K8s资源第五篇(volume存储卷)

橙三吉。 提交于 2019-12-22 10:55:27

Kubernetes Volume

 Kubernetes提供的存储卷属于Pod资源级别,共享于Pod内的所有容器,可用于再容器的文件系统之外存储应用存储的相关数据,也可以独立Pod生命周期之外实现数据的持久化。

K8s的volume类型
  • emptyDir:翻译过来是空目录,相当于是临时存储卷,容器挂了,目录也就挂了,数据不能做到持久化。
  • hostPath:把Pod做运行在的宿主机的目录与该Pod建立关系,数据不会因为Pod挂了而丢失,但是如果节点宕机的话,数据就会丢失。
  • gitRepo:将git仓库挂载到容器内,但是如果git仓库的内容发生改变,容器内的数据不会跟着改变。只是挂载git仓库某一时刻的数据。
  • nfs:挂载nfs的目录到容器里,这样即使节点和容器都宕机,数据也能够得到保存。
  • configmap:用来将环境变量,配置信息注入到Pod中。
  • secret:和configmap类型,但是在secret中的数据是以base64加密过的,用来存放敏感数据(证书密钥文件,数据库密码等)。
emptyDir(临时存储卷):

 emptydir是Pod生命周期的一个临时目录,生命周期跟随Pod的生命周期,也就是说如果Pod死了,emptyDir也就死了。

#定义一个临时存储卷。
[root@k8smaster data]# vim pod-vol-demo.yaml
apiVersion: v1
kind: Pod
metadata:
  name: pod-demo
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    magedu.com/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    - name: https
      containerPort: 443
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html/
  - name: busybox
    image: busybox:latest
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: html
      mountPath: /data/
    command: ['/bin/sh']
    args: ["-c","while true; do echo $(date) >> /data/index.html; sleep 2; done"]
  volumes:
  - name: html
    emptyDir: {}
[root@k8smaster data]# kubectl apply -f pod-vol-demo.yaml 
pod/pod-demo created
[root@k8smaster data]# kubectl get pods -o wide
NAME                                READY   STATUS    RESTARTS   AGE   IP             NODE       NOMINATED NODE   READINESS GATES
myapp-deployment-558f94fb55-plk4v   1/1     Running   2          47d   10.244.2.99    k8snode2   <none>           <none>
myapp-deployment-558f94fb55-rd8f5   1/1     Running   2          47d   10.244.2.98    k8snode2   <none>           <none>
myapp-deployment-558f94fb55-zzmpg   1/1     Running   2          47d   10.244.1.107   k8snode1   <none>           <none>
nginx-deployment-6f77f65499-8g24d   1/1     Running   2          46d   10.244.1.108   k8snode1   <none>           <none>
pod-demo                            2/2     Running   0          13s   10.244.2.102   k8snode2   <none>           <none>
[root@k8smaster data]# curl 10.244.2.102
Tue Dec 17 09:24:58 UTC 2019
Tue Dec 17 09:25:00 UTC 2019
Tue Dec 17 09:25:02 UTC 2019
Tue Dec 17 09:25:04 UTC 2019
Tue Dec 17 09:25:06 UTC 2019
Tue Dec 17 09:25:08 UTC 2019
Tue Dec 17 09:25:10 UTC 2019
Tue Dec 17 09:25:12 UTC 2019
Tue Dec 17 09:25:14 UTC 2019
Tue Dec 17 09:25:16 UTC 2019
Tue Dec 17 09:25:18 UTC 2019
Tue Dec 17 09:25:20 UTC 2019
hostPath(节点存储卷):

 hostPath类型的存储卷是指将工作节点上的某文件系统的目录或文件挂载于Pod中,它可以独立于Pod的生命周期,如果Pod要是挂了,数据会得到保留。

k8smaster:
#定义一个hostPath
[root@k8smaster data]# vim pod-hostpath-vol.yaml
apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-hostpath
  namespace: default
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html
  volumes:
  - name: html
    hostPath:
      path: /data/pod/volume1
      type: DirectoryOrCreate
type:
  • DirectoryOrCreate:挂载的目标是宿主机的一个目录,如果宿主机上不存在这个目录,则自动创建一个。。
  • DirectoryOrCreate:挂载的目标是宿主机的一个目录,如果宿主机上不存在这个目录,则会报错。
  • FileOrCreate:挂载的目标是宿主机的一个文件,如果宿主机上不存在这个文件,则自动创建一个。
  • File:挂载的目标是宿主机的一个文件,如果宿主机上不存在这个文件,则会报错
  • 挂载的类型是一个Socket文件。
  • CharDevice:挂载类型是一个字符设备文件。
  • BlockDevice:挂载的类型是一个块设备文件。
k8snode1:
[root@k8snode1 ~]# mkdir /data/pod/volume1 -p
[root@k8snode1 ~]# vim /data/pod/volume1/index.html
添加:
test page -- 1
k8snode2:
[root@k8snode2 ~]# mkdir /data/pod/volume1 -p
[root@k8snode2 ~]# vim /data/pod/volume1/index.html
添加:
test page -- 2
k8smaster:
[root@k8smaster data]# kubectl apply -f pod-hostpath-vol.yaml 
pod/pod-vol-hostpath created
[root@k8smaster data]# kubectl get pods -o wide
NAME                                READY   STATUS    RESTARTS   AGE   IP             NODE       NOMINATED NODE   READINESS GATES
myapp-deployment-558f94fb55-plk4v   1/1     Running   2          47d   10.244.2.99    k8snode2   <none>           <none>
myapp-deployment-558f94fb55-rd8f5   1/1     Running   2          47d   10.244.2.98    k8snode2   <none>           <none>
myapp-deployment-558f94fb55-zzmpg   1/1     Running   2          47d   10.244.1.107   k8snode1   <none>           <none>
nginx-deployment-6f77f65499-8g24d   1/1     Running   2          46d   10.244.1.108   k8snode1   <none>           <none>
pod-vol-hostpath                    1/1     Running   0          18s   10.244.1.113   k8snode1   <none>           <none>
[root@k8smaster data]# curl 10.244.1.113
test page -- 1
网络存储器:

 Kubernetes之处众多类型的网络存储卷,包括传统的NAS或SAN设备(NFS,ISCSI…),分布式存储(RDB,GlusterFS),云端存储等。

NFS存储卷:
Host 网络信息
NFS ens33:192.168.43.104
NFS:
[root@localhost ~]# yum -y install nfs-utils
[root@localhost ~]# mkdir /data/nfs/volumes -pv
mkdir: 已创建目录 "/data"
mkdir: 已创建目录 "/data/nfs"
mkdir: 已创建目录 "/data/nfs/volumes"
[root@localhost ~]# vim /etc/exports
/data/nfs/volumes 192.168.43.0/24(rw,no_root_squash)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# netstat -anput | grep 2049
tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::2049                 :::*                    LISTEN      -                   
udp        0      0 0.0.0.0:2049            0.0.0.0:*                           -                   
udp6       0      0 :::2049                 :::*                                -

[root@localhost ~]# vim /etc/hosts
192.168.43.45 k8smaster
192.168.43.136 k8snode1
192.168.43.176 k8snode2
192.168.43.104 k8snfs
K8snode1:
[root@k8snode1 ~]# yum -y install nfs-utils
[root@k8snode1 ~]# vim /etc/hosts
添加:
192.168.43.104 k8snfs
K8snode2:
[root@k8snode2 ~]# yum -y install nfs-utils
[root@k8snode2 ~]# vim /etc/hosts
添加:
192.168.43.104 k8snfs
K8smaster:
[root@k8smaster data]# cp pod-hostpath-vol.yaml  pod-nfs-vol.yaml
[root@k8smaster data]# vim pod-nfs-vol.yaml
apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-nfs
  namespace: default
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html
  volumes:
  - name: html
    nfs:
      path: /data/nfs/volumes
      server: k8snfs

[root@k8smaster data]# vim /etc/hosts
添加:
192.168.43.104 k8snfs
[root@k8smaster data]# kubectl apply -f pod-nfs-vol.yaml 
pod/pod-vol-nfs created
NFS:
[root@localhost ~]# echo "test -- page -- nfs" >> /data/nfs/volumes/index.html
K8smaster:
[root@k8smaster data]# kubectl get pods -o wide
NAME                                READY   STATUS    RESTARTS   AGE   IP             NODE       NOMINATED NODE   READINESS GATES
myapp-deployment-558f94fb55-plk4v   1/1     Running   3          47d   10.244.2.104   k8snode2   <none>           <none>
myapp-deployment-558f94fb55-rd8f5   1/1     Running   3          47d   10.244.2.103   k8snode2   <none>           <none>
myapp-deployment-558f94fb55-zzmpg   1/1     Running   3          47d   10.244.1.116   k8snode1   <none>           <none>
nginx-deployment-6f77f65499-8g24d   1/1     Running   3          47d   10.244.1.114   k8snode1   <none>           <none>
pod-vol-hostpath                    1/1     Running   1          22h   10.244.1.115   k8snode1   <none>           <none>
pod-vol-nfs                         1/1     Running   0          16s   10.244.2.106   k8snode2   <none>           <none>
[root@k8smaster data]# curl 10.244.2.106
test -- page -- nfs
[root@k8smaster data]# kubectl delete -f pod-nfs-vol.yaml 
pod "pod-vol-nfs" deleted
持久存储卷:
PV:

 PersistentVolume是由集群管理员配置提供的某存储系统上的一段存储空间,是对底层共享存储的抽象,将共享存储作为一种可由用户申请使用的资源。

PVC:

 PersistentVolumeClaim(简称PVC)用来提出使用申请来完成绑定,它向PV申请特点大小的空间以及访问模式,来创建出PVC存储卷,再由Pod资源通过PVC存储卷关联使用。

一个简单的逻辑图:

Access Modes:
  • ReadWriteOnce(RWO):可读单节点挂载。
  • ReadOnlyMany(ROX):只读多节点挂载。
  • ReadWriteMany(RWX):可读写多节点挂载。
RECLAIN POLICY:
  • Retain:当PV被删除了,数据会得到保留。
  • Recycl:当PV被删除了,数据会被回收。
  • Delete:当PV被删除了,数据也就丢弃了。
NFS:
[root@localhost ~]# cd /data/nfs/volumes/
[root@localhost volumes]# mkdir v{1..5}
[root@localhost volumes]# ls
index.html  v1  v2  v3  v4  v5
[root@localhost volumes]# vim /etc/exports
添加:
/data/nfs/volumes/v1 192.168.43.0/24(rw,no_root_squash)
/data/nfs/volumes/v2 192.168.43.0/24(rw,no_root_squash)
/data/nfs/volumes/v3 192.168.43.0/24(rw,no_root_squash)
/data/nfs/volumes/v4 192.168.43.0/24(rw,no_root_squash)
/data/nfs/volumes/v5 192.168.43.0/24(rw,no_root_squash)
[root@localhost volumes]# exportfs -arv
exporting 192.168.43.0/24:/data/nfs/volumes/v5
exporting 192.168.43.0/24:/data/nfs/volumes/v4
exporting 192.168.43.0/24:/data/nfs/volumes/v3
exporting 192.168.43.0/24:/data/nfs/volumes/v2
exporting 192.168.43.0/24:/data/nfs/volumes/v1
[root@localhost volumes]# showmount -e
Export list for k8snfs:
/data/nfs/volumes/v5 192.168.43.0/24
/data/nfs/volumes/v4 192.168.43.0/24
/data/nfs/volumes/v3 192.168.43.0/24
/data/nfs/volumes/v2 192.168.43.0/24
/data/nfs/volumes/v1 192.168.43.0/24
K8smaster:
[root@k8smaster data]# vim pv-demo.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv001
  labels:
    name: pv001
spec:
  nfs:
    path: /data/nfs/volumes/v1
    server: k8snfs
  accessModes: ["ReadWriteMany","ReadWriteOnce"]
  capacity:
    storage: 2Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv002
  labels:
    name: pv002
spec:
  nfs:
    path: /data/nfs/volumes/v2
    server: k8snfs
  accessModes: ["ReadWriteOnce"]
  capacity:
    storage: 2Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv003
  labels:
    name: pv003
spec:
  nfs:
    path: /data/nfs/volumes/v3
    server: k8snfs
  accessModes: ["ReadWriteMany","ReadWriteOnce"]
  capacity:
    storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv004
  labels:
    name: pv004
spec:
  nfs:
    path: /data/nfs/volumes/v4
    server: k8snfs
  accessModes: ["ReadWriteMany","ReadWriteOnce"]
  capacity:
    storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv005
  labels:
    name: pv005
spec:
  nfs:
    path: /data/nfs/volumes/v5
    server: k8snfs
  accessModes: ["ReadWriteMany","ReadWriteOnce"]
  capacity:
    storage: 1Gi
[root@k8smaster data]# kubectl apply -f pv-demo.yaml 
persistentvolume/pv001 created
persistentvolume/pv002 created
persistentvolume/pv003 created
persistentvolume/pv004 created
persistentvolume/pv005 created
[root@k8smaster data]# kubectl get pv
NAME    CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
pv001   2Gi        RWO,RWX        Retain           Available                                   7s
pv002   2Gi        RWO            Retain           Available                                   7s
pv003   1Gi        RWO,RWX        Retain           Available                                   7s
pv004   1Gi        RWO,RWX        Retain           Available                                   7s
pv005   1Gi        RWO,RWX        Retain           Available                                   7s

[root@k8smaster data]# vim pod-vol-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc1
  namespace: default
spec:
  accessModes: ["ReadWriteMany"]
  resources:
    requests:
      storage: 2Gi
---
apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-pvc
  namespace: default
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html
  volumes:
  - name: html
    persistentVolumeClaim:
      claimName: pvc1

[root@k8smaster data]# kubectl apply -f pod-pvc-vol.yaml 
persistentvolumeclaim/pvc1 created
pod/pod-vol-pcv created
[root@k8smaster data]# kubectl get pv
NAME    CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM          STORAGECLASS   REASON   AGE
pv001   2Gi        RWO,RWX        Retain           Bound       default/pvc1                           15m
pv002   2Gi        RWO            Retain           Available                                          15m
pv003   1Gi        RWO,RWX        Retain           Available                                          15m
pv004   1Gi        RWO,RWX        Retain           Available                                          15m
pv005   1Gi        RWO,RWX        Retain           Available                                          15m
[root@k8smaster data]# kubectl get pvc
NAME   STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
pvc1   Bound    pv001    2Gi        RWO,RWX                       9s
[root@k8smaster data]# kubectl get pods
NAME                                READY   STATUS    RESTARTS   AGE
myapp-deployment-558f94fb55-plk4v   1/1     Running   3          48d
myapp-deployment-558f94fb55-rd8f5   1/1     Running   3          48d
myapp-deployment-558f94fb55-zzmpg   1/1     Running   3          48d
nginx-deployment-6f77f65499-8g24d   1/1     Running   3          47d
pod-vol-hostpath                    1/1     Running   1          24h
pod-vol-nfs                         1/1     Running   0          6m1s
pod-vol-pvc                         1/1     Running   0          32s
Configmap:

 configMap可以让配置信息与镜像文件解耦,镜像可以作为骨架,配置信息注入到Pod中的容器中使用,实现容器的应用化,使得配置起来比较方便,生效速度快。

配置容器化应用的方式:
  • 自定义命令行参数(command,args,shell… …)。
  • 把配置文件直接写进镜像。
  • 环境变量。
  • 存储卷。

[root@k8smaster data]# mkdir configmap
[root@k8smaster data]# cd configmap/
[root@k8smaster configmap]# vim www.conf
添加:
server {
        server_name myapp.k8s.com;
        listen 80;
        root /data/web/html/;
}
root@k8smaster configmap]# kubectl create configmap nginx-www --from-file=./www.conf
configmap/nginx.www created
[root@k8smaster configmap]# kubectl get cm
NAME        DATA   AGE
nginx-www   1      7s
[root@k8smaster configmap]# kubectl get cm nginx-www -o yaml
apiVersion: v1
data:
  www.conf: |
    server {
            server_name myapp.k8s.com;
            listen 80;
            root /data/web/html/;
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2019-12-20T06:54:44Z"
  name: nginx-www
  namespace: default
  resourceVersion: "154434"
  selfLink: /api/v1/namespaces/default/configmaps/nginx-www
  uid: b91268e8-8b29-4f54-987a-bc9c33ca88dc
[root@k8smaster configmap]# kubectl describe cm nginx-www
Name:         nginx-www
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
www.conf:
----
server {
        server_name myapp.k8s.com;
        listen 80;
        root /data/web/html/;
}

Events:  <none>
[root@k8smaster configmap]# vim pod-cm-demo.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-cm
  namespace: default
  labels:
    apps: myapp
    tier: frontend
  annotations:
    k8s.com/create-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    volumeMounts:
    - name: nginx-config
      mountPath: /etc/nginx/conf.d/
      readOnly: true
  volumes:
  - name: nginx-config
    configMap:
      name: nginx-www
[root@k8smaster configmap]# kubectl apply -f pod-cm-demo.yaml 
pod/pod-cm created
[root@k8smaster ~]# kubectl get pods
NAME     READY   STATUS    RESTARTS   AGE
pod-cm   1/1     Running   0          91m
[root@k8smaster configmap]# kubectl exec -it  pod-cm -- /bin/sh
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls
www.conf
/etc/nginx/conf.d # cat www.conf 
server {
        server_name myapp.k8s.com;
        listen 80;
        root /data/web/html/;
}
/etc/nginx/conf.d # nginx -T
... ...
... ...
# configuration file /etc/nginx/conf.d/www.conf:
server {
        server_name myapp.k8s.com;
        listen 80;
        root /data/web/html/;
}
/etc/nginx/conf.d # echo test -- page >>  /data/web/html/index.html

[root@k8smaster ~]# kubectl get pods -o wide
NAME     READY   STATUS    RESTARTS   AGE    IP             NODE       NOMINATED NODE   READINESS GATES
pod-cm   1/1     Running   0          118m   10.244.1.125   k8snode1   <none>           <none>
[root@k8smaster ~]# vim /etc/hosts
添加:
10.244.1.125 myapp.k8s.com
[root@k8smaster ~]# curl myapp.k8s.com
test -- page
[root@k8smaster ~]# kubectl edit cm nginx-www
修改:
listen 8080;

/etc/nginx/conf.d # cat www.conf 
server {
        server_name myapp.k8s.com;
        listen 8080;
        root /data/web/html/;
}
/etc/nginx/conf.d # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      
/etc/nginx/conf.d # nginx -s reload
2019/12/20 13:01:07 [notice] 24#24: signal process started
/etc/nginx/conf.d # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      

[root@k8smaster ~]# curl myapp.k8s.com:8080
test -- page
Secret:

 secret与configMap类似,只不过secret用于存储敏感信息,在secret中的data是以base64加密过的。并且也支持两种使用方式,这里只介绍存储卷方式使用secret。

secret有三种类型:
  • Service Account:用来访问Kubernetes API,由Kubernetes自动创建,并且会自动挂载到Pod的/run/secrets/kubernetes.io/serviceaccount目录中。
  • Opaque:base64编码格式的secret,用来存储密码、密匙等。
  • kubernetes. io/dockerconfigjson:用来存储私有docker registry的认证信息。

[root@k8smaster configmap]# kubectl create secret generic mysql-root-password --from-literal=password=MyP@ss123
secret/mysql-root-password created
[root@k8smaster configmap]# kubectl get secret 
NAME                  TYPE                                  DATA   AGE
default-token-kk2fq   kubernetes.io/service-account-token   3      53d
mysql-root-password   Opaque                                1      10s
[root@k8smaster configmap]# kubectl describe secret mysql-root-password
Name:         mysql-root-password
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password:  9 bytes

#解码
[root@k8smaster configmap]# kubectl get secret mysql-root-password -o yaml
apiVersion: v1
data:
  password: TXlQQHNzMTIz
kind: Secret
metadata:
  creationTimestamp: "2019-12-20T13:12:18Z"
  name: mysql-root-password
  namespace: default
  resourceVersion: "180658"
  selfLink: /api/v1/namespaces/default/secrets/mysql-root-password
  uid: d5130e29-9989-47e7-8236-32c9cbdc98d9
type: Opaque
[root@k8smaster configmap]# echo TXlQQHNzMTIz | base64 -d
MyP@ss123[root@k8smaster configmap]# 

[root@k8smaster configmap]# vim pod-se-demo.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-se
  namespace: default
  labels:
    apps: myapp
    tier: frontend
  annotations:
    k8s.com/create-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    env:
    - name: MYSQL_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          name: mysql-root-password
          key: password
[root@k8smaster configmap]# kubectl apply -f pod-se-demo.yaml 
pod/pod-se created
[root@k8smaster configmap]# kubectl get pods
NAME     READY   STATUS    RESTARTS   AGE
pod-cm   1/1     Running   0          144m
pod-se   1/1     Running   0          21s
[root@k8smaster configmap]# kubectl exec  pod-se  -- printenv | grep MYSQL_ROOT_PASSWORD
MYSQL_ROOT_PASSWORD=MyP@ss123
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!