有关 Azure Kubernetes 服务 (AKS) 中的存储和备份的最佳做法Best practices for storage and backups in Azure Kubernetes Service (AKS)

在 Azure Kubernetes 服务 (AKS) 中创建和管理群集时,应用程序通常需要存储空间。As you create and manage clusters in Azure Kubernetes Service (AKS), your applications often need storage. 了解 pod 的性能需求和访问方法非常重要,这样才能为应用程序提供适当的存储。It's important to understand the performance needs and access methods for pods so that you can provide the appropriate storage to applications. AKS 节点大小可能会影响存储选择。The AKS node size may impact these storage choices. 还应规划附加存储的还原过程的备份和测试方式。You should also plan for ways to back up and test the restore process for attached storage.

本最佳做法文章重点介绍群集操作员应考虑的存储注意事项。This best practices article focuses on storage considerations for cluster operators. 本文内容:In this article, you learn:

  • 有哪些类型的存储空间可用What types of storage are available
  • 如何正确调整 AKS 节点的大小以获得存储性能How to correctly size AKS nodes for storage performance
  • 卷的动态和静态预配之间的差异Differences between dynamic and static provisioning of volumes
  • 备份和保护数据卷的方法Ways to back up and secure your data volumes

选择合适的存储类型Choose the appropriate storage type

最佳做法指南 - 了解应用程序的需求以选择合适的存储空间。Best practice guidance - Understand the needs of your application to pick the right storage. 将高性能、SSD 支持的存储用于生产工作负载。Use high performance, SSD-backed storage for production workloads. 在需要多个并发连接时,规划基于网络的存储。Plan for network-based storage when there is a need for multiple concurrent connections.

应用程序通常需要不同类型和速度的存储。Applications often require different types and speeds of storage. 应用程序是否需要存储连接到各个 pod,或跨多个 pod 进行共享?Do your applications need storage that connects to individual pods, or shared across multiple pods? 存储是用于以只读方式访问数据还是写入大量结构化数据?Is the storage for read-only access to data, or to write large amounts of structured data? 这些存储需求决定了最合适的存储类型。These storage needs determine the most appropriate type of storage to use.

下表概述了可用的存储类型及其功能:The following table outlines the available storage types and their capabilities:

使用案例Use case 卷插件Volume plugin 读/写一次Read/write once 只读多次Read-only many 读/写多次Read/write many Windows Server 容器支持Windows Server container support
共享配置Shared configuration Azure 文件Azure Files Yes Yes Yes Yes
结构化应用数据Structured app data Azure 磁盘Azure Disks Yes No No Yes

为 AKS 中的卷提供的两种主要存储类型由 Azure 磁盘或 Azure 文件支持。The two primary types of storage provided for volumes in AKS are backed by Azure Disks or Azure Files. 为了提高安全性,两种类型的存储都默认使用 Azure 存储服务加密 (SSE) 来加密静态数据。To improve security, both types of storage use Azure Storage Service Encryption (SSE) by default that encrypts data at rest. 目前无法使用 AKS 节点级别的 Azure 磁盘加密对磁盘进行加密。Disks cannot currently be encrypted using Azure Disk Encryption at the AKS node level.

Azure 文件存储和 Azure 磁盘均可在“标准”和“高级”性能层中使用:Both Azure Files and Azure Disks are available in Standard and Premium performance tiers:

  • 高级磁盘由高性能固态硬盘 (SSD) 支持。Premium disks are backed by high-performance solid-state disks (SSDs). 建议为所有生产工作负载使用高级磁盘。Premium disks are recommended for all production workloads.
  • 标准磁盘由常规旋转磁盘 (HDD) 支持,适用于存档或不经常访问的数据。Standard disks are backed by regular spinning disks (HDDs), and are good for archival or infrequently accessed data.

了解应用程序性能需求和访问模式,选择合适的存储层。Understand the application performance needs and access patterns to choose the appropriate storage tier. 有关托管磁盘大小和性能层的详细信息,请参阅 Azure 托管磁盘概述For more information about Managed Disks sizes and performance tiers, see Azure Managed Disks overview

创建和使用存储类来定义应用程序需求Create and use storage classes to define application needs

所使用的存储类型是使用 Kubernetes 存储类定义的。The type of storage you use is defined using Kubernetes storage classes. 然后在 pod 或部署规范中引用存储类。The storage class is then referenced in the pod or deployment specification. 这些定义共同发生作用,创建合适的存储并将其连接到 pod。These definitions work together to create the appropriate storage and connect it to pods. 有关详细信息,请参阅 AKS 中的存储类For more information, see Storage classes in AKS.

根据存储需求调整节点大小Size the nodes for storage needs

最佳做法指南 - 每个节点大小都支持最大数量的磁盘。Best practice guidance - Each node size supports a maximum number of disks. 不同大小的节点提供不同数量的本地存储和网络带宽。Different node sizes also provide different amounts of local storage and network bandwidth. 根据应用程序需要进行规划,部署大小合适的节点。Plan for your application demands to deploy the appropriate size of nodes.

AKS 节点作为 Azure VM 运行。AKS nodes run as Azure VMs. 有不同类型和大小的 VM 可使用。Different types and sizes of VM are available. 每种大小的 VM 提供不同数量的核心资源,例如 CPU 和内存。Each VM size provides a different amount of core resources such as CPU and memory. 对于每种不同的 VM 大小,存在可附加的最大磁盘数。These VM sizes have a maximum number of disks that can be attached. 不同大小的 VM 用于实现最大本地和附加磁盘 IOPS(每秒的输入/输出操作)的存储性能也会有所不同。Storage performance also varies between VM sizes for the maximum local and attached disk IOPS (input/output operations per second).

若应用程序需要 Azure 磁盘作为其存储解决方案,请规划并选择合适的节点 VM 大小。If your applications require Azure Disks as their storage solution, plan for and choose an appropriate node VM size. 选择 VM 大小时,CPU 和内存量不是唯一的考量因素。The amount of CPU and memory isn't the only factor when you choose a VM size. 存储功能也很重要。The storage capabilities are also important. 例如,Standard_B2ms 和 Standard_DS2_v2 大小的 VM 包含相似数量的 CPU 和内存资源 。For example, both the Standard_B2ms and Standard_DS2_v2 VM sizes include a similar amount of CPU and memory resources. 但其潜在的存储性能不同,如下表所示:Their potential storage performance is different, as shown in the following table:

节点类型和大小Node type and size vCPUvCPU 内存 (GiB)Memory (GiB) 最大数据磁盘数Max data disks 最大未缓存磁盘 IOPSMax uncached disk IOPS 最大未缓存吞吐量 (MBps)Max uncached throughput (MBps)
Standard_B2msStandard_B2ms 22 88 44 1,9201,920 22.522.5
Standard_DS2_v2Standard_DS2_v2 22 77 88 6,4006,400 9696

此处,Standard_DS2_v2 可将附加磁盘数量增加一倍,并提供三到四倍的 IOPS 和磁盘吞吐量。Here, the Standard_DS2_v2 allows double the number of attached disks, and provides three to four times the amount of IOPS and disk throughput. 若只关注核心计算资源和成本,则可以选择 Standard_B2ms 大小的 VM,但存储性能较差且存在较多限制。If you only looked at the core compute resources and compared costs, you may choose the Standard_B2ms VM size and have poor storage performance and limitations. 与应用程序开发团队沟通,了解他们的存储容量和性能需求。Work with your application development team to understand their storage capacity and performance needs. 为 AKS 节点选择合适的 VM 大小以满足或超出其性能需求。Choose the appropriate VM size for the AKS nodes to meet or exceed their performance needs. 定期调整应用程序的基线,以根据需要调整 VM 大小。Regularly baseline applications to adjust VM size as needed.

有关可用 VM 大小的详细信息,请参阅 Azure 中的 Linux 虚拟机大小For more information about available VM sizes, see Sizes for Linux virtual machines in Azure.

动态预配卷Dynamically provision volumes

最佳做法指南 - 为减少管理开销和实现缩放,请不要以静态方式创建和分配永久性卷。Best practice guidance - To reduce management overhead and let you scale, don't statically create and assign persistent volumes. 使用动态预配。Use dynamic provisioning. 在存储类中,定义合适的回收策略,以便在删除 pod 后最大限度地减少不必要的存储成本。In your storage classes, define the appropriate reclaim policy to minimize unneeded storage costs once pods are deleted.

当需要将存储附加到 pod 时,可以使用永久性卷。When you need to attach storage to pods, you use persistent volumes. 可手动或动态创建这些永久性卷。These persistent volumes can be created manually or dynamically. 手动创建永久性卷会增加管理开销,并限制缩放能力。Manual creation of persistent volumes adds management overhead, and limits your ability to scale. 使用动态永久性卷预配来简化存储管理,让应用程序能够根据需要缩放和扩大整体规模。Use dynamic persistent volume provisioning to simplify storage management and allow your applications to grow and scale as needed.

Azure Kubernetes 服务 (AKS) 群集中的永久性卷声明

通过永久性卷声明 (PVC),可根据需要动态创建存储。A persistent volume claim (PVC) lets you dynamically create storage as needed. 基础 Azure 磁盘是根据 pod 的请求创建的。The underlying Azure disks are created as pods request them. 在 Pod 定义中,请求创建一个卷并将其附加到指定的装载路径。In the pod definition, you request a volume to be created and attached to a designated mount path.

有关如何动态创建和使用卷的概念,请参阅永久性卷声明For the concepts on how to dynamically create and use volumes, see Persistent Volumes Claims.

若要查看这些卷的运行情况,请参阅“如何使用 Azure 磁盘Azure 文件存储动态创建和使用永久性卷”。To see these volumes in action, see how to dynamically create and use a persistent volume with Azure Disks or Azure Files.

作为存储类定义的一部分,请设置相应的 reclaimPolicy。As part of your storage class definitions, set the appropriate reclaimPolicy. 删除 Pod 后且可能不再需要永久性卷时,此 reclaimPolicy 可控制基础 Azure 存储资源在此情况下的行为。This reclaimPolicy controls the behavior of the underlying Azure storage resource when the pod is deleted and the persistent volume may no longer be required. 可删除基础存储资源,也可保留基础存储资源以便与未来的 Pod 配合使用。The underlying storage resource can be deleted, or retained for use with a future pod. 可将 reclaimPolicy 设置为“保留”或“删除” 。The reclaimPolicy can set to retain or delete. 了解应用程序需求,并定期检查存储,以最大限度地减少未利用的存储量和费用。Understand your application needs, and implement regular checks for storage that is retained to minimize the amount of un-used storage that is used and billed.

有关存储类选项的详细信息,请参阅存储回收策略For more information about storage class options, see storage reclaim policies.

保护和备份数据Secure and back up your data

最佳做法指南 - 使用适合自己存储类型的工具(例如 Velero 或 Azure 备份)来备份数据。Best practice guidance - Back up your data using an appropriate tool for your storage type, such as Velero or Azure Backup. 验证这些备份的完整性和安全性。Verify the integrity, and security, of those backups.

当应用程序存储和使用永久存储在磁盘或文件中的数据时,需要定期备份或创建数据的快照。When your applications store and consume data persisted on disks or in files, you need to take regular backups or snapshots of that data. Azure 磁盘可以使用内置快照技术。Azure Disks can use built-in snapshot technologies. 在执行快照操作之前,可能需要查找应用程序以将写入刷新到磁盘。You may need to look for your applications to flush writes to disk before you perform the snapshot operation. Velero 可以备份永久性卷以及其他群集资源和配置。Velero can back up persistent volumes along with additional cluster resources and configurations. 如果无法从应用程序中删除状态,请从永久性卷备份数据并定期测试还原操作以验证数据完整性和所需的过程。If you can't remove state from your applications, back up the data from persistent volumes and regularly test the restore operations to verify data integrity and the processes required.

了解不同数据备份方法的局限性,以及是否需要在快照之前使数据处于静默状态。Understand the limitations of the different approaches to data backups and if you need to quiesce your data prior to snapshot. 数据备份不一定能恢复应用程序的群集部署环境。Data backups don't necessarily let you restore your application environment of cluster deployment. 有关这些方案的详细信息,请参阅 AKS 中的业务连续性和灾难恢复的最佳做法For more information about those scenarios, see Best practices for business continuity and disaster recovery in AKS.

后续步骤Next steps

本文重点介绍了 AKS 中的最佳存储做法。This article focused on storage best practices in AKS. 有关 Kubernetes 中存储基础知识的详细信息,请参阅 AKS 中应用程序的存储概念For more information about storage basics in Kubernetes, see Storage concepts for applications in AKS.