TL, DR
- Don cimma babban abin lura na kwantena da microservices, rajistan ayyukan da ma'auni na farko ba su isa ba.
- Don saurin murmurewa da ƙara ƙarfin ƙarfi, aikace-aikacen yakamata su yi amfani da Babban Ka'idar Kulawa (HOP).
- A matakin aikace-aikacen, NOP yana buƙatar: shigar da ta dace, sa ido na kusa, duba lafiyar jiki, da kuma gano aiki/motsi.
- Yi amfani da cak a matsayin kashi na NOR shirye-shiryeProbe и rayuwaProbe Kubernetes.
Menene Samfuran Duba Lafiya?
Lokacin zayyana aikace-aikacen manufa mai mahimmanci da samuwa sosai, yana da matukar mahimmanci a yi la'akari da irin wannan al'amari kamar haƙurin kuskure. Ana ɗaukar aikace-aikacen a matsayin mai haƙuri idan ya murmure da sauri daga gazawar. Aikace-aikacen girgije na yau da kullun yana amfani da gine-ginen microservices - inda aka sanya kowane sashi a cikin wani akwati daban. Kuma don tabbatar da cewa aikace-aikacen akan k8s yana samuwa sosai lokacin da kuke tsara gungu, kuna buƙatar bin wasu alamu. Daga cikinsu akwai Samfuran Duba Lafiya. Yana bayyana yadda aikace-aikacen ke sadarwa zuwa k8s cewa yana da lafiya. Wannan ba bayani ne kawai game da ko kwaf ɗin yana gudana ba, har ma game da yadda yake karɓa da amsa buƙatun. Da yawan Kubernetes ya sani game da lafiyar kwafsa, mafi wayo yana yanke shawara game da zirga-zirgar ababen hawa da daidaita kaya. Don haka, Babban Ƙa'idar Kulawa yana ba da damar aikace-aikacen don amsa buƙatun a kan lokaci.
Babban Ƙa'idar Kulawa (HOP)
Ka'idar babban lura yana daya daga cikin . A cikin gine-ginen microservices, ayyuka ba su damu da yadda ake sarrafa buƙatar su ba (kuma daidai ne haka), amma abin da ke da mahimmanci shine yadda suke karɓar amsa daga ayyukan karɓa. Misali, don tabbatar da mai amfani, akwati ɗaya yana aika buƙatun HTTP zuwa wani, yana tsammanin amsa ta wani tsari - shi ke nan. PythonJS kuma na iya aiwatar da buƙatar, kuma Python Flask na iya amsawa. Kwantena kamar bakaken akwatuna masu boye abun ciki ga juna. Koyaya, ƙa'idar NOP tana buƙatar kowane sabis don fallasa maƙallan ƙarshen API da yawa waɗanda ke nuna yadda lafiya yake, da kuma shirye-shiryensa da matsayi na haƙuri. Kubernetes yana buƙatar waɗannan alamomin don yin tunani ta matakai na gaba don daidaitawa da daidaita kaya.
Aikace-aikacen girgije da aka tsara da kyau yana yin rajistar manyan abubuwan da suka faru ta amfani da daidaitattun rafukan I/O STDERR da STDOUT. Na gaba yana zuwa sabis na taimako, misali filebeat, logstash ko ƙwaƙƙwara, isar da rajistan ayyukan zuwa tsarin sa ido na tsakiya (misali Prometheus) da tsarin tarin log (ELK software suite). Hoton da ke ƙasa yana nuna yadda aikace-aikacen gajimare ke aiki bisa ga Tsarin Gwajin Lafiya da Babban Ka'idodin Kulawa.
Yadda ake amfani da Tsarin Duba Lafiya a Kubernetes?
Daga cikin akwatin, k8s na lura da matsayin kwas ɗin ta amfani da ɗaya daga cikin masu sarrafawa (, , , da dai sauransu). Bayan gano cewa kwaf ɗin ya faɗi saboda wasu dalilai, mai sarrafawa yana ƙoƙarin sake kunna shi ko matsar da shi zuwa wani kumburi. Koyaya, kwasfa na iya bayar da rahoton cewa yana aiki, amma shi kansa baya aiki. Bari mu ba da misali: aikace-aikacenku na amfani da Apache azaman sabar gidan yanar gizo, kun shigar da sashin akan faifai da yawa na gungun. Tun da aka saita ɗakin karatu ba daidai ba, duk buƙatun aikace-aikacen suna amsa da lambar 500 (kuskuren uwar garken ciki). Lokacin duba bayarwa, duba matsayin kwasfa yana ba da sakamako mai nasara, amma abokan ciniki suna tunani daban. Za mu bayyana wannan yanayin da ba a so kamar haka:
A cikin misalinmu, k8s yayi duba aiki. A cikin wannan nau'in tabbatarwa, kubelet yana ci gaba da bincika yanayin tsari a cikin akwati. Da zarar ya fahimci cewa tsarin ya tsaya, zai sake farawa. Idan za'a iya warware kuskuren ta hanyar sake kunna aikace-aikacen kawai, kuma an tsara shirin don rufe kowane kuskure, to, duba lafiyar tsari shine duk abin da kuke buƙatar bi NOP da Tsarin Gwajin Lafiya. Abin tausayi kawai shine cewa ba duk kurakurai an kawar da su ta hanyar sake farawa ba. A wannan yanayin, k8s yana ba da hanyoyi masu zurfi guda biyu don gano matsaloli tare da kwafsa: и .
LivenessProbe
A lokacin rayuwaProbe kubelet yana aiwatar da nau'ikan cak guda 3: ba wai kawai yana ƙayyade ko kwaf ɗin yana gudana ba, har ma ko yana shirye don karɓa da amsa isassun buƙatun:
- Saita buƙatun HTTP zuwa faifan. Dole ne martani ya ƙunshi lambar amsa HTTP a cikin kewayon daga 200 zuwa 399. Don haka, lambobin 5xx da 4xx siginar cewa kwaf ɗin yana da matsala, kodayake tsarin yana gudana.
- Don gwada kwasfan fayiloli tare da ayyukan da ba na HTTP ba (misali, sabar saƙon Postfix), kuna buƙatar kafa haɗin TCP.
- Yi umarni na sabani don kwaf (ciki). Ana ɗaukar cak ɗin nasara idan lambar kammala umarni ta kasance 0.
Misalin yadda wannan ke aiki. Ma'anar kwafi na gaba ya ƙunshi aikace-aikacen NodeJS wanda ke jefa kuskuren 500 akan buƙatun HTTP. Don tabbatar da cewa an sake kunna akwati lokacin karɓar irin wannan kuskure, muna amfani da sigar livenessProbe:
apiVersion: v1
kind: Pod
metadata:
name: node500
spec:
containers:
- image: magalix/node500
name: node500
ports:
- containerPort: 3000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 5Wannan bai bambanta da kowane ma'anar kwas ɗin ba, amma muna ƙara abu .spec.containers.livenessProbe. Siga httpGet ya yarda da hanyar da aka aika buƙatar HTTP GET (a cikin misalinmu wannan shine /, amma a cikin yanayin fama ana iya samun wani abu kamar /api/v1/status). Wani livenessProbe yana karɓar siga initialDelaySeconds, wanda ke ba da umarnin aikin tabbatarwa don jira takamaiman adadin daƙiƙa. Ana buƙatar jinkirin saboda kwandon yana buƙatar lokaci don farawa, kuma idan aka sake kunna shi ba zai kasance na ɗan lokaci ba.
Don amfani da wannan saitin zuwa gungu, yi amfani da:
kubectl apply -f pod.yamlBayan ƴan daƙiƙa guda, zaku iya duba abubuwan da ke cikin kwas ɗin ta amfani da umarni mai zuwa:
kubectl describe pods node500A ƙarshen fitarwa, nemo .
Kamar yadda kuke gani, livenessProbe ya ƙaddamar da buƙatar HTTP GET, kwandon ya haifar da kuskure 500 (wanda shine abin da aka tsara shi don yin), kuma kubelet ya sake kunna shi.
Idan kuna mamakin yadda aka tsara aikace-aikacen NideJS, ga app.js da Dockerfile waɗanda aka yi amfani da su:
app.js
var http = require('http');
var server = http.createServer(function(req, res) {
res.writeHead(500, { "Content-type": "text/plain" });
res.end("We have run into an errorn");
});
server.listen(3000, function() {
console.log('Server is running at 3000')
})Dockerfile
FROM node
COPY app.js /
EXPOSE 3000
ENTRYPOINT [ "node","/app.js" ]Yana da mahimmanci a lura da wannan: livenessProbe kawai zai sake kunna akwati idan ya gaza. Idan sake kunnawa bai gyara kuskuren da ke hana kwantena aiki ba, kubelet ba zai iya ɗaukar mataki don gyara matsalar ba.
shirye-shiryeProbe
readinessProbe yana aiki daidai da livenessProbes (buƙatun GET, sadarwar TCP da aiwatar da umarni), ban da ayyukan gyara matsala. Akwatin da aka gano gazawar ba a sake farawa ba, amma an keɓe shi daga zirga-zirga masu shigowa. Ka yi tunanin cewa ɗaya daga cikin kwantena yana yin ƙididdiga da yawa ko kuma yana ƙarƙashin nauyi mai nauyi, yana haifar da lokutan amsawa suna ƙaruwa. A cikin yanayin livenessProbe, an kunna binciken samun amsa (ta hanyar duban lokaci na daƙiƙa na biyu), bayan haka kubelet ya sake kunna akwati. Lokacin da aka fara, kwandon yana fara aiwatar da ayyuka masu ƙarfi kuma an sake farawa. Wannan na iya zama mahimmanci ga aikace-aikacen da ke buƙatar saurin amsawa. Alal misali, mota yayin da yake kan hanya yana jiran amsa daga uwar garken, amsawar ta jinkirta - kuma motar ta shiga cikin haɗari.
Bari mu rubuta ma'anar redinessProbe wanda zai saita lokacin amsa buƙatar GET zuwa bai wuce daƙiƙa biyu ba, kuma aikace-aikacen zai amsa buƙatar GET bayan daƙiƙa 5. Fayil ɗin pod.yaml yakamata yayi kama da wannan:
apiVersion: v1
kind: Pod
metadata:
name: nodedelayed
spec:
containers:
- image: afakharany/node_delayed
name: nodedelayed
ports:
- containerPort: 3000
protocol: TCP
readinessProbe:
httpGet:
path: /
port: 3000
timeoutSeconds: 2Bari mu tura kwafsa tare da kubectl:
kubectl apply -f pod.yamlBari mu jira dakika biyu sannan mu ga yadda shirye-shiryen ya yi aiki:
kubectl describe pods nodedelayedA ƙarshen fitowar za ku iya ganin cewa wasu abubuwan da suka faru suna kama da juna .
Kamar yadda kuke gani, kubectl bai sake kunna kwaf ɗin ba lokacin da lokacin rajistan ya wuce 2 seconds. Maimakon haka, ya soke bukatar. Ana tura hanyoyin sadarwa masu shigowa zuwa wasu, kwas ɗin aiki.
Lura cewa yanzu da aka sauke kwas ɗin, kubectl hanyoyin buƙatun zuwa gare shi kuma: martani ga buƙatun GET ba su da jinkiri.
Don kwatantawa, a ƙasa akwai fayil ɗin app.js da aka gyara:
var http = require('http');
var server = http.createServer(function(req, res) {
const sleep = (milliseconds) => {
return new Promise(resolve => setTimeout(resolve, milliseconds))
}
sleep(5000).then(() => {
res.writeHead(200, { "Content-type": "text/plain" });
res.end("Hellon");
})
});
server.listen(3000, function() {
console.log('Server is running at 3000')
})TL, DR
Kafin zuwan aikace-aikacen girgije, rajistan ayyukan rajista sune hanyoyin farko na sa ido da duba lafiyar aikace-aikacen. Duk da haka, babu wata hanyar da za a ɗauki wani matakin gyara. Har yanzu rajistan ayyukan suna da amfani a yau; suna buƙatar tattara su kuma aika su zuwa tsarin tarin log don nazarin yanayin gaggawa da yanke shawara. [Ana iya yin duk wannan ba tare da aikace-aikacen girgije ta amfani da monit, alal misali, amma tare da k8s ya zama mafi sauƙi :) - bayanin edita. ]
A yau, dole ne a yi gyare-gyare kusan a cikin ainihin lokaci, don haka aikace-aikacen ba dole ba ne ya zama akwatunan baki. A'a, yakamata su nuna ƙarshen ƙarshen waɗanda ke ba da damar tsarin sa ido don yin tambaya da tattara bayanai masu mahimmanci game da yanayin tafiyar matakai don su iya ba da amsa nan take idan ya cancanta. Wannan shi ake kira Tsarin Gwajin Ƙirar Ayyuka, wanda ke biye da Babban Ka'idodin Kulawa (HOP).
Kubernetes yana ba da nau'ikan duba lafiyar lafiya guda biyu ta tsohuwa: readinessProbe da livenessProbe. Dukansu suna amfani da nau'ikan cak iri ɗaya (buƙatun HTTP GET, sadarwar TCP da aiwatar da umarni). Sun bambanta a irin shawarar da suke yankewa don magance matsalolin da ke cikin kwasfa. livenessProbe yana sake kunna akwati a cikin bege cewa kuskuren ba zai sake faruwa ba, kuma readinessProbe ya ware kwaf ɗin daga zirga-zirgar zirga-zirgar da ke shigowa har sai an warware matsalar.
Tsarin aikace-aikacen da ya dace yakamata ya haɗa da nau'ikan dubawa guda biyu kuma tabbatar da cewa sun tattara isassun bayanai, musamman lokacin da aka jefa keɓancewa. Hakanan ya kamata ya nuna mahimman abubuwan ƙarshen API waɗanda ke ba da tsarin kulawa (Prometheus) tare da mahimman ma'aunin lafiya.
source: www.habr.com