LinuCエヴァンジェリスト・Open Source Summit Japan 2022ボランティアリーダーの鯨井貴博@opensourcetechです。
はじめに
今回は、kubernetes 1.27の新機能(Feature Gate)として実装されたInPlacePodVerticalScalingを有効化して使ってみようと思います。
https://kubernetes.io/blog/2023/05/12/in-place-pod-resize-alpha/
Feature Gateとは
KubernetesのFeature Gateは、今後正式機能となる候補の位置づけになります。
https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
機能は、Alpha → Beta → GA → 非推奨(deprecated) → 廃止 というふうにステータスが変更されていきます。
今回使おうとしているInPlacePodVerticalScalingは1.27ではAlphaとなっており、デフォルトでdisable(無効)となっているため手動で有効化する必要があります。
InPlacePodVerticalScalingとは
InPlacePodVerticalScalingは、Podに定義されているリソース(CPU・メモリー)を変更する際 通常はPodの再起動が行われますが、再起動をせずに値の変更を可能にする機能です。
想定されている用途は、当初Podに割り当てたリソースが過不足するときに変更しますが、そのタイミングでPodの再起動が発生しサービス影響が出ることを防ぐためとのことです。
https://kubernetes.io/blog/2023/05/12/in-place-pod-resize-alpha/
https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/
1.26までのPodの挙動
まずはこれまでどういう挙動だったか、確認してみましょう。
normal-nginxというPodのリソースを更新して、再起動されることを確認します。
kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ vi normalpod.yaml kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ cat normalpod.yaml apiVersion: v1 kind: Pod metadata: name: normal-nginx namespace: default spec: containers: - name: normal-nginx image: nginx resizePolicy: - resourceName: cpu restartPolicy: RestartContainer - resourceName: memory restartPolicy: RestartContainer resources: limits: memory: "100Mi" cpu: "100m" requests: memory: "50Mi" cpu: "50m" kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl apply -f normalpod.yaml pod/normal-nginx created kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES normal-nginx 1/1 Running 0 2m3s 10.0.5.50 worker01 <none> <none> kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl get pod normal-nginx -o yaml apiVersion: v1 kind: Pod metadata: annotations: cni.projectcalico.org/containerID: e844c13672de3dcf6a09563d7aa73473eefd9a323b8ac6a6856f234b2d51e5f3 cni.projectcalico.org/podIP: 10.0.5.50/32 cni.projectcalico.org/podIPs: 10.0.5.50/32,fd12:b5e0:383e:0:c9e5:fc91:8eec:52d/128 kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"normal-nginx","namespace":"default"},"spec":{"containers":[{"image":"nginx","name":"normal-nginx","resizePolicy":[{"resourceName":"cpu","restartPolicy":"RestartContainer"},{"resourceName":"memory","restartPolicy":"RestartContainer"}],"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"50m","memory":"50Mi"}}}]}} creationTimestamp: "2023-05-14T11:32:36Z" name: normal-nginx namespace: default resourceVersion: "8519282" uid: 944c7251-6430-4aa9-9c5a-80befbdb2e97 spec: containers: - image: nginx imagePullPolicy: Always name: normal-nginx resizePolicy: - resourceName: cpu restartPolicy: RestartContainer - resourceName: memory restartPolicy: RestartContainer resources: limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qnr74 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: worker01 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: kube-api-access-qnr74 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2023-05-14T11:32:36Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2023-05-14T11:33:05Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2023-05-14T11:33:05Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2023-05-14T11:32:36Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 50m memory: 50Mi containerID: containerd://2bbd8f6c61bfec6dab7008ad5106817e5456bba4794dd27ec0842cdd028f7f1f image: docker.io/library/nginx:latest imageID: docker.io/library/nginx@sha256:480868e8c8c797794257e2abd88d0f9a8809b2fe956cbfbc05dcc0bca1f7cd43 lastState: {} name: normal-nginx ready: true resources: limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi restartCount: 0 started: true state: running: startedAt: "2023-05-14T11:33:03Z" hostIP: 192.168.1.45 phase: Running podIP: 10.0.5.50 podIPs: - ip: 10.0.5.50 - ip: fd12:b5e0:383e:0:c9e5:fc91:8eec:52d qosClass: Burstable startTime: "2023-05-14T11:32:36Z"
kubectl patchでcpuのrequestsとlimitsを更新します。
kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl patch pod normal-nginx --patch '{"spec":{"containers":[{"name":"normal-nginx", "resources":{"requests":{"cpu":"40m"}, "limits":{"cpu":"90m"}}}]}}' pod/normal-nginx patched
restartCount: 1となっており、コンテナが再起動されたことが分かります。
kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl get pod normal-nginx -o yaml apiVersion: v1 kind: Pod metadata: annotations: cni.projectcalico.org/containerID: e844c13672de3dcf6a09563d7aa73473eefd9a323b8ac6a6856f234b2d51e5f3 cni.projectcalico.org/podIP: 10.0.5.50/32 cni.projectcalico.org/podIPs: 10.0.5.50/32,fd12:b5e0:383e:0:c9e5:fc91:8eec:52d/128 kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"normal-nginx","namespace":"default"},"spec":{"containers":[{"image":"nginx","name":"normal-nginx","resizePolicy":[{"resourceName":"cpu","restartPolicy":"RestartContainer"},{"resourceName":"memory","restartPolicy":"RestartContainer"}],"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"50m","memory":"50Mi"}}}]}} creationTimestamp: "2023-05-14T11:32:36Z" name: normal-nginx namespace: default resourceVersion: "8519583" uid: 944c7251-6430-4aa9-9c5a-80befbdb2e97 spec: containers: - image: nginx imagePullPolicy: Always name: normal-nginx resizePolicy: - resourceName: cpu restartPolicy: RestartContainer - resourceName: memory restartPolicy: RestartContainer resources: limits: cpu: 90m memory: 100Mi requests: cpu: 40m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qnr74 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: worker01 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: kube-api-access-qnr74 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2023-05-14T11:32:36Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2023-05-14T11:33:05Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2023-05-14T11:33:05Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2023-05-14T11:32:36Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 40m memory: 50Mi containerID: containerd://d72e981e6595cbbedd5a6f6a4b70a9dad2fe88445141e7a84c2fc28df00c7540 image: docker.io/library/nginx:latest imageID: docker.io/library/nginx@sha256:480868e8c8c797794257e2abd88d0f9a8809b2fe956cbfbc05dcc0bca1f7cd43 lastState: terminated: containerID: containerd://2bbd8f6c61bfec6dab7008ad5106817e5456bba4794dd27ec0842cdd028f7f1f exitCode: 0 finishedAt: "2023-05-14T11:36:02Z" reason: Completed startedAt: "2023-05-14T11:33:03Z" name: normal-nginx ready: true resources: limits: cpu: 90m memory: 100Mi requests: cpu: 40m memory: 50Mi restartCount: 1 started: true state: running: startedAt: "2023-05-14T11:36:05Z" hostIP: 192.168.1.45 phase: Running podIP: 10.0.5.50 podIPs: - ip: 10.0.5.50 - ip: fd12:b5e0:383e:0:c9e5:fc91:8eec:52d qosClass: Burstable startTime: "2023-05-14T11:32:36Z"
Feature Gateの有効化
Feature Gateの有効化は、kubernetesクラスターを構成する各ノードで機能を有効にすればOKです。
まず、masterノード。
kubeadm・kube-apiserver・kube-schedulerで有効にしました。
kubeadmの設定変更。
kubeuser@master01:~$ sudo cat /var/lib/kubelet/kubeadm-flags.env KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9" kubeuser@master01:~$ sudo cat /var/lib/kubelet/kubeadm-flags.env KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9 --feature-gates=InPlacePodVerticalScaling=true"
kube-apiserverの設定変更。
kubeuser@master01:~$ sudo cat /etc/kubernetes/manifests/kube-apiserver.yaml apiVersion: v1 kind: Pod metadata: annotations: kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.1.41:6443 creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: - kube-apiserver - --advertise-address=192.168.1.41 - --allow-privileged=true - --authorization-mode=Node,RBAC - --client-ca-file=/etc/kubernetes/pki/ca.crt - --enable-admission-plugins=NodeRestriction - --enable-bootstrap-token-auth=true - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-servers=https://127.0.0.1:2379 - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key - --requestheader-allowed-names=front-proxy-client - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --secure-port=6443 - --service-account-issuer=https://kubernetes.default.svc.cluster.local - --service-account-key-file=/etc/kubernetes/pki/sa.pub - --service-account-signing-key-file=/etc/kubernetes/pki/sa.key - --service-cluster-ip-range=10.1.0.0/16,fd12:b5e0:383f::/112 - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key image: registry.k8s.io/kube-apiserver:v1.27.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 httpGet: host: 192.168.1.41 path: /livez port: 6443 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 name: kube-apiserver readinessProbe: failureThreshold: 3 httpGet: host: 192.168.1.41 path: /readyz port: 6443 scheme: HTTPS periodSeconds: 1 timeoutSeconds: 15 resources: requests: cpu: 250m startupProbe: failureThreshold: 24 httpGet: host: 192.168.1.41 path: /livez port: 6443 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 volumeMounts: - mountPath: /etc/ssl/certs name: ca-certs readOnly: true - mountPath: /etc/ca-certificates name: etc-ca-certificates readOnly: true - mountPath: /etc/pki name: etc-pki readOnly: true - mountPath: /etc/kubernetes/pki name: k8s-certs readOnly: true - mountPath: /usr/local/share/ca-certificates name: usr-local-share-ca-certificates readOnly: true - mountPath: /usr/share/ca-certificates name: usr-share-ca-certificates readOnly: true hostNetwork: true priority: 2000001000 priorityClassName: system-node-critical securityContext: seccompProfile: type: RuntimeDefault volumes: - hostPath: path: /etc/ssl/certs type: DirectoryOrCreate name: ca-certs - hostPath: path: /etc/ca-certificates type: DirectoryOrCreate name: etc-ca-certificates - hostPath: path: /etc/pki type: DirectoryOrCreate name: etc-pki - hostPath: path: /etc/kubernetes/pki type: DirectoryOrCreate name: k8s-certs - hostPath: path: /usr/local/share/ca-certificates type: DirectoryOrCreate name: usr-local-share-ca-certificates - hostPath: path: /usr/share/ca-certificates type: DirectoryOrCreate name: usr-share-ca-certificates status: {} kubeuser@master01:~$ sudo vi /etc/kubernetes/manifests/kube-apiserver.yaml kubeuser@master01:~$ sudo cat /etc/kubernetes/manifests/kube-apiserver.yaml apiVersion: v1 kind: Pod metadata: annotations: kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.1.41:6443 creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: - kube-apiserver - --advertise-address=192.168.1.41 - --allow-privileged=true - --authorization-mode=Node,RBAC - --client-ca-file=/etc/kubernetes/pki/ca.crt - --enable-admission-plugins=NodeRestriction - --enable-bootstrap-token-auth=true - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-servers=https://127.0.0.1:2379 - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key - --requestheader-allowed-names=front-proxy-client - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --secure-port=6443 - --service-account-issuer=https://kubernetes.default.svc.cluster.local - --service-account-key-file=/etc/kubernetes/pki/sa.pub - --service-account-signing-key-file=/etc/kubernetes/pki/sa.key - --service-cluster-ip-range=10.1.0.0/16,fd12:b5e0:383f::/112 - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key - --feature-gates=InPlacePodVerticalScaling=true image: registry.k8s.io/kube-apiserver:v1.27.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 httpGet: host: 192.168.1.41 path: /livez port: 6443 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 name: kube-apiserver readinessProbe: failureThreshold: 3 httpGet: host: 192.168.1.41 path: /readyz port: 6443 scheme: HTTPS periodSeconds: 1 timeoutSeconds: 15 resources: requests: cpu: 250m startupProbe: failureThreshold: 24 httpGet: host: 192.168.1.41 path: /livez port: 6443 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 volumeMounts: - mountPath: /etc/ssl/certs name: ca-certs readOnly: true - mountPath: /etc/ca-certificates name: etc-ca-certificates readOnly: true - mountPath: /etc/pki name: etc-pki readOnly: true - mountPath: /etc/kubernetes/pki name: k8s-certs readOnly: true - mountPath: /usr/local/share/ca-certificates name: usr-local-share-ca-certificates readOnly: true - mountPath: /usr/share/ca-certificates name: usr-share-ca-certificates readOnly: true hostNetwork: true priority: 2000001000 priorityClassName: system-node-critical securityContext: seccompProfile: type: RuntimeDefault volumes: - hostPath: path: /etc/ssl/certs type: DirectoryOrCreate name: ca-certs - hostPath: path: /etc/ca-certificates type: DirectoryOrCreate name: etc-ca-certificates - hostPath: path: /etc/pki type: DirectoryOrCreate name: etc-pki - hostPath: path: /etc/kubernetes/pki type: DirectoryOrCreate name: k8s-certs - hostPath: path: /usr/local/share/ca-certificates type: DirectoryOrCreate name: usr-local-share-ca-certificates - hostPath: path: /usr/share/ca-certificates type: DirectoryOrCreate name: usr-share-ca-certificates status: {}
kube-schedulerの設定変更。
kubeuser@master01:~$ sudo cat /etc/kubernetes/manifests/kube-scheduler.yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-scheduler tier: control-plane name: kube-scheduler namespace: kube-system spec: containers: - command: - kube-scheduler - --authentication-kubeconfig=/etc/kubernetes/scheduler.conf - --authorization-kubeconfig=/etc/kubernetes/scheduler.conf - --bind-address=127.0.0.1 - --kubeconfig=/etc/kubernetes/scheduler.conf - --leader-elect=true image: registry.k8s.io/kube-scheduler:v1.27.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 httpGet: host: 127.0.0.1 path: /healthz port: 10259 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 name: kube-scheduler resources: requests: cpu: 100m startupProbe: failureThreshold: 24 httpGet: host: 127.0.0.1 path: /healthz port: 10259 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 volumeMounts: - mountPath: /etc/kubernetes/scheduler.conf name: kubeconfig readOnly: true hostNetwork: true priority: 2000001000 priorityClassName: system-node-critical securityContext: seccompProfile: type: RuntimeDefault volumes: - hostPath: path: /etc/kubernetes/scheduler.conf type: FileOrCreate name: kubeconfig status: {} kubeuser@master01:~$ sudo vi /etc/kubernetes/manifests/kube-scheduler.yaml kubeuser@master01:~$ sudo cat /etc/kubernetes/manifests/kube-scheduler.yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-scheduler tier: control-plane name: kube-scheduler namespace: kube-system spec: containers: - command: - kube-scheduler - --authentication-kubeconfig=/etc/kubernetes/scheduler.conf - --authorization-kubeconfig=/etc/kubernetes/scheduler.conf - --bind-address=127.0.0.1 - --kubeconfig=/etc/kubernetes/scheduler.conf - --leader-elect=true - --feature-gates=InPlacePodVerticalScaling=true image: registry.k8s.io/kube-scheduler:v1.27.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 httpGet: host: 127.0.0.1 path: /healthz port: 10259 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 name: kube-scheduler resources: requests: cpu: 100m startupProbe: failureThreshold: 24 httpGet: host: 127.0.0.1 path: /healthz port: 10259 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 volumeMounts: - mountPath: /etc/kubernetes/scheduler.conf name: kubeconfig readOnly: true hostNetwork: true priority: 2000001000 priorityClassName: system-node-critical securityContext: seccompProfile: type: RuntimeDefault volumes: - hostPath: path: /etc/kubernetes/scheduler.conf type: FileOrCreate name: kubeconfig status: {}
設定変更の反映。
kubeuser@master01:~$ sudo systemctl daemon-reload kubeuser@master01:~$ sudo systemctl restart kubelet
続いて、workerノードでの設定変更。
kubeadmのみです。
kubeuser@worker01:~$ sudo cat /var/lib/kubelet/kubeadm-flags.env [sudo] password for kubeuser: KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9" kubeuser@worker01:~$ sudo vi /var/lib/kubelet/kubeadm-flags.env kubeuser@worker01:~$ sudo cat /var/lib/kubelet/kubeadm-flags.env KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9 --feature-gates=InPlacePodVerticalScaling=true" kubeuser@worker01:~$ sudo systemctl daemon-reload kubeuser@worker01:~$ sudo systemctl restart kubelet
1.27でのPodの挙動
では、最後に新機能の挙動を確認しましょう。
resize-nginxというPodを使っています。
InPlacePodVerticalScalingはデフォルトでrestartPolicy: NotRequiredという設定なので、特にyamlファイルに記入しなくてもOKです。
※kubectl getのyaml形式で出力したものを見ると、そうなっているのが分かります。
kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ vi testpod.yaml kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ cat testpod.yaml apiVersion: v1 kind: Pod metadata: name: resize-nginx namespace: default spec: containers: - name: resize-nginx image: nginx resources: limits: memory: "100Mi" cpu: "100m" requests: memory: "50Mi" cpu: "50m" kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl apply -f testpod.yaml pod/resize-nginx created kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES resize-nginx 1/1 Running 0 66s 10.0.30.75 worker02 <none> <none> kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl get pod resize-nginx -o yaml apiVersion: v1 kind: Pod metadata: annotations: cni.projectcalico.org/containerID: 6cc5509cb764550bf71555fb4ee2958048f24666f9c81a02a6bb45a624995845 cni.projectcalico.org/podIP: 10.0.30.75/32 cni.projectcalico.org/podIPs: 10.0.30.75/32,fd12:b5e0:383e:0:7bf:50a7:b256:1e68/128 kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"resize-nginx","namespace":"default"},"spec":{"containers":[{"image":"nginx","name":"resize-nginx","resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"50m","memory":"50Mi"}}}]}} creationTimestamp: "2023-05-14T11:10:02Z" name: resize-nginx namespace: default resourceVersion: "8517128" uid: fa3f0810-3c51-4fc4-99a0-cf934860ea11 spec: containers: - image: nginx imagePullPolicy: Always name: resize-nginx resizePolicy: - resourceName: cpu restartPolicy: NotRequired - resourceName: memory restartPolicy: NotRequired resources: limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xgbl8 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: worker02 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: kube-api-access-xgbl8 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2023-05-14T11:10:04Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2023-05-14T11:11:01Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2023-05-14T11:11:01Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2023-05-14T11:10:03Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 50m memory: 50Mi containerID: containerd://2096ed2178a1e9b1e03a3c4c429d1e4390b5fd3d5538600f168d1d219659cf3a image: docker.io/library/nginx:latest imageID: docker.io/library/nginx@sha256:480868e8c8c797794257e2abd88d0f9a8809b2fe956cbfbc05dcc0bca1f7cd43 lastState: {} name: resize-nginx ready: true resources: limits: cpu: 100m memory: 100Mi requests: cpu: 50m memory: 50Mi restartCount: 0 started: true state: running: startedAt: "2023-05-14T11:11:00Z" hostIP: 192.168.1.46 phase: Running podIP: 10.0.30.75 podIPs: - ip: 10.0.30.75 - ip: fd12:b5e0:383e:0:7bf:50a7:b256:1e68 qosClass: Burstable startTime: "2023-05-14T11:10:04Z"
では、リソースの変更をして再起動されるかどうかの確認です。
kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl patch pod resize-nginx --patch '{"spec":{"containers":[{"name":"resize-nginx", "resources":{"requests":{"cpu":"40m"}, "limits":{"cpu":"90m"}}}]}}' pod/resize-nginx patched kubeuser@master01:~/InPlacePodVerticalScaling_1.27featuregate$ kubectl get pod resize-nginx -o yaml apiVersion: v1 kind: Pod metadata: annotations: cni.projectcalico.org/containerID: 6cc5509cb764550bf71555fb4ee2958048f24666f9c81a02a6bb45a624995845 cni.projectcalico.org/podIP: 10.0.30.75/32 cni.projectcalico.org/podIPs: 10.0.30.75/32,fd12:b5e0:383e:0:7bf:50a7:b256:1e68/128 kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"resize-nginx","namespace":"default"},"spec":{"containers":[{"image":"nginx","name":"resize-nginx","resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"50m","memory":"50Mi"}}}]}} creationTimestamp: "2023-05-14T11:10:02Z" name: resize-nginx namespace: default resourceVersion: "8517812" uid: fa3f0810-3c51-4fc4-99a0-cf934860ea11 spec: containers: - image: nginx imagePullPolicy: Always name: resize-nginx resizePolicy: - resourceName: cpu restartPolicy: NotRequired - resourceName: memory restartPolicy: NotRequired resources: limits: cpu: 90m memory: 100Mi requests: cpu: 40m memory: 50Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-xgbl8 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: worker02 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: kube-api-access-xgbl8 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2023-05-14T11:10:04Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2023-05-14T11:11:01Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2023-05-14T11:11:01Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2023-05-14T11:10:03Z" status: "True" type: PodScheduled containerStatuses: - allocatedResources: cpu: 40m memory: 50Mi containerID: containerd://2096ed2178a1e9b1e03a3c4c429d1e4390b5fd3d5538600f168d1d219659cf3a image: docker.io/library/nginx:latest imageID: docker.io/library/nginx@sha256:480868e8c8c797794257e2abd88d0f9a8809b2fe956cbfbc05dcc0bca1f7cd43 lastState: {} name: resize-nginx ready: true resources: limits: cpu: 90m memory: 100Mi requests: cpu: 40m memory: 50Mi restartCount: 0 started: true state: running: startedAt: "2023-05-14T11:11:00Z" hostIP: 192.168.1.46 phase: Running podIP: 10.0.30.75 podIPs: - ip: 10.0.30.75 - ip: fd12:b5e0:383e:0:7bf:50a7:b256:1e68 qosClass: Burstable startTime: "2023-05-14T11:10:04Z"
設定変更がされても、restartCount: 0のままであることが確認出来ます。
おわりに
今回は1.27の新機能(Feature Gate)であるInPlacePodVerticalScalingを使ってみましたが、以下の気づきがありました。
・kubernetesの新機能(Feature Gate)について
・新機能(Feature Gate)を有効にする方法
・InPlacePodVerticalScalingのパラメータによる挙動の違いの理解
また、ステータスがAlphaなので今後どのようになっていくかわかりませんが、
1.28、1.29、、、とバージョンアップされていく過程やこの機能に関するコミニティでのディスカッションなど色々と着目するべきポイントもわかり、多くの収穫のある検証でした♪