在 Azure Kubernetes 服务 (AKS) 中通过 Azure 磁盘手动创建并使用卷Manually create and use a volume with Azure disks in Azure Kubernetes Service (AKS)
基于容器的应用程序通常需要访问数据并将数据保存在外部数据卷中。Container-based applications often need to access and persist data in an external data volume. 如果单个 Pod 需要访问存储,则可以使用 Azure 磁盘来提供本机卷供应用程序使用。If a single pod needs access to storage, you can use Azure disks to present a native volume for application use. 本文介绍了如何手动创建 Azure 磁盘并将其附加到 AKS 中的 Pod。This article shows you how to manually create an Azure disk and attach it to a pod in AKS.
备注
Azure 磁盘一次只能装载到单个 Pod 中。An Azure disk can only be mounted to a single pod at a time. 如果需要在多个 Pod 之间共享永久性卷,请使用 Azure 文件存储。If you need to share a persistent volume across multiple pods, use Azure Files.
有关 Kubernetes 卷的详细信息,请参阅 AKS 中应用程序的存储选项。For more information on Kubernetes volumes, see Storage options for applications in AKS.
准备阶段Before you begin
本文假定你拥有现有的 AKS 群集。This article assumes that you have an existing AKS cluster. 如果需要 AKS 群集,请参阅 AKS 快速入门使用 Azure CLI 或使用 Azure 门户。If you need an AKS cluster, see the AKS quickstart using the Azure CLI or using the Azure portal.
还需安装并配置 Azure CLI 2.0.59 或更高版本。You also need the Azure CLI version 2.0.59 or later installed and configured. 运行 az --version 即可查找版本。Run az --version to find the version. 如果需要进行安装或升级,请参阅安装 Azure CLI。If you need to install or upgrade, see Install Azure CLI.
创建 Azure 磁盘Create an Azure disk
创建用于 AKS 的 Azure 磁盘时,可以在 节点 资源组中创建磁盘资源。When you create an Azure disk for use with AKS, you can create the disk resource in the node resource group. 此方法允许 AKS 群集访问和管理磁盘资源。This approach allows the AKS cluster to access and manage the disk resource. 如果想要在单独的资源组中创建磁盘,则必须向群集的 Azure Kubernetes 服务 (AKS) 服务主体授予磁盘的资源组的 Contributor 角色。If you instead create the disk in a separate resource group, you must grant the Azure Kubernetes Service (AKS) service principal for your cluster the Contributor role to the disk's resource group. 或者,可以使用系统分配的托管标识来获得权限,而不是使用服务主体。Alternatively, you can use the system assigned managed identity for permissions instead of the service principal. 有关详细信息,请参阅使用托管标识。For more information, see Use managed identities.
对于本文,请在节点资源组中创建磁盘。For this article, create the disk in the node resource group. 首先,使用 az aks show 命令获取资源组名称并添加 --query nodeResourceGroup 查询参数。First, get the resource group name with the az aks show command and add the --query nodeResourceGroup query parameter. 以下示例获取名为 myResourceGroup 的资源组中 AKS 群集名称 myAKSCluster 的节点资源组:The following example gets the node resource group for the AKS cluster name myAKSCluster in the resource group name myResourceGroup:
$ az aks show --resource-group myResourceGroup --name myAKSCluster --query nodeResourceGroup -o tsv
MC_myResourceGroup_myAKSCluster_chinaeast2
现在,使用 az disk create 命令创建磁盘。Now create a disk using the az disk create command. 指定在上一命令中获取的节点资源组名称,然后指定磁盘资源的名称,例如 myAKSDisk。Specify the node resource group name obtained in the previous command, and then a name for the disk resource, such as myAKSDisk. 以下示例创建一个 20 GiB 的磁盘,并且在创建后输出磁盘的 ID。The following example creates a 20 GiB disk, and outputs the ID of the disk once created. 如果需要创建与 Windows Server 容器一起使用的磁盘,请添加 --os-type windows 参数以正确格式化该磁盘。If you need to create a disk for use with Windows Server containers, add the --os-type windows parameter to correctly format the disk.
az disk create \
--resource-group MC_myResourceGroup_myAKSCluster_chinaeast2 \
--name myAKSDisk \
--size-gb 20 \
--query id --output tsv
备注
Azure 磁盘依据特定大小的 SKU 收取费用。Azure disks are billed by SKU for a specific size. 这些 SKU 的范围为 32 GiB(适用于 S4 或 P4 磁盘)到 32 TiB(适用于 S80 或 P80 磁盘),属于预览版。These SKUs range from 32GiB for S4 or P4 disks to 32TiB for S80 or P80 disks (in preview). 高级托管磁盘的吞吐量和 IOPS 性能取决于 SKU 和 AKS 群集中节点的实例大小。The throughput and IOPS performance of a Premium managed disk depends on both the SKU and the instance size of the nodes in the AKS cluster. 请参阅托管磁盘的定价和性能。See Pricing and Performance of Managed Disks.
在命令成功完成后将显示磁盘资源 ID,如以下示例输出中所示。The disk resource ID is displayed once the command has successfully completed, as shown in the following example output. 在下一步骤中将使用此磁盘 ID 来装载磁盘。This disk ID is used to mount the disk in the next step.
/subscriptions/<subscriptionID>/resourceGroups/MC_myAKSCluster_myAKSCluster_chinaeast2/providers/Microsoft.Compute/disks/myAKSDisk
装载磁盘作为卷Mount disk as volume
若要将 Azure 磁盘装载到 Pod 中,请在容器规范中配置卷。使用以下内容创建名为 azure-disk-pod.yaml 的新文件。To mount the Azure disk into your pod, configure the volume in the container spec. Create a new file named azure-disk-pod.yaml with the following contents. 将 diskName 更新为在上一步骤中创建的磁盘的名称,将 diskURI 更新为在磁盘创建命令的输出中显示的磁盘 ID。Update diskName with the name of the disk created in the previous step, and diskURI with the disk ID shown in output of the disk create command. 如果需要,请更新 mountPath,这是 Azure 磁盘在 Pod 中的装载路径。If desired, update the mountPath, which is the path where the Azure disk is mounted in the pod. 对于 Windows Server 容器,请使用 Windows 路径约定指定 mountPath,例如“D:”。For Windows Server containers, specify a mountPath using the Windows path convention, such as 'D:'.
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- image: mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine
name: mypod
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
volumeMounts:
- name: azure
mountPath: /mnt/azure
volumes:
- name: azure
azureDisk:
kind: Managed
diskName: myAKSDisk
diskURI: /subscriptions/<subscriptionID>/resourceGroups/MC_myAKSCluster_myAKSCluster_chinaeast2/providers/Microsoft.Compute/disks/myAKSDisk
使用 kubectl 命令创建 Pod。Use the kubectl command to create the pod.
kubectl apply -f azure-disk-pod.yaml
现在你有一个正在运行的 Pod,其中 Azure 磁盘被装载到 /mnt/azure。You now have a running pod with an Azure disk mounted at /mnt/azure. 可以使用 kubectl describe pod mypod 来验证磁盘是否已成功装载。You can use kubectl describe pod mypod to verify the disk is mounted successfully. 以下精简示例输出显示容器中装载的卷:The following condensed example output shows the volume mounted in the container:
[...]
Volumes:
azure:
Type: AzureDisk (an Azure Data Disk mount on the host and bind mount to the pod)
DiskName: myAKSDisk
DiskURI: /subscriptions/<subscriptionID/resourceGroups/MC_myResourceGroupAKS_myAKSCluster_chinaeast2/providers/Microsoft.Compute/disks/myAKSDisk
Kind: Managed
FSType: ext4
CachingMode: ReadWrite
ReadOnly: false
default-token-z5sd7:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-z5sd7
Optional: false
[...]
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 1m default-scheduler Successfully assigned mypod to aks-nodepool1-79590246-0
Normal SuccessfulMountVolume 1m kubelet, aks-nodepool1-79590246-0 MountVolume.SetUp succeeded for volume "default-token-z5sd7"
Normal SuccessfulMountVolume 41s kubelet, aks-nodepool1-79590246-0 MountVolume.SetUp succeeded for volume "azure"
[...]
后续步骤Next steps
如需相关的最佳做法,请参阅在 AKS 中存储和备份的最佳做法。For associated best practices, see Best practices for storage and backups in AKS.
有关 AKS 群集与 Azure 磁盘进行交互的详细信息,请参阅 Azure 磁盘的 Kubernetes 插件。For more information about AKS clusters interact with Azure disks, see the Kubernetes plugin for Azure Disks.