环境准备
-
所有节点
yum install -y nfs-utils
-
主节点
#nfs主节点 echo "/nfs/data/ *(insecure,rw,sync,no_root_squash)" > /etc/exports mkdir -p /nfs/data systemctl enable rpcbind --now systemctl enable nfs-server --now #配置生效 exportfs -r
-
从节点
showmount -e 192.168.0.29 # 主节点ip #执行以下命令挂载 nfs 服务器上的共享目录到本机路径 /root/nfsmount mkdir -p /nfs/data mount -t nfs 192.168.0.29:/nfs/data /nfs/data # 写入一个测试文件 echo "hello nfs server" > /nfs/data/test.txt
-
原生数据挂载方式
apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx-pv-demo name: nginx-pv-demo spec: replicas: 2 selector: matchLabels: app: nginx-pv-demo template: metadata: labels: app: nginx-pv-demo spec: containers: - image: nginx name: nginx volumeMounts: - name: html mountPath: /usr/share/nginx/html volumes: - name: html nfs: server: 192.168.0.29 path: /nfs/data/nginx-pv
核心概念 PV & PVC
PV: Persistence Volume,将应用需要持久化的数据保存到指定位置
PVC: Persistence Volume Clain,申请需要使用的持久卷规格
-
创建pv池
#nfs主节点 mkdir -p /nfs/data/01 mkdir -p /nfs/data/02 mkdir -p /nfs/data/03
-
在k8s中创建pv
apiVersion: v1 kind: PersistentVolume metadata: name: pv01-10m spec: capacity: storage: 10M accessModes: - ReadWriteMany storageClassName: nfs nfs: path: /nfs/data/01 server: 192.168.0.29 --- apiVersion: v1 kind: PersistentVolume metadata: name: pv02-1gi spec: capacity: storage: 1Gi accessModes: - ReadWriteMany storageClassName: nfs nfs: path: /nfs/data/02 server: 192.168.0.29 --- apiVersion: v1 kind: PersistentVolume metadata: name: pv03-3gi spec: capacity: storage: 3Gi accessModes: - ReadWriteMany storageClassName: nfs nfs: path: /nfs/data/03 server: 192.168.0.29
-
pvc创建与pv绑定
这里的 storageClassName要与前面创建pv时,指定的storageClassName一致kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nginx-pvc spec: accessModes: - ReadWriteMany resources: requests: storage: 200Mi storageClassName: nfs
从创建的结果来看,我们创建的pvc与上一步中创建的名称为pv02-1gi的pv进行的绑定。原因是我们创建的pvc需要200M空间,但是能满足要求的空间最小的pv是1G空间的pv,即pv02-1gi。 -
创建pod,与pvc进行绑定
apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx-deploy-pvc name: nginx-deploy-pvc spec: replicas: 2 selector: matchLabels: app: nginx-deploy-pvc template: metadata: labels: app: nginx-deploy-pvc spec: containers: - image: nginx name: nginx volumeMounts: - name: html mountPath: /usr/share/nginx/html volumes: - name: html persistentVolumeClaim: claimName: nginx-pvc
ConfigMap
- redis.conf
appendonly yes
- 将redis.conf转变成configMap
在k8s中执行如下命令kubectl create cm redis-conf --from-redis=redis.conf
- 查看configMap
kubectl get cm redis-conf -oyaml
- 使用configMap创建redis pod
apiVersion: v1 kind: Pod metadata: name: redis spec: containers: - name: redis image: redis command: - redis-server - "/redis-master/redis.conf" #指的是redis容器内部的位置 ports: - containerPort: 6379 volumeMounts: - mountPath: /data name: data - mountPath: /redis-master name: config volumes: - name: data emptyDir: {} - name: config configMap: name: redis-conf items: - key: redis.conf path: redis.conf
Secret
Secret对象类型是用来保存敏感信息,例如密码,OAuth令牌和SSH密钥。将这些信息放在secret中比放在Pod的定义或者容器镜像中来说更加安全和灵活。
kubectl create secret docker-registry my-docker-secret \
--docker-username=username \
--docker-password=password \
--docker-email=
##命令格式
kubectl create secret docker-registry regcred \
--docker-server=<你的镜像仓库服务器> \
--docker-username=<你的用户名> \
--docker-password=<你的密码> \
--docker-email=<你的邮箱地址>
如何使用创建的secret下载私有镜像
apiVersion: v1
kind: Pod
metadata:
name: private-nginx
spec:
containers:
- name: private-nginx
image: xxxxxxxx # 我的私有镜像
imagePullSecrets:
- name: my-docker-secret # 刚创建的Secret的名称