關于 Kubernetes中Volume的一些筆記（一）

寫在前面

學習K8s，剛把這一塊學完，整理筆記，理論很少，偏實戰，適合溫習

博文內容涉及：

常見nfs,hostPath,emptyDir數據卷類型

PV+PVC的創建

持久性存儲及動態卷供應

男女情事,誰先動心誰吃虧,越吃虧越難忘,到最后,到底是喜歡對方呢,還是喜歡自己,都搞不清楚了,答案偏偏在對方身上,所以才說,由愛故生憂。--------《劍來》

數據卷(Volume)管理

Volume是Pod中能夠被多個容器訪問的共享目錄。Kuberetes的Volume概念、用途和目的與Docker的Volume比較類似,但兩者不能等價。

Volume的使用也比較簡單,在大多數情況下,我們先在Pod上聲明一個Volume,然后在容器里引用該Volume并Mount到容器里的某個目錄上。舉例來說,我們要給之前的Tomcat Pod增加一個名字為datavol的Volume,并且Mount到容器的/mydata-data目錄上,則只要對Pod的定義文件做如下修正即可(注意黑體字部分):

template: metadata: labels: app: app-demo tier: frontend spec: volumes: - name: datavol emptyDir: {} containers: - name: tomcat-demo image: tomcat volumeMounts: - mountPath: /myddata-data name: datavol imagePullPolicy: IfNotPresent

除了可以讓一個Pod里的多個容器共享文件、讓容器的數據寫到宿主機的磁盤上或者寫文件到網絡存儲中, Kubernetes的Volume還擴展出了一種非常有實用價值的功能,即

：

容器配置文件集中化定義與管理

,這是通過ConfigMap這個新的資源對象來實現的.

Kubernetes提供了非常豐富的Volume類型

學習環境準備

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$mkdir k8s-volume-create;cd k8s-volume-create ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl get ns NAME STATUS AGE default Active 49d kube-node-lease Active 49d kube-public Active 49d kube-system Active 49d liruilong Active 49d liruilong-pod-create Active 41d

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl create ns liruilong-volume-create namespace/liruilong-volume-create created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl config set-context $(kubectl config current-context) --namespace=liruilong-volume-create Context "context1" modified. ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE cluster1 default * context1 cluster1 kubernetes-admin1 liruilong-volume-create context2 kube-system

emptyDir

一個emptyDir Volume是在Pod分配到Node時創建的

。

從它的名稱就可以看出,它的初始內容為空,并且無須指定宿主機上對應的目錄文件

,因為這是

Kubernetes自動分配的一個目錄

,而且這個目錄實際是掛載中物理機內存中的的，當Pod從Node上移除時, emptyDir中的數據也會被永久刪除。

emptyDir的一些用途如下:

創建一個Pod，聲明volume卷

apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: podvolume name: podvolume spec: volumes: - name: volume1 emptyDir: {} - name: volume2 emptyDir: {} containers: - image: busybox imagePullPolicy: IfNotPresent command: ['sh','-c','sleep 5000'] resources: {} name: podvolume1 volumeMounts: - mountPath: /liruilong name: volume1 - image: busybox imagePullPolicy: IfNotPresent name: podvolume2 volumeMounts: - mountPath: /liruilong name: volume2 command: ['sh','-c','sleep 5000'] dnsPolicy: ClusterFirst restartPolicy: Always status: {}

創建pod，查看運行狀態

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl apply -f pod_volume.yaml pod/podvolume configured ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES podvolume 0/2 CrashLoopBackOff 164 (117s ago) 37h 10.244.70.14 vms83.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$

查看pod的數據卷類型

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl describe pod podvolume | grep -A2 Volumes Volumes: volume1: Type: EmptyDir (a temporary directory that shares a pod's lifetime)

通過docker命令來查看對應的宿主機容器

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible 192.168.26.83 -m shell -a "docker ps | grep podvolume" 192.168.26.83 | CHANGED | rc=0 >> bbb287afc518 cabb9f684f8b "sh -c 'sleep 5000'" 12 minutes ago Up 12 minutes k8s_podvolume2_podvolume_liruilong-volume-create_76b518f6-9575-4412-b161-f590ab3c3135_0 dcbf5c63263f cabb9f684f8b "sh -c 'sleep 5000'" 12 minutes ago Up 12 minutes k8s_podvolume1_podvolume_liruilong-volume-create_76b518f6-9575-4412-b161-f590ab3c3135_0 5bb9ee2ed134 registry.aliyuncs.com/google_containers/pause:3.4.1 "/pause" 12 minutes ago Up 12 minutes k8s_POD_podvolume_liruilong-volume-create_76b518f6-9575-4412-b161-f590ab3c3135_0 ┌──[root@vms81.liruilongs.github.io]-[~/ansible]

通過inspect查看映射的宿主機信息

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible 192.168.26.83 -m shell -a "docker inspect dcbf5c63263f | grep -A5 Mounts" 192.168.26.83 | CHANGED | rc=0 >> "Mounts": [ { "Type": "bind", "Source": "/var/lib/kubelet/pods/76b518f6-9575-4412-b161-f590ab3c3135/volumes/kubernetes.io~empty-dir/volume1", "Destination": "/liruilong", "Mode": "", ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible 192.168.26.83 -m shell -a "docker inspect bbb287afc518 | grep -A5 Mounts" 192.168.26.83 | CHANGED | rc=0 >> "Mounts": [ { "Type": "bind", "Source": "/var/lib/kubelet/pods/76b518f6-9575-4412-b161-f590ab3c3135/volumes/kubernetes.io~empty-dir/volume2", "Destination": "/liruilong", "Mode": "", ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$

pod內多容器數據卷共享

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$sed 's/podvolume/podvolumes/' pod_volume.yaml >pod_volumes.yaml ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$vim pod_volumes.yaml

編寫pod_volumes.yaml文件

apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: podvolumes name: podvolumes spec: volumes: - name: volume1 emptyDir: {} containers: - image: busybox imagePullPolicy: IfNotPresent command: ['sh','-c','sleep 5000'] resources: {} name: podvolumes1 volumeMounts: - mountPath: /liruilong name: volume1 - image: busybox imagePullPolicy: IfNotPresent name: podvolumes2 volumeMounts: - mountPath: /liruilong name: volume1 command: ['sh','-c','sleep 5000'] dnsPolicy: ClusterFirst restartPolicy: Always status: {}

新建的文件夾中兩個pod中同時存在

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl apply -f pod_volumes.yaml pod/podvolumes created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl exec -it podvolumes -c podvolumes1 -- sh / # mkdir -p /liruilong/$(date +"%Y%m%d%H%M%S");cd /liruilong/;ls 20211127080726 /liruilong # /liruilong # exit ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl exec -it podvolumes -c podvolumes2 -- sh / # cd /liruilong/;ls 20211127080726 /liruilong #

設置數據卷的讀寫權限

pod_volume_r.yaml:設置數據卷pod1只讀

apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: podvolume name: podvolume spec: volumes: - name: volume1 emptyDir: {} - name: volume2 emptyDir: {} containers: - image: busybox imagePullPolicy: IfNotPresent command: ['sh','-c','sleep 5000'] resources: {} name: podvolume1 volumeMounts: - mountPath: /liruilong name: volume1 readOnly: true # 設置數據卷pod1只讀 - image: busybox imagePullPolicy: IfNotPresent name: podvolume2 volumeMounts: - mountPath: /liruilong name: volume2 command: ['sh','-c','sleep 5000'] dnsPolicy: ClusterFirst restartPolicy: Always status: {}

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl exec -it podvolume -c podvolume1 -- sh / # cd liruilong/;touch lrl.txt touch: lrl.txt: Read-only file system /liruilong # /liruilong # exit command terminated with exit code 1 ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl exec -it podvolume -c podvolume2 -- sh / # cd liruilong/;touch lrl.txt /liruilong # ls lrl.txt /liruilong #

hostPath

hostPath為在Pod上掛載宿主機上的文件或目錄,它通常可以用于以下幾方面。

在使用這種類型的Volume時,需要注意以下幾點。

在不同的Node上具有相同配置的Pod可能會因為宿主機上的目錄和文件不同而導致對Volume上目錄和文件的訪問結果不一致。

如果使用了資源配額管理,則Kubernetes無法將hostPath在宿主機上使用的資源納入管理cgroup。在下面的例子中使用宿主機的/data目錄定義了一個

hostPath類型的Volume:

apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: podvolumehostpath name: podvolumehostpath spec: volumes: - name: volumes1 hostPath: path: /data containers: - image: busybox name: podvolumehostpath command: ['sh','-c','sleep 5000'] resources: {} volumeMounts: - mountPath: /liruilong name: volumes1 dnsPolicy: ClusterFirst restartPolicy: Always status: {}

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl apply -f PodVolumeHostPath.yaml pod/podvolumehostpath created

宿主機創建一個文件

┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES podvolumehostpath 1/1 Running 0 5m44s 10.244.70.9 vms83.liruilongs.github.io ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-volume-create] └─$cd .. ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible 192.168.26.83 -m shell -a "cd /data;touch liruilong" 192.168.26.83 | CHANGED | rc=0 >> ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible 192.168.26.83 -m shell -a "cd /data;ls" 192.168.26.83 | CHANGED | rc=0 >> liruilong ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$

pod容器內同樣存在

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$kubectl exec -it podvolumehostpath -- sh / # ls bin dev etc home liruilong proc root sys tmp usr var / # cd liruilong/;ls liruilong /liruilong #

NFS

不管是emptyDir還是hostPath，數據都是存放到宿主機，但是如某個pod出現了問題，通過控制器重啟時，會通過調度生產一個新的Pod，如果調度的節點不是原來的節點，那么數據就會丟失。這里的話，使用網路存儲就很方便。

部署一個NFSServer

使用NFS網絡文件系統提供的共享目錄存儲數據時,我們需要在系統中部署一個NFSServer

┌──[root@vms81.liruilongs.github.io]-[~] └─$yum -y install nfs-utils.x86_64 ┌──[root@vms81.liruilongs.github.io]-[~] └─$systemctl enable nfs-server.service --now ┌──[root@vms81.liruilongs.github.io]-[~] └─$mkdir -p /liruilong ┌──[root@vms81.liruilongs.github.io]-[/liruilong] └─$cd /liruilong/;echo `date` > liruilong.txt ┌──[root@vms81.liruilongs.github.io]-[/liruilong] └─$cd /liruilong/;cat liruilong.txt 2021年 11月 27日 星期六 21:57:10 CST ┌──[root@vms81.liruilongs.github.io]-[/liruilong] └─$cat /etc/exports ┌──[root@vms81.liruilongs.github.io]-[/liruilong] └─$echo "/liruilong *(rw,sync,no_root_squash)" > /etc/exports ┌──[root@vms81.liruilongs.github.io]-[/liruilong] └─$exportfs -arv exporting *:/liruilong ┌──[root@vms81.liruilongs.github.io]-[/liruilong] └─$showmount -e Export list for vms81.liruilongs.github.io: /liruilong * ┌──[root@vms81.liruilongs.github.io]-[/liruilong] └─$

然后我們需要在所有的工作節點安裝nfs-utils，然后掛載

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "yum -y install nfs-utils" ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "systemctl enable nfs-server.service --now"

nfs共享文件測試

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "showmount -e vms81.liruilongs.github.io" 192.168.26.83 | CHANGED | rc=0 >> Export list for vms81.liruilongs.github.io: /liruilong * 192.168.26.82 | CHANGED | rc=0 >> Export list for vms81.liruilongs.github.io: /liruilong * ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$

掛載測試

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "mount vms81.liruilongs.github.io:/liruilong /mnt" 192.168.26.82 | CHANGED | rc=0 >> 192.168.26.83 | CHANGED | rc=0 >> ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "cd /mnt/;ls" 192.168.26.83 | CHANGED | rc=0 >> liruilong.txt 192.168.26.82 | CHANGED | rc=0 >> liruilong.txt

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "df -h | grep liruilong" 192.168.26.82 | CHANGED | rc=0 >> vms81.liruilongs.github.io:/liruilong 150G 8.3G 142G 6% /mnt 192.168.26.83 | CHANGED | rc=0 >> vms81.liruilongs.github.io:/liruilong 150G 8.3G 142G 6% /mnt

取消掛載

┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "umount /mnt"

使用nfs數據卷pod資源yaml文件

podvolumenfs.yaml

apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: podvolumehostpath name: podvolumehostpath spec: volumes: - name: volumes1 nfs: server: vms81.liruilongs.github.io path: /liruilong containers: - image: busybox name: podvolumehostpath command: ['sh','-c','sleep 5000'] resources: {} volumeMounts: - mountPath: /liruilong name: volumes1 dnsPolicy: ClusterFirst restartPolicy: Always status: {}

Kubernetes

版權聲明：本文內容由網絡用戶投稿，版權歸原作者所有，本站不擁有其著作權，亦不承擔相應法律責任。如果您發現本站中有涉嫌抄襲或描述失實的內容，請聯系我們jiasou666@gmail.com 處理，核實后本網站將在24小時內刪除侵權內容。

版權聲明：本文內容由網絡用戶投稿，版權歸原作者所有，本站不擁有其著作權，亦不承擔相應法律責任。如果您發現本站中有涉嫌抄襲或描述失實的內容，請聯系我們jiasou666@gmail.com 處理，核實后本網站將在24小時內刪除侵權內容。