You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4.8 KiB

pv : 是对底层存储的抽象,将存储定义为一种“资源”

pvc: 客户端对存储资源的一个“申请”

storageclass: 对存储类型的抽象定义,用于标记存储资源的特性和性能, localhost、nfs 、ceph 。。。

持久化

静态供应

pv 是管理员创建的。

kind: PersistentVolume
apiVersion: v1
metadata:
  name: localhost-pv
  labels:
    type: local
spec:
  storageClassName: localhostpath
  capacity:
    storage: 15Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/home/dragon/storage"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: localhostpath-pvc
  namespace: dragon
spec:
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi
  storageClassName: localhostpath

pv 关键的配置

  • 1、存储能力(Capacity)
  • 2、存储卷模式(Volume Mode)
  • 3、访问模式(Access Modes)
  • 4、存储类别(Class)
  • 5、回收策略(Reclaim Policy)

访问模式:

◎ ReadWriteOnce(RWO):读写权限,并且只能被单个Node挂载。

◎ ReadOnlyMany(ROX):只读权限,允许被多个Node挂载。

◎ ReadWriteMany(RWX):读写权限,允许被多个Node挂载。

回收策略

通过 persistentVolumeReclaimPolicy 字段设置,

◎ Retain 保留:保留数据,需要手工处理。

◎ Recycle 回收空间:简单清除文件的操作(例如执行rm -rf /thevolume/* 命令)。

◎ Delete 删除:与PV相连的后端存储完成Volume的删除操作

动态供应

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: localhostpath
  namespace: dragon
spec:
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 8Gi
  storageClassName: localhostpath

使用

kind: Pod
apiVersion: v1
metadata:
  name: my-app
spec:
  containers:
    - name: my-frontend
      image: busybox
      volumeMounts:
      - mountPath: "/scratch"
        name: scratch-volume
      command: [ "sleep", "1000000" ]
  volumes:
    - name: scratch-volume
      persistentVolumeClaim:
        claimName: localhostpath

Secret

TLS

kubectl create secret tls ${secret_name} --namespace=${namespace} --key=${key} --cert=${cert}
apiVersion: v1
kind: Secret
metadata:
  name: secret-tls
  namespace: dragon
type: kubernetes.io/tls
data:
  tls.crt: |
        <base64 encoded  >
  tls.key: |
        <base64 encoded  >

apiVersion: v1
kind: Secret
metadata:
  name: secret-tls
  namespace: dragon
type: kubernetes.io/tls
stringData:
  tls.crt: |
        "<raw string>"
  tls.key: |
        "<raw string>"

使用

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: web-console
  namespace: anxincloud
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.org/redirect-to-https: 'true'
spec:
  tls:
    - hosts:
        - console.anxinyun.cn
      secretName: anxincloud-root-secret
  rules:
    - host: console.anxinyun.cn
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              serviceName: web-console
              servicePort: 9083

dockerconfigjson

apiVersion: v1
kind: Secret
metadata:
  name: secret-dockercfg
type: kubernetes.io/dockercfg
data:
  .dockercfg: |
                "<base64 encoded ~/.dockercfg file>"
apiVersion: v1
kind: Secret
metadata:
  name: secret-dockercfg
type: kubernetes.io/dockercfg
stringData:
  .dockercfg: |
    {
      "auths": {
              "https://registry.cn-hangzhou.aliyuncs.com": {
              "username": "hi50040201@aliyun.com",
              "password": "V9rtCnt$f",
              "email": "huang.li@free-sun.com.cn",
              "auth": "aGk1MDA0MDIwMUBhbGl5dW4uY29tOlY5cnRDbnQkZg=="
          }
      }
    }    

使用

kind: Deployment
apiVersion: apps/v1
metadata:
  name: api-anxincloud
  namespace: anxincloud
  labels:
    app: api-anxincloud
spec:
  replicas: 3
  selector:
    matchLabels:
      app: api-anxincloud
  template:
    metadata:
      labels:
        app: api-anxincloud
    spec:
      containers:
        - name: api-anxincloud
          image: >-
                        registry.cn-hangzhou.aliyuncs.com/fs-cloud/anxinyun-web.api:179.21-12-15
          command:
            - node
            - server.js
          ports:
            - name: http-8080
              containerPort: 8080
              protocol: TCP
          envFrom:
            - configMapRef:
                name: cm-anxincloud
          imagePullPolicy: IfNotPresent
      restartPolicy: Always
      nodeSelector:
        app.type: web
      imagePullSecrets:
        - name: registry-secret

ConfigMap