概念解析
Deployment是Kubernetes中用於管理Pod和ReplicaSet的高級抽象。它提供了聲明式的更新能力,允許用户描述應用程序的期望狀態,Kubernetes會自動將實際狀態轉變為期望狀態。
核心概念
- 聲明式管理:用户只需聲明應用程序的期望狀態,Deployment控制器會自動維護該狀態。
- 滾動更新:支持零停機時間的應用程序更新,逐步替換舊Pod。
- 回滾機制:可以輕鬆回滾到之前的版本。
- 擴縮容:可以動態調整應用程序的副本數量。
Deployment與相關資源的關係
- Deployment:管理ReplicaSet的期望狀態
- ReplicaSet:確保指定數量的Pod副本在運行
- Pod:實際運行應用程序的最小單元
核心特性
- Pod管理:自動創建和管理Pod副本
- 滾動更新:支持漸進式更新,確保服務不中斷
- 版本控制:記錄每次更新的歷史版本
- 回滾能力:可以回滾到任意歷史版本
- 擴縮容:動態調整副本數量
- 健康檢查:集成Pod的健康檢查機制
- 標籤選擇:通過標籤選擇器管理Pod
實踐教程
創建基本Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
創建Deployment:
kubectl apply -f nginx-deployment.yaml
更新Deployment
# 更新鏡像版本
kubectl set image deployment/nginx-deployment nginx=nginx:1.15.2
# 或者通過編輯Deployment配置
kubectl edit deployment/nginx-deployment
擴縮容Deployment
# 擴展到5個副本
kubectl scale deployment/nginx-deployment --replicas=5
# 縮減到2個副本
kubectl scale deployment/nginx-deployment --replicas=2
回滾Deployment
# 查看更新歷史
kubectl rollout history deployment/nginx-deployment
# 回滾到上一個版本
kubectl rollout undo deployment/nginx-deployment
# 回滾到指定版本
kubectl rollout undo deployment/nginx-deployment --to-revision=2
真實案例
案例:電商平台的商品服務部署
某電商平台的商品服務需要保證高可用性和無縫更新。使用Deployment可以很好地滿足這些需求:
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
labels:
app: product-service
version: v1.2.0
spec:
replicas: 5
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: product-service
template:
metadata:
labels:
app: product-service
version: v1.2.0
spec:
containers:
- name: product-service
image: ecommerce/product-service:v1.2.0
ports:
- containerPort: 8080
env:
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: product-db-config
key: host
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: product-db-secret
key: password
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
部署策略説明:
maxSurge: 1:更新過程中最多可以創建1個額外的PodmaxUnavailable: 0:更新過程中不能有不可用的Pod- 這種配置確保了更新過程中始終有5個Pod在運行
配置詳解
Deployment策略配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: strategy-demo
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
selector:
matchLabels:
app: strategy-demo
template:
metadata:
labels:
app: strategy-demo
spec:
containers:
- name: app
image: nginx:1.14.2
Deployment生命週期配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: lifecycle-demo
spec:
replicas: 3
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
selector:
matchLabels:
app: lifecycle-demo
template:
metadata:
labels:
app: lifecycle-demo
spec:
containers:
- name: app
image: nginx:1.14.2
多容器Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: multi-container-deploy
spec:
replicas: 2
selector:
matchLabels:
app: multi-container-app
template:
metadata:
labels:
app: multi-container-app
spec:
containers:
- name: web
image: nginx
ports:
- containerPort: 80
- name: sidecar
image: busybox
command: ['sh', '-c']
args:
- while true; do
echo "$(date) Log entry" >> /var/log/app.log;
sleep 30;
done
volumeMounts:
- name: shared-data
mountPath: /var/log
volumes:
- name: shared-data
emptyDir: {}
故障排除
常見問題及解決方案
-
Deployment卡在更新狀態
# 查看Deployment狀態 kubectl describe deployment <deployment-name> # 查看相關ReplicaSet kubectl get rs -l app=<app-label> # 強制重啓Deployment kubectl rollout restart deployment/<deployment-name> -
Pod無法啓動
# 查看Pod狀態 kubectl get pods -l app=<app-label> # 查看Pod詳細信息 kubectl describe pod <pod-name> # 查看Pod日誌 kubectl logs <pod-name> -
更新失敗
# 查看更新狀態 kubectl rollout status deployment/<deployment-name> # 查看更新歷史 kubectl rollout history deployment/<deployment-name> # 回滾到上一版本 kubectl rollout undo deployment/<deployment-name> -
資源不足
# 檢查節點資源 kubectl top nodes # 檢查Pod資源使用 kubectl top pods -l app=<app-label> # 檢查資源配額 kubectl describe quota
最佳實踐
-
標籤管理:
- 使用一致的標籤命名規範
- 為Deployment、ReplicaSet、Pod設置有意義的標籤
-
資源配置:
- 為所有容器設置requests和limits
- 根據實際負載調整資源配額
-
健康檢查:
- 配置合適的liveness和readiness探針
- 設置合理的initialDelaySeconds
-
更新策略:
- 生產環境使用RollingUpdate策略
- 合理設置maxSurge和maxUnavailable參數
-
版本控制:
- 使用鏡像標籤管理版本
- 保留足夠的revisionHistoryLimit
-
監控和日誌:
- 集成監控系統
- 統一日誌收集方案
安全考慮
安全的Deployment配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: secure-app
spec:
replicas: 3
selector:
matchLabels:
app: secure-app
template:
metadata:
labels:
app: secure-app
spec:
securityContext:
runAsNonRoot: true
runAsUser: 10001
fsGroup: 20001
containers:
- name: app
image: my-secure-app:1.0.0
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
resources:
requests:
memory: "64Mi"
cpu: "100m"
limits:
memory: "128Mi"
cpu: "200m"
使用Pod安全策略
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
命令速查
| 命令 | 描述 |
|---|---|
kubectl get deployments |
查看Deployment列表 |
kubectl describe deployment <name> |
查看Deployment詳細信息 |
kubectl apply -f <deployment.yaml> |
創建或更新Deployment |
kubectl delete deployment <name> |
刪除Deployment |
kubectl scale deployment <name> --replicas=<num> |
擴縮容Deployment |
kubectl set image deployment/<name> <container>=<image> |
更新Deployment鏡像 |
kubectl rollout status deployment/<name> |
查看Deployment更新狀態 |
kubectl rollout history deployment/<name> |
查看Deployment更新歷史 |
kubectl rollout undo deployment/<name> |
回滾Deployment |
kubectl rollout restart deployment/<name> |
重啓Deployment |
總結
Deployment是Kubernetes中最重要的工作負載資源之一,它簡化了應用程序的部署、更新和管理。通過本文檔的學習,你應該能夠:
- 理解Deployment的概念和工作機制
- 創建和管理Deployment
- 執行滾動更新和回滾操作
- 配置合適的更新策略和健康檢查
- 排查常見的Deployment問題
- 遵循Deployment的最佳實踐和安全考慮
在下一文檔中,我們將學習Service服務發現機制,它是實現服務間通信的關鍵組件。