Kubernetes 部署:滚动更新与最佳实践
部署配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-server
namespace: production
spec:
replicas: 3
selector:
matchLabels:
app: api-server
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1 # 更新期间允许超出期望的最大 Pod 数
maxUnavailable: 0 # 不允许 Pod 离线(零停机)
template:
metadata:
labels:
app: api-server
version: "1.2.3"
spec:
containers:
- name: api
image: myrepo/api:1.2.3
ports:
- containerPort: 3000
# 资源限制至关重要
resources:
requests:
cpu: "250m"
memory: "256Mi"
limits:
cpu: "500m"
memory: "512Mi"
# 健康探针
livenessProbe:
httpGet:
path: /health/live
port: 3000
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
# 优雅关闭
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 5"]
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: app-secrets
key: database-url
terminationGracePeriodSeconds: 30
健康检查端点
// Express 健康端点
app.get('/health/live', (req, res) => {
// 存活:进程是否在运行?
res.json({ status: 'ok', uptime: process.uptime() });
});
app.get('/health/ready', async (req, res) => {
// 就绪:能否处理请求?
try {
await db.query('SELECT 1'); // 数据库检查
await redis.ping(); // 缓存检查
res.json({ status: 'ready' });
} catch (err) {
res.status(503).json({ status: 'not ready', error: err.message });
}
});
水平 Pod 自动扩缩容
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: api-server-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: api-server
minReplicas: 2
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300 # 缩容前等待 5 分钟
policies:
- type: Percent
value: 50 # 最多缩容 50%
periodSeconds: 60
Pod 中断预算
# 确保节点排水/升级期间的最小可用性
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: api-server-pdb
spec:
minAvailable: 2 # 始终保持至少 2 个 Pod 运行
selector:
matchLabels:
app: api-server
蓝绿部署
# 蓝色(当前)
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-blue
spec:
replicas: 3
template:
metadata:
labels:
app: api
version: blue
spec:
containers:
- name: api
image: myrepo/api:1.2.3
---
# 服务在蓝色和绿色之间切换
apiVersion: v1
kind: Service
metadata:
name: api-service
spec:
selector:
app: api
version: blue # 切换时改为 'green'
ports:
- port: 80
targetPort: 3000
结合适当的健康检查和 PDB 的滚动更新可实现零停机部署。