欢迎来到战五渣的博客

人生三重境界:昨夜西风凋碧树,独上高楼,望尽天涯路。 衣带渐宽终不悔,为伊消得人憔悴。 众里寻他千百度,蓦然回首,那人却在灯火阑珊处。

010.kubernets的调度系统之daemonset

daemonset简单操作使用

Deployment 是 Kubernetes 中用于处理无状态服务的资源,而 StatefulSet 是用于支持有状态服务的资源,这两种不同的资源从状态的角度对服务进行了划分,而 DaemonSet 从不同的维度解决了集群中的问题 — 如何同时在集群中的所有节点上提供基础服务和守护进程。

下面简单学习DaemonSet的一写基本的操作和管理

1 介绍

DaemonSet 可以保证集群中所有的或者部分的节点都能够运行同一份 Pod 副本,每当有新的节点被加入到集群时,Pod 就会在目标的节点上启动,如果节点被从集群中剔除,节点上的 Pod 也会被垃圾收集器清除;DaemonSet 的作用就像是计算机中的守护进程,它能够运行集群存储、日志收集和监控等守护进程,这些服务一般是集群中必备的基础服务。

简单的运行一个nginx的daemonset

apiVersion: apps/v1
kind: DaemonSet
metadata:
    name: hello-daemon
    namespace: default
spec:
  template:
    metadata:
      labels:
        name: hello-daemonset
    spec:
      containers:
      - name: webserver
        image: nginx:1.17
        ports:
        - containerPort: 80

2 去掉污点

[root@docker-server1 deployment]# kubectl taint node  192.168.132.132 ingress-

node/192.168.132.132 untainted

当我们使用 kubectl apply -f 创建上述的 DaemonSet 时,它会在 Kubernetes 集群的 kube-system 命名空间中创建 DaemonSet 资源并在所有的节点上创建新的 Pod:

[root@docker-server1 deployment]# kubectl apply -f nginx-daemonset.yaml

daemonset.apps/hello-daemonset created

[root@docker-server1 deployment]# kubectl get pods

NAME                                READY   STATUS              RESTARTS   AGE
busybox-674bd96f74-8d7ml            0/1     Pending             0          3d11h
hello-daemonset-bllq6               0/1     ContainerCreating   0          6s
hello-daemonset-hh69c               0/1     ContainerCreating   0          6s
hello-deployment-5fdb46d67c-gw2t6   1/1     Running             0          3d10h
hello-deployment-5fdb46d67c-s68tf   1/1     Running             0          4d11h
hello-deployment-5fdb46d67c-vzb4f   1/1     Running             0          3d10h
mysql-5d4695cd5-v6btl               1/1     Running             0          3d10h
nginx                               2/2     Running             41         7d
wordpress-6cbb67575d-b9md5          1/1     Running             0          4d9h

[root@docker-server1 deployment]# kubectl get pods 

NAME                                READY   STATUS    RESTARTS   AGE
busybox-674bd96f74-8d7ml            0/1     Pending   0          3d11h
hello-daemonset-bllq6               1/1     Running   0          60s
hello-daemonset-hh69c               1/1     Running   0          60s
hello-deployment-5fdb46d67c-gw2t6   1/1     Running   0          3d10h
hello-deployment-5fdb46d67c-s68tf   1/1     Running   0          4d11h
hello-deployment-5fdb46d67c-vzb4f   1/1     Running   0          3d10h
mysql-5d4695cd5-v6btl               1/1     Running   0          3d10h
nginx                               2/2     Running   41         7d
wordpress-6cbb67575d-b9md5          1/1     Running   0          4d9h

两个node节点上有两个hello-daemonset的pods,但是master上没有节点

原因是因为master节点有这些污点Taints: node-role.kubernetes.io/master:NoSchedule

3 查看master节点污点

[root@docker-server1 deployment]# kubectl get nodes

NAME              STATUS   ROLES    AGE    VERSION
192.168.132.131   Ready    master   7d6h   v1.17.0
192.168.132.132   Ready    <none>   7d6h   v1.17.0
192.168.132.133   Ready    <none>   7d6h   v1.17.0

[root@docker-server1 deployment]# kubectl describe nodes 192.168.132.131

Name:               192.168.132.131
Roles:              master
Labels:             beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/os=linux
                    kubernetes.io/arch=amd64
                    kubernetes.io/hostname=192.168.132.131
                    kubernetes.io/os=linux
                    node-role.kubernetes.io/master=
Annotations:        flannel.alpha.coreos.com/backend-data: {"VtepMAC":"4e:bf:fb:b2:ae:17"}
                    flannel.alpha.coreos.com/backend-type: vxlan
                    flannel.alpha.coreos.com/kube-subnet-manager: true
                    flannel.alpha.coreos.com/public-ip: 192.168.132.131
                    kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
                    node.alpha.kubernetes.io/ttl: 0
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Thu, 09 Jan 2020 13:18:59 -0500
Taints:             node-role.kubernetes.io/master:NoSchedule    #master节点的污点
Unschedulable:      false
Lease:
  HolderIdentity:  192.168.132.131
  AcquireTime:     <unset>
  RenewTime:       Thu, 16 Jan 2020 20:02:30 -0500
Conditions:
  Type             Status  LastHeartbeatTime                 LastTransitionTime                Reason                       Message
  ----             ------  -----------------                 ------------------                ------                       -------
  MemoryPressure   False   Thu, 16 Jan 2020 19:59:35 -0500   Thu, 09 Jan 2020 13:18:54 -0500   KubeletHasSufficientMemory   kubelet has sufficient memory available
  DiskPressure     False   Thu, 16 Jan 2020 19:59:35 -0500   Thu, 09 Jan 2020 13:18:54 -0500   KubeletHasNoDiskPressure     kubelet has no disk pressure
  PIDPressure      False   Thu, 16 Jan 2020 19:59:35 -0500   Thu, 09 Jan 2020 13:18:54 -0500   KubeletHasSufficientPID      kubelet has sufficient PID available
  Ready            True    Thu, 16 Jan 2020 19:59:35 -0500   Thu, 09 Jan 2020 13:19:12 -0500   KubeletReady                 kubelet is posting ready status
Addresses:
  InternalIP:  192.168.132.131
  Hostname:    192.168.132.131
Capacity:
  cpu:                4
  ephemeral-storage:  49250820Ki
  hugepages-1Gi:      0
  hugepages-2Mi:      0
  memory:             7990140Ki
  pods:               110
Allocatable:
  cpu:                4
  ephemeral-storage:  45389555637
  hugepages-1Gi:      0
  hugepages-2Mi:      0
  memory:             7887740Ki
  pods:               110
System Info:
  Machine ID:                 c41a461da7684fe58e814987301cfe5e
  System UUID:                C3C44D56-880B-9A8E-84DD-50F48391DD19
  Boot ID:                    fdf3f408-347d-46ee-8c14-212151eb2126
  Kernel Version:             3.10.0-1062.4.1.el7.x86_64
  OS Image:                   CentOS Linux 7 (Core)
  Operating System:           linux
  Architecture:               amd64
  Container Runtime Version:  docker://19.3.5
  Kubelet Version:            v1.17.0
  Kube-Proxy Version:         v1.17.0
PodCIDR:                      10.244.0.0/24
PodCIDRs:                     10.244.0.0/24
Non-terminated Pods:          (10 in total)
  Namespace                   Name                                       CPU Requests  CPU Limits  Memory Requests  Memory Limits  AGE
  ---------                   ----                                       ------------  ----------  ---------------  -------------  ---
  default                     wordpress-6cbb67575d-b9md5                 0 (0%)        0 (0%)      0 (0%)           0 (0%)         4d9h
  kube-system                 coredns-6955765f44-8kxdg                   100m (2%)     0 (0%)      70Mi (0%)        170Mi (2%)     7d6h
  kube-system                 coredns-6955765f44-m66bw                   100m (2%)     0 (0%)      70Mi (0%)        170Mi (2%)     7d6h
  kube-system                 etcd-192.168.132.131                       0 (0%)        0 (0%)      0 (0%)           0 (0%)         6d21h
  kube-system                 kube-apiserver-192.168.132.131             250m (6%)     0 (0%)      0 (0%)           0 (0%)         7d6h
  kube-system                 kube-controller-manager-192.168.132.131    200m (5%)     0 (0%)      0 (0%)           0 (0%)         7d6h
  kube-system                 kube-flannel-ds-amd64-m9lgq                100m (2%)     100m (2%)   50Mi (0%)        50Mi (0%)      7d6h
  kube-system                 kube-proxy-q867d                           0 (0%)        0 (0%)      0 (0%)           0 (0%)         7d6h
  kube-system                 kube-scheduler-192.168.132.131             100m (2%)     0 (0%)      0 (0%)           0 (0%)         7d6h
  kubernetes-dashboard        kubernetes-dashboard-b7ffbc8cb-nz5gf       0 (0%)        0 (0%)      0 (0%)           0 (0%)         3d10h
Allocated resources:
  (Total limits may be over 100 percent, i.e., overcommitted.)
  Resource           Requests    Limits
  --------           --------    ------
  cpu                850m (21%)  100m (2%)
  memory             190Mi (2%)  390Mi (5%)
  ephemeral-storage  0 (0%)      0 (0%)
Events:              <none>

4 daemonset架构

由于集群中只存在一个 Pod,所以 Kubernetes 只会在该节点上创建一个 Pod,如果我们向当前的集群中增加新的节点时,Kubernetes 就会创建在新节点上创建新的副本

 

 所有的 DaemonSet 都是由控制器负责管理的,与其他的资源一样,用于管理 DaemonSet 的控制器是 DaemonSetsController,该控制器会监听 DaemonSet、ControllerRevision、Pod 和 Node 资源的变动。

大多数的触发事件最终都会将一个待处理的 DaemonSet 资源入栈,下游 DaemonSetsController 持有的多个工作协程就会从队列里面取出资源进行消费和同步。

5 去除master节点的污点

[root@docker-server1 ~]# kubectl taint node 192.168.132.131 node-role.kubernetes.io/master-

node/192.168.132.131 untainted

[root@docker-server1 ~]# kubectl get pods -o wide

NAME                                READY   STATUS              RESTARTS   AGE     IP            NODE              NOMINATED NODE   READINESS GATES
busybox-674bd96f74-8d7ml            0/1     Pending             0          4d11h   <none>        <none>            <none>           <none>
hello-daemonset-4ct87               0/1     ContainerCreating   0          7s      <none>        192.168.132.131   <none>           <none>       #开始在mater节点上创建
hello-daemonset-bllq6               1/1     Running             0          24h     10.244.1.30   192.168.132.132   <none>           <none>
hello-daemonset-hh69c               1/1     Running             0          24h     10.244.2.19   192.168.132.133   <none>           <none>
hello-deployment-5fdb46d67c-gw2t6   1/1     Running             0          4d10h   10.244.2.18   192.168.132.133   <none>           <none>
hello-deployment-5fdb46d67c-s68tf   1/1     Running             0          5d12h   10.244.2.15   192.168.132.133   <none>           <none>
hello-deployment-5fdb46d67c-vzb4f   1/1     Running             0          4d10h   10.244.2.16   192.168.132.133   <none>           <none>
mysql-5d4695cd5-v6btl               1/1     Running             0          4d10h   10.244.2.17   192.168.132.133   <none>           <none>
nginx                               2/2     Running             45         8d      10.244.2.14   192.168.132.133   <none>           <none>
wordpress-6cbb67575d-b9md5          1/1     Running             0          5d9h    10.244.0.10   192.168.132.131   <none>           <none>

[root@docker-server1 ~]# kubectl get pods -o wide

NAME                                READY   STATUS    RESTARTS   AGE     IP            NODE              NOMINATED NODE   READINESS GATES
busybox-674bd96f74-8d7ml            0/1     Pending   0          4d11h   <none>        <none>            <none>           <none>
hello-daemonset-4ct87               1/1     Running   0          112s    10.244.0.12   192.168.132.131   <none>           <none>
hello-daemonset-bllq6               1/1     Running   0          24h     10.244.1.30   192.168.132.132   <none>           <none>
hello-daemonset-hh69c               1/1     Running   0          24h     10.244.2.19   192.168.132.133   <none>           <none>
hello-deployment-5fdb46d67c-gw2t6   1/1     Running   0          4d10h   10.244.2.18   192.168.132.133   <none>           <none>
hello-deployment-5fdb46d67c-s68tf   1/1     Running   0          5d12h   10.244.2.15   192.168.132.133   <none>           <none>
hello-deployment-5fdb46d67c-vzb4f   1/1     Running   0          4d10h   10.244.2.16   192.168.132.133   <none>           <none>
mysql-5d4695cd5-v6btl               1/1     Running   0          4d10h   10.244.2.17   192.168.132.133   <none>           <none>
nginx                               2/2     Running   45         8d      10.244.2.14   192.168.132.133   <none>           <none>
wordpress-6cbb67575d-b9md5          1/1     Running   0          5d9h    10.244.0.10   192.168.132.131   <none>           <none>

因为再master节点上,需要运行一些主控节点,所以再这些pods默认打了容忍污点

6 主控节点运行pod原则

比如flannel的配置

[root@docker-server1 ~]# vim kube-flannel.yml

可以容忍所有污点

[root@docker-server1 ~]# kubectl get deploy -n kube-system

NAME      READY   UP-TO-DATE   AVAILABLE   AGE
coredns   2/2     2            2           8d

查看cores的pods

[root@docker-server1 ~]# kubectl  get pods -n kube-system

NAME                                      READY   STATUS    RESTARTS   AGE
coredns-6955765f44-8kxdg                  1/1     Running   1          8d
coredns-6955765f44-m66bw                  1/1     Running   1          8d
etcd-192.168.132.131                      1/1     Running   1          7d21h
kube-apiserver-192.168.132.131            1/1     Running   2          8d
kube-controller-manager-192.168.132.131   1/1     Running   4          8d
kube-flannel-ds-amd64-864kc               1/1     Running   0          24h
kube-flannel-ds-amd64-fg972               1/1     Running   1          8d
kube-flannel-ds-amd64-m9lgq               1/1     Running   1          8d
kube-proxy-7xgt9                          1/1     Running   1          8d
kube-proxy-k8kb7                          1/1     Running   1          8d
kube-proxy-q867d                          1/1     Running   1          8d
kube-scheduler-192.168.132.131            1/1     Running   4          8d

[root@docker-server1 ~]# kubectl describe pods coredns-6955765f44-8kxdg -n kube-system

Name:                 coredns-6955765f44-8kxdg
Namespace:            kube-system
Priority:             2000000000
Priority Class Name:  system-cluster-critical
Node:                 192.168.132.131/192.168.132.131
Start Time:           Thu, 09 Jan 2020 13:19:18 -0500
Labels:               k8s-app=kube-dns
                      pod-template-hash=6955765f44
Annotations:          <none>
Status:               Running
IP:                   10.244.0.7
IPs:
  IP:           10.244.0.7
Controlled By:  ReplicaSet/coredns-6955765f44
Containers:
  coredns:
    Container ID:  docker://930fd4bf6bf523fef84bea4327cee72f968ae4839a9a37c2f81e36d592d4ce48
    Image:         k8s.gcr.io/coredns:1.6.5
    Image ID:      docker-pullable://k8s.gcr.io/coredns@sha256:7ec975f167d815311a7136c32e70735f0d00b73781365df1befd46ed35bd4fe7
    Ports:         53/UDP, 53/TCP, 9153/TCP
    Host Ports:    0/UDP, 0/TCP, 0/TCP
    Args:
      -conf
      /etc/coredns/Corefile
    State:          Running
      Started:      Sun, 12 Jan 2020 06:43:53 -0500
    Last State:     Terminated
      Reason:       Error
      Exit Code:    255
      Started:      Thu, 09 Jan 2020 13:22:48 -0500
      Finished:     Fri, 10 Jan 2020 08:00:53 -0500
    Ready:          True
    Restart Count:  1
    Limits:
      memory:  170Mi
    Requests:
      cpu:        100m
      memory:     70Mi
    Liveness:     http-get http://:8080/health delay=60s timeout=5s period=10s #success=1 #failure=5
    Readiness:    http-get http://:8181/ready delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:  <none>
    Mounts:
      /etc/coredns from config-volume (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from coredns-token-5d2v8 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  config-volume:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      coredns
    Optional:  false
  coredns-token-5d2v8:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  coredns-token-5d2v8
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  beta.kubernetes.io/os=linux
Tolerations:     CriticalAddonsOnly
                 node-role.kubernetes.io/master:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:          <none>
View Code

[root@docker-server1 ~]# kubectl get  pods coredns-6955765f44-8kxdg -n kube-system -o yaml

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2020-01-09T18:19:18Z"
  generateName: coredns-6955765f44-
  labels:
    k8s-app: kube-dns
    pod-template-hash: 6955765f44
  name: coredns-6955765f44-8kxdg
  namespace: kube-system
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: coredns-6955765f44
    uid: 7d0e80aa-338f-4921-b2c7-79dfeffef50c
  resourceVersion: "102623"
  selfLink: /api/v1/namespaces/kube-system/pods/coredns-6955765f44-8kxdg
  uid: 0a908105-8864-4746-91bf-e97a0a877bf9
spec:
  containers:
  - args:
    - -conf
    - /etc/coredns/Corefile
    image: k8s.gcr.io/coredns:1.6.5
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 5
      httpGet:
        path: /health
        port: 8080
        scheme: HTTP
      initialDelaySeconds: 60
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    name: coredns
    ports:
    - containerPort: 53
      name: dns
      protocol: UDP
    - containerPort: 53
      name: dns-tcp
      protocol: TCP
    - containerPort: 9153
      name: metrics
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /ready
        port: 8181
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    resources:
      limits:
        memory: 170Mi
      requests:
        cpu: 100m
        memory: 70Mi
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        add:
        - NET_BIND_SERVICE
        drop:
        - all
      readOnlyRootFilesystem: true
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /etc/coredns
      name: config-volume
      readOnly: true
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: coredns-token-5d2v8
      readOnly: true
  dnsPolicy: Default
  enableServiceLinks: true
  nodeName: 192.168.132.131
  nodeSelector:
    beta.kubernetes.io/os: linux
  priority: 2000000000
  priorityClassName: system-cluster-critical
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: coredns
  serviceAccountName: coredns
  terminationGracePeriodSeconds: 30
  tolerations:
  - key: CriticalAddonsOnly
    operator: Exists
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - configMap:
      defaultMode: 420
      items:
      - key: Corefile
        path: Corefile
      name: coredns
    name: config-volume
  - name: coredns-token-5d2v8
    secret:
      defaultMode: 420
      secretName: coredns-token-5d2v8
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2020-01-09T18:19:18Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2020-01-12T11:44:04Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2020-01-12T11:44:04Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2020-01-09T18:19:18Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://930fd4bf6bf523fef84bea4327cee72f968ae4839a9a37c2f81e36d592d4ce48
    image: k8s.gcr.io/coredns:1.6.5
    imageID: docker-pullable://k8s.gcr.io/coredns@sha256:7ec975f167d815311a7136c32e70735f0d00b73781365df1befd46ed35bd4fe7
    lastState:
      terminated:
        containerID: docker://3c421e454df03aa95db190f2a907b4313dc228124ba6dfba366b0fb82a20e689
        exitCode: 255
        finishedAt: "2020-01-10T13:00:53Z"
        reason: Error
        startedAt: "2020-01-09T18:22:48Z"
    name: coredns
    ready: true
    restartCount: 1
    started: true
    state:
      running:
        startedAt: "2020-01-12T11:43:53Z"
  hostIP: 192.168.132.131
  phase: Running
  podIP: 10.244.0.7
  podIPs:
  - ip: 10.244.0.7
  qosClass: Burstable
  startTime: "2020-01-09T18:19:18Z"

污点容忍配置

DaemonSet 其实就是 Kubernetes 中的守护进程,它会在每一个节点上创建能够提供服务的副本,很多云服务商都会使用 DaemonSet 在所有的节点上内置一些用于提供日志收集、统计分析和安全策略的服务。

7 Daemonset 滚动升级

滚动升级特性是Kubernetes服务发布的一个很有用的特性,而Kubernetes从1.6开始支持 DaemonSet的滚动升级,1.7开始支持DaemonSet滚动升级的回滚。

Daemonset升级策略

DaemonSet目前有两种升级策略,可以通过.spec.updateStrategy.type指定:

  • OnDelete: 该策略表示当更新了DaemonSet的模板后,只有手动删除旧的DaemonSet Pod才会创建新的DaemonSet Pod
  • RollingUpdate: 该策略表示当更新DaemonSet模板后会自动删除旧的DaemonSet Pod并创建新的DaemonSetPod

示例

要使用DaemonSet的滚动升级,需要 .spec.updateStrategy.type设置为RollingUpdate。 也可以进一步设置.spec.updateStrategy.rollingUpdate.maxUnavailable,默认值为1; 设置.spec.minReadySeconds默认为0,用于指定认为DaemoSet Pod启动可用所需的最小的秒数。

示例如下:

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: test-ds
  namespace: kube-system
  labels:
    tier: node
    app: test
spec:
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      ...
  template:
    ...

然后执行:

kubectl apply -f test-ds.yaml

可以使用如下命令查看滚动升级状态:

kubectl rollout status dsd/test-ds -n kube-system

关于daemonSet学习到这里


博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!

posted @ 2020-01-18 10:02  梦中泪  阅读(871)  评论(0编辑  收藏  举报