每天一点基础K8S--K8S中的daemonset
daemonset
1、背景
有时需要在集群中的所有node上运行一个pod的副本。当有节点加入集群时, 也会为他们新增一个 Pod 。 当有节点从集群移除时,这些 Pod 也会被回收。删除 DaemonSet 将会删除它创建的所有 Pod。
2、daemonset典型应用
1. 在每个节点上运行集群守护进程
2. 在每个节点上运行日志收集守护进程
3. 在每个节点上运行监控守护进程
一种简单的用法是为每种类型的守护进程在所有的节点上都启动一个 DaemonSet。 一个稍微复杂的用法是为同一种守护进程部署多个 DaemonSet;每个具有不同的标志, 并且对不同硬件类型具有不同的内存、CPU 要求。
3、创建daemonset
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: for-daemonset
spec:
accessModes:
- ReadWriteMany
storageClassName: from-nfs
resources:
requests:
storage: 198Mi
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: test-daemon
spec:
updateStrategy:
type: RollingUpdate # or OnDelete
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
selector:
matchLabels:
func: test-daemonset
template:
metadata:
labels:
func: test-daemonset
spec:
containers:
- name: nginx
image: nginx:stable-alpine-perl
imagePullPolicy: IfNotPresent
volumeMounts:
- name: pvc-daemonset
mountPath: "/usr/share/nginx/html"
volumes:
- persistentVolumeClaim:
claimName: for-daemonset
name: pvc-daemonset
[root@master-worker-node-1 daemonset]# kubectl apply -f daemonset.yaml
persistentvolumeclaim/for-daemonset created
daemonset.apps/test-daemon unchanged
# PVC正常绑定
[root@master-worker-node-1 daemonset]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
for-daemonset Bound pvc-3894e9ae-bb69-4099-bec7-7c01a740089a 198Mi RWX from-nfs 59s
# daemonset状态正常
[root@master-worker-node-1 daemonset]# kubectl get daemonset -o wide
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
test-daemon 2 2 2 2 2 <none> 5m2s nginx nginx:stable-alpine-perl func=test-daemonset
# 在所有的工作节点都运行了一个pod
[root@master-worker-node-1 daemonset]# kubectl get pods -o wide -l func=test-daemonset
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-daemon-2bkhr 1/1 Running 0 5m27s 10.244.54.12 only-worker-node-4 <none> <none>
test-daemon-54zsz 1/1 Running 0 5m26s 10.244.31.31 only-worker-node-3 <none> <none>
# 删除其他一个master节点的taint信息,模拟新增worker 节点加入。
[root@master-worker-node-1 daemonset]# kubectl taint nodes master-worker-node-2 can-run-pods-
node/master-worker-node-2 untainted
[root@master-worker-node-1 daemonset]# kubectl taint nodes master-worker-node-2 node-role.kubernetes.io/control-plane-
node/master-worker-node-2 untainted
# 模拟新增一个node,也会同步的新增一个pod副本
[root@master-worker-node-1 daemonset]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs-provisioner-9f9fc45fd-l4f6l 1/1 Running 2 (35h ago) 2d11h 10.244.31.26 only-worker-node-3 <none> <none>
test-daemon-2bkhr 1/1 Running 0 12m 10.244.54.12 only-worker-node-4 <none> <none>
test-daemon-54zsz 1/1 Running 0 12m 10.244.31.31 only-worker-node-3 <none> <none>
test-daemon-bp4kg 1/1 Running 0 8s 10.244.132.249 master-worker-node-2 <none> <none>
# 给master节点taint,模拟节点删除
# 因为NoSchedule仅仅对新调度的pod影响,因此,已经存在pod的不受影响。
[root@master-worker-node-1 daemonset]# kubectl taint nodes master-worker-node-2 node-role.kubernetes.io/control-plane:NoSchedule
node/master-worker-node-2 tainted
[root@master-worker-node-1 daemonset]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs-provisioner-9f9fc45fd-l4f6l 1/1 Running 2 (35h ago) 2d11h 10.244.31.26 only-worker-node-3 <none> <none>
test-daemon-2bkhr 1/1 Running 0 14m 10.244.54.12 only-worker-node-4 <none> <none>
test-daemon-54zsz 1/1 Running 0 14m 10.244.31.31 only-worker-node-3 <none> <none>
test-daemon-bp4kg 1/1 Running 0 2m21s 10.244.132.249 master-worker-node-2 <none> <none>
# 模拟node删除,pod也会同步的删除
[root@master-worker-node-1 daemonset]# kubectl taint nodes master-worker-node-2 test:NoExecute
node/master-worker-node-2 tainted
[root@master-worker-node-1 daemonset]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs-provisioner-9f9fc45fd-l4f6l 1/1 Running 2 (35h ago) 2d11h 10.244.31.26 only-worker-node-3 <none> <none>
test-daemon-2bkhr 1/1 Running 0 17m 10.244.54.12 only-worker-node-4 <none> <none>
test-daemon-54zsz 1/1 Running 0 17m 10.244.31.31 only-worker-node-3 <none> <none>
4、daemonset的替代方案
daemonset在所有节点或特定节点上运行了一个pod副本,当然也有替代方案可以实现该需求:
1、init脚本
2、自主式pod,将pod制定运行在某node上
3、静态pod,/etc/kubernetes/manifests
[root@master-worker-node-1 daemonset]# ls -l /etc/kubernetes/manifests/
total 16
-rw-------. 1 root root 2452 Nov 25 12:06 etcd.yaml
-rw-------. 1 root root 3399 Nov 25 12:06 kube-apiserver.yaml
-rw-------. 1 root root 2890 Nov 25 12:06 kube-controller-manager.yaml
-rw-------. 1 root root 1476 Nov 25 12:06 kube-scheduler.yaml
4、deployment
5、daemonset的滚动更新和回滚
具体升级策略和用法,对比deployment无差异。
滚动更新
https://kubernetes.io/zh-cn/docs/tasks/manage-daemon/update-daemon-set/
回滚
https://kubernetes.io/zh-cn/docs/tasks/manage-daemon/rollback-daemon-set/
小结
1、使用daemonset可以在制定集群所有node或者指定node上运行一个pod副本。
2、daemonset对pod的管理除上述特点外,滚动更新或者回滚与deployment很相似。
