kubernetes的存储抽象
kubernetes-NFS
准备环境
- 所有节点
yum install -y nfs-utils
- 主节点
# nfs主节点
echo "/nfs/data/ *(insecure,rw,sync,no_root_squash)" > /etc/exports
mkdir -p /nfs/data
systemctl enable rpcbind --now
systemctl enable nfs-server --now
# 配置生效
exportfs -r
- 从节点
showmount -e master的私有IP
# 执行以下命令挂载nfs服务器上的共享目录到本机路径/root/nfsmount
mkdir -p /nfs/data
mount -t nfs master的私有IP:/nfs/data /nfs/data
# 写入一个测试文件
echo "hello nfs server" > /nfs/data/test.txt
Deployment使用NFS进行挂载
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-pv
name: nginx-pv
spec:
replicas: 2
selector:
matchLabels:
app: nginx-pv
template:
metadata:
labels:
app: nginx-pv
spec:
containers:
- image: nginx
name: nginx
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
volumes:
- name: html
nfs:
server: nfs server的ip
path: /nfs/data/nginx-pv
PV与PVC使用
PV:持久卷(Persistent Volume),将应用需要持久化的数据保存到指定位置。
PVC:持久卷申明(Persistent Volume Claim),申明需要使用的持久卷规格。
- 创建pv池
# nfs主节点
mkdir -p /nfs/data/01
mkdir -p /nfs/data/02
mkdir -p /nfs/data/03
- 创建pv
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv01-10m
spec:
capacity:
storage: 10M
accessModes:
- ReadWriteMany
storageClassName: nfs
nfs:
path: /nfs/data/01
server: nfs server的IP
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv02-1gi
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: nfs
nfs:
path: /nfs/data/02
server: nfs server的IP
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv03-3gi
spec:
capacity:
storage: 3Gi
accessModes:
- ReadWriteMany
storageClassName: nfs
nfs:
path: /nfs/data/03
server: nfs server的IP
kubectl apply -f pv.yaml
kubectl get PersistentVolume
- pvc的创建与绑定
创建pvc
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginx-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200Mi
storageClassName: nfs
kubectl get pv
kubectl apply -f pvc.yaml
kubectl get pv
kubectl delete -f pvc.yaml
# 删除后pv释放
创建Pod绑定PVC
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy-pvc
name: nginx-deploy-pvc
spec:
replicas: 2
selector:
matchLabels:
app: nginx-deploy-pvc
template:
metadata:
labels:
app: nginx-deploy-pvc
spec:
containers:
- image: nginx
name: nginx
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
volumes:
- name: html
persistentVolumeClaim:
claimName: nginx-pvc
kubectl apply -f dep02.yaml
ConfigMap
抽取应用配置,并且可以自动更新。
Redis示例
- 把之前的配置文件创建为配置集
# 创建配置,redis保存到k8s的etcd
kubectl create cm redis-config --from-file=redis.conf
kubectl get cm
kubectl get cm redis-config -oyaml
# 输出内容
apiVersion: v1
data:
redis.conf: | # key是文件名 value是文件内容
appendonly yes
kind: ConfigMap
metadata:
name: redis-conf
namespace: default
- 创建Pod
apiVersion: v1
kind: Pod
metadata:
name: redis
spec:
containers:
- name: redis
image: redis
command:
- redis-server
- "/redis-master/redis.conf"
ports:
- containerPort: 6379
volumeMounts:
- mountPath: /data
name: data
- mountPath: /redis-master
name: config
volumes:
- name: data
emptyDir: {}
- name: config
configMap:
name: redis-config
items:
- key: redis.config
path: redis.config
kubectl apply -f redis.yaml
- 检查默认配置
kubectl exec -it redis --redis-cli
CONFIG GET appendonly
Secret
Secret对象类型用来保存敏感信息,例如密码、OAuth令牌和SSH密钥。将这些信息放在Secret中比放在Pod的定义或者容器镜像中来说更加安全灵活。
kubectl create secret docker-registry regcred \
--docker-server=<镜像仓库服务器> \
--docker-username=<用户名> \
--docker-password=<密码> \
--docker-email=<邮箱地址>
管理员执行上面命令后,执行下面yaml就可以从私有仓库中下载安装Pod
apiVersion: v1
kind: Pod
metadata:
name: private-nginx
spec:
containers:
- name: private-nginx
image: qrxqrx/nginx:v1.0
imagePullSecret:
- name: regcred
kubectl apply -f mypod.yaml