Pod持久化

Volume

Pod被创建之后,容器中的数据是暂时的,当容器被关闭时数据也会随之消失,如果要长期保存容器中的数据就需要用到数据卷。
K8s中的volume提供了在容器中挂载外部存储的能力
Pod中使用卷,需要设置卷的来源(spec.volume)和挂载点(spec.containers.volumeMounts)这两个参数信息。

 

查看kubernets所支持的卷的类型:
https://v1-17.docs.kubernetes.io/docs/concepts/storage/volumes/

• awsElasticBlockStore
• azureDisk
• azureFile
• cephfs
• cinder
• configMap
• csi
• downwardAPI
• emptyDir
• fc (fibre channel)
• flexVolume
• flocker
• gcePersistentDisk
• gitRepo (deprecated)
• glusterfs
• hostPath
• iscsi
• local
• nfs
• persistentVolumeClaim
• projected
• portworxVolume
• quobyte
• rbd
• scaleIO
• secret
• storageos
• vsphereVolume

 

根据以上类型可以做简单分类:
1 本地卷:只在当前节点使用,无法跨节点使用 hostPath emptyDir
2 网络卷:在任意节点都可以访问到:nfs rbd cephfs glusterfs
3 公有云卷: awsElasticBlockStore azureDisk
4 k8s资源: secret configMap

 

emptyDir

在pod的宿主机上创建目录,挂载到Pod中的容器,Pod删除该卷也会被删除。
应用场景: pod 中容器之间的数据共享

 

二 动态PV的实现

 

 

      静态PVC的缺点:
               PV需要提前手动创建,PVC在使用PV时可能会出现实现用的PV大于PVC请求的PV动态PVC可以解决这个问题,当PVC需要PV时会自动创建PVC需求的PV。

      动态PVC的特点:
              工作核心是StorageClass的API对象,SC声明存储插件,存储插件用于健PV。不是所有存储类型都支持StorageClass的自动创建。

     查看StorageClass支持的存储列表:
               https://kubernetes.io/docs/concepts/storage/storage-classes/

 

 

如果上表中的存储类型为支持动态PV,而实现应用中又必须使用,那么可以考虑使用第三方的存储插件
https://github.com/kubernetes-retired/external-storage/

 

 

 

 

 

 

 

 

[root@master NFS]# rz -E
rz waiting to receive.
[root@master NFS]# ls
nfs-client.zip							  
[root@master NFS]# unzip nfs-client.zip 
[root@master NFS]# cd nfs-client/
[root@master nfs-client]# ls
class.yaml  deployment.yaml  rbac.yaml
[root@master nfs-client]# 	
			       #class.yam定义StorageClass资源
			       #deployment.yaml中的镜像负责自动创建PV
			       #rbac.yaml用于对deployment中镜像授权,使它可以访问k8sAPI

  

 

 

 

 

class资源分析:
[root@master nfs-client]# cat class.yaml 
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: managed-nfs-storage         #storageclass资源的名字
provisioner: fuseim.pri/ifs         # or choose another name, must match deployment's env PROVISIONER_NAME'
parameters:                          
  archiveOnDelete: "true"           #ture表示当pv被删除时,pv中的数据会被自动归档(备份)
[root@master nfs-client]# 

deployment.yaml资源分析:
[root@master nfs-client]#          
[root@master nfs-client]# cat deployment.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
---
kind: Deployment
apiVersion: apps/v1 
metadata:
  name: nfs-client-provisioner
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nfs-client-provisioner
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: quay.io/external_storage/nfs-client-provisioner:latest
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: fuseim.pri/ifs            #这个变量要与class.yaml文件中的一致
            - name: NFS_SERVER
              value: 192.168.1.63              #nfs服务器的地址
            - name: NFS_PATH
              value: /ifs/kubernetes           #NfS服务器共享出来的目录
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.1.63
            path: /ifs/kubernetes
[root@master nfs-client]# 

rbac.yaml资源分析:
[root@master nfs-client]# cat rbac.yaml 
kind: ServiceAccount
apiVersion: v1
metadata:
  name: nfs-client-provisioner
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io
[root@master nfs-client]#

  

 

[root@master nfs-client]# kubectl apply -f .
storageclass.storage.k8s.io/managed-nfs-storage created
serviceaccount/nfs-client-provisioner created
deployment.apps/nfs-client-provisioner created
serviceaccount/nfs-client-provisioner unchanged
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner created
role.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created
rolebinding.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner created

[root@master nfs-client]# kubectl get pod
NAME                                      READY   STATUS    RESTARTS   AGE
nfs-client-provisioner-7676dc9cfc-j4vgl   1/1     Running   0          22s
[root@master nfs-client]#
[root@master nfs-client]# kubectl get sc      #查看SC的name,PVC中需要使用这个名字
NAME                  PROVISIONER      RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
managed-nfs-storage   fuseim.pri/ifs   Delete          Immediate           false                  53m
[root@master nfs-client]#

 

[root@master ~]# vim deployment3.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: web
  name: web
spec:
  name: web
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web
  strategy: {}
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
        volumeMounts:
        - name: data
          mountPath: /usr/share/nginx/html

      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: my-pvc2
---
                                             #把创建PVC的yaml文件也放面一个文件中方便apply,静态PVC与动态PVC的区别就在于是否有storageClassName                                
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-pvc2
spec:
  storageClassName: "managed-nfs-storage"    #这里的storageClassName要与上面kubectl get sc的ame一致
  accessModes:                               
    - ReadWriteMany
  resources:
    requests:
      storage: 9Gi							  
							  
[root@master ~]#
[root@master ~]# kubectl apply -f deployment3.yaml 
deployment.apps/web created
persistentvolumeclaim/my-pvc2 created
[root@master ~]# 

  

  • 查看pod,pv,pvc的状态,从下面可以看出pv,pvc都已创建成功,并且pv写pvc也已匹配成功。K8s接口先后创建了pvc和pv,然后两者再自动匹配。同时查看NFS服务器上的共享目录/ifs/kubernetes,发现这里自动创建了一个子目录default-my-pvc2-pvc-e7bbe866-2a62-4269-9c54-a4a411e93e08。创建pv和NFS的共享目录这两个动作都是由StorageClass这个资源完成的。
[root@master ~]# kubectl get pod
NAME                                      READY   STATUS    RESTARTS   AGE
nfs-client-provisioner-7676dc9cfc-zfl8t   1/1     Running   0          95s
web-748845d84d-tlrr6                      1/1     Running   0          95s 
[root@master ~]# 
[root@master ~]# kubectl get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM             STORAGECLASS          REASON   AGE
pvc-e7bbe866-2a62-4269-9c54-a4a411e93e08   9Gi        RWX            Delete           Bound    default/my-pvc2   managed-nfs-storage            93s
[root@master ~]# 
[root@master ~]# kubectl get pvc
NAME      STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS          AGE
my-pvc2   Bound    pvc-e7bbe866-2a62-4269-9c54-a4a411e93e08   9Gi        RWX            managed-nfs-storage   2m10s
[root@master ~]# 
[root@node2 kubernetes]# pwd
/ifs/kubernetes
[root@node2 kubernetes]# ls
default-my-pvc2-pvc-e7bbe866-2a62-4269-9c54-a4a411e93e08
[root@node2 kubernetes]# 

  

  • 在容器中创建数据,查看是否会持久化到目录中,
[root@master ~]# kubectl exec -it web-748845d84d-tlrr6 -- bash
root@web-748845d84d-tlrr6:/# touch /usr/share/nginx/html/abc.txt
root@web-748845d84d-tlrr6:/# ls /usr/share/nginx/html/
abc.txt
root@web-748845d84d-tlrr6:/# 

[root@node2 kubernetes]# ls default-my-pvc2-pvc-e7bbe866-2a62-4269-9c54-a4a411e93e08/
abc.txt
[root@node2 kubernetes]# 

  

  • 如果把pod的副本增加到3个,那么3个Pod中的数据也是共享的。
[root@master ~]# kubectl scale deploy web --replicas=3
deployment.apps/web scaled
[root@master ~]# 
[root@master ~]# kubectl get pod
NAME                                      READY   STATUS    RESTARTS   AGE
nfs-client-provisioner-7676dc9cfc-zfl8t   1/1     Running   0          40m
web-748845d84d-2t48t                      1/1     Running   0          114s
web-748845d84d-6twgl                      1/1     Running   0          5m30s
web-748845d84d-t5tbm                      1/1     Running   0          114s
[root@master ~]# 
[root@master ~]# kubectl exec -it web-748845d84d-t5tbm  -- bash
root@web-748845d84d-t5tbm:/# ls /usr/share/nginx/html/
abc.txt
root@web-748845d84d-t5tbm:/# 

 

  • 删除deployment,pvc之后,对应的pod,pv,pvc都会被删除。但数据会被归档存储在另一个目录,
[root@master ~]# kubectl  delete -f  PV-PVC/dynamic-pvc/deployment3-pvc-sc.yaml 
deployment.apps "web" deleted
persistentvolumeclaim "my-pvc2" deleted
[root@master ~]# 

[root@master ~]# kubectl get pod
NAME                                      READY   STATUS    RESTARTS   AGE
nfs-client-provisioner-7676dc9cfc-zfl8t   1/1     Running   0          23m
[root@master ~]# 
[root@master ~]# kubectl get pvc 
No resources found in default namespace.
[root@master ~]# 
[root@master ~]# kubectl get pv
No resources found in default namespace.
[root@master ~]# 

[root@node2 kubernetes]# ls
archived-default-my-pvc2-pvc-e7bbe866-2a62-4269-9c54-a4a411e93e08
[root@node2 kubernetes]# ls archived-default-my-pvc2-pvc-e7bbe866-2a62-4269-9c54-a4a411e93e08/
abc.txt
[root@node2 kubernetes]# 

  

posted @ 2021-10-27 00:47  流浪剑客+  阅读(380)  评论(0编辑  收藏  举报