Zindikirani. transl.: Nkhaniyi, yolembedwa ndi injiniya wa SRE wochokera ku LinkedIn, ikufotokoza mwatsatanetsatane zamatsenga amkati ku Kubernetes - ndendende, kuyanjana kwa CRI, CNI ndi kube-apiserver - zomwe zimachitika pamene pod yotsatira iyenera kupatsidwa adilesi ya IP.
Chimodzi mwa zofunika zofunika ndikuti pod iliyonse iyenera kukhala ndi adilesi yakeyake ya IP ndipo pod ina iliyonse mugululo iyenera kulumikizana nayo pa adilesiyo. Pali ambiri "opereka" maukonde (Flannel, Calico, Canal, etc.) omwe amathandiza kukhazikitsa chitsanzo ichi cha intaneti.
Nditayamba kugwira ntchito ndi Kubernetes, sizinali bwino kwa ine momwe ma pod amapezera ma adilesi awo a IP. Ngakhale titamvetsetsa momwe zigawo zake zimagwirira ntchito, zinali zovuta kulingalira kuti zimagwira ntchito limodzi. Mwachitsanzo, ndimadziwa zomwe mapulagini a CNI anali, koma sindimadziwa momwe amatchulidwira. Choncho, ndinaganiza zolembera nkhaniyi kuti ndigawane chidziwitso cha zigawo zosiyanasiyana za maukonde ndi momwe zimagwirira ntchito limodzi mu gulu la Kubernetes, lomwe limalola kuti pod iliyonse ipeze adilesi yake ya IP.
Pali njira zosiyanasiyana zopangira maukonde ku Kubernetes, monganso pali zosankha zosiyanasiyana zanthawi yothamangitsira zotengera. Bukuli lidzagwiritsidwa ntchito kukonza maukonde mumagulu, komanso ngati malo otheka - . Ndikupanganso kuganiza kuti mukudziwa momwe kulumikizana pakati pa zotengera kumagwirira ntchito, chifukwa chake ndingokhudza mwachidule, chifukwa cha nkhani.
Mfundo zina zofunika
Zotengera ndi Network: Chidule Chachidule
Pali zofalitsa zambiri zabwino kwambiri pa intaneti zomwe zimafotokozera momwe makontena amalankhulirana pa intaneti. Chifukwa chake, ndingopereka mwachidule malingaliro oyambira ndikudziletsa kunjira imodzi, yomwe imaphatikizapo kupanga mlatho wa Linux ndikuyika phukusi. Tsatanetsatane sanasiyidwe, chifukwa mutu wa network network uyenera kukhala ndi nkhani ina. Maulalo ku zofalitsa zanzeru komanso zamaphunziro aziperekedwa pansipa.
Zotengera pa wolandira mmodzi
Njira imodzi yolumikizirana kudzera pa ma adilesi a IP pakati pa zotengera zomwe zikuyenda pagulu lomwelo ndikupanga mlatho wa Linux. Pachifukwa ichi, zida zenizeni zimapangidwa ku Kubernetes (ndi Docker) . Mapeto amodzi a chipangizo cha veth amalumikizana ndi malo amtaneti a chidebecho, enawo pa network host.
Zotengera zonse zomwe zili pagulu limodzi zili ndi malekezero amodzi a veth olumikizidwa ndi mlatho momwe amatha kulumikizana wina ndi mnzake kudzera pa ma adilesi a IP. Mlatho wa Linux ulinso ndi adilesi ya IP ndipo umakhala ngati khomo lolowera magalimoto kuchokera kumapoto omwe amapita kumalo ena.
Zotengera pa makamu osiyanasiyana
Packet encapsulation ndi njira imodzi yomwe imalola kuti zotengera pa node zosiyanasiyana zizilumikizana wina ndi mnzake pogwiritsa ntchito ma adilesi a IP. Ku Flannel, luso lamakono ndilofunika mwayi umenewu. , yomwe "imayika" paketi yoyambirira kukhala paketi ya UDP ndikuitumiza komwe ikupita.
M'gulu la Kubernetes, Flannel imapanga chipangizo cha vxlan ndikusintha tebulo lanjira pa node iliyonse moyenera. Paketi iliyonse yoyikidwa pa chidebe pagulu lina imadutsa pa chipangizo cha vxlan ndipo imakutidwa ndi paketi ya UDP. Pamalo omwe akupita, paketi yosungidwa imachotsedwa ndikutumizidwa ku poto yomwe mukufuna.
Zindikirani: Iyi ndi njira imodzi yokha yolumikizirana pa intaneti pakati pa zotengera.
Kodi CRI ndi chiyani?
ndi pulogalamu yowonjezera yomwe imalola kubelet kugwiritsa ntchito malo osiyanasiyana othamanga. CRI API imapangidwa nthawi zosiyanasiyana, kotero ogwiritsa ntchito amatha kusankha nthawi yomwe akufuna.
CNI ndi chiyani?
ndi kukonza njira yapaintaneti yapadziko lonse lapansi pazotengera za Linux. Komanso, kumaphatikizapo , yomwe imayang'anira ntchito zosiyanasiyana pokhazikitsa ma pod network. Pulogalamu yowonjezera ya CNI ndi fayilo yotheka yomwe imagwirizana ndi zomwe zafotokozedwa (tidzakambirana mapulagini pansipa).
Kugawidwa kwa ma subnets ku ma node operekera ma adilesi a IP ku ma pod
Popeza pod iliyonse pagulu iyenera kukhala ndi adilesi ya IP, ndikofunikira kuwonetsetsa kuti adilesiyi ndi yapadera. Izi zimatheka popatsa node iliyonse gawo lapadera, pomwe ma pod pa nodeyo amapatsidwa ma adilesi a IP.
Node IPAM Controller
pamene nodeipam adadutsa ngati chizindikiro cha mbendera --controllers , imagawira kagawo kakang'ono (podCIDR) ku node iliyonse kuchokera ku cluster CIDR (ie, mndandanda wa ma adilesi a IP a network cluster network). Popeza ma podCIDRs samadutsana, zimakhala zotheka kuti pod iliyonse ipatsidwe adilesi yapadera ya IP.
Node ya Kubernetes imapatsidwa podCIDR pomwe idalembetsedwa ndi gululo. Kuti musinthe ma podCIDR a node, muyenera kuwachotsa ndikulembetsanso, ndikupanga kusintha koyenera pa Kubernetes control layer configuration pakati. Mutha kuwonetsa podCIDR ya node pogwiritsa ntchito lamulo ili:
$ kubectl get no <nodeName> -o json | jq '.spec.podCIDR'
10.244.0.0/24
Kubelet, chidebe chothamanga ndi mapulagini a CNI: momwe zonse zimagwirira ntchito
Kupanga pod pa node kumaphatikizapo njira zambiri zokonzekera. M'chigawo chino, ndingoyang'ana pa zomwe zikugwirizana mwachindunji ndi kukhazikitsa pod network.
Kupanga poto ku node inayake kumayambitsa zochitika zotsatirazi:
Thandizo: .
Kuyanjana pakati pa nthawi yoyendetsera chidebe ndi mapulagini a CNI
Wopereka maukonde aliyense ali ndi pulogalamu yakeyake ya CNI. Nthawi yothamanga ya chidebecho imayendetsa kuti ikonze netiweki ya pod ikayamba. Pankhani yosungidwa, pulogalamu yowonjezera ya CNI imayambitsidwa ndi pulogalamu yowonjezera .
Komanso, wopereka aliyense ali ndi wothandizira wake. Imayikidwa pamanode onse a Kubernetes ndipo imayang'anira kasinthidwe ka ma netiweki. Wothandizira uyu amaphatikizidwa ndi CNI config kapena amapanga pawokha pa mfundo. Kukonzekera kumathandizira plugin ya CRI kukhazikitsa pulogalamu yowonjezera ya CNI kuti iyitanire.
Malo a CNI config akhoza kusinthidwa; mwachisawawa ili mkati /etc/cni/net.d/<config-file>. Oyang'anira Cluster alinso ndi udindo woyika mapulagini a CNI pagulu lililonse lamagulu. Malo awo ndi customizable; chikwatu chosasinthika - /opt/cni/bin.
Mukamagwiritsa ntchito zosungidwa, njira za plugin config ndi binaries zitha kukhazikitsidwa mgawoli [plugins.Β«io.containerd.grpc.v1.criΒ».cni] Π² .
Popeza tikugwiritsa ntchito Flannel ngati wopereka maukonde athu, tiyeni tikambirane pang'ono za kuyikhazikitsa:
- Flanneld (Flannel's daemon) nthawi zambiri imayikidwa mgulu ngati DaemonSet yokhala ndi
install-cnimonga . Install-cniamalenga (/etc/cni/net.d/10-flannel.conflist) pa mfundo iliyonse.- Flanneld imapanga chida cha vxlan, imatenga metadata ya netiweki kuchokera pa seva ya API, ndikuwunika zosintha zapod. Monga momwe zimapangidwira, zimagawa njira zopita kumagulu onse pamagulu onse.
- Njirazi zimalola ma pod kuti azilumikizana wina ndi mnzake kudzera pa ma adilesi a IP.
Kuti mumve zambiri za ntchito ya Flannel, ndikupangira kugwiritsa ntchito maulalo kumapeto kwa nkhaniyi.
Nachi chithunzi chamgwirizano pakati pa Containerd CRI plugin ndi mapulagini a CNI:
Monga mukuwonera pamwambapa, kubelet imayitanitsa pulogalamu yowonjezera ya Containerd CRI kuti ipange pod, yomwe imayitanitsa pulogalamu yowonjezera ya CNI kuti ikonze netiweki ya pod. Pochita izi, pulogalamu yowonjezera ya CNI yopereka maukonde imayitanitsa mapulagini ena apakati a CNI kuti akonze magawo osiyanasiyana a netiweki.
Kuyanjana pakati pa mapulagini a CNI
Pali mapulagini osiyanasiyana a CNI omwe ntchito yawo ndikuthandizira kukhazikitsa kulumikizana kwa netiweki pakati pa zotengera zomwe zili pagulu. Nkhaniyi ifotokoza zitatu mwa izo.
CNI pulogalamu yowonjezera Flannel
Mukamagwiritsa ntchito Flannel ngati wothandizira maukonde, gawo la Containerd CRI limayimba pogwiritsa ntchito fayilo ya CNI /etc/cni/net.d/10-flannel.conflist.
$ cat /etc/cni/net.d/10-flannel.conflist
{
"name": "cni0",
"plugins": [
{
"type": "flannel",
"delegate": {
"ipMasq": false,
"hairpinMode": true,
"isDefaultGateway": true
}
}
]
}
Pulogalamu yowonjezera ya Flannel CNI imagwira ntchito limodzi ndi Flanneld. Poyambitsa, Flanneld amatenga podCIDR ndi zina zokhudzana ndi netiweki kuchokera pa seva ya API ndikuzisunga ku fayilo. /run/flannel/subnet.env.
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=false
Pulogalamu ya Flannel CNI imagwiritsa ntchito deta kuchokera /run/flannel/subnet.env kukonza ndikuyitanitsa plugin ya CNI bridge.
CNI plugin Bridge
Pulagi iyi imatchedwa ndi masinthidwe awa:
{
"name": "cni0",
"type": "bridge",
"mtu": 1450,
"ipMasq": false,
"isGateway": true,
"ipam": {
"type": "host-local",
"subnet": "10.244.0.0/24"
}
}
Ikaitanidwa koyamba, imapanga mlatho wa Linux wokhala nawo Β«nameΒ»: Β«cni0Β», zomwe zikuwonetsedwa mu config. Kenako veth pair imapangidwa pa pod iliyonse. Mapeto ake amodzi amalumikizidwa ndi malo a netiweki a chidebe, enawo akuphatikizidwa mu mlatho wa Linux pa netiweki yolandila. imalumikiza zida zonse zokhala nawo ku mlatho wa Linux pa netiweki yolandila.
Mukamaliza kuyika veth pair, pulogalamu yowonjezera ya Bridge Bridge imayimbira pulogalamu yowonjezera ya IPAM CNI. Mtundu wa pulogalamu yowonjezera ya IPAM ukhoza kukonzedwa mu CNI config yomwe CRI plugin imagwiritsa ntchito kuyitana Flannel CNI plugin.
Host-local IPAM CNI mapulagini
Mafoni a Bridge CNI ndi masinthidwe awa:
{
"name": "cni0",
"ipam": {
"type": "host-local",
"subnet": "10.244.0.0/24",
"dataDir": "/var/lib/cni/networks"
}
}
Host-local IPAM plugin (IP Adress Mkuwongolera - kasamalidwe ka adilesi ya IP) imabweretsanso adilesi ya IP ya chidebecho kuchokera ku subnet ndikusunga IP yomwe yaperekedwa pa wolandilayo m'ndandanda yomwe yafotokozedwa mgawoli. dataDir - /var/lib/cni/networks/<network-name=cni0>/<ip>. Fayiloyi ili ndi ID ya chidebe chomwe adilesi ya IPyi yaperekedwa.
Mukayimba pulogalamu yowonjezera ya IPAM, imabwezera zotsatirazi:
{
"ip4": {
"ip": "10.244.4.2",
"gateway": "10.244.4.3"
},
"dns": {}
}
Chidule
Kube-controller-manager amagawira podCIDR ku node iliyonse. Ma pods a nodi iliyonse amalandira ma adilesi a IP kuchokera pamalo adilesi omwe ali mumtundu wa podCIDR womwe waperekedwa. Popeza ma node 'podCIDRs sadutsana, ma pod onse amalandira ma adilesi apadera a IP.
Woyang'anira gulu la Kubernetes amakonza ndikuyika kubelet, nthawi yoyendetsera chidebe, wothandizira maukonde, ndikukopera mapulagini a CNI kumalo aliwonse. Poyambitsa, wothandizira maukonde amapanga CNI config. Pamene pod ikukonzekera node, kubelet imayitana CRI plugin kuti ipange. Kenako, ngati chosungidwa chikugwiritsidwa ntchito, pulogalamu yowonjezera ya Containerd CRI imayimbira pulogalamu yowonjezera ya CNI yotchulidwa mu CNI config kuti ikonze netiweki ya pod. Zotsatira zake, pod imalandira adilesi ya IP.
Zinanditengera nthawi kuti ndimvetsetse zidziwitso zonse zamagulu onsewa. Ndikukhulupirira kuti izi zikuthandizani kumvetsetsa momwe Kubernetes amagwirira ntchito. Ngati ndalakwitsa chilichonse, chonde nditumizireni pa kapena ku adilesi . Khalani omasuka kuwafikira ngati mukufuna kukambirana mbali za nkhaniyi kapena china chilichonse. Ndikufuna kucheza nanu!
powatsimikizira
Containers ndi network
Kodi Flannel imagwira ntchito bwanji?
CRI ndi CNI
PS kuchokera kwa womasulira
Werenganinso pa blog yathu:
- Β«";
- "An Illustrated Guide to Networking in Kubernetes": , ;
- Β«".
Source: www.habr.com