Deployment:
一个 Deployment 为 Pods 和 ReplicaSets 提供声明式的更新能力。
你负责描述 Deployment 中的 目标状态 ,而 Deployment 控制器(Controller) 以受控速率更改
实际状态, 使其变为期望状态
不要管理 Deployment 所拥有的 ReplicaSet
我们部署一个应用一般不直接写Pod,而是部署一个Deployment
Deploy编写规约:
https://kubernetes.io/zh/docs/concepts/workloads/controllers/deployment/#writi ng-a-deployment-spec
Deployment创建:
基本格式:
.metadata.name 指定deploy名字
replicas 指定副本数量
selector 指定匹配的Pod模板。
template 声明一个Pod模板
minReadySeconds: 10 这个Pod10s以后才认为是read状态,影响多久后杀死旧Pod
paused <boolean>: false 当前是否停止状态,暂停更新
progressDeadlineSeconds: 600 处理的最终期限,Deployment如果超过了这个指定的处理描述就会给集群汇报错误
replicas <integer>: Pod 期望的数量(副本数量),是 ReplicaSet 控制器实现的
revisionHistoryLimit <integer>: 旧副本集保留的数量,可回滚的数量,默认是10
selector <Object> -required-: 指定我们Deployment要控制的所有的Pod的共通标签
strategy <Object>: 指定新Pod替换旧Pod的策略
type <string>: **Recreate/RollingUpdate(默认)**
rollingUpdate <Object>: 指定滚动更新策略
maxSurge <string>【最大增量】: 2 一次最多新建几个Pod。 百分比和数字都可以
MaxUnavailable:为0 的时候, maxSurge不能为0
maxUnavailable【最大不可用量】: 4 最大不可用的Pod数量
template <Object> -required-: 编写Pod
编写一个deployment的yaml
赋予Pod自愈和故障转移能力。
apiVersion: apps/v1 ###
kind: Deployment ##
metadata:
name: mydeploy-03 ### 遵循域名编写规范
namespace: default
labels:
dep: test-02
### 期望状态
spec:
paused: false ## 就是 kubectl rollout pause/resume 功能
progressDeadlineSeconds: 600 ##
revisionHistoryLimit: 15 ### 保留最近的15个版本。 /etcd
selector: ### 选择器
matchLabels: ### 匹配标签
pod-name: aaaa ### 和模板template里面的pod的标签必须一样
####
template:
metadata: ### pod的metadata
labels:
pod-name: aaaa
spec:
containers:
- name: nginx-01
image: nginx
- 在检查集群中的 Deployment 时,所显示的字段有:
NAME列出了集群中 Deployment 的名称。READY显示应用程序的可用的 副本 数。显示的模式是“就绪个数/期望个数”。UP-TO-DATE显示为了达到期望状态已经更新的副本数。AVAILABLE显示应用可供用户使用的副本数。AGE显示应用程序运行的时间。
- ReplicaSet 输出中包含以下字段:
NAME列出名字空间中 ReplicaSet 的名称;DESIRED显示应用的期望副本个数,即在创建 Deployment 时所定义的值。 此为期望状态;CURRENT显示当前运行状态中的副本个数;READY显示应用中有多少副本可以为用户提供服务;AGE显示应用已经运行的时间长度。- 注意:ReplicaSet 的名称始终被格式化为
[Deployment名称]-[随机字符串]。 其中的随机字符串是使用 pod-template-hash 作为种子随机生成的。
一个Deploy产生三个:
- Deployment资源
- replicaset资源
- Pod资源
Deployment控制RS,RS控制Pod的副本数
ReplicaSet: 只提供了副本数量的控制功能
Deployment: 每部署一个新版本就会创建一个新的副本集,利用他记录状态,回滚也是直接让指定的rs生效
Deployment 更新机制:
- 仅当 Deployment Pod 模板(即
.spec.template)发生改变时,例如模板的标签或容器镜像被更新, 才会触发 Deployment 上线。 其他更新(如对 Deployment 执行扩缩容的操作)不会触发上线动作。
上线动作 原理: 创建新的rs,准备就绪后,替换旧的rs(此时不会删除,因为revisionHistoryLimit指定了保留几个版本)
常用的kubectl 命令:
################更新#################################
#kubectl set image deployment资源名 容器名=镜像名
kubectl set image deployment.apps/nginx-deployment php-redis=tomcat:8 --record
#或者直接修改定义也行
kubectl edit deployment.v1.apps/nginx-deployment
#查看状态
kubectl rollout status deployment.v1.apps/nginx-deployment
################查看历史并回滚####################################
#查看更新历史-看看我们设置的历史总记录数是否生效了
kubectl rollout history deployment.v1.apps/nginx-deployment
#回滚
kubectl rollout undo deployment.v1.apps/nginx-deployment --to-revision=2
###############累计更新##############
#暂停记录版本
kubectl rollout pause deployment.v1.apps/nginx-deployment
#多次更新操作。
##比如更新了资源限制
kubectl set resources deployment.v1.apps/nginx-deployment -c=nginx --limits=cpu=200m,memory=512Mi
##比如更新了镜像版本
kubectl set image deployment.apps/nginx-deployment php-redis=tomcat:8
##在继续操作多次
##看看历史版本有没有记录变化
kubectl rollout history deployment.v1.apps/nginx-deployment
#让多次累计生效
kubectl rollout resume deployment.v1.apps/nginx-deployment
比例缩放(Proportional Scaling)
strategy <Object>: 指定新Pod替换旧Pod的策略
type <string>: **Recreate/RollingUpdate(默认)**
rollingUpdate <Object>: 指定滚动更新策略
maxSurge <string>【最大增量】: 2 一次最多新建几个Pod。 百分比和数字都可以
MaxUnavailable:为0 的时候, maxSurge不能为0
maxUnavailable【最大不可用量】: 4 最大不可用的Pod数量
maxSurge(最大增量):除当前数量外还要添加多少个实例。
maxUnavailable(最大不可用量):滚动更新过程中的不可用实例数。
HPA(动态扩缩容):
概念:https://kubernetes.io/zh/docs/tasks/run-application/horizontal-pod-autoscale/#scaling-policies
实战:https://kubernetes.io/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/
- 需要先安装metrics-server
https://github.com/kubernetes-sigs/metrics-server
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --kubelet-insecure-tls
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/metrics-server:v0.4.3 #注意和k8s版本匹配问题
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
periodSeconds: 10
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
- kubectl apply 即可
#查看节点CPU内存使用情况
kubectl top nodes --use-protocol-buffers
kubectl top pods --use-protocol-buffers
配置hpa测试:
apiVersion: v1
kind: Service
metadata:
name: php-apache
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
run: php-apache
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: php-apache
name: php-apache
spec:
replicas: 1
selector:
matchLabels:
run: php-apache
template:
metadata:
creationTimestamp: null
labels:
run: php-apache
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/php-hpa:latest
name: php-apache
ports:
- containerPort: 80
resources:
requests:
cpu: 200m
hpa.yaml 扩容配置:
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
creationTimestamp: null
name: php-apache
spec:
maxReplicas: 10
minReplicas: 1
scaleTargetRef: ### 将要扩展的目标引用
apiVersion: apps/v1
kind: Deployment
name: php-apache ## Pod limit: 100m
targetCPUUtilizationPercentage: 50 ### cpu使用超过50%就扩容,低于就缩容
# 每隔1秒监控一次
watch -n -1 kubectl get pod -l run=php-apache
#回车然后敲下面的命令
kubectl run -i --tty load-generator --rm --image=busybox --restart=Never -- /bin/sh -c "while sleep 0.01; do wget -q -O- http://php-apache; done"
Canary(金丝雀部署):
金丝雀的简单测试:
创建一个k8s-canary-service.yaml
apiVersion: v1
kind: Service
metadata:
name: canary-test
namespace: default
spec:
selector:
app: canary-nginx
type: NodePort #浏览器可以直接访问
ports:
- name: canary-test
port: 80 #
targetPort: 80 ### Pod的访问端口
protocol: TCP
nodePort: 31666 # 机器上开的端口,浏览器访问
创建两个部署deploy:
k8s-canary-deploy1
apiVersion: apps/v1
kind: Deployment
metadata:
name: canary-dep-v1
namespace: default
labels:
app: canary-dep-v1
spec:
selector:
matchLabels:
app: canary-nginx
v: v111
replicas: 1
template:
metadata:
labels:
app: canary-nginx
v: v111
spec:
# initContainers:
# Init containers are exactly like regular containers, except:
# - Init containers always run to completion.
# - Each init container must complete successfully before the next one starts.
containers:
- name: nginx
image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/nginx-test:env-msg
k8s-canary-deploy2:
apiVersion: apps/v1
kind: Deployment
metadata:
name: canary-dep-v2
namespace: default
labels:
app: canary-dep-v2
spec:
selector:
matchLabels:
app: canary-nginx
v: v222
replicas: 1
template:
metadata:
labels:
app: canary-nginx
v: v222
spec:
# initContainers:
# Init containers are exactly like regular containers, except:
# - Init containers always run to completion.
# - Each init container must complete successfully before the next one starts.
containers:
- name: nginx
image: nginx
使用IP加端口访问,则看到v1和v2版本都能访问到,V2版本成熟后,删除V1版本就行
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
