🥇Kubernetes 1.14: cov ntsiab lus ntawm lub ntsiab nrhav

Hmo no yuav siv qhov chaw Tom ntej no tso tawm Kubernetes - 1.14. Raws li kev lig kev cai uas tau tsim rau peb cov blog, peb tab tom tham txog cov kev hloov pauv tseem ceeb hauv cov qauv tshiab ntawm qhov khoom qhib qhov zoo tshaj plaws.

Cov ntaub ntawv siv los npaj cov khoom no yog muab los ntawm Kubernetes txhim kho cov lus taug qab, HLOOV - 1.14 thiab cov teeb meem ntsig txog, rub cov lus thov, Kubernetes Cov Tswv Yim Txhim Kho Cov Lus Pom Zoo (KEP).

Cia peb pib nrog cov lus qhia tseem ceeb ntawm SIG pawg-lifecycle: dynamic failover pawg Kubernetes (los yog kom meej meej, tus kheej-hosted HA deployments) yog tam sim no tsim tau siv cov lus paub (hauv cov ntsiab lus ntawm ib leeg-node pawg) cov lus txib kubeadm (init и join). Hauv luv luv, rau qhov no:

daim ntawv pov thawj siv los ntawm pawg neeg raug xa mus rau kev zais;
rau qhov muaj peev xwm ntawm kev siv lwm yam pawg hauv K8s pawg (piv txwv li tau tshem ntawm qhov kev vam khom sab nraud uas twb muaj lawm) lwm-operator;
Cov ntaub ntawv pom zoo rau qhov kev sib npaug ntawm cov khoom siv sab nraud uas muab qhov teeb meem tsis raug cai (nyob rau yav tom ntej nws tau npaj los tshem tawm qhov kev vam khom no, tab sis tsis nyob rau theem no).

Architecture ntawm Kubernetes HA pawg tsim nrog kubeadm

Cov ntsiab lus ntawm kev siv tau tuaj yeem pom hauv tsim tswv yim. Cov yam ntxwv no tau tos ntev heev: alpha version tau xav rov qab rau hauv K8s 1.9, tab sis tsuas yog tshwm sim tam sim no.

API

pab neeg apply thiab feem ntau hais lus declarative object management dhau los ntawm kubectl hauv apiserver. Cov neeg tsim tawm lawv tus kheej piav qhia luv luv lawv qhov kev txiav txim siab los ntawm kev hais tias kubectl apply - ib qho tseem ceeb ntawm kev ua hauj lwm nrog kev teeb tsa hauv Kubernetes, txawm li cas los xij, "nws muaj kab mob thiab kho nyuaj," thiab yog li qhov kev ua haujlwm no yuav tsum tau coj rov qab mus rau qhov qub thiab hloov mus rau lub dav hlau tswj. Tej yam yooj yim thiab meej piv txwv ntawm cov teeb meem uas muaj niaj hnub no:

Cov ntsiab lus hais txog kev siv yog nyob rau hauv KAB. Kev npaj tam sim no yog alpha (kev nce qib rau beta yog npaj rau Kubernetes tso tawm tom ntej).

Ua muaj nyob rau hauv alpha version sijhawm siv cov txheej txheem OpenAPI v3 rau tsim thiab tshaj tawm cov ntaub ntawv OpenAPI rau CustomResources (CR) siv los siv tau (server-sab) K8s tus neeg siv cov peev txheej (CustomResourceDefinition, CRD). Kev tshaj tawm OpenAPI rau CRD tso cai rau cov neeg siv khoom (piv txwv li. kubectl) ua validation ntawm koj sab (hauv kubectl create и kubectl apply) thiab tawm cov ntaub ntawv raws li cov txheej txheem (kubectl explain). Paub meej - hauv KAB.

Cov ntaub ntawv uas twb muaj lawm tam sim no qhib nrog chij O_APPEND (tab sis tsis yog O_TRUNC) kom tsis txhob poob ntawm cov cav hauv qee qhov xwm txheej thiab kom yooj yim ntawm kev txiav cov cav nrog cov khoom siv sab nraud rau kev sib hloov.

Tsis tas li nyob rau hauv cov ntsiab lus ntawm Kubernetes API, nws tuaj yeem raug sau tseg tias hauv PodSandbox и PodSandboxStatus ntxiv teb runtime_handler sau cov ntaub ntawv hais txog RuntimeClass nyob rau hauv lub pod (nyeem ntxiv txog nws nyob rau hauv cov ntawv nyeem txog Kubernetes 1.12 tso tawm, qhov twg chav kawm no tau tshwm sim raws li alpha version), thiab hauv Admission Webhooks ua raws muaj peev xwm txiav txim siab uas versions AdmissionReview lawv txhawb. Thaum kawg, txoj cai nkag Webhooks tam sim no tuaj yeem txwv qhov twg ntawm lawv siv los ntawm namespaces thiab pawg moj khaum.

Cia

PersistentLocalVolumes, uas muaj cov xwm txheej beta txij thaum tso tawm K8s 1.10, tshaj tawm ruaj khov (GA): lub rooj vag feature no tsis muaj neeg xiam lawm thiab yuav raug tshem tawm hauv Kubernetes 1.17.

Sijhawm siv ib puag ncig variables hu ua Downward API (piv txwv li, lub npe pod) rau cov npe ntawm cov npe mounted li subPath, tau tsim - nyob rau hauv daim ntawv ntawm ib tug tshiab teb subPathExpr, uas tam sim no siv los txiav txim siab lub npe xav tau. Cov yam ntxwv pib tshwm sim hauv Kubernetes 1.11, tab sis rau 1.14 nws tseem nyob hauv alpha version xwm txheej.

Raws li nrog Kubernetes yav dhau los tso tawm, ntau qhov kev hloov pauv tseem ceeb tau qhia rau kev txhim kho CSI (Container Storage Interface):

CSI

Tau muaj (raws li ib feem ntawm alpha version) yug resizing rau CSI ntim. Txhawm rau siv nws koj yuav tsum tau qhib lub rooj vag feature hu ua ExpandCSIVolumes, nrog rau muaj kev txhawb nqa rau kev ua haujlwm no hauv ib tus neeg tsav tsheb tshwj xeeb CSI.

Lwm qhov tshwj xeeb rau CSI hauv alpha version - sijhawm xa ncaj qha (piv txwv li tsis siv PV / PVC) rau CSI ntim nyob rau hauv cov pod specification. Qhov no tshem tawm cov kev txwv ntawm kev siv CSI raws li tshwj xeeb cov ntaub ntawv chaw taws teeb cia, qhib qhov rooj rau lub ntiaj teb rau lawv hauv zos ephemeral ntim. Rau kev siv (piv txwv los ntawm cov ntaub ntawv) yuav tsum tau enabled CSIInlineVolume feature rooj vag.

Kuj tseem muaj kev vam meej hauv "internals" ntawm Kubernetes ntsig txog CSI, uas tsis pom zoo rau cov neeg siv kawg (tus thawj tswj hwm) ... Tam sim no, cov neeg tsim khoom raug yuam kom txhawb nqa ob lub versions ntawm txhua qhov chaw cia plugin: ib qho - "hauv txoj kev qub", hauv K8s codebase (hauv -ntoo), thiab qhov thib ob - raws li ib feem ntawm CSI tshiab (Nyeem ntxiv txog nws, piv txwv li, hauv no). Qhov no ua rau muaj kev nkag siab tsis yooj yim uas yuav tsum tau hais raws li CSI nws tus kheej ruaj khov. Nws tsis tuaj yeem yooj yim deprecate API ntawm sab hauv (hauv-ntoo) plugins vim Muaj feem cuam tshuam Kubernetes txoj cai.

Tag nrho cov no coj mus rau qhov tseeb tias alpha version mus txog kev tsiv teb tsaws chaw internal plugin code, siv raws li hauv-ntoo, hauv CSI plugins, ua tsaug rau qhov kev txhawj xeeb ntawm cov neeg tsim khoom yuav raug txo kom txhawb nqa ib qho ntawm lawv cov plugins, thiab kev sib raug zoo nrog cov qub APIs yuav nyob twj ywm thiab lawv tuaj yeem tshaj tawm tias tsis siv nyob rau hauv qhov xwm txheej ib txwm muaj. Nws cia siab tias los ntawm kev tso tawm tom ntej ntawm Kubernetes (1.15) tag nrho cov chaw muab kev pabcuam huab yuav raug tsiv teb tsaws, qhov kev siv yuav tau txais beta xwm txheej thiab yuav qhib rau hauv K8s kev teeb tsa los ntawm lub neej ntawd. Yog xav paub ntxiv, saib tsim tswv yim. Qhov kev tsiv teb tsaws chaw no kuj ua rau tsis ua haujlwm los ntawm qhov txwv ntim tau txhais los ntawm cov chaw muab kev pabcuam huab (AWS, Azure, GCE, Cinder).

Tsis tas li ntawd, kev txhawb nqa rau thaiv cov khoom siv nrog CSI (CSIBlockVolume) pauv rau beta version.

Nodes / Kubelet

Alpha version nthuav tawm tshiab kawg hauv Kubelet, tsim rau rov qab metrics ntawm cov peev txheej tseem ceeb. Feem ntau hais lus, yog tias yav dhau los Kubelet tau txais kev txheeb cais ntawm kev siv lub thawv los ntawm cAdvisor, tam sim no cov ntaub ntawv no los ntawm lub thawv ntim ib puag ncig ntawm CRI (Container Runtime Interface), tab sis kev sib raug zoo rau kev ua haujlwm nrog cov laus dua ntawm Docker kuj tseem khaws cia. Yav dhau los, cov txheeb cais sau hauv Kubelet tau xa los ntawm REST API, tab sis tam sim no qhov kawg ntawm qhov chaw nyob ntawm /metrics/resource/v1alpha1. Lub tswv yim ntev ntawm cov neeg tsim khoom muaj yog kom txo cov txheej txheem ntsuas los ntawm Kubelet. Los ntawm txoj kev, cov metrics lawv tus kheej tam sim no lawv hu tsis yog "core metrics", tab sis "peev txheej ntsuas", thiab tau piav qhia tias yog "cov peev txheej thawj zaug, xws li cpu, thiab nco".

Ib qho kev nthuav dav heev: txawm tias qhov kev ua tau zoo ntawm qhov zoo ntawm gRPC qhov kawg hauv kev sib piv nrog ntau yam ntawm kev siv Prometheus hom (saib qhov tshwm sim ntawm ib qho ntawm cov qauv hauv qab no), cov kws sau ntawv nyiam cov ntawv nyeem ntawm Prometheus vim muaj kev coj noj coj ua ntawm kev saib xyuas hauv zej zog.

"gRPC tsis sib haum nrog cov kav dej loj saib xyuas. Endpoint tsuas yog muaj txiaj ntsig zoo rau kev xa cov metrics rau Metrics Server lossis saib xyuas cov khoom sib txuas ncaj qha nrog nws. Prometheus text format kev ua tau zoo thaum siv caching hauv Metrics Server zoo txaus rau peb nyiam Prometheus tshaj gRPC muab kev saws dav dav ntawm Prometheus hauv zej zog. Thaum OpenMetrics hom ntawv tau ruaj khov dua, peb yuav muaj peev xwm mus cuag gRPC kev ua tau zoo nrog cov qauv raws li proto. "

Ib qho ntawm cov kev sib piv kev ua tau zoo ntawm kev siv gRPC thiab Prometheus cov qauv hauv Kubelet qhov kawg rau kev ntsuas. Ntau daim duab thiab lwm cov ntsiab lus tuaj yeem pom hauv KAB.

Ntawm lwm cov kev hloov pauv:

Kubelet tam sim no (ib zaug) sim nres ntim rau hauv lub xeev tsis paub ua ntej rov pib dua thiab rho tawm haujlwm.
Thaum siv PodPresets tam sim no mus rau lub thawv ntim khoom yog ntxiv cov ntaub ntawv tib yam li rau lub thawv tsis tu ncua.
Kubelet pib siv usageNanoCores los ntawm CRI tus muab kev txheeb cais, thiab rau cov nodes thiab ntim ntawm Windows ntxiv network txheeb cais.
Kev khiav hauj lwm qhov system thiab cov ntaub ntawv architecture tam sim no tau kaw rau hauv cov ntawv sau kubernetes.io/os и kubernetes.io/arch Node khoom (hloov los ntawm beta mus rau GA).
Muaj peev xwm txheeb xyuas ib pawg neeg siv cov kab ke tshwj xeeb rau cov ntim hauv ib lub pod (RunAsGroup, tshwm hauv K8s 1.11) advanced ua ntej beta (enabled los ntawm lub neej ntawd).
du thiab pom siv hauv cAdvisor, hloov ntawm Go kev siv.

CLI

Hauv cli-runtime thiab kubectl ntxiv -k chij rau kev koom ua ke nrog kho (los ntawm txoj kev, nws txoj kev loj hlob yog tam sim no nqa tawm nyob rau hauv ib tug cais repository), i.e. txhawm rau ua cov ntaub ntawv YAML ntxiv los ntawm cov npe tshwj xeeb kustomization (kom paub meej txog kev siv lawv, saib KAB):

Piv txwv ntawm kev siv cov ntaub ntawv yooj yim kev cai (ib daim ntawv thov complex ntawm kustomize yog ua tau nyob rau hauv sib tshooj)

Tsis tas li ntawd:

Ntxiv pab neeg tshiab kubectl create cronjob, nws lub npe hais rau nws tus kheej.
В kubectl logs tam sim no koj ua tau sib txuas chij -f (--follow rau streaming cav) thiab -l (--selector rau daim ntawv lo lus nug).
kubtl ua qhia luam cov ntaub ntawv xaiv los ntawm wild card.
Rau pab neeg kubectl wait ntxiv chij --all xaiv tag nrho cov peev txheej hauv namespace ntawm hom peev txheej.

Lwm yam

Cov peev txheej hauv qab no tau txais cov xwm txheej ruaj khov (GA):

ReadinessGate, siv nyob rau hauv lub pod specification los txhais cov xwm txheej ntxiv coj mus rau hauv tus account nyob rau hauv lub pod qhov kev npaj;
Kev them nyiaj yug rau nplooj ntawv loj (feature rooj vag hu ua HugePages);
CustomPodDNS;
PriorityClass API Pod Priority & Preemption.

Lwm yam kev hloov pauv tau qhia hauv Kubernetes 1.14:

Txoj cai RBAC Default tsis pub API nkag mus ntxiv lawm discovery и access-review cov neeg siv tsis muaj authentication (tsis lees paub).
Official CoreDNS kev them nyiaj yug xyuas Linux nkaus xwb, yog li thaum siv kubeadm siv nws (CoreDNS) hauv pawg, cov nodes yuav tsum tsuas yog khiav ntawm Linux (nodeSelectors yog siv rau qhov kev txwv no).
Default CoreDNS configuration yog tam sim no siv pem hauv ntej plugin tsis yog npe. Tsis tas li ntawd, hauv CoreDNS ntxiv readinessProbe, uas tiv thaiv kev sib npaug ntawm qhov tsim nyog (tsis npaj rau kev pabcuam) pods.
Hauv kubeadm, ntawm theem init los yog upload-certs, ua tau thauj cov ntawv pov thawj uas yuav tsum tau txuas rau lub dav hlau tswj tshiab mus rau kubeadm-certs zais cia (siv tus chij --experimental-upload-certs).
Ib qho alpha version tau tshwm sim rau Windows kev teeb tsa txhawb nqa gMSA (Group Managed Service Account) - cov nyiaj tshwj xeeb hauv Active Directory uas tuaj yeem siv los ntawm cov thawv.
Rau G.C.E. qhib mTLS encryption ntawm etcd thiab kube-apiserver.
Kev hloov tshiab hauv cov software siv / nyob ntawm: Mus 1.12.1, CSI 1.1, CoreDNS 1.3.1, Docker 18.09 kev txhawb nqa hauv kubeadm, thiab qhov tsawg kawg txhawb Docker API version tam sim no 1.26.

PS

Nyeem kuj ntawm peb blog:

Tau qhov twg los: www.hab.com

Kubernetes 1.14: Cov ntsiab lus ntawm cov kev hloov tshiab tseem ceeb

API

Cia

CSI

Nodes / Kubelet

CLI

Lwm yam

PS

Ntxiv ib saib Отменить ответ