我从 gcePersistentDisk 创建了一个 Kubernetes 只读多持久卷,如下所示:
apiVersion: v1
kind: PersistentVolume
metadata:
name: ferret-pv-1
spec:
capacity:
storage: 500Gi
accessModes:
- ReadOnlyMany
persistentVolumeReclaimPolicy: Retain
gcePersistentDisk:
pdName: data-1
partition: 1
fsType: ext4
它从现有的 gcePersistentDisk 分区创建持久卷,该分区上已经有一个 ext4 文件系统:
$ kubectl get pv
NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM REASON AGE
ferret-pv-1 500Gi ROX Retain Bound default/ferret-pvc 5h
然后我创建一个 Kubernetes 只读多持久卷声明,如下所示:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: ferret-pvc
spec:
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 500Gi
它绑定(bind)到我在上面创建的只读 PV:
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESSMODES AGE
ferret-pvc Bound ferret-pv-1 500Gi ROX 5h
然后,我使用刚刚创建的 PVC 创建一个包含 2 个副本的 Kubernetes 部署,如下所示:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: ferret2-deployment
spec:
replicas: 2
template:
metadata:
labels:
name: ferret2
spec:
containers:
- image: us.gcr.io/centered-router-102618/ferret2
name: ferret2
ports:
- name: fjds
containerPort: 1004
hostPort: 1004
volumeMounts:
- name: ferret-pd
mountPath: /var/ferret
readOnly: true
volumes:
- name: ferret-pd
persistentVolumeClaim:
claimName: ferret-pvc
部署已创建:
$ kubectl get deployments
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
ferret2-deployment 2 2 2 1 4h
但是,当我从部署中查看相应的两个 pod 时,只有第一个出现:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
ferret2-deployment-1336109949-2rfqd 1/1 Running 0 4h
ferret2-deployment-1336109949-yimty 0/1 ContainerCreating 0 4h
查看没有出现的第二个 pod:
$ kubectl describe pod ferret2-deployment-1336109949-yimty
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
4h 1m 128 {kubelet gke-sim-cluster-default-pool-e38a7605-kgdu} Warning FailedMount Unable to mount volumes for pod "ferret2-deployment-1336109949-yimty_default(d1393a2d-9fc9-11e6-a873-42010a8a009e)": timeout expired waiting for volumes to attach/mount for pod "ferret2-deployment-1336109949-yimty"/"default". list of unattached/unmounted volumes=[ferret-pd]
4h 1m 128 {kubelet gke-sim-cluster-default-pool-e38a7605-kgdu} Warning FailedSync Error syncing pod, skipping: timeout expired waiting for volumes to attach/mount for pod "ferret2-deployment-1336109949-yimty"/"default". list of unattached/unmounted volumes=[ferret-pd]
4h 55s 145 {controller-manager } Warning FailedMount Failed to attach volume "ferret-pv-1" on node "gke-sim-cluster-default-pool-e38a7605-kgdu" with: googleapi: Error 400: The disk resource 'data-1' is already being used by 'gke-sim-cluster-default-pool-e38a7605-fyx4'
它拒绝启动第二个 pod,因为它认为第一个 pod 独占了 PV。但是,当我登录到第一个声明 PV 的 pod 时,我看到它已将卷安装为只读:
$ kubectl exec -ti ferret2-deployment-1336109949-2rfqd -- bash
root@ferret2-deployment-1336109949-2rfqd:/opt/ferret# mount | grep ferret
/dev/sdb1 on /var/ferret type ext4 (ro,relatime,data=ordered)
我是否遗漏了有关在使用相同 PVC 的部署中跨多个 Pod 安装 PV 只读的内容?该磁盘未被任何其他容器挂载。由于它以只读方式安装在第一个 pod 上,因此我预计部署中的第二个和任何其他副本在声明/安装它时没有问题。另外 - 我如何让 ReadWriteOnce 正常工作以及如何指定哪个 pod 安装卷 rw?
最佳答案
PV/PVC 访问方式仅用于绑定(bind) PV/PVC。
在您的 pod 模板中,确保您设置了 spec.volumes.persistentVolumeClaim.readOnly至true .这可确保卷以只读模式附加。
同样在您的 pod 模板中,确保您设置了 spec.containers.volumeMounts[x].readOnly为真。这确保卷以只读模式安装。
此外,由于您正在预先配置您的 PV。确保设置为 claimRef字段,以确保没有其他 PVC 意外绑定(bind)到它。见 https://stackoverflow.com/a/34323691
关于kubernetes - 无法跨 n 个部署副本挂载只读 Kubernetes 持久卷,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40354536/