Kubernetes 零宕机发布设置
POD
定义
Pod 是可以在 Kubernetes 中创建和管理的、最小的可部署的计算单元,每个Pod包含了一个pause容器,pause容器时Pod的父容器,负责僵尸进程的回收管理,通过pause容器可以支持同一个Pod里面的多个容器共享存储、网络、ipc等。
说明:Pod一般不直接操作,通过 Deployment、StatefulSet、DaemonSet控制。
[root@master01 ~]# kubectl get pod -n kube-system -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-5f6d4b864b-k45q5 1/1 Running 4 4d9h 192.168.44.13 node01 <none> <none>
calico-node-58hbg 1/1 Running 4 4d9h 192.168.44.12 master03 <none> <none>
calico-node-dlj65 1/1 Running 3 4d9h 192.168.44.11 master02 <none> <none>
calico-node-jqb6h 1/1 Running 4 4d9h 192.168.44.14 node02 <none> <none>
calico-node-r8fl5 1/1 Running 5 4d9h 192.168.44.10 master01 <none> <none>
calico-node-wv4vx 1/1 Running 4 4d9h 192.168.44.13 node01 <none> <none>
coredns-867d46bfc6-ljdjr 1/1 Running 4 4d9h 172.29.55.5 node01 <none> <none>
metrics-server-595f65d8d5-6k4wq 1/1 Running 6 4d9h 172.21.231.133 node02 <none> <none>
[root@master01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6b4384467b1 d45bf977dfbf "start_runit" 2 hours ago Up 2 hours k8s_calico-node_calico-node-r8fl5_kube-system_e06be2e7-75dc-4029-b468-f3b7f253ab44_5
683c51344750 registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2 "/pause" 2 hours ago Up 2 hours k8s_POD_calico-node-r8fl5_kube-system_e06be2e7-75dc-4029-b468-f3b7f253ab44_5
使用Pod
创建一个pod
vim pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
role: frontend
annotations:
app: nginx
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
command:
- nginx
- -g
- "daemon off;"
workingDir: /usr/share/nginx/html
ports:
- name: http
containerPort: 80
protocol: TCP
env:
- name: TZ
value: Asia/Shanghai
- name: LANG
value: en_US.utf8
restartPolicy: Always
[root@master01 pod_demo]# kubectl create -f pod.yaml
pod/nginx created
[root@master01 pod_demo]# kubectl get po
NAME READY STATUS RESTARTS AGE
nginx 0/1 ContainerCreating 0 13s
[root@master01 pod_demo]# kubectl get po --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 0/1 ContainerCreating 0 30s app=nginx,role=frontend
[root@master01 pod_demo]# kubectl create -f pod.yaml -n kube-public
pod/nginx created
[root@master01 pod_demo]# kubectl get po -n kube-public
NAME READY STATUS RESTARTS AGE
nginx 0/1 ContainerCreating 0 12s
#如果pod在命名空间下已存在 再次创建回报错
[root@master01 pod_demo]# kubectl create -f pod.yaml -n kube-public
Error from server (AlreadyExists): error when creating "pod.yaml": pods "nginx" already exists
# 修改配置使用apply命令
[root@master01 pod_demo]# vim pod.yaml
[root@master01 pod_demo]# kubectl apply -f pod.yaml -n kube-public
pod/nginx configured
零宕机发布
Pod 探针
使用示例
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
labels:
app: nginx #app=nginx
role: frontend
annotations:
app: nginx
spec:
initContainers:
- command:
- sh
- -c
- echo "initContainers...."
image: busybox
imagePullPolicy: IfNotPresent
name: init-container
containers:
- name: nginx
image: nginx:latest
imagePullPolicy: Always
command:
- nginx
- -g
- "daemon off;"
workingDir: /usr/share/nginx/html
volumeMounts:
- name: webroot
mountPath: /usr/share/nginx/html
readOnly: true
ports:
- name: http
containerPort: 80
protocol: TCP
env:
- name: TZ
value: Asia/Shanghai
- name: LANG
value: en_US.utf8
startupProbe: # 可选,检测容器内进程是否完成启动。注意三种检查方式同时只能使用一种。
httpGet: # httpGet检测方式,生产环境建议使用httpGet实现接口级健康检查,健康检查由应用程序提供。
path: /api/successStart # 检查路径
port: 80
readinessProbe: # 可选,健康检查。注意三种检查方式同时只能使用一种。
httpGet: # httpGet检测方式,生产环境建议使用httpGet实现接口级健康检查,健康检查由应用程序提供。
path: / # 检查路径
port: 80 # 监控端口
livenessProbe: # 可选,健康检查
exec: # 执行容器命令检测方式
command:
- cat
- /health
# httpGet: # httpGet检测方式
# path: /_health # 检查路径
# port: 8080
# httpHeaders: # 检查的请求头
# - name: end-user
# value: Jason
# tcpSocket: # 端口检测方式
# port: 80
initialDelaySeconds: 60 # 初始化时间
timeoutSeconds: 2 # 超时时间
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功为2次表示就绪
failureThreshold: 2 # 检测失败1次表示未就绪
lifecycle:
postStart: # 容器创建完成后执行的指令, 可以是exec httpGet TCPSocket
exec:
command:
- sh
- -c
- 'mkdir /data/ '
preStop:
httpGet:
path: /
port: 80
# exec:
# command:
# - sh
# - -c
# - sleep 9
restartPolicy: Always
hostNetwork: false # 可选,是否为主机模式,如是,会占用主机端口
volumes:
- name: webroot
emptyDir: {}
#hostPath:
# path: /etc/hosts
StartUpProbe
k8s 1.16 版本后新增探测方式,用于探测容器内应用程序是否已经启动。如果配置了 StatUpProbe,会先禁止其他的探测,知道它成功为止。成功后就不在进行探测
[root@master01 pod_demo]# kubectl get po -oyaml | grep -10 startup
- containerPort: 80
name: http
protocol: TCP
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 100m
memory: 512Mi
startupProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 80
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /usr/share/nginx/html
---- ------ ---- ---- -------
Normal Scheduled 4m14s default-scheduler Successfully assigned default/nginx to master01
Normal Pulled 4m14s kubelet Container image "busybox" already present on machine
Normal Created 4m14s kubelet Created container init-container
Normal Started 4m14s kubelet Started container init-container
Normal Pulling 4m13s kubelet Pulling image "nginx:latest"
Normal Pulled 4m10s kubelet Successfully pulled image "nginx:latest" in 2.314921369s
Normal Created 4m10s kubelet Created container nginx
Normal Started 4m10s kubelet Started container nginx
[root@master01 pod_demo]# kubectl get po -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 14m 172.31.112.133 master01 <none> <none>
LivenessProbe
用于探测容器是否运行,如果探测失败,kubelet 会根据配置的重启策略进行相应处理。若没有配置该探针,则默认为success
ReadenessProbe
用于探测容器内的程序是否健康,当返回success时,表示这个容器已经启动,并且程序已经在可以接受流量的状态。
Pod 探针检测方式
ExecAction
在容器内执行一个命令,如果返回0,则容器健康。
TCPSocketAction
通过TCP连接检查容器内的端口是否可以访问,如果可以则认为容器健康。
HTTPGetAction
通过应用程序暴露的API地址来检查程序是否正常,如果HTTP状态码为 200~400 之间,则认为容器健康。
探针检查参数配置
initialDelaySeconds: 60 # 初始化时间
timeoutSeconds: 2 # 超时时间
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功为2次表示就绪
failureThreshold: 2 # 检测失败1次表示未就绪
[root@master01 pod_demo]# cat probe2.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
labels:
app: nginx #app=nginx
role: frontend
annotations:
app: nginx
spec:
initContainers:
- command:
- sh
- -c
- echo "initContainers...."
image: busybox
imagePullPolicy: IfNotPresent
name: init-container
containers:
- name: nginx
image: nginx:latest
imagePullPolicy: Always
command:
- nginx
- -g
- "daemon off;"
workingDir: /usr/share/nginx/html
volumeMounts:
- name: webroot
mountPath: /usr/share/nginx/html
readOnly: true
ports:
- name: http
containerPort: 80
protocol: TCP
env:
- name: TZ
value: Asia/Shanghai
- name: LANG
value: en_US.utf8
startupProbe: # 可选,检测容器内进程是否完成启动。注意三种检查方式同时只能使用一种。
exec:
command:
- ls
- /etc
readinessProbe: # 可选,健康检查。注意三种检查方式同时只能使用一种。
exec:
command:
- ls
- /etc
livenessProbe: # 可选,健康检查
exec:
command:
- ls
- /etc
initialDelaySeconds: 60 # 初始化时间
timeoutSeconds: 2 # 超时时间
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功为2次表示就绪
failureThreshold: 2 # 检测失败1次表示未就绪
lifecycle:
postStart:
exec:
command:
- sh
- -c
- 'mkdir /data/ '
preStop:
httpGet:
path: /
port: 80
# exec:
# command:
# - sh
# - -c
# - sleep 9
restartPolicy: Always
hostNetwork: false # 可选,是否为主机模式,如是,会占用主机端口
volumes:
- name: webroot
emptyDir: {}
#hostPath:
# path: /etc/hosts
livecycle
postStart
容器创建完成后执行的指令,可以是exec httpGet TCPSocket,不能保证postStart执行在 command 命令之前,所以初始化容器操作一般都在 initContainer 进行。
postStop
容器停止之前做的操作,eg:告知注册中心,把自己的IP地址和端口号进行下线,容器进行sleep等待其他组件操作完成。
sleep 时间需要结合 terminationGracePeriodSeconds设置,不能超过terminationGracePeriodSeconds 设置的值。
pod 退出流程
[root@master01 pod_demo]# kubectl get po
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 8m1s
You have new mail in /var/spool/mail/root
[root@master01 pod_demo]# kubectl delete po nginx
pod "nginx" deleted
-
用户执行删除操作
-
Pod 状态变更为 Terminating, Endpoint 删除Pod Ip 地址,执行preStop的指令
[root@master01 pod_demo]# kubectl get po nginx -oyaml | grep ter f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:terminationGracePeriodSeconds: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst terminationMessagePath: /dev/termination-log terminationMessagePolicy: File nodeName: master01 terminationGracePeriodSeconds: 30 terminated:
terminationGracePeriodSeconds: 30
30s 时间用来进行清理工作
