06.持久化存储PV,PVC、ConfigMap、Secret
一、NFS方式挂载
1.服务端(主节点)安装,安装在K8S主节点
sudo apt install -y nfs-kernel-server2.客户端(子节点)安装
sudo apt install nfs-common3.所有机器创建同步目录
mkdir -p /nfs/data/4.主节点执行
vim /etc/exports/nfs/data/ *(rw,sync,no_root_squash,no_subtree_check)
systemctl enable rpcbind --now
systemctl enable nfs-server --now
exportfs -r5.子节点
查看主节点哪些目录可以同步挂载
showmount -e 主节点IP
showmount -e 192.168.192.130所有子节点执行
mount -t nfs 主节点IP:主节点目录 本机目录
mount -t nfs 192.168.192.130:/nfs/data /nfs/data6.K8S挂载
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: nginx-pv
name: nginx-pv
spec:
replicas: 2
selector:
matchLabels:
k8s-app: nginx-pv
template:
metadata:
labels:
k8s-app: nginx-pv
spec:
containers:
- image: nginx
name: nginx-name
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
volumes:
- name: html
nfs:
server: 192.168.192.130
path: /nfs/data/nginx-pv
7.原生NFS缺点
*挂载的目录下需要手动创建,如:nginx-pv
*删除Pod挂载的数据不会自动删除
*挂载的目录使用容量没办法控制
二、在原生的NFS扩展PV,PVC(静态PV池)
PV(PersistentVolume):持久卷(存数据的地方),将应用需要持久化的数据保存到指定位置
PVC(PersistentVolumeClaim):持久卷申明,申明需要使用的持久卷规格
1.创建PV静态池
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-10m
spec:
capacity:
storage: 10m
accessModes:
- ReadWriteMany
storageClassName: storage-nfs
nfs:
path: /nfs/data/10m
server: 192.168.192.130
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-1gi
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: storage-nfs
nfs:
path: /nfs/data/1gi
server: 192.168.192.130
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-3gi
spec:
capacity:
storage: 3Gi
accessModes:
- ReadWriteMany
storageClassName: storage-nfs
nfs:
path: /nfs/data/3gi
server: 192.168.192.130
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-5gi
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
storageClassName: storage-nfs
nfs:
path: /nfs/data/5gi
server: 192.168.192.130注:需要提前创建好storage对应的文件夹
2.查看创建的pv
kubectl get pv3.申请pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nginx-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200Mi
storageClassName: storage-nfs
4.pv,pvc查看
kubectl get pvc,pv5.创建nginx使用pvc
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: nginx-pv
name: nginx-pv
spec:
replicas: 2
selector:
matchLabels:
k8s-app: nginx-pv
template:
metadata:
labels:
k8s-app: nginx-pv
spec:
containers:
- image: nginx
name: nginx-name
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
volumes:
- name: html
persistentVolumeClaim:
claimName: nginx-pvc三、动态PV池加默认存储
1.下载nfs-subdir-external-provisioner中的deploy目录
https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
2.将class.yaml、deployment.yaml、rbac.yaml合并为一个yaml
3.添加默认存储
4.修改镜像、nfs主机地址和文件地址
默认镜像添加阿里加速镜像服务器步骤,点这里
5.修改后的yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.kubernetes.io/is-default-class: "true"
name: nfs-client
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner # or choose another name, must match deployment's env PROVISIONER_NAME'
parameters:
archiveOnDelete: "false"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
labels:
app: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nfs-client-provisioner
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: registry.cn-shenzhen.aliyuncs.com/atomic/nfs-subdir-external-provisioner:v4.0.2
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: k8s-sigs.io/nfs-subdir-external-provisioner
- name: NFS_SERVER
value: 192.168.192.130
- name: NFS_PATH
value: /nfs/data
volumes:
- name: nfs-client-root
nfs:
server: 192.168.192.130
path: /nfs/data
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
四、ConfigMap
1.创建redis配置
redis.conf
2.配置生成configMap
方式一
kubectl create cm redis-conf --from-file=redis.conf方式二
apiVersion: v1
kind: ConfigMap
#data是所有真正的配置文件内容,key为文件名,value为文件内容
data:
redis.conf: |
appendonly yes
metadata:
name: redis-conf3.查看
kubectl get cm
4.查看yaml
kubectl get cm redis-conf -o yaml
5.创建redis配置使用configMap
apiVersion: v1
kind: Pod
metadata:
name: redis
spec:
containers:
- name: redis
image: redis
command: #运行命令
- redis-server
- "/redis-master/redis.conf" #指定配置文件运行,文件在容器内部
ports: #暴露端口
- containerPort: 6379
volumeMounts:
- mountPath: /data #数据存储目录
name: data
- mountPath: /redis-master #指定配置文件的,配置文件目录
name: config
volumes:
- name: data #存储目录-名称对应上面的
emptyDir: {}
- name: config #配置文件
configMap:
name: redis-conf #这个名字对应configMap名称
items:
- key: redis.conf #cm的Key名称
path: redis.conf #配置文件的名称
五、Secret
1.创建secret
kubectl create secret docker-registry <secret名称> \
--docker-server=<镜像仓库服务器> \
--docker-username=<用户名> \
--docker-password=<密码> \
--docker-email=<邮箱>
kubectl create secret docker-registry lry-ali-docker \
--docker-server=registry.cn-shenzhen.aliyuncs.com \
--docker-username=hixxxx@aliyun.com \
--docker-password=xxxxx \
--docker-email=hixxxxaliyun.com2.查询
kubectl get secret3.使用
apiVersion: v1
kind: Pod
metadata:
name: private-nginx
spec:
containers:
- name: private-nginx
image: registry.cn-shenzhen.aliyuncs.com/atomic/ingress8000:v1
imagePullSecrets:
- name: lry-ali-docker赞(1)
赏