awsElasticBlockStore

awsElasticBlockStore volume mounts an Amazon Web Service Elastic Block Store (AWS EBS) volume. It's a service that provides persistent block storage for Amazon EC2. Just like the GCE persistent disk, we can provision it statically or dynamically.

To provision it statically, administrators have to create an EBS volume by the AWS console or AWS CLI beforehand. The following is an example of how to mount an existing EBS volume to the containers in a Deployment:

// example of how we used pre-created EBS volume.
# cat 2-6-8_aws/static_mount.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
  name: aws-ebs-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      run: nginx
  template:
    metadata:
      labels:
        run: nginx
    spec:
      volumes:
        - name: aws-ebs
          awsElasticBlockStore:
            volumeID: <ebs volume ID>
            fsType: ext4
      containers:
      - name: aws-ebs-example
        image: nginx
        ports:
          - containerPort: 80
        volumeMounts:
          - mountPath: /mount-path
            name: aws-ebs

To provision it dynamically, on the other hand, just like how we demonstrated in the GCE persistent disk, we first create a non-default storage class; you're free to use a default storage class as well. Here, our environment is provisioned by kops (https://github.com/kubernetes/kops; for more information, please refer to Chapter 6, Building Kubernetes on AWS). The environment has been bound with the required IAM policies, such as ec2:AttachVolume, ec2:CreateVolume, ec2:DetachVolume, and ec2:DeleteVolume. If you provision it from scratch, be sure that you have required policies attaching to the masters:

// declare a storage class
# cat 2-6-8_aws/storageclass.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: example-ebs
provisioner: kubernetes.io/aws-ebs
parameters:
  type: io1
  zones: us-east-1a

// create storage class
# kubectl create -f storageclass.yaml
storageclass "example-ebs" created

// check if example-ebs sc is created
# kubectl get sc
NAME PROVISIONER
default kubernetes.io/aws-ebs
example-ebs kubernetes.io/aws-ebs
gp2 (default) kubernetes.io/aws-ebs

Next, we create a PVC with the storage class name we just created:

// declare a PVC
# cat 2-6-8_aws/pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: aws-example
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: example-ebs
  resources:
    requests:
      storage: 5Gi

// create a PVC
# kubectl create -f pvc.yaml
persistentvolumeclaim "aws-example" created

// check if PVC has been created
# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
aws-example Bound pvc-d1cddc08-ee31-11e7-8582-022bb4c3719e 5Gi RWO example-ebs 5s

When Kubernetes receives the request of PersistentVolumeClaim, it'll try to allocate a new PersistentVolume, or bind to an existing PV, if possible:

// check if a PV is created by a PVC.
# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-d1cddc08-ee31-11e7-8582-022bb4c3719e 5Gi RWO Delete Bound default/aws-example example-ebs 36m

We can check the corresponding PV in the AWS console, as well.

At the end, we create a Deployment with this volume by specifying persistentVolumeClaim in the spec:

// create a deployment
# cat 2-6-8_aws/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
  name: aws-ebs-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      run: nginx
  template:
    metadata:
      labels:
        run: nginx
    spec:
      volumes:
      - name: aws-ebs
        persistentVolumeClaim:
          claimName: aws-example
      containers:
      - name: aws-ebs-example
        image: nginx
        ports:
          - containerPort: 80
        volumeMounts:
          - mountPath: /mount-path
            name: aws-ebs

By specifying claimName as aws-example, it'll then use the EBS volume we just create by PVC, which is requested to AWS dynamically. If we take a look at the Pod description with kubectl describe pod <pod_name>, we can see the details of the volumes:

// kubectl describe pod <pod_name>
# kubectl describe pod aws-ebs-deployment-68bdc6f546-246s7
Containers:
  aws-ebs-example:
    ...
    Mounts:
      /mount-path from aws-ebs (rw)
Volumes:
  aws-ebs:
    Type: AWSElasticBlockStore (a Persistent Disk resource in AWS)
    VolumeID: vol-0fccc3b0af8c17727
    FSType: ext4
    Partition: 0
    ReadOnly: false
...

EBS volume vol-0fccc3b0af8c17727 is mounted under /mount-path inside the container.

If the volume was dynamically provisioned, the default reclaim policy is set to delete. Set it to retain if you want to keep them, even if a PVC is deleted.

The StorageObjectInUseProtection admission controller

A PVC might be deleted accidentally by user even if it's used by a Pod. In Kubernetes v1.10, a new admission controller is added to prevent this from happening. kubernetes.io/pv-protection or kubernetes.io/pvc-protection finalizer will be added into PV or PVC by StorageObjectInUseProtection admission controller. Then when object deletion request is sent, admission controller will do pre-delete check and see if there is any Pod are using it. This will prevent data loss.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.148.107.254