A baya lokacin da Kubernetes ya kasance v1.0.0, akwai plugins na ƙara. Ana buƙatar su don haɗa tsarin zuwa Kubernetes don adana bayanan kwantena na dindindin (na dindindin). Adadin su karami ne, kuma daga cikin na farko akwai masu samar da ajiya kamar GCE PD, Ceph, AWS EBS da sauransu.
An ba da plugins tare da Kubernetes, wanda shine dalilin da ya sa suka sami sunan su - in-itace. Koyaya, ga mutane da yawa, saitin irin waɗannan plugins ɗin ya zama bai isa ba. Masu sana'a sun ƙara plugins masu sauƙi zuwa Kubernetes core ta yin amfani da faci, bayan haka sun tattara nasu Kubernetes kuma suka sanya shi a kan sabobin su. Amma bayan lokaci, masu haɓaka Kubernetes sun fahimci hakan kifi matsalar ba za a iya magance. Mutane suna bukata kamun kifi. Kuma a cikin sakin Kubernetes v1.2.0 ya bayyana ...
Flexvolume plugin: ƙaramin sandar kamun kifi
Masu haɓaka Kubernetes sun ƙirƙiri plugin ɗin FlexVolume, wanda shine tsarin ma'ana na masu canji da hanyoyin aiki tare da direbobin Flexvolume waɗanda masu haɓaka ɓangare na uku suka aiwatar.
Bari mu tsaya mu kalli abin da direban FlexVolume yake. Wannan tabbatacciyar fayil mai aiwatarwa (fayil ɗin binary, rubutun Python, rubutun Bash, da sauransu), wanda, lokacin da aka aiwatar da shi, yana ɗaukar gardamar layin umarni azaman shigarwa kuma yana mayar da saƙo tare da filayen da aka riga aka sani a cikin tsarin JSON. Ta hanyar al'ada, hujjar layin umarni na farko koyaushe hanya ce, sauran gardama kuma su ne sigoginsa.
Tsarin haɗin kai don CIFS Hannun jari a cikin OpenShift. Direba Flexvolume - Dama a cikin Cibiyar
Mafi ƙarancin tsarin hanyoyin ya yi kama da wannan:
flexvolume_driver mount # отвечает за присоединение тома к pod'у
# Формат возвращаемого сообщения:
{
"status": "Success"/"Failure"/"Not supported",
"message": "По какой причине был возвращен именно такой статус",
}
flexvolume_driver unmount # отвечает за отсоединение тома от pod'а
# Формат возвращаемого сообщения:
{
"status": "Success"/"Failure"/"Not supported",
"message": "По какой причине был возвращен именно такой статус",
}
flexvolume_driver init # отвечает за инициализацию плагина
# Формат возвращаемого сообщения:
{
"status": "Success"/"Failure"/"Not supported",
"message": "По какой причине был возвращен именно такой статус",
// Определяет, использует ли драйвер методы attach/deatach
"capabilities":{"attach": True/False}
}
Amfani da Hanyoyi attach и detach zai ayyana yanayin da kubelet zai yi aiki a nan gaba lokacin kiran direban. Akwai kuma hanyoyi na musamman expandvolume и expandfs, waɗanda ke da alhakin daidaita girman ƙarar.
A matsayin misali na canje-canjen da hanyar ke ƙarawa expandvolume, kuma tare da shi ikon sake girman kundin a ainihin lokacin, zaku iya fahimtar kanku da a cikin Rook Ceph Operator.
Kuma ga misalin aiwatar da direban Flexvolume don aiki tare da NFS:
usage() {
err "Invalid usage. Usage: "
err "t$0 init"
err "t$0 mount <mount dir> <json params>"
err "t$0 unmount <mount dir>"
exit 1
}
err() {
echo -ne $* 1>&2
}
log() {
echo -ne $* >&1
}
ismounted() {
MOUNT=`findmnt -n ${MNTPATH} 2>/dev/null | cut -d' ' -f1`
if [ "${MOUNT}" == "${MNTPATH}" ]; then
echo "1"
else
echo "0"
fi
}
domount() {
MNTPATH=$1
NFS_SERVER=$(echo $2 | jq -r '.server')
SHARE=$(echo $2 | jq -r '.share')
if [ $(ismounted) -eq 1 ] ; then
log '{"status": "Success"}'
exit 0
fi
mkdir -p ${MNTPATH} &> /dev/null
mount -t nfs ${NFS_SERVER}:/${SHARE} ${MNTPATH} &> /dev/null
if [ $? -ne 0 ]; then
err "{ "status": "Failure", "message": "Failed to mount ${NFS_SERVER}:${SHARE} at ${MNTPATH}"}"
exit 1
fi
log '{"status": "Success"}'
exit 0
}
unmount() {
MNTPATH=$1
if [ $(ismounted) -eq 0 ] ; then
log '{"status": "Success"}'
exit 0
fi
umount ${MNTPATH} &> /dev/null
if [ $? -ne 0 ]; then
err "{ "status": "Failed", "message": "Failed to unmount volume at ${MNTPATH}"}"
exit 1
fi
log '{"status": "Success"}'
exit 0
}
op=$1
if [ "$op" = "init" ]; then
log '{"status": "Success", "capabilities": {"attach": false}}'
exit 0
fi
if [ $# -lt 2 ]; then
usage
fi
shift
case "$op" in
mount)
domount $*
;;
unmount)
unmount $*
;;
*)
log '{"status": "Not supported"}'
exit 0
esac
exit 1Don haka, bayan shirya ainihin fayil ɗin aiwatarwa, kuna buƙatar loda direban zuwa gunkin Kubernetes. Dole ne direba ya kasance a kan kowane kullin gungu bisa ƙayyadaddun hanya. Ta hanyar tsoho an zaɓi shi:
/usr/libexec/kubernetes/kubelet-plugins/volume/exec/имя_поставщика_хранилища~имя_драйвера/
... amma lokacin amfani da rarraba Kubernetes daban-daban (OpenShift, Rancher ...) hanyar na iya zama daban.
Matsalolin Flexvolume: yadda ake jefa sandar kamun kifi daidai?
Loda direban Flexvolume zuwa ƙumburi na gungu ya zama aiki mara nauyi. Bayan yin aikin da hannu sau ɗaya, yana da sauƙi a gamu da yanayin da sababbin nodes suka bayyana a cikin gungu: saboda ƙarin sabon kumburi, sikelin kwance ta atomatik, ko - abin da ya fi muni - maye gurbin kumburi saboda rashin aiki. A wannan yanayin, ya kamata a yi aiki tare da ajiya akan waɗannan nodes ba shi yiwuwa, har sai kun ƙara musu direban Flexvolume da hannu.
Maganin wannan matsala ita ce ɗaya daga cikin abubuwan da suka faru na Kubernetes - DaemonSet. Lokacin da sabon kumburi ya bayyana a cikin gungu, ta atomatik yana ƙunshe da kwasfa daga DaemonSet ɗinmu, wanda aka haɗa ƙarar gida tare da hanyar neman direbobin Flexvolume. Bayan ƙirƙirar nasara, kwaf ɗin yana kwafin fayilolin da ake buƙata don direba ya yi aiki zuwa faifai.
Anan akwai misalin irin wannan DaemonSet don shimfida kayan aikin Flexvolume:
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: flex-set
spec:
template:
metadata:
name: flex-deploy
labels:
app: flex-deploy
spec:
containers:
- image: <deployment_image>
name: flex-deploy
securityContext:
privileged: true
volumeMounts:
- mountPath: /flexmnt
name: flexvolume-mount
volumes:
- name: flexvolume-mount
hostPath:
path: <host_driver_directory>... da misalin rubutun Bash don shimfida direban Flexvolume:
#!/bin/sh
set -o errexit
set -o pipefail
VENDOR=k8s.io
DRIVER=nfs
driver_dir=$VENDOR${VENDOR:+"~"}${DRIVER}
if [ ! -d "/flexmnt/$driver_dir" ]; then
mkdir "/flexmnt/$driver_dir"
fi
cp "/$DRIVER" "/flexmnt/$driver_dir/.$DRIVER"
mv -f "/flexmnt/$driver_dir/.$DRIVER" "/flexmnt/$driver_dir/$DRIVER"
while : ; do
sleep 3600
doneYana da mahimmanci kada a manta cewa aikin kwafin ba atomic ba. Akwai babban damar cewa kubelet zai fara amfani da direba kafin tsarin samar da shi ya ƙare, wanda ya sa tsarin ya rushe. Hanyar da ta dace ita ce fara kwafi fayilolin direba a ƙarƙashin wani suna daban, sannan a yi amfani da aikin sake suna na atomic.
Jadawalin aiki tare da Ceph a cikin ma'aikacin Rook: direban Flexvolume a cikin zane yana cikin wakilin Rook
Matsala ta gaba lokacin amfani da direbobin Flexvolume shine don yawancin ajiya akan kullin tari dole ne a shigar da software da ake buƙata don wannan (misali, kunshin ceph-na kowa na Ceph). Da farko, ba a tsara kayan aikin Flexvolume don aiwatar da irin wannan hadaddun tsarin ba.
Ana iya ganin ainihin mafita ga wannan matsalar a cikin aiwatar da direban Flexvolume na mai aikin Rook:
An tsara direban kansa azaman abokin ciniki na RPC. IPC soket don sadarwa yana cikin kundin adireshi ɗaya da direban kansa. Mun tuna cewa don kwafi fayilolin direba zai yi kyau a yi amfani da DaemonSet, wanda ke haɗa kundin adireshi tare da direba azaman ƙara. Bayan kwafin fayilolin direban rook ɗin da suka wajaba, wannan kwaf ɗin ba ya mutu, amma yana haɗawa zuwa soket ɗin IPC ta hanyar ƙarar da aka haɗe azaman sabar RPC mai cikakken iko. An riga an shigar da kunshin ceph-na kowa a cikin kwandon kwandon. Socket na IPC yana tabbatar da cewa kubelet zai sadarwa tare da daidai kwaf ɗin da ke kan kulli ɗaya. Komai na fasaha mai sauƙi ne! ..
Barka da zuwa, mu masu ƙauna ... plugins a cikin itace!
Masu haɓaka Kubernetes sun gano cewa adadin plugins don ajiya a cikin ainihin shine ashirin. Kuma canji a cikin kowannensu, wata hanya ko wata, ta shiga cikin cikakken sake zagayowar Kubernetes.
Ya bayyana cewa don amfani da sabon sigar plugin ɗin ajiya, kuna buƙatar sabunta dukkan tarin. Baya ga wannan, zaku iya mamakin cewa sabon sigar Kubernetes ba zato ba tsammani ya zama mara jituwa tare da Linux kernel da kuke amfani dashi sabunta Linux kernel da Kubernetes cluster. Tare da yiwuwar raguwa a cikin samar da ayyuka.
Halin ya fi ban dariya, ba ku tunani? Ya bayyana a fili ga daukacin al'umma cewa hanyar ba ta aiki. Ta hanyar yanke shawara, masu haɓaka Kubernetes suna ba da sanarwar cewa ba za a ƙara karɓar sabbin plugins don aiki tare da ajiya a cikin kwaya ba. Bugu da ƙari, kamar yadda muka riga muka sani, an gano wasu gazawa a cikin aiwatar da Flexvolume plugin ...
Sabbin kayan aikin da aka ƙara don juzu'i a cikin Kubernetes, CSI, an yi kira don rufe batun tare da adana bayanai na dindindin sau ɗaya kuma gaba ɗaya. Sigar alpha ɗin sa, wanda aka fi sani da Out-of-Tree CSI Volume Plugins, an sanar da shi a cikin sakin. .
Interface Ma'ajiyar Kwantena, ko CSI 3000 sandar kadi!
Da farko, Ina so in lura cewa CSI ba kawai plugin ɗin ƙara ba ne, amma ainihin gaske akan ƙirƙirar abubuwan al'ada don aiki tare da ɗakunan ajiya na bayanai. Tsarin kaɗe-kaɗe na kwantena kamar Kubernetes da Mesos yakamata su “koyi” yadda ake aiki tare da abubuwan da aka aiwatar bisa ga wannan ƙa'idar. Kuma yanzu na riga na koyi Kubernetes.
Menene tsarin plugin ɗin CSI a cikin Kubernetes? CSI plugin yana aiki tare da direbobi na musamman (Direbobin CSI) masu haɓakawa na ɓangare na uku ne suka rubuta. Direban CSI a Kubernetes yakamata ya ƙunshi abubuwa guda biyu (pods):
- Mai kula - yana sarrafa ma'ajiyar dagewa na waje. Ana aiwatar da shi azaman uwar garken gRPC, wanda ake amfani da na farko
StatefulSet. - kumburi - shi ke da alhakin hawan ma'ajiyar dawwama zuwa gungun nodes. Hakanan ana aiwatar da shi azaman uwar garken gRPC, amma yana amfani da na farko
DaemonSet.
Yadda plugin ɗin CSI ke aiki a Kubernetes
Kuna iya koyo game da wasu cikakkun bayanai na aikin CSI, alal misali, daga labarin "», mun buga shekara guda da ta wuce.
Amfanin irin wannan aiwatarwa
- Don mahimman abubuwa kamar yin rijistar direba don kumburi, masu haɓaka Kubernetes sun aiwatar da saitin kwantena. Ba kwa buƙatar samar da martani na JSON tare da iyawa da kanku, kamar yadda aka yi don plugin ɗin Flexvolume.
- Maimakon "zamewa" fayiloli masu aiwatarwa a kan nodes, yanzu muna loda kwasfan fayiloli zuwa gungu. Wannan shine abin da muka fara tsammani daga Kubernetes: duk matakai suna faruwa a cikin kwantena da aka tura ta amfani da abubuwan da suka faru na Kubernetes.
- Ba kwa buƙatar haɓaka sabar RPC da abokin ciniki na RPC don aiwatar da hadaddun direbobi. Masu haɓaka Kubernetes sun aiwatar da abokin ciniki a gare mu.
- Canja wurin muhawara don yin aiki akan ka'idar gRPC ya fi dacewa, sassauƙa kuma abin dogaro fiye da wuce su ta gardamar layin umarni. Don fahimtar yadda ake ƙara tallafi don ma'aunin amfani da ƙara zuwa CSI ta ƙara daidaitacciyar hanyar gRPC, zaku iya karanta: don direban vsphere-csi.
- Sadarwa yana faruwa ta hanyar kwasfan IPC, don kada a ruɗe ko kubelet ya aika da buƙatar zuwa ga kwafsa daidai.
Wannan jeri yana tunatar da ku wani abu? Amfanin CSI shine magance wadancan matsalolin, waɗanda ba a yi la'akari da su ba yayin haɓaka kayan aikin Flexvolume.
binciken
CSI a matsayin ma'auni don aiwatar da plugins na al'ada don hulɗa tare da ɗakunan ajiya sun sami karɓuwa sosai daga al'umma. Bugu da ƙari, saboda fa'idodin su da haɓakar su, ana ƙirƙirar direbobin CSI har ma don tsarin ajiya kamar Ceph ko AWS EBS, plugins don aiki tare da waɗanda aka ƙara a cikin sigar farko ta Kubernetes.
A farkon 2019, plugins na itace . Muna shirin ci gaba da tallafawa plugin ɗin Flexvolume, amma ba za mu haɓaka sabbin ayyuka don sa ba.
Mu kanmu mun riga mun sami gogewa ta amfani da ceph-csi, vsphere-csi kuma muna shirye mu ƙara zuwa wannan jerin! Ya zuwa yanzu, CSI tana jure wa ayyukan da aka sanya mata tare da bang, amma za mu jira mu gani.
Kar ka manta cewa duk abin da sabon abu ne mai kyau sake tunani na tsohon!
PS
Karanta kuma a kan shafinmu:
- «";
- «";
- «".
source: www.habr.com