SRE文档1.DaemonSet基本概述
1.1 什么是DaemonSet
Kubernetes 中的 DaemonSet 是一种控制器,用于确保集群中的每个节点都运行一个 Pod 的副本。与 ReplicaSet 或 Deployment 不同,DaemonSet 中的 Pod 在每个节点上运行一个副本,而不是在整个集群中维护特定数量的副本。
当有节点加⼊集群时, 也会为他们新增⼀个 Pod。 当有节点从集群移除时,这些 Pod 也会被回收。删除 DaemonSet 将会删除它创建的所有 Pod。
1.2 DaemonSet典型⽤法
- 在每个节点上运行集群存储守护进程,如:
GLuster、Ceph - 在每个节点上运行日志收集守护进程,如:
fluentd、Filebeat、Logstash - 在每个节点上运行监控守护进程,如:
PrometheusNodeExporter - 在每个节点上运行网络插件为Pod提供网络服务,如:
fLannel、calico
1.3 DaemonSet常用参数
DaemonSet是标准的API资源类型,它在spec字段中嵌套字段有selector、tempalte,与Deployment用法基本相同,但DaemonSet 不管理Replicas,因为DaemonSet不是基于期望的副本数,而是基于节点数量来控制Pod数量。
bash
$ kubectl explain daemonset
GROUP: apps
KIND: DaemonSet
VERSION: v1
DESCRIPTION:
DaemonSet represents the configuration of a daemon set.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <ObjectMeta>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <DaemonSetSpec>
The desired behavior of this daemon set. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <DaemonSetStatus>
The current status of this daemon set. This data may be out of date by some
window of time. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status$ kubectl explain daemonset
GROUP: apps
KIND: DaemonSet
VERSION: v1
DESCRIPTION:
DaemonSet represents the configuration of a daemon set.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <ObjectMeta>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <DaemonSetSpec>
The desired behavior of this daemon set. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <DaemonSetStatus>
The current status of this daemon set. This data may be out of date by some
window of time. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusyaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: <string> #资源名称
namespace: <string> #名称空间:DaemonSet资源⾪属于名称空间级别
spec:
minReadySeconds: <integer> #Pod就绪后多少秒内任一容器无崩溃方视为“就绪”
selector: #标签选择器,必须匹配tempLate字段中Pod模板的标签
matchLabels:
name: <string> #选择器标签,DaemonSet控制器⾃动选择符合标签的Pod作为目标
revisionHistoryLimit: <integer> #历史版本数量限制,超过限制的历史版本会被清理掉
updateStrategy:
type: <string> #更新策略,支持OnDelete、RollingUpdate两种类型
rollingUpdate: <Object> #滚动更新参数,专用于RolLingUpdate类型
maxSurge: <string> #最大超载,可以是绝对值(例如50%)或百分比(例如25%)
maxUnavailable: <string> #最大不可用,可以是绝对值(例如50%)或百分比(例如25%)
template: #Pod模板
metadata: #Pod元数据(Pod名称)
spec: #Pod规格(Pod详情)apiVersion: apps/v1
kind: DaemonSet
metadata:
name: <string> #资源名称
namespace: <string> #名称空间:DaemonSet资源⾪属于名称空间级别
spec:
minReadySeconds: <integer> #Pod就绪后多少秒内任一容器无崩溃方视为“就绪”
selector: #标签选择器,必须匹配tempLate字段中Pod模板的标签
matchLabels:
name: <string> #选择器标签,DaemonSet控制器⾃动选择符合标签的Pod作为目标
revisionHistoryLimit: <integer> #历史版本数量限制,超过限制的历史版本会被清理掉
updateStrategy:
type: <string> #更新策略,支持OnDelete、RollingUpdate两种类型
rollingUpdate: <Object> #滚动更新参数,专用于RolLingUpdate类型
maxSurge: <string> #最大超载,可以是绝对值(例如50%)或百分比(例如25%)
maxUnavailable: <string> #最大不可用,可以是绝对值(例如50%)或百分比(例如25%)
template: #Pod模板
metadata: #Pod元数据(Pod名称)
spec: #Pod规格(Pod详情)2.DaemonSet部署实践
yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nginx-ds
spec:
selector:
matchLabels:
app: nginx1
template:
metadata:
labels:
app: nginx1
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- name: http
containerPort: 80
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 3
readinessProbe:
httpGet:
path: "/"
port: 80
scheme: HTTP
initialDelaySeconds: 3apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nginx-ds
spec:
selector:
matchLabels:
app: nginx1
template:
metadata:
labels:
app: nginx1
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- name: http
containerPort: 80
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 3
readinessProbe:
httpGet:
path: "/"
port: 80
scheme: HTTP
initialDelaySeconds: 33.DaemonSet更新策略
DaemonSet也⽀持更新策略,它⽀持 OnDelete 和 RollingUpdate两种
- OnDelete:是在相应节点的Pod资源被删除后重建为新版本,从而允许用户手动编排更新过程
- RollingUpdate:滚动更新,工作逻辑和DepLoyment滚动更新类似
3.1 RollingUpdate案例
cat daemonset-node_exporter.yaml
yaml
# image: prom/node-exporter:v0.18.0修改为0.18.1
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: default
spec:
minReadySeconds: 3
revisionHistoryLimit: 20
updateStrategy:
type: RollingUpdate # 更新策略
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
app: node-exporter
template:
metadata:
labels:
app: node-exporter
spec:
hostNetwork: true # 共享主机网络
hostPID: true # 获取主机的PID
containers:
- name: prometheus-node-exporter
image: prom/node-exporter:v0.18.1
ports:
- name: node-ex-http
containerPort: 9100
hostPort: 9100 # 监听在节点的9100端口上面,节点的9100,实际就在访问这个Pod
livenessProbe:
tcpSocket:
port: node-ex-http
initialDelaySeconds: 5
readinessProbe:
httpGet:
path: '/metrics'
port: node-ex-http
initialDelaySeconds: 5# image: prom/node-exporter:v0.18.0修改为0.18.1
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: default
spec:
minReadySeconds: 3
revisionHistoryLimit: 20
updateStrategy:
type: RollingUpdate # 更新策略
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
app: node-exporter
template:
metadata:
labels:
app: node-exporter
spec:
hostNetwork: true # 共享主机网络
hostPID: true # 获取主机的PID
containers:
- name: prometheus-node-exporter
image: prom/node-exporter:v0.18.1
ports:
- name: node-ex-http
containerPort: 9100
hostPort: 9100 # 监听在节点的9100端口上面,节点的9100,实际就在访问这个Pod
livenessProbe:
tcpSocket:
port: node-ex-http
initialDelaySeconds: 5
readinessProbe:
httpGet:
path: '/metrics'
port: node-ex-http
initialDelaySeconds: 5- 查看更新装
kubectl apply -f daemonset-node_exporter.yaml && kubectl rollout status daemonset node-exporter
daemonset.apps/node-exporter configured
Waiting for daemon set "node-exporter" rollout to finish: 0 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 0 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 0 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 of 2 updated pods are available...
Waiting for daemon set "node-exporter" rollout to finish: 1 of 2 updated pods are available...
daemon set "node-exporter" successfully rolled outkubectl apply -f daemonset-node_exporter.yaml && kubectl rollout status daemonset node-exporter
daemonset.apps/node-exporter configured
Waiting for daemon set "node-exporter" rollout to finish: 0 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 0 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 0 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 out of 2 new pods have been updated...
Waiting for daemon set "node-exporter" rollout to finish: 1 of 2 updated pods are available...
Waiting for daemon set "node-exporter" rollout to finish: 1 of 2 updated pods are available...
daemon set "node-exporter" successfully rolled out默认的RollingUpdate策略将采用一次更新一个Pod对象,待新建的Pod对象就绪后,再更新下一个Pod对象,直到全部完成
3.2 OnDelete更新示例:
cat daemonset-node_exporter.yaml
yaml
# 修改镜像版本为latest
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: default
spec:
minReadySeconds: 3
revisionHistoryLimit: 10
updateStrategy: # 滚动更新策略
type: OnDelete # 使用OnDelete
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
app: node-exporter
template:
metadata:
labels:
app: node-exporter
spec:
hostNetwork: true # 共享主机网络
hostPID: true # 获取主机的PID
containers:
- name: prometheus-node-exporter
image: prom/node-exporter:latest # 修改镜像版本为latest。
ports:
- name: node-ex-http
containerPort: 9100
hostPort: 9100 # 监听在节点的9100端口上面,节点的9100,实际就在访问这个Pod
livenessProbe:
tcpSocket:
port: node-ex-http
initialDelaySeconds: 5
readinessProbe:
httpGet:
path: '/metrics'
port: node-ex-http
initialDelaySeconds: 5# 修改镜像版本为latest
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: default
spec:
minReadySeconds: 3
revisionHistoryLimit: 10
updateStrategy: # 滚动更新策略
type: OnDelete # 使用OnDelete
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
app: node-exporter
template:
metadata:
labels:
app: node-exporter
spec:
hostNetwork: true # 共享主机网络
hostPID: true # 获取主机的PID
containers:
- name: prometheus-node-exporter
image: prom/node-exporter:latest # 修改镜像版本为latest。
ports:
- name: node-ex-http
containerPort: 9100
hostPort: 9100 # 监听在节点的9100端口上面,节点的9100,实际就在访问这个Pod
livenessProbe:
tcpSocket:
port: node-ex-http
initialDelaySeconds: 5
readinessProbe:
httpGet:
path: '/metrics'
port: node-ex-http
initialDelaySeconds: 5由于OnDelete并非自动完成升级,它需要管理员手动去删除Pod,然后重新拉起新的Pod,才能完成更新。(对于升级有着先后顺序的软件,这种方法非常有用;)
- 删除Pod;
bash
kubectl delete pods node-exporter-8c2mrkubectl delete pods node-exporter-8c2mr查看Pod已经被拉起;