存储卷管理
一、Pod资源文件
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
containers:
- name: nginx
image: myos:nginx
二、持久卷
1.hostPath卷
spec->volumes->hostPath
spec->containers->volumeMounts
这里的name是spec->volumes->hostPath对象下定义的name额值
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes: # 卷定义
- name: logdata # 卷名称
hostPath: # 资源类型
path: /var/weblog # 宿主机路径
type: DirectoryOrCreate # 目录不存在就创建
containers:
- name: nginx
image: myos:nginx
volumeMounts: # mount 卷
- name: logdata # 卷名称
mountPath: /usr/local/nginx/logs # 容器内路径
验证hostPath卷
[root@master ~]# kubectl apply -f web1.yaml
[root@master ~]# kubectl get pods -o wide
[root@master ~]# curl http://10.244.2.16/
# 删除Pod ,日志数据也不会丢失
[root@master ~]# kubectl delete pod web1
# 来到 node 上查看日志
[root@node-0002 ~]# cat /var/weblog/access.log
2.NFS卷
名称 | IP地址 | 配置 |
---|---|---|
nfs | 192.168.1.10 | 1CPU,1G内存 |
配置NFS服务
# 创建共享目录,并部署测试页面
[root@nfs ~]# mkdir -p /var/webroot
[root@nfs ~]# echo "nfs server" >/var/webroot/index.html
# 部署 NFS 服务
[root@nfs ~]# dnf install -y nfs-utils
[root@nfs ~]# vim /etc/exports
/var/webroot 192.168.1.0/24(rw,no_root_squash)
[root@nfs ~]# systemctl enable --now nfs-server.service
#----------------------------------------------------------#
# 所有 node 节点都要安装 nfs 软件包
[root@node ~]# dnf install -y nfs-utils
Pod调用NFS卷
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
hostPath:
path: /var/weblog
type: DirectoryOrCreate
- name: website # 卷名称
nfs: # NFS 资源类型
server: 192.168.1.10 # NFS 服务器地址
path: /var/webroot # NFS 共享目录
containers:
- name: nginx
image: myos:nginx
volumeMounts:
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website # 卷名称
mountPath: /usr/local/nginx/html # 路径
[root@master ~]# kubectl apply -f web1.yaml
[root@master ~]# kubectl get pods -o wide
访问验证nfs卷
ip地址通过kubectl get pods -o wide获取
[root@master ~]# curl http://10.244.1.19
nfs server
三、 PV/PVC
1.持久卷
官网搜索pv更有效率:
Persistent Volumes | Kubernetes
kind: PersistentVolume
spec->hostPath
spec->nfs
[root@master ~]# vim pv.yaml
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-local
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
capacity:
storage: 30Gi
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /var/weblog
type: DirectoryOrCreate
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-nfs
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
capacity:
storage: 20Gi
persistentVolumeReclaimPolicy: Retain
mountOptions:
- nolock
nfs:
server: 192.168.1.10
path: /var/webroot
[root@master ~]# kubectl apply -f pv.yaml
[root@master ~]# kubectl get persistentvolume
2.持久卷声明
[root@master ~]# vim pvc.yaml
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc1
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 25Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc2
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteMany
resources:
requests:
storage: 15Gi
[root@master ~]# kubectl apply -f pvc.yaml
[root@master ~]# kubectl get persistentvolumeclaims
Pod挂载pvc
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes: # 卷定义
- name: logdata # 卷名称
persistentVolumeClaim: # 通过PVC引用存储资源
claimName: pvc1 # PVC名称
- name: website # 卷名称
persistentVolumeClaim: # 通过PVC引用存储资源
claimName: pvc2 # PVC名称
containers:
- name: nginx
image: myos:nginx
volumeMounts:
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website
mountPath: /usr/local/nginx/html
服务验证
[root@master ~]# kubectl delete pods web1
[root@master ~]# kubectl apply -f web1.yaml
[root@master ~]# kubectl get pods -o wide
四、临时卷
1.configMap
# 使用命令创建 configMap
[root@master ~]# kubectl create configmap tz --from-literal=TZ="Asia/Shanghai"
# 使用资源对象文件创建
[root@master ~]# vim timezone.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
name: timezone
data:
TZ: Asia/Shanghai
[root@master ~]# kubectl apply -f timezone.yaml
[root@master ~]# kubectl get configmaps
1)修改系统时区
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
- name: website
persistentVolumeClaim:
claimName: pvc2
containers:
- name: nginx
image: myos:nginx
envFrom: # 配置环境变量
- configMapRef: # 调用资源对象
name: timezone # 资源对象名称
volumeMounts:
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website
mountPath: /usr/local/nginx/html
[root@master ~]# kubectl delete pods web1
[root@master ~]# kubectl apply -f web1.yaml
[root@master ~]# kubectl exec -it web1 -- date +%T
2)nginx解析php
添加容器
# 在 Pod 中增加 php 容器,与 nginx 共享同一块网卡
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
- name: website
persistentVolumeClaim:
claimName: pvc2
containers:
- name: nginx
image: myos:nginx
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website
mountPath: /usr/local/nginx/html
- name: php # 以下为新增加内容
image: myos:php-fpm
envFrom: # 不同容器需要单独配置时区
- configMapRef:
name: timezone
volumeMounts:
- name: website # 不同容器需要单独挂载NFS
mountPath: /usr/local/nginx/html
[root@master ~]# kubectl delete pod web1
[root@master ~]# kubectl apply -f web1.yaml
[root@master ~]# kubectl get pods
[root@master ~]# kubectl exec -it web1 -c nginx -- ss -ltun
创建ConfigMap
# 使用 nginx 配置文件创建 configMap
[root@master ~]# kubectl cp -c nginx web1:/usr/local/nginx/conf/nginx.conf nginx.conf
[root@master ~]# vim nginx.conf
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
# 使用命令创建 configMap
[root@master ~]# kubectl create configmap nginx-php --from-file=nginx.conf
挂载ConfigMap
spec->volumes->configMap
spec->volumeMounts->configMap
name要设置和 spec->volumes->configMap对象下的name的值一样
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
- name: website
persistentVolumeClaim:
claimName: pvc2
- name: nginx-php # 卷名称
configMap: # 引用资源对象
name: nginx-php # 资源对象名称
containers:
- name: nginx
image: myos:nginx
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: nginx-php # 卷名称
subPath: nginx.conf # 键值(文件名称)
mountPath: /usr/local/nginx/conf/nginx.conf # 路径
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website
mountPath: /usr/local/nginx/html
- name: php
image: myos:php-fpm
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: website
mountPath: /usr/local/nginx/html
解析验证
# 拷贝测试页面 s4/public/info.php
[root@ecs-proxy s4]# rsync -av public/info.php 192.168.1.10:/var/webroot/info.php
#------------------------------------------------------------
[root@master ~]# kubectl delete pod web1
[root@master ~]# kubectl apply -f web1.yaml
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
web1 2/2 Running 0 18s 10.244.3.17 node-0003
[root@master ~]# curl http://10.244.3.17/info.php
<pre>
Array
(
[REMOTE_ADDR] => 10.244.0.0
[REQUEST_METHOD] => GET
[HTTP_USER_AGENT] => curl/7.29.0
[REQUEST_URI] => /info.php
)
php_host: web1
1229
2.secret卷
1)配置登录密钥
[root@master ~]# kubectl create secret docker-registry harbor-auth --docker-server=harbor:443 --docker-username="用户名" --docker-password="密码"
secret/harbor-auth created
[root@master ~]# kubectl get secrets harbor-auth -o yaml
2)认证私有仓库
[root@master ~]# vim web2.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web2
spec:
imagePullSecrets:
- name: harbor-auth
containers:
- name: apache
image: harbor:443/myimg/httpd:latest
[root@master ~]# kubectl apply -f web2.yaml
[root@master ~]# kubectl get pods
3.emptyDir卷
临时空间
[root@master ~]# vim web2.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web2
spec:
imagePullSecrets:
- name: harbor-auth
volumes: # 卷配置
- name: cache # 卷名称
emptyDir: {} # 资源类型
containers:
- name: apache
image: harbor:443/myimg/httpd:latest
volumeMounts: # 挂载卷
- name: cache # 卷名称
mountPath: /var/cache # 路径
[root@master ~]# kubectl delete pod web2
[root@master ~]# kubectl apply -f web2.yaml
[root@master ~]# kubectl exec -it web2 -- bash
[root@web2 html]# mount -l |grep cache