Lura. fassara: Wannan labarin wani ɓangare ne na kayan aikin da aka buga a cikin jama'a , kamfanoni masu horarwa da masu gudanarwa guda ɗaya don yin aiki tare da Kubernetes. A ciki, Daniele Polencic, manajan aikin, ya ba da umarnin gani akan matakan da za a ɗauka idan akwai matsaloli na gaba ɗaya tare da aikace-aikacen da ke gudana akan gungu na K8s.
TL; DR: ga zane wanda zai taimaka muku cire aikin turawa a Kubernetes:
Jadawalin yawo don ganowa da gyara kurakurai a cikin tari. Asalin (a Turanci) yana samuwa a и .
Lokacin tura aikace-aikace zuwa Kubernetes, yawanci akwai abubuwa uku da kuke buƙatar ayyana:
- girke - wannan wani nau'i ne na girke-girke don ƙirƙirar kwafin aikace-aikacen, wanda ake kira pods;
- Service - ma'aunin nauyi na ciki wanda ke rarraba zirga-zirga tsakanin kwasfa;
- Ingress - bayanin yadda zirga-zirgar zirga-zirga za ta tashi daga duniyar waje zuwa Sabis.
Anan ga taƙaitaccen hoto mai sauri:
1) A cikin Kubernetes, aikace-aikacen suna karɓar zirga-zirga daga duniyar waje ta hanyar nau'i biyu na ma'aunin nauyi: ciki da waje.
2) Ma'auni na ciki ana kiransa Service, na waje kuma ana kiransa Ingress.
3) Aiwatar da aiki yana ƙirƙirar kwasfa da saka idanu (ba a ƙirƙira su da hannu ba).
Bari mu ce kuna son tura aikace-aikacen mai sauƙi a la Sannu Duniya. Tsarin YAML don shi zai yi kama da haka:
apiVersion: apps/v1
kind: Deployment # <<<
metadata:
name: my-deployment
labels:
track: canary
spec:
selector:
matchLabels:
any-name: my-app
template:
metadata:
labels:
any-name: my-app
spec:
containers:
- name: cont1
image: learnk8s/app:1.0.0
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service # <<<
metadata:
name: my-service
spec:
ports:
- port: 80
targetPort: 8080
selector:
name: app
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress # <<<
metadata:
name: my-ingress
spec:
rules:
- http:
paths:
- backend:
serviceName: app
servicePort: 80
path: /Ma'anar tana da tsayi sosai kuma yana da sauƙi a ruɗe game da yadda abubuwan haɗin ke da alaƙa da juna.
Alal misali:
- Yaushe ya kamata ku yi amfani da tashar jiragen ruwa 80 kuma yaushe ya kamata ku yi amfani da 8080?
- Shin zan ƙirƙiri sabon tashar jiragen ruwa don kowane sabis don kada su yi rikici?
- Shin sunaye suna da mahimmanci? Ya kamata su zama iri ɗaya a ko'ina?
Kafin mu mai da hankali kan gyara kurakurai, bari mu tuna yadda abubuwa uku ke da alaƙa da juna. Bari mu fara da Aiwatar da Sabis.
Dangantaka tsakanin Ƙaddamarwa da Sabis
Za ku yi mamaki, amma Ƙaddamarwa da Sabis ba a haɗa su ba. Madadin haka, Sabis yana nuna kai tsaye zuwa Pods, ketare ƙaddamarwa.
Don haka, muna sha'awar yadda Pods da Sabis ke da alaƙa da juna. Abubuwa uku da ya kamata a tuna:
- Zabi (
selector) don Sabis dole ne ya dace da aƙalla lakabin Pod ɗaya. -
targetPortdole ne ya dacecontainerPortakwati a cikin Pod. -
portSabis na iya zama komai. Ayyuka daban-daban na iya amfani da tashar jiragen ruwa ɗaya saboda suna da adiresoshin IP daban-daban.
Zane mai zuwa yana wakiltar duk abubuwan da ke sama a sigar hoto:
1) Ka yi tunanin cewa sabis ɗin yana jagorantar zirga-zirga zuwa wani fasfo:
2) Lokacin ƙirƙirar kwasfa, dole ne ka saka containerPort ga kowane akwati a cikin kwasfa:
3) Lokacin ƙirƙirar sabis, dole ne ka saka port и targetPort. Amma wanne ake amfani dashi don haɗawa da akwati?
4) Ta hanyar targetPort. Dole ne ya dace containerPort.
5) Bari mu ce tashar jiragen ruwa 3000 tana buɗewa a cikin kwantena. Sannan ƙimar targetPort ya kamata ya zama iri ɗaya.
A cikin fayil ɗin YAML, lakabi da ports / targetPort dole ne ya dace:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
labels:
track: canary
spec:
selector:
matchLabels:
any-name: my-app
template:
metadata:
labels: # <<<
any-name: my-app # <<<
spec:
containers:
- name: cont1
image: learnk8s/app:1.0.0
ports:
- containerPort: 8080 # <<<
---
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
ports:
- port: 80
targetPort: 8080 # <<<
selector: # <<<
any-name: my-app # <<<
Me game da lakabin track: canary a saman sashin turawa? Ya dace ya dace?
Wannan lakabin ƙayyadaddun ƙaddamarwa ne kuma sabis ɗin ba ya amfani da shi don yin zirga-zirga. A wasu kalmomi, ana iya cire shi ko sanya wata ƙima ta daban.
Me game da mai zaɓe matchLabels?
Dole ne koyaushe ya dace da alamun Pod, tunda ana amfani da shi ta hanyar Deployment don waƙa da kwasfa.
Bari mu ɗauka kun yi gyara daidai. Yadda za a duba su?
Kuna iya duba alamar kwas ɗin tare da umarni mai zuwa:
kubectl get pods --show-labelsKo, idan kwas ɗin na cikin aikace-aikace da yawa:
kubectl get pods --selector any-name=my-app --show-labels
Inda any-name=my-app lakabi ne any-name: my-app.
Akwai wasu matsaloli da suka rage?
Kuna iya haɗawa da kwas ɗin! Don yin wannan kuna buƙatar amfani da umarnin port-forward in kubectl. Yana ba ka damar haɗi zuwa sabis ɗin kuma duba haɗin.
kubectl port-forward service/<service name> 3000:80A nan:
-
service/<service name>- sunan sabis; a wajenmu haka yakemy-service; - 3000 ita ce tashar da ake buƙatar buɗewa akan kwamfutar;
- 80 - tashar jiragen ruwa da aka ƙayyade a cikin filin
portsabis.
Idan haɗin an kafa shi, to saituna daidai ne.
Idan haɗin ya gaza, akwai matsala tare da lakabin ko tashoshin jiragen ruwa ba su daidaita ba.
Dangantaka tsakanin Sabis da Ingress
Mataki na gaba don samar da damar yin amfani da aikace-aikacen ya haɗa da kafa Ingress. Ingress yana buƙatar sanin yadda ake nemo sabis, sannan nemo kwas ɗin da kuma kai tsaye zuwa gare su. Ingress yana samun sabis ɗin da ake buƙata ta suna da buɗe tashar jiragen ruwa.
A cikin bayanin Ingress da Sabis dole ne sigogi biyu su daidaita:
-
servicePortIngress dole ne ya dace da sigaportcikin Sabis; -
serviceNamea Ingress dole ne ya dace da filinnamein Service.
Zane mai zuwa yana taƙaita haɗin tashar jiragen ruwa:
1) Kamar yadda kuka riga kuka sani, Sabis yana sauraron wasu port:
2) Ingress yana da siga da ake kira servicePort:
3) Wannan sigar (servicePort) dole ne koyaushe ya dace port a cikin ma'anar Sabis:
4) Idan an ƙayyade tashar jiragen ruwa 80 a cikin Sabis, to ya zama dole servicePort ya kuma kasance daidai da 80:
A aikace, kuna buƙatar kula da layin masu zuwa:
apiVersion: v1
kind: Service
metadata:
name: my-service # <<<
spec:
ports:
- port: 80 # <<<
targetPort: 8080
selector:
any-name: my-app
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- http:
paths:
- backend:
serviceName: my-service # <<<
servicePort: 80 # <<<
path: /Yadda za a bincika idan Ingress yana gudana?
Kuna iya amfani da hanyar tare da kubectl port-forward, amma maimakon sabis ɗin kuna buƙatar haɗi zuwa mai sarrafa Ingress.
Da farko kuna buƙatar nemo sunan kwaf ɗin tare da mai sarrafa Ingress:
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS
kube-system coredns-5644d7b6d9-jn7cq 1/1 Running
kube-system etcd-minikube 1/1 Running
kube-system kube-apiserver-minikube 1/1 Running
kube-system kube-controller-manager-minikube 1/1 Running
kube-system kube-proxy-zvf2h 1/1 Running
kube-system kube-scheduler-minikube 1/1 Running
kube-system nginx-ingress-controller-6fc5bcc 1/1 Running
Nemo kwaf ɗin Ingress (zai iya kasancewa a cikin wani sunan daban) kuma gudanar da umarni describedon gano lambobin tashar jiragen ruwa:
kubectl describe pod nginx-ingress-controller-6fc5bcc
--namespace kube-system
| grep Ports
Ports: 80/TCP, 443/TCP, 18080/TCPA ƙarshe, haɗa zuwa kwas ɗin:
kubectl port-forward nginx-ingress-controller-6fc5bcc 3000:80 --namespace kube-systemYanzu duk lokacin da ka aika buƙatun zuwa tashar jiragen ruwa 3000 a kan kwamfutarka, za a tura shi zuwa tashar jiragen ruwa 80 na pod tare da Ingress controller. Ta hanyar zuwa , yakamata ku ga shafin da aikace-aikacen ya samar.
Takaitacciyar tashar jiragen ruwa
Bari mu sake tuna waɗanne tashoshin jiragen ruwa da alamun dole ne su dace:
- Dole ne mai zaɓi a cikin ma'anar Sabis ɗin ya dace da lakabin kwafsa;
-
targetPorta cikin ma'anar dole ne Sabis ɗin ya dacecontainerPortakwati a cikin kwasfa; -
porta cikin ma'anar Sabis na iya zama wani abu. Ayyuka daban-daban na iya amfani da tashar jiragen ruwa ɗaya saboda suna da adiresoshin IP daban-daban; -
servicePortDole ne shiga ya daceporta cikin ma'anar Sabis; - Dole ne sunan sabis ya dace da filin
serviceNamein Ingress.
Abin takaici, bai isa sanin yadda ake tsara tsarin YAML da kyau ba.
Me zai faru idan abubuwa ba su da kyau?
Maiyuwa ne kwaf ɗin ba zai fara ba ko kuma yana iya faɗuwa.
Matakai 3 don Gane Matsalolin Aikace-aikacen a Kubernetes
Kafin ka fara gyara aikin aikinka, kana buƙatar samun kyakkyawar fahimtar yadda Kubernetes ke aiki.
Tunda kowane aikace-aikacen da aka sauke a cikin K8s yana da sassa uku, yakamata a yi gyara su ta wani tsari, farawa daga ƙasa.
- Da farko kuna buƙatar tabbatar da cewa kwas ɗin suna aiki, sannan ...
- Bincika idan sabis ɗin yana ba da zirga-zirgar ababen hawa zuwa kwas ɗin, sannan...
- Bincika idan an saita Ingress daidai.
Wakilin gani:
1) Ka fara neman matsaloli tun daga tushe. Da farko a duba cewa kwas ɗin suna da matsayi Ready и Running:
2) Idan kwas ɗin suna shirye (Ready), yakamata ku gano ko sabis ɗin yana rarraba zirga-zirga tsakanin kwasfa:
3) A ƙarshe, kuna buƙatar bincika haɗin tsakanin sabis da Ingress:
1. Binciken kwasfa
A mafi yawan lokuta matsalar tana da alaƙa da kwafsa. Tabbatar an jera kwas ɗin su azaman Ready и Running. Kuna iya duba wannan ta amfani da umarnin:
kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 0/1 ImagePullBackOff 0 47h
app2 0/1 Error 0 47h
app3-76f9fcd46b-xbv4k 1/1 Running 1 47h
A cikin fitarwar umarni da ke sama, an jera kwas ɗin ƙarshe azaman Running и Ready, duk da haka, wannan ba haka bane ga sauran biyun.
Yadda za a gane abin da ba daidai ba?
Akwai umarni huɗu masu fa'ida don bincikar kwas ɗin:
-
kubectl logs <имя pod'а>ba ka damar cire rajistan ayyukan daga kwantena a cikin kwasfa; -
kubectl describe pod <имя pod'а>yana ba ku damar duba jerin abubuwan da suka faru da ke da alaƙa da kwafsa; -
kubectl get pod <имя pod'а>yana ba ku damar samun tsarin YAML na kwas ɗin da aka adana a Kubernetes; -
kubectl exec -ti <имя pod'а> bashyana ba ku damar ƙaddamar da harsashi mai mu'amala da umarni a cikin ɗayan kwantenan kwas ɗin
Wanne ya kamata ku zaba?
Gaskiyar ita ce, babu wani umarni na duniya. Haɗin waɗannan yakamata a yi amfani da su.
Matsalolin kwafsa na yau da kullun
Akwai manyan nau'ikan kurakuran kwas guda biyu: kurakuran farawa da kurakuran lokacin aiki.
Kurakurai na farawa:
-
ImagePullBackoff -
ImageInspectError -
ErrImagePull -
ErrImageNeverPull -
RegistryUnavailable -
InvalidImageName
Kurakurai lokacin aiki:
-
CrashLoopBackOff -
RunContainerError -
KillContainerError -
VerifyNonRootError -
RunInitContainerError -
CreatePodSandboxError -
ConfigPodSandboxError -
KillPodSandboxError -
SetupNetworkError -
TeardownNetworkError
Wasu kurakurai sun fi yawa fiye da wasu. Ga wasu kurakurai da suka fi yawa da kuma yadda ake gyara su.
ImagePullBackOff
Wannan kuskuren yana faruwa lokacin da Kubernetes ya kasa samun hoto don ɗaya daga cikin kwantena. Ga dalilai guda uku da suka fi yawa akan haka:
- Sunan hoton ba daidai ba ne - misali, kun yi kuskure a ciki, ko hoton ba ya wanzu;
- An ƙayyade alamar da ba ta wanzu don hoton;
- Ana adana hoton a cikin wurin yin rajista mai zaman kansa kuma Kubernetes bashi da izini don samun dama gare shi.
Dalilai biyu na farko suna da sauƙin kawar - kawai gyara sunan hoton da alamar. A cikin yanayin na ƙarshe, kuna buƙatar shigar da takaddun shaidar rufaffiyar rajista a cikin Sirrin kuma ƙara hanyoyin haɗin kai zuwa gare ta a cikin kwasfa. A cikin takardun Kubernetes yadda za a iya yin hakan.
Crash Loop Baya Kashe
Kubenetes ya jefa kuskure CrashLoopBackOff, idan kwandon ba zai iya farawa ba. Wannan yawanci yana faruwa idan:
- Akwai bug a cikin aikace-aikacen da ke hana shi ƙaddamarwa;
- Akwati ;
- Gwajin Rayuwa ya gaza sau da yawa.
Dole ne ku yi ƙoƙari ku je gungumen azaba daga akwati don gano dalilin rashin nasararsa. Idan yana da wahala don isa ga rajistan ayyukan saboda kwandon yana sake farawa da sauri, zaku iya amfani da umarni mai zuwa:
kubectl logs <pod-name> --previousYana nuna saƙonnin kuskure daga shigar da akwati a baya.
Kuskuren RunContainer
Wannan kuskure yana faruwa lokacin da kwantena ya kasa farawa. Ya yi daidai da lokacin da aka ƙaddamar da aikace-aikacen. Yawanci yana faruwa ta hanyar saitunan da ba daidai ba, misali:
- ƙoƙarin ɗaga ƙarar da ba ta wanzu kamar ConfigMap ko Asirin;
- yunƙurin ɗaga ƙarar karantawa kawai kamar yadda ake karantawa.
Ƙungiyar ta dace sosai don nazarin irin waɗannan kurakurai kubectl describe pod <pod-name>.
Pods suna cikin Jigon da ake jira
Da zarar an ƙirƙira, kwas ɗin ya kasance a cikin jihar Pending.
Me yasa hakan ke faruwa?
Anan ga dalilai masu yiwuwa (Ina tsammanin mai tsara tsarin yana aiki lafiya):
- Tarin ba shi da isassun kayan aiki, kamar sarrafa iko da ƙwaƙwalwar ajiya, don gudanar da kwafsa.
- An shigar da abu a cikin sunan da ya dace
ResourceQuotakuma ƙirƙirar kwasfa zai sa wurin sunan ya wuce adadin. - Pod yana daure yana jiran
PersistentVolumeClaim.
A wannan yanayin, ana bada shawarar yin amfani da umarnin kubectl describe kuma duba sashin Events:
kubectl describe pod <pod name>
Idan akwai kurakurai masu alaƙa ResourceQuotas, ana ba da shawarar duba gunkin tari ta amfani da umarnin
kubectl get events --sort-by=.metadata.creationTimestampPods ba a Shirya ba
Idan an jera kwas ɗin kamar Running, amma baya cikin hali Ready, yana nufin duba shirye-shiryensa (binciken shirye shirye) kasa.
Lokacin da wannan ya faru, kwaf ɗin baya haɗawa da sabis ɗin kuma babu zirga-zirgar ababen hawa zuwa gare ta. Rashin nasarar gwajin shirye-shiryen yana haifar da matsaloli a cikin aikace-aikacen. A wannan yanayin, don nemo kuskuren, kuna buƙatar bincika sashin Events a cikin fitarwar umarni kubectl describe.
2. Binciken sabis
Idan an jera kwas ɗin kamar Running и Ready, amma har yanzu babu amsa daga aikace-aikacen, yakamata ku duba saitunan sabis.
Sabis suna da alhakin tafiyar da zirga-zirgar ababen hawa zuwa kwasfan fayiloli dangane da alamun su. Sabili da haka, abu na farko da kuke buƙatar yi shine duba adadin kwas ɗin da ke aiki tare da sabis ɗin. Don yin wannan, zaku iya bincika ƙarshen sabis ɗin:
kubectl describe service <service-name> | grep Endpoints
Ƙarshen madaidaicin nau'i ne na nau'i <IP-адрес:порт>, kuma aƙalla irin waɗannan nau'i-nau'i dole ne su kasance a cikin fitarwa (wato, aƙalla guda ɗaya yana aiki tare da sabis).
Idan sashe Endpoins fanko, zaɓuɓɓuka biyu suna yiwuwa:
- babu kwas ɗin da ke da alamar daidai (alamu: duba idan an zaɓi sunan sunan daidai);
- Akwai kuskure a cikin alamun sabis a cikin mai zaɓi.
Idan kun ga jerin abubuwan ƙarshe amma har yanzu ba za ku iya samun damar aikace-aikacen ba, to mai yiwuwa mai laifi shine kwaro a ciki. targetPort a cikin bayanin sabis.
Yadda za a duba ayyukan sabis?
Ko da kuwa nau'in sabis ɗin, zaka iya amfani da umarnin kubectl port-forward don haɗa shi:
kubectl port-forward service/<service-name> 3000:80A nan:
-
<service-name>- sunan sabis; - 3000 ita ce tashar da kuke buɗewa akan kwamfutar;
- 80 - tashar jiragen ruwa a gefen sabis.
3. Ciwon ciki
Idan kun karanta wannan zuwa yanzu, to:
- an jera kwas ɗin kamar
RunningиReady; - sabis ɗin ya sami nasarar rarraba zirga-zirga tsakanin kwasfa.
Koyaya, har yanzu ba za ku iya isa ga app ɗin ba.
Wannan yana nufin cewa mai sarrafa Ingress ba zai iya daidaita shi daidai ba. Tunda mai sarrafa Ingress wani bangare ne na ɓangare na uku a cikin tari, akwai hanyoyin gyara kurakurai daban-daban dangane da nau'in sa.
Amma kafin ka fara amfani da kayan aiki na musamman don saita Ingress, zaka iya yin wani abu mai sauƙi. Ingress yana amfani serviceName и servicePort don haɗi zuwa sabis. Kuna buƙatar bincika idan an daidaita su daidai. Kuna iya yin wannan ta amfani da umarnin:
kubectl describe ingress <ingress-name>
Idan shafi Backend fanko, akwai babban yuwuwar kuskuren daidaitawa. Idan abubuwan baya suna wurin, amma har yanzu aikace-aikacen ba a samu ba, to matsalar na iya kasancewa da alaƙa da:
- Saitunan shiga shiga daga Intanet na jama'a;
- Saitunan samun damar gungu daga Intanet na jama'a.
Kuna iya gano matsaloli tare da abubuwan more rayuwa ta hanyar haɗa kai tsaye zuwa kwafin Ingress. Don yin wannan, da farko nemo kwaf ɗin Ingress Controller (yana iya kasancewa a cikin wani sunan daban):
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS
kube-system coredns-5644d7b6d9-jn7cq 1/1 Running
kube-system etcd-minikube 1/1 Running
kube-system kube-apiserver-minikube 1/1 Running
kube-system kube-controller-manager-minikube 1/1 Running
kube-system kube-proxy-zvf2h 1/1 Running
kube-system kube-scheduler-minikube 1/1 Running
kube-system nginx-ingress-controller-6fc5bcc 1/1 Running
Yi amfani da umarnin describedon saita tashar jiragen ruwa:
kubectl describe pod nginx-ingress-controller-6fc5bcc
--namespace kube-system
| grep PortsA ƙarshe, haɗa zuwa kwas ɗin:
kubectl port-forward nginx-ingress-controller-6fc5bcc 3000:80 --namespace kube-systemYanzu duk buƙatun zuwa tashar jiragen ruwa 3000 akan kwamfutar za a tura su zuwa tashar jiragen ruwa 80 na kwas ɗin.
Yanzu yana aiki?
- Idan eh, to matsalar tana tare da abubuwan more rayuwa. Wajibi ne a gano ainihin yadda ake tafiyar da zirga-zirga zuwa gungu.
- Idan ba haka ba, to matsalar tana tare da mai sarrafa Ingress.
Idan ba za ku iya samun mai sarrafa Ingress yayi aiki ba, dole ne ku gyara shi.
Akwai nau'ikan masu sarrafa Ingress da yawa. Mafi mashahuri sune Nginx, HAProxy, Traefik, da dai sauransu. (don ƙarin bayani game da mafita na yanzu, duba - kimanin. fassara) Ya kamata ku koma ga jagorar magance matsala a cikin takaddun mai sarrafawa masu dacewa. Domin da shine mashahurin mai sarrafa Ingress, mun haɗa wasu nasiha a cikin labarin don magance matsalolin da suka shafi shi.
Gyara mai sarrafa Ingress Nginx
Aikin Ingress-nginx yana da hukuma . Tawaga kubectl ingress-nginx za a iya amfani da:
- nazarin rajistan ayyukan, backends, takaddun shaida, da dai sauransu;
- haɗi zuwa Ingress;
- nazarin tsarin halin yanzu.
Umurnai guda uku masu zuwa zasu taimake ku akan wannan:
-
kubectl ingress-nginx lint- caknginx.conf; -
kubectl ingress-nginx backend- bincika bayan baya (kama dakubectl describe ingress <ingress-name>); -
kubectl ingress-nginx logs- duba rajistan ayyukan.
Lura cewa a wasu lokuta kuna iya buƙatar saka madaidaicin filin suna don mai sarrafa Ingress ta amfani da tuta --namespace <name>.
Takaitaccen
Shirya matsala Kubernetes na iya zama ƙalubale idan ba ku san inda za ku fara ba. Ya kamata koyaushe ku kusanci matsalar daga ƙasa zuwa sama: fara da kwasfa, sannan matsa zuwa sabis da Ingress. Za a iya amfani da dabarun gyara kuskuren da aka kwatanta a cikin wannan labarin zuwa wasu abubuwa, kamar:
- Ayyuka marasa aiki da CronJobs;
- StatefulSets da DaemonSets.
Ina nuna godiya ta , и don sharhi masu mahimmanci da ƙari.
PS daga mai fassara
Karanta kuma a kan shafinmu:
- «";
- «";
- «";
- «".
source: www.habr.com