A yau na shirya yin magana game da yadda ake rubuta aikace-aikacen da menene buƙatun don aikace-aikacen ku don yin aiki da kyau a Kubernetes. Don haka babu ciwon kai tare da aikace-aikacen, don kada ku ƙirƙira da gina kowane "ƙugiya" a kusa da shi - kuma komai yana aiki kamar yadda Kubernetes kanta ya yi niyya.
Wannan karatun yana cikin "" Kuna iya duba buɗe laccoci na ka'idar Makarantar Maraice . Ga waɗanda suka fi son rubutu maimakon bidiyo, mun shirya wannan labarin.
Sunana Pavel Selivanov, a halin yanzu ni ne jagoran DevOps injiniya a Mail.ru Cloud Solutions, muna yin girgije, muna yin kubernetes gudanarwa da sauransu. Ayyukana yanzu sun haɗa da taimako wajen haɓakawa, fitar da waɗannan gizagizai, fitar da aikace-aikacen da muke rubutawa da haɓaka kayan aikin da muke samarwa ga masu amfani da mu.
Na yi DevOps, ina tsammanin na ƙarshe, mai yiwuwa, shekaru uku. Amma, bisa ƙa'ida, Na yi abin da DevOps ke yi kusan shekaru biyar yanzu. Kafin wannan, na fi shiga cikin abubuwan admin. Na fara aiki tare da Kubernetes da dadewa - mai yiwuwa kusan shekaru huɗu ke nan da na fara aiki da shi.
Gabaɗaya, na fara lokacin da Kubernetes shine sigar 1.3, mai yiwuwa, kuma wataƙila 1.2 - lokacin yana cikin ƙuruciya. Yanzu yanzu ba a fara farawa ba - kuma a bayyane yake cewa akwai buƙatu mai yawa a kasuwa ga injiniyoyi waɗanda ke son samun damar yin Kubernetes. Kuma kamfanoni suna da matukar bukatar irin wadannan mutane. Saboda haka, a gaskiya, wannan lacca ta bayyana.
Idan muka yi magana game da shirin abin da zan yi magana game da shi, ya yi kama da haka, a cikin brackets an rubuta (TL; DR) - "ya yi tsawo; kar ka karanta". Gabatarwa na a yau zai ƙunshi jerin abubuwa marasa iyaka.
A gaskiya, ni kaina ba na son irin wannan gabatarwar lokacin da aka gabatar da su, amma wannan batu ne wanda lokacin da nake shirya wannan gabatarwar, kawai ban fahimci yadda zan tsara wannan bayanin ba daban.
Domin, gabaɗaya, wannan bayanin shine “ctrl+c, ctrl+v”, daga, a tsakanin sauran abubuwa, Wiki ɗinmu a cikin sashin DevOps, inda muka rubuta buƙatun ga masu haɓakawa: “guys, domin mu ƙaddamar da aikace-aikacenku a cikin Kubernetes, ya kamata ya zama haka. "
Shi ya sa gabatarwar ta zama babban jeri. Yi hakuri. Zan yi ƙoƙari in faɗi yadda zai yiwu don kada ya zama mai ban sha'awa idan zai yiwu.
Abin da za mu duba a yanzu:
- Waɗannan su ne, na farko, rajistan ayyukan (takardun aikace-aikacen?), Abin da za a yi da su a Kubernetes, abin da za a yi da su, abin da ya kamata su kasance;
- abin da za a yi tare da daidaitawa a cikin Kubernetes, menene mafi kyawun kuma mafi munin hanyoyi don saita aikace-aikacen Kubernetes;
- Bari mu yi magana game da abin da bincike na isa ga gaba ɗaya, abin da ya kamata su kasance;
- bari mu yi magana game da mene ne rufewar alheri;
- bari mu sake yin magana game da albarkatun;
- Mu sake tabo batun taskance bayanai;
- kuma a ƙarshe zan gaya muku menene kalmar wannan ƙaƙƙarfan aikace-aikacen gajimare na asali. Cloudnativeness, a matsayin sifa na wannan kalma.
Logs
Ina ba da shawarar farawa da rajistan ayyukan - tare da inda waɗannan rajistan ayyukan ke buƙatar tura su a Kubernetes. Yanzu kun ƙaddamar da aikace-aikacen a Kubernetes. Dangane da al'adun gargajiya, aikace-aikacen da suka gabata koyaushe suna rubuta rajistan ayyukan wani wuri a cikin fayil. Mummunan aikace-aikace sun rubuta rajistan ayyukan zuwa fayil a cikin kundin adireshin gida na mai haɓakawa wanda ya ƙaddamar da aikace-aikacen. Kyakkyawan aikace-aikace sun rubuta rajistan ayyukan zuwa fayil wani wuri a ciki /var/log.
Sabili da haka, ci gaba, masu gudanarwa masu kyau suna da wasu abubuwa da aka tsara a cikin kayan aikin su wanda waɗannan rajistan ayyukan za su iya juyawa - rsyslog iri ɗaya, wanda ke kallon waɗannan rajistan ayyukan kuma lokacin da wani abu ya faru da su, akwai da yawa daga cikinsu, yana haifar da kwafin ajiya , yana sanya rajistan ayyukan a can. , yana goge tsoffin fayiloli, sama da mako guda, watanni shida, da wani lokaci. A ka'idar, yakamata mu sami tanadi don kawai saboda aikace-aikacen yana rubuta rajistan ayyukan, sarari akan sabar samarwa (sabarwar yaƙi?) baya ƙarewa. Kuma, bisa ga haka, duk abin da aka samar bai tsaya ba saboda gungumen azaba.
Lokacin da muka matsa zuwa duniyar Kubernetes kuma muna gudanar da abu ɗaya a can, abu na farko da za ku iya kula da shi shine gaskiyar cewa mutane, kamar yadda suka rubuta rajistan ayyukan a cikin fayil, ci gaba da rubuta su.
Ya zama cewa idan muka yi magana game da Kubernetes, wurin da ya dace don rubuta rajistan ayyukan a wani wuri daga kwandon docker shine kawai rubuta su daga aikace-aikacen zuwa abin da ake kira Stdout/Stderr, wato, daidaitattun rafukan fitarwa na tsarin aiki. daidaitaccen fitowar kuskure . Wannan ita ce hanya mafi daidai, mafi sauƙi kuma mafi ma'ana don sanya rajistan ayyukan a cikin Docker kuma musamman a Kubernetis. Domin idan aikace-aikacenku ya rubuta rajistan ayyukan zuwa Stdout/Stderr, to ya rage ga Docker da Kubernetes add-on don yanke shawarar abin da za a yi da waɗannan rajistan ayyukan. Docker ta tsohuwa zai gina fayilolinsa na musamman a tsarin JSON.
Anan tambayar ta taso, me za ku yi a gaba da waɗannan kujerun? Hanya mafi sauƙi a bayyane take, muna da ikon yin hakan kubectl logs kuma ku dubi waɗannan gundumomi na waɗannan “pods”. Amma, tabbas, wannan ba zaɓi mai kyau ba ne - wani abu kuma yana buƙatar yin shi tare da rajistan ayyukan.
A yanzu, bari mu yi magana a lokaci guda, tun da mun taɓa batun gungumen azaba, game da irin wannan abu kamar katako ya kamata ya yi kama. Wato, wannan ba ya shafi Kubernetes kai tsaye, amma idan muka fara tunanin abin da za mu yi da gungumen azaba, zai yi kyau mu yi tunanin wannan ma.
Muna buƙatar wani nau'i na kayan aiki, ta hanyar jin daɗi, wanda zai ɗauki waɗannan rajistan ayyukan da ma'aikacin mu ke sanyawa a cikin fayilolinsa ya aika su wani wuri. Gabaɗaya, yawanci muna ƙaddamar da wani nau'in wakili a cikin Kubernetes a cikin nau'in DaemonSet - mai tattara log, wanda kawai aka faɗa inda rajistan ayyukan da Docker ke tattarawa suke. Kuma wannan wakili na tattarawa kawai yana ɗaukar su, watakila ma ko ta yaya ya rarraba su a hanya, watakila ya wadatar da su da wasu ƙarin bayanan meta kuma, a ƙarshe, ya tura su don ajiya a wani wuri. Bambance-bambancen sun riga sun yiwu a can. Mafi yawanci shine Elasticsearch, inda zaku iya adana rajistan ayyukan kuma zaku iya dawo dasu cikin dacewa daga can. Sannan, ta amfani da buƙatun, ta amfani da Kibana, alal misali, gina jadawali akan su, gina faɗakarwa akan su, da sauransu.
Mafi mahimmancin ra'ayi, Ina so in sake maimaita shi, shine a cikin Docker, musamman a cikin Kubernetes, adana bayanan ku a cikin fayil mummunan ra'ayi ne.
Domin da farko, yana da wahala a sami gundumomi a cikin akwati a cikin fayil. Dole ne ku fara shiga cikin akwati, aiwatar da wurin, sannan ku kalli gunkin. Batu na gaba shine cewa idan kuna da rajistan ayyukan a cikin fayil, to, kwantena yawanci suna da ƙarancin yanayi kuma babu abubuwan amfani waɗanda galibi ana buƙata don aiki na yau da kullun tare da rajistan ayyukan. Binne su, duba su, buɗe su a cikin editan rubutu. Lokaci na gaba shine lokacin da muke da rajistan shiga cikin fayil a cikin akwati, idan an goge wannan akwati, kun fahimta, gunkin zai mutu tare da shi. Saboda haka, duk wani sake kunnawa na akwati yana nufin babu sauran gundumomi. Bugu da ƙari, zaɓi mara kyau.
Kuma batu na ƙarshe shine cewa a cikin kwantena yawanci kuna da aikace-aikacen ku kuma shi ke nan - yawanci shine kawai tsari. Babu wata magana ko kaɗan game da kowane tsari wanda zai juya fayiloli tare da rajistan ayyukan ku. Da zarar an fara rubuta rajistan ayyukan zuwa fayil, wannan yana nufin cewa, uzuri, za mu fara rasa uwar garken samarwa. Domin, da farko, suna da wuyar samun su, babu mai bin diddigin su, kuma babu wanda ke sarrafa su - don haka, fayil ɗin yana girma ba tare da ƙarewa ba har sai sararin da ke kan uwar garke ya ƙare. Saboda haka, na sake cewa shiga Docker, musamman a Kubernetes, zuwa fayil mummunan ra'ayi ne.
Batu na gaba, a nan ina so in sake yin magana game da wannan - tun da yake muna taɓa batun gungumen azaba, zai yi kyau mu yi magana game da yadda ya kamata kujerun su duba domin ya dace da yin aiki tare da su. Kamar yadda na fada, batun ba shi da alaƙa kai tsaye da Kubernetes, amma yana da alaƙa sosai da batun DevOps. A kan batun al'adun ci gaba da abokantaka tsakanin waɗannan sassan biyu daban-daban - Dev da Ops, don kowa ya ji daɗi.
Wannan yana nufin cewa, a yau, ya kamata a rubuta rajistan ayyukan a cikin tsarin JSON. Idan kuna da wasu aikace-aikacen da ba za ku iya fahimta ba na kanku, wanda ke rubuta logs a cikin sigar da ba za a iya fahimta ba saboda kun saka wani nau'in bugu ko wani abu makamancin haka, to lokaci ya yi da za ku google wani nau'in tsarin, wani nau'in wrapper wanda ke ba ku damar aiwatar da log ɗin al'ada; kunna sigogin shiga cikin JSON a can, saboda JSON tsari ne mai sauƙi, ƙaddamarwa yana da sauƙi.
Idan JSON ɗinku baya aiki bisa ga wasu sharuɗɗa, babu wanda ya san menene, sannan aƙalla rubuta rajistan ayyukan a cikin sigar da za'a iya tantancewa. A nan, maimakon haka, yana da daraja tunani game da gaskiyar cewa, alal misali, idan kuna gudanar da tarin kwantena ko kawai aiwatar da nginx, kuma kowannensu yana da saitunan shiga nasa, to tabbas yana da alama cewa zai zama da wahala a gare ku. yi nazarin su. Domin kowane sabon nginx misali kana buƙatar rubuta naka parser, saboda suna rubuta rajistan ayyukan daban. Bugu da ƙari, yana da mahimmanci a yi tunani game da tabbatar da cewa duk waɗannan abubuwan nginx suna da tsarin shiga guda ɗaya kuma sun rubuta duk rajistan ayyukan su gaba ɗaya. Haka ya shafi dukkan aikace-aikace.
A ƙarshe, Ina kuma so in ƙara mai a cikin wuta wanda, daidai, ya kamata a guje wa rajistan ayyukan layi masu yawa. Ga abin, idan kun taɓa yin aiki tare da masu tattara katako, to wataƙila kun ga abin da suka yi muku alkawari, cewa za su iya yin aiki tare da layukan layi ɗaya, sanin yadda ake tattara su, da sauransu. A zahiri, a ganina, babu mai tarawa ɗaya a yau da zai iya tattara rajistan ayyukan layi na yau da kullun, cikakke kuma ba tare da kurakurai ba. Ta hanyar ɗan adam, ta yadda ya dace kuma ba shi da kuskure.
Amma tari ne ko da yaushe Multi-line rajistan ayyukan da yadda za a kauce musu. Tambayar anan ita ce, gungume tarihin wani abu ne, kuma tsayayyen ba gungu ba ne. Idan muka tattara rajistan ayyukan kuma muka sanya su a wani wuri a cikin Elasticsearch sannan zana hotuna daga gare su, gina wasu rahotanni na ayyukan masu amfani akan rukunin yanar gizonku, sannan lokacin da kuka sami tari, yana nufin cewa wani abu da ba a zata yana faruwa ba. Kuma yana da ma'ana ta atomatik loda alamar tari a wani wuri cikin tsarin da zai iya bin su.
Wannan software ce (Sentry iri ɗaya) wacce aka yi ta musamman don aiki tare da tari. Nan da nan za ta iya ƙirƙira ayyuka na atomatik, sanya su ga wani, faɗakarwa lokacin da tsattsauran ra'ayi ya faru, tara waɗannan stattrace ta nau'i ɗaya, da sauransu. A ka'ida, ba shi da ma'ana sosai don yin magana game da stactraces lokacin da muke magana game da gungumen azaba, saboda waɗannan su ne, bayan haka, abubuwa daban-daban tare da dalilai daban-daban.
Kanfigareshan
Na gaba muna magana game da daidaitawa a cikin Kubernetes: abin da za a yi da shi da kuma yadda ya kamata a daidaita aikace-aikacen cikin Kubernetes. Gabaɗaya, yawanci ina faɗi cewa Docker ba game da kwantena ba ne. Kowa ya san cewa Docker game da kwantena ne, har ma waɗanda ba su yi aiki da Docker da yawa ba. Ina maimaitawa, Docker ba game da kwantena ba ne.
Docker, a ganina, game da ma'auni ne. Kuma akwai ƙa'idodi don kusan komai: ƙa'idodin gina aikace-aikacenku, ƙa'idodin shigar da aikace-aikacenku.
Kuma wannan abu - mun yi amfani da shi a baya, kawai ya zama sananne musamman tare da zuwan kwantena - wannan abu ana kiransa ENV (environment) variables, wato, yanayin yanayin da ke cikin tsarin aiki. Wannan ita ce hanyar da ta dace don daidaita aikace-aikacen ku, domin idan kuna da aikace-aikacen a cikin JAVA, Python, Go, Perl, Allah ya kiyaye, kuma duk suna iya karanta ma'aikacin bayanai, mai amfani da bayanai, bayanan kalmar sirri, to yana da kyau. Kuna da aikace-aikace a cikin yaruka daban-daban guda huɗu waɗanda aka saita su a cikin tsarin bayanan ta hanya ɗaya. Babu sauran saiti daban-daban.
Ana iya saita komai ta amfani da masu canji na ENV. Lokacin da muke magana game da Kubernetes, akwai babbar hanya don ayyana masu canjin ENV daidai a cikin Ƙaddamarwa. Saboda haka, idan muna magana ne game da bayanan sirri, to, za mu iya tura bayanan sirri nan da nan daga masu canji na ENV (kalmomin sirri zuwa bayanan bayanai, da sauransu) zuwa cikin sirri, ƙirƙirar gungu na sirri kuma nuna a cikin bayanin ENV a Deployment cewa ba mu bayyana kai tsaye ba. darajar wannan ma'auni, da kuma darajar wannan ma'aunin kalmar sirri za a karanta daga sirrin. Wannan daidaitaccen hali Kubernetes ne. Kuma wannan shine mafi kyawun zaɓi don saita aikace-aikacen ku. Kawai a matakin lambar, kuma wannan ya shafi masu haɓakawa. Idan ku DevOps ne, kuna iya tambaya: “Maza, da fatan za a koyar da aikace-aikacen ku don karanta masu canjin yanayi. Kuma dukkanmu za mu yi farin ciki."
Idan kowa da kowa a cikin kamfanin ya karanta iri ɗaya masu canjin yanayi, to yana da kyau. Don kada ya faru cewa wasu suna jiran bayanan postgres, wasu suna jiran sunan database, wasu suna jiran wani abu dabam, wasu suna jiran dbn wani nau'in, don haka, ana samun daidaito.
Matsalar tana zuwa ne lokacin da kuke da masu canjin yanayi da yawa wanda kawai kun buɗe Deployment - kuma akwai layin ɗari biyar na masu canjin yanayi. A wannan yanayin, kawai kuna da manyan canjin yanayi - kuma ba kwa buƙatar azabtar da kanku. A wannan yanayin, yana da ma'ana don fara amfani da saiti. Wato horar da aikace-aikacen ku don amfani da saiti.
Tambayar kawai ita ce saiti ba shine abin da kuke tunani ba. Config.pi ba saitin da ya dace don amfani ba. Ko wasu config a cikin naka tsarin, a madadin mai baiwa - wannan kuma ba shine tsarin da nake nufi ba.
Abin da nake magana a kai shi ne tsarin daidaitawa a cikin sigar da aka yarda, wato, zuwa yanzu mafi shaharar ma'auni shine ma'aunin .yaml. A bayyane yake yadda ake karanta shi, mutum ne mai iya karantawa, a bayyane yake yadda ake karanta shi daga aikace-aikacen.
Dangane da haka, ban da YAML, zaku iya kuma, alal misali, amfani da JSON, yin la'akari yana da dacewa kamar YAML dangane da karanta tsarin aikace-aikacen daga can. Yana da ban sha'awa fiye da rashin jin daɗi ga mutane su karanta. Kuna iya gwada tsarin, a la ini. Yana da sauƙin karantawa, daga ra'ayin ɗan adam, amma yana iya zama da wahala a aiwatar da shi ta atomatik, ta ma'anar cewa idan kuna son ƙirƙirar saitunan ku, tsarin ini na iya zama da wahala a ƙirƙira.
Amma a kowane hali, kowane tsarin da kuka zaɓa, ma'anar ita ce daga ra'ayi na Kubernetes yana da dacewa sosai. Kuna iya sanya duk tsarin ku a cikin Kubernetes, a cikin ConfigMap. Sannan ɗauki wannan configmap ɗin sannan ka nemi a saka shi a cikin kwas ɗin ku a cikin wasu takamaiman adireshi, inda aikace-aikacenku zai karanta ƙayyadaddun bayanai daga wannan configmap ɗin kamar fayil ne kawai. Wannan, a haƙiƙa, shine abin da ke da kyau a yi idan kuna da zaɓuɓɓukan daidaitawa da yawa a cikin aikace-aikacenku. Ko kuma kawai wani nau'in tsari ne mai rikitarwa, akwai gida.
Idan kuna da taswirar tsarin saiti, to kuna iya koyar da aikace-aikacenku da kyau, misali, don bin diddigin canje-canje ta atomatik a cikin fayil ɗin da aka ɗora taswirar, sannan kuma ta atomatik sake shigar da aikace-aikacenku ta atomatik lokacin da saitunan suka canza. Wannan gabaɗaya zai zama kyakkyawan zaɓi.
Bugu da ƙari, na riga na yi magana game da wannan - bayanan sirri ba a cikin tsarin tsarawa ba, bayanan sirri ba a cikin masu canji ba, bayanan sirri ba a cikin sirri ba. Daga nan, haɗa wannan bayanan sirri zuwa diflomasiya. Yawancin lokaci muna adana duk kwatancen abubuwan Kubernetes, turawa, taswira, ayyuka a git. Don haka, sanya kalmar sirri a cikin rumbun adana bayanai a git, ko da git ɗin ku ne, wanda kuke da shi a cikin kamfani, mummunan tunani ne. Domin, aƙalla, git yana tunawa da komai kuma kawai cire kalmomin shiga daga wurin ba shi da sauƙi.
Duba lafiya
Batu na gaba shine wannan abu da ake kira Kiwon Lafiya. Gabaɗaya, duba Lafiya yana duba kawai cewa aikace-aikacenku yana aiki. A lokaci guda kuma, galibi muna magana ne game da wasu aikace-aikacen yanar gizo, wanda, saboda haka, daga mahangar duba lafiyar lafiya (zai fi kyau kada a fassara anan da ƙari) wannan zai zama wasu URL na musamman, waɗanda suke aiwatarwa kamar haka. misali, yawanci suna yi /health.
Lokacin shiga wannan URL, saboda haka, aikace-aikacenmu yana cewa ko dai "eh, lafiya, komai yana da kyau a wurina, 200" ko "a'a, komai bai yi kyau a wurina ba, wasu 500." Saboda haka, idan aikace-aikacen mu ba http ba ne, ba aikace-aikacen yanar gizo ba, yanzu muna magana ne game da wani nau'in daemon, za mu iya gano yadda ake yin gwajin lafiya. Wato ba lallai ba ne, idan aikace-aikacen ba http ba ne, to komai yana aiki ba tare da bincikar lafiya ba kuma ba za a iya yin hakan ta kowace hanya ba. Kuna iya sabunta wasu bayanai lokaci-lokaci a cikin fayil ɗin, zaku iya fito da wasu umarni na musamman don daemon ku, kamar, daemon status, wanda zai ce "eh, duk abin da yake lafiya, daemon yana aiki, yana da rai."
Menene don me? Abu na farko kuma mafi bayyane shine mai yiwuwa dalilin da yasa ake buƙatar duba lafiyar lafiya - don fahimtar cewa aikace-aikacen yana aiki. Ina nufin, wauta ce kawai, idan ya tashi yanzu, kamar yana aiki, don haka ku tabbata yana aiki. Kuma ya bayyana cewa aikace-aikacen yana gudana, kwandon yana gudana, misalin yana aiki, komai yana da kyau - sannan masu amfani sun riga sun yanke duk lambobin waya daga tallafin fasaha kuma suna cewa "menene ku ..., ku barci ya kwashe, babu abin da ke aiki."
Binciken lafiya shine kawai irin wannan hanyar da za a gani daga ra'ayin mai amfani cewa yana aiki. Daya daga cikin hanyoyin. Mu sanya shi haka. A mahangar Kubernetes, wannan kuma wata hanya ce ta fahimtar lokacin da aka fara aikace-aikacen, domin mun fahimci cewa akwai bambanci tsakanin lokacin da aka kaddamar da kwantena, ƙirƙirar da farawa, da lokacin da aka ƙaddamar da aikace-aikacen kai tsaye a cikin wannan akwati. Domin idan muka ɗauki matsakaiciyar aikace-aikacen java kuma muka yi ƙoƙarin ƙaddamar da shi a cikin tashar jiragen ruwa, to tsawon daƙiƙa arba'in, ko ma minti ɗaya, ko ma goma, yana iya farawa da kyau. A wannan yanayin, za ku iya aƙalla buga tashar jiragen ruwa, ba zai amsa a can ba, wato, bai riga ya shirya don karɓar zirga-zirga ba.
Bugu da ƙari, tare da taimakon gwajin lafiya kuma tare da taimakon gaskiyar cewa muna juyawa a nan, zamu iya fahimta a cikin Kubernetes cewa ba kawai akwati ya tashi a cikin aikace-aikacen ba, amma aikace-aikacen kanta ya fara, ya riga ya amsa ga duba lafiya, wanda ke nufin za mu iya aika zirga-zirga a can.
Abin da nake magana game da shi a yanzu ana kiran gwajin shirye-shiryen / Rayuwa a cikin Kubernetes; saboda haka, gwajin shirye-shiryen mu ne ke da alhakin samuwar aikace-aikacen a daidaitawa. Wato, idan an yi gwajin shirye-shiryen a cikin aikace-aikacen, to komai yayi daidai, zirga-zirgar abokin ciniki yana zuwa aikace-aikacen. Idan ba a yi gwajin shirye-shiryen ba, to aikace-aikacen ba ya shiga kawai, wannan misali na musamman baya shiga cikin daidaitawa, an cire shi daga daidaitawa, zirga-zirgar abokin ciniki baya gudana. Saboda haka, ana buƙatar gwaje-gwajen rayuwa a cikin Kubernetes ta yadda idan aikace-aikacen ya makale, za a iya sake farawa. Idan gwajin rayuwa ba ya aiki don aikace-aikacen da aka ayyana a cikin Kubernetes, to ba a cire aikace-aikacen ba kawai daga daidaitawa, an sake farawa.
Kuma ga wani muhimmin batu da zan so in ambata: daga mahimmin ra'ayi, ana amfani da gwajin shirye-shirye akai-akai kuma ana buƙatar sau da yawa fiye da gwajin rayuwa. Wato, kawai bayyana duka shirye-shirye da gwaje-gwajen rayuwa ba tare da tunani ba, saboda Kubernetes na iya yin hakan, kuma bari mu yi amfani da duk abin da zai iya yi, ba kyakkyawan ra'ayi ba ne. Zan bayyana dalili. Domin batu na biyu a gwaji shine zai zama kyakkyawan ra'ayi don bincika sabis ɗin da ke cikin binciken lafiyar ku. Wannan yana nufin cewa idan kana da aikace-aikacen yanar gizon da ke ba da wasu bayanai, wanda kuma, a zahiri, dole ne a ɗauka daga wani wuri. A cikin database, misali. Da kyau, yana adana bayanan da ke shigowa cikin wannan API ɗin REST cikin ma'ajin bayanai iri ɗaya. Bayan haka, idan gwajin lafiyar ku ya amsa kamar yadda aka tuntuɓi slashhealth, aikace-aikacen yana cewa "200, okay, komai yana da kyau," kuma a lokaci guda ma'aunin bayanan aikace-aikacenku ba zai iya shiga ba, kuma aikace-aikacen binciken lafiyar ya ce "200, okay, komai yana da kyau. ”- Wannan rashin lafiya ne. Wannan ba yadda yakamata yayi aiki ba.
Wato aikace-aikacen ku, lokacin da buƙata ta zo gare ta /health, ba kawai amsa ba, “200, ok”, da farko ya tafi, misali, zuwa ga database, kokarin haɗi zuwa gare shi, ya yi wani abu mai mahimmanci a can, kamar zaɓi ɗaya, kawai bincika cewa akwai haɗi a cikin database kuma za ka iya tambayar database. Idan duk wannan ya yi nasara, to amsar ita ce "200, ok." Idan ba a yi nasara ba, ya ce akwai kuskure, ba a samun rumbun adana bayanai.
Saboda haka, game da wannan, na sake komawa zuwa gwaje-gwajen Shirye-shiryen / Rayuwa - dalilin da yasa za ku iya buƙatar gwajin shiri, amma gwajin rayuwa yana cikin tambaya. Domin idan ka kwatanta duba lafiyar lafiya kamar yadda na fada, to zai zama cewa ba a samuwa a bangaren misaliв или со всех instancea cikin database, misali. Lokacin da kuka ayyana gwajin shirye-shiryen, gwajin lafiyar mu ya fara kasawa, kuma saboda haka duk aikace-aikacen da ba a iya samun damar bayanan bayanan, an kashe su kawai daga daidaitawa kuma a zahiri “sun rataya” kawai a cikin yanayin da ba a kula da su kuma jira bayanan bayanan su aiki.
Idan mun ayyana gwajin rayuwa, to, yi tunanin, bayanan mu ya karye, kuma a cikin Kubernetes rabin komai ya fara farawa saboda gwajin rayuwa ya gaza. Wannan yana nufin kuna buƙatar sake farawa. Wannan ko kadan ba shine abin da kuke so ba, har ma na sami gogewar kaina a aikace. Muna da aikace-aikacen taɗi wanda aka rubuta a cikin JS kuma an ciyar da shi cikin bayanan Mongo. Kuma matsalar ita ce a farkon aikina tare da Kubernetes, mun bayyana shirye-shiryen, rayuwar gwaje-gwaje akan ka'idar cewa Kubernetes na iya yin shi, don haka za mu yi amfani da shi. A sakamakon haka, a wani lokaci Mongo ya zama ɗan "rauni" kuma samfurin ya fara kasawa. Dangane da haka, bisa ga gwajin ruwan sama, kwas ɗin sun fara "kashe".
Kamar yadda kuka fahimta, lokacin da aka "kashe su", wannan hira ce, wato, akwai alaƙa da yawa daga abokan ciniki da ke rataye a kai. Hakanan ana “kashe su” - a'a, ba abokan ciniki ba, haɗin gwiwa kawai - ba duka a lokaci ɗaya ba, kuma saboda gaskiyar cewa ba a kashe su a lokaci ɗaya, wasu a baya, wasu daga baya, ba sa farawa a lokaci guda. lokaci. Tare da daidaitattun bazuwar, ba za mu iya yin hasashen da daidaito na millisecond lokacin farkon aikace-aikacen kowane lokaci ba, don haka suna yin shi misali ɗaya lokaci ɗaya. Ɗayan infospot ya tashi, an ƙara shi zuwa daidaitawa, duk abokan ciniki sun zo wurin, ba zai iya jurewa irin wannan nauyin ba, saboda shi kadai, kuma, a cikin magana, akwai dozin daga cikinsu suna aiki a can, kuma ya fadi. Na gaba ya tashi, duk kayan yana kansa, shi ma ya fadi. To, waɗannan faɗuwar sun ci gaba da ruɗewa. A ƙarshe, yadda aka warware wannan - kawai dole ne mu dakatar da zirga-zirgar masu amfani zuwa wannan aikace-aikacen, bari duk lamura su tashi sannan mu fara duk zirga-zirgar masu amfani lokaci guda ta yadda an riga an rarraba shi tsakanin dukkan lokuta goma.
Idan ba don wannan gwajin rayuwa da ake sanar da shi ba, wanda zai tilasta shi duka ya sake farawa, aikace-aikacen zai yi amfani da shi sosai. Amma komai daga daidaitawa ya lalace a gare mu, saboda bayanan bayanan ba su da damar shiga kuma duk masu amfani sun “fadi”. Sa'an nan, lokacin da wannan database ya samu, duk abin da aka haɗa a cikin daidaitawa, amma aikace-aikace ba bukatar sake farawa, kuma babu bukatar ɓata lokaci da albarkatun a kan wannan. Dukkansu sun riga sun rigaya, suna shirye don zirga-zirga, don haka zirga-zirga kawai yana buɗewa, komai yana da kyau - aikace-aikacen yana cikin wurin, komai yana ci gaba da aiki.
Don haka, gwaje-gwajen shirye-shirye da rayuwa sun bambanta, har ma, za ku iya yin gwaje-gwajen lafiya daban-daban, nau'in radii ɗaya, nau'in liv ɗaya, alal misali, da duba abubuwa daban-daban. Yayin gwaje-gwajen shirye-shiryen, duba bayanan baya. Kuma akan gwajin rayuwa, alal misali, ba ku bincika daga mahangar cewa gwajin rayuwa gabaɗaya aikace-aikacen amsawa ne kawai, idan yana iya ba da amsa kwata-kwata.
Domin gwajin rayuwa, gabaɗaya, shine lokacin da muka “manne.” An fara madauki mara iyaka ko wani abu dabam - kuma ba a sarrafa ƙarin buƙatun. Saboda haka, yana da ma'ana ko da raba su - da aiwatar da dabaru daban-daban a cikinsu.
Game da abin da kuke buƙatar amsa lokacin da kuke yin gwaji, lokacin da kuke yin gwajin lafiya. Yana da gaske zafi. Waɗanda suka saba da wannan wataƙila za su yi dariya - amma da gaske, na ga ayyuka a rayuwata waɗanda ke amsa “200” a cikin XNUMX% na lokuta. Wato wanene yayi nasara. Amma a lokaci guda a cikin jikin amsa suna rubuta "irin wannan kuma irin wannan kuskure."
Wato, matsayin mayar da martani ya zo gare ku - komai yana nasara. Amma a lokaci guda, dole ne ku rarraba jiki, saboda jiki ya ce "yi hakuri, buƙatar ta ƙare da kuskure" kuma wannan gaskiya ne. Na ga wannan a rayuwa ta gaske.
Kuma don kada wasu mutane su same shi mai ban dariya, wasu kuma suna jin zafi sosai, har yanzu yana da daraja a bi ka'ida mai sauƙi. A cikin binciken lafiya, kuma bisa ƙa'ida lokacin aiki tare da aikace-aikacen yanar gizo.
Idan komai ya tafi daidai, to ku amsa da amsar ɗari biyu. A ka'ida, kowace amsa na ɗari biyu za ta dace da ku. Idan kun karanta ragsy sosai kuma ku san cewa wasu matakan amsa sun bambanta da wasu, amsa tare da waɗanda suka dace: 204, 5, 10, 15, komai. Idan ba shi da kyau sosai, to kawai "sifili biyu." Idan komai ya lalace kuma binciken lafiyar bai amsa ba, to amsa da kowane ɗari biyar. Bugu da ƙari, idan kun fahimci yadda ake amsawa, yadda matakan amsa daban-daban suka bambanta da juna. Idan baku gane ba, to 502 shine zaɓinku don amsa tambayoyin lafiya idan wani abu yayi kuskure.
Wannan wani batu ne, Ina so in dawo kadan game da duba ayyukan da ke ƙasa. Idan ka fara, alal misali, duba duk mahimman ayyukan da ke bayan aikace-aikacenka - komai gaba ɗaya. Abin da muke samu daga mahangar gine-ginen microservice, muna da irin wannan ra'ayi kamar "ƙananan haɗin kai" - wato, lokacin da ayyukan ku ba su dogara da juna ba. Idan ɗayansu ya gaza, duk sauran waɗanda ba tare da wannan aikin ba za su ci gaba da aiki kawai. Wasu ayyukan ba sa aiki. Don haka, idan kun ɗaure dukkan matakan kiwon lafiya da juna, to, za ku ƙare tare da faɗuwar abu ɗaya a cikin abubuwan more rayuwa, kuma saboda ya faɗi, duk matakan kiwon lafiya na duk sabis ma sun fara faɗuwa - kuma akwai ƙarin abubuwan more rayuwa gabaɗaya ga duka microservice architecture No. Komai yayi duhu a wurin.
Don haka, ina so in sake maimaita wannan cewa kuna buƙatar bincika ayyukan da ke ƙasa, waɗanda ba tare da abin da aikace-aikacenku a cikin ɗari bisa ɗari na lokuta ba zai iya yin aikinsa ba. Wato yana da ma'ana cewa idan kuna da REST API ta hanyar da mai amfani ke ajiyewa zuwa ma'ajin bayanai ko kuma maidowa daga ma'ajin bayanai, to idan babu ma'ajin bayanai, ba za ku iya ba da garantin aiki tare da masu amfani da ku ba.
Amma idan masu amfani da ku, lokacin da kuke fitar da su daga ma'ajin bayanai, an kuma wadatar da su da wasu metadata, daga wani bangon baya, wanda kuka shigar kafin aika amsa zuwa gaba - kuma wannan baya baya samuwa, wannan yana nufin cewa kun ba da naku. amsa ba tare da wani ɓangare na metadata ba.
Bayan haka, muna da ɗayan batutuwa masu raɗaɗi yayin ƙaddamar da aikace-aikacen.
A zahiri, wannan ba kawai ya shafi Kubernetes gabaɗaya ba; haka ya faru ne cewa al'adun wani nau'in ci gaban taro da DevOps musamman sun fara yaɗuwa a lokaci guda kamar Kubernetes. Don haka, gabaɗaya, ya bayyana cewa kuna buƙatar rufe aikace-aikacen ku da kyau ba tare da Kubernetes ba. Tun kafin Kubernetes, mutane sun yi wannan, amma tare da zuwan Kubernetes, mun fara magana game da shi gabaɗaya.
Kyawawan Rufewa
Gabaɗaya, menene Ƙaƙƙarfan Rufewa kuma me yasa ake buƙata? Wannan game da lokacin da aikace-aikacenku ya rushe saboda wasu dalilai, kuna buƙatar yin app stop - ko kun karɓi, misali, sigina daga tsarin aiki, aikace-aikacenku dole ne ya fahimce shi kuma kuyi wani abu game da shi. Mafi munin yanayin yanayin, ba shakka, shine lokacin da aikace-aikacenku ya karɓi SIGTERM kuma yana kama da "SIGTERM, bari mu tsaya, aiki, kada ku yi komai." Wannan zaɓi mara kyau ne.
Kusan daidai da mummunan zaɓi shine lokacin da aikace-aikacenku ya karɓi SIGTERM kuma yayi kama da "sun ce segterm, wannan yana nufin muna ƙarewa, ban gani ba, ban san kowane buƙatun mai amfani ba, ban san wane irin nau'in ba ne. buƙatun da na yi aiki a kansu a yanzu, sun ce SIGTERM, wannan yana nufin za mu ƙare " Wannan kuma mummunan zaɓi ne.
Wane zaɓi ne mai kyau? Batu na farko shine la'akari da kammala ayyukan. Kyakkyawan zaɓi shine uwar garken ku ta yi la'akari da abin da yake yi idan ta sami SIGTERM.
SIGTERM shine rufewar laushi mai laushi, an tsara shi musamman, ana iya kama shi a matakin lambar, ana iya sarrafa shi, a ce yanzu, jira, mu fara gama aikin da muke da shi, sannan mu fita.
Daga hangen nesa Kubernetes, wannan shine yadda yake kama. Lokacin da muka ce ga kwas ɗin da ke gudana a cikin gungu na Kubernetes, "Don Allah a tsaya, tafi," ko kuma an sake kunna mu, ko kuma sabuntawa ya faru lokacin da Kubernetes ya sake ƙirƙirar kwas ɗin, Kubernetes yana aika saƙon SIGTERM iri ɗaya zuwa ga kwaf ɗin, yana jira. wani lokaci, kuma , wannan shine lokacin da yake jira, shi ma an daidaita shi, akwai irin wannan nau'i na musamman a diploma kuma ana kiransa Graceful ShutdownTimeout. Kamar yadda ka fahimta, ba a kira shi don komai ba, kuma ba don komai ba ne muke magana game da shi a yanzu.
A can za mu iya cewa tsawon lokacin da muke buƙatar jira tsakanin lokacin da muka aika SIGTERM zuwa aikace-aikacen kuma idan muka fahimci cewa aikace-aikacen ya zama kamar ya yi hauka don wani abu ko "manne" kuma ba zai ƙare ba - kuma muna bukatar mu. aika shi SIGKILL, wato, cika aikinsa. Wato, saboda haka, muna da wani nau'in daemon mai gudana, yana aiwatar da ayyuka. Mun fahimci cewa a matsakaita ayyukanmu da daemon ke aiki a kai ba sa wuce daƙiƙa 30 a lokaci ɗaya. Saboda haka, lokacin da SIGTERM ya zo, mun fahimci cewa daemon namu zai iya, aƙalla, ya ƙare 30 seconds bayan SIGTERM. Muna rubuta shi, alal misali, 45 seconds kawai idan akwai kuma cewa SIGTERM. Bayan haka muna jira 45 seconds. A ka’ida, a wannan lokacin aljanin ya kamata ya kammala aikinsa ya kare kansa. Amma idan ba zato ba tsammani ba zai iya ba, yana nufin ya fi dacewa ya makale - ba ya aiki da buƙatun mu akai-akai. Kuma a cikin dakika 45 za ku iya lami lafiya, a zahiri, ku sa shi ƙasa.
Kuma a nan, a gaskiya ma, ko da abubuwa 2 za a iya la'akari da su. Da farko, ku fahimci cewa idan kun sami buƙatu, kun fara aiki tare da ita ko ta yaya kuma ba ku ba da amsa ga mai amfani ba, amma kun karɓi SIGTERM, alal misali. Yana da ma'ana don tace shi kuma ya ba da amsa ga mai amfani. Wannan shi ne batu na daya dangane da haka. Abu na biyu a nan shi ne, idan ka rubuta naka Application, gaba daya gina gine-ginen ta yadda za ka karbi buqatar aikace-aikacenka, sai ka fara wani aiki, ka fara zazzage fayiloli daga wani wuri, zazzage bayanan bayanai, da menene. Wannan. Gabaɗaya, mai amfani da ku, buƙatarku ta rataye na rabin sa'a kuma yana jiran ku don amsa masa - to, wataƙila, kuna buƙatar yin aiki akan gine-gine. Wato, kawai ku yi la'akari ko da hankali cewa idan ayyukanku gajere ne, to yana da ma'ana ku yi watsi da SIGTERM kuma ku gyara shi. Idan ayyukan ku sun yi tsayi, to babu ma'ana a yi watsi da SIGTERM a wannan yanayin. Yana da ma'ana don sake fasalin gine-gine don guje wa irin waɗannan ayyuka masu tsawo. Don haka masu amfani kada su tsaya kawai su jira. Ban sani ba, yi wani irin websocket a can, yi reverse hooks wanda uwar garken zai riga ya aika wa abokin ciniki, wani abu, amma kada ka tilasta mai amfani ya rataya na rabin sa'a kuma kawai jira zaman har sai ka amsa masa. Domin ba a iya hasashen inda zai karye.
Lokacin da aikace-aikacenku ya ƙare, ya kamata ku samar da wasu lambar fita da ta dace. Wato, idan an nemi aikace-aikacen ku ya rufe, dakatar, kuma ya sami damar tsayawa kan kansa akai-akai, to ba kwa buƙatar dawo da wani nau'in lambar fita 1,5,255 da sauransu. Duk abin da ba lambar sifili ba, aƙalla a cikin tsarin Linux, na tabbata da wannan, ana ɗaukar rashin nasara. Wato, ana ganin cewa aikace-aikacenku a wannan yanayin ya ƙare da kuskure. Saboda haka, ta hanyar jin daɗi, idan aikace-aikacenku ya cika ba tare da kuskure ba, kun ce 0 akan fitarwa. Idan aikace-aikacen ku ya gaza saboda wasu dalilai, kun ce ba 0 a cikin fitarwa ba. Kuma zaku iya aiki tare da wannan bayanin.
Kuma zaɓi na ƙarshe. Yana da muni lokacin da mai amfani ya aiko da buƙata kuma ya rataye na rabin sa'a yayin da kuke aiwatar da shi. Amma gabaɗaya, Ina kuma so in faɗi game da abin da ya fi dacewa da shi gabaɗaya daga ɓangaren abokin ciniki. Ba kome ba idan kana da aikace-aikacen hannu, gaba-gaba, da sauransu. Wajibi ne a yi la'akari da cewa a gaba ɗaya za a iya dakatar da zaman mai amfani, wani abu zai iya faruwa. Ana iya aika buƙatu, misali, ba a aiwatar da shi ba kuma ba a mayar da martani ba. Gaban gaban ku ko aikace-aikacen wayar hannu - kowane gaba gaba ɗaya, bari mu sanya shi haka - yakamata kuyi la'akari da wannan. Idan kuna aiki tare da shafukan yanar gizo, wannan shine gabaɗaya mafi munin zafi da na taɓa samu.
Lokacin da masu haɓaka wasu taɗi na yau da kullun ba su san hakan ba, sai dai itace, websocket na iya karye. A gare su, lokacin da wani abu ya faru a wakili, kawai mu canza saitin, kuma yana sake saukewa. A dabi'a, duk zaman da aka dade ana tsage a cikin wannan yanayin. Masu haɓakawa suna zuwa wurinmu suna gudu suna cewa: "Mutane, me kuke yi, tattaunawar ta lalace ga duk abokan cinikinmu!" Muna gaya musu: “Me kuke yi? Shin abokan cinikin ku ba za su iya sake haɗawa ba? Suna cewa: "A'a, muna buƙatar kada a tsage zaman." A taƙaice, wannan maganar banza ce. Dole ne a yi la'akari da gefen abokin ciniki. Musamman, kamar yadda na ce, tare da zaman rayuwa mai tsawo irin su shafukan yanar gizo, zai iya karya kuma, wanda mai amfani bai lura da shi ba, kuna buƙatar samun damar sake shigar da irin waɗannan zaman. Sannan komai ya cika.
Resources
A gaskiya, a nan zan ba ku labari madaidaiciya. Sake daga rayuwa ta gaske. Mafi rashin lafiyan da na taɓa ji game da albarkatu.
Abubuwan albarkatu a wannan yanayin, Ina nufin, wasu nau'ikan buƙatun, iyakoki waɗanda zaku iya sanya kwasfan fayiloli a cikin gungu na Kubernetes. Abu mafi ban dariya da na ji daga mai haɓakawa...Ɗaya daga cikin abokan aikina a wani wurin aiki da ya gabata ya taɓa cewa: "Aikace-aikacena ba zai fara a cikin gungu ba." Na duba don ganin cewa ba a fara ba, amma ko dai bai dace da albarkatun ba, ko kuma sun kafa ƙananan iyaka. A takaice, aikace-aikacen ba zai iya farawa ba saboda albarkatu. Na ce: "Ba zai fara ba saboda albarkatu, za ku yanke shawarar nawa kuke buƙata kuma ku saita ƙimar da ta dace." Ya ce: "Wane irin kayan aiki?" Na fara bayyana masa cewa Kubernetes, iyaka akan buƙatun da blah, blah, blah yana buƙatar saita. Mutumin ya saurari minti biyar, ya gyada kai ya ce: "Na zo nan don yin aiki a matsayin mai haɓakawa, ba na son sanin wani abu game da duk wani abu. Na zo nan ne don rubuta code kuma shi ke nan." Abin bakin ciki ne. Wannan ra'ayi ne mai ban tausayi a ra'ayin mai haɓakawa. Musamman a cikin duniyar zamani, don yin magana, na ci gaba devops.
Me yasa ake buƙatar albarkatun kwata-kwata? Akwai nau'ikan albarkatu guda biyu a cikin Kubernetes. Wasu ana kiran su buƙatun, wasu kuma ana kiran su iyaka. Ta albarkatu za mu fahimci cewa a koyaushe akwai hani guda biyu kawai. Wato, iyakokin lokacin CPU da iyakokin RAM don kwantena da ke gudana a Kubernetes.
Iyaka yana sanya babban iyaka kan yadda za a iya amfani da albarkatu a aikace-aikacenku. Wato, saboda haka, idan ka ce 1GB na RAM a cikin iyaka, to aikace-aikacenka ba zai iya amfani da fiye da 1GB na RAM ba. Idan kuma ba zato ba tsammani ya so kuma ya yi ƙoƙarin yin haka, to wani tsari mai suna oom killer, daga ƙwaƙwalwar ajiya, wato, zai zo ya kashe aikace-aikacenka - wato, kawai za ta sake farawa. Aikace-aikace ba za su sake farawa bisa CPU ba. Dangane da CPU, idan aikace-aikacen ya yi ƙoƙarin yin amfani da yawa, fiye da ƙayyadaddun iyaka, za a zaɓi CPU kawai. Wannan baya haifar da sake farawa. Wannan shine iyaka - wannan shine babba.
Kuma akwai bukata. Buƙatar ita ce yadda Kubernetes ke fahimtar yadda nodes ɗin da ke cikin gungu na Kubernetes ke cika da aikace-aikace. Wato roƙo wani nau'i ne na ƙaddamar da aikace-aikacen ku. Ya ce abin da nake so in yi amfani da shi: "Ina so ku ajiye wannan CPU mai yawa da wannan ƙwaƙwalwar ajiya a gare ni." Irin wannan kwatanci mai sauƙi. Menene idan muna da kumburi wanda ke da, ban sani ba, 8 CPUs gabaɗaya. Kuma wani kwafsa ya isa wurin, wanda buƙatunsa suka ce 1 CPU, wanda ke nufin kumburin yana da CPUs 7. Wato, da zarar 8 pods sun isa wannan kumburi, kowannensu yana da 1 CPU a cikin buƙatun su, kumburin, kamar dai daga mahangar Kubernetes, ya ƙare da CPU kuma ƙarin kwasfa tare da buƙatun ba za su iya zama ba. kaddamar a kan wannan kumburi. Idan duk nodes ɗin sun ƙare da CPU, to Kubernetes zai fara cewa babu nodes masu dacewa a cikin cluster don gudanar da kwas ɗin ku saboda CPU ya ƙare.
Me yasa ake buƙatar buƙatun kuma me yasa ba tare da buƙatun ba, Ina tsammanin babu buƙatar ƙaddamar da wani abu a cikin Kubernetes? Bari mu yi tunanin halin da ake ciki. Kuna ƙaddamar da aikace-aikacen ku ba tare da buƙatun ba, Kubernetes bai san adadin abin da kuke da shi ba, waɗanne nodes ɗin da zaku iya turawa zuwa gare shi. To, yana turawa, ya buge-buge, ya bugi nodes. A wani lokaci, za ku fara samun zirga-zirga zuwa aikace-aikacenku. Kuma ɗaya daga cikin aikace-aikacen ba zato ba tsammani ya fara amfani da albarkatun har zuwa iyakokin da yake da shi bisa ga iyaka. Ya bayyana cewa akwai wani aikace-aikacen kusa kuma yana buƙatar albarkatu. Kullin a zahiri ya fara ƙarewa da albarkatu a zahiri, misali, OP. Kullin a zahiri ya fara ƙarewa na kayan aiki a zahiri, misali, ƙwaƙwalwar samun damar bazuwar (RAM). Lokacin da kumburi ya ƙare wuta, da farko docker zai daina amsawa, sannan cubelet, sannan OS. Za su kawai su shuɗe kuma komai zai daina aiki a gare ku. Wato, wannan zai haifar da kumburin ku ya makale kuma kuna buƙatar sake kunna shi. A takaice dai lamarin bai yi kyau sosai ba.
Kuma lokacin da kuke da buƙatun, iyakokin ba su bambanta sosai ba, aƙalla ba sau da yawa fiye da iyakoki ko buƙatun ba, to, zaku iya samun irin wannan na yau da kullun, cika aikace-aikace na ma'ana a cikin nodes na gungu na Kubernetes. A lokaci guda, Kubernetes yana kusan sane da yawan abin da yake sanyawa a ina, nawa ne abin da ake amfani da shi a inda. Wato, irin wannan lokacin ne kawai. Yana da mahimmanci a gane shi. Kuma yana da mahimmanci a sarrafa cewa ana nuna wannan.
Adana bayanai
Batunmu na gaba shine game da adana bayanai. Abin da za a yi da su kuma a gaba ɗaya, abin da za a yi tare da dagewa a Kubernetes?
Ina tsammanin, kuma, a cikin mu , akwai wani batu game da bayanai a cikin Kubernetes. Kuma ga alama ni ma na san abin da abokan aikinku suka gaya muku lokacin da aka tambaye ku: "Shin zai yiwu a gudanar da bayanai a Kubernetes?" Don wasu dalilai, da alama a gare ni cewa abokan aikinku yakamata su gaya muku cewa idan kuna yin tambaya ko yana yiwuwa a gudanar da bayanai a Kubernetes, to ba zai yiwu ba.
Hankali a nan yana da sauki. Kawai idan, zan sake yin bayani, idan kun kasance mutumin kirki mai kyau wanda zai iya gina ingantaccen tsarin jure juriya na ajiyar hanyar sadarwa, fahimtar yadda ake shigar da bayanai a cikin wannan yanayin, yadda girgijen ɗan ƙasa a cikin kwantena ya kamata yayi aiki. a cikin database a general. Mafi mahimmanci, ba ku da tambaya game da yadda ake gudanar da shi. Idan kuna da irin wannan tambaya, kuma kuna son tabbatar da cewa duk ya bayyana kuma ya tsaya daidai da mutuwa a cikin samarwa kuma bai faɗi ba, to wannan ba ya faruwa. An ba ku tabbacin harba kanku a ƙafa tare da wannan hanyar. Don haka yana da kyau kada a yi.
Me za mu yi da bayanan da aikace-aikacenmu ke son adanawa, da wasu hotuna da masu amfani da su ke lodawa, da wasu abubuwan da aikace-aikacenmu ke samarwa yayin aiki, a lokacin farawa, misali? Me za a yi da su a Kubernetes?
Gabaɗaya, a zahiri, a, ba shakka, Kubernetes an tsara shi sosai kuma gabaɗaya an yi cikinsa don aikace-aikacen marasa ƙasa. Wato ga waɗancan aikace-aikacen da ba sa adana bayanai kwata-kwata. Wannan manufa ce.
Amma, ba shakka, zaɓin manufa ba koyaushe yake wanzu ba. To me? Abu na farko kuma mafi sauƙi shine ɗaukar wani nau'in S3, kawai ba na gida ba, wanda kuma ba a san yadda yake aiki ba, amma daga wasu masu samarwa. Kyakkyawan mai bada sabis na yau da kullun - kuma koya aikace-aikacen ku don amfani da S3. Wato, lokacin da mai amfani da ku ke son loda fayil, ce "nan, don Allah, loda shi zuwa S3." Lokacin da yake son karɓa, sai a ce: "Ga hanyar haɗi zuwa S3 baya kuma ɗauka daga nan." Wannan manufa ce.
Idan ba zato ba tsammani saboda wasu dalilai wannan kyakkyawan zaɓi bai dace ba, kuna da aikace-aikacen da ba ku rubuta ba, ba ku haɓaka ba, ko kuma wani nau'in gado ne mai ban tsoro, ba zai iya amfani da ka'idar S3 ba, amma dole ne kuyi aiki tare da kundayen adireshi a cikin gida. manyan fayiloli na gida . Ɗauki wani abu mafi sauƙi ko žasa mai sauƙi, tura Kubernetes. Wato, nan da nan yin shinge Ceph don wasu ƙananan ayyuka, ga alama a gare ni, mummunan ra'ayi ne. Domin Ceph, ba shakka, yana da kyau da kuma gaye. Amma idan ba ku fahimci ainihin abin da kuke yi ba, to da zarar kun sanya wani abu akan Ceph, zaku iya sauƙi kuma ba za ku sake fitar da shi daga can ba. Domin, kamar yadda kuka sani, Ceph yana adana bayanai a cikin gungu a cikin nau'in binaryar, kuma ba ta hanyar fayiloli masu sauƙi ba. Don haka, idan gungu na Ceph ya rushe ba zato ba tsammani, to akwai yuwuwar cikakkiya kuma ba za ku sake samun bayananku daga can ba.
Za mu yi kwas a kan Ceph, za ku iya .
Saboda haka, yana da kyau a yi wani abu mai sauƙi kamar uwar garken NFS. Kubernetes na iya aiki tare da su, zaku iya hawa kundin adireshi a ƙarƙashin uwar garken NFS - aikace-aikacen ku kamar kundin adireshin gida ne. A lokaci guda, a zahiri, kuna buƙatar fahimtar cewa, kuma, kuna buƙatar yin wani abu tare da NFS ɗin ku, kuna buƙatar fahimtar cewa wani lokacin yana iya zama wanda ba zai iya isa ba kuma kuyi la'akari da tambayar abin da zaku yi a wannan yanayin. Wataƙila ya kamata a adana shi a wani wuri akan na'ura daban.
Batu na gaba da na yi magana game da shi shine abin da za ku yi idan aikace-aikacenku ya haifar da wasu fayiloli yayin aiki. Misali, idan ya fara, yakan haifar da wasu fayiloli a tsaye, wanda ya dogara ne akan wasu bayanan da aikace-aikacen ke karɓa kawai a lokacin ƙaddamarwa. Wani lokaci. Idan babu irin waɗannan bayanan da yawa, to ba lallai ne ku damu ba kwata-kwata, kawai shigar da wannan aikace-aikacen don kanku kuma kuyi aiki. Tambaya kawai anan shine menene, duba. Sau da yawa, kowane nau'in tsarin gado, irin su WordPress da sauransu, musamman tare da gyare-gyaren wasu nau'ikan plugins masu wayo, masu haɓaka PHP masu wayo, sukan san yadda ake yin shi ta yadda za su samar da wani nau'in fayil don kansu. Don haka, ɗayan yana haifar da fayil ɗaya, na biyu yana haifar da fayil na biyu. Sun bambanta. Daidaituwa yana faruwa a cikin gungu na Kubernetes na abokan ciniki kawai kwatsam. A sakamakon haka, yana nuna cewa ba su san yadda za su yi aiki tare a misali ba. Ɗaya yana ba da bayanai ɗaya, ɗayan yana ba mai amfani wani bayani. Wannan wani abu ne da ya kamata ku guje wa. Wato, a cikin Kubernetes, duk abin da kuka ƙaddamar yana da tabbacin samun damar yin aiki a lokuta da yawa. Domin Kubernetes abu ne mai motsi. Don haka, yana iya motsa komai, a duk lokacin da ya ga dama, ba tare da ya tambayi kowa ba ko kaɗan. Don haka, kuna buƙatar ƙidaya akan wannan. Duk abin da aka ƙaddamar a cikin wani misali guda ɗaya zai yi nasara ba dade ko ba dade ba. Da yawan ajiyar ku, mafi kyau. Amma kuma, na ce, idan kuna da ƴan irin waɗannan fayiloli, to kuna iya sanya su daidai a ƙarƙashin ku, suna auna kaɗan. Idan akwai kaɗan daga cikinsu, mai yiwuwa bai kamata ku tura su cikin akwati ba.
Ina ba da shawara cewa akwai irin wannan abu mai ban mamaki a Kubernetes, zaka iya amfani da ƙara. Musamman, akwai ƙarar nau'in dirka mara komai. Wato, kawai Kubernetes zai ƙirƙiri adireshi kai tsaye a cikin kundayen adireshi na sabis akan sabar da kuka fara. Kuma zai ba ku don ku yi amfani da shi. Akwai muhimmin batu guda ɗaya kawai. Wato, ba za a adana bayanan ku a cikin akwati ba, a'a a kan ma'aikacin da kuke gudanar da shi. Bugu da ƙari, Kubernetes na iya sarrafa irin wannan dirs mara kyau a ƙarƙashin tsari na al'ada kuma yana iya sarrafa iyakar girman su kuma kada ya ƙyale shi ya wuce. Abin nufi shi ne abin da kuka rubuta a cikin dirken wofi ba ya ɓace yayin sake kunna kwafsa. Wato idan kwaf ɗinku ya faɗi bisa kuskure kuma ya sake tashi, bayanan da ke cikin dir ɗin wofi ba zai je ko'ina ba. Zai iya sake amfani da shi a sabon farawa - kuma yana da kyau. Idan kwandon ku ya bar wani wuri, to a zahiri zai bar ba tare da bayanai ba. Wato da zaran kwas ɗin daga kumburin da aka harba shi da dirkoki mara komai ya ɓace, sai a goge dir ɗin mara komai.
Menene kuma mai kyau game da dirka mara kyau? Alal misali, ana iya amfani da shi azaman cache. Bari mu yi tunanin cewa aikace-aikacenmu yana haifar da wani abu a kan tashi, yana ba da shi ga masu amfani, kuma yana yin shi na dogon lokaci. Saboda haka, aikace-aikacen, alal misali, yana samar da shi kuma yana ba wa masu amfani, kuma a lokaci guda yana adana shi a wani wuri, ta yadda idan mai amfani ya zo don abu ɗaya, zai yi sauri don ba da shi nan da nan. Za a iya tambayar mara amfani da Kubernetes don ƙirƙirar a ƙwaƙwalwar ajiya. Don haka, caches ɗinku gabaɗaya na iya yin aiki cikin saurin walƙiya - dangane da saurin samun damar diski. Wato kana da komai a cikin memory, a cikin OS an adana shi a cikin ƙwaƙwalwar ajiya, amma a gare ku, ga mai amfani da ke cikin kwasfa, yana kama da directory na gida kawai. Ba kwa buƙatar ƙa'idar don koyar da kowane sihiri musamman. Kuna ɗauka kai tsaye da sanya fayil ɗin ku a cikin kundin adireshi, amma, a zahiri, cikin ƙwaƙwalwar ajiya akan OS. Hakanan wannan sifa ce mai dacewa sosai dangane da Kubernetes.
Wadanne matsaloli ne Minio ke da shi? Babban matsalar Minio ita ce, don wannan abu ya yi aiki, yana buƙatar yana gudana a wani wuri, kuma dole ne a sami wani nau'in tsarin fayil, wato, ajiya. Kuma a nan mun ci karo da irin matsalolin da Ceph ke da shi. Wato Minio dole ne ya adana fayilolinsa a wani wuri. Hanya ce ta HTTP kawai zuwa fayilolinku. Bugu da ƙari, aikin ya fi talauci a fili fiye da na Amazon's S3. A baya can, ba ta iya ba da izini ga mai amfani da kyau. Yanzu, kamar yadda na sani, yana iya riga ya ƙirƙiri buckets tare da izini daban-daban, amma kuma, a gare ni cewa babbar matsalar ita ce, don yin magana, tsarin ajiya na asali a mafi ƙanƙanta.
Ta yaya Empty dir a ƙwaƙwalwar ajiya ke shafar iyakoki? Ba ya shafar iyaka ta kowace hanya. Ya ta'allaka ne a cikin ƙwaƙwalwar ajiyar mai gida, kuma ba a cikin ƙwaƙwalwar ajiyar ku ba. Wato, kwandon ku baya ganin komai a cikin ƙwaƙwalwar ajiya a matsayin wani ɓangare na ƙwaƙwalwar ajiyar da ke ciki. Mai gida yana ganin wannan. Saboda haka, a, daga ra'ayi na kubernetes, lokacin da kuka fara amfani da wannan, zai yi kyau ku fahimci cewa kuna ba da wani ɓangare na ƙwaƙwalwar ajiyar ku zuwa dirka mara kyau. Kuma a kan haka, ku fahimci cewa ƙwaƙwalwar ajiya na iya ƙare ba kawai saboda aikace-aikace ba, amma kuma saboda wani ya rubuta zuwa waɗannan dirs maras kyau.
Cloudnativeness
Kuma batu na ƙarshe shine abin da Cloudnative yake. Me yasa ake bukata? Gajimare da sauransu.
Wato, waɗancan aikace-aikacen da ke da iko da rubuce-rubuce don yin aiki a cikin kayan aikin girgije na zamani. Amma, a zahiri, Cloudnative yana da wani irin wannan yanayin. Cewa wannan ba kawai aikace-aikacen da ke yin la'akari da duk abubuwan da ake bukata na kayan aikin girgije na zamani ba, amma kuma ya san yadda ake aiki tare da wannan kayan aikin girgije na zamani, yin amfani da fa'ida da rashin amfani da gaskiyar cewa yana aiki a cikin waɗannan gizagizai. Kada ku wuce gona da iri kuma kuyi aiki a cikin girgije, amma kuyi amfani da fa'idodin yin aiki a cikin girgije.
Bari mu ɗauki Kubernetes a matsayin misali. Aikace-aikacenku yana gudana a Kubernetes. Aikace-aikacenku na iya koyaushe, ko kuma masu gudanarwa na aikace-aikacenku, koyaushe suna iya ƙirƙirar asusun sabis. Wato, asusun izini a cikin Kubernetes da kansa a cikin uwar garken sa. Ƙara wasu haƙƙoƙin da muke buƙata a wurin. Kuma zaku iya samun damar Kubernetes daga cikin aikace-aikacen ku. Me za ku iya yi haka? Misali, daga aikace-aikacen, karɓi bayanai game da inda sauran aikace-aikacenku, wasu lokuta masu kama da juna suke, kuma tare ko ta yaya tari a saman Kubernetes, idan akwai irin wannan buƙata.
Bugu da ƙari, mun sami ƙarar a zahiri kwanan nan. Muna da mai sarrafawa guda ɗaya wanda ke lura da jerin gwano. Kuma lokacin da wasu sabbin ayyuka suka bayyana a cikin wannan jerin gwano, yana zuwa Kubernetes - kuma a cikin Kubernetes yana ƙirƙirar sabon kwasfa. Yana ba wannan kwas ɗin sabon ɗawainiya kuma a cikin tsarin wannan kwaf ɗin, kwaf ɗin yana yin aikin, aika da martani ga mai sarrafa kansa, sannan mai sarrafawa ya yi wani abu da wannan bayanin. Misali, yana ƙara rumbun adana bayanai. Wato, kuma, wannan ƙari ne na gaskiyar cewa aikace-aikacenmu yana gudana a Kubernetes. Za mu iya amfani da ginanniyar ayyukan Kubernetes da kanta don faɗaɗa ko ta yaya aikin aikace-aikacen mu ya fi dacewa. Wato, kar a ɓoye wani nau'in sihiri game da yadda ake ƙaddamar da aikace-aikacen, yadda ake ƙaddamar da ma'aikaci. A cikin Kubernetes, kawai kuna aika buƙatu a cikin app idan an rubuta aikace-aikacen a cikin Python.
Hakanan ya shafi idan muka wuce Kubernetes. Muna da Kubernetes ɗinmu suna gudana a wani wuri - yana da kyau idan yana cikin wani nau'in gajimare. Bugu da ƙari, za mu iya amfani da, har ma ya kamata, na yi imani, amfani da damar girgijen da kanta inda muke gudana. Daga abubuwan farko da girgije ke ba mu. Daidaitawa, wato, za mu iya ƙirƙirar ma'aunin girgije kuma mu yi amfani da su. Wannan fa'idar kai tsaye ce ta abin da za mu iya amfani da ita. Saboda daidaitawar gajimare, da farko, cikin wauta kawai yana kawar da alhakin yadda yake aiki, yadda aka daidaita shi. Bugu da ƙari yana da matukar dacewa, saboda Kubernetes na yau da kullum na iya haɗawa da girgije.
Haka abin ya ke wajen gwargwado. Kubernetes na yau da kullun na iya haɗawa tare da masu samar da girgije. Ya san yadda za a fahimci cewa idan gungu ya ƙare daga nodes, wato, sararin node ya ƙare, to kuna buƙatar ƙara - Kubernetes da kanta za ta ƙara sababbin nodes a cikin gungun ku kuma fara kaddamar da pods a kansu. Wato lokacin da kaya ya zo, adadin murhu ya fara karuwa. Lokacin da nodes a cikin gungu ya ƙare don waɗannan kwas ɗin, Kubernetes ya ƙaddamar da sababbin nodes kuma, bisa ga haka, adadin kwas ɗin na iya ƙaruwa har yanzu. Kuma ya dace sosai. Wannan dama ce kai tsaye don auna gungu akan tashi. Ba da sauri sosai ba, a ma'anar cewa ba daƙiƙa ba ne, ya fi kamar minti ɗaya don ƙara sabbin nodes.
Amma daga gwaninta, kuma, shine mafi kyawun abin da na taɓa gani. Lokacin da gungu na Cloudnative ya ƙaru dangane da lokacin rana. Sabis ne na baya wanda mutane ke amfani da shi a ofishin baya. Wato suna zuwa aiki da karfe 9 na safe, su fara shiga cikin tsarin, don haka, Cloudnative cluster, inda duk yake gudana, ya fara kumbura, suna kaddamar da sababbin kwasfa don duk wanda ya zo aiki ya yi aiki da aikace-aikacen. Lokacin da suka bar aiki a karfe 8 na yamma ko 6 na yamma, ƙungiyoyin Kubernetes sun lura cewa babu wanda ke amfani da aikace-aikacen kuma ya fara raguwa. An ba da garantin ajiyar kuɗi har zuwa kashi 30. Ya yi aiki a Amazon a wancan lokacin; a lokacin babu wanda zai iya yin hakan sosai a Rasha.
Zan gaya muku kai tsaye, ajiyar kuɗi shine kashi 30 kawai saboda muna amfani da Kubernetes kuma muna amfani da damar girgije. Yanzu ana iya yin wannan a Rasha. Ba zan yi talla ga kowa ba, ba shakka, amma bari kawai mu ce akwai masu samar da za su iya yin wannan, samar da shi kai tsaye daga cikin akwatin tare da maɓallin.
Akwai batu na ƙarshe wanda kuma zan so in ja hankalin ku a kai. Domin aikace-aikacen ku, kayan aikin ku su zama Cloudnative, yana da mahimmanci a ƙarshe ku fara daidaita tsarin da ake kira Infrastructure as Code. code Yi bayanin aikace-aikacenku, dabarun kasuwancin ku ta hanyar lamba. Kuma yi aiki da shi azaman code, wato, gwada shi, mirgine shi, adana shi a git, shafa CICD gare shi.
Kuma wannan shine ainihin abin da ke ba ku damar, na farko, koyaushe ku sami iko akan ababen more rayuwa, koyaushe fahimtar yanayin da yake ciki. Na biyu, guje wa ayyukan hannu waɗanda ke haifar da kurakurai. Na uku, guje wa abin da ake kira juyawa, lokacin da kuke buƙatar aiwatar da ayyuka iri ɗaya koyaushe. Abu na hudu, yana ba ku damar murmurewa da sauri a cikin yanayin rashin nasara. A Rasha, duk lokacin da na yi magana game da wannan, koyaushe akwai adadin mutane da yawa waɗanda ke cewa: "Ee, a bayyane yake, amma kuna da hanyoyin, a takaice, babu buƙatar gyara wani abu." Amma gaskiya ne. Idan wani abu ya karye a cikin ababen more rayuwa, to daga mahangar tsarin Cloudnative da kuma mahangar Infrastructure a matsayin Code, maimakon gyara shi, zuwa uwar garken, gano abin da ya lalace da gyara shi, yana da sauƙi. don share uwar garken kuma a sake ƙirƙira shi. Kuma zan dawo da duk wannan.
Duk waɗannan batutuwa an tattauna su dalla-dalla a . Ta bin hanyar haɗin za ku iya sanin kanku da shirin da yanayin. Abinda ya dace shine zaku iya sarrafa Kubernetes ta yin karatu daga gida ko aiki na awanni 1-2 a rana.
source: www.habr.com