Kubernetes——DaemonSet 控制器

DaemonSet 控制器

  DaemonSet 是 Pod 控制器的又一种实现，用于在集群中的全部节点上同时运行一份指定的 Pod 资源副本，后续新加入集群的工作节点也会自动创建一个相关的 Pod 对象，当从集群移除节点时，此类 Pod 对象也将被自动回收而无须重建。管理员也可以使用节点选择器及节点标签指定仅在部分具有特定特征的节点上运行指定的 Pod 对象。

  DaemonSet 是一种特殊的控制器，它有特定的应用场景，通常运行那些执行系统级操作任务的应用，其应用场景具体如下：

• • 运行集群存储的守护进程，如在各个节点上运行 glusterd 或 ceph。
  • 在各个节点上运行日志收集守护进程，如 fluentd 或 logstash。
  • 在各个节点上运行监控系统的代理守护进程，如 Prometheus Node Exporter、collectd、Datadog agent、New Relic agent 或 Ganglia gmond 等。

一、创建 DaemonSet 资源对象

  DaemonSet 控制器的 spec 字段中嵌套使用的字段同样主要包了前面讲到的 Pod 控制器资源支持的 selector、template 和 minReadySeconds，并且功能和用法基本相同，但它不支持使用 replicas，毕竟 DaemonSet 并不是基于期望的副本数来控制 Pod 资源数量，而是基于节点数量，但 template 是必选字段。

kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: fluent-bit
  namespace: kubesphere-logging-system
  labels:
    app.kubernetes.io/name: fluent-bit
  annotations:
    deprecated.daemonset.template.generation: '1'
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: fluent-bit
  template:
    metadata:
      name: fluent-bit
      namespace: kubesphere-logging-system
      creationTimestamp: null
      labels:
        app.kubernetes.io/name: fluent-bit
    spec:
      volumes:
        - name: varlibcontainers
          hostPath:
            path: /var/lib/docker/containers
            type: ''
        - name: config
          secret:
            secretName: fluent-bit-config
            defaultMode: 420
        - name: varlogs
          hostPath:
            path: /var/log
            type: ''
        - name: systemd
          hostPath:
            path: /var/log/journal
            type: ''
        - name: positions
          emptyDir: {}
      containers:
        - name: fluent-bit
          image: 'registry.cn-beijing.aliyuncs.com/kubesphereio/fluent-bit:v1.6.9'
          ports:
            - name: metrics
              containerPort: 2020
              protocol: TCP
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: spec.nodeName
          resources: {}
          volumeMounts:
            - name: varlibcontainers
              readOnly: true
              mountPath: /var/lib/docker/containers
            - name: config
              readOnly: true
              mountPath: /fluent-bit/config
            - name: varlogs
              readOnly: true
              mountPath: /var/log/
            - name: systemd
              readOnly: true
              mountPath: /var/log/journal
            - name: positions
              mountPath: /fluent-bit/tail
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      serviceAccountName: fluent-bit
      serviceAccount: fluent-bit
      securityContext: {}
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/edge
                    operator: DoesNotExist
      schedulerName: default-scheduler
      tolerations:
        - operator: Exists
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  revisionHistoryLimit: 10

 与其他资源对象相同，用户也可以使用 "kubectl describe" 命令查看 DaemonSet 对象的详细信息。

[root@mh-k8s-master-prd-243-24 ~]# kubectl get ds -n kubesphere-logging-system
NAME         DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
fluent-bit   16        16        16      16           16          <none>          69d
[root@mh-k8s-master-prd-243-24 ~]# kubectl describe daemonsets fluent-bit -n kubesphere-logging-system
Name:           fluent-bit
Selector:       app.kubernetes.io/name=fluent-bit
Node-Selector:  <none>
Labels:         app.kubernetes.io/name=fluent-bit
Annotations:    deprecated.daemonset.template.generation: 1
Desired Number of Nodes Scheduled: 16
Current Number of Nodes Scheduled: 16
Number of Nodes Scheduled with Up-to-date Pods: 16
Number of Nodes Scheduled with Available Pods: 16
Number of Nodes Misscheduled: 0
Pods Status:  16 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:           app.kubernetes.io/name=fluent-bit
  Service Account:  fluent-bit
  Containers:
   fluent-bit:
    Image:      registry.cn-beijing.aliyuncs.com/kubesphereio/fluent-bit:v1.6.9
    Port:       2020/TCP
    Host Port:  0/TCP
    Environment:
      NODE_NAME:   (v1:spec.nodeName)
    Mounts:
      /fluent-bit/config from config (ro)
      /fluent-bit/tail from positions (rw)
      /var/lib/docker/containers from varlibcontainers (ro)
      /var/log/ from varlogs (ro)
      /var/log/journal from systemd (ro)
  Volumes:
   varlibcontainers:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/docker/containers
    HostPathType:  
   config:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  fluent-bit-config
    Optional:    false
   varlogs:
    Type:          HostPath (bare host directory volume)
    Path:          /var/log
    HostPathType:  
   systemd:
    Type:          HostPath (bare host directory volume)
    Path:          /var/log/journal
    HostPathType:  
   positions:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
Events:         <none>
[root@mh-k8s-master-prd-243-24 ~]# 

二、更新 DaemonSet 对象

  DaemonSet 自 Kubernetes 1.6 版本起也开始支持更新机制，相关配置定义如下：

[root@mh-k8s-master-prd-243-24 ~]#  kubectl explain daemonset
KIND:     DaemonSet
VERSION:  apps/v1

DESCRIPTION:
     DaemonSet represents the configuration of a daemon set.

FIELDS:
   apiVersion	<string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

   kind	<string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

   metadata	<Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

   spec	<Object>
     The desired behavior of this daemon set. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

   status	<Object>
     The current status of this daemon set. This data may be out of date by some
     window of time. Populated by the system. Read-only. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

[root@mh-k8s-master-prd-243-24 ~]# 

  更新策略在 daemonset.spec.update-Strategy 嵌套字段中。目前，它支持 RollingUpdate（滚动更新）和 OnDelete（删除时更新）两种更新策略。

[root@mh-k8s-master-prd-243-24 ~]#  kubectl explain daemonset.spec.updateStrategy
KIND:     DaemonSet
VERSION:  apps/v1

RESOURCE: updateStrategy <Object>

DESCRIPTION:
     An update strategy to replace existing DaemonSet pods with new pods.

     DaemonSetUpdateStrategy is a struct used to control the update strategy for
     a DaemonSet.

FIELDS:
   rollingUpdate	<Object>
     Rolling update config params. Present only if type = "RollingUpdate".

   type	<string>
     Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is
     RollingUpdate.

[root@mh-k8s-master-prd-243-24 ~]# 

　　DaemonSet 控制器的滚动更新机制也可以借助于 minReadySeconds 字段控制滚动节奏，必要时可以执行暂停和继续操作，因此它也能够设计为金丝雀发布机制。另外，故障的更新操作也可以进行回滚，包括回滚至 version 历史记录中的任何一个指定的版本。