From 5236c4469c154194d3aa11208ac13fde4daf2677 Mon Sep 17 00:00:00 2001 From: dragon Date: Mon, 20 Dec 2021 17:33:00 +0800 Subject: [PATCH] =?UTF-8?q?add=20=E6=8C=81=E4=B9=85=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- SUMMARY.md | 1 + k8s&container/storage-examples.md | 290 ++++++++++++++++++++++++++++++ 2 files changed, 291 insertions(+) create mode 100644 k8s&container/storage-examples.md diff --git a/SUMMARY.md b/SUMMARY.md index 4a7d536..c4c6ddf 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -43,6 +43,7 @@ - [Docker 中文指南](https://github.com/widuu/chinese_docker/blob/master/SUMMARY.md) - [Docker 官方文档](https://docs.docker.com/reference/) - [阿里k8s 项目实战手册](k8s&container/ali-kubernetes.pdf) +- [k8s 数据持久化](k8s&container/storage-examples.md) - [k8s 技术文档](k8s&container/k8s-map.pdf) - [云原生介绍](k8s&container/cloud-native.pdf) - [wsl2 安装和配置优化](k8s&container/WSL2-start.pdf) diff --git a/k8s&container/storage-examples.md b/k8s&container/storage-examples.md new file mode 100644 index 0000000..4dd54b0 --- /dev/null +++ b/k8s&container/storage-examples.md @@ -0,0 +1,290 @@ + + +`pv` : 是对底层存储的抽象,将存储定义为一种“资源” + + + +`pvc`: 客户端对存储资源的一个“申请” + + + +`storageclass`: 对存储类型的抽象定义,用于标记存储资源的特性和性能, localhost、nfs 、ceph 。。。 + + + +# 持久化 + + + +## 静态供应 + +`pv` 是管理员创建的。 + + + +```yaml +kind: PersistentVolume +apiVersion: v1 +metadata: + name: localhost-pv + labels: + type: local +spec: + storageClassName: localhostpath + capacity: + storage: 15Gi + accessModes: + - ReadWriteOnce + hostPath: + path: "/home/dragon/storage" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: localhostpath-pvc + namespace: dragon +spec: + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: localhostpath +``` + + + +`pv ` 关键的配置 + +- **1、存储能力(Capacity)** +- **2、存储卷模式(Volume Mode)** +- **3、访问模式(Access Modes)** +- **4、存储类别(Class)** +- **5、回收策略(Reclaim Policy)** + + + +### 访问模式: + +◎ ReadWriteOnce(RWO):读写权限,并且只能被单个Node挂载。 + +◎ ReadOnlyMany(ROX):只读权限,允许被多个Node挂载。 + +◎ ReadWriteMany(RWX):读写权限,允许被多个Node挂载。 + + + +### 回收策略 + +通过 __persistentVolumeReclaimPolicy__ 字段设置, + +◎ Retain 保留:保留数据,需要手工处理。 + +◎ Recycle 回收空间:简单清除文件的操作(例如执行rm -rf /thevolume/* 命令)。 + +◎ Delete 删除:与PV相连的后端存储完成Volume的删除操作 + + + +## 动态供应 + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: localhostpath + namespace: dragon +spec: + volumeMode: Filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 8Gi + storageClassName: localhostpath +``` + + + + + +## 使用 + +```yaml +kind: Pod +apiVersion: v1 +metadata: + name: my-app +spec: + containers: + - name: my-frontend + image: busybox + volumeMounts: + - mountPath: "/scratch" + name: scratch-volume + command: [ "sleep", "1000000" ] + volumes: + - name: scratch-volume + persistentVolumeClaim: + claimName: localhostpath + +``` + + + +# Secret + + + +## TLS + +```shell +kubectl create secret tls ${secret_name} --namespace=${namespace} --key=${key} --cert=${cert} +``` + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: secret-tls + namespace: dragon +type: kubernetes.io/tls +data: + tls.crt: | + + tls.key: | + + +``` + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: secret-tls + namespace: dragon +type: kubernetes.io/tls +stringData: + tls.crt: | + "" + tls.key: | + "" +``` + +### 使用 + +```yaml +kind: Ingress +apiVersion: extensions/v1beta1 +metadata: + name: web-console + namespace: anxincloud + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.org/redirect-to-https: 'true' +spec: + tls: + - hosts: + - console.anxinyun.cn + secretName: anxincloud-root-secret + rules: + - host: console.anxinyun.cn + http: + paths: + - path: / + pathType: Prefix + backend: + serviceName: web-console + servicePort: 9083 +``` + + + +## dockerconfigjson + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: secret-dockercfg +type: kubernetes.io/dockercfg +data: + .dockercfg: | + "" +``` + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: secret-dockercfg +type: kubernetes.io/dockercfg +stringData: + .dockercfg: | + { + "auths": { + "https://registry.cn-hangzhou.aliyuncs.com": { + "username": "hi50040201@aliyun.com", + "password": "V9rtCnt$f", + "email": "huang.li@free-sun.com.cn", + "auth": "aGk1MDA0MDIwMUBhbGl5dW4uY29tOlY5cnRDbnQkZg==" + } + } + } + +``` + +## 使用 + +```yaml +kind: Deployment +apiVersion: apps/v1 +metadata: + name: api-anxincloud + namespace: anxincloud + labels: + app: api-anxincloud +spec: + replicas: 3 + selector: + matchLabels: + app: api-anxincloud + template: + metadata: + labels: + app: api-anxincloud + spec: + containers: + - name: api-anxincloud + image: >- + registry.cn-hangzhou.aliyuncs.com/fs-cloud/anxinyun-web.api:179.21-12-15 + command: + - node + - server.js + ports: + - name: http-8080 + containerPort: 8080 + protocol: TCP + envFrom: + - configMapRef: + name: cm-anxincloud + imagePullPolicy: IfNotPresent + restartPolicy: Always + nodeSelector: + app.type: web + imagePullSecrets: + - name: registry-secret + +``` + + + + + +# ConfigMap + + +