Ba duk dandamalin uwar garken ba, har ma da mafi ƙarfi da ƙima, suna biyan duk buƙatu kamar yadda suke. Duk da yake Kubernetes yana aiki sosai da kansa, yana iya rasa madaidaitan guda don zama cikakke. Koyaushe za ku sami shari'a ta musamman wacce ta yi watsi da buƙatar ku, ko kuma inda Kubernetes ba zai yi aiki a kan tsoho shigarwa ba, kamar tallafin bayanai ko aikin CD.
Anan shine inda add-ons, kari da sauran abubuwan jin daɗi na wannan mawaƙan kwantena suka bayyana, waɗanda mafi girman al'umma ke tallafawa. A cikin wannan labarin, za a sami 11 mafi kyawun abubuwan da muka samo. Mu kanmu a ciki suna da ban sha'awa sosai, kuma muna shirin mu'amala da su a zahiri - don tarwatsa su cikin sukurori da goro mu ga abin da ke ciki. Wasu daga cikinsu za su yi daidai da kowane gungu na Kubernetes, yayin da wasu za su taimaka wajen magance takamaiman ayyuka waɗanda ba a aiwatar da su a cikin rarraba Kubernetes na yau da kullun.
Mai tsaron Kofa: Gudanar da manufofin
Wannan aikin (OPA) yana ba da ikon ƙirƙirar manufofi a saman tarin aikace-aikacen girgije a cikin Kubernetes, daga shiga zuwa ragar sabis. yana ba Kubernetes ikon ɗan ƙasa don aiwatar da manufofi akan gungu ta atomatik, kuma yana ba da bincike ga duk wani lamari ko albarkatun da suka keta manufar. Duk waɗannan ana sarrafa su ta hanyar sabon tsarin Kubernetes, Manajan shigar da gidan yanar gizo na Webhooks, wanda ke ƙonewa lokacin da albarkatun ke canzawa. Tare da Mai Tsaron Ƙofar, manufofin OPA sun zama wani ɓangare na jihar tarin Kubernetes ba tare da buƙatar sa ido akai-akai ba.
Nauyin nauyi: Ƙungiyoyin Kubernetes masu ɗaukar nauyi
Idan kuna son fitar da aikace-aikacen zuwa Kubernetes, yawancin aikace-aikacen suna da taswirar Helm wanda ke jagora da sarrafa wannan tsari. Amma idan kuna son ɗaukar gungu na Kubernetes "kamar yadda yake" kuma ku mirgine shi a wani wuri?
yana ɗaukar hotuna na gungu na Kubernetes, wurin rajistarsu don hotunan kwantena, da aikace-aikacen aikace-aikacen da ake kira "kunshin aikace-aikacen". Irin wannan kunshin, wanda shine fayil na yau da kullum .tar, na iya yin kwafin tari a duk inda Kubernetes zai iya gudu.
Har ila yau, nauyi yana bincika cewa abubuwan da aka yi niyya suna aiki iri ɗaya da kayan aikin tushen, da kuma cewa yanayin Kubernetes akan manufa yana samuwa. Sigar da aka biya na Gravity kuma yana ƙara fasalulluka na tsaro, gami da RBAC da ikon daidaita saitunan tsaro a cikin turawa daban-daban.
Babban sabon saki, Gravity 7, na iya tura hoton Gravity cikin gungun Kubernetes da ke wanzu, maimakon jujjuya sabon tari gaba ɗaya daga hoton. Gravity 7 kuma yana iya aiki tare da shigar da gungu ba tare da amfani da hoton Gravity ba. Gravity kuma yana goyan bayan SELinux, kuma yana aiki na asali tare da ƙofa ta Teleport SSH.
Kaniko: Gina Kwantena a cikin Tarin Kubernetes
Yawancin hotunan kwantena an gina su akan tsarin da ke wajen tarin kwantena. Koyaya, wani lokacin kuna buƙatar gina hoton a cikin tarin kwantena, kamar wani wuri a cikin kwantena mai gudana, ko a cikin gungu na Kubernetes.
yana gina kwantena a cikin mahallin kwantena, amma ba tare da dogara ga sabis na kwantena ba, kamar Docker. Madadin haka, Kaniko yana fitar da tsarin fayil ɗin daga hoton tushe, yana aiwatar da duk umarnin gina sararin mai amfani a saman tsarin fayil ɗin da aka ciro, yana ɗaukar hoton tsarin fayil ɗin bayan kowane umarni.
Note: Kaniko a halin yanzu (Mayu 2020, kusan mai fassara) ba zai iya gina kwantena na Windows ba.
Kubecost: Zaɓuɓɓukan farashin farawa Kubernetes
Yawancin kayan aikin gudanarwa na Kubernetes suna mayar da hankali kan sauƙin amfani, saka idanu, fahimtar halayyar cikin kwasfa, da sauransu. Amma menene game da saka idanu akan farashin - a cikin rubles da kopecks - hade da ƙaddamar da Kubernetes?
yana aiwatar da sigogin Kubernetes a cikin ainihin lokaci, yana haifar da bayanan farashi na yau da kullun daga gungu masu gudana a manyan masu samar da girgije, wanda aka nuna a cikin kwamiti tare da farashin kowane wata akan gungu. Farashin RAM, lokacin CPU, GPU da tsarin faifai an rushe su ta hanyar abubuwan Kubernetes (kwantena, kwaf, sabis, da sauransu)
Kubecost kuma yana bin farashin albarkatun da ba na gungu ba kamar Amazon S3 buckets, kodayake AWS yana iyakance wannan. Za a iya aika bayanan farashi zuwa Prometheus don haka za ku iya amfani da shi don canza halayen gungu da tsari.
Kubecost kyauta ne don amfani idan kuna da isassun kwanaki 15 na bayanan log. Don ƙarin fasalulluka, farashi yana farawa a $199 kowane wata don sa ido kan nodes 50.
KubeDB: Gudanar da Bayanan Yaƙi a cikin Kubernetes
Ma'ajin bayanai kuma suna da wahalar gudanar da aiki mai ban mamaki a Kubernetes. Za ku sami masu aiki na Kubernetes don MySQL, PostgreSQL, MongoDB, da Redis, amma duk suna da koma baya. Hakanan, saitin fasalin fasalin Kubernetes na yau da kullun baya magance yawancin matsalolin bayanai da aka ayyana kai tsaye.
yana taimaka muku ƙirƙirar maganganun Kubernetes don sarrafa bayanai. Gudun madogarawa, cloning, saka idanu, hotuna, da ƙirƙirar bayanan bayanai sune sassan sa. Lura cewa goyan bayan fasalin ya dogara ga bayanai. Misali, ƙirƙirar gungu yana aiki don PostgreSQL, amma ba don MySQL ba ( akwai, kamar yadda aka nuna daidai , kusan mai fassara).
Kube-biri: Hargitsi biri ga Kubernetes
Mafi kyawun hanyar da ba ta da kuskure na gwajin damuwa ana ɗaukar ta azaman ɓarna ce. Wannan ka'idar tana cikin zuciyar Netflix's Chaos Monkey, kayan aikin injiniya mai cike da rudani wanda ke rufe injunan kama-da-wane da kwantenan yanayin samarwa don "ƙarfafa" masu haɓakawa don gina ƙarin tsarin juriya. - aiwatar da ka'idar asali iri ɗaya na gwajin damuwa don gungu na Kubernetes. Yana aiki ta hanyar kisa ba da gangan ba a cikin gungu wanda kuka zayyana, kuma ana iya saita shi don aiki a takamaiman tazarar lokaci.
Kubernetes Ingress Controller don AWS
Kubernetes yana ba da ma'aunin nauyi na waje da sabis ɗin sadarwar tari ta hanyar sabis da ake kira AWS yana ba da fasalulluka masu daidaita nauyi amma baya haɗa su ta atomatik tare da fasalin Kubernetes iri ɗaya. yana rufe wannan gibin.
Yana sarrafa albarkatun AWS ta atomatik don kowane mai shiga cikin gungu, ƙirƙirar ma'auni masu nauyi don sababbin albarkatun shiga, da kuma share ma'aunin nauyi lokacin da aka cire albarkatun. Yana amfani da CloudFormation don tabbatar da cewa jihar tari ta tsaya daidai. Hakanan yana goyan bayan saitunan ƙararrawa na CloudWatch kuma yana sarrafa sauran abubuwan da aka yi amfani da su ta atomatik a cikin tari, kamar takaddun shaida na SSL da EC2 Auto Scaling Groups.
Kubespray: Kubernetes shigarwa ta atomatik
yana sarrafa shigar da gunkin Kubernetes mai shirye-shiryen samarwa, daga shigarwa akan sabar kayan masarufi zuwa manyan gajimare na jama'a. Yana amfani da Mai yiwuwa (Na zaɓi zaɓi) don ƙaddamar da turawa da ƙirƙirar tari mai girma daga karce tare da zaɓin add-ons na cibiyar sadarwa (kamar Flannel, Calico, da sauransu) akan zaɓin sanannen rarraba Linux lokacin da aka shigar akan sabar kayan masarufi.
Skaffold: Haɓaka Nasiha don Kubernetes
- ɗaya daga cikin kayan aikin Google da ake amfani da su don tsara CD ɗin aikace-aikacen a cikin Kubernetes. Da zaran kun yi canje-canje ga lambar tushe, skaffold ta gano wannan ta atomatik, ya fara gini da turawa, kuma ya gargaɗe ku idan akwai kurakurai. Skaffold yana gudana gaba ɗaya a gefen abokin ciniki, don haka ana iya samun ƙananan nuances tare da shigarwa ko sabuntawa. Ana iya amfani da shi tare da bututun CICD da ke akwai tare da yin hulɗa tare da wasu kayan aikin gini na waje, galibi Google's Bazel.
Teresa: PaaS mafi sauƙi akan Kubernetes
tsarin tura aikace-aikacen da ke gudanar da PaaS mai sauƙi a saman Kubernetes. Masu amfani da haɗin gwiwa za su iya turawa da sarrafa nasu aikace-aikacen. Wannan yana sa abubuwa kaɗan sauƙi ga mutanen da suka amince da wannan aikace-aikacen kuma ba sa son mu'amala da Kubernetes da duk hadaddun sa.
karkatar da: Rarraba sabuntawar kwantena zuwa gungu na Kubernetes
, wanda Injiniyan Windmill ya haɓaka, yana lura da canje-canje zuwa Dockerfiles daban-daban sannan a ci gaba da tura kwantena masu dacewa zuwa gungu na Kubernetes. A zahiri, yana ba ku damar sabunta gungun samarwa a ainihin lokacin ta hanyar sabunta Dockerfiles. karkata yana ginawa a cikin gungu, lambar tushe shine duk abin da ake buƙatar canzawa. Hakanan zaka iya ɗaukar hoto na jihar tari kuma ka ɗauki yanayin kuskure kai tsaye daga karkatar da kai don raba tare da membobin ƙungiyar don yin kuskure.
PS Duk waɗannan kayan aikin da muka maimaita a ciki bincike da hannayenmu masu ban sha'awa. Don gabatar da ayyuka na gaske tuni (da fatan!) A intensives na kan layi a cikin Fabrairu. Fabrairu 8-10, 2021. Kuma Fabrairu 12-14. A gaskiya, mun kuma rasa yanayi mai dumi da kuzari na koyon layi. Ko ta yaya fasaha ta ci gaba, ba za su maye gurbin sadarwar ɗan adam kai tsaye ba da kuma yanayi na musamman lokacin da mutane masu tunani iri ɗaya suka taru.
source: www.habr.com