Akwai wallafe-wallafe da yawa akan Intanet, amma wani lokacin shawara mafi sauƙi shine mafi mahimmanci. Tawaga fassara , wanda marubucin labarin ya tattara bayan shekara guda na aiki tare da Kubernetes. Ba a tsara shawarwarin da mahimmanci ba, amma muna tunanin cewa kowa zai sami wani abu mai amfani ga kansa.
Umarni mafi sauƙi don aiki tare da Kubernetes
Don farawa da, watakila mafi sauƙi kuma mafi amfani mataki a cikin aiki tare da Kubernetes. Umurni mai zuwa yana ba da damar kammala umarni kubectl a cikin bash shell:
echo "source <(kubectl completion bash)" >> ~/.bashrc
Kai tsaye kubectl za a rubuta zuwa fayil ɗin .bashrc kuma za a kunna ta atomatik duk lokacin da aka fara harsashi. Wannan yana hanzarta buga dogayen umarni da sigogi kamar all-namespaces. Karin bayani a ciki .
Tsohuwar žwažwalwar ajiya da iyakokin CPU a cikin sararin suna
Idan an rubuta aikace-aikacen ba daidai ba, alal misali, yana buɗe sabon haɗi zuwa ma'ajin bayanai kowane daƙiƙa amma bai taɓa rufe shi ba, to cluster yana da ɗigon ƙwaƙwalwar ajiya. Kuma idan aikace-aikacen ba shi da ƙayyadaddun ƙayyadaddun ƙwaƙwalwar ajiya yayin turawa, wannan na iya haifar da gazawar kumburi.
Don hana wannan, Kubernetes yana ba ku damar saita ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun tsarin suna. An rubuta su a cikin fayil ɗin yaml don takamaiman sunan suna. Ga misalin irin wannan fayil:
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
spec:
limits:
- default:
memory: 512Mi
defaultRequest:
memory: 256Mi
type: Container
Ƙirƙiri irin wannan yaml kuma a shafi kowane sunan suna. Misali, zuwa wurin suna limit-example. Yanzu duk wani kwantena da aka tura a cikin wannan filin suna zai sami iyakacin 512Mi, sai dai idan an saita wani iyaka na wannan akwati.
Tarin shara a cikin tsofaffin nau'ikan Kubernetes
Kubelet ta tsohuwa yana fara tarin datti lokacin var/lib/docker ya mamaye kashi 90% na sararin sararin faifai. Wannan yana da kyau, duk da haka, har sai Kubernetes 1.7 babu wani ƙayyadaddun iyaka akan adadin inodes da aka yi amfani da su, wanda ya dace da adadin fayiloli a cikin tsarin fayil.
Yiwuwar kwandon ku var/lib/docker na iya amfani da kashi 50% na sararin faifai kawai, amma yana iya ƙarewa daga inodes, wanda zai haifar da matsala ga ma'aikata.
A cikin tsofaffin nau'ikan kubelet daga 1.4 zuwa 1.6 zaku ƙara wannan tuta:
--eviction-hard
=memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%
A cikin nau'ikan 1.7 da daga baya an saita wannan tuta ta tsohuwa. Koyaya, sigogin da suka gabata ba sa kula da iyakar inode.
Minikube… ƙarami amma Kubernetes na gida mai ƙarfi
Minikube ita ce hanya mafi sauƙi don gudanar da gungu na Kubernetes na gida. An ƙaddamar da shi tare da umarni mai sauƙi:
minikube start
Gudanar da wannan umarni yana haifar da ainihin gungu na Kubernetes yana gudana akan injin ku.
Dabarar ita ce yadda za a gina aikace-aikacen da gudanar da shi a cikin gida akan wannan gungu. Sai dai in an ba da umarni na musamman, hoton Docker za a gina shi akan kwamfutarka ba akan gungu ba.
Don tilasta Docker don tura hoton zuwa gungu na Kubernetes na gida, ana ba injin docker umarni mai zuwa:
eval $(minikube docker-env)
Yanzu za mu iya gina aikace-aikace akan gungu na Kubernetes na gida.
Kada kubectl damar shiga kowa da kowa
Wannan yana da alama a bayyane, amma idan ƙungiyoyi da yawa suna amfani da gungu iri ɗaya don aikace-aikacen su (wanda shine abin da aka ƙirƙira Kubernetes don shi), bai kamata ku ba kowa kawai ba. kubectl. Yana da kyau a raba umarnin, sanya kowane ɗayan su nasa sunan sunan da iyakance damar amfani da manufofin RBAC.
Kuna iya rikicewa ta hanyar ba da haƙƙoƙin shiga, karantawa, ƙirƙira, gogewa da sauran ayyuka na kowane kwafsa. Amma babban abu shine iyakance damar yin amfani da sirri, ba da izini ga masu gudanarwa kawai. Ta wannan hanyar za mu bambance tsakanin waɗanda za su iya gudanar da cluster da waɗanda za su iya turawa kawai.
Sarrafa Budgets
Yadda za a tabbatar da rashin lokacin aiki a cikin gungu na Kubernetes? PodDisruptionBudget da sake PodDisruptionBudget.
Ana sabunta tari lokaci-lokaci kuma ana kwashe nodes. Babu wani abu da ya tsaya cak, gaskiyar ita ce. Kowane turawa tare da misali fiye da ɗaya yakamata ya haɗa da PDB (PodDisruptionBudget). An ƙirƙira shi a cikin fayil ɗin yaml mai sauƙi wanda aka shafa a gungu. Yankin ɗaukar hoto na wani takamaiman PDB an ƙaddara ta masu zaɓin lakabi.
Note: Ana yin la'akari da kasafin kuɗin PDB ne kawai lokacin da aka juyar da cin zarafin kasafin kuɗi (). A cikin yanayi kamar gazawar hardware, PDB ba zai yi aiki ba.
Misali PDB:
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: app-a-pdb
spec:
minAvailable: 2
selector:
matchLabels:
app: app-a
Manyan sigogi guda biyu sune matchLabels и minAvailable. Siga na farko ya fayyace waɗanne aikace-aikacen kasafin kuɗi ya shafi. Misali, idan ina da turawa tare da lakabi app: app-a и app: app-b, to wannan PDB zai shafi na farko ne kawai.
Alamar minAvailable la'akari lokacin kwashe (tsaftacewa) kumburi. Misali, a cikin misalinmu, a lokacin da ake yin komai, ana fitar da duk abubuwan da suka faru app: app-a, sai biyu.
Wannan yana ba ku damar sarrafa yawancin lokuta na aikace-aikacen ya kamata su gudana a kowane lokaci.
Aikace-aikacen kula da lafiya
Irin wannan saka idanu yana yiwuwa ta hanyoyi biyu: ta amfani da gwaje-gwajen Shirye-shiryen ko Rayuwa.
Binciken farko (shirya) yana ƙayyade shirye-shiryen kwantena don karɓar zirga-zirga.
Na biyu (rayuwa) yana nuna ko kwandon yana da lafiya ko yana buƙatar sake kunnawa.
Abubuwan da suka dace ana ƙara su kawai a cikin yaml don turawa. A can za ku iya ƙayyade lokacin ƙarewa, lokutan jinkiri da adadin sake gwadawa. Dubi ƙarin bayani game da su .
Tags suna ko'ina
Lakabi ɗaya ne daga cikin mahimman ra'ayoyi a cikin Kubernetes. Suna ba da damar abubuwa don sadarwa tare da juna cikin yardar kaina, da kuma haifar da tambayoyi dangane da lakabi. A Kubernetes, zaku iya zuwa wurin abokin ciniki kuma ku kalli abubuwan da suka faru don takamaiman alamun.
Kuna iya yin kusan komai tare da tags, amma kyakkyawan misali shine ƙirƙirar yanayi da yawa don gudanar da shirye-shirye akan gungu iri ɗaya.
Bari mu ce kuna amfani da gungu iri ɗaya don dev и qa. Wannan yana nufin zaku iya samun aikace-aikacen app-a, a lokaci guda aiki a cikin yanayi biyu qa и dev. A wannan yanayin, zamu iya samun dama ga misalan aikace-aikacen daban a cikin takamaiman yanayi ta hanyar ƙididdige ma'aunin da ya dace environment. Misali app: app-a и environment: dev ga muhalli daya, kuma app: app-a и environment: qa na biyun.
Wannan yana ba ku damar samun dama ga lokuta biyu na aikace-aikacen, misali, don gudanar da gwaji lokaci guda.
Yi tsari
Kubernetes tsari ne mai ƙarfi sosai, amma kowane tsarin zai iya zama cikin ruɗe tare da matakai masu yawa. Kubelet yana gudanar da duk matakai kuma yana bincikar da kuka ƙayyade, da nasa.
Tabbas, sabis ɗin marayu ɗaya ba zai rage tsarin ba, kuma an tsara Kubernetes don sikelin daga ƙasa zuwa sama. Amma idan maimakon sabis ɗaya miliyan ya bayyana, kubelet ya fara shaƙewa.
Idan saboda wasu dalilai kuka share kayan aiki (kwantena, hoto, komai), kawai tabbatar da yin cikakken tsaftacewa.
Haɗu da Go
Mun adana babbar shawara a ƙarshe. Koyi yaren shirye-shiryen Go.
An haɓaka Kubernetes a cikin Go, an rubuta duk kari a cikin Go, kuma ɗakin karatu na abokin ciniki-tafi shima ana tallafawa bisa hukuma.
Ana iya amfani dashi don abubuwa daban-daban da ban sha'awa. Misali, don faɗaɗa tsarin Kubernetes zuwa dandano. Don haka, zaku iya amfani da shirye-shiryen ku don tattara bayanai, tura aikace-aikace, ko kawai tsaftace kwantena.
Koyan yaren shirye-shirye na Go da ƙwarewar abokin ciniki-go watakila shine mafi mahimmancin shawara da zaku iya ba sabbin masu amfani da Kubernetes.
Me kuma za a karanta:
- .
- ?
- .
source: www.habr.com