k8s之滚动更新(Rolling Update)与回滚

滚动更新

滚动更新是一次只更新一小部分副本，成功后，再更新更多的副本，最终完成所有副本的更新。滚动更新的最大的好处是零停机，整个更新过程始终有副本在运行，从而保证了业务的连续性。

下面我们部署三副本应用，初始镜像为 httpd:2.2.31，然后将其更新到 httpd:2.2.32。

httpd:2.2.31 的配置文件如下：

apiVersion: apps/v1beta1kind: Deploymentmetadata:  name: httpdspec:  replicas: 3  template:    metadata:      labels:        run: httpd    spec:      containers:      - name: httpd        image: httpd:2.2.31        ports:        - containerPort: 80

通过 kubectl apply 部署。

[root@k8s-master ~]# kubectl apply -f httpd.yml deployment.apps/httpd created[root@k8s-master ~]# [root@k8s-master ~]# kubectl get deployments httpd -o wideNAME    READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES         SELECTORhttpd   0/3     3            0           14s   httpd        httpd:2.2.31   run=httpd[root@k8s-master ~]# kubectl get replicasets -o wideNAME               DESIRED   CURRENT   READY   AGE   CONTAINERS   IMAGES         SELECTORhttpd-56df754d56   3         3         3       37s   httpd        httpd:2.2.31   pod-template-hash=56df754d56,run=httpd[root@k8s-master ~]# kubectl get podNAME                     READY   STATUS    RESTARTS   AGEhttpd-56df754d56-5hjt6   1/1     Running   0          52shttpd-56df754d56-ngw9l   1/1     Running   0          52shttpd-56df754d56-qtgbt   1/1     Running   0          52s

部署过程如下：

1. 创建 Deployment httpd
2. 创建 ReplicaSet httpd-551879778
3. 创建三个 Pod
4. 当前镜像为 httpd:2.2.31

将配置文件中 httpd:2.2.31 替换为 httpd:2.2.32，再次执行 kubectl apply。

apiVersion: apps/v1beta1kind: Deploymentmetadata:  name: httpdspec:  replicas: 3  template:    metadata:      labels:        run: httpd    spec:      containers:      - name: httpd        image: httpd:2.2.32        ports:        - containerPort: 80

[root@k8s-master ~]# kubectl apply -f httpd.yml deployment.apps/httpd configured[root@k8s-master ~]# [root@k8s-master ~]# kubectl get deployments httpd -o wideNAME    READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES         SELECTORhttpd   3/3     1            3           3m54s   httpd        httpd:2.2.32   run=httpd[root@k8s-master ~]# kubectl get replicasets -o wideNAME               DESIRED   CURRENT   READY   AGE    CONTAINERS   IMAGES         SELECTORhttpd-56df754d56   2         2         2       4m8s   httpd        httpd:2.2.31   pod-template-hash=56df754d56,run=httpdhttpd-77896d99b5   2         2         1       28s    httpd        httpd:2.2.32   pod-template-hash=77896d99b5,run=httpd[root@k8s-master ~]# [root@k8s-master ~]# kubectl get podNAME                     READY   STATUS    RESTARTS   AGEhttpd-77896d99b5-pk52m   1/1     Running   0          24shttpd-77896d99b5-pmlr9   1/1     Running   0          40shttpd-77896d99b5-spn96   1/1     Running   0          9s

我们发现了如下变化：

1. Deployment httpd 的镜像更新为 httpd:2.2.32
2. 新创建了 ReplicaSet httpd-1276601241，镜像为 httpd:2.2.32，并且管理了三个新的 Pod。
3. 之前的 ReplicaSet httpd-551879778 里面已经没有任何 Pod。

结论是：ReplicaSet httpd-551879778 的三个 httpd:2.2.31 Pod 已经被 ReplicaSet httpd-1276601241 的三个 httpd:2.2.32 Pod 替换了。

具体过程可以通过 kubectl describe deployment httpd 查看。

Events:  Type    Reason             Age    From                   Message  ----    ------             ----   ----                   -------  Normal  ScalingReplicaSet  6m4s   deployment-controller  Scaled up replica set httpd-56df754d56 to 3  Normal  ScalingReplicaSet  2m23s  deployment-controller  Scaled up replica set httpd-77896d99b5 to 1  Normal  ScalingReplicaSet  2m7s   deployment-controller  Scaled down replica set httpd-56df754d56 to 2  Normal  ScalingReplicaSet  2m7s   deployment-controller  Scaled up replica set httpd-77896d99b5 to 2  Normal  ScalingReplicaSet  112s   deployment-controller  Scaled down replica set httpd-56df754d56 to 1  Normal  ScalingReplicaSet  112s   deployment-controller  Scaled up replica set httpd-77896d99b5 to 3  Normal  ScalingReplicaSet  110s   deployment-controller  Scaled down replica set httpd-56df754d56 to 0

每次只更新替换一个 Pod：

1. ReplicaSet httpd-1276601241 增加一个 Pod，总数为 1。
2. ReplicaSet httpd-551879778 减少一个 Pod，总数为 2。
3. ReplicaSet httpd-1276601241 增加一个 Pod，总数为 2。
4. ReplicaSet httpd-551879778 减少一个 Pod，总数为 1。
5. ReplicaSet httpd-1276601241 增加一个 Pod，总数为 3。
6. ReplicaSet httpd-551879778 减少一个 Pod，总数为 0。

每次替换的 Pod 数量是可以定制的。Kubernetes 提供了两个参数 maxSurge 和 maxUnavailable 来精细控制 Pod 的替换数量，我们将在后面结合 Health Check 特性一起讨论。

回滚

kubectl apply 每次更新应用时 Kubernetes 都会记录下当前的配置，保存为一个 revision（版次），这样就可以回滚到某个特定 revision。

默认配置下，Kubernetes 只会保留最近的几个 revision，可以在 Deployment 配置文件中通过 revisionHistoryLimit 属性增加 revision 数量。

下面实践回滚功能。应用有如下三个配置文件 httpd.v1.yml，httpd.v2.yml 和 httpd.v3.yml，分别对应不同的 httpd 镜像 2.4.16，2.4.17 和 2.4.18：

apiVersion: apps/v1beta1kind: Deploymentmetadata:  name: httpdspec:  revisionHistoryLimit: 10  replicas: 3  template:    metadata:      labels:        run: httpd    spec:      containers:      - name: httpd        image: httpd:2.4.16        ports:        - containerPort: 80

apiVersion: apps/v1beta1kind: Deploymentmetadata:  name: httpdspec:  revisionHistoryLimit: 10  replicas: 3  template:    metadata:      labels:        run: httpd    spec:      containers:      - name: httpd        image: httpd:2.4.17        ports:        - containerPort: 80

apiVersion: apps/v1beta1kind: Deploymentmetadata:  name: httpdspec:  revisionHistoryLimit: 10  replicas: 3  template:    metadata:      labels:        run: httpd    spec:      containers:      - name: httpd        image: httpd:2.4.18        ports:        - containerPort: 80

通过 kubectl apply 部署并更新应用：

[root@k8s-master ~]# kubectl apply -f httpd.v1.yml --record deployment.apps/httpd created[root@k8s-master ~]# kubectl get deployments httpd -o wideNAME    READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES         SELECTORhttpd   3/3     3            3           36s   httpd        httpd:2.4.16   run=httpd[root@k8s-master ~]# kubectl apply -f httpd.v2.yml --record  deployment.apps/httpd configured[root@k8s-master ~]# kubectl get deployments httpd -o wide  NAME    READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES         SELECTORhttpd   3/3     1            3           2m24s   httpd        httpd:2.4.17   run=httpd[root@k8s-master ~]# kubectl apply -f httpd.v3.yml --record  deployment.apps/httpd configured[root@k8s-master ~]# kubectl get deployments httpd -o wide  NAME    READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES         SELECTORhttpd   3/3     1            3           2m43s   httpd        httpd:2.4.18   run=httpd

--record 的作用是将当前命令记录到 revision 记录中，这样我们就可以知道每个 revison 对应的是哪个配置文件。通过 kubectl rollout history deployment httpd 查看 revison 历史记录。

[root@k8s-master ~]# kubectl rollout history deployment httpd deployment.extensions/httpd REVISION  CHANGE-CAUSE1         kubectl apply --filename=httpd.v1.yml --record=true2         kubectl apply --filename=httpd.v2.yml --record=true3         kubectl apply --filename=httpd.v3.yml --record=true

CHANGE-CAUSE 就是 --record 的结果。如果要回滚到某个版本，比如 revision 1，可以执行命令 kubectl rollout undo deployment httpd --to-revision=1：

[root@k8s-master ~]# kubectl rollout undo deployment httpd --to-revision=1deployment.extensions/httpd rolled back[root@k8s-master ~]# kubectl get deployments. httpd -o wideNAME    READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES         SELECTORhttpd   3/3     3            3           6m50s   httpd        httpd:2.4.16   run=httpd

此时，revison 历史记录也会发生相应变化。

[root@k8s-master ~]# kubectl rollout history deployment httpd    deployment.extensions/httpd REVISION  CHANGE-CAUSE2         kubectl apply --filename=httpd.v2.yml --record=true3         kubectl apply --filename=httpd.v3.yml --record=true4         kubectl apply --filename=httpd.v1.yml --record=true

revison 1 变成了 revison 4。不过我们可以通过 CHANGE-CAUSE 知道每个 revison 的具体含义。所以一定要在执行 kubectl apply 时加上 --record参数。