Kubenetes:是否可以在 Kubernetes 集群中通过单个请求命中多个 Pod [英] Kubenetes: Is it possible to hit multiple pods with a single request in Kubernetes cluster
问题描述
我想清除 Kubernetes 命名空间中所有 Pod 中的缓存.我想向端点发送一个请求,然后端点将向命名空间中的所有 pod 发送 HTTP 调用以清除缓存.目前,我只能使用 Kubernetes 命中一个 Pod,我无法控制哪个 Pod 会被命中.
I want to clear cache in all the pods in my Kubernetes namespace. I want to send one request to the end-point which will then send a HTTP call to all the pods in the namespace to clear cache. Currently, I can hit only one pod using Kubernetes and I do not have control over which pod would get hit.
即使负载均衡器设置为 RR,连续访问 Pod(n 次,其中 n 是 Pod 的总数)也无济于事,因为其他一些请求可能会蔓延.
Even though the load-balancer is set to RR, continuously hitting the pods(n number of times, where n is the total number of pods) doesn't help as some other requests can creep in.
这里讨论了同样的问题,但我找不到实现的解决方案:https://github.com/kubernetes/kubernetes/issues/18755
The same issue was discussed here, but I couldn't find a solution for the implementation: https://github.com/kubernetes/kubernetes/issues/18755
我正在尝试使用 Hazelcast 实现清除缓存部分,其中我将存储所有缓存,Hazelcast 会自动处理缓存更新.
I'm trying to implement the clearing cache part using Hazelcast, wherein I will store all the cache and Hazelcast automatically takes care of the cache update.
如果有针对此问题的替代方法,或者有一种方法可以将 Kubernetes 配置为针对某些特定请求命中所有端点,那么在此处分享会很有帮助.
If there is an alternative approach for this problem, or a way to configure kubernetes to hit all end-points for some specific requests, sharing here would be a great help.
推荐答案
如果你的 pod 中有 kubectl 并且可以访问 api-server,你就可以获取所有端点地址并将它们传递给 curl:
Provided you got kubectl in your pod and have access to the api-server, you can get all endpoint adressess and pass them to curl:
kubectl get endpoints <servicename>
-o jsonpath="{.subsets[*].addresses[*].ip}" | xargs curl
pod 中没有 kubectl 的替代方案:
从 pod 访问 api 服务器的推荐方法是使用 kubectl 代理:https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod 这当然至少会增加相同的开销.或者,您可以直接调用 REST api,您必须手动提供令牌.
the recommended way to access the api server from a pod is by using kubectl proxy: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod this would of course add at least the same overhead. alternatively you could directly call the REST api, you'd have to provide the token manually.
APISERVER=$(kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " ")
TOKEN=$(kubectl describe secret $(kubectl get secrets
| grep ^default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d " ")
如果你提供了APISERVER和TOKEN变量,你的pod中就不需要kubectl了,这样你只需要curl访问api服务器和jq"来解析json输出:
if you provide the APISERVER and TOKEN variables, you don't need kubectl in your pod, this way you only need curl to access the api server and "jq" to parse the json output:
curl $APISERVER/api/v1/namespaces/default/endpoints --silent
--header "Authorization: Bearer $TOKEN" --insecure
| jq -rM ".items[].subsets[].addresses[].ip" | xargs curl
更新(最终版)
APISERVER 通常可以设置为 kubernetes.default.svc 并且令牌应该在 pod 中的/var/run/secrets/kubernetes.io/serviceaccount/token 中可用,因此无需手动提供任何内容:
APISERVER usually can be set to kubernetes.default.svc and the token should be available at /var/run/secrets/kubernetes.io/serviceaccount/token in the pod, so no need to provide anything manually:
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token);
curl https://kubernetes.default.svc/api/v1/namespaces/default/endpoints --silent
--header "Authorization: Bearer $TOKEN" --insecure
| jq -rM ".items[].subsets[].addresses[].ip" | xargs curl
jq 可在此处获得:https://stedolan.github.io/jq/download/(<4 MiB,但值得轻松解析 JSON)
jq is available here: https://stedolan.github.io/jq/download/ (< 4 MiB, but worth it for easily parsing JSON)
这篇关于Kubenetes:是否可以在 Kubernetes 集群中通过单个请求命中多个 Pod的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
