Gabatar da Kubernetes CCM (Mai sarrafa Cloud) don Yandex.Cloud

A ci gaba da kwanan nan Sakin direban CSI don Yandex.Cloud muna buga wani aikin Buɗewa na wannan girgije - Cloud Controller Manager. Ana buƙatar CCM ba kawai don gungu gaba ɗaya ba, har ma da direban CSI kansa. Cikakken bayani game da manufarsa da wasu fasalulluka na aiwatarwa suna ƙarƙashin yanke.

Gabatarwar

Me yasa wannan?

Dalilan da suka sa mu haɓaka CCM don Yandex.Cloud gaba ɗaya sun zo daidai da waɗanda aka riga aka bayyana a ciki sanarwa Direbobin CSI. Muna kula da gungu na Kubernetes da yawa daga masu samar da girgije daban-daban, wanda muke amfani da kayan aiki guda ɗaya. Yana aiwatar da abubuwan jin daɗi da yawa "ketare" hanyoyin da aka sarrafa na waɗannan masu samarwa. Ee, muna da takamaiman shari'ar da buƙatu, amma ci gaban da aka ƙirƙira saboda su na iya zama da amfani ga sauran masu amfani.

Menene ainihin CCM?

Yawanci, muna shirya yanayin da ke kewaye da mu don tari daga waje - misali, ta amfani da Terraform. Amma wani lokacin akwai buƙatar sarrafa yanayin girgije da ke kewaye da mu daga tari. An bayar da wannan yuwuwar, kuma ita ce ake aiwatar da ita TLC.

Musamman, Cloud Controller Manager yana ba da manyan nau'ikan hulɗar guda biyar:

1. Ayyuka - aiwatar da alaƙar 1: 1 tsakanin wani abu mai kumburi a cikin Kubernetes (Node) da na'ura mai mahimmanci a cikin mai ba da girgije. Don wannan muna:
   • cika filin spec.providerID a cikin abu Node. Misali, don OpenStack CCM wannan filin yana da tsari mai zuwa: openstack:///d58a78bf-21b0-4682-9dc6-2132406d2bb0. Kuna iya ganin sunan mai ba da girgije da UUID na musamman na uwar garken (na'ura mai mahimmanci a cikin OpenStack) na abu;
   • cika nodeInfo a cikin abu Node bayanai game da na'urar kama-da-wane. Misali, mun ƙayyade nau'in misali a cikin AWS;
   • Muna duba kasancewar injin kama-da-wane a cikin gajimare. Misali, idan abu Node ya shiga wani hali NotReady, za ka iya duba ko na'urar kama-da-wane ta wanzu kwata-kwata a cikin mai samar da gajimare ta providerID. Idan babu, goge abun Node, wanda in ba haka ba zai kasance a cikin gungu har abada;
2. zones – saita yankin gazawar abu Node, domin mai tsarawa zai iya zaɓar kumburi don Pod bisa ga yankuna da yankuna a cikin mai samar da girgije;
3. LoadBalancer – lokacin ƙirƙirar abu Service da nau'in LoadBalancer yana haifar da wani nau'i na ma'auni wanda zai jagoranci zirga-zirga daga waje zuwa ƙumburi. Misali, a cikin Yandex.Cloud zaka iya amfani da shi NetworkLoadBalancer и TargetGroup saboda wadannan dalilai;
4. road – gina hanyar sadarwa tsakanin nodes, saboda Dangane da buƙatun Kubernetes, kowane kwafsa dole ne ya sami adireshin IP na kansa kuma ya sami damar isa ga kowane kwasfa. Don waɗannan dalilai, zaku iya amfani da hanyar sadarwa mai rufi (VXLAN, GENEVE) ko saita tebur mai tuƙi kai tsaye a cikin hanyar sadarwar kama-da-wane na mai ba da girgije:

   

5. Volume - Yana ba da damar yin oda mai ƙarfi na PV ta amfani da PVC da SC. Da farko, wannan aikin wani ɓangare ne na CCM, amma saboda tsananin sarƙaƙƙiyarsa an ƙaura zuwa wani aikin daban, Interface Storage Container (CSI). Mun yi magana game da CSI fiye da sau ɗaya ya rubuta kuma, kamar yadda aka riga aka ambata, har ma saki direban CSI.

A baya can, duk lambar da ke hulɗa da gajimare tana cikin babban wurin ajiyar Git na aikin Kubernetes a. k8s.io/kubernetes/pkg/cloudprovider/providers, amma sun yanke shawarar yin watsi da wannan saboda rashin jin daɗin aiki tare da babban tushe na code. An matsar da duk tsoffin aiwatarwa zuwa ajiya daban. Don dacewa da ƙarin tallafi da haɓakawa, duk abubuwan gama gari an kuma koma zuwa ajiya daban.

Kamar yadda yake tare da CSI, yawancin manyan masu samar da girgije sun riga sun tsara CCMs ɗin su don yin amfani da girgije akan Kubernetes. Idan mai siyarwa ba shi da CCM, amma duk ayyukan da ake buƙata suna samuwa ta hanyar API, to, zaku iya aiwatar da CCM da kanku.

Don rubuta aikin ku na CCM, ya isa aiwatarwa da ake bukata Go musaya.

И wannan shi ne abin da muka samu.

Aiwatarwa

Yaya kuka zo wannan

Mun fara ci gaba (ko wajen, ko da amfani) tare da shirye (!) CCM don Yandex.Cloud shekara guda da ta wuce.

Koyaya, a cikin wannan aiwatarwa an rasa:

• Tabbatarwa ta hanyar alamar JWT IAM;
• Tallafin mai sarrafa sabis.

A cikin yarjejeniya da marubucin (dlisin) a cikin Telegram, mun kori yandex-cloud-controller-manager kuma mun kara ayyukan da suka ɓace.

Abubuwan fasali

A halin yanzu, CCM yana goyan bayan musaya masu zuwa:

• Ayyuka;
• zones;
• LoadBalancer.

A nan gaba, lokacin da Yandex.Cloud ya fara aiki tare da ci-gaba na iyawar VPC, za mu ƙara mai dubawa Hanyoyi.

LoadBalanacer azaman babban ƙalubale

Da farko, mun gwada, kamar sauran aiwatar da CCM, don ƙirƙirar guda biyu LoadBalancer и TargetGroup ga kowa da kowa Service da nau'in LoadBalancer. Koyaya, Yandex.Cloud ya gano iyakance mai ban sha'awa: ba za ku iya amfani da su ba TargetGroups tare da intersecting Targets (biyu SubnetID - IpAddress).

Saboda haka, a cikin CCM da aka ƙirƙira, an ƙaddamar da mai sarrafawa, wanda, lokacin da abubuwa suka canza Node yana tattara bayanai game da duk musaya akan kowace injin kama-da-wane, yana haɗa su gwargwadon mallakarsu na wasu NetworkID, halitta ta TargetGroup a kan NetworkID, da kuma lura da dacewa. Daga baya, lokacin ƙirƙirar abu Service da nau'in LoadBalanacer kawai mu haɗa abin da aka riga aka yi TargetGroup zuwa sabo NetworkLoadBalanacer'am.

Yadda za a fara amfani?

CCM yana goyan bayan nau'in Kubernetes 1.15 da sama. A cikin gungu, don yin aiki, yana buƙatar tuta --cloud-provider=external an saita zuwa true don kube-apiserver, kube-controller-manager, kube-scheduler da duk kubelets.

Dukkan matakan da ake buƙata don shigarwa da kansu an bayyana su a ciki README. Shigarwa yana tafasa ƙasa don ƙirƙirar abubuwa a cikin Kubernetes daga bayyanar.

Don amfani da CCM kuma kuna buƙatar:

• nuna a cikin bayyanuwa mai gano directory (folder-id) Yandex.Cloud;
• asusun sabis don hulɗa tare da Yandex.Cloud API. A cikin bayanin Secret ya zama dole canja wurin maɓallan izini daga asusun sabis. A cikin takardun aka bayyana, yadda ake ƙirƙirar asusun sabis da samun maɓalli.

Za mu yi farin cikin karɓar ra'ayoyin ku kuma sababbin batutuwaidan kun fuskanci wata matsala!

Sakamakon

Muna amfani da CCM da aka aiwatar a cikin gungu na Kubernetes guda biyar a cikin makonni biyu da suka gabata kuma muna shirin fadada adadin su zuwa 20 a cikin wata mai zuwa. A halin yanzu ba mu bayar da shawarar yin amfani da CCM don manyan shigarwar K8s masu mahimmanci ba.

Kamar yadda yake a cikin CSI, za mu yi farin ciki idan masu haɓaka Yandex suka ɗauki ci gaba da goyan bayan wannan aikin - muna shirye don canja wurin wurin ajiya a buƙatar su don magance ayyukan da suka fi dacewa da mu.

PS

Karanta kuma a kan shafinmu:

• «Kwarewar mu wajen haɓaka direban CSI a Kubernetes don Yandex.Cloud";
• «Shin yana da sauƙi da dacewa don shirya gungu na Kubernetes? Sanarwa addon-operator";
• «Fadadawa da haɓaka Kubernetes (rahoton bita da bidiyo)".

source: www.habr.com