Kubernetes 中的动态存储
[英]Dynamic storages in Kubernetes
问题描述
I have an application running on Kubernetes that needs to access SMB shares that are configured dynamically (host, credentials, etc) within said application.
我有一个在 Kubernetes 上运行的应用程序,它需要访问在所述应用程序中动态配置的 SMB 共享(主机、凭据等)。 I am struggling to achieve this (cleanly) with Kubernetes.我正在努力通过 Kubernetes (干净地)实现这一目标。
I am facing several difficulties:我面临几个困难:
- I do not want "a" storage, I want explicitly specified SMB shares我不想要“a”存储,我想要明确指定的 SMB 共享
- These shares are dynamically defined within the application and not known beforehand这些共享是在应用程序中动态定义的,事先不知道
- I have a variable amount of shares and a single pod needs to be able to access all of them我有可变数量的共享,并且单个 pod 需要能够访问所有这些
We currently have a solution where, on each kubernetes worker node, all shares are mounted to mountpoints in a common folder.我们目前有一个解决方案,在每个 kubernetes 工作节点上,所有共享都挂载到公共文件夹中的挂载点。 This folder is then given as HostPath volume to the containers that need access to those storages.然后将此文件夹作为 HostPath 卷提供给需要访问这些存储的容器。 Finally, each of those containers has a logic to access the subfolder(s) matching the storage(s) he needs.最后,每个容器都有一个逻辑来访问与他需要的存储匹配的子文件夹。
The downside, and the reason why I'm looking for a cleaner alternative, is:不利的一面,也是我寻找更清洁替代品的原因是:
- HostPath volumes present security risks HostPath 卷存在安全风险
- For this solution, I need something outside Kubernetes that mounts the SMB shares automatically on each Kubernetes node对于这个解决方案,我需要 Kubernetes 之外的东西,它可以在每个 Kubernetes 节点上自动安装 SMB 共享
Is there a better solution that I am missing?我缺少更好的解决方案吗?
The Kubernetes object that seems to match this approach the most closely is the Projected Volume, since it "maps existing volume sources into the same directory".似乎最接近这种方法的 Kubernetes object 是 Projected Volume,因为它“将现有卷源映射到同一目录”。 However, it doesn't support the type of volume source I need and I don't think it is possible to add/remove volume sources dynamically without restarting the pods that use this Projected Volume.但是,它不支持我需要的卷源类型,并且我认为在不重新启动使用此 Projected Volume 的 Pod 的情况下动态添加/删除卷源是不可能的。
1 个解决方案
解决方案1
1 2021-12-17 12:51:29
For sure your current solution using HostPath on the nodes is not flexible, not secure thus it is not a good practice.确保您当前在节点上使用 HostPath 的解决方案不灵活、不安全,因此这不是一个好习惯。
I think you should consider using one of the custom drivers for your SMB shares:我认为您应该考虑为您的 SMB 共享使用其中一种自定义驱动程序:
- CIFS FlexVolume Plugin - older solution, not maintained CIFS FlexVolume 插件- 较旧的解决方案,未维护
- SMB CSI Driver - actively developed (recommended) SMB CSI 驱动程序- 积极开发(推荐)
CIFS FlexVolume Plugin : CIFS FlexVolume 插件:
This solution is older and it is replaced by a CSI Driver.此解决方案较旧,已被 CSI 驱动程序取代。 The advantage compared to CSI is that you can specify SMB shares directly from the pod definition (including credentials as Kubernetes secret) as you prefer .与 CSI 相比的优势在于,您可以根据自己的喜好直接从 pod 定义中指定 SMB 共享(包括 Kubernetes 密码的凭证) 。
Here you can find instructions on how to install this plugin on your cluster.在这里,您可以找到有关如何在集群上安装此插件的说明。
SMB CSI Driver : SMB CSI 驱动程序:
This driver will automatically take care of mounting SMB shares on all nodes by using DaemonSet .此驱动程序将使用 DaemonSet 自动负责在所有节点上挂载 SMB 共享。
You can install SMB CSI Driver either by bash script or by using a helm chart .您可以通过bash 脚本或使用舵图安装 SMB CSI 驱动程序。
Assuming you have your SMB server ready, you can use one of the following solution to access it from your pod:假设您已准备好 SMB 服务器,您可以使用以下解决方案之一从您的 pod 访问它:
In both cases you have to use a previously created secret with the credentials.在这两种情况下,您都必须将先前创建的密钥与凭据一起使用。
In your case, for every SMB share you should create a Storage class / PV and mount it to the pod.在您的情况下,对于每个 SMB 共享,您应该创建一个存储 class / PV 并将其安装到 pod。
The advantage of CSI Driver is that it is newer, currently maintained solution and it replaced FlexVolume . CSI Driver 的优势在于它是更新的、当前维护的解决方案,它取代了 FlexVolume 。
Below is diagram representing how CSI plugin operates:下图表示 CSI 插件如何操作:
Also check:还要检查:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.