Skip to content

Latest commit

 

History

History
1225 lines (1105 loc) · 30.8 KB

File metadata and controls

1225 lines (1105 loc) · 30.8 KB

一、volume 类型

k8s 中有很多种类型的 volume:

  • awsElasticBlockStore
  • azureDisk
  • azureFile
  • cephfs
  • cinder
  • configMap
  • downwardAPI
  • emptyDir
  • fc (光纤通道)
  • flocker (已弃用)
  • gcePersistentDisk
  • gitRepo (已弃用)
  • glusterfs
  • hostPath
  • iscsi
  • local
  • nfs
  • persistentVolumeClaim
  • portworxVolume
  • projected
  • quobyte
  • rbd
  • scaleIO (已弃用)
  • secret
  • storageOS
  • vsphereVolume

详细可以查看官方文档 volume types

二、emptyDir

emptyDir 不会保存数据到磁盘上, pod 被移除掉的时候 emptyDir 也会被永久删掉

$ vi emptydir.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name:  nginx
  namespace: aaa
  labels:
    app:  nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app:  nginx
    spec:
      containers:
      - name:  nginx
        image:  nginx
        ports:
        - containerPort:  80
          name:  nginx
        volumeMounts:
        - name: my-empty-dir
          mountPath: /opt/
      volumes:
        - name: my-empty-dir
          emptyDir: {}
      restartPolicy: Always

$ kubectl apply -f emptydir.yaml
$ kubectl exec -it nginx-59f8b57fc8-vqntf -n aaa bash
> echo 111 > /opt/1.txt
> cat /opt/1.txt
111

删除容器

$ kubectl delete pod/nginx-59f8b57fc8-vqntf -n aaa
# 等待容器重启, 再查看容器中的 /opt 目录下是否有 1.txt 文件
$ kubectl exec -it nginx-59f8b57fc8-7mz9b -n aaa ls /opt

三、hostPath

$ vim hostpath.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: aaa
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      nodeName: jz-desktop-02
      containers:
        - name: nginx
          image: nginx
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
            limits:
              cpu: 100m
              memory: 100Mi
          ports:
            - containerPort: 80
              name: nginx
          volumeMounts:
            - name: localtime
              mountPath: /opt
      volumes:
        - name: localtime
          hostPath:
            path: /home/kino/hostpath
      restartPolicy: Always

$ kubectl apply -f hostpath.yaml

$ kubectl exec -it nginx-86bcd5dd95-4bx5x -n aaa ls /opt
a1.yaml

删掉pod重新创建后再看 /opt 目录下是否有文件

$ kubectl delete pod/nginx-86bcd5dd95-4bx5x -n aaa
$ kubectl exec -it nginx-86bcd5dd95-hqxvt -n aaa ls /opt
a1.yaml

需要注意的是:

  • hostPath 仅仅会将 pod 所在机器的指定 path 和 容器mountPath 进行绑定, 如果每次 pod 运行在不同服务器上, 那容器内部将会是空目录

四、configMap

configMap 保存的是键值对数据(非秘密性), Pod 可以将 ConfigMap 的数据使用在 环境变量、命令行参数、volume中。

configMap 保存的数据不能超过 1M, 如果超过该大小, 应该是用挂载数据卷或其他方式。

4.1 根据目录创建 configMap

将一个目录下的所有配置文件创建成一个configMap: --from-file

$ mkdir configmap
$ wget https://kubernetes.io/examples/configmap/game.properties -O configmap/game.properties
$ wget https://kubernetes.io/examples/configmap/ui.properties -O configmap/ui.properties

$ cat *
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice

# 创建 configmap
$ kubectl create configmap game-config --from-file=./ -n storage
$ kubectl get cm -n storage
NAME              DATA   AGE
game-config       2      8s
nginx-configmap   2      4d12h
$ kubectl describe cm/game-config -n storage
Name:         game-config
Namespace:    storage
Labels:       <none>
Annotations:  <none>

Data
====
game.properties:
----
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
ui.properties:
----
color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice

Events:  <none>

$ kubectl get cm/game-config -n storage -o yaml
apiVersion: v1
data:
  game.properties: |-
    enemies=aliens
    lives=3
    enemies.cheat=true
    enemies.cheat.level=noGoodRotten
    secret.code.passphrase=UUDDLRLRBABAS
    secret.code.allowed=true
    secret.code.lives=30
  ui.properties: |
    color.good=purple
    color.bad=yellow
    allow.textmode=true
    how.nice.to.look=fairlyNice
kind: ConfigMap
metadata:
  creationTimestamp: "2021-09-22T15:43:11Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {}
        f:game.properties: {}
        f:ui.properties: {}
    manager: kubectl-create
    operation: Update
    time: "2021-09-22T15:43:11Z"
  name: game-config
  namespace: aaa
  resourceVersion: "91076286"
  selfLink: /api/v1/namespaces/aaa/configmaps/game-config
  uid: 0f145467-e712-4183-af48-6c2ebac46fc4

4.2 基于文件创建 configMap

将一个或多个配置文件创建成configMap 对象: --from-file

$ kubectl create configmap game-config-2 --from-file=game.properties --from-file=ui.properties -n aaa
$ kubectl describe cm/game-config-2 -n aaa
Name:         game-config-2
Namespace:    aaa
Labels:       <none>
Annotations:  <none>

Data
====
game.properties:
----
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
ui.properties:
----
color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice

Events:  <none>

4.3 configMap 的使用

# 创建一个 configMap 对象
$ vim configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-demo
  namespace: aaa
data:
  # 类属性键;每一个键都映射到一个简单的值
  player_initial_lives: "3"
  ui_properties_file_name: "user-interface.properties"

  # 类文件键
  game.properties: |
    enemy.types=aliens,monsters
    player.maximum-lives=5    
  user-interface.properties: |
    color.good=purple
    color.bad=yellow
    allow.textmode=true   

---
# 在 pod 中使用 configMap
apiVersion: v1
kind: Pod
metadata:
  name: configmap-demo-pod
  namespace: aaa
spec:
  containers:
    - name: demo
      image: alpine
      command: ["sleep", "3600"]
      env:
        # 定义环境变量
        - name: PLAYER_INITIAL_LIVES # 请注意这里和 ConfigMap 中的键名是不一样的
          valueFrom:
            configMapKeyRef:
              name: game-demo           # 这个值来自 ConfigMap
              key: player_initial_lives # 需要取值的键
        - name: UI_PROPERTIES_FILE_NAME
          valueFrom:
            configMapKeyRef:
              name: game-demo
              key: ui_properties_file_name
      volumeMounts:
        - name: config
          mountPath: "/config"
          readOnly: true
  volumes:
    # 你可以在 Pod 级别设置卷,然后将其挂载到 Pod 内的容器中
    - name: config
      configMap:
        # 提供你想要挂载的 ConfigMap 的名字
        name: game-demo
        # 来自 ConfigMap 的一组键,将被创建为文件
        items:
          - key: "game.properties"
            path: "game.properties"
          - key: "user-interface.properties"
            path: "user-interface.properties"

# 查看容器中的环境变量 PLAYER_INITIAL_LIVES 和 UI_PROPERTIES_FILE_NAME
$ kubectl exec -it pod/configmap-demo-pod -n aaa sh
/ # echo $PLAYER_INITIAL_LIVES
3
/ # echo $UI_PROPERTIES_FILE_NAME
user-interface.properties

# 查看挂载到 /config 目录下的文件是否存在
/ # ls -l /config/
total 0
lrwxrwxrwx    1 root     root            22 Sep 23 10:09 game.properties -> ..data/game.properties
lrwxrwxrwx    1 root     root            32 Sep 23 10:09 user-interface.properties -> ..data/user-interface.properties
# 查看文件的内容
/ # cat /config/game.properties 
enemy.types=aliens,monsters
player.maximum-lives=5
/ # cat /config/user-interface.properties 
color.good=purple
color.bad=yellow
allow.textmode=true

当 configMap 的值被修改后, pod 中的值不会被自动修改, 需要重启 pod 加载 configMap 的内容

$ vim configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-demo
  namespace: aaa
data:
  # 类属性键;每一个键都映射到一个简单的值
  player_initial_lives: "1"
  ui_properties_file_name: "user-interface.properties111"

  # 类文件键
  game.properties: |
    enemy.types=aliens,monsters1
    player.maximum-lives=51
  user-interface.properties: |
    color.good=purple1
    color.bad=yellow1
    allow.textmode=true1   
    
# 不重启 pod 查看环境变量是否更新了
$ kubectl exec -it pod/configmap-demo-pod -n aaa sh
/ # echo $PLAYER_INITIAL_LIVES 
3
/ # cat /config/game.properties 
enemy.types=aliens,monsters
player.maximum-lives=5

# 删除 pod 
$ kubectl delete pod/configmap-demo-pod -n aaa sh
# 重新创建
$ kubectl apply -f deploy.yaml
# 进入容器
$ kubectl exec -it pod/configmap-demo-pod -n aaa sh
# 查看环境变量的值和挂载上的文件的内容
/ # echo $UI_PROPERTIES_FILE_NAME
user-interface.properties111
/ # echo $PLAYER_INITIAL_LIVES
1
/ # cat /config/game.properties 
enemy.types=aliens,monsters1
player.maximum-lives=51
/ # cat /config/user-interface.properties 
color.good=purple1
color.bad=yellow1
allow.textmode=true1

4.4 不可变更的 configMap

当 configMap 被设置为不可变更之后,k8s 会关闭对 configMap 的监视操作, 降低对 kube-apiserver 的压力提升集群性能

configMap 的不可变更是不可逆的, 要想更改 configMap 的内容, 只能把当前不可变更的 configMap 删除掉重新创建

# 修改上面的 configmap.yaml 
$ vim configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-demo
  namespace: aaa
data:
  # 类属性键;每一个键都映射到一个简单的值
  player_initial_lives: "1"
  ui_properties_file_name: "user-interface.properties111"

  # 类文件键
  game.properties: |
    enemy.types=aliens,monsters1
    player.maximum-lives=51
  user-interface.properties: |
    color.good=purple1
    color.bad=yellow1
    allow.textmode=true1   
immutable: true

# 修改 configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-demo
  namespace: aaa
data:
  # 类属性键;每一个键都映射到一个简单的值
  player_initial_lives: "100"
  ui_properties_file_name: "user-interface.properties111"

  # 类文件键
  game.properties: |
    enemy.types=aliens,monsters1
    player.maximum-lives=51
  user-interface.properties: |
    color.good=purple1
    color.bad=yellow1
    allow.textmode=true1   
immutable: true

# 发布修改后的 configMap, 发现已经不可以修改了
$ kubectl apply -f configmap.yaml 
The ConfigMap "game-demo" is invalid: data: Forbidden: field is immutable when `immutable` is set

4.5 configMap 实操1

创建一个 nginx 容器, 增加 两个文件: index.html(自定义首页)/index1.html(自定义页面), 并且增加环境变量GOOD=kino

# 在文件夹中创建三个文件
echo "<h1>status: 200 no.1</h1>" > index.html
echo "<h1>status: 200 no.2</h1>" > index1.html

# 创建 configMap
kubectl create configmap nginx-config-1 --from-file=./ -n storage
或者
kubectl create configmap nginx-config-1 --from-file=index.html --from-file=index1.html -n storage

# 编辑 nginx 的 yaml 文件
vim configmap-01.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-config-2
  namespace: storage
data:
  name: kino
  color.good: purple
  color.bad: yellow
  allow.textmode: true
  how.nice.to.look: fairlyNice

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
  namespace: storage
spec:
  selector:
    matchLabels:
      app: my-nginx
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: my-nginx
    spec:
      containers:
      - name: my-nginx
        image: nginx
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
          limits:
            cpu: 100m
            memory: 100Mi
        env:
        - name: GOOD
          valueFrom:
            configMapKeyRef:
              name: nginx-config-2
              key: name
        ports:
        - containerPort:  80
          name:  my-nginx
        volumeMounts:
        - name: my-nginx-config-1
          mountPath: /usr/share/nginx/html/
      volumes:
        - name: my-nginx-config-1
          configMap:
            name: nginx-config-1
      restartPolicy: Always

# apply 
kubectl apply -f configmap-01.yaml
# 查看pod、cm
kubectl get pod,cm -n storage -o wide                                                                                                                                         Mon Jan 17 23:26:26 2022

NAME                            READY   STATUS    RESTARTS   AGE     IP           NODE      NOMINATED NODE   READINESS GATES
pod/my-nginx-784c7f4666-njn4l   1/1     Running   0          3m45s   10.244.1.8   flink02   <none>           <none>

NAME                       DATA   AGE
configmap/nginx-config-1   2      6m45s
configmap/nginx-config-2   5      3m45s

# 访问 两个 html 页面
curl 10.244.1.8
<h1>status: 200 no.1</h1>

curl 10.244.1.8/index1.html
<h1>status: 200 no.2</h1>

# 查看 GOOD 变量
kubectl exec -it pod/my-nginx-784c7f4666-njn4l -n storage bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
root@my-nginx-784c7f4666-njn4l:/# echo $GOOD
kino

4.6 configMap 实操2

自定义 my.cnf 文件, 修改字符集、连接数, 部署运行 mysql

vim mysql.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: mysql-config
  namespace: storage
data:
  my.cnf: |-
    [mysql]
    default-character-set=utf8

    [client]
    default-character-set=utf8

    [mysqld]
    # 字符集
    init_connect='SET NAMES utf8'
    # 最大连接数
    max_connections=1000
    # binlog
    log-bin=mysql-bin
    binlog-format=ROW
    # 忽略大小写
    lower_case_table_names=2
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
  namespace: storage
spec:
  selector:
    matchLabels:
      app: mysql
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:8
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"
        ports:
        - containerPort:  80
          name:  mysql
        volumeMounts:
        - name: config
          mountPath: /etc/mysql/conf.d
      volumes:
        - name: config
          configMap:
            name: mysql-config
      restartPolicy: Always

# 登录mysql
mysql> SHOW VARIABLES LIKE 'character%';
+--------------------------+--------------------------------+
| Variable_name            | Value                          |
+--------------------------+--------------------------------+
| character_set_client     | utf8mb3                        |
| character_set_connection | utf8mb3                        |
| character_set_database   | utf8mb4                        |
| character_set_filesystem | binary                         |
| character_set_results    | utf8mb3                        |
| character_set_server     | utf8mb4                        |
| character_set_system     | utf8mb3                        |
| character_sets_dir       | /usr/share/mysql-8.0/charsets/ |
+--------------------------+--------------------------------+
8 rows in set (0.00 sec)

mysql> show variables like '%max_connections%';
+------------------------+-------+
| Variable_name          | Value |
+------------------------+-------+
| max_connections        | 1000  |
| mysqlx_max_connections | 100   |
+------------------------+-------+
2 rows in set (0.00 sec)

4.7 configMap 实操3-subPath

subPath官方文档

在 k8s 中,volume 不能挂载到其他 volume 上,也不能与其他卷有硬链接。

不过可以使用 volumeMounts.subPath 属性指定所引用的卷内的子路径,而不是其根路径。

例如: 创建一个 nginx 容器,index.html 使用nginx 默认的,另外再挂载一个 login.html 进 /usr/share/nginx/html/login.html

# 创建login.html
$ echo "<h1>login.html</h1>" > login.html

# 创建 configmap
$ kubectl create configmap login-file --from-file=login.html -n kino

# 创建 nginx deploy
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
  namespace: kino
spec:
  selector:
    matchLabels:
      app: my-nginx
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: my-nginx
    spec:
      nodeName: jz-desktop-04
      containers:
      - name: my-nginx
        image: nginx
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
          limits:
            cpu: 100m
            memory: 100Mi
        ports:
        - containerPort:  80
          name:  my-nginx
        volumeMounts:
        - mountPath: /usr/share/nginx/html/login.html
          name: login-volume
          subPath: index.html
      restartPolicy: Always
      volumes:
      - name: login-volume
        configMap:
          name: login-file
          items:
          - key: "login.html"
            path: "login.html"
            
# 查看 /usr/share/nginx/html 下的文件是否被覆盖
root@my-nginx-8545c54cf6-kh58p:/usr/share/nginx/html# ls -l
total 12
-rw-r--r-- 1 root root  497 Jul 19 14:05 50x.html
-rw-r--r-- 1 root root   15 Oct  9 14:56 index.html
drwxrwxrwx 2 root root 4096 Oct  9 14:54 login.html   # subPath 挂载进来的

五、NFS

centos7 nfs安装部署

5.1 使用 nfs 挂载

vim nginx-nfs.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: storage
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
          limits:
            cpu: 100m
            memory: 100Mi
        ports:
        - containerPort:  80
          name: nginx
        volumeMounts:
        - name: nfs-volume
          mountPath: /usr/share/nginx/html/
      volumes:
        - name: nfs-volume
          nfs:
            server: 192.168.156.60
            path: /app/nfs
      restartPolicy: Always
 
 kubectl apply -f nginx-nfs.yaml
 
 # 在 /app/nfs 目录下创建 index.html 文件
 echo "hello nfs volume" > index.html
 
 
 # 访问 nginx 
 kubectl get pod -n storage -o wide
 pod/nginx-5d59d8d7fd-v744j      1/1     Running            0          3m44s   10.244.2.11   flink03   <none>           <none>

curl 10.244.2.11
hello nfs volume

六、PV、PVC

官方 PV、PVC 实战

PV、PVC 的官方文档

6.1 持久卷(PersistentVolume )

  • 持久卷(PersistentVolume,PV)是集群中的一块存储,可以由管理员事先供应,或者 使用存储类(Storage Class)来动态供应。
  • 持久卷是集群资源,就像节点也是集群资源一样。PV 持久卷和普通的 Volume 一样,也是使用 卷插件来实现的,只是它们拥有独立于使用他们的Pod的生命周期。
  • 此 API 对象中记述了存储的实现细节,无论其背后是 NFS、iSCSI 还是特定于云平台的存储系统。

6.1.1 示例

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-0001
  namespace: storage
spec:
  capacity:
    storage: 5Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  storageClassName: slow
  nfs:
    path: /app/nfs
    server: 192.168.156/60

参数说明:

  1. capacity.storage: 该 PV 的容量
  2. volumeMode: 卷模式, 默认为 Filesystem
  3. accessModes: 访问模式
    • ReadWriteOnce: 可以被一个节点以只读的方式挂载;
    • ReadOnlyMany: 可以被多个节点以只读的方式挂载;
    • ReadWriteMany: 可以被多个节点以读写的方式挂载;
    • ReadWriteOncePod: 卷可以被单个 Pod 以只读的方式挂载。如果需要集群中只有一个 Pod 可以读写该 PVC, 就需要用此访问模式.
  4. persistentVolumeReclaimPolicy: 回收策略
  5. storageClassName: 用于和 PVC 匹配

6.2 持久卷申请(PersistentVolumeClaim,PVC)

  • 表达的是用户对存储的请求
  • 概念上与 Pod 类似。 Pod 会耗用节点资源,而 PVC 申领会耗用 PV 资源。
  • Pod 可以请求特定数量的资源(CPU 和内存);同样 PVC 申领也可以请求特定的大小和访问模式 (例如,可以要求 PV 卷能够以 ReadWriteOnce、ReadOnlyMany 或 ReadWriteMany 模式之一来挂载,参见访问模式)。

6.2.1 示例

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: myclaim
  namespace: storage
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 8Gi
  storageClassName: slow

6.3 PV、PVC 实操

使用 PV、PVC、ConfigMap 部署一个单机版的 MySQL

# 1. 创建 my.cnf 文件并 create 为 configmap
cat >> my.cnf << EOF
[mysql]
default-character-set=utf8

[client]
default-character-set=utf8

[mysqld]
# 字符集
default-character-set=utf8
init_connect='SET NAMES utf8'
# 最大连接数
max_connections=1000
# binlog
log-bin=mysql-bin
binlog-format=ROW
# 忽略大小写
lower_case_table_names=2
EOF

kubectl create configmap mysql-config --from-file=my.cnf -n storage

# 2. 创建 PV
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-mysql-1
  namespace: storage
spec:
  capacity:
    storage: 50Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  storageClassName: my-nfs
  nfs:
    path: /app/nfs
    server: 192.168.156/60
    
# 3. 创建 PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-mysql-1
  namespace: storage
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 50Gi
  storageClassName: my-nfs

# 4. 创建 deploy 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql-pv
  namespace: storage
  labels:
    app: mysql-pv
spec:
  selector:
    matchLabels:
      app: mysql-pv
  replicas: 1
  template:
    metadata:
      labels:
        app:  mysql-pv
    spec:
      containers:
      - name: mysql-pv
        image: mysql:8
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"
        ports:
        - containerPort:  80
          name: mysql-pv
        volumeMounts:
        - name: mysql-storage
          mountPath: /var/lib/mysql
        - name: my-config
          mountPath: /etc/mysql/conf.d
        - name: time-zone
          mountPath: /etc/localtime
      volumes:
        - name: mysql-storage
          persistentVolumeClaim:
            claimName: pvc-mysql-1
        - name: my-config
          configMap: 
            name: mysql-config
        - name: time-zone
          hostPath: 
            path: /etc/localtime
      restartPolicy: Always

6.4 动态存储类(Storage Class)

  • 尽管 PersistentVolumeClaim 允许用户消耗抽象的存储资源,常见的情况是针对不同的 问题用户需要的是具有不同属性(如,性能)的 PersistentVolume 卷。
  • 集群管理员需要能够提供不同性质的 PersistentVolume,并且这些 PV 卷之间的差别不 仅限于卷大小和访问模式,同时又不能将卷是如何实现的这些细节暴露给用户。
  • 为了满足这类需求,就有了 存储类(StorageClass) 资源。

官方部署文档

6.4.1 部署

# 创建存储类
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: managed-nfs-storage
# provisioner: 指定供应商的名字
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner # or choose another name, must match deployment's env PROVISIONER_NAME'
parameters:
  archiveOnDelete: "false"
  
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfs-client-provisioner
  labels:
    app: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: default
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nfs-client-provisioner
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: k8s-sigs.io/nfs-subdir-external-provisioner
            # 改成自己的 NFS 地址
            - name: NFS_SERVER
              value: 192.168.156.60
            - name: NFS_PATH
              value: /app/nfs
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.156.60
            path: /app/nfs
            
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: default
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: default
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io

6.4.2 设置默认

方式一:

## 创建了一个存储类
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  # 设置为默认存储类
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"

方式二:

kubectl patch storageclass managed-nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'

6.4.3 案例

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: mysql-config
  namespace: storage
data:
  my.cnf: |
    [mysql]
    default-character-set=utf8
    [client]
    default-character-set=utf8
    [mysqld]
    default-character-set=utf8
    init_connect='SET NAMES utf8'
    max_connections=1000
    log-bin=mysql-bin
    binlog-format=ROW
    lower_case_table_names=2
---
# 3. 创建 PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-pvc
  namespace: storage
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 50Gi
  # storageClassName: my-nfs

# 4. 创建 deploy 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql-pv
  namespace: storage
  labels:
    app: mysql-pv
spec:
  selector:
    matchLabels:
      app: mysql-pv
  replicas: 1
  template:
    metadata:
      labels:
        app:  mysql-pv
    spec:
      containers:
      - name: mysql-pv
        image: mysql:8
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"
        ports:
        - containerPort:  80
          name: mysql-pv
        volumeMounts:
        - name: mysql-storage
          mountPath: /var/lib/mysql
        - name: my-config
          mountPath: /etc/mysql/conf.d
        - name: time-zone
          mountPath: /etc/localtime
      volumes:
        - name: mysql-storage
          persistentVolumeClaim:
            claimName: mysql-pvc
        - name: my-config
          configMap: 
            name: mysql-config
        - name: time-zone
          hostPath: 
            path: /etc/localtime
      restartPolicy: Always

查看 pv/pvc

$ kubectl get pv,pvc -A -owide
NAME                                                        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM               STORAGECLASS          REASON   AGE    VOLUMEMODE
persistentvolume/pvc-bc727051-8426-4249-8e13-8414eb5279f0   50Gi       RWO            Delete           Bound    storage/mysql-pvc   managed-nfs-storage            4m4s   Filesystem

NAMESPACE   NAME                              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS          AGE    VOLUMEMODE
storage     persistentvolumeclaim/mysql-pvc   Bound    pvc-bc727051-8426-4249-8e13-8414eb5279f0   50Gi       RWO            managed-nfs-storage   4m4s   Filesystem