Kubernetes Pod控制器-Deployment、DaemonSet

Deployment

简称deploy。

[root@spark32 ~]# kubectl explain deploy
KIND:     Deployment
VERSION:  extensions/v1beta1
DESCRIPTION:
     DEPRECATED - This group version of Deployment is deprecated by
     apps/v1beta2/Deployment. See the release notes for more information.
     Deployment enables declarative updates for Pods and ReplicaSets.
FIELDS:
   apiVersion   <string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
   kind <string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
   metadata     <Object>
     Standard object metadata.
   spec <Object>
     Specification of the desired behavior of the Deployment.
   status       <Object>
     Most recently observed status of the Deployment.

一级字段依然是5个。其中，version最新的是apps/v1，文档里显示的版本是落后的。

[root@spark32 ~]# kubectl explain deploy.spec
KIND:     Deployment
VERSION:  extensions/v1beta1
RESOURCE: spec <Object>
DESCRIPTION:
     Specification of the desired behavior of the Deployment.
     DeploymentSpec is the specification of the desired behavior of the
     Deployment.
FIELDS:
   minReadySeconds      <integer>
     Minimum number of seconds for which a newly created pod should be ready
     without any of its container crashing, for it to be considered available.
     Defaults to 0 (pod will be considered available as soon as it is ready)
   paused       <boolean>
     Indicates that the deployment is paused and will not be processed by the
     deployment controller.
   progressDeadlineSeconds      <integer>
     The maximum time in seconds for a deployment to make progress before it is
     considered to be failed. The deployment controller will continue to process
     failed deployments and a condition with a ProgressDeadlineExceeded reason
     will be surfaced in the deployment status. Note that progress will not be
     estimated during the time a deployment is paused. This is set to the max
     value of int32 (i.e. 2147483647) by default, which means "no deadline".
   replicas     <integer>
     Number of desired pods. This is a pointer to distinguish between explicit
     zero and not specified. Defaults to 1.
   revisionHistoryLimit <integer>
     The number of old ReplicaSets to retain to allow rollback. This is a
     pointer to distinguish between explicit zero and not specified. This is set
     to the max value of int32 (i.e. 2147483647) by default, which means
     "retaining all old RelicaSets".
   rollbackTo   <Object>
     DEPRECATED. The config this deployment is rolling back to. Will be cleared
     after rollback is done.
   selector     <Object>
     Label selector for pods. Existing ReplicaSets whose pods are selected by
     this will be the ones affected by this deployment.
   strategy     <Object>
     The deployment strategy to use to replace existing pods with new ones.
   template     <Object> -required-
     Template describes the pods that will be created.

deploy.spec下可定义的字段比rs.spec的要多。其中最重要的一个字段是 strategy。这个字段用来定义更新策略，滚动更新只是其中的一个策略。

[root@spark32 ~]# kubectl explain deploy.spec.strategy
KIND:     Deployment
VERSION:  extensions/v1beta1
RESOURCE: strategy <Object>
DESCRIPTION:
     The deployment strategy to use to replace existing pods with new ones.
     DeploymentStrategy describes how to replace existing pods with new ones.
FIELDS:
   rollingUpdate        <Object>
     Rolling update config params. Present only if DeploymentStrategyType =
     RollingUpdate.
   type <string>
     Type of deployment. Can be "Recreate" or "RollingUpdate". Default is
     RollingUpdate.

type：

Recreate：你删除一个Pod，它就创建1个新的Pod。
RollingUpdate：滚动更新。

如果清单文件中定义type的值为RollingUpdate，还可以使用rollingUpdate来定义滚动更新的更新方式的。说白了就是控制更新粒度。比如在更新期间，Pod最多能比清单中定义的期望状态多几个，能少几个。如果type是Recreate，rollingUpdate这个字段就没有用了

[root@spark32 ~]# kubectl explain deploy.spec.strategy.rollingUpdate
KIND:     Deployment
VERSION:  extensions/v1beta1
RESOURCE: rollingUpdate <Object>
DESCRIPTION:
     Rolling update config params. Present only if DeploymentStrategyType =
     RollingUpdate.
     Spec to control the desired behavior of rolling update.
FIELDS:
   maxSurge     <string>
     The maximum number of pods that can be scheduled above the desired number
     of pods. Value can be an absolute number (ex: 5) or a percentage of desired
     pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number
     is calculated from percentage by rounding up. By default, a value of 1 is
     used. Example: when this is set to 30%, the new RC can be scaled up
     immediately when the rolling update starts, such that the total number of
     old and new pods do not exceed 130% of desired pods. Once old pods have
     been killed, new RC can be scaled up further, ensuring that total number of
     pods running at any time during the update is at most 130% of desired pods.
   maxUnavailable       <string>
     The maximum number of pods that can be unavailable during the update. Value
     can be an absolute number (ex: 5) or a percentage of desired pods (ex:
     10%). Absolute number is calculated from percentage by rounding down. This
     can not be 0 if MaxSurge is 0. By default, a fixed value of 1 is used.
     Example: when this is set to 30%, the old RC can be scaled down to 70% of
     desired pods immediately when the rolling update starts. Once new pods are
     ready, old RC can be scaled down further, followed by scaling up the new
     RC, ensuring that the total number of pods available at all times during
     the update is at least 70% of desired pods.

rollingUpdate可定义两个字段，maxSurge和maxUnavailable。这两个值不能同时为0，可以同时为正，或者一个为正，一个为0。

maxSurge: 能多出期望Pod数量几个，可以直接使用数字，或百分比。
maxUnavailable: 最多比期望Pod数量少几个，可以使用数字或百分比。比如该值定义为1，期望为5，那么至少要保证有4个Pod可用。

再看看deploy.spec比rs.spec中多的几个其他字段：

revisionHistoryLimit
做滚动更新后，最多在历史中保存过去多少个历史版本。默认是10个。
paused
当启动更新后，没有立即更新，而是一启动就让它暂停了。一般而言默认都是不暂停的，上来就更新。

Deploy示例

示例1：声明式创建deploy

[root@spark32 manifests]# vim deploy-demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deploy
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myapp
      release: canary
  template:
    metadata:
      labels:
        app: myapp
        release: canary
    spec:
      containers:
      - name: myapp
        image: ikubernetes/myapp:v1
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: 80
[root@spark32 manifests]# kubectl apply -f deploy-demo.yaml 
deployment.apps/myapp-deploy created

示例2：更新

deploy在实现更新应用时，可以直接通过编辑清单文件来实现或者patch打补丁(使用JSON格式给定补丁信息)实现，比如从副本数从2个改成3个。默认是滚动更新，见下图。如果只是更新镜像文件的，可以使用kubectl set image。

通过编辑清单文件更新

1	[root@spark32 manifests]# vim deploy-demo.yaml

[root@spark32 manifests]# kubectl apply -f deploy-demo.yaml 
deployment.apps/myapp-deploy configured
[root@spark32 manifests]# kubectl get pods
NAME                           READY   STATUS    RESTARTS   AGE
myapp-deploy-67b6dfcd8-knspq   1/1     Running   0          12m
myapp-deploy-67b6dfcd8-qz9kc   1/1     Running   0          5s
myapp-deploy-67b6dfcd8-xkgpt   1/1     Running   0          12m

已经变成3个Pod了。67b6dfcd8这个值依然没变，因为我们没有修改模板。
apply可以执行多次，它可以把变化同步到apiserver，apiserver发现与etcd中不一致，从而改变etcd，从而实现修改期望状态，接下来让现有状态不断逼近期望状态。

跟踪滚动更新效果

在一个终端上，执行如下命令进行监控：

1	[root@spark32 manifests]# kubectl get pods -l app=myapp -w

打开另一个终端，编辑清单文件来更新：

1	[root@spark32 manifests]# vim deploy-demo.yaml

更新：

1	[root@spark32 manifests]# kubectl apply -f deploy-demo.yaml

接着查看第一个终端：

查看rs：

1	[root@spark32 manifests]# kubectl get rs -o wide

通过patch打补丁更新

[root@spark32 manifests]# kubectl patch --help
Update field(s) of a resource using strategic merge patch, a JSON merge patch, or a JSON patch.
 JSON and YAML formats are accepted.
Examples:
  # Partially update a node using a strategic merge patch. Specify the patch as JSON.
  kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'
  
  # Partially update a node using a strategic merge patch. Specify the patch as YAML.
  kubectl patch node k8s-node-1 -p $'spec:\n unschedulable: true'
  
  # Partially update a node identified by the type and name specified in "node.json" using strategic merge patch.
  kubectl patch -f node.json -p '{"spec":{"unschedulable":true}}'
  
  # Update a container's image; spec.containers[*].name is required because it's a merge key.
  kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
  
  # Update a container's image using a json patch with positional arrays.
  kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new
image"}]'
Options:
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
      --dry-run=false: If true, only print the object that would be sent, without sending it.
  -f, --filename=[]: Filename, directory, or URL to files identifying the resource to update
  -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R.
      --local=false: If true, patch will operate on the content of the file, not the server-side resource.
  -o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file.
  -p, --patch='': The patch to be applied to the resource JSON file.
      --record=false: Record current kubectl command in the resource annotation. If set to false, do not record the
command. If set to true, record the command. If not set, default to updating the existing annotation value only if one
already exists.
  -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage
related manifests organized within the same directory.
      --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
      --type='strategic': The type of patch being provided; one of [json merge strategic]
Usage:
  kubectl patch (-f FILENAME | TYPE NAME) -p PATCH [options]
Use "kubectl options" for a list of global command-line options (applies to all commands).

patch写结构定义很繁琐，不如vim修改清单文件，apply -f运行即可。但是这样会修改原有的清单文件，有些时候我们也许只是临时测试，修改文件不妥当。
【示例】：修改Pod副本数为5

[root@spark32 manifests]# kubectl patch deploy myapp-deploy -p '{"spec":{"replicas":5}}'
deployment.extensions/myapp-deploy patched
[root@spark32 manifests]# kubectl get pods
NAME                            READY   STATUS    RESTARTS   AGE
myapp-deploy-675558bfc5-4pnr7   1/1     Running   0          3h16m
myapp-deploy-675558bfc5-6vz48   1/1     Running   0          3h16m
myapp-deploy-675558bfc5-nkm4z   1/1     Running   0          7s
myapp-deploy-675558bfc5-sjpmm   1/1     Running   0          3h16m
myapp-deploy-675558bfc5-w729d   1/1     Running   0          7s

Pod已经变为5个了。

【示例】：修改滚动更新策略

1 2	[root@spark32 manifests]# kubectl patch deploy myapp-deploy -p '{"spec":{"strategy":{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0}}}}' deployment.extensions/myapp-deploy patched

kubectl set image更新

如果只是更新镜像文件的，可以使用kubectl set image。
在一个终端上，执行如下命令进行监控：

1	[root@spark32 manifests]# kubectl get pods -l app=myapp -w

打开另一个终端，使用kubectl set image来更新镜像文件：

下面恢复更新：

1 2	[root@spark32 ~]# kubectl rollout resume deploy myapp-deploy deployment.extensions/myapp-deploy resumed

回滚

[root@spark32 ~]# kubectl rollout --help
Manage the rollout of a resource.
  
 Valid resource types include:
  *  deployments
  *  daemonsets
  *  statefulsets
Examples:
  # Rollback to the previous deployment
  kubectl rollout undo deployment/abc
  
  # Check the rollout status of a daemonset
  kubectl rollout status daemonset/foo
Available Commands:
  history     View rollout history
  pause       Mark the provided resource as paused
  resume      Resume a paused resource
  status      Show the status of the rollout
  undo        Undo a previous rollout
Usage:
  kubectl rollout SUBCOMMAND [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).

其中，子命令undo表示回滚。status查看更新历史。

回滚，默认是回滚到上一个版本，可以指定回滚到某一版本。

[root@spark32 ~]# kubectl rollout undo --help
Rollback to a previous rollout.
Examples:
  # Rollback to the previous deployment
  kubectl rollout undo deployment/abc
  
  # Rollback to daemonset revision 3
  kubectl rollout undo daemonset/abc --to-revision=3
  
  # Rollback to the previous deployment with dry-run
  kubectl rollout undo --dry-run=true deployment/abc
Options:
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
      --dry-run=false: If true, only print the object that would be sent, without sending it.
  -f, --filename=[]: Filename, directory, or URL to files identifying the resource to get from a server.
  -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R.
  -o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file.
  -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage
related manifests organized within the same directory.
      --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
      --to-revision=0: The revision to rollback to. Default to 0 (last revision).
Usage:
  kubectl rollout undo (TYPE NAME | TYPE/NAME) [flags] [options]
Use "kubectl options" for a list of global command-line options (applies to all commands).

[root@spark32 ~]# kubectl rollout history deploy myapp-deploy
deployment.extensions/myapp-deploy 
REVISION  CHANGE-CAUSE
1         <none>
2         <none>
3         <none>

比如，回滚到第一个版本：

1 2	[root@spark32 ~]# kubectl rollout undo deploy myapp-deploy --to-revision=1 deployment.extensions/myapp-deploy rolled back

此时，在查看更新历史时，第1版已经没有，变成了第4版：

[root@spark32 ~]# kubectl rollout history deploy myapp-deploy  
deployment.extensions/myapp-deploy 
REVISION  CHANGE-CAUSE
2         <none>
3         <none>
4         <none>

查看当前工作pod中镜像是第几个版本：


[root@spark32 ~]# kubectl get rs -o wide
NAME                      DESIRED   CURRENT   READY   AGE     CONTAINERS   IMAGES                 SELECTOR
myapp-deploy-675558bfc5   0         0         0       3h43m   myapp        ikubernetes/myapp:v2   app=myapp,pod-template-hash=675558bfc5,release=canary
myapp-deploy-67b6dfcd8    5         5         5       4h      myapp        ikubernetes/myapp:v1   app=myapp,pod-template-hash=67b6dfcd8,release=canary
myapp-deploy-7f577979c8   0         0         0       15m     myapp        ikubernetes/myapp:v3   app=myapp,pod-template-hash=7f577979c8,release=canary

由此可见，Deployment可以对无状态的应用做到如此的灵活和简单。

DaemonSet

简称ds，主要作用在集群上符合条件的每个节点上只运行某个指定Pod，并且只运行1个副本。

[root@spark32 ~]# kubectl explain ds
KIND: DaemonSet
VERSION: extensions/v1beta1
DESCRIPTION:
DEPRECATED - This group version of DaemonSet is deprecated by
apps/v1beta2/DaemonSet. See the release notes for more information.
DaemonSet represents the configuration of a daemon set.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <Object>
The desired behavior of this daemon set. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <Object>
The current status of this daemon set. This data may be out of date by some
window of time. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

一级字段依然是这5个。但是ds.spec中没有replicas字段了，因为符合条件的每个节点上只运行1个Pod。

[root@spark32 ~]# kubectl explain ds.spec
KIND: DaemonSet
VERSION: extensions/v1beta1
RESOURCE: spec <Object>
DESCRIPTION:
The desired behavior of this daemon set. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
DaemonSetSpec is the specification of a daemon set.
FIELDS:
minReadySeconds <integer>
The minimum number of seconds for which a newly created DaemonSet pod
should be ready without any of its container crashing, for it to be
considered available. Defaults to 0 (pod will be considered available as
soon as it is ready).
revisionHistoryLimit <integer>
The number of old history to retain to allow rollback. This is a pointer to
distinguish between explicit zero and not specified. Defaults to 10.
selector <Object>
A label query over pods that are managed by the daemon set. Must match in
order to be controlled. If empty, defaulted to labels on Pod template. More
info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
template <Object> -required-
An object that describes the pod that will be created. The DaemonSet will
create exactly one copy of this pod on every node that matches the
template's node selector (or on every node if no node selector is
specified). More info:
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
templateGeneration <integer>
DEPRECATED. A sequence number representing a specific generation of the
template. Populated by the system. It can be set only during the creation.
updateStrategy <Object>
An update strategy to replace existing DaemonSet pods with new pods.

DaemonSet示例

使用一个事先做好了的镜像filebeat，这个镜像在使用时要给两个变量：redis主机地址和redis日志级别。

[root@spark32 manifests]# cp deploy-demo.yaml ds-demo.yaml
[root@spark32 manifests]# vim ds-demo.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
      role: logstor
  template:
    metadata:
      labels:
        app: redis
        role: logstor
    spec:
      containers:
      - name: redis
        image: redis:4.0-alpine
        imagePullPolicy: IfNotPresent
        ports:
        - name: redis
          containerPort: 6379
---
apiVersion: v1
kind: Service
metadata:
  name: redis
  namespace: default
spec:
  selector:
    app: redis
    role: logstor
  ports:
  - name: tcp
    port: 6379
    targetPort: 6379
--- 
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: filebeat-ds
  namespace: default
spec:
  selector:
    matchLabels:
      app: filebeat
      release: stable
  template:
    metadata:
      labels:
        app: filebeat
        release: stable
    spec:
      containers:
      - name: filebeat
        image: ikubernetes/filebeat:5.6.5-alpine
        imagePullPolicy: IfNotPresent
        env:
        - name: REDIS_HOST
          value: redis.default.svc.cluster.local
        - name: REDIS_LOG_LEVEL
          value: info

[root@spark32 manifests]# kubectl apply -f ds-demo.yaml 
deployment.apps/redis created
service/redis created
daemonset.apps/filebeat-ds created
[root@spark32 manifests]# kubectl get pods
NAME                           READY   STATUS    RESTARTS   AGE
filebeat-ds-2l7vw              1/1     Running   0          97s
filebeat-ds-fqdmh              1/1     Running   0          97s
filebeat-ds-ql5kc              1/1     Running   0          97s
myapp-deploy-67b6dfcd8-ff9xf   1/1     Running   0          35m
myapp-deploy-67b6dfcd8-msv5x   1/1     Running   0          35m
myapp-deploy-67b6dfcd8-rp9vj   1/1     Running   0          35m
myapp-deploy-67b6dfcd8-wls6h   1/1     Running   0          35m
myapp-deploy-67b6dfcd8-xzgdl   1/1     Running   0          35m
redis-58b9f5776-tsks5          1/1     Running   0          3m59s
[root@spark32 manifests]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP    125d
redis        ClusterIP   10.101.223.105   <none>        6379/TCP   6m16s

【说明】：

master上不会运行这个pod。除非指定Pod能够容忍master上的污点，master上才会也启动一个Pod。
启动一个redis pod，然后在default命名空间定义一个服务叫redis，这样filebeat就会连上那个redis服务了。
在一个清单文件中可定义多个资源，把有关联的资源定义在一起。用 — 分割。
redis应该用StatefulSet来运行，我这里只运行1个，使用Deployment是没问题的，但是别扩展规模，只运行1个。对于redis来讲，还应该使用存储卷，后面的内容会讲，这里先不做了。

DaemonSet滚动更新

DaemonSet也支持滚动更新。

1	$ kubectl explain ds.spec

有个字段：updateStrategy

默认是是OnDelete。

[root@spark32 manifests]# kubectl explain ds.spec.updateStrategy.rollingUpdate
KIND:     DaemonSet
VERSION:  extensions/v1beta1
RESOURCE: rollingUpdate <Object>
DESCRIPTION:
     Rolling update config params. Present only if type = "RollingUpdate".
     Spec to control the desired behavior of daemon set rolling update.
FIELDS:
   maxUnavailable       <string>
     The maximum number of DaemonSet pods that can be unavailable during the
     update. Value can be an absolute number (ex: 5) or a percentage of total
     number of DaemonSet pods at the start of the update (ex: 10%). Absolute
     number is calculated from percentage by rounding up. This cannot be 0.
     Default value is 1. Example: when this is set to 30%, at most 30% of the
     total number of nodes that should be running the daemon pod (i.e.
     status.desiredNumberScheduled) can have their pods stopped for an update at
     any given time. The update starts by stopping at most 30% of those
     DaemonSet pods and then brings up new DaemonSet pods in their place. Once
     the new pods are available, it then proceeds onto other DaemonSet pods,
     thus ensuring that at least 70% of original number of DaemonSet pods are
     available at all times during the update.

DaemonSet的滚动更新字段没有maxSurge。
【注意】：只能先删除在更新。因为一个节点只能运行一个，假如现在3个节点，你要运行4个，第4个运行到哪去。没有可能性，不支持1个节点上运行两个。所以只能是先删除1个，在更新1个。当然也可以一次删除多个。