实践 | Kubernetes守护进程集之DaemonSet

DaemonSet的滚动更新目前只在kubernetesv1.6+版本集群支持

DaemonSet滚动更新策略

onDelete: 使用该策略更新配置模板之后，只有在手动删除旧的DaemonSet Pod之后，才会创建新的DaemonSet Pod
RollingUpdate：默认策略，使用该策略更新配置模板之后，旧的Pod会被杀掉并且自动创建新的Pod,且整个更新过程中，每个节点上最多只有DaemonSet Pod.

启动滚动更新，必须设置DaemonSet的.spec.updateStrategy.type属性为RollingUpdate,也可以在.spec中设置.spec.strategy.rollingUpdate.maxUnavailable和.spec.minReadySeconds。

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx
  namespace: kube-system
  labels:
    k8s-app: nginx-traffic
spec:
  selector:
    matchLabels:
      name: nginx
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      labels:
        name: nginx
    spec:
      tolerations:
      # this toleration is to have the daemonset runnable on master nodes
      # remove it if your masters can't run pods
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - name: nginx
        image: nginx:1.18
        ports:
          - containerPort: 80
            hostPort: 9090
      terminationGracePeriodSeconds: 30

创建nginx服务的DaemonSet：

kubectl apply -f dnginx.yaml

检查运行状态:

☸️  vmware? default  ~  ? ? k get daemonsets.apps -n kube-system -o wide |grep nginx
nginx         3         3         3       3            3           <none>                        15s   nginx         nginx:1.18                      name=nginx
☸️  vmware? default  ~  ? ? curl -I http://192.168.99.134:9090
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 29 Aug 2020 11:45:18 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 12:43:12 GMT
Connection: keep-alive
ETag: "5e9eea60-264"
Accept-Ranges: bytes

☸️  vmware? default  ~  ? ? curl -I http://192.168.99.133:9090
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 29 Aug 2020 11:45:21 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 12:43:12 GMT
Connection: keep-alive
ETag: "5e9eea60-264"
Accept-Ranges: bytes

☸️  vmware? default  ~  ? ? curl -I http://192.168.99.128:9090
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 29 Aug 2020 11:45:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 12:43:12 GMT
Connection: keep-alive
ETag: "5e9eea60-264"
Accept-Ranges: bytes

检查DaemonSet的更新策略:

☸️  vmware? default  ~  ? ? kubectl get ds/nginx -o go-template='{{.spec.updateStrategy.type}}{{"n"}}' -n kube-system
RollingUpdate

如果没有在系统内部署daemonSet，可以使用以下--dry-run=client检查

k apply -f dnginx.yaml --dry-run=client -o go-template='{{.spec.updateStrategy.type}}{{"n"}}'
RollingUpdate # 如果报错不支持client值，请更新你的kubectl到最新版本。

此时通过更新daemonSet中的nginx的镜像版本，观察滚动更新的效果

# 此时可以分别开多个终端，查看每个节点的守护进程集运行状态
watch -n1 "curl -I http://192.168.99.128:9090"
watch -n1 "curl -I http://192.168.99.133:9090"
watch -n1 "curl -I http://192.168.99.134:9090"
☸️  vmware? default  ~  ? ? kubectl set image ds/nginx nginx=nginx:1.18 -n kube-system
daemonset.apps/nginx image updated
☸️  vmware? default  ~  ? ? kubectl rollout status ds/nginx -n kube-system
Waiting for daemon set "nginx" rollout to finish: 1 out of 3 new pods have been updated...
Waiting for daemon set "nginx" rollout to finish: 2 out of 3 new pods have been updated...
Waiting for daemon set "nginx" rollout to finish: 2 out of 3 new pods have been updated...
Waiting for daemon set "nginx" rollout to finish: 2 out of 3 new pods have been updated...
Waiting for daemon set "nginx" rollout to finish: 2 out of 3 new pods have been updated...
Waiting for daemon set "nginx" rollout to finish: 2 of 3 updated pods are available...
daemon set "nginx" successfully rolled out
# 此时查看到滚动更新日志与watch查看到的一致，先杀掉一个节点的nginx,然后启动一个新的，运行起来之后，继续更新下一个节点。

如果需要查看所有的更新变化,可以执行以下命令，但是CHANGE-CAUSE有时看不到信息，需要在kubectl变更的时候通过--record=true选项带上，这样变更的命令将会记录在Annotations的kubernetes.io/change-cause中，并且与对应的revision版本号对应。

kubectl rollout history daemonset nginx -n kube-system

回滚到指定的revision

# 如果不指定--to-revision将会回滚最近的revision
kubectl rollout undo daemonset nginx --to-revision=4  -n kube-system
daemonset.apps/nginx rolled back