Kubernetes—数据存储(一):https://developer.aliyun.com/article/1417778
PVC
PVC是资源的申请,用来声明对存储空间、访问模式、存储类别需求信息。下面是资源清单文件:
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc namespace: dev spec: accessModes: # 访问模式 selector: # 采用标签对PV选择 storageClassName: # 存储类别 resources: # 请求空间 requests: storage: # 存储容量
PVC 的关键配置参数说明:
- 访问模式(accessModes)
用于描述用户应用对存储资源的访问权限 - 选择条件(selector)
通过Label Selector的设置,可使PVC对于系统中己存在的PV进行筛选 - 存储类别(storageClassName)
PVC在定义时可以设定需要的后端存储的类别,只有设置了该class的pv才能被系统选出 - 资源请求(Resources )
描述对存储资源的请求
测试
- 创建pvc.yaml,申请pv
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc1 namespace: dev spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc2 namespace: dev spec: accessModes: - ReadWriteMany resources: requests: storage: 3Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc3 namespace: dev spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi
# 创建pvc [root@master k8sYamlForCSDN]# kubectl apply -f pvc.yaml persistentvolumeclaim/pvc1 created persistentvolumeclaim/pvc2 created persistentvolumeclaim/pvc3 created # 查看pvc [root@master k8sYamlForCSDN]# kubectl get pvc -n dev NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE pvc1 Bound pv1 1Gi RWX 6s pvc2 Bound pv3 3Gi RWX 6s pvc3 Pending 6s # 查看pv [root@master k8sYamlForCSDN]# kubectl get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pv1 1Gi RWX Retain Bound dev/pvc1 9m46s pv2 2Gi RWX Retain Available 9m46s pv3 3Gi RWX Retain Bound dev/pvc2 9m46s
- 创建pods.yaml, 使用pvc
apiVersion: v1 kind: Pod metadata: name: pod1 namespace: dev spec: containers: - name: busybox image: busybox:1.30 command: [ "/bin/sh","-c","while true;do echo pod1 >> /root/out.txt; sleep 10; done;" ] volumeMounts: - name: volume mountPath: /root/ volumes: - name: volume persistentVolumeClaim: claimName: pvc1 readOnly: false --- apiVersion: v1 kind: Pod metadata: name: pod2 namespace: dev spec: containers: - name: busybox image: busybox:1.30 command: [ "/bin/sh","-c","while true;do echo pod2 >> /root/out.txt; sleep 10; done;" ] volumeMounts: - name: volume mountPath: /root/ volumes: - name: volume persistentVolumeClaim: claimName: pvc2 readOnly: false
- 查看具体情况
# 创建pod [root@master k8sYamlForCSDN]# kubectl create -f pods.yaml pod/pod1 created pod/pod2 created # 查看pod [root@master k8sYamlForCSDN]# kubectl get pods -n dev -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod1 1/1 Running 0 106s 10.244.1.110 node1 <none> <none> pod2 1/1 Running 0 106s 10.244.2.49 node2 <none> <none> # 查看pvc [root@master k8sYamlForCSDN]# kubectl get pvc -n dev NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE pvc1 Bound pv1 1Gi RWX 13m pvc2 Bound pv3 3Gi RWX 13m pvc3 Pending 13m # 查看pv [root@master k8sYamlForCSDN]# kubectl get pv -n dev -o wide NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE VOLUMEMODE pv1 1Gi RWX Retain Bound dev/pvc1 22m Filesystem pv2 2Gi RWX Retain Available 22m Filesystem pv3 3Gi RWX Retain Bound dev/pvc2 22m Filesystem # 查看nfs中的文件存储 [root@master pv3]# more /root/data/pv1/out.txt pod1 pod1 pod1 [root@master pv3]# more /root/data/pv2/out.txt /root/data/pv2/out.txt: 没有那个文件或目录 # 这里是因为pvc1->pv1,pvc2->pv3 pod1->pvc1,pods2->pvc2 [root@master pv3]# more /root/data/pv3/out.txt pod2 pod2 pod2
- 删除pod和pvc,查看pv状态
[root@master k8sYamlForCSDN]# kubectl delete -f pods.yaml pod "pod1" deleted pod "pod2" deleted [root@master k8sYamlForCSDN]# kubectl delete -f pvc.yaml persistentvolumeclaim "pvc1" deleted persistentvolumeclaim "pvc2" deleted persistentvolumeclaim "pvc3" deleted [root@master k8sYamlForCSDN]# kubectl get pv -o wide NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE VOLUMEMODE pv1 1Gi RWX Retain Released dev/pvc1 32m Filesystem pv2 2Gi RWX Retain Available 32m Filesystem pv3 3Gi RWX Retain Released dev/pvc2 32m Filesystem
生命周期
PVC和PV是一一对应的,PV和PVC之间的相互作用遵循以下生命周期:
- 资源供应:管理员手动创建底层存储和PV
- 资源绑定:用户创建PVC,kubernetes负责根据PVC的声明去寻找PV,并绑定
在用户定义好PVC之后,系统将根据PVC对存储资源的请求在已存在的PV中选择一个满足条件的
- 一旦找到,就将该PV与用户定义的PVC进行绑定,用户的应用就可以使用这个PVC了
- 如果找不到,PVC则会无限期处于Pending状态,直到等到系统管理员创建了一个符合其要求的PV
- PV一旦绑定到某个PVC上,就会被这个PVC独占,不能再与其他PVC进行绑定了
- 资源使用:用户可在pod中像volume一样使用pvc
Pod使用Volume的定义,将PVC挂载到容器内的某个路径进行使用。 - 资源释放:用户删除pvc来释放pv
当存储资源使用完毕后,用户可以删除PVC,与该PVC绑定的PV将会被标记为“已释放”,但还不能立刻与其他PVC进行绑定。通过之前PVC写入的数据可能还被留在存储设备上,只有在清除之后该PV才能再次使用。
- 资源回收:kubernetes根据pv设置的回收策略进行资源的回收
对于PV,管理员可以设定回收策略,用于设置与之绑定的PVC释放资源之后如何处理遗留数据的问题。只有PV的存储空间完成回收,才能供新的PVC绑定和使用
配置存储
ConfigMap
ConfigMap是一种比较特殊的存储卷,它的主要作用是用来存储配置信息的。
创建configmap.yaml,内容如下:
apiVersion: v1 kind: ConfigMap metadata: name: configmap namespace: dev data: # info是key,后面的都是value info: | # | 代表保留换行符 username:admin password:123456
接下来,使用此配置文件创建configmap
# 创建configmap [root@master k8sYamlForCSDN]# kubectl apply -f configmap.yaml configmap/configmap created # 查看configmap详情 [root@master k8sYamlForCSDN]# kubectl get configmaps -n dev NAME DATA AGE configmap 1 19s kube-root-ca.crt 1 21h # 查看configmap详情 [root@master k8sYamlForCSDN]# kubectl describe configmaps configmap -n dev Name: configmap Namespace: dev Labels: <none> Annotations: <none> Data ==== info: ---- username:admin password:123456 BinaryData ==== Events: <none>
接下来创建一个pod-configmap.yaml,将上面创建的configmap挂载进去
apiVersion: v1 kind: Pod metadata: name: pod-configmap namespace: dev spec: containers: - name: nginx image: nginx:1.17.1 volumeMounts: # 将configmap挂载到目录 - name: config mountPath: /configmap/config volumes: # 引用configmap - name: config configMap: name: configmap # 注意这里的name就是上面创建好的configmap
# 创建pod [root@master k8sYamlForCSDN]# kubectl apply -f pod-configmap.yaml pod/pod-configmap created # 查看pod [root@master k8sYamlForCSDN]# kubectl get pods pod-configmap -n dev NAME READY STATUS RESTARTS AGE pod-configmap 1/1 Running 0 10s #进入容器 [root@master k8sYamlForCSDN]# kubectl exec -it pod-configmap -n dev -- sh # cd /configmap/config # ls info # more info username:admin password:123456 # 可以看到映射已经成功,每个configmap都映射成了一个目录 # key--->文件 value---->文件中的内容 # 此时如果更新configmap的内容, 容器中的值也会动态更新
Secret
在kubernetes中,还存在一种和ConfigMap非常类似的对象,称为Secret对象。它主要用于存储敏感信息,例如密码、秘钥、证书等等。
- 首先使用base64对数据进行编码
[root@master ~]# echo -n 'admin' | base64 #准备username YWRtaW4= [root@master ~]# echo -n '123456' | base64 #准备password MTIzNDU2
- 接下来编写secret.yaml,并创建Secret
apiVersion: v1 kind: Secret metadata: name: secret namespace: dev type: Opaque data: username: YWRtaW4= password: MTIzNDU2
# 创建secret [root@master k8sYamlForCSDN]# vi secret.yaml [root@master k8sYamlForCSDN]# kubectl apply -f secret.yaml secret/secret created # 查看secret详情 [root@master k8sYamlForCSDN]# kubectl describe secrets secret -n dev Name: secret Namespace: dev Labels: <none> Annotations: <none> Type: Opaque Data ==== password: 6 bytes username: 5 bytes
- 创建pod-secret.yaml,将上面创建的secret挂载进去:
apiVersion: v1 kind: Pod metadata: name: pod-secret namespace: dev spec: containers: - name: nginx image: nginx:1.17.1 volumeMounts: # 将secret挂载到目录 - name: config mountPath: /secret/config volumes: - name: config secret: secretName: secret
# 创建pod [root@master k8sYamlForCSDN]# vi pod-secret.yaml [root@master k8sYamlForCSDN]# kubectl apply -f pod-secret.yaml pod/pod-secret created # 查看pod [root@master k8sYamlForCSDN]# kubectl get pods pod-secret -n dev NAME READY STATUS RESTARTS AGE pod-secret 1/1 Running 0 10s # 进入容器,查看secret信息,发现已经自动解码了 [root@master k8sYamlForCSDN]# kubectl exec -it pod-secret -n dev -- sh # cd /secret/config # ls password username # more username admin # more password 123456 # 至此,已经实现了利用secret实现了信息的编码。
