K8s存储卷配置实战一、Kubernetes存储概述Kubernetes提供多种存储卷类型满足不同场景的持久化需求。存储卷类型分类类型用途持久化共享性EmptyDir临时存储否同一Pod内HostPath宿主机目录是(依赖节点)同一节点PersistentVolume持久存储是跨节点ConfigMap配置文件否是Secret敏感数据否是DownwardAPIPod信息否否二、EmptyDir存储卷2.1 基本配置apiVersion: v1 kind: Pod metadata: name: emptydir-pod spec: containers: - name: nginx image: nginx volumeMounts: - name: cache mountPath: /cache volumes: - name: cache emptyDir: {}2.2 使用内存作为存储volumes: - name: cache emptyDir: medium: Memory # 使用内存 sizeLimit: 512Mi # 限制大小三、HostPath存储卷3.1 基本配置apiVersion: v1 kind: Pod metadata: name: hostpath-pod spec: containers: - name: nginx image: nginx volumeMounts: - name: data mountPath: /data volumes: - name: data hostPath: path: /mnt/data # 宿主机路径 type: DirectoryOrCreate # 类型3.2 HostPath类型类型说明DirectoryOrCreate目录不存在则创建Directory目录必须存在FileOrCreate文件不存在则创建File文件必须存在SocketUnix socket必须存在CharDevice字符设备必须存在BlockDevice块设备必须存在四、PersistentVolume与PersistentVolumeClaim4.1 创建PersistentVolumeapiVersion: v1 kind: PersistentVolume metadata: name: pv-example spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce # 单节点读写 persistentVolumeReclaimPolicy: Retain # 保留策略 storageClassName: standard hostPath: path: /mnt/data4.2 创建PersistentVolumeClaimapiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-example spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: standard4.3 在Pod中使用PVCapiVersion: v1 kind: Pod metadata: name: pvc-pod spec: containers: - name: nginx image: nginx volumeMounts: - name: data mountPath: /data volumes: - name: data persistentVolumeClaim: claimName: pvc-example4.4 AccessModes说明模式说明ReadWriteOnce (RWO)单节点读写ReadOnlyMany (ROX)多节点只读ReadWriteMany (RWX)多节点读写ReadWriteOncePod (RWOP)单Pod读写五、StorageClass配置5.1 创建StorageClassapiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: fast provisioner: kubernetes.io/aws-ebs parameters: type: gp2 zone: us-west-2a reclaimPolicy: Delete allowVolumeExpansion: true # 允许扩容 mountOptions: - debug5.2 使用StorageClass动态创建PVapiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-dynamic spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: fast # 指定StorageClass六、ConfigMap与Secret6.1 ConfigMap配置apiVersion: v1 kind: ConfigMap metadata: name: app-config data: database: mysql host: db.example.com port: 3306apiVersion: v1 kind: Pod metadata: name: configmap-pod spec: containers: - name: nginx image: nginx env: - name: DB_HOST valueFrom: configMapKeyRef: name: app-config key: host volumeMounts: - name: config mountPath: /etc/config volumes: - name: config configMap: name: app-config6.2 Secret配置apiVersion: v1 kind: Secret metadata: name: db-secret type: Opaque data: username: dXNlcjE # base64编码 password: cGFzc3dvcmQapiVersion: v1 kind: Pod metadata: name: secret-pod spec: containers: - name: nginx image: nginx env: - name: DB_USERNAME valueFrom: secretKeyRef: name: db-secret key: username volumeMounts: - name: secret mountPath: /etc/secret readOnly: true volumes: - name: secret secret: secretName: db-secret七、高级存储配置7.1 卷扩容apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-expand spec: accessModes: - ReadWriteOnce resources: requests: storage: 20Gi # 从10Gi扩容到20Gi storageClassName: fast7.2 子路径挂载apiVersion: v1 kind: Pod metadata: name: subpath-pod spec: containers: - name: nginx image: nginx volumeMounts: - name: data mountPath: /data/html subPath: html # 挂载子目录 volumes: - name: data persistentVolumeClaim: claimName: pvc-example7.3 临时目录apiVersion: v1 kind: Pod metadata: name: tmp-pod spec: containers: - name: nginx image: nginx volumeMounts: - name: temp mountPath: /tmp volumes: - name: temp emptyDir: medium: Memory sizeLimit: 128Mi八、存储卷最佳实践8.1 选择合适的存储类型场景推荐存储类型缓存数据EmptyDir (内存)日志存储HostPath数据库数据PersistentVolume配置文件ConfigMap敏感信息Secret8.2 性能优化# 使用本地存储提高性能 apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: local-storage provisioner: kubernetes.io/no-provisioner volumeBindingMode: WaitForFirstConsumer8.3 安全建议# 限制权限 volumes: - name: secret secret: secretName: db-secret defaultMode: 0400 # 只读权限九、总结Kubernetes提供丰富的存储卷类型从临时存储到持久化存储从配置管理到敏感数据保护。合理选择和配置存储卷是构建稳定可靠应用的关键。