docker|Kubernetes Pod垂直自动伸缩 etcd|分布式存储|ext|kubernetes

文章图片

VPA 简介

文章图片

VPA全称Vertical Pod Autoscaler，即垂直Pod自动扩缩容，它根据容器资源使用率自动设置CPU和内存的requests，从而允许在节点上进行适当的调度，以便为每个Pod提供适当的资源。
它既可以缩小过度请求资源的容器，也可以根据其使用情况随时提升资源不足的容量。
PS：VPA不会改变Pod的资源limits值。
废话不多说，直接上图，看VPA工作流程：

文章图片

部署metrics-server

文章图片

下载部署清单文件

[root@VM-10-48-centos ~]#wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml

修改components.yaml文件

修改了镜像地址为：scofield/metrics-server:v0.3.7
修改了metrics-server启动参数args

- name: metrics-server image: scofield/metrics-server:v0.3.7 imagePullPolicy: IfNotPresent args: - --cert-dir=/tmp - --secure-port=4443 - /metrics-server - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalIP

执行部署

[root@VM-10-48-centos ~]# kubectlapply -f components.yaml

验证

[root@VM-10-48-centos ~]# kubectl get po -n kube-system | grep metrics-server metrics-server-5b58f4df77-f7nks1/1Running035d# 能获取要top信息视为成功 [root@VM-10-48-centos ~]# kubectl top nodes NAMECPU(cores)CPU%MEMORY(bytes)MEMORY% 10.1.2.15138m3%4207Mi29% 10.1.2.16159m4%3138Mi45% 10.1.2.17147m3%4118Mi59% 10.1.50.282m4%1839Mi55%

部署vertical-pod-autoscaler

文章图片

克隆autoscaler项目

[root@VM-10-48-centos ~]# git clone https://github.com/kubernetes/autoscaler.git

修改部署文件

[root@VM-10-48-centos ~]# cd autoscaler/vertical-pod-autoscaler/deploy admission-controller-deployment.yaml us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-admission-controller:0.8.0 改为 scofield/vpa-admission-controller:0.8.0recommender-deployment.yaml us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-recommender:0.8.0 改为 image: scofield/vpa-recommender:0.8.0updater-deployment.yaml us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-updater:0.8.0 改为 scofield/vpa-updater:0.8.0

部署

[root@VM-10-48-centos ~]# cd autoscaler/vertical-pod-autoscaler [root@VM-10-48-centos ~]# ./hack/vpa-up.sh customresourcedefinition.apiextensions.k8s.io/verticalpodautoscalers.autoscaling.k8s.io created customresourcedefinition.apiextensions.k8s.io/verticalpodautoscalercheckpoints.autoscaling.k8s.io created clusterrole.rbac.authorization.k8s.io/system:metrics-reader created clusterrole.rbac.authorization.k8s.io/system:vpa-actor created clusterrole.rbac.authorization.k8s.io/system:vpa-checkpoint-actor created clusterrole.rbac.authorization.k8s.io/system:evictioner created clusterrolebinding.rbac.authorization.k8s.io/system:metrics-reader created clusterrolebinding.rbac.authorization.k8s.io/system:vpa-actor created clusterrolebinding.rbac.authorization.k8s.io/system:vpa-checkpoint-actor created clusterrole.rbac.authorization.k8s.io/system:vpa-target-reader created clusterrolebinding.rbac.authorization.k8s.io/system:vpa-target-reader-binding created clusterrolebinding.rbac.authorization.k8s.io/system:vpa-evictionter-binding created serviceaccount/vpa-admission-controller created clusterrole.rbac.authorization.k8s.io/system:vpa-admission-controller created clusterrolebinding.rbac.authorization.k8s.io/system:vpa-admission-controller created clusterrole.rbac.authorization.k8s.io/system:vpa-status-reader created clusterrolebinding.rbac.authorization.k8s.io/system:vpa-status-reader-binding created serviceaccount/vpa-updater created deployment.apps/vpa-updater created serviceaccount/vpa-recommender created deployment.apps/vpa-recommender created Generating certs for the VPA Admission Controller in /tmp/vpa-certs. Generating RSA private key, 2048 bit long modulus (2 primes) ............................................................................+++++ .+++++ e is 65537 (0x010001) Generating RSA private key, 2048 bit long modulus (2 primes) ............+++++ ...........................................................................+++++ e is 65537 (0x010001) Signature ok subject=CN = vpa-webhook.kube-system.svc Getting CA Private Key Uploading certs to the cluster. secret/vpa-tls-certs created Deleting /tmp/vpa-certs. deployment.apps/vpa-admission-controller created service/vpa-webhook created

这里如果出现错误：ERROR: Failed to create CA certificate for self-signing. If the error is “unknown option -addext”, update your openssl version or deploy VPA from the vpa-release-0.8 branch
需要升级openssl的版本解决：

[root@VM-10-48-centos ~]# yum install gcc gcc-c++ -y [root@VM-10-48-centos ~]# openssl version -a [root@VM-10-48-centos ~]# wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz && tar zxf openssl-1.1.1k.tar.gz && cd openssl-1.1.1k [root@VM-10-48-centos ~]# ./config [root@VM-10-48-centos ~]# make && make install [root@VM-10-48-centos ~]# mv /usr/local/bin/openssl /usr/local/bin/openssl.bak [root@VM-10-48-centos ~]# mv apps/openssl /usr/local/bin [root@VM-10-48-centos ~]# openssl version -a OpenSSL 1.1.1k25 Mar 2021 (Library: OpenSSL 1.1.1g FIPS21 Apr 2020) built on: Mon Mar 29 23:48:12 2021 UTC platform: linux-x86_64 options:bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\"" OPENSSLDIR: "/etc/pki/tls" ENGINESDIR: "/usr/lib64/engines-1.1" Seeding source: os-specific

再次执行vertical-pod-autoscaler/pkg/admission-controller/gencerts.sh

文章图片

查看结果
可以看到metrics-server和vpa都已经正常运行了。

[root@VM-10-48-centos ~]# kubectl get po -n kube-system | grep -E "metrics-server|vpa" metrics-server-5b58f4df77-f7nks1/1Running035d vpa-admission-controller-7ff888c959-tvtmk1/1Running0104m vpa-recommender-74f69c56cb-zmzwg1/1Running0104m vpa-updater-79b88f9c55-m4xx51/1Running0103m

示例

文章图片

updateMode: Off
1、首先我们部署一个Nginx服务，部署到namespace: vpa中

apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx namespace: vpa spec: replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx resources: requests: cpu: 100m memory: 250Mi

看下结果，正常运行了2个Pod：

[root@VM-10-48-centos ~]# kubectl get po -n vpa NAMEREADYSTATUSRESTARTSAGE nginx-59fdffd754-cb5dn1/1Running08s nginx-59fdffd754-cw8d71/1Running09s

2、创建一个NodePort类型的Service

[root@VM-10-48-centos ~]# cat svc.yaml apiVersion: v1 kind: Service metadata: name: nginx namespace: vpa spec: type: NodePort ports: - port: 80 targetPort: 80 selector: app: nginx[root@VM-10-48-centos ~]# kubectl get svc -n vpa | grep nginx nginxNodePort10.255.253.16680:30895/TCP54s[root@VM-2-16-centos ~]# curl -I 10.1.2.16:30895 HTTP/1.1 200 OK Server: nginx/1.21.1 Date: Fri, 09 Jul 2021 09:54:58 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 06 Jul 2021 14:59:17 GMT Connection: keep-alive ETag: "60e46fc5-264" Accept-Ranges: bytes

3、创建VPA
这里先使用updateMode: " Off" 模式，这种模式仅获取资源推荐，但不更新Pod

[root@VM-10-48-centos ~]# cat nginx-vpa-demo.yaml apiVersion: autoscaling.k8s.io/v1beta2 kind: VerticalPodAutoscaler metadata: name: nginx-vpa namespace: vpa spec: targetRef: apiVersion: "apps/v1" kind: Deployment name: nginx updatePolicy: updateMode: "Off" resourcePolicy: containerPolicies: - containerName: "nginx" minAllowed: cpu: "250m" memory: "100Mi" maxAllowed: cpu: "2000m" memory: "2048Mi"

4、查看部署结果

[root@VM-10-48-centos ~]# kubectl get vpa -n vpa NAMEMODECPUMEMPROVIDEDAGE nginx-vpaOff7s

5、使用describe查看vpa详情，主要关注Container Recommendations

[root@VM-10-48-centos ~]# kubectl describe vpa nginx-vpa -n vpa Name:nginx-vpa Namespace:vpa Spec: Resource Policy: Container Policies: Container Name:nginx Max Allowed: Cpu:2000m Memory:2048Mi Min Allowed: Cpu:250m Memory:100Mi Target Ref: API Version:apps/v1 Kind:Deployment Name:nginx Update Policy: Update Mode:Off Status: Conditions: Last Transition Time:2021-07-09T09:59:50Z Status:True Type:RecommendationProvided Recommendation: Container Recommendations: Container Name:nginx Lower Bound: Cpu:250m Memory:262144k Target: Cpu:250m Memory:262144k Uncapped Target: Cpu:25m Memory:262144k Upper Bound: Cpu:670m Memory:700542995

其中：

Lower Bound:下限值 Target:推荐值 Upper Bound:上限值 Uncapped Target:如果没有为VPA提供最小或最大边界，则表示目标利用率上述结果表明，推荐的Pod的CPU请求为25m，推荐的内存请求为262144k字节。

6、现在对Nginx进行压测
执行压测命令：

[root@VM-10-48-centos ~]# ab -c 100 -n 10000000 http://10.1.2.16:30895/ This is ApacheBench, Version 2.3 <$Revision: 1430300 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking 10.1.2.16 (be patient)Completed 1000000 requests Completed 2000000 requests Completed 3000000 requests

7、几分钟后再观察VPA Recommendation变化

[root@VM-10-48-centos ~]# kubectl describe vpa -n vpa nginx-vpa | tail -n 20 Conditions: Last Transition Time:2021-07-09T09:59:50Z Status:True Type:RecommendationProvided Recommendation: Container Recommendations: Container Name:nginx Lower Bound: Cpu:250m Memory:262144k Target: Cpu:1643m Memory:262144k Uncapped Target: Cpu:1643m Memory:262144k Upper Bound: Cpu:2 Memory:562581530 Events:

从输出信息可以看出，VPA对Pod给出了推荐值：Cpu: 1643m，因为我们这里设置了updateMode: " Off" ，所以不会更新Pod。
updateMode: Auto
1、把updateMode: “Auto”，看看VPA会有什么动作
这里把resources改为：memory: 50Mi，cpu: 100m

[root@VM-10-48-centos ~]# kubectl get po -n vpa NAMEREADYSTATUSRESTARTSAGE nginx-5594c66dc6-lzs671/1Running026s nginx-5594c66dc6-zk6h91/1Running021s

2、再次部署VPA，这里VPA部署文件nginx-vpa-demo.yaml只改了updateMode: "Auto"

[root@k8s-node001 examples]# catnginx-vpa-demo.yaml apiVersion: autoscaling.k8s.io/v1beta2 kind: VerticalPodAutoscaler metadata: name: nginx-vpa-2 namespace: vpa spec: targetRef: apiVersion: "apps/v1" kind: Deployment name: nginx updatePolicy: updateMode: "Auto" resourcePolicy: containerPolicies: - containerName: "nginx" minAllowed: cpu: "250m" memory: "100Mi" maxAllowed: cpu: "2000m" memory: "2048Mi"

3、再次压测

[root@VM-10-48-centos ~]# ab -c 100 -n 10000000 http://10.1.2.16:30895/

4、几分钟后，使用describe查看vpa详情，同样只关注Container Recommendations

[root@VM-10-48-centos ~]# kubectl describe vpa nginx-vpa-n vpa | tail -n 20 Conditions: Last Transition Time:2021-07-09T09:59:50Z Status:True Type:RecommendationProvided Recommendation: Container Recommendations: Container Name:nginx Lower Bound: Cpu:250m Memory:262144k Target: Cpu:1643m Memory:262144k Uncapped Target: Cpu:1643m Memory:262144k Upper Bound: Cpu:2 Memory:511550327 Events:

Target变成了Cpu:1643m ，Memory:262144k。
5、来看下event事件

[root@VM-10-48-centos ~]# kubectl get event -n vpa LAST SEENTYPEREASONOBJECTMESSAGE 38sNormalScheduledpod/nginx-5594c66dc6-d8d6hSuccessfully assigned vpa/nginx-5594c66dc6-d8d6h to 10.1.2.16 38sNormalPullingpod/nginx-5594c66dc6-d8d6hPulling image "nginx" 37sNormalPulledpod/nginx-5594c66dc6-d8d6hSuccessfully pulled image "nginx" 37sNormalCreatedpod/nginx-5594c66dc6-d8d6hCreated container nginx 37sNormalStartedpod/nginx-5594c66dc6-d8d6hStarted container nginx 3m10sNormalScheduledpod/nginx-5594c66dc6-lzs67Successfully assigned vpa/nginx-5594c66dc6-lzs67 to 10.1.2.15 3m9sNormalPullingpod/nginx-5594c66dc6-lzs67Pulling image "nginx" 3m5sNormalPulledpod/nginx-5594c66dc6-lzs67Successfully pulled image "nginx" 3m5sNormalCreatedpod/nginx-5594c66dc6-lzs67Created container nginx 3m5sNormalStartedpod/nginx-5594c66dc6-lzs67Started container nginx 99sNormalEvictedByVPApod/nginx-5594c66dc6-lzs67Pod was evicted by VPA Updater to apply resource recommendation. 99sNormalKillingpod/nginx-5594c66dc6-lzs67Stopping container nginx 98sNormalScheduledpod/nginx-5594c66dc6-tdmnhSuccessfully assigned vpa/nginx-5594c66dc6-tdmnh to 10.1.2.15 98sNormalPullingpod/nginx-5594c66dc6-tdmnhPulling image "nginx" 97sNormalPulledpod/nginx-5594c66dc6-tdmnhSuccessfully pulled image "nginx" 97sNormalCreatedpod/nginx-5594c66dc6-tdmnhCreated container nginx 97sNormalStartedpod/nginx-5594c66dc6-tdmnhStarted container nginx 3m5sNormalScheduledpod/nginx-5594c66dc6-zk6h9Successfully assigned vpa/nginx-5594c66dc6-zk6h9 to 10.1.2.17 3m4sNormalPullingpod/nginx-5594c66dc6-zk6h9Pulling image "nginx" 3mNormalPulledpod/nginx-5594c66dc6-zk6h9Successfully pulled image "nginx" 2m59sNormalCreatedpod/nginx-5594c66dc6-zk6h9Created container nginx 2m59sNormalStartedpod/nginx-5594c66dc6-zk6h9Started container nginx 39sNormalEvictedByVPApod/nginx-5594c66dc6-zk6h9Pod was evicted by VPA Updater to apply resource recommendation. 39sNormalKillingpod/nginx-5594c66dc6-zk6h9Stopping container nginx 3m10sNormalSuccessfulCreatereplicaset/nginx-5594c66dc6Created pod: nginx-5594c66dc6-lzs67 3m5sNormalSuccessfulCreatereplicaset/nginx-5594c66dc6Created pod: nginx-5594c66dc6-zk6h9 99sNormalSuccessfulCreatereplicaset/nginx-5594c66dc6Created pod: nginx-5594c66dc6-tdmnh 38sNormalSuccessfulCreatereplicaset/nginx-5594c66dc6Created pod: nginx-5594c66dc6-d8d6h 35mNormalScheduledpod/nginx-59fdffd754-cb5dnSuccessfully assigned vpa/nginx-59fdffd754-cb5dn to 10.1.2.16 35mNormalPullingpod/nginx-59fdffd754-cb5dnPulling image "nginx" 35mNormalPulledpod/nginx-59fdffd754-cb5dnSuccessfully pulled image "nginx" 35mNormalCreatedpod/nginx-59fdffd754-cb5dnCreated container nginx 35mNormalStartedpod/nginx-59fdffd754-cb5dnStarted container nginx 3m5sNormalKillingpod/nginx-59fdffd754-cb5dnStopping container nginx 35mNormalScheduledpod/nginx-59fdffd754-cw8d7Successfully assigned vpa/nginx-59fdffd754-cw8d7 to 10.1.2.16 35mNormalPullingpod/nginx-59fdffd754-cw8d7Pulling image "nginx" 35mNormalPulledpod/nginx-59fdffd754-cw8d7Successfully pulled image "nginx" 35mNormalCreatedpod/nginx-59fdffd754-cw8d7Created container nginx 35mNormalStartedpod/nginx-59fdffd754-cw8d7Started container nginx 2m58sNormalKillingpod/nginx-59fdffd754-cw8d7Stopping container nginx 35mNormalSuccessfulCreatereplicaset/nginx-59fdffd754Created pod: nginx-59fdffd754-cw8d7 35mNormalSuccessfulCreatereplicaset/nginx-59fdffd754Created pod: nginx-59fdffd754-cb5dn 3m5sNormalSuccessfulDeletereplicaset/nginx-59fdffd754Deleted pod: nginx-59fdffd754-cb5dn 2m58sNormalSuccessfulDeletereplicaset/nginx-59fdffd754Deleted pod: nginx-59fdffd754-cw8d7 35mNormalScalingReplicaSetdeployment/nginxScaled up replica set nginx-59fdffd754 to 2 34mNormalEnsuringServiceservice/nginxDeleted Loadbalancer 34mNormalEnsureServiceSuccessservice/nginxService Sync Success. RetrunCode: S2000 3m10sNormalScalingReplicaSetdeployment/nginxScaled up replica set nginx-5594c66dc6 to 1 3m5sNormalScalingReplicaSetdeployment/nginxScaled down replica set nginx-59fdffd754 to 1 3m5sNormalScalingReplicaSetdeployment/nginxScaled up replica set nginx-5594c66dc6 to 2 2m58sNormalScalingReplicaSetdeployment/nginxScaled down replica set nginx-59fdffd754 to 0

从输出信息可以了解到，VPA执行了EvictedByVPA，自动停掉了Nginx，然后使用 VPA推荐的资源启动了新的Nginx，我们查看下Nginx的Pod可以得到确认。

[root@VM-10-48-centos ~]# kubectl describe po -n vpa nginx-5594c66dc6-d8d6h Name:nginx-5594c66dc6-d8d6h Namespace:vpa Priority:0 Node:10.1.2.16/10.1.2.16 Start Time:Fri, 09 Jul 2021 18:09:26 +0800 Labels:app=nginx pod-template-hash=5594c66dc6 Annotations:tke.cloud.tencent.com/networks-status: [{ "name": "tke-bridge", "interface": "eth0", "ips": [ "10.252.1.50" ], "mac": "e6:38:26:0b:c5:97", "default": true, "dns": {} }] vpaObservedContainers: nginx vpaUpdates: Pod resources updated by nginx-vpa: container 0: cpu request, memory request Status:Running IP:10.252.1.50 IPs: IP:10.252.1.50 Controlled By:ReplicaSet/nginx-5594c66dc6 Containers: nginx: Container ID:docker://42e45f5f122ba658e293395d78a073cfe51534c773f9419a179830fd6d1698ea Image:nginx Image ID:docker-pullable://nginx@sha256:8df46d7414eda82c2a8c9c50926545293811ae59f977825845dda7d558b4125b Port: Host Port: State:Running Started:Fri, 09 Jul 2021 18:09:27 +0800 Ready:True Restart Count:0 Requests: cpu:1643m memory:262144k Environment: Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-m2j2z (ro)

看重点Requests：cpu: 1643m，memory: 262144k
再回头看看部署文件：

requests: cpu: 100m memory: 50Mi

现在可以知道VPA做了哪些事了吧。当然，随着服务的负载的变化，VPA的推荐之也会不断变化。当目前运行的pod的资源达不到VPA的推荐值，就会执行pod驱逐，重新部署新的足够资源的服务。
VPA使用限制

不能与HPA（Horizontal Pod Autoscaler）一起使用
Pod比如使用副本控制器，例如属于Deployment或者StatefulSet

VPA有啥好处

Pod资源用其所需，所以集群节点使用效率高。
Pod会被安排到具有适当可用资源的节点上。
不必运行基准测试任务来确定CPU和内存请求的合适值。
VPA可以随时调整CPU和内存请求，无需人为操作，因此可以减少维护时间。

原文链接：https://devops.cloudcared.cn/2021/07/07/bbbfe7f5a901/
Kubernetes管理员（CKA）培训

文章图片

本次培训在上海开班，基于最新考纲，通过线下授课、考题解读、模拟演练等方式，帮助学员快速掌握Kubernetes的理论知识和专业技能，并针对考试做特别强化训练，让学员能从容面对CKA认证考试，使学员既能掌握Kubernetes相关知识，又能通过CKA认证考试，学员可多次参加培训，直到通过认证。点击下方图片或者阅读原文链接查看详情。
【docker|Kubernetes Pod垂直自动伸缩】