EKS 训练营-存储卷 EBS(10)
# 介绍
默认部署出来的 Pod 都是无状态的,pod 消亡里面的所有内容自动消亡,针对例如数据库场景(如 MySQL),这显然行不通。本章动手实验内容,我们以 Amazon EBS(Elastic Block Store)为例,演示如何在 Pod 里面把数据写入到 EBS 上,作为持久化存储( [PersisitentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) )而不需要担心存储数据随着 Pod 消亡而丢失。
# 部署 EBS CSI 驱动
在 EKS 平台上,有个开源的组件 [EBS Container Storage Interface (CSI) driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) 支持把 EBS 附加到 Pod上 使用,所以,我们需要先安装这个组件。
## 1.配置 CSI 策略
```bash
mkdir ~/environment/ebs_csi_driver && cd ~/environment/ebs_csi_driver
curl -o ebs-cni-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/v0.9.0/docs/example-iam-policy.json
aws iam create-policy \
--region eu-west-1 \
--policy-name Amazon_EBS_CSI_Driver \
--policy-document file://ebs-cni-policy.json
```
## 2.配置 IAM 角色和 SA 匹配
我们后面创建的 pod `ebs-csi-controller` 默认的 serviceAccount 就是`ebs-csi-controller-sa`,因为需要这个 CSI 来创建 EBS 卷,所以我们把附有权限的 serviceAccount 提前创建好。
```bash
eksctl create iamserviceaccount --cluster my-cluster \
--name ebs-csi-controller-sa \
--namespace kube-system \
--attach-policy-arn arn:aws:iam::921283538843:policy/Amazon_EBS_CSI_Driver \
--override-existing-serviceaccounts \
--approve
```
## 3.部署 EBS CSI 驱动
部署方式非常简单
```bash
kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master"
```
部署内容如下
```bash
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/ebs-csi-controller-sa configured
serviceaccount/ebs-csi-node-sa created
serviceaccount/ebs-snapshot-controller created
role.rbac.authorization.k8s.io/ebs-snapshot-controller-leaderelection created
clusterrole.rbac.authorization.k8s.io/ebs-external-attacher-role created
clusterrole.rbac.authorization.k8s.io/ebs-external-provisioner-role created
clusterrole.rbac.authorization.k8s.io/ebs-external-resizer-role created
clusterrole.rbac.authorization.k8s.io/ebs-external-snapshotter-role created
clusterrole.rbac.authorization.k8s.io/ebs-snapshot-controller-role created
rolebinding.rbac.authorization.k8s.io/ebs-snapshot-controller-leaderelection created
clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-attacher-binding created
clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-provisioner-binding created
clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-resizer-binding created
clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-snapshot-controller-binding created
clusterrolebinding.rbac.authorization.k8s.io/ebs-csi-snapshotter-binding created
deployment.apps/ebs-csi-controller created
statefulset.apps/ebs-snapshot-controller created
poddisruptionbudget.policy/ebs-csi-controller created
poddisruptionbudget.policy/ebs-snapshot-controller created
daemonset.apps/ebs-csi-node created
csidriver.storage.k8s.io/ebs.csi.aws.com created
```
# 动态卷配置
## 1.创建 StorageClass
通过 K8s 的 [Dynamic Volume Provisioning](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) 可以按需的给 Pod 挂载存储卷组。在把存储卷组挂载到 Pod 之前,需要先定义 [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/#aws-ebs)。
定义一个 yaml 文件 `storageclass.yml`。
```bash
wget https://github.com/kubernetes-sigs/aws-ebs-csi-driver/raw/master/examples/kubernetes/dynamic-provisioning/specs/storageclass.yaml
```
内容如下:
```yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
```
部署并查看
```bash
kubectl create -f ~/environment/ebs_csi_driver/storageclass.yaml
kubectl describe storageclass ebs-sc
```
## 2.创建 PVC
下载 yaml 文件
```bash
wget https://github.com/kubernetes-sigs/aws-ebs-csi-driver/raw/master/examples/kubernetes/dynamic-provisioning/specs/claim.yaml
```
其内容如下
```yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ebs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
resources:
requests:
storage: 4Gi
```
部署并查看
```bash
kubectl create -f ~/environment/ebs_csi_driver/claim.yaml
kubectl describe pvc ebs-claim
```
## 3.创建 Pod
下载 yaml 文件
```bash
wget https://github.com/kubernetes-sigs/aws-ebs-csi-driver/raw/master/examples/kubernetes/dynamic-provisioning/specs/pod.yaml
```
其内容如下
```yaml
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: centos
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: ebs-claim
```
部署并查看
```bash
kubectl create -f ~/environment/ebs_csi_driver/pod.yaml
kubectl get pvc ebs-claim
kubectl get pv
```
```bash
# pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
ebs-claim Bound pvc-40b0637e-c371-4bed-8745-55cea195d931 4Gi RWO ebs-sc 3m23s
# pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-40b0637e-c371-4bed-8745-55cea195d931 4Gi RWO Delete Bound default/ebs-claim ebs-sc 24s
```
## 4.验证
验证 pod 已经把数据写入了存储卷里面
```bash
kubectl exec -it app cat /data/out.txt
```
# 欢迎大家扫码关注,获取更多信息
![](https://imgs.wzlinux.com/wechat/wechat-8.jpg)