基于StatefulSet部署有状态服务
一、StatefulSet介绍
官网介绍:https://kubernetes.io/zh/docs/concepts/workloads/controllers/statefulset/
- StatefulSet 是用来管理有状态应用的工作负载 API 对象。
- StatefulSet 用来管理某 Pod 集合的部署和扩缩, 并为这些 Pod 提供持久存储和持久标识符。和 Deployment 类似, StatefulSet 管理基于相同容器规约的一组 Pod。但和 Deployment 不同的是, StatefulSet 为它们的每个 Pod 维护了一个有粘性的 ID。这些 Pod 是基于相同的规约来创建的, 但是不能相互替换:无论怎么调度,每个 Pod 都有一个永久不变的 ID。
- 如果希望使用存储卷为工作负载提供持久存储,可以使用 StatefulSet 作为解决方案的一部分。 尽管 StatefulSet 中的单个 Pod 仍可能出现故障, 但持久的 Pod 标识符使得将现有卷与替换已失败 Pod 的新 Pod 相匹配变得更加容易。
使用 StatefulSet
StatefulSet 对于需要满足以下一个或多个需求的应用程序很有价值:
- 稳定的、唯一的网络标识符。
- 稳定的、持久的存储。
- 有序的、优雅的部署和扩缩。
- 有序的、自动的滚动更新。
在上面描述中,“稳定的”意味着 Pod 调度或重调度的整个过程是有持久性的。 如果应用程序不需要任何稳定的标识符或有序的部署、删除或扩缩, 则应该使用由一组无状态的副本控制器提供的工作负载来部署应用程序,比如 Deployment 或者 ReplicaSet 可能更适用于你的无状态应用部署需要。
限制
- 给定 Pod 的存储必须由 PersistentVolume Provisioner 基于所请求的 storage class 来制备,或者由管理员预先制备。
- 删除或者扩缩 StatefulSet 并不会删除它关联的存储卷。 这样做是为了保证数据安全,它通常比自动清除 StatefulSet 所有相关的资源更有价值。
- StatefulSet 当前需要无头服务来负责 Pod 的网络标识。你需要负责创建此服务。
- 当删除一个 StatefulSet 时,该 StatefulSet 不提供任何终止 Pod 的保证。 为了实现 StatefulSet 中的 Pod 可以有序且体面地终止,可以在删除之前将 StatefulSet 缩容到 0。
- 在默认 Pod 管理策略(OrderedReady) 时使用滚动更新, 可能进入需要人工干预才能修复的损坏状态。
使用场景
- Statefulset为了解决有状态服务的集群部署、 集群之间的数据同步问题(MySQL主从等)
- Statefulset所管理的Pod拥有唯一且固定的Pod名称
- Statefulset按照顺序对pod进行启停、 伸缩和回收
- Headless Services(无头服务, 请求的解析直接解析到pod IP)
运行逻辑
二、基于StatefulSet部署有状态服务
2.1、准备nfs 动态存储类
root@easzlab-deploy:~/jiege-k8s/nfs-pv-pvc# cat nfs-deployment.yaml apiVersion: v1 kind: ServiceAccount metadata: name: nfs-client-provisioner namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-client-provisioner-runner rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["endpoints","services"] verbs: ["get", "list", "watch","create","update", "patch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: run-nfs-client-provisioner subjects: - kind: ServiceAccount name: nfs-client-provisioner namespace: kube-system roleRef: kind: ClusterRole name: nfs-client-provisioner-runner apiGroup: rbac.authorization.k8s.io --- kind: Deployment apiVersion: apps/v1 metadata: name: nfs-provisioner-01 namespace: kube-system spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: nfs-provisioner-01 template: metadata: labels: app: nfs-provisioner-01 spec: serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: registry.cn-qingdao.aliyuncs.com/zhangshijie/nfs-subdir-external-provisioner:v4.0.2 imagePullPolicy: IfNotPresent volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes env: - name: PROVISIONER_NAME value: nfs-provisioner-01 - name: NFS_SERVER value: 172.16.88.169 - name: NFS_PATH value: /data volumes: - name: nfs-client-root nfs: server: 172.16.88.169 path: /data --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: nfs-dynamic-class annotations: storageclass.kubernetes.io/is-default-class: "false" provisioner: nfs-provisioner-01 parameters: archiveOnDelete: "false" root@easzlab-deploy:~/jiege-k8s/nfs-pv-pvc# root@easzlab-deploy:~/jiege-k8s/nfs-pv-pvc# kubectl apply -f nfs-deployment.yaml serviceaccount/nfs-client-provisioner created clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner created clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner created deployment.apps/nfs-provisioner-01 created storageclass.storage.k8s.io/nfs-dynamic-class created root@easzlab-deploy:~/jiege-k8s/nfs-pv-pvc# kubectl get pod -n kube-system NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-kube-controllers-5c8bb696bb-5nrbl 1/1 Running 3 (2d18h ago) 3d23h kube-system calico-node-68k76 1/1 Running 2 (2d18h ago) 3d21h kube-system calico-node-bz8pp 1/1 Running 2 (2d18h ago) 3d21h kube-system calico-node-cfl2g 1/1 Running 2 (2d18h ago) 3d21h kube-system calico-node-hsrfh 1/1 Running 2 (2d18h ago) 3d21h kube-system calico-node-j8kgf 1/1 Running 2 (2d18h ago) 3d21h kube-system calico-node-kdb5j 1/1 Running 2 (2d18h ago) 3d21h kube-system calico-node-mqmhp 1/1 Running 2 (2d18h ago) 3d21h kube-system calico-node-x6ctf 1/1 Running 2 (2d18h ago) 3d21h kube-system calico-node-xh79g 1/1 Running 2 3d21h kube-system coredns-69548bdd5f-9md6c 1/1 Running 2 (2d18h ago) 3d23h kube-system coredns-69548bdd5f-n6rvg 1/1 Running 2 (2d18h ago) 3d23h kube-system kuboard-7dc6ffdd7c-njhnb 1/1 Running 2 (2d18h ago) 3d23h kube-system metrics-server-686ff776cf-dbgq6 1/1 Running 4 (2d18h ago) 3d18h kube-system nfs-provisioner-01-599b7bfc9d-ldl99 1/1 Running 0 3s kubernetes-dashboard dashboard-metrics-scraper-8c47d4b5d-5cxhb 1/1 Running 2 (2d18h ago) 3d19h kubernetes-dashboard kubernetes-dashboard-f778f96c9-s5dk7 1/1 Running 4 (2d18h ago) 3d16h velero-system velero-858b9459f9-4jbns 1/1 Running 4 (2d18h ago) 3d20h root@easzlab-deploy:~/jiege-k8s/nfs-pv-pvc# kubectl get sc -A NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE ceph-storage-class-k8s (default) kubernetes.io/rbd Delete Immediate true 3d19h nfs-dynamic-class nfs-provisioner-01 Delete Immediate false 10s root@easzlab-deploy:~/jiege-k8s/nfs-pv-pvc#
2.2、准备有状态部署文件
官网案例:https://kubernetes.io/zh-cn/docs/concepts/workloads/controllers/statefulset/
root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# vi StatefulSet-nginx.yaml root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# cat StatefulSet-nginx.yaml apiVersion: v1 kind: Service metadata: name: nginx labels: app: nginx spec: ports: - port: 80 name: web clusterIP: None selector: app: nginx --- apiVersion: apps/v1 kind: StatefulSet metadata: name: web spec: selector: matchLabels: app: nginx serviceName: "nginx" replicas: 3 minReadySeconds: 10 template: metadata: labels: app: nginx spec: terminationGracePeriodSeconds: 10 containers: - name: nginx image: registry.cn-shenzhen.aliyuncs.com/cyh01/nginx-slim:0.8 #这里镜像在国外,只能先想办法上传到自己私仓 ports: - containerPort: 80 name: web volumeMounts: - name: www mountPath: /usr/share/nginx/html volumeClaimTemplates: - metadata: name: www spec: accessModes: [ "ReadWriteOnce" ] storageClassName: "nfs-dynamic-class" resources: requests: storage: 10Gi root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# kubectl apply -f StatefulSet-nginx.yaml service/nginx created statefulset.apps/web created root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7#
root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# kubectl get statefulset -A NAMESPACE NAME READY AGE argocd argocd-application-controller 1/1 3d18h argocd argocd-redis-ha-server 3/3 3d18h default web 3/3 18m root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# kubectl get pod -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES web-0 1/1 Running 0 78s 10.200.104.238 172.16.88.163 <none> <none> web-1 1/1 Running 0 38s 10.200.105.166 172.16.88.164 <none> <none> root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 3d23h nginx ClusterIP None <none> 80/TCP 87s root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# kubectl get pvc -A NAMESPACE NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE default www-web-0 Bound pvc-f981dab0-b708-49b9-8b36-a6700cbefa96 10Gi RWO nfs-dynamic-class 3m51s default www-web-1 Bound pvc-d3ccbf91-3541-4b33-b7fc-3f54e27f2759 10Gi RWO nfs-dynamic-class 3m11s default www-web-2 Bound pvc-e5c7d9f2-2808-4086-bc7c-3aefd6c75012 10Gi RWO nfs-dynamic-class 2m31s root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7# kubectl get pv -A NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pvc-d3ccbf91-3541-4b33-b7fc-3f54e27f2759 10Gi RWO Delete Bound default/www-web-1 nfs-dynamic-class 3m15s pvc-e5c7d9f2-2808-4086-bc7c-3aefd6c75012 10Gi RWO Delete Bound default/www-web-2 nfs-dynamic-class 2m34s pvc-f981dab0-b708-49b9-8b36-a6700cbefa96 10Gi RWO Delete Bound default/www-web-0 nfs-dynamic-class 3m55s root@easzlab-deploy:~/jiege-k8s/pod-test/case-yaml/case7#
上述例子中:
- 名为
nginx的 Headless Service 用来控制网络域名。 - 名为
web的 StatefulSet 有一个 Spec,它表明将在独立的 3 个 Pod 副本中启动 nginx 容器。 volumeClaimTemplates将通过 PersistentVolume 制备程序所准备的 PersistentVolumes 来提供稳定的存储。
