# 介绍 默认部署出来的 Pod 都是无状态的，pod 消亡里面的所有内容自动消亡，针对例如数据库场景（如 MySQL），这显然行不通。本章动手实验内容，我们以 Amazon EBS（Elastic Block Store）为例，演示如何在 Pod 里面把数据写入到 EBS 上，作为持久化存储（ [PersisitentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) ）而不需要担心存储数据随着 Pod 消亡而丢失。 # 部署 EBS CSI 驱动 在 EKS 平台上，有个开源的组件 [EBS Container Storage Interface (CSI) driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) 支持把 EBS 附加到 Pod上 使用，所以，我们需要先安装这个组件。 ## 1.配置 CSI 策略 ```bash mkdir ~/environment/ebs_csi_driver && cd ~/environment/ebs_csi_driver curl -o ebs-cni-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/v0.9.0/docs/example-iam-policy.json aws iam create-policy \ --region eu-west-1 \ --policy-name Amazon_EBS_CSI_Driver \ --policy-document file://ebs-cni-policy.json ``` ## 2.配置 IAM 角色和 SA 匹配 我们后面创建的 pod `ebs-csi-controller` 默认的 serviceAccount 就是`ebs-csi-controller-sa`，因为需要这个 CSI 来创建 EBS 卷，所以我们把附有权限的 serviceAccount 提前创建好。 ```bash eksctl create iamserviceaccount --cluster my-cluster \ --name ebs-csi-controller-sa \ --namespace kube-system \ --attach-policy-arn arn:aws:iam::921283538843:policy/Amazon_EBS_CSI_Driver \ --override-existing-serviceaccounts \ --approve ``` ## 3.部署 EBS CSI 驱动 部署方式非常简单 ```bash kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master" ``` 部署内容如下 ```bash Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply serviceaccount/ebs-csi-controller-sa configured serviceaccount/ebs-csi-node-sa created serviceaccount/ebs-snapshot-controller created role.rbac.authorization.k8s.io/ebs-snapshot-controller-leaderelection created clusterrole.rbac.authorization.k8s.io/ebs-external-attacher-role created clusterrole.rbac.authorization.k8s.io/ebs-external-provisioner-role created clusterrole.rbac.authorization.k8s.io/ebs-external-resizer-role created clusterrole.rbac.authorization.k8s.io/ebs-external-snapshotter-role created clusterrole.rbac.authorization.k8s.io/ebs-snapshot-controller-role created rolebinding.rbac.authorization.k8s.io/ebs-snapshot-controller-leaderelection created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-attacher-binding created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-provisioner-binding created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-resizer-binding created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-snapshot-controller-binding created clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-snapshotter-binding created deployment.apps/ebs-csi-controller created statefulset.apps/ebs-snapshot-controller created poddisruptionbudget.policy/ebs-csi-controller created poddisruptionbudget.policy/ebs-snapshot-controller created daemonset.apps/ebs-csi-node created csidriver.storage.k8s.io/ebs.csi.aws.com created ``` # 动态卷配置 ## 1.创建 StorageClass 通过 K8s 的 [Dynamic Volume Provisioning](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) 可以按需的给 Pod 挂载存储卷组。在把存储卷组挂载到 Pod 之前，需要先定义 [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/#aws-ebs)。 定义一个 yaml 文件 `storageclass.yml`。 ```bash wget https://github.com/kubernetes-sigs/aws-ebs-csi-driver/raw/master/examples/kubernetes/dynamic-provisioning/specs/storageclass.yaml ``` 内容如下： ```yaml kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: ebs-sc provisioner: ebs.csi.aws.com volumeBindingMode: WaitForFirstConsumer ``` 部署并查看 ```bash kubectl create -f ~/environment/ebs_csi_driver/storageclass.yaml kubectl describe storageclass ebs-sc ``` ## 2.创建 PVC 下载 yaml 文件 ```bash wget https://github.com/kubernetes-sigs/aws-ebs-csi-driver/raw/master/examples/kubernetes/dynamic-provisioning/specs/claim.yaml ``` 其内容如下 ```yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ebs-claim spec: accessModes: - ReadWriteOnce storageClassName: ebs-sc resources: requests: storage: 4Gi ``` 部署并查看 ```bash kubectl create -f ~/environment/ebs_csi_driver/claim.yaml kubectl describe pvc ebs-claim ``` ## 3.创建 Pod 下载 yaml 文件 ```bash wget https://github.com/kubernetes-sigs/aws-ebs-csi-driver/raw/master/examples/kubernetes/dynamic-provisioning/specs/pod.yaml ``` 其内容如下 ```yaml apiVersion: v1 kind: Pod metadata: name: app spec: containers: - name: app image: centos command: ["/bin/sh"] args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"] volumeMounts: - name: persistent-storage mountPath: /data volumes: - name: persistent-storage persistentVolumeClaim: claimName: ebs-claim ``` 部署并查看 ```bash kubectl create -f ~/environment/ebs_csi_driver/pod.yaml kubectl get pvc ebs-claim kubectl get pv ``` ```bash # pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE ebs-claim Bound pvc-40b0637e-c371-4bed-8745-55cea195d931 4Gi RWO ebs-sc 3m23s # pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pvc-40b0637e-c371-4bed-8745-55cea195d931 4Gi RWO Delete Bound default/ebs-claim ebs-sc 24s ``` ## 4.验证 验证 pod 已经把数据写入了存储卷里面 ```bash kubectl exec -it app cat /data/out.txt ``` # 欢迎大家扫码关注，获取更多信息