1、什么是守护进程

有以下这样一个商品场景:
1、用户在商城查询商品信息,查询商品信息的时候需要登录用户,如果用户想要下单,需要提交到订单服务,最后下单完成后,需要更新仓库的商品数量信息。
2、如果每一个流程都是后端的一个微服务pod形式,那么如果在某个环节出错,那我们需要去查日志,首先需要去查询商品微服务这个Pod的日志,如果日志没有错误信息,在去查用户这个微服务的Pod日志,如果没有,继续查询其他的日志。
3、如果每次这样去查询的日志的时候,就会很麻烦,不利于解决问题。
4、这次有人会想,那每个node上都装一个日志收集器就可以了,这样其实也可以,但k8s给我们提供了一种更好的的方案----守护资源。

在这里插入图片描述

2、配置文件

apiVersion: apps/v1
kind: DaemonSet   # 创建 DaemonSet 守护资源
metadata:
  name: fluentd  # DaemonSet 名字
spec:
  selector:   # 选择器
    matchLabels: 
    app: logging  # 选择器通过标签匹配pod节点
  template:
    metadata:
      labels:   # 标签
        app: logging
        id: fluentd
      name: fluentd  # pod的名字 
    spec:
      containers:
      - name: fluentd-es  # 容器名字
        image: agilestacks/fluentd-elasticsearch:v1.3.0
        env:   # 环境变量
        - name: FLUENTD_ARGS  # 环境变量的key
          value: -qq          # 环境变量的值
        volumeMounts:   # 加载数据卷,避免数据丢失
        - name: containers  # 数据卷的名字
          mountPath: /var/lib/docker/containers # 数据卷挂载到容器的哪个目录
        - name: varlog  # 数据卷名字
          mountPath: /var/log
      volumes: # 定义数据卷
      - hostPath:  # 数据卷类型,主机路径的模式,也就是与node共享目录
          path: /var/lib/docker/containers  # node中的共享目录
        name: containers  #定义数据卷名称
      - hostPath:
          path: /var/log
        name: varlog

3、使用DaemonSet守护进程

  • DaemonSet会忽略Node的unschedulable状态,有两种方式来指定Pod只运行在指定的Node节点上:
  • nodeSelector:只调度到匹配指定label的Node上
  • nodeAffinity:功能更丰富的Node选择器,比如支持集合操作
  • podAffinity:调度到满足条件的Pod所在的Node上

3.1 创建DaemonSet(不添加选择器)会如何?

如果在创建DaemonSet的时候,不添加选择器

在这里插入图片描述

创建资源的时候会提示我们必须要设置选择器

[root@k8s-master ~]# kubectl create -f fluentd.yaml
The DaemonSet "fluentd" is invalid: spec.template.metadata.labels: Invalid value: map[string]string{"app":"logging", "id":"fluentd"}: `selector` does not match template `labels`

3.2 创建DaemonSet资源(添加选择器)

[root@k8s-master ~]# kubectl create -f fluentd.yaml
daemonset.apps/fluentd created

3.3 查看daemonset的状态

可以看到给我们创建了2个fluentd资源,reday 0个,up-to-date 2个

[root@k8s-master ~]# kubectl get daemonsets.apps  fluentd
NAME      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
fluentd   2         2         0       2            0           <none>          18s

3.4 查看daemonset的描述信息

可以看到创建了两个pod信息

[root@k8s-master ~]# kubectl describe daemonsets.apps  fluentd
Name:           fluentd
Selector:       app=logging
Node-Selector:  <none>
Labels:         <none>
Annotations:    deprecated.daemonset.template.generation: 1
Desired Number of Nodes Scheduled: 2
Current Number of Nodes Scheduled: 2
Number of Nodes Scheduled with Up-to-date Pods: 2
Number of Nodes Scheduled with Available Pods: 0
Number of Nodes Misscheduled: 0
Pods Status:  0 Running / 2 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:  app=logging
           id=fluentd
  Containers:
   fluentd-es:
    Image:      agilestacks/fluentd-elasticsearch:v1.3.0
    Port:       <none>
    Host Port:  <none>
    Environment:
      FLUENTD_ARGS:  -qq
    Mounts:
      /var/lib/docker/containers from containers (rw)
      /varlog from varlog (rw)
  Volumes:
   containers:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/docker/containers
    HostPathType:
   varlog:
    Type:          HostPath (bare host directory volume)
    Path:          /var/log
    HostPathType:
Events:
  Type    Reason            Age   From                  Message
  ----    ------            ----  ----                  -------
  Normal  SuccessfulCreate  35s   daemonset-controller  Created pod: fluentd-5rz5d
  Normal  SuccessfulCreate  35s   daemonset-controller  Created pod: fluentd-6kpbr

3.5 查看pod状态

查看到fluentd的这个pod还在创建中

[root@k8s-master ~]# kubectl get pod
NAME            READY   STATUS              RESTARTS      AGE
dns-test        1/1     Running             1 (16h ago)   16h
fluentd-5rz5d   0/1     ContainerCreating   0             54s
fluentd-6kpbr   0/1     ContainerCreating   0             54s

3.6 查看pod的描述信息

从events事件中可以看到在拉取镜像和启动pod,并且已经启动成功

[root@k8s-master ~]# kubectl describe  po fluentd-5rz5d
Name:             fluentd-5rz5d
Namespace:        default
Priority:         0
Service Account:  default
Node:             k8s-node-01/10.10.10.177
Start Time:       Sat, 24 Feb 2024 19:43:29 +0800
Labels:           app=logging
                  controller-revision-hash=5c58fcb7d4
                  id=fluentd
                  pod-template-generation=1
Annotations:      <none>
Status:           Running
IP:               10.2.2.28
IPs:
  IP:           10.2.2.28
Controlled By:  DaemonSet/fluentd
Containers:
  fluentd-es:
    Container ID:   docker://d5bf8b2018b02edb79e410041a0f0764efb472801ab446ff672631ef1904ff7e
    Image:          agilestacks/fluentd-elasticsearch:v1.3.0
    Image ID:       docker-pullable://agilestacks/fluentd-elasticsearch@sha256:9a5bd621f61191ac3bc88b8489dee4b711b22bf675cb5d99c7f0a99603e18b82
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Sat, 24 Feb 2024 19:45:30 +0800
    Ready:          True
    Restart Count:  0
    Environment:
      FLUENTD_ARGS:  -qq
    Mounts:
      /var/lib/docker/containers from containers (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rtc4b (ro)
      /varlog from varlog (rw)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  containers:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/docker/containers
    HostPathType:
  varlog:
    Type:          HostPath (bare host directory volume)
    Path:          /var/log
    HostPathType:
  kube-api-access-rtc4b:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/disk-pressure:NoSchedule op=Exists
                             node.kubernetes.io/memory-pressure:NoSchedule op=Exists
                             node.kubernetes.io/not-ready:NoExecute op=Exists
                             node.kubernetes.io/pid-pressure:NoSchedule op=Exists
                             node.kubernetes.io/unreachable:NoExecute op=Exists
                             node.kubernetes.io/unschedulable:NoSchedule op=Exists
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  2m6s  default-scheduler  Successfully assigned default/fluentd-5rz5d to k8s-node-01
  Normal  Pulling    2m6s  kubelet            Pulling image "agilestacks/fluentd-elasticsearch:v1.3.0"
  Normal  Pulled     7s    kubelet            Successfully pulled image "agilestacks/fluentd-elasticsearch:v1.3.0" in 1m58.498496853s
  Normal  Created    6s    kubelet            Created container fluentd-es
  Normal  Started    6s    kubelet            Started container fluentd-es

3.7 Pod已经成功运行,并且运行在了非master节点上

node节点上并没有我们设置的选择器标签”app=logging“,他会自动创建资源并且运行在非master节点上。

[root@k8s-master ~]# kubectl get po
NAME            READY   STATUS    RESTARTS      AGE
dns-test        1/1     Running   1 (16h ago)   16h
fluentd-5rz5d   1/1     Running   0             2m14s
fluentd-6kpbr   1/1     Running   0             2m14s
[root@k8s-master ~]# kubectl get po  -o wide
NAME            READY   STATUS    RESTARTS      AGE     IP          NODE          NOMINATED NODE   READINESS GATES
dns-test        1/1     Running   1 (16h ago)   16h     10.2.1.38   k8s-node-02   <none>           <none>
fluentd-5rz5d   1/1     Running   0             2m28s   10.2.2.28   k8s-node-01   <none>           <none>
fluentd-6kpbr   1/1     Running   0             2m28s   10.2.1.50   k8s-node-02   <none>           <none>


# node节点上并没有我们设置的选择器标签”app=logging“
[root@k8s-master ~]#  kubectl get nodes  --show-labels
NAME          STATUS   ROLES           AGE     VERSION   LABELS
k8s-master    Ready    control-plane   4d21h   v1.25.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=
k8s-node-01   Ready    <none>          4d20h   v1.25.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-01,kubernetes.io/os=linux
k8s-node-02   Ready    <none>          2d21h   v1.25.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-02,kubernetes.io/os=linu

3.8 给node-01节点添加一个标签

[root@k8s-master ~]# kubectl label nodes k8s-node-01  type=microsvc --overwrite
node/k8s-node-01 labeled
[root@k8s-master ~]# kubectl get nodes  --show-labels
NAME          STATUS   ROLES           AGE     VERSION   LABELS
k8s-master    Ready    control-plane   4d22h   v1.25.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=
k8s-node-01   Ready    <none>          4d21h   v1.25.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-01,kubernetes.io/os=linux,type=microsvc
k8s-node-02   Ready    <none>          2d21h   v1.25.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-02,kubernetes.io/os=linux

3.9 通过edit选项设置一个node选择器

在这里插入图片描述

3.10 查看DaemonSet资源的状态

如下代码中可以看到DaemonSet的资源变为了1个,reday也是1个,这是由于刚才我们给node-01节点打上了标签,所以只在node-01上有pod,node-02上是没有,如果给node-02上打上标签,node-02上也有会这个pod。

[root@k8s-master ~]# kubectl get daemonsets.apps  fluentd
NAME      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
fluentd   1         1         1       1            1           type=microsvc   39m


[root@k8s-master ~]# kubectl get po -o wide
NAME            READY   STATUS    RESTARTS      AGE   IP          NODE          NOMINATED NODE   READINESS GATES
dns-test        1/1     Running   1 (17h ago)   17h   10.2.1.38   k8s-node-02   <none>           <none>
fluentd-59k8k   1/1     Running   0             22s   10.2.2.29   k8s-node-01   <none>           <none>

3.11 给node-02也添加一个标签

[root@k8s-master ~]# kubectl label nodes k8s-node-02 type=microsvc
node/k8s-node-02 labeled
[root@k8s-master ~]# kubectl get daemonsets.apps  fluentd
NAME      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
fluentd   2         2         2       2            2           type=microsvc   42m
[root@k8s-master ~]# kubectl get po -o wide
NAME            READY   STATUS    RESTARTS      AGE     IP          NODE          NOMINATED NODE   READINESS GATES
dns-test        1/1     Running   1 (17h ago)   17h     10.2.1.38   k8s-node-02   <none>           <none>
fluentd-59k8k   1/1     Running   0             3m35s   10.2.2.29   k8s-node-01   <none>           <none>
fluentd-hhtls   1/1     Running   0             5s      10.2.1.51   k8s-node-02   <none>           <none>

3.12 DaemonSet的滚动更新

不建议使用RollingUpdate,建议使用OnDelete模式,这样避免频繁更新导致资源的浪费

3.12.1 查看DaemonSet的默认更新方式

在这里插入图片描述

3.12.2 建议设置为OnDelete

在这里插入图片描述

# kubernetes # 容器 # 云原生
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes