Azure Kubernetes Service (AKS) 中的應用程式適用的儲存體選項Storage options for applications in Azure Kubernetes Service (AKS)

在 Azure Kubernetes Service (AKS) 中執行的應用程式可能需要儲存和擷取資料。Applications that run in Azure Kubernetes Service (AKS) may need to store and retrieve data. 對於某些應用程式工作負載,此類資料儲存可以使用節點上在 Pod 刪除後即不再需要的本機快速儲存體。For some application workloads, this data storage can use local, fast storage on the node that is no longer needed when the pods are deleted. 其他應用程式工作負載則可能需要會在 Azure 平台內較一般的資料磁碟區上持續保存的儲存體。Other application workloads may require storage that persists on more regular data volumes within the Azure platform. 多個 Pod 可能需要共用相同的資料磁碟區,或者,若 Pod 重新排程於不同節點上,則需要重新連結資料磁碟區。Multiple pods may need to share the same data volumes, or reattach data volumes if the pod is rescheduled on a different node. 最後,您可能需要將敏感性資料或應用程式設定資訊插入 Pod 中。Finally, you may need to inject sensitive data or application configuration information into pods.

Azure Kubernetes Service (AKS) 叢集中的應用程式適用的儲存體選項

本文將介紹為 AKS 中的應用程式提供儲存體的核心概念:This article introduces the core concepts that provide storage to your applications in AKS:

磁碟區Volumes

應用程式通常必須能夠儲存和擷取資料。Applications often need to be able to store and retrieve data. 由於 Kubernetes 通常會將個別的 Pod 視為可處置的暫時性資源,因此可視需要以不同的方法讓應用程式使用和保存資料。As Kubernetes typically treats individual pods as ephemeral, disposable resources, different approaches are available for applications to use and persist data as necessary. 磁碟區就是可跨 Pod 和應用程式生命週期儲存、擷取和保存資料的方式之一。A volume represents a way to store, retrieve, and persist data across pods and through the application lifecycle.

用來儲存和擷取資料的傳統磁碟區,會建立為受 Azure 儲存體支援的 Kubernetes 資源。Traditional volumes to store and retrieve data are created as Kubernetes resources backed by Azure Storage. 您可以手動建立這些資料磁碟區並直接將其指派給 Pod,或是由 Kubernetes 自動加以建立。You can manually create these data volumes to be assigned to pods directly, or have Kubernetes automatically create them. 這些資料磁碟區可使用 Azure 磁碟或 Azure 檔案:These data volumes can use Azure Disks or Azure Files:

  • Azure 磁碟可用來建立 Kubernetes DataDisk 資源。Azure Disks can be used to create a Kubernetes DataDisk resource. Azure 磁碟可以使用採用高效能 SSD 的 Azure 進階儲存體,或是採用一般 HDD 的 Azure 標準儲存體。Disks can use Azure Premium storage, backed by high-performance SSDs, or Azure Standard storage, backed by regular HDDs. 對於大部分的生產和開發工作負載,請使用進階儲存體。For most production and development workloads, use Premium storage. Azure 磁碟會以 ReadWriteOnce 的形式掛接,因此僅適用於單一節點。Azure Disks are mounted as ReadWriteOnce, so are only available to a single node. 對於可同時供多個節點存取的存放磁碟區,請使用 Azure 檔案。For storage volumes that can be accessed by multiple nodes simultaneously, use Azure Files.
  • Azure 檔案可用來將 Azure 儲存體帳戶所支援的 SMB 3.0 共用掛接至 Pod。Azure Files can be used to mount an SMB 3.0 share backed by an Azure Storage account to pods. Azure 檔案可讓您在多個節點和 Pod 之間共用資料。Files let you share data across multiple nodes and pods. 檔案可以使用由一般 Hdd 或 Azure Premium 儲存體所支援的 Azure 標準儲存體 (由高效能 Ssd 支援)。Files can use Azure Standard storage backed by regular HDDs, or Azure Premium storage, backed by high-performance SSDs.

注意

Azure 檔案儲存體在執行 Kubernetes 1.13 或更高版本的 AKS 叢集中支援 premium 儲存體。Azure Files support premium storage in AKS clusters that run Kubernetes 1.13 or higher.

在 Kubernetes 中,磁碟區所代表的不只是可供儲存和擷取資訊的傳統磁碟。In Kubernetes, volumes can represent more than just a traditional disk where information can be stored and retrieved. Kubernetes 磁碟區也可用來將資料插入 Pod 中,供容器使用。Kubernetes volumes can also be used as a way to inject data into a pod for use by the containers. Kubernetes 中常見的其他磁碟區類型包括:Common additional volume types in Kubernetes include:

  • emptyDir - 此磁碟區通常作為 Pod 的暫存空間。emptyDir - This volume is commonly used as temporary space for a pod. Pod 內的所有容器都可存取磁碟區上的資料。All containers within a pod can access the data on the volume. 寫入此磁碟區類型的資料只會在 Pod 的存留期內保存 - 當 Pod 遭刪除後,磁碟區集會刪除。Data written to this volume type persists only for the lifespan of the pod - when the pod is deleted, the volume is deleted. 此磁碟區通常會使用基礎本機節點磁碟儲存體,但也只能存留於節點的記憶體中。This volume typically uses the underlying local node disk storage, though can also exist only in the node's memory.
  • secret - 此磁碟區可用來將敏感性資料插入 Pod 中,例如密碼。secret - This volume is used to inject sensitive data into pods, such as passwords. 首先,您必須使用 Kubernetes API 建立祕密。You first create a Secret using the Kubernetes API. 您在定義 Pod 或部署時,系統可能會要求特定秘密。When you define your pod or deployment, a specific Secret can be requested. 對於有已排程的 Pod 需要秘密的節點,才會提供秘密,且秘密會儲存在 tmpfs 中,不會寫入至磁碟。Secrets are only provided to nodes that have a scheduled pod that requires it, and the Secret is stored in tmpfs, not written to disk. 當節點上最後一個需要祕密的 Pod 遭刪除時,即會從該節點的 tmpfs 中刪除秘密。When the last pod on a node that requires a Secret is deleted, the Secret is deleted from the node's tmpfs. 祕密儲存在指定的命名空間內,且僅供相同命名空間中的 Pod 存取。Secrets are stored within a given namespace and can only be accessed by pods within the same namespace.
  • configMap - 此磁碟區類型可用來將索引鍵/值組屬性插入 Pod 中,例如應用程式設定資訊。configMap - This volume type is used to inject key-value pair properties into pods, such as application configuration information. 您無須將應用程式設定資訊定義於容器映像內,而可以將其定義為 Kubernetes 資源,以便在 Pod 的新執行個體部署時為其更新和套用該資源。Rather than defining application configuration information within a container image, you can define it as a Kubernetes resource that can be easily updated and applied to new instances of pods as they are deployed. 和使用祕密一樣,您必須先使用 Kubernetes API 建立 ConfigMap。Like using a Secret, you first create a ConfigMap using the Kubernetes API. 隨後當您定義 Pod 或部署,即可要求此 ConfigMap。This ConfigMap can then be requested when you define a pod or deployment. ConfigMap 會儲存在指定的命名空間內,且僅供相同命名空間中的 Pod 存取。ConfigMaps are stored within a given namespace and can only be accessed by pods within the same namespace.

永續性磁碟區Persistent volumes

磁碟區會定義並建立為 Pod 生命週期的一部分,且在 Pod 刪除之後即不存在。Volumes that are defined and created as part of the pod lifecycle only exist until the pod is deleted. 如果 Pod 在維護事件期間 (尤其是在 StatefulSet 中) 重新排程於不同的主機上,Pod 通常會預期其儲存體能持續保存。Pods often expect their storage to remain if a pod is rescheduled on a different host during a maintenance event, especially in StatefulSets. 永續性磁碟區 (PV) 是由 Kubernetes API 建立和管理的儲存體資源,可跨個別 Pod 的存留期持續保存。A persistent volume (PV) is a storage resource created and managed by the Kubernetes API that can exist beyond the lifetime of an individual pod.

Azure 磁碟或檔案可用來提供 PersistentVolume。Azure Disks or Files are used to provide the PersistentVolume. 如先前關於磁碟區的章節所說明,應選擇磁碟還是檔案,通常取決於資料的並行存取或效能層級的需求。As noted in the previous section on Volumes, the choice of Disks or Files is often determined by the need for concurrent access to the data or the performance tier.

Azure Kubernetes Service (AKS) 叢集中的永續性磁碟區

PersistentVolume 可由叢集管理員靜態建立,或由 Kubernetes API 伺服器動態建立。A PersistentVolume can be statically created by a cluster administrator, or dynamically created by the Kubernetes API server. 如果 Pod 在排程後要求了目前無法使用的儲存體,Kubernetes 可以建立基礎 Azure 磁碟或檔案儲存體,並將其連結至 Pod。If a pod is scheduled and requests storage that is not currently available, Kubernetes can create the underlying Azure Disk or Files storage and attach it to the pod. 動態佈建會使用 StorageClass 來識別需要建立的 Azure 儲存體類型。Dynamic provisioning uses a StorageClass to identify what type of Azure storage needs to be created.

儲存體類別Storage classes

若要定義不同層級的儲存體 (例如進階和標準),您可以建立 StorageClassTo define different tiers of storage, such as Premium and Standard, you can create a StorageClass. StorageClass 也會定義 reclaimPolicyThe StorageClass also defines the reclaimPolicy. 此 reclaimPolicy 可控制基礎 Azure 儲存體資源在 Pod 刪除後和不再需要永續性磁碟區時的行為。This reclaimPolicy controls the behavior of the underlying Azure storage resource when the pod is deleted and the persistent volume may no longer be required. 基礎儲存體資源可以刪除或保留供未來的 Pod 使用。The underlying storage resource can be deleted, or retained for use with a future pod.

在 AKS 中會建立兩個初始 StorageClass:In AKS, two initial StorageClasses are created:

  • default - 使用 Azure 標準儲存體來建立受控磁碟。default - Uses Azure Standard storage to create a Managed Disk. 收回原則會指出在使用基礎 Azure 磁碟的 Pod 遭刪除時,即應刪除該磁碟。The reclaim policy indicates that the underlying Azure Disk is deleted when the pod that used it is deleted.
  • managed-premium - 使用 Azure 進階儲存體來建立受控磁碟。managed-premium - Uses Azure Premium storage to create Managed Disk. 收回原則同樣會指出在使用基礎 Azure 磁碟的 Pod 遭刪除時,即應刪除該磁碟。The reclaim policy again indicates that the underlying Azure Disk is deleted when the pod that used it is deleted.

若未指定永續性磁碟區的 StorageClass,將會使用預設 StorageClass。If no StorageClass is specified for a persistent volume, the default StorageClass is used. 要求永續性磁碟區時請多加留意,讓磁碟區使用您所需的適當儲存體。Take care when requesting persistent volumes so that they use the appropriate storage you need. 您可以使用 kubectl 建立 StorageClass,以因應其他需求。You can create a StorageClass for additional needs using kubectl. 下列範例會使用進階受控磁碟,並指定在 Pod 刪除後應保留基礎 Azure 磁碟:The following example uses Premium Managed Disks and specifies that the underlying Azure Disk should be retained when the pod is deleted:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: managed-premium-retain
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
parameters:
  storageaccounttype: Premium_LRS
  kind: Managed

永續性磁碟區宣告Persistent volume claims

PersistentVolumeClaim 會要求特定 StorageClass、存取模式和大小的磁碟或檔案儲存體。A PersistentVolumeClaim requests either Disk or File storage of a particular StorageClass, access mode, and size. 若根據 StorageClass 中的定義並沒有現有的資源可用來履行宣告,Kubernetes API 伺服器可在 Azure 中動態佈建基礎儲存體資源。The Kubernetes API server can dynamically provision the underlying storage resource in Azure if there is no existing resource to fulfill the claim based on the defined StorageClass. 在磁碟區連線至 Pod 後,Pod 定義即會包含磁碟區掛接。The pod definition includes the volume mount once the volume has been connected to the pod.

Azure Kubernetes Service (AKS) 叢集中的永續性磁碟區宣告

可用的儲存體資源指派給發出要求的 Pod 後,PersistentVolume 就會繫結至 PersistentVolumeClaim。A PersistentVolume is bound to a PersistentVolumeClaim once an available storage resource has been assigned to the pod requesting it. 永續性磁碟區與宣告之間有 1:1 的對應。There is a 1:1 mapping of persistent volumes to claims.

下列範例 YAML 資訊清單顯示使用 managed-premium StorageClass 並要求 5Gi 磁碟的持續性磁碟區宣告:The following example YAML manifest shows a persistent volume claim that uses the managed-premium StorageClass and requests a Disk 5Gi in size:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: azure-managed-disk
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: managed-premium
  resources:
    requests:
      storage: 5Gi

當您建立 Pod 定義時,您會指定永續性磁碟區宣告應要求所需的儲存體。When you create a pod definition, the persistent volume claim is specified to request the desired storage. 接著,您也會指定供應用程式用來讀取和寫入資料的 volumeMountYou also then specify the volumeMount for your applications to read and write data. 下列範例 YAML 資訊清單說明如何使用先前的永續性磁碟區宣告在 /mnt/azure 上掛階磁碟區:The following example YAML manifest shows how the previous persistent volume claim can be used to mount a volume at /mnt/azure:

kind: Pod
apiVersion: v1
metadata:
  name: nginx
spec:
  containers:
    - name: myfrontend
      image: nginx
      volumeMounts:
      - mountPath: "/mnt/azure"
        name: volume
  volumes:
    - name: volume
      persistentVolumeClaim:
        claimName: azure-managed-disk

後續步驟Next steps

如需相關的最佳作法, 請參閱AKS 中儲存和備份的最佳作法For associated best practices, see Best practices for storage and backups in AKS.

若要了解如何建立使用 Azure 磁碟或 Azure 檔案的動態和靜態磁碟區,請參閱下列操作說明文章:To see how to create dynamic and static volumes that use Azure Disks or Azure Files, see the following how-to articles:

如需關於 Kubernetes 及 AKS 核心概念的詳細資訊,請參閱下列文章:For additional information on core Kubernetes and AKS concepts, see the following articles: