Kubernetes yana da zaɓuɓɓuka da yawa don haɓaka albarkatu: nema, gyara, faci da maye gurbin. Akwai rudani game da abin da kowannensu yake yi da lokacin amfani da su. Bari mu gane shi.
idan kalmar "kubernetes apply vs maye" tana nan , wanda bai dace ba. "kubernetes apply vs patch" hanyar haɗin farko shine takaddun don kubectl patch, wanda bai haɗa da kwatanta ba apply и patch. Wannan labarin zai dubi zaɓuɓɓuka daban-daban, da kuma yadda ake amfani da kowane ɗayan.
Lokacin zagayowar rayuwar albarkatun Kubernetes (sabis, turawa, shiga, da sauransu), wani lokacin kuna buƙatar canza, ƙara ko cire wasu kaddarorin wannan albarkatun. Misali, ƙara bayanin kula, ƙara ko rage adadin kwafi.
Kubernetes CLI
Idan kun riga kuna aiki tare da gungu na Kubernetes ta hanyar CLI, kun riga kun saba da su apply и edit. Tawaga apply yana karanta ƙayyadaddun bayanai daga fayil ɗin kuma ya sanya "haɓaka" zuwa gungu na Kubernetes, i.e. yana ƙirƙirar albarkatun idan babu shi kuma yana sabunta shi idan akwai. Tawaga edit yana karanta albarkatu ta hanyar API, sannan ya rubuta ƙayyadaddun kayan aiki zuwa fayil na gida, wanda aka buɗe a cikin editan rubutu. Bayan kayi edit da ajiye fayil, kubectl zai aika da canje-canjen da aka yi ta hanyar API, wanda zai yi amfani da waɗannan canje-canje a hankali ga albarkatun.
Ba kowa ya san umarnin ba patch и replace. Tawaga patch yana ba ku damar canza wani yanki na ƙayyadaddun kayan aiki, yana samar da ɓangaren da aka canza kawai akan layin umarni. Tawaga replace yana aiki daidai da edit, amma duk abin da ya kamata a yi da hannu: kana buƙatar zazzage sigar ƙayyadaddun kayan aiki na yanzu, alal misali, ta amfani da kubectl get -o yaml, gyara shi, sannan amfani replace don sabunta kayan aiki bisa ga ƙayyadaddun da aka canza. Tawaga replace ba zai yi aiki ba idan wani canje-canje ya faru tsakanin karatu da maye gurbin albarkatun.
API ɗin Kubernetes
Wataƙila kun saba da hanyoyin CoreV1().Pods().Update(), replaceNamespacedService ko patch_namespaced_deployment, idan kuna aiki tare da gungu ta hanyar ta amfani da wasu yaren shirye-shirye. Laburaren yana sarrafa waɗannan hanyoyin ta buƙatun HTTP ta amfani da hanyoyin PUT и PATCH... A ciki update и replace amfani PUTda kuma patch, ko ta yaya maras muhimmanci, yana amfani PATCH.
Yana da daraja daraja wannan kubectl Hakanan yana aiki tare da gungu ta API. Watau, kubectlabin rufewa ne a saman ɗakin karatu na abokin ciniki don yaren Go, wanda galibi yana ba da ikon samar da ƙananan umarni a cikin ƙaramin tsari kuma mai iya karantawa baya ga daidaitattun damar API. Misali, kamar yadda kuka riga kuka lura, hanyar apply ba a ambata a sama a cikin sakin layi na baya ba. A halin yanzu (Mayu 2020, kusan mai fassara) duk dabaru kubectl apply, i.e. ƙirƙirar albarkatun da ba su wanzu da sabunta waɗanda suke, yana aiki gaba ɗaya a gefen lambar kubectl. Ana ta kokarin apply zuwa gefen API, amma har yanzu yana cikin beta. Zan rubuta daki-daki a kasa.
Faci ta tsohuwa
Mafi amfani patch, idan kuna son sabunta albarkatun. Wannan shine yadda duka ɗakunan karatu na abokin ciniki ke aiki a saman Kubernetes API da kubectl (ba abin mamaki bane, tun da shi ne abin rufewa ga ɗakin karatu na abokin ciniki, kusan mai fassara).
Yi aiki da dabara
Duk ƙungiyoyi kubectl apply, edit и patch amfani da hanyar PATCH a cikin buƙatun HTTP don sabunta albarkatun da ke akwai. Idan kun zurfafa cikin aiwatar da umarni dalla-dalla, to dukkansu suna amfani da hanyar don sabunta albarkatun, kodayake umarnin patch na iya amfani da wasu hanyoyin (ƙari akan wannan a ƙasa). Hanyar facin dabara-haɗin kai yana ƙoƙarin "samun daidai" ta hanyar haɗa ƙayyadaddun da aka kawo tare da ƙayyadaddun da ke akwai. Musamman ma, yana ƙoƙarin haɗa abubuwa biyu da tsararru, wanda ke nufin canje-canjen yakan zama ƙari. Misali, gudanar da umarni patch tare da sabon canjin yanayi a cikin ƙayyadaddun kwantena, yana haifar da ƙara canjin yanayi zuwa masu canjin yanayin da ake ciki maimakon sake rubuta su. Don cire ta amfani da wannan hanyar, dole ne ku tilasta ƙimar siga ta ɓace a cikin ƙayyadaddun da aka bayar. Wanne daga cikin kungiyoyin kubectl Shin yana da kyau a yi amfani da shi don sabuntawa?
Idan kun ƙirƙira da sarrafa albarkatun ku ta amfani da kubectl apply, lokacin sabuntawa yana da kyau a yi amfani da kullun kubectl applyto kubectl zai iya sarrafa tsari da bin diddigin canje-canjen da ake buƙata daga aikace-aikace zuwa aikace-aikace. Amfani ko da yaushe apply shi ne cewa yana lura da ƙayyadaddun ƙayyadaddun da aka yi amfani da su a baya, yana ba shi damar sanin lokacin da aka cire ƙayyadaddun kaddarorin da abubuwan tsararru a sarari. Wannan yana ba ku damar amfani apply don cire kaddarorin da abubuwan tsararru, yayin da haɗin kai na yau da kullun ba zai yi aiki ba. Ƙungiyoyi edit и patch kar a sabunta bayanin kula cewa kubectl apply yana amfani da shi don bin diddigin canje-canjensa, don haka duk wani canje-canjen da aka sa ido kuma aka yi ta Kubernetes API, amma an yi ta hanyar umarni. edit и patch, ganuwa ga umarni masu zuwa apply, wato apply ba ya cire su ko da ba su bayyana a cikin bayanin shigarwar don apply (Dokar ta ce edit и patch yi sabuntawa ga bayanan da aka yi amfani da su apply, amma a aikace - a'a).
Idan baku yi amfani da umarnin ba apply, ana iya amfani dashi azaman editkuma patch, zabar umarnin da ya fi dacewa da canjin da ake yi. Lokacin ƙarawa da canza kaddarorin BOM, hanyoyin biyu kusan iri ɗaya ne. Lokacin share ƙayyadaddun kaddarorin ko abubuwan tsararru edit yayi kamar ƙaddamarwa na lokaci ɗaya apply, gami da lura da yadda ƙayyadaddun ƙayyadaddun ya kasance kafin da bayan an gyara shi, don haka za ku iya cire kaddarori da abubuwan tsararru a sarari daga wata hanya. Kuna buƙatar saita ƙimar kadarorin a sarari zuwa soke a cikin ƙayyadaddun bayanai don patchdon cire shi daga albarkatun. Cire ɓangaren tsararru ta amfani da faci-haɗin kai ya fi rikitarwa saboda yana buƙatar amfani da umarnin haɗin kai. Duba sauran hanyoyin haɓakawa a ƙasa don ƙarin madaidaitan hanyoyin.
Don aiwatar da hanyoyin sabuntawa a cikin ɗakin karatu na abokin ciniki waɗanda ke yin daidai da umarnin da ke sama kubectl, ya kamata a saita cikin buƙatun content-type в application/strategic-merge-patch+json. Idan kuna son cire kaddarorin a cikin ƙayyadaddun bayanai, kuna buƙatar saita ƙimar su a sarari ta hanyar da ba ta dace ba. kubectl patch. Idan kana buƙatar cire abubuwan tsararru, yakamata ka haɗa da umarnin haɗawa a cikin ƙayyadaddun sabuntawa ko amfani da wata hanya ta daban don ɗaukakawa.
Sauran hanyoyin zuwa sabuntawa
Kubernetes yana goyan bayan wasu hanyoyin sabuntawa guda biyu: и . Hanyar haɗakarwa ta JSON tana ɗaukar takamaiman takamaiman Kubernetes azaman shigarwa kuma tana goyan bayan haɗa abubuwa masu kama da dabarar facin dabara. Bambanci tsakanin su biyun shine kawai yana goyan bayan maye gurbin jeri, gami da tsararrun kwantena a cikin ƙayyadaddun kwafsa. Wannan yana nufin cewa lokacin amfani da facin haɗin gwiwar JSON, kuna buƙatar samar da cikakkun bayanai na duk kwantena idan duk wata kadara ta kowane akwati ta canza. Don haka wannan hanya tana da amfani don cire abubuwa daga tsararru a cikin BOM. A kan layin umarni zaku iya zaɓar facin haɗin JSON ta amfani da kubectl patch --type=merge. Lokacin aiki tare da Kubernetes API, yakamata kuyi amfani da hanyar buƙatar PATCH da shigarwa content-type в application/merge-patch+json.
Hanyar faci ta JSON, maimakon samar da takamaiman bayani na albarkatun, yana amfani da samar da canje-canjen da kuke son yi ga albarkatun azaman tsararru, wanda kowane ɓangaren tsararrun yana wakiltar bayanin canjin da ake yi ga albarkatun. Wannan hanya ita ce mafi sassauƙa kuma hanya mai ƙarfi don bayyana canje-canjen da ake yi, amma a farashin lissafin sauye-sauyen da ake yi a cikin keɓantaccen tsarin, wanda ba na Kubernetes ba, maimakon aika takamaiman bayani na kayan aiki. IN kubectl zaka iya zaɓar patch JSON ta amfani da kubectl patch --type=json. Lokacin amfani da Kubernetes API, wannan hanyar tana aiki ta amfani da hanyar buƙatar PATCH da shigarwa content-type в application/json-patch+json.
Muna buƙatar amincewa - amfani da maye gurbin
A wasu lokuta, kuna buƙatar tabbatar da cewa ba a yin canje-canje ga albarkatun tsakanin lokacin da aka karanta albarkatun da lokacin da aka sabunta ta. A wasu kalmomi, ya kamata ka tabbata cewa duk canje-canje za su kasance atomic. A wannan yanayin, don sabunta albarkatun ya kamata ku yi amfani da su replace. Misali, idan kana da ConfigMap tare da counter wanda aka sabunta ta kafofin da yawa, ya kamata ka tabbata cewa kafofin biyu ba sa sabunta na'urar a lokaci guda, yana haifar da asarar sabuntawar. Don nunawa, yi tunanin jerin abubuwan da suka faru ta amfani da tsarin patch:
- A da B suna samun halin yanzu na albarkatun daga API
- Kowanne a cikin gida yana sabunta ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun bayanai ta hanyar haɓaka ma'auni ɗaya da ƙara "A" ko "B" bi da bi zuwa bayanin "sabunta-by"
- Kuma yana sabunta albarkatun da sauri
- B yana sabunta albarkatun
A sakamakon haka, sabuntawa A ya ɓace. Aiki na ƙarshe patch ya yi nasara, ana ƙara ma'aunin da ɗaya maimakon biyu, kuma ƙimar bayanin "sabunta-by" yana ƙarewa da "B" kuma ba ya ƙunshi "A". Bari mu kwatanta abin da ke sama da abin da ke faruwa lokacin da aka yi sabuntawa ta amfani da tsarin replace:
- A da B suna samun halin yanzu na albarkatun daga API
- Kowanne a cikin gida yana sabunta ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun bayanai ta hanyar haɓaka ma'auni ɗaya da ƙara "A" ko "B" bi da bi zuwa bayanin "sabunta-by"
- Kuma yana sabunta albarkatun da sauri
- B yayi ƙoƙarin sabunta albarkatun, amma API ɗin ya ƙi sabuntawa saboda sigar albarkatun tana cikin ƙayyadaddun bayanai
replacebai dace da nau'in albarkatun na yanzu a cikin Kubernetes ba saboda sigar albarkatun an ƙara ta ta aikin maye gurbin A.
A cikin yanayin da ke sama, B zai sake debo albarkatun, yin canje-canje ga sabuwar jiha kuma a sake gwadawa replace. Wannan zai sa counter ɗin ya ƙaru da biyu kuma bayanin "sabunta-by" ya haɗa da "AB" a ƙarshe.
Misalin da ke sama yana nuna cewa lokacin aiwatarwa replace An maye gurbin duk albarkatun gaba ɗaya. Ƙayyadaddun da aka yi amfani da su don replace, ba dole ba ne ya kasance mai ban sha'awa, ko a cikin sassa kamar a ciki apply, amma cikakke, gami da ƙari resourceVersion cikin ƙayyadaddun metadata. Idan baku kunna ba resourceVersion ko sigar da kuka bayar ba na yanzu ba, za a ƙi maye gurbin. Don haka mafi kyawun tsarin amfani shine replace – karanta albarkatun, sabunta shi kuma musanya shi nan da nan. Amfani kubectl, zai iya zama kamar haka:
$ kubectl get deployment my-deployment -o json
| jq '.spec.template.spec.containers[0].env[1].value = "new value"'
| kubectl replace -f -Yana da kyau a lura cewa waɗannan umarni biyu masu zuwa, waɗanda aka aiwatar a jere, za su yi nasara cikin nasara, tunda deployment.yaml ba ya ƙunshi dukiya .metadata.resourceVersion
$ kubectl create -f deployment.yaml
$ kubectl replace -f deployment.yamlWannan zai zama kamar ya saba wa abin da aka fada a sama, watau. " kara resourceVersion cikin takamaiman metadata." Shin kuskure ne a faɗi haka? A'a, ba haka bane, saboda idan kubectl lura cewa ba ku bayyana ba resourceVersion, zai karanta shi daga albarkatun kuma ya ƙara shi zuwa ƙayyadaddun ƙayyadaddun bayanai, sannan kawai aiwatar da shi replace. Domin wannan yana da yuwuwar haɗari idan kun dogara ga atomity, sihirin yana aiki gaba ɗaya a gefe kubectl, Kada ku dogara da shi lokacin amfani da ɗakunan karatu na abokin ciniki waɗanda ke aiki tare da API. A wannan yanayin dole ne ku karanta ƙayyadaddun bayanai na yanzu, sabunta shi sannan ku aiwatar PUT nema.
Ba za ku iya yin faci ba - muna yin maye
Wani lokaci kuna buƙatar yin wasu canje-canje waɗanda API ɗin ba zai iya sarrafa su ba. A cikin waɗannan lokuta, zaku iya tilasta maye gurbin albarkatun ta hanyar sharewa da sake ƙirƙira ta. Ana yin wannan ta amfani da kubectl replace --force. Gudanar da umarnin nan da nan yana cire albarkatun sannan ya sake ƙirƙirar su daga ƙayyadaddun da aka kawo. Babu mai "masanya ƙarfi" a cikin API, kuma don yin haka ta hanyar API, kuna buƙatar yin ayyuka biyu. Da farko kuna buƙatar share albarkatun ta hanyar saita shi gracePeriodSeconds zuwa sifili (0) kuma propagationPolicy a cikin "Background" sa'an nan kuma sake ƙirƙirar wannan albarkatun tare da ƙayyadaddun da ake so.
Gargaɗi: Wannan hanyar tana da haɗari kuma tana iya haifar da yanayin da ba a bayyana ba.
Aiwatar a gefen uwar garken
Kamar yadda aka ambata a sama, masu haɓaka Kubernetes suna aiki akan aiwatar da dabaru apply daga kubectl a cikin Kubernetes API. Dabaru apply Akwai a Kubernetes 1.18 ta hanyar kubectl apply --server-side ko ta hanyar API ta amfani da hanyar PATCH с content-type application/apply-patch+YAML.
Lura: JSON shima yana aiki da YAML, saboda haka zaku iya aika takamaiman azaman JSON ko da
content-typezai zamaapplication/apply-patch+yaml.
Bayan wannan mahangar kubectl yana samuwa ga kowa ta hanyar API, apply A gefen uwar garken, yana lura da wanda ke da alhakin filayen a cikin ƙayyadaddun bayanai, don haka yana ba da damar samun dama ga dama don gyara ba tare da rikici ba. A takaice dai, idan apply a gefen uwar garken zai zama mafi tartsatsi, amintaccen tsarin sarrafa albarkatun duniya zai bayyana ga abokan ciniki daban-daban, misali, kubectl, Pulumi ko Terraform, GitOps, da kuma rubutun da aka rubuta ta hanyar amfani da ɗakunan karatu na abokin ciniki.
Sakamakon
Ina fatan wannan ɗan taƙaitaccen bayani na hanyoyi daban-daban don sabunta albarkatu a cikin gungu ya taimaka muku. Yana da kyau a san cewa ba kawai a yi amfani da maye gurbin ba; yana yiwuwa a sabunta kayan aiki ta amfani da nema, gyara, faci, ko maye gurbin. Bayan haka, bisa ka'ida, kowace hanya tana da yankin nata na aikace-aikacen. Don canje-canjen atomic, maye gurbin ya fi dacewa; in ba haka ba, ya kamata ku yi amfani da facin-haɗe-haɗe ta hanyar nema. Aƙalla, ina tsammanin za ku fahimci cewa ba za ku iya amincewa da Google ko StackOerflow ba yayin neman "kubernetes apply vs maye". Aƙalla har sai wannan labarin ya maye gurbin amsar yanzu.
source: www.habr.com