K8S修改Pod时间方案详细代码实例
作者:SixSixzero
在Kubernetes中,修改Pod的时间通常指的是修改Pod的时区设置,因为Pod的时间戳(如创建时间)是由Kubernetes集群管理的,并且通常不建议直接修改,这篇文章主要介绍了K8S修改Pod时间方案的相关资料,需要的朋友可以参考下
需求:
不修改宿主系统时间前提下,只修改Pod 或 容器进程时间。
方案:
- 本地部署faketime
- 部署fake-time-injector 插件
- 对Pod新增sidecar (比较灵活)
本地部署faketime:
1. 部署 faketime (所有节点)
yum install faketime -y
2. yaml文件添加对应环境
apiVersion: v1
kind: Pod
metadata:
name: fake-time-pod
spec:
containers:
- name: app
image: registry.cn-hangzhou.aliyuncs.com/acs/testc:v1
env:
- name: LD_PRELOAD
value: /usr/lib64/faketime/libfaketime.so.1
- name: FAKETIME
value: "+2y" # 设置为未来2年,使用"-2y"表示过去2年
volumeMounts:
- name: faketime-lib
mountPath: /usr/lib64/faketime
volumes:
- name: faketime-lib
hostPath:
path: /usr/lib64/faketime 
部署fake-time-injector 插件
vi fake-time-injector.yaml,新增以下内容
apiVersion: v1
kind: ServiceAccount
metadata:
name: fake-time-injector-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fake-time-injector-cr
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "patch", "update", "watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fake-time-injector-rb
subjects:
- kind: ServiceAccount
name: fake-time-injector-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: fake-time-injector-cr
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubernetes-faketime-injector
namespace: kube-system
labels:
app: kubernetes-faketime-injector
spec:
replicas: 1
selector:
matchLabels:
app: kubernetes-faketime-injector
template:
metadata:
labels:
app: kubernetes-faketime-injector
spec:
containers:
- image: registry-cn-hangzhou.ack.aliyuncs.com/acs/fake-time-injector:v5 # 使用 fake-time-injector/Dockerfile 构建镜像
imagePullPolicy: Always
name: kubernetes-faketime-injector
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
env:
- name: CLUSTER_MODE # CLUSTER_MODE为true时,命名空间内的所有pod在一定时间范围内(40s)启动时获得一致的偏移量
value: "true"
- name: Namespace_Delay_Timeout # 命名空间内的所有pod在一定时间范围内(120s)启动时获得一致的偏移量, 默认值为40s.
value: "120"
- name: LIBFAKETIME_PLUGIN_IMAGE
value: "registry.cn-hangzhou.aliyuncs.com/acs/libfaketime:v1"
- name: FAKETIME_PLUGIN_IMAGE
value: "registry-cn-hangzhou.ack.aliyuncs.com/acs/fake-time-sidecar:v4.1" # 使用 fake-time-injector/plugins/faketime/build/Dockerfile 创建镜像
serviceAccountName: fake-time-injector-sa
---
kind: Service
apiVersion: v1
metadata:
name: kubernetes-faketime-injector
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 443
name: webhook
selector:
app: kubernetes-faketime-injectorkubectl apply -f fake-time-injector.yaml
对Pod修改时间方式:
libfaketime
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: myapp
version: v1
# namespace: test
annotations:
cloudnativegame.io/fake-time-rate: "1.0" # 时间流逝速率(1.0=正常速度)
cloudnativegame.io/fake-time: "-10d" # 初始时间(支持绝对时间或相对偏移,如 +3h/-7h)
cloudnativegame.io/fake-time-enabled: "true" # 确保时间模拟功能完全激活
cloudnativegame.io/time-source: "incremental" # 指定增量时间源
spec:
containers:
- name: test
image: registry.cn-hangzhou.aliyuncs.com/acs/testc:v1
volumeMounts:
- name: host-timezone
mountPath: /etc/localtime # 挂载宿主机时区文件
readOnly: true # 只读模式确保安全
volumes:
- name: host-timezone
hostPath:
path: /etc/localtime # 宿主机时区文件路径
type: File # 明确指定资源类型为文件结果:
watchmaker
apiVersion: v1
kind: Pod
metadata:
name: testpod
labels:
app: myapp
version: v1
annotations:
cloudnativegame.io/process-name: "hello" # 如果需要同时修改多个进程用`,`隔开进程名即可
cloudnativegame.io/fake-time: "2030-01-01 00:00:00" # 此处还可以配置调整的秒数,'86400'表示时间向后漂移一天,watchmaker不支持过去的时间。
spec:
containers:
- name: myhello
image: registry.cn-hangzhou.aliyuncs.com/acs/hello:v1
env:
- name: Modify_Sub_Process # Modify_Sub_Process为true时,同时修改子进程的时间。
value: "true"
进入容器查看时间
结果:
采用sidecar方式
即Pod 新增一个修改时间的容器
apiVersion: v1
kind: Pod
metadata:
labels:
name: hello
name: hello
spec:
containers:
- image: 'registry.cn-hangzhou.aliyuncs.com/acs/hello:v1'
imagePullPolicy: IfNotPresent
name: myhello
- env:
- name: modify_process_name
value: hello # 如果需要同时修改多个进程用`,`隔开进程名即可
- name: delay_second
value: '86400'
image: 'registry-cn-hangzhou.ack.aliyuncs.com/acs/fake-time-sidecar:v4.1'
imagePullPolicy: Always
name: fake-time-sidecar
shareProcessNamespace: true问题1:
同namespace下 多个pod 同时启动时,可能会相互影响
podA 时间设定是:+2y , podB 时间设定是 -10d
那么有可能 podA 和podB 都是 -10d 或者都是 -2y
kubectl apply -f nginx.yaml & kubectl apply -f test.yaml
解决方案:
1.延迟启动 (具体延迟多久根据fake-time-injector 配置的时间)
2.划分命名空间(不推荐)
3.修改fake-time-injector
4.采用sidecar方式
修改fake-time-injector:
方案一中部署的fake-time-injector插件,其中需要修改CLUSTER_MODE 和Namespace_Delay_Timeout
问题2:
时间设定问题,
绝对偏移量 如"2024-12-01 12:00:00" 时间冻结这个时间点,不会变动。
相对偏移量 如"'+3h'或者'-20m'" ,时间会变动 只能针对一个时间单位修改,
如 +7h -20m +30s -1y 不能 -1y10d 7h20m 这种形式。
# 可以下载faketime 单独尝试。 faketime -f '-7h' date 查看效果
绝对偏移量:cloudnativegame.io/fake-time: "2024-12-01 12:00:00"
apiVersion: v1
kind: Pod
metadata:
name: nginx
annotations:
cloudnativegame.io/fake-time-rate: "1.0" # 时间流逝速率(1.0=正常速度)
cloudnativegame.io/fake-time: "2024-12-01 12:00:00" # 初始时间(支持绝对时间或相对偏移,如 +3h/-7h)
cloudnativegame.io/fake-time-enabled: "true" # 确保时间模拟功能完全激活
cloudnativegame.io/time-source: "incremental" # 指定增量时间源
spec:
containers:
- name: my-container
image: nginx
resources:
requests:
cpu: "0.1"
memory: "50Mi"
limits:
cpu: "1"
memory: "100Mi"
volumeMounts:
- name: host-timezone
mountPath: /etc/localtime # 挂载宿主机时区文件
readOnly: true # 只读模式确保安全
volumes:
- name: host-timezone
hostPath:
path: /etc/localtime # 宿主机时区文件路径
type: File # 明确指定资源类型为文件
相对偏移量:
只会识别最后的单位以及数字
apiVersion: v1
kind: Pod
metadata:
name: nginx
annotations:
cloudnativegame.io/fake-time-rate: "1.0" # 时间流逝速率(1.0=正常速度)
cloudnativegame.io/fake-time: "+2y10d2h" # 初始时间(支持绝对时间或相对偏移,如 +3h/-7h20m)
cloudnativegame.io/fake-time-enabled: "true" # 确保时间模拟功能完全激活
cloudnativegame.io/time-source: "incremental" # 指定增量时间源
spec:
containers:
- name: my-container
image: nginx
resources:
requests:
cpu: "0.1"
memory: "50Mi"
limits:
cpu: "1"
memory: "100Mi"
volumeMounts:
- name: host-timezone
mountPath: /etc/localtime # 挂载宿主机时区文件
readOnly: true # 只读模式确保安全
volumes:
- name: host-timezone
hostPath:
path: /etc/localtime # 宿主机时区文件路径
type: File # 明确指定资源类型为文件
只识别最后的单位以及数字,增加两小时
总结
到此这篇关于K8S修改Pod时间方案的文章就介绍到这了,更多相关K8S修改Pod时间内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!