在 Kubernetes 集群中,DNS 服务是一个重要的组件,它负责将域名解析为相应的 IP 地址。随着集群规模的扩大,DNS 服务的负载也会相应增加,因此需要启用和配置 DNS 服务的自动扩缩功能,以确保其性能和可靠性。本教程将介绍如何在 Kubernetes 集群中启用和配置 DNS 服务的自动扩缩功能。
一、准备
1、必须拥有一个 Kubernetes 的集群,同时必须配置 kubectl 命令行工具与集群通信。 建议在至少有两个不作为控制平面主机的节点的集群上运行本教程。 如果还没有集群,可以通过 Minikube 构建一个自己的集群,或者可以使用下面的 Kubernetes 练习环境之一:
- Killercoda
- 玩转 Kubernetes
2、要获知版本信息,请输入 kubectl version;
3、节点要使用 AMD64 或 Intel 64 CPU 架构;
4、确保 Kubernetes DNS 已启用。
二、DNS水平自动扩缩特性
确定是否 DNS 水平自动扩缩特性已经启用,在 kube-system 命名空间中列出集群中的 Deployment:
kubectl get deployment --namespace=kube-system
kubectl get deployment --namespace=kube-system
kubectl get deployment --namespace=kube-system
输出类似如下这样:
<code>NAME READY UP-TO-DATE AVAILABLE AGE
...
dns-autoscaler 1/1 1 1 ...
...</code>
<code>NAME READY UP-TO-DATE AVAILABLE AGE
...
dns-autoscaler 1/1 1 1 ...
...</code>
NAME READY UP-TO-DATE AVAILABLE AGE
...
dns-autoscaler 1/1 1 1 ...
...三、获取DNS Deployment名称
列出集群内 kube-system 命名空间中的 DNS Deployment:
kubectl get deployment -l k8s-app=kube-dns --namespace=kube-system
kubectl get deployment -l k8s-app=kube-dns --namespace=kube-system
kubectl get deployment -l k8s-app=kube-dns --namespace=kube-system
输出类似如下这样:
<code>NAME READY UP-TO-DATE AVAILABLE AGE
...
coredns 2/2 2 2 ...
...</code>
<code>NAME READY UP-TO-DATE AVAILABLE AGE
...
coredns 2/2 2 2 ...
...</code>
NAME READY UP-TO-DATE AVAILABLE AGE
...
coredns 2/2 2 2 ...
...如果看不到 DNS 服务的 Deployment,也可以通过名字来查找:
kubectl get deployment --namespace=kube-system
kubectl get deployment --namespace=kube-system
kubectl get deployment --namespace=kube-system
并在输出中寻找名称为 coredns 或 kube-dns 的 Deployment。
扩缩目标为:
Deployment/<your-deployment-name>
Deployment/<your-deployment-name>
Deployment/<your-deployment-name>
其中 <your-deployment-name> 是 DNS Deployment 的名称。 例如,如果 DNS Deployment 名称是 coredns,则扩展目标是 Deployment/coredns。
CoreDNS 是 Kubernetes 的默认 DNS 服务。CoreDNS 设置标签 k8s-app=kube-dns, 以便能够在原来使用 kube-dns 的集群中工作。
四、启用DNS水平自动扩缩
创建一个新的 Deployment,Deployment 中的 Pod 运行一个基于 cluster-proportional-autoscaler-amd64 镜像的容器。创建文件 dns-horizontal-autoscaler.yaml,内容如下所示:
<code class="language-yaml" data-lang="yaml">kind: ServiceAccount
apiVersion: v1
metadata:
name: kube-dns-autoscaler
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-dns-autoscaler
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["replicationcontrollers/scale"]
verbs: ["get", "update"]
- apiGroups: ["apps"]
resources: ["deployments/scale", "replicasets/scale"]
verbs: ["get", "update"]
# 待以下 issue 修复后,请删除 Configmaps
# kubernetes-incubator/cluster-proportional-autoscaler#16
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-dns-autoscaler
subjects:
- kind: ServiceAccount
name: kube-dns-autoscaler
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:kube-dns-autoscaler
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-dns-autoscaler
namespace: kube-system
labels:
k8s-app: kube-dns-autoscaler
kubernetes.io/cluster-service: "true"
spec:
selector:
matchLabels:
k8s-app: kube-dns-autoscaler
template:
metadata:
labels:
k8s-app: kube-dns-autoscaler
spec:
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534
nodeSelector:
kubernetes.io/os: linux
containers:
- name: autoscaler
image: registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.4
resources:
requests:
cpu: "20m"
memory: "10Mi"
command:
- /cluster-proportional-autoscaler
- --namespace=kube-system
- --configmap=kube-dns-autoscaler
# 应该保持目标与 cluster/addons/dns/kube-dns.yaml.base 同步。
- --target=<SCALE_TARGET>
# 当集群使用大节点(有更多核)时,“coresPerReplica”应该占主导地位。
# 如果使用小节点,“nodesPerReplica“ 应该占主导地位。
- --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true,"includeUnschedulableNodes":true}}
- --logtostderr=true
- --v=2
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
serviceAccountName: kube-dns-autoscaler
<code class="language-yaml" data-lang="yaml">kind: ServiceAccount
apiVersion: v1
metadata:
name: kube-dns-autoscaler
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-dns-autoscaler
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["replicationcontrollers/scale"]
verbs: ["get", "update"]
- apiGroups: ["apps"]
resources: ["deployments/scale", "replicasets/scale"]
verbs: ["get", "update"]
# 待以下 issue 修复后,请删除 Configmaps
# kubernetes-incubator/cluster-proportional-autoscaler#16
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-dns-autoscaler
subjects:
- kind: ServiceAccount
name: kube-dns-autoscaler
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:kube-dns-autoscaler
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-dns-autoscaler
namespace: kube-system
labels:
k8s-app: kube-dns-autoscaler
kubernetes.io/cluster-service: "true"
spec:
selector:
matchLabels:
k8s-app: kube-dns-autoscaler
template:
metadata:
labels:
k8s-app: kube-dns-autoscaler
spec:
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534
nodeSelector:
kubernetes.io/os: linux
containers:
- name: autoscaler
image: registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.4
resources:
requests:
cpu: "20m"
memory: "10Mi"
command:
- /cluster-proportional-autoscaler
- --namespace=kube-system
- --configmap=kube-dns-autoscaler
# 应该保持目标与 cluster/addons/dns/kube-dns.yaml.base 同步。
- --target=<SCALE_TARGET>
# 当集群使用大节点(有更多核)时,“coresPerReplica”应该占主导地位。
# 如果使用小节点,“nodesPerReplica“ 应该占主导地位。
- --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true,"includeUnschedulableNodes":true}}
- --logtostderr=true
- --v=2
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
serviceAccountName: kube-dns-autoscaler
<code class="language-yaml" data-lang="yaml">kind: ServiceAccount
apiVersion: v1
metadata:
name: kube-dns-autoscaler
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-dns-autoscaler
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["replicationcontrollers/scale"]
verbs: ["get", "update"]
- apiGroups: ["apps"]
resources: ["deployments/scale", "replicasets/scale"]
verbs: ["get", "update"]
# 待以下 issue 修复后,请删除 Configmaps
# kubernetes-incubator/cluster-proportional-autoscaler#16
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-dns-autoscaler
subjects:
- kind: ServiceAccount
name: kube-dns-autoscaler
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:kube-dns-autoscaler
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-dns-autoscaler
namespace: kube-system
labels:
k8s-app: kube-dns-autoscaler
kubernetes.io/cluster-service: "true"
spec:
selector:
matchLabels:
k8s-app: kube-dns-autoscaler
template:
metadata:
labels:
k8s-app: kube-dns-autoscaler
spec:
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534
nodeSelector:
kubernetes.io/os: linux
containers:
- name: autoscaler
image: registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.4
resources:
requests:
cpu: "20m"
memory: "10Mi"
command:
- /cluster-proportional-autoscaler
- --namespace=kube-system
- --configmap=kube-dns-autoscaler
# 应该保持目标与 cluster/addons/dns/kube-dns.yaml.base 同步。
- --target=<SCALE_TARGET>
# 当集群使用大节点(有更多核)时,“coresPerReplica”应该占主导地位。
# 如果使用小节点,“nodesPerReplica“ 应该占主导地位。
- --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true,"includeUnschedulableNodes":true}}
- --logtostderr=true
- --v=2
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
serviceAccountName: kube-dns-autoscaler
在文件中,将 <SCALE_TARGET> 替换成扩缩目标。
进入到包含配置文件的目录中,输入如下命令创建 Deployment:
kubectl apply -f dns-horizontal-autoscaler.yaml
kubectl apply -f dns-horizontal-autoscaler.yaml
kubectl apply -f dns-horizontal-autoscaler.yaml
一个成功的命令输出是:
deployment.apps/dns-autoscaler created
deployment.apps/dns-autoscaler created
deployment.apps/dns-autoscaler created
DNS 水平自动扩缩在已经启用了。
五、调优DNS自动扩缩参数
验证 dns-autoscaler ConfigMap 是否存在:
kubectl get configmap --namespace=kube-system
kubectl get configmap --namespace=kube-system
kubectl get configmap --namespace=kube-system
输出类似于:
<code>NAME DATA AGE
...
dns-autoscaler 1 ...
...</code>
<code>NAME DATA AGE
...
dns-autoscaler 1 ...
...</code>
NAME DATA AGE
...
dns-autoscaler 1 ...
...修改该 ConfigMap 中的数据:
kubectl edit configmap dns-autoscaler --namespace=kube-system
kubectl edit configmap dns-autoscaler --namespace=kube-system
kubectl edit configmap dns-autoscaler --namespace=kube-system
找到如下这行内容:
linear: '{"coresPerReplica":256,"min":1,"nodesPerReplica":16}'
linear: '{"coresPerReplica":256,"min":1,"nodesPerReplica":16}'
linear: '{"coresPerReplica":256,"min":1,"nodesPerReplica":16}'
根据需要修改对应的字段。“min” 字段表明 DNS 后端的最小数量。 实际后端的数量通过使用如下公式来计算:
replicas = max( ceil( cores × 1/coresPerReplica ) , ceil( nodes × 1/nodesPerReplica ) )
replicas = max( ceil( cores × 1/coresPerReplica ) , ceil( nodes × 1/nodesPerReplica ) )
replicas = max( ceil( cores × 1/coresPerReplica ) , ceil( nodes × 1/nodesPerReplica ) )
注意 coresPerReplica 和 nodesPerReplica 的值都是浮点数。
背后的思想是,当一个集群使用具有很多核心的节点时,由 coresPerReplica 来控制。 当一个集群使用具有较少核心的节点时,由 nodesPerReplica 来控制。
六、禁用DNS水平自动扩缩
有几个可供调优的 DNS 水平自动扩缩选项。具体使用哪个选项因环境而异。
1、缩容 dns-autoscaler Deployment 至 0 个副本
该选项适用于所有场景。运行如下命令:
kubectl scale deployment --replicas=0 dns-autoscaler --namespace=kube-system
kubectl scale deployment --replicas=0 dns-autoscaler --namespace=kube-system
kubectl scale deployment --replicas=0 dns-autoscaler --namespace=kube-system
输出如下所示:
deployment.apps/dns-autoscaler scaled
deployment.apps/dns-autoscaler scaled
deployment.apps/dns-autoscaler scaled
验证当前副本数为 0:
kubectl get rs --namespace=kube-system
kubectl get rs --namespace=kube-system
kubectl get rs --namespace=kube-system
输出内容中,在 DESIRED 和 CURRENT 列显示为 0:
<code>NAME DESIRED CURRENT READY AGE
...
dns-autoscaler-6b59789fc8 0 0 0 ...
...</code>
<code>NAME DESIRED CURRENT READY AGE
...
dns-autoscaler-6b59789fc8 0 0 0 ...
...</code>
NAME DESIRED CURRENT READY AGE
...
dns-autoscaler-6b59789fc8 0 0 0 ...
...2、删除 dns-autoscaler Deployment
如果 dns-autoscaler 为所控制,也就说没有人会去重新创建它,可以选择此选项:
kubectl delete deployment dns-autoscaler --namespace=kube-system
kubectl delete deployment dns-autoscaler --namespace=kube-system
kubectl delete deployment dns-autoscaler --namespace=kube-system
输出内容如下所示:
deployment.apps "dns-autoscaler" deleted
deployment.apps "dns-autoscaler" deleted
deployment.apps "dns-autoscaler" deleted
3、从主控节点删除 dns-autoscaler 清单文件
如果 dns-autoscaler 在插件管理器 的控制之下,并且具有操作 master 节点的写权限,可以使用此选项。登录到主控节点,删除对应的清单文件。 dns-autoscaler 对应的路径一般为:
/etc/kubernetes/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
/etc/kubernetes/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
/etc/kubernetes/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
当清单文件被删除后,插件管理器将删除 dns-autoscaler Deployment。
七、DNS平自动扩缩工作原理
1、cluster-proportional-autoscaler 应用独立于 DNS 服务部署。
2、autoscaler Pod 运行一个客户端,它通过轮询 Kubernetes API 服务器获取集群中节点和核心的数量。
3、系统会基于当前可调度的节点个数、核心数以及所给的扩缩参数,计算期望的副本数并应用到 DNS 后端。
4、扩缩参数和数据点会基于一个 ConfigMap 来提供给 autoscaler,它会在每次轮询时刷新它的参数表, 以与最近期望的扩缩参数保持一致。
5、扩缩参数是可以被修改的,而且不需要重建或重启 autoscaler Pod。
6、autoscaler 提供了一个控制器接口来支持两种控制模式:linear 和 ladder。
