1. emptyDir 示例
kubectl explain pods.spec.volumes # 查看支持的 volume 类型
vim emptydir-demo.yaml # 创建 YAML 文件apiVersion: v1
kind: Pod
metadata:
name: emptydir-demo
spec:
containers:
- name: c1
image: nginx:latest
volumeMounts:
- mountPath: /messages
name: data
args:
- /bin/sh
- -c
- echo "hello world" > /messages/hello; sleep 30000
- name: c2
image: nginx:latest
volumeMounts:
- mountPath: /messages
name: data
args:
- /bin/sh
- -c
- cat /messages/hello; sleep 30000
volumes:
- name: data
emptyDir: {}kubectl create -f emptydir-demo.yaml
kubectl get pod -o wide
kubectl get pod emptydir-demo -o json2. hostPath 示例
vim hostPath.yamlapiVersion: v1
kind: Pod
metadata:
name: hostpath-demo
spec:
containers:
- image: nginx
name: test-container
volumeMounts:
- mountPath: /data
name: test-volume
volumes:
- name: test-volume
hostPath:
path: /root/datakubectl create -f hostPath.yaml
kubectl get pods -o wide3. NFS 示例
在所有节点执行:
rpm -q rpcbind nfs-utils || yum install rpcbind nfs-utils -y
systemctl start nfs
systemctl enable --now nfs-server.service配置共享目录并导出:
mkdir -p /data/dsk1
vim /etc/exports
# 添加行:
/data/dsk1 *(rw,sync,no_root_squash)
exportfs -rv
showmount -e在 Node 节点手动挂载测试:
mkdir -p /nfs-client-share
mount <IP>:/data/dsk1 /nfs-client-share
df -Th | grep nfs-client-share定义 Pod 使用 NFS:
vim nfs-volume.yamlapiVersion: v1
kind: Pod
metadata:
name: nfspathpod
labels:
name: nfsdemo
role: master
spec:
containers:
- name: c1
image: nginx
volumeMounts:
- name: nfs-storage
mountPath: /nfs/
volumes:
- name: nfs-storage
nfs:
path: /data/dsk1
server: <IP>kubectl create -f nfs-volume.yaml
kubectl get pods -o wide4. Secret 示例
文件方式:
echo -n "admin" > username.txt
echo -n "d5eeff42" > password.txt
kubectl create secret generic db-secret --from-file=./username.txt --from-file=./password.txtYAML 文件方式:
vim db-secret.yamlapiVersion: v1
kind: Secret
metadata:
name: db-secret
type: Opaque
data:
username: YWRtaW4=
password: ZDVlZWZmNDI=kubectl create -f db-secret.yaml使用 Secret 挂载到 Pod:
vim test-secret.yamlapiVersion: v1
kind: Pod
metadata:
name: test-secret
labels:
name: test-secret
role: master
spec:
containers:
- name: test-secret
image: nginx
volumeMounts:
- name: secret
mountPath: /home/iron/secret
readonly: true
volumes:
- name: secret
secret:
secretName: db-secretkubectl create -f test-secret.yaml
kubectl exec -it test-secret -c test-secret -- ls /home/iron/secret
kubectl exec -it test-secret -c test-secret -- cat /home/iron/secret/username.txt5. iSCSI 示例
客户端节点:
yum install iscsi-initiator-utils -y
systemctl start iscsid
systemctl enable iscsid服务端节点:
yum install targetcli -y
systemctl start target
systemctl enable target创建 Pod 使用 iSCSI 卷:
vim iscsipod.yamlapiVersion: v1
kind: Pod
metadata:
name: iscsipd
spec:
containers:
- name: iscsipd-rw
image: kubernetes/pause
volumeMounts:
- mountPath: "/mnt/iscsipd"
name: iscsipd-rw
volumes:
- name: iscsipd-rw
iscsi:
targetPortal: <IP>:3260
portals: ['<IP>:3260']
iqn: iqn.2001-04.com.example:storage.kube.sys1.xyz
lun: 1
fsType: ext4
readonly: truekubectl apply -f iscsipod.yaml
kubectl describe pod iscsipd
lsscsi # 在节点上查看挂载是否成功