Linux教程FG468-Kubernetes性能优化实战

内容简介：本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容，详细介绍了相关技术的配置和使用方法。

风哥提示：

本文档介绍Kubernetes集群性能优化实战案例。

Part01-etcd性能优化

1.1 etcd调优

# 优化etcd参数
[root@k8s-master ~]# cat > /etc/kubernetes/manifests/etcd.yaml << 'EOF' apiVersion: v1 kind: Pod metadata: name: etcd namespace: kube-system spec: containers: - command: - etcd - --advertise-client-urls=https://192.168.1.100:2379 - --initial-advertise-peer-urls=https://192.168.1.100:2380 - --initial-cluster=k8s-master=https://192.168.1.100:2380 - --data-dir=/var/lib/etcd - --snapshot-count=10000 - --heartbeat-interval=100 - --election-timeout=1000 - --quota-backend-bytes=8589934592 - --max-request-bytes=15728640 - --auto-compaction-retention=1 - --auto-compaction-mode=periodic env: - name: ETCD_UNSUPPORTED_ARCH value: "" image: registry.k8s.io/etcd:3.5.9-0 resources: requests: cpu: 200m memory: 512Mi limits: cpu: 1000m memory: 2Gi EOF # 定期压缩etcd [root@k8s-master ~]# ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ compact $(ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ endpoint status --write-out="json" | jq -r '.[] | .Status.header.revision') # 碎片整理 [root@k8s-master ~]# ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/server.crt \ --key=/etc/kubernetes/pki/etcd/server.key \ defrag Finished defragmenting etcd member[https://127.0.0.1:2379]

Part02-kubelet优化

2.1 kubelet参数调优

# 查看当前kubelet配置
[root@k8s-master ~]# cat /var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
authentication:
anonymous:
enabled: false
webhook:
enabled: true
authorization:
mode: Webhook
cgroupDriver: systemd
clusterDNS:
– 10.96.0.10
clusterDomain: cluster.local
containerRuntimeEndpoint: “”
cpuManagerReco更多学习教程公众号风哥教程itpux_comncilePeriod: 10s
evictionHard:
imagefs.available: 15%
memory.available: 100Mi
nodefs.available: 10%
nodefs.inodesFree: 5%
evictionPressureTransitionPeriod: 5m0s
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
maxPods: 110
podPidsLimit: -1
rotateCertificates: true
runtimeRequestTimeout: 2m0s
serializeImagePulls: true
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 1m0s

# 优化kubelet配置
[root@k8s-master ~]# cat > /var/lib/kubelet/config.yaml << 'EOF' apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration authentication: anonymous: enabled: false webhook: enabled: true authorization: mode: Webhook cgroupDriver: systemd clusterDNS: - 10.96.0.10 clusterDomain: cluster.local cpuManagerPolicy: static cpuManagerReconcilePeriod: 10s evictionHard: imagefs.available: 15% memory.available: 100Mi nodefs.available: 10% nodefs.inodesFree: 5% ev学习交流加群风哥微信: itpux-comictionSoft: imagefs.available: 20% memory.available: 200Mi nodefs.available: 15% evictionSoftGracePeriod: imagefs.available: 1m30s memory.available: 1m30s nodefs.available: 1m30s evictionPressureTransitionPeriod: 5m0s fileCheckFrequency: 20s hairpinMode: promiscuous-bridge healthzBindAddress: 127.0.0.1 healthzPort: 10248 httpCheckFrequency: 20s imageGCHighThresholdPercent: 85 imageGCLowThresholdPercent: 80 maxPods: 250 podPidsLimit: 4096 registryPullQPS: 10 registryBurst: 20 serializeImagePulls: false staticPodPath: /etc/kubernetes/manifests streamingConnectionIdleTimeout: 4h0m0s syncFrequency: 1m0s topologyManagerPolicy: best-effort EOF [root@k8s-master ~]# systemctl restart kubelet

Part03-应用性能优化

3.1 容器资源优化

# 配置资源请求和限制
[root@k8s-master ~]# cat > fgedu-optimized-app.yaml << 'EOF' apiVersion: apps/v1 kind: Deployment metadata: name: fgedu-optimized-app namespace: fgedu-prod spec: replicas: 3 selector: matchLabels: app: fgedu-optimized template: metadata: labels: app: fgedu-optimized spec: containers: - name: app image: nginx:1.25 ports: - containerPort: 80 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi env: - name: GOMAXPROCS valueFrom: resourceFieldRef: resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: resource: limits.memory livenessProbe: httpGet: path: /health port: 80 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /ready port: 80 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 lifecycle: preStop: exec: command: ["/bin/sh", "-c", "sleep 15"] terminationGracePeriodSeconds: 30 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - fgedu-optimized topologyKey: kubernetes.io/hostname EOF [root@k8s-master ~]# kubectl apply -f fgedu-optimized-app.yaml deployment.apps/fgedu-optimized-app created

Part04-网络性能优化

4.1 CNI网络优化

# 查看当前CNI配置
[root@k8s-master ~]# kubectl get configmap -n kube-system calico-config -o yaml
apiVersion: v1
data:
calico_backend: bird
cni_network_config: |-
{
“name”: “k8s-pod-network”,
“cniVersion”: “0.3.1”,
“plugins”: [
{
“type”: “calico”,
“log_level”: “info”,
“datastore_type”: “kubernetes”,
“nodename”: “__KUBERNETES_NODE_NAME__”,
“mtu”: __CNI_MTU__,
“ipam”: {
“type”: “calico-ipam”
},
“policy”: {
“type”: “k8s”
},
“kubernetes”: {
“kubeconfig”: “__KUBECONFIG_FILEPATH__”
}
}
]
}
kind: ConfigMap

# 优化网络MTU
[root@k8s-master ~]# kubectl set env daemonset/calico-node -n kube-system FELIX_IPINIPMTU=1440
daemonset.apps/calico-node env updated

# 启用网络性能优化
[root@k8s-master ~]# kubectl set env daemonset/calico-node -n kube-system FELIX_IPTABLESBACKEND=Auto
daemonset.apps/calico-node env updated

# 配置CoreDNS优化
[root@k8s-master ~]# kubectl get configmap coredns -n kube-system -o yaml > coredns-backup.yaml

[root@k8s-master ~]# cat > coredns-optimized.yaml << 'EOF' apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health { lameduck 5s } ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa ttl 30 } prometheus :9153 forward . /etc/resolv.conf { max_concurrent 1000 } cache 30 loop reload loadbalance } EOF [root@k8s-master ~]# kubectl apply -f coredns-optimized.yaml configmap/coredns configured [root@k8s-master ~]# kubectl rollout restart deployment coredns -n kube-system deployment.apps/coredns restarted

风哥针对性能优化建议：

定期维护etcd数据库
合理配置kubelet参数
为容器设置合适的资源限制
优化网络MTU和DNS缓存
使用HPA实现自动扩缩容

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html