存储卷管理
卷概述
容器中文件在磁盘上是临时存放的,这种容器中运行的重要的应用程序带来一些问题
Pod 资源文件
[root@master ~]# vim web1.yaml --- kind: Pod apiVersion: v1 metadata: name: web1 spec: containers: - name: nginx image: myos:nginx
持久卷
hostPath 卷
[root@master ~]# vim web1.yaml --- kind: Pod apiVersion: v1 metadata: name: web1 spec: volumes: # 卷定义 - name: logdata # 卷名称 hostPath: # 资源类型 path: /var/weblog # 宿主机路径 type: DirectoryOrCreate # 目录不存在就创建 containers: - name: nginx image: myos:nginx volumeMounts: # mount 卷 - name: logdata # 卷名称 mountPath: /usr/local/nginx/logs # 容器内路径
验证 hostPath 卷
[root@master ~]# kubectl apply -f web1.yaml pod/web1 created [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE web1 1/1 Running 0 45m 10.244.2.16 node-0002 [root@master ~]# curl http://10.244.2.16/ Nginx is running ! # 删除Pod ,日志数据也不会丢失 [root@master ~]# kubectl delete pod web1 pod "web1" deleted # 来到 node 上查看日志 [root@node-0002 ~]# cat /var/weblog/access.log 10.244.0.0 - - [27/Jun/2022:02:00:12 +0000] "GET / HTTP/1.1" 200 19 "-" "curl/7.29.0"
NFS 卷
名称 | IP地址 | 配置 |
---|---|---|
nfs | 192.168.1.10 | 1CPU,1G内存 |
配置 NFS 服务
# 创建共享目录,并部署测试页面 [root@nfs ~]# mkdir -p /var/webroot [root@nfs ~]# echo "nfs server" >/var/webroot/index.html # 部署 NFS 服务 [root@nfs ~]# dnf install -y nfs-utils [root@nfs ~]# vim /etc/exports /var/webroot 192.168.1.0/24(rw,no_root_squash) [root@nfs ~]# systemctl enable --now nfs-server.service #----------------------------------------------------------# # 所有 node 节点都要安装 nfs 软件包 [root@node ~]# dnf install -y nfs-utils
Pod调用NFS卷
[root@master ~]# vim web1.yaml --- kind: Pod apiVersion: v1 metadata: name: web1 spec: volumes: - name: logdata hostPath: path: /var/weblog type: DirectoryOrCreate - name: website # 卷名称 nfs: # NFS 资源类型 server: 192.168.1.10 # NFS 服务器地址 path: /var/webroot # NFS 共享目录 containers: - name: nginx image: myos:nginx volumeMounts: - name: logdata mountPath: /usr/local/nginx/logs - name: website # 卷名称 mountPath: /usr/local/nginx/html # 路径 [root@master ~]# kubectl apply -f web1.yaml pod/web1 created [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE web1 1/1 Running 0 12m 10.244.1.19 node-0001
访问验证 nfs 卷
[root@master ~]# curl http://10.244.1.19 nfs server
PV/PVC
抽象化为pv,通过编写pvc运用
ReadWriteOnce--RWO--单用户读写
ReadOnlyMany--ROX--多用户只读
ReadWriteMany--RWX--多用户同时读写
ReadWirteOncePod--RWOP
持久卷
[root@master ~]# vim pv.yaml --- kind: PersistentVolume apiVersion: v1 metadata: name: pv-local spec: volumeMode: Filesystem accessModes: - ReadWriteOnce capacity: storage: 30Gi persistentVolumeReclaimPolicy: Retain hostPath: path: /var/weblog type: DirectoryOrCreate --- kind: PersistentVolume apiVersion: v1 metadata: name: pv-nfs spec: volumeMode: Filesystem accessModes: - ReadWriteOnce - ReadOnlyMany - ReadWriteMany capacity: storage: 20Gi persistentVolumeReclaimPolicy: Retain mountOptions: - nolock nfs: server: 192.168.1.10 path: /var/webroot [root@master ~]# kubectl apply -f pv.yaml persistentvolume/pv-local created persistentvolume/pv-nfs created [root@master ~]# kubectl get persistentvolume NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS AGE pv-local 30Gi RWO Retain Available 2s pv-nfs 20Gi RWO,ROX,RWX Retain Available 2s
持久卷声明
[root@master ~]# vim pvc.yaml --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pvc1 spec: volumeMode: Filesystem accessModes: - ReadWriteOnce resources: requests: storage: 25Gi --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pvc2 spec: volumeMode: Filesystem accessModes: - ReadWriteMany resources: requests: storage: 15Gi [root@master ~]# kubectl apply -f pvc.yaml persistentvolumeclaim/pvc1 created persistentvolumeclaim/pvc2 created [root@master ~]# kubectl get persistentvolumeclaims NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE pvc1 Bound pv-local 30Gi RWO 8s pvc2 Bound pv-nfs 20Gi RWO,ROX,RWX 8s
Pod 挂载 PVC
[root@master ~]# vim web1.yaml --- kind: Pod apiVersion: v1 metadata: name: web1 spec: volumes: # 卷定义 - name: logdata # 卷名称 persistentVolumeClaim: # 通过PVC引用存储资源 claimName: pvc1 # PVC名称 - name: website # 卷名称 persistentVolumeClaim: # 通过PVC引用存储资源 claimName: pvc2 # PVC名称 containers: - name: nginx image: myos:nginx volumeMounts: - name: logdata mountPath: /usr/local/nginx/logs - name: website mountPath: /usr/local/nginx/html
服务验证
[root@master ~]# kubectl delete pods web1 pod "web1" deleted [root@master ~]# kubectl apply -f web1.yaml pod/web1 created [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE web1 1/1 Running 0 45m 10.244.2.16 node-0002 [root@master ~]# curl http://10.244.2.16 nfs server
临时卷
configMap
# 使用命令创建 configMap [root@master ~]# kubectl create configmap tz --from-literal=TZ="Asia/Shanghai" configmap/tz created # 使用资源对象文件创建 [root@master ~]# vim timezone.yaml --- kind: ConfigMap apiVersion: v1 metadata: name: timezone data: TZ: Asia/Shanghai [root@master ~]# kubectl apply -f timezone.yaml configmap/timezone created [root@master ~]# kubectl get configmaps NAME DATA AGE kube-root-ca.crt 1 9d timezone 1 15s tz 1 50s
修改系统时区
[root@master ~]# vim web1.yaml --- kind: Pod apiVersion: v1 metadata: name: web1 spec: volumes: - name: logdata persistentVolumeClaim: claimName: pvc1 - name: website persistentVolumeClaim: claimName: pvc2 containers: - name: nginx image: myos:nginx envFrom: # 配置环境变量 - configMapRef: # 调用资源对象 name: timezone # 资源对象名称 volumeMounts: - name: logdata mountPath: /usr/local/nginx/logs - name: website mountPath: /usr/local/nginx/html [root@master ~]# kubectl delete pods web1 pod "web1" deleted [root@master ~]# kubectl apply -f web1.yaml pod/web1 created [root@master ~]# kubectl exec -it web1 -- date +%T 10:41:27
nginx 解析 php
添加容器
# 在 Pod 中增加 php 容器,与 nginx 共享同一块网卡 [root@master ~]# vim web1.yaml --- kind: Pod apiVersion: v1 metadata: name: web1 spec: volumes: - name: logdata persistentVolumeClaim: claimName: pvc1 - name: website persistentVolumeClaim: claimName: pvc2 containers: - name: nginx image: myos:nginx envFrom: - configMapRef: name: timezone volumeMounts: - name: logdata mountPath: /usr/local/nginx/logs - name: website mountPath: /usr/local/nginx/html - name: php # 以下为新增加内容 image: myos:php-fpm envFrom: # 不同容器需要单独配置时区 - configMapRef: name: timezone volumeMounts: - name: website # 不同容器需要单独挂载NFS mountPath: /usr/local/nginx/html [root@master ~]# kubectl delete pod web1 pod "web1" deleted [root@master ~]# kubectl apply -f web1.yaml pod/web1 created [root@master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE web1 2/2 Running 0 5s [root@master ~]# kubectl exec -it web1 -c nginx -- ss -ltun Netid State Recv-Q Send-Q Local Address:Port ... ... tcp LISTEN 0 128 0.0.0.0:80 ... ... tcp LISTEN 0 128 127.0.0.1:9000 ... ...
创建 ConfigMap
# 使用 nginx 配置文件创建 configMap [root@master ~]# kubectl cp -c nginx web1:/usr/local/nginx/conf/nginx.conf nginx.conf [root@master ~]# vim nginx.conf location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } # 使用命令创建 configMap [root@master ~]# kubectl create configmap nginx-php --from-file=nginx.conf configmap/nginx-php created
挂载 ConfigMap
[root@master ~]# vim web1.yaml --- kind: Pod apiVersion: v1 metadata: name: web1 spec: volumes: - name: logdata persistentVolumeClaim: claimName: pvc1 - name: website persistentVolumeClaim: claimName: pvc2 - name: nginx-php # 卷名称 configMap: # 引用资源对象 name: nginx-php # 资源对象名称 containers: - name: nginx image: myos:nginx envFrom: - configMapRef: name: timezone volumeMounts: - name: nginx-php # 卷名称 subPath: nginx.conf # 键值(文件名称) mountPath: /usr/local/nginx/conf/nginx.conf # 路径 - name: logdata mountPath: /usr/local/nginx/logs - name: website mountPath: /usr/local/nginx/html - name: php image: myos:php-fpm envFrom: - configMapRef: name: timezone volumeMounts: - name: website mountPath: /usr/local/nginx/html
解析验证
# 拷贝测试页面 s4/public/info.php [root@ecs-proxy s4]# rsync -av public/info.php 192.168.1.10:/var/webroot/info.php #------------------------------------------------------------ [root@master ~]# kubectl delete pod web1 pod "web1" deleted [root@master ~]# kubectl apply -f web1.yaml pod/web1 created [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE web1 2/2 Running 0 18s 10.244.3.17 node-0003 [root@master ~]# curl http://10.244.3.17/info.php <pre> Array ( [REMOTE_ADDR] => 10.244.0.0 [REQUEST_METHOD] => GET [HTTP_USER_AGENT] => curl/7.29.0 [REQUEST_URI] => /info.php ) php_host: web1 1229
secret 卷
配置登录秘钥
[root@master ~]# kubectl create secret docker-registry harbor-auth --docker-server=harbor:443 --docker-username="用户名" --docker-password="密码" secret/harbor-auth created [root@master ~]# kubectl get secrets harbor-auth -o yaml apiVersion: v1 data: .dockerconfigjson: <经过加密的数据> kind: Secret metadata: name: harbor-auth namespace: default resourceVersion: "1558265" uid: 08f55ee7-2753-41fa-8aec-98a292115fa6 type: kubernetes.io/dockerconfigjson
认证私有仓库
[root@master ~]# vim web2.yaml --- kind: Pod apiVersion: v1 metadata: name: web2 spec: imagePullSecrets: - name: harbor-auth containers: - name: apache image: harbor:443/myimg/httpd:latest [root@master ~]# kubectl apply -f web2.yaml pod/web2 created [root@master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE web1 2/2 Running 0 33m web2 1/1 Running 0 18m [root@master ~]#kubectl describe pods web2
emptyDir 卷
临时空间
[root@master ~]# vim web2.yaml --- kind: Pod apiVersion: v1 metadata: name: web2 spec: imagePullSecrets: - name: harbor-auth volumes: # 卷配置 - name: cache # 卷名称 emptyDir: {} # 资源类型 containers: - name: apache image: harbor:443/myimg/httpd:latest volumeMounts: # 挂载卷 - name: cache # 卷名称 mountPath: /var/cache # 路径 [root@master ~]# kubectl delete pod web2 pod "web2" deleted [root@master ~]# kubectl apply -f web2.yaml pod/web2 created [root@master ~]# kubectl exec -it web2 -- bash [root@web2 html]# mount -l |grep cache #列出挂载 /dev/vda1 on /var/cache type xfs (rw,relatime,attr2)