截止到上篇,已经把整个关于pod的服务发布模式已经讲完了,简单回顾一下
我们正常访问服务,不管是k8s上还是虚拟机上,都是在一个机器上运行一个程序的时候最终都是给用户来访问的,通常我们互联网主流的访问方式都是http的通过浏览器或者手机app的方式都能访问到别人的页面最终都是访问到vip上去的,因为目前生产上的方式来说都是高可用负载均衡的方式单点的方式很好,我们可以把service ip 理解成一个vip地址,然后对应的每个pod可以理解成后端服务器.
下面几节内容都是为pod提供各种各样的资源的,这章讲存储,下章讲配置,这些都是为了pod提供各种各样的资源的,我们事实上底层运行的都是容器,容器有一个问题,我们删除某一个容器的时候,他以前所有的数据都没了,他没有持久化的概念,以前在docker上面,如果用原生的docker一个运行的容器,我们一旦把这个容器删除了,他的数据就没有了,之前docker用-v,把容器里面的数据和你当前宿主主机的数据某一个目录做一个挂载,你删除这个容器以后这个目录里面的数据还会在,这样数据就被保留下来了,以前docker里面用数据卷-v,volum数据的方式,来做为数据持久化的手段来完成的
今天讲的内容是持久化的数据卷,还有另外一种方式叫pv和pvc为对应的pod提供持久化的,除了持久化还有个功能叫共享数据,共享文件.
nfs系统:可以在某一个机器上,装一个nfs server这个服务然后把一个目录共享出来,然后其他的节点就可以共享出来,把你这个共享目录挂载到每个宿主主机一个目录下面去,这样就可以实现一个文件共享的效果,今天讲的数据卷,pv和pvc就类似这个概念,他就可以第一做到持久化,第二能够实现数据共享
为什么k8s会有这种资源对象,就是因为他要给pod提供持久化,数据共享的资源对象,未来不管是生产级别,你更新你的pod的时候,讲deployment daemoSet statefulset pod控制器都有特性 我们在更新某一个pod的时候,或者叫deployment 或者叫更新某一个pod的时候,更新回滚这种方式他是创建新的然后把原来的pod删除了,意味着我们每次更新的时候,都会删除原有的pod,那就是之前的数据都没了,之前运行那么长时间的不管是产生的日志还是你对应pod里面程序产生的数据都没了,没了是个大问题,所以我们要给他们提供持久化的手段,每次更新应用的时候,你首先重新起的应用,数据还是要在的,而且你可以挂载到新生成的对应的pod上或者说容器上
数据卷 PV PVC 都是为了上面这些问题而产生的
数据卷
数据卷就像nfs,创建一个nfs服务器,然后把某一个目录共享出来,然后其他服务器挂载
在pod里面:pod配置里面有两个关键字,一个叫volums一个叫volumount ,我们提前生成一个数据卷然后保证把这个数据卷挂载到你容器里面某一个目录下,这就是数据卷的一个过程,它可以同时把一个数据卷共享给多个容器,这样除了持久化以外还有个文件共享一个概念
k8s支持的存储卷类型:
1)临时存储卷∶ emptyDir。
意义不大,和pod一个概念,pod删除,临时存储卷删除2)本地存储卷∶ hostPath 和 local。
pod运行在某个node节点上,node节点上的某一个目录直接挂载在容器里面某一个目录,这个概念类似docker里面-v概念,有个问题,因为pod在调度的时候他不是固定的,pod有可能在node1节点上下次更新就到node2了,不一定目录都有而且产生的数据,在node1产生的数据在node2肯定是没有的,所以他无法实现数据共享3)网络存储卷∶
云存储——awsElasticBlockStore、gcePersistentDisk、azureDisk 和 azureFile。
网络文件系统——NFS、GlusterFS、CephFS 和 Cinder。
主流的存储有三种方式,一种叫fs文件,文件系统级别的,目录和目录,就是格式化好了文件系统,我们就可以直接在里面创建目录的方式
第二种块设备:其实就是我们的硬盘,我们的块设备就是硬盘,拿个硬盘放上去做好格式化,做好文件系统这种方式就是整块硬盘一个分区格式化的方式
第三种对象存储:支持http,或者ftp的这种协议通过url地址去访问和链接,通常这种对象存储的,都是在公有云上提供的比较多网络块设备——iscsi、FC、RBD和 vSphereVolume。
其实就是我们的硬盘,我们的块设备就是硬盘,拿个硬盘放上去做好格式化,做好文件系统这种方式就是整块硬盘一个分区格式化的方式网络存储平台———Quobyte、PortworxVolume、StorageOS 和 ScaleIO。
一般都是厂商给提供,就是网络存储4)特殊存储卷∶ Secret、ConfigMap、DownwardAPI 和 Projected。
5)扩展支持第三方存储的存储接口(Out-of-Tree 卷插件)∶ CSI和 FlexVolume。
支持csi和fiexvolume接口的存储,nfs也是基于csi的ceph也是基于csi的今天讲的有:临时存储 emptyDir 本地存储hostPath和loal 还有NFS 网络文件系统(生产上一定不会用nfs 的,估计测试会用,)
后面讲的所有的各种各样的资源类型都是为了pod来服务的,最终是为了运行pod,把程序运行起来.都是为了把程序运行起来
程序在pod里面pod里面运行容器,所有东西都是围绕着pod来完成
我们直接用pod或者用deployment控制器都可以完成的,都是一样的
spec:
volumes:
- name <string> # 存储卷名称标识,仅可使用DNS标签格式的字符,在当前Pod中必须唯一
VOL_TYPE <Object> # 存储卷插件及具体的目标存储供给方的相关配置
containers:
- name: …
image: …
volumeMounts:
- name <string> # 要挂载的存储卷的名称,必须匹配存储卷列表中某项的定义
mountPath <string> # 容器文件系统上的挂载点路径
readOnly <boolean> # 是否挂载为只读模式,默认为“否”
subPath <string> # 挂载存储卷上的一个子目录至指定的挂载点
subPathExpr <string> # 挂载由指定的模式匹配到的存储卷的文件或目录至挂载点
mountPropagation <string> #挂在卷的传播模式查看一下
[root@k8s-master1 service]# kubectl explain pod.spec
volumes <[]Object>
#volumes字段
List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
详细看下
[root@k8s-master1 service]# kubectl explain pod.spec.volumes
KIND: Pod
VERSION: v1
RESOURCE: volumes <[]Object>
DESCRIPTION:
List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
FIELDS:
awsElasticBlockStore <Object>
awsElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
azureDisk <Object>
#微软云
azureDisk represents an Azure Data Disk mount on the host and bind mount to
the pod.
azureFile <Object>
#微软云
azureFile represents an Azure File Service mount on the host and bind mount
to the pod.
cephfs <Object>
cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
cinder <Object>
cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
configMap <Object>
configMap represents a configMap that should populate this volume
csi <Object>
csi (Container Storage Interface) represents ephemeral storage that is
handled by certain external CSI drivers (Beta feature).
downwardAPI <Object>
downwardAPI represents downward API about the pod that should populate this
volume
emptyDir <Object>
#临时目录的
emptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
ephemeral <Object>
ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be
created before the pod starts, and deleted when the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features
of normal volumes like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage class, and d)
the storage driver supports dynamic volume provisioning through a
PersistentVolumeClaim (see EphemeralVolumeSource for more information on
the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes
that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant
to be used that way - see the documentation of the driver for more
information.
A pod can use both types of ephemeral volumes and persistent volumes at the
same time.
fc <Object>
fc represents a Fibre Channel resource that is attached to a kubelet's host
machine and then exposed to the pod.
flexVolume <Object>
flexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
flocker <Object>
flocker represents a Flocker volume attached to a kubelet's host machine.
This depends on the Flocker control service being running
gcePersistentDisk <Object>
gcePersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
gitRepo <Object>
gitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
glusterfs <Object>
glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
hostPath <Object>
hostPath represents a pre-existing file or directory on the host machine
that is directly exposed to the container. This is generally used for
system agents or other privileged things that are allowed to see the host
machine. Most containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
iscsi <Object>
iscsi represents an ISCSI Disk resource that is attached to a kubelet's
host machine and then exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
name <string> -required-
name of the volume. Must be a DNS_LABEL and unique within the pod. More
info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
nfs <Object>
nfs represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
persistentVolumeClaim <Object>
persistentVolumeClaimVolumeSource represents a reference to a
PersistentVolumeClaim in the same namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
photonPersistentDisk <Object>
photonPersistentDisk represents a PhotonController persistent disk attached
and mounted on kubelets host machine
portworxVolume <Object>
portworxVolume represents a portworx volume attached and mounted on
kubelets host machine
projected <Object>
projected items for all in one resources secrets, configmaps, and downward
API
quobyte <Object>
quobyte represents a Quobyte mount on the host that shares a pod's lifetime
rbd <Object>
rbd represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
scaleIO <Object>
scaleIO represents a ScaleIO persistent volume attached and mounted on
Kubernetes nodes.
secret <Object>
secret represents a secret that should populate this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
storageos <Object>
storageOS represents a StorageOS volume attached and mounted on Kubernetes
nodes.
vsphereVolume <Object>
vsphereVolume represents a vSphere volume attached and mounted on kubelets
host machine
除了这个volumes还有容器里面 ,volumes是spec里面的
还有containers里面的
[root@k8s-master1 service]# kubectl explain pod.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object>
DESCRIPTION:
List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
FIELDS:
volumeDevices <[]Object>
volumeDevices is the list of block devices to be used by the container.
volumeMounts <[]Object>
#生成完的持久卷挂载到哪里
Pod volumes to mount into the container's filesystem. Cannot be updated.
workingDir <string>
Container's working directory. If not specified, the container runtime's
default will be used, which might be configured in the container image.
Cannot be updated.继续查看
[root@k8s-master1 service]# kubectl explain pod.spec.containers.volumeMounts
KIND: Pod
VERSION: v1
RESOURCE: volumeMounts <[]Object>
DESCRIPTION:
Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
FIELDS:
mountPath <string> -required-
#挂载路径是谁
Path within the container at which the volume should be mounted. Must not
contain ':'.
mountPropagation <string>
#挂在卷的传播模式
mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
name <string> -required-
#名称 关键字 所使用的volumes名字,因为volumes要有名字
This must match the Name of a Volume.
readOnly <boolean>
#是不是只读的
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
subPath <string>
#挂载存储卷的子目录
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
subPathExpr <string>
Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.详细说下上面字段的 mountPropagation 传播模式有几种方式
第一种 None
None 该挂载不支持传播机制,什么叫传播模式当前容器不向其他容器或pod传播自己的挂载操作,就是我挂载了我只有在当前的pod里面某一个容器可以使用,就是只有自己可以使用,也不会感知主机在后续挂载或其他子目录上执行的变动,如果你创建了新的目录,他会不会变动,没有变动
第二种 HostToConatiner
主机象容器的单向传播,当前容器能感知主机对该挂载卷或其他子目录上执行挂载变动
第三种 Buildrectional
主机和容器间的双向传播,这个意义不大, 通常这些值不写
写一个临时存储卷
临时存储的生命周期就和pod一样的,如果你创建pod你挂载临时存储,如果你把pod删除以后,这个临时存储跟着也会被删除,就没什么意义,就临时有效,他的生命周期和你当前pod生命周期是相同的,一旦pod被删除他也就用不了了
临时存储里面有一种特殊的存储叫gitRepo,可以基于git仓库的方式
emptyDir存储卷
[root@k8s-master1 service]# kubectl explain pod.spec.volumes.emptyDir
KIND: Pod
VERSION: v1
RESOURCE: emptyDir <Object>
DESCRIPTION:
emptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Represents an empty directory for a pod. Empty directory volumes support
ownership management and SELinux relabeling.
FIELDS:
medium <string>
#介质,使用什么来作为临时存储 一个是default:就是当前pod运行的宿主机上 他的存储介质是啥他就是啥 硬盘呗
#第二个事内存 memory 可以直接使用内存 作为你的临时存储
medium represents what type of storage medium should back this directory.
The default is "" which means to use the node's default medium. Must be an
empty string (default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
sizeLimit <string>
#大小,可以给你的临时存储设置大小,最多只能使用多大,通常不设置,但是如果使用内存就需要设置一下,因为内存是有限的
sizeLimit is the total amount of local storage required for this EmptyDir
volume. The size limit is also applicable for memory medium. The maximum
usage on memory medium EmptyDir would be the minimum value between the
SizeLimit specified here and the sum of memory limits of all containers in
a pod. The default is nil which means that the limit is undefined. More
info: http://kubernetes.io/docs/user-guide/volumes#emptydir看下voumes有个必选字段
[root@k8s-master1 service]# kubectl explain pod.spec.volumes
KIND: Pod
VERSION: v1
RESOURCE: volumes <[]Object>
DESCRIPTION:
List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
Volume represents a named volume in a pod that may be accessed by any
container in the pod.
FIELDS:
emptyDir <Object>
emptyDir represents a temporary directory that shares a pod's lifetime.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
name <string> -required-
#必选字段
name of the volume. Must be a DNS_LABEL and unique within the pod. More
info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
然后挂载到containers里面
[root@k8s-master1 service]# kubectl explain pod.spec.containers.volumeMounts
KIND: Pod
VERSION: v1
RESOURCE: volumeMounts <[]Object>
DESCRIPTION:
Pod volumes to mount into the container's filesystem. Cannot be updated.
VolumeMount describes a mounting of a Volume within a container.
FIELDS:
mountPath <string> -required-
#挂载路径是谁
Path within the container at which the volume should be mounted. Must not
contain ':'.
mountPropagation <string>
#挂在卷的传播模式
mountPropagation determines how mounts are propagated from the host to
container and the other way around. When not set, MountPropagationNone is
used. This field is beta in 1.10.
name <string> -required-
#名称 关键字 所使用的volumes名字,因为volumes要有名字
This must match the Name of a Volume.
readOnly <boolean>
#是不是只读的
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
subPath <string>
#挂载存储卷的子目录
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
subPathExpr <string>
Expanded path within the volume from which the container's volume should be
mounted. Behaves similarly to SubPath but environment variable references
$(VAR_NAME) are expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.[root@k8s-master1 emptydir]# vim emptydir-1.ymlapiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
volumes:
- name: cache-volume #name是个必选字段 待会emptyDir 挂载要引用他
emptyDir: {} #如果啥也不写 写{} 就表示使用默认配置 介质和大小都是默认配置
containers:
- name: test-containres
image: images.guoguo.com/apps/nginx:1.22.1
volumeMounts:
- mountPath: /apps/nginx/html/ #挂载到那个目录 如果容器不存在这个目录 会自动创建
name: cache-volume #这个是引用的上面那个创建的emptyDir[root@k8s-master1 emptydir]# kubectl apply -f emptydir-1.yml
pod/test-pod created查看一下
[root@k8s-master1 emptydir]# kubectl get pods
NAME READY STATUS RESTARTS AGE
test-pod 1/1 Running 0 33s这个没啥意义,一旦pod更新或者删除了,那么数据也就没了
临时目录存储方式
emptyDir还有另外一种特殊的方式,基于GitRepo
可以把你的数据传到git仓库上面去,利用一个仓库地址把你的数据传上去,这个数据类型有两个字段,首先你得有git仓库地址
然后目标目录名称
repositort: Git仓库地址 url 必选字段
directory: 目标目录名称,但名称不能包含"."字符;"."表示将仓库的数据直接克隆至存储卷映射的目录中,其他字符则表示将数据克隆至存储卷上以用户指定的字符串为名称的子目录中
revrsion: hash码这种方式可以做到一点点的持久化存储
[root@k8s-master1 service]# kubectl explain pod.spec.volumes.gitRepo
KIND: Pod
VERSION: v1
RESOURCE: gitRepo <Object>
DESCRIPTION:
gitRepo represents a git repository at a particular revision. DEPRECATED:
GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod's container.
Represents a volume that is populated with the contents of a git
repository. Git repo volumes do not support ownership management. Git repo
volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that clones the repo using
git, then mount the EmptyDir into the Pod's container.
FIELDS:
directory <string>
#写. 就行 代表当前目录
directory is the target directory name. Must not contain or start with
'..'. If '.' is supplied, the volume directory will be the git repository.
Otherwise, if specified, the volume will contain the git repository in the
subdirectory with the given name.
repository <string> -required-
#最关键的字段 你要使用那个仓库来做存储卷
repository is the URL
revision <string>
revision is the commit hash for the specified revision.写一个
[root@k8s-master1 emptydir]# vim gitrepo-volume.ymlapiVersion: v1
kind: Pod
metadata:
name: git-pod
spec:
volumes:
- name: gitpore
gitRepo:
repository: http://172.17.200.200/linux/k8s.git #git仓库地址
directory: . #.代表当前仓库目录
revision: "main" #仓库的分支名字
containers:
- name: nginx-git
image: images.guoguo.com/apps/nginx:1.22.1
ports:
- containerPort: 80
protocol: TCP
volumeMounts:
- name: gitpore
mountPath: /apps/nginx/html/执行
[root@k8s-master1 emptydir]# kubectl get pods
NAME READY STATUS RESTARTS AGE
git-pod 1/1 Running 0 8m35sbash验证一下
[root@k8s-master1 emptydir]# kubectl exec git-pod -- cat /apps/nginx/html/index.html
gitlab
#发现验证成功了这是第二种方式基于git仓库的方式