1. cat nfs-sc.yaml
    2. apiVersion: v1
    3. kind: ServiceAccount   #服务的账号
    4. metadata:
    5.   name: nfs-client-provisioner
    6.   namespace: kube-system
    7. ---
    8. kind: ClusterRole      #集群角色(不受namespace控制) 
    9. apiVersion: rbac.authorization.k8s.io/v1
    10. metadata:
    11.   name: nfs-client-provisioner-runner
    12. rules:                                #赋予class角色权限(不然会报错)
    13.   - apiGroups: [""]
    14.     resources: ["persistentvolumes"]
    15.     verbs: ["get", "list", "watch", "create", "delete"]
    16.   - apiGroups: [""]
    17.     resources: ["persistentvolumeclaims"]
    18.     verbs: ["get", "list", "watch", "update"]
    19.   - apiGroups: ["storage.k8s.io"]
    20.     resources: ["storageclasses"]
    21.     verbs: ["get", "list", "watch"]
    22.   - apiGroups: [""]
    23.     resources: ["events"] 
    24.     verbs: ["list", "watch", "create", "update", "patch"]
    25.   - apiGroups: [""]
    26.     resources: ["endpoints"]
    27.     verbs: ["get", "list", "watch", "create", "update", "patch"]
    28. ---
    29. kind: ClusterRoleBinding  #关联
    30. apiVersion: rbac.authorization.k8s.io/v1
    31. metadata:
    32.   name: run-nfs-client-provisioner
    33. subjects:
    34.   - kind: ServiceAccount
    35.     name: nfs-client-provisioner
    36.     namespace: kube-system 
    37. roleRef:
    38.   kind: ClusterRole
    39.   name: nfs-client-provisioner-runner
    40.   apiGroup: rbac.authorization.k8s.io
    41. ---
    42. kind: Deployment
    43. apiVersion: apps/v1
    44. metadata:
    45.   name: nfs-provisioner-01
    46.   namespace: kube-system
    47. spec:
    48.   replicas: 1
    49.   strategy:
    50.     type: Recreate
    51.   selector:
    52.     matchLabels:
    53.       app: nfs-provisioner-01
    54.   template:
    55.     metadata:
    56.       labels:
    57.         app: nfs-provisioner-01
    58.     spec:
    59.       serviceAccountName: nfs-client-provisioner
    60.       containers:
    61.         - name: nfs-client-provisioner
    62.           image: jmgao1983/nfs-client-provisioner:latest
    63.           imagePullPolicy: IfNotPresent
    64.           volumeMounts:
    65.             - name: nfs-client-root
    66.               mountPath: /persistentvolumes
    67.           env:
    68.             - name: PROVISIONER_NAME
    69.               value: nfs-provisioner-01  # 此处供应者名字供storageclass调用
    70.             - name: NFS_SERVER
    71.               value: 10.0.1.201   # 填入NFS的地址
    72.             - name: NFS_PATH
    73.               value: /nfs_dir   # 填入NFS挂载的目录
    74.       volumes:
    75.         - name: nfs-client-root
    76.           nfs:
    77.             server: 10.0.1.201   # 填入NFS的地址
    78.             path: /nfs_dir   # 填入NFS挂载的目录
    79. ---
    80. apiVersion: storage.k8s.io/v1
    81. kind: StorageClass
    82. metadata:
    83.   name: nfs-boge
    84. provisioner: nfs-provisioner-01
    85. # Supported policies: Delete、 Retain , default is Delete
    86. reclaimPolicy: Retain