背景说明
我们在业务上容器的过程中遇到了如下问题:
- 以 deployment 部署的应用 pod,由于 id 经常变更,服务重启,监控变得难以维护。这里只是以监控为切入点,事实上,还有诸多应用需要与id强绑定。
- statefulset 可以解决上面的问题,但是引入一个新的问题就是 statefulset 本身为了维护有状态的应用,所有的应用 Pod 启动是有严格的先后顺序,也就是串行启动,对于大规模的应用 pod 来讲,启动消耗时间太长,这是无法忍受的。
为解决以上问题,我们在容器平台当中引入了 openkruise。
openkruise简介
项目地址:https://github.com/openkruise/kruise
详细的说明可以参考这篇文章:
https://yq.aliyun.com/articles/706442
从当前 github 上的文档来看,目前 OpenKruise 支持五种改进的控制器:
- CloneSet: CloneSet is a workload that mainly focuses on managing stateless applications. It provides full features for more efficient, deterministic and controlled deployment, such as inplace update, specified pod deletion, configurable priority/scatter update, preUpdate/postUpdate hooks.
- Advanced StatefulSet: An enhanced version of default StatefulSet with extra functionalities such as inplace-update, pause and MaxUnavailable.
- SidecarSet: A controller that injects sidecar containers into the Pod spec based on selectors and also is able to upgrade the sidecar containers.
- UnitedDeployment: This controller manages application pods spread in multiple fault domains by using multiple workloads.
- BroadcastJob: A job that runs Pods to completion across all the nodes in the cluster.
UnitedDeployment 是在 StatefulSet 基础上的更高级抽象,通过一个资源描述可以管理多个 StatefulSet 的实例组,可实现多实例组的灰度发布与滚动升级。
Broadcast Job 实际上就是以 DaemonSet 的方式在所有节点上运行一次性 Job,SidercarSet 用于 Sidercar 注入及管理。
而我们要使用到的正是其 Advanced StatefulSet 的特性。关于Advanced StatefulSet更详细的描述如下:
在kubernetes官方的statefulSet上做了功能扩展,更新策略由原来的只支持recreate,扩展为同时支持recreate和rollingupdate。rollingupdate还支持两种策略,一种是InPlaceIfPossible,另一种是InPlaceOnly。InPlaceIfPossible会尽可能的保证应用在原地升级(只支持镜像的升级,如果修改了yaml中的其他配置项,则无法保证);InPlaceOnly会保证应用一定在原地升级,但是它也只支持镜像的升级,如果修改了yaml中的其他配置项,会直接抛出异常。另外,原生的StatefulSet只能做到串行启动,Advanced StatefulSet可以做到并行启动。
部署openkruise
官方的安装文档可以直接参考这里:
https://github.com/openkruise/kruise/tree/master/docs/tutorial
我简单写下安装步骤:
wget https://github.com/openkruise/kruise/releases/download/v0.4.0/kruise-chart.tgz
tar xf kruise-chart.tgz
cd kruise
helm install openkruise ./ -n kube-system
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
目前openkruise已经更新到了v0.5.0的版本。也可以直接通过阿里云的应用目录来完成其安装。
下面说一下更详细的安装过程:
1、获取helm包
helm repo add incubator http://aliacs-k8s-cn-beijing.oss-cn-beijing.aliyuncs.com/app/charts-incubator/
helm search repo ack-kruise
helm fetch incubator/ack-kruise
tar xf ack-kruise-0.5.0.tgz
cd ack-kruise
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
修改values.yml文件如下:
# Default values for kruise.
revisionHistoryLimit: 3
manager:
# settings for log print
log:
# log level for kruise-manager
level: "4"
# image settings
image:
# repository for kruise-manager image
repository: hub.example.com/library/kruise-manager
# tag for kruise-manager image
tag: v0.5.0
# resources of kruise-manager container
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
metrics:
addr: localhost
port: 8080
custom_resource_enable: StatefulSet
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
其实这里就改了两个东西:
- image:默认是docker hub上的地址,我这里改到了私有镜像仓库
- custom_resource_enable:用于指定启用哪几种资源,如果不指定的话,openkruise支持的五种资源会全部启用,我这里只用到了StatefulSet,所以这里只启用了这一种资源
然后执行安装操作:
helm install ack-kruise -n kube-system ./
- 1.
安装完后,会生成以下五种crd:
# kubectl get crds |grep kruise
broadcastjobs.apps.kruise.io 2020-04-26T10:29:28Z
clonesets.apps.kruise.io 2020-04-26T10:29:28Z
sidecarsets.apps.kruise.io 2020-04-26T10:29:28Z
statefulsets.apps.kruise.io 2020-04-26T10:29:28Z
uniteddeployments.apps.kruise.io 2020-04-26T10:29:28Z
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
同时会创建一个 kruise-system 的命名空间,并在里面生成一个 pod:
# kubectl get pods -n kruise-system
NAME READY STATUS RESTARTS AGE
kruise-controller-manager-0 1/1 Running 0 55m
- 1.
- 2.
- 3.
- 4.
- 5.
验证 statefulset 资源的 webhook 是否被正常创建:
# kubectl get mutatingwebhookconfiguration -o yaml
apiVersion: v1
items:
- apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: "2020-04-26T10:29:28Z"
generation: 3
name: kruise-mutating-webhook-configuration
resourceVersion: "622944921"
selfLink: /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/kruise-mutating-webhook-configuration
uid: 303a7b7f-3a62-49d7-8ef6-082ea288eeb2
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: xxxxx
service:
name: kruise-webhook-server-service
namespace: kruise-system
path: /mutating-create-update-statefulset
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: mutating-create-update-statefulset.kruise.io
namespaceSelector:
matchExpressions:
- key: control-plane
operator: DoesNotExist
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- apps.kruise.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- statefulsets
scope: '*'
sideEffects: Unknown
timeoutSeconds: 30
......
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
- 85.
- 86.
- 87.
- 88.
- 89.
也是确保其他未用到的相关 mutatingwebhook 是关闭的。。在实际测试中,SidecarSet 资源的 mutatingwebhook 可能会导致创建的 pod 出不来。
这些webhook本质上都是kubernetes的admissioncontrol,只要你安装了,哪怕没有使用,当你在执行相关操作时,都需要被所有的adminssioncontrol检测,如果admissioncontrol本身出了问题,就会导致请求无法响应的状态。同时这些webhook类型的adminssioncontrol也会拖慢响应速度。
用法示例
下面是官方提供的一个基于 openkruise 提供的 statefulset 资源的部署文件示例:
apiVersion: apps.kruise.io/v1alpha1
kind: StatefulSet
metadata:
name: demo-v1-guestbook-kruise
labels:
app.kubernetes.io/name: guestbook-kruise
app.kubernetes.io/instance: demo-v1
spec:
replicas: 3
serviceName: demo-v1-guestbook-kruise
selector:
matchLabels:
app.kubernetes.io/name: guestbook-kruise
app.kubernetes.io/instance: demo-v1
template:
metadata:
labels:
app.kubernetes.io/name: guestbook-kruise
app.kubernetes.io/instance: demo-v1
spec:
readinessGates:
# A new condition that ensures the pod remains at NotReady state while the in-place update is happening
- conditionType: InPlaceUpdateReady
containers:
- name: guestbook-kruise
image: openkruise/guestbook:v1
imagePullPolicy: Always
ports:
- name: http-server
containerPort: 3000
podManagementPolicy: Parallel # allow parallel updates, works together with maxUnavailable
updateStrategy:
type: RollingUpdate
rollingUpdate:
# Do in-place update if possible, currently only image update is supported for in-place update
podUpdatePolicy: InPlaceIfPossible
# Allow parallel updates with max number of unavailable instances equals to 2
maxUnavailable: 3
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
执行部署之后,启动 pod 示例如下:
# kubectl get pods |grep demo-v1
demo-v1-guestbook-kruise-0 1/1 Running 0 62s
demo-v1-guestbook-kruise-1 1/1 Running 0 62s
demo-v1-guestbook-kruise-2 1/1 Running 0 62s
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
也可通过如下操作查看资源状态:
# kubectl get sts.apps.kruise.io
NAME DESIRED CURRENT UPDATED READY AGE
demo-v1-guestbook-kruise 3 3 3 3 56s
openkruise提供的statefulset的资源名为sts.apps.kruise.io
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
更详细的用法可参考:
Advanced StatefulSet具体的使用方法:https://github.com/openkruise/kruise/blob/master/docs/concepts/astatefulset/README.md
Advanced StatefulSet示例文件:https://github.com/openkruise/kruise/blob/master/docs/tutorial/v1/guestbook-statefulset.yaml
UnitedDeployment具体的使用方法:https://github.com/openkruise/kruise/blob/master/docs/tutorial/uniteddeployment.md
UnitedDeployment示例文件:https://raw.githubusercontent.com/kruiseio/kruise/master/docs/tutorial/v1/uniteddeployment.yaml
