Hai Habr!
A ƙarshen lokacin rani, muna so mu tunatar da ku cewa muna ci gaba da aiki a kan batun kuma ya yanke shawarar buga labarin daga Stackoverflow wanda ke nuna halin da ake ciki a cikin wannan aikin a farkon watan Yuni.
Ji dadin karantawa!
A lokacin rubuta wannan labarin, shekarun Kubernetes yana kusan. , kuma a cikin shekaru biyu da suka gabata shahararsa ta karu sosai har ta kai ga tana matsayi a tsakaninta dandamali. Kubernetes ne ke matsayi na uku a bana. Don sake fasalin: Kubernetes dandamali ne da aka ƙera don gudanar da tsara kayan aikin kwantena.
Kwantena sun fara azaman ƙira na musamman don keɓance hanyoyin tafiyarwa a cikin Linux; kwantena sun haɗa tun 2007 , kuma tun 2002 - wuraren suna. An tsara kwantena mafi kyau ta 2008, lokacin da aka samu , kuma Google ya ƙera nasa tsarin haɗin gwiwar da ake kira , inda "duk aikin da ake yi a cikin kwantena." Daga nan muna ci gaba zuwa 2013, lokacin da farkon fitowar Docker ya faru, kuma kwantena a ƙarshe sun zama sanannen mafita na taro. A wancan lokacin, babban kayan aiki na ƙungiyar kaɗe-kaɗe shine , ko da yake bai shahara sosai ba. An fara fitar da Kubernetes a cikin 2015, bayan haka wannan kayan aikin ya zama ma'auni na gaskiya a fagen kade-kade.
Don ƙoƙarin fahimtar dalilin da yasa Kubernetes ya shahara sosai, bari mu yi ƙoƙarin amsa ƴan tambayoyi. Yaushe ne karo na ƙarshe da masu haɓakawa suka sami damar amincewa kan yadda ake tura aikace-aikacen zuwa samarwa? Masu haɓakawa nawa kuka san waɗanda suke amfani da kayan aikin kamar yadda aka samar dasu daga cikin akwatin? Masu kula da girgije nawa ne a yau waɗanda ba su fahimci yadda aikace-aikacen ke aiki ba? Za mu dubi amsoshin waɗannan tambayoyin a wannan talifin.
Kamfanoni a matsayin YAML
A cikin duniyar da ta tashi daga Puppet da Chef zuwa Kubernetes, ɗaya daga cikin manyan canje-canje shine ƙaura daga "kayan aiki a matsayin lambar" zuwa "kayan aiki azaman bayanai" - musamman, kamar YAML. Duk albarkatun da ke cikin Kubernetes, waɗanda suka haɗa da kwasfan fayiloli, daidaitawa, abubuwan da aka tura, kundin, da sauransu, ana iya siffanta su cikin sauƙi a cikin fayil ɗin YAML. Misali:
apiVersion: v1
kind: Pod
metadata:
name: site
labels:
app: web
spec:
containers:
- name: front-end
image: nginx
ports:
- containerPort: 80Wannan ra'ayi yana sauƙaƙa wa DevOps ko ƙwararrun SRE don bayyana cikakken aikinsu ba tare da rubuta lamba a cikin harsuna kamar Python ko Javascript ba.
Sauran fa'idodin tsara abubuwan more rayuwa azaman bayanai sun haɗa da:
- GitOps ko Git Sarrafa Sigar Ayyuka. Wannan hanyar tana ba ku damar adana duk fayilolin Kubernetes YAML a cikin ma'ajiyar git, don haka zaku iya bin daidai lokacin da aka yi canji, wanda ya yi shi, da abin da ya canza daidai. Wannan yana ƙara bayyana gaskiyar ayyuka a cikin ƙungiyar kuma yana inganta ingantaccen aiki ta hanyar kawar da shubuha, musamman a inda ma'aikata zasu nemi albarkatun da suke bukata. A lokaci guda, yana da sauƙi don yin canje-canje ta atomatik zuwa albarkatun Kubernetes ta hanyar haɗa buƙatun ja kawai.
- Ƙimar ƙarfi. Lokacin da aka ayyana albarkatu a matsayin YAML, zai zama mai matuƙar sauƙi ga masu sarrafa tari don canza lambobi ɗaya ko biyu a cikin albarkatun Kubernetes, ta haka canza yadda yake daidaitawa. Kubernetes yana ba da tsari don a kwance autoscaling na pods, wanda za a iya amfani da shi don dacewa da ƙayyadaddun abin da ake buƙata mafi ƙanƙanta da matsakaicin adadin kwasfan fayiloli a cikin ƙayyadaddun ƙayyadaddun ƙaddamarwa don ɗaukar ƙananan matakan zirga-zirga. Misali, idan kun tura wani tsari wanda ke buƙatar ƙarin ƙarfi saboda tashin hankali kwatsam a cikin zirga-zirga, to ana iya canza maxReplicas daga 10 zuwa 20:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: myapp
namespace: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp-deployment
minReplicas: 1
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50- Tsaro da gudanarwa. YAML yana da kyau don kimanta yadda ake tura abubuwa a Kubernetes. Misali, babban damuwa na tsaro ya shafi ko nauyin aikin ku yana gudana azaman mai amfani da ba mai gudanarwa ba. A wannan yanayin, muna iya buƙatar kayan aiki kamar , YAML/JSON ingantacce, da , mai tabbatar da manufofin don tabbatar da cewa mahallin nauyin aikinku baya ƙyale kwantena yayi aiki tare da gata mai gudanarwa. Idan ana buƙatar wannan, masu amfani zasu iya amfani da tsari mai sauƙi , kamar wannan:
package main
deny[msg] {
input.kind = "Deployment"
not input.spec.template.spec.securityContext.runAsNonRoot = true
msg = "Containers must not run as root"
}- Zaɓuɓɓuka don haɗawa tare da mai ba da girgije. Ɗaya daga cikin fitattun abubuwan da ke faruwa a babban fasaha na yau shine gudanar da ayyukan aiki akan masu samar da girgije na jama'a. Amfani da bangaren Kubernetes yana ba da damar kowane gungu don haɗawa tare da mai ba da girgije wanda yake gudana. Misali, idan mai amfani yana gudanar da aikace-aikace a Kubernetes akan AWS kuma yana son fallasa wannan aikace-aikacen ta hanyar sabis, mai ba da girgije yana taimakawa ƙirƙirar sabis ɗin ta atomatik.
LoadBalancerwanda zai samar da ma'aunin nauyi ta atomatik don karkatar da zirga-zirga zuwa faifan aikace-aikacen.
Faɗawa
Kubernetes yana da ƙarfi sosai kuma masu haɓakawa suna son shi. Akwai saitin albarkatun da ake da su kamar kwasfa, turawa, StatefulSets, sirrin, ConfigMaps, da dai sauransu. Gaskiya ne, masu amfani da masu haɓakawa na iya ƙara wasu albarkatu a cikin tsari .
Misali, idan muna so mu ayyana albarkatu CronTab, to za ku iya yin wani abu kamar haka:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: crontabs.my.org
spec:
group: my.org
versions:
- name: v1
served: true
storage: true
Schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
cronSpec:
type: string
pattern: '^(d+|*)(/d+)?(s+(d+|*)(/d+)?){4}$'
replicas:
type: integer
minimum: 1
maximum: 10
scope: Namespaced
names:
plural: crontabs
singular: crontab
kind: CronTab
shortNames:
- ct
Daga baya za mu iya ƙirƙirar albarkatun CronTab wani abu kamar haka:
apiVersion: "my.org/v1"
kind: CronTab
metadata:
name: my-cron-object
spec:
cronSpec: "* * * * */5"
image: my-cron-image
replicas: 5
Wani zaɓi don haɓakawa a cikin Kubernetes shine cewa mai haɓakawa na iya rubuta maganganun nasa. tsari ne na musamman a cikin gungu na Kubernetes wanda ke aiki bisa ga "" Tare da taimakon mai aiki, mai amfani zai iya sarrafa sarrafa sarrafa CRDs (ma'anar albarkatu na al'ada) ta hanyar musayar bayanai tare da Kubernetes API.
Akwai kayan aiki da yawa a cikin al'umma waɗanda ke sauƙaƙa wa masu haɓakawa don ƙirƙirar nasu ma'aikata. Tsakanin su - da nasa . Wannan SDK yana ba da tushe wanda mai haɓakawa zai iya fara ƙirƙirar mai aiki da sauri. Bari mu ce zaku iya farawa daga layin umarni kamar haka:
$ operator-sdk new my-operator --repo github.com/myuser/my-operatorWannan yana ƙirƙirar duk lambar tukunyar jirgi don ma'aikacin ku, gami da fayilolin YAML da lambar Golang:
.
|____cmd
| |____manager
| | |____main.go
|____go.mod
|____deploy
| |____role.yaml
| |____role_binding.yaml
| |____service_account.yaml
| |____operator.yaml
|____tools.go
|____go.sum
|____.gitignore
|____version
| |____version.go
|____build
| |____bin
| | |____user_setup
| | |____entrypoint
| |____Dockerfile
|____pkg
| |____apis
| | |____apis.go
| |____controller
| | |____controller.goSannan zaku iya ƙara API ɗin da ake buƙata da mai sarrafawa, kamar haka:
$ operator-sdk add api --api-version=myapp.com/v1alpha1 --kind=MyAppService
$ operator-sdk add controller --api-version=myapp.com/v1alpha1 --kind=MyAppServiceSa'an nan, a ƙarshe, tara afareta kuma aika zuwa wurin rajistar akwati:
$ operator-sdk build your.container.registry/youruser/myapp-operator
Idan mai haɓakawa yana son ƙarin iko, za a iya canza lambar tukunyar jirgi a cikin fayilolin Go. Misali, don gyara ƙayyadaddun mai sarrafawa, zaku iya yin canje-canje ga fayil ɗin controller.go.
Wani aikin , yana ba ku damar ƙirƙirar maganganu ta amfani da fayilolin YAML masu bayyanawa kawai. Misali, za a bayyana ma'aikacin Apache Kafka kusan . Tare da shi, zaku iya shigar da gunkin Kafka a saman Kubernetes tare da umarni guda biyu:
$ kubectl kudo install zookeeper
$ kubectl kudo install kafkaSannan saita shi da wani umarni:
$ kubectl kudo install kafka --instance=my-kafka-name
-p ZOOKEEPER_URI=zk-zookeeper-0.zk-hs:2181
-p ZOOKEEPER_PATH=/my-path -p BROKER_CPUS=3000m
-p BROKER_COUNT=5 -p BROKER_MEM=4096m
-p DISK_SIZE=40Gi -p MIN_INSYNC_REPLICAS=3
-p NUM_NETWORK_THREADS=10 -p NUM_IO_THREADS=20
Haɓaka
A cikin 'yan shekarun da suka gabata, manyan fitowar Kubernetes suna fitowa kowane 'yan watanni - wato, manyan fitowar uku zuwa hudu a kowace shekara. Adadin sabbin abubuwan da aka gabatar a cikin kowannensu baya raguwa. Bugu da ƙari, babu alamun raguwa ko da a cikin waɗannan lokuta masu wahala - dubi halin da ake ciki yanzu .
Sabbin iyakoki suna ba ku damar ƙara ayyuka masu sassaucin ra'ayi a kan nau'ikan ayyuka daban-daban. Bugu da kari, masu shirye-shirye suna jin daɗin iko mafi girma yayin tura aikace-aikacen kai tsaye zuwa samarwa.
Community
Wani babban al'amari na shaharar Kubernetes shine ƙarfin al'ummarta. A cikin 2015, bayan isa ga sigar 1.0, Kubernetes ya sami tallafi .
Akwai kuma al'ummomi daban-daban (Ƙungiyoyin Sha'awa na Musamman) sun mayar da hankali kan yin aiki a wurare daban-daban na Kubernetes yayin da aikin ke tasowa. Waɗannan ƙungiyoyi suna ƙara sabbin abubuwa koyaushe, suna yin aiki tare da Kubernetes mafi dacewa da dacewa.
Gidauniyar Cloud Native kuma tana karɓar bakuncin CloudNativeCon/KubeCon, wanda, a lokacin rubuce-rubuce, shine babban taron buɗe tushen a duniya. Yawanci ana gudanar da shi sau uku a shekara, yana tara dubban ƙwararru waɗanda ke son inganta Kubernetes da yanayin muhallinta, da kuma koyon sabbin abubuwa waɗanda ke bayyana kowane watanni uku.
Haka kuma, Cloud Native Foundation yana da , wanda, tare da SIGs, sake dubawa sababbi da data kasance kudade sun mayar da hankali kan yanayin yanayin girgije. Yawancin waɗannan ayyukan suna taimakawa inganta ƙarfin Kubernetes.
A ƙarshe, na yi imanin cewa Kubernetes ba zai yi nasara ba kamar yadda yake ba tare da yunƙurin fahimtar al'umma ba, inda mutane suka tsaya tare amma a lokaci guda suna maraba da sababbin shiga cikin rukunin.
Nan gaba
Ɗaya daga cikin manyan ƙalubalen da masu haɓakawa za su fuskanta a nan gaba shi ne ikon mayar da hankali kan cikakkun bayanai na code, ba a kan abubuwan da ke aiki ba. Ya dace da waɗannan abubuwan , wanda shi ne daya daga cikin manyan a yau. An riga an sami manyan tsare-tsare, misali. и , wanda ke amfani da Kubernetes don ƙaddamar da abubuwan more rayuwa daga mai haɓakawa.
A cikin wannan labarin, mun ɗan toshe saman yanayin halin da ake ciki na Kubernetes - a zahiri, ƙarshen ƙanƙara ne kawai. Masu amfani da Kubernetes suna da sauran albarkatu da dama, iyawa, da daidaitawa a wurinsu.
source: www.habr.com