• Stars
    star
    2,378
  • Rank 19,347 (Top 0.4 %)
  • Language
    Shell
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Dynamic sub-dir volume provisioner on a remote NFS server.

Kubernetes NFS Subdir External Provisioner

NFS subdir external provisioner is an automatic provisioner that use your existing and already configured NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as ${namespace}-${pvcName}-${pvName}.

Note: This repository is migrated from https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client. As part of the migration:

  • The container image name and repository has changed to registry.k8s.io/sig-storage and nfs-subdir-external-provisioner respectively.
  • To maintain backward compatibility with earlier deployment files, the naming of NFS Client Provisioner is retained as nfs-client-provisioner in the deployment YAMLs.
  • One of the pending areas for development on this repository is to add automated e2e tests. If you would like to contribute, please raise an issue or reach us on the Kubernetes slack #sig-storage channel.

How to deploy NFS Subdir External Provisioner to your cluster

To note again, you must already have an NFS Server.

With Helm

Follow the instructions from the helm chart README.

The tl;dr is

$ helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
$ helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
    --set nfs.server=x.x.x.x \
    --set nfs.path=/exported/path

With Kustomize

Step 1: Get connection information for your NFS server

Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname and exported share path.

Step 2: Add the base resource

Create a kustomization.yaml file in a directory of your choice, and add the deploy directory as a base. This will use the kustomization file within that directory as our base.

namespace: nfs-provisioner
bases:
  - github.com/kubernetes-sigs/nfs-subdir-external-provisioner//deploy

Step 3: Create namespace resource

Create a file with your namespace resource. The name can be anything as it will get overwritten by the namespace in your kustomization file.

# namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: nfs-provisioner

Step 4: Configure deployment

To configure the deployment, you will need to patch it's container variables with the connection information for your NFS Server.

# patch_nfs_details.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nfs-client-provisioner
  name: nfs-client-provisioner
spec:
  template:
    spec:
      containers:
        - name: nfs-client-provisioner
          env:
            - name: NFS_SERVER
              value: <YOUR_NFS_SERVER_IP>
            - name: NFS_PATH
              value: <YOUR_NFS_SERVER_SHARE>
      volumes:
        - name: nfs-client-root
          nfs:
            server: <YOUR_NFS_SERVER_IP>
            path: <YOUR_NFS_SERVER_SHARE>

Replace occurrences of <YOUR_NFS_SERVER_IP> and <YOUR_NFS_SERVER_SHARE> with your connection information.

Step 5: Add resources and deploy

Add the namespace resource and patch you created in earlier steps.

namespace: nfs-provisioner
bases:
  - github.com/kubernetes-sigs/nfs-subdir-external-provisioner//deploy
resources:
  - namespace.yaml
patchesStrategicMerge:
  - patch_nfs_details.yaml

Deploy (run inside directory with your kustomization file):

kubectl apply -k .

Step 6: Finally, test your environment!

Now we'll test your NFS subdir external provisioner by creating a persistent volume claim and a pod that writes a test file to the volume. This will make sure that the provisioner is provisioning and that the NFS server is reachable and writable.

Deploy the test resources:

$ kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/test-claim.yaml -f https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/test-pod.yaml

Now check your NFS Server for the SUCCESS inside the PVC's directory.

Delete the test resources:

$ kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/test-claim.yaml -f https://raw.githubusercontent.com/kubernetes-sigs/nfs-subdir-external-provisioner/master/deploy/test-pod.yaml

Now check the PVC's directory has been deleted.

Step 7: Deploying your own PersistentVolumeClaims

To deploy your own PVC, make sure that you have the correct storageClassName (by default nfs-client). You can also patch the StorageClass resource to change it, like so:

# kustomization.yaml
namespace: nfs-provisioner
resources:
  - github.com/kubernetes-sigs/nfs-subdir-external-provisioner//deploy
  - namespace.yaml
patches:
- target:
    kind: StorageClass
    name: nfs-client
  patch: |-
    - op: replace
      path: /metadata/name
      value: <YOUR-STORAGECLASS-NAME>

Manually

Step 1: Get connection information for your NFS server

Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname.

Step 2: Get the NFS Subdir External Provisioner files

To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the kubectl / oc command.

Get all of the files in the deploy directory of this repository. These instructions assume that you have cloned the kubernetes-sigs/nfs-subdir-external-provisioner repository and have a bash-shell open in the root directory.

Step 3: Setup authorization

If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" edit deploy/rbac.yaml.

Kubernetes:

# Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed
$ NS=$(kubectl config get-contexts|grep -e "^\*" |awk '{print $5}')
$ NAMESPACE=${NS:-default}
$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml ./deploy/deployment.yaml
$ kubectl create -f deploy/rbac.yaml

OpenShift:

On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the OpenShift documentation for User and Role Management or contact your OpenShift provider to help you grant the right permissions to your admin user. On OpenShift the service account used to bind volumes does not have the necessary permissions required to use the hostmount-anyuid SCC. See also Role based access to SCC for more information. If these commands fail refer to the OpenShift documentation for User and Role Management or contact your OpenShift provider to help you grant the right permissions to your admin user.

# Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed
$ NAMESPACE=`oc project -q`
$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml ./deploy/deployment.yaml
$ oc create -f deploy/rbac.yaml
$ oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner

Step 4: Configure the NFS subdir external provisioner

If you would like to use a custom built nfs-subdir-external-provisioner image, you must edit the provisioner's deployment file to specify the correct location of your nfs-client-provisioner container image.

Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit deploy/deployment.yaml and replace the two occurences of with your server's hostname.

kind: Deployment
apiVersion: apps/v1
metadata:
  name: nfs-client-provisioner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nfs-client-provisioner
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: k8s-sigs.io/nfs-subdir-external-provisioner
            - name: NFS_SERVER
              value: <YOUR NFS SERVER HOSTNAME>
            - name: NFS_PATH
              value: /var/nfs
      volumes:
        - name: nfs-client-root
          nfs:
            server: <YOUR NFS SERVER HOSTNAME>
            path: /var/nfs

Note: If you want to change the PROVISIONER_NAME above from k8s-sigs.io/nfs-subdir-external-provisioner to something else like myorg/nfs-storage, remember to also change the PROVISIONER_NAME in the storage class definition below.

To disable leader election, define an env variable named ENABLE_LEADER_ELECTION and set its value to false.

Step 5: Deploying your storage class

Parameters:

Name Description Default
onDelete If it exists and has a delete value, delete the directory, if it exists and has a retain value, save the directory. will be archived with name on the share: archived-<volume.Name>
archiveOnDelete If it exists and has a false value, delete the directory. if onDelete exists, archiveOnDelete will be ignored. will be archived with name on the share: archived-<volume.Name>
pathPattern Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. To specify metadata use ${.PVC.<metadata>}. Example: If folder should be named like <pvc-namespace>-<pvc-name>, use ${.PVC.namespace}-${.PVC.name} as pathPattern. n/a

This is deploy/class.yaml which defines the NFS subdir external provisioner's Kubernetes Storage Class:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-client
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner # or choose another name, must match deployment's env PROVISIONER_NAME'
parameters:
  pathPattern: "${.PVC.namespace}/${.PVC.annotations.nfs.io/storage-path}" # waits for nfs.io/storage-path annotation, if not specified will accept as empty string.
  onDelete: delete

Step 6: Finally, test your environment!

Now we'll test your NFS subdir external provisioner.

Deploy:

$ kubectl create -f deploy/test-claim.yaml -f deploy/test-pod.yaml

Now check your NFS Server for the file SUCCESS.

kubectl delete -f deploy/test-pod.yaml -f deploy/test-claim.yaml

Now check the folder has been deleted.

Step 7: Deploying your own PersistentVolumeClaims

To deploy your own PVC, make sure that you have the correct storageClassName as indicated by your deploy/class.yaml file.

For example:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-claim
  annotations:
    nfs.io/storage-path: "test-path" # not required, depending on whether this annotation was shown in the storage class description
spec:
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Mi

Build and publish your own container image

To build your own custom container image from this repository, you will have to build and push the nfs-subdir-external-provisioner image using the following instructions.

make build
make container
# `nfs-subdir-external-provisioner:latest` will be created.
# Note: This will build a single-arch image that matches the machine on which container is built.
# To upload this to your custom registry, say `quay.io/myorg` and arch as amd64, you can use
# docker tag nfs-subdir-external-provisioner:latest quay.io/myorg/nfs-subdir-external-provisioner-amd64:latest
# docker push quay.io/myorg/nfs-subdir-external-provisioner-amd64:latest

Build and publish with GitHub Actions

In a forked repository you can use GitHub Actions pipeline defined in .github/workflows/release.yml. The pipeline builds Docker images for linux/amd64, linux/arm64, and linux/arm/v7 platforms and publishes them using a multi-arch manifest. The pipeline is triggered when you add a tag like gh-v{major}.{minor}.{patch} to your commit and push it to GitHub. The tag is used for generating Docker image tags: latest, {major}, {major}:{minor}, {major}:{minor}:{patch}.

The pipeline adds several labels:

  • org.opencontainers.image.title=${{ github.event.repository.name }}
  • org.opencontainers.image.description=${{ github.event.repository.description }}
  • org.opencontainers.image.url=${{ github.event.repository.html_url }}
  • org.opencontainers.image.source=${{ github.event.repository.clone_url }}
  • org.opencontainers.image.created=${{ steps.prep.outputs.created }}
  • org.opencontainers.image.revision=${{ github.sha }}
  • org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}

Important:

  • The pipeline performs the docker login command using REGISTRY_USERNAME and REGISTRY_TOKEN secrets, which have to be provided.
  • You also need to provide the DOCKER_IMAGE secret specifying your Docker image name, e.g., quay.io/[username]/nfs-subdir-external-provisioner.

NFS provisioner limitations/pitfalls

  • The provisioned storage is not guaranteed. You may allocate more than the NFS share's total size. The share may also not have enough storage space left to actually accommodate the request.
  • The provisioned storage limit is not enforced. The application can expand to use all the available storage regardless of the provisioned size.
  • Storage resize/expansion operations are not presently supported in any form. You will end up in an error state: Ignoring the PVC: didn't find a plugin capable of expanding the volume; waiting for an external controller to process this PVC.

More Repositories

1

kubespray

Deploy a Production Ready Kubernetes Cluster
Jinja
14,679
star
2

kind

Kubernetes IN Docker - local clusters for testing Kubernetes
Go
13,222
star
3

kustomize

Customization of kubernetes YAML configurations
Go
10,363
star
4

kubebuilder

Kubebuilder - SDK for building Kubernetes APIs using CRDs
Go
7,716
star
5

external-dns

Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
Go
6,672
star
6

krew

📦 Find and install kubectl plugins
Go
6,132
star
7

metrics-server

Scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
Go
4,761
star
8

aws-load-balancer-controller

A Kubernetes controller for Elastic Load Balancers
Go
3,921
star
9

descheduler

Descheduler for Kubernetes
Go
3,444
star
10

cluster-api

Home for Cluster API, a subproject of sig-cluster-lifecycle
Go
2,944
star
11

kui

A hybrid command-line/UI development experience for cloud-native development
TypeScript
2,746
star
12

kwok

Kubernetes WithOut Kubelet - Simulates thousands of Nodes and Clusters.
Go
2,304
star
13

controller-runtime

Repo for the controller-runtime subproject of kubebuilder (sig-apimachinery)
Go
2,240
star
14

aws-iam-authenticator

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
Go
2,008
star
15

prometheus-adapter

An implementation of the custom.metrics.k8s.io API using Prometheus
Go
1,662
star
16

gateway-api

Repository for the next iteration of composite service (e.g. Ingress) and load balancing APIs.
Go
1,582
star
17

cri-tools

CLI and validation tools for Kubelet Container Runtime Interface (CRI) .
Go
1,333
star
18

secrets-store-csi-driver

Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
Go
1,177
star
19

kueue

Kubernetes-native Job Queueing
Go
1,144
star
20

scheduler-plugins

Repository for out-of-tree scheduler plugins based on scheduler framework.
Go
1,015
star
21

sig-storage-local-static-provisioner

Static provisioner of local volumes
Go
1,009
star
22

aws-ebs-csi-driver

CSI driver for Amazon EBS https://aws.amazon.com/ebs/
Go
923
star
23

apiserver-builder-alpha

apiserver-builder-alpha implements libraries and tools to quickly and easily build Kubernetes apiservers/controllers to support custom resource types based on APIServer Aggregation
Go
787
star
24

etcdadm

Go
758
star
25

kube-scheduler-simulator

The simulator for the Kubernetes scheduler
Go
715
star
26

aws-efs-csi-driver

CSI Driver for Amazon EFS https://aws.amazon.com/efs/
Go
683
star
27

controller-tools

Tools to use with the controller-runtime libraries
Go
682
star
28

security-profiles-operator

The Kubernetes Security Profiles Operator
C
649
star
29

krew-index

Plugin index for https://github.com/kubernetes-sigs/krew. This repo is for plugin maintainers.
628
star
30

cluster-api-provider-aws

Kubernetes Cluster API Provider AWS provides consistent deployment and day 2 operations of "self-managed" and EKS Kubernetes clusters on AWS.
Go
618
star
31

node-feature-discovery

Node feature discovery for Kubernetes
Go
595
star
32

hierarchical-namespaces

Home of the Hierarchical Namespace Controller (HNC). Adds hierarchical policies and delegated creation to Kubernetes namespaces for improved in-cluster multitenancy.
Go
583
star
33

cluster-proportional-autoscaler

Kubernetes Cluster Proportional Autoscaler Container
Go
519
star
34

sig-storage-lib-external-provisioner

Go
515
star
35

alibaba-cloud-csi-driver

CSI Plugin for Kubernetes, Support Alibaba Cloud EBS/NAS/OSS/CPFS
Go
511
star
36

application

Application metadata descriptor CRD
Go
488
star
37

custom-metrics-apiserver

Framework for implementing custom metrics support for Kubernetes
Go
457
star
38

e2e-framework

A Go framework for end-to-end testing of components running in Kubernetes clusters.
Go
439
star
39

nfs-ganesha-server-and-external-provisioner

NFS Ganesha Server and Volume Provisioner.
Shell
399
star
40

cluster-capacity

Cluster capacity analysis
Go
390
star
41

karpenter

Karpenter is a Kubernetes Node Autoscaler built for flexibility, performance, and simplicity.
Go
356
star
42

cluster-api-provider-vsphere

Go
349
star
43

apiserver-network-proxy

Go
349
star
44

image-builder

Tools for building Kubernetes disk images
Shell
344
star
45

kubetest2

Kubetest2 is the framework for launching and running end-to-end tests on Kubernetes.
Go
323
star
46

ingress2gateway

Convert Ingress resources to Gateway API resources
Go
301
star
47

bom

A utility to generate SPDX-compliant Bill of Materials manifests
Go
300
star
48

cluster-api-provider-nested

Cluster API Provider for Nested Clusters
Go
294
star
49

vsphere-csi-driver

vSphere storage Container Storage Interface (CSI) plugin
Go
289
star
50

cluster-api-provider-azure

Cluster API implementation for Microsoft Azure
Go
283
star
51

blixt

Layer 4 Kubernetes load-balancer
Rust
268
star
52

cluster-api-provider-openstack

Go
266
star
53

kubebuilder-declarative-pattern

A toolkit for building declarative operators with kubebuilder
Go
248
star
54

kpng

Reworking kube-proxy's architecture
Go
240
star
55

cloud-provider-azure

Cloud provider for Azure
Go
222
star
56

aws-encryption-provider

APIServer encryption provider, backed by AWS KMS
Go
192
star
57

mcs-api

This repository hosts the Multi-Cluster Service APIs. Providers can import packages in this repo to ensure their multi-cluster service controller implementations will be compatible with MCS data planes.
Go
187
star
58

ip-masq-agent

Manage IP masquerade on nodes
Go
180
star
59

zeitgeist

Zeitgeist: the language-agnostic dependency checker
Go
171
star
60

contributor-playground

Dockerfile
171
star
61

cluster-api-provider-gcp

The GCP provider implementation for Cluster API
Go
168
star
62

cluster-addons

Addon operators for Kubernetes clusters.
Go
156
star
63

azurefile-csi-driver

Azure File CSI Driver
Go
155
star
64

gcp-compute-persistent-disk-csi-driver

The Google Compute Engine Persistent Disk (GCE PD) Container Storage Interface (CSI) Storage Plugin.
Go
151
star
65

cli-utils

This repo contains binaries that built from libraries in cli-runtime.
Go
147
star
66

azuredisk-csi-driver

Azure Disk CSI Driver
Go
145
star
67

promo-tools

Container and file artifact promotion tooling for the Kubernetes project
Go
138
star
68

cluster-api-operator

Home for Cluster API Operator, a subproject of sig-cluster-lifecycle
Go
134
star
69

kube-storage-version-migrator

Go
125
star
70

lws

LeaderWorkerSet: An API for deploying a group of pods as a unit of replication
Go
124
star
71

blob-csi-driver

Azure Blob Storage CSI driver
Go
123
star
72

aws-fsx-csi-driver

CSI Driver of Amazon FSx for Lustre https://aws.amazon.com/fsx/lustre/
Go
118
star
73

usage-metrics-collector

High fidelity and scalable capacity and usage metrics for Kubernetes clusters
Go
117
star
74

boskos

Boskos is a resource management service that provides reservation and lifecycle management of a variety of different kinds of resources.
Go
117
star
75

sig-windows-tools

Repository for tools and artifacts related to the sig-windows charter in Kubernetes. Scripts to assist kubeadm and wincat and flannel will be hosted here.
PowerShell
117
star
76

downloadkubernetes

Download kubernetes binaries more easily
Go
115
star
77

cluster-api-provider-digitalocean

The DigitalOcean provider implementation of the Cluster Management API
Go
108
star
78

cluster-api-provider-kubevirt

Cluster API Provider for KubeVirt
Go
103
star
79

kubectl-validate

Go
103
star
80

jobset

JobSet: An API for managing a group of Jobs as a unit
Go
97
star
81

cluster-api-provider-packet

Cluster API Provider Packet (now Equinix Metal)
Go
94
star
82

structured-merge-diff

Test cases and implementation for "server-side apply"
Go
92
star
83

slack-infra

Tooling for kubernetes.slack.com
Go
90
star
84

cluster-api-addon-provider-helm

Cluster API Add-on Provider for Helm is a extends the functionality of Cluster API by providing a solution for managing the installation, configuration, upgrade, and deletion of Cluster add-ons using Helm charts.
Go
85
star
85

dashboard-metrics-scraper

Container to scrape, store, and retrieve a window of time from the Metrics Server.
Go
84
star
86

apiserver-runtime

Libraries for implementing aggregated apiservers
Go
83
star
87

kube-scheduler-wasm-extension

All the things to make the scheduler extendable with wasm.
Go
83
star
88

container-object-storage-interface-controller

Container Object Storage Interface (COSI) controller responsible to manage lifecycle of COSI objects.
Go
83
star
89

cli-experimental

Experimental Kubectl libraries and commands.
Go
82
star
90

gcp-filestore-csi-driver

The Google Cloud Filestore Container Storage Interface (CSI) Plugin.
Go
82
star
91

lwkd

Last Week in Kubernetes Development
HTML
78
star
92

sig-windows-dev-tools

This is a batteries included local development environment for Kubernetes on Windows.
PowerShell
77
star
93

cloud-provider-kind

Cloud provider for KIND clusters
Go
75
star
94

kernel-module-management

The kernel module management operator builds, signs and loads kernel modules in Kubernetes clusters.
Go
75
star
95

cloud-provider-equinix-metal

Kubernetes Cloud Provider for Equinix Metal (formerly Packet Cloud Controller Manager)
Go
71
star
96

reference-docs

Tools to build reference documentation for Kubernetes APIs and CLIs.
HTML
69
star
97

hydrophone

Hydrophone is a lightweight Kubernetes conformance tests runner
Go
63
star
98

community-images

kubectl plugin that displays images running in a Kubernetes cluster that were pulled from community owned repositories and warn the user to switch repositories if needed
Go
61
star
99

wg-policy-prototypes

A place for policy work group related proposals and prototypes.
Go
60
star
100

cluster-api-ipam-provider-in-cluster

An IPAM provider for Cluster API that manages pools of IP addresses using Kubernetes resources.
Go
59
star