卷管理
- 卷可以解决容器崩溃或重启后历史数据丢失的问题
- 卷可以解决容器或Pod被删除后数据持久保存的问题
- 卷可以解决在多个容器内共享数据的问题
- kubernetes支持很多类型的卷
- Pod可以同时使用任意数目的卷类型
- Pod中的容器在崩溃或重启后数据都不会丢失
- 临时卷
- 临时卷类型的生命周期与Pod相同,当Pod不存在时,k8s也会销毁临时卷
- 持久卷
- 当Pod执行结束或被删除以后,k8s不会销毁持久卷
- 如何使用卷?
- 使用卷时,在
.spec.volumes
字段中设置为Pod提供的卷,并在.spec.containers[*].volumeMounts
字段中声明卷在容器中的挂载位置 - 卷不能挂载到其他卷之上,也不能与其他卷有硬链接
- 使用卷时,在
临时卷
Pod资源文件
---
apiVersion: v1
kind: Pod
metadata:
name: web1
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: nginx
image: myos:nginx
ports:
- protocol: TCP
containerPort: 80
emptyDir卷
- emptyDir是一种临时卷
- emptyDir的本质是一个简单的空白目录
- 当Pod被创建时,emptyDir也会同时被创建,并且Pod在该节点上运行期间,一直存在。当Pod被从节点上删除是,emptyDir卷中的数据也会被永久删除
- emptyDir的用途:
- 临时空间,例如缓存服务器、数据统计分析、归并排列
- 同一个Pod中容器共享数据
[root@master ~]# vim myv1.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: web1
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
volumes: # 定义卷
- name: cache-volume # 卷的名字,在容器内引用
emptyDir: {} # 卷的类型
containers:
- name: nginx
image: myos:nginx
volumeMounts: # 在容器中引用卷
- name: cache-volume # 引用卷的名字
mountPath: /var/cache # 卷在容器中映射的路径,如果路径不存在就创建,存在就覆盖
ports:
- protocol: TCP
containerPort: 80
[root@master ~]# kubectl apply -f myv1.yaml
pod/web1 created
[root@master ~]# kubectl exec -it web1 -- /bin/bash
[root@web html]# df -h /var/cache # 卷会被当作块设备来挂载
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 40G 3.2G 35G 9% /var/cache
[root@master ~]# kubectl delete -f myv1.yaml
pod "web1" deleted
统计访问量(案例1)
[root@master ~]# vim myv1.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: web1
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
volumes:
- name: logs
emptyDir: {}
containers:
- name: nginx
image: myos:nginx
volumeMounts:
- name: logs
mountPath: /usr/local/nginx/logs
ports:
- protocol: TCP
containerPort: 80
- name: log
image: myos:v2009
volumeMounts:
- name: logs
mountPath: /logdata
command: ["/bin/bash"]
args:
- -c
- |
while true;do
awk '{IP[$1]++}END{for(i in IP)print(i,IP[i])}' /logdata/access.log
sleep 60
done
[root@master ~]# kubectl apply -f myv1.yaml
pod/web1 created
[root@master ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE
web1 2/2 Running 0 59s 10.244.3.50 node-0003
[root@master ~]# curl -s http://10.244.3.50
[root@master ~]# curl -s http://10.244.3.50
[root@master ~]# curl -s http://10.244.3.50
Nginx is running !
[root@master ~]# kubectl logs web1 -c log
10.244.0.0 3
configMap卷
-
configMap是一种临时卷
- configMap卷提供了向Pod注入配置数据的方法,允许你将配置文件与镜像分离,使容器化的应用具有可移植性
- configMap在使用之前需要先创建它,configMap不是用来保存大量数据的,在其中保存的数据不可超过1MiB
-
configMap的用途
- 定义临时环境变量
- 修改各种配置文件的参数,数据库的地址,用户名密码等
-
创建configMap的语法格式
kubectl create configmap 名称 [选项/参数]
设置容器变量
# 使用变量创建 configMap
[root@master ~]# kubectl create configmap mycm1 --from-literal=x=123 --from-literal=y=456
configmap/mycm1 created
# 查看 configMap
[root@master ~]# kubectl get configmaps
NAME DATA AGE
kube-root-ca.crt 1 2d5h
mycm1 1 54s
# 引用 configMap 设置环境变量
[root@master ~]# vim myv2.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: web2
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: nginx
image: myos:nginx
ports:
- protocol: TCP
containerPort: 80
envFrom: # 引用一个卷来配置环境变量
- configMapRef: # 引用configMap资源对象
name: mycm1 # 引用configMap资源对象名称
[root@master ~]# kubectl apply -f myv2.yaml
pod/web2 created
[root@master ~]# kubectl exec -it web2 -- /bin/bash
[root@web1 html]# echo ${x},${y}
123,456
- 复杂变量可以使用资源文件
---
kind: ConfigMap # 资源对象类型
apiVersion: v1 # 资源对象版本
metadata: # 元数据,属性信息
name: mycm1 # 资源对象名称
data: # 定义数据
"x": | # 文件/变量名称
123 # 文件/变量内容,不折叠换行符
456
"y": > # 文件/变量名称
123 # 文件/变量内容,折叠换行符
456
配置系统时区
[root@master ~]# vim myv2.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
name: timezone
data:
TZ: "Asia/Shanghai"
---
apiVersion: v1
kind: Pod
metadata:
name: web2
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: nginx
image: myos:nginx
ports:
- protocol: TCP
containerPort: 80
envFrom:
- configMapRef:
name: timezone
[root@master ~]# kubectl delete -f myv2.yaml
pod "web2" deleted
[root@master ~]# kubectl apply -f myv2.yaml
configmap/timezone created
pod/web2 created
[root@master ~]# kubectl exec -it web2 -- /bin/bash
[root@web2 html]# date +%T
配置Nginx解析PHP
# 拷贝 5/public/info.php 到 master 主机,创建测试页面
[root@master ~]# mkdir webphp
[root@master ~]# echo "Hello Nginx ." >webphp/info.html
[root@master ~]# cp info.php webphp/
# 把目录做 configMap
[root@master ~]# kubectl create configmap website --from-file=webphp
configmap/website created
# 修改 nginx 配置文件,并做成 ConfigMap
[root@master ~]# kubectl cp web2:/usr/local/nginx/conf/nginx.conf ./nginx.conf
[root@master ~]# vim nginx.conf
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
[root@master ~]# kubectl create configmap webconf --from-file=nginx.conf
configmap/webconf created
[root@master ~]# kubectl get configmaps
NAME DATA AGE
timezone 1 73m
webconf 1 5s
website 2 4m18s
修改Pod配置文件
[root@master ~]# vim myv2.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
name: timezone
data:
TZ: "Asia/Shanghai"
---
apiVersion: v1
kind: Pod
metadata:
name: web2
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
volumes:
- name: myphp # 数据卷名称
configMap: # 引用数据资源对象类型
name: website # 引用数据资源对象名称
- name: webconf
configMap:
name: webconf
containers:
- name: nginx
image: myos:nginx
volumeMounts: # 在容器中引用卷
- name: myphp # 卷的名字
mountPath: /usr/local/nginx/html/myphp # 卷映射的路径
- name: webconf
subPath: nginx.conf # 映射单一文件时指定子路径
mountPath: /usr/local/nginx/conf/nginx.conf
ports:
- protocol: TCP
containerPort: 80
envFrom:
- configMapRef:
name: timezone
- name: php # 要解析动态网页,php同样需要应用测试网页文件
image: myos:phpfpm
volumeMounts:
- name: myphp # 应用nginx同样的卷
mountPath: /usr/local/nginx/html/myphp # 路径与nginx保持一致
envFrom:
- configMapRef:
name: timezone
[root@master ~]# kubectl delete -f myv2.yaml
pod "web2" deleted
[root@master ~]# kubectl apply -f myv2.yaml
pod/web2 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
web2 2/2 Running 0 7s 10.244.3.13 node-0003
[root@master ~]# curl http://10.244.3.13/myphp/info.php
<pre>
Array
(
[REMOTE_ADDR] => 10.244.0.0
[REQUEST_METHOD] => GET
[HTTP_USER_AGENT] => curl/7.29.0
[REQUEST_URI] => /info.php
)
php_host: web2
1229
保护敏感数据(案例2)
-
某个Pod提供WEB服务
http://ip.xx.xx.xx/myphp/ 目录下php文件有安全风险,为该路径下所有php文件设置认证保护
-
提示:
-
可以使用 httpd-tools 软件包中的 htpasswd 生成密码文件
-
可以使用 nginx 提供认证保护
auth_basic "Website Admin";
auth_basic_user_file "/usr/local/nginx/conf/webauth";
-
# 修改 nginx.conf 配置文件,启用认证
[root@master ~]# vim nginx.conf
location ~ ^/myphp/.+\.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
auth_basic "Website Admin";
auth_basic_user_file "/usr/local/nginx/conf/webauth";
}
[root@master ~]# kubectl delete configmaps webconf
configmap "webconf" deleted
[root@master ~]# kubectl create configmap webconf --from-file=nginx.conf
configmap/webconf created
# 修改 configmap 之后重建 Pod
[root@master ~]# kubectl delete -f myv2.yaml
configmap "timezone" deleted
pod "web2" deleted
[root@master ~]# kubectl apply -f myv2.yaml
configmap/timezone created
pod/web2 created
# 创建认证文件
[root@master ~]# kubectl exec -it web2 -c nginx -- /bin/bash
[root@web2 html]# yum install -y httpd-tools
[root@web2 html]# htpasswd -nbm admin 123456 >/usr/local/nginx/conf/webauth
[root@web2 html]# exit
# 访问验证
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
web2 2/2 Running 0 100s 10.244.2.20 node-0002
[root@master ~]# curl http://10.244.2.20/myphp/info.html
Nginx is running !
[root@master ~]# curl http://10.244.2.20/myphp/info.php
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.17.6</center>
</body>
</html>
[root@master ~]# curl -u admin:123456 http://10.244.2.20/myphp/info.php
<pre>
Array
(
[REMOTE_ADDR] => 127.0.0.1
[REQUEST_METHOD] => GET
[HTTP_USER_AGENT] => curl/7.29.0
[REQUEST_URI] => /myphp/info.php
)
php_host: web
1229
secret卷
-
secret是一种临时卷
- secret类似于ConfigMap但专门用于保存机密数据
- 在设置secret.data字段时,所有键值都必须是经过base64编码的字符串
-
secret的用途:
- 为容器配置变量
- 挂载配置文件/目录到容器上
- 由kublet在为Pod拉取镜像时使用(需要登录的仓库)
-
语法
kubectl create secret 子类型 名称 [选项/参数]
-
子类型
-
通用类型
kubectl create secret generic 名称 [选项/参数]
-
用于创建访问docker仓库的子类型
kubectl create secret docker-registry 名称 [选项/参数]
-
用于创建TLS证书的子类型
kubectl create secret tls 名称 [选项/参数]
-
[root@master ~]# kubectl create secret generic mysecret --from-literal=username=admin --from-literal=password=123456
secret/mysecret created
[root@master ~]# kubectl get secrets
NAME TYPE DATA AGE
default-token-qw9b9 kubernetes.io/service-account-token 3 5d1h
mysecret Opaque 2 54s
[root@master ~]# kubectl get secrets mysecret -o yaml
apiVersion: v1
data:
password: MTIzNDU2 # 变量key是明文,变量value必须base64编码
username: YWRtaW4=
kind: Secret # 资源对象
metadata: # 元数据
creationTimestamp: "2022-09-03T09:51:10Z"
name: mysecret # 资源对象名称
namespace: default
resourceVersion: "288864"
uid: fec7e9bc-f957-40b5-ab7a-0382c75c3224
type: Opaque # 数据类型
Pod 映射 secret
[root@master ~]# vim myv3.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: web3
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: nginx
image: myos:nginx
ports:
- protocol: TCP
containerPort: 80
envFrom: # 引用一个卷来配置环境变量
- secretRef: # 引用secret资源对象
name: mysecret # secret资源对象的名称
[root@master ~]# kubectl apply -f myv3.yaml
pod/web3 created
[root@master ~]# kubectl exec -it web3 -- /bin/bash
[root@web3 html]# echo ${username},${password}
admin,123456
[root@master ~]# kubectl delete -f myv3.yaml
pod "web3" deleted
[root@master ~]# kubectl delete secrets mysecret
secret "mysecret" deleted
为案例2配置用户名密码
# 生成加密 base64 数据
[root@master ~]# kubectl exec -it web2 -c nginx -- /bin/bash
[root@web2 html]# yum install -y httpd-tools
[root@web2 html]# htpasswd -nbm admin 123456 |base64
YWRtaW46JGFwcjEkdGJqOXJISUckdk9DRFpDaFZJUHl0ZHdGSXl1Qm91MAoK
[root@web2 html]# exit
# 使用 secret 设置密码
[root@master ~]# vim myv2.yaml
---
kind: Secret
apiVersion: v1
metadata:
name: myauth
type: Opaque
data:
webauth: YWRtaW46JGFwcjEkdGJqOXJISUckdk9DRFpDaFZJUHl0ZHdGSXl1Qm91MAoK
---
kind: ConfigMap
apiVersion: v1
metadata:
name: timezone
data:
TZ: "Asia/Shanghai"
---
apiVersion: v1
kind: Pod
metadata:
name: web2
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
volumes:
- name: myphp
configMap:
name: website
- name: webconf
configMap:
name: webconf
- name: webauth # 卷名称
secret: # 引用卷的类型
secretName: myauth # 映射的资源对象名称
items: # 声明映射的键值,唯一时可以省略
- key: webauth # 映射的键值名称
path: webauth # 映射的文件名称
mode: 0644 # 映射文件的权限
containers:
- name: nginx
image: myos:nginx
volumeMounts:
- name: myphp
mountPath: /usr/local/nginx/html/myphp
- name: webconf
subPath: nginx.conf
mountPath: /usr/local/nginx/conf/nginx.conf
- name: webauth # 卷名字
subPath: webauth # 文件名称
mountPath: /usr/local/nginx/conf/webauth # 路径
ports:
- protocol: TCP
containerPort: 80
envFrom:
- configMapRef:
name: timezone
- name: php
image: myos:phpfpm
volumeMounts:
- name: myphp
mountPath: /usr/local/nginx/html/myphp
envFrom:
- configMapRef:
name: timezone
[root@master ~]# kubectl delete pod web2
pod "web2" deleted
[root@master ~]# kubectl apply -f myv2.yaml
configmap/timezone created
secret/myauth created
pod/web2 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
web2 2/2 Running 0 4s 10.244.3.22 node-0003
[root@master ~]# curl -u admin:123456 http://10.244.3.22/myphp/info.php
<pre>
Array
(
[REMOTE_ADDR] => 10.244.0.0
[REQUEST_METHOD] => GET
[HTTP_USER_AGENT] => curl/7.29.0
[REQUEST_URI] => /myphp/info.php
)
php_host: web2
1229
登录认证仓库(扩展)
# 创建需要登录私有仓库的资源对象
# --docker-server=harbor:443 # 仓库主机端口
# --docker-username=admin # 登录用户名
# --docker-password=123456 # 密码
[root@master ~]# kubectl create secret docker-registry harbor-auth --docker-server=harbor:443 --docker-username=admin --docker-password=123456
secret/harbor-auth created
[root@master ~]# kubectl get secrets
NAME TYPE DATA AGE
harbor-auth kubernetes.io/dockerconfigjson 1 24s
---
kind: Pod
apiVersion: v1
metadata:
name: myapp
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
imagePullSecrets: # 镜像仓库认证数据
- name: harbor-auth # 引用secter卷名称
containers:
- name: nginx
image: harbor:443/myimg/myos:nginx
imagePullPolicy: Always
持久卷
hostPath卷
- hostPath是持久卷
- hostPath卷的本质是使用本地设备,例如磁盘、分区、目录、Socket、CcharDevice 和 BlockDevice等等。hostPath卷的可用性取决于底层节点的可用性,如果节点变得不健康,那么hostPath卷也将不可被访问
- hostPath卷里面的数据不会随着Pod的结束而消失
- 注意事项:配置相同的Pod,可能在不同的节点上表现不同,因为不同节点上映射的文件内容不同
- type对应类型
type类型 | 说明 |
---|---|
DirectoryOrCreate | 卷映射对象是一个目录,如果不存在就创建它,不能跨主机共享 |
Directory | 卷映射对象是一个目录,且必须存在,不能跨主机共享 |
FileOrCreate | 卷映射对象是一个文件,如果不存在就创建它,不能跨主机共享 |
File | 卷映射对象是一个文件,且必须存在,不能跨主机共享 |
Socket | 卷映射对象是一个Socket套接字,且必须存在 |
CharDevice | 卷映射对象是一个字符设备,且必须存在 |
BlockDevice | 卷映射对象是一个块设备,且必须存在 |
[root@master ~]# vim myv5.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: web5
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
volumes:
- name: mydata # 数据卷名称
hostPath: # 引用的资源对象类型
path: /var/log # 在节点上存放的路径
type: DirectoryOrCreate # 目录不存在就创建新的
containers:
- name: nginx
image: myos:nginx
ports:
- protocol: TCP
containerPort: 80
volumeMounts: # 在容器中引用卷
- name: mydata # 引用卷的名字
mountPath: /log # 卷在容器中映射的路径
[root@master ~]# kubectl apply -f myv5.yaml
pod/web5 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
web5 1/1 Running 0 4s 10.244.2.28 node-0002
[root@master ~]# kubectl exec -it web5 -- /bin/bash
# 在不同的预节点显示的数据不同
[root@web5 data]# cat /log/messages
... ...
# 创建的数据可以永久保存,即使 Pod 被删除也不会丢失
[root@web5 data]# echo "hello world" >/log/myfile.txt
[root@master ~]# kubectl delete -f myv5.yaml
pod "web5" deleted
[root@node-0002 ~]# cat /var/log/myfile.txt
hello world
NFS卷
- NFS是持久卷
- NFS卷能够将NFS(网络文件系统)挂载到你的Pod中
- NFS卷的内容在删除Pod时会被卸载(umount),而不是被删除。NFS卷可以在不同节点的Pod之间共享数据
- NFS卷的用途
- NFS最大的功能就是在不同节点的不同Pod中共享读写数据。本地NFS的客户端可以透明的读写位于远端NFS服务器上的文件,就像访问本地文件一样
搭建NFS服务器
# 搭建 NFS 服务
[root@registry ~]# yum install -y nfs-utils
[root@registry ~]# mkdir -m 0777 /var/webroot
[root@registry ~]# echo "This is NFS server" >/var/webroot/index.html
[root@registry ~]# echo -e "/var/webroot\t*(rw)" >/etc/exports
[root@registry ~]# systemctl enable --now nfs
# 在 master 上验证服务
[root@master ~]# yum install -y nfs-utils
[root@master ~]# showmount -e registry
Export list for registry:
/var/webroot *
# 在所有节点安装 NFS 模块
[root@node-0001 ~]# yum install -y nfs-utils
[root@node-0002 ~]# yum install -y nfs-utils
[root@node-0003 ~]# yum install -y nfs-utils
搭建NFS服务器
[root@master ~]# vim myv6.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: web6
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
volumes: # 定义存储卷
- name: website # 存储卷名称
nfs: # 定义资源对象
server: registry # NFS服务器地址
path: /var/webroot # NFS服务器共享目录
containers:
- name: nginx
image: myos:nginx
ports:
- protocol: TCP
containerPort: 80
volumeMounts: # 映射存储卷
- name: website # 映射存储卷名称
mountPath: /usr/local/nginx/html # 映射到容器中的路径
[root@master ~]# kubectl apply -f myv6.yaml
pod/web6 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
web6 1/1 Running 0 3s 10.244.1.18 node-0001
[root@master ~]# curl http://10.244.1.18/
This is NFS server
# 清理实验 Pod
[root@master ~]# kubectl delete -f myv6.yaml
pod "web6" deleted
PV/PVC卷
-
PV 的全称是 Persistent Volume ,是持久卷
-
PVC 的全称是 PersistentVolumeClaim ,是持久卷声明
-
PV/PVC的用途
- 能提供一种通用的API来完成Pod对卷的部署管理与使用。
- PV/PVC的引入使集群具备了存储的逻辑抽象能力
-
k8s 支持的存储卷
支持类型 | 支持类型 | 支持类型 | 支持类型 |
---|---|---|---|
awsElasticBlockStore | downwardAPI | glusterfs | CSI |
azureDisk | emptyDir | hostPath | ISCSI |
azureFile | portworxVolume | vsphereVolume | rbd |
cephfs | flexVolume | nfs | scaelO |
configMap | gcePersistentDisk | persistentVolumeClaim | secret |
- 如何使用PV/PVC
- PV是资源的提供者,根据集群的基础设施变化而变化,由K8s集群管理员配置
- PVC是资源的使用者,根据业务服务的需求变化来配置,用户无需知道PV的技术细节,只需要声明你需要什么样的资源即可
- PVC会根据用户声明的需求,自动找到PV完成绑定
持久卷(PV)
[root@master ~]# vim pv.yaml
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-local
spec:
volumeMode: Filesystem # 提供资源的类型 [Filesystem, Block]
accessModes: # 存储卷能提供的访问模式
- ReadWriteOnce # 卷支持的模式 [RWO、ROX、RWX、RWOP],hostPath只支持RWO
capacity: # 存储卷能提供的存储空间
storage: 30Gi # 空间大小
persistentVolumeReclaimPolicy: Retain # 数据手工回收 [Retain, Recycle, Delete]
hostPath:
path: /var/weblog
type: DirectoryOrCreate
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-nfs
spec:
volumeMode: Filesystem # 提供Filesystem访问方式
accessModes: # NFS支持多种访问方式,如 RWO、ROX、RWX
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
capacity:
storage: 20Gi # NFS能提供的磁盘空间
persistentVolumeReclaimPolicy: Retain # 数据手工回收
nfs: # NFS配置
server: registry
path: /var/webroot
[root@master ~]# kubectl apply -f pv.yaml
persistentvolume/pv-local created
persistentvolume/pv-nfs created
[root@master ~]# kubectl get persistentvolume
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pv-local 30Gi RWO Retain Available 2s
pv-nfs 20Gi RWO,ROX,RWX Retain Available 2s
持久卷声明(PVC)
[root@master ~]# vim pvc.yaml
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc1
spec:
volumeMode: Filesystem # 需要使用Filesystem的存储卷
accessModes:
- ReadWriteOnce # 需要支持RWO的存储卷
resources:
requests:
storage: 18Gi # 最小磁盘空间需求
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc2
spec:
volumeMode: Filesystem # 需要使用Filesystem的存储卷
accessModes:
- ReadWriteMany # 需要支持RWM的存储卷
resources:
requests:
storage: 15Gi # 最小磁盘空间需求
[root@master ~]# kubectl apply -f pvc.yaml
persistentvolumeclaim/pvc1 created
persistentvolumeclaim/pvc2 created
[root@master ~]# kubectl get persistentvolumeclaims
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
pvc1 Bound pv-local 30Gi RWO 8s
pvc2 Bound pv-nfs 20Gi RWO,ROX,RWX 8s
Pod 调用 PVC
[root@master ~]# vim myv7.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: web7
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
volumes: # 定义存储卷
- name: logdata # 存储卷名称
persistentVolumeClaim: # 定义资源对象类型
claimName: pvc1 # 资源对象类型PVC1
- name: website # 存储卷名称
persistentVolumeClaim: # 定义资源对象类型
claimName: pvc2 # 资源对象类型PVC2
containers:
- name: nginx
image: myos:nginx
ports:
- protocol: TCP
containerPort: 80
volumeMounts:
- name: logdata # PVC卷名称
mountPath: /usr/local/nginx/logs # 挂载路径
- name: website # PVC卷名称
mountPath: /usr/local/nginx/html # 挂载路径
[root@master ~]# kubectl apply -f myv7.yaml
pod/web7 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
web7 1/1 Running 0 19s 10.244.1.20 node-0001
[root@master ~]# curl http://10.244.1.20/
This is NFS server
[root@master ~]# kubectl delete -f myv7.yaml
pod "web7" deleted
[root@node-0001 ~]# cat /var/weblog/access.log
10.244.0.0 - - [27/Jun/2022:02:00:12 +0000] "GET / HTTP/1.1" 200 19 "-" "curl/7.29.0"
10.244.0.0 - - [27/Jun/2022:02:00:14 +0000] "GET / HTTP/1.1" 200 19 "-" "curl/7.29.0"