有关 Azure Kubernetes 服务 (AKS) 中的存储和备份的最佳做法Best practices for storage and backups in Azure Kubernetes Service (AKS)

在 Azure Kubernetes 服务 (AKS) 中创建和管理群集时,应用程序通常需要存储空间。As you create and manage clusters in Azure Kubernetes Service (AKS), your applications often need storage. 请确保了解 Pod 性能需求和访问方法,以便为应用程序选择最佳存储。Make sure you understand pod performance needs and access methods so that you can select the best storage for your application. AKS 节点大小可能会影响你的存储选择。The AKS node size may impact your storage choices. 请规划附加存储的还原过程的备份和测试方式。Plan for ways to back up and test the restore process for attached storage.

本最佳做法文章重点介绍群集操作员应考虑的存储注意事项。This best practices article focuses on storage considerations for cluster operators. 本文内容:In this article, you learn:

  • 有哪些类型的存储可用。What types of storage are available.
  • 如何针对存储性能正确调整 AKS 节点的大小。How to correctly size AKS nodes for storage performance.
  • 卷的动态和静态预配之间的差异。Differences between dynamic and static provisioning of volumes.
  • 备份和保护数据卷的方法。Ways to back up and secure your data volumes.

选择合适的存储类型Choose the appropriate storage type

最佳实践指南Best practice guidance

了解应用程序的需求以选择合适的存储。Understand the needs of your application to pick the right storage. 将高性能、SSD 支持的存储用于生产工作负载。Use high performance, SSD-backed storage for production workloads. 在需要多个并发连接时,规划基于网络的存储。Plan for network-based storage when you need multiple concurrent connections.

应用程序通常需要不同类型和速度的存储。Applications often require different types and speeds of storage. 询问以下问题,确定最适合的存储类型。Determine the most appropriate storage type by asking the following questions.

  • 应用程序是否需要连接到单个 Pod 的存储?Do your applications need storage that connects to individual pods?
  • 应用程序是否需要在多个 Pod 中共享的存储?Do your applications need storage shared across multiple pods?
  • 存储是否提供对数据的只读访问权限?Is the storage for read-only access to data?
  • 存储是否用于写入大量结构化数据?Will the storage be used to write large amounts of structured data?

下表概述了可用的存储类型及其功能:The following table outlines the available storage types and their capabilities:

使用案例Use case 卷插件Volume plugin 读/写一次Read/write once 只读多次Read-only many 读/写多次Read/write many Windows Server 容器支持Windows Server container support
共享配置Shared configuration Azure 文件Azure Files Yes Yes Yes Yes
结构化应用数据Structured app data Azure 磁盘Azure Disks Yes No No Yes

AKS 为 Azure 磁盘存储或 Azure 文件存储支持的卷提供两种主要的安全存储。AKS provides two primary types of secure storage for volumes backed by Azure Disks or Azure Files. 这两种存储都使用默认的 Azure 存储服务加密 (SSE) 来加密静态数据。Both use the default Azure Storage Service Encryption (SSE) that encrypts data at rest. 无法在 AKS 节点级别使用 Azure 磁盘加密对磁盘进行加密。Disks cannot be encrypted using Azure Disk Encryption at the AKS node level.

Azure 文件存储和 Azure 磁盘均可在“标准”和“高级”性能层中使用:Both Azure Files and Azure Disks are available in Standard and Premium performance tiers:

  • 高级磁盘Premium disks
    • 由高性能固态硬盘 (SSD) 支持。Backed by high-performance solid-state disks (SSDs).
    • 建议用于所有生产工作负载。Recommended for all production workloads.
  • 标准磁盘Standard disks
    • 由常规旋转磁盘 (HDD) 支持。Backed by regular spinning disks (HDDs).
    • 适用于存档或不常访问的数据。Good for archival or infrequently accessed data.

了解应用程序性能需求和访问模式,选择合适的存储层。Understand the application performance needs and access patterns to choose the appropriate storage tier. 有关托管磁盘大小和性能层的详细信息,请参阅 Azure 托管磁盘概述For more information about Managed Disks sizes and performance tiers, see Azure Managed Disks overview

创建和使用存储类来定义应用程序需求Create and use storage classes to define application needs

使用 Kubernetes 存储类定义所需的存储类型。Define the type of storage you want using Kubernetes storage classes. 然后在 pod 或部署规范中引用存储类。The storage class is then referenced in the pod or deployment specification. 存储类定义共同发生作用,创建合适的存储并将其连接到 Pod。Storage class definitions work together to create the appropriate storage and connect it to pods.

有关详细信息,请参阅 AKS 中的存储类For more information, see Storage classes in AKS.

根据存储需求调整节点大小Size the nodes for storage needs

最佳实践指南Best practice guidance

每个节点大小都支持最大数量的磁盘。Each node size supports a maximum number of disks. 不同大小的节点提供不同数量的本地存储和网络带宽。Different node sizes also provide different amounts of local storage and network bandwidth. 根据应用程序需求进行适当规划,以部署大小适当的节点。Plan appropriately for your application demands to deploy the right size of nodes.

AKS 节点可以适应各种 Azure VM 类型和大小。AKS nodes run as various Azure VM types and sizes. 每个 VM 大小都可提供:Each VM size provides:

  • 不同数量的核心资源,例如 CPU 和内存。A different amount of core resources such as CPU and memory.
  • 可附加的最大数量的磁盘。A maximum number of disks that can be attached.

不同大小的 VM 用于实现最大本地和附加磁盘 IOPS(每秒的输入/输出操作)的存储性能也会有所不同。Storage performance also varies between VM sizes for the maximum local and attached disk IOPS (input/output operations per second).

若应用程序需要 Azure 磁盘存储作为其存储解决方案,请制定节点 VM 大小合适的策略。If your applications require Azure Disks as their storage solution, strategize an appropriate node VM size. 在决定 VM 大小时,存储功能以及 CPU 和内存量会发挥重要作用。Storage capabilities and CPU and memory amounts play a major role when deciding on a VM size.

例如,虽然 Standard_B2ms 和 Standard_DS2_v2 VM 大小都包含类似的 CPU 和内存资源量,但它们的潜在存储性能是不同的 :For example, while both the Standard_B2ms and Standard_DS2_v2 VM sizes include a similar amount of CPU and memory resources, their potential storage performance is different:

节点类型和大小Node type and size vCPUvCPU 内存 (GiB)Memory (GiB) 最大数据磁盘数Max data disks 最大未缓存磁盘 IOPSMax uncached disk IOPS 最大未缓存吞吐量 (MBps)Max uncached throughput (MBps)
Standard_B2msStandard_B2ms 22 88 44 1,9201,920 22.522.5
Standard_DS2_v2Standard_DS2_v2 22 77 88 6,4006,400 9696

在此示例中,Standard_DS2_v2 提供了两倍的附加磁盘数量,以及三到四倍的 IOPS 和磁盘吞吐量。In this example, the Standard_DS2_v2 offers twice as many attached disks, and three to four times the amount of IOPS and disk throughput. 若只比较核心计算资源和成本,则可以选择 Standard_B2ms VM 大小,但存储性能较差且存在较多限制。If you only compared core compute resources and compared costs, you might have chosen the Standard_B2ms VM size with poor storage performance and limitations.

与应用程序开发团队沟通,了解他们的存储容量和性能需求。Work with your application development team to understand their storage capacity and performance needs. 为 AKS 节点选择合适的 VM 大小以满足或超出其性能需求。Choose the appropriate VM size for the AKS nodes to meet or exceed their performance needs. 定期调整应用程序的基线,以根据需要调整 VM 大小。Regularly baseline applications to adjust VM size as needed.

有关可用 VM 大小的详细信息,请参阅 Azure 中的 Linux 虚拟机大小For more information about available VM sizes, see Sizes for Linux virtual machines in Azure.

动态预配卷Dynamically provision volumes

最佳实践指南Best practice guidance

为了减少管理开销并实现缩放,请避免静态创建和分配永久性卷。To reduce management overhead and enable scaling, avoid statically create and assign persistent volumes. 使用动态预配。Use dynamic provisioning. 在存储类中,定义合适的回收策略,以便在删除 pod 后最大限度地减少不必要的存储成本。In your storage classes, define the appropriate reclaim policy to minimize unneeded storage costs once pods are deleted.

要将存储附加到 Pod,请使用永久性卷。To attach storage to pods, use persistent volumes. 可以手动或动态创建永久性卷。Persistent volumes can be created manually or dynamically. 手动创建永久性卷会增加管理开销,并限制缩放能力。Creating persistent volumes manually adds management overhead and limits your ability to scale. 相反,动态预配永久性卷可简化存储管理,并允许应用程序根据需要进行缩放。Instead, provision persistent volume dynamically to simplify storage management and allow your applications to grow and scale as needed.

Azure Kubernetes 服务 (AKS) 群集中的永久性卷声明

通过永久性卷声明 (PVC),可根据需要动态创建存储。A persistent volume claim (PVC) lets you dynamically create storage as needed. 底层 Azure 磁盘在 Pod 发出请求时创建。Underlying Azure disks are created as pods request them. 在 Pod 定义中,请求创建一个卷并将其附加到指定的装载路径。In the pod definition, request a volume to be created and attached to a designated mount path.

有关如何动态创建和使用卷的概念,请参阅永久性卷声明For the concepts on how to dynamically create and use volumes, see Persistent Volumes Claims.

若要查看这些卷的运行情况,请参阅“如何使用 Azure 磁盘Azure 文件存储动态创建和使用永久性卷”。To see these volumes in action, see how to dynamically create and use a persistent volume with Azure Disks or Azure Files.

作为存储类定义的一部分,请设置相应的 reclaimPolicy。As part of your storage class definitions, set the appropriate reclaimPolicy. 此 reclaimPolicy 可控制底层 Azure 存储资源在 Pod 被删除时的行为。This reclaimPolicy controls the behavior of the underlying Azure storage resource when the pod is deleted. 基础存储资源可以删除,也可保留起来以后用于 Pod。The underlying storage resource can either be deleted or retained for future pod use. 将 reclaimPolicy 设置为“保留”或“删除” 。Set the reclaimPolicy to retain or delete.

了解应用程序需求,并定期检查保留的存储,以最大限度地减少未利用的付费存储量。Understand your application needs, and implement regular checks for retained storage to minimize the amount of unused and billed storage.

有关存储类选项的详细信息,请参阅存储回收策略For more information about storage class options, see storage reclaim policies.

保护和备份数据Secure and back up your data

最佳实践指南Best practice guidance

使用适合自己存储类型的工具(例如 Velero 或 Azure 备份)来备份数据。Back up your data using an appropriate tool for your storage type, such as Velero or Azure Backup. 验证这些备份的完整性和安全性。Verify the integrity and security of those backups.

当应用程序存储和使用永久存储在磁盘或文件中的数据时,需要定期备份或创建数据的快照。When your applications store and consume data persisted on disks or in files, you need to take regular backups or snapshots of that data. Azure 磁盘可以使用内置快照技术。Azure Disks can use built-in snapshot technologies. 在执行快照操作之前,应用程序可能需要刷新磁盘写入操作。Your applications may need to flush writes-to-disk before you perform the snapshot operation. Velero 可以备份永久性卷以及其他群集资源和配置。Velero can back up persistent volumes along with additional cluster resources and configurations. 如果无法从应用程序中删除状态,请从永久性卷备份数据并定期测试还原操作以验证数据完整性和所需的过程。If you can't remove state from your applications, back up the data from persistent volumes and regularly test the restore operations to verify data integrity and the processes required.

了解不同数据备份方法的局限性,以及是否需要在快照之前使数据处于静默状态。Understand the limitations of the different approaches to data backups and if you need to quiesce your data prior to snapshot. 数据备份不一定能恢复应用程序的群集部署环境。Data backups don't necessarily let you restore your application environment of cluster deployment. 有关这些方案的详细信息,请参阅 AKS 中的业务连续性和灾难恢复的最佳做法For more information about those scenarios, see Best practices for business continuity and disaster recovery in AKS.

后续步骤Next steps

本文重点介绍了 AKS 中的最佳存储做法。This article focused on storage best practices in AKS. 有关 Kubernetes 中存储基础知识的详细信息,请参阅 AKS 中应用程序的存储概念For more information about storage basics in Kubernetes, see Storage concepts for applications in AKS.