Kubernetes 1.16: Cov ntsiab lus ntawm cov kev hloov tshiab tseem ceeb

Hnub Wednesday, yuav siv qhov chaw Kev tso tawm tom ntej ntawm Kubernetes - 1.16. Raws li kev lig kev cai uas tau tsim rau peb cov blog, qhov no yog lub sijhawm thib kaum peb tab tom tham txog cov kev hloov pauv tseem ceeb tshaj plaws hauv cov ntawv tshiab.

Cov ntaub ntawv siv los npaj cov khoom no yog muab los ntawm Kubernetes txhim kho cov lus taug qab, HLOOV - 1.16 thiab lwm yam teeb meem, rub cov lus thov, thiab Kubernetes Txhim Kho Cov Tswv Yim (KEP). Yog li ntawd, mus!..

Nodes

Ib tug loj tus naj npawb ntawm cov kev hloov tshiab tseem ceeb (hauv alpha version xwm txheej) tau nthuav tawm ntawm sab ntawm K8s pawg nodes (Kubelet).

Firstly, lub thiaj li hu «ephemeral ntim» (Ephemeral Containers), tsim los ua kom yooj yim debugging txheej txheem hauv pods. Cov txheej txheem tshiab tso cai rau koj tso cov ntim tshwj xeeb uas pib hauv lub npe ntawm cov pods uas twb muaj lawm thiab nyob rau lub sijhawm luv luv. Lawv lub hom phiaj yog los cuam tshuam nrog lwm cov pods thiab ntim khoom kom daws tau txhua yam teeb meem thiab debug. Cov lus txib tshiab tau muab coj los siv rau qhov no kubectl debug, zoo ib yam li hauv essence kubectl exec: tsuas yog siv cov txheej txheem hauv lub thawv (raws li hauv exec) nws tso lub thawv rau hauv ib lub plhaub. Piv txwv li, qhov kev hais kom ua no yuav txuas lub thawv tshiab rau lub plhaub:

kubectl debug -c debug-shell --image=debian target-pod -- bash

Cov ntsiab lus hais txog cov ntim khoom ephemeral (thiab cov piv txwv ntawm lawv siv) tuaj yeem pom hauv corresponding KEP. Kev siv tam sim no (hauv K8s 1.16) yog ib qho alpha version, thiab ntawm cov txheej txheem rau nws hloov mus rau ib qho beta version yog "sim Ephemeral Containers API rau tsawg kawg 2 tso tawm ntawm [Kubernetes]."

NB: Hauv nws cov ntsiab lus thiab txawm tias nws lub npe, cov yam ntxwv zoo li lub plugin uas twb muaj lawm kubectl-debuguas peb xa sau. Nws yuav tsum tau hais tias nrog lub advent ntawm ephemeral ntim, txoj kev loj hlob ntawm ib tug cais lwm plugin yuav tsum tsis.

Lwm innovation - PodOverhead - tsim los muab mechanism rau xam cov nqi nyiaj siv ua haujlwm rau cov pods, uas tuaj yeem sib txawv heev nyob ntawm lub sijhawm siv. Piv txwv li, cov neeg sau ntawv this KEP tshwm sim nyob rau hauv Kata Containers, uas yuav tsum tau khiav cov qhua kernel, kata tus neeg saib xyuas, init system, thiab lwm yam. Thaum nyiaj siv ua haujlwm loj heev, nws tsis tuaj yeem tsis quav ntsej, uas txhais tau tias yuav tsum muaj ib txoj hauv kev los coj nws mus rau hauv tus account ntxiv rau quotas, kev npaj, thiab lwm yam. Txhawm rau siv nws hauv PodSpec teb ntxiv Overhead *ResourceList (piv nrog cov ntaub ntawv hauv RuntimeClass, yog tias siv tau).

Lwm qhov tseem ceeb innovation yog node topology manager (Node Topology Manager), tsim los sib koom ua ke txoj hauv kev rau kev kho kom zoo ntawm kev faib cov khoom siv kho vajtse rau ntau yam hauv Kubernetes. Qhov kev pib no yog tsav los ntawm kev xav tau ntawm ntau yam kev siv niaj hnub no (los ntawm kev sib txuas lus, kev kawm tshuab, kev pabcuam nyiaj txiag, thiab lwm yam) rau kev ua haujlwm siab sib luag thiab txo qis qeeb hauv kev ua haujlwm, uas lawv siv CPU siab heev thiab hardware acceleration peev xwm. Xws li kev ua kom zoo dua hauv Kubernetes kom deb li deb tau ua tiav ua tsaug rau cov khoom sib txawv (CPU tus thawj tswj hwm, Tus tswj hwm lub cuab yeej, CNI), thiab tam sim no lawv yuav tau ntxiv ib qho kev sib txuas sab hauv uas sib koom ua ke thiab ua kom yooj yim rau kev sib txuas ntawm cov tshiab zoo sib xws - thiaj li hu ua topology- paub - cov khoom ntawm sab Kubelet. Paub meej - hauv corresponding KEP.

Topology Manager Component Diagram

Tom ntej no feature - tshuaj xyuas cov thawv thaum lawv khiav (pib sojntsuam). Raws li koj paub, rau cov thawv uas siv sijhawm ntev los tso tawm, nws yog qhov nyuaj kom tau txais cov xwm txheej tshiab: lawv raug "tua" ua ntej lawv pib ua haujlwm, lossis lawv xaus rau hauv kev tuag ntev. Tshiab check (enabled los ntawm feature rooj vag hu ua StartupProbeEnabled) tshem tawm - lossis theej, defers - cov txiaj ntsig ntawm lwm yam kev kuaj xyuas kom txog thaum lub plhaub taum ua tiav. Vim li no, lub feature yog Ameslikas hu ua pod-startup liveness-probe holdoff. Rau cov pods uas siv sijhawm ntev los pib, koj tuaj yeem xaiv lub xeev hauv lub sijhawm luv luv.

Tsis tas li ntawd, kev txhim kho rau RuntimeClass yog tam sim no muaj nyob rau hauv beta xwm txheej, ntxiv kev txhawb nqa rau "cov pawg sib txawv". C RuntimeClass Teem caij Tam sim no nws tsis yog qhov tsim nyog rau txhua qhov kom muaj kev txhawb nqa rau txhua RuntimeClass: rau cov pods koj tuaj yeem xaiv RuntimeClass yam tsis xav txog pawg topology. Yav dhau los, kom ua tiav qhov no - kom cov pods xaus rau ntawm nodes nrog kev txhawb nqa rau txhua yam uas lawv xav tau - nws yog qhov tsim nyog los muab cov cai tsim nyog rau NodeSelector thiab kev zam. IN KAB Nws tham txog cov piv txwv ntawm kev siv thiab, ntawm chav kawm, cov ntsiab lus ntawm kev siv.

Network

Ob qhov kev sib txuas tseem ceeb uas tau tshwm sim thawj zaug (hauv alpha version) hauv Kubernetes 1.16 yog:

• kev pab txhawb nqa dual network pawg - IPv4 / IPv6 - thiab nws cov "kev nkag siab" nyob rau theem ntawm cov pods, nodes, kev pabcuam. Nws suav nrog IPv4-rau-IPv4 thiab IPv6-rau-IPv6 kev sib cuam tshuam ntawm pods, los ntawm pods mus rau cov kev pabcuam sab nraud, kev siv siv (hauv Choj CNI, PTP CNI thiab Host-Local IPAM plugins), nrog rau thim rov qab tau tshaj Kubernetes pawg khiav. IPv4 lossis IPv6 nkaus xwb. Cov ntsiab lus ntawm kev siv yog nyob rau hauv KAB.

  Ib qho piv txwv ntawm kev tso saib IP chaw nyob ntawm ob hom (IPv4 thiab IPv6) hauv cov npe ntawm cov pods:

  kube-master# kubectl get pods -o wide
  NAME               READY     STATUS    RESTARTS   AGE       IP                          NODE
  nginx-controller   1/1       Running   0          20m       fd00:db8:1::2,192.168.1.3   kube-minion-1
  kube-master#

• API tshiab rau Endpoint - EndpointSlice API. Nws daws cov teeb meem kev ua tau zoo / kev ua kom muaj peev xwm ntawm Endpoint API uas twb muaj lawm uas cuam tshuam rau ntau yam hauv lub dav hlau tswj (apiserver, etcd, endpoints-controller, kube-proxy). API tshiab yuav muab ntxiv rau Discovery API pawg thiab yuav tuaj yeem ua haujlwm rau kaum tawm txhiab tus backend kawg ntawm txhua qhov kev pabcuam hauv pawg uas muaj ntau txhiab tus ntawm. Txhawm rau ua qhov no, txhua qhov Kev Pabcuam tau kos npe rau N cov khoom EndpointSlice, txhua qhov ntawm lub neej ntawd tsis muaj ntau tshaj 100 qhov kawg (tus nqi yog configurable). EndpointSlice API tseem yuav muab sijhawm rau nws txoj kev txhim kho yav tom ntej: kev txhawb nqa rau ntau qhov chaw nyob IP rau txhua lub pod, lub xeev tshiab rau qhov kawg (tsis yog xwb Ready и NotReady), dynamic subsetting rau endpoints.

Ib qho uas tau nthuav tawm hauv qhov kev tso tawm kawg tau mus txog qhov beta version qhov kawg, npe service.kubernetes.io/load-balancer-cleanup thiab txuas rau txhua qhov kev pabcuam nrog hom LoadBalancer. Thaum lub sijhawm rho tawm cov kev pabcuam zoo li no, nws tiv thaiv qhov kev tshem tawm tiag tiag ntawm cov peev txheej kom txog thaum "ntxuav" ntawm tag nrho cov peev txheej sib npaug ua tiav.

API Machinery

Qhov tiag "kev ruaj ntseg tseem ceeb" yog nyob rau thaj tsam ntawm Kubernetes API server thiab kev cuam tshuam nrog nws. Qhov no tshwm sim ua tsaug ntau hloov mus rau cov xwm txheej ruaj khov cov neeg uas tsis xav tau kev qhia tshwj xeeb CustomResourceDefinitions (CRD), uas tau muaj cov xwm txheej beta txij li hnub nyob deb ntawm Kubernetes 1.7 (thiab qhov no yog Lub Rau Hli 2017!). Tib yam stabilization tuaj rau cov yam ntxwv muaj feem xyuam:

• "subresources" nrog /status и /scale rau CustomResources;
• hloov dua siab tshiab versions rau CRD, raws li sab nraud webhook;
• nyuam qhuav nthuav tawm (hauv K8s 1.15) default values (defaulting) thiab kev tshem tawm tsis siv neeg teb (pruning) rau CustomResources;
• sijhawm siv OpenAPI v3 schema los tsim thiab tshaj tawm OpenAPI cov ntaub ntawv siv los siv CRD cov peev txheej ntawm sab server.

Lwm lub tswv yim uas tau ntev los paub txog Kubernetes cov thawj coj: nkag webhook - kuj tseem nyob hauv beta raws li txoj cai ntev (txij li K8s 1.9) thiab tam sim no tau tshaj tawm tias ruaj khov.

Ob tug lwm yam nta tau mus txog beta: server-side thov и saib bookmarks.

Thiab tsuas yog qhov tseem ceeb innovation nyob rau hauv lub alpha version yog tsis ua haujlwm los ntawm SelfLink - ib qho tshwj xeeb URI sawv cev rau cov khoom teev thiab ua ib feem ntawm ObjectMeta и ListMeta (piv txwv li ib feem ntawm ib qho khoom hauv Kubernetes). Vim li cas lawv thiaj tso tseg? Kev txhawb siab hauv txoj kev yooj yim suab raws li qhov tsis muaj tiag (dhau) vim li cas rau daim teb no tseem muaj nyob. Cov laj thawj tseem ceeb tshaj plaws yog txhawm rau txhim kho kev ua tau zoo (los ntawm kev tshem tawm qhov tsis tsim nyog) thiab ua kom yooj yim rau kev ua haujlwm ntawm generic-apiserver, uas raug yuam kom ua raws li thaj chaw tshwj xeeb (qhov no tsuas yog thaj chaw uas tau teeb tsa ua ntej qhov khoom. yog serialized). Muaj tseeb obsolescence (hauv beta) SelfLink yuav tshwm sim los ntawm Kubernetes version 1.20, thiab zaum kawg - 1.21.

Cov ntaub ntawv cia

Cov haujlwm tseem ceeb hauv thaj chaw khaws cia, zoo li hauv kev tshaj tawm yav dhau los, tau pom nyob hauv thaj chaw Kev them nyiaj yug CSI. Cov kev hloov tseem ceeb ntawm no yog:

• thawj zaug (hauv alpha version) tshwm sim CSI plugin txhawb rau cov neeg ua haujlwm ntawm Windows: txoj hauv kev tam sim no ntawm kev ua haujlwm nrog kev khaws cia tseem yuav hloov cov ntoo plugins hauv Kubernetes core thiab FlexVolume plugins los ntawm Microsoft raws li Powershell;

  
  Lub tswv yim rau kev siv CSI plugins hauv Kubernetes rau Windows

• sijhawm resizing CSI ntim, qhia rov qab rau hauv K8s 1.12, tau loj hlob mus rau beta version;
• Ib qho zoo sib xws "kev txhawb nqa" (los ntawm alpha mus rau beta) tau ua tiav los ntawm kev muaj peev xwm siv CSI los tsim cov ntim hauv zos ephemeral (CSI Inline Volume Support).

Taw qhia nyob rau yav dhau los version ntawm Kubernetes volume cloning muaj nuj nqi (siv PVC uas twb muaj lawm DataSource los tsim PVC tshiab) tau tam sim no tau txais beta raws li txoj cai.

Teem sijhawm

Ob qhov kev hloov pauv tseem ceeb rau kev teem caij (ob leeg hauv alpha):

• EvenPodsSpreading - lub sijhawm siv cov pods es tsis txhob siv cov khoom siv logical rau "kev faib ncaj ncees" ntawm cov khoom thauj (xws li Deployment and ReplicaSet) thiab kho qhov kev faib tawm no (raws li qhov yuav tsum tau muaj zog los yog qhov muag muag, piv txwv li qhov tseem ceeb). Qhov tshwj xeeb yuav nthuav dav cov peev txheej uas twb muaj lawm ntawm kev npaj pods, tam sim no txwv los ntawm kev xaiv PodAffinity и PodAntiAffinity, muab cov thawj coj saib xyuas kom zoo dua hauv qhov teeb meem no, uas txhais tau tias muaj kev muaj txiaj ntsig zoo dua thiab kev siv cov peev txheej zoo. Paub meej - hauv KAB.
• Siv Txoj Cai BestFit в RequestedToCapacityRatio Priority Function thaum lub sij hawm pod npaj, uas yuav tso cai ua ntawv thov hauv packing (" ntim hauv ntim ") rau ob qho tib si cov peev txheej (processor, nco) thiab txuas ntxiv (xws li GPU). Yog xav paub ntxiv, saib KAB.

  
  Teem sijhawm pods: ua ntej siv txoj cai zoo tshaj plaws (ncaj qha ntawm lub sijhawm teem sijhawm) thiab nrog nws siv (ntawm cov sijhawm teem sijhawm)

Tsis tas li, sawv cev los ntawm lub peev xwm los tsim koj tus kheej teem caij plugins sab nraum lub ntsiab Kubernetes txoj kev loj hlob tsob ntoo (tawm-ntawm-ntoo).

Lwm yam kev hloov

Tsis tas li hauv Kubernetes 1.16 tso nws tuaj yeem raug sau tseg pib rau nqa muaj metrics nyob rau hauv tag nrho cov kev txiav txim, los yog ntau precisely, raws li kev cai lij choj rau K8s instrumentation. Lawv feem ntau vam khom rau qhov sib xws Cov ntaub ntawv Prometheus. Kev tsis sib haum xeeb tau tshwm sim rau ntau yam laj thawj (piv txwv li, qee qhov kev ntsuas tsuas yog tsim ua ntej cov lus qhia tam sim no tshwm sim), thiab cov neeg tsim khoom tau txiav txim siab tias nws yog lub sijhawm los coj txhua yam mus rau ib tus qauv, "raws li qhov seem ntawm Prometheus ecosystem." Kev siv tam sim no ntawm qhov kev pib no yog nyob rau hauv alpha xwm txheej, uas yuav tau nce qib hauv cov ntawv txuas ntxiv ntawm Kubernetes rau beta (1.17) thiab ruaj khov (1.18).

Tsis tas li ntawd, cov kev hloov hauv qab no tuaj yeem raug sau tseg:

• Windows txhawb kev txhim kho с tsos Kubeadm utilities rau no OS (alpha version), lub sijhawm RunAsUserName rau Windows ntim (alpha version), kev txhim kho Pab Pawg Tswj Kev Pabcuam Account (gMSA) txhawb nqa mus txog beta version, txhawb nqa mount / txuas rau vSphere ntim.
• Rov ua dua cov ntaub ntawv compression mechanism hauv API teb. Yav dhau los, HTTP lim tau siv rau cov hom phiaj no, uas tau tsim ntau qhov kev txwv uas txwv tsis pub nws los ntawm lub neej ntawd. "pob tshab thov compression" tam sim no ua haujlwm: cov neeg xa khoom Accept-Encoding: gzip nyob rau hauv header, lawv tau txais GZIP-compressed teb yog tias nws loj tshaj 128 KB. Mus cov neeg tau txais kev txhawb nqa compression (xa cov header xav tau), yog li lawv yuav pom tam sim ntawd txo cov tsheb khiav. (Kev hloov kho me ntsis tej zaum yuav xav tau rau lwm yam lus.)
• Ua tau Kev ntsuas HPA los ntawm / rau xoom pods raws li kev ntsuas sab nraud. Yog tias koj ntsuas raws li cov khoom / kev ntsuas sab nraud, tom qab ntawd thaum cov haujlwm ua haujlwm tsis ua haujlwm koj tuaj yeem txiav qhov ntsuas rau 0 replicas kom txuag tau cov peev txheej. Cov yam ntxwv no yuav tsum muaj txiaj ntsig tshwj xeeb rau cov neeg ua haujlwm thov GPU cov peev txheej, thiab tus naj npawb ntawm ntau hom kev ua haujlwm tsis siv neeg ntau dua li cov GPUs muaj.
• Cov neeg siv tshiab - k8s.io/client-go/metadata.Client - rau "generalized" nkag mus rau cov khoom. Nws yog tsim los kom yooj yim retrieve metadata (piv txwv li subsection metadata) los ntawm pawg pab pawg thiab ua cov khoom khib nyiab thiab kev ua haujlwm quota nrog lawv.
• Tsim Kubernetes tam sim no koj ua tau tsis muaj cuab yeej cuab tam ("built-in" hauv-ntoo) huab muab (alpha version).
• Mus rau kubeadm utility ntxiv kev sim (alpha version) muaj peev xwm los thov kho thaj ua rau thaj thaum ua haujlwm init, join и upgrade. Kawm ntxiv txog kev siv tus chij --experimental-kustomize, seej KAB.
• New endpoint rau apiserver - readyz, - tso cai rau koj export cov ntaub ntawv hais txog nws qhov kev npaj. API server kuj tam sim no muaj tus chij --maximum-startup-sequence-duration, tso cai rau koj los tswj nws cov restarts.
• Ob nta rau Azure tshaj tawm ruaj khov: kev txhawb nqa thaj chaw muaj (Availability Zones) thiab cross pab pawg (RG). Tsis tas li ntawd, Azure tau ntxiv:
  • kev pab txhawb nqa AAD thiab ADFS;
  • annotation service.beta.kubernetes.io/azure-pip-name txhawm rau txheeb xyuas tus IP pej xeem ntawm lub load balancer;
  • sijhawm nqis LoadBalancerName и LoadBalancerResourceGroup.
• AWS tam sim no yug rau EBS ntawm Windows thiab optimized EC2 API hu DescribeInstances.
• Kubeadm tam sim no muaj kev ywj pheej tsiv teb tsaws CoreDNS configuration thaum kho dua tshiab CoreDNS version.
• Binaries lwm yam hauv daim duab Docker sib raug ua tiav world-executable, uas tso cai rau koj khiav cov duab no tsis tas yuav muaj cai hauv paus. Tsis tas li ntawd, lwm yam migration duab nres etcd2 version txhawb.
• В Cluster Autoscaler 1.16.0 hloov mus rau kev siv distroless raws li lub hauv paus duab, txhim kho kev ua tau zoo, ntxiv cov chaw muab huab tshiab (DigitalOcean, Magnum, Packet).
• Kev hloov tshiab hauv cov software siv / nyob ntawm: Mus 1.12.9, thiab lwm yam 3.3.15, CoreDNS 1.6.2.

PS

Nyeem kuj ntawm peb blog:

• «Kubernetes 1.15: Cov ntsiab lus ntawm cov kev hloov tshiab tseem ceeb»;
• «Kubernetes 1.14: Cov ntsiab lus ntawm cov kev hloov tshiab tseem ceeb»;
• «Kubernetes 1.13: Cov ntsiab lus ntawm cov kev hloov tshiab tseem ceeb»;
• «Kubernetes 1.12: Cov ntsiab lus ntawm cov kev hloov tshiab tseem ceeb".

Tau qhov twg los: www.hab.com