Mafi kyawun ayyuka da mafi kyawun ayyuka don gudanar da kwantena da Kubernetes a cikin yanayin samarwa

Tsarin yanayin fasaha na kwantena yana haɓaka da sauri kuma yana canzawa, don haka akwai ƙarancin kyawawan ayyukan aiki a wannan yanki. Koyaya, ana ƙara amfani da Kubernetes da kwantena, duka don sabunta aikace-aikacen gado da kuma haɓaka aikace-aikacen girgije na zamani. 

tawagar Kubernetes aaS daga Mail.ru tsinkaya da aka tattara, shawarwari da mafi kyawun ayyuka ga shugabannin kasuwa daga Gartner, 451 Research, StacxRoх da sauransu. Za su taimaka da kuma hanzarta jigilar kwantena a wuraren samarwa.

Yadda Ake Sanin Idan Kamfaninku Ya Shirye Don Ajiye Kwantena A cikin Mahalli na samarwa

A cewar Gartner, a cikin 2022, fiye da 75% na kungiyoyi za su yi amfani da aikace-aikacen kwantena a samarwa. Wannan yana da mahimmanci fiye da halin yanzu, lokacin da ƙasa da 30% na kamfanoni ke amfani da irin waɗannan aikace-aikacen. 

A cewar Bincike 451Kasuwar da aka yi hasashen don aikace-aikacen fasahar kwantena a cikin 2022 zai zama dala biliyan 4,3. Wannan ya ninka adadin da aka yi hasashen a shekarar 2019, tare da haɓakar kasuwa na 30%.

В Binciken Portworx da Aqua Security 87% na masu amsa sun ce a halin yanzu suna amfani da fasahar kwantena. Don kwatanta, a cikin 2017 akwai 55% na irin waɗannan masu amsawa. 

Duk da haɓakar sha'awa da ɗaukar kwantena, shigar da su cikin samarwa yana buƙatar tsarin ilmantarwa saboda rashin balaga na fasaha da rashin sanin ya kamata. Dole ne ƙungiyoyi su kasance masu gaskiya game da hanyoyin kasuwanci waɗanda ke buƙatar ƙulla aikace-aikace. Ya kamata shugabannin IT su kimanta ko suna da fasahar da aka saita don ci gaba tare da buƙatar koyo cikin sauri. 

Masana Gartner Muna tsammanin tambayoyin da ke cikin hoton da ke ƙasa za su taimaka muku sanin ko kuna shirye don tura kwantena a samarwa:

Mafi yawan kurakurai lokacin amfani da kwantena a cikin samarwa

Kungiyoyi galibi suna raina ƙoƙarin da ake buƙata don sarrafa kwantena a cikin samarwa. Gartner ya gano Wasu kura-kurai na gama gari a yanayin abokin ciniki lokacin amfani da kwantena a wuraren samarwa:

Yadda ake kiyaye kwantena lafiya

Ba za a iya magance tsaro da "daga baya". Dole ne a gina shi a cikin tsarin DevOps, wanda shine dalilin da ya sa akwai ma wani lokaci na musamman - DevSecOps. Ƙungiyoyi suna buƙatar tsarawa kare yanayin kwandon ku a duk tsawon rayuwar ci gaba, wanda ya haɗa da tsarin ginawa da haɓakawa, ƙaddamarwa da ƙaddamar da aikace-aikacen.

Shawarwari daga Gartner: 

1. Haɓaka tsarin bincika hotunan aikace-aikacen don lahani cikin bututun haɗin kai/ci gaba da bayarwa (CI/CD). Ana duba aikace-aikacen a lokacin gina software da matakan ƙaddamarwa. Ƙaddamar da buƙatar dubawa da gano abubuwan buɗaɗɗen tushen tushe, ɗakunan karatu, da tsarin aiki. Masu haɓakawa suna amfani da tsofaffi, nau'ikan masu rauni shine ɗayan manyan abubuwan da ke haifar da raunin kwantena.
2. Inganta tsarin ku tare da gwajin Cibiyar Tsaro ta Intanet (CIS), waɗanda suke don duka Docker da Kubernetes.
3. Tabbatar tabbatar da aiwatar da ikon shiga, tabbatar da raba ayyuka, da aiwatar da manufofin sarrafa sirri. Bayani mai ma'ana, kamar maɓallan Secure Sockets Layer (SSL) ko bayanan bayanan bayanai, mawaƙa ko sabis na gudanarwa na ɓangare na uku ne ke ɓoye su kuma fallasa su a lokacin aiki.
4. Guji manyan kwantena ta hanyar sarrafa manufofin tsaro don rage haɗarin keta haddi.
5. Yi amfani da kayan aikin tsaro waɗanda ke ba da jerin saɓo, saka idanu na ɗabi'a, da gano ɓarna don hana ayyukan mugunta.

Shawarwari daga StacxRox:

1. Yi amfani da ginanniyar damar Kubernetes. Saita dama ga masu amfani ta amfani da matsayin. Tabbatar cewa ba ku ba da izini mara amfani ga ƙungiyoyi ɗaya ba, kodayake yana iya ɗaukar ɗan lokaci don yin tunani ta mafi ƙarancin izini da ake buƙata. Yana iya zama abin sha'awa don baiwa mai gudanarwa ta gungu damammaki saboda wannan yana adana lokaci da farko. Koyaya, duk wani sulhu ko kuskure a cikin asusun na iya haifar da mummunan sakamako daga baya. 
2. Guji kwafin samun izini. Wani lokaci yana iya zama da amfani a sami nau'i daban-daban a zoba, amma wannan na iya haifar da al'amurran da suka shafi aiki da kuma haifar da makafi lokacin cire izini. Hakanan yana da mahimmanci a cire ayyukan da ba a yi amfani da su ba.
3. Saita manufofin cibiyar sadarwa: keɓance kayayyaki don iyakance isa gare su; ba da izinin shiga Intanet a sarari ga waɗannan nau'ikan da ke buƙatar ta ta amfani da tags; Ba da izinin sadarwa a sarari tsakanin waɗannan nau'ikan da ke buƙatar sadarwa tare da juna. 

Yadda za a tsara lura da kwantena da ayyuka a cikin su

Tsaro da Kulawa - manyan matsalolin kamfanoni lokacin tura Kubernetes gungu. Masu haɓakawa koyaushe suna mai da hankali kan fasalulluka na aikace-aikacen da suke haɓaka maimakon bangarorin saka idanu wadannan aikace-aikace. 

Shawarwari daga Gartner:

1. Yi ƙoƙarin saka idanu akan yanayin kwantena ko sabis a cikin su tare da sa ido kan tsarin runduna.
2. Nemo dillalai da kayan aiki tare da zurfin haɗin kai cikin ƙungiyar makaɗa, musamman Kubernetes.
3. Zaɓi kayan aikin da ke ba da cikakken shiga, gano sabis na atomatik, da shawarwari na ainihi ta amfani da nazari da/ko koyan inji.

Shafin yanar gizo na SolarWinds yana ba da shawara:

1. Yi amfani da kayan aikin don ganowa da bin diddigin awo ta atomatik, daidaita matakan aiki kamar CPU, ƙwaƙwalwar ajiya, da lokacin aiki.
2. Tabbatar da mafi kyawun tsara iyawa ta hanyar tsinkayar iyawar kwanakin da aka dogara akan ma'aunin sa ido kan akwati.
3. Saka idanu kan aikace-aikacen kwantena don samuwa da aiki, masu amfani ga duka tsara iya aiki da kuma magance matsalolin ayyuka.
4. Aiwatar da ayyukan aiki ta atomatik ta hanyar samar da kulawa da goyan bayan ƙima ga kwantena da mahalli na baƙi.
5. Ikon samun dama ta atomatik don saka idanu kan tushen mai amfani, kashe tsoffin asusun baƙo, da cire abubuwan da ba dole ba.
6. Tabbatar cewa kayan aikin ku na iya saka idanu akan waɗannan kwantena da aikace-aikace a cikin mahalli da yawa (girgije, kan-gida, ko matasan) don hange da aikin ma'auni a cikin abubuwan more rayuwa, cibiyar sadarwa, tsarin, da aikace-aikace.

Yadda ake adana bayanai da tabbatar da tsaron sa

Tare da haɓakar kwantena na ma'aikata na jihohi, abokan ciniki suna buƙatar la'akari da kasancewar bayanai a wajen mai watsa shiri da kuma buƙatar kare wannan bayanan. 

A cewar Binciken Portworx da Aqua Security, Tsaron bayanai ya wuce jerin matsalolin tsaro da aka ambata a cikin mafi yawan masu amsa (61%). 

Rufe bayanan shine babban dabarun tsaro (64%), amma masu amsa kuma suna amfani da saka idanu na lokacin aiki

(49%), yin rajistar rajista don raunin rauni (49%), duban lahani a cikin bututun CI/CD (49%), da toshe abubuwan da ba su da kyau ta hanyar kariya ta lokacin aiki (48%).

Shawarwari daga Gartner:

1. Zaɓi mafita na ajiya da aka gina akan ka'idodi microservice architecture. Zai fi kyau a mai da hankali kan waɗanda suka cika buƙatun ajiyar bayanan don sabis na kwantena, masu zaman kansu na kayan aiki, API kora, suna da tsarin gine-ginen da aka rarraba, tallafawa tura gida da turawa a cikin girgijen jama'a.
2. Guji plugins na mallakar mallaka da musaya. Zaɓi dillalai waɗanda ke ba da haɗin kai na Kubernetes da goyan bayan daidaitattun musaya kamar CSI (Ma'ajin Ma'ajiyar Kwantena).

Yadda ake aiki da cibiyoyin sadarwa

Samfurin cibiyar sadarwa na al'ada, inda ƙungiyoyin IT suka ƙirƙira ci gaba ta hanyar sadarwa, gwaji, tabbacin inganci, da yanayin samarwa don kowane aikin, ba koyaushe ya dace da ci gaba da ayyukan ci gaba ba. Bugu da kari, cibiyoyin sadarwar kwantena sun mamaye yadudduka da yawa.

В blog Magalix tattara manyan ƙa'idodi waɗanda dole ne aiwatar da tsarin hanyar haɗin gwiwa ya bi:

1. Pods ɗin da aka tsara akan kulli ɗaya dole ne su sami damar sadarwa tare da wasu kwasfan fayiloli ba tare da amfani da NAT (Fassara Adireshin Yanar Gizo ba).
2. Duk daemons na tsarin (tsarin baya kamar kubelet) masu gudana akan wani kumburi na iya sadarwa tare da kwas ɗin da ke gudana akan kulli ɗaya.
3. Pods amfani cibiyar sadarwa, dole ne ya iya sadarwa tare da duk sauran kwasfan fayiloli akan duk sauran nodes ba tare da amfani da NAT ba. Da fatan za a lura cewa sadarwar mai masaukin baki ana tallafawa ne kawai akan rundunonin Linux.

Dole ne a haɗa hanyoyin haɗin yanar gizo tare da manyan tsare-tsare da manufofin Kubernetes. Shugabannin IT yakamata suyi ƙoƙari don babban matakin sarrafa kansa na cibiyar sadarwa da samar da masu haɓaka kayan aikin da suka dace da isasshen sassauci.

Shawarwari daga Gartner:

1. Nemo idan CaaS naku (kwantena azaman sabis) ko SDN ɗinku (Ƙararren Ƙididdiga na Software) yana goyan bayan cibiyoyin sadarwar Kubernetes. Idan ba haka ba ko tallafin bai isa ba, yi amfani da hanyar sadarwar hanyar sadarwa ta CNI (Container Network Interface) don kwantenan ku, wanda ke goyan bayan mahimman ayyuka da manufofin.
2. Tabbatar cewa CaaS ko PaaS (dandamali azaman sabis) yana goyan bayan ƙirƙira masu sarrafa ingress da/ko masu daidaita ma'auni waɗanda ke rarraba zirga-zirgar zirga-zirga mai shigowa tsakanin nodes ɗin tari. Idan wannan ba zaɓi bane, bincika ta amfani da wakilai na ɓangare na uku ko meshes na sabis.
3. Horar da injiniyoyin cibiyar sadarwar ku akan hanyoyin sadarwar Linux da kayan aikin sarrafa kansa don rage tazarar ƙwarewa da ƙara ƙarfin aiki.

Yadda ake sarrafa tsarin rayuwar aikace-aikacen

Don isar da aikace-aikacen kai tsaye da mara sumul, kuna buƙatar haɓaka ƙungiyar kade-kaɗe da sauran kayan aikin sarrafa kansa, kamar kayayyakin more rayuwa kamar samfuran lamba (IaC). Waɗannan sun haɗa da Chef, Puppet, Mai yiwuwa da Terraform. 

Ana kuma buƙatar kayan aikin atomatik don ginawa da fitar da aikace-aikace (duba"Magic Quadrant don Aikace-aikacen Sakin Orchestration"). Kwantenan kuma suna ba da damar haɓaka kwatankwacin waɗanda ake da su yayin tura injina (VMs). Don haka, dole ne shugabannin IT su kasance kayan aikin sarrafa rayuwar kwantena.

Shawarwari daga Gartner:

1. Saita ma'auni don hotunan kwantena bisa girman, lasisi, da sassauƙa don masu haɓakawa don ƙara abubuwan haɗin gwiwa.
2. Yi amfani da tsarin sarrafa sanyi don sarrafa rayuwar kwantena waɗanda ke daidaitawa bisa tushen hotunan da ke cikin wuraren ajiyar jama'a ko masu zaman kansu.
3. Haɗa dandali na CaaS ɗinku tare da kayan aikin sarrafa kansa don sarrafa dukkan ayyukan aikace-aikacenku.

Yadda ake sarrafa kwantena tare da makada

Ana samar da ainihin aikin don tura kwantena a ƙungiyar makaɗa da tsarawa. A lokacin tsarawa, ana sanya kwantena a kan mafi kyawun runduna a cikin gungu, kamar yadda buƙatun Layer na ƙungiyar kade-kade ta faɗa. 

Kubernetes ya zama ma'aunin kade-kaden kwantena tare da al'umma mai aiki kuma galibin manyan dillalai na kasuwanci suna tallafawa. 

Shawarwari daga Gartner:

1. Ƙayyade ainihin buƙatun don kulawar tsaro, saka idanu, gudanar da manufofi, dagewar bayanai, hanyar sadarwa da sarrafa rayuwar kwantena.
2. Dangane da waɗannan buƙatun, zaɓi kayan aikin da ya dace da buƙatun ku kuma yi amfani da lokuta.
3. Yi amfani da binciken Gartner (duba"Yadda za a zaɓi samfurin tura Kubernetes") don fahimtar ribobi da fursunoni na nau'ikan tura Kubernetes daban-daban kuma zaɓi mafi kyawun aikace-aikacen ku.
4. Zaɓi mai ba da sabis wanda zai iya samar da ƙaƙƙarfan ƙungiyar makaɗa don kwantena na aiki a cikin mahalli da yawa tare da haɗin kai mara kyau, tsare-tsaren gudanarwa na gama-gari, da daidaitattun samfuran farashi.

Yadda ake amfani da damar masu samar da girgije

Gartner ya yi imanicewa sha'awar tura kwantena a kan girgijen jama'a IaaS yana haɓaka saboda kasancewar shirye-shiryen ƙonawa na CaaS, da kuma haɗaɗɗun waɗannan abubuwan kyauta tare da sauran samfuran da masu samar da girgije ke bayarwa.

Gizagizai na IaaS suna ba da amfani da albarkatun da ake buƙata, saurin haɓakawa da haɓakawa gudanar da sabis, wanda zai taimaka wajen kauce wa buƙatar zurfin ilimin abubuwan more rayuwa da kiyaye su. Yawancin masu samar da girgije suna ba da sabis na sarrafa kwantena, wasu kuma suna ba da zaɓuɓɓukan ƙungiyar kade-kade da yawa. 

Ana gabatar da mahimmin masu samar da sabis na girgije a cikin tebur: 

Mai ba da girgije
Nau'in sabis
Samfura/sabis

Alibaba
Sabis na Cloud na asali
Alibaba Cloud Container Service, Alibaba Cloud Container Service na Kubernetes

Amazon Web Services (AWS)
Sabis na Cloud na asali
Amazon Elastic Container Services (ECS), Amazon ECS don Kubernetes (EKS), AWS Fargate

Giant Swarm
MSP
Giant Swarm Manajan Kayan Aikin Kubernetes

Google
Sabis na Cloud na asali
Injin Kwantena na Google (GKE)

IBM
Sabis na Cloud na asali
IBM Cloud Kubernetes Service

Microsoft
Sabis na Cloud na asali
Sabis na Azure Kubernetes, Fabric Sabis na Azure

Oracle
Sabis na Cloud na asali
Injin Kwantena na OCI don Kubernetes

Platform9
MSP
Kubernetes Gudanarwa

Red Hat
Sabis Mai Gudanarwa
OpenShift Dedicated & Online

VMware
Sabis Mai Gudanarwa
Cloud PKS (Beta)

Mail.ru Cloud Solutions*
Sabis na Cloud na asali
Mail.ru Cloud Containers

* Ba za mu ɓoye shi ba, mun ƙara kanmu anan yayin fassarar :)

Masu samar da gajimare na jama'a kuma suna ƙara sabbin iya aiki da sakin samfuran kan-gida. A nan gaba, masu samar da girgije za su haɓaka goyon baya ga gajimare masu tasowa da kuma mahalli masu yawa. 

Shawarwari na Gartner:

1. Haƙiƙa kimanta ikon ƙungiyar ku don turawa da sarrafa kayan aikin da suka dace, kuma kuyi la'akari da madadin sabis ɗin sarrafa kwantena na girgije.
2. Zaɓi software a hankali, yi amfani da buɗaɗɗen tushen inda zai yiwu.
3. Zaɓi masu samarwa tare da samfuran aiki gama gari a cikin mahalli masu haɗaka waɗanda ke ba da rukunin sarrafa gilashin ƙungiyoyin tarayya, da kuma masu samarwa waɗanda ke sauƙaƙa mai ɗaukar nauyin IaaS.

Wasu nasihu don zaɓar mai bada Kubernetes aaS daga gidan yanar gizon Replex:

1. Yana da daraja neman rarrabawa waɗanda ke goyan bayan babban samuwa daga cikin akwatin. Wannan ya haɗa da goyan baya ga manyan gine-ginen gine-gine da yawa, abubuwan da ake samu da dai sauransu, da madadin da murmurewa.
2. Don tabbatar da motsi a cikin wuraren Kubernetes, yana da kyau a zaɓi masu samar da girgije waɗanda ke tallafawa nau'ikan nau'ikan turawa, daga kan-gida zuwa gauraye zuwa gajimare da yawa. 
3. Hakanan ya kamata a kimanta sadaukarwar mai bayarwa bisa sauƙi na saiti, shigarwa, da ƙirƙirar tari, da sabuntawa, saka idanu, da warware matsala. Babban abin da ake buƙata shine tallafawa cikakken sabuntawar tari mai sarrafa kansa tare da lokacin raguwar sifili. Maganin da kuka zaɓa ya kamata kuma ya ba ku damar gudanar da sabuntawa da hannu. 
4. Bambance-bambance da gudanarwa suna da mahimmanci ta fuskar tsaro da shugabanci. Tabbatar cewa rarraba Kubernetes da kuka zaɓa yana goyan bayan haɗin kai tare da kayan aikin tantancewa da izini da kuke amfani da su a ciki. RBAC da ingantaccen sarrafa damar shiga suma mahimman abubuwan sifofi ne.
5. Rarraba da ka zaɓa dole ne ko dai ya sami hanyar sadarwa ta ƙayyadaddun ƙayyadaddun software na asali wanda ya ƙunshi buƙatu da yawa daga aikace-aikace daban-daban ko abubuwan more rayuwa, ko goyan bayan ɗaya daga cikin shahararrun tsarin sadarwar tushen CNI, gami da Flannel, Calico, kube-router, ko OVN. .

Gabatar da kwantena a cikin samarwa yana zama babban jagora, kamar yadda sakamakon binciken da aka gudanar ya tabbatar Zaman Gartner akan abubuwan more rayuwa, ayyuka da dabarun girgije (IOCS) a cikin Disamba 2018:

Kamar yadda kake gani, 27% na masu amsa sun riga sun yi amfani da kwantena a cikin aikinsu, kuma 63% suna shirin yin hakan.

В Binciken Portworx da Aqua Security 24% na masu amsa sun ba da rahoton zuba jari fiye da rabin dala miliyan a kowace shekara kan fasahar kwantena, kuma 17% na masu amsa sun kashe fiye da dala miliyan a kowace shekara a kansu. 

Labarin da ƙungiyar dandamalin girgije ta shirya Mail.ru Cloud Solutions.

Me kuma za a karanta a kan batun:

1. Mafi kyawun Ayyuka na DevOps: Rahoton DORA.
2. Kubernetes a cikin ruhin satar fasaha tare da samfuri don aiwatarwa.
3. 25 Amfanin Kaya don Kubernetes Aiwatar da Talla.

source: www.habr.com