Creating a StatefulSet

Scenario

StatefulSets are a type of workloads whose data or status is stored while they are running. For example, MySQL is a StatefulSet because it needs to store new data.

A container can be migrated between different hosts, but data is not stored on the hosts. To store StatefulSet data persistently, attach HA storage volumes provided by CCE to the container.

Notes and Constraints

• When you delete or scale a StatefulSet, the system does not delete the storage volumes associated with the StatefulSet to ensure data security.

• When you delete a StatefulSet, reduce the number of replicas to 0 before deleting the StatefulSet so that pods in the StatefulSet can be stopped in order.

• When you create a StatefulSet, a headless Service is required for pod access. For details, see Headless Service.

• When a node is unavailable, pods become Unready. In this case, you need to manually delete the pods of the StatefulSet so that the pods can be migrated to a normal node.

Prerequisites

• Before creating a workload, you must have an available cluster. For details on how to create a cluster, see Creating a CCE Cluster.

• To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.

  Note

  If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the StatefulSet will fail.

Using the CCE Console

1. Log in to the CCE console.

2. Click the cluster name to access the cluster details page, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.

3. Set basic information about the workload.

   Basic Info

   • Workload Type: Select StatefulSet. For details about workload types, see Overview.

   • Workload Name: Enter the name of the workload. Enter 1 to 52 characters starting with a lowercase letter and ending with a letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.

   • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.

   • Pods: Enter the number of pods.

   • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences between runC and Kata, see Kata Containers and Common Containers.

   • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.

   Container Settings

   • Container Information

     Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.

     • Basic Info: See Setting Basic Container Information.

     • Lifecycle: See Setting Container Lifecycle Parameters.

     • Health Check: See Setting Health Check for a Container.

     • Environment Variables: See Setting an Environment Variable.

     • Data Storage: See Overview.

       Note

       • StatefulSets support dynamically provisioned EVS volumes.

         Dynamic mounting is achieved by using the volumeClaimTemplates field and depends on the dynamic creation capability of StorageClass. A StatefulSet associates each pod with a unique PVC using the volumeClaimTemplates field, and the PVCs are bound to their corresponding PVs. Therefore, after the pod is rescheduled, the original data can still be mounted thanks to the PVC.

       • After a workload is created, the storage that is dynamically mounted cannot be updated.

     • Security Context: Set container permissions to protect the system and other containers from being affected. Enter the user ID to set container permissions and prevent systems and other containers from being affected.

     • Logging: See Using ICAgent to Collect Container Logs.

   • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.

   • GPU graphics card: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.

   Headless Service Parameters

   A headless Service is used to solve the problem of mutual access between pods in a StatefulSet. The headless Service provides a fixed access domain name for each pod. For details, see Headless Service.

   Service Settings

   A Service is used for pod access. With a fixed IP address, a Service forwards access traffic to pods and performs load balancing for these pods.

   You can also create a Service after creating a workload. For details about the Service, see Service Overview.

   Advanced Settings

   • Upgrade: See Configuring the Workload Upgrade Policy.

   • Scheduling: See Scheduling Policy (Affinity/Anti-affinity).

   • Instances Management Policies

     For some distributed systems, the StatefulSet sequence is unnecessary and/or should not occur. These systems require only uniqueness and identifiers.

     • OrderedReady: The StatefulSet will deploy, delete, or scale pods in order and one by one. (The StatefulSet continues only after the previous pod is ready or deleted.) This is the default policy.

     • Parallel: The StatefulSet will create pods in parallel to match the desired scale without waiting, and will delete all pods at once.

   • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Tolerations.

   • Labels and Annotations: See Pod Labels and Annotations.

   • DNS: See DNS Configuration.

4. Click Create Workload in the lower right corner.

Using kubectl

In this example, an nginx workload is used and the EVS volume is dynamically mounted to it using the volumeClaimTemplates field.

1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.

2. Create and edit the nginx-statefulset.yaml file.

   nginx-statefulset.yaml is an example file name, and you can change it as required.

   vi nginx-statefulset.yaml

   The following provides an example of the file contents. For more information on StatefulSet, see the Kubernetes documentation.

   apiVersion: apps/v1
   kind: StatefulSet
   metadata:
     name: nginx
   spec:
     selector:
       matchLabels:
         app: nginx
     template:
       metadata:
         labels:
           app: nginx
       spec:
         containers:
           - name: container-1
             image: nginx:latest
             imagePullPolicy: IfNotPresent
             resources:
               requests:
                 cpu: 250m
                 memory: 512Mi
               limits:
                 cpu: 250m
                 memory: 512Mi
             volumeMounts:
               - name: test
                 readOnly: false
                 mountPath: /usr/share/nginx/html
                 subPath: ''
         imagePullSecrets:
           - name: default-secret
         dnsPolicy: ClusterFirst
         volumes: []
     serviceName: nginx-svc
     replicas: 2
   volumeClaimTemplates:  # Dynamically mounts the EVS volume to the workload.
       - apiVersion: v1
         kind: PersistentVolumeClaim
         metadata:
           name: test
           namespace: default
           annotations:
             everest.io/disk-volume-type: SAS  # SAS EVS volume type.
           labels:
             failure-domain.beta.kubernetes.io/region: eu-de  # region where the EVS volume is created.
             failure-domain.beta.kubernetes.io/zone:    # AZ where the EVS volume is created. It must be the same as the AZ of the node.
         spec:
           accessModes:
             - ReadWriteOnce  # The value must be ReadWriteOnce for the EVS volume.
           resources:
             requests:
               storage: 10Gi
           storageClassName: csi-disk # Storage class name. The value is csi-disk for the EVS volume.
     updateStrategy:
       type: RollingUpdate
   

   vi nginx-headless.yaml

   apiVersion: v1
   kind: Service
   metadata:
     name: nginx-svc
     namespace: default
     labels:
       app: nginx
   spec:
     selector:
       app: nginx
       version: v1
     clusterIP: None
     ports:
       - name: nginx
         targetPort: 80
         nodePort: 0
         port: 80
         protocol: TCP
     type: ClusterIP
   

3. Create a workload and the corresponding headless service.

   kubectl create -f nginx-statefulset.yaml

   If the following information is displayed, the StatefulSet has been successfully created.

   statefulset.apps/nginx created
   

   kubectl create -f nginx-headless.yaml

   If the following information is displayed, the headless service has been successfully created.

   service/nginx-svc created
   

4. If the workload will be accessed through a ClusterIP or NodePort Service, set the corresponding workload access type. For details, see Networking.

last updated: 2023-12-08 00:45