Kubernetes——存储卷基本介绍
存储卷基本介绍
应用程序在处理请求时,可根据其对当前的处理是否受影响于此前的请求,将应用划分为有状态应用和无状态应用两种。而对于有状态应用,数据持久化是必然之需。
Kubernetes 提供的存储卷(Volume)属于 Pod 资源级别,共享于 Pod 内的所有容器,可用于在容器的文件系统之外存储应用程序的相关数据,甚至还可独立于 Pod 的生命周期之外实现数据可持久化。
一、存储卷
Pod 本身具有生命周期,故其内部运行的容器及其相关数据自身均无法持久存在。
Docker 支持配置容器使用存储卷将数据持久存储于容器自身文件系统之外的存储空间中,它们可以是节点文件系统或网络文件系统之上的存储空间。同样,Kubernetes 也支持类似的存储卷功能,不过,Kubernetes 的存储卷是与 Pod 资源绑定而非和容器绑定。
二、Kubernetes 支持的存储卷类型
Kubernetes 支持非常丰富的存储卷类型,包括本地存储(节点)和网络存储系统中的诸多存储机制,甚至还支持 Secret 和 ConfigMap 这样的特殊存储资源。对于 Pod 来说,卷类型主要是为关联相关的存储系统时提供相关的配置参数。例如,关联节点本地的存储目录与关联 GlusterFS 存储系统所需要的配置参数差异巨大,因此指定存储卷类型时也就限定了其关联到的后端存储设备。目前,Kubernetes 支持的存储卷包含以下这些类型:
- awsElasticBlockStore、azureDisk、azureFile、cephfs、csi、downwardAPI、emptyDir
- fc、flocker、gcePersistentDisk、gitRepo、glusterfs、hostPath、iscsi、local、nfs
- persistentVolumeClaim、projected、portworxVolume、quobyte、rbd、scaleIO、secret
- storageos、vsphereVolume
上述类型中,emptyDir 与 hostPath 属于节点级别的卷类型,emptyDir 的生命周期与 Pod 资源相同,而使用了 hostPath 卷的 Pod 一旦被重新调度至其他节点,那么它将无法再使用此前的数据。因此,这两种类型都不具有持久性。要想使用持久类型的存储卷,就得使用网络存储系统,如 NFS、Ceph、GlusterFS 等,或者云端存储,如 gccPersistentDisk、awsElasticBlockStore 等。
Kubernetes 为此专门设计了一种集群级别的资源 PersistentVolume(简称 PV),它借由管理员配置存储系统,而后由用户通过 "persistentVolumeClaim"(简称 PVC)存储卷直接申请使用的机制大大简化了终端存储用户的配置过程,有效降低了使用难度。
再者,Secret 和 ConfigMap 算得上是两种特殊型的卷类型。
- Secret 用于向 Pod 传递敏感信息,如密码、私钥、证书文件等,这些信息如果直接定义在镜像中很容易导致泄漏,有了 Secret 资源,用户可以将这些信息存储于集群中而后由 Pod 进行挂载,从而实现将敏感数据与系统解耦。
- ConfigMap 资源则用于向 Pod 注入非敏感数据,使用时,用户将数据直接存储于 ConfigMap 对象中,而后直接在 Pod 中使用 ConfigMap 卷引用它即可,它可以帮助实现容器撇脂文件集中化定义和管理。
另外,Kubernetes 自 1.9 版本起对存储的支持做了进一步的增强,引入了容器存储接口(Container Storage Interface, CSI)的一套 alpha 实现版本,其能够将插件的安装流程简化至与创建 Pod 相当,并运行第三方存储供应商在无须修改 Kubernetes 代码库的前提下提供自己的解决方案。
三、存储卷的使用方式
在 Pod 中定义使用存储卷的配置由两部分组成:一是通过 .spec.volumes 字段定义在 Pod 之上的存储卷列表,其支持使用多种不同类型的存储卷且配置参数差别很大;另一个是通过 .spec.containers.volumeMounts 字段在容器上定义的存储卷挂载列表,它只能挂载当前 Pod 资源中定义的具体存储卷,当然也可以不挂载存储卷。
Pod 级别 .spec.volumes 的资源清单定义如下
[root@mh-k8s-master-247-10 ~]# kubectl explain pod.spec.volumes
KIND: Pod
VERSION: v1
RESOURCE: volumes <[]Object>
DESCRIPTION:
List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
FIELDS:
awsElasticBlockStore <Object>
AWSElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
azureDisk <Object>
AzureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
azureFile <Object>
AzureFile represents an Azure File Service mount on the host and bind mount
to the pod.
cephfs <Object>
CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
cinder <Object>
Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
configMap <Object>
ConfigMap represents a configMap that should populate this volume
csi <Object>
CSI (Container Storage Interface) represents storage that is handled by an
external CSI driver (Alpha feature).
downwardAPI <Object>
DownwardAPI represents downward API about the pod that should populate this
volume
emptyDir <Object>
EmptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
fc <Object>
FC represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
flexVolume <Object>
FlexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
flocker <Object>
Flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
gcePersistentDisk <Object>
GCEPersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
gitRepo <Object>
GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
glusterfs <Object>
Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
hostPath <Object>
HostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
iscsi <Object>
ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
name <string> -required-
Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
nfs <Object>
NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
persistentVolumeClaim <Object>
PersistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
photonPersistentDisk <Object>
PhotonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
portworxVolume <Object>
PortworxVolume represents a portworx volume attached and mounted on
kubelets host machine
projected <Object>
Items for all in one resources secrets, configmaps, and downward API
quobyte <Object>
Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
rbd <Object>
RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
scaleIO <Object>
ScaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
secret <Object>
Secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
storageos <Object>
StorageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
vsphereVolume <Object>
VsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
[root@mh-k8s-master-247-10 ~]#
.spec.volumes.name 字段定义如下:
[root@mh-k8s-master-247-10 ~]# kubectl explain pod.spec.volumes.name
KIND: Pod
VERSION: v1
FIELD: name <string>
DESCRIPTION:
Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
[root@mh-k8s-master-247-10 ~]#
.spec.volumes.gitRepo 字段定义如下:
[root@mh-k8s-master-247-10 ~]# kubectl explain pod.spec.volumes.gitRepo
KIND: Pod
VERSION: v1
RESOURCE: gitRepo <Object>
DESCRIPTION:
GitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling. DEPRECATED: GitRepo is deprecated. To
provision a container with a git repo, mount an EmptyDir into an
InitContainer that clones the repo using git, then mount the EmptyDir into
the Pod's container.
FIELDS:
directory <string>
Target directory name. Must not contain or start with '..'. If '.' is
supplied, the volume directory will be the git repository. Otherwise, if
specified, the volume will contain the git repository in the subdirectory
with the given name.
repository <string> -required-
Repository URL
revision <string>
Commit hash for the specified revision.
[root@mh-k8s-master-247-10 ~]#
定义好的存储卷可由当前 Pod 资源内的各容器进行挂载。事实上,也只有多个容器挂载同一个存储卷时,“共享”才有了具体的意义。当 Pod 中只有一个容器时,使用存储卷的目的通常在于数据持久化。
.spec.containers.volumeMounts 字段的值也是对象列表格式,由一到多个存储卷挂载定义组成。无论何种类型的存储卷,它们的挂载格式基本都是相同的,下面的代码段是在容器中定义挂载卷时的通用语法形式:
[root@mh-k8s-master-247-10 ~]# kubectl explain pod.spec.containers.volumeMounts
KIND: Pod
VERSION: v1
RESOURCE: volumeMounts <[]Object>
DESCRIPTION:
Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
FIELDS:
mountPath <string> -required-
Path within the container at which the volume should be mounted. Must not
contain ':'.
mountPropagation <string>
mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
name <string> -required-
This must match the Name of a Volume.
readOnly <boolean>
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
subPath <string>
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
subPathExpr <string>
Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
[root@mh-k8s-master-247-10 ~]#
其中各字段的意义及使用要求具体如下:
-
- name<string>:指定要挂载的存储的名称,必选字段。
- moutPath<string>:挂载点路径,容器文件系统上的路径,必选字段。
- readOnly<boolean>:是否挂载为只读卷。
- subPath<string>:挂载存储卷时使用的子路径,即在 moutPath 指定的路径下使用一个子路径作为其挂载点。
下面是一个挂载示例,容器 myapp 将 logdata 存储卷挂载于 /var/log/myapp,将 example 挂载到 /webdata/example 目录:
spec:
containers:
- name: myapp
image:
volumeMounts:
- name: logdata
mountPath: /var/log/myapp/
- name: example
mountPath: /webdata/example/
