EKS 训练营-存储卷 EBS(10)

EKS 训练营-存储卷 EBS(10)

介绍

默认部署出来的 Pod 都是无状态的，pod 消亡里面的所有内容自动消亡，针对例如数据库场景（如 MySQL），这显然行不通。本章动手实验内容，我们以 Amazon EBS（Elastic Block Store）为例，演示如何在 Pod 里面把数据写入到 EBS 上，作为持久化存储（ PersisitentVolume ）而不需要担心存储数据随着 Pod 消亡而丢失。

部署 EBS CSI 驱动

在 EKS 平台上，有个开源的组件 EBS Container Storage Interface (CSI) driver 支持把 EBS 附加到 Pod上 使用，所以，我们需要先安装这个组件。

1.配置 CSI 策略

mkdir ~/environment/ebs_csi_driver && cd ~/environment/ebs_csi_driver curl -o ebs-cni-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/v0.9.0/docs/example-iam-policy.json aws iam create-policy \ --region eu-west-1 \ --policy-name Amazon_EBS_CSI_Driver \ --policy-document file://ebs-cni-policy.json

2.配置 IAM 角色和 SA 匹配

我们后面创建的 pod ebs-csi-controller 默认的 serviceAccount 就是ebs-csi-controller-sa，因为需要这个 CSI 来创建 EBS 卷，所以我们把附有权限的 serviceAccount 提前创建好。

eksctl create iamserviceaccount --cluster my-cluster \ --name ebs-csi-controller-sa \ --namespace kube-system \ --attach-policy-arn arn:aws:iam::921283538843:policy/Amazon_EBS_CSI_Driver \ --override-existing-serviceaccounts \ --approve

3.部署 EBS CSI 驱动

部署方式非常简单

kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"

部署内容如下

Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply serviceaccount/ebs-csi-controller-sa configured serviceaccount/ebs-csi-node-sa created serviceaccount/ebs-snapshot-controller created role.rbac.authorization.k8s.io/ebs-snapshot-controller-leaderelection created clusterrole.rbac.authorization.k8s.io/ebs-external-attacher-role created clusterrole.rbac.authorization.k8s.io/ebs-external-provisioner-role created clusterrole.rbac.authorization.k8s.io/ebs-external-resizer-role created clusterrole.rbac.authorization.k8s.io/ebs-external-snapshotter-role created clusterrole.rbac.authorization.k8s.io/ebs-snapshot-controller-role created rolebinding.rbac.authorization.k8s.io/ebs-snapshot-controller-leaderelection created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-attacher-binding created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-provisioner-binding created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-resizer-binding created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-snapshot-controller-binding created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-snapshotter-binding created deployment.apps/ebs-csi-controller created statefulset.apps/ebs-snapshot-controller created poddisruptionbudget.policy/ebs-csi-controller created poddisruptionbudget.policy/ebs-snapshot-controller created daemonset.apps/ebs-csi-node created csidriver.storage.k8s.io/ebs.csi.aws.com created

动态卷配置

1.创建 StorageClass

通过 K8s 的 Dynamic Volume Provisioning 可以按需的给 Pod 挂载存储卷组。在把存储卷组挂载到 Pod 之前，需要先定义 StorageClass。

定义一个 yaml 文件 storageclass.yml。

wget StorageClass apiVersion: storage.k8s.io/v1 metadata: name: ebs-sc provisioner: ebs.csi.aws.com volumeBindingMode: WaitForFirstConsumer

部署并查看

kubectl create -f ~/environment/ebs_csi_driver/storageclass.yaml kubectl describe storageclass ebs-sc

2.创建 PVC

下载 yaml 文件

wget v1 kind: PersistentVolumeClaim metadata: name: ebs-claim spec: accessModes: - ReadWriteOnce storageClassName: ebs-sc resources: requests: storage: 4Gi

部署并查看

kubectl create -f ~/environment/ebs_csi_driver/claim.yaml kubectl describe pvc ebs-claim

3.创建 Pod

下载 yaml 文件

wget v1 kind: Pod metadata: name: app spec: containers: - name: app image: centos command: ["/bin/sh"] args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"] volumeMounts: - name: persistent-storage mountPath: /data volumes: - name: persistent-storage persistentVolumeClaim: claimName: ebs-claim

部署并查看

kubectl create -f ~/environment/ebs_csi_driver/pod.yaml kubectl get pvc ebs-claim kubectl get pv

# pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE ebs-claim Bound pvc-40b0637e-c371-4bed-8745-55cea195d931 4Gi RWO ebs-sc 3m23s # pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pvc-40b0637e-c371-4bed-8745-55cea195d931 4Gi RWO Delete Bound default/ebs-claim ebs-sc 24s

4.验证

验证 pod 已经把数据写入了存储卷里面

kubectl exec -it app cat /data/out.txt

欢迎大家扫码关注，获取更多信息

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。