A yau Laraba. saki na gaba na Kubernetes - 1.16. Bisa ga al'adar da ta ci gaba don shafin yanar gizon mu, wannan shine lokacin cika shekaru goma da muke magana game da canje-canje mafi mahimmanci a cikin sabon sigar.
An samo bayanan da aka yi amfani da su don shirya wannan kayan , da batutuwa masu alaƙa, buƙatun ja, da Kubernetes Haɓaka Shawarwari (KEP). Don haka, mu tafi!..
Nodes
Haƙiƙa babban adadin sanannen sabbin abubuwa (a cikin yanayin sigar alpha) ana gabatar da su a gefen kuɗaɗen gungu na K8s (Kubelet).
Na farko, abin da ake kira «» (Kwananonin Ephemeral), An tsara don sauƙaƙe hanyoyin gyara kurakurai a cikin kwasfa. Sabuwar hanyar tana ba ku damar ƙaddamar da kwantena na musamman waɗanda ke farawa a cikin sunan fasfo ɗin da ke akwai kuma suna rayuwa na ɗan gajeren lokaci. Manufar su ita ce yin hulɗa tare da sauran kwasfa da kwantena don magance duk wata matsala da cirewa. An aiwatar da sabon umarni don wannan fasalin kubectl debug, kama da asali kubectl exec: kawai maimakon gudanar da tsari a cikin akwati (kamar a cikin exec) yana harba kwantena a cikin kwasfa. Misali, wannan umarni zai haɗa sabon akwati zuwa kwasfa:
kubectl debug -c debug-shell --image=debian target-pod -- bashAna iya samun cikakkun bayanai game da kwantena na ephemeral (da misalan amfaninsu) a ciki . Aiwatar da yanzu (a cikin K8s 1.16) sigar alpha ce, kuma daga cikin ma'auni don canja wurin sa zuwa sigar beta shine "gwajin Ephemeral Containers API don aƙalla sakin 2 na [Kubernetes]."
NB: A cikin ainihinsa har ma da sunansa, fasalin yayi kama da plugin ɗin da ya riga ya kasance game da wanda muke . Ana sa ran cewa tare da zuwan kwantena na ephemeral, haɓaka wani keɓaɓɓen plugin ɗin waje zai ƙare.
Wani sabon abu - - tsara don samarwa na'ura don ƙididdige yawan kuɗin da ake kashewa na kwasfa, wanda zai iya bambanta sosai dangane da lokacin aiki. A matsayin misali, marubuta haifar da Kata Containers, waɗanda ke buƙatar gudanar da kernel baƙo, wakilin kata, tsarin init, da sauransu. Lokacin da abin hawa ya yi girma, ba za a yi watsi da shi ba, wanda ke nufin akwai buƙatar yin la'akari da shi don ƙarin ƙididdiga, tsarawa, da dai sauransu. Don aiwatar da shi a ciki PodSpec filin kara Overhead *ResourceList (kwatanta da bayanai a cikin RuntimeClass, idan an yi amfani da daya).
Wata sanannen bidi'a ita ce node topology manager (Mai sarrafa Node Topology), An tsara shi don haɗa hanyoyin da za a daidaita daidaitattun rarraba kayan aikin kayan aiki don sassa daban-daban a cikin Kubernetes. Wannan yunƙuri ya samo asali ne ta hanyar haɓaka buƙatun tsarin zamani daban-daban (daga fannin sadarwa, koyan injina, sabis na kuɗi, da sauransu) don ayyuka masu inganci daidai gwargwado tare da rage jinkirin aiwatar da ayyuka, waɗanda suke amfani da ci-gaba na CPU hardware hanzari damar. Irin wannan ingantawa a cikin Kubernetes ya zuwa yanzu an samu godiya ga sassa daban-daban (mai sarrafa CPU, Manajan Na'ura, CNI), kuma yanzu za a ƙara su guda ɗaya na cikin gida wanda ke haɓaka tsarin da sauƙaƙe haɗin sabon kama - abin da ake kira topology- sani - abubuwan da ke gefen Kubelet. Cikakkun bayanai - a .
Zane-zane na Manajan Topology
Siffa ta gaba - duba kwantena yayin da suke gudana (). Kamar yadda ka sani, ga kwantena da ke ɗaukar lokaci mai tsawo don ƙaddamarwa, yana da wuya a sami matsayi na yau da kullum: ko dai an "kashe" kafin su fara aiki a zahiri, ko kuma sun ƙare a cikin matsi na dogon lokaci. Sabuwar rajistan shiga (an kunna ta ƙofar fasalin da ake kira StartupProbeEnabled) soke - ko kuma maimakon haka, yana jinkirta - tasirin duk wani bincike har sai lokacin da kwaf ɗin ya gama aiki. Saboda wannan dalili, an kira fasalin asali . Don kwas ɗin da ke ɗaukar lokaci mai tsawo don farawa, zaku iya jefa kuri'a a cikin ɗan gajeren lokaci.
Bugu da ƙari, haɓakawa don RuntimeClass yana samuwa nan da nan a matsayin beta, yana ƙara goyan baya ga "gungu iri-iri". C Yanzu ba lallai ba ne don kowane kumburi ya sami goyan baya ga kowane RuntimeClass: don kwas ɗin za ku iya zaɓar RuntimeClass ba tare da yin la'akari da cluster topology ba. A baya can, don cimma wannan - don haka kwasfan fayiloli sun ƙare a kan nodes tare da goyan bayan duk abin da suke bukata - ya zama dole don sanya dokoki masu dacewa ga NodeSelector da haƙuri. IN Yana magana game da misalan amfani da, ba shakka, cikakkun bayanan aiwatarwa.
Network
Muhimman fasalolin sadarwar guda biyu waɗanda suka bayyana a karon farko (a cikin sigar alpha) a cikin Kubernetes 1.16 sune:
- Dual cibiyar sadarwa tari - IPv4/IPv6 - da kuma daidai "fahimta" a matakin pods, nodes, ayyuka. Ya haɗa da IPv4-to-IPv4 da IPv6-to-IPv6 interoperability tsakanin pods, daga kwasfan fayiloli zuwa sabis na waje, aiwatar da tunani (a cikin Bridge CNI, PTP CNI da Host-Local IPAM plugins), da kuma baya Mai jituwa tare da gungu na Kubernetes yana gudana. IPv4 ko IPv6 kawai. Bayanan aiwatarwa suna cikin .
Misali na nuna adiresoshin IP na nau'ikan biyu (IPv4 da IPv6) a cikin jerin kwasfan fayiloli:
kube-master# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE nginx-controller 1/1 Running 0 20m fd00:db8:1::2,192.168.1.3 kube-minion-1 kube-master# - Sabuwar API don Ƙarshe - . Yana warware batutuwan aiki / daidaitawa na API ɗin Ƙarshen Ƙarshen da ke gudana waɗanda ke shafar sassa daban-daban a cikin jirgin sama mai sarrafawa (apiserver, da dai sauransu, mai kula da ƙarshen, kube-proxy). Sabuwar API ɗin za a ƙara zuwa ƙungiyar Discovery API kuma za ta iya yin hidimar dubun dubatan ƙarshen ƙarshen ƙarshen kowane sabis a cikin tari mai ɗauke da dubunnan nodes. Don yin wannan, kowane Sabis an tsara shi zuwa abubuwa N
EndpointSlice, kowannen su ta tsohuwa ba shi da maƙasudin ƙarshe sama da 100 (ƙimar ana iya daidaita shi). API ɗin EndpointSlice kuma zai ba da dama don ci gabanta na gaba: tallafi ga adiresoshin IP da yawa don kowane kwafsa, sabbin jihohi don ƙarshen ƙarshen (ba wai kawaiReadyиNotReady), saiti mai ƙarfi don wuraren ƙarshe.
Wanda aka gabatar a cikin sakin karshe ya kai sigar beta , mai suna service.kubernetes.io/load-balancer-cleanup kuma haɗe zuwa kowane sabis tare da nau'in LoadBalancer. A lokacin share irin wannan sabis ɗin, yana hana ainihin gogewar albarkatun har sai an kammala "tsabta" na duk albarkatun ma'auni masu dacewa.
Injin API
Ainihin "mahimmin ci gaba" yana cikin yankin uwar garken API na Kubernetes da hulɗa tare da shi. Wannan ya faru da yawa godiya ga canja wurin zuwa ga barga matsayi waɗanda ba sa bukatar musamman gabatarwa (CRD), waɗanda ke da matsayin beta tun daga kwanakin nesa na Kubernetes 1.7 (kuma wannan shine Yuni 2017!). Daidaitawar ta zo ga abubuwan da ke da alaƙa:
- daga
/statusи/scaledon CustomResources; - nau'ikan don CRD, dangane da ƙugiya na waje;
- (a cikin K8s 1.15) ƙimar tsoho (defaulting) da kuma cire filin atomatik (yanke) don CustomResources;
- ta amfani da tsarin OpenAPI v3 don ƙirƙira da buga takaddun Buɗaɗɗen API da aka yi amfani da su don inganta albarkatun CRD a gefen uwar garken.
Wata hanyar da ta daɗe da sanin masu gudanar da Kubernetes: - Hakanan ya kasance a cikin matsayin beta na dogon lokaci (tun K8s 1.9) kuma yanzu an ayyana barga.
Wasu siffofi guda biyu sun kai ga beta: и .
Kuma kawai gagarumin bidi'a a cikin sigar alpha ita ce daga SelfLink - URI na musamman wanda ke wakiltar ƙayyadadden abu da kasancewa wani ɓangare na ObjectMeta и ListMeta (watau wani ɓangare na kowane abu a cikin Kubernetes). Me yasa suke watsi da shi? Ƙarfafawa a hanya mai sauƙi kamar yadda babu ainihin dalilai (mafi yawa) na wannan filin har yanzu. Ƙarin dalilai na yau da kullum shine don inganta aikin (ta hanyar cire filin da ba dole ba) da kuma sauƙaƙa aikin na janareta-apiserver, wanda aka tilasta yin amfani da irin wannan filin ta hanya ta musamman (wannan shine kawai filin da aka saita daidai a gaban abu. serialized). Rashin tsufa na gaskiya (a cikin beta) SelfLink zai faru ta hanyar Kubernetes 1.20, kuma na ƙarshe - 1.21.
Adana bayanai
Babban aikin a cikin wurin ajiya, kamar yadda aka saki a baya, ana lura da shi a yankin . Babban canje-canje a nan sune:
- a karon farko (a cikin sigar alpha) CSI plugin goyon bayan ma'aikatan Windows nodes: hanyar da ake amfani da ita a yanzu tare da ajiya kuma za ta maye gurbin plugins a cikin itace a cikin Kubernetes core da FlexVolume plugins daga Microsoft bisa Powershell;
Tsari don aiwatar da plugins na CSI a cikin Kubernetes don Windows - damar , An gabatar da baya a cikin K8s 1.12, ya girma zuwa sigar beta;
- An sami irin wannan "ci gaba" (daga alpha zuwa beta) ta ikon amfani da CSI don ƙirƙirar kundin ephemeral na gida ().
An gabatar da shi a cikin sigar da ta gabata ta Kubernetes (amfani da PVC data kasance kamar DataSource don ƙirƙirar sabon PVC) shima yanzu ya karɓi matsayin beta.
Mai tsara jadawalin
Sanannun canje-canje guda biyu zuwa jadawalin (duka a cikin alpha):
- - dama yi amfani da kwasfa maimakon raka'o'in aikace-aikacen ma'ana don "rarrabuwar gaskiya" na lodi (kamar Deployment da ReplicaSet) da kuma daidaita wannan rarraba (a matsayin mai wuyar bukata ko a matsayin yanayi mai laushi, watau fifiko). Siffar za ta faɗaɗa ƙarfin rarraba da ake da shi na kwas ɗin da aka tsara, a halin yanzu iyakance ta zaɓuɓɓuka
PodAffinityиPodAntiAffinity, baiwa masu gudanar da mulki mafi kyawun iko a cikin wannan al'amari, wanda ke nufin mafi kyawun samuwa da ingantaccen amfani da albarkatu. Cikakkun bayanai - a . - Amfani Manufar BestFit в An BukaciAikin Matsayin Ƙarfafa Ratio a lokacin shirya kwafsa, wanda zai ba da izini amfani ("sanarwa a cikin kwantena") don albarkatu na yau da kullun (mai sarrafawa, ƙwaƙwalwar ajiya) da waɗanda aka faɗa (kamar GPU). Don ƙarin bayani, duba .
Shirya kwasfan fayiloli: kafin amfani da mafi kyawun tsarin dacewa (kai tsaye ta hanyar mai tsara tsarawa) kuma tare da amfani da shi (ta hanyar mai tsara tsarawa)
Bugu da ƙari, da ikon ƙirƙirar plugins na ku mai tsarawa a waje da babban bishiyar ci gaban Kubernetes (daga itace).
Sauran canje-canje
Hakanan a cikin sakin Kubernetes 1.16 ana iya lura dashi himma don samuwa awo a cikin cikakken tsari, ko fiye daidai, daidai da zuwa K8s kayan aiki. Sun dogara da yawa akan daidai . Rashin daidaituwa ya taso saboda dalilai daban-daban (alal misali, an ƙirƙiri wasu ma'auni kafin umarnin na yanzu ya bayyana), kuma masu haɓakawa sun yanke shawarar cewa lokaci ya yi da za a kawo komai zuwa ma'auni ɗaya, "daidai da sauran yanayin yanayin Prometheus." Aiwatar da wannan yunƙurin na yanzu yana cikin matsayi na alpha, wanda za a ci gaba da haɓakawa a cikin nau'ikan Kubernetes masu zuwa zuwa beta (1.17) da kwanciyar hankali (1.18).
Bugu da ƙari, ana iya lura da canje-canje masu zuwa:
- Ci gaban tallafin Windows с Kubeadm utilities na wannan OS (alpha version),
RunAsUserNamedon kwantena na Windows ( sigar alpha), Asusun Gudanar da Sabis na Ƙungiya (gMSA) yana tallafawa har zuwa sigar beta, hawa/haɗe don vSphere kundin. - Hanyar matsa bayanai a cikin martanin API. A baya can, an yi amfani da matatar HTTP don waɗannan dalilai, wanda ya sanya takunkumi da yawa waɗanda suka hana a kunna ta ta tsohuwa. "Transparent request compression" yanzu yana aiki: aikawa da abokan ciniki
Accept-Encoding: gzipa cikin taken, suna karɓar amsawar GZIP da aka matsa idan girmansa ya wuce 128 KB. Go abokan ciniki ta atomatik suna goyan bayan matsawa (aika da taken da ake buƙata), don haka nan da nan za su lura da raguwar zirga-zirga. (Za a iya buƙatar gyare-gyare kaɗan don wasu harsuna.) - daidaita HPA daga/zuwa kwas ɗin sifili bisa ma'auni na waje. Idan kun yi ma'auni dangane da abubuwa/ma'auni na waje, to lokacin da kayan aiki ba su da aiki za ku iya yin awo ta atomatik zuwa kwafin 0 don adana albarkatu. Wannan fasalin yakamata ya kasance da amfani musamman ga lamuran da ma'aikata ke buƙatar albarkatun GPU, kuma adadin nau'ikan ma'aikata marasa aiki daban-daban sun zarce adadin GPUs da ake da su.
- Sabon abokin ciniki - - don "gaba ɗaya" damar zuwa abubuwa. An ƙera shi don maido metadata cikin sauƙi (watau ƙaramin sashe
metadata) daga albarkatu masu tarin yawa da aiwatar da aikin tattara shara da ayyukan rabo tare da su. - Gina Kubernetes ba tare da gado ("gina-in" in-itace) masu samar da girgije ( sigar alpha).
- Zuwa kubeadm mai amfani na gwaji (alpha version) ikon yin amfani da keɓance faci yayin ayyuka
init,joinиupgrade. Ƙara koyo game da yadda ake amfani da tuta--experimental-kustomize, duba cikin . - Sabuwar wurin ƙarshe don apiserver - , - ba ka damar fitarwa bayanai game da shirye-shiryensa. Sabar API kuma yanzu tana da tuta
--maximum-startup-sequence-duration, ba ka damar daidaita ta sake farawa. - Biyu fasali don Azure bayyana barga: goyon baya (Yanayin Samun Samun) da (RG). Bugu da kari, Azure ya kara da cewa:
- AAD da ADFS;
-
service.beta.kubernetes.io/azure-pip-namedon ƙayyade IP na jama'a na ma'aunin nauyi; - saitunan
LoadBalancerNameиLoadBalancerResourceGroup.
- AWS yana da yanzu don EBS akan Windows da EC2 API kira
DescribeInstances. - Kubeadm yanzu yana zaman kansa Tsarin CoreDNS lokacin haɓaka sigar CoreDNS.
- Binaries da dai sauransu a cikin hoton Docker daidai duniya-executable, wanda ke ba ka damar gudanar da wannan hoton ba tare da buƙatar haƙƙin tushen ba. Hakanan, hoton ƙaura da sauransu etcd2 goyon bayan sigar.
- В canza zuwa yin amfani da distroless azaman hoton tushe, ingantaccen aiki, ƙara sabbin masu samar da girgije (DigitalOcean, Magnum, Packet).
- Sabuntawa a cikin software mai amfani/dogara: Go 1.12.9, da dai sauransu 3.3.15, CoreDNS 1.6.2.
PS
Karanta kuma a kan shafinmu:
- «";
- «";
- «";
- «".
source: www.habr.com