Platform ba ka damar daidaita halitta , ciki har da a cikin abubuwan more rayuwa na masu samar da sabis na girgije, akan dandamali na haɓakawa ko a cikin tsarin ƙarfe-ƙarfe. Don ƙirƙirar dandali na tushen girgije na gaske, dole ne mu ɗauki tsauraran iko akan duk abubuwan da aka yi amfani da su don haka ƙara amincin tsarin sarrafa kansa mai rikitarwa.
Mafi kyawun bayani shine amfani da Red Hat Enterprise Linux CoreOS (bambancin Red Hat Enterprise Linux) da CRI-O a matsayin ma'auni, kuma ga dalilin da ya sa ...
Tun da batun tuƙi yana da kyau sosai don gano kwatankwacin lokacin yin bayanin aikin Kubernetes da kwantena, bari mu yi ƙoƙarin yin magana game da matsalolin kasuwanci waɗanda CoreOS da CRI-O ke warwarewa, ta amfani da misali. . A cikin 1803, an ba Marc Brunel alhakin samar da 100 rigging tubalan don bukatun sojojin ruwa na Birtaniya masu girma. Katangar damfara wani nau'i ne na maƙarƙashiya da ake amfani da shi don haɗa igiya a cikin jiragen ruwa. Har zuwa farkon karni na 19, an yi waɗannan tubalan da hannu, amma Brunel ya sarrafa sarrafa kansa kuma ya fara samar da daidaitattun tubalan ta amfani da kayan aikin injin. Aiwatar da wannan tsari na atomatik yana nufin cewa tubalan da aka samu sun yi kama da juna, ana iya maye gurbinsu cikin sauƙi idan sun karye, kuma ana iya kera su da yawa.
Yanzu yi tunanin idan Brunel ya yi wannan aikin don nau'ikan jiragen ruwa 20 daban-daban (nau'ikan Kubernetes) da kuma taurari daban-daban guda biyar tare da igiyoyin ruwa daban-daban da iska (masu samar da girgije). Bugu da ƙari, an buƙaci duk jiragen ruwa (OpenShift clusters), ba tare da la'akari da duniyar da ake gudanar da kewayawa ba, daga ma'anar kyaftin (ma'aikatan da ke gudanar da ayyukan gungu) su kasance iri ɗaya. Don ci gaba da kwatankwacin kwatankwacin teku, shugabannin jiragen ruwa ba su damu da komai ba irin nau'in tarkace (CRI-O) da ake amfani da su a cikin jiragen ruwa - babban abin da ke gare su shi ne cewa waɗannan tubalan suna da ƙarfi da aminci.
OpenShift 4, a matsayin dandamalin girgije, yana fuskantar ƙalubalen kasuwanci iri ɗaya. Dole ne a ƙirƙiri sabbin nodes a lokacin ƙirƙirar gungu, a yayin da aka sami gazawa a ɗayan nodes, ko kuma lokacin da ake ƙirƙira gungu. Lokacin da aka ƙirƙiri sabon kumburi kuma an fara, dole ne a daidaita mahimman abubuwan haɗin gwiwar, gami da CRI-O, daidai da haka. Kamar yadda yake a cikin kowane samarwa, dole ne a samar da “kayan danye” a farkon. Game da jiragen ruwa, kayan da ake amfani da su na ƙarfe ne da itace. Koyaya, idan aka yi la'akari da ƙirƙirar runduna don tura kwantena a cikin tarin OpenShift 4, kuna buƙatar samun fayilolin sanyi da sabar da aka samar da API azaman shigarwa. OpenShift zai samar da matakin da ake buƙata na aiki da kai a duk tsawon rayuwar rayuwa, yana ba da tallafin samfuran da suka dace don ƙarshen masu amfani kuma don haka dawo da saka hannun jari a dandamali.
An ƙirƙiri OpenShift 4 ta hanyar da za ta ba da damar sabunta tsarin cikin dacewa a duk tsawon rayuwar dandali (na nau'ikan 4.X) don duk manyan masu ba da lissafin girgije, dandamali na zahiri har ma da tsarin ƙarfe mara ƙarfi. Don yin wannan, dole ne a ƙirƙiri nodes bisa tushen abubuwan da za a iya canzawa. Lokacin da tari yana buƙatar sabon sigar Kubernetes, yana kuma karɓar daidaitaccen sigar CRI-O akan CoreOS. Tun da sigar CRI-O an ɗaure kai tsaye zuwa Kubernetes, wannan yana sauƙaƙa da kowane juzu'i don gwaji, gyara matsala, ko dalilai na tallafi. Bugu da ƙari, wannan tsarin yana rage farashi ga masu amfani da ƙarshen da Red Hat.
Wannan wata sabuwar hanya ce ta tunani game da gungu na Kubernetes kuma yana kafa tushe don tsara wasu sabbin abubuwa masu fa'ida da tursasawa. CRI-O (Container Runtime Interface - Open Container Initiative, taƙaice CRI-OCI) ya zama mafi nasara zabi ga taro halittar nodes cewa ya zama dole don aiki tare da OpenShift. CRI-O zai maye gurbin injin Docker da aka yi amfani da shi a baya, yana ba masu amfani da OpenShift - eh, kun ji daidai - injin kwantena mai ban sha'awa wanda aka ƙirƙira musamman don aiki tare da Kubernetes.
Duniya na buɗaɗɗen kwantena
Duniya ta daɗe tana motsawa zuwa buɗaɗɗen kwantena. Ko a cikin Kubernetes, ko a ƙananan matakan, yana haifar da yanayin haɓakawa a kowane mataki.
Hakan ya fara ne da ƙirƙirar Buɗaɗɗen Containers Initiative . A wannan matakin farko na aikin, an samar da ƙayyadaddun kwantena и . Wannan ya tabbatar da cewa kayan aikin zasu iya amfani da ma'auni guda ɗaya da tsarin haɗin kai don aiki tare da su. Daga baya aka kara dalla-dalla , ba da damar masu amfani don rabawa cikin sauƙi .
Al'ummar Kubernetes daga nan suka ƙirƙiri ma'auni guda ɗaya don ma'auni mai sauƙi, wanda ake kira . Godiya ga wannan, masu amfani da Kubernetes sun sami damar haɗa injuna daban-daban don aiki tare da kwantena ban da Docker.
Injiniyoyi a Red Hat da Google sun ga bukatar kasuwa don injin kwantena wanda zai iya karɓar buƙatun Kubelet akan ka'idar CRI kuma sun gabatar da kwantena waɗanda suka dace da ƙayyadaddun bayanan OCI da aka ambata a sama. Don haka . Amma uzuri, ba mu ce za a sadaukar da wannan kayan ga CRI-O ba? A gaskiya shi ne, kawai tare da saki aikin an sake masa suna CRI-O.
Hoto 1.
Ƙirƙira tare da CRI-O da CoreOS
Tare da ƙaddamar da dandalin OpenShift 4, an canza shi , An yi amfani da shi ta hanyar tsoho a cikin dandamali, kuma Docker ya maye gurbinsa ta CRI-O, yana ba da farashi mai mahimmanci, kwanciyar hankali, sauƙi da yanayi mai ban sha'awa don gudanar da akwati wanda ke tasowa a cikin layi daya tare da Kubernetes. Wannan yana sauƙaƙa da tallafin gungu da daidaitawa sosai. Kanfigarewar injin kwantena da mai masaukin baki, da kuma sarrafa su, ya zama mai sarrafa kansa a cikin OpenShift 4.
Dakata, yaya wannan?
Haka ne, tare da zuwan OpenShift 4, babu sauran buƙatar haɗawa da runduna ɗaya da shigar da injin kwantena, saita ma'ajiyar ajiya, saita sabar bincike ko saita hanyar sadarwa. An sake fasalin dandalin OpenShift 4 gaba daya don amfani da ba kawai a cikin sharuddan aikace-aikacen masu amfani ba, har ma dangane da mahimman ayyukan matakin dandamali kamar ƙaddamar da hotuna, daidaita tsarin, ko shigar da sabuntawa.
Kubernetes koyaushe yana ƙyale masu amfani don sarrafa aikace-aikacen ta hanyar ayyana yanayin da ake so da amfani , don tabbatar da cewa ainihin jihar ta dace da jihar da aka yi niyya kamar yadda zai yiwu. Wannan yana buɗe babban dama daga duka haɓakawa da hangen nesa ayyuka. Masu haɓakawa na iya ayyana yanayin da ake buƙata ta ga mai aiki a cikin nau'in fayil ɗin YAML ko JSON, sannan mai aiki zai iya ƙirƙirar misalin aikace-aikacen da ake buƙata a cikin yanayin samarwa, kuma yanayin aiki na wannan misalin zai dace da ƙayyadaddun.
Ta amfani da Masu aiki a cikin dandamali, OpenShift 4 yana kawo wannan sabon tsari (ta amfani da manufar saiti da ainihin jihar) zuwa gudanar da RHEL CoreOS da CRI-O. Ayyukan daidaitawa da sarrafa nau'ikan tsarin aiki da injin kwantena ana sarrafa su ta atomatik ta amfani da abin da ake kira. . MCO yana sauƙaƙa aikin mai gudanar da tari, da gaske yana sarrafa matakai na ƙarshe na shigarwa, da kuma ayyukan bayan shigarwa (ayyukan yini biyu). Duk wannan yana sa OpenShift 4 ya zama dandamalin gajimare na gaskiya. Za mu shiga cikin wannan kadan kadan.
Gudun kwantena
Masu amfani sun sami damar yin amfani da injin CRI-O a cikin dandalin OpenShift tun daga sigar 3.7 a cikin Matsayin Preview Tech kuma daga sigar 3.9 a Matsayin Samun Gabaɗaya (a halin yanzu ana tallafawa). Bugu da kari, Red Hat yana amfani da yawa a cikin OpenShift Online tun daga sigar 3.10. Duk wannan ya ba ƙungiyar da ke aiki a kan CRI-O damar samun ƙwarewa mai yawa a cikin ƙaddamar da manyan kwantena a kan manyan gungu na Kubernetes. Don samun ainihin fahimtar yadda Kubernetes ke amfani da CRI-O, bari mu kalli wannan kwatanci, wanda ke nuna yadda gine-ginen ke aiki.
Shinkafa 2. Yadda kwantena ke aiki a cikin gungu na Kubernetes
CRI-O yana sauƙaƙa ƙirƙirar sabbin rundunan kwantena ta hanyar daidaita dukkan matakin saman lokacin fara sabbin nodes, da lokacin fitar da sabbin nau'ikan dandamali na OpenShift. Bita dandali duka yana ba da damar sabunta ma'amala / jujjuyawar ma'amala, sannan kuma yana hana kulle-kulle a cikin abubuwan dogaro tsakanin jigon wutsiya, injin kwantena, nodes (Kubelets) da Kubernetes Master kumburi. Ta hanyar sarrafa duk abubuwan da suka shafi dandamali, tare da sarrafawa da sigar, koyaushe akwai wata hanya madaidaiciya daga jihar A zuwa jihar B. Wannan yana sauƙaƙa tsarin sabuntawa, inganta tsaro, haɓaka rahoton aiki, kuma yana taimakawa rage farashin sabuntawa da shigarwa na sabbin sigogin. .
Nuna ikon abubuwan maye gurbin
Kamar yadda aka ambata a baya, ta yin amfani da Ma'aikatar Config Operator don sarrafa mai masaukin kwantena da injin kwantena a cikin OpenShift 4 yana ba da sabon matakin sarrafa kansa wanda baya yiwuwa akan dandalin Kubernetes. Don nuna sabbin fasalolin, za mu nuna yadda zaku iya yin canje-canje ga fayil ɗin crio.conf. Don guje wa ruɗu ta hanyar kalmomi, yi ƙoƙarin mayar da hankali kan sakamakon.
Da farko, bari mu ƙirƙiri abin da ake kira daidaitaccen lokacin aikin kwantena - Container Runtime Config. Yi la'akari da shi azaman tushen Kubernetes wanda ke wakiltar daidaitawar CRI-O. A zahiri, sigar musamman ce ta wani abu da ake kira MachineConfig, wanda shine kowane tsari da aka tura zuwa na'urar RHEL CoreOS azaman ɓangare na gungu na OpenShift.
Wannan al'ada ta al'ada, mai suna ContainerRuntimeConfig, an ƙirƙira shi ne don sauƙaƙa wa masu gudanar da tari don daidaita CRI-O. Wannan kayan aikin yana da ƙarfi sosai wanda za'a iya amfani da shi kawai ga wasu nodes dangane da saitunan MachineConfigPool. Yi la'akari da shi a matsayin rukuni na injuna waɗanda ke aiki iri ɗaya.
Ka lura da layi biyu na ƙarshe waɗanda za mu canza a cikin fayil /etc/crio/crio.conf. Waɗannan layukan biyu sun yi kama da layin da ke cikin fayil ɗin crio.conf, sune:
vi ContainerRuntimeConfig.yaml
Kammalawa:
apiVersion: machineconfiguration.openshift.io/v1
kind: ContainerRuntimeConfig
metadata:
name: set-log-and-pid
spec:
machineConfigPoolSelector:
matchLabels:
debug-crio: config-log-and-pid
containerRuntimeConfig:
pidsLimit: 2048
logLevel: debug
Yanzu bari mu tura wannan fayil ɗin zuwa gungu na Kubernetes kuma mu duba cewa ainihin an ƙirƙira shi. Lura cewa aikin daidai yake da kowane albarkatun Kubernetes:
oc create -f ContainerRuntimeConfig.yaml
oc get ContainerRuntimeConfig
Kammalawa:
NAME AGE
set-log-and-pid 22h
Da zarar mun ƙirƙiri ContainerRuntimeConfig, muna buƙatar canza ɗayan MachineConfigPools don sigina zuwa Kubernetes cewa muna son yin amfani da wannan saitin zuwa takamaiman ƙungiyar injina a cikin tari. A wannan yanayin za mu canza MachineConfigPool don manyan nodes:
oc edit MachineConfigPool/master
Ƙarshe (domin a bayyane, an bar babban jigon):
...
metadata:
creationTimestamp: 2019-04-10T23:42:28Z
generation: 1
labels:
debug-crio: config-log-and-pid
operator.machineconfiguration.openshift.io/required-for-upgrade: ""
...
A wannan gaba, MCO ya fara ƙirƙirar sabon fayil na crio.conf don tari. A wannan yanayin, ana iya duba fayil ɗin sanyi gaba ɗaya ta amfani da Kubernetes API. Ka tuna, ContainerRuntimeConfig wani nau'i ne na musamman na MachineConfig, don haka za mu iya ganin sakamakon ta hanyar duba layukan da suka dace a cikin MachineConfigs:
oc get MachineConfigs | grep rendered
Kammalawa:
rendered-master-c923f24f01a0e38c77a05acfd631910b 4.0.22-201904011459-dirty 2.2.0 16h
rendered-master-f722b027a98ac5b8e0b41d71e992f626 4.0.22-201904011459-dirty 2.2.0 4m
rendered-worker-9777325797fe7e74c3f2dd11d359bc62 4.0.22-201904011459-dirty 2.2.0 16h
Da fatan za a lura cewa babban fayil ɗin daidaitawa na babban nodes ya kasance sabon siga fiye da na asali. Don duba shi, gudanar da umarni mai zuwa. A wucewa, mun lura cewa wannan shine watakila ɗayan mafi kyawun masu layi ɗaya a cikin tarihin Kubernetes:
python3 -c "import sys, urllib.parse; print(urllib.parse.unquote(sys.argv[1]))" $(oc get MachineConfig/rendered-master-f722b027a98ac5b8e0b41d71e992f626 -o YAML | grep -B4 crio.conf | grep source | tail -n 1 | cut -d, -f2) | grep pid
Kammalawa:
pids_limit = 2048
Yanzu bari mu tabbatar da cewa an yi amfani da saitin zuwa duk nodes masu mahimmanci. Da farko muna samun jerin nodes a cikin tari:
oc get node | grep master
Output:
ip-10-0-135-153.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
ip-10-0-154-0.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
ip-10-0-166-79.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
Yanzu bari mu kalli fayil ɗin da aka shigar. Za ku ga cewa an sabunta fayil ɗin tare da sababbin dabi'u don umarnin pid da cire kuskure waɗanda muka ayyana a cikin albarkatun ContainerRuntimeConfig. Ita kanta ladabi:
oc debug node/ip-10-0-135-153.us-east-2.compute.internal — cat /host/etc/crio/crio.conf | egrep 'debug||pid’
Kammalawa:
...
pids_limit = 2048
...
log_level = "debug"
...
Duk waɗannan canje-canje ga gungu an yi su ba tare da ko da gudanar da SSH ba. An yi duk aikin ta hanyar shiga Kuberentes master node. Wato, waɗannan sabbin sigogi an saita su a kan manyan nodes kawai. Ƙungiyoyin ma'aikata ba su canza ba, wanda ke nuna fa'idodin tsarin Kubernetes na yin amfani da ƙayyadaddun jihohi da na ainihi dangane da rundunonin kwantena da injunan kwantena tare da abubuwa masu canzawa.
Misalin da ke sama yana nuna ikon yin canje-canje zuwa ƙaramin gungu na OpenShift Container Platform 4 tare da nodes ɗin samarwa guda uku ko babban gungu na samarwa tare da nodes 3000. A kowane hali, adadin aikin zai kasance iri ɗaya - kuma ƙanƙanta - kawai saita fayil ɗin ContainerRuntimeConfig, kuma canza lakabi ɗaya a cikin MachineConfigPool. Kuma za ku iya yin hakan tare da kowane nau'i na OpenShift Container Platform 4.X yana gudana Kubernetes a tsawon rayuwarsa.
Sau da yawa kamfanonin fasaha suna tasowa da sauri ta yadda ba za mu iya bayyana dalilin da yasa muke zabar wasu fasahohin don abubuwan da ke cikin tushe ba. Injin kwantena a tarihi sun kasance bangaren da masu amfani ke hulɗa da su kai tsaye. Tunda shaharar kwantena ta asali ta fara ne da zuwan injinan kwantena, masu amfani galibi suna nuna sha'awarsu. Wannan wani dalili ne da ya sa Red Hat ya zaɓi CRI-O. Kwantena suna haɓaka tare da mayar da hankali a yanzu akan ƙungiyar kade-kade, kuma mun gano cewa CRI-O yana ba da mafi kyawun ƙwarewa yayin aiki tare da OpenShift 4.
source: www.habr.com