Kerbernetes的Pod控制器
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.K8s 控制器(Kubernetes Controllers)
我们知道在Kubernetes Master节点中存在三个重要组件,分别为kube-apiserver,kube-scheduler,kube-controller-manager,下面是Kubernetes Master Controller Manager中常见的Pod控制器: ReplicationController(早期K8S版本的控制器的控制器,如K8S 1.7,现在都更新K8S都更新到K8S 1.17.2版本了,因此这种控制器使用的相当较少了) Deployment Controller(用来管理非系统级无状态的守护进程的控制器,如Nginx) ReplicaSet Controller(也是用来管理非系统级别无状态守护进程的控制器,通常使用较少,一般情况下我们会优先使用"Deployment Controller") DaemonSet Controller(用来管理系统级无状态的守护进程的控制器,如Zabbix Agent(可以让系统扩展一些管理属性的,每个节点必须运行一个该进程用户管理该节点,若没有该进程则Zabbix Server无法监控,且没有必要在同一个节点上启动多个Zabbix Agent)) StatefulSet Controller(用来管理有状态的守护进程的控制器,如MySQL/MariaDB) Job Controller(用来管理非守护进程,指的是运行某次任务(即一次性作业),如备份数据库) Cronjob Controller(也是用来管理非守护进程的控制器,相比于"Job Controller",该控制器支持周期性计划任务) ... 在重启动和自动化应用中,Pod通过控制循环(control loop)是调节(non-terminating)系统状态: 在Kubernetes中,控制器是一个控制循环,它通过API服务器监视集群的共享状态,并进行更改,试图将当前状态移到所需状态。 Kubernetes运行一组控制器来处理日常任务,以确保集群的期望状态与观察到的状态匹配: 基本上,每个控制器负责Kubernetes集群中的特定资源。 对于管理集群的用户来说,了解Kubernetes中每个控制器的角色非常重要。 控制器是Kubernetes的重要组成部分: 他们是资源(resources)背后的"大脑(brains)"。 例如,Kubernetes的部署资源的任务是确保有一定数量的pod在运行,节点控制器查找服务器的状态,并在服务器停机时做出响应。 控制器流事件(Controller flow of events): Informer/Sharedformer是API Server与Controller之间的代理程序,负责分发监视的资源对象的相关变动事件,并将其存储与Workqueue之中,而Worker(s)负责运行队列中的相应操作。 控制器本身也是标准的Kubernetes资源类型,它们可被实例化出具体的对象负责具体的任务: 例如一个特定的Deployment控制器对象负责管理由标签选择器匹配到的Pod资源对象; 控制器资源对象自身的创建,更新及删除操作则由控制器进程负责,这些进程统一打包在了kube-controller-manager之中; 而kube-controller-manager自身的运行正常与否的状况则需要通过冗余的方式设置; 控制器资源对象自身也会存在相应的管理操作;我们可以使用"--controllers"选项用于指定要启用的控制器: "*": 如果创建容器时不指定控制器,默认启用所有的控制器(除了bootstrapsigner,tokencleaner这两个控制器不会被启用) All controllers: attachdetach,bootstrapsigner,clusterole-aggregation,cronjob,csrapproving,csrcleaner,csrsigning,daemonset,deployment,disruption, endpoint,garbagecollector,horizontalpodautoscaling,job,namespace,nodeipam,nodelifecycle,persistentvolume-binder,persistentvolume-expander,pdogc, pv-protection,pvc-protection,replicaset,replicationcontroller,resourcequota,route,service,serviceaccount,serviceaccount-token,statefulset, tokencleaner,ttl
[root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-6955765f44-455fh 1/1 Running 1 2d3h coredns-6955765f44-q6zqj 1/1 Running 1 2d3h etcd-master200.yinzhengjie.org.cn 1/1 Running 1 2d3h kube-apiserver-master200.yinzhengjie.org.cn 1/1 Running 1 2d3h kube-controller-manager-master200.yinzhengjie.org.cn 1/1 Running 1 2d3h kube-flannel-ds-amd64-hnnhb 1/1 Running 1 2d3h kube-flannel-ds-amd64-jhmh6 1/1 Running 1 2d2h kube-flannel-ds-amd64-lnldz 1/1 Running 2 2d3h kube-flannel-ds-amd64-nwv2l 1/1 Running 1 2d2h kube-proxy-2shb4 1/1 Running 1 2d3h kube-proxy-6r9dx 1/1 Running 1 2d3h kube-proxy-cg2m6 1/1 Running 1 2d2h kube-proxy-lp5pr 1/1 Running 1 2d2h kube-scheduler-master200.yinzhengjie.org.cn 1/1 Running 1 2d3h [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# ll /etc/kubernetes/manifests/ total 16 -rw------- 1 root root 1798 Feb 4 19:39 etcd.yaml -rw------- 1 root root 2606 Feb 4 19:39 kube-apiserver.yaml -rw------- 1 root root 2533 Feb 4 19:39 kube-controller-manager.yaml -rw------- 1 root root 1120 Feb 4 19:39 kube-scheduler.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /etc/kubernetes/manifests/kube-controller-manager.yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-controller-manager tier: control-plane name: kube-controller-manager namespace: kube-system spec: containers: - command: - kube-controller-manager - --allocate-node-cidrs=true - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf - --bind-address=127.0.0.1 - --client-ca-file=/etc/kubernetes/pki/ca.crt - --cluster-cidr=10.244.0.0/16 - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key - --controllers=*,bootstrapsigner,tokencleaner - --kubeconfig=/etc/kubernetes/controller-manager.conf - --leader-elect=true - --node-cidr-mask-size=24 - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt - --root-ca-file=/etc/kubernetes/pki/ca.crt - --service-account-private-key-file=/etc/kubernetes/pki/sa.key - --service-cluster-ip-range=10.96.0.0/12 - --use-service-account-credentials=true image: k8s.gcr.io/kube-controller-manager:v1.17.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 httpGet: host: 127.0.0.1 path: /healthz port: 10257 scheme: HTTPS initialDelaySeconds: 15 timeoutSeconds: 15 name: kube-controller-manager resources: requests: cpu: 200m volumeMounts: - mountPath: /etc/ssl/certs name: ca-certs readOnly: true - mountPath: /etc/pki name: etc-pki readOnly: true - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec name: flexvolume-dir - mountPath: /etc/kubernetes/pki name: k8s-certs readOnly: true - mountPath: /etc/kubernetes/controller-manager.conf name: kubeconfig readOnly: true hostNetwork: true priorityClassName: system-cluster-critical volumes: - hostPath: path: /etc/ssl/certs type: DirectoryOrCreate name: ca-certs - hostPath: path: /etc/pki type: DirectoryOrCreate name: etc-pki - hostPath: path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec type: DirectoryOrCreate name: flexvolume-dir - hostPath: path: /etc/kubernetes/pki type: DirectoryOrCreate name: k8s-certs - hostPath: path: /etc/kubernetes/controller-manager.conf type: FileOrCreate name: kubeconfig status: {} [root@master200.yinzhengjie.org.cn ~]#
二.ReplicaSet 控制器(controller)
ReplicaSet确保在任何给定时间运行指定数量的pod复制副本,ReplicaSet是Pods的直接控制器。
编写复制集(ReplicaSet)规范:
Pod Template
Pod Selector
Replicas
使用复制集(ReplicaSet):
删除复制集及其Pods(Deleting a ReplicaSet and its Pods)
只删除复制集(Deleting just a ReplicaSet)
从复制集中分离Pods(Isolating pods from a ReplicaSet)
扩展到复制集(Scaling a ReplicaSet)
1>.编写yaml文件
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/pod/rs-example.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/pod/rs-example.yaml apiVersion: apps/v1 kind: ReplicaSet metadata: name: myapp-rs namespace: develop spec: replicas: 2 selector: matchLabels: app: mynginx-pod template: metadata: labels: app: mynginx-pod spec: containers: - name: mynginx image: nginx:1.14-alpine ports: - name: http containerPort: 80 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
2>.应用yaml文件
[root@master200.yinzhengjie.org.cn ~]# kubectl get rs -n develop No resources found in develop namespace. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/pod/rs-example.yaml replicaset.apps/myapp-rs created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -n develop NAME DESIRED CURRENT READY AGE myapp-rs 2 2 1 2s [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/pod/rs-example.yaml apiVersion: apps/v1 kind: ReplicaSet metadata: name: myapp-rs namespace: develop spec: replicas: 2 selector: matchLabels: app: mynginx-pod template: metadata: labels: app: mynginx-pod spec: containers: - name: mynginx image: nginx:1.14-alpine ports: - name: http containerPort: 80 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get rs -n develop NAME DESIRED CURRENT READY AGE myapp-rs 2 2 2 3m13s [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl describe rs myapp-rs -n develop Name: myapp-rs Namespace: develop Selector: app=mynginx-pod Labels: <none> Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"apps/v1","kind":"ReplicaSet","metadata":{"annotations":{},"name":"myapp-rs","namespace":"develop"},"spec":{"replicas":2,"se... Replicas: 2 current / 2 desired Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed Pod Template: Labels: app=mynginx-pod Containers: mynginx: Image: nginx:1.14-alpine Port: 80/TCP Host Port: 0/TCP Environment: <none> Mounts: <none> Volumes: <none> Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal SuccessfulCreate 3m41s replicaset-controller Created pod: myapp-rs-5jr88 Normal SuccessfulCreate 3m41s replicaset-controller Created pod: myapp-rs-5x98d [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -n develop -o wide NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR myapp-rs 2 2 2 4m29s mynginx nginx:1.14-alpine app=mynginx-pod [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get pod -n develop -o wide --show-labels NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS myapp-rs-5jr88 1/1 Running 0 28m 10.244.3.3 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5x98d 1/1 Running 0 28m 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod pod-demo 2/2 Running 0 14h 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=pod-demo,rel=stable,tier=frontend [root@master200.yinzhengjie.org.cn ~]#
3>.将pod的标签修改后,ReplicaSet控制器会自动创建一个新的
[root@master200.yinzhengjie.org.cn ~]# kubectl get pod -n develop -o wide --show-labels NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS myapp-rs-5jr88 1/1 Running 0 28m 10.244.3.3 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5x98d 1/1 Running 0 28m 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod pod-demo 2/2 Running 0 14h 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=pod-demo,rel=stable,tier=frontend [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl label pod myapp-rs-5x98d -n develop app=mynginx-demo --overwrite #我们将"app=mynginx-pod"的标签修改为"app=mynginx-demo",此时"app=mynginx-pod"的标签会少一个,因此我们会发现自动创建一个pod pod/myapp-rs-5x98d labeled [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pod -n develop -o wide --show-labels NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS myapp-rs-2kwhc 1/1 Running 0 2s 10.244.2.5 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5jr88 1/1 Running 0 28m 10.244.3.3 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5x98d 1/1 Running 0 28m 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> app=mynginx-demo pod-demo 2/2 Running 0 14h 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=pod-demo,rel=stable,tier=frontend [root@master200.yinzhengjie.org.cn ~]#
4>.通过配置文件动态修改pod的副本数
[root@master200.yinzhengjie.org.cn ~]# kubectl get pod -n develop -o wide --show-labels NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS myapp-rs-2kwhc 1/1 Running 0 17m 10.244.2.5 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5jr88 1/1 Running 0 46m 10.244.3.3 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5x98d 1/1 Running 0 46m 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> app=mynginx-demo pod-demo 2/2 Running 0 15h 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=pod-demo,rel=stable,tier=frontend [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/pod/rs-example.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/pod/rs-example.yaml apiVersion: apps/v1 kind: ReplicaSet metadata: name: myapp-rs namespace: develop spec: replicas: 5 selector: matchLabels: app: mynginx-pod template: metadata: labels: app: mynginx-pod spec: containers: - name: mynginx image: nginx:1.14-alpine ports: - name: http containerPort: 80 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/pod/rs-example.yaml replicaset.apps/myapp-rs configured [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pod -n develop -o wide --show-labels NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS myapp-rs-2kwhc 1/1 Running 0 18m 10.244.2.5 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5jr88 1/1 Running 0 47m 10.244.3.3 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5x98d 1/1 Running 0 47m 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> app=mynginx-demo myapp-rs-96gmb 1/1 Running 0 11s 10.244.3.6 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-jz77z 1/1 Running 0 11s 10.244.2.7 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-wfsp8 0/1 ContainerCreating 0 11s <none> node201.yinzhengjie.org.cn <none> <none> app=mynginx-pod pod-demo 2/2 Running 0 15h 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=pod-demo,rel=stable,tier=frontend [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
5>.通过命令动态修改pod的副本数
[root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pod -n develop -o wide --show-labels NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS myapp-rs-2kwhc 1/1 Running 0 23m 10.244.2.5 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5jr88 1/1 Running 0 52m 10.244.3.3 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5x98d 1/1 Running 0 52m 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> app=mynginx-demo myapp-rs-96gmb 1/1 Running 0 5m31s 10.244.3.6 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-jz77z 1/1 Running 0 5m31s 10.244.2.7 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-wfsp8 1/1 Running 0 5m31s 10.244.1.66 node201.yinzhengjie.org.cn <none> <none> app=mynginx-pod pod-demo 2/2 Running 0 15h 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=pod-demo,rel=stable,tier=frontend [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl scale --replicas=3 rs myapp-rs -n develop replicaset.apps/myapp-rs scaled [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pod -n develop -o wide --show-labels NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS myapp-rs-2kwhc 1/1 Running 0 25m 10.244.2.5 node202.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5jr88 1/1 Running 0 53m 10.244.3.3 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-5x98d 1/1 Running 0 53m 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> app=mynginx-demo myapp-rs-96gmb 1/1 Running 0 7m6s 10.244.3.6 node203.yinzhengjie.org.cn <none> <none> app=mynginx-pod myapp-rs-wfsp8 1/1 Terminating 0 7m6s 10.244.1.66 node201.yinzhengjie.org.cn <none> <none> app=mynginx-pod pod-demo 2/2 Running 0 15h 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=pod-demo,rel=stable,tier=frontend [root@master200.yinzhengjie.org.cn ~]#
三.Deployments 控制器(controller)
ReplicaSet 控制器是Pods的直接控制器,它能控制Pods满足用户期望的基本数量,但是ReplicaSet自身在更新上功能相对较弱,因此在ReplicaSet 之上又抽象出来了Deployments。
Deploymentst会自动帮咱们调用ReplicaSet来完成对pod的管理,它拥有滚动,部署等功能,因此生产环境中我们通常使用Deployments。
Deployments还支持让用户做金丝雀发布。
1>.编写yaml文件并应用yaml
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/pod/deploy-nginx01.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/pod/deploy-nginx01.yaml apiVersion: apps/v1 kind: Deployment metadata: name: deploy-nginx namespace: testing spec: replicas: 3 minReadySeconds: 10 selector: matchLabels: app: nginx rel: stable template: metadata: labels: app: nginx rel: stable spec: containers: - name: nginx image: nginx:1.14-alpine ports: - containerPort: 80 name: http readinessProbe: periodSeconds: 1 httpGet: path: / port: http [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl create ns testing namespace/testing created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide No resources found in testing namespace. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/pod/deploy-nginx01.yaml deployment.apps/deploy-nginx created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deploy-nginx-6cc674fdcf-5lrss 0/1 ContainerCreating 0 2s <none> node201.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-9gbcj 1/1 Running 0 2s 10.244.2.11 node202.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-cwzd4 1/1 Running 0 2s 10.244.3.9 node203.yinzhengjie.org.cn <none> <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -n testing NAME DESIRED CURRENT READY AGE deploy-nginx-6cc674fdcf 3 3 3 5m45s [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing NAME READY STATUS RESTARTS AGE deploy-nginx-6cc674fdcf-5lrss 1/1 Running 0 6m5s deploy-nginx-6cc674fdcf-9gbcj 1/1 Running 0 6m5s deploy-nginx-6cc674fdcf-cwzd4 1/1 Running 0 6m5s [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deploy-nginx-6cc674fdcf-5lrss 1/1 Running 0 6m7s 10.244.1.69 node201.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-9gbcj 1/1 Running 0 6m7s 10.244.2.11 node202.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-cwzd4 1/1 Running 0 6m7s 10.244.3.9 node203.yinzhengjie.org.cn <none> <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
2>.升级nginx的版本
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/pod/deploy-nginx01.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/pod/deploy-nginx01.yaml apiVersion: apps/v1 kind: Deployment metadata: name: deploy-nginx namespace: testing spec: replicas: 3 minReadySeconds: 10 selector: matchLabels: app: nginx rel: stable template: metadata: labels: app: nginx rel: stable spec: containers: - name: nginx image: nginx:1.17-alpine ports: - containerPort: 80 name: http readinessProbe: periodSeconds: 1 httpGet: path: / port: http [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get rs -n testing NAME DESIRED CURRENT READY AGE deploy-nginx-6cc674fdcf 3 3 3 11m [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deploy-nginx-6cc674fdcf-5lrss 1/1 Running 0 11m 10.244.1.69 node201.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-9gbcj 1/1 Running 0 11m 10.244.2.11 node202.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-cwzd4 1/1 Running 0 11m 10.244.3.9 node203.yinzhengjie.org.cn <none> <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -n testing -o wide NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR deploy-nginx-6cc674fdcf 3 3 3 11m nginx nginx:1.14-alpine app=nginx,pod-template-hash=6cc674fdcf,rel=stable [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/pod/deploy-nginx01.yaml deployment.apps/deploy-nginx configured [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -n testing -o wide NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR deploy-nginx-545dd4fcd8 3 3 3 3m47s nginx nginx:1.17-alpine app=nginx,pod-template-hash=545dd4fcd8,rel=stable deploy-nginx-6cc674fdcf 0 0 0 24m nginx nginx:1.14-alpine app=nginx,pod-template-hash=6cc674fdcf,rel=stable [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deploy-nginx-545dd4fcd8-brczf 1/1 Running 0 3m55s 10.244.3.11 node203.yinzhengjie.org.cn <none> <none> deploy-nginx-545dd4fcd8-ft6lm 1/1 Running 0 3m38s 10.244.2.12 node202.yinzhengjie.org.cn <none> <none> deploy-nginx-545dd4fcd8-zjhnj 1/1 Running 0 3m21s 10.244.1.70 node201.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-5lrss 1/1 Terminating 0 24m 10.244.1.69 node201.yinzhengjie.org.cn <none> <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
3>.设置滚动策略案例并使用命令行升级nginx版本
[root@master200.yinzhengjie.org.cn ~]# kubectl explain deployment KIND: Deployment VERSION: apps/v1 DESCRIPTION: Deployment enables declarative updates for Pods and ReplicaSets. FIELDS: apiVersion <string> APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind <string> Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata <Object> Standard object metadata. spec <Object> Specification of the desired behavior of the Deployment. status <Object> Most recently observed status of the Deployment. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain deployment.spec KIND: Deployment VERSION: apps/v1 RESOURCE: spec <Object> DESCRIPTION: Specification of the desired behavior of the Deployment. DeploymentSpec is the specification of the desired behavior of the Deployment. FIELDS: minReadySeconds <integer> Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) paused <boolean> Indicates that the deployment is paused. progressDeadlineSeconds <integer> The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. replicas <integer> Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. revisionHistoryLimit <integer> The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. selector <Object> -required- Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. strategy <Object> The deployment strategy to use to replace existing pods with new ones. template <Object> -required- Template describes the pods that will be created. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain deployment.spec.strategy KIND: Deployment VERSION: apps/v1 RESOURCE: strategy <Object> DESCRIPTION: The deployment strategy to use to replace existing pods with new ones. DeploymentStrategy describes how to replace existing pods with new ones. FIELDS: rollingUpdate <Object> Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. type <string> Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/pod/deploy-nginx02.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/pod/deploy-nginx02.yaml apiVersion: apps/v1 kind: Deployment metadata: name: deploy-nginx namespace: testing2 spec: replicas: 3 minReadySeconds: 10 strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate selector: matchLabels: app: nginx rel: stable template: metadata: labels: app: nginx rel: stable spec: containers: - name: nginx image: nginx:1.14-alpine ports: - containerPort: 80 name: http readinessProbe: periodSeconds: 1 httpGet: path: / port: http [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl create ns testing2 namespace/testing2 created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pod -o wide -n testing2 No resources found in testing2 namespace. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/pod/deploy-nginx02.yaml deployment.apps/deploy-nginx created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pod -o wide -n testing2 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deploy-nginx-6cc674fdcf-5jk7r 0/1 ContainerCreating 0 5s <none> node201.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-hxkzd 1/1 Running 0 5s 10.244.3.12 node203.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-sw7zf 1/1 Running 0 5s 10.244.2.13 node202.yinzhengjie.org.cn <none> <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pod -o wide -n testing2 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deploy-nginx-6cc674fdcf-5jk7r 1/1 Running 0 5m51s 10.244.1.71 node201.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-hxkzd 1/1 Running 0 5m51s 10.244.3.12 node203.yinzhengjie.org.cn <none> <none> deploy-nginx-6cc674fdcf-sw7zf 1/1 Running 0 5m51s 10.244.2.13 node202.yinzhengjie.org.cn <none> <none> [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl describe deploy deploy-nginx -n testing2 Name: deploy-nginx Namespace: testing2 CreationTimestamp: Fri, 07 Feb 2020 02:53:33 +0800 Labels: <none> Annotations: deployment.kubernetes.io/revision: 2 kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"deploy-nginx","namespace":"testing2"},"spec":{"minReadySe... Selector: app=nginx,rel=stable Replicas: 3 desired | 3 updated | 3 total | 2 available | 1 unavailable StrategyType: RollingUpdate MinReadySeconds: 10 RollingUpdateStrategy: 1 max unavailable, 1 max surge Pod Template: Labels: app=nginx rel=stable Containers: nginx: Image: nginx:1.17-alpine Port: 80/TCP Host Port: 0/TCP Readiness: http-get http://:http/ delay=0s timeout=1s period=1s #success=1 #failure=3 Environment: <none> Mounts: <none> Volumes: <none> Conditions: Type Status Reason ---- ------ ------ Available True MinimumReplicasAvailable Progressing True ReplicaSetUpdated OldReplicaSets: <none> NewReplicaSet: deploy-nginx-545dd4fcd8 (3/3 replicas created) Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal ScalingReplicaSet 21m deployment-controller Scaled up replica set deploy-nginx-6cc674fdcf to 3 Normal ScalingReplicaSet 2m45s deployment-controller Scaled up replica set deploy-nginx-545dd4fcd8 to 1 Normal ScalingReplicaSet 2m45s deployment-controller Scaled down replica set deploy-nginx-6cc674fdcf to 2 Normal ScalingReplicaSet 2m45s deployment-controller Scaled up replica set deploy-nginx-545dd4fcd8 to 2 Normal ScalingReplicaSet 2m32s deployment-controller Scaled down replica set deploy-nginx-6cc674fdcf to 0 Normal ScalingReplicaSet 2m32s deployment-controller Scaled up replica set deploy-nginx-545dd4fcd8 to 3 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/pod/deploy-nginx02.yaml apiVersion: apps/v1 kind: Deployment metadata: name: deploy-nginx namespace: testing2 spec: replicas: 3 minReadySeconds: 10 strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate selector: matchLabels: app: nginx rel: stable template: metadata: labels: app: nginx rel: stable spec: containers: - name: nginx image: nginx:1.17-alpine ports: - containerPort: 80 name: http readinessProbe: periodSeconds: 1 httpGet: path: / port: http [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -o wide -n testing2 NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR deploy-nginx-6cc674fdcf 3 3 3 17m nginx nginx:1.14-alpine app=nginx,pod-template-hash=6cc674fdcf,rel=stable [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl set image -n testing2 deployment deploy-nginx nginx=nginx:1.17-alpine deployment.apps/deploy-nginx image updated [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -o wide -n testing2 NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR deploy-nginx-545dd4fcd8 3 3 3 5m18s nginx nginx:1.17-alpine app=nginx,pod-template-hash=545dd4fcd8,rel=stable deploy-nginx-6cc674fdcf 0 0 0 24m nginx nginx:1.14-alpine app=nginx,pod-template-hash=6cc674fdcf,rel=stable [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
4>.版本回滚
[root@master200.yinzhengjie.org.cn ~]# kubectl rollout Manage the rollout of a resource. Valid resource types include: * deployments * daemonsets * statefulsets Examples: # Rollback to the previous deployment kubectl rollout undo deployment/abc # Check the rollout status of a daemonset kubectl rollout status daemonset/foo Available Commands: history View rollout history pause Mark the provided resource as paused restart Restart a resource resume Resume a paused resource status Show the status of the rollout undo Undo a previous rollout Usage: kubectl rollout SUBCOMMAND [options] Use "kubectl <command> --help" for more information about a given command. Use "kubectl options" for a list of global command-line options (applies to all commands). [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl rollout history --help View previous rollout revisions and configurations. Examples: # View the rollout history of a deployment kubectl rollout history deployment/abc # View the details of daemonset revision 3 kubectl rollout history daemonset/abc --revision=3 Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. -f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server. -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file. -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. --revision=0: See the details, including podTemplate of the revision specified --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. Usage: kubectl rollout history (TYPE NAME | TYPE/NAME) [flags] [options] Use "kubectl options" for a list of global command-line options (applies to all commands). [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl rollout pause --help Mark the provided resource as paused Paused resources will not be reconciled by a controller. Use "kubectl rollout resume" to resume a paused resource. Currently only deployments support being paused. Examples: # Mark the nginx deployment as paused. Any current state of # the deployment will continue its function, new updates to the deployment will not # have an effect as long as the deployment is paused. kubectl rollout pause deployment/nginx Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. -f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server. -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file. -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. Usage: kubectl rollout pause RESOURCE [options] Use "kubectl options" for a list of global command-line options (applies to all commands). [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl rollout restart --help Restart a resource. Resource will be rollout restarted. Examples: # Restart a deployment kubectl rollout restart deployment/nginx # Restart a daemonset kubectl rollout restart daemonset/abc Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. -f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server. -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file. -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. Usage: kubectl rollout restart RESOURCE [options] Use "kubectl options" for a list of global command-line options (applies to all commands). [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl rollout resume --help Resume a paused resource Paused resources will not be reconciled by a controller. By resuming a resource, we allow it to be reconciled again. Currently only deployments support being resumed. Examples: # Resume an already paused deployment kubectl rollout resume deployment/nginx Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. -f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server. -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file. -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. Usage: kubectl rollout resume RESOURCE [options] Use "kubectl options" for a list of global command-line options (applies to all commands). [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl rollout status --help Show the status of the rollout. By default 'rollout status' will watch the status of the latest rollout until it's done. If you don't want to wait for the rollout to finish then you can use --watch=false. Note that if a new rollout starts in-between, then 'rollout status' will continue watching the latest revision. If you want to pin to a specific revision and abort if it is rolled over by another revision, use --revision=N where N is the revision you need to watch for. Examples: # Watch the rollout status of a deployment kubectl rollout status deployment/nginx Options: -f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server. -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R. -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. --revision=0: Pin to a specific revision for showing its status. Defaults to 0 (last revision). --timeout=0s: The length of time to wait before ending watch, zero means never. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h). -w, --watch=true: Watch the status of the rollout until it's done. Usage: kubectl rollout status (TYPE NAME | TYPE/NAME) [flags] [options] Use "kubectl options" for a list of global command-line options (applies to all commands). [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl rollout undo --help Rollback to a previous rollout. Examples: # Rollback to the previous deployment kubectl rollout undo deployment/abc # Rollback to daemonset revision 3 kubectl rollout undo daemonset/abc --to-revision=3 # Rollback to the previous deployment with dry-run kubectl rollout undo --dry-run=true deployment/abc Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. --dry-run=false: If true, only print the object that would be sent, without sending it. -f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server. -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file. -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. --to-revision=0: The revision to rollback to. Default to 0 (last revision). Usage: kubectl rollout undo (TYPE NAME | TYPE/NAME) [flags] [options] Use "kubectl options" for a list of global command-line options (applies to all commands). [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get rs -o wide -n testing2 NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR deploy-nginx-545dd4fcd8 3 3 3 15m nginx nginx:1.17-alpine app=nginx,pod-template-hash=545dd4fcd8,rel=stable deploy-nginx-6cc674fdcf 0 0 0 35m nginx nginx:1.14-alpine app=nginx,pod-template-hash=6cc674fdcf,rel=stable [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl rollout status deployment/deploy-nginx -n testing2 deployment "deploy-nginx" successfully rolled out [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl rollout history deployment/deploy-nginx -n testing2 deployment.apps/deploy-nginx REVISION CHANGE-CAUSE 1 <none> 2 <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl rollout undo deployment/deploy-nginx -n testing2 deployment.apps/deploy-nginx rolled back [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl rollout status deployment/deploy-nginx -n testing2 Waiting for deployment "deploy-nginx" rollout to finish: 2 out of 3 new replicas have been updated... Waiting for deployment "deploy-nginx" rollout to finish: 2 out of 3 new replicas have been updated... Waiting for deployment "deploy-nginx" rollout to finish: 2 out of 3 new replicas have been updated... Waiting for deployment "deploy-nginx" rollout to finish: 2 of 3 updated replicas are available... Waiting for deployment "deploy-nginx" rollout to finish: 2 of 3 updated replicas are available... deployment "deploy-nginx" successfully rolled out [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -o wide -n testing2 NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR deploy-nginx-545dd4fcd8 0 0 0 22m nginx nginx:1.17-alpine app=nginx,pod-template-hash=545dd4fcd8,rel=stable deploy-nginx-6cc674fdcf 3 3 3 41m nginx nginx:1.14-alpine app=nginx,pod-template-hash=6cc674fdcf,rel=stable [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl rollout history deployment/deploy-nginx -n testing2 deployment.apps/deploy-nginx REVISION CHANGE-CAUSE 2 <none> 3 <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
5>.将提供的资源标记为已暂停
[root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/pod/deploy-nginx02.yaml apiVersion: apps/v1 kind: Deployment metadata: name: deploy-nginx namespace: testing2 spec: replicas: 3 minReadySeconds: 10 strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate selector: matchLabels: app: nginx rel: stable template: metadata: labels: app: nginx rel: stable spec: containers: - name: nginx image: nginx:1.17-alpine ports: - containerPort: 80 name: http readinessProbe: periodSeconds: 1 httpGet: path: / port: http [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -o wide -n testing2 NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR deploy-nginx-545dd4fcd8 0 0 0 26m nginx nginx:1.17-alpine app=nginx,pod-template-hash=545dd4fcd8,rel=stable deploy-nginx-6cc674fdcf 3 3 3 45m nginx nginx:1.14-alpine app=nginx,pod-template-hash=6cc674fdcf,rel=stable [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl set image -n testing2 deployment deploy-nginx nginx=nginx:1.16-alpine deployment.apps/deploy-nginx image updated [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get rs -o wide -n testing2 NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR deploy-nginx-545dd4fcd8 0 0 0 28m nginx nginx:1.17-alpine app=nginx,pod-template-hash=545dd4fcd8,rel=stable deploy-nginx-5885b7c4bf 3 3 3 32s nginx nginx:1.16-alpine app=nginx,pod-template-hash=5885b7c4bf,rel=stable deploy-nginx-6cc674fdcf 0 0 0 47m nginx nginx:1.14-alpine app=nginx,pod-template-hash=6cc674fdcf,rel=stable [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl set image -n testing2 deployment deploy-nginx nginx=nginx:1.12-alpine && kubectl rollout pause deployment/deploy-nginx -n testing2 #模拟实现"金丝雀"发布 deployment.apps/deploy-nginx image updated deployment.apps/deploy-nginx paused [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
四.DaemonSet 控制器(controller)
Deployment控制器要比ReplicaSet控制器功能强大,可以控制集群中的副本数量,但是无法控制具体在哪一个node上创建副本,而守护程序控制器(DaemonSet contronller)可以控制每个节点上只允许一个pod(因此我们使用DaemonSet时无需指定副本(Replicas))。
Deployment控制器可以让用户随意控制Pod的数量,比如在3个k8s node主机上我们可以指定6个副本pod,而DaemonSet由于只能在每个k8s node主机上允许一个pod,因此pod的数量取决于k8s node的数量,用户无法指定多个副本。
举个例子,如果有50台服务器,你只需要在特定的20台服务器上允许特定的一个pod,我们可以为这20台主机打上不同的标签(label),Deployment控制器通过标签选择器可以运行20个Pod,但可能会在这20台主机上随机选中几台服务器运行多个pod让Replicas的数量为20即可;而DaemonSet控制器通过节点选择器可以让20台节点每一个节点都运行一个pod,这就是DaemonSet的强大之处。
DaemonSet控制器也支持滚动策略,只不过它的滚动策略相比于Deloyment控制器要简单的多。
守护程序确保所有(或某些)节点运行Pod的副本
当节点被添加到集群中时,pod被添加到它们中。
当节点从集群中移除时,这些pod将被垃圾收集。
编写守护程序(DaemonSet)规范:
selector
template
仅在某些节点上运行Pods:
如果指定.spec.template.spec.node selector,那么守护程序控制器(DaemonSet contonller)将在与该节点选择器匹配的节点上创建pod。
linkwise如果指定.spec.template.spec.affinity,守护进程控制器将在与该节点affinity匹配的节点上创建pod。
1>.查看集群各节点的是否存在污点(Taints),如果存在污点(Taints)则无法被调度
[root@master200.yinzhengjie.org.cn ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master200.yinzhengjie.org.cn Ready master 2d21h v1.17.2 node201.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 node202.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 node203.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS master200.yinzhengjie.org.cn Ready master 2d21h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=master200.yinzhengjie.org.cn,kubernetes.io/os=linux,node-role.kubernetes.io/master= node201.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node201.yinzhengjie.org.cn,kubernetes.io/os=linux node202.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node202.yinzhengjie.org.cn,kubernetes.io/os=linux node203.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node203.yinzhengjie.org.cn,kubernetes.io/os=linux [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl describe node master200.yinzhengjie.org.cn Name: master200.yinzhengjie.org.cn Roles: master Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=master200.yinzhengjie.org.cn kubernetes.io/os=linux node-role.kubernetes.io/master= Annotations: flannel.alpha.coreos.com/backend-data: {"VtepMAC":"be:50:d6:6b:04:39"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 172.200.1.200 kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Tue, 04 Feb 2020 19:39:31 +0800 Taints: node-role.kubernetes.io/master:NoSchedule Unschedulable: false Lease: HolderIdentity: master200.yinzhengjie.org.cn AcquireTime: <unset> RenewTime: Fri, 07 Feb 2020 16:21:06 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- MemoryPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 19:39:27 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 19:39:27 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 19:39:27 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 19:47:59 +0800 KubeletReady kubelet is posting ready status Addresses: InternalIP: 172.200.1.200 Hostname: master200.yinzhengjie.org.cn Capacity: cpu: 2 ephemeral-storage: 511750Mi hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 4026376Ki pods: 110 Allocatable: cpu: 2 ephemeral-storage: 482947890401 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3923976Ki pods: 110 System Info: Machine ID: d637a9e4c24d4d11bed0c09151ac78e2 System UUID: A5574D56-A21D-EBEE-7A2B-6571CF422C27 Boot ID: fd55871f-7b64-4ae2-9488-fb4572f38017 Kernel Version: 3.10.0-957.el7.x86_64 OS Image: CentOS Linux 7 (Core) Operating System: linux Architecture: amd64 Container Runtime Version: docker://19.3.5 Kubelet Version: v1.17.2 Kube-Proxy Version: v1.17.2 PodCIDR: 10.244.0.0/24 PodCIDRs: 10.244.0.0/24 Non-terminated Pods: (8 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits AGE --------- ---- ------------ ---------- --------------- ------------- --- kube-system coredns-6955765f44-455fh 100m (5%) 0 (0%) 70Mi (1%) 170Mi (4%) 2d20h kube-system coredns-6955765f44-q6zqj 100m (5%) 0 (0%) 70Mi (1%) 170Mi (4%) 2d20h kube-system etcd-master200.yinzhengjie.org.cn 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d20h kube-system kube-apiserver-master200.yinzhengjie.org.cn 250m (12%) 0 (0%) 0 (0%) 0 (0%) 2d20h kube-system kube-controller-manager-master200.yinzhengjie.org.cn 200m (10%) 0 (0%) 0 (0%) 0 (0%) 2d20h kube-system kube-flannel-ds-amd64-hnnhb 100m (5%) 100m (5%) 50Mi (1%) 50Mi (1%) 2d20h kube-system kube-proxy-6r9dx 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d20h kube-system kube-scheduler-master200.yinzhengjie.org.cn 100m (5%) 0 (0%) 0 (0%) 0 (0%) 2d20h Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 850m (42%) 100m (5%) memory 190Mi (4%) 390Mi (10%) ephemeral-storage 0 (0%) 0 (0%) Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Starting 3m10s kubelet, master200.yinzhengjie.org.cn Starting kubelet. Normal NodeHasSufficientMemory 3m10s (x8 over 3m10s) kubelet, master200.yinzhengjie.org.cn Node master200.yinzhengjie.org.cn status is now: NodeHasSufficientMemory Normal NodeHasNoDiskPressure 3m10s (x8 over 3m10s) kubelet, master200.yinzhengjie.org.cn Node master200.yinzhengjie.org.cn status is now: NodeHasNoDiskPressure Normal NodeHasSufficientPID 3m10s (x7 over 3m10s) kubelet, master200.yinzhengjie.org.cn Node master200.yinzhengjie.org.cn status is now: NodeHasSufficientPID Normal NodeAllocatableEnforced 3m10s kubelet, master200.yinzhengjie.org.cn Updated Node Allocatable limit across pods Normal Starting 3m kube-proxy, master200.yinzhengjie.org.cn Starting kube-proxy. [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl describe node node201.yinzhengjie.org.cn Name: node201.yinzhengjie.org.cn Roles: <none> Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=node201.yinzhengjie.org.cn kubernetes.io/os=linux Annotations: flannel.alpha.coreos.com/backend-data: {"VtepMAC":"82:2a:43:41:7f:b3"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 172.200.1.201 kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Tue, 04 Feb 2020 20:11:15 +0800 Taints: <none> Unschedulable: false Lease: HolderIdentity: node201.yinzhengjie.org.cn AcquireTime: <unset> RenewTime: Fri, 07 Feb 2020 16:22:36 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- MemoryPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 20:11:15 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 20:11:15 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 20:11:15 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 20:22:27 +0800 KubeletReady kubelet is posting ready status Addresses: InternalIP: 172.200.1.201 Hostname: node201.yinzhengjie.org.cn Capacity: cpu: 2 ephemeral-storage: 511750Mi hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 4026376Ki pods: 110 Allocatable: cpu: 2 ephemeral-storage: 482947890401 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3923976Ki pods: 110 System Info: Machine ID: d637a9e4c24d4d11bed0c09151ac78e2 System UUID: 6ED04D56-C57B-0527-4243-6C15BCBA68FE Boot ID: be24e2cb-1bba-4e46-829d-c53877ee9b80 Kernel Version: 3.10.0-957.el7.x86_64 OS Image: CentOS Linux 7 (Core) Operating System: linux Architecture: amd64 Container Runtime Version: docker://19.3.5 Kubelet Version: v1.17.2 Kube-Proxy Version: v1.17.2 PodCIDR: 10.244.1.0/24 PodCIDRs: 10.244.1.0/24 Non-terminated Pods: (2 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits AGE --------- ---- ------------ ---------- --------------- ------------- --- kube-system kube-flannel-ds-amd64-lnldz 100m (5%) 100m (5%) 50Mi (1%) 50Mi (1%) 2d20h kube-system kube-proxy-2shb4 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d20h Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 100m (5%) 100m (5%) memory 50Mi (1%) 50Mi (1%) ephemeral-storage 0 (0%) 0 (0%) Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Starting 2d20h kubelet, node201.yinzhengjie.org.cn Starting kubelet. Normal NodeHasSufficientMemory 2d20h (x2 over 2d20h) kubelet, node201.yinzhengjie.org.cn Node node201.yinzhengjie.org.cn status is now: NodeHasSufficientMemory Normal NodeHasNoDiskPressure 2d20h (x2 over 2d20h) kubelet, node201.yinzhengjie.org.cn Node node201.yinzhengjie.org.cn status is now: NodeHasNoDiskPressure Normal NodeHasSufficientPID 2d20h (x2 over 2d20h) kubelet, node201.yinzhengjie.org.cn Node node201.yinzhengjie.org.cn status is now: NodeHasSufficientPID Normal NodeAllocatableEnforced 2d20h kubelet, node201.yinzhengjie.org.cn Updated Node Allocatable limit across pods Normal Starting 2d20h kube-proxy, node201.yinzhengjie.org.cn Starting kube-proxy. Normal NodeReady 2d20h kubelet, node201.yinzhengjie.org.cn Node node201.yinzhengjie.org.cn status is now: NodeReady Normal Starting 4m35s kubelet, node201.yinzhengjie.org.cn Starting kubelet. Normal NodeHasSufficientMemory 4m35s (x2 over 4m35s) kubelet, node201.yinzhengjie.org.cn Node node201.yinzhengjie.org.cn status is now: NodeHasSufficientMemory Normal NodeHasNoDiskPressure 4m35s (x2 over 4m35s) kubelet, node201.yinzhengjie.org.cn Node node201.yinzhengjie.org.cn status is now: NodeHasNoDiskPressure Normal NodeHasSufficientPID 4m35s (x2 over 4m35s) kubelet, node201.yinzhengjie.org.cn Node node201.yinzhengjie.org.cn status is now: NodeHasSufficientPID Normal NodeAllocatableEnforced 4m35s kubelet, node201.yinzhengjie.org.cn Updated Node Allocatable limit across pods Warning Rebooted 4m33s kubelet, node201.yinzhengjie.org.cn Node node201.yinzhengjie.org.cn has been rebooted, boot id: be24e2cb-1bba-4e46-829d-c53877ee9b80 Normal Starting 4m31s kube-proxy, node201.yinzhengjie.org.cn Starting kube-proxy. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl describe node node202.yinzhengjie.org.cn Name: node202.yinzhengjie.org.cn Roles: <none> Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=node202.yinzhengjie.org.cn kubernetes.io/os=linux Annotations: flannel.alpha.coreos.com/backend-data: {"VtepMAC":"92:96:45:ff:d8:19"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 172.200.1.202 kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Tue, 04 Feb 2020 20:26:11 +0800 Taints: <none> Unschedulable: false Lease: HolderIdentity: node202.yinzhengjie.org.cn AcquireTime: <unset> RenewTime: Fri, 07 Feb 2020 16:22:16 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- MemoryPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 20:26:10 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 20:26:10 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 20:26:10 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Fri, 07 Feb 2020 16:18:06 +0800 Tue, 04 Feb 2020 20:26:21 +0800 KubeletReady kubelet is posting ready status Addresses: InternalIP: 172.200.1.202 Hostname: node202.yinzhengjie.org.cn Capacity: cpu: 2 ephemeral-storage: 511750Mi hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 4026376Ki pods: 110 Allocatable: cpu: 2 ephemeral-storage: 482947890401 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3923976Ki pods: 110 System Info: Machine ID: d637a9e4c24d4d11bed0c09151ac78e2 System UUID: 226D4D56-DEF8-E1C7-C94F-46F187EE96F4 Boot ID: d5f37a27-c41b-44b6-9ce1-e60b82632a48 Kernel Version: 3.10.0-957.el7.x86_64 OS Image: CentOS Linux 7 (Core) Operating System: linux Architecture: amd64 Container Runtime Version: docker://19.3.5 Kubelet Version: v1.17.2 Kube-Proxy Version: v1.17.2 PodCIDR: 10.244.2.0/24 PodCIDRs: 10.244.2.0/24 Non-terminated Pods: (2 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits AGE --------- ---- ------------ ---------- --------------- ------------- --- kube-system kube-flannel-ds-amd64-nwv2l 100m (5%) 100m (5%) 50Mi (1%) 50Mi (1%) 2d19h kube-system kube-proxy-cg2m6 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d19h Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 100m (5%) 100m (5%) memory 50Mi (1%) 50Mi (1%) ephemeral-storage 0 (0%) 0 (0%) Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Starting 2d19h kubelet, node202.yinzhengjie.org.cn Starting kubelet. Normal NodeHasSufficientMemory 2d19h (x2 over 2d19h) kubelet, node202.yinzhengjie.org.cn Node node202.yinzhengjie.org.cn status is now: NodeHasSufficientMemory Normal NodeHasNoDiskPressure 2d19h (x2 over 2d19h) kubelet, node202.yinzhengjie.org.cn Node node202.yinzhengjie.org.cn status is now: NodeHasNoDiskPressure Normal NodeHasSufficientPID 2d19h (x2 over 2d19h) kubelet, node202.yinzhengjie.org.cn Node node202.yinzhengjie.org.cn status is now: NodeHasSufficientPID Normal NodeAllocatableEnforced 2d19h kubelet, node202.yinzhengjie.org.cn Updated Node Allocatable limit across pods Normal Starting 2d19h kube-proxy, node202.yinzhengjie.org.cn Starting kube-proxy. Normal NodeReady 2d19h kubelet, node202.yinzhengjie.org.cn Node node202.yinzhengjie.org.cn status is now: NodeReady Normal Starting 4m13s kubelet, node202.yinzhengjie.org.cn Starting kubelet. Normal NodeHasSufficientMemory 4m13s (x2 over 4m13s) kubelet, node202.yinzhengjie.org.cn Node node202.yinzhengjie.org.cn status is now: NodeHasSufficientMemory Normal NodeHasNoDiskPressure 4m13s (x2 over 4m13s) kubelet, node202.yinzhengjie.org.cn Node node202.yinzhengjie.org.cn status is now: NodeHasNoDiskPressure Normal NodeHasSufficientPID 4m13s (x2 over 4m13s) kubelet, node202.yinzhengjie.org.cn Node node202.yinzhengjie.org.cn status is now: NodeHasSufficientPID Normal NodeAllocatableEnforced 4m13s kubelet, node202.yinzhengjie.org.cn Updated Node Allocatable limit across pods Warning Rebooted 4m12s kubelet, node202.yinzhengjie.org.cn Node node202.yinzhengjie.org.cn has been rebooted, boot id: d5f37a27-c41b-44b6-9ce1-e60b82632a48 Normal Starting 4m10s kube-proxy, node202.yinzhengjie.org.cn Starting kube-proxy. [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl describe node node203.yinzhengjie.org.cn Name: node203.yinzhengjie.org.cn Roles: <none> Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=node203.yinzhengjie.org.cn kubernetes.io/os=linux Annotations: flannel.alpha.coreos.com/backend-data: {"VtepMAC":"a2:8e:71:99:3a:9f"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 172.200.1.203 kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Tue, 04 Feb 2020 20:26:23 +0800 Taints: <none> Unschedulable: false Lease: HolderIdentity: node203.yinzhengjie.org.cn AcquireTime: <unset> RenewTime: Fri, 07 Feb 2020 16:21:29 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- MemoryPressure False Fri, 07 Feb 2020 16:18:10 +0800 Tue, 04 Feb 2020 20:26:23 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Fri, 07 Feb 2020 16:18:10 +0800 Tue, 04 Feb 2020 20:26:23 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Fri, 07 Feb 2020 16:18:10 +0800 Tue, 04 Feb 2020 20:26:23 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Fri, 07 Feb 2020 16:18:10 +0800 Tue, 04 Feb 2020 20:26:33 +0800 KubeletReady kubelet is posting ready status Addresses: InternalIP: 172.200.1.203 Hostname: node203.yinzhengjie.org.cn Capacity: cpu: 2 ephemeral-storage: 511750Mi hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 4026384Ki pods: 110 Allocatable: cpu: 2 ephemeral-storage: 482947890401 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3923984Ki pods: 110 System Info: Machine ID: d637a9e4c24d4d11bed0c09151ac78e2 System UUID: 67A04D56-8B05-87A0-1E15-69BC1ADAF803 Boot ID: c3a5508c-432c-4e4c-9913-68879ba9f5c3 Kernel Version: 3.10.0-957.el7.x86_64 OS Image: CentOS Linux 7 (Core) Operating System: linux Architecture: amd64 Container Runtime Version: docker://19.3.5 Kubelet Version: v1.17.2 Kube-Proxy Version: v1.17.2 PodCIDR: 10.244.3.0/24 PodCIDRs: 10.244.3.0/24 Non-terminated Pods: (2 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits AGE --------- ---- ------------ ---------- --------------- ------------- --- kube-system kube-flannel-ds-amd64-jhmh6 100m (5%) 100m (5%) 50Mi (1%) 50Mi (1%) 2d19h kube-system kube-proxy-lp5pr 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d19h Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 100m (5%) 100m (5%) memory 50Mi (1%) 50Mi (1%) ephemeral-storage 0 (0%) 0 (0%) Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Starting 2d19h kubelet, node203.yinzhengjie.org.cn Starting kubelet. Normal NodeHasSufficientMemory 2d19h (x2 over 2d19h) kubelet, node203.yinzhengjie.org.cn Node node203.yinzhengjie.org.cn status is now: NodeHasSufficientMemory Normal NodeHasNoDiskPressure 2d19h (x2 over 2d19h) kubelet, node203.yinzhengjie.org.cn Node node203.yinzhengjie.org.cn status is now: NodeHasNoDiskPressure Normal NodeHasSufficientPID 2d19h (x2 over 2d19h) kubelet, node203.yinzhengjie.org.cn Node node203.yinzhengjie.org.cn status is now: NodeHasSufficientPID Normal NodeAllocatableEnforced 2d19h kubelet, node203.yinzhengjie.org.cn Updated Node Allocatable limit across pods Normal Starting 2d19h kube-proxy, node203.yinzhengjie.org.cn Starting kube-proxy. Normal NodeReady 2d19h kubelet, node203.yinzhengjie.org.cn Node node203.yinzhengjie.org.cn status is now: NodeReady Normal Starting 3m27s kubelet, node203.yinzhengjie.org.cn Starting kubelet. Normal NodeAllocatableEnforced 3m27s kubelet, node203.yinzhengjie.org.cn Updated Node Allocatable limit across pods Normal NodeHasSufficientMemory 3m27s kubelet, node203.yinzhengjie.org.cn Node node203.yinzhengjie.org.cn status is now: NodeHasSufficientMemory Normal NodeHasNoDiskPressure 3m27s kubelet, node203.yinzhengjie.org.cn Node node203.yinzhengjie.org.cn status is now: NodeHasNoDiskPressure Normal NodeHasSufficientPID 3m27s kubelet, node203.yinzhengjie.org.cn Node node203.yinzhengjie.org.cn status is now: NodeHasSufficientPID Warning Rebooted 3m26s kubelet, node203.yinzhengjie.org.cn Node node203.yinzhengjie.org.cn has been rebooted, boot id: c3a5508c-432c-4e4c-9913-68879ba9f5c3 Normal Starting 3m26s kube-proxy, node203.yinzhengjie.org.cn Starting kube-proxy. [root@master200.yinzhengjie.org.cn ~]#
2>.编写yaml文件并应用yaml
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/basic/pod/filebeat-ds.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/pod/filebeat-ds.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: filebeat-ds namespace: testing labels: app: filebeat spec: selector: matchLabels: app: filebeat template: metadata: labels: app: filebeat name: filebeat spec: containers: - name: filebeat image: ikubernetes/filebeat:5.6.5-alpine env: - name: REDIS_HOST value: db.ikubernetes.io:6379 - name: LOG_LEVEL value: info [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl create ns testing namespace/testing created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/basic/pod/filebeat-ds.yaml daemonset.apps/filebeat-ds created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide --show-labels -l app=filebeat NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS filebeat-ds-d72hj 1/1 Running 0 79s 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=fb6b847cc,pod-template-generation=1 filebeat-ds-kb5v6 1/1 Running 0 79s 10.244.1.2 node201.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=fb6b847cc,pod-template-generation=1 filebeat-ds-wbhcr 1/1 Running 0 79s 10.244.2.2 node202.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=fb6b847cc,pod-template-generation=1 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
3>.滚动更新案例(升级filebeat版本)
[root@master200.yinzhengjie.org.cn ~]# kubectl explain ds KIND: DaemonSet VERSION: apps/v1 DESCRIPTION: DaemonSet represents the configuration of a daemon set. FIELDS: apiVersion <string> APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind <string> Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds metadata <Object> Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata spec <Object> The desired behavior of this daemon set. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status status <Object> The current status of this daemon set. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain ds.spec KIND: DaemonSet VERSION: apps/v1 RESOURCE: spec <Object> DESCRIPTION: The desired behavior of this daemon set. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status DaemonSetSpec is the specification of a daemon set. FIELDS: minReadySeconds <integer> The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). revisionHistoryLimit <integer> The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. selector <Object> -required- A label query over pods that are managed by the daemon set. Must match in order to be controlled. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors template <Object> -required- An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template's node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template updateStrategy <Object> An update strategy to replace existing DaemonSet pods with new pods. [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain ds.spec.updateStrategy KIND: DaemonSet VERSION: apps/v1 RESOURCE: updateStrategy <Object> DESCRIPTION: An update strategy to replace existing DaemonSet pods with new pods. DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. FIELDS: rollingUpdate <Object> Rolling update config params. Present only if type = "RollingUpdate". type <string> Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl set image --help Update existing container image(s) of resources. Possible resources include (case insensitive): pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), replicaset (rs) Examples: # Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'. kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1 # Update all deployments' and rc's nginx container's image to 'nginx:1.9.1' kubectl set image deployments,rc nginx=nginx:1.9.1 --all # Update image of all containers of daemonset abc to 'nginx:1.9.1' kubectl set image daemonset abc *=nginx:1.9.1 # Print result (in yaml format) of updating nginx container image from local file, without hitting the server kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml Options: --all=false: Select all resources, including uninitialized ones, in the namespace of the specified resource types --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. --dry-run=false: If true, only print the object that would be sent, without sending it. -f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server. -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R. --local=false: If true, set image will NOT contact api-server but run locally. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file. --record=false: Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists. -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. -l, --selector='': Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2) --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. Usage: kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N [options] Use "kubectl options" for a list of global command-line options (applies to all commands). [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/pod/filebeat-ds.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: filebeat-ds namespace: testing labels: app: filebeat spec: selector: matchLabels: app: filebeat template: metadata: labels: app: filebeat name: filebeat spec: containers: - name: filebeat image: ikubernetes/filebeat:5.6.5-alpine env: - name: REDIS_HOST value: db.ikubernetes.io:6379 - name: LOG_LEVEL value: info [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide --show-labels -l app=filebeat NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS filebeat-ds-d72hj 1/1 Running 0 12m 10.244.3.2 node203.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=fb6b847cc,pod-template-generation=1 filebeat-ds-kb5v6 1/1 Running 0 12m 10.244.1.2 node201.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=fb6b847cc,pod-template-generation=1 filebeat-ds-wbhcr 1/1 Running 0 12m 10.244.2.2 node202.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=fb6b847cc,pod-template-generation=1 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get ds -n testing -o wide NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR filebeat-ds 3 3 3 3 3 <none> 15m filebeat ikubernetes/filebeat:5.6.5-alpine app=filebeat [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl set image ds/filebeat-ds filebeat=ikubernetes/filebeat:5.6.6-alpine -n testing daemonset.apps/filebeat-ds image updated [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get ds -n testing -o wide NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR filebeat-ds 3 3 3 3 3 <none> 17m filebeat ikubernetes/filebeat:5.6.6-alpine app=filebeat [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide --show-labels -l app=filebeat NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS filebeat-ds-jxd8q 1/1 Running 0 8m28s 10.244.3.3 node203.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=6d7dff6d4d,pod-template-generation=2 filebeat-ds-wrkfk 1/1 Running 0 8m1s 10.244.1.3 node201.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=6d7dff6d4d,pod-template-generation=2 filebeat-ds-wz2mh 1/1 Running 0 8m20s 10.244.2.3 node202.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=6d7dff6d4d,pod-template-generation=2 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl describe pods filebeat-ds-jxd8q -n testing Name: filebeat-ds-jxd8q Namespace: testing Priority: 0 Node: node203.yinzhengjie.org.cn/172.200.1.203 Start Time: Fri, 07 Feb 2020 16:44:47 +0800 Labels: app=filebeat controller-revision-hash=6d7dff6d4d pod-template-generation=2 Annotations: <none> Status: Running IP: 10.244.3.3 IPs: IP: 10.244.3.3 Controlled By: DaemonSet/filebeat-ds Containers: filebeat: Container ID: docker://a5b9901f18c5ec90a73137d7a57108e9351ec50ba5d9bc3136f2a7cc27744ec4 Image: ikubernetes/filebeat:5.6.6-alpine Image ID: docker-pullable://ikubernetes/filebeat@sha256:5a59f3efee26f52582d9b9c9940249728291d236c561cefda5300ee124fd592f Port: <none> Host Port: <none> State: Running Started: Fri, 07 Feb 2020 16:44:53 +0800 Ready: True Restart Count: 0 Environment: REDIS_HOST: db.ikubernetes.io:6379 LOG_LEVEL: info Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-x6kkr (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-x6kkr: Type: Secret (a volume populated by a Secret) SecretName: default-token-x6kkr Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/disk-pressure:NoSchedule node.kubernetes.io/memory-pressure:NoSchedule node.kubernetes.io/not-ready:NoExecute node.kubernetes.io/pid-pressure:NoSchedule node.kubernetes.io/unreachable:NoExecute node.kubernetes.io/unschedulable:NoSchedule Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 8m34s default-scheduler Successfully assigned testing/filebeat-ds-jxd8q to node203.yinzhengjie.org.cn Normal Pulling 8m33s kubelet, node203.yinzhengjie.org.cn Pulling image "ikubernetes/filebeat:5.6.6-alpine" Normal Pulled 8m28s kubelet, node203.yinzhengjie.org.cn Successfully pulled image "ikubernetes/filebeat:5.6.6-alpine" Normal Created 8m28s kubelet, node203.yinzhengjie.org.cn Created container filebeat Normal Started 8m28s kubelet, node203.yinzhengjie.org.cn Started container filebeat [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
4>.节点选择器(nodeSelector)案例构建filebeat案例
[root@master200.yinzhengjie.org.cn ~]# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS master200.yinzhengjie.org.cn Ready master 2d21h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=master200.yinzhengjie.org.cn,kubernetes.io/os=linux,node-role.kubernetes.io/master= node201.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node201.yinzhengjie.org.cn,kubernetes.io/os=linux node202.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node202.yinzhengjie.org.cn,kubernetes.io/os=linux node203.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node203.yinzhengjie.org.cn,kubernetes.io/os=linux [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.nodeSelector KIND: Pod VERSION: v1 FIELD: nodeSelector <map[string]string> DESCRIPTION: NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/basic/pod/filebeat-ds.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/pod/filebeat-ds.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: filebeat-ds namespace: testing labels: app: filebeat spec: selector: matchLabels: app: filebeat template: metadata: labels: app: filebeat name: filebeat spec: containers: - name: filebeat image: ikubernetes/filebeat:5.6.5-alpine env: - name: REDIS_HOST value: db.ikubernetes.io:6379 - name: LOG_LEVEL value: info nodeSelector: logcollecting: "on" [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/basic/pod/filebeat-ds.yaml daemonset.apps/filebeat-ds configured [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide --show-labels -l app=filebeat No resources found in testing namespace. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl label node node202.yinzhengjie.org.cn logcollecting="on" node/node202.yinzhengjie.org.cn labeled [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide --show-labels -l app=filebeat NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS filebeat-ds-n6j5z 1/1 Running 0 12s 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> app=filebeat,controller-revision-hash=dfb47bdf,pod-template-generation=3 [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS master200.yinzhengjie.org.cn Ready master 2d21h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=master200.yinzhengjie.org.cn,kubernetes.io/os=linux,node-role.kubernetes.io/master= node201.yinzhengjie.org.cn Ready <none> 2d21h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node201.yinzhengjie.org.cn,kubernetes.io/os=linux node202.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node202.yinzhengjie.org.cn,kubernetes.io/os=linux,logcollecting=on node203.yinzhengjie.org.cn Ready <none> 2d20h v1.17.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node203.yinzhengjie.org.cn,kubernetes.io/os=linux [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
五.Job 控制器(controller)
我们上面介绍了ReplicaSet,Deployment和DaemonSet,他们有一个特点就是都是用来控制守护进程的,即任何一个pod发生宕机都会自动选取一个节点启动起来;Job主要用来管理非守护进程的一次性作业,即当一个任务正常执行完毕后就会退出并不会再次启动。 作业(Job)创建一个或多个pod并确保指定数量的pod成功终止: 当pods成功完成时,作业将跟踪成功完成的操作; 当达到指定数量的成功完成时,作业本身即已完成。删除作业将清除其创建的pods; 编写Job控制器的规则: template selector Parall Jobs 非并行作业(Non-parallel Jobs) 具有固定完成计数的并行作业(Parallel Jobs with a fixed completion count,参考:"jobs.spec.completions") 具有工作队列的并行作业(Parallel Jobs with a work queue,参考"jobs.spec.parallelism")
POD中的容器可能由于多种原因而失败,例如因为它的进程退出了非零退出代码,或者容器被杀死超过内存限制等:
当容器的退出码为0,说明容器正常运行结束,则Pod的状态为Completed,此时并不会重启容器。
当容器的退出吗不为0,说明容器不正常运行结束,则Pod状态为Failure,此时我们有两种重启策略,当Pod的容器执行失败时,若重启则可用restartPolicy="OnFailure",若不重启则可用restartPolicy="Nerver"。
Job的工作模式:
当使用.spec.completions指定完成时,作业控制器创建的每个Pod都具有相同的规范:
这意味着所有pod都将具有相同的命令行和相同的镜像(image)、相同的卷(volumes)和(几乎)相同的环境变量。
这些模式是不同的方式安排Pod在不同的事情上工作:
当Parttern为"Job Template Expansion"时,".spec.completions"为1,".spec.parallelism"为"should be 1",即作用总量为1,那么并行度只能为1。
当Parttern为"Queue with Pod Per Work Item"时,".spec.completions"为w,".spec.parallelism"为"any",即作业总量为多个(此处我们称为w个作业),那么并行度是any。
当Parttern为"Queue with Variable Pod Count"时,".spec.completions"为1,".spec.parallelism"为"any",即一个队列中有可变的pod数量,那么一个队列中只能完成一个,并行度也是any。
当Parttern为"Single Job With Static Work Assignment"时,".spec.completions"为w,".spec.parallelism"为"any"
[root@master200.yinzhengjie.org.cn ~]# kubectl explain jobs.spec.parallelism KIND: Job VERSION: batch/v1 FIELD: parallelism <integer> DESCRIPTION: Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain jobs.spec.completions KIND: Job VERSION: batch/v1 FIELD: completions <integer> DESCRIPTION: Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
1>.单路作业案例
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/basic/pod/job-example.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/pod/job-example.yaml apiVersion: batch/v1 kind: Job metadata: name: job-example namespace: testing spec: template: metadata: labels: app: myjob spec: containers: - name: myjob image: alpine command: ["/bin/sh", "-c", "sleep 10"] restartPolicy: Never [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get job -n testing -o wide No resources found in testing namespace. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/basic/pod/job-example.yaml job.batch/job-example created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get job -n testing -o wide NAME COMPLETIONS DURATION AGE CONTAINERS IMAGES SELECTOR job-example 0/1 3s 3s myjob alpine controller-uid=4346be11-e9d1-4cbe-8d9b-70b3fd7fb8ae [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get job -n testing -o wide NAME COMPLETIONS DURATION AGE CONTAINERS IMAGES SELECTOR job-example 1/1 20s 52s myjob alpine controller-uid=4346be11-e9d1-4cbe-8d9b-70b3fd7fb8ae [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES filebeat-ds-n6j5z 1/1 Running 0 8h 10.244.2.4 node202.yinzhengjie.org.cn <none> <none> job-example-qvt8q 0/1 Completed 0 103s 10.244.1.4 node201.yinzhengjie.org.cn <none> <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
2>.多路作业案例
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/basic/pod/job-multi.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/pod/job-multi.yaml apiVersion: batch/v1 kind: Job metadata: name: job-multi namespace: testing2 spec: completions: 5 parallelism: 2 template: metadata: labels: app: myjob spec: containers: - name: myjob image: alpine command: ["/bin/sh", "-c", "sleep 3"] restartPolicy: Never [root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing2 -o wide No resources found in testing2 namespace. [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/basic/pod/job-multi.yaml job.batch/job-multi created [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n testing2 -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES job-multi-4t8cz 0/1 Completed 0 22s 10.244.1.10 node201.yinzhengjie.org.cn <none> <none> job-multi-8qxxx 0/1 Completed 0 37s 10.244.1.8 node201.yinzhengjie.org.cn <none> <none> job-multi-q8ql4 0/1 Completed 0 30s 10.244.1.9 node201.yinzhengjie.org.cn <none> <none> job-multi-sfk7g 0/1 Completed 0 30s 10.244.2.8 node202.yinzhengjie.org.cn <none> <none> job-multi-znltr 0/1 Completed 0 37s 10.244.2.7 node202.yinzhengjie.org.cn <none> <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
六.CronJob 控制器(controller)
一个Job控制器可用创建一次性任务,而一个CronJob控制器可用创建一个周期性调度任务,其实CronJob底层还是控制之前提到的Job控制器实现的:
一个CronJob对象就像Linux 的crontab(cron table)文件的一行。
它在给定的时间表上周期性地运行一个以Cron格式编写的作业。
cron作业大约在其计划的每个执行时间创建一个作业对象。
如果startDeadlineSeonds设置为大值或未设置(默认值),并且concurrency设置为Allow,则作业将始终至少运行一次:
对于每个CronJob,CronJob控制器检查从上次计划时间到现在这段时间内它错过了多少计划
如果错过的计划超过100个,则它不会启动作业并记录错误
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/basic/pod/cronjob-example.yaml [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/pod/cronjob-example.yaml apiVersion: batch/v1beta1 kind: CronJob metadata: name: cronjob-example namespace: testing3 labels: app: mycronjob spec: schedule: "*/2 * * * *" jobTemplate: metadata: labels: app: mycronjob-jobs spec: parallelism: 2 template: spec: containers: - name: myjob image: alpine command: - /bin/sh - -c - date; echo Hello from the Kubernetes cluster; sleep 10 restartPolicy: OnFailure [root@master200.yinzhengjie.org.cn ~]#
七.Garbage Collection
一些Kubernetes对象是其他对象的所有者:
拥有的对象称为所有者对象的从属对象。
每个依赖对象都有一个指向所属对象的metadata.ownerReferences字段。
有时,Kubernetes会自动设置ownerReference的值。
也可以通过手动设置“所有者引用”字段来指定所有者和从属对象之间的关系。
删除对象时,可以指定是否也自动删除该对象的从属对象:
自动删除从属关系称为级联删除(有两种级联删除模式:background and foreground)
如果删除对象而不自动删除其从属对象,则这些从属对象称为孤立对象
设置级联删除策略:
可以设置的值为:"Orphan","Foreground","Background"。
Kubernetes 1.9之前的版本中,许多控制器的默认GC策略为orphan,包括ReplicaSet,StatefulSet,DaemonSet和Deployment等(对于extensions/v1beta1、apps/v1beta1和apps/v1beta2组版本中的类型,除非您另外指定,否则依赖对象在默认情况下是孤立的);
Kubernetes 1.9之后的版本中,apps/v1群组中的所有控制器对象的默认策略都为删除,deleteOptions的值为"Backgroupd";
八.Node 控制器(controller)
Node Controller打包在kube-controller-manager之中,它负责Node生命周期中的多种任务:
(1)在注册节点时将CIDR块分配给该节点(如果CIDR分配为truned on)
(2)使节点控制器的nades内部列表与云提供商的可用计算机列表保持最新。
(3)监视节点的运行状况:
健康状态的检查频率由"--node-monitor-period"选项进行定义
节点变得不可用时,将其从Ready设置为Unknown
长时间不可用时,驱逐此前敌法哦都至其上的Pod对象,驱逐速率由”--node-eviction-rate选项进行定义,默认为"0.1",即最快10秒驱逐一个Pod对象。
(4)为Node驱逐哪些不能容忍当前Node上具有NoExecute效用的污点Pod对象(Kubernetes 1.6+)
(5)为Node创建代表其Condition的污点(Kubernetes 1.8+)
1>.Nodes
节点是Kubernetes中的一个工作机器,以前被称为下属(minion)。
节点可以是虚拟机或物理机,具体取决于集群。
每个节点包含运行pods所需的服务,并由主组件管理。
节点上的服务包括 container runtime,kubelet和kube-proxy。
2>.Node Status
Address:HostName,ExternalIP(外部地址),InternalIP(内部地址)
Condition:该节点所处的状态,比如磁盘使用量等。
Capacity:CPU、内存和可调度到节点上的最大数量的Pods
Info:节点的一般信息,如kerner版本、Kubernetes版本(kubelet和kube-proxy版本)、Docker版本(如果使用)、OS名称。
[root@master200.yinzhengjie.org.cn ~]# kubectl describe nodes node201.yinzhengjie.org.cn Name: node201.yinzhengjie.org.cn Roles: <none> Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=node201.yinzhengjie.org.cn kubernetes.io/os=linux Annotations: flannel.alpha.coreos.com/backend-data: {"VtepMAC":"82:2a:43:41:7f:b3"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 172.200.1.201 kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Tue, 04 Feb 2020 20:11:15 +0800 Taints: <none> Unschedulable: false Lease: HolderIdentity: node201.yinzhengjie.org.cn AcquireTime: <unset> RenewTime: Sat, 08 Feb 2020 02:52:16 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- MemoryPressure False Sat, 08 Feb 2020 02:51:29 +0800 Tue, 04 Feb 2020 20:11:15 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Sat, 08 Feb 2020 02:51:29 +0800 Tue, 04 Feb 2020 20:11:15 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Sat, 08 Feb 2020 02:51:29 +0800 Tue, 04 Feb 2020 20:11:15 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Sat, 08 Feb 2020 02:51:29 +0800 Tue, 04 Feb 2020 20:22:27 +0800 KubeletReady kubelet is posting ready status Addresses: InternalIP: 172.200.1.201 Hostname: node201.yinzhengjie.org.cn Capacity: cpu: 2 ephemeral-storage: 511750Mi hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 4026376Ki pods: 110 Allocatable: cpu: 2 ephemeral-storage: 482947890401 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3923976Ki pods: 110 System Info: Machine ID: d637a9e4c24d4d11bed0c09151ac78e2 System UUID: 6ED04D56-C57B-0527-4243-6C15BCBA68FE Boot ID: be24e2cb-1bba-4e46-829d-c53877ee9b80 Kernel Version: 3.10.0-957.el7.x86_64 OS Image: CentOS Linux 7 (Core) Operating System: linux Architecture: amd64 Container Runtime Version: docker://19.3.5 Kubelet Version: v1.17.2 Kube-Proxy Version: v1.17.2 PodCIDR: 10.244.1.0/24 PodCIDRs: 10.244.1.0/24 Non-terminated Pods: (2 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits AGE --------- ---- ------------ ---------- --------------- ------------- --- kube-system kube-flannel-ds-amd64-lnldz 100m (5%) 100m (5%) 50Mi (1%) 50Mi (1%) 3d6h kube-system kube-proxy-2shb4 0 (0%) 0 (0%) 0 (0%) 0 (0%) 3d6h Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 100m (5%) 100m (5%) memory 50Mi (1%) 50Mi (1%) ephemeral-storage 0 (0%) 0 (0%) Events: <none> [root@master200.yinzhengjie.org.cn ~]# [root@master200.yinzhengjie.org.cn ~]#
3>.Node Conditions
OutOfDisk:
即当为True时,磁盘耗尽,即节点上没有足够的可用空间来添加新的pod,否则为False
Ready:
如果节点运行正常并准备接受pods,则为True;
如果节点运行不正常且不接受pods,则为False;
如果节点控制器在上一个节点监视器宽限期内(默认值为40秒)未收到节点的消息,则为Unknown
MemoryPressure:
如果在节点存储器上存在压力,即,如果节点内存较低,则为true,否则为Flase
PIDPressure:
如果进程上存在压力,如果在节点上有太多的进程,则为true;否则为Flase。
DiskPressure:
如果磁盘大小上存在压力,即磁盘容量较低,则为true;否则Fla
NetworkUnavailable:
如果节点的网络配置不正确,则为True,否则为False。
ConfigOK:
如果kubelet配置正确,则为True,否则为False。
4>.节点管理(Node Management)
与POD和服务不同,一个节点不是由Kubernetes天生创建的:它是由谷歌计算引擎之类的云提供商在外部创建的,或者它存在于物理或虚拟机的池中。
当Kubernetes创建一个节点时,它会创建一个表示该节点的对象。
创建后,Kubernetes检查节点是否有效。
Kubernetes在内部创建一个节点对象(the representation ),并基于metadata.name字段通过运行状况检查来验证节点。
如果节点有效,也就是说,如果所有必需的服务都在运行,那么它就有资格运行pod。
否则,任何群集活动都将忽略它,直到它变为有效。