Kubernetes 与容器编排最佳实践

Kubernetes 与容器编排最佳实践

一、前言

哥们，别整那些花里胡哨的。容器编排是 Kubernetes 的核心功能，今天直接上硬货，教你如何在 Kubernetes 中实现高效的容器编排。

二、容器编排模式

三、实战配置

1. Deployment 配置

apiVersion: apps/v1 kind: Deployment metadata: name: app namespace: default spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: app template: metadata: labels: app: app spec: containers: - name: app image: nginx:latest resources: requests: cpu: "200m" memory: "256Mi" limits: cpu: "500m" memory: "512Mi" ports: - containerPort: 80 readinessProbe: httpGet: path: / port: 80 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: / port: 80 initialDelaySeconds: 15 periodSeconds: 20

2. StatefulSet 配置

apiVersion: apps/v1 kind: StatefulSet metadata: name: database namespace: default spec: serviceName: database replicas: 3 selector: matchLabels: app: database template: metadata: labels: app: database spec: containers: - name: database image: postgres:14 env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-secret key: password volumeMounts: - name: data mountPath: /var/lib/postgresql/data volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 50Gi storageClassName: high-performance

3. DaemonSet 配置

apiVersion: apps/v1 kind: DaemonSet metadata: name: node-exporter namespace: monitoring spec: selector: matchLabels: app: node-exporter template: metadata: labels: app: node-exporter spec: containers: - name: node-exporter image: prom/node-exporter:latest ports: - containerPort: 9100 resources: requests: cpu: "100m" memory: "128Mi" limits: cpu: "200m" memory: "256Mi" tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule

4. Job 配置

apiVersion: batch/v1 kind: Job metadata: name:>apiVersion: v1 kind: ResourceQuota metadata: name: default-quota namespace: default spec: hard: requests.cpu: "10" requests.memory: "20Gi" limits.cpu: "20" limits.memory: "40Gi" pods: "50" --- apiVersion: v1 kind: LimitRange metadata: name: default-limits namespace: default spec: limits: - default: cpu: "500m" memory: "1Gi" defaultRequest: cpu: "200m" memory: "256Mi" type: Container

2. 调度策略

apiVersion: apps/v1 kind: Deployment metadata: name: app namespace: default spec: replicas: 3 selector: matchLabels: app: app template: metadata: labels: app: app spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - app topologyKey: kubernetes.io/hostname nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: type operator: In values: - worker containers: - name: app image: nginx:latest resources: requests: cpu: "200m" memory: "256Mi" limits: cpu: "500m" memory: "512Mi" ports: - containerPort: 80

3. 健康检查

apiVersion: apps/v1 kind: Deployment metadata: name: app namespace: default spec: replicas: 3 selector: matchLabels: app: app template: metadata: labels: app: app spec: containers: - name: app image: nginx:latest ports: - containerPort: 80 readinessProbe: httpGet: path: /health port: 80 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 livenessProbe: httpGet: path: /health port: 80 initialDelaySeconds: 15 periodSeconds: 20 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 startupProbe: httpGet: path: /health port: 80 initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 30

五、常见问题

1. 容器启动失败

解决方案：

1. 检查镜像是否存在
2. 验证容器配置
3. 查看容器日志

2. 资源竞争

解决方案：

1. 配置合理的资源请求和限制
2. 使用资源配额
3. 优化调度策略

3. 健康检查失败

解决方案：

1. 调整健康检查参数
2. 优化应用代码
3. 增加初始延迟时间

六、最佳实践总结

1. 选择合适的编排模式：根据应用类型选择合适的编排模式
2. 资源管理：合理配置资源请求和限制
3. 调度策略：优化 Pod 调度策略，提高资源利用率
4. 健康检查：配置适当的健康检查参数
5. 滚动更新：使用 RollingUpdate 策略，减少服务中断
6. 监控告警：配置容器编排相关的监控和告警

七、总结

Kubernetes 容器编排是现代应用部署的核心。按照本文的最佳实践，你可以构建一个高效、可靠的容器编排系统，炸了！