2. 程式人生 > >【kubernetes/k8s原始碼分析】eviction機制原理以及原始碼解析

【kubernetes/k8s原始碼分析】eviction機制原理以及原始碼解析

阿新 發佈:2019-01-04

What?

 

Why?

  kubelet通過OOM Killer來回收缺點:

  • System OOM events會儲存記錄直到完成了OOM
  • OOM Killer幹掉containers後,Scheduler可能又會排程新的Pod到該Node上或者直接在node上重新執行,又會觸發該Node上的OOM Killer,可能無限循化這種操作

How?

  kubelet啟動eviction預設值

--eviction-hard="imagefs.available<15%,memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%"

--eviction-max-pod-grace-period="0"

--eviction-minimum-reclaim=""

--eviction-pressure-transition-period="5m0s"

--eviction-soft=""

--eviction-soft-grace-period=""

      注意:分為eviction-soft和eviction-hard。soft到達threshold值時會給pod一段時間優雅退出,而hard直接殺掉pod,不給任何優雅退出的機會

  eviction singal

  • memory.available
  • nodefs.available
  • nodefs.inodesFree
  • imagefs.available
  • imagefs.inodesFree
  • allocatableMemory.available

注意:

  • nodefs: 指node自身的儲存,儲存執行日誌等
  • imagefs: 指dockerd儲存image和容器可寫層

 

managerImpl結構體

  • killPodFunc: 賦值為killPodNow方法
  • imageGC: 出現diskPressure時,imageGC進行刪除未使用的映象
  • thresholdsFirstObservedAt : 記錄threshold第一次觀察到的時間
  • resourceToRankFunc - 定義各種Resource進行evict 挑選時的排名方法。
  • nodeConditionsLastObservedAt: 上一次獲取的eviction signal的記錄
  • notifierInitialized - bool值,表示threshold notifier是否已經初始化,以確定是否可以利用kernel memcg notification功能來提高evict的響應速度。目前建立manager時該值為false,是否要利用kernel memcg notification,完全取決於kubelet的--experimental-kernel-memcg-notification引數。
// managerImpl implements Manager
type managerImpl struct {
	//  used to track time
	clock clock.Clock
	// config is how the manager is configured
	config Config
	// the function to invoke to kill a pod
	killPodFunc KillPodFunc
	// the interface that knows how to do image gc
	imageGC ImageGC
	// the interface that knows how to do container gc
	containerGC ContainerGC
	// protects access to internal state
	sync.RWMutex
	// node conditions are the set of conditions present
	nodeConditions []v1.NodeConditionType
	// captures when a node condition was last observed based on a threshold being met
	nodeConditionsLastObservedAt nodeConditionsObservedAt
	// nodeRef is a reference to the node
	nodeRef *v1.ObjectReference
	// used to record events about the node
	recorder record.EventRecorder
	// used to measure usage stats on system
	summaryProvider stats.SummaryProvider
	// records when a threshold was first observed
	thresholdsFirstObservedAt thresholdsObservedAt
	// records the set of thresholds that have been met (including graceperiod) but not yet resolved
	thresholdsMet []evictionapi.Threshold
	// signalToRankFunc maps a resource to ranking function for that resource.
	signalToRankFunc map[evictionapi.Signal]rankFunc
	// signalToNodeReclaimFuncs maps a resource to an ordered list of functions that know how to reclaim that resource.
	signalToNodeReclaimFuncs map[evictionapi.Signal]nodeReclaimFuncs
	// last observations from synchronize
	lastObservations signalObservations
	// dedicatedImageFs indicates if imagefs is on a separate device from the rootfs
	dedicatedImageFs *bool
	// thresholdNotifiers is a list of memory threshold notifiers which each notify for a memory eviction threshold
	thresholdNotifiers []ThresholdNotifier
	// thresholdsLastUpdated is the last time the thresholdNotifiers were updated.
	thresholdsLastUpdated time.Time
}

 

1. eviction manager初始化

  路徑: pkg/kubelet/kubelet.go

  1.1 eviction 配置引數

     可以參照上面kubelet啟動eviction預設值

	thresholds, err := eviction.ParseThresholdConfig(enforceNodeAllocatable, kubeCfg.EvictionHard, kubeCfg.EvictionSoft, kubeCfg.EvictionSoftGracePeriod, kubeCfg.EvictionMinimumReclaim)
	if err != nil {
		return nil, err
	}
	evictionConfig := eviction.Config{
		PressureTransitionPeriod: kubeCfg.EvictionPressureTransitionPeriod.Duration,
		MaxPodGracePeriodSeconds: int64(kubeCfg.EvictionMaxPodGracePeriod),
		Thresholds:               thresholds,
		KernelMemcgNotification:  experimentalKernelMemcgNotification,
		PodCgroupRoot:            kubeDeps.ContainerManager.GetPodCgroupRoot(),
	}

  1.2 初始化eviction manager

	// setup eviction manager
	evictionManager, evictionAdmitHandler := eviction.NewManager(klet.resourceAnalyzer, evictionConfig, killPodNow(klet.podWorkers, kubeDeps.Recorder), klet.imageManager, klet.containerGC, kubeDeps.Recorder, nodeRef, klet.clock)

	klet.evictionManager = evictionManager
	klet.admitHandlers.AddPodAdmitHandler(evictionAdmitHandler)

  1.3 執行eviction manager

     隱藏的夠深

  •      Run(updates <-chan kubetypes.PodUpdate)  -> 
  •      fastStatusUpdateOnce()  ->
  •      updateRuntimeUp()  ->
  •      initializeRuntimeDependentModules()  -> 
  •      kl.evictionManager.Start(kl.StatsProvider, kl.GetActivePods, kl.podResourcesAreReclaimed, evictionMonitoringPeriod)

 

2. Start函式

  路徑:pkg/kubelet/eviction/eviction_manager.go

 

 

3. synchronize函式

  3.1 buildSignalToRankFunc函式和buildSignalToNodeReclaimFuncs函式

  • buildSignalToRankFunc註冊signal資源函式
  • buildSignalToNodeReclaimFuncs註冊signal reclaim函式
	// build the ranking functions (if not yet known)
	// TODO: have a function in cadvisor that lets us know if global housekeeping has completed
	if m.dedicatedImageFs == nil {
		hasImageFs, ok := diskInfoProvider.HasDedicatedImageFs()
		if ok != nil {
			return nil
		}
		glog.Infof("zzlin managerImpl synchronize m.dedicatedImageFs == nil  &hasImageFs: %v", &hasImageFs)
		m.dedicatedImageFs = &hasImageFs
		m.signalToRankFunc = buildSignalToRankFunc(hasImageFs)
		m.signalToNodeReclaimFuncs = buildSignalToNodeReclaimFuncs(m.imageGC, m.containerGC, hasImageFs)
	}

  3.2 Get函式獲取node以及pod資訊

  路徑pkg/kubelet/server/stats/summary.go

	activePods := podFunc()
	updateStats := true
	summary, err := m.summaryProvider.Get(updateStats)
	if err != nil {
		glog.Errorf("eviction manager: failed to get get summary stats: %v", err)
		return nil
	}

  3.3 makeSignalObservations函式

    顯示signal資源情況包括如下:

  • imagefs.inodesFree
  • pid.available
  • memory.available
  • allocatableMemory.available
  • nodefs.available
  • nodefs.inodesFree
  • imagefs.available
	// make observations and get a function to derive pod usage stats relative to those observations.
	observations, statsFunc := makeSignalObservations(summary)
	debugLogObservations("observations", observations)

 

相關推薦

kubernetes/k8s原始碼分析eviction機制原理以及原始碼解析

What?   Why?   kubelet通過OOM Killer來回收缺點: System OOM events會儲存記錄直到完成了OOM OOM Killer幹掉containers後,Scheduler可能又會排程新的Pod到該Node上或

kubernetes/k8s原始碼分析 controller-manager之replicaset原始碼分析

ReplicaSet簡介     Kubernetes 中建議使用 ReplicaSet來取代 ReplicationController。ReplicaSet 跟 ReplicationController 沒有本質的不同, ReplicaSet 支援集合式的

kubernetes/k8s概念CNI host-local原始碼分析

接著上章節假設host-local成功分配IP,這章節講解host-local 原始碼地址: https://github.com/containernetworking/plugins 引數 { "name": "macvlannet", "cniVers

kubernetes/k8s概念CNI macvlan原始碼分析

macvlan原理      在linux命令列執行 lsmod | grep macvlan 檢視當前核心是否載入了該driver;如果沒有檢視到,可以通過 modprobe macvlan 來載入  &n

kubernetes/k8s原始碼分析kubelet原始碼分析之cdvisor原始碼分析

  資料流 UnsecuredDependencies -> run   1. cadvisor.New初始化 if kubeDeps.CAdvisorInterface == nil { imageFsInfoProvider := cadv

kubernetes/k8s原始碼分析kubelet原始碼分析之容器網路初始化原始碼分析

一. 網路基礎   1.1 網路名稱空間的操作 建立網路名稱空間: ip netns add 名稱空間內執行命令: ip netns exec 進入名稱空間: ip netns exec bash   1.2 bridge-nf-c

kubernetes/k8s原始碼分析kubelet原始碼分析之資源上報

0. 資料流   路徑: pkg/kubelet/kubelet.go   Run函式() ->   syncNodeStatus ()  ->   registerWithAPIServer() ->

kubernetes/k8s原始碼分析kubelet原始碼分析之啟動容器

主要是呼叫runtime,這裡預設為docker 0. 資料流 NewMainKubelet(cmd/kubelet/app/server.go) -> NewKubeGenericRuntimeManager(pkg/kubelet/kuberuntime/kuberuntime

kubernetes/k8s原始碼分析 client-go包之Informer原始碼分析

Informer 簡介        Informer 是 Client-go 中的一個核心工具包。如果 Kubernetes 的某個元件,需要 List/Get Kubernetes 中的 Object(包括pod,service等等),可以直接使用

kubernetes/k8s原始碼分析kube-apiserver的go-restful框架使用

go-restful框架     github: https://github.com/emicklei/go-restful 三個重要資料結構   1. 初始化   路徑pkg/kubelet/kubelet.go中函式Ne

kubernetes/k8s原始碼分析 deployment原始碼分析

0. 開始 func NewControllerInitializers() map[string]InitFunc { controllers := map[string]InitFunc{}

kubernetes/k8s概念CNI plugin calico原始碼分析

       calico解決不同物理機上容器之間的通訊,而calico-plugin是在k8s建立Pod時為Pod設定虛擬網絡卡(容器中的eth0和lo網絡卡),calico-plugin是由兩個靜態的二進位制檔案組成,由kubelet以命令列的形式呼叫,這兩個二進位制

kubernetes/k8s原始碼分析kubernetes event原始碼分析

描述         使用方式 eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(glog.Infof) eventBroadcaster

kubernetes/k8s原始碼分析kubectl-controller-manager之job原始碼分析

job介紹     Job: 批量一次性任務,並保證處理的一個或者多個Pod成功結束 非並行Job: 固定完成次數的並行Job: 帶有工作佇列的並行Job: SPEC引數 .spec.completions: 

kubernetes/k8s原始碼分析kubectl-controller-manager之cronjob原始碼分析

crontab的基本格式     支援 , - * / 四個字元           *:表示匹配任意值,如果在Minutes 中使用表示每分鐘    &

kubernetes/k8s原始碼分析kubectl-controller-manager之HPA原始碼分析

本文基於kubernetes版本:v1.12.1 HPA介紹      https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/     Th

kubernetes/k8s原始碼分析kubectl-controller-manager之pod gc原始碼分析

  引數:    --controllers strings:配置需要enable的列表         這裡也包括podgc          All con

kubernetes/k8s原始碼分析kubectl-proxy ipvs原始碼分析

kubernetes版本: 1.12.1  原始碼路徑 pkg/proxy/ipvs/proxier.go 本文只講解IPVS相關部分,啟動流程前文: https://blog.csdn.net/zhonglinzhang/article/details/80185053

kubernetes/k8s原始碼分析CNI flannel原始碼分析

原始碼路徑: https://github.com/containernetworking/plugins 版本: v.0.10.0 flannel cni路徑: plugins/plugins/meta/flannel/flannel.go   subnet

kubernetes/k8s原始碼分析kube proxy原始碼分析

本文再次於2018年11月15日再次編輯,基於1.12版本,包括IPVS 序言 kube-proxy管理sevice的Endpoints,service對外暴露一個Virtual IP(Cluster IP), 叢集內Cluster IP:Port就能訪問到叢集內對應