add 持久化

3 years ago · 5236c4469c
2 changed files with 291 additions and 0 deletions
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -43,6 +43,7 @@
 - [Docker 中文指南](https://github.com/widuu/chinese_docker/blob/master/SUMMARY.md)
 - [Docker 官方文档](https://docs.docker.com/reference/)
 - [阿里k8s 项目实战手册](k8s&container/ali-kubernetes.pdf)
+- [k8s 数据持久化](k8s&container/storage-examples.md)
 - [k8s 技术文档](k8s&container/k8s-map.pdf)
 - [云原生介绍](k8s&container/cloud-native.pdf)
 - [wsl2 安装和配置优化](k8s&container/WSL2-start.pdf)
--- a/k8s&container/storage-examples.md
+++ b/k8s&container/storage-examples.md
@ -0,0 +1,290 @@
+
+
+`pv` : 是对底层存储的抽象，将存储定义为一种“资源”
+
+
+
+`pvc`: 客户端对存储资源的一个“申请”
+
+
+
+`storageclass`： 对存储类型的抽象定义，用于标记存储资源的特性和性能， localhost、nfs 、ceph 。。。
+
+
+
+# 持久化
+
+
+
+## 静态供应
+
+`pv` 是管理员创建的。
+
+
+
+```yaml
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: localhost-pv
+  labels:
+    type: local
+spec:
+  storageClassName: localhostpath
+  capacity:
+    storage: 15Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/home/dragon/storage"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: localhostpath-pvc
+  namespace: dragon
+spec:
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
+  storageClassName: localhostpath
+```
+
+
+
+`pv ` 关键的配置
+
+- **1、存储能力（Capacity）** 
+- **2、存储卷模式（Volume Mode）**
+- **3、访问模式（Access Modes）**
+- **4、存储类别（Class）**
+- **5、回收策略（Reclaim Policy）**
+
+
+
+### 访问模式：
+
+◎ ReadWriteOnce（RWO）：读写权限，并且只能被单个Node挂载。
+
+◎ ReadOnlyMany（ROX）：只读权限，允许被多个Node挂载。
+
+◎ ReadWriteMany（RWX）：读写权限，允许被多个Node挂载。
+
+
+
+### 回收策略
+
+通过 __persistentVolumeReclaimPolicy__ 字段设置，
+
+◎ Retain 保留：保留数据，需要手工处理。
+
+◎ Recycle 回收空间：简单清除文件的操作（例如执行rm -rf /thevolume/* 命令）。
+
+◎ Delete 删除：与PV相连的后端存储完成Volume的删除操作
+
+
+
+## 动态供应
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: localhostpath
+  namespace: dragon
+spec:
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 8Gi
+  storageClassName: localhostpath
+```
+
+
+
+
+
+## 使用
+
+```yaml
+kind: Pod
+apiVersion: v1
+metadata:
+  name: my-app
+spec:
+  containers:
+    - name: my-frontend
+      image: busybox
+      volumeMounts:
+      - mountPath: "/scratch"
+        name: scratch-volume
+      command: [ "sleep", "1000000" ]
+  volumes:
+    - name: scratch-volume
+      persistentVolumeClaim:
+        claimName: localhostpath
+
+```
+
+
+
+# Secret
+
+
+
+## TLS
+
+```shell
+kubectl create secret tls ${secret_name} --namespace=${namespace} --key=${key} --cert=${cert}
+```
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-tls
+  namespace: dragon
+type: kubernetes.io/tls
+data:
+  tls.crt: |
+    <base64 encoded  >
+  tls.key: |
+    <base64 encoded  >
+
+```
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-tls
+  namespace: dragon
+type: kubernetes.io/tls
+stringData:
+  tls.crt: |
+    "<raw string>"
+  tls.key: |
+    "<raw string>"
+```
+
+### 使用
+
+```yaml
+kind: Ingress
+apiVersion: extensions/v1beta1
+metadata:
+  name: web-console
+  namespace: anxincloud
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.org/redirect-to-https: 'true'
+spec:
+  tls:
+    - hosts:
+        - console.anxinyun.cn
+      secretName: anxincloud-root-secret
+  rules:
+    - host: console.anxinyun.cn
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              serviceName: web-console
+              servicePort: 9083
+```
+
+
+
+## dockerconfigjson
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-dockercfg
+type: kubernetes.io/dockercfg
+data:
+  .dockercfg: |
+        "<base64 encoded ~/.dockercfg file>"
+```
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-dockercfg
+type: kubernetes.io/dockercfg
+stringData:
+  .dockercfg: |
+    {
+      "auths": {
+              "https://registry.cn-hangzhou.aliyuncs.com": {
+              "username": "hi50040201@aliyun.com",
+              "password": "V9rtCnt$f",
+              "email": "huang.li@free-sun.com.cn",
+              "auth": "aGk1MDA0MDIwMUBhbGl5dW4uY29tOlY5cnRDbnQkZg=="
+          }
+      }
+    }
+
+```
+
+## 使用
+
+```yaml
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: api-anxincloud
+  namespace: anxincloud
+  labels:
+    app: api-anxincloud
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: api-anxincloud
+  template:
+    metadata:
+      labels:
+        app: api-anxincloud
+    spec:
+      containers:
+        - name: api-anxincloud
+          image: >-
+            registry.cn-hangzhou.aliyuncs.com/fs-cloud/anxinyun-web.api:179.21-12-15
+          command:
+            - node
+            - server.js
+          ports:
+            - name: http-8080
+              containerPort: 8080
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: cm-anxincloud
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always
+      nodeSelector:
+        app.type: web
+      imagePullSecrets:
+        - name: registry-secret
+
+```
+
+
+
+
+
+# ConfigMap
+
+
+