh-kubernetes/envs/eks/storage-class.yaml 原檔案： ```=yaml apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: wazuh-storage provisioner: kubernetes.io/aws-ebs parameters: encrypted: 'true' type: gp2 volumeBindingMode: WaitForFirstConsumer reclaimPolicy: Retain # Useful in case you delete the PersistentVolumeClaim ``` 修改後： ```=yaml apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: wazuh-storage provisioner: kubernetes.io/NFS parameters: encrypted: 'true' type: gp2 volumeBindingMode: WaitForFirstConsumer reclaimPolicy: Retain # Useful in case you delete the PersistentVolumeClaim ``` 只更改供應商(provisoner)的部分，從原本的 aws-ebs 改成 NFS ## 第二步：安裝 NFS Server 安裝在k8s-m1上(Control Plane 1上) 使用 apt 命令進行安裝 NFS Server ```=bash sudo apt update sudo apt install nfs-kernel-server nfs-common ``` 安裝完成後，接著要來設定 NFS Server 首先先建立要用被掛載的目錄，這裡用 /opt/nfs 資料夾作為要被掛載的目錄 ```=bash sudo mkdir /opt/nfs ``` 接著編輯 /etc/exports ，加入以下內容(要改成Control Plane1的IP，這裡以 10.0.2.10舉例) ```=bash sudo nano /etc/exports ... /opt/nfs 10.0.2.10/24(rw,sync,no_subtree_check,no_root_squash) ``` 重新啟動 NFS Server 讓設定生效 ```=bash sudo systemctl restart nfs-kernel-server.service ``` 確認 NFS Server 是否正常啟動 ```=bash sudo systemctl status nfs-kernel-server.service ● nfs-server.service - NFS server and services Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled) Active: active (exited) since Mon 2022-07-11 03:24:56 UTC; 17s ago Process: 15956 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS) Process: 15957 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS) Main PID: 15957 (code=exited, status=0/SUCCESS) CPU: 13ms Jul 11 03:24:55 k01 systemd[1]: Starting NFS server and services... Jul 11 03:24:56 k01 systemd[1]: Finished NFS server and services. ``` 或是可以使用 showmount 命令來檢查 NFS Server 開出來的目錄 ```=bash showmount -e localhost ``` 執行上述這行指令應該會出現剛才設定的IP位址，如下： ```=bash Export list for localhost: /opt/nfs 10.0.2.10/24 ``` 接著我們需要將 NFS Server 設定為開機啟動，避免每次重開機後都需要手動設定 ```=bash sudo systemctl enable nfs-kernel-server ``` ## 第三步安裝 NFS Client 安裝在Worker Node 1~n 上使用 apt 命令進行安裝 NFS Client ```=bash sudo apt install nfs-common ``` 使用 showmount 命令檢查 NFS Server 可連線的目錄 ```=bash showmount -e {NFS Server IP} # 請改為自己的 NFS Server IP ``` 建立掛載用目錄，並將 NFS Server 的目錄掛載至本機目錄 ```=bash sudo mkdir /opt/nfs sudo mount 10.0.2.10:/opt/nfs /opt/nfs ``` 確認是否有掛載成功 ```=bash df -h ``` 或是使用命令建立檔案，再去各台機器中確認檔案是否有被同步最後編輯 /etc/fstab，重開機後自動掛載 NFS Client ```=bash sudo nano /etc/fstab ... # 增加下列內容，並將 IP 修改為自己的 NFS Server IP(Control Plane 1 IP). 10.0.2.10:/opt/nfs /opt/nfs nfs rw 0 0 ``` {NFS Server IP}:{要掛載的目錄} {本機被用來掛載的目錄} nfs rw 0 0 完成後就可以在 /opt/nfs 目錄中創建需要被共享的檔案，然後到 NFS Server 與 Client 的機器中去確認是否有被共享。 ## 第四步安裝 Helm 安裝在k8s-m1 (Control Plane 1上) ### 安裝 Helm ```=bash curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh ``` ### 安裝 NFS external provisioner 請將 nfs.server 改為 NFS Server 的 IP(Control Plane 1 IP) nfs.path 修改為 NFS 要掛載的路徑 (nfs.path=/opt/nfs) ``` helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner --set storageClass.name=wazuh-storage --set nfs.server=10.0.2.10 --set nfs.path=/exported/path ``` ### 測試 NFS Storage Class 建立一個測試用的 Pod，來驗證 NFS Storage Class 是否能夠正常運作 ```=bash nano test-nfs.yaml ``` test-nfs.yaml : ```=bash kind: PersistentVolumeClaim apiVersion: v1 metadata: name: test-claim spec: storageClassName: nfs-client accessModes: - ReadWriteMany resources: requests: storage: 1Mi --- kind: Pod apiVersion: v1 metadata: name: test-pod spec: containers: - name: test-pod image: busybox:stable command: - "/bin/sh" args: - "-c" - "echo '123123' > /mnt/SUCCESS && exit 0 || exit 1" volumeMounts: - name: nfs-pvc mountPath: "/mnt" restartPolicy: "Never" volumes: - name: nfs-pvc persistentVolumeClaim: claimName: test-claim ``` ```=bash kubectl apply -f test-nfs.yaml ``` 執行完成後，去確認被掛載的 NFS 資料夾中是否有出現新的檔案 ```=bash ls /opt/nfs/ # 這是我掛載的 NFS 資料夾路徑 archived-default-test-claim-pvc-683ff88b-938c-45c0-86c2-7f0cb4655d90 archived-default-test-claim-pvc-85969299-0d88-41a1-a95a-3346490fc1e7 default-test-claim-pvc-4b6b5199-3fb6-4866-840a-d58d5fa5bb2d ```