学无止境

KNOWLEDGE HAS NO LIMIT

0%

k8s数据卷

发表于 分类于 Valine:
本文字数: 4.4k 阅读时长 ≈ 4 分钟

k8s根据官网指引学习Kubernetes 文档 | Kubernetes

容器部署避免不了文件映射或者磁盘挂载

持久卷(Persistent Volumes)

单节点配置(多节点会报错找不到路径)

host-path

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 10
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - name: tz-config
          mountPath: /usr/share/nginx/html/index3.html
      volumes:
        - name: tz-config
          hostPath:
            path: /root/k8s/app/nginx/test/index2.html

local-storage

1
2
3
4
5
6
7
8
9
10
11
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: example-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: local-storage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
apiVersion: v1
kind: PersistentVolume
metadata:
  name: example-pv
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Delete
  storageClassName: local-storage
  local:
    path: /root/k8s/app/test
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - k8s-master # 会把pod都创建在这个节点上
        #  - k8s-node # 会报错, /root/k8s/app/test路径不存在

多节点(常用nfs)

投射卷(Projected Volumes)

所有的卷源都要求处于 Pod 所在的同一个名字空间内

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
apiVersion: v1
kind: Pod
metadata:
  name: volume-test
spec:
  containers:
  - name: container-test
    image: busybox:1.28
    volumeMounts:
    - name: all-in-one
      mountPath: "/projected-volume"
      readOnly: true
  volumes:
  - name: all-in-one
    projected:
      sources:
      - secret:
          name: mysecret
          items:
            - key: username
              path: my-group/my-username
      - downwardAPI:
          items:
            - path: "labels"
              fieldRef:
                fieldPath: metadata.labels
            - path: "cpu_limit"
              resourceFieldRef:
                containerName: container-test
                resource: limits.cpu
      - configMap:
          name: myconfigmap
          items:
            - key: config
              path: my-group/my-config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
apiVersion: v1
kind: Pod
metadata:
  name: volume-test
spec:
  containers:
  - name: container-test
    image: busybox:1.28
    volumeMounts:
    - name: all-in-one
      mountPath: "/projected-volume"
      readOnly: true
  volumes:
  - name: all-in-one
    projected:
      sources:
      - secret:
          name: mysecret
          items:
            - key: username
              path: my-group/my-username
      - secret:
          name: mysecret2
          items:
            - key: password
              path: my-group/my-password
              mode: 511

minio部署

docker方式部署

1
docker run -p 9000:9000 -p 9090:9090 --name minio  -d --restart=always  -e "MINIO_ACCESS_KEY=minio"  -e "MINIO_SECRET_KEY=minio123"  -v D:/devtools/docker/minio/data:/data   -v D:/devtools/docker/minio/config:/root/.minio  minio/minio:latest  server /data --console-address ":9090" -address ":9000"

k8s部署

minio-dev.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# Deploys a new Namespace for the MinIO Pod
apiVersion: v1
kind: Namespace
metadata:
  name: minio-dev # Change this value if you want a different namespace name
  labels:
    name: minio-dev # Change this value to match metadata.name
---
# Deploys a new MinIO Pod into the metadata.namespace Kubernetes namespace
#
# The `spec.containers[0].args` contains the command run on the pod
# The `/data` directory corresponds to the `spec.containers[0].volumeMounts[0].mountPath`
# That mount path corresponds to a Kubernetes HostPath which binds `/data` to a local drive or volume on the worker node where the pod runs
# 
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: minio
  name: minio
  namespace: minio-dev # Change this value to match the namespace metadata.name
spec:
  containers:
  - name: minio
    image: quay.io/minio/minio:latest
    command:
    - /bin/bash
    - -c
    args: 
    - minio server /data --console-address :9090
    volumeMounts:
    - mountPath: /data
      name: localvolume # Corresponds to the `spec.volumes` Persistent Volume
  nodeSelector:
    kubernetes.io/hostname: k8s-master # 选择部署的节点主机名
  volumes:
  - name: localvolume
    hostPath: # MinIO generally recommends using locally-attached volumes
      path: /mnt/disk1/data # Specify a path to a local drive or volume on the Kubernetes worker node
      type: DirectoryOrCreate # The path to the last directory must exist

使用kubectl proxy代理

1
kubectl port-forward pod/minio 9000 9090 -n minio-dev --address 0.0.0.0

浏览器访问http://192.168.56.109:9090/默认账号密码minioadmin/minioadmin

通过 Kustomization 安装 MinIO Operator

1
2
3
4
yum install git 
git clone https://github.com/minio/operator.git
kubectl kustomize operator | kubectl apply -f -
kubectl get pods -n minio-operator

将控制台UI的service改成nodePort类型并应用

resources/base/console-ui.yaml 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
spec:
  ports:
    - name: http
      protocol: TCP
      port: 9090
      targetPort: 9090
      nodePort: 30080
    - name: https
      protocol: TCP
      port: 9443
      targetPort: 9443
      nodePort: 30869
  selector:
    app: console
  type: NodePort

使用ip:30080访问控制台

获取jwt令牌

1
2
SA_TOKEN=$(kubectl -n minio-operator  get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode)
echo $SA_TOKEN

安装DirectPV

相关文章
赏口饭吃吧!