八、kubernetes之存儲卷資源

1、存儲卷的類型

• emptyDir：在宿主機上分一塊內存空間給pod當作存儲空間
• hostPath：在宿主機上分一塊磁盤空間給pod當作存儲空間
• 網絡存儲：
  • SAN：iSCSI，FC
  • NAS：nfs，cifs
  • 分佈式存儲：glusterfs，rbd，cephfs，...
  • 雲存儲：EBS，Azure，Disk

# kubectl explain  pods.spec.volumes  #查看k8s支持的存儲

2、emptyDir

apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-demo
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    dongfei.tech/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    volumeMounts:
    - name: htmlvomumes
      mountPath: /data/web/html2/
  volumes:
    - name: htmlvomumes
      emptyDir: 
        medium: ""  #使用宿主機內存當作磁盤掛載
        sizeLimit: "1024"  #限制使用的內存

3、hostPath

apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-hostpath
  namespace: default
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: html
    hostPath:
      path: /data/pod/volume1  #node節點路徑
      type: DirectoryOrCreate  #文件夾不存在則建立

4、nfs

• 搭建/測試nfs-server

# yum install nfs-utils -y
# mkdir /data/volumes/
# vim /etc/exports
/data/volumes   192.168.100.0/24(rw,no_root_squash)
# systemctl start nfs
# systemctl enable nfs

# mount -t nfs 192.168.100.1:/data/volumes /mnt/

apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-nfs
  namespace: default
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: html
    nfs:
      path: /data/volumes
      server: 192.168.100.1

5、pv和pvc

# kubectl explain pv
# kubectl explain pvc
# kubectl get pv
# kubectl get pvc

一、提早準備PV的方式

• 準備存儲空間

# mkdir -p /data/volumes/v{1,2,3,4,5}
# vim /etc/exports
/data/volumes/v1        192.168.100.0/24(rw,no_root_squash)
/data/volumes/v2        192.168.100.0/24(rw,no_root_squash)
/data/volumes/v3        192.168.100.0/24(rw,no_root_squash)
/data/volumes/v4        192.168.100.0/24(rw,no_root_squash)
/data/volumes/v5        192.168.100.0/24(rw,no_root_squash)
# exportfs -arv
# showmount -e

• 建立pv

訪問模型（accessModes <[]string>）：https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv001
  labels:
    name: pv001
spec:
  nfs:
    path: /data/volumes/v1
    server: 192.168.100.1
  accessModes: ["ReadWriteMany","ReadWriteOnce"]
  capacity:
    storage: 3Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv002
  labels:
    name: pv002
spec:
  nfs:
    path: /data/volumes/v2
    server: 192.168.100.1
  accessModes: ["ReadWriteOnce"]
  capacity:
    storage: 5Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv003
  labels:
    name: pv003
spec:
  nfs:
    path: /data/volumes/v3
    server: 192.168.100.1
  accessModes: ["ReadWriteOnce"]
  capacity:
    storage: 50Gi

• 建立pvc

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc001
  namespace: default
spec:
  accessModes: ["ReadWriteOnce"]
  resources: 
    requests: 
      storage: 6Gi  #要求綁定大於6G的pv
---
apiVersion: v1
kind: Pod
metadata:
  name: pod-vol-pvc
  namespace: default
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: html
    persistentVolumeClaim:
      claimName: pvc001

二、按pvc須要自動建立pv

• 須要支持resfull風格api的存儲來請求動態建立存儲，實現動態請求建立pv

6、configmap和secret

• secret和configmap是兩個特殊的存儲卷，用於用戶將集羣外的配置注入pod
• secret和configmap的功能相同，configmap以明文存儲，secret是用base64編碼存放

配置容器化應用的方式：

1. 自定義命令行參數：args: []
2. 把配置文件直接copy進鏡像
3. 環境變量加載配置
   1. cloud native的應用程序通常可經過環境變量加載配置
   2. 經過entrypoint腳原本預處理變量爲配置文件中的配置信息
4. 存儲卷

# kubectl explain cm

• 命令行直接建立cm

# kubectl create configmap nginx-config --from-literal=nginx_port=80 --from-literal=server_name=myapp.dongfei.tech
# kubectl get cm
# kubectl describe cm nginx-config

• 命令行建立secret

# kubectl create secret generic mysql-root-password --from-literal=password=My@Pass
# kubectl get secret
# kubectl describe secret mysql-root-password
# kubectl get secret mysql-root-password -o yaml
# echo TXlAUGFzcw== |base64 -d  #解碼
My@Pass

• 將配置文件建立爲cm

# cat www.conf 
server {
        server_name myapp.dongfei.tech;
        listen 80;
        root /data/web/html;
}
# kubectl create configmap nginx-www --from-file=./www.conf  #不指定key則將文件名當作key，文件內容當作value

• 將cm經過環境變量注入pod

apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-1
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    dongfei.tech/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    env:
    - name: NGINX_SERVER_PORT
      valueFrom:
        configMapKeyRef:
          name: nginx-config
          key: nginx_port
    - name: NGINX_SERVER_NAME
      valueFrom:
        configMapKeyRef:
          name: nginx-config
          key: server_name

• 將cm經過存儲卷方式以文件注入容器

apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-2
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    dongfei.tech/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    volumeMounts:
    - name: nginxconf
      mountPath: /etc/nginx/conf.d/
      readOnly: true
  volumes:
  - name: nginxconf
    configMap:
      name: nginx-www

• 將secret經過環境變量方式注入容器

apiVersion: v1
kind: Pod
metadata:
  name: pod-secret-1
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    dongfei.tech/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    env:
    - name: MYSQL_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          name: mysql-root-password
          key: password