所有文档

          容器引擎 CCE

          使用对象存储BOS

          准备工作

          用户做好以下准备,才能在容器中挂载BOS实例。

          创建Bucket

          1. 创建BOS Bucket,操作步骤请参考创建bucket

          注意: 创建的bos bucket和挂载点须和集群节点在同一vpc/子网内。

          创建容器集群

          1. 创建一个容器集群,操作步骤参考创建集群
          2. 下载命令行客户端kubectl,并连接集群,操作步骤参考[通过kubectl连接Kubernetes集群](CCE/操作指南/集群管理/通过 kubectl 连接集群.md)。

          注意:K8S集群版本>=1.11

          操作指南

          部署存储插件

          k8s 1.13 集群

          1.在集群中部署以下资源,kubectl apply -f bosplugin-all-in-one.yaml,bosplugin-all-in-one.yaml的内容如下:

          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
            name: csinodeinfos.csi.storage.k8s.io
            labels:
              addonmanager.kubernetes.io/mode: Reconcile
          spec:
            group: csi.storage.k8s.io
            names:
              kind: CSINodeInfo
              plural: csinodeinfos
            scope: Cluster
            validation:
              openAPIV3Schema:
                properties:
                  spec:
                    description: Specification of CSINodeInfo
                    properties:
                      drivers:
                        description: List of CSI drivers running on the node and their specs.
                        type: array
                        items:
                          properties:
                            name:
                              description: The CSI driver that this object refers to.
                              type: string
                            nodeID:
                              description: The node from the driver point of view.
                              type: string
                            topologyKeys:
                              description: List of keys supported by the driver.
                              items:
                                type: string
                              type: array
                  status:
                    description: Status of CSINodeInfo
                    properties:
                      drivers:
                        description: List of CSI drivers running on the node and their statuses.
                        type: array
                        items:
                          properties:
                            name:
                              description: The CSI driver that this object refers to.
                              type: string
                            available:
                              description: Whether the CSI driver is installed.
                              type: boolean
                            volumePluginMechanism:
                              description: Indicates to external components the required mechanism
                                to use for any in-tree plugins replaced by this driver.
                              pattern: in-tree|csi
                              type: string
            version: v1alpha1
          ---
          apiVersion: v1
          kind: ServiceAccount
          metadata:
            name: csi-external-runner
            namespace: kube-system
          
          ---
          kind: ClusterRole
          apiVersion: rbac.authorization.k8s.io/v1
          metadata:
            name: external-runner
          rules:
            - apiGroups: [""]
              resources: ["events"]
              verbs: ["get", "list", "watch", "update"]
            - apiGroups: [""]
              resources: ["persistentvolumes"]
              verbs: ["get", "list", "watch", "update"]
            - apiGroups: [""]
              resources: ["nodes"]
              verbs: ["get", "list", "watch"]
            - apiGroups: ["storage.k8s.io"]
              resources: ["volumeattachments"]
              verbs: ["get", "list", "watch", "update"]
            - apiGroups: [""]
              resources: ["namespaces"]
              verbs: ["get", "list"]
            - apiGroups: ["storage.k8s.io"]
              resources: ["storageclasses"]
              verbs: ["get", "list", "watch"]
            - apiGroups: ["csi.storage.k8s.io"]
              resources: ["csidrivers"]
              verbs: ["create", "delete", "get", "list", "watch"]
            - apiGroups: ["apiextensions.k8s.io"]
              resources: ["*"]
              verbs: ["create", "list", "watch"]
          ---
          kind: ClusterRoleBinding
          apiVersion: rbac.authorization.k8s.io/v1
          metadata:
            name: csi-role-binding
          subjects:
            - kind: ServiceAccount
              name: csi-external-runner
              namespace: kube-system
          roleRef:
            kind: ClusterRole
            name: external-runner
            apiGroup: rbac.authorization.k8s.io
          
          ---
          kind: Role
          apiVersion: rbac.authorization.k8s.io/v1
          metadata:
            namespace: kube-system
            name: external-runner-cfg
          rules:
            - apiGroups: [""]
              resources: ["configmaps"]
              verbs: ["get", "watch", "list", "delete", "update", "create"]
          
          ---
          kind: RoleBinding
          apiVersion: rbac.authorization.k8s.io/v1
          metadata:
            name: csi-role-cfg
            namespace: kube-system
          subjects:
            - kind: ServiceAccount
              name: csi-external-runner
              namespace: kube-system
          roleRef:
            kind: Role
            name: external-runner-cfg
            apiGroup: rbac.authorization.k8s.io
          
          ---
          kind: DaemonSet
          apiVersion: apps/v1
          metadata:
            name: csi-bosplugin
            namespace: kube-system
          spec:
            selector:
              matchLabels:
                app: csi-bosplugin
            template:
              metadata:
                labels:
                  app: csi-bosplugin
              spec:
                serviceAccount: csi-external-runner
                priorityClassName: system-node-critical
                hostNetwork: true
                containers:
                  - name: cluster-driver-registrar
                    resources:
                      requests:
                        cpu: 20m
                        memory: 20Mi
                      limits:
                        cpu: 200m
                        memory: 200Mi
                    image: hub.baidubce.com/jpaas-public/cluster-driver-registrar:latest-1.13
                    args:
                      - "--v=5"
                      - "--csi-address=$(ADDRESS)"
                      - "--driver-requires-attachment=false"
                    env:
                      - name: ADDRESS
                        value: /var/lib/kubelet/plugins/csi-bosplugin/csi.sock
                      - name: KUBE_NODE_NAME
                        valueFrom:
                          fieldRef:
                            fieldPath: spec.nodeName
                    lifecycle:
                      preStop:
                        exec:
                          command: ["/bin/sh", "-c", "rm -rf /registration/csi-bosplugin-reg.sock"]
                    imagePullPolicy: "Always"
                    volumeMounts:
                      - name: socket-dir
                        mountPath: /var/lib/kubelet/plugins/csi-bosplugin
                  - name: driver-registrar
                    resources:
                      requests:
                        cpu: 20m
                        memory: 20Mi
                      limits:
                        cpu: 200m
                        memory: 200Mi
                    image: hub.baidubce.com/jpaas-public/driver-registrar:latest-1.13
                    args:
                      - "--v=5"
                      - "--csi-address=$(ADDRESS)"
                      - "--kubelet-registration-path=$(ADDRESS)"
                    env:
                      - name: ADDRESS
                        value: /var/lib/kubelet/plugins/csi-bosplugin/csi.sock
                      - name: KUBE_NODE_NAME
                        valueFrom:
                          fieldRef:
                            fieldPath: spec.nodeName
                    imagePullPolicy: "Always"
                    volumeMounts:
                      - name: socket-dir
                        mountPath: /var/lib/kubelet/plugins/csi-bosplugin
                      - name: reg-dir
                        mountPath: /registration
                  - name: csi-bosplugin
                    resources:
                      requests:
                        cpu: 20m
                        memory: 20Mi
                      limits:
                        cpu: 200m
                        memory: 200Mi
                    securityContext:
                      privileged: true
                      capabilities:
                        add: ["SYS_ADMIN"]
                      allowPrivilegeEscalation: true
                    image: hub.baidubce.com/jpaas-public/bosplugin:latest-1.13
                    args :
                      - "--nodeid=$(NODE_ID)"
                      - "--endpoint=$(CSI_ENDPOINT)"
                      - "--v=5"
                      - "--drivername=csi-bosplugin"
                    env:
                      - name: NODE_ID
                        valueFrom:
                          fieldRef:
                            fieldPath: spec.nodeName
                      - name: CSI_ENDPOINT
                        value: unix://var/lib/kubelet/plugins/csi-bosplugin/csi.sock
                    imagePullPolicy: "Always"
                    volumeMounts:
                      - name: cloud-config
                        mountPath: /etc/kubernetes
                      - name: socket-dir
                        mountPath: /var/lib/kubelet/plugins/csi-bosplugin
                      - name: pods-mount-dir
                        mountPath: /var/lib/kubelet/pods
                        mountPropagation: "Bidirectional"
                      - name: pods-mount-dir-data
                        mountPath: /data/kubelet/pods
                        mountPropagation: "Bidirectional"
                      - name: pods-mount-dir-mnt
                        mountPath: /mnt/kubelet/pods
                        mountPropagation: "Bidirectional"
                      - mountPath: /sys
                        name: host-sys
                      - name: lib-modules
                        mountPath: /lib/modules
                        readOnly: true
                      - name: host-dev
                        mountPath: /dev
                volumes:
                  - name: cloud-config
                    hostPath:
                      path: /etc/kubernetes
                  - name: reg-dir
                    hostPath:
                      path: /var/lib/kubelet/plugins_registry
                      type: DirectoryOrCreate
                  - name: pods-mount-dir
                    hostPath:
                      path: /var/lib/kubelet/pods
                      type: Directory
                  - name: pods-mount-dir-data
                    hostPath:
                      path: /data/kubelet/pods
                      type: DirectoryOrCreate
                  - name: pods-mount-dir-mnt
                    hostPath:
                      path: /mnt/kubelet/pods
                      type: DirectoryOrCreate
                  - name: socket-dir
                    hostPath:
                      path: /var/lib/kubelet/plugins/csi-bosplugin
                      type: DirectoryOrCreate
                  - name: host-sys
                    hostPath:
                      path: /sys
                  - name: lib-modules
                    hostPath:
                      path: /lib/modules
                  - name: host-dev
                    hostPath:
                      path: /dev

          k8s 1.16集群

          1.在集群中部署以下资源,kubectl apply -f bosplugin-all-in-one.yaml,bosplugin-all-in-one.yaml的内容如下:

          apiVersion: storage.k8s.io/v1beta1
          kind: CSIDriver
          metadata:
            name: csi-bosplugin
          spec:
            attachRequired: false
            podInfoOnMount: false
            volumeLifecycleModes:
              - Persistent
          
          ---
          
          apiVersion: v1
          kind: ServiceAccount
          metadata:
            name: csi-external-runner
            namespace: kube-system
          
          ---
          kind: ClusterRole
          apiVersion: rbac.authorization.k8s.io/v1
          metadata:
            name: csi-bosplugin
          rules:
            - apiGroups: [""]
              resources: ["nodes"]
              verbs: ["get", "list", "update"]
            - apiGroups: [""]
              resources: ["namespaces"]
              verbs: ["get", "list"]
            - apiGroups: [""]
              resources: ["persistentvolumes"]
              verbs: ["get", "list", "watch", "update"]
            - apiGroups: ["storage.k8s.io"]
              resources: ["volumeattachments"]
              verbs: ["get", "list", "watch", "update"]
          ---
          kind: ClusterRoleBinding
          apiVersion: rbac.authorization.k8s.io/v1
          metadata:
            name: csi-bosplugin
          subjects:
            - kind: ServiceAccount
              name: csi-external-runner
              namespace: kube-system
          roleRef:
            kind: ClusterRole
            name: csi-bosplugin
            apiGroup: rbac.authorization.k8s.io
          
          ---
          apiVersion: apps/v1
          kind: DaemonSet
          metadata:
            name: csi-bosplugin
            namespace: kube-system
          spec:
            selector:
              matchLabels:
                app: csi-bosplugin
            template:
              metadata:
                labels:
                  app: csi-bosplugin
              spec:
                containers:
                  - args:
                      - --v=5
                      - --csi-address=$(ADDRESS)
                      - --kubelet-registration-path=$(ADDRESS)
                    env:
                      - name: ADDRESS
                        value: /var/lib/kubelet/plugins/csi-bosplugin/csi.sock
                      - name: KUBE_NODE_NAME
                        valueFrom:
                          fieldRef:
                            apiVersion: v1
                            fieldPath: spec.nodeName
                    image: hub.baidubce.com/cce/csi-node-driver-registrar:latest-1.16
                    imagePullPolicy: Always
                    name: csi-node-driver-registrar
                    resources:
                      requests:
                        cpu: 20m
                        memory: 20Mi
                      limits:
                        cpu: 200m
                        memory: 200Mi
                    lifecycle:
                      preStop:
                        exec:
                          command:
                            - /bin/sh
                            - -c
                            - rm -rf /registration/csi-bosplugin-reg.sock
                    volumeMounts:
                      - mountPath: /var/lib/kubelet/plugins/csi-bosplugin
                        name: socket-dir
                      - mountPath: /registration
                        name: reg-dir
                  - args:
                      - --nodeid=$(NODE_ID)
                      - --endpoint=$(CSI_ENDPOINT)
                      - --v=5
                      - --drivername=csi-bosplugin
                    env:
                      - name: NODE_ID
                        valueFrom:
                          fieldRef:
                            apiVersion: v1
                            fieldPath: spec.nodeName
                      - name: CSI_ENDPOINT
                        value: unix://var/lib/kubelet/plugins/csi-bosplugin/csi.sock
                      - name: SUPERVISOR_PROXY_ENDPOINT
                        value: unix:///var/run/supervisor-proxy/endpoint.sock
                    image: hub.baidubce.com/jpaas-public/bosplugin:latest-1.16-supervisor
                    imagePullPolicy: Always
                    name: csi-bosplugin
                    resources:
                      requests:
                        cpu: 20m
                        memory: 20Mi
                      limits:
                        cpu: 200m
                        memory: 200Mi
                    securityContext:
                      allowPrivilegeEscalation: true
                      capabilities:
                        add:
                          - SYS_ADMIN
                      privileged: true
                    volumeMounts:
                      - mountPath: /etc/kubernetes
                        name: cloud-config
                      - mountPath: /var/lib/kubelet/plugins/csi-bosplugin
                        name: socket-dir
                      - mountPath: /var/lib/kubelet/pods
                        mountPropagation: Bidirectional
                        name: pods-mount-dir
                      - mountPath: /data/kubelet/pods
                        mountPropagation: Bidirectional
                        name: pods-mount-dir-data
                      - mountPath: /mnt/kubelet/pods
                        mountPropagation: Bidirectional
                        name: pods-mount-dir-mnt
                      - mountPath: /sys
                        name: host-sys
                      - mountPath: /lib/modules
                        name: lib-modules
                        readOnly: true
                      - mountPath: /dev
                        name: host-dev
                      - mountPath: /var/run/supervisor-proxy
                        name: supervisor-proxy-sock-dir
                hostNetwork: true
                priorityClassName: system-node-critical
                restartPolicy: Always
                serviceAccount: csi-external-runner
                volumes:
                  - hostPath:
                      path: /etc/kubernetes
                      type: ""
                    name: cloud-config
                  - hostPath:
                      path: /var/lib/kubelet/plugins_registry
                      type: DirectoryOrCreate
                    name: reg-dir
                  - hostPath:
                      path: /var/lib/kubelet/pods
                      type: Directory
                    name: pods-mount-dir
                  - hostPath:
                      path: /data/kubelet/pods
                      type: DirectoryOrCreate
                    name: pods-mount-dir-data
                  - hostPath:
                      path: /mnt/kubelet/pods
                      type: DirectoryOrCreate
                    name: pods-mount-dir-mnt
                  - hostPath:
                      path: /var/lib/kubelet/plugins/csi-bosplugin
                      type: DirectoryOrCreate
                    name: socket-dir
                  - hostPath:
                      path: /sys
                      type: ""
                    name: host-sys
                  - hostPath:
                      path: /lib/modules
                      type: ""
                    name: lib-modules
                  - hostPath:
                      path: /dev
                      type: ""
                    name: host-dev
                  - name: supervisor-proxy-sock-dir
                    hostPath:
                      path: /var/run/supervisor-proxy
                      type: DirectoryOrCreate
          ---
          
          kind: DaemonSet
          apiVersion: apps/v1
          metadata:
            name: supervisor-proxy
            namespace: kube-system
          spec:
            selector:
              matchLabels:
                app: supervisor-proxy
            template:
              metadata:
                labels:
                  app: supervisor-proxy
              spec:
                hostNetwork: true
                containers:
                  - name: supervisord
                    image: hub.baidubce.com/jpaas-public/supervisor-proxy:latest-1.16
                    resources:
                      requests:
                        cpu: 50m
                        memory: 50Mi
                      limits:
                        cpu: 1000m
                        memory: 2048Mi
                    imagePullPolicy: Always
                    command:
                      - /bin/sh
                      - -c
                      - version=` + "`bosfs -v | grep bosfs | awk '{print $2}'`" + ` && mkdir -p /bosfs/bin/$version && mv -f /usr/local/bin/bosfs /bosfs/bin/$version/bosfs && ln -s /bosfs/bin/$version/bosfs /usr/local/bin/bosfs && supervisord --configuration=/etc/supervisord.conf --nodaemon
                    securityContext:
                      allowPrivilegeEscalation: true
                      capabilities:
                        add:
                          - SYS_ADMIN
                      privileged: true
                    volumeMounts:
                      - name: work-dir
                        mountPath: /run/supervisor-bosfs
                      - name: log-dir
                        mountPath: /log/supervisor-bosfs
                      - name: tmp-dir
                        mountPath: /tmp/supervisor-bosfs
                      - mountPath: /var/lib/kubelet/pods
                        mountPropagation: Bidirectional
                        name: pods-mount-dir
                      - mountPath: /data/kubelet/pods
                        mountPropagation: Bidirectional
                        name: pods-mount-dir-data
                      - mountPath: /mnt/kubelet/pods
                        mountPropagation: Bidirectional
                        name: pods-mount-dir-mnt
                      - mountPath: /sys
                        name: host-sys
                      - mountPath: /lib/modules
                        name: lib-modules
                        readOnly: true
                      - mountPath: /var/run/supervisor
                        name: supervisor-socket-dir
                      - mountPath: /etc/supervisord.d
                        name: supervisor-config-dir
                      - mountPath: /bosfs/bin
                        name: bosfs-binary-dir
                    lifecycle:
                      preStop:
                        exec:
                          command:
                            - /bin/sh
                            - -c
                            - rm -rf /var/run/supervisor/supervisor.sock
                  - name: supervisor-proxy
                    image: hub.baidubce.com/jpaas-public/supervisor-proxy:latest-1.16
                    resources:
                      requests:
                        cpu: 20m
                        memory: 20Mi
                      limits:
                        cpu: 200m
                        memory: 200Mi
                    imagePullPolicy: Always
                    command:
                      - /supervisor-proxy
                    args:
                      - -endpoint=/var/run/supervisor-proxy/endpoint.sock
                      - -workdir=/run/supervisor-bosfs
                      - -logdir=/log/supervisor-bosfs
                      - -tmpdir=/tmp/supervisor-bosfs
                      - --v=4
                    volumeMounts:
                      - name: supervisor-proxy-socket-dir
                        mountPath: /var/run/supervisor-proxy
                      - name: work-dir
                        mountPath: /run/supervisor-bosfs
                      - name: log-dir
                        mountPath: /log/supervisor-bosfs
                      - name: tmp-dir
                        mountPath: /tmp/supervisor-bosfs
                      - mountPath: /var/run/supervisor
                        name: supervisor-socket-dir
                      - mountPath: /etc/supervisord.d
                        name: supervisor-config-dir
                    lifecycle:
                      preStop:
                        exec:
                          command:
                            - /bin/sh
                            - -c
                            - rm -rf /var/run/supervisor-proxy/endpoint.sock
                volumes:
                  - name: work-dir
                    emptyDir:
                      medium: Memory
                  - name: supervisor-config-dir
                    emptyDir: {}
                  - name: log-dir
                    emptyDir: {}
                  - name: tmp-dir
                    emptyDir: {}
                  - name: supervisor-proxy-socket-dir
                    hostPath:
                      path: /var/run/supervisor-proxy
                      type: DirectoryOrCreate
                  - hostPath:
                      path: /var/lib/kubelet/pods
                      type: Directory
                    name: pods-mount-dir
                  - hostPath:
                      path: /data/kubelet/pods
                      type: DirectoryOrCreate
                    name: pods-mount-dir-data
                  - hostPath:
                      path: /mnt/kubelet/pods
                      type: DirectoryOrCreate
                    name: pods-mount-dir-mnt
                  - hostPath:
                      path: /sys
                      type: ""
                    name: host-sys
                  - hostPath:
                      path: /lib/modules
                      type: ""
                    name: lib-modules
                  - hostPath:
                      path: /dev
                      type: ""
                    name: host-dev
                  - name: supervisor-socket-dir
                    hostPath:
                      path: /var/run/supervisor
                      type: ""
                  - name: bosfs-binary-dir
                    hostPath:
                      path: /bosfs/bin
                      type: ""

          静态PV/PVC方式挂载BOS

          1.在集群中创建 AK/SK 的 secret,用以访问BOS存储。

          kubectl create secret generic csi-bos-secret \
            --from-literal=ak=<Your AK> \
            --from-literal=sk=<Your SK>

          关于 AK/SK 的更多信息参考: 如何获取 AK 和 SK

          2.在集群中创建PV和PVC资源

          使用kubectl,执行 kubectl create -f bos-pv.yaml 完成PV的创建

          对应的bos-pv.yaml文件如下所示:

          apiVersion: v1
          kind: PersistentVolume
          metadata:
            name: pv-bos
            namespace: "default"
          spec:
            accessModes:
            - ReadWriteOnce
            - ReadOnlyMany
            capacity:
              storage: 5Gi
            storageClassName: csi-bos
            csi:
              driver: "csi-bosplugin"
              volumeHandle: "v-XXXXXX"
              nodePublishSecretRef:
                name: "csi-bos-secret"
                namespace: "default"
              volumeAttributes:
                options: "-o meta_expires=0"
            persistentVolumeReclaimPolicy: Retain

          注意事项及参数说明:

          • yaml中volumeHandle:对应的是BOS的 bucketName, 支持挂载 BOS bucket子目录 , 如: bucketName/dirName
          • nodePublishSecretRef:填写步骤1中的 secret 名
          • volumeAttributes下的参数为选填参数

            • region:用于跨region支持BOS挂载, 支持参数为:su, bj, whf, gz, hkg, bd(苏州,北京,武汉,广州,香港,保定),同时需要虚机开通eip。region参数默认为机器所在region
            • multipart_size, multipart_threshold, multipart_parallel 为 BOS分片传输相关参数,详情见BOS参数说明
            • option:其他参数,详情见BOS参数说明
          • BOS 支持一写多读,但是只读的pod无法读取到最新写入的数据:对应的 accessMode 只支持 ReadWriteOnce + ReadOnlyMany

          创建PV后,输入kubectl get pv可以看见一个available状态的PV,如下所示:

          $ kubectl get pv
          NAME      CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM     STORAGECLASS   REASON    AGE
          bos-pv    5Gi        RWO,ROX        Retain           Available             csi-bos                         3s

          3.建立一个能够与该PV绑定的PVC

          使用kubectl,执行 kubectl create -f bos-pvc.yaml完成PVC的创建

          对应的bos-pvc.yaml文件如下所示:

          apiVersion: v1
          kind: PersistentVolumeClaim
          metadata:
            name: bos-pvc
          spec:
            accessModes:
            - ReadWriteOnce
            - ReadOnlyMany
            resources:
              requests:
                storage: 5Gi
            storageClassName: csi-bos

          注意: yaml中storageClassName字段用于和 PV关联,建议填写,如果集群中使用多类存储系统的 PV

          绑定前,PVC为pending状态

          $ kubectl get pvc
          NAME      STATUS    VOLUME    CAPACITY   ACCESS MODES   STORAGECLASS   AGE
          bos-pvc   Pending                                       csi-bos        2s                                                 

          绑定后,PV和PVC状态变为Bound

          $ kubectl get pv
          NAME      CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS    CLAIM             STORAGECLASS   REASON    AGE
          bos-pv    5Gi        RWX            Retain           Bound     default/bos-pvc                            36s
          $ kubectl get pvc
          NAME      STATUS    VOLUME    CAPACITY   ACCESS MODES   STORAGECLASS   AGE
          bos-pvc   Bound     bos-pv    5Gi        RWO,ROX        csi-bos        1m

          有关PV和PVC的更多设置和字段说明,见k8s官方文档

          4.在Pod内挂载PVC

          在Pod spec内指定相应的PVC名称即可,使用kubectl,执行 kubectl create -f demo-bos-pod.yaml 完成pod的创建

          对应的demo-bos-pod.yaml文件如下所示:

          apiVersion: v1
          kind: Pod
          metadata:
            name: nginx01
            namespace: default
          spec:
            containers:
            - image: nginx
              imagePullPolicy: Always
              name: nginx01
              volumeMounts:
              - mountPath: /var/lib/www/html
                name: bos-pvc
              - mountPath: /var/lib/www/html000
                name: bos-pvc
                readOnly: true
            volumes:
            - name: bos-pvc
              persistentVolumeClaim:
                claimName: bos-pvc
                readOnly: false

          Pod创建后,可以读写容器内的//var/lib/www/html路径来访问相应的BOS存储上的内容, 同时该路径支持读写,/var/lib/www/html000支持只读。

          同时,支持在其余机器上挂载只读盘,kubectl create -f demo-bos-pod1.yaml创建一个包含只读 bos bucket的 pod

          apiVersion: v1
          kind: Pod
          metadata:
            name: nginx01-bbaa
          spec:
            containers:
            - image: nginx
              imagePullPolicy: Always
              name: nginx01
              terminationMessagePath: /dev/termination-log
              terminationMessagePolicy: File
              volumeMounts:
              - mountPath: /var/lib/www/html000
                name: bos-pvc
                readOnly: true
            volumes:
            - name: bos-pvc
              persistentVolumeClaim:
                claimName: bos-pvc
                readOnly: true

          5.释放PV和PVC资源

          完成存储资源的使用后,可以释放PVC和PV资源

          使用以下命令可以释放PVC

          $ kubectl delete -f  bos-pvc.yaml

          释放PVC后,原来与之绑定的PV状态会变为Release,如下所示:

          NAME      CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS     CLAIM             STORAGECLASS   REASON    AGE
          bos-pv    5Gi        RWO,ROX        Retain           Released   default/bos-pvc   csi-bos        16m

          输入以下指令释放PV资源

          $ kubectl delete -f  bos-pv.yaml
          上一篇
          使用文件存储CFS
          下一篇
          监控日志