nfs部署StorageClass

--- # 创建服务账号 kind: ServiceAccount apiVersion: v1 metadata: # 服务账号名 name: nfs-client-provisioner # 替换为deployment的命名空间 namespace: kube-system --- # 创建集群角色 kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: # 集群角色名 name: nfs-client-provisioner-runner # 添加集群角色权限 rules: - apiGroups: [""] # 向该角色增加对PV执行查看,创建,删除 权限 resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] # 向该角色增加对PVC执行查看,更新 权限 resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] # 向该角色增加对动态存储类执行查看 权限 resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] # 向该角色增加对events(集群事件)进行 创建 更新 补丁 权限 resources: ["events"] verbs: ["create", "update", "patch"] --- # 创建集群角色绑定 kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: # 角色绑定的名称 name: run-nfs-client-provisioner subjects: # 绑定服务账号 - kind: ServiceAccount # 要绑定的服务账号名--就是第一个yaml创建的sa name: nfs-client-provisioner # 绑定到哪个命名空间 namespace: kube-system roleRef: kind: ClusterRole # 要绑定的集群角色名--就是第2个yaml创建的集群角色 name: nfs-client-provisioner-runner apiGroup: rbac.authorization.k8s.io --- # 创建role kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: # 创建的角色名 name: leader-locking-nfs-client-provisioner rules: - apiGroups: [""] # 向该角色增加对endpoint 查看 创建 更新 补丁 的权限 resources: ["endpoints"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- # 创建role绑定 kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: # 该角色绑定的名字 name: leader-locking-nfs-client-provisioner subjects: - kind: ServiceAccount # 要绑定的服务账号名--就是第一个yaml创建的服务账号 name: nfs-client-provisioner # 替换为deployment要部署到的命名空间 # 绑定到kube-system命名空间 namespace: kube-system roleRef: kind: Role # 要绑定的角色名称,就是上一个yaml创建的role name: leader-locking-nfs-client-provisioner apiGroup: rbac.authorization.k8s.io