DaemonSet介绍
⼀、什么是DaemonSet
DaemonSet(守护进程集)和守护进程类似,它在符合匹配条件的节点上均部署⼀个Pod
DaemonSet确保全部(或者某些)节点上运⾏⼀个Pod副本。当有新节点加⼊集时,也会为它们新增⼀个Pod。当节点从集中移除时,这些Pod也会被回收,删除DaemonSet将会删除它创建的所有使⽤DaemonSet的⼀些典型⽤法:
运⾏集存储daemon(守护进程),例如在每个节点上运⾏Glusterd、Ceph等
在每个节点运⾏⽇志收集daemon,例如Fluentd、Logstash
在每个节点运⾏监控daemon,⽐如Prometheus Node Exporter、Collectd、Datadog代理、New Relic代理或 Ganglia gmond
⼆、编写DaemonSet规范
创建⼀个DaemonSet的内容⼤致如下,⽐如创建⼀个fluentd的DaemonSet
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-es-v2.0.4
namespace: logging
labels:
k8s-app: fluentd-es
version: v2.0.4
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: fluentd-es
version: v2.0.4
template:
metadata:
labels:
k8s-app: fluentd-es
kubernetes.io/cluster-service: "true"
version: v2.0.4
# This annotation ensures that fluentd does not get evicted if the node
# supports critical pod annotation based priority scheme.
# Note that this does not guarantee admission on the nodes (#40573).
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
serviceAccountName: fluentd-es
containers:
- name: fluentd-es
image: io/fluentd-elasticsearch:v2.0.4
env:
-
name: FLUENTD_ARGS
value: --no-supervisor -q
resources:
limits:
memory: 500Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
-
name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: config-volume
mountPath: /etc/fluent/config.d
nodeSelector:
beta.kubernetes.io/fluentd-ds-ready: "true"
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: config-volume
configMap:
name: fluentd-es-config-v0.1.4
2.1、创建⼀个DaemonSet
[root@k8s-master01 ~]# cat > nginx-ds.yaml  << EFO
apiVersion: apps/v1
kind: DaemonSet
nodeselector
metadata:
labels:
app: nginx
name: nginx
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: nginx:1.15.2
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Alwaysyaml
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
EFO
# 创建⼀个ds
[root@k8s-master01 ~]# kubectl create -f nginx-ds.yaml
daemonset.apps/nginx created
# 查看ds信息,个个节点都有⼀个
[root@k8s-master01 ~]# kubectl get node -owide
NAME          STATUS  ROLES    AGE  VERSION  INTERNAL-IP    EXTERNAL-IP  OS-IMAGE                KERNEL-VERSION                CONTAINER-RUNTIME
k8s-master01  Ready    matser  43h  v1.20.0  192.168.1.100  <none>        CentOS Linux 7 (Core)  4.19.12-1.el7.elrepo.x86_64  docker://19.3.14
k8s-master02  Ready    <none>  43h  v1.20.0  192.168.1.101  <none>        CentOS Linux 7 (Core)  4.19.12-1.el7.elrepo.x86_64  docker://19.3.14
k8s-master03  Ready    <none>  43h  v1.20.0  192.168.1.102  <none>        CentOS Linux 7 (Core)  4.19.12-1.el7.elrepo.x86_64  docker://19.3.14
k8s-node01    Ready    <none>  43h  v1.20.0  192.168.1.103  <none>        CentOS Linux 7 (Core)  4.19.12-1.el7.elrepo.x86_64  docker://19.3.14
k8s-node02    Ready    <none>  43h  v1.20.0  192.168.1.104  <none>        CentOS Linux 7 (Core)  4.19.12-1.el7.elrepo.x86_64  docker://19.3.14
1. 必需字段
和其他所有Kubernetes配置⼀样,DaemonSet需要apiVersion、kind和metadata字段,同时也需要⼀个.spec配置段。
2. Pod模板
.spec唯⼀需要的字段是.plate。.plate是⼀个Pod模板,它与Pod具有相同的配置⽅式,但它不具有apiVersion和kind字段。
除了Pod必需的字段外,在DaemonSet中的Pod模板必须指定合理的标签。
在DaemonSet中的Pod模板必须具有⼀个RestartPolicy,默认为Always。
3. Pod Selector
.spec.selector字段表⽰Pod Selector,它与其他资源的.spec.selector的作⽤相同。
.spec.selector表⽰⼀个对象,它由如下两个字段组成:
matchLabels,与ReplicationController的.spec.selector的作⽤相同,⽤于匹配符合条件的Pod。
matchExpressions,允许构建更加复杂的Selector,可以通过指定key、value列表以及与key和value列
表相关的操作符。
如果上述两个字段都指定时,结果表⽰的是AND关系(逻辑与的关系)。
.spec.selector必须与.adata.labels相匹配。如果没有指定,默认是等价的,如果它们的配置不匹配,则会被API拒绝。
(4)指定节点部署Pod
如果指定了.deSelector,DaemonSet Controller将在与Node Selector(节点选择器)匹配的节点上创建Pod,⽐如部署在磁盘类型为ssd的节点上(需要提前给节点定义标签Label    containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
disktype: ssd
1. 命令式更新
kubectl edit ds/<daemonset-name>
kubectl patch ds/<daemonset-name> -p=<strategic-merge-patch>
2. 更新镜像
kubectl set image ds/<daemonset-name><container-name>=<container-new-image>--record=true
3. 查看更新状态
kubectl rollout status ds/<daemonset-name>
4. 列出所有修订版本
kubectl rollout history daemonset <daemonset-name>
5. 回滚到指定revision
kubectl rollout undo daemonset <daemonset-name> --to-revision=<revision>
DaemonSet的更新和回滚与Deployment类似,此处不再演⽰。