Pod是kubernetes的最小管理单元,在kubernetes中,按照pod的创建方式可以将其分为两类:
什么是Pod控制器
Pod控制器是管理pod的中间层,使用Pod控制器之后,只需要告诉Pod控制器,想要多少个什么样的Pod就可以了,它会创建出满足条件的Pod并确保每一个Pod资源处于用户期望的目标状态。如果Pod资源在运行中出现故障,它会基于指定策略重新编排Pod。多删少补,通过这样的实现滚动更新,规则定义3个pod,启动4个pod,干掉旧版本,重启新版本,一次类推
在kubernetes中,有很多类型的pod控制器,每种都有自己的适合的场景,常见的有下面这些:
ReplicaSet的主要作用是保证一定数量的pod正常运行,它会持续监听这些Pod的运行状态,一旦Pod发生故障,就会重启或重建。同时它还支持对pod数量的扩缩容和镜像版本的升降级。
ReplicaSet的资源清单文件:
apiVersion: apps/v1 # 版本号
kind: ReplicaSet # 类型
metadata: # 元数据
name: # rs名称
namespace: # 所属命名空间
labels: #标签
controller: rs
spec: # 详情描述
replicas: 3 # 副本数量
selector: # 选择器,通过它指定该控制器管理哪些pod
matchLabels: # Labels匹配规则
app: nginx-pod
matchExpressions: # Expressions匹配规则
- {key: app, operator: In, values: [nginx-pod]}
template: # 模板,当副本数量不足时,会根据下面的模板创建pod副本
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.17.1
ports:
- containerPort: 80
在这里面,需要新了解的配置项就是spec
下面几个选项:
replicas:指定副本数量,其实就是当前rs创建出来的pod的数量,默认为1
selector:选择器,它的作用是建立pod控制器和pod之间的关联关系,采用的Label Selector机制
在pod模板上定义label,在控制器上定义选择器,就可以表明当前控制器能管理哪些pod了
template:模板,就是当前控制器创建pod所使用的模板板,里面其实就是前一章学过的pod的定义
[root@k8s-master inventory]# vi pc-replicaset.yaml
[root@k8s-master inventory]# cat pc-replicaset.yaml
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: pc-replicaset
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.17.1
[root@k8s-master inventory]# kubectl apply -f pc-replicaset.yaml
replicaset.apps/pc-replicaset created
# 查看rs
# DESIRED:期望副本数量
# CURRENT:当前副本数量
# READY:已经准备好提供服务的副本数量
[root@k8s-master inventory]# kubectl get -f pc-replicaset.yaml -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
pc-replicaset 3 3 3 73s nginx nginx:1.17.1 app=nginx-pod
# 查看当前控制器创建出来的pod
# 这里发现控制器创建出来的pod的名称是在控制器名称后面拼接了-xxxxx随机码
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-replicaset-52fsn 1/1 Running 0 85s
pc-replicaset-bjsqd 1/1 Running 0 85s
pc-replicaset-p6kr4 1/1 Running 0 85s
[root@k8s-master inventory]# kubectl edit rs pc-replicaset -n dev
creationTimestamp: "2023-11-21T09:05:42Z"
generation: 2
name: pc-replicaset
namespace: dev
resourceVersion: "118575"
uid: bb46ed6b-0664-4021-b7f8-2b1ac27c01b4
spec:
replicas: 6 # 编辑rs的副本数量,修改spec:replicas: 6即可
selector:
matchLabels:
app: nginx-pod
template:
[root@k8s-master inventory]# kubectl edit rs pc-replicaset -n dev
replicaset.apps/pc-replicaset edited
#扩容
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-replicaset-52fsn 1/1 Running 0 19m
pc-replicaset-6cwkp 1/1 Running 0 27s
pc-replicaset-8slt6 1/1 Running 0 27s
pc-replicaset-bjsqd 1/1 Running 0 19m
pc-replicaset-p6kr4 1/1 Running 0 19m
pc-replicaset-wlz59 1/1 Running 0 27s
[root@k8s-master inventory]# kubectl get -f pc-replicaset.yaml -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
pc-replicaset 6 6 6 23m nginx nginx:1.17.1 app=nginx-pod
# 当然也可以直接使用命令实现
# 使用scale命令实现扩缩容, 后面--replicas=n直接指定目标数量即可
[root@k8s-master inventory]# kubectl scale rs pc-replicaset -n dev --replicas=2
replicaset.apps/pc-replicaset scaled
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-replicaset-52fsn 1/1 Running 0 25m
pc-replicaset-bjsqd 1/1 Running 0 25m
#删除一个又自动运行一个
[root@k8s-master inventory]# kubectl delete pod -n dev pc-replicaset-bjsqd
pod "pc-replicaset-bjsqd" deleted
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-replicaset-52fsn 1/1 Running 0 25m
pc-replicaset-sqwb6 1/1 Running 0 2s
[root@k8s-master inventory]# kubectl edit rs pc-replicaset -n dev
spec:
replicas: 2
selector:
matchLabels:
app: nginx-pod
template:
metadata:
creationTimestamp: null
labels:
app: nginx-pod
spec:
containers:
- image: nginx:1.17.1 #修改镜像版本为1.17.2
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
[root@k8s-master inventory]# kubectl edit rs pc-replicaset -n dev
replicaset.apps/pc-replicaset edited
# 再次查看,发现镜像版本已经变更了
[root@k8s-master inventory]# kubectl get rs -n dev -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
pc-replicaset 2 2 2 111m nginx nginx:1.17.2 app=nginx-pod
# 同样的道理,也可以使用命令完成这个工作
# kubectl set image rs rs名称 容器=镜像版本 -n namespace
[root@k8s-master inventory]# kubectl set image rs pc-replicaset -n dev nginx=nginx:1.17.1
replicaset.apps/pc-replicaset image updated
[root@k8s-master inventory]# kubectl get rs -n dev -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
pc-replicaset 2 2 2 112m nginx nginx:1.17.1 app=nginx-pod
#滚动更新
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-replicaset-52fsn 1/1 Running 0 112m
pc-replicaset-sqwb6 1/1 Running 0 87m
[root@k8s-master inventory]# kubectl describe pod pc-replicaset-52fsn -n dev|grep -i image
Image: nginx:1.17.1
#升级版本
[root@k8s-master inventory]# kubectl set image rs pc-replicaset -n dev nginx=nginx:1.17.2
replicaset.apps/pc-replicaset image updated
#删除一个pod
[root@k8s-master inventory]# kubectl delete pod pc-replicaset-52fsn -n dev
pod "pc-replicaset-52fsn" deleted
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-replicaset-dbz29 0/1 ContainerCreating 0 9s
pc-replicaset-sqwb6 1/1 Running 0 90m
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-replicaset-dbz29 1/1 Running 0 45s
pc-replicaset-sqwb6 1/1 Running 0 90m
[root@k8s-master inventory]# kubectl describe pod pc-replicaset-dbz29 -n dev|grep -i image
Image: nginx:1.17.2
# 使用kubectl delete命令会删除此RS以及它管理的Pod
# 在kubernetes删除RS前,会将RS的replicasclear调整为0,等待所有的Pod被删除后,在执行RS对象的删除
[root@k8s-master inventory]# kubectl delete rs pc-replicaset -n dev
replicaset.apps "pc-replicaset" deleted
[root@k8s-master inventory]# kubectl get pod -n dev -o wide
No resources found in dev namespace.
# 如果希望仅仅删除RS对象(保留Pod),可以使用kubectl delete命令时添加--cascade=false选项(不推荐)。
kubectl delete rs pc-replicaset -n dev --cascade=false
# 也可以使用yaml直接删除(推荐)
kubectl delete -f pc-replicaset.yaml
为了更好的解决服务编排的问题,kubernetes在V1.2版本开始,引入了Deployment控制器。值得一提的是,这种控制器并不直接管理pod,而是通过管理ReplicaSet来简介管理Pod,即:Deployment管理ReplicaSet,ReplicaSet管理Pod。所以Deployment比ReplicaSet功能更加强大。
Deployment主要功能有下面几个:
Deployment的资源清单文件:
apiVersion: apps/v1 # 版本号
kind: Deployment # 类型
metadata: # 元数据
name: # rs名称
namespace: # 所属命名空间
labels: #标签
controller: deploy
spec: # 详情描述
replicas: 3 # 副本数量
revisionHistoryLimit: 3 # 保留历史版本
paused: false # 暂停部署,默认是false
progressDeadlineSeconds: 600 # 部署超时时间(s),默认是600
strategy: # 策略
type: RollingUpdate # 滚动更新策略
rollingUpdate: # 滚动更新
maxSurge: 30% # 最大额外可以存在的副本数,可以为百分比,也可以为整数
maxUnavailable: 30% # 最大不可用状态的 Pod 的最大值,可以为百分比,也可以为整数
selector: # 选择器,通过它指定该控制器管理哪些pod
matchLabels: # Labels匹配规则
app: nginx-pod
matchExpressions: # Expressions匹配规则
- {key: app, operator: In, values: [nginx-pod]}
template: # 模板,当副本数量不足时,会根据下面的模板创建pod副本
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.17.1
ports:
- containerPort: 80
[root@k8s-master inventory]# vi pc-deployment.yaml
[root@k8s-master inventory]# cat pc-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: pc-deployment
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.17.1
# 创建deployment
[root@k8s-master inventory]# kubectl apply -f pc-deployment.yaml
deployment.apps/pc-deployment created
# 查看deployment
# UP-TO-DATE 最新版本的pod的数量
# AVAILABLE 当前可用的pod的数量
[root@k8s-master inventory]# kubectl get -f pc-deployment.yaml
NAME READY UP-TO-DATE AVAILABLE AGE
pc-deployment 3/3 3 3 15m
# 查看rs
# 发现rs的名称是在原来deployment的名字后面添加了一个10位数的随机串
[root@k8s-master inventory]# kubectl get rs -n dev
NAME DESIRED CURRENT READY AGE
pc-deployment-55f7d59b59 3 3 3 16m
# 查看pod
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-55f7d59b59-7gwqm 1/1 Running 0 16m
pc-deployment-55f7d59b59-dl7l2 1/1 Running 0 16m
pc-deployment-55f7d59b59-vfvhf 1/1 Running 0 16m
[root@k8s-master inventory]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
pc-deployment 3/3 3 3 29m
# 变更副本数量为5个
[root@k8s-master inventory]# kubectl scale deploy pc-deployment -n dev --replicas 5
deployment.apps/pc-deployment scaled
# 查看pod
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-55f7d59b59-7gwqm 1/1 Running 0 29m
pc-deployment-55f7d59b59-dl7l2 1/1 Running 0 29m
pc-deployment-55f7d59b59-p52lg 1/1 Running 0 6s
pc-deployment-55f7d59b59-qm4ct 1/1 Running 0 6s
pc-deployment-55f7d59b59-vfvhf 1/1 Running 0 29m
# 查看deployment
[root@k8s-master inventory]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
pc-deployment 5/5 5 5 29m
[root@k8s-master inventory]# kubectl scale deploy pc-deployment -n dev --replicas 2
deployment.apps/pc-deployment scaled
[root@k8s-master inventory]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
pc-deployment 2/2 2 2 29m
# 编辑deployment的副本数量,修改spec:replicas: 4即可
[root@k8s-master inventory]# kubectl edit deploy pc-deployment -n dev
deployment.apps/pc-deployment edited
[root@k8s-master inventory]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
pc-deployment 4/4 4 4 30m
spec:
progressDeadlineSeconds: 600
replicas: 4
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx-pod
deployment支持两种更新策略:重建更新
和滚动更新
,可以通过strategy
指定策略类型,支持两个属性:
strategy:指定新的Pod替换旧的Pod的策略, 支持两个属性:
type:指定策略类型,支持两种策略
Recreate:在创建出新的Pod之前会先杀掉所有已存在的Pod
RollingUpdate:滚动更新,就是杀死一部分,就启动一部分,在更新过程中,存在两个版本Pod
rollingUpdate:当type为RollingUpdate时生效,用于为RollingUpdate设置参数,支持两个属性:
maxUnavailable:用来指定在升级过程中不可用Pod的最大数量,默认为25%。
maxSurge: 用来指定在升级过程中可以超过期望的Pod的最大数量,默认为25%。
[root@k8s-master inventory]# kubectl edit deploy pc-deployment -n dev
deployment.apps/pc-deployment edited
spec:
progressDeadlineSeconds: 600
replicas: 4
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx-pod
strategy:
type: Recreate
spec:
strategy: # 策略
type: Recreate # 重建更新
# 变更镜像
[root@k8s-master inventory]# kubectl set image deploy pc-deployment -n dev nginx=nginx:1.17.2
# 将旧的干掉,重新运行新的
deployment.apps/pc-deployment image updated
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-7b5f8b79dd-bs5f4 0/1 ContainerCreating 0 4s
pc-deployment-7b5f8b79dd-g4lq6 0/1 ContainerCreating 0 4s
pc-deployment-7b5f8b79dd-m8cqm 0/1 ContainerCreating 0 4s
pc-deployment-7b5f8b79dd-q2g6d 0/1 ContainerCreating 0 4s
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-7b5f8b79dd-bs5f4 1/1 Running 0 38s
pc-deployment-7b5f8b79dd-g4lq6 1/1 Running 0 38s
pc-deployment-7b5f8b79dd-m8cqm 1/1 Running 0 38s
pc-deployment-7b5f8b79dd-q2g6d 1/1 Running 0 38s
[root@k8s-master inventory]# kubectl edit deploy pc-deployment -n dev
deployment.apps/pc-deployment edited
spec:
progressDeadlineSeconds: 600
replicas: 4
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx-pod
strategy:
type: RollingUpdate # 滚动更新策略
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
template:
# 变更镜像
[root@k8s-master inventory]# kubectl set image deployment pc-deployment nginx=nginx:1.17.3 -n dev
deployment.apps/pc-deployment image updated
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-54789c879c-gmq55 0/1 ContainerCreating 0 5s
pc-deployment-54789c879c-jtwrk 0/1 ContainerCreating 0 5s
pc-deployment-7b5f8b79dd-bs5f4 1/1 Running 0 15m
pc-deployment-7b5f8b79dd-g4lq6 1/1 Running 0 15m
pc-deployment-7b5f8b79dd-m8cqm 1/1 Running 0 15m
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-54789c879c-gmq55 1/1 Running 0 25s
pc-deployment-54789c879c-jtwrk 1/1 Running 0 25s
pc-deployment-54789c879c-qgwc4 1/1 Running 0 11s
pc-deployment-54789c879c-txhv5 1/1 Running 0 5s
# 至此,新版本的pod创建完毕,就版本的pod销毁完毕
# 中间过程是滚动进行的,也就是边销毁边创建
滚动更新的过程:
去掉一个旧的,运行一个新的
镜像更新中rs的变化
# 查看rs,发现原来的rs的依旧存在,只是pod数量变为了0,而后又新产生了一个rs,pod数量为4
# 其实这就是deployment能够进行版本回退的奥妙所在,后面会详细解释
[root@k8s-master inventory]# kubectl get rs -n dev
NAME DESIRED CURRENT READY AGE
pc-deployment-54789c879c 4 4 4 11m
pc-deployment-55f7d59b59 0 0 0 17h
pc-deployment-7b5f8b79dd 0 0 0 26m
deployment支持版本升级过程中的暂停、继续功能以及版本回退等诸多功能,下面具体来看.
kubectl rollout: 版本升级相关功能,支持下面的选项:
# 查看当前升级版本的状态
[root@k8s-master inventory]# kubectl rollout status deploy pc-deployment -n dev
deployment "pc-deployment" successfully rolled out
# 查看升级历史记录
# 可以发现有三次版本记录,说明完成过两次升级
[root@k8s-master inventory]# kubectl rollout history deploy pc-deployment -n dev
deployment.apps/pc-deployment
REVISION CHANGE-CAUSE
1 <none>
2 <none>
3 <none>
# 版本回滚
# 这里直接使用--to-revision=1回滚到了1版本, 如果省略这个选项,就是回退到上个版本,就是2版本
[root@k8s-master inventory]# kubectl rollout undo deploy pc-deployment -n dev --to-revision=1
deployment.apps/pc-deployment rolled back
# 查看发现,通过nginx镜像版本可以发现到了第一版
[root@k8s-master inventory]# kubectl get pods -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pc-deployment-55f7d59b59-25s76 1/1 Running 0 7s 10.244.2.24 k8s-node2 <none> <none>
pc-deployment-55f7d59b59-2bq2q 1/1 Running 0 5s 10.244.1.20 k8s-node1 <none> <none>
pc-deployment-55f7d59b59-ch8r2 1/1 Running 0 5s 10.244.2.25 k8s-node2 <none> <none>
pc-deployment-55f7d59b59-l444s 1/1 Running 0 7s 10.244.1.19 k8s-node1 <none> <none>
[root@k8s-master inventory]# kubectl get deploy -n dev -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
pc-deployment 4/4 4 4 21h nginx nginx:1.17.1 app=nginx-pod
# 查看rs,发现第一个rs中有4个pod运行,后面两个版本的rs中pod为运行
# 其实deployment之所以可是实现版本的回滚,就是通过记录下历史rs来实现的,
# 一旦想回滚到哪个版本,只需要将当前版本pod数量降为0,然后将回滚版本的pod提升为目标数量就可以了
[root@k8s-master inventory]# kubectl get rs -n dev
NAME DESIRED CURRENT READY AGE
pc-deployment-54789c879c 0 0 0 3h14m
pc-deployment-55f7d59b59 4 4 4 21h
pc-deployment-7b5f8b79dd 0 0 0 3h29m
Deployment控制器支持控制更新过程中的控制,如“暂停(pause)”或“继续(resume)”更新操作。
比如有一批新的Pod资源创建完成后立即暂停更新过程,此时,仅存在一部分新版本的应用,主体部分还是旧的版本。然后,再筛选一小部分的用户请求路由到新版本的Pod应用,继续观察能否稳定地按期望的方式运行。确定没问题之后再继续完成余下的Pod资源滚动更新,否则立即回滚更新操作。这就是所谓的金丝雀发布。
# 更新deployment的版本,并配置暂停deployment
[root@k8s-master inventory]# kubectl set image deploy pc-deployment -n dev nginx=nginx:1.17.4 && kubectl rollout pause deploy pc-deployment -n dev
deployment.apps/pc-deployment image updated
deployment.apps/pc-deployment paused
# 观察更新状态
[root@k8s-master inventory]# kubectl rollout status deploy pc-deployment -n dev
Waiting for deployment "pc-deployment" rollout to finish: 2 out of 4 new replicas have been updated...
# 监控更新的过程,可以看到已经新增了一个资源,但是并未按照预期的状态去删除一个旧的资源,就是因为使用了pause暂停命令
^C[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-55f7d59b59-25s76 1/1 Running 0 67m
pc-deployment-55f7d59b59-ch8r2 1/1 Running 0 67m
pc-deployment-55f7d59b59-l444s 1/1 Running 0 67m
pc-deployment-ddd755b94-r5xhs 0/1 ContainerCreating 0 16s
pc-deployment-ddd755b94-xb7mz 0/1 ContainerCreating 0 16s
[root@k8s-master inventory]# kubectl get rs -n dev
NAME DESIRED CURRENT READY AGE
pc-deployment-54789c879c 0 0 0 4h20m
pc-deployment-55f7d59b59 3 3 3 22h
pc-deployment-7b5f8b79dd 0 0 0 4h35m
pc-deployment-ddd755b94 2 2 0 23s
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-55f7d59b59-25s76 1/1 Running 0 67m
pc-deployment-55f7d59b59-ch8r2 1/1 Running 0 67m
pc-deployment-55f7d59b59-l444s 1/1 Running 0 67m
pc-deployment-ddd755b94-r5xhs 0/1 ContainerCreating 0 25s
pc-deployment-ddd755b94-xb7mz 1/1 Running 0 25s
# 确保更新的pod没问题了,继续更新
[root@k8s-master inventory]# kubectl rollout resume deploy pc-deployment -n dev
deployment.apps/pc-deployment resumed
# 查看最后的更新情况
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-55f7d59b59-ch8r2 1/1 Running 0 67m
pc-deployment-55f7d59b59-l444s 1/1 Running 0 67m
pc-deployment-ddd755b94-7jv2c 0/1 ContainerCreating 0 4s
pc-deployment-ddd755b94-r5xhs 0/1 ContainerCreating 0 35s
pc-deployment-ddd755b94-xb7mz 1/1 Running 0 35s
[root@k8s-master inventory]# kubectl get rs -n dev -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
pc-deployment-54789c879c 0 0 0 4h21m nginx nginx:1.17.3 app=nginx-pod,pod-template-hash=54789c879c
pc-deployment-55f7d59b59 0 0 0 22h nginx nginx:1.17.1 app=nginx-pod,pod-template-hash=55f7d59b59
pc-deployment-7b5f8b79dd 0 0 0 4h36m nginx nginx:1.17.2 app=nginx-pod,pod-template-hash=7b5f8b79dd
pc-deployment-ddd755b94 4 4 4 47s nginx nginx:1.17.4 app=nginx-pod,pod-template-hash=ddd755b94
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-deployment-ddd755b94-7jv2c 1/1 Running 0 18s
pc-deployment-ddd755b94-r5xhs 1/1 Running 0 49s
pc-deployment-ddd755b94-xb7mz 1/1 Running 0 49s
pc-deployment-ddd755b94-xb9ks 1/1 Running 0 9s
# 删除deployment,其下的rs和pod也将被删除
[root@k8s-master inventory]# kubectl delete -f pc-deployment.yaml
deployment.apps "pc-deployment" deleted
[root@k8s-master inventory]# kubectl get rs -n dev -o wide
No resources found in dev namespace.
[root@k8s-master inventory]# kubectl get deloy -n dev -o wide
error: the server doesn't have a resource type "deloy"
[root@k8s-master inventory]# kubectl get pods -n dev
No resources found in dev namespace.
在前面的课程中,我们已经可以实现通过手工执行kubectl scale
命令实现Pod扩容或缩容,但是这显然不符合Kubernetes的定位目标–自动化、智能化。 Kubernetes期望可以实现通过监测Pod的使用情况,实现pod数量的自动调整,于是就产生了Horizontal Pod Autoscaler(HPA)这种控制器。
HPA可以获取每个Pod利用率,然后和HPA中定义的指标进行对比,同时计算出需要伸缩的具体值,最后实现Pod的数量的调整。其实HPA与之前的Deployment一样,也属于一种Kubernetes资源对象,它通过追踪分析RC控制的所有目标Pod的负载变化情况,来确定是否需要针对性地调整目标Pod的副本数,这是HPA的实现原理。
# 安装git
[root@k8s-master ~]# yum -y install git
# 获取metrics-server, 注意使用的版本
[root@k8s-master ~]# git clone -b v0.6.1 https://github.com/kubernetes-incubator/metrics-server
Cloning into 'metrics-server'...
remote: Enumerating objects: 14773, done.
remote: Counting objects: 100% (270/270), done.
remote: Compressing objects: 100% (163/163), done.
remote: Total 14773 (delta 124), reused 199 (delta 102), pack-reused 14503
Receiving objects: 100% (14773/14773), 13.37 MiB | 1.91 MiB/s, done.
Resolving deltas: 100% (7811/7811), done.
Note: switching to '9c9d712d31742f7c32c023d7b36c49c2dc7033b5'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
[root@k8s-master ~]# ls
anaconda-ks.cfg kube-flannel.yml metrics-server
k8s.txt manifest
[root@k8s-master ~]#
下载 components.yaml
[root@k8s-master ~]# wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml
# 修改文件components.yaml
将健康检查删除:
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
添加
args:
- --kubelet-insecure-tls
修改文件components.yaml
spec:
containers:
- args:
- --cert-dir=/tmp
# - --secure-port=4443
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
k8s-app: metrics-server
---
image:registry.aliyuncs.com/google_containers/metrics-server:v0.6.1
imagePullPolicy: Always
name: metrics-server
ports:
- containerPort: 80
name: http
protocol: TCP
# 这个存在问题 去掉健康检查pod将无法运行
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7bdc4cb885-pdfd6 0/1 CrashLoopBackOff 2628 (108s ago) 128d
coredns-7bdc4cb885-wkg7z 0/1 CrashLoopBackOff 2624 (2m43s ago) 128d
etcd-k8s-master 1/1 Running 0 128d
kube-apiserver-k8s-master 1/1 Running 0 128d
kube-controller-manager-k8s-master 1/1 Running 0 128d
kube-proxy-hphsp 1/1 Running 0 128d
kube-proxy-pgbld 1/1 Running 0 128d
kube-proxy-sp6cn 1/1 Running 0 128d
kube-scheduler-k8s-master 1/1 Running 0 128d
metrics-server-649b769999-ww7q7 0/1 Error 2 (20s ago) 27s
[root@k8s-master ~]# kubectl describe -f components.yaml
Conditions:
Last Transition Time: 2023-12-01T09:10:43Z
Message: service/metrics-server in "kube-system" is not listening on port 443
Reason: ServicePortError
Status: False
Type: Available
Events: <none>
# metrics-server安装完成正常效果如下
[root@k8s-master01 1.8+]# kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master01 289m 14% 1582Mi 54%
k8s-node01 81m 4% 1195Mi 40%
k8s-node02 72m 3% 1211Mi 41%
[root@k8s-master01 1.8+]# kubectl top pod -n kube-system
NAME CPU(cores) MEMORY(bytes)
coredns-6955765f44-7ptsb 3m 9Mi
coredns-6955765f44-vcwr5 3m 8Mi
etcd-master 14m 145Mi
...
# 创建pc-hpa-pod.yaml文件
[root@k8s-master inventory]# vi pc-hpa-pod.yaml
[root@k8s-master inventory]# cat pc-hpa-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: dev
spec:
strategy: # 策略
type: RollingUpdate # 滚动更新策略
replicas: 1
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.17.1
resources: # 资源配额
limits: # 限制资源(上限)
cpu: "1" # CPU限制,单位是core数
requests: # 请求资源(下限)
cpu: "100m" # CPU限制,单位是core数
# 创建pod
[root@k8s-master inventory]# kubectl apply -f pc-hpa-pod.yaml
deployment.apps/nginx created
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx-5dd48c6cd4-v89mt 1/1 Running 0 43s
# 创建service
[root@k8s-master inventory]# kubectl expose deploy nginx --type=NodePort --port=80 -n dev
service/nginx exposed
[root@k8s-master inventory]# kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx NodePort 10.110.182.125 <none> 80:32149/TCP 5s
[root@k8s-master inventory]# kubectl get pods,svc,deploy -n dev
NAME READY STATUS RESTARTS AGE
pod/nginx-5dd48c6cd4-v89mt 1/1 Running 0 78s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/nginx NodePort 10.110.182.125 <none> 80:32149/TCP 16s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 1/1 1 1 78s
# 创建pc-hpa.yaml文件
[root@k8s-master inventory]# cat pc-hpa.yaml
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: pc-hpa
namespace: dev
spec:
minReplicas: 1 #最小pod数量
maxReplicas: 10 #最大pod数量
targetCPUUtilizationPercentage: 3 # CPU使用率指标
scaleTargetRef: # 指定要控制的nginx信息
apiVersion: apps/v1
kind: Deployment
name: nginx
# 创建hpa
[root@k8s-master inventory]# kubectl apply -f pc-hpa.yaml
horizontalpodautoscaler.autoscaling/pc-hpa created
# 查看hpa
[root@k8s-master inventory]# kubectl get -f pc-hpa.yaml
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
pc-hpa Deployment/nginx <unknown>/3% 1 10 0 11s
# 测试
# 使用压测工具对service地址192.168.232.128:31876 进行压测,然后通过控制台查看hpa和pod的变化
# hpa变化
[root@k8s-master inventory]# kubectl get hpa -n dev -w
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
pc-hpa Deployment/nginx <unknown>/3% 1 10 1 119s
# deployment变化
^C[root@k8s-master inventory]# kubectl get deploy -n dev -w
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/1 1 1 3d21h
# pod变化
^C[root@k8s-master inventory]# kubectl get pods -n dev -w
NAME READY STATUS RESTARTS AGE
nginx-5dd48c6cd4-v89mt 1/1 Running 0 3d21h
DaemonSet类型的控制器可以保证在集群中的每一台(或指定)节点上都运行一个副本。一般适用于日志收集、节点监控等场景。也就是说,如果一个Pod提供的功能是节点级别的(每个节点都需要且只需要一个),那么这类Pod就适合使用DaemonSet类型的控制器创建。
DaemonSet控制器的特点:
下面先来看下DaemonSet的资源清单文件
apiVersion: apps/v1 # 版本号
kind: DaemonSet # 类型
metadata: # 元数据
name: # rs名称
namespace: # 所属命名空间
labels: #标签
controller: daemonset
spec: # 详情描述
revisionHistoryLimit: 3 # 保留历史版本
updateStrategy: # 更新策略
type: RollingUpdate # 滚动更新策略
rollingUpdate: # 滚动更新
maxUnavailable: 1 # 最大不可用状态的 Pod 的最大值,可以为百分比,也可以为整数
selector: # 选择器,通过它指定该控制器管理哪些pod
matchLabels: # Labels匹配规则
app: nginx-pod
matchExpressions: # Expressions匹配规则
- {key: app, operator: In, values: [nginx-pod]}
template: # 模板,当副本数量不足时,会根据下面的模板创建pod副本
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.17.1
ports:
- containerPort: 80
# 创建文件
[root@k8s-master inventory]# cat pc-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: pc-daemonset
namespace: dev
spec:
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.17.1
# 运行
# 创建daemonset
[root@k8s-master inventory]# kubectl apply -f pc-daemonset.yaml
daemonset.apps/pc-daemonset created
# 查看daemonset
[root@k8s-master inventory]# kubectl get ds -n dev -o wide
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
pc-daemonset 2 2 2 2 2 <none> 67s nginx nginx:1.17.1 app=nginx-pod
# 查看pod,发现在每个Node上都运行一个pod
[root@k8s-master inventory]# kubectl get pods -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pc-daemonset-nf98r 1/1 Running 0 75s 10.244.2.34 k8s-node2 <none> <none>
pc-daemonset-pl7w2 1/1 Running 0 75s 10.244.1.27 k8s-node1 <none> <none>
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-daemonset-nf98r 1/1 Running 0 79s
pc-daemonset-pl7w2 1/1 Running 0 79s
# 删除daemonset
[root@k8s-master inventory]# kubectl delete -f pc-daemonset.yaml
daemonset.apps "pc-daemonset" deleted
Job,主要用于负责**批量处理(一次要处理指定数量任务)短暂的一次性(每个任务仅运行一次就结束)**任务。Job特点如下:
Job的资源清单文件:
apiVersion: batch/v1 # 版本号
kind: Job # 类型
metadata: # 元数据
name: # rs名称
namespace: # 所属命名空间
labels: #标签
controller: job
spec: # 详情描述
completions: 1 # 指定job需要成功运行Pods的次数。默认值: 1
parallelism: 1 # 指定job在任一时刻应该并发运行Pods的数量。默认值: 1
activeDeadlineSeconds: 30 # 指定job可运行的时间期限,超过时间还未结束,系统将会尝试进行终止。
backoffLimit: 6 # 指定job失败后进行重试的次数。默认是6
manualSelector: true # 是否可以使用selector选择器选择pod,默认是false
selector: # 选择器,通过它指定该控制器管理哪些pod
matchLabels: # Labels匹配规则
app: counter-pod
matchExpressions: # Expressions匹配规则
- {key: app, operator: In, values: [counter-pod]}
template: # 模板,当副本数量不足时,会根据下面的模板创建pod副本
metadata:
labels:
app: counter-pod
spec:
restartPolicy: Never # 重启策略只能设置为Never或者OnFailure
containers:
- name: counter
image: busybox:1.30
command: ["bin/sh","-c","for i in 9 8 7 6 5 4 3 2 1; do echo $i;sleep 2;done"]
关于重启策略设置的说明:
如果指定为OnFailure,则job会在pod出现故障时重启容器,而不是创建pod,failed次数不变
如果指定为Never,则job会在pod出现故障时创建新的pod,并且故障pod不会消失,也不会重启,failed次数加1
如果指定为Always的话,就意味着一直重启,意味着job任务会重复去执行了,当然不对,所以不能设置为Always
# 创建pc-job.yaml
[root@k8s-master inventory]# vim pc-job.yaml
[root@k8s-master inventory]# cat pc-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: pc-job
namespace: dev
spec:
manualSelector: true
selector:
matchLables:
app: counter-pod
template:
metadata:
labels:
app: counter-pod
spec:
restartPolicy: Never
containers:
- name: counter
image: busybox:1.30
command: ["bin/sh","-c","for i in 9 8 7 6 5 4 3 2 1; do echo $i;sleep 3;done"]
# 创建job
[root@k8s-master inventory]# kubectl apply -f pc-job.yaml
job.batch/pc-job created
# 查看job
[root@k8s-master inventory]# kubectl get -f pc-job.yaml
NAME COMPLETIONS DURATION AGE
pc-job 1/1 43s 44s
[root@k8s-master inventory]# kubectl get -f pc-job.yaml -o wide
NAME COMPLETIONS DURATION AGE CONTAINERS IMAGES SELECTOR
pc-job 1/1 43s 46s counter busybox:1.30 app=counter-pod
# 通过观察pod状态可以看到,pod在运行完毕任务后,就会变成Completed状态
[root@k8s-master inventory]# kubectl get pods -n dev -w
NAME READY STATUS RESTARTS AGE
pc-job-2gmvz 0/1 Completed 0 65s
^C[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-job-2gmvz 0/1 Completed 0 70s
# 接下来,调整下pod运行的总数量和并行数量 即:在spec下设置下面两个选项
# completions: 6 # 指定job需要成功运行Pods的次数为6
# parallelism: 3 # 指定job并发运行Pods的数量为3
# 然后重新运行job,观察效果,此时会发现,job会每次运行3个pod,总共执行了6个pod
[root@k8s-master inventory]# kubectl delete -f pc-job.yaml
job.batch "pc-job" deleted
[root@k8s-master inventory]# cat pc-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: pc-job
namespace: dev
spec:
manualSelector: true
completions: 6
parallelism: 3
selector:
matchLabels:
app: counter-pod
template:
metadata:
labels:
app: counter-pod
spec:
restartPolicy: Never
containers:
- name: counter
image: busybox:1.30
command: ["bin/sh","-c","for i in 9 8 7 6 5 4 3 2 1; do echo $i;sleep 3;done"]
[root@k8s-master inventory]# kubectl apply -f pc-job.yaml
job.batch/pc-job created
[root@k8s-master inventory]# kubectl get job -n dev
NAME COMPLETIONS DURATION AGE
pc-job 0/6 8s 8s
[root@k8s-master inventory]# kubectl get job -n dev -w
NAME COMPLETIONS DURATION AGE
pc-job 0/6 12s 12s
pc-job 0/6 15s 15s
pc-job 0/6 18s 18s
pc-job 0/6 31s 31s
pc-job 0/6 33s 33s
pc-job 1/6 33s 33s
pc-job 1/6 35s 35s
pc-job 1/6 42s 42s
pc-job 1/6 44s 44s
pc-job 2/6 44s 44s
pc-job 2/6 45s 45s
pc-job 2/6 47s 47s
pc-job 3/6 47s 47s
pc-job 3/6 49s 49s
pc-job 3/6 63s 63s
pc-job 3/6 64s 64s
pc-job 4/6 64s 64s
pc-job 4/6 74s 74s
pc-job 4/6 75s 75s
pc-job 5/6 75s 75s
pc-job 5/6 76s 76s
pc-job 5/6 78s 78s
pc-job 6/6 78s 78s
^C[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-job-bsst4 0/1 Completed 0 88s
pc-job-k4mbq 0/1 Completed 0 55s
pc-job-q47x6 0/1 Completed 0 88s
pc-job-r8lvt 0/1 Completed 0 42s
pc-job-sq5z2 0/1 Completed 0 88s
pc-job-t9sxb 0/1 Completed 0 44s
# 删除job
[root@k8s-master inventory]# kubectl delete -f pc-job.yaml
job.batch "pc-job" deleted
CronJob控制器以Job控制器资源为其管控对象,并借助它管理pod资源对象,Job控制器定义的作业任务在其控制器资源创建之后便会立即执行,但CronJob可以以类似于Linux操作系统的周期性任务作业计划的方式控制其运行时间点及重复运行的方式。也就是说,CronJob可以在特定的时间点(反复的)去运行job任务。
CronJob的资源清单文件:
apiVersion: batch/v1beta1 # 版本号
kind: CronJob # 类型
metadata: # 元数据
name: # rs名称
namespace: # 所属命名空间
labels: #标签
controller: cronjob
spec: # 详情描述
schedule: # cron格式的作业调度运行时间点,用于控制任务在什么时间执行
concurrencyPolicy: # 并发执行策略,用于定义前一次作业运行尚未完成时是否以及如何运行后一次的作业
failedJobHistoryLimit: # 为失败的任务执行保留的历史记录数,默认为1
successfulJobHistoryLimit: # 为成功的任务执行保留的历史记录数,默认为3
startingDeadlineSeconds: # 启动作业错误的超时时长
jobTemplate: # job控制器模板,用于为cronjob控制器生成job对象;下面其实就是job的定义
metadata:
spec:
completions: 1
parallelism: 1
activeDeadlineSeconds: 30
backoffLimit: 6
manualSelector: true
selector:
matchLabels:
app: counter-pod
matchExpressions: 规则
- {key: app, operator: In, values: [counter-pod]}
template:
metadata:
labels:
app: counter-pod
spec:
restartPolicy: Never
containers:
- name: counter
image: busybox:1.30
command: ["bin/sh","-c","for i in 9 8 7 6 5 4 3 2 1; do echo $i;sleep 20;done"]
需要重点解释的几个选项:
schedule: cron表达式,用于指定任务的执行时间
*/1 * * * *
<分钟> <小时> <日> <月份> <星期>
分钟 值从 0 到 59.
小时 值从 0 到 23.
日 值从 1 到 31.
月 值从 1 到 12.
星期 值从 0 到 6, 0 代表星期日
多个时间可以用逗号隔开; 范围可以用连字符给出;*可以作为通配符; /表示每...
concurrencyPolicy:
Allow: 允许Jobs并发运行(默认)
Forbid: 禁止并发运行,如果上一次运行尚未完成,则跳过下一次运行
Replace: 替换,取消当前正在运行的作业并用新作业替换它
# 创建pc-cronjob.yaml
[root@k8s-master inventory]# cat pc-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: pc-cronjob
namespace: dev
labels:
contorller: cronjob
spec:
schedule: "*/1 * * * *"
jobTemplate:
metadata:
spec:
template:
spec:
restartPolicy: Never
containers:
- name: counter
image: busybox:1.30
command: ["bin/sh","-c","for i in 9 8 7 6 5 4 3 2 1; do echo $i;sleep 3;done"]
# 创建cronjob
[root@k8s-master inventory]# kubectl apply -f pc-cronjob.yaml
cronjob.batch/pc-cronjob created
# 查看cronjob
[root@k8s-master inventory]# kubectl get -f pc-cronjob.yaml
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
pc-cronjob */1 * * * * False 0 <none> 2s
# 查看job
[root@k8s-master inventory]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pc-cronjob-28364137-h2zdn 0/1 Completed 0 2m11s
pc-cronjob-28364138-mt544 0/1 Completed 0 71s
pc-cronjob-28364139-8k98x 1/1 Running 0 11s
# 删除cronjob
[root@k8s-master inventory]# kubectl delete -f pc-cronjob.yaml
cronjob.batch "pc-cronjob" deleted