Kubernetes存储卷
大约 5 分钟Kubernetes指南Kubernetes存储卷
Kubernetes存储卷
Kubernetes存储卷概述
Kubernetes存储卷(Volume)是Pod中能够被多个容器访问的共享目录,用于解决容器数据持久化和容器间数据共享的问题。存储卷的生命周期与Pod相同,但独立于容器的生命周期。
存储卷类型
1. emptyDir存储卷
emptyDir是最基础的存储卷类型,它在Pod分配到Node时创建,初始为空,Pod从Node移除时数据会被永久删除。
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}使用场景:
- 临时空间,如合并/排序算法中的临时文件
- 检查点文件的长期保存
- Web服务器中的内容管理器
2. hostPath存储卷
hostPath允许挂载Node文件系统上的文件或目录到Pod中。
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /test-pd
name: test-volume
volumes:
- name: test-volume
hostPath:
# 宿主机上的目录位置
path: /data
# 类型检查
type: DirectoryhostPath类型:
DirectoryOrCreate:如果目录不存在则创建Directory:必须存在目录FileOrCreate:如果文件不存在则创建File:必须存在文件Socket:必须存在UNIX套接字CharDevice:必须存在字符设备BlockDevice:必须存在块设备
3. PersistentVolume (PV) 和 PersistentVolumeClaim (PVC)
PV和PVC提供了存储的持久化解决方案,将存储的使用和管理分离。
PersistentVolume配置:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-volume
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data"PersistentVolumeClaim配置:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pv-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi在Pod中使用PVC:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: myfrontend
image: nginx
volumeMounts:
- mountPath: "/var/www/html"
name: mypd
volumes:
- name: mypd
persistentVolumeClaim:
claimName: pv-claim4. ConfigMap存储卷
ConfigMap存储卷用于将配置数据注入到Pod中。
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: k8s.gcr.io/busybox
command: [ "/bin/sh", "-c", "ls /etc/config/" ]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
# 提供包含配置数据的ConfigMap的名称
name: special-config
restartPolicy: Never5. Secret存储卷
Secret存储卷用于将敏感数据注入到Pod中。
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret6. NFS存储卷
NFS存储卷允许挂载NFS共享目录到Pod中。
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /my-nfs-data
name: test-volume
volumes:
- name: test-volume
nfs:
server: nfs-server.example.com
path: "/"存储类(StorageClass)
StorageClass为管理员提供了描述存储"类"的方法,可以动态分配PV。
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
reclaimPolicy: Retain
allowVolumeExpansion: true
mountOptions:
- debug
volumeBindingMode: Immediate动态存储分配
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: fast
resources:
requests:
storage: 10Gi卷挂载高级配置
1. 子路径挂载
apiVersion: v1
kind: Pod
metadata:
name: my-lamp-site
spec:
containers:
- name: mysql
image: mysql
volumeMounts:
- mountPath: /var/lib/mysql
name: site-data
subPath: mysql
- name: php
image: php:7.0-apache
volumeMounts:
- mountPath: /var/www/html
name: site-data
subPath: html
volumes:
- name: site-data
persistentVolumeClaim:
claimName: my-lamp-site-data2. 只读挂载
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mycontainer
image: nginx
volumeMounts:
- mountPath: /usr/share/nginx/html
name: mypd
readOnly: true
volumes:
- name: mypd
persistentVolumeClaim:
claimName: myclaim3. 挂载传播
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mycontainer
image: nginx
volumeMounts:
- mountPath: /usr/share/nginx/html
name: mypd
mountPropagation: HostToContainer
volumes:
- name: mypd
hostPath:
path: /data存储卷最佳实践
1. 数据持久化策略
# 为数据库使用持久化存储
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- image: mysql:5.7
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: "password"
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim2. 存储性能优化
# 使用SSD存储类
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: fast-ssd-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: ssd
resources:
requests:
storage: 100Gi3. 存储安全配置
# 配置安全上下文
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext:
fsGroup: 2000
containers:
- name: sec-ctx-demo
image: busybox
securityContext:
runAsUser: 1000
volumeMounts:
- name: sec-ctx-vol
mountPath: /data/demo
volumes:
- name: sec-ctx-vol
emptyDir: {}存储故障排查
1. 常见问题诊断
# 查看PV状态
kubectl get pv
# 查看PVC状态
kubectl get pvc
# 查看存储类
kubectl get storageclass
# 查看Pod存储挂载情况
kubectl describe pod pod-name2. 存储性能监控
# 查看存储使用情况
kubectl top nodes
kubectl top pods
# 使用监控工具
kubectl exec -it pod-name -- df -h
kubectl exec -it pod-name -- iostat -x 1 53. 存储容量管理
# 查看存储容量
kubectl get pv -o custom-columns=NAME:.metadata.name,CAPACITY:.spec.capacity.storage,STATUS:.status.phase
# 扩展PVC容量
kubectl patch pvc pvc-name -p '{"spec":{"resources":{"requests":{"storage":"20Gi"}}}}'第三方存储解决方案
1. 云存储集成
# AWS EBS
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-aws-ebs
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
awsElasticBlockStore:
volumeID: vol-0123456789abcdef0
fsType: ext4# GCE Persistent Disk
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-gce-pd
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
gcePersistentDisk:
pdName: my-disk
fsType: ext42. Ceph集成
# Ceph RBD
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-ceph-rbd
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
rbd:
monitors:
- '10.16.154.78:6789'
- '10.16.154.82:6789'
- '10.16.154.83:6789'
pool: kube
image: foo
user: admin
secretRef:
name: ceph-secret
fsType: ext4
readOnly: true3. NFS集成
# NFS Subdir External Provisioner
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs-client
resources:
requests:
storage: 10Gi存储卷管理命令
| 命令 | 说明 |
|---|---|
kubectl get pv | 查看持久化卷 |
kubectl get pvc | 查看持久化卷声明 |
kubectl get storageclass | 查看存储类 |
kubectl describe pv pv-name | 查看PV详细信息 |
kubectl describe pvc pvc-name | 查看PVC详细信息 |
kubectl patch pvc pvc-name | 更新PVC配置 |
kubectl delete pv pv-name | 删除持久化卷 |
kubectl delete pvc pvc-name | 删除持久化卷声明 |
总结
Kubernetes存储卷为容器化应用提供了灵活的数据持久化和共享解决方案。通过合理选择和配置存储卷类型,可以满足不同应用场景的需求。在实际应用中,应该根据数据的重要性和访问模式,选择合适的存储方案,并实施适当的备份和监控策略,确保数据的安全性和可靠性。