Pitani? Bash! Kumanani ndi oyendetsa zipolopolo (ndemanga ndi lipoti la kanema kuchokera KubeCon EU'2020)

Chaka chino, msonkhano waukulu wa Kubernetes waku Europe - KubeCon + CloudNativeCon Europe 2020 - unali weniweni. Komabe, kusintha kotereku sikunatilepheretse kupereka lipoti lathu lakale lakuti “Pitani? Bash! Kumanani ndi Shell-operator" wodzipereka ku polojekiti yathu ya Open Source chipolopolo-woyendetsa.

Nkhaniyi, motsogozedwa ndi nkhaniyo, ikupereka njira yochepetsera njira yopangira opangira Kubernetes ndikuwonetsa momwe mungapangire nokha mosavutikira kwambiri pogwiritsa ntchito chipolopolo.

Kuyambitsa kanema wa lipoti (~Mphindi 23 m'Chingerezi, yodziwika bwino kuposa nkhaniyo) komanso zomwe zidachokera muzolemba. Pitani!

Ku Flant timakulitsa ndikusinthira zonse. Lero tikambirana za lingaliro lina losangalatsa. Kukumana: cloud-native shell scripting!

Komabe, tiyeni tiyambe ndi nkhani yomwe zonsezi zimachitika: Kubernetes.

Kubernetes API ndi olamulira

API ku Kubernetes ikhoza kuyimiridwa ngati mtundu wa seva yamafayilo yokhala ndi zolemba zamtundu uliwonse wa chinthu. Zinthu (zothandizira) pa seva iyi zimayimiriridwa ndi mafayilo a YAML. Kuphatikiza apo, seva ili ndi API yoyambira yomwe imakulolani kuchita zinthu zitatu:

• kulandira gwero ndi mtundu wake ndi dzina;
• sintha gwero (panthawiyi, seva imasunga zinthu "zolondola" zokha - zonse zopangidwa molakwika kapena zopangira zolemba zina zimatayidwa);
• njira kwa gwero (pankhaniyi, wogwiritsa ntchito nthawi yomweyo amalandira mtundu wake wamakono / wosinthidwa).

Chifukwa chake, Kubernetes imakhala ngati mtundu wa seva yamafayilo (ya mawonekedwe a YAML) ndi njira zitatu zoyambira (inde, pali zina, koma tizisiya pakadali pano).

Vuto ndiloti seva imatha kusunga zambiri. Kuti mugwire ntchito muyenera wolamulira - lingaliro lachiwiri lofunikira komanso lofunikira kwambiri padziko lapansi la Kubernetes.

Pali mitundu iwiri ikuluikulu ya olamulira. Yoyamba imatenga zambiri kuchokera kwa Kubernetes, ndikuzikonza molingana ndi malingaliro okhazikika, ndikuzibwezera ku K8s. Wachiwiri amatenga zambiri kuchokera Kubernetes, koma, mosiyana ndi mtundu woyamba, amasintha zinthu zina zakunja.

Tiyeni tiwone mwatsatanetsatane njira yopangira Deployment ku Kubernetes:

• Deployment Controller (yophatikizidwa ndi kube-controller-manager) amalandila zambiri za Deployment ndikupanga ReplicaSet.
• ReplicaSet imapanga zofananira ziwiri (ma pod awiri) kutengera chidziwitsochi, koma ma pod awa sanakonzedwebe.
• Wokonza mapulani amakonza ma pod ndikuwonjezera zidziwitso ku YAML yawo.
• Kubelets amasintha kuzinthu zakunja (kunena Docker).

Kenako kutsatizana konseku kumabwerezedwa motsatira dongosolo: kubelet amayang'ana zotengerazo, amawerengera momwe alili podu ndikuzitumizanso. Woyang'anira ReplicaSet amalandira mawonekedwe ndikusintha mawonekedwe a replica set. Zomwezo zimachitika ndi Deployment Controller ndipo wogwiritsa ntchito pamapeto pake amapeza zomwe zasinthidwa (panopa).

Shell-operator

Zikuoneka kuti Kubernetes imachokera ku ntchito yogwirizana ya olamulira osiyanasiyana (oyendetsa Kubernetes ndi olamulira). Funso limadzuka, momwe mungapangire opareshoni yanu molimbika pang'ono? Ndipo apa amene tinapanga abwera kudzatipulumutsa chipolopolo-woyendetsa. Zimalola oyang'anira machitidwe kupanga mawu awoawo pogwiritsa ntchito njira zodziwika bwino.

Chitsanzo chosavuta: kukopera zinsinsi

Tiyeni tione chitsanzo chosavuta.

Tinene kuti tili ndi gulu la Kubernetes. Ili ndi malo a mayina default ndi Chinsinsi mysecret. Kuphatikiza apo, palinso malo ena am'magulu. Ena mwa iwo ali ndi chizindikiro chokhazikika. Cholinga chathu ndikutengera Chinsinsi m'malo omwe ali ndi zilembo.

Ntchitoyi ndi yovuta chifukwa chakuti malo atsopano amatha kuwonekera m'gululi, ndipo ena a iwo akhoza kukhala ndi chizindikiro ichi. Kumbali ina, chizindikirocho chikachotsedwa, Chinsinsi chiyeneranso kuchotsedwa. Kuphatikiza pa izi, Chinsinsi chokhacho chikhoza kusinthanso: pamenepa, Chinsinsi chatsopano chiyenera kukopera ku malo onse a mayina omwe ali ndi malemba. Ngati Chinsinsi chafufutidwa mwangozi m'malo aliwonse a mayina, wogwiritsa ntchitoyo ayenera kubwezeretsanso nthawi yomweyo.

Tsopano popeza ntchitoyi yapangidwa, ndi nthawi yoti muyambe kuyigwiritsa ntchito pogwiritsa ntchito chipolopolo. Koma choyamba ndi bwino kunena mawu ochepa ponena za chipolopolo-woyendetsa mwiniwake.

Momwe shell-operator imagwirira ntchito

Monga zolemetsa zina ku Kubernetes, oyendetsa zipolopolo amayenda mu pod yake. M'nkhani ino mu bukhuli /hooks mafayilo omwe amatha kusungidwa amasungidwa. Izi zitha kukhala zolemba mu Bash, Python, Ruby, etc. Timatcha mafayilo omwe amatha kuchitidwa ngati zingwe (ngowe).

Shell-operator amalembetsa ku Kubernetes zochitika ndikuyendetsa mbewa izi poyankha zomwe tikufuna.

Kodi woyendetsa chipolopolo amadziwa bwanji mbedza yoti ayendetse ndipo liti? Mfundo ndi yakuti mbedza iliyonse ili ndi magawo awiri. Poyambira, woyendetsa chipolopolo amayendetsa mbedza zonse ndi mkangano --config Ili ndiye gawo lokonzekera. Ndipo pambuyo pake, mbedza zimayambitsidwa mwachizolowezi - poyankha zochitika zomwe zimamangiriridwa. Pamapeto pake, mbedza imalandira mawu omangirira (Zomangamanga) - deta mu mtundu wa JSON, womwe tidzakambirana mwatsatanetsatane pansipa.

Kupanga opareta ku Bash

Tsopano ndife okonzeka kukhazikitsidwa. Kuti tichite izi, tiyenera kulemba ntchito ziwiri (mwa njira, tikupangira laibulale chipolopolo_lib, zomwe zimathandizira kwambiri zolemba zolemba mu Bash):

• choyamba ndichofunika pa siteji yokonzekera - imasonyeza zomwe zimamangiriza;
• yachiwiri ili ndi mfundo zazikulu za mbedza.

#!/bin/bash

source /shell_lib.sh

function __config__() {
  cat << EOF
    configVersion: v1
    # BINDING CONFIGURATION
EOF
}

function __main__() {
  # THE LOGIC
}

hook::run "$@"

Chotsatira ndikusankha zinthu zomwe tikufuna. M'malo mwathu, tiyenera kutsatira zotsatirazi:

• chinsinsi cha kusintha;
• malo onse a mayina mu tsango, kuti mudziwe omwe ali ndi chizindikiro cholumikizidwa nawo;
• chandamale zinsinsi kuonetsetsa kuti zonse zogwirizana ndi chinsinsi gwero.

Lembani ku gwero lachinsinsi

Kumanga kasinthidwe kwa izo ndikosavuta. Tikuwonetsa kuti tili ndi chidwi ndi Chinsinsi ndi dzinali mysecret mu namespace default:

function __config__() {
  cat << EOF
    configVersion: v1
    kubernetes:
    - name: src_secret
      apiVersion: v1
      kind: Secret
      nameSelector:
        matchNames:
        - mysecret
      namespace:
        nameSelector:
          matchNames: ["default"]
      group: main
EOF

Zotsatira zake, mbedza idzayambika pamene chinsinsi chachinsinsi chikusintha (src_secret) ndi kulandira mawu otsatirawa:

Monga mukuonera, ili ndi dzina ndi chinthu chonsecho.

Kusunga malo a mayina

Tsopano muyenera kulembetsa ku malo a mayina. Kuti tichite izi, timafotokozera makonzedwe otsatirawa:

- name: namespaces
  group: main
  apiVersion: v1
  kind: Namespace
  jqFilter: |
    {
      namespace: .metadata.name,
      hasLabel: (
       .metadata.labels // {} |  
         contains({"secret": "yes"})
      )
    }
  group: main
  keepFullObjectsInMemory: false

Monga mukuonera, gawo latsopano lawonekera mu kasinthidwe ndi dzina jqFilter. Monga dzina lake likunenera, jqFilter imasefa zidziwitso zonse zosafunika ndikupanga chinthu chatsopano cha JSON chokhala ndi minda yomwe ili ndi chidwi kwa ife. Hook yokhala ndi kasinthidwe kofanana ilandila mawu omangiriza awa:

Lili ndi gulu filterResults pa malo aliwonse amgulu. Kusintha kwa boolean hasLabel zikuwonetsa ngati chizindikirocho chalumikizidwa kumalo operekedwa. Wosankha keepFullObjectsInMemory: false zimasonyeza kuti palibe chifukwa chosunga zinthu zonse m’maganizo.

Kutsata zinsinsi zomwe mukufuna

Timalembetsa ku Zinsinsi zonse zomwe zili ndi mawu ofotokozera managed-secret: "yes" (awa ndi cholinga chathu dst_secrets):

- name: dst_secrets
  apiVersion: v1
  kind: Secret
  labelSelector:
    matchLabels:
      managed-secret: "yes"
  jqFilter: |
    {
      "namespace":
        .metadata.namespace,
      "resourceVersion":
        .metadata.annotations.resourceVersion
    }
  group: main
  keepFullObjectsInMemory: false

Pankhaniyi jqFilter imasefa zidziwitso zonse kupatula malo a mayina ndi parameter resourceVersion. Chotsatira chomaliza chinaperekedwa ku chidziwitso popanga chinsinsi: chimakulolani kufananitsa mitundu ya zinsinsi ndikuzisungabe.

Chingwe chokonzedwa motere, chikachitidwa, chidzalandira zinthu zitatu zomwe zafotokozedwa pamwambapa. Iwo akhoza kuganiziridwa ngati mtundu wa chithunzithunzi (chithunzi) gulu.

Kutengera chidziwitso chonsechi, algorithm yoyambira imatha kupangidwa. Imabwereza mayina onse ndi:

• ngati hasLabel nkhani true za malo omwe alipo:
  • kuyerekeza chinsinsi chapadziko lonse ndi chapafupi:
    • ngati ali ofanana, palibe kanthu;
    • ngati asiyana - amachitira kubectl replace kapena create;
• ngati hasLabel nkhani false za malo omwe alipo:
  • imawonetsetsa kuti Chinsinsi sichili mu malo omwe apatsidwa:
    • ngati Chinsinsi chapafupi chilipo, chotsani pogwiritsa ntchito kubectl delete;
    • ngati Chinsinsi chakumaloko sichidziwika, sichichita chilichonse.

Kukhazikitsidwa kwa algorithm mu Bash mukhoza kukopera wathu nkhokwe ndi zitsanzo.

Umu ndi momwe tinatha kupanga chowongolera cha Kubernetes chosavuta kugwiritsa ntchito mizere 35 ya YAML config komanso kuchuluka komweko kwa Bash code! Ntchito ya shell-operator ndiyo kuwalumikiza pamodzi.

Komabe, kukopera zinsinsi si gawo lokhalo logwiritsira ntchito. Nazi zitsanzo zina zosonyeza zomwe angathe kuchita.

Chitsanzo 1: Kusintha kwa ConfigMap

Tiyeni tiwone Kutumiza komwe kumakhala ndi ma pod atatu. Ma Pods amagwiritsa ntchito ConfigMap kusunga zosintha zina. Pamene ma pod adayambitsidwa, ConfigMap inali mumkhalidwe wina wake (tiyeni tiyitcha v.1). Chifukwa chake, ma pod onse amagwiritsa ntchito mtundu uwu wa ConfigMap.

Tsopano tiyeni tiyerekeze kuti ConfigMap yasintha (v.2). Komabe, ma pod adzagwiritsa ntchito mtundu wakale wa ConfigMap (v.1):

Kodi ndingawathandize bwanji kuti asinthe kupita ku ConfigMap yatsopano (v.2)? Yankho ndi losavuta: gwiritsani ntchito template. Tiyeni tiwonjezere ndemanga ya cheki kugawolo template Zokonda zotumizidwa:

Zotsatira zake, chekeni iyi idzalembetsedwa mu ma pod onse, ndipo idzakhala yofanana ndi ya Deployment. Tsopano mukungofunika kusintha mawu ake ConfigMap ikasintha. Ndipo chipolopolo-operator amabwera bwino mu nkhani iyi. Zomwe muyenera kuchita ndi pulogalamu mbeza yomwe idzalembetse ku ConfigMap ndikusintha cheke.

Ngati wogwiritsa ntchito asintha pa ConfigMap, wogwiritsa ntchito zipolopolo amaziwona ndikuwerengeranso cheke. Pambuyo pake matsenga a Kubernetes adzayamba kusewera: woyimbayo adzapha pod, kupanga yatsopano, kuyembekezera kuti ikhale. Ready, ndikupita ku yotsatira. Zotsatira zake, Deployment ilumikizana ndikusintha ku mtundu watsopano wa ConfigMap.

Chitsanzo 2: Kugwira ntchito ndi Tanthauzo la Custom Resource

Monga mukudziwa, Kubernetes amakulolani kuti mupange mitundu yazinthu. Mwachitsanzo, mukhoza kupanga wokoma mtima MysqlDatabase. Tiyerekeze kuti mtundu uwu uli ndi magawo awiri a metadata: name и namespace.

apiVersion: example.com/v1alpha1
kind: MysqlDatabase
metadata:
  name: foo
  namespace: bar

Tili ndi gulu la Kubernetes lomwe lili ndi mayina osiyanasiyana momwe tingapangire ma database a MySQL. Pankhaniyi, chipolopolo-operator angagwiritsidwe ntchito kufufuza zinthu MysqlDatabase, kuwalumikiza ku seva ya MySQL ndikugwirizanitsa zomwe mukufuna ndikuwona za gululo.

Chitsanzo 3: Cluster Network Monitoring

Monga mukudziwira, kugwiritsa ntchito ping ndiyo njira yosavuta yowunikira maukonde. Muchitsanzo ichi tikuwonetsa momwe tingagwiritsire ntchito kuwunika kotere pogwiritsa ntchito zipolopolo.

Choyamba, muyenera kulembetsa ku node. Woyendetsa chipolopolo amafunikira dzina ndi adilesi ya IP ya node iliyonse. Ndi thandizo lawo, iye adzakhala ping mfundo izi.

configVersion: v1
kubernetes:
- name: nodes
  apiVersion: v1
  kind: Node
  jqFilter: |
    {
      name: .metadata.name,
      ip: (
       .status.addresses[] |  
        select(.type == "InternalIP") |
        .address
      )
    }
  group: main
  keepFullObjectsInMemory: false
  executeHookOnEvent: []
schedule:
- name: every_minute
  group: main
  crontab: "* * * * *"

chizindikiro executeHookOnEvent: [] imalepheretsa mbedza kuthamanga poyankha chochitika chilichonse (ndiko kuti, poyankha kusintha, kuwonjezera, kuchotsa node). Komabe, iye adzathamanga (ndikusintha mndandanda wa node) Zakonzedwa - mphindi iliyonse, monga momwe zalembedwera kumunda schedule.

Tsopano funso likubwera, kodi timadziwa bwanji za mavuto monga kutayika kwa paketi? Tiyeni tiwone code:

function __main__() {
  for i in $(seq 0 "$(context::jq -r '(.snapshots.nodes | length) - 1')"); do
    node_name="$(context::jq -r '.snapshots.nodes['"$i"'].filterResult.name')"
    node_ip="$(context::jq -r '.snapshots.nodes['"$i"'].filterResult.ip')"
    packets_lost=0
    if ! ping -c 1 "$node_ip" -t 1 ; then
      packets_lost=1
    fi
    cat >> "$METRICS_PATH" <<END
      {
        "name": "node_packets_lost",
        "add": $packets_lost,
        "labels": {
          "node": "$node_name"
        }
      }
END
  done
}

Timabwereza mndandanda wa node, kupeza mayina awo ndi ma adilesi a IP, kuwalemba ndikutumiza zotsatira ku Prometheus. Shell-operator amatha kutumiza ma metric ku Prometheus, kuwasunga ku fayilo yomwe ili molingana ndi njira yomwe yafotokozedwa pakusintha kwachilengedwe $METRICS_PATH.

Ngati chonchi mutha kupanga opareta kuti aziwunika mosavuta maukonde mumagulu.

Makina a mzere

Nkhaniyi ingakhale yosakwanira popanda kufotokoza njira ina yofunika yopangidwira mu chipolopolo-operator. Tangoganizani kuti ikupanga mbedza yamtundu wina poyankha chochitika chomwe chili mgululi.

• Kodi chimachitika ndi chiyani ngati, nthawi yomweyo, chinachake chikuchitika m'gulu? chimodzi chimodzi chochitika?
• Kodi woyendetsa zipolopolo adzagwiritsanso ntchito mbedza ina?
• Nanga bwanji ngati, tinene, zochitika zisanu zikuchitika mgululi nthawi imodzi?
• Kodi wogwiritsa ntchito zipolopolo adzazipanga mofanana?
• Nanga bwanji zinthu zomwe zimagwiritsidwa ntchito monga kukumbukira ndi CPU?

Mwamwayi, woyendetsa zipolopolo ali ndi makina opangira mizere. Zochitika zonse zimayikidwa pamzere ndikukonzedwa motsatana.

Tiyeni tifotokoze izi ndi zitsanzo. Tinene kuti tili ndi mbedza ziwiri. Chochitika choyamba chimapita ku mbedza yoyamba. Akamaliza kukonza, mzerewo umapita patsogolo. Zochitika zitatu zotsatirazi zikuwongoleredwa ku mbedza yachiwiri - zimachotsedwa pamzere ndikulowa mu "mtolo". Ndiko kuti hook amalandira mndandanda wa zochitika - kapena, ndendende, mndandanda wazinthu zomangirira.

Komanso izi zochitika zikhoza kuphatikizidwa kukhala chimodzi chachikulu. Parameter ndiyomwe imayambitsa izi group m'makonzedwe omanga.

Mutha kupanga mizere / mbedza zingapo ndi kuphatikiza kwawo kosiyanasiyana. Mwachitsanzo, mzere umodzi ukhoza kugwira ntchito ndi mbedza ziwiri, kapena mosemphanitsa.

Zomwe muyenera kuchita ndikukonza gawolo moyenera queue m'makonzedwe omanga. Ngati dzina la mzere silinatchulidwe, ndowe imayenda pamzere wokhazikika (default). Makina apamzerewa amakuthandizani kuthetsa mavuto onse owongolera zinthu mukamagwira ntchito ndi ndowe.

Pomaliza

Tidafotokozera zomwe zipolopolo-oparetor ndi, tidawonetsa momwe zingagwiritsire ntchito mwachangu komanso mosavutikira kupanga oyendetsa Kubernetes, ndikupereka zitsanzo zingapo zakugwiritsa ntchito kwake.

Zambiri zokhudzana ndi chipolopolo-operator, komanso phunziro lachangu la momwe mungagwiritsire ntchito, likupezeka muzofanana. nkhokwe pa GitHub. Musazengereze kutifunsa mafunso: mutha kukambirana nawo mwapadera Telegalamu gulu (mu Russian) kapena mu forum iyi (m'Chingerezi).

Ndipo ngati mudakonda, timakhala okondwa nthawi zonse kuwona zatsopano/PR/nyenyezi pa GitHub, komwe, mwa njira, mutha kupeza ena. ntchito zosangalatsa. Zina mwa izo ndizoyenera kuziwunikira addon-wothandizira, yemwe ndi mchimwene wake wamkulu wa zipolopolo. Izi zimagwiritsa ntchito ma chart a Helm kukhazikitsa zowonjezera, zimatha kutumiza zosintha ndikuyang'anira magawo / ma chart osiyanasiyana, kuwongolera kuyika kwa ma chart, komanso kuwasintha potengera zomwe zikuchitika mgululi.

Makanema ndi zithunzi

Kanema wamasewera (~23 mphindi):

Kafotokozedwe ka lipoti:

PS

Werenganinso pa blog yathu:

• «Kupanga kosavuta kwa ogwiritsa ntchito a Kubernetes okhala ndi zipolopolo: kupita patsogolo kwa projekiti mchaka";
• «Kuyambitsa zipolopolo: kupanga ogwiritsa ntchito Kubernetes kwakhala kosavuta";
• «Kodi ndizosavuta komanso zosavuta kukonzekera gulu la Kubernetes? Kulengeza addon-operator";
• «Kukulitsa ndi kuwonjezera Kubernetes" (ndemanga ndi lipoti lamavidiyo).

Source: www.habr.com