Matsalar tare da ingantaccen aikace-aikace a cikin Kubernetes
Haɓaka, ƙaddamarwa da ƙara ƙima na aikace-aikace da ayyuka yana da sauƙi idan ya zo ga shari'o'in da aka rarraba a matsayin marasa jiha, watau. ba tare da ajiye bayanai ba. Ya dace don gudanar da irin waɗannan ayyuka a Kubernetes, ta amfani da daidaitattun APIs, saboda duk abin da ke faruwa "daga cikin akwatin": bisa ga daidaitattun saitunan, ba tare da haɗa wani takamaiman bayani ko sihiri ba.
A taƙaice, don ƙaddamar da ƙarin kwafi biyar na baya a cikin PHP/Ruby/Python a cikin tarin kwantena, kawai kuna buƙatar saita sabon uwar garken sau 5 kuma kwafi tushen. Tunda lambar tushe da rubutun init duka suna cikin hoton, ƙaddamar da aikace-aikacen da ba ta da ƙasa ya zama na farko. Kamar yadda magoya bayan kwantena da gine-ginen microservice suka sani sosai, wahalar ta fara da m apps, i.e. tare da dagewar bayanai kamar rumbun adana bayanai da caches (MySQL, PostgreSQL, Redis, ElasticSearch, Cassandra...). Wannan ya shafi duka software guda biyu waɗanda ke aiwatar da gungu na ƙididdiga (misali, Percona XtraDB da Cassandra), da software waɗanda ke buƙatar kayan aikin gudanarwa daban (kamar Redis, MySQL, PostgreSQL...).
Matsaloli sun taso saboda lambar tushe da ƙaddamar da sabis ɗin ba su isa ba - kuna buƙatar yin wasu ƙarin matakai. Aƙalla, kwafi bayanan da/ko shiga tarin. Hakazalika, waɗannan sabis ɗin suna buƙatar fahimtar yadda za a daidaita daidaitattun, sabuntawa da sake saita su ba tare da asarar bayanai ko samuwar ɗan lokaci ba. Yin la'akari da waɗannan buƙatun ana kiransa "ilimin aiki".
CoreOS Operators
Domin "shirya" ilimin aiki, ƙarshen shekarar da ta gabata aikin CoreOS "sabon aji na software" don dandalin Kubernetes - Masu aiki (daga Turanci "aiki", watau "aiki").
Ma'aikata masu amfani da haɓaka ainihin damar Kubernetes (ciki har da. Saitunan Jiha, duba bambancin da ke ƙasa) ƙyale ƙwararrun DevOps don ƙara ilimin aiki zuwa lambar aikace-aikacen.
Manufar Mai Aiki - samar da mai amfani da API wanda ke ba ku damar sarrafa ƙungiyoyin aikace-aikacen da yawa a cikin gungu na Kubernetes, ba tare da tunanin abin da ke ƙarƙashin hular ba (abin da bayanai da abin da za a yi da shi, waɗanne umarni har yanzu suna buƙatar aiwatar da su don kula da gungu). ). A haƙiƙa, an ƙirƙiri Operator don sauƙaƙa aiki tare da aikace-aikacen a cikin gungu gwargwadon yuwuwa, yana sarrafa aiwatar da ayyukan aiki waɗanda a baya dole ne a warware su da hannu.
Yadda Masu Aiki suke Aiki
ReplicaSets Kubernetes yana ba ku damar ƙididdige adadin da ake so na kwasfan fayiloli masu gudana, kuma masu sarrafawa suna tabbatar da cewa an kiyaye lambar su (ta hanyar ƙirƙira da share kwasfan fayiloli). Mai aiki yana aiki a irin wannan hanya, yana ƙara saitin ilimin aiki zuwa daidaitaccen albarkatun Kubernetes da mai sarrafawa wanda ke ba ku damar yin ƙarin ayyuka don tallafawa adadin abubuwan da ake buƙata na aikace-aikacen.
Yaya wannan ya bambanta da Saitunan Jiha, An tsara don aikace-aikacen da ke buƙatar gungu don samar musu da albarkatun ƙasa kamar ajiyar bayanai ko IPs na tsaye? Don irin waɗannan aikace-aikacen, Masu aiki zasu iya amfani da su Saitunan Jiha (maimakon ReplicaSets) a matsayin tushe, bayarwa ƙarin aiki da kai: aiwatar da ayyukan da suka wajaba idan akwai haɗari, yin ajiyar kuɗi, sabunta tsarin, da sauransu.
Sabili da haka, yaya duk wannan aiki? Mai aiki daemon manaja ne wanda:
- biyan kuɗi zuwa taron API a Kubernetes;
- yana karɓar bayanai daga gare ta game da tsarin (game da shi ReplicaSets, pods, sabis da sauransu.);
- yana karɓar bayanai game da Albarkatun ɓangare na uku (duba misalan da ke ƙasa);
- amsa ga bayyanar/canji Albarkatun ɓangare na uku (misali, don canza girman, canza sigar, da sauransu);
- yana amsa canje-canje a yanayin tsarin (game da shi ReplicaSets, pods, sabis da sauransu.);
- mafi mahimmanci:
- kira kan Kubernetes API don ƙirƙirar duk abin da yake buƙata (sake, nasa ReplicaSets, pods, sabis...),
- yana yin wasu sihiri (don sauƙaƙa, kuna iya tunanin cewa Operator ya shiga cikin kwas ɗin da kansa ya kira umarni, alal misali, don shiga tari ko haɓaka tsarin bayanai lokacin sabunta sigar).
A zahiri, kamar yadda ake iya gani daga hoton, aikace-aikacen daban yana ƙara kawai zuwa Kubernetes (na yau da kullun girke с ReplicaSet), wanda ake kira Operator. Yana zaune a cikin kwasfa na yau da kullun (yawanci guda ɗaya) kuma, a matsayin mai mulkin, yana da alhakin kawai Wurin Yanar Gizo. Wannan aikace-aikacen mai aiki yana aiwatar da API ɗin sa - kodayake ba kai tsaye ba, amma ta hanyar Albarkatun ɓangare na uku in Kubernetes.
Don haka, bayan mun yi halitta a Wurin Yanar Gizo Mai aiki, za mu iya ƙara zuwa gare shi Albarkatun ɓangare na uku.
Misali ga etcd (duba ƙasa don cikakkun bayanai):
apiVersion: etcd.coreos.com/v1beta1
kind: Cluster
metadata:
name: example-etcd-cluster
spec:
size: 3
version: 3.1.0
Misali na Elasticsearch:
apiVersion: enterprises.upmc.com/v1
kind: ElasticsearchCluster
metadata:
name: example-es-cluster
spec:
client-node-replicas: 3
master-node-replicas: 2
data-node-replicas: 3
zones:
- us-east-1c
- us-east-1d
- us-east-1e
data-volume-size: 10Gi
java-options: "-Xms1024m -Xmx1024m"
snapshot:
scheduler-enabled: true
bucket-name: elasticsnapshots99
cron-schedule: "@every 2m"
storage:
type: gp2
storage-class-provisioner: kubernetes.io/aws-ebs
Abubuwan da ake buƙata don Masu aiki
CoreOS ya tsara babban tsarin da injiniyoyi suka samu yayin aiki akan Masu aiki. Duk da cewa duk Ma'aikata na mutum ne (wanda aka ƙirƙira don takamaiman aikace-aikacen tare da halayensa da buƙatunsa), ƙirƙirar su dole ne a dogara da wani nau'in tsarin da ke ƙulla waɗannan buƙatu:
- Dole ne a yi shigarwa ta hanyar guda ɗaya girke: kubectl ƙirƙira -f SAME_OPERATOR_URL/deployment.yaml - kuma baya buƙatar ƙarin ayyuka.
- Lokacin shigar da Operator a Kubernetes, dole ne a ƙirƙiri sabon nau'in ɓangare na uku (ThirdPartyResource). Don ƙaddamar da misalan aikace-aikacen (misali gungu) da kuma ci gaba da sarrafa su (sabuntawa, sake fasalin, da sauransu), mai amfani zai yi amfani da wannan nau'in.
- A duk lokacin da zai yiwu, ya kamata ku yi amfani da abubuwan da aka gina a cikin Kubernetes, kamar sabis и ReplicaSetsdon amfani da ingantaccen gwajin da kuma fahimta code.
- Yana buƙatar daidaitawar Ma'aikata na baya da goyan baya ga tsofaffin nau'ikan albarkatun da mai amfani ya ƙirƙira.
- Idan an cire Operator, aikace-aikacen kanta yakamata ya ci gaba da aiki ba tare da canje-canje ba.
- Ya kamata masu amfani su iya ayyana sigar aikace-aikacen da ake so da kuma tsara sabunta sigar aikace-aikacen. Rashin sabunta software shine tushen gama gari na matsalolin aiki da tsaro, don haka Masu aiki dole ne su taimaka wa masu amfani a wannan lamarin.
- Ya kamata a gwada masu aiki da kayan aiki kamar Chaos Monkey, wanda ke gano yuwuwar gazawar a cikin kwasfa, daidaitawa, da hanyar sadarwa.
etcd Operator
Misalin Aiwatar da Mai aiki - Mai aiki da sauransu, a ranar da aka bayyana wannan ra'ayi. Tsarin gungu na etcd na iya zama mai sarƙaƙiya saboda buƙatar kiyaye ƙididdiga, buƙatar sake saita membobin tari, ƙirƙirar madogara, da sauransu. Misali, ƙirƙira gungu da sauransu da hannu yana nufin cewa kana buƙatar ƙirƙirar sunan DNS don sabon memba na tari, fara sabon mahaluƙi da sauransu, da faɗakar da gungu game da sabon memba (etcdctl memba ƙara). A cikin yanayin Operator, mai amfani zai buƙaci canza girman gungu - duk abin da zai faru ta atomatik.
Kuma tunda an ƙirƙiri etcd a cikin CoreOS, yana da ma'ana sosai don ganin Mai sarrafa sa ya fara bayyana. Ta yaya yake aiki? Mai aiki dabaru da dai sauransu an ƙaddara ta sassa uku:
- Kula. Mai aiki yana lura da yanayin gungu ta amfani da Kubernetes API.
- Bincike. Nemo bambance-bambance tsakanin halin yanzu da wanda ake so (wanda aka ayyana ta tsarin mai amfani).
- Aiki. Yana magance bambance-bambancen da aka gano ta amfani da etcd da/ko APIs sabis na Kubernetes.
Don aiwatar da wannan dabaru, an shirya ayyuka a cikin Mai aiki Ƙirƙiri/Rusa (ƙirƙira da gogewa da sauransu cluster members) da Ragewa (canza adadin membobin tari). An duba ingancin aikinsa ta hanyar amfani da kayan aiki da aka ƙirƙira ta kamannin Chaos Monkey daga Netflix, watau. kashe da dai sauransu ba da gangan ba.
Don cikakken aiki na etcd, Mai aiki yana ba da ƙarin fasali: Ajiyayyen (atomatik da ganuwa ga masu amfani ƙirƙirar kwafin madadin - a cikin saitin ya isa ya ƙayyade sau nawa za a yi su da nawa don adanawa - da kuma dawo da bayanan daga gare su). inganci (sabuntawa etcd shigarwa ba tare da downtime).
Yaya aiki da Operator yayi kama?
$ kubectl create -f https://coreos.com/operators/etcd/latest/deployment.yaml
$ kubectl create -f https://coreos.com/operators/etcd/latest/example-etcd-cluster.yaml
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
etcd-cluster-0000 1/1 Running 0 23s
etcd-cluster-0001 1/1 Running 0 16s
etcd-cluster-0002 1/1 Running 0 8s
etcd-cluster-backup-tool-rhygq 1/1 Running 0 18s
Matsayi na yanzu na etcd Operator sigar beta ne, yana buƙatar Kubernetes 1.5.3+ da sauransu 3.0+ don gudana. Lambar tushe da takaddun (gami da umarnin amfani) suna samuwa a .
An ƙirƙiri wani misali aiwatarwa daga CoreOS - , amma har yanzu yana cikin sigar alpha (ba a aiwatar da duk abubuwan da aka tsara ba).
Matsayi da al'amura
Watanni 5 sun shude tun bayan sanarwar Ma'aikatan Kubernetes. Har yanzu akwai aiwatarwa guda biyu kawai a cikin ma'ajin CoreOS na hukuma (na etcd da Prometheus). Dukansu ba su kai ga tsayayyen juzu'insu ba, amma ana lura da ayyukan yau da kullun.
Masu haɓakawa suna hasashen "makomar da masu amfani za su shigar da Ma'aikatan Postgres, Cassandra Operators ko Redis Operators akan gungu na Kubernetes kuma suyi aiki tare da ma'auni na waɗannan aikace-aikacen cikin sauƙi kamar yadda ake tura kwafin aikace-aikacen gidan yanar gizo marasa ƙasa a yau." Na farko Masu aiki daga masu haɓakawa na ɓangare na uku da gaske ya fara bayyana:
- daga Kamfanonin UPMC;
- daga Crunchy Data (an sanar da ƙarshen Maris 2017);
- daga mawallafin tsarin ajiyar bayanai da aka rarraba bisa Ceph (Rook yana cikin matsayi na alpha);
- daga SAP CCloud.
A babban taron software na kyauta na Turai FOSDEM, wanda ya gudana a cikin Fabrairu 2017 a Brussels, Josh Wood daga CoreOS ya sanar da Masu aiki a cikin (yana samun bidiyo a hanyar haɗin yanar gizo!), Wanda yakamata ya ba da gudummawa ga haɓakar shaharar wannan ra'ayi a cikin al'umman Buɗaɗɗen Tushen.
PS Na gode da sha'awar ku ga labarin! Kuyi subscribing din mu, Don kada ku rasa sababbin kayan aiki da girke-girke akan DevOps da GNU/Linux tsarin gudanarwa - za mu buga su akai-akai!
source: www.habr.com