zoukankan      html  css  js  c++  java

  • 8、kubernetes之存储卷资源

    一、存储卷的类型

    • emptyDir:在宿主机上分一块内存空间给pod当做存储空间
    • hostPath:在宿主机上分一块磁盘空间给pod当做存储空间
    • 网络存储:
      • SAN:iSCSI,FC
      • NAS:nfs,cifs
      • 分布式存储:glusterfs,rbd,cephfs,...
      • 云存储:EBS,Azure,Disk
    # kubectl explain  pods.spec.volumes  #查看k8s支持的存储

    二、emptyDir

    apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-demo
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    dongfei.tech/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    volumeMounts:
    - name: htmlvomumes
      mountPath: /data/web/html2/
  volumes:
    - name: htmlvomumes
      emptyDir: 
        medium: ""  #使用宿主机内存当做磁盘挂载
        sizeLimit: "1024"  #限制使用的内存

    三、hostPath

    apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-hostpath
  namespace: default
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: html
    hostPath:
      path: /data/pod/volume1  #node节点路径
      type: DirectoryOrCreate  #文件夹不存在则创建

    四、nfs

    • 搭建/测试nfs-server
    # yum install nfs-utils -y
# mkdir /data/volumes/
# vim /etc/exports
/data/volumes   192.168.100.0/24(rw,no_root_squash)
# systemctl start nfs
# systemctl enable nfs

# mount -t nfs 192.168.100.1:/data/volumes /mnt/

    apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-nfs
  namespace: default
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: html
    nfs:
      path: /data/volumes
      server: 192.168.100.1

    五、pv和pvc

    # kubectl explain pv
# kubectl explain pvc
# kubectl get pv
# kubectl get pvc

    1、提前准备PV的方式

    • 准备存储空间
    # mkdir -p /data/volumes/v{1,2,3,4,5}
# vim /etc/exports
/data/volumes/v1        192.168.100.0/24(rw,no_root_squash)
/data/volumes/v2        192.168.100.0/24(rw,no_root_squash)
/data/volumes/v3        192.168.100.0/24(rw,no_root_squash)
/data/volumes/v4        192.168.100.0/24(rw,no_root_squash)
/data/volumes/v5        192.168.100.0/24(rw,no_root_squash)
# exportfs -arv
# showmount -e
    • 创建pv

    访问模型(accessModes <[]string>):https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes

    apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv001
  labels:
    name: pv001
spec:
  nfs:
    path: /data/volumes/v1
    server: 192.168.100.1
  accessModes: ["ReadWriteMany","ReadWriteOnce"]
  capacity:
    storage: 3Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv002
  labels:
    name: pv002
spec:
  nfs:
    path: /data/volumes/v2
    server: 192.168.100.1
  accessModes: ["ReadWriteOnce"]
  capacity:
    storage: 5Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv003
  labels:
    name: pv003
spec:
  nfs:
    path: /data/volumes/v3
    server: 192.168.100.1
  accessModes: ["ReadWriteOnce"]
  capacity:
    storage: 50Gi
    • 创建pvc
    apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc001
  namespace: default
spec:
  accessModes: ["ReadWriteOnce"]
  resources: 
    requests: 
      storage: 6Gi  #要求绑定大于6G的pv
---
apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-pvc
  namespace: default
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: html
    persistentVolumeClaim:
      claimName: pvc001

    2、按pvc需要自动创建pv

    • 需要支持resfull风格api的存储来请求动态创建存储,实现动态请求创建pv

    六、configmap和secret

    • secret和configmap是两个特殊的存储卷,用于用户将集群外的配置注入pod
    • secret和configmap的功能相同,configmap以明文存储,secret是用base64编码存放

    配置容器化应用的方式:

    1. 自定义命令行参数:args: []
    2. 把配置文件直接copy进镜像
    3. 环境变量加载配置
      1. cloud native的应用程序一般可通过环境变量加载配置
      2. 通过entrypoint脚本来预处理变量为配置文件中的配置信息
    4. 存储卷
    # kubectl explain cm
    • 命令行直接创建cm
    # kubectl create configmap nginx-config --from-literal=nginx_port=80 --from-literal=server_name=myapp.dongfei.tech
# kubectl get cm
# kubectl describe cm nginx-config
    • 命令行创建secret
    # kubectl create secret generic mysql-root-password --from-literal=password=My@Pass
# kubectl get secret
# kubectl describe secret mysql-root-password
# kubectl get secret mysql-root-password -o yaml
# echo TXlAUGFzcw== |base64 -d  #解码
My@Pass
    • 将配置文件创建为cm
    # cat www.conf 
server {
        server_name myapp.dongfei.tech;
        listen 80;
        root /data/web/html;
}
# kubectl create configmap nginx-www --from-file=./www.conf  #不指定key则将文件名当做key,文件内容当做value
    • 将cm通过环境变量注入pod
    apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-1
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    dongfei.tech/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    env:
    - name: NGINX_SERVER_PORT
      valueFrom:
        configMapKeyRef:
          name: nginx-config
          key: nginx_port
    - name: NGINX_SERVER_NAME
      valueFrom:
        configMapKeyRef:
          name: nginx-config
          key: server_name
    • 将cm通过存储卷方式以文件注入容器
    apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-2
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    dongfei.tech/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    volumeMounts:
    - name: nginxconf
      mountPath: /etc/nginx/conf.d/
      readOnly: true
  volumes:
  - name: nginxconf
    configMap:
      name: nginx-www
    • 将secret通过环境变量方式注入容器
    apiVersion: v1
kind: Pod
metadata:
  name: pod-secret-1
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    dongfei.tech/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    env:
    - name: MYSQL_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          name: mysql-root-password
          key: password
  • 相关阅读:
    设计模式-抽象工厂
    设计模式-工厂方法
    设计模式-简单工厂
    设计模式-单例模式
    设计模式使用指南
    适合Java程序员看的UML学习手册
    第六周 Java8新特性
    deepin15.11系统使用罗技k380键盘
    动态规划系列之六01背包问题
    《比勤奋更重要的是底层思维》
  • 原文地址:https://www.cnblogs.com/L-dongf/p/11439882.html
Copyright © 2011-2022 走看看