kubesphere

安装：https://www.kubesphere.io/zh/docs/v3.4/installing-on-kubernetes/

安装后问题：
使用本地nfs作为默认存储，创建sa绑定cluster-admin后部分监控组件pending,经排查后，查看nfspod日志，发现该sa没有endpoint权限，删除sa重新创建clusterrole绑定

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole    # 创建集群角色
metadata:
   name: nfs-client-provisioner-runner
# 角色权限
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["get"]
  - apiGroups: ["extensions"]
    resources: ["podsecuritypolicies"]
    resourceNames: ["nfs-provisioner"]
    verbs: ["use"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

创建后绑定：

kubectl create clusterrolebinding nfs-provisioner --clusterrole=nfs-client-provisioner-runner  --serviceaccount=default:nfs-provisioner
1

然后服务正常

https://www.cnblogs.com/wangzy-Zj/p/16140698.html

KubeSphere 集群配置 NFS 存储解决方案
https://blog.51cto.com/u_15533008/5782807
让这个 NFS 作为默认的 Provisioner, 那么就添加如下的 annotation：

annotations:
  "storageclass.kubernetes.io/is-default-class": "true"
1
2

或者需要添加 / 设置注解 ​​storageclass.kubernetes.io/is-default-class=true​​。

$ kubectl patch storageclass <your-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

# 检查集群中是否已存在 default Storage Class
$ kubectl get sc
NAME                         PROVISIONER                   AGE
glusterfs (default)         kubernetes.io/glusterfs        3d4h
-----------------------------------
1
2
3
4
5
6
7