K8s的水平自动扩容和缩容HPA

HPA全称是Horizontal Pod Autoscaler，翻译成中文是POD水平自动伸缩，HPA可以基于CPU利用率对replication controller、deployment和replicaset中的pod数量进行自动扩缩容（除了CPU利用率也可以基于其他应程序提供的度量指标custom metrics进行自动扩缩容）。pod自动缩放不适用于无法缩放的对象，比如DaemonSets。
HPA由Kubernetes API资源和控制器实现。资源决定了控制器的行为。控制器会周期性的获取目标资源指标（如，平均CPU利用率），并与目标值相比较后来调整Pod副本数量。

1.安装metrics进行监控集群，获取指标

root@k8s-master:/home/vagrant# cat metrics.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: metrics-server
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-view: "true"
  name: system:aggregated-metrics-reader
rules:
- apiGroups:
  - metrics.k8s.io
  resources:
  - pods
  - nodes
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: metrics-server
  name: system:metrics-server
rules:
- apiGroups:
  - ""
  resources:
  - nodes/metrics
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server-auth-reader
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server:system:auth-delegator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: system:metrics-server
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:metrics-server
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
spec:
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  strategy:
    rollingUpdate:
      maxUnavailable: 0
  template:
    metadata:
      labels:
        k8s-app: metrics-server
    spec:
      containers:
      - args:
        - --cert-dir=/tmp
        - --secure-port=10250
        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
        - --kubelet-use-node-status-port
        - --metric-resolution=15s
        - --kubelet-insecure-tls
        image: registry.k8s.io/metrics-server/metrics-server:v0.7.2
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /livez
            port: https
            scheme: HTTPS
          periodSeconds: 10
        name: metrics-server
        ports:
        - containerPort: 10250
          name: https
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readyz
            port: https
            scheme: HTTPS
          initialDelaySeconds: 20
          periodSeconds: 10
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          seccompProfile:
            type: RuntimeDefault
        volumeMounts:
        - mountPath: /tmp
          name: tmp-dir
      nodeSelector:
        kubernetes.io/os: linux
      priorityClassName: system-cluster-critical
      serviceAccountName: metrics-server
      volumes:
      - emptyDir: {}
        name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  labels:
    k8s-app: metrics-server
  name: v1beta1.metrics.k8s.io
spec:
  group: metrics.k8s.io
  groupPriorityMinimum: 100
  insecureSkipTLSVerify: true
  service:
    name: metrics-server
    namespace: kube-system
  version: v1beta1
  versionPriority: 100
root@k8s-master:/home/vagrant# kubectl apply -f metrics.yaml 
root@k8s-master:/home/vagrant# kubectl get pods -n kube-system|grep metrics
metrics-server-587b667b55-tjhfp            1/1     Running   0             11m

2.创建测试Deployment

root@k8s-master:/home/vagrant# cat php-apache.yaml 
kind: Deployment
apiVersion: apps/v1
metadata:
  name: php-apache
  labels:
    app: apache
spec:
  replicas: 1
  selector: 
    matchLabels:
      app: apache
  template:
    metadata:
      name: apache
      labels:
        app: apache
    spec:
      containers:
      - name: apache
        image: httpd
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
          name: httpd
        resources:
          limits:
            cpu: 800m
          requests:
            cpu: 500m
---
kind: Service
apiVersion: v1
metadata:
  name: apache-service
  labels:
    app: apache
spec:
  selector:
    app: apache
  ports:
  - name: http
    targetPort: 80
    port: 80

root@k8s-master:/home/vagrant# kubectl apply -f php-apache.yaml 
deployment.apps/php-apache created
root@k8s-master:/home/vagrant# kubectl get svc,deployment,pods
NAME                     TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/apache-service   ClusterIP   10.105.192.165   <none>        80/TCP     2m
service/kubernetes       ClusterIP   10.96.0.1        <none>        443/TCP    43d
service/redis-svc        ClusterIP   10.109.12.172    <none>        6379/TCP   23h

NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/php-apache   1/1     1            1           24m

NAME                             READY   STATUS    RESTARTS   AGE
pod/php-apache-b7cb67d98-b6qx9   1/1     Running   0          24m

3.创建HPA

root@k8s-master:/home/vagrant# vim hpa.yaml
kind: HorizontalPodAutoscaler
apiVersion: autoscaling/v2
metadata:
  name: php-apache
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: php-apache
  minReplicas: 1
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:            
      type: Utilization
      averageUtilization: 50
root@k8s-master:/home/vagrant# kubectl apply -f hpa.yaml 
horizontalpodautoscaler.autoscaling/php-apache created

4.模拟php-apache Pod CPU使用率增加

建议多开几个终端进行，效果更加明显
root@k8s-master:/home/vagrant# kubectl run -i --tty load-generator --rm --image=busybox:1.28 --restart=Never -- /bin/sh -c "while true; do wget -q -O- http://10.105.192.165; done"
root@k8s-master:/home/vagrant# kubectl get pods|grep load
load-generator               1/1     Running   0          54s
root@k8s-master:/home/vagrant# kubectl get deployment,po,hpa
NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/php-apache   2/2     2            2           33m

NAME                              READY   STATUS        RESTARTS   AGE
pod/load-generator                1/1     Running       0          105s
pod/load-generator2               1/1     Terminating   0          103s
pod/load-generator3               1/1     Running       0          24s
pod/php-apache-67fd659dcb-6z8tz   1/1     Running       0          23s
pod/php-apache-67fd659dcb-thb68   1/1     Running       0          114s

NAME                                             REFERENCE               TARGETS        MINPODS   MAXPODS   REPLICAS   AGE
horizontalpodautoscaler.autoscaling/php-apache   Deployment/php-apache   cpu: 80%/50%   1         10        2          18m
root@k8s-master:/home/vagrant# kubectl get deployment,po,hpa
NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/php-apache   10/10   10           10          36m

NAME                              READY   STATUS    RESTARTS   AGE
pod/load-generator                1/1     Running   0          4m32s
pod/load-generator3               1/1     Running   0          3m11s
pod/load-generator4               1/1     Running   0          106s
pod/php-apache-67fd659dcb-2hdg5   1/1     Running   0          2m25s
pod/php-apache-67fd659dcb-52rcx   1/1     Running   0          2m40s
pod/php-apache-67fd659dcb-6z8tz   1/1     Running   0          3m10s
pod/php-apache-67fd659dcb-8wc7j   1/1     Running   0          2m25s
pod/php-apache-67fd659dcb-8zdf6   1/1     Running   0          2m40s
pod/php-apache-67fd659dcb-ckqkm   1/1     Running   0          2m9s
pod/php-apache-67fd659dcb-jncsb   1/1     Running   0          2m24s
pod/php-apache-67fd659dcb-pb89r   1/1     Running   0          2m25s
pod/php-apache-67fd659dcb-t66kv   1/1     Running   0          2m9s
pod/php-apache-67fd659dcb-thb68   1/1     Running   0          4m41s

NAME                                             REFERENCE               TARGETS        MINPODS   MAXPODS   REPLICAS   AGE
horizontalpodautoscaler.autoscaling/php-apache   Deployment/php-apache   cpu: 40%/50%   1         10        10         21m

发现自动增加了Pod,实现自动扩容