CKA Lesson 06: K8S Storage

原文内容：https://gitee.com/dev-99cloud/training-kubernetes ，在此基础上有新增。

Lesson 06: K8S Storage

6.1 什么是 ConfigMap & Secret？

• ConfigMap

  • 参考：Configure a Pod to Use a ConfigMap
  • 参考：Configuring Redis using a ConfigMap

  apiVersion: v1
  kind: ConfigMap
  metadata:
    name: example
  data:
    example.property.1: hello
    example.property.2: world
    example.property.file: |-
      property.1=value-1
      property.2=value-2
      property.3=value-3
  

  apiVersion: v1
  kind: Pod
  metadata:
    name: configmap-demo-pod
  spec:
    containers:
      - name: nginx
        image: nginx
        env:
          - name: TEST1
            valueFrom:
              configMapKeyRef:
                name: example
                key: example.property.2
        volumeMounts:
        - name: config
          mountPath: "/config"
          readOnly: true
    volumes:
      - name: config
        configMap:
          name: example
  

  root@ckamaster003:~# kubectl exec -it configmap-demo-pod /bin/sh
  
  # env | grep TEST
  TEST1=world
  
  # ls /config
  example.property.1  example.property.2	example.property.file
  

• Secret

  Secret 和 ConfigMap 都用于配置，但 Secret 会对内容编码或加密

  # 创建两个 secret
  kubectl create secret generic prod-db-secret --from-literal=username=produser --from-literal=password=Y4nys7f11
  kubectl create secret generic test-db-secret --from-literal=username=testuser --from-literal=password=iluvtests
  
  # 创建两个 pod，分别将上述的 secret 映射到 pod 中，作为配置文件
  cat <<EOF > pod.yaml
  apiVersion: v1
  kind: List
  items:
  - kind: Pod
    apiVersion: v1
    metadata:
      name: prod-db-client-pod
      labels:
        name: prod-db-client
    spec:
      volumes:
      - name: secret-volume
        secret:
          secretName: prod-db-secret
      containers:
      - name: db-client-container
        image: nginx
        volumeMounts:
        - name: secret-volume
          readOnly: true
          mountPath: "/etc/secret-volume"
  - kind: Pod
    apiVersion: v1
    metadata:
      name: test-db-client-pod
      labels:
        name: test-db-client
    spec:
      volumes:
      - name: secret-volume
        secret:
          secretName: test-db-secret
      containers:
      - name: db-client-container
        image: nginx
        volumeMounts:
        - name: secret-volume
          readOnly: true
          mountPath: "/etc/secret-volume"
  EOF
  
  cat <<EOF >> kustomization.yaml
  resources:
  - pod.yaml
  EOF
  
  kubectl apply -k .
  

  然后登录到容器中，可以看到 secret 被映射成文件

  [root@k8slab001 ~]# kubectl exec -it prod-db-client-pod -- sh
  
  # cd /etc/secret-volume
  # ls
  password  username
  # cat password
  Y4nys7f11
  
  # cat username
  produser
  
  # exit
  

  参考：https://kubernetes.io/zh-cn/docs/concepts/configuration/secret/#use-case-as-container-environment-variables，将 secret 映射成 pod 中的环境变量

6.2 什么是 PV / PVC？

• Types of Volumes
• Persistent Volumes
• Configure a Pod to Use a Volume for Storage
• Configure a Pod to Use a PersistentVolume for Storage，注意 hostpath 对应到 node 上的路径，要看好 pod 跑在哪个 node 上，最好事先 taint slave node，或者 node select 指定 pod 跑在 master 上，这样就没问题了。

6.3 什么是 Storage Class？

• Storage Classes
• Dynamic Volume Provisioning
  • NFS storage class
  • Dynamic Local 实验
  • NFS 实验

6.4 实验：ConfigMap / Secret / PV & PVC / StorageClass