current position:Home>Use the open source tool k8tz to gracefully set the kubernetes pod time zone

Use the open source tool k8tz to gracefully set the kubernetes pod time zone

2022-06-24 12:39:31My small bowl of soup

The container runs on the host's kernel , And get the clock , But the time zone is not from the kernel , It comes from user space . in the majority of cases , Coordinated universal time is used by default (UTC).

Time zone inconsistency , Will bring a lot of trouble . Even if the code has nothing to do with the time zone , However, troubleshooting problems related to container log and system log time can also be a headache . Some applications use the time zone of the machine as the default time zone , And want the user to set the time zone . When the time zones of containers in the cluster are inconsistent , There will be problems .

k8tz

k8tz It's an open source project , Please check out :github.com/k8tz/k8tz

k8tz It's a Kubernetes Admission controller and a time zone injection Pod Of CLI Tools .
It can be used as a manual tool to automatically convert Deployment and Pod
You can install it as an admission controller and use annotations to fully automate the creation of Pod The process of .

k8tz have access to hostPath The way , Or will emptyDir Inject initContainer And use TZif( Time zone information format ) File population volume . And then emptyDir Mount to Pod Per container /etc/localtime and /usr/share/zoneinfo. To ensure that the required time zone is valid , It adds... To all containers TZ environment variable .

install

use Helm install k8tz Access controller :

helm repo add k8tz https://k8tz.github.io/k8tz/
helm install k8tz k8tz/k8tz --set timezone=Asia/Shanghai

see Pod state 、Mutatingwebhookconfigurations、Service And other resources :

# kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io k8tz
NAME   WEBHOOKS   AGE
k8tz   1          31m

# kubectl get svc -n k8tz
NAME   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
k8tz   ClusterIP   10.233.212.11   <none>        443/TCP   31m

# kubectl get pod -n k8tz
NAME                    READY   STATUS    RESTARTS   AGE
k8tz-59bb7f7cbd-5dzmq   1/1     Running   0          31m

test

Now you can create Pod, No additional configuration is required :

# kubectl run -i -t ubuntu --image=ubuntu:21.04 --restart=OnFailure --rm=true --command date
Defaulted container "ubuntu" out of: ubuntu, k8tz (init)
Wed Jun 15 14:11:53 CST 2022
pod "ubuntu" deleted

At this time Pod yaml as follows , environment variable TZ Use the... Specified during installation Asia/Shanghai, And injected initContainers、volumeMounts、volumes Other configuration :

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: ubuntu
  name: ubuntu
  namespace: default
spec:
  containers:
  - command:
    - date
    env:
    - name: TZ
      value: Asia/Shanghai
    image: ubuntu:21.04
    imagePullPolicy: IfNotPresent
    name: ubuntu
    volumeMounts:
    - mountPath: /etc/localtime
      name: k8tz
      readOnly: true
      subPath: Asia/Shanghai
    - mountPath: /usr/share/zoneinfo
      name: k8tz
      readOnly: true
  initContainers:
  - args:
    - bootstrap
    image: quay.io/k8tz/k8tz:0.5.0
    imagePullPolicy: IfNotPresent
    name: k8tz
    volumeMounts:
    - mountPath: /mnt/zoneinfo
      name: k8tz
  volumes:
  - emptyDir: {
    }
    name: k8tz

You can also specify annotations, for example k8tz.io/timezone=Europe/London choice pod The time zone :

# kubectl run -i -t ubuntu --image=ubuntu:21.04 --restart=OnFailure --rm=true --command date --annotations k8tz.io/timezone=Europe/London
Defaulted container "ubuntu" out of: ubuntu, k8tz (init)
Wed Jun 15 07:13:42 BST 2022
pod "ubuntu" deleted

Or use annotations k8tz.io/inject Disable time zone injection Pod :

# kubectl run -i -t ubuntu --image=ubuntu:21.04 --restart=OnFailure --rm=true --command date --annotations k8tz.io/inject=false
Wed Jun 15 06:14:47 UTC 2022
pod "ubuntu" deleted

If you want to use hostPath instead of initContainer Mode injection time zone configuration , have access to k8tz.io/strategy annotation :

# kubectl run -i -t ubuntu --image=ubuntu:21.04 --restart=OnFailure --rm=true --command date --annotations k8tz.io/strategy=hostPath
Wed Jun 15 14:15:26 CST 2022
pod "ubuntu" deleted

annotations You can also specify... In a namespace , And it affects all... Created in the namespace pod. So let's create one test-k8tz namespace Used for testing :

# k create ns test-k8tz
namespace/test-k8tz created

# k annotate ns test-k8tz k8tz.io/strategy=hostPath
namespace/test-k8tz annotated

# k annotate ns test-k8tz k8tz.io/timezone=Europe/London
namespace/test-k8tz annotated

The policy is set to hostPath Injection mode .
Because of the installation k8tz The default time zone has been set to Asia/Shanghai, So here's going to be test-k8tz namespace The time zone is set to Europe/London, Easy to distinguish .

The Pod There's no need to add any notes :

# kubectl run -n test-k8tz -i -t ubuntu --image=ubuntu:21.04 --restart=OnFailure --command date
Wed Jun 15 07:19:48 BST 2022

The Pod yaml as follows , In this case hostPath Injection mode :

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: ubuntu
  name: ubuntu
  namespace: test-k8tz
spec:
  containers:
  - command:
    - date
    env:
    - name: TZ
      value: Europe/London
    image: ubuntu:21.04
    imagePullPolicy: IfNotPresent
    name: ubuntu
    volumeMounts:
    - mountPath: /etc/localtime
      name: k8tz
      readOnly: true
      subPath: Europe/London
    - mountPath: /usr/share/zoneinfo
      name: k8tz
      readOnly: true
  volumes:
  - hostPath:
      path: /usr/share/zoneinfo
      type: ""
    name: k8tz

Conclusion

Kubernetes There are many solutions to the time zone problem in , These solutions can be implemented manually , But there are some challenges and limitations in this process .

Use k8tz This process can be performed automatically , Ensure that the time zones of all components in the system are consistent , And all components can access information about different time zones . And it can work without additional settings or changes to existing resources , This is true even when there are no required files on the node .

communication

Please pay attention to the official account. 【 Attack the cloud 】, Click below to follow , Learn more about consulting , There are more free resources for you to learn

copyright notice
author[My small bowl of soup],Please bring the original link to reprint, thank you.
https://en.chowdera.com/2022/175/202206241028445773.html

Random recommended