docker|Kubernetes Pod垂直自动伸缩
文章图片
VPA 简介
文章图片
VPA全称Vertical Pod Autoscaler,即垂直Pod自动扩缩容,它根据容器资源使用率自动设置CPU和内存的requests,从而允许在节点上进行适当的调度,以便为每个Pod提供适当的资源。
它既可以缩小过度请求资源的容器,也可以根据其使用情况随时提升资源不足的容量。
PS:VPA不会改变Pod的资源limits值。
废话不多说,直接上图,看VPA工作流程:
文章图片
部署metrics-server
文章图片
下载部署清单文件
[root@VM-10-48-centos ~]#wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml
修改components.yaml文件
- 修改了镜像地址为:scofield/metrics-server:v0.3.7
- 修改了metrics-server启动参数args
- name: metrics-server
image: scofield/metrics-server:v0.3.7
imagePullPolicy: IfNotPresent
args:
- --cert-dir=/tmp
- --secure-port=4443
- /metrics-server
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
执行部署
[root@VM-10-48-centos ~]# kubectlapply -f components.yaml
验证
[root@VM-10-48-centos ~]# kubectl get po -n kube-system | grep metrics-server
metrics-server-5b58f4df77-f7nks1/1Running035d# 能获取要top信息视为成功
[root@VM-10-48-centos ~]# kubectl top nodes
NAMECPU(cores)CPU%MEMORY(bytes)MEMORY%
10.1.2.15138m3%4207Mi29%
10.1.2.16159m4%3138Mi45%
10.1.2.17147m3%4118Mi59%
10.1.50.282m4%1839Mi55%
部署vertical-pod-autoscaler
文章图片
克隆autoscaler项目
[root@VM-10-48-centos ~]# git clone https://github.com/kubernetes/autoscaler.git
修改部署文件
[root@VM-10-48-centos ~]# cd autoscaler/vertical-pod-autoscaler/deploy
admission-controller-deployment.yaml
us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-admission-controller:0.8.0
改为
scofield/vpa-admission-controller:0.8.0recommender-deployment.yaml
us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-recommender:0.8.0
改为
image: scofield/vpa-recommender:0.8.0updater-deployment.yaml
us.gcr.io/k8s-artifacts-prod/autoscaling/vpa-updater:0.8.0
改为
scofield/vpa-updater:0.8.0
部署
[root@VM-10-48-centos ~]# cd autoscaler/vertical-pod-autoscaler
[root@VM-10-48-centos ~]# ./hack/vpa-up.sh
customresourcedefinition.apiextensions.k8s.io/verticalpodautoscalers.autoscaling.k8s.io created
customresourcedefinition.apiextensions.k8s.io/verticalpodautoscalercheckpoints.autoscaling.k8s.io created
clusterrole.rbac.authorization.k8s.io/system:metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:vpa-actor created
clusterrole.rbac.authorization.k8s.io/system:vpa-checkpoint-actor created
clusterrole.rbac.authorization.k8s.io/system:evictioner created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-actor created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-checkpoint-actor created
clusterrole.rbac.authorization.k8s.io/system:vpa-target-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-target-reader-binding created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-evictionter-binding created
serviceaccount/vpa-admission-controller created
clusterrole.rbac.authorization.k8s.io/system:vpa-admission-controller created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-admission-controller created
clusterrole.rbac.authorization.k8s.io/system:vpa-status-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-status-reader-binding created
serviceaccount/vpa-updater created
deployment.apps/vpa-updater created
serviceaccount/vpa-recommender created
deployment.apps/vpa-recommender created
Generating certs for the VPA Admission Controller in /tmp/vpa-certs.
Generating RSA private key, 2048 bit long modulus (2 primes)
............................................................................+++++
.+++++
e is 65537 (0x010001)
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
...........................................................................+++++
e is 65537 (0x010001)
Signature ok
subject=CN = vpa-webhook.kube-system.svc
Getting CA Private Key
Uploading certs to the cluster.
secret/vpa-tls-certs created
Deleting /tmp/vpa-certs.
deployment.apps/vpa-admission-controller created
service/vpa-webhook created
这里如果出现错误:ERROR: Failed to create CA certificate for self-signing. If the error is “unknown option -addext”, update your openssl version or deploy VPA from the vpa-release-0.8 branch
需要升级openssl的版本解决:
[root@VM-10-48-centos ~]# yum install gcc gcc-c++ -y
[root@VM-10-48-centos ~]# openssl version -a
[root@VM-10-48-centos ~]# wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz && tar zxf openssl-1.1.1k.tar.gz && cd openssl-1.1.1k
[root@VM-10-48-centos ~]# ./config
[root@VM-10-48-centos ~]# make && make install
[root@VM-10-48-centos ~]# mv /usr/local/bin/openssl /usr/local/bin/openssl.bak
[root@VM-10-48-centos ~]# mv apps/openssl /usr/local/bin
[root@VM-10-48-centos ~]# openssl version -a
OpenSSL 1.1.1k25 Mar 2021 (Library: OpenSSL 1.1.1g FIPS21 Apr 2020)
built on: Mon Mar 29 23:48:12 2021 UTC
platform: linux-x86_64
options:bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\""
OPENSSLDIR: "/etc/pki/tls"
ENGINESDIR: "/usr/lib64/engines-1.1"
Seeding source: os-specific
再次执行vertical-pod-autoscaler/pkg/admission-controller/gencerts.sh
文章图片
查看结果
可以看到metrics-server和vpa都已经正常运行了。
[root@VM-10-48-centos ~]# kubectl get po -n kube-system | grep -E "metrics-server|vpa"
metrics-server-5b58f4df77-f7nks1/1Running035d
vpa-admission-controller-7ff888c959-tvtmk1/1Running0104m
vpa-recommender-74f69c56cb-zmzwg1/1Running0104m
vpa-updater-79b88f9c55-m4xx51/1Running0103m
示例
文章图片
updateMode: Off
1、首先我们部署一个Nginx服务,部署到namespace: vpa中
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
namespace: vpa
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
cpu: 100m
memory: 250Mi
看下结果,正常运行了2个Pod:
[root@VM-10-48-centos ~]# kubectl get po -n vpa
NAMEREADYSTATUSRESTARTSAGE
nginx-59fdffd754-cb5dn1/1Running08s
nginx-59fdffd754-cw8d71/1Running09s
2、创建一个NodePort类型的Service
[root@VM-10-48-centos ~]# cat svc.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: vpa
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
selector:
app: nginx[root@VM-10-48-centos ~]# kubectl get svc -n vpa | grep nginx
nginxNodePort10.255.253.16680:30895/TCP54s[root@VM-2-16-centos ~]# curl -I 10.1.2.16:30895
HTTP/1.1 200 OK
Server: nginx/1.21.1
Date: Fri, 09 Jul 2021 09:54:58 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 06 Jul 2021 14:59:17 GMT
Connection: keep-alive
ETag: "60e46fc5-264"
Accept-Ranges: bytes
3、创建VPA
这里先使用updateMode: " Off" 模式,这种模式仅获取资源推荐,但不更新Pod
[root@VM-10-48-centos ~]# cat nginx-vpa-demo.yaml
apiVersion: autoscaling.k8s.io/v1beta2
kind: VerticalPodAutoscaler
metadata:
name: nginx-vpa
namespace: vpa
spec:
targetRef:
apiVersion: "apps/v1"
kind: Deployment
name: nginx
updatePolicy:
updateMode: "Off"
resourcePolicy:
containerPolicies:
- containerName: "nginx"
minAllowed:
cpu: "250m"
memory: "100Mi"
maxAllowed:
cpu: "2000m"
memory: "2048Mi"
4、查看部署结果
[root@VM-10-48-centos ~]# kubectl get vpa -n vpa
NAMEMODECPUMEMPROVIDEDAGE
nginx-vpaOff7s
5、使用describe查看vpa详情,主要关注Container Recommendations
[root@VM-10-48-centos ~]# kubectl describe vpa nginx-vpa -n vpa
Name:nginx-vpa
Namespace:vpa
Spec:
Resource Policy:
Container Policies:
Container Name:nginx
Max Allowed:
Cpu:2000m
Memory:2048Mi
Min Allowed:
Cpu:250m
Memory:100Mi
Target Ref:
API Version:apps/v1
Kind:Deployment
Name:nginx
Update Policy:
Update Mode:Off
Status:
Conditions:
Last Transition Time:2021-07-09T09:59:50Z
Status:True
Type:RecommendationProvided
Recommendation:
Container Recommendations:
Container Name:nginx
Lower Bound:
Cpu:250m
Memory:262144k
Target:
Cpu:250m
Memory:262144k
Uncapped Target:
Cpu:25m
Memory:262144k
Upper Bound:
Cpu:670m
Memory:700542995
其中:
Lower Bound:下限值
Target:推荐值
Upper Bound:上限值
Uncapped Target:如果没有为VPA提供最小或最大边界,则表示目标利用率
上述结果表明,推荐的Pod的CPU请求为25m,推荐的内存请求为262144k字节。
6、现在对Nginx进行压测
执行压测命令:
[root@VM-10-48-centos ~]# ab -c 100 -n 10000000 http://10.1.2.16:30895/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking 10.1.2.16 (be patient)Completed 1000000 requests
Completed 2000000 requests
Completed 3000000 requests
7、几分钟后再观察VPA Recommendation变化
[root@VM-10-48-centos ~]# kubectl describe vpa -n vpa nginx-vpa | tail -n 20
Conditions:
Last Transition Time:2021-07-09T09:59:50Z
Status:True
Type:RecommendationProvided
Recommendation:
Container Recommendations:
Container Name:nginx
Lower Bound:
Cpu:250m
Memory:262144k
Target:
Cpu:1643m
Memory:262144k
Uncapped Target:
Cpu:1643m
Memory:262144k
Upper Bound:
Cpu:2
Memory:562581530
Events:
从输出信息可以看出,VPA对Pod给出了推荐值:Cpu: 1643m,因为我们这里设置了updateMode: " Off" ,所以不会更新Pod。
updateMode: Auto
1、把updateMode: “Auto”,看看VPA会有什么动作
这里把resources改为:memory: 50Mi,cpu: 100m
[root@VM-10-48-centos ~]# kubectl get po -n vpa
NAMEREADYSTATUSRESTARTSAGE
nginx-5594c66dc6-lzs671/1Running026s
nginx-5594c66dc6-zk6h91/1Running021s
2、再次部署VPA,这里VPA部署文件nginx-vpa-demo.yaml只改了updateMode: "Auto"
[root@k8s-node001 examples]# catnginx-vpa-demo.yaml
apiVersion: autoscaling.k8s.io/v1beta2
kind: VerticalPodAutoscaler
metadata:
name: nginx-vpa-2
namespace: vpa
spec:
targetRef:
apiVersion: "apps/v1"
kind: Deployment
name: nginx
updatePolicy:
updateMode: "Auto"
resourcePolicy:
containerPolicies:
- containerName: "nginx"
minAllowed:
cpu: "250m"
memory: "100Mi"
maxAllowed:
cpu: "2000m"
memory: "2048Mi"
3、再次压测
[root@VM-10-48-centos ~]# ab -c 100 -n 10000000 http://10.1.2.16:30895/
4、几分钟后,使用describe查看vpa详情,同样只关注Container Recommendations
[root@VM-10-48-centos ~]# kubectl describe vpa nginx-vpa-n vpa | tail -n 20
Conditions:
Last Transition Time:2021-07-09T09:59:50Z
Status:True
Type:RecommendationProvided
Recommendation:
Container Recommendations:
Container Name:nginx
Lower Bound:
Cpu:250m
Memory:262144k
Target:
Cpu:1643m
Memory:262144k
Uncapped Target:
Cpu:1643m
Memory:262144k
Upper Bound:
Cpu:2
Memory:511550327
Events:
Target变成了Cpu:1643m ,Memory:262144k。
5、来看下event事件
[root@VM-10-48-centos ~]# kubectl get event -n vpa
LAST SEENTYPEREASONOBJECTMESSAGE
38sNormalScheduledpod/nginx-5594c66dc6-d8d6hSuccessfully assigned vpa/nginx-5594c66dc6-d8d6h to 10.1.2.16
38sNormalPullingpod/nginx-5594c66dc6-d8d6hPulling image "nginx"
37sNormalPulledpod/nginx-5594c66dc6-d8d6hSuccessfully pulled image "nginx"
37sNormalCreatedpod/nginx-5594c66dc6-d8d6hCreated container nginx
37sNormalStartedpod/nginx-5594c66dc6-d8d6hStarted container nginx
3m10sNormalScheduledpod/nginx-5594c66dc6-lzs67Successfully assigned vpa/nginx-5594c66dc6-lzs67 to 10.1.2.15
3m9sNormalPullingpod/nginx-5594c66dc6-lzs67Pulling image "nginx"
3m5sNormalPulledpod/nginx-5594c66dc6-lzs67Successfully pulled image "nginx"
3m5sNormalCreatedpod/nginx-5594c66dc6-lzs67Created container nginx
3m5sNormalStartedpod/nginx-5594c66dc6-lzs67Started container nginx
99sNormalEvictedByVPApod/nginx-5594c66dc6-lzs67Pod was evicted by VPA Updater to apply resource recommendation.
99sNormalKillingpod/nginx-5594c66dc6-lzs67Stopping container nginx
98sNormalScheduledpod/nginx-5594c66dc6-tdmnhSuccessfully assigned vpa/nginx-5594c66dc6-tdmnh to 10.1.2.15
98sNormalPullingpod/nginx-5594c66dc6-tdmnhPulling image "nginx"
97sNormalPulledpod/nginx-5594c66dc6-tdmnhSuccessfully pulled image "nginx"
97sNormalCreatedpod/nginx-5594c66dc6-tdmnhCreated container nginx
97sNormalStartedpod/nginx-5594c66dc6-tdmnhStarted container nginx
3m5sNormalScheduledpod/nginx-5594c66dc6-zk6h9Successfully assigned vpa/nginx-5594c66dc6-zk6h9 to 10.1.2.17
3m4sNormalPullingpod/nginx-5594c66dc6-zk6h9Pulling image "nginx"
3mNormalPulledpod/nginx-5594c66dc6-zk6h9Successfully pulled image "nginx"
2m59sNormalCreatedpod/nginx-5594c66dc6-zk6h9Created container nginx
2m59sNormalStartedpod/nginx-5594c66dc6-zk6h9Started container nginx
39sNormalEvictedByVPApod/nginx-5594c66dc6-zk6h9Pod was evicted by VPA Updater to apply resource recommendation.
39sNormalKillingpod/nginx-5594c66dc6-zk6h9Stopping container nginx
3m10sNormalSuccessfulCreatereplicaset/nginx-5594c66dc6Created pod: nginx-5594c66dc6-lzs67
3m5sNormalSuccessfulCreatereplicaset/nginx-5594c66dc6Created pod: nginx-5594c66dc6-zk6h9
99sNormalSuccessfulCreatereplicaset/nginx-5594c66dc6Created pod: nginx-5594c66dc6-tdmnh
38sNormalSuccessfulCreatereplicaset/nginx-5594c66dc6Created pod: nginx-5594c66dc6-d8d6h
35mNormalScheduledpod/nginx-59fdffd754-cb5dnSuccessfully assigned vpa/nginx-59fdffd754-cb5dn to 10.1.2.16
35mNormalPullingpod/nginx-59fdffd754-cb5dnPulling image "nginx"
35mNormalPulledpod/nginx-59fdffd754-cb5dnSuccessfully pulled image "nginx"
35mNormalCreatedpod/nginx-59fdffd754-cb5dnCreated container nginx
35mNormalStartedpod/nginx-59fdffd754-cb5dnStarted container nginx
3m5sNormalKillingpod/nginx-59fdffd754-cb5dnStopping container nginx
35mNormalScheduledpod/nginx-59fdffd754-cw8d7Successfully assigned vpa/nginx-59fdffd754-cw8d7 to 10.1.2.16
35mNormalPullingpod/nginx-59fdffd754-cw8d7Pulling image "nginx"
35mNormalPulledpod/nginx-59fdffd754-cw8d7Successfully pulled image "nginx"
35mNormalCreatedpod/nginx-59fdffd754-cw8d7Created container nginx
35mNormalStartedpod/nginx-59fdffd754-cw8d7Started container nginx
2m58sNormalKillingpod/nginx-59fdffd754-cw8d7Stopping container nginx
35mNormalSuccessfulCreatereplicaset/nginx-59fdffd754Created pod: nginx-59fdffd754-cw8d7
35mNormalSuccessfulCreatereplicaset/nginx-59fdffd754Created pod: nginx-59fdffd754-cb5dn
3m5sNormalSuccessfulDeletereplicaset/nginx-59fdffd754Deleted pod: nginx-59fdffd754-cb5dn
2m58sNormalSuccessfulDeletereplicaset/nginx-59fdffd754Deleted pod: nginx-59fdffd754-cw8d7
35mNormalScalingReplicaSetdeployment/nginxScaled up replica set nginx-59fdffd754 to 2
34mNormalEnsuringServiceservice/nginxDeleted Loadbalancer
34mNormalEnsureServiceSuccessservice/nginxService Sync Success. RetrunCode: S2000
3m10sNormalScalingReplicaSetdeployment/nginxScaled up replica set nginx-5594c66dc6 to 1
3m5sNormalScalingReplicaSetdeployment/nginxScaled down replica set nginx-59fdffd754 to 1
3m5sNormalScalingReplicaSetdeployment/nginxScaled up replica set nginx-5594c66dc6 to 2
2m58sNormalScalingReplicaSetdeployment/nginxScaled down replica set nginx-59fdffd754 to 0
从输出信息可以了解到,VPA执行了EvictedByVPA,自动停掉了Nginx,然后使用 VPA推荐的资源启动了新的Nginx,我们查看下Nginx的Pod可以得到确认。
[root@VM-10-48-centos ~]# kubectl describe po -n vpa nginx-5594c66dc6-d8d6h
Name:nginx-5594c66dc6-d8d6h
Namespace:vpa
Priority:0
Node:10.1.2.16/10.1.2.16
Start Time:Fri, 09 Jul 2021 18:09:26 +0800
Labels:app=nginx
pod-template-hash=5594c66dc6
Annotations:tke.cloud.tencent.com/networks-status:
[{
"name": "tke-bridge",
"interface": "eth0",
"ips": [
"10.252.1.50"
],
"mac": "e6:38:26:0b:c5:97",
"default": true,
"dns": {}
}]
vpaObservedContainers: nginx
vpaUpdates: Pod resources updated by nginx-vpa: container 0: cpu request, memory request
Status:Running
IP:10.252.1.50
IPs:
IP:10.252.1.50
Controlled By:ReplicaSet/nginx-5594c66dc6
Containers:
nginx:
Container ID:docker://42e45f5f122ba658e293395d78a073cfe51534c773f9419a179830fd6d1698ea
Image:nginx
Image ID:docker-pullable://nginx@sha256:8df46d7414eda82c2a8c9c50926545293811ae59f977825845dda7d558b4125b
Port:
Host Port:
State:Running
Started:Fri, 09 Jul 2021 18:09:27 +0800
Ready:True
Restart Count:0
Requests:
cpu:1643m
memory:262144k
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-m2j2z (ro)
看重点Requests:cpu: 1643m,memory: 262144k
再回头看看部署文件:
requests:
cpu: 100m
memory: 50Mi
现在可以知道VPA做了哪些事了吧。当然,随着服务的负载的变化,VPA的推荐之也会不断变化。当目前运行的pod的资源达不到VPA的推荐值,就会执行pod驱逐,重新部署新的足够资源的服务。
VPA使用限制
- 不能与HPA(Horizontal Pod Autoscaler)一起使用
- Pod比如使用副本控制器,例如属于Deployment或者StatefulSet
- Pod资源用其所需,所以集群节点使用效率高。
- Pod会被安排到具有适当可用资源的节点上。
- 不必运行基准测试任务来确定CPU和内存请求的合适值。
- VPA可以随时调整CPU和内存请求,无需人为操作,因此可以减少维护时间。
Kubernetes管理员(CKA)培训
文章图片
本次培训在上海开班,基于最新考纲,通过线下授课、考题解读、模拟演练等方式,帮助学员快速掌握Kubernetes的理论知识和专业技能,并针对考试做特别强化训练,让学员能从容面对CKA认证考试,使学员既能掌握Kubernetes相关知识,又能通过CKA认证考试,学员可多次参加培训,直到通过认证。点击下方图片或者阅读原文链接查看详情。
【docker|Kubernetes Pod垂直自动伸缩】
文章图片
推荐阅读
- Docker应用:容器间通信与Mariadb数据库主从复制
- federation--kubernetes集群联邦的实现
- docker镜像探索----dive工具
- gem|gem & pod 记录
- 工程中屏蔽CocoaPods里的警告
- 如何在Kubernetes|如何在Kubernetes 里添加自定义的 API 对象(一)
- 个人日记|K8s中Pod生命周期和重启策略
- weex|weex run ios 报错 /bin/sh: pod: command not found 解决方案
- 02|02|简单使用Docker命令
- 进阶-pod|进阶-pod 私有库命令