9.1 k8s存储Volumes介绍
Container(容器)中的磁盘文件是短暂的,当容器崩溃时,kubelet会重新启动容器,但最初的文件将丢失,Container会以最干净的状态启动。另外,当一个Pod运行多个Container时,各个容器可能需要共享一些文件。Kubernetes Volume可以解决这两个问题。eg:如一个pod里,容器A和容器B需要共享数据;不同pod间共享数据;
一些需要持久化数据的程序才会用到Volumes,或者一些需要共享数据的容器需要volumes。
不同pod间共享数据也可以通过volumes解决,比如我们nfs,jfs,ceph,公有云的nas等;
日志收集的需求:需要在应用程序的容器里面加一个sidecar,这个容器是一个收集日志的容器,比如filebeat,它通过volumes共享应用程序的日志文件目录。就是同一个pod下不同容器共享数据;
Volumes:官方文档https://kubernetes.io/docs/concepts/storage/volumes/
9.2 Volumes EmptyDir实现数据共享
emptyDir是一个空目录,不需要提前创建相关目录,他的声明周期和Pod是完全一致的,Pod被删除时,emptyDir也会被删除。emptyDir主要是用于同一个Pod内不同的容器之间共享工作过程中产生的文件。
比较常用的volumes的使用emptydir,hostpath,NFS(configmap和secret 之前讲过)等
emptydir主要是用用作pod下不同容器间共享数据,不是持久化存储,重启后数据丢失。
和上述volume不同的是,如果删除Pod,emptyDir卷中的数据也将被删除,一般emptyDir卷用于Pod中的不同Container共享数据。它可以被挂载到相同或不同的路径上。
默认情况下,emptyDir卷支持节点上的任何介质,可能是SSD、磁盘或网络存储,具体取决于自身的环境。可以将emptyDir.medium字段设置为Memory,让Kubernetes使用tmpfs(内存支持的文件系统),虽然tmpfs非常快,但是tmpfs在节点重启时,数据同样会被清除,并且设置的大小会被计入到Container的内存限制当中。
root@k8s-master01 \~\]# vim nginx-deploy_1205_emptydir.yaml ```bash # cat nginx-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 2 #副本数 selector: matchLabels: app: nginx strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12 imagePullPolicy: IfNotPresent name: nginx resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File # ports: # - containerPort: 8080 # name: nginx-port # protocol: TCP volumeMounts: - mountPath: /opt name: share-volume - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12 imagePullPolicy: IfNotPresent name: nginx2 command: - sh - -c - sleep 3600 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File # ports: # - containerPort: 8090 # name: nginx2-port # protocol: TCP volumeMounts: - mountPath: /mnt name: share-volume dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: share-volume emptyDir: {} #medium: Memory ``` ```bash [root@k8s-master01 ~]# kubectl create -f nginx-deploy_1205_emptydir.yaml deployment.apps/nginx created ``` 副本数是2,所以创建2个pod,每个pod包含2个容器nginx、nginx2  验证1: pod nginx-6c5778576c-4hxkj nginx ```bash [root@k8s-master01 ~]# kubectl exec -it nginx-6c5778576c-4hxkj -c nginx -- bash root@nginx-6c5778576c-4hxkj:/# df -h Filesystem Size Used Avail Use% Mounted on overlay 26G 8.2G 18G 32% / tmpfs 64M 0 64M 0% /dev tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup /dev/sda3 26G 8.2G 18G 32% /opt shm 64M 0 64M 0% /dev/shm tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount tmpfs 1.5G 0 1.5G 0% /proc/acpi tmpfs 1.5G 0 1.5G 0% /proc/scsi tmpfs 1.5G 0 1.5G 0% /sys/firmware root@nginx-6c5778576c-4hxkj:/# cd /opt root@nginx-6c5778576c-4hxkj:/opt# ls root@nginx-6c5778576c-4hxkj:/opt# touch test.txt root@nginx-6c5778576c-4hxkj:/opt# echo aaaaaaaaaaaaa > test.txt ``` pod nginx-6c5778576c-4hxkj nginx2 ```bash [root@k8s-master01 ~]# kubectl exec -it nginx-6c5778576c-4hxkj -c nginx2 -- bash root@nginx-6c5778576c-4hxkj:/# root@nginx-6c5778576c-4hxkj:/# df -h Filesystem Size Used Avail Use% Mounted on overlay 26G 8.2G 18G 32% / tmpfs 64M 0 64M 0% /dev tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup /dev/sda3 26G 8.2G 18G 32% /mnt shm 64M 0 64M 0% /dev/shm tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount tmpfs 1.5G 0 1.5G 0% /proc/acpi tmpfs 1.5G 0 1.5G 0% /proc/scsi tmpfs 1.5G 0 1.5G 0% /sys/firmware root@nginx-6c5778576c-4hxkj:/# cd /mnt root@nginx-6c5778576c-4hxkj:/mnt# ls test.txt root@nginx-6c5778576c-4hxkj:/mnt# cat test.txt aaaaaaaaaaaaa ``` 在容器nginx的/opt目录中写入文件test.txt 在容器nginx2的/mnt目录中看到写入的test.txt文件 验证2: 容器nginx2追加内容 ```bash root@nginx-6c5778576c-4hxkj:/mnt# echo "bbbbbbbbbbbbbbbbbbbbbbbb" >>test.txt ``` 容器nginx查看内容 ```bash root@nginx-6c5778576c-4hxkj:/opt# cat test.txt aaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbb ``` ## 9.3 Volumes HostPath挂载宿主机路径 Kubernetes是一种用于管理[容器](https://cloud.tencent.com/product/tke?from_column=20065&from=20065 "容器")化应用程序的开源平台。在Kubernetes中,Pod是最小的可部署单元,可以包含一个或多个容器。每个Pod都有自己的IP地址,可以使用它来与其他Pod进行通信。Pod可以挂载一个或多个卷来存储应用程序数据。其中一个卷类型是HostPath,它允许Pod将[宿主机](https://cloud.tencent.com/product/cdh?from_column=20065&from=20065 "宿主机")上的文件或目录挂载到其容器中。 HostPath卷类型对于需要直接访问宿主机上的文件或目录的应用程序非常有用。例如,如果需要访问宿主机上的日志文件或配置文件,可以使用HostPath挂载这些文件。但是,使用HostPath也存在一些安全风险,因为它允许Pod访问宿主机上的文件系统。 **警告**:HostPath 卷存在许多安全风险,最佳做法是尽可能避免使用 HostPath。 当必须使用 HostPath 卷时,它的范围应仅限于所需的文件或目录,并以只读方式挂载。如果通过 AdmissionPolicy 限制 HostPath 对特定目录的访问,则必须要求 volumeMounts 使用 readOnly 挂载以使策略生效。 一般不推荐使用。 vim nginx-deploy_1205_emptydir.yaml ```bash apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 2 #副本数 selector: matchLabels: app: nginx strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12 imagePullPolicy: IfNotPresent name: nginx resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File # ports: # - containerPort: 8080 # name: nginx-port # protocol: TCP volumeMounts: - mountPath: /opt name: share-volume - mountPath: /etc/timezone name: timezone - mountPath: /tmp/ name: tmp - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12 imagePullPolicy: IfNotPresent name: nginx2 command: - sh - -c - sleep 1200 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File # ports: # - containerPort: 8090 # name: nginx2-port # protocol: TCP volumeMounts: - mountPath: /mnt name: share-volume - mountPath: /etc/timezone name: timezone dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: share-volume emptyDir: {} #medium: Memory - name: timezone hostPath: path: /etc/timezone type: File - name: tmp hostPath: path: /tmp type: Directory ``` 增加如下部分配置:挂载文件、挂载目录   验证: kubectl replace -f nginx-deploy_1205_emptydir.yaml ```bash [root@k8s-master01 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE busybox 0/1 Unknown 0 105d nginx-5b95587595-m2fl9 2/2 Running 0 12s nginx-5b95587595-x4zhm 2/2 Running 0 14s nginx-6c5778576c-4hxkj 2/2 Terminating 1 (30m ago) 90m nginx-6c5778576c-b64sf 2/2 Terminating 1 (30m ago) 90m nginx-deployment-7f65cbfc84-2npk5 1/1 Running 1 (35d ago) 93d nginx-deployment-7f65cbfc84-4hlpt 1/1 Running 1 (35d ago) 93d nginx-deployment-7f65cbfc84-dmgfx 1/1 Running 1 (35d ago) 93d nginx-deployment-7f65cbfc84-p2dfr 1/1 Running 1 (35d ago) 93d nginx-deployment-7f65cbfc84-zkld4 1/1 Running 1 (35d ago) 93d [root@k8s-master01 ~]# kubectl exec -it nginx-5b95587595-m2fl9 -c nginx -- bash root@nginx-5b95587595-m2fl9:/# df -h Filesystem Size Used Avail Use% Mounted on overlay 26G 10G 17G 39% / tmpfs 64M 0 64M 0% /dev tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup /dev/sda3 26G 10G 17G 39% /opt shm 64M 0 64M 0% /dev/shm tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount tmpfs 1.5G 0 1.5G 0% /proc/acpi tmpfs 1.5G 0 1.5G 0% /proc/scsi tmpfs 1.5G 0 1.5G 0% /sys/firmware root@nginx-5b95587595-m2fl9:/# cd tmp root@nginx-5b95587595-m2fl9:/tmp# ls sys.log #宿主机增加sys2.log文件 root@nginx-5b95587595-m2fl9:/tmp# ls runc-process2653599717 sys.log sys2.log #查看/etc/timezone文件 root@nginx-5b95587595-m2fl9:/tmp# cat /etc/timezone Asia/Shanghai ```  ## 9.4 挂载NFS至容器 master01 安装nfs软件 ```bash yum -y install nfs-utils rpcbind ``` 宿主机node01(ip:192.168.42.244)安装nfs服务器 ```bash yum -y install nfs-utils rpcbind systemctl restart nfs-server [root@k8s-node01 ~]# vim /etc/exports /mnt/ 192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash) /opt/ 192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash) #重新加载配置文件 [root@k8s-node01 ~]# exportfs -rv exporting 192.168.0.0/16:/opt exporting 192.168.0.0/16:/mnt [root@k8s-node01 ~]# systemctl reload nfs-server #查看共享目录 [root@k8s-node01 ~]# showmount -e localhost Export list for localhost: /opt 192.168.0.0/16 /mnt 192.168.0.0/16 ``` master01验证node01 nfs server是否正常 ```bash [root@k8s-master01 mnt]# mkdir data [root@k8s-master01 mnt]# mount -t nfs 192.168.42.244:/mnt /mnt/data/ [root@k8s-master01 mnt]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 1.5G 0 1.5G 0% /dev tmpfs 1.5G 0 1.5G 0% /dev/shm tmpfs 1.5G 153M 1.4G 11% /run tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup /dev/sda3 26G 10G 17G 39% / /dev/sda1 1014M 171M 844M 17% /boot 。。。 192.168.42.244:/mnt 26G 7.8G 19G 30% /mnt/data [root@k8s-master01 mnt]# ls /mnt/data/ node01.txt [root@k8s-master01 mnt]# umount data [root@k8s-master01 mnt]# ``` 开始测试: 在yaml文件增加如下2部分   vim nginx-deploy_1205_emptydir.yaml ```bash apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 2 #副本数 selector: matchLabels: app: nginx strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12 imagePullPolicy: IfNotPresent name: nginx resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File # ports: # - containerPort: 8080 # name: nginx-port # protocol: TCP volumeMounts: - mountPath: /opt name: share-volume - mountPath: /etc/timezone name: timezone - mountPath: /tmp/ name: tmp - image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12 imagePullPolicy: IfNotPresent name: nginx2 command: - sh - -c - sleep 1200 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File # ports: # - containerPort: 8090 # name: nginx2-port # protocol: TCP volumeMounts: - mountPath: /mnt name: share-volume - mountPath: /etc/timezone name: timezone - mountPath: /tmp name: nfs dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: share-volume emptyDir: {} #medium: Memory - name: timezone hostPath: path: /etc/timezone type: File - name: tmp hostPath: path: /tmp type: Directory - name: nfs nfs: server: 192.168.42.244 path: /mnt ``` ```bash [root@k8s-master01 ~]# kubectl replace -f nginx-deploy_1205_emptydir.yaml deployment.apps/nginx replaced [root@k8s-master01 ~]# kubectl exec -it nginx-679784694b-g45v7 -c nginx2 -- bash root@nginx-679784694b-g45v7:/# df -h Filesystem Size Used Avail Use% Mounted on overlay 26G 7.8G 19G 30% / tmpfs 64M 0 64M 0% /dev tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup /dev/sda3 26G 7.8G 19G 30% /mnt 192.168.42.244:/mnt 26G 7.8G 19G 30% /tmp shm 64M 0 64M 0% /dev/shm tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount tmpfs 1.5G 0 1.5G 0% /proc/acpi tmpfs 1.5G 0 1.5G 0% /proc/scsi tmpfs 1.5G 0 1.5G 0% /sys/firmware ```