9.1 k8s存储Volumes介绍
Container(容器)中的磁盘文件是短暂的,当容器崩溃时,kubelet会重新启动容器,但最初的文件将丢失,Container会以最干净的状态启动。另外,当一个Pod运行多个Container时,各个容器可能需要共享一些文件。Kubernetes Volume可以解决这两个问题。eg:如一个pod里,容器A和容器B需要共享数据;不同pod间共享数据;
一些需要持久化数据的程序才会用到Volumes,或者一些需要共享数据的容器需要volumes。
不同pod间共享数据也可以通过volumes解决,比如我们nfs,jfs,ceph,公有云的nas等;
日志收集的需求:需要在应用程序的容器里面加一个sidecar,这个容器是一个收集日志的容器,比如filebeat,它通过volumes共享应用程序的日志文件目录。就是同一个pod下不同容器共享数据;
Volumes:官方文档https://kubernetes.io/docs/concepts/storage/volumes/
9.2 Volumes EmptyDir实现数据共享
emptyDir是一个空目录,不需要提前创建相关目录,他的声明周期和Pod是完全一致的,Pod被删除时,emptyDir也会被删除。emptyDir主要是用于同一个Pod内不同的容器之间共享工作过程中产生的文件。
比较常用的volumes的使用emptydir,hostpath,NFS(configmap和secret 之前讲过)等
emptydir主要是用用作pod下不同容器间共享数据,不是持久化存储,重启后数据丢失。
和上述volume不同的是,如果删除Pod,emptyDir卷中的数据也将被删除,一般emptyDir卷用于Pod中的不同Container共享数据。它可以被挂载到相同或不同的路径上。
默认情况下,emptyDir卷支持节点上的任何介质,可能是SSD、磁盘或网络存储,具体取决于自身的环境。可以将emptyDir.medium字段设置为Memory,让Kubernetes使用tmpfs(内存支持的文件系统),虽然tmpfs非常快,但是tmpfs在节点重启时,数据同样会被清除,并且设置的大小会被计入到Container的内存限制当中。
[root@k8s-master01 ~]# vim nginx-deploy_1205_emptydir.yaml
# cat nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 2 #副本数
selector:
matchLabels:
app: nginx
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
# ports:
# - containerPort: 8080
# name: nginx-port
# protocol: TCP
volumeMounts:
- mountPath: /opt
name: share-volume
- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
imagePullPolicy: IfNotPresent
name: nginx2
command:
- sh
- -c
- sleep 3600
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
# ports:
# - containerPort: 8090
# name: nginx2-port
# protocol: TCP
volumeMounts:
- mountPath: /mnt
name: share-volume
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: share-volume
emptyDir: {}
#medium: Memory
[root@k8s-master01 ~]# kubectl create -f nginx-deploy_1205_emptydir.yaml
deployment.apps/nginx created
副本数是2,所以创建2个pod,每个pod包含2个容器nginx、nginx2
验证1:
pod nginx-6c5778576c-4hxkj nginx
[root@k8s-master01 ~]# kubectl exec -it nginx-6c5778576c-4hxkj -c nginx -- bash
root@nginx-6c5778576c-4hxkj:/# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 26G 8.2G 18G 32% /
tmpfs 64M 0 64M 0% /dev
tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
/dev/sda3 26G 8.2G 18G 32% /opt
shm 64M 0 64M 0% /dev/shm
tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount
tmpfs 1.5G 0 1.5G 0% /proc/acpi
tmpfs 1.5G 0 1.5G 0% /proc/scsi
tmpfs 1.5G 0 1.5G 0% /sys/firmware
root@nginx-6c5778576c-4hxkj:/# cd /opt
root@nginx-6c5778576c-4hxkj:/opt# ls
root@nginx-6c5778576c-4hxkj:/opt# touch test.txt
root@nginx-6c5778576c-4hxkj:/opt# echo aaaaaaaaaaaaa > test.txt
pod nginx-6c5778576c-4hxkj nginx2
[root@k8s-master01 ~]# kubectl exec -it nginx-6c5778576c-4hxkj -c nginx2 -- bash
root@nginx-6c5778576c-4hxkj:/#
root@nginx-6c5778576c-4hxkj:/# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 26G 8.2G 18G 32% /
tmpfs 64M 0 64M 0% /dev
tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
/dev/sda3 26G 8.2G 18G 32% /mnt
shm 64M 0 64M 0% /dev/shm
tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount
tmpfs 1.5G 0 1.5G 0% /proc/acpi
tmpfs 1.5G 0 1.5G 0% /proc/scsi
tmpfs 1.5G 0 1.5G 0% /sys/firmware
root@nginx-6c5778576c-4hxkj:/# cd /mnt
root@nginx-6c5778576c-4hxkj:/mnt# ls
test.txt
root@nginx-6c5778576c-4hxkj:/mnt# cat test.txt
aaaaaaaaaaaaa
在容器nginx的/opt目录中写入文件test.txt
在容器nginx2的/mnt目录中看到写入的test.txt文件
验证2:
容器nginx2追加内容
root@nginx-6c5778576c-4hxkj:/mnt# echo "bbbbbbbbbbbbbbbbbbbbbbbb" >>test.txt
容器nginx查看内容
root@nginx-6c5778576c-4hxkj:/opt# cat test.txt
aaaaaaaaaaaaa
bbbbbbbbbbbbbbbbbbbbbbbb
9.3 Volumes HostPath挂载宿主机路径
Kubernetes是一种用于管理容器化应用程序的开源平台。在Kubernetes中,Pod是最小的可部署单元,可以包含一个或多个容器。每个Pod都有自己的IP地址,可以使用它来与其他Pod进行通信。Pod可以挂载一个或多个卷来存储应用程序数据。其中一个卷类型是HostPath,它允许Pod将宿主机上的文件或目录挂载到其容器中。
HostPath卷类型对于需要直接访问宿主机上的文件或目录的应用程序非常有用。例如,如果需要访问宿主机上的日志文件或配置文件,可以使用HostPath挂载这些文件。但是,使用HostPath也存在一些安全风险,因为它允许Pod访问宿主机上的文件系统。
警告:HostPath 卷存在许多安全风险,最佳做法是尽可能避免使用 HostPath。 当必须使用 HostPath 卷时,它的范围应仅限于所需的文件或目录,并以只读方式挂载。如果通过 AdmissionPolicy 限制 HostPath 对特定目录的访问,则必须要求 volumeMounts 使用 readOnly 挂载以使策略生效。
一般不推荐使用。
vim nginx-deploy_1205_emptydir.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 2 #副本数
selector:
matchLabels:
app: nginx
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
# ports:
# - containerPort: 8080
# name: nginx-port
# protocol: TCP
volumeMounts:
- mountPath: /opt
name: share-volume
- mountPath: /etc/timezone
name: timezone
- mountPath: /tmp/
name: tmp
- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
imagePullPolicy: IfNotPresent
name: nginx2
command:
- sh
- -c
- sleep 1200
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
# ports:
# - containerPort: 8090
# name: nginx2-port
# protocol: TCP
volumeMounts:
- mountPath: /mnt
name: share-volume
- mountPath: /etc/timezone
name: timezone
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: share-volume
emptyDir: {}
#medium: Memory
- name: timezone
hostPath:
path: /etc/timezone
type: File
- name: tmp
hostPath:
path: /tmp
type: Directory
增加如下部分配置:挂载文件、挂载目录
验证:
kubectl replace -f nginx-deploy_1205_emptydir.yaml
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 0/1 Unknown 0 105d
nginx-5b95587595-m2fl9 2/2 Running 0 12s
nginx-5b95587595-x4zhm 2/2 Running 0 14s
nginx-6c5778576c-4hxkj 2/2 Terminating 1 (30m ago) 90m
nginx-6c5778576c-b64sf 2/2 Terminating 1 (30m ago) 90m
nginx-deployment-7f65cbfc84-2npk5 1/1 Running 1 (35d ago) 93d
nginx-deployment-7f65cbfc84-4hlpt 1/1 Running 1 (35d ago) 93d
nginx-deployment-7f65cbfc84-dmgfx 1/1 Running 1 (35d ago) 93d
nginx-deployment-7f65cbfc84-p2dfr 1/1 Running 1 (35d ago) 93d
nginx-deployment-7f65cbfc84-zkld4 1/1 Running 1 (35d ago) 93d
[root@k8s-master01 ~]# kubectl exec -it nginx-5b95587595-m2fl9 -c nginx -- bash
root@nginx-5b95587595-m2fl9:/# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 26G 10G 17G 39% /
tmpfs 64M 0 64M 0% /dev
tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
/dev/sda3 26G 10G 17G 39% /opt
shm 64M 0 64M 0% /dev/shm
tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount
tmpfs 1.5G 0 1.5G 0% /proc/acpi
tmpfs 1.5G 0 1.5G 0% /proc/scsi
tmpfs 1.5G 0 1.5G 0% /sys/firmware
root@nginx-5b95587595-m2fl9:/# cd tmp
root@nginx-5b95587595-m2fl9:/tmp# ls
sys.log
#宿主机增加sys2.log文件
root@nginx-5b95587595-m2fl9:/tmp# ls
runc-process2653599717 sys.log sys2.log
#查看/etc/timezone文件
root@nginx-5b95587595-m2fl9:/tmp# cat /etc/timezone
Asia/Shanghai
9.4 挂载NFS至容器
master01 安装nfs软件
yum -y install nfs-utils rpcbind宿主机node01(ip:192.168.42.244)安装nfs服务器
yum -y install nfs-utils rpcbind
systemctl restart nfs-server
[root@k8s-node01 ~]# vim /etc/exports
/mnt/ 192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash)
/opt/ 192.168.0.0/16(rw,sync,no_subtree_check,no_root_squash)
#重新加载配置文件
[root@k8s-node01 ~]# exportfs -rv
exporting 192.168.0.0/16:/opt
exporting 192.168.0.0/16:/mnt
[root@k8s-node01 ~]# systemctl reload nfs-server
#查看共享目录
[root@k8s-node01 ~]# showmount -e localhost
Export list for localhost:
/opt 192.168.0.0/16
/mnt 192.168.0.0/16
master01验证node01 nfs server是否正常
[root@k8s-master01 mnt]# mkdir data
[root@k8s-master01 mnt]# mount -t nfs 192.168.42.244:/mnt /mnt/data/
[root@k8s-master01 mnt]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.5G 0 1.5G 0% /dev
tmpfs 1.5G 0 1.5G 0% /dev/shm
tmpfs 1.5G 153M 1.4G 11% /run
tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
/dev/sda3 26G 10G 17G 39% /
/dev/sda1 1014M 171M 844M 17% /boot
。。。
192.168.42.244:/mnt 26G 7.8G 19G 30% /mnt/data
[root@k8s-master01 mnt]# ls /mnt/data/
node01.txt
[root@k8s-master01 mnt]# umount data
[root@k8s-master01 mnt]#
开始测试:
在yaml文件增加如下2部分
vim nginx-deploy_1205_emptydir.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 2 #副本数
selector:
matchLabels:
app: nginx
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
# ports:
# - containerPort: 8080
# name: nginx-port
# protocol: TCP
volumeMounts:
- mountPath: /opt
name: share-volume
- mountPath: /etc/timezone
name: timezone
- mountPath: /tmp/
name: tmp
- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginx:1.15.12
imagePullPolicy: IfNotPresent
name: nginx2
command:
- sh
- -c
- sleep 1200
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
# ports:
# - containerPort: 8090
# name: nginx2-port
# protocol: TCP
volumeMounts:
- mountPath: /mnt
name: share-volume
- mountPath: /etc/timezone
name: timezone
- mountPath: /tmp
name: nfs
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: share-volume
emptyDir: {}
#medium: Memory
- name: timezone
hostPath:
path: /etc/timezone
type: File
- name: tmp
hostPath:
path: /tmp
type: Directory
- name: nfs
nfs:
server: 192.168.42.244
path: /mnt
[root@k8s-master01 ~]# kubectl replace -f nginx-deploy_1205_emptydir.yaml
deployment.apps/nginx replaced
[root@k8s-master01 ~]# kubectl exec -it nginx-679784694b-g45v7 -c nginx2 -- bash
root@nginx-679784694b-g45v7:/# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 26G 7.8G 19G 30% /
tmpfs 64M 0 64M 0% /dev
tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
/dev/sda3 26G 7.8G 19G 30% /mnt
192.168.42.244:/mnt 26G 7.8G 19G 30% /tmp
shm 64M 0 64M 0% /dev/shm
tmpfs 2.9G 12K 2.9G 1% /run/secrets/kubernetes.io/serviceaccount
tmpfs 1.5G 0 1.5G 0% /proc/acpi
tmpfs 1.5G 0 1.5G 0% /proc/scsi
tmpfs 1.5G 0 1.5G 0% /sys/firmware
![web:[BUUCTF 2018]Online Tool](https://img-blog.csdnimg.cn/e402d4a5fb0246529562238331ba7f94.png)
