apiVersion: v1 kind: Namespace metadata: name: storage labels: app: storage --- apiVersion: v1 kind: PersistentVolume metadata: name: local-pv namespace: storage spec: capacity: storage: 400Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: local-storage local: path: "/mnt/data/" nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: hdd # only one node will have a drive attached to it! operator: In values: - enabled --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: local-claim namespace: storage spec: accessModes: - ReadWriteOnce storageClassName: local-storage resources: requests: storage: 400Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: nfs-server namespace: storage labels: app: nfs-server spec: replicas: 1 selector: matchLabels: app: nfs-server template: metadata: labels: app: nfs-server name: nfs-server spec: containers: - name: nfs-server image: itsthenetwork/nfs-server-alpine:11-arm env: - name: SHARED_DIRECTORY value: /exports - name: PERMITTED value: 10.42.*.* # ,192.168.1.112 ports: - name: nfs containerPort: 2049 - name: mountd containerPort: 20048 - name: rpcbind containerPort: 111 securityContext: privileged: true volumeMounts: - mountPath: /exports name: mypvc volumes: - name: mypvc persistentVolumeClaim: claimName: local-claim nodeSelector: hdd: enabled --- kind: Service apiVersion: v1 metadata: name: nfs-server namespace: storage spec: type: LoadBalancer loadBalancerSourceRanges: - 192.168.1.112/31 #restricted to archspectres ip only! - 192.168.1.134/31 # and amd node - 192.168.1.150/24 # and more ports: - name: nfs port: 2049 - name: mountd port: 20048 - name: rpcbind port: 111 selector: app: nfs-server