Kubernetes，如何与其他节点共享读/写持久卷作为只读卷

Question

我有一个持久卷，在一个特定节点上具有读/写访问权限。

如何将此持久卷以只读方式安装在所有其他节点上？

这是我在 pvc.yaml 中的想法：

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # This name uniquely identifies the PVC. This is used in deployment.
  name: public-pv-claim
  namespace: default
spec:
  accessModes:
    - ReadWriteOnce
    - ReadOnlyMany
  resources:
    # This is the request for storage. Should be available in the cluster.
    requests:
      storage: 1Gi

并在特定节点

      ...
      volumes:
      - name: public
        # This volume is based on PVC
        persistentVolumeClaim:
          # Name of the PVC created earlier
          claimName: public-pv-claim
      containers:
      - name: specific
        # Volume mounts for this container
        volumeMounts:
        # Volume 'public' is mounted to path '/public'
        - name: data
          mountPath: "/public"
        ...

对于其他节点的 pod：

      ...
      volumes:
      - name: public
        # This volume is based on PVC
        persistentVolumeClaim:
          # Name of the PVC created earlier
          claimName: public-pv-claim
      containers:
      - name: other
      ...
      volumeMounts:
      - name: public
        mountPath: "/public"
        readOnly: true
      ...

Answer 1

我找到的解决方案是为持久卷提供“ReadWriteMany”访问模式：然后在挂载卷的定义中将 readOnly 设置为 true 来挂载它。这是 .yaml 文件..

持久卷声明... pvc.yaml：

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # This name uniquely identifies the PVC. This is used in deployment.
  name: public-pv-claim
  namespace: default
spec:
  accessModes:
    - ReadWriteMany # All nodes have read/write access to the volume
  resources:
    # This is the request for storage. Should be available in the cluster.
    requests:
      storage: 1Gi

并且在应该允许写入卷的特定节点中container_write_access_to_pv.yaml：

  ...
  volumes:
  - name: public
    # This volume is based on PVC
    persistentVolumeClaim:
      # Name of the PVC created earlier
      claimName: public-pv-claim
  containers:
  - name: specific
    # Volume mounts for this container
    volumeMounts:
    # Volume is mounted to path '/public'
    - name: data
      mountPath: "/public"
    ...

对于应该具有只读访问权限的其他节点的 pod：container_with_read_only_access_to_pv.yaml：

  ...
  volumes:
  - name: public
    # This volume is based on PVC
    persistentVolumeClaim:
      # Name of the PVC created earlier
      claimName: public-pv-claim
  containers:
  - name: other
  ...
  volumeMounts:
  - name: public
    # Volume is mounted to path '/public' in read-only mode
    mountPath: "/public"
    readOnly: true
  ...