动态存储供给 #
一、动态供给概述 #
动态存储供给允许Kubernetes根据PVC自动创建PV和底层存储。
1.1 静态供给 vs 动态供给 #
text
静态供给
│
├── 管理员手动创建PV
│
├── 用户创建PVC
│
└── PVC绑定已有PV
动态供给
│
├── 用户创建PVC
│
├── 自动创建底层存储
│
└── 自动创建PV并绑定
1.2 动态供给组件 #
text
动态供给组件
│
├── StorageClass
│ └── 定义存储类型和参数
│
├── Provisioner
│ └── 执行存储创建
│
├── CSI Driver
│ └── 容器存储接口驱动
│
└── PVC
└── 存储请求
二、Provisioner类型 #
2.1 内置Provisioner #
| Provisioner | 说明 |
|---|---|
| kubernetes.io/aws-ebs | AWS EBS |
| kubernetes.io/gce-pd | GCE PD |
| kubernetes.io/azure-disk | Azure Disk |
| kubernetes.io/cinder | OpenStack Cinder |
| kubernetes.io/no-provisioner | Local存储 |
2.2 CSI Provisioner #
yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-sc
provisioner: ebs.csi.aws.com
parameters:
type: gp3
2.3 外部Provisioner #
yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-client
provisioner: nfs-client
parameters:
archiveOnDelete: "true"
三、CSI驱动 #
3.1 CSI概述 #
CSI(Container Storage Interface)是容器存储的标准接口。
text
CSI架构
│
├── CSI Controller
│ ├── CreateVolume
│ ├── DeleteVolume
│ └── ControllerPublishVolume
│
├── CSI Node
│ ├── NodeStageVolume
│ ├── NodePublishVolume
│ └── NodeUnpublishVolume
│
└── External Provisioner
└── 监听PVC,调用CSI
3.2 安装CSI驱动 #
yaml
# AWS EBS CSI Driver
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ebs-csi-node
namespace: kube-system
spec:
selector:
matchLabels:
app: ebs-csi-node
template:
metadata:
labels:
app: ebs-csi-node
spec:
containers:
- name: ebs-plugin
image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.14.0
args:
- --endpoint=$(CSI_ENDPOINT)
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
- name: plugin-dir
mountPath: /csi
volumes:
- name: kubelet-dir
hostPath:
path: /var/lib/kubelet
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/ebs.csi.aws.com
3.3 常用CSI驱动 #
| CSI驱动 | 说明 |
|---|---|
| ebs.csi.aws.com | AWS EBS |
| pd.csi.storage.gke.io | GCE PD |
| disk.csi.azure.com | Azure Disk |
| rbd.csi.ceph.com | Ceph RBD |
| nfs.csi.k8s.io | NFS |
| hostpath.csi.k8s.io | HostPath(测试用) |
四、配置动态供给 #
4.1 AWS EBS示例 #
yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: aws-ebs-gp3
provisioner: ebs.csi.aws.com
parameters:
type: gp3
fsType: ext4
encrypted: "true"
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
4.2 Ceph RBD示例 #
yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ceph-rbd
provisioner: rbd.csi.ceph.com
parameters:
clusterID: ceph-cluster
pool: rbd
imageFormat: "2"
imageFeatures: layering
csi.storage.k8s.io/provisioner-secret-name: ceph-secret
csi.storage.k8s.io/provisioner-secret-namespace: default
csi.storage.k8s.io/node-stage-secret-name: ceph-secret
csi.storage.k8s.io/node-stage-secret-namespace: default
reclaimPolicy: Delete
allowVolumeExpansion: true
4.3 NFS示例 #
yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-csi
provisioner: nfs.csi.k8s.io
parameters:
server: 192.168.1.100
share: /data/nfs
reclaimPolicy: Delete
volumeBindingMode: Immediate
五、供给流程 #
5.1 创建流程 #
text
动态供给流程
│
├── 1. 用户创建PVC
│ └── 指定StorageClass
│
├── 2. Provisioner监听PVC
│ └── 检测未绑定的PVC
│
├── 3. 调用CSI创建存储
│ └── 创建底层存储卷
│
├── 4. 创建PV对象
│ └── 关联底层存储
│
└── 5. 绑定PVC和PV
└── 更新状态为Bound
5.2 删除流程 #
text
动态删除流程
│
├── 1. 用户删除PVC
│
├── 2. PV状态变为Released
│
├── 3. 根据回收策略处理
│ ├── Delete:删除存储
│ └── Retain:保留存储
│
└── 4. 删除PV对象
六、高级配置 #
6.1 卷快照 #
yaml
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: csi-snapclass
driver: ebs.csi.aws.com
deletionPolicy: Delete
---
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
name: my-snapshot
spec:
volumeSnapshotClassName: csi-snapclass
source:
persistentVolumeClaimName: my-pvc
6.2 从快照恢复 #
yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: restore-pvc
spec:
storageClassName: aws-ebs-gp3
dataSource:
name: my-snapshot
kind: VolumeSnapshot
apiGroup: snapshot.storage.k8s.io
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
6.3 克隆卷 #
yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cloned-pvc
spec:
storageClassName: aws-ebs-gp3
dataSource:
name: source-pvc
kind: PersistentVolumeClaim
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
七、故障排查 #
7.1 常见问题 #
bash
# 查看PVC状态
kubectl describe pvc <pvc-name>
# 查看Provisioner日志
kubectl logs -n kube-system -l app=ebs-csi-controller
# 查看CSI驱动状态
kubectl get pods -n kube-system -l app=ebs-csi-node
# 查看事件
kubectl get events --field-selector involvedObject.name=<pvc-name>
7.2 问题诊断 #
| 问题 | 原因 | 解决方案 |
|---|---|---|
| PVC一直Pending | Provisioner异常 | 检查CSI驱动状态 |
| 创建失败 | 权限不足 | 检查Secret配置 |
| 参数错误 | StorageClass配置 | 检查参数设置 |
八、最佳实践 #
8.1 存储类规划 #
yaml
# 高性能存储
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast
provisioner: ebs.csi.aws.com
parameters:
type: gp3
iops: "3000"
---
# 标准存储
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
provisioner: ebs.csi.aws.com
parameters:
type: gp3
---
# 归档存储
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: archive
provisioner: ebs.csi.aws.com
parameters:
type: sc1
8.2 安全配置 #
yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: encrypted
provisioner: ebs.csi.aws.com
parameters:
type: gp3
encrypted: "true"
kmsKeyId: "arn:aws:kms:us-east-1:123456789:key/xxx"
九、总结 #
9.1 核心要点 #
| 要点 | 说明 |
|---|---|
| 动态供给 | 自动创建PV |
| CSI | 容器存储接口 |
| Provisioner | 存储供给器 |
| StorageClass | 存储类型定义 |
9.2 下一步 #
掌握了动态存储供给后,让我们学习 ConfigMap,了解配置管理的方法。
最后更新:2026-03-28