YurtAppDaemon

背景介绍

在边缘场景中,来自同一区域的边缘节点被分配到同一个节点池中,此时,一般需要在节点池维度部署一些系统组件,例如CoreDNS。 创建节点池时,我们希望自动创建这些系统组件,而无需任何手动操作。

YurtAppDaemon 确保所有或部分节点池以 Deployment 或 StatefulSet 作为模板运行副本。 随着节点池的创建,这些子部署或状态集也被添加到集群中,子部署或状态集的创建/更新由 YurtAppDaemon 控制器实现。 这些子 Deployments 或 Statefulsets 将在节点池 从集群中移除时被回收,删除 YurtAppDaemon CR 将清理它创建的 Deployments 或 StatefulSets。 YurtAppDaemon 的行为类似于 K8S Daemonset,不同之处在于 YurtAppDaemon 从节点池维度自动创建 K8S 工作负载。

img

用户使用:

  • 创建test1节点池
  1. cat <<EOF | kubectl apply -f -
  4. apiVersion: apps.openyurt.io/v1alpha1
  5. kind: NodePool
  6. metadata:
  7.   name: test1
  8. spec:
  9.   selector:
  10.     matchLabels:
  11.       apps.openyurt.io/nodepool: test1
  12.   type: Edge
  15. EOF
  • 创建test2节点池
  1. cat <<EOF | kubectl apply -f -
  3. apiVersion: apps.openyurt.io/v1alpha1
  4. kind: NodePool
  5. metadata:
  6.   name: test2
  7. spec:
  8.   selector:
  9.     matchLabels:
  10.       apps.openyurt.io/nodepool: test2
  11.   type: Edge
  13. EOF
  • 将节点加入到节点池
  1.  kubectl label node cn-beijing.172.23.142.31 apps.openyurt.io/desired-nodepool=test1
  2.  kubectl label node cn-beijing.172.23.142.32 apps.openyurt.io/desired-nodepool=test1
  4.  kubectl label node cn-beijing.172.23.142.34 apps.openyurt.io/desired-nodepool=test2
  5.  kubectl label node cn-beijing.172.23.142.35 apps.openyurt.io/desired-nodepool=test2
  • 创建YurtAppDaemon
  1. cat <<EOF | kubectl apply -f -
  3. apiVersion: apps.openyurt.io/v1alpha1
  4. kind: YurtAppDaemon
  5. metadata:
  6.   name: daemon-1
  7.   namespace: default
  8. spec:
  9.   selector:
  10.     matchLabels:
  11.       app: daemon-1
  13.   workloadTemplate:
  14.     deploymentTemplate:
  15.       metadata:
  16.         labels:
  17.           app: daemon-1
  18.       spec:
  19.         replicas: 1
  20.         selector:
  21.           matchLabels:
  22.             app: daemon-1
  23.         template:
  24.           metadata:
  25.             labels:
  26.               app: daemon-1
  27.           spec:
  28.             containers:
  29.             - image: nginx:1.18.0
  30.               imagePullPolicy: Always
  31.               name: nginx
  32.   nodepoolSelector:
  33.     matchLabels:
  34.       yurtappdaemon.openyurt.io/type: "nginx"
  36. EOF
  • 为test1节点池打标签
  1. kubectl label np test1 yurtappdaemon.openyurt.io/type=nginx
  3. # Check the Deployment
  4. kubectl get deployments.apps
  6. # Check the Deployment nodeselector
  8. # Check the Pod
  • 为test2节点池打标签
  1. kubectl label np test2 yurtappdaemon.openyurt.io/type=nginx
  3. # Check the Deployment
  4. kubectl get deployments.apps
  6. # Check the Deployment nodeselector
  8. # Check the Pod
  • 改变YurtAppDaemon
  1. # Change yurtappdaemon workloadTemplate replicas to 2
  3. # Change yurtappdaemon workloadTemplate image to nginx:1.19.0
  5. # Check the Pod
  • 移除节点池标签
  1. # Remove the nodepool test1 label
  2. kubectl label np test1 yurtappdaemon.openyurt.io/type-
  4. # Check the Deployment
  6. # Check the Pod
  8. # Remove the nodepool test2 label
  9. kubectl label np test2 yurtappdaemon.openyurt.io/type-
  11. # Check the Deployment
  13. # Check the Pod1

coredns单元化部署案例

在openyurt里使用YurtAppDaemon+服务拓扑解决dns解析问题

  • 创建节点池
  1. cat <<EOF | kubectl apply -f -
  4. apiVersion: apps.openyurt.io/v1alpha1
  5. kind: NodePool
  6. metadata:
  7.   name: hangzhou
  8. spec:
  9.   selector:
  10.     matchLabels:
  11.       apps.openyurt.io/nodepool: hangzhou
  12.   taints:
  13.     - effect: NoSchedule
  14.       key: node-role.openyurt.io/edge
  15.   type: Edge
  18. EOF
  • 节点池增加标签
  1. kubectl label np hangzhou yurtappdaemon.openyurt.io/type=coredns
  • 部署coredns
  1. cat <<EOF | kubectl apply -f -
  4. apiVersion: apps.openyurt.io/v1alpha1
  5. kind: YurtAppDaemon
  6. metadata:
  7.   name: coredns
  8.   namespace: kube-system
  9. spec:
  10.   selector:
  11.     matchLabels:
  12.        k8s-app: kube-dns
  13.   workloadTemplate:
  14.     deploymentTemplate:
  15.       metadata:
  16.         labels:
  17.           k8s-app: kube-dns
  18.       spec:
  19.         replicas: 2
  20.         selector:
  21.           matchLabels:
  22.             k8s-app: kube-dns
  23.         template:
  24.           metadata:
  25.             labels:
  26.               k8s-app: kube-dns
  27.           spec:
  28.             volumes:
  29.             - name: config-volume
  30.               configMap:
  31.                name: coredns
  32.                items:
  33.                - key: Corefile
  34.                  path: Corefile
  35.                  name: coredns
  36.             dnsPolicy: Default
  37.             serviceAccount: coredns
  38.             serviceAccountName: coredns
  39.             containers:
  40.             - args:
  41.               - -conf
  42.               - /etc/coredns/Corefile
  43.               image: k8s.gcr.io/coredns:1.6.7
  44.               imagePullPolicy: IfNotPresent
  45.               name: coredns
  46.               resources:
  47.                 limits:
  48.                   memory: 170Mi
  49.                 requests:
  50.                   cpu: 100m
  51.                   memory: 70Mi
  52.               securityContext:
  53.                 allowPrivilegeEscalation: false
  54.                 capabilities:
  55.                   add:
  56.                   - NET_BIND_SERVICE
  57.                   drop:
  58.                   - all
  59.                 readOnlyRootFilesystem: true        
  60.               livenessProbe:
  61.                 failureThreshold: 5
  62.                 httpGet:
  63.                   path: /health
  64.                   port: 8080
  65.                   scheme: HTTP
  66.                 initialDelaySeconds: 60
  67.                 periodSeconds: 10
  68.                 successThreshold: 1
  69.                 timeoutSeconds: 5  
  70.               volumeMounts:
  71.               - mountPath: /etc/coredns
  72.                 name: config-volume
  73.                 readOnly: true
  74.   nodepoolSelector:
  75.     matchLabels:
  76.       yurtappdaemon.openyurt.io/type: "coredns"
  78. ---
  79. apiVersion: v1
  80. kind: Service
  81. metadata:
  82.   namespace: kube-system
  83.   annotations:
  84.     prometheus.io/port: "9153"
  85.     prometheus.io/scrape: "true"
  86.     openyurt.io/topologyKeys: openyurt.io/nodepool
  87.   labels:
  88.     k8s-app: kube-dns
  89.     kubernetes.io/cluster-service: "true"
  90.     kubernetes.io/name: KubeDNS
  91.   name: kube-dns
  92. spec:
  93.   clusterIP: __kubernetes-coredns-ip__  ##修改为kubernetes dns service ip
  94.   ports:
  95.   - name: dns
  96.     port: 53
  97.     protocol: UDP
  98.     targetPort: 53
  99.   - name: dns-tcp
  100.     port: 53
  101.     protocol: TCP
  102.     targetPort: 53
  103.   - name: metrics
  104.     port: 9153
  105.     protocol: TCP
  106.     targetPort: 9153
  107.   selector:
  108.     k8s-app: kube-dns
  109.   sessionAffinity: None
  110.   type: ClusterIP   
  111. ---
  112. apiVersion: v1
  113. data:
  114.   Corefile: |
  115.     .:53 {
  116.         errors
  117.         health {
  118.            lameduck 5s
  119.         }
  120.         ready
  121.         kubernetes cluster.local in-addr.arpa ip6.arpa {
  122.            pods insecure
  123.            fallthrough in-addr.arpa ip6.arpa
  124.            ttl 30
  125.         }
  126.         prometheus :9153
  127.         forward . /etc/resolv.conf
  128.         cache 30
  129.         loop
  130.         reload
  131.         loadbalance
  132.     }
  133. kind: ConfigMap
  134. metadata:
  135.   name: coredns
  136.   namespace: kube-system
  137. ---
  138. apiVersion: v1
  139. kind: ServiceAccount
  140. metadata:
  141.   name: coredns
  142.   namespace: kube-system
  143.   labels:
  144.       kubernetes.io/cluster-service: "true"
  145.       addonmanager.kubernetes.io/mode: Reconcile
  146. ---
  147. apiVersion: rbac.authorization.k8s.io/v1
  148. kind: ClusterRole
  149. metadata:
  150.   labels:
  151.     kubernetes.io/bootstrapping: rbac-defaults
  152.     addonmanager.kubernetes.io/mode: Reconcile
  153.   name: system:coredns
  154. rules:
  155. - apiGroups:
  156.   - ""
  157.   resources:
  158.   - endpoints
  159.   - services
  160.   - pods
  161.   - namespaces
  162.   verbs:
  163.   - list
  164.   - watch
  165. - apiGroups:
  166.   - ""
  167.   resources:
  168.   - nodes
  169.   verbs:
  170.   - get
  171. ---
  172. apiVersion: rbac.authorization.k8s.io/v1
  173. kind: ClusterRoleBinding
  174. metadata:
  175.   annotations:
  176.     rbac.authorization.kubernetes.io/autoupdate: "true"
  177.   labels:
  178.     kubernetes.io/bootstrapping: rbac-defaults
  179.     addonmanager.kubernetes.io/mode: EnsureExists
  180.   name: system:coredns
  181. roleRef:
  182.   apiGroup: rbac.authorization.k8s.io
  183.   kind: ClusterRole
  184.   name: system:coredns
  185. subjects:
  186. - kind: ServiceAccount
  187.   name: coredns
  188.   namespace: kube-system
  191. EOF