Shared mount propagation

[lqshow]

数据的持久化本质上是通过不同文件目录的挂载，挂载涉及到挂载传播。

Docker

挂载传播主要在 Bind mounts 中 配置，volumes 中 mount 传播配置默认为 rprivate

Configure bind propagation

Docker Propagation setting	desc
shared	双向传播
slave	类似于共享挂载，但是只有一个方向。 mount事件可以从宿主机到容器，但是不能从容器到宿主机
rprivate	默认不传播
private	同 rprivate

Bind mount propagation

docker run -d \
	--privileged \
	--volume /root/abc:/data/fuse:shared \
	--name fuse-amd64:v2.2.0 \
	--env-file ./.env \
	fuse-image-name

Kubernetes

使用 Docker 提供的 bind mount propagation

apiVersion: v1
kind: Pod
metadata:
  name: bind-mount-propagation
spec:
  restartPolicy: Always
  volumes:
  - name: fuse-volume
    emptyDir: {}
    
  containers:
  - name: fuse-sidecar-container
    image: fuse-amd64:v2.2.0
    imagePullPolicy: Always
    securityContext:
      privileged: true
    volumeMounts:
    - name: fuse-volume
      mountPath: /data/fuse:shared
  - name: user-container
    image: nginx:latest
    ports:
    - containerPort: 80
    volumeMounts:
    - name: fuse-volume
      mountPath: /usr/share/nginx/html:shared

使用 k8s 提供的 Mount propagation

挂载传播允许将由容器挂载的卷共享到同一个 Pod 中的其他容器上。

任何带有 Bidirectional 挂载传播的 pod 挂载到同一个卷上，带有 HostToContainer 挂载传播的容器将会看到它。

K8s Mount propagation	Desc
Bidirectional	双向传播
HostToContainer	此卷挂载将接收挂载到此卷或其任何子目录的所有后续挂载

apiVersion: v1
kind: Pod
metadata:
  name: shared-mount-propagation
spec:
  restartPolicy: Always
  volumes:
  - name: fuse-volume
    emptyDir: {}

  containers:
  - name: fuse-sidecar-container
    image: fuse-amd64:v2.2.0
    imagePullPolicy: Always
    securityContext:
      privileged: true
    volumeMounts:
    - name: fuse-volume
      mountPath: /data/fuse
      # 设置双向传播
      mountPropagation: Bidirectional
  - name: user-container
    image: nginx:latest
    ports:
    - containerPort: 80
    volumeMounts:
    - name: fuse-volume
      mountPath: /usr/share/nginx/html
      # 设置接收
      mountPropagation: HostToContainer

References

• Use bind mounts
• Kubernetes shared storage with S3 backend
• Linux 内核文档