KubeVirt虚拟化实践在Kubernetes上运行虚拟机一、KubeVirt概述KubeVirt是一个开源项目允许在Kubernetes集群上运行和管理虚拟机(VM)。它将Kubernetes的编排能力与传统虚拟化技术相结合实现了容器与虚拟机的统一管理。KubeVirt的核心优势统一管理使用Kubernetes API管理VM和容器混合工作负载同时支持容器和虚拟机资源效率共享Kubernetes调度和资源管理云原生集成与CNI、CSI、StorageClass等无缝集成二、KubeVirt安装与配置2.1 安装kubevirt-operator# 添加KubeVirt Helm仓库 helm repo add kubevirt https://kubevirt.github.io/kubevirt # 创建命名空间 kubectl create namespace kubevirt # 安装KubeVirt operator helm install kubevirt kubevirt/kubevirt \ --namespace kubevirt \ --version 1.1.02.2 部署KubeVirt CRapiVersion: kubevirt.io/v1 kind: KubeVirt metadata: name: kubevirt namespace: kubevirt spec: certificateRotateStrategy: {} configuration: developerConfiguration: featureGates: - LiveMigration - SRIOV2.3 验证安装# 检查KubeVirt组件状态 kubectl get pods -n kubevirt # 检查KubeVirt CR状态 kubectl get kubevirt kubevirt -n kubevirt -o yaml2.4 安装virtctl命令行工具# 下载virtctl VERSION$(kubectl get kubevirt kubevirt -n kubevirt -o jsonpath{.status.observedKubeVirtVersion}) curl -L https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/virtctl-${VERSION}-darwin-amd64 -o virtctl # 安装到PATH chmod x virtctl sudo mv virtctl /usr/local/bin/三、创建虚拟机3.1 基本VM配置apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: my-vm spec: running: false template: spec: domain: cpu: cores: 2 memory: guest: 4Gi devices: disks: - name: rootdisk disk: bus: virtio - name: cloudinitdisk disk: bus: virtio volumes: - name: rootdisk persistentVolumeClaim: claimName: my-vm-disk - name: cloudinitdisk cloudInitNoCloud: userData: | #cloud-config users: - name: ubuntu ssh-authorized-keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... sudo: [ALL(ALL) NOPASSWD:ALL] hostname: my-vm3.2 启动虚拟机# 启动VM virtctl start my-vm # 检查VM状态 kubectl get vms # 查看VM详情 kubectl describe vm my-vm3.3 使用PVC作为磁盘apiVersion: v1 kind: PersistentVolumeClaim metadata: name: my-vm-disk spec: accessModes: - ReadWriteOnce resources: requests: storage: 50Gi storageClassName: standard四、虚拟机网络配置4.1 使用Pod网络apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: my-vm spec: template: spec: domain: devices: interfaces: - name: default masquerade: {} networks: - name: default pod: {}4.2 使用Multus实现多网卡apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: my-vm-multinet spec: template: spec: domain: devices: interfaces: - name: net1 bridge: {} - name: net2 bridge: {} networks: - name: net1 multus: networkName: my-network-1 - name: net2 multus: networkName: my-network-24.3 配置SR-IOVapiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: my-vm-sriov spec: template: spec: domain: devices: interfaces: - name: sriov-net sriov: {} networks: - name: sriov-net multus: networkName: sriov-network五、虚拟机存储配置5.1 使用DataVolumeapiVersion: cdi.kubevirt.io/v1beta1 kind: DataVolume metadata: name: my-datavolume spec: source: http: url: https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img pvc: accessModes: - ReadWriteOnce resources: requests: storage: 50Gi storageClassName: standard5.2 克隆DataVolumeapiVersion: cdi.kubevirt.io/v1beta1 kind: DataVolume metadata: name: my-cloned-volume spec: source: pvc: name: source-pvc namespace: default pvc: accessModes: - ReadWriteOnce resources: requests: storage: 50Gi六、虚拟机管理操作6.1 控制台访问# 连接到VM控制台 virtctl console my-vm # 使用VNC连接 virtctl vnc my-vm # 使用SPICE连接 virtctl spice my-vm6.2 生命周期管理# 启动VM virtctl start my-vm # 停止VM virtctl stop my-vm # 重启VM virtctl restart my-vm # 暂停VM virtctl pause my-vm # 恢复VM virtctl unpause my-vm6.3 迁移虚拟机# 列出可用节点 kubectl get nodes # 迁移VM到指定节点 virtctl migrate my-vm --dest-node node-2 # 查看迁移状态 kubectl get vmmigrations七、高级功能7.1 热插拔设备# 添加磁盘 virtctl addvolume my-vm --volume-name additional-disk --persistent-volume-claim pvc-name # 移除磁盘 virtctl removevolume my-vm --volume-name additional-disk # 添加网卡 virtctl addinterface my-vm --interface-name net2 --network pod # 移除网卡 virtctl removeinterface my-vm --interface-name net27.2 快照管理apiVersion: kubevirt.io/v1 kind: VirtualMachineSnapshot metadata: name: my-vm-snapshot spec: source: apiGroup: kubevirt.io kind: VirtualMachine name: my-vm7.3 模板管理apiVersion: template.openshift.io/v1 kind: Template metadata: name: ubuntu-vm-template objects: - apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: ${NAME} spec: running: false template: spec: domain: cpu: cores: ${CPU_CORES} memory: guest: ${MEMORY}八、监控与日志8.1 导出指标apiVersion: v1 kind: Service metadata: name: kubevirt-metrics namespace: kubevirt spec: selector: kubevirt.io: virt-handler ports: - name: metrics port: 8443 targetPort: metrics8.2 配置Prometheus监控apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: kubevirt-monitor namespace: monitoring spec: selector: matchLabels: kubevirt.io: virt-handler endpoints: - port: metrics interval: 30s scheme: https tlsConfig: insecureSkipVerify: true九、最佳实践9.1 资源规划CPU预留为VM预留足够的CPU资源内存配置合理设置内存请求和限制存储选择使用高性能存储保证VM性能9.2 高可用性多节点部署确保VM可以迁移到其他节点存储冗余使用分布式存储保证数据安全监控告警配置VM状态监控和告警9.3 安全加固隔离网络使用网络策略隔离VM镜像安全只使用可信的VM镜像访问控制配置RBAC限制VM操作权限十、总结KubeVirt为Kubernetes带来了虚拟化能力使企业能够在统一的平台上运行容器和虚拟机工作负载。通过本文的实践指南您可以快速上手KubeVirt构建混合云原生环境。建议从简单场景开始逐步探索高级功能。参考资料KubeVirt官方文档KubeVirt GitHubCDI官方文档