基本手段:
Deployment、StatefulSet、ReplicatSet 和 DaemonSet 都可以通过 Node 亲和、Pod 反亲和、健康检查等手段来提高健壮性和自修复。
1.Deployment 和 StatefulSet
Deployment 和 StatefulSet 设置 Node 亲和 spec.template.spec.affinity.nodeAffinity,Pod 反亲和 spec.template.spec.affinity.podAntiAffinity,健康检查 spec.template.spec.containers[0].livenessProbe 和 spec.template.spec.containers[0].readinessProbe。
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
affinity:
# node 亲和
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: nginx
operator: In
values:
- "yes"
# Pod 反亲和
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nginx
topologyKey: kubernetes.io/hostname
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
# 健康检查
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 60
successThreshold: 1
tcpSocket:
port: 80
timeoutSeconds: 30
livenessProbe:
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 60
successThreshold: 1
tcpSocket:
port: 80
timeoutSeconds: 30
2.ReplicatSet
使用场景:维护一组在任何时候都处于运行状态的 Pod 副本的稳定集合,即通常用来保证给定数量的、完全相同的 Pod 的可用性。
ReplicatSet 设置 Node 亲和 spec.template.spec.affinity.nodeAffinity,Pod 反亲和 spec.template.spec.affinity.podAntiAffinity,健康检查 spec.template.spec.containers[0].livenessProbe 和 spec.template.spec.containers[0].readinessProbe。
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: frontend
labels:
app: guestbook
tier: frontend
spec:
replicas: 3
selector:
matchLabels:
tier: frontend
template:
metadata:
labels:
tier: frontend
spec:
affinity:
# node 亲和
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: frontend
operator: In
values:
- "yes"
# Pod 反亲和
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: tier
operator: In
values:
- frontend
topologyKey: kubernetes.io/hostname
containers:
- name: php-redis
image: gcr.io/google_samples/gb-frontend:v3
ports:
- containerPort: 8080
# 健康检查
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 60
successThreshold: 1
tcpSocket:
port: 8080
timeoutSeconds: 30
livenessProbe:
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 60
successThreshold: 1
tcpSocket:
port: 8080
timeoutSeconds: 30
3.DaemonSet
典型的使用场景:
① 在每个节点上运行集群守护进程;
② 在每个节点上运行日志收集守护进程;
③ 在每个节点上运行监控守护进程;
DaemonSet 设置 Node 亲和 spec.template.spec.affinity.nodeAffinity,Pod 反亲和 spec.template.spec.affinity.podAntiAffinity,健康检查 spec.template.spec.containers[0].livenessProbe 和 spec.template.spec.containers[0].readinessProbe。DaemonSet 同时支持配置污点和容忍度 spec.template.spec.tolerations
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-elasticsearch
namespace: kube-system
labels:
k8s-app: fluentd-logging
spec:
selector:
matchLabels:
app: fluentd-elasticsearch
template:
metadata:
labels:
app: fluentd-elasticsearch
spec:
affinity:
# node 亲和
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: fluentd-elasticsearch
operator: In
values:
- "yes"
# Pod 反亲和
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- fluentd-elasticsearch
topologyKey: kubernetes.io/hostname
tolerations:
# 当出现类似于网络断开的情况导致节点问题时,DaemonSet Pod 不会被逐出
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 3600
# 默认调度器调度时能够容忍磁盘压力属性
- key: "node.kubernetes.io/disk-pressure"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 3600
containers:
- name: fluentd-elasticsearch
image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
ports:
- containerPort: 8080
# 健康检查
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 60
successThreshold: 1
tcpSocket:
port: 8080
timeoutSeconds: 30
livenessProbe:
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 60
successThreshold: 1
tcpSocket:
port: 8080
timeoutSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
网友评论