# Kubernetes 201 ## 扩展应用 通过修改 Deployment 中副本的数量(replicas),可以动态扩展或收缩应用: ![scale](https://1674448607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LDAOok5ngY4pc1lEDes-887967055%2Fuploads%2Fgit-blob-fb69d29b2030f825f90b6dbcd5563e86e96bcf7c%2Fscale%20\(3\).png?alt=media) 这些自动扩展的容器会自动加入到 service 中,而收缩回收的容器也会自动从 service 中删除。 ```bash $ kubectl scale --replicas=3 deployment/nginx-app $ kubectl get deploy NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE nginx-app 3 3 3 3 10m ``` ## 滚动升级 滚动升级(Rolling Update)通过逐个容器替代升级的方式来实现无中断的服务升级: ``` kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2 ``` ![update1](https://1674448607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LDAOok5ngY4pc1lEDes-887967055%2Fuploads%2Fgit-blob-5dfc064b534d9883898477d6696f212af13cbaa4%2Fupdate1%20\(3\).png?alt=media) ![update2](https://1674448607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LDAOok5ngY4pc1lEDes-887967055%2Fuploads%2Fgit-blob-7a294037e0fbc0532950d4b9a6fd49acef6d2f23%2Fupdate2.png?alt=media) ![update3](https://1674448607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LDAOok5ngY4pc1lEDes-887967055%2Fuploads%2Fgit-blob-6929d011c4c19c4989b15e34fd39e68199d9e058%2Fupdate3%20\(1\).png?alt=media) ![update4](https://1674448607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LDAOok5ngY4pc1lEDes-887967055%2Fuploads%2Fgit-blob-026477310a561feaed8a2760e1f0d9a4776381a2%2Fupdate4.png?alt=media) 在滚动升级的过程中,如果发现了失败或者配置错误,还可以随时回滚: ``` kubectl rolling-update frontend-v1 frontend-v2 --rollback ``` 需要注意的是,`kubectl rolling-update` 只针对 ReplicationController。对于更新策略是 RollingUpdate 的 Deployment(Deployment 可以在 spec 中设置更新策略为 RollingUpdate,默认就是 RollingUpdate),更新应用后会自动滚动升级: ```yaml spec: replicas: 3 selector: matchLabels: run: nginx-app strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate ``` 而更新应用的话,就可以直接用 `kubectl set` 命令: ```bash kubectl set image deployment/nginx-app nginx-app=nginx:1.9.1 ``` 滚动升级的过程可以用 `rollout` 命令查看: ```bash $ kubectl rollout status deployment/nginx-app Waiting for rollout to finish: 2 out of 3 new replicas have been updated... Waiting for rollout to finish: 2 of 3 updated replicas are available... Waiting for rollout to finish: 2 of 3 updated replicas are available... Waiting for rollout to finish: 2 of 3 updated replicas are available... Waiting for rollout to finish: 2 of 3 updated replicas are available... Waiting for rollout to finish: 2 of 3 updated replicas are available... deployment "nginx-app" successfully rolled out ``` Deployment 也支持回滚: ```bash $ kubectl rollout history deployment/nginx-app deployments "nginx-app" REVISION CHANGE-CAUSE 1 2 $ kubectl rollout undo deployment/nginx-app deployment "nginx-app" rolled back ``` ## 资源限制 Kubernetes 通过 cgroups 提供容器资源管理的功能,可以限制每个容器的 CPU 和内存使用,比如对于刚才创建的 deployment,可以通过下面的命令限制 nginx 容器最多只用 50% 的 CPU 和 128MB 的内存: ```bash $ kubectl set resources deployment nginx-app -c=nginx --limits=cpu=500m,memory=128Mi deployment "nginx" resource requirements updated ``` 这等同于在每个 Pod 中设置 resources limits: ```yaml apiVersion: v1 kind: Pod metadata: labels: app: nginx name: nginx spec: containers: - image: nginx name: nginx resources: limits: cpu: "500m" memory: "128Mi" ``` ## 健康检查 Kubernetes 作为一个面向应用的集群管理工具,需要确保容器在部署后确实处在正常的运行状态。Kubernetes 提供了两种探针(Probe,支持 exec、tcpSocket 和 http 方式)来探测容器的状态: * LivenessProbe:探测应用是否处于健康状态,如果不健康则删除并重新创建容器 * ReadinessProbe:探测应用是否启动完成并且处于正常服务状态,如果不正常则不会接收来自 Kubernetes Service 的流量 对于已经部署的 deployment,可以通过 `kubectl edit deployment/nginx-app` 来更新 manifest,增加健康检查部分: ```yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: nginx name: nginx-default spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx imagePullPolicy: Always name: http resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File resources: limits: cpu: "500m" memory: "128Mi" livenessProbe: httpGet: path: / port: 80 initialDelaySeconds: 15 timeoutSeconds: 1 readinessProbe: httpGet: path: / port: 80 initialDelaySeconds: 5 timeoutSeconds: 1 ```