Kubernetes:更新与回滚
除了创建,Deployment 提供的另一个重要的功能就是更新应用,这是一个比创建复杂很多的过程。想象一下在日常交付中,在线升级是一个很常见的需求,同时应该尽量保证不能因为升级中断服务。这就要求我们必须使用一定的策略来决定何时创建新的 Pod,何时删除旧版本的 Pod。kubectl 支持滚动升级的方式,每次更新一个pod,而不是同时删除整个服务。
前置知识
回顾知识:
kubectl set image
命令格式:
kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N
例如:
Examples:
# Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1
# Update all deployments' and rc's nginx container's image to 'nginx:1.9.1'
kubectl set image deployments,rc nginx=nginx:1.9.1 --all
# Update image of all containers of daemonset abc to 'nginx:1.9.1'
kubectl set image daemonset abc *=nginx:1.9.1
# Print result (in yaml format) of updating nginx container image from local file, without hitting the server
kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml
💡Tips:支持缩写,如pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), replicaset (rs)。
选项
--all=false: Select all resources, including uninitialized ones, in the namespace of the specified resource types
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
--dry-run='none': Must be "none", "server", or "client". If client strategy, only print the object that would be
sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager='kubectl-set': Name of the manager used to track field ownership.
-f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server.
-k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R.
--local=false: If true, set image will NOT contact api-server but run locally.
-o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
--record=false: Record current kubectl command in the resource annotation. If set to false, do not record the
command. If set to true, record the command. If not set, default to updating the existing annotation value only if one
already exists.
-R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage
related manifests organized within the same directory.
-l, --selector='': Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and
'!='.(e.g. -l key1=value1,key2=value2)
--show-managed-fields=false: If true, keep the managedFields when printing objects in JSON or YAML format.
--template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
示例
创建deployment
先创建一个deployment,ngx-deploy.yaml配置文件如下:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.16.0
ports:
- containerPort: 80
执行命令:
kubectl create -f ngx-deploy.yaml
使用 watch 方式来观测 deployment 的状态变化:
[root@master test]# kubectl get deploy nginx-deployment -w
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 0/2 2 0 14s
nginx-deployment 1/2 2 1 25s
nginx-deployment 2/2 2 2 38s
说明:
- NAME:deployment 的名字。
- READY:就是当前有多少个 Pod 处于运行中/期望有多少个 Pod。
- UP-TO-DATE:达到最新状态的 Pod 的数量。当 Deployment 在进行更新时,会有新老版本的 Pod 同时存在,这时候这个字段会比较有用。
- AVAILABLE:可用的 Pod。上个实验我们讲了健康检查的相关配置,Pod 运行中和可以提供服务是不同的概念。
- AGE:deployment 运行的时间。
更新镜像
接下来先更新一个nginx镜像,版本为1.18:
kubectl set image deployment.v1.apps/nginx-deployment nginx=nginx:1.18.0 --record
说明:
--record:将这条命令记录到了 deployment 的 yaml 的annotations里,可用于回滚镜像。
使用watch方式观察deployment实例变更情况:
[root@master test]# kubectl get deploy nginx-deployment -w
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 2/2 1 2 3m41s
nginx-deployment 3/2 1 3 3m58s
nginx-deployment 2/2 1 2 3m58s
nginx-deployment 2/2 2 2 3m58s
可以通过 get yaml 看到:
[root@master test]# kubectl get deploy nginx-deployment -o yaml
...
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: nginx:1.18.0
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
...
回滚镜像
有更新就有回滚。比如新的镜像版本有问题,或者配置不对等等,这是部署到生产环境里经常发生的事情。相对于更新,回滚镜像一般都是出现了问题,需要更快地进行处理。Deployment 的回滚机制正是为此而生。
可以通过命令查看历史版本:
[root@master test]# kubectl rollout history deployment.v1.apps/nginx-deployment
deployment.apps/nginx-deployment
REVISION CHANGE-CAUSE
1 <none>
2 kubectl set image deployment.v1.apps/nginx-deployment nginx=nginx:1.18.0 --record=true
回滚到上一个版本:
kubectl rollout undo deployment.v1.apps/nginx-deployment
可以观察到已回到上个版本:
[root@master test]# kubectl get deploy nginx-deployment -o yaml
...
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: nginx:1.16.0
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
...
也可回滚到指定版本:
kubectl rollout undo deployment.v1.apps/nginx-deployment --to-revision=2
