Ko nga Kubernete Tino Pai

I whakaritea te whakamaoritanga o te tuhinga i te ahiahi o te timatanga o te akoranga "Nga mahi me nga taputapu DevOps".

Mena kei te panui koe i tenei, kua rongo pea koe i tetahi korero mo Kubernetes (a ki te kore, i pehea koe ki konei?) Engari he aha tonu te Kubernetes? Tenei "Whakaahua o nga ipu-ahumahi"? Ranei "Punaha Whakahaere Kapua-Maori"? He aha te tikanga o tenei?

Ki te pono, kaore au i te 100% tino mohio. Engari ki taku whakaaro he mea pai ki te keri i roto i nga mahi o roto me te kite he aha nga mahi o Kubernetes i raro i ona paparanga maha o nga tangohanga. No reira mo te ngahau noa, me titiro tatou ki te ahua o te iti o te “puhui Kubernetes”. (Ka ngawari ake tenei Kubernetes Te Ara Maua.)

Ki taku whakaaro kei a koe te matauranga taketake mo Kubernetes, Linux, me nga ipu. Ko nga mea katoa e korerohia ana i konei mo nga kaupapa rangahau/ako anake, kaua e whakauruhia ki roto i nga mahi!

tirohanga

He maha nga waahanga kei roto i nga Kubernetes. E ai ki Wikipedia, he penei te ahua o te hoahoanga:

Neke atu i te waru nga waahanga e whakaatuhia ana i konei, engari ka warewarehia te nuinga. E hiahia ana ahau ki te kii ko te mea iti ka taea te kiia ko Kubernetes e toru nga waahanga matua:

• kubelet
• kube-apiserver (e whakawhirinaki ana ki te etcd - tona pātengi raraunga)
• wā whakahaere ipu (Docker i tenei take)

Kia kite tatou he aha te korero a nga tuhinga mo ia mea (rus., Ingarihi.). I te tuatahi kubelet:

He kaihoko e rere ana i ia node o te tautau. Ma te whakarite kei te rere nga ipu ki roto i te peera.

He ngawari noa te tangi. Me pehea wā whakahaere ipu (waa whakahaere ipu)?

Ko te wa whakahaere ipu he papatono i hangaia hei whakahaere ipu.

He tino korero. Engari ki te mohio koe ki a Docker, me whai whakaaro nui koe mo tana mahi. (Ko nga korero mo te wehewehenga o nga kawenga i waenga i te wa whakahaere ipu me te kubelet he tino mohio, kaore au e korero ki konei.)

И tūmau API?

Ko te Server API te waahanga paewhiri mana Kubernetes e whakaatu ana i te API Kubernetes. Ko te tūmau API te taha kiritaki o te paewhiri mana Kubernetes

Ko te tangata kua mahi i tetahi mea ki a Kubernetes me mahi tika me te API ma te kubectl ranei. Koinei te ngakau o Kubernetes Kubernetes - te roro e huri ana i nga maunga o YAML e mohio ana, e aroha ana tatou katoa (?) ki nga hanganga mahi. Te ahua nei me noho te API ki roto i ta maatau whirihoranga iti.

Tuhinga o mua

• Linux mariko, miihini tinana ranei me te uru pakiaka (Kei te whakamahi ahau i te Ubuntu 18.04 i runga i te miihini mariko).
• Na ko te katoa!

Te whakaurunga hoha

Me whakauru e matou a Docker ki runga i te miihini ka whakamahia e matou. (Kaore au e korero mo te mahi a Docker me nga ipu; mena kei te pirangi koe, kei reira tuhinga whakamiharo). Me whakauru noa me apt:

$ sudo apt install docker.io
$ sudo systemctl start docker

Whai muri i tera, me whiwhi tatou i nga takirua Kubernetes. Inaa, mo te whakarewatanga tuatahi o ta tatou "cluster" ka hiahia noa tatou kubelet, mai i te whakahaere i etahi atu waahanga tūmau ka taea e matou te whakamahi kubelet. Ki te mahi tahi me ta maatau roopu i muri i te rere, ka whakamahia ano e matou kubectl.

$ curl -L https://dl.k8s.io/v1.18.5/kubernetes-server-linux-amd64.tar.gz > server.tar.gz
$ tar xzvf server.tar.gz
$ cp kubernetes/server/bin/kubelet .
$ cp kubernetes/server/bin/kubectl .
$ ./kubelet --version
Kubernetes v1.18.5

Ka aha mena ka oma noa tatou kubelet?

$ ./kubelet
F0609 04:03:29.105194    4583 server.go:254] mkdir /var/lib/kubelet: permission denied

kubelet me rere hei pakiaka. He tino arorau, na te mea me whakahaere e ia te katoa o te node. Kia titiro tatou ki ona tawhā:

$ ./kubelet -h
<слишком много строк, чтобы разместить здесь>
$ ./kubelet -h | wc -l
284

Aue, he maha nga whiringa! Waimarie, e hiahia ana matou kia rua noa iho. Anei tetahi o nga tawhā e pirangi ana matou:

--pod-manifest-path string

Ara ki te whaiaronga e mau ana i nga konae mo nga pene pateko, ara ranei ki te konae e whakaahua ana i nga pene pateko. Ko nga konae e timata ana i nga ira ka warewarehia. (KORE: Me whakatakoto tenei whiringa ki te konae whirihoranga kua tukuna ki te Kubelet ma te --config. Mo etahi atu korero, tirohia kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file .)

Ma tenei whiringa ka taea e tatou te rere putunga pateko — nga pene karekau i te whakahaere ma te Kubernetes API. He iti noa te whakamahi i nga poti pateko, engari he tino watea mo te whakatipu tere i te tautau, a koinei tonu te mea e hiahiatia ana e matou. Ka warewarehia e matou tenei whakatupato nui (ano, kaua e whakahaere i tenei ki te hanga!) ka kite mena ka taea e matou te whakahaere i te poti.

Tuatahi ka hangahia e matou he raarangi mo nga putunga pateko ka rere kubelet:

$ mkdir pods
$ sudo ./kubelet --pod-manifest-path=pods

Na, i tetahi atu matapihi tauranga / tmux / aha, ka hangaia e matou he whakaaturanga pod:

$ cat <<EOF > pods/hello.yaml
apiVersion: v1
kind: Pod
metadata:
  name: hello
spec:
  containers:
  - image: busybox
    name: hello
    command: ["echo", "hello world!"]
EOF

kubelet ka timata te tuhi i etahi whakatupato me te ahua kaore he mea e tupu ana. Engari ehara i te mea pono! Kia titiro tatou ki a Docker:

$ sudo docker ps -a
CONTAINER ID        IMAGE                  COMMAND                 CREATED             STATUS                      PORTS               NAMES
8c8a35e26663        busybox                "echo 'hello world!'"   36 seconds ago      Exited (0) 36 seconds ago                       k8s_hello_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_4
68f670c3c85f        k8s.gcr.io/pause:3.2   "/pause"                2 minutes ago       Up 2 minutes                                    k8s_POD_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_0
$ sudo docker logs k8s_hello_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_4
hello world!

kubelet I panui ahau i te whakaaturanga pod ka hoatu ki a Docker te whakahau ki te whakarewa i etahi ipu kia rite ki o maatau korero. (Mena kei te whakaaro koe mo te ipu "pause", he hack Kubernetes - tirohia tenei blog.) Ka whakarewahia e Kubelet ta tatou ipu busybox me te whakahau kua tohua, ka timata ano mo ake tonu atu tae noa ki te whakakore i te putunga pateko.

Whakanuia koe. Kua tae noa mai matou ki tetahi o nga huarahi tino rangirua ki te whakaputa tuhinga ki te tauranga!

Whakarewa etcd

Ko ta matou tino whainga ko te whakahaere i te Kubernetes API, engari ki te mahi i tera me oma tuatahi etcd. Me timata he kahui etcd iti ma te whakatakoto i ona tautuhinga ki te whaiaronga pods (hei tauira, pods/etcd.yaml):

apiVersion: v1
kind: Pod
metadata:
  name: etcd
  namespace: kube-system
spec:
  containers:
  - name: etcd
    command:
    - etcd
    - --data-dir=/var/lib/etcd
    image: k8s.gcr.io/etcd:3.4.3-0
    volumeMounts:
    - mountPath: /var/lib/etcd
      name: etcd-data
  hostNetwork: true
  volumes:
  - hostPath:
      path: /var/lib/etcd
      type: DirectoryOrCreate
    name: etcd-data

Mena kua mahi tahi koe me Kubernetes, me mohio koe ki enei konae YAML. E rua noa nga waahanga hei tohu i konei:

Kua whakauruhia e matou te kōpaki kaihautū /var/lib/etcd i roto i te pod kia mau ai nga raraunga etcd i muri i te tiimatanga (ki te kore e mahia, ka whakakorehia te ahua o te roopu i nga wa katoa ka whakaara ano te pod, kaore e pai mo te whakaurunga Kubernetes iti).

Kua whakauruhia e matou hostNetwork: true. Ko tenei tautuhinga, kaore i te miharo, ka whirihora etcd ki te whakamahi i te whatunga kaihautu hei utu mo te whatunga o roto o te pod (ma tenei ka ngawari ake te rapu a te tūmau API i te roopu etcd).

Ko te haki ngawari e whakaatu ana kei te rere tonu te etcd ki te localhost me te penapena raraunga ki te kōpae:

$ curl localhost:2379/version
{"etcdserver":"3.4.3","etcdcluster":"3.4.0"}
$ sudo tree /var/lib/etcd/
/var/lib/etcd/
└── member
    ├── snap
    │   └── db
    └── wal
        ├── 0.tmp
        └── 0000000000000000-0000000000000000.wal

Tīmatahia te tūmau API

He maamaa ake te whakahaere i tetahi tūmau API Kubernetes. Ko te tawhā anake e tika ana kia tukuna --etcd-servers, ka mahi i taau e tumanako ana:

apiVersion: v1
kind: Pod
metadata:
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - name: kube-apiserver
    command:
    - kube-apiserver
    - --etcd-servers=http://127.0.0.1:2379
    image: k8s.gcr.io/kube-apiserver:v1.18.5
  hostNetwork: true

Tuhia tenei kōnae YAML ki te whaiaronga pods, ka timata te tūmau API. Te taki me curl e whakaatu ana kei te whakarongo te Kubernetes API i runga i te tauranga 8080 me te uru tuwhera - kaore e hiahiatia he motuhēhēnga!

$ curl localhost:8080/healthz
ok
$ curl localhost:8080/api/v1/pods
{
  "kind": "PodList",
  "apiVersion": "v1",
  "metadata": {
    "selfLink": "/api/v1/pods",
    "resourceVersion": "59"
  },
  "items": []
}

(Ana ano, kaua e whakahaere i tenei ki te hanga! I miharo noa ahau i te mea he tino koretake te tautuhinga taunoa. Engari ki taku whakaaro ko tenei kia ngawari ake te whakawhanaketanga me te whakamatautau.)

Na, he ohorere pai, ka mahi a kubectl i waho o te pouaka kaore he taapiri taapiri!

$ ./kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:47:41Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:39:24Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
$ ./kubectl get pod
No resources found in default namespace.

raruraru

Engari ki te keri hohonu koe, kei te he te ahua:

$ ./kubectl get pod -n kube-system
No resources found in kube-system namespace.

Kua ngaro nga putunga pateko i hangaia e matou! Otirā, kāre i kitea te kōpuku kubelet:

$ ./kubectl get nodes
No resources found in default namespace.

He aha te take? Mena ka maumahara koe ki etahi kowae i mua ake nei, i timata matou i te kubelet me te huinga tino ngawari o nga tawhā raina whakahau, na reira kaore te kubelet e mohio me pehea te whakapā atu ki te tūmau API me te whakamohio i tona ahuatanga. I muri i te ako i nga tuhinga, ka kitea e matou te haki e rite ana:

--kubeconfig string

Te ara ki te kōnae kubeconfig, e tohu ana me pehea te hono atu ki te tūmau API. Te waatea --kubeconfig ka taea te aratau tūmau API, kaore --kubeconfig ka taea te aratau tuimotu.

I enei wa katoa, me te kore e mohio, i whakahaerehia e matou te kubelet i roto i te "aratau tuimotu." (Mena kei te pukumahi matou, ka whakaaro matou he kubelet motuhake hei "Kubernetes iti rawa", engari he tino hoha tera). Kia mahi te whirihoranga "tino", me tuku te konae kubeconfig ki te kubelet kia mohio ai ki te korero ki te tūmau API. Waimarie he tino ngawari (i te mea karekau he take mo te whakamotuhēhēnga, tiwhikete rānei):

apiVersion: v1
kind: Config
clusters:
- cluster:
    server: http://127.0.0.1:8080
  name: mink8s
contexts:
- context:
    cluster: mink8s
  name: mink8s
current-context: mink8s

Tiakina tenei hei kubeconfig.yaml, patua te tukanga kubelet ka timata ano me nga tawhā e tika ana:

$ sudo ./kubelet --pod-manifest-path=pods --kubeconfig=kubeconfig.yaml

(I te ara, ki te ngana koe ki te uru atu ki te API ma te korikori karekau te kubelet e rere ana, ka kitea e koe kei te rere tonu! Ehara a Kubelet i te "matua" o ona pene penei i a Docker, he rite tonu ki te "mana" daemon.” Ka haere tonu nga ipu e whakahaerehia ana e te kubelet kia mutu ra ano te kubelet.)

I roto i nga meneti torutoru kubectl me whakaatu mai ki a matou nga putunga me nga pona kia rite ki ta matou e tumanako ana:

$ ./kubectl get pods -A
NAMESPACE     NAME                    READY   STATUS             RESTARTS   AGE
default       hello-mink8s            0/1     CrashLoopBackOff   261        21h
kube-system   etcd-mink8s             1/1     Running            0          21h
kube-system   kube-apiserver-mink8s   1/1     Running            0          21h
$ ./kubectl get nodes -owide
NAME     STATUS   ROLES    AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION       CONTAINER-RUNTIME
mink8s   Ready    <none>   21h   v1.18.5   10.70.10.228   <none>        Ubuntu 18.04.4 LTS   4.15.0-109-generic   docker://19.3.6

Kia tino mihi tatou ki a tatou i tenei wa (kei te mohio ahau kua mihi kee ahau ki a tatou ano) - he iti noa a tatou "cluster" Kubernetes e rere ana me te API tino mahi!

Ka whakarewahia e matou i raro

Inaianei kia kite tatou he aha te kaha o te API. Me timata ma te nginx pod:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - image: nginx
    name: nginx

I konei ka whiwhi tatou i tetahi hapa tino pai:

$ ./kubectl apply -f nginx.yaml
Error from server (Forbidden): error when creating "nginx.yaml": pods "nginx" is
forbidden: error looking up service account default/default: serviceaccount
"default" not found
$ ./kubectl get serviceaccounts
No resources found in default namespace.

I konei ka kite tatou i te tino koretake o to tatou taiao Kubernetes - karekau he kaute mo nga ratonga. Me ngana ano ma te hanga a-ringa i tetahi kaute ratonga ka kite ka ahatia:

$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: default
EOS
serviceaccount/default created
$ ./kubectl apply -f nginx.yaml
Error from server (ServerTimeout): error when creating "nginx.yaml": No API
token found for service account "default", retry after the token is
automatically created and added to the service account

Ahakoa i hanga a ringatia e matou te kaute ratonga, kaore i hangaia te tohu motuhēhēnga. I a tatou e haere tonu ana ki te whakamatautau i to tatou "cluster" iti, ka kitea ko te nuinga o nga mea whai hua ka puta aunoa ka ngaro. He iti noa te tūmau API Kubernetes, me te nuinga o te hiki taumaha me te whirihoranga aunoa kei roto i nga momo kaiwhakahaere me nga mahi papamuri kaore ano kia rere.

Ka taea e taatau te whakatika i tenei raru ma te whakarite i te whiringa automountServiceAccountToken mo te kaute ratonga (i te mea kaore matou e whakamahi tonu):

$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: default
automountServiceAccountToken: false
EOS
serviceaccount/default configured
$ ./kubectl apply -f nginx.yaml
pod/nginx created
$ ./kubectl get pods
NAME    READY   STATUS    RESTARTS   AGE
nginx   0/1     Pending   0          13m

Ka mutu, kua puta mai te pona! Engari karekau e timata na te mea karekau he mahere (kaiwhakataka) tetahi atu waahanga nui o Kubernetes. Ano, ka kite tatou he "wahangu" te Kubernetes API - ka hanga e koe he Pod i roto i te API, ka rehitatia, engari kaore e ngana ki te whakaaro he aha te node hei whakahaere.

Ko te mea pono, kaore koe e hiahia ki te kaihōtaka ki te whakahaere i tetahi poti. Ka taea e koe te taapiri a-ringa i tetahi node ki te whakaatu i te tawhā nodeName:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - image: nginx
    name: nginx
  nodeName: mink8s

(Whakakapi mink8s ki te ingoa o te node.) I muri i te whakakore me te tono, ka kite tatou kua timata te nginx me te whakarongo ki te wahitau IP o roto:

$ ./kubectl delete pod nginx
pod "nginx" deleted
$ ./kubectl apply -f nginx.yaml
pod/nginx created
$ ./kubectl get pods -owide
NAME    READY   STATUS    RESTARTS   AGE   IP           NODE     NOMINATED NODE   READINESS GATES
nginx   1/1     Running   0          30s   172.17.0.2   mink8s   <none>           <none>
$ curl -s 172.17.0.2 | head -4
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>

Kia mohio kei te mahi tika te whatunga i waenga i nga poti, ka taea e tatou te whakahaere curl mai i tetahi atu poti:

$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: curl
spec:
  containers:
  - image: curlimages/curl
    name: curl
    command: ["curl", "172.17.0.2"]
  nodeName: mink8s
EOS
pod/curl created
$ ./kubectl logs curl | head -6
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>

He tino rawe ki te keri ki roto i tenei taiao me te kite he aha te mahi me te kore e pai. I kitea e au ko te ConfigMap me te mea ngaro e mahi ana i te mea e tumanakohia ana, engari ko te Ratonga me te Whakamahinga kaore e mahi.

Whakautu!

Kei te roa haere tenei pou, no reira ka whakapuaki ahau i te wikitoria me te kii he whirihoranga tika tenei ka taea te kiia ko "Kubernetes". Hei whakarāpopoto: e wha nga taarua, e rima nga tawhā raina whakahau me "anake" nga rarangi 45 o YAML (kaore i runga i nga paerewa Kubernetes) a he maha nga mea e mahi ana:

• Ka whakahaerehia nga Pods ma te whakamahi i te Kubernetes API (me etahi hacks)
• Ka taea e koe te tuku ake me te whakahaere i nga whakaahua ipu whanui
• Kei te ora tonu nga Pods ka timata ano
• He pai te mahi a te hononga i waenga i nga pona i roto i te pona kotahi
• ConfigMap, Nga mahi whakapuru huna me te ngawari i runga i te tumanako

Engari ko te nuinga o nga mea e whai hua ana a Kubernetes kei te ngaro tonu, penei:

• Pod Hōtaka
• Motuhēhētanga/whakamana
• Kopuku maha
• Whatunga ratonga
• DNS o roto kua tapoi
• Ko nga kaiwhakahaere mo nga kaute ratonga, te tuku, te whakauru ki nga kaiwhakarato kapua me te nuinga o nga mea pai ka kawea mai e Kubernetes.

Na he aha ta tatou i whiwhi? Ko te Kubernetes API, e whakahaere ana i a ia ano, he tino turanga noa mo aunoa ipu. Kare e nui - he mahi mo nga momo kaiwhakahaere me nga kaiwhakahaere e whakamahi ana i te API - engari e whakarato ana i te taiao rite tonu mo te mahi aunoa.

Ako atu mo te akoranga i roto i te ipurangi ipurangi koreutu.

Pānuitia atu:

• He aha te take me ako e nga kaiwhakahaere punaha, nga kaiwhakawhanake me nga kaiwhakaatu nga tikanga DevOps?
• Thanos - Tauine Prometheus
• Me pehea te whakamahi a te roopu QA GitLab i te Utauta Mahi a GitLab
• Loki - kohikohinga rangitaki ma te whakamahi i te huarahi Prometheus
• He ra i roto i te oranga o DevOps

Source: will.com