-
第9章 K8s进阶篇-持久化存储入门
9.1 k8s存储Volumes介绍
Container(容器)中的磁盘文件是短暂的,当容器崩溃时,kubelet会重新启动容器,但最初的文件将丢失,Container会以最干净的状态启动。另外,当一个Pod运行多个Container时,各个容器可能需要共享一些文件。Kubernetes Volume可以解决这两个问题。eg:如一个pod里,容器A和容器B需要共享数据;不同pod间共享数据;
一些需要持久化数据的程序才会用到Volumes,或者一些需要共享数据的容器需要volumes。不同pod间共享数据也可以通过volumes解决,比如我们nfs,jfs,ceph,公有云的nas等;
日志收集的需求:需要在应用程序的容器里面加一个sidecar,这个容器是一个收集日志的容器,比如filebeat,它通过volumes共享应用程序的日志文件目录。就是同一个pod下不同容器共享数据;
Volumes:官方文档https://kubernetes.io/docs/concepts/storage/volumes/9.2 Volumes EmptyDir实现数据共享
emptyDir是一个空目录,不需要提前创建相关目录,他的声明周期和Pod是完全一致的,Pod被删除时,emptyDir也会被删除。emptyDir主要是用于同一个Pod内不同的容器之间共享工作过程中产生的文件。
比较常用的volumes的使用emptydir,hostpath,NFS(configmap和secret 之前讲过)等emptydir主要是用用作pod下不同容器间共享数据,不是持久化存储,重启后数据丢失。
和上述volume不同的是,如果删除Pod,emptyDir卷中的数据也将被删除,一般emptyDir卷用于Pod中的不同Container共享数据。它可以被挂载到相同或不同的路径上。
默认情况下,emptyDir卷支持节点上的任何介质,可能是SSD、磁盘或网络存储,具体取决于自身的环境。可以将emptyDir.medium字段设置为Memory,让Kubernetes使用tmpfs(内存支持的文件系统),虽然tmpfs非常快,但是tmpfs在节点重启时,数据同样会被清除,并且设置的大小会被计入到Container的内存限制当中。
[root@k8s-master01 ~]# vim nginx-deploy_1205_emptydir.yaml
- # cat nginx-deploy.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- labels:
- app: nginx
- name: nginx
- spec:
- replicas: 2 #副本数
- selector:
- matchLabels:
- app: nginx
- strategy:
- rollingUpdate:
- maxSurge: 25%
- maxUnavailable: 25%
- type: RollingUpdate
- template:
- metadata:
- creationTimestamp: null
- labels:
- app: nginx
- spec:
- containers:
- - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
- imagePullPolicy: IfNotPresent
- name: nginx
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- # ports:
- # - containerPort: 8080
- # name: nginx-port
- # protocol: TCP
- volumeMounts:
- - mountPath: /opt
- name: share-volume
- - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
- imagePullPolicy: IfNotPresent
- name: nginx2
- command:
- - sh
- - -c
- - sleep 3600
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- # ports:
- # - containerPort: 8090
- # name: nginx2-port
- # protocol: TCP
- volumeMounts:
- - mountPath: /mnt
- name: share-volume
- dnsPolicy: ClusterFirst
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- terminationGracePeriodSeconds: 30
- volumes:
- - name: share-volume
- emptyDir: {}
- #medium: Memory
- [root@k8s-master01 ~]# kubectl create -f nginx-deploy_1205_emptydir.yaml
- deployment.apps/nginx created
副本数是2,所以创建2个pod,每个pod包含2个容器nginx、nginx2
验证1:
pod nginx-6c5778576c-4hxkj nginx
- [root@k8s-master01 ~]# kubectl exec -it nginx-6c5778576c-4hxkj -c nginx -- bash
- root@nginx-6c5778576c-4hxkj:/# df -h
- Filesystem Size Used Avail Use% Mounted on
- overlay 26G 8.2G 18G 32% /
- tmpfs 64M 0 64M 0% /dev
- tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
- /dev/sda3 26G 8.2G 18G 32% /opt
- shm 64M 0 64M 0% /dev/shm
- tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount
- tmpfs 1.5G 0 1.5G 0% /proc/acpi
- tmpfs 1.5G 0 1.5G 0% /proc/scsi
- tmpfs 1.5G 0 1.5G 0% /sys/firmware
- root@nginx-6c5778576c-4hxkj:/# cd /opt
- root@nginx-6c5778576c-4hxkj:/opt# ls
- root@nginx-6c5778576c-4hxkj:/opt# touch test.txt
- root@nginx-6c5778576c-4hxkj:/opt# echo aaaaaaaaaaaaa > test.txt
pod nginx-6c5778576c-4hxkj nginx2
- [root@k8s-master01 ~]# kubectl exec -it nginx-6c5778576c-4hxkj -c nginx2 -- bash
- root@nginx-6c5778576c-4hxkj:/#
- root@nginx-6c5778576c-4hxkj:/# df -h
- Filesystem Size Used Avail Use% Mounted on
- overlay 26G 8.2G 18G 32% /
- tmpfs 64M 0 64M 0% /dev
- tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
- /dev/sda3 26G 8.2G 18G 32% /mnt
- shm 64M 0 64M 0% /dev/shm
- tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount
- tmpfs 1.5G 0 1.5G 0% /proc/acpi
- tmpfs 1.5G 0 1.5G 0% /proc/scsi
- tmpfs 1.5G 0 1.5G 0% /sys/firmware
- root@nginx-6c5778576c-4hxkj:/# cd /mnt
- root@nginx-6c5778576c-4hxkj:/mnt# ls
- test.txt
- root@nginx-6c5778576c-4hxkj:/mnt# cat test.txt
- aaaaaaaaaaaaa
在容器nginx的/opt目录中写入文件test.txt
在容器nginx2的/mnt目录中看到写入的test.txt文件
验证2:
容器nginx2追加内容
root@nginx-6c5778576c-4hxkj:/mnt# echo "bbbbbbbbbbbbbbbbbbbbbbbb" >>test.txt容器nginx查看内容
- root@nginx-6c5778576c-4hxkj:/opt# cat test.txt
- aaaaaaaaaaaaa
- bbbbbbbbbbbbbbbbbbbbbbbb
9.3 Volumes HostPath挂载宿主机路径
Kubernetes是一种用于管理容器化应用程序的开源平台。在Kubernetes中,Pod是最小的可部署单元,可以包含一个或多个容器。每个Pod都有自己的IP地址,可以使用它来与其他Pod进行通信。Pod可以挂载一个或多个卷来存储应用程序数据。其中一个卷类型是HostPath,它允许Pod将宿主机上的文件或目录挂载到其容器中。
HostPath卷类型对于需要直接访问宿主机上的文件或目录的应用程序非常有用。例如,如果需要访问宿主机上的日志文件或配置文件,可以使用HostPath挂载这些文件。但是,使用HostPath也存在一些安全风险,因为它允许Pod访问宿主机上的文件系统。
警告:HostPath 卷存在许多安全风险,最佳做法是尽可能避免使用 HostPath。 当必须使用 HostPath 卷时,它的范围应仅限于所需的文件或目录,并以只读方式挂载。如果通过 AdmissionPolicy 限制 HostPath 对特定目录的访问,则必须要求 volumeMounts 使用 readOnly 挂载以使策略生效。
一般不推荐使用。
vim nginx-deploy_1205_emptydir.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- labels:
- app: nginx
- name: nginx
- spec:
- replicas: 2 #副本数
- selector:
- matchLabels:
- app: nginx
- strategy:
- rollingUpdate:
- maxSurge: 25%
- maxUnavailable: 25%
- type: RollingUpdate
- template:
- metadata:
- creationTimestamp: null
- labels:
- app: nginx
- spec:
- containers:
- - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
- imagePullPolicy: IfNotPresent
- name: nginx
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- # ports:
- # - containerPort: 8080
- # name: nginx-port
- # protocol: TCP
- volumeMounts:
- - mountPath: /opt
- name: share-volume
- - mountPath: /etc/timezone
- name: timezone
- - mountPath: /tmp/
- name: tmp
- - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
- imagePullPolicy: IfNotPresent
- name: nginx2
- command:
- - sh
- - -c
- - sleep 1200
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- # ports:
- # - containerPort: 8090
- # name: nginx2-port
- # protocol: TCP
- volumeMounts:
- - mountPath: /mnt
- name: share-volume
- - mountPath: /etc/timezone
- name: timezone
- dnsPolicy: ClusterFirst
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- terminationGracePeriodSeconds: 30
- volumes:
- - name: share-volume
- emptyDir: {}
- #medium: Memory
- - name: timezone
- hostPath:
- path: /etc/timezone
- type: File
- - name: tmp
- hostPath:
- path: /tmp
- type: Directory
增加如下部分配置:挂载文件、挂载目录
验证:
kubectl replace -f nginx-deploy_1205_emptydir.yaml
- [root@k8s-master01 ~]# kubectl get pod
- NAME READY STATUS RESTARTS AGE
- busybox 0/1 Unknown 0 105d
- nginx-5b95587595-m2fl9 2/2 Running 0 12s
- nginx-5b95587595-x4zhm 2/2 Running 0 14s
- nginx-6c5778576c-4hxkj 2/2 Terminating 1 (30m ago) 90m
- nginx-6c5778576c-b64sf 2/2 Terminating 1 (30m ago) 90m
- nginx-deployment-7f65cbfc84-2npk5 1/1 Running 1 (35d ago) 93d
- nginx-deployment-7f65cbfc84-4hlpt 1/1 Running 1 (35d ago) 93d
- nginx-deployment-7f65cbfc84-dmgfx 1/1 Running 1 (35d ago) 93d
- nginx-deployment-7f65cbfc84-p2dfr 1/1 Running 1 (35d ago) 93d
- nginx-deployment-7f65cbfc84-zkld4 1/1 Running 1 (35d ago) 93d
- [root@k8s-master01 ~]# kubectl exec -it nginx-5b95587595-m2fl9 -c nginx -- bash
- root@nginx-5b95587595-m2fl9:/# df -h
- Filesystem Size Used Avail Use% Mounted on
- overlay 26G 10G 17G 39% /
- tmpfs 64M 0 64M 0% /dev
- tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
- /dev/sda3 26G 10G 17G 39% /opt
- shm 64M 0 64M 0% /dev/shm
- tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount
- tmpfs 1.5G 0 1.5G 0% /proc/acpi
- tmpfs 1.5G 0 1.5G 0% /proc/scsi
- tmpfs 1.5G 0 1.5G 0% /sys/firmware
- root@nginx-5b95587595-m2fl9:/# cd tmp
- root@nginx-5b95587595-m2fl9:/tmp# ls
- sys.log
- #宿主机增加sys2.log文件
- root@nginx-5b95587595-m2fl9:/tmp# ls
- runc-process2653599717 sys.log sys2.log
- #查看/etc/timezone文件
- root@nginx-5b95587595-m2fl9:/tmp# cat /etc/timezone
- Asia/Shanghai
9.4 挂载NFS至容器
master01 安装nfs软件
yum -y install nfs-utils rpcbind宿主机node01(ip:192.168.42.244)安装nfs服务器
- yum -y install nfs-utils rpcbind
- systemctl restart nfs-server
- [root@k8s-node01 ~]# vim /etc/exports
- /mnt/ 192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash)
- /opt/ 192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash)
- #重新加载配置文件
- [root@k8s-node01 ~]# exportfs -rv
- exporting 192.168.0.0/16:/opt
- exporting 192.168.0.0/16:/mnt
- [root@k8s-node01 ~]# systemctl reload nfs-server
- #查看共享目录
- [root@k8s-node01 ~]# showmount -e localhost
- Export list for localhost:
- /opt 192.168.0.0/16
- /mnt 192.168.0.0/16
master01验证node01 nfs server是否正常
- [root@k8s-master01 mnt]# mkdir data
- [root@k8s-master01 mnt]# mount -t nfs 192.168.42.244:/mnt /mnt/data/
- [root@k8s-master01 mnt]# df -h
- Filesystem Size Used Avail Use% Mounted on
- devtmpfs 1.5G 0 1.5G 0% /dev
- tmpfs 1.5G 0 1.5G 0% /dev/shm
- tmpfs 1.5G 153M 1.4G 11% /run
- tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
- /dev/sda3 26G 10G 17G 39% /
- /dev/sda1 1014M 171M 844M 17% /boot
- 。。。
- 192.168.42.244:/mnt 26G 7.8G 19G 30% /mnt/data
- [root@k8s-master01 mnt]# ls /mnt/data/
- node01.txt
- [root@k8s-master01 mnt]# umount data
- [root@k8s-master01 mnt]#
开始测试:
在yaml文件增加如下2部分
vim nginx-deploy_1205_emptydir.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- labels:
- app: nginx
- name: nginx
- spec:
- replicas: 2 #副本数
- selector:
- matchLabels:
- app: nginx
- strategy:
- rollingUpdate:
- maxSurge: 25%
- maxUnavailable: 25%
- type: RollingUpdate
- template:
- metadata:
- creationTimestamp: null
- labels:
- app: nginx
- spec:
- containers:
- - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
- imagePullPolicy: IfNotPresent
- name: nginx
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- # ports:
- # - containerPort: 8080
- # name: nginx-port
- # protocol: TCP
- volumeMounts:
- - mountPath: /opt
- name: share-volume
- - mountPath: /etc/timezone
- name: timezone
- - mountPath: /tmp/
- name: tmp
- - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
- imagePullPolicy: IfNotPresent
- name: nginx2
- command:
- - sh
- - -c
- - sleep 1200
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- # ports:
- # - containerPort: 8090
- # name: nginx2-port
- # protocol: TCP
- volumeMounts:
- - mountPath: /mnt
- name: share-volume
- - mountPath: /etc/timezone
- name: timezone
- - mountPath: /tmp
- name: nfs
- dnsPolicy: ClusterFirst
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- terminationGracePeriodSeconds: 30
- volumes:
- - name: share-volume
- emptyDir: {}
- #medium: Memory
- - name: timezone
- hostPath:
- path: /etc/timezone
- type: File
- - name: tmp
- hostPath:
- path: /tmp
- type: Directory
- - name: nfs
- nfs:
- server: 192.168.42.244
- path: /mnt
- [root@k8s-master01 ~]# kubectl replace -f nginx-deploy_1205_emptydir.yaml
- deployment.apps/nginx replaced
- [root@k8s-master01 ~]# kubectl exec -it nginx-679784694b-g45v7 -c nginx2 -- bash
- root@nginx-679784694b-g45v7:/# df -h
- Filesystem Size Used Avail Use% Mounted on
- overlay 26G 7.8G 19G 30% /
- tmpfs 64M 0 64M 0% /dev
- tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
- /dev/sda3 26G 7.8G 19G 30% /mnt
- 192.168.42.244:/mnt 26G 7.8G 19G 30% /tmp
- shm 64M 0 64M 0% /dev/shm
- tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount
- tmpfs 1.5G 0 1.5G 0% /proc/acpi
- tmpfs 1.5G 0 1.5G 0% /proc/scsi
- tmpfs 1.5G 0 1.5G 0% /sys/firmware
-
相关阅读:
开源和闭源的优劣势比较
java基于SpringBoot+Vue的疫苗预约管理系统 element 前后端分离
陕西省助理评审申报,看这文章就够了
如何从 iPhone 恢复永久删除的视频
基于OFDM的水下图像传输通信系统matlab仿真
vue3 兄弟组件传值方法 使用中间件mitt------进行兄弟元素传值
基于头肩部检测的过线客流统计
机器人到达指定位置的方法数问题
【Java小知识点】类加载器的区别
awk命令的使用
- 原文地址:https://blog.csdn.net/jundao1997/article/details/134443661
