Kubernetes——StatefulSet资源升级（滚动更新操作、暂存更新操作）

StatefulSet资源升级

  自 Kubernetes 1.7 版本起，StatefulSet 资源支持自动更新机制，其更新策略由 spec.updateStrategy 字段定义，默认为 RollingUpdate，即滚动更新。

一、滚动更新操作

  滚动更新 StatefulSet 控制器的 Pod 资源以逆序的形式从其最大索引编号的 Pod 资源逐一进行，它在终止一个 Pod 资源、更新资源并待其就绪后启动更新下一个资源，即索引号比当前号小 1 的 Pod 资源。对于主从复制类的集群应用来说，这样也能保证起主节点作用的 Pod 资源最后进行更新，确保兼容性。

  StatefulSet 的默认更新策略为滚动更新，通过 "kubectl get statefulset NAME -o yaml" 命令中的输出可以获取相关的信息：

[root@k8s-master01-test-2-26 ~]# kubectl get statefulset alertmanager-main -n kubesphere-monitoring-system
NAME                READY   AGE
alertmanager-main   1/1     66m
[root@k8s-master01-test-2-26 ~]# kubectl get statefulset alertmanager-main -n kubesphere-monitoring-system -o yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  annotations:
    prometheus-operator-input-hash: "10566271792385409484"
  creationTimestamp: "2022-06-29T05:31:54Z"
  generation: 1
  labels:
    app.kubernetes.io/component: alert-router
    app.kubernetes.io/instance: main
    app.kubernetes.io/name: alertmanager
    app.kubernetes.io/part-of: kube-prometheus
    app.kubernetes.io/version: 0.23.0
  name: alertmanager-main
  namespace: kubesphere-monitoring-system
  ownerReferences:
  - apiVersion: monitoring.coreos.com/v1
    blockOwnerDeletion: true
    controller: true
    kind: Alertmanager
    name: main
    uid: c054f193-4d87-49b8-b8e7-9275c753460c
  resourceVersion: "6347"
  uid: dbd3d926-fefd-4b11-94a6-079b08b7a293
spec:
  podManagementPolicy: Parallel
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      alertmanager: main
      app.kubernetes.io/instance: main
      app.kubernetes.io/managed-by: prometheus-operator
      app.kubernetes.io/name: alertmanager
  serviceName: alertmanager-operated
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/default-container: alertmanager
      creationTimestamp: null
      labels:
        alertmanager: main
        app.kubernetes.io/component: alert-router
        app.kubernetes.io/instance: main
        app.kubernetes.io/managed-by: prometheus-operator
        app.kubernetes.io/name: alertmanager
        app.kubernetes.io/part-of: kube-prometheus
        app.kubernetes.io/version: 0.23.0
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: alertmanager
                  operator: In
                  values:
                  - main
              namespaces:
              - kubesphere-monitoring-system
              topologyKey: kubernetes.io/hostname
            weight: 100
      containers:
      - args:
        - --config.file=/etc/alertmanager/config/alertmanager.yaml
        - --storage.path=/alertmanager
        - --data.retention=120h
        - --cluster.listen-address=
        - --web.listen-address=:9093
        - --web.route-prefix=/
        - --cluster.peer=alertmanager-main-0.alertmanager-operated:9094
        - --cluster.reconnect-timeout=5m
        env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.podIP
        image: registry.cn-beijing.aliyuncs.com/kubesphereio/alertmanager:v0.23.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 10
          httpGet:
            path: /-/healthy
            port: web
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 3
        name: alertmanager
        ports:
        - containerPort: 9093
          name: web
          protocol: TCP
        - containerPort: 9094
          name: mesh-tcp
          protocol: TCP
        - containerPort: 9094
          name: mesh-udp
          protocol: UDP
        readinessProbe:
          failureThreshold: 10
          httpGet:
            path: /-/ready
            port: web
            scheme: HTTP
          initialDelaySeconds: 3
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 3
        resources:
          limits:
            cpu: 200m
            memory: 200Mi
          requests:
            cpu: 20m
            memory: 30Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: FallbackToLogsOnError
        volumeMounts:
        - mountPath: /etc/alertmanager/config
          name: config-volume
        - mountPath: /etc/alertmanager/certs
          name: tls-assets
          readOnly: true
        - mountPath: /alertmanager
          name: alertmanager-main-db
      - args:
        - --listen-address=:8080
        - --reload-url=http://localhost:9093/-/reload
        - --watched-dir=/etc/alertmanager/config
        command:
        - /bin/prometheus-config-reloader
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: SHARD
          value: "-1"
        image: registry.cn-beijing.aliyuncs.com/kubesphereio/prometheus-config-reloader:v0.55.1
        imagePullPolicy: IfNotPresent
        name: config-reloader
        ports:
        - containerPort: 8080
          name: reloader-web
          protocol: TCP
        resources:
          limits:
            cpu: 100m
            memory: 50Mi
          requests:
            cpu: 100m
            memory: 50Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: FallbackToLogsOnError
        volumeMounts:
        - mountPath: /etc/alertmanager/config
          name: config-volume
          readOnly: true
      dnsPolicy: ClusterFirst
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 1000
      serviceAccount: alertmanager-main
      serviceAccountName: alertmanager-main
      terminationGracePeriodSeconds: 120
      volumes:
      - name: config-volume
        secret:
          defaultMode: 420
          secretName: alertmanager-main-generated
      - name: tls-assets
        projected:
          defaultMode: 420
          sources:
          - secret:
              name: alertmanager-main-tls-assets-0
      - emptyDir: {}
        name: alertmanager-main-db
  updateStrategy:
    type: RollingUpdate
status:
  availableReplicas: 1
  collisionCount: 0
  currentReplicas: 1
  currentRevision: alertmanager-main-cd5bc8fdc
  observedGeneration: 1
  readyReplicas: 1
  replicas: 1
  updateRevision: alertmanager-main-cd5bc8fdc
  updatedReplicas: 1
[root@k8s-master01-test-2-26 ~]# 

  "kubectl rollout status" 命令跟踪 StatefulSet 资源滚动更新过程中的状态信息。

二、暂存更新操作

  当用户需要设定一个更新操作，但又不希望它立即执行时，可将更新操作予以 "暂存"，待条件满足后再手动触发其执行更新。

  StatefulSet 资源的分区更新机制能够实现此项功能。在设定更新操作之前，将 .spec.updateStrategy.rollingUpdate.partition 字段的值设置为 Pod 资源的副本数量，即比 Pod 资源的最大索引号大 1，这就意味着，所有的 Pod 资源都不会处于可直接更新的分区之内，那么于其后设定的更新操作也就不会真正执行，直到用户降低分区编号至现有 Pod 资源索引号范围之内。

[root@k8s-master01-test-2-26 ~]# kubectl explain statefulset.spec.updateStrategy.rollingUpdate.partition
KIND:     StatefulSet
VERSION:  apps/v1

FIELD:    partition <integer>

DESCRIPTION:
     Partition indicates the ordinal at which the StatefulSet should be
     partitioned for updates. During a rolling update, all pods from ordinal
     Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0
     remain untouched. This is helpful in being able to do a canary based
     deployment. The default value is 0.
[root@k8s-master01-test-2-26 ~]# 

  下面测试滚动更新暂存更新操作，首先将 StatefulSet 资源滚动更新分区值设定为 3：

kubectl patch statefulset myapp -p '{"spec":{"updateStrategy":{"rollingUpdate":{"partition":3}}}}'

  暂存状态的更新操作对所有的 Pod 资源均不产生影响，比如即使删除某 Pod 资源，它依然会基于旧的版本镜像进行重建。