堆栈内存溢出
  简体   繁体   English

GKE 集群上的网络文件共享访问 - Windows 节点池

[英]Network File share access on GKE cluster - Windows node pool

 原文  2020-05-28 08:42:55       kubernetes/ google-kubernetes-engine/ persistent-volumes/ google-cloud-filestore/ gce-persistent-disk

问题描述

We are Containerizing dotnet application on GKE cluster(Windows node-pool).我们正在 GKE 集群(Windows 节点池)上容器化 dotnet 应用程序。 We have a requirement, where multiple pods can access same shared space(persistent volume).我们有一个要求,多个 pod 可以访问同一个共享空间(持久卷)。 Also it should support "ReadWriteMany" AccessMode.它还应该支持“ReadWriteMany”访问模式。 We have explored below option:我们探索了以下选项:

  1. GCE Persistent disk accessed by Persistent volume.(It doesn't support ReadWriteMany. Only one pod can access the disk). GCE Persistent 磁盘由 Persistent 卷访问。(不支持 ReadWriteMany。只有一个 pod 可以访问该磁盘)。
  2. Network File Share(NFS).网络文件共享 (NFS)。 Currently not supported for windows node pools.目前不支持 windows 节点池。
  3. Filestore fits the solutions but expensive and managed by google. Filestore 适合解决方案,但价格昂贵且由谷歌管理。

We are looking other options to fit our requirement.我们正在寻找其他选择来满足我们的要求。 Please help.请帮忙。

2 个解决方案

解决方案1
 0  2020-05-28 13:50:44

You are right by saying that NFS isn't yet supported on Windows, at least, not for the built-in client v4.您说 Windows 尚不支持 NFS 是对的,至少对于内置客户端 v4 不支持。 So as long as there is no support for NFS v4, Kubernetes team could not start up this work in k8s.所以只要不支持 NFS v4,Kubernetes 团队就无法在 k8s 中启动这项工作。 source资源

With this constraint, the only solution I can see remains the Filestore.有了这个约束,我能看到的唯一解决方案仍然是Filestore。

解决方案2
 0  2020-05-30 08:38:02

I've been trying to solve the same problem - accessing shared filesystem from 2 Windows pods (ASP.NET application on IIS + console application).我一直在尝试解决同样的问题 - 从 2 个 Windows pod(IIS 上的 ASP.NET 应用程序 + 控制台应用程序)访问共享文件系统。 I wasn't able to use the Filestore because it requires an NFSClient ( Install-WindowsFeature NFS-Client ) and I couldn't install it into the containers (during container build or runtime) since it requires a computer restart - maybe i'm missing sth here.我无法使用 Filestore,因为它需要 NFSClient ( Install-WindowsFeature NFS-Client ),并且我无法将它安装到容器中(在容器构建或运行时),因为它需要重新启动计算机 - 也许我是在这里想念某事。

The options I've found:我发现的选项:

  1. If you need to create a simple temporary demo application that can run on single VM you can run both pods on a single instance, create a Persistent Disk, attach it to the instance with gcloud compute instances attach-disk , RDP into the instance, mount the disk and provide the disk to the pods as a hostPath.如果您需要创建一个可以在单个 VM 上运行的简单临时演示应用程序,您可以在单个实例上运行两个 pod,创建一个 Persistent Disk,使用gcloud compute instances attach-disk将其附加到实例,RDP 到实例中,挂载磁盘并将磁盘作为 hostPath 提供给 pod。 That's the solution I'm using now.这就是我现在使用的解决方案。

  2. Create an SMB share (on a separate VM or using a Docker container https://hub.docker.com/r/dperson/samba/ and access it from the pods using New-SmbMapping -LocalPath $shareletter -RemotePath $dhcpshare -Username $shareuser -Password $sharepasswd -Persistent $true . This solution worked for my console application but the web application couldn't access the files (even though I've set the application pool on IIS to run as Local System). The SMB could also be mounted from the instance using the New-SmbGlobalMapping - the flexvolume does that https://github.com/microsoft/K8s-Storage-Plugins/tree/master/flexvolume/windows . I haven't explored that option and I think it would have the same problem (IIS not seeing the files). Create an SMB share (on a separate VM or using a Docker container https://hub.docker.com/r/dperson/samba/ and access it from the pods using New-SmbMapping -LocalPath $shareletter -RemotePath $dhcpshare -Username $shareuser -Password $sharepasswd -Persistent $true 。此解决方案适用于我的控制台应用程序,但 web 应用程序无法访问文件(即使我已将 IIS 上的应用程序池设置为作为本地系统运行)。SMB 可以也可以使用New-SmbGlobalMapping从实例安装 - flexvolume 可以做到https://github.com/microsoft/K8s-Storage-Plugins/tree/master/flexvolume/windows 。我还没有探索过这个选项,我认为它会有同样的问题(IIS 没有看到文件)。

  3. I think the best (most secure and reliable) solution would be to setup an Active Directory Domain Controller and SMB share on separate VM and provide access to it to the containers using gMSA: https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts https://kubernetes.io/docs/tasks/configure-pod-container/configure-gmsa/ That doesn't seem easy though.我认为最好(最安全和可靠)的解决方案是在单独的 VM 上设置 Active Directory 域 Controller 和 SMB 共享,并使用 gMSA 提供对容器的访问权限: https://docs.microsoft.com/en-us /virtualization/windowscontainers/manage-containers/manage-serviceaccounts https://kubernetes.io/docs/tasks/configure-pod-container/configure-gmsa/但这似乎并不容易。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将新节点池添加到 GKE 集群 - Add new node pool to GKE cluster 是否可以在 GKE 的区域集群中创建仅限区域的节点池? - Is it possible to create a zone only node pool in a regional cluster in GKE? GKE:修改现有集群 - 删除节点标签并更改网络 - GKE: Modify existing cluster - remove node tags and change network 如何更改现有 GKE 节点池的 API 访问 scope? - How to change API access scope for an existing GKE node pool? 如何在 AKS 集群中创建 Windows 节点池? - How to create a Windows node pool in AKS cluster? GKE RBAC角色/角色绑定到集群中的访问节点状态 - GKE RBAC role / rolebinding to access node status in the cluster 为什么增加 GKE 集群的节点池大小后新节点实例不可用? - Why are new node instances not available after Increasing GKE Cluster's Node Pool size? 在 GKE 中使用共享网络创建集群 - Create cluster with Shared Network in GKE GPU 未添加到 GKE 节点池 - GPUs not added to GKE node pool 节点池是GKE还是Kubernetes的概念? - Is Node Pool a concept of GKE or Kubernetes?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM