DaemonSet
DaemonSet 確保全部(或者一些)Node 上運行一個 Pod 的副本。當有 Node 加入集群時,也會為他們新增一
個 Pod 。當有 Node 從集群移除時,這些 Pod 也會被回收。刪除 DaemonSet 將會刪除它創建的所有 Pod
使用 DaemonSet 的一些典型用法:
- 運行集群存儲 daemon,例如在每個 Node 上運行 glusterd 、 ceph
- 在每個 Node 上運行日志收集 daemon,例如 fluentd 、 logstash
- 在每個 Node 上運行監控 daemon,例如 Prometheus Node Exporter、 collectd 、Datadog 代理、New Relic 代理,或 Ganglia gmond
[root@k8s-master mnt]# cat daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: deamonset-example
labels:
app: daemonset
spec:
selector:
matchLabels:
name: deamonset-example
template:
metadata:
labels:
name: deamonset-example
spec:
containers:
- name: daemonset-example
image: wangyanglinux/myapp:v3
[root@k8s-master mnt]#
[root@k8s-master mnt]# vim daemonset.yaml [root@k8s-master mnt]# kubectl create -f daemonset.yaml daemonset.apps/deamonset-example created [root@k8s-master mnt]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deamonset-example-tpdf8 1/1 Running 0 8s 10.244.2.21 k8s-node01 <none> <none> deamonset-example-xxt2z 1/1 Running 0 8s 10.244.1.23 k8s-node02 <none> <none> [root@k8s-master mnt]# curl 10.244.2.21 Hello MyApp | Version: v3 | <a href="hostname.html">Pod Name</a> [root@k8s-master mnt]# kubectl delete deamonset-example-tpdf8 error: resource(s) were provided, but no name, label selector, or --all flag specified [root@k8s-master mnt]# kubectl delete pod deamonset-example-tpdf8 pod "deamonset-example-tpdf8" deleted [root@k8s-master mnt]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deamonset-example-vdzjp 1/1 Running 0 3s 10.244.2.22 k8s-node01 <none> <none> deamonset-example-xxt2z 1/1 Running 0 107s 10.244.1.23 k8s-node02 <none> <none>
刪除以后,會重新創建一個。
指定Node節點
DaemonSet會忽略Node的unschedulable狀態,有兩種方式來指定Pod只運行在指定的Node節點上:
- nodeSelector:只調度到匹配指定label的Node上
- nodeAffinity:功能更豐富的Node選擇器,比如支持集合操作
- podAffinity:調度到滿足條件的Pod所在的Node上
nodeSelector示例
首先給Node打上標簽
kubectl label nodes node-01 disktype=ssd
然后在daemonset中指定nodeSelector為disktype=ssd:
spec:
nodeSelector:
disktype: ssd
nodeAffinity示例
nodeAffinity目前支持兩種:requiredDuringSchedulingIgnoredDuringExecution和preferredDuringSchedulingIgnoredDuringExecution,分別代表必須滿足條件和優選條件。比如下面的例子代表調度到包含標簽kubernetes.io/e2e-az-name並且值為e2e-az1或e2e-az2的Node上,並且優選還帶有標簽another-node-label-key=another-node-label-value的Node。
apiVersion: v1
kind: Pod
metadata:
name: with-node-affinity
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/e2e-az-name
operator: In
values:
- e2e-az1
- e2e-az2
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: another-node-label-key
operator: In
values:
- another-node-label-value
containers:
- name: with-node-affinity
image: gcr.io/google_containers/pause:2.0
podAffinity示例
podAffinity基於Pod的標簽來選擇Node,僅調度到滿足條件Pod所在的Node上,支持podAffinity和podAntiAffinity。這個功能比較繞,以下面的例子為例:
- 如果一個“Node所在Zone中包含至少一個帶有security=S1標簽且運行中的Pod”,那么可以調度到該Node
- 不調度到“包含至少一個帶有security=S2標簽且運行中Pod”的Node上
apiVersion: v1
kind: Pod
metadata:
name: with-pod-affinity
spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: security
operator: In
values:
- S1
topologyKey: failure-domain.beta.kubernetes.io/zone
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: security
operator: In
values:
- S2
topologyKey: kubernetes.io/hostname
containers:
- name: with-pod-affinity
image: gcr.io/google_containers/pause:2.0
靜態Pod
除了DaemonSet,還可以使用靜態Pod來在每台機器上運行指定的Pod,這需要kubelet在啟動的時候指定manifest目錄:
kubelet --pod-manifest-path=/etc/kubernetes/manifests
然后將所需要的Pod定義文件放到指定的manifest目錄中。
注意:靜態Pod不能通過API Server來刪除,但可以通過刪除manifest文件來自動刪除對應的Pod。