第7章：Kubernetes存储

Kubernetes存储

1.为什么需要存储卷？

容器部署过程中一般有以下三种数据：
·启动时需要的初始数据，可以是配置文件
·启动过程中产生的临时数据，该临时数据需要多个容器间共享
·启动过程中产生的持久化数据

2.数据卷概述

Kubernetes 中的 Volume提供了在容器中挂载外部存储的能力
Pod需要设置卷来源（ spec.volume）和挂载点（ spec.containers.volumeMounts）两个信息后才可以使用相应的 Volume

官方搜索查看支持的类型

awsElasticBlockStore
    azureDisk
    azureFile
    cephfs
    cinder
    configMap
    csi
    downwardAPI
    emptyDir
    fc (fibre channel)
    flexVolume
    flocker
    gcePersistentDisk
    gitRepo (deprecated)
    glusterfs
    hostPath
    iscsi
    local
    nfs
    persistentVolumeClaim
    projected
    portworxVolume
    quobyte
    rbd
    scaleIO
    secret
    storageos
    vsphereVolume

k8s支持的存储类型

简单的分类：
1、本地，例如emptyDir、hostPath
2、网络，例如nfs、cephfs、glusterfs
3、公有云，例如azureDisk、awsElasticBlockStore
4、k8s资源，例如secret、configMap

3.临时存储卷，节点存储卷，网络存储卷

临时存储卷：emptyDir

创建一个空卷，挂载到Pod中的容器。Pod删除该卷也会被删除。
应用场景：Pod中容器之间数据共享

emptydir默认工作目录：
/var/lib/kubelet/pods/<pod-id>/volumes/kubernetes.io~empty-dir

什么样的适合在pod中运行多个容器?

{} 空值

[ chp7]# cat emptyDir.yml
apiVersion: v1
kind: Pod
metadata:
  name: emptydir
spec:
  containers:
  - name: write
    image: centos
    command: ["bash","-c","for i in {1..100};do echo $i >> /data/hello;sleep 1;done"]
    volumeMounts:
    - name: data
      mountPath: /data
  - name: read
    image: centos
    command: ["bash","-c","tail -f /data/hello"]
    volumeMounts:
    - name: data
      mountPath: /data
  volumes:
  - name: data
    emptyDir: {}
[ chp7]# kubectl apply -f emptyDir.yml
pod/emptydir created
[ chp7]# kubectl get po -o wide
NAME                              READY   STATUS    RESTARTS   AGE     IP               NODE     NOMINATED NODE   READINESS GATES
emptydir                          2/2     Running   1          116s    10.244.111.203   k8s-n2   <none>           <none>

[ data]# docker ps |grep emptydir
cbaf1b92b4a8        centos                                              "bash -c ‘for i in {…"   About a minute ago   Up About a minute                       k8s_write_emptydir_default_df40c32a-9f0a-44b7-9c17-89c9e9725da2_3
bce0f2607620        centos                                              "bash -c ‘tail -f /d…"   7 minutes ago        Up 7 minutes                            k8s_read_emptydir_default_df40c32a-9f0a-44b7-9c17-89c9e9725da2_0
0b804b8db60f        registry.aliyuncs.com/google_containers/pause:3.2   "/pause"                 7 minutes ago        Up 7 minutes                            k8s_POD_emptydir_default_df40c32a-9f0a-44b7-9c17-89c9e9725da2_0


[ data]# pwd
/var/lib/kubelet/pods/df40c32a-9f0a-44b7-9c17-89c9e9725da2/volumes/kubernetes.io~empty-dir/data

节点存储卷：hostPath

挂载Node文件系统上文件或者目录到Pod中的容器。
应用场景：Pod中容器需要访问宿主机文件

[ chp7]# cat hostPath.yml
apiVersion: v1
kind: Pod
metadata:
  name: host-path
spec:
  containers:
  - name: centos
    image: centos
    command: ["bash","-c","sleep 36000"]
    volumeMounts:
    - name: data
      mountPath: /data
  volumes:
  - name: data
    hostPath:
      path: /tmp
      type: Directory

[ chp7]# kubectl apply -f hostPath.yml
pod/host-path created
[ chp7]# kubectl exec host-path -it bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.

[path data]# pwd
/data
[path data]# touch test.txt
[ ~]# ls -l /tmp/test.txt
-rw-r--r--. 1 root root 5 8月  18 22:25 /tmp/test.txt

网络存储卷：NFS

yum install nfs-utils -y
[ ~]# mkdir /nfs/k8s -p
[ ~]# vim /etc/exports
[ ~]# cat /etc/exports
/nfs/k8s 10.0.0.0/24(rw,no_root_squash)
# no_root_squash:当登录NFS主机使用共享目录的使用者是root时,其权限将被转换成为匿名使用者,通常它的UID与GID都会变成nobody身份。

[ ~]# systemctl restart nfs
[ ~]# systemctl enable nfs
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
[ ~]#

# 测试
[ ~]# mount -t nfs 10.0.0.25:/nfs/k8s /mnt/

[ ~]# df -h |grep nfs
10.0.0.25:/nfs/k8s              26G  5.8G   21G   23% /mnt

查看nfs共享目录：
[ ~]# showmount -e
Export list for k8s-n2:
/nfs/k8s 10.0.0.0/24

创建应用
[ chp7]# cat nfs-deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfs-nginx-deploy
spec:
  selector:
    matchLabels:
      app: nfs-nginx
  replicas: 3
  template:
    metadata:
      labels:
        app: nfs-nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        volumeMounts:
        - name: wwwroot
          mountPath: /usr/share/nginx/html
        ports:
        - containerPort: 80
      volumes:
      - name: wwwroot
        nfs:
          server: 10.0.0.25
          path: /nfs/k8s

[ chp7]# kubectl apply -f nfs-deploy.yml
[ chp7]# kubectl get pod -o wide|grep nfs
nfs-nginx-deploy-848f4597c9-658ws   1/1     Running            0          2m33s   10.244.111.205   k8s-n2   <none>           <none>
nfs-nginx-deploy-848f4597c9-bzl5w   1/1     Running            0          2m33s   10.244.111.207   k8s-n2   <none>           <none>
nfs-nginx-deploy-848f4597c9-wz422   1/1     Running            0          2m33s   10.244.111.208   k8s-n2   <none>           <none>

在本地创建index 页面，然后在容器中也可以看到文件
[ ~]# echo "hello world" >/nfs/k8s/index.html
[ chp7]# curl 10.244.111.205
hello world
[ chp7]# kubectl exec nfs-nginx-deploy-848f4597c9-wz422 -it -- bash:/# mount|grep k8s
10.0.0.25:/nfs/k8s on /usr/share/nginx/html type nfs4 (rw,relatime,vers=4.1,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.0.25,local_lock=none,addr=10.0.0.25)





4.持久卷概述




[ chp7]# cat pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv0001
spec:
  capacity:
    storage: 5Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Recycle
  nfs:
    path: /nfs/k8s/pv0001
    server: 10.0.0.25
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv0002
spec:
  capacity:
    storage: 15Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Recycle
  nfs:
    path: /nfs/k8s/pv0002
    server: 10.0.0.25
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv0003
spec:
  capacity:
    storage: 30Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Recycle
  nfs:
    path: /nfs/k8s/pv0003
    server: 10.0.0.25

创建pv卷

[ chp7]# kubectl apply -f pv.yml
persistentvolume/pv0001 created
persistentvolume/pv0002 created
persistentvolume/pv0003 created

[ chp7]# kubectl get pv
NAME     CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
pv0001   5Gi        RWX            Recycle          Available                                   53s
pv0002   15Gi       RWX            Recycle          Available                                   53s
pv0003   30Gi       RWX            Recycle          Available                                   53s

[ chp7]# cat pvc-deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pvc-ngnix
spec:
  selector:
    matchLabels:
      app: pvc-nginx
  replicas: 3
  template:
    metadata:
      labels:
        app: pvc-nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        volumeMounts:
        - name: wwwroot
          mountPath: /usr/share/nginx/html
        ports:
        - containerPort: 80
      volumes:
      - name: wwwroot
        persistentVolumeClaim:
          claimName: my-pvc

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-pvc
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi

创建应用

[ chp7]# kubectl apply -f pvc-deploy.yml
deployment.apps/pvc-ngnix unchanged
persistentvolumeclaim/my-pvc created

[ chp7]# kubectl get pvc
NAME     STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
my-pvc   Bound    pv0001   5Gi        RWX                           12m

[ pv0001]# echo "hello pvc" >index.html
[ chp7]# curl 10.244.111.209
hello pvc

AccessModes（访问模式）：
AccessModes 是用来对 PV 进行访问模式的设置，用于描述用户应用对存储资源的访问权限，访问权限包括下面几种方式：
ReadWriteOnce（RWO）：读写权限，但是只能被单个节点挂载
ReadOnlyMany（ROX）：只读权限，可以被多个节点挂载
ReadWriteMany（RWX）：读写权限，可以被多个节点挂载

5.PV静态供给
6.PV动态供给
7.案例：应用程序使用持久卷存储数据
8.有状态应用部署：Statefulset控制器
9.应用程序配置文件存储：Config Ma
10.敏感数据存储：Secret