k8存储卷管理
k8s支持的卷类型
1.持久卷:存储的数据不会随着pod的删除消失
2.临时卷:卷遵循pod的生命周期,与pod一起创建和删除
3.投射卷:通过将不同的卷组合成一个统一的卷,更方地管理和使用这些资源
1.持久卷
(1)hostPath持久卷
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes: # 卷定义
- name: logdata # 卷名称
hostPath: # 资源类型
path: /var/weblog # 宿主机路径
type: DirectoryOrCreate # 目录不存在就创建
containers:
- name: nginx
image: myos:nginx
volumeMounts: # mount 卷
- name: logdata # 卷名称
mountPath: /usr/local/nginx/logs # 容器内路径
(2)nfs卷:不同的pod中共享读写数据
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: website # 卷名称
nfs: # NFS 资源类型
server: 192.168.88.240 # NFS 服务器地址
path: /var/webroot # NFS 共享目录
containers:
- name: nginx
image: myos:nginx
volumeMounts:
- name: website # 卷名称
mountPath: /usr/local/nginx/html # 路径
(3)PV和PVC(持久卷和持久卷申明):提供一种通用的api实现对卷的管理
pv:
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-local
spec:
volumeMode: Filesystem #卷的资源类型
accessModes: #卷的访问模式(官网查阅)
- ReadWriteOnce
capacity: #卷的提供的存储空间
storage: 30Gi
persistentVolumeReclaimPolicy: Retain #数据回收方式,删除还是取消挂载
hostPath:
path: /var/weblog
type: DirectoryOrCreate
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-nfs
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
capacity:
storage: 20Gi
persistentVolumeReclaimPolicy: Retain(umount)
nfs:
server: 192.168.88.240
path: /var/webroot
pvc:(自动匹配pv)
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc1
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 25Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc2
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteMany
resources:
requests:
storage: 15Gi
2.临时卷
(1)configMap:向pod注入配置数据,
用途:(1)配置环境变量
(2)修改配置文件(挂载)
1.1 configMap设置时区’环境变量‘
---
kind: ConfigMap #资源
apiVersion: v1
metadata:
name: timezone
data:
TZ: Asia/Shanghai(键值对)
1.2 使用资源修改时区
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
containers:
- name: nginx
image: myos:nginx
envFrom: # 配置环境变量
- configMapRef: # 调用资源对象
name: timezone # 资源对象名称
volumeMounts:
- name: logdata
mountPath: /usr/local/nginx/logs
1.1 nginx解析php,在 Pod 中增加 php 容器,与 nginx 共享同一块网卡
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
- name: website
persistentVolumeClaim:
claimName: pvc2
containers:
- name: nginx
image: myos:nginx
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website
mountPath: /usr/local/nginx/html
- name: php # 以下为新增加内容
image: myos:php-fpm
envFrom: # 不同容器需要单独配置时区
- configMapRef:
name: timezone
volumeMounts:
- name: website # 不同容器需要单独挂载NFS
mountPath: /usr/local/nginx/html
1.2 使用 nginx '配置文件'创建 configMap
# 使用命令创建 configMap
[root@master ~]# kubectl create configmap nginx-php --from-file=nginx.conf --dry-run=client -o yaml
# 使用配置文件
[root@master ~]# cat nginx-conf.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-conf
data:
nginx.conf: |
# 以下为原始配置文件内容
# 注意缩进对其
# ......
1.3 挂载 ConfigMap
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
- name: website
persistentVolumeClaim:
claimName: pvc2
- name: nginx-php # 卷名称
configMap: # 引用资源对象
name: nginx-php # 资源对象名称
containers:
- name: nginx
image: myos:nginx
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: nginx-php # 卷名称
subPath: nginx.conf # 键值(以文件的方式映射,而不是目录)
mountPath: /usr/local/nginx/conf/nginx.conf # 路径
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website
mountPath: /usr/local/nginx/html
- name: php
image: myos:php-fpm
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: website
mountPath: /usr/local/nginx/html
(2)secret卷:类似于configMap的使用,但专门用于保存机密数据(加密存储)
用途:设置环境变量,配置文件,登录仓库
2.1创建secret卷的语法格式
kubectl create secret 子类型 名称 [选项/参数]
子类型:
通用类型:
kubectl create secret generic 名称 [选项/参数]
kubectl create secret generic timezone --from-literal 'TZ="Asia/Shanghai"'
用于认证登录私有仓库的子类型
kucbectl create secret docker-registry 名称[选项/参数]
用于创建TLS证书的子类型
kubectl create secret tls 名称 [选项/参数]
2.1 配置登录秘钥
[root@master ~]# kubectl create secret docker-registry harbor-auth \
--docker-server=harbor:443 \ #登录的主机名称
--docker-username="用户名" \ #登录的用户名
--docker-password="密码" #登录的密码
2.2认证私有仓库
[root@master ~]# vim web2.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web2
spec:
imagePullSecrets:
- name: harbor-auth
containers:
- name: apache
image: harbor:443/private/httpd:latest
(3)emptyDir:一个空目录,提供临时空间,同一个pod里面可实现数据共享
3.1 临时空间
[root@master ~]# vim web2.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web2
spec:
imagePullSecrets:
- name: harbor-auth
volumes: # 卷配置
- name: cache # 卷名称
emptyDir: {} # 资源类型
containers:
- name: apache
image: harbor:443/private/httpd:latest
volumeMounts: # 挂载卷
- name: cache # 卷名称
mountPath: /var/cache # 路径
3.2 共享传递文件(同一个pod中数据的交互)
---
kind: Pod
apiVersion: v1
metadata:
name: web2
spec:
imagePullSecrets:
- name: harbor-auth
volumes:
- name: cache
emptyDir: {}
initContainers:
- name: task1
image: myos:latest
volumeMounts:
- name: cache
mountPath: /var/cache
command: ["sh"]
args:
- -c
- |
echo -e "\n#-----------------#" |tee -a /var/cache/init.log
ID=${RANDOM}
echo "获取随机数: ${ID}" |tee -a /var/cache/init.log
echo "执行初始化任务" |tee -a /var/cache/init.log
echo "随机数取余 $((ID%2))" |tee -a /var/cache/init.log
echo "执行初始化任务完成" |tee -a /var/cache/init.log
sleep 1
exit $((ID%2))
containers:
- name: apache
image: harbor:443/private/httpd:latest
volumeMounts:
- name: cache
mountPath: /var/cachek8存储卷管理
k8s支持的卷类型
1.持久卷:存储的数据不会随着pod的删除消失
2.临时卷:卷遵循pod的生命周期,与pod一起创建和删除
3.投射卷:通过将不同的卷组合成一个统一的卷,更方地管理和使用这些资源
1.持久卷
(1)hostPath持久卷
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes: # 卷定义
- name: logdata # 卷名称
hostPath: # 资源类型
path: /var/weblog # 宿主机路径
type: DirectoryOrCreate # 目录不存在就创建
containers:
- name: nginx
image: myos:nginx
volumeMounts: # mount 卷
- name: logdata # 卷名称
mountPath: /usr/local/nginx/logs # 容器内路径
(2)nfs卷:不同的pod中共享读写数据
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: website # 卷名称
nfs: # NFS 资源类型
server: 192.168.88.240 # NFS 服务器地址
path: /var/webroot # NFS 共享目录
containers:
- name: nginx
image: myos:nginx
volumeMounts:
- name: website # 卷名称
mountPath: /usr/local/nginx/html # 路径
(3)PV和PVC(持久卷和持久卷申明):提供一种通用的api实现对卷的管理
pv:
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-local
spec:
volumeMode: Filesystem #卷的资源类型
accessModes: #卷的访问模式(官网查阅)
- ReadWriteOnce
capacity: #卷的提供的存储空间
storage: 30Gi
persistentVolumeReclaimPolicy: Retain #数据回收方式,删除还是取消挂载
hostPath:
path: /var/weblog
type: DirectoryOrCreate
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-nfs
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
capacity:
storage: 20Gi
persistentVolumeReclaimPolicy: Retain(umount)
nfs:
server: 192.168.88.240
path: /var/webroot
pvc:(自动匹配pv)
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc1
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 25Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc2
spec:
volumeMode: Filesystem
accessModes:
- ReadWriteMany
resources:
requests:
storage: 15Gi
2.临时卷
(1)configMap:向pod注入配置数据,
用途:(1)配置环境变量
(2)修改配置文件(挂载)
1.1 configMap设置时区’环境变量‘
---
kind: ConfigMap #资源
apiVersion: v1
metadata:
name: timezone
data:
TZ: Asia/Shanghai(键值对)
1.2 使用资源修改时区
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
containers:
- name: nginx
image: myos:nginx
envFrom: # 配置环境变量
- configMapRef: # 调用资源对象
name: timezone # 资源对象名称
volumeMounts:
- name: logdata
mountPath: /usr/local/nginx/logs
1.1 nginx解析php,在 Pod 中增加 php 容器,与 nginx 共享同一块网卡
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
- name: website
persistentVolumeClaim:
claimName: pvc2
containers:
- name: nginx
image: myos:nginx
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website
mountPath: /usr/local/nginx/html
- name: php # 以下为新增加内容
image: myos:php-fpm
envFrom: # 不同容器需要单独配置时区
- configMapRef:
name: timezone
volumeMounts:
- name: website # 不同容器需要单独挂载NFS
mountPath: /usr/local/nginx/html
1.2 使用 nginx '配置文件'创建 configMap
# 使用命令创建 configMap
[root@master ~]# kubectl create configmap nginx-php --from-file=nginx.conf --dry-run=client -o yaml
# 使用配置文件
[root@master ~]# cat nginx-conf.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-conf
data:
nginx.conf: |
# 以下为原始配置文件内容
# 注意缩进对其
# ......
1.3 挂载 ConfigMap
[root@master ~]# vim web1.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web1
spec:
volumes:
- name: logdata
persistentVolumeClaim:
claimName: pvc1
- name: website
persistentVolumeClaim:
claimName: pvc2
- name: nginx-php # 卷名称
configMap: # 引用资源对象
name: nginx-php # 资源对象名称
containers:
- name: nginx
image: myos:nginx
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: nginx-php # 卷名称
subPath: nginx.conf # 键值(以文件的方式映射,而不是目录)
mountPath: /usr/local/nginx/conf/nginx.conf # 路径
- name: logdata
mountPath: /usr/local/nginx/logs
- name: website
mountPath: /usr/local/nginx/html
- name: php
image: myos:php-fpm
envFrom:
- configMapRef:
name: timezone
volumeMounts:
- name: website
mountPath: /usr/local/nginx/html
(2)secret卷:类似于configMap的使用,但专门用于保存机密数据(加密存储)
用途:设置环境变量,配置文件,登录仓库
2.1创建secret卷的语法格式
kubectl create secret 子类型 名称 [选项/参数]
子类型:
通用类型:
kubectl create secret generic 名称 [选项/参数]
kubectl create secret generic timezone --from-literal 'TZ="Asia/Shanghai"'
用于认证登录私有仓库的子类型
kucbectl create secret docker-registry 名称[选项/参数]
用于创建TLS证书的子类型
kubectl create secret tls 名称 [选项/参数]
2.1 配置登录秘钥
[root@master ~]# kubectl create secret docker-registry harbor-auth \
--docker-server=harbor:443 \ #登录的主机名称
--docker-username="用户名" \ #登录的用户名
--docker-password="密码" #登录的密码
2.2认证私有仓库
[root@master ~]# vim web2.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web2
spec:
imagePullSecrets:
- name: harbor-auth
containers:
- name: apache
image: harbor:443/private/httpd:latest
(3)emptyDir:一个空目录,提供临时空间,同一个pod里面可实现数据共享
3.1 临时空间
[root@master ~]# vim web2.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: web2
spec:
imagePullSecrets:
- name: harbor-auth
volumes: # 卷配置
- name: cache # 卷名称
emptyDir: {} # 资源类型
containers:
- name: apache
image: harbor:443/private/httpd:latest
volumeMounts: # 挂载卷
- name: cache # 卷名称
mountPath: /var/cache # 路径
3.2 共享传递文件(同一个pod中数据的交互)
---
kind: Pod
apiVersion: v1
metadata:
name: web2
spec:
imagePullSecrets:
- name: harbor-auth
volumes:
- name: cache
emptyDir: {}
initContainers:
- name: task1
image: myos:latest
volumeMounts:
- name: cache
mountPath: /var/cache
command: ["sh"]
args:
- -c
- |
echo -e "\n#-----------------#" |tee -a /var/cache/init.log
ID=${RANDOM}
echo "获取随机数: ${ID}" |tee -a /var/cache/init.log
echo "执行初始化任务" |tee -a /var/cache/init.log
echo "随机数取余 $((ID%2))" |tee -a /var/cache/init.log
echo "执行初始化任务完成" |tee -a /var/cache/init.log
sleep 1
exit $((ID%2))
containers:
- name: apache
image: harbor:443/private/httpd:latest
volumeMounts:
- name: cache
mountPath: /var/cache
![[Android] 全球网测-版本号4.3.8](https://i-blog.csdnimg.cn/direct/0e17abefa42a446889422ad7ba5f464e.jpeg)
