还在为容器时区困扰? 送你一剂良药!
还在为容器时区困扰? 送你一剂良药!
ice yao
喜欢看动漫的IT男;还是火影迷、海贼迷、死神迷、妖尾迷、全职猎人迷、龙珠迷、网球王子迷。
1
环 境
- Kubernetes v1.14.6
- Etcd 3.3.12
- Docker 18.09.9
- Kernel 4.4.131
2
现 象
pod默认时区与宿主机时区不一致
宿主机时区
# date Fri Jan 17 19:42:13 CST 2020容器时区
# vim nginx.yaml ---apiVersion: extensions/v1beta1kind: Deploymentmetadata: labels: run: test-hello name: test-hello namespace: defaultspec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: run: test-hello strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: run: test-hello spec: containers: - image: nginx:alpine imagePullPolicy: IfNotPresent resources: limits: cpu: 50m memory: 100Mi requests: cpu: 10m memory: 16Mi name: test-hello ports: - containerPort: 80 protocol: TCP dnsPolicy: ClusterFirst restartPolicy: Always
# kubectl apply -f nginx.yaml# kubectl exec -it test-hello-74b6f65659-5wk2m -- dateFri Jan 17 11:46:00 UTC 2020默认pod容器时区是UTC, 而宿主机时区是CST. 很多时候都要求时区跟当地时区一致,有利于查找日志。
3
解决方法
- 方法一
用传统老办法,就是把宿主机/etc/localtime映射到容器的/etc/localtime;
修改nginx.yaml,增加volumeMount;
name: test-hello ports: - containerPort: 80 protocol: TCP volumeMounts: - name: timezone-config mountPath: /etc/localtime readOnly: true volumes: - name: timezone-config hostPath: path: /etc/localtime# kubectl apply -f nginx.yaml# kubectl exec -it test-hello-8666c776d7-n4h4x -- dateFri Jan 17 20:04:12 CST 2020容器时区设置为CST了。
- 方法二
设置环境变量, 修改nginx.yaml;
spec: containers: - image: nginx:alpine imagePullPolicy: IfNotPresent resources: limits: cpu: 50m memory: 100Mi requests: cpu: 10m memory: 16Mi name: test-hello env: - name: TZ value: Asia/Shanghai# kubectl apply -f nginx.yaml# kubectl exec -it test-hello-8666c776d7-n4h4x -- dateFri Jan 17 20:04:12 CST 2020容器时区设置为CST了。
- 方法三
上面两种方法虽然都可以解决容器时区问题,有没一劳永逸的方法, 调研得到k8s有Pod Preset功能来达到对pod进行一些预处理的配置;
验证是否启用了podpresets功能;
# kubectl get podpresetserror: the server doesn't have a resource type "podpresets"调用失败,说明需要启用podpresets功能;
修改所有master节点的kube-apiserver.yaml, 启用podpresets功能;
# vim /etc/kubernetes/manifests/kube-apiserver.yamlspec: containers: - command: - kube-apiserver ...增加如下两行配置 - --runtime-config=settings.k8s.io/v1alpha1=true - --enable-admission-plugins=NodeRestriction,PodPreset# kubectl get podpresetsNo resources found.调用正常;
创建setting-tz.yaml;
# vim setting-tz.yamlapiVersion: settings.k8s.io/v1alpha1kind: PodPresetmetadata: name: setting-tzspec: selector: matchLabels: env: - name: TZ value: Asia/Shanghai基于selector…matchLabels来匹配的,matchLabels为空表明应用于该命名空间下所有容器;
# kubectl apply -f setting-tz.yaml podpreset.settings.k8s.io/setting-tz created# kubectl get podpresets.settings.k8s.io NAME CREATED ATsetting-tz 2020-01-17T12:32:22Z将上述的nginx.yaml中有关时区的部分都删掉, 然后重新apply;
有几个需要注意的点:
1、针对新创建的pod,没问题,会自动配置时区;
2、针对已创建的pod,需要把pod重启,才会自动配置时区;
3、podpresets是namespace对象。
- 方法四
基于方法三的基础上,可以实现个自动创建podpresets于各个命名空间的自定义controller——https://github.com/yaoice/autotz
- 参考链接
https://blog.csdn.net/xstardust/article/details/82705205
Ice yao的大作
· END ·
记得文末点个在看鸭~
点就完事儿了!
