Volumes
Volumes are wanted to retailer knowledge inside a container or share knowledge amongst different containers.
All volumes requested by a Pod have to be mounted earlier than the containers inside the Pod are began. This is applicable additionally to secrets and techniques and configmaps.
Shared Quantity
Under yow will discover a pattern of the best way to create a shared quantity.
However bear in mind that one container can overwrite the information that from the opposite container.
You should utilize locking or versioning to beat this matter.
containers:
- identify: firstcontainer
picture: busybox
volumeMounts:
- mountPath: /firstdir
identify: sharevol
- identify: secondcontainer
picture: busybox
volumeMounts:
- mountPath: /seconddir
identify: sharevol
volumes:
- identify: sharevol
emptyDir: {}
$ kubectl exec -ti instance -c secondcontainer -- contact /seconddir/bla
$ kubectl exec -ti instance -c firstcontainer -- ls -l /firstdir
Persistent Quantity – PV
This can be a storage abstraction used to maintain knowledge even when the Pods is killed. Within the Pods you outline a quantity of that sort.kubectl get pv
Pattern of a PV with hostPath Kind
type: PersistentVolume
apiVersion: v1
metadata:
identify: 10Gpv01
labels:
sort: native
spec:
capability:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/somepath/data01"
Persistent Quantity Declare – PVC
With the PVC volumes may be accessed by a number of pods and permit state persistency.
The cluster attaches the Persistent Quantity.
There is no such thing as a concurrency checking, so knowledge corruption is possible except locking takes place exterior.
There are 3 entry modes for the PVC:
- RWO – ReadWriteOnce by a single node
- ROX – ReadOnlyMany by a number of nodes
- RWX – ReadWriteMany by many nodes
kubectl get pvc
Phases to persistent storage
- Provisioning: Could be performed prematurely, ie sources from a cloud supplier
- Binding: As soon as a watch loop on grasp notices a PVC it requests the entry.
- Utilizing: The amount is mounted to the Pod and may now be used.
- Releasing: When the pod is down, the PVC is deleted. The resident knowledge stays relying on the
persitenVolumReclaimPolicy - Reclaiming:
You may have three choices: Retain, Delete, Recycle
Empty Dir
The kubelet creates an emptyDir. It’s going to create the listing within the container however not mount any storage. The info written to that storage just isn’t persistent, as will probably be deleted when the Pod is deleted.
apiVersion: v1
type: Pod
metadata:
identify: pattern
namespace: default
spec:
containers:
- picture: pattern
identify: pattern
command:
- sleep
- "3600"
volumeMounts:
- mountPath: /sample-mount
identify: sample-volume
volumes:
- identify: sample-volume
emptyDir: {}
Different Quantity sorts
GCEpersistenDisk and awsElsaticBlockStore
You possibly can mount your GCE or your EBS into your Pods.
hostPath
This mounts a useful resource from the host node filesystem. The useful resource have to be already prematurely to be able to be used.
- DirectoryOrCreate
- FileOrCreate
and plenty of extra
NFS – Community File System
iSCSI – Web Small Laptop System Interface
RBD (RADOS Block Gadget) – RBD is a block storage gadget that runs on prime of the Ceph distributed storage system. It permits you to create block units that may be mounted and used like an everyday disk. RBD is commonly utilized in virtualization environments, offering storage for digital machines.
CephFS – CephFS is a distributed file system constructed on prime of the Ceph storage system.
GlusterFS – open-source, distributed file system that may scale out to petabytes of storage. It really works by aggregating varied storage sources throughout nodes right into a single, world namespace.
Dynamic Provisioning
With the sort StorageClass, a person can request a declare, which the API Server fills by way of auto-provisioning. Widespread selections for dynamic storage are AWS and GCE.
Pattern for gce:
apiVersion: storage.k8s.io/v1
type: StorageClass
metadata:
identify: you-name-it
provisioner: kubernetes.io/gce-pd
parameters:
sort: pd-ssd
ConfigMaps
This sort of storage is used to retailer delicate knowledge, that doesn’t should be encoded, however shouldn’t be saved inside the software itself.
Utilizing configmaps we are able to decouple the container picture from the configuration artifacts.
If configmaps are marked as “optionally available” they do not should be mounted earlier than a pod desires to make use of them.
They are often consumed in varied methods:
- Pod environmental variables from single or a number of ConfigMaps
- Use ConfigMap values in Pod instructions
- Populate Quantity from ConfigMap
- Add ConfigMap knowledge to a particular path in Quantity
- Set file names and entry mode in Quantity from ConfigMap knowledge
- Can be utilized by system parts and controllers.
Create a Configmap from literal:kubectl create cm yourcm --from-literal yoursecret=topsecret
Create a Configmap from a file:kubectl -f your-cm.yaml create
Pattern ConfigMap:
apiVersion: v1
knowledge:
yoursecret: topsecret
degree: "3"
type: ConfigMap
metadata:
identify: yourcm
learn the configmapkubectl get configmap yourcm -o yaml
Secrets and techniques
This sort of storage is used to retailer delicate knowledge, that must be encoded.
A Secret in Kubernetes is base64-encoded by default.
If you wish to encrypt secrets and techniques, it’s important to create a EncryptionConfiguration.
There is no such thing as a restrict to the variety of secrets and techniques, however there’s a 1MB restrict to their dimension.
Secrets and techniques are saved within the tmpfs storage on the host node and are solely despatched to the host operating Pod.
Secret as an environmental variable
kubectl get secrets and techniqueskubectl create secret generic --helpkubectl create secret generic mysecret --from-literal=password=supersecret
spec:
containers:
-image: yourimage
identify: yourcontainername
env:
- identify: ROOT_PASSWORD
valueFrom:
secretKeyRef:
identify: yoursecret
key: password
Mounting secrets and techniques as volumes
spec:
containers:
- picture: busybox
identify: busy
command:
- sleep
- "3600"
volumeMounts:
- mountPath: /mysqlpassword
identify: mysql
volumes:
- identify: mysql
secret:
secretName: mysql
Confirm that the key is offered in thte container:kubectl exec -ti busybox -- cat /mysqlpassword/password
Additional studying:
https://trainingportal.linuxfoundation.org/learn/course/kubernetes-for-developers-lfd259/
Volumes on Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/
Ceph: https://ubuntu.com/ceph/what-is-ceph
