一、Pod亲和性
pod亲和性的对象为Pod,目的是实现,新建Pod和目标Pod调度到一起,在同一个Node上。
示例:
1.部署一个nginx的pod
[root@aminglinux01 ~]# cat testpod01.yaml
apiVersion: v1
kind: Pod
metadata:name: testpod01labels:app: myapp01env: test1
spec:containers:- name: testpod01image: nginx:latest
[root@aminglinux01 ~]# 查看:
[root@aminglinux01 ~]# kubectl get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
testpod 1/1 Running 0 5d21h 10.18.206.236 aminglinux02 <none> <none>
testpod01 1/1 Running 0 23s 10.18.68.166 aminglinux03 <none> <none>2.部署一个redis pod,pod亲和性要求满足app=myapp01
[root@aminglinux01 ~]# cat testpod02.yaml
apiVersion: v1
kind: Pod
metadata:name: testpod02labels:app: myapp02env: test2
spec:affinity:podAffinity:requiredDuringSchedulingIgnoredDuringExecution: ##必须满足下面匹配规则- labelSelector:matchExpressions:- key: appoperator: Invalues:- myapp01 ## app=myapp01, 上面的Pod是符合要求的topologyKey: "kubernetes.io/hostname"containers:- name: testpod02image: redis:7.2.5
[root@aminglinux01 ~]#
[root@aminglinux01 ~]# kubectl apply -f testpod02.yaml
pod/testpod02 created
[root@aminglinux01 ~]# kubectl get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
testpod01 1/1 Running 0 95m 10.18.68.166 aminglinux03 <none> <none>
testpod02 1/1 Running 0 23s 10.18.68.162 aminglinux03 <none> <none>
[root@aminglinux01 ~]# kubectl get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
testpod01 1/1 Running 0 96m app=myapp01,env=test1
testpod02 1/1 Running 0 82s app=myapp02,env=test2二、Pod反亲和性
目的是实现,新建Pod和目标Pod不要调度到一
起,不在同一个Node上。
示例:
[root@aminglinux01 ~]# cat testpod03.yaml
apiVersion: v1
kind: Pod
metadata:name: testpod03labels: ##### Label是自定义的一些key/value对,你可以随心所欲的设置。app: myapp03env: test3
spec:containers:- name: testpod03image: nginx:latest
[root@aminglinux01 ~]# kubectl apply -f testpod03.yaml
pod/testpod03 created
[root@aminglinux01 ~]# kubectl get pod testpod03 -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
testpod03 1/1 Running 0 55s 10.18.206.235 aminglinux02 <none> <none>
[root@aminglinux01 ~]#
新建一个pod,反亲和性条件:app=myapp03
[root@aminglinux01 ~]# cat testpod04.yaml
apiVersion: v1
kind: Pod
metadata:name: testpod04labels:app: myapp04env: test4
spec:affinity:podAntiAffinity:requiredDuringSchedulingIgnoredDuringExecution: ##必须满足下面匹配规则- labelSelector:matchExpressions:- key: appoperator: Invalues:- myapp03 ## app=myapp03, 上面的Pod是符合要求的topologyKey: "kubernetes.io/hostname"containers:- name: testpod04image: registry.cn-hangzhou.aliyuncs.com/daliyused/redis:7.2.5
[root@aminglinux01 ~]# kubectl get pod testpod04 -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
testpod04 1/1 Running 0 99s 10.18.68.164 aminglinux03 <none> <none>
[root@aminglinux01 ~]# kubectl get pod testpod03 -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
testpod03 1/1 Running 0 10m 10.18.206.235 aminglinux02 <none> <none>
[root@aminglinux01 ~]#
[root@aminglinux01 ~]# kubectl get pod testpod03 --show-labels
NAME READY STATUS RESTARTS AGE LABELS
testpod03 1/1 Running 0 12m app=myapp03,env=test3
[root@aminglinux01 ~]# kubectl get pod testpod04 --show-labels
NAME READY STATUS RESTARTS AGE LABELS
testpod04 1/1 Running 0 4m1s app=myapp04,env=test4
[root@aminglinux01 ~]# 三、污点与容忍度
通俗说法:
node(衣服):我踏马的身上有污点(taint)
pod(没有配置容忍度):我去,我有洁癖,那个node穿不了(不能被调度)。
pod(配置容忍度):我擦,我忍了,脏我也穿(可以被调度)!
pod(容忍度和污点不对):挖槽,这污点位置我忍不了(不能被调度)!
污点(Taint)针对节点来说,和节点亲和性正好相对,节点亲和性使Pod被吸引到一类特定的节点,而污点则使节点能够排斥一类特定的Pod。
容忍度(Toleration)应用于Pod上,它用来允许调度器调度带有对应污点的节点。 容忍度允许调度但并不保证调度:作为其功能的一部分, 调度器也会评估其他参数。
污点和容忍度(Toleration)相互配合,可以避免Pod被分配到不合适的节点上。 每个节点上都可以应用一个或多个污点,这表示对于那些不能容忍这些污点的Pod, 是不会被该节点接受的。
设置污点命令格式:
kubectl taint node [node] key=value:[effect] ###其中[effect] 可取值:NoSchedule | PreferNoSchedule |NoExecute ] ###taint中的key=value和toleration中的key=value有关联。
NoSchedule :一定不能被调度,已经在运行中的Pod不受影响。
PreferNoSchedule:尽量不要调度,实在没有节点可调度再调度到此节点。
NoExecute:不仅不会调度,还会驱逐Node上已有的Pod。
清除污点命令格式:
kubectl taint node [node] key:[effect]-
示例:
kubectl taint node aminglinux02 name=aming:NoSchedule
[root@aminglinux01 ~]# kubectl taint node aminglinux02 name=aming:NoSchedule
node/aminglinux02 tainted
[root@aminglinux01 ~]# kubectl describe node aminglinux02 | grep Taint
Taints: name=aming:NoSchedule
[root@aminglinux01 ~]#
查看污点:
kubectl describe node aminglinux02 | grep Taints -A 10
[root@aminglinux01 ~]# kubectl describe node aminglinux02 | grep Taints -A 10
Taints: name=aming:NoSchedule
Unschedulable: false
Lease:HolderIdentity: aminglinux02AcquireTime: <unset>RenewTime: Tue, 16 Jul 2024 01:07:26 +0800
Conditions:Type Status LastHeartbeatTime LastTransitionTime Reason Message---- ------ ----------------- ------------------ ------ -------NetworkUnavailable False Mon, 15 Jul 2024 02:01:48 +0800 Mon, 15 Jul 2024 02:01:48 +0800 CalicoIsUp Calico is running on this nodeMemoryPressure False Tue, 16 Jul 2024 01:07:10 +0800 Fri, 05 Jul 2024 03:00:29 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available
[root@aminglinux01 ~]#
设置容忍度的几种规则:
1)完全匹配
tolerations:
- key: "taintKey" #和污点的key名字保持一致
operator: "Equal" #匹配类型,Equal表示匹配污点的所有值
value: "taintValue" #和污点key的值保持一致
effect: "NoSchedule" #污点类型
说明:
Pod 的 Toleration 声明中的key和effect需要与Taint的设置保持一致。
Operator如果设置为Equal,则key和value,要和Taint的设置保持一致。
2)不完全匹配
tolerations:
- key: "taintKey" #和污点的key名字保持一致
operator: "Exists" #匹配类型,只要符合污点设置的key即可
effect: "NoSchedule" #污点的类型
说明:
Operator如果设置为Exists,则不需要指定value,只看key名字
3)大范围匹配
tolerations:
- key: "taintKey" #和污点的key名字保持一致
operator: "Exists"
说明:
如果不设置effect,则只需要看key名字即可,不管Taint里的effect设置为什么都会匹配到
4)匹配所有
tolerations:
- operator: "Exists" ####operator的值为 Exists,这是无需指定value,operator的值为Equal并且value相等,如果不指定operator,则默认为Equal。
说明:
如果省略key和effect,则匹配所有Taint, 在k8s中的daemonsets资源默认情况下是容忍所有污点的。
驱逐延缓时间设置
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoExecute"
tolerationSeconds: 3600
说明:
如果这个Pod 正在运行,那么Pod还将继续在节点上运行3600秒,然后被驱逐。 如果在此之前上述污点被删除了,则Pod不会被驱逐。
完整Pod YAML示例:
[root@aminglinux01 ~]# cat toleration.yaml
apiVersion: v1
kind: Pod
metadata:name: nglabels:env: dev
spec:containers:- name: ngimage: nginx:latesttolerations:- key: nameoperator: Exists #匹配类型,只要符合污点设置的key即可effect: NoSchedule #污点的类型:一定不能被调度
[root@aminglinux01 ~]# kubectl apply -f toleration.yaml
pod/ng created
[root@aminglinux01 ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ng 1/1 Running 0 31s 10.18.68.168 aminglinux03 <none> <none>案例一:
aminglinux02和aminglinux03设置污点,pod不配置容忍度,可以看到,ng pod一直处于pending无法被调度到任何node上。
[root@aminglinux01 ~]# kubectl describe node aminglinux02 | grep Taint
Taints: name=aming:NoSchedule
[root@aminglinux01 ~]# kubectl describe node aminglinux03 | grep Taint
Taints: name=aming:NoSchedule
[root@aminglinux01 ~]# kubectl get pod ng -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ng 0/1 Pending 0 19s <none> <none> <none> <none>
[root@aminglinux01 ~]# cat toleration.yaml
apiVersion: v1
kind: Pod
metadata:name: nglabels:env: dev
spec:containers:- name: ngimage: nginx:latest
# tolerations:
# - key: name
# operator: Exists #匹配类型,只要符合污点设置的key即可
# effect: NoSchedule #污点的类型:一定不能被调度
[root@aminglinux01 ~]# 案例二:
aminglinux02设置污点,aminglinux03不设置污点,pod不配置容忍度,可以看到,ng pod一直被调度到aminglinux03 node上。
[root@aminglinux01 ~]# kubectl taint node aminglinux03 name:NoSchedule-
node/aminglinux03 untainted
[root@aminglinux01 ~]# kubectl describe node aminglinux02 | grep Taint
Taints: name=aming:NoSchedule
[root@aminglinux01 ~]# kubectl describe node aminglinux03 | grep Taint
Taints: <none>
[root@aminglinux01 ~]#
[root@aminglinux01 ~]# kubectl apply -f toleration.yaml
pod/ng created
[root@aminglinux01 ~]# kubectl get pod ng -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ng 1/1 Running 0 4s 10.18.68.167 aminglinux03 <none> <none>
[root@aminglinux01 ~]#
案例三:
aminglinux02不设置污点,aminglinux03设置污点,pod不配置容忍度,可以看到,ng pod一直被调度到aminglinux02 node上。
[root@aminglinux01 ~]# kubectl delete -f toleration.yaml
pod "ng" deleted
[root@aminglinux01 ~]# kubectl taint node aminglinux02 name:NoSchedule-
node/aminglinux02 untainted
[root@aminglinux01 ~]# kubectl taint node aminglinux03 name=aming:NoSchedule
node/aminglinux03 tainted
[root@aminglinux01 ~]# kubectl describe node aminglinux02 | grep Taint
Taints: <none>
[root@aminglinux01 ~]# kubectl describe node aminglinux03 | grep Taint
Taints: name=aming:NoSchedule
[root@aminglinux01 ~]# kubectl apply -f toleration.yaml
pod/ng created
[root@aminglinux01 ~]# kubectl get pod ng -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ng 1/1 Running 0 6s 10.18.206.240 aminglinux02 <none> <none>
[root@aminglinux01 ~]#
案例四
aminglinux02不设置污点,aminglinux03设置污点,pod配置容忍度,可以看到,ng pod一直被调度到aminglinux03 node上。
[root@aminglinux01 ~]# cat toleration.yaml
apiVersion: v1
kind: Pod
metadata:name: nglabels:env: dev
spec:containers:- name: ngimage: nginx:latesttolerations:- key: nameoperator: Exists #匹配类型,只要符合污点设置的key即可effect: NoSchedule #污点的类型:一定不能被调度
[root@aminglinux01 ~]# kubectl describe node aminglinux02 | grep Taint
Taints: <none>
[root@aminglinux01 ~]# kubectl describe node aminglinux03 | grep Taint
Taints: name=aming:NoSchedule
[root@aminglinux01 ~]# kubectl get pod ng -owide
Error from server (NotFound): pods "ng" not found
[root@aminglinux01 ~]# kubectl apply -f toleration.yaml
pod/ng created
[root@aminglinux01 ~]# kubectl get pod ng -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ng 0/1 ContainerCreating 0 2s <none> aminglinux03 <none> <none>
[root@aminglinux01 ~]#
案例五:
aminglinux02不设置污点,aminglinux03设置新的污点,pod配置容忍度,可以看到,ng pod一直被调度到aminglinux02 node上。
[root@aminglinux01 ~]# kubectl taint node aminglinux03 name:NoSchedule-
node/aminglinux03 untainted
[root@aminglinux01 ~]# kubectl delete -f toleration.yaml
pod "ng" deleted
[root@aminglinux01 ~]# kubectl taint node aminglinux03 yeyunyi=jiayou:NoSchedule
node/aminglinux03 tainted
[root@aminglinux01 ~]# kubectl describe node aminglinux02 | grep Taint
Taints: <none>
[root@aminglinux01 ~]# kubectl describe node aminglinux03 | grep Taint
Taints: yeyunyi=jiayou:NoSchedule
[root@aminglinux01 ~]# kubectl apply -f toleration.yaml
pod/ng created
[root@aminglinux01 ~]# kubectl get pod ng -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ng 1/1 Running 0 5s 10.18.206.238 aminglinux02 <none> <none>
[root@aminglinux01 ~]#
案例四和案例五可以看出:设置容忍度的pod即可以部署在有对应污点的node上,也可以部署在没有污点的node上。
四、API资源对象PV和PVC
存储持久化相关三个概念:
-
PersistentVolume(PV)
是对具体存储资源的描述,比如NFS、Ceph、GlusterFS等,通过PV可以访问到具体的存储资源;
-
PersistentVolumeClaim(PVC)
Pod想要使用具体的存储资源需要对接到PVC,PVC里会定义好Pod希望使用存储的属性,通过PVC再去申请合适的存储资源(PV),匹配到合适的资源后PVC和PV会进行绑定,它们两者是一一对应的;
-
StorageClass(SC)
PV可以手动创建,也可以自动创建,当PV需求量非常大时,如果靠手动创建PV就非常麻烦了,SC可以实现自动创建PV,并且会将PVC和PV绑定。
SC会定义两部分内容:
① pv的属性,比如存储类型、大小;
② 创建该PV需要用到的存储插件(provisioner),这个provisioner是实现自动创建PV
的关键。
1)PV YAML示例:
vi testpv.yaml
[root@aminglinux01 ~]# cat testpv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:name: testpv
spec:storageClassName: test-storage #定义存储类名称,PV和PVC中都会有该字段,目的是为了方便两者匹配绑定在一起accessModes: #定义该pv的访问权限模式- ReadWriteOncecapacity: #定义该存储的大小storage: 500Mi ##提供500Mi空间hostPath: #定义该存储访问路径,指本地的磁盘path: /tmp/testpv/
[root@aminglinux01 ~]#
说明:
storageClassName: 定义存储类名称,PV和PVC中都会有该字段,目的是为了方便两者匹配绑定在一起
accessModes定义该pv的访问权限模式,有三种:
- ReadWriteOnce:存储卷可读可写,但只能被一个节点上的 Pod 挂载;
- ReadOnlyMany:存储卷只读不可写,可以被任意节点上的 Pod 多次挂载;
- ReadWriteMany:存储卷可读可写,也可以被任意节点上的 Pod 多次挂载;
capacity 定义该存储大小。
hostPath 定义该存储访问路径,这里指的是本地的磁盘。
2)PVC YAML示例:
vi testpvc.yaml
[root@aminglinux01 ~]# cat testpvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: testpvc
spec:storageClassName: test-storageaccessModes:- ReadWriteOnceresources:requests:storage: 100Mi ##期望申请100Mi空间
[root@aminglinux01 ~]# 应用pv和pvc的YAML
kubectl apply -f testpv.yaml -f testpvc.yaml
[root@aminglinux01 ~]# kubectl apply -f testpv.yaml -f testpvc.yaml
persistentvolume/testpv created
persistentvolumeclaim/testpvc unchanged
[root@aminglinux01 ~]#
查看状态
kubectl get pv,pvc
[root@aminglinux01 ~]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4 500Mi RWX Delete Bound default/redis-pvc-redis-sts-0 nfs-client 6d23h
pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d 500Mi RWX Delete Bound default/redis-pvc-redis-sts-1 nfs-client 6d23h
testpv 500Mi RWO Retain Bound default/testpvc test-storage 2m52s
[root@aminglinux01 ~]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
redis-pvc-redis-sts-0 Bound pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4 500Mi RWX nfs-client 6d23h
redis-pvc-redis-sts-1 Bound pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d 500Mi RWX nfs-client 6d23h
testpvc Bound testpv 500Mi RWO test-storage 4m40s
[root@aminglinux01 ~]#
实验:
将testpvc的期望100Mi改为1000Mi,查看PV的STATUS。由于pv只有500M存储空间,而pvc需求1000M,因而pv和pvc未进行绑定。
[root@aminglinux01 ~]# cat testpvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: testpvc
spec:storageClassName: test-storageaccessModes:- ReadWriteOnceresources:requests:storage: 1000Mi ##期望申请1000Mi空间
[root@aminglinux01 ~]#
[root@aminglinux01 ~]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4 500Mi RWX Delete Bound default/redis-pvc-redis-sts-0 nfs-client 6d23h
pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d 500Mi RWX Delete Bound default/redis-pvc-redis-sts-1 nfs-client 6d23h
testpv 500Mi RWO Retain Released default/testpvc test-storage 22m
[root@aminglinux01 ~]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
redis-pvc-redis-sts-0 Bound pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4 500Mi RWX nfs-client 7d
redis-pvc-redis-sts-1 Bound pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d 500Mi RWX nfs-client 6d23h
testpvc Pending test-storage 26s
[root@aminglinux01 ~]#
3)PV和PVC匹配规则
PV创建好后,会等待PVC与其进行绑定,PVC一旦找到合适的PV就会绑定。如果有多个
PV时,PVC又是如何匹配PV的呢?它有如下一些规则:
① 访问模式和存储类匹配:Kubernetes会筛选出访问模式(accessModes)和存储类
(storageClassName)与PVC相匹配的PV。如果没有匹配的PV,PVC将保持未绑定状
态。
② 资源大小:在满足访问模式和存储类匹配的PV中,Kubernetes会选择资源大小大于或等于PVC请求大小的PV。
③ 最佳匹配:在满足访问模式、存储类和资源大小的PV中,Kubernetes会选择资源大小最接近PVC请求大小的PV。如果有多个PV具有相同的资源大小,Kubernetes会选择其中一个进行绑定。
④ 避免重复绑定:一个PV在任何时候只能被一个PVC绑定。一旦PV被绑定到一个PVC,它将不再可用于其他PVC。
五、本地存储
上一个章节的PV YAML示例,就是本地存储。本地存储类型的PV是Kubernetes中一种比较特殊的持久化存储,它允许将节点上的本地磁盘或目录用作PV。与其他PV类型(例如NFS、Ceph或云存储)不同,本地存储类型的PV直接使用节点上的存储资源,因此具有更低的延迟和更高的性能。使用本地存储类型的PV时,需注意以下几个关键点:
- 节点特性:本地存储类型的PV与特定的节点绑定,因为它直接使用节点上的存储资源。
nodeAffinity: ##定义节点亲和性
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node-name
数据持久性:由于本地存储类型的PV与特定节点关联,当该节点发生故障时,存储在PV中的数据可能无法访问。因此,在使用本地存储类型的PV时,请确保采取适当的数据备份策略,以防止节点故障导致的数据丢失。
调度限制:Pod使用本地存储类型的Persistent Volume Claim(PVC)时,Kubernetes会尝试将Pod调度到关联PV的节点上。如果节点上的资源不足以运行Pod,Pod将无法启动。因此,在使用本地存储类型的PV时,请确保关联的节点有足够的资源来运行Pod。
回收策略:当PVC被删除时,PV的回收策略将决定如何处理关联的本地存储。对于本地存储类型的PV,建议使用Retain或Delete回收策略。Retain策略表示保留存储和数据,以便手动清理和管理;Delete策略表示删除存储和数据。需要注意的是,Recycle策略并不适用于本地存储类型的PV。
persistentVolumeReclaimPolicy: Retain
完整示例:
首先,确保在每个要使用本地存储的节点上创建一个本地目录。例如,在节点上创建/mnt/local-storage目录:
mkdir -p /mnt/local-storage
[root@aminglinux01 ~]# cat local-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:name: local-pvlabels:type: local
spec:storageClassName: local-storagecapacity:storage: 5GiaccessModes:- ReadWriteOnce ###只允许一个pod调用persistentVolumeReclaimPolicy: Retain ###pvc删除时,pv保留local:path: /mnt/local-storagenodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostname #这是内置的节点标签,表示节点的主机名operator: Invalues:- aminglinux02 #只有aminglinux02这个主机节点才满足要求
[root@aminglinux01 ~]# 应用PV资源配置文件:
kubectl apply -f local-pv.yaml
再创建一个PVC资源配置文件,例如local-pvc.yaml:
[root@aminglinux01 ~]# cat local-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: local-pvc
spec:storageClassName: local-storageaccessModes:- ReadWriteOnceresources:requests:storage: 5Gi
[root@aminglinux01 ~]# 应用PVC资源配置文件:
kubectl apply -f local-pvc.yaml
最后,创建一个Pod资源配置文件,例如local-pod.yaml:
[root@aminglinux01 ~]# cat local-pod.yaml
apiVersion: v1
kind: Pod
metadata:name: local-pod
spec:containers:- name: local-containerimage: nginx:latestvolumeMounts:- name: local-storagemountPath: /data ###pod容器中的路径volumes:- name: local-storagepersistentVolumeClaim:claimName: local-pvc
[root@aminglinux01 ~]#
应用Pod资源配置文件:
kubectl apply -f local-pod.yaml
现在,local-pod中的local-container已经挂载了本地存储。所有写入/data目录的数据都
将持久化在本地存储中。
[root@aminglinux01 ~]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
local-pv 5Gi RWO Retain Bound default/local-pvc local-storage 7m26s
pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4 500Mi RWX Delete Bound default/redis-pvc-redis-sts-0 nfs-client 7d1h
pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d 500Mi RWX Delete Bound default/redis-pvc-redis-sts-1 nfs-client 7d1h
testpv 500Mi RWO Retain Released default/testpvc test-storage 108m
[root@aminglinux01 ~]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
local-pvc Bound local-pv 5Gi RWO local-storage 5m44s
redis-pvc-redis-sts-0 Bound pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4 500Mi RWX nfs-client 7d1h
redis-pvc-redis-sts-1 Bound pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d 500Mi RWX nfs-client 7d1h
testpvc Pending test-storage 86m
[root@aminglinux01 ~]#
[root@aminglinux01 ~]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
local-pvc Bound local-pv 5Gi RWO local-storage 5m44s
redis-pvc-redis-sts-0 Bound pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4 500Mi RWX nfs-client 7d1h
redis-pvc-redis-sts-1 Bound pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d 500Mi RWX nfs-client 7d1h
testpvc Pending test-storage 86m
[root@aminglinux01 ~]# kubectl describe pod local-pod
Name: local-pod
Namespace: default
Priority: 0
Service Account: default
Node: aminglinux02/192.168.100.152
Start Time: Tue, 16 Jul 2024 05:37:53 +0800
Labels: <none>
Annotations: cni.projectcalico.org/containerID: 8cefb4100134b8e4e2d401cbb0814f54ed737ebf99673756b4246425e5b34c07
cni.projectcalico.org/podIP: 10.18.206.241/32
cni.projectcalico.org/podIPs: 10.18.206.241/32
Status: Running
IP: 10.18.206.241
IPs:
IP: 10.18.206.241
Containers:
local-container:
Container ID: containerd://5ead7482e4a9496fec3a082d69d9230790c51d94bc8cfd41871905d6b7ac0ec6
Image: nginx:latest
Image ID: docker.io/library/nginx@sha256:67682bda769fae1ccf5183192b8daf37b64cae99c6c3302650f6f8bf5f0f95df
Port: <none>
Host Port: <none>
State: Running
Started: Tue, 16 Jul 2024 05:37:56 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/data from local-storage (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-khcjt (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
local-storage:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: local-pvc
ReadOnly: false
kube-api-access-khcjt:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m44s default-scheduler Successfully assigned default/local-pod to aminglinux02
Normal Pulling 3m42s kubelet Pulling image "nginx:latest"
Normal Pulled 3m40s kubelet Successfully pulled image "nginx:latest" in 2.132145172s (2.132150411s including waiting)
Normal Created 3m40s kubelet Created container local-container
Normal Started 3m40s kubelet Started container local-container
[root@aminglinux01 ~]#
测试本地存储
[root@aminglinux02 ~]# mkdir -p /mnt/local-storage
[root@aminglinux02 ~]# echo 1111 > /mnt/local-storage/1.txt
[root@aminglinux02 ~]# cat /mnt/local-storage/1.txt
1111
[root@aminglinux02 ~]#
[root@aminglinux01 ~]# kubectl exec -it local-pod -- cat /data/1.txt
1111
[root@aminglinux01 ~]# 必须保证pod永远在同一个节点上,保证pod重启在同一个节点能够挂载本地存储,因而一定要做nodeAffinity。
详解)
)
)
)
