K8S卷类型

Pod本地存储:emptyDir,hostPath
SAN:iSCSI,FC
NAS:nfs,cifs(samba)
分布式存储:glusterfs,rbd(ceph的块存储接口),cephfs(ceph的文件存储接口)
云存储:EBS, Azure Disk

在查看K8S集群Pod支持的卷类型

  1. [root@master ~]# kubectl explain pod.spec.volumes
  2. KIND:     Pod
  3. VERSION:  v1
  5. RESOURCE: volumes <[]Object>
  7. DESCRIPTION:
  8.      List of volumes that can be mounted by containers belonging to the pod.
  9.      More info: https://kubernetes.io/docs/concepts/storage/volumes
  11.      Volume represents a named volume in a pod that may be accessed by any
  12.      container in the pod.
  14. FIELDS:
  15.    awsElasticBlockStore    <Object>
  16.      AWSElasticBlockStore represents an AWS Disk resource that is attached to a
  17.      kubelet's host machine and then exposed to the pod. More info:
  18.      https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
  20.    azureDisk    <Object>
  21.      AzureDisk represents an Azure Data Disk mount on the host and bind mount to
  22.      the pod.
  24.    azureFile    <Object>
  25.      AzureFile represents an Azure File Service mount on the host and bind mount
  26.      to the pod.
  28.    cephfs    <Object>
  29.      CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
  31.    cinder    <Object>
  32.      Cinder represents a cinder volume attached and mounted on kubelets host
  33.      machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
  35.    configMap    <Object>
  36.      ConfigMap represents a configMap that should populate this volume
  38.    csi    <Object>
  39.      CSI (Container Storage Interface) represents ephemeral storage that is
  40.      handled by certain external CSI drivers (Beta feature).
  42.    downwardAPI    <Object>
  43.      DownwardAPI represents downward API about the pod that should populate this
  44.      volume
  46.    emptyDir    <Object>
  47.      EmptyDir represents a temporary directory that shares a pod's lifetime.
  48.      More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
  50.    ephemeral    <Object>
  51.      Ephemeral represents a volume that is handled by a cluster storage driver
  52.      (Alpha feature). The volume's lifecycle is tied to the pod that defines it
  53.      - it will be created before the pod starts, and deleted when the pod is
  54.      removed.
  56.      Use this if: a) the volume is only needed while the pod runs, b) features
  57.      of normal volumes like restoring from snapshot or capacity tracking are
  58.      needed, c) the storage driver is specified through a storage class, and d)
  59.      the storage driver supports dynamic volume provisioning through a
  60.      PersistentVolumeClaim (see EphemeralVolumeSource for more information on
  61.      the connection between this volume type and PersistentVolumeClaim).
  63.      Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
  64.      that persist for longer than the lifecycle of an individual pod.
  66.      Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
  67.      to be used that way - see the documentation of the driver for more
  68.      information.
  70.      A pod can use both types of ephemeral volumes and persistent volumes at the
  71.      same time.
  73.    fc    <Object>
  74.      FC represents a Fibre Channel resource that is attached to a kubelet's host
  75.      machine and then exposed to the pod.
  77.    flexVolume    <Object>
  78.      FlexVolume represents a generic volume resource that is
  79.      provisioned/attached using an exec based plugin.
  81.    flocker    <Object>
  82.      Flocker represents a Flocker volume attached to a kubelet's host machine.
  83.      This depends on the Flocker control service being running
  85.    gcePersistentDisk    <Object>
  86.      GCEPersistentDisk represents a GCE Disk resource that is attached to a
  87.      kubelet's host machine and then exposed to the pod. More info:
  88.      https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
  90.    gitRepo    <Object>
  91.      GitRepo represents a git repository at a particular revision. DEPRECATED:
  92.      GitRepo is deprecated. To provision a container with a git repo, mount an
  93.      EmptyDir into an InitContainer that clones the repo using git, then mount
  94.      the EmptyDir into the Pod's container.
  96.    glusterfs    <Object>
  97.      Glusterfs represents a Glusterfs mount on the host that shares a pod's
  98.      lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
  100.    hostPath    <Object>
  101.      HostPath represents a pre-existing file or directory on the host machine
  102.      that is directly exposed to the container. This is generally used for
  103.      system agents or other privileged things that are allowed to see the host
  104.      machine. Most containers will NOT need this. More info:
  105.      https://kubernetes.io/docs/concepts/storage/volumes#hostpath
  107.    iscsi    <Object>
  108.      ISCSI represents an ISCSI Disk resource that is attached to a kubelet's
  109.      host machine and then exposed to the pod. More info:
  110.      https://examples.k8s.io/volumes/iscsi/README.md
  112.    name    <string> -required-
  113.      Volume's name. Must be a DNS_LABEL and unique within the pod. More info:
  114.      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
  116.    nfs    <Object>
  117.      NFS represents an NFS mount on the host that shares a pod's lifetime More
  118.      info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
  120.    persistentVolumeClaim    <Object>
  121.      PersistentVolumeClaimVolumeSource represents a reference to a
  122.      PersistentVolumeClaim in the same namespace. More info:
  123.      https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
  125.    photonPersistentDisk    <Object>
  126.      PhotonPersistentDisk represents a PhotonController persistent disk attached
  127.      and mounted on kubelets host machine
  129.    portworxVolume    <Object>
  130.      PortworxVolume represents a portworx volume attached and mounted on
  131.      kubelets host machine
  133.    projected    <Object>
  134.      Items for all in one resources secrets, configmaps, and downward API
  136.    quobyte    <Object>
  137.      Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
  139.    rbd    <Object>
  140.      RBD represents a Rados Block Device mount on the host that shares a pod's
  141.      lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
  143.    scaleIO    <Object>
  144.      ScaleIO represents a ScaleIO persistent volume attached and mounted on
  145.      Kubernetes nodes.
  147.    secret    <Object>
  148.      Secret represents a secret that should populate this volume. More info:
  149.      https://kubernetes.io/docs/concepts/storage/volumes#secret
  151.    storageos    <Object>
  152.      StorageOS represents a StorageOS volume attached and mounted on Kubernetes
  153.      nodes.
  155.    vsphereVolume    <Object>
  156.      VsphereVolume represents a vSphere volume attached and mounted on kubelets
  157.      host machine

emptyDir

busybox容器负责产生数据,也就是我们常说的sidecar;myapp容器负责向外提供生产服务

  1. [root@master volumes]# cat pod-vol-demo.yaml 
  2. apiVersion: v1
  3. kind: Pod
  4. metadata:
  5.   name: pod-demo
  6. spec:
  7.   containers:
  8.   - name: myapp
  9.     image: ikubernetes/myapp:v1
  10.     imagePullPolicy: IfNotPresent
  11.     ports:
  12.     - containerPort: 80
  13.     volumeMounts:
  14.     - name: html
  15.       mountPath: /usr/share/nginx/html/
  16.   - name: busybox
  17.     image: busybox:latest
  18.     imagePullPolicy: IfNotPresent
  19.     volumeMounts:
  20.     - name: html
  21.       mountPath: /data/
  22.     command: ["/bin/sh","-c","while true; do echo $(date) >>/data/index.html; sleep 2; done"]
  23.   volumes:
  24.     - name: html
  25.       emptyDir: {}

hostPath

hostPath卷方式可以将数据持久化到宿主机本地,如下我们先在本地创建好/data/pod/volume1的目录,并在创建好可访问网页文件,但是这种方式如果要提供统一的内容访问,需要在每一个宿主机上创建相应的目录和网页内容发。
节点1:
[root@master volumes]# mkdir /data/pod/volume1 -p
[root@master volumes]# echo node01 >/data/pod/volume1/index.html
节点2:
[root@master volumes]# mkdir /data/pod/volume1 -p
[root@master volumes]# echo node02 >/data/pod/volume1/index.html

  1. [root@master volumes]# cat pod-hostpath-vol.yaml 
  2. apiVersion: v1
  3. kind: Pod
  4. metadata:
  5.   name: pod-hostpath-vol
  6.   namespace: default
  7. spec: 
  8.   containers:
  9.   - name: myapp
  10.     image: ikubernetes/myapp:v1
  11.     volumeMounts:
  12.     - name: html
  13.       mountPath: /usr/share/nginx/html
  14.   volumes:
  15.   - name: html
  16.     hostPath:
  17.       path: /data/pod/volume1
  18.       type: DirectoryOrCreate

nfs

通过nfs存储卷的方式可以实现将数据持久化的存储在远端存储上面,以防止数据丢失

  1. [root@master volumes]# cat pod-nfs-vol.yaml 
  2. apiVersion: v1
  3. kind: Pod
  4. metadata:
  5.   name: pod-nfs-vol
  6.   namespace: default
  7. spec: 
  8.   containers:
  9.   - name: myapp
  10.     image: ikubernetes/myapp:v1
  11.     volumeMounts:
  12.     - name: html
  13.       mountPath: /usr/share/nginx/html
  14.   volumes:
  15.   - name: html
  16.     nfs:
  17.       path: /data/volumes
  18.       server: 172.16.1.31

PV、PVC

让POD创建过程与底层存储解耦合,如下图PV,PVC,storageClass之间的逻辑关系
image.png
image.png
1、示例,创建pv

  1. [root@master volumes]# cat pv-nfs-demo.yaml 
  2. apiVersion: v1
  3. kind: PersistentVolume
  4. metadata:
  5.   name: pv001
  6.   labels: 
  7.     name: pv001
  8. spec:
  9.   nfs: 
  10.     path: /data/volumes/v1
  11.     server: 172.16.1.31
  12.   accessModes: ["ReadWriteMany", "ReadWriteOnce"]
  13.   capacity: 
  14.     storage: 2Gi
  15. ---
  16. apiVersion: v1
  17. kind: PersistentVolume
  18. metadata:
  19.   name: pv002
  20.   labels: 
  21.     name: pv002
  22. spec:
  23.   nfs: 
  24.     path: /data/volumes/v2
  25.     server: 172.16.1.31
  26.   accessModes: ["ReadWriteMany", "ReadWriteOnce"]
  27.   capacity: 
  28.     storage: 4Gi

2、使用pvc创建pod,关联pv

  1. [root@master volumes]# cat pvc-demo.yaml 
  2. apiVersion: v1 
  3. kind: PersistentVolumeClaim
  4. metadata:
  5.   name: mypvc
  6.   namespace: default
  7. spec: 
  8.   accessModes: ["ReadWriteMany"]
  9.   resources:
  10.     requests:
  11.       storage: 2Gi
  12. ---
  13. apiVersion: v1
  14. kind: Pod
  15. metadata:
  16.   name: pod-pvc
  17.   namespace: default
  18. spec: 
  19.   containers:
  20.   - name: myapp
  21.     image: ikubernetes/myapp:v1
  22.     volumeMounts:
  23.     - name: html
  24.       mountPath: /usr/share/nginx/html
  25.   volumes:
  26.   - name: html
  27.     persistentVolumeClaim:
  28.       claimName: mypvc

configmap

配置容器化应用的方式
1、自定义命令行参数;command,args:[]
2、把配置文件直接备进镜像(但是此种方式耦合度过于紧密)
3、环境变量
1)Cloud Native的应用程序一般可以通过环境变量加载配置
2)Cloud enable,通过entrypoint脚本来预处理变量为配置文件中的配置信息
4、存储卷
怎么
命令行创建configmap

  1. 1、命令行创建
  2. [root@master manifests]# kubectl create configmap nginx-config --from-literal=nginx_port=8080 --from-literal=server_name=evn.xsc.com
  3. configmap/nginx-config created
  4. 2、查看
  5. [root@master manifests]# kubectl get cm
  6. NAME               DATA   AGE
  7. nginx-config       2      8s
  8. 3、查看详细描述
  9. [root@master manifests]# kubectl describe cm nginx-config
  10. Name:         nginx-config
  11. Namespace:    default
  12. Labels:       <none>
  13. Annotations:  <none>
  15. Data
  16. ====
  17. nginx_port:
  18. ----
  19. 8080
  20. server_name:
  21. ----
  22. evn.xsc.com
  23. Events:  <none>

通过变量的方式注入配置

  1. [root@master configmap]# kubectl describe cm nginx-config
  2. Name:         nginx-config
  3. Namespace:    default
  4. Labels:       <none>
  5. Annotations:  <none>
  7. Data
  8. ====
  9. nginx_port:
  10. ----
  11. 8080
  12. server_name:
  13. ----
  14. evn.xsc.com
  15. Events:  <none>
  16. pod通过env变量引用configmap的值
  17. [root@master configmap]# cat pod-configmap.yaml 
  18. apiVersion: v1
  19. kind: Pod
  20. metadata:
  21.   name: pod-cm-1
  22. spec:
  23.   containers:
  24.   - image: ikubernetes/myapp:v1
  25.     name: myapp
  26.     ports:
  27.     - name: http
  28.       containerPort: 80
  29.     env:
  30.     - name: NGINX_SERVER_PORT
  31.       valueFrom:
  32.         configMapKeyRef:
  33.           name: nginx-config
  34.           key: nginx_port
  35.     - name: NGINX_SERVER_NAME
  36.       valueFrom:
  37.         configMapKeyRef:
  38.           name: nginx-config
  39.           key: server_name
  40. 容器内查看注入的变量值
  41. [root@master configmap]# kubectl exec -it pod-cm-1 -- /bin/sh
  42. / # printenv
  43. MYAPP_SVC_PORT_80_TCP_ADDR=10.98.57.156
  44. KUBERNETES_PORT=tcp://10.96.0.1:443
  45. KUBERNETES_SERVICE_PORT=443
  46. MYAPP_SVC_PORT_80_TCP_PORT=80
  47. HOSTNAME=pod-cm-1
  48. SHLVL=1
  49. MYAPP_SVC_PORT_80_TCP_PROTO=tcp
  50. HOME=/root
  51. NGINX_SERVER_PORT=8080
  52. NGINX_SERVER_NAME=evn.xsc.com

通过挂载configmap卷的方式传递值

  1. configmap的值
  2. [root@master configmap]# kubectl describe cm www.conf
  3. Name:         www.conf
  4. Namespace:    default
  5. Labels:       <none>
  6. Annotations:  <none>
  8. Data
  9. ====
  10. www.conf:
  11. ----
  12. server {
  13.   server_name evn.xsc.com;
  14.   listen 8088;
  15.   root /data/web/html;
  16. }
  18. Events:  <none>
  19. 创建pod
  20. [root@master configmap]# cat pod-configmap-3.yaml 
  21. apiVersion: v1
  22. kind: Pod
  23. metadata:
  24.   name: pod-cm-3
  25. spec:
  26.   containers:
  27.   - image: ikubernetes/myapp:v1
  28.     name: myapp
  29.     ports:
  30.     - name: http
  31.       containerPort: 80
  32.     volumeMounts:
  33.     - name: nginxconf
  34.       mountPath: /etc/nginx/conf.d/
  35.       readOnly: true
  36.   volumes:
  37.   - name: nginxconf
  38.     configMap:
  39.       name: www.conf
  40. 进入容器内部可以查看到挂载的值
  41. [root@master configmap]# kubectl exec -it pod-cm-3 -- /bin/sh
  42. / # 
  43. / # 
  44. / # cat /etc/nginx/conf.d/www.conf 
  45. server {
  46.     server_name evn.xsc.com;
  47.     listen 8088;
  48.     root /data/web/html;
  49. }
  50. 通过挂载configmap的方式可以实现动态修改,当configmap修改完之后,pod内的配置也会实现自动修改

secret

  1. [root@master ~]# kubectl create secret generic mysql-root-password --from-literal=password=abc123..
  2. secret/mysql-root-password created
  3. [root@master ~]# kubectl describe  secret mysql-root-password
  4. Name:         mysql-root-password
  5. Namespace:    default
  6. Labels:       <none>
  7. Annotations:  <none>
  9. Type:  Opaque
  11. Data
  12. ====
  13. password:  8 bytes
  15. 但是其实secret是通过base64进行编码的,因此其实是很容易解码的
  16. [root@master ~]# kubectl get secret mysql-root-password -o yaml
  17. apiVersion: v1
  18. data:
  19.   password: YWJjMTIzLi4=
  20. kind: Secret
  21. metadata:
  22.   creationTimestamp: "2021-06-18T08:23:43Z"
  23.   managedFields:
  24.   - apiVersion: v1
  25.     fieldsType: FieldsV1
  26.     fieldsV1:
  27.       f:data:
  28.         .: {}
  29.         f:password: {}
  30.       f:type: {}
  31.     manager: kubectl-create
  32.     operation: Update
  33.     time: "2021-06-18T08:23:43Z"
  34.   name: mysql-root-password
  35.   namespace: default
  36.   resourceVersion: "186277"
  37.   uid: de4cadce-e3eb-430d-b7ea-c95e77e690cc
  38. type: Opaque
  39. You have new mail in /var/spool/mail/root
  40. [root@master ~]# echo YWJjMTIzLi4= | base64 -d
  41. abc123..