Kubernetes 1.14: Zowonetsa zatsopano

Usiku uno zichitika kutulutsidwa kotsatira kwa Kubernetes - 1.14. Malinga ndi mwambo womwe wapanga pabulogu yathu, tikulankhula za zosintha zazikulu mu mtundu watsopano wa chinthu chodabwitsa ichi cha Open Source.

Zomwe zimagwiritsidwa ntchito pokonzekera nkhaniyi zatengedwa Kubernetes amawonjezera matebulo otsata, KUSINTHA-1.14 ndi zofananira, zopempha zokoka, Kubernetes Enhancement Proposals (KEP).

Tiyeni tiyambe ndi mawu oyamba ofunikira kuchokera ku SIG cluster-lifecycle: magulu amphamvu olephera Kubernetes (kapena kunena zolondola, zodzipangira nokha HA deployments) tsopano akhoza kupangidwa kugwiritsa ntchito zodziwika bwino (mumagawo amagulu amtundu umodzi) malamulo kubeadm (init и join). Mwachidule, za izi:

• ziphaso zogwiritsidwa ntchito ndi gulu zimasamutsidwa ku zinsinsi;
• kuti mutha kugwiritsa ntchito gulu la etcd mkati mwa gulu la K8s (ie kuchotsa kudalira komwe kunalipo kale) etcd-wothandizira;
• Imalemba makonda omwe akulimbikitsidwa kuti azitha kunyamula katundu wakunja omwe amapereka kasinthidwe kololera zolakwika (m'tsogolomu akukonzekera kuthetsa kudalira uku, koma osati pakadali pano).

Zomangamanga za gulu la Kubernetes HA lopangidwa ndi kubeadm

Tsatanetsatane wa kukhazikitsa angapezeke mu malingaliro opanga. Izi zinali zoyembekezeredwa kwa nthawi yayitali: mtundu wa alpha unkayembekezeredwanso ku K8s 1.9, koma wangowonekera tsopano.

API

timu apply ndipo mochuluka kulankhula kasamalidwe ka zinthu zolengeza zadutsa kuchokera kubectl mu apiserver. Madivelopa okha kufotokoza mwachidule chisankho chawo ponena zimenezo kubectl apply - gawo lofunikira pakugwirira ntchito ndi masinthidwe ku Kubernetes, komabe, "liri lodzaza ndi nsikidzi ndipo ndizovuta kukonza," chifukwa chake magwiridwe antchitowa akuyenera kubwezeretsedwanso kukhala abwinobwino ndikusamutsira ku ndege yowongolera. Zitsanzo zosavuta komanso zomveka bwino zamavuto omwe alipo masiku ano:

Tsatanetsatane wa kukhazikitsa ali mkati KAPA. Kukonzekera kwapano ndi alpha (kukwezedwa kwa beta kwakonzedwa kuti Kubernetes atulutsidwe).

Ikupezeka mu mtundu wa alpha mwayi pogwiritsa ntchito OpenAPI v3 chiwembu cha kupanga ndi kusindikiza zolemba za OpenAPI za CustomResources (CR) yomwe imagwiritsidwa ntchito kutsimikizira (mbali ya seva) K8s zofotokozedwa ndi ogwiritsa ntchito (CustomResourceDefinition, CRD). Kusindikiza OpenAPI kwa CRD kumalola makasitomala (mwachitsanzo. kubectl) tsimikizirani mbali yanu (mkati kubectl create и kubectl apply) ndikupereka zolemba molingana ndi dongosolo (kubectl explain). Tsatanetsatane - mu KAPA.

Zipika zomwe zinalipo kale tsopano akutsegula ndi mbendera O_APPEND (koma ayi O_TRUNC) kupewa kutayika kwa zipika nthawi zina komanso kuti zitheke kudulira mitengo ndi zida zakunja zozungulira.

Komanso pankhani ya Kubernetes API, zitha kudziwika kuti mu PodSandbox и PodSandboxStatus anawonjezera munda runtime_handler kulemba zambiri za RuntimeClass mu pod (werengani zambiri za izo m'malemba a Kubernetes 1.12 kumasulidwa, pomwe kalasi iyi idawoneka ngati mtundu wa alpha), komanso mu Admission Webhooks zakhazikitsidwa kutha kudziwa kuti ndi matembenuzidwe ati AdmissionReview amathandizira. Pomaliza, malamulo a Admission Webhooks tsopano akhoza kukhala ochepa kuchuluka kwa kugwiritsidwa ntchito kwawo ndi malo a mayina ndi ma masango amagulu.

Kusungirako

PersistentLocalVolumes, yomwe inali ndi beta kuyambira pomwe idatulutsidwa K8s 1.10, adalengeza khola (GA): chipata ichi sichinayimitsidwenso ndipo chidzachotsedwa ku Kubernetes 1.17.

Mwayi pogwiritsa ntchito zosintha zachilengedwe zotchedwa Downward API (mwachitsanzo, dzina la pod) la mayina amalondo omwe ali ngati subPath, idapangidwa - mwa mawonekedwe a gawo latsopano subPathExpr, yomwe tsopano imagwiritsidwa ntchito kudziwa dzina lachikwatu chomwe mukufuna. Mbaliyi idawonekera koyamba ku Kubernetes 1.11, koma kwa 1.14 idakhalabe mumtundu wa alpha.

Monga momwe Kubernetes adatulutsidwa m'mbuyomu, zosintha zambiri zimayambitsidwa pa CSI yomwe ikukula mwachangu (Chiyankhulo Chosungira Chosungira):

CSI

Inapezeka (monga gawo la mtundu wa alpha) thandizo kusintha kwa ma voliyumu a CSI. Kuti mugwiritse ntchito, muyenera kutsegula chipata chomwe chimatchedwa ExpandCSIVolumes, komanso kukhalapo kwa chithandizo cha opaleshoniyi mu dalaivala wina wa CSI.

Chinthu china cha CSI mu mtundu wa alpha - mwayi onetsani mwachindunji (mwachitsanzo, osagwiritsa ntchito PV/PVC) ku ma voliyumu a CSI mkati mwa tsatanetsatane wa pod. Izi imachotsa lamulo loletsa kugwiritsa ntchito CSI monga kusungirako deta yakutali, kuwatsegulira zitseko za dziko ma volume a ephemeral. Kugwiritsa ntchito (chitsanzo kuchokera zolembedwa) ziyenera kuyatsidwa CSIInlineVolume chipata cha mawonekedwe.

Pakhalanso kupita patsogolo mu "zamkati" za Kubernetes zokhudzana ndi CSI, zomwe siziwoneka kwa ogwiritsa ntchito (oyang'anira dongosolo) ... old way”, mkati mwa K8s codebase (mu -tree), ndipo yachiwiri - monga gawo la CSI yatsopano. (Werengani zambiri za izo, mwachitsanzo, mu apa). Izi zimabweretsa zovuta zomveka zomwe ziyenera kuthetsedwa pomwe CSI imakhazikika. Sizingatheke kungosiya API ya mapulagini amkati (mumtengo) chifukwa cha ndondomeko yoyenera ya Kubernetes.

Zonsezi zidapangitsa kuti mtundu wa alpha ufikire kusamuka plugin kodi yamkati, yogwiritsidwa ntchito ngati mumtengo, mu mapulagini a CSI, chifukwa chake nkhawa za omanga zidzachepetsedwa kuti zithandizire mtundu umodzi wa mapulagini awo, ndipo kugwirizana ndi ma API akale kudzakhalabe ndipo akhoza kulengezedwa kuti sakugwira ntchito mofananamo. Zikuyembekezeka kuti pakutulutsidwa kotsatira kwa Kubernetes (1.15) mapulagini onse opereka mtambo adzasamutsidwa, kukhazikitsidwa kudzalandira mawonekedwe a beta ndipo kukhazikitsidwa mu kukhazikitsa kwa K8s mwachisawawa. Kuti mudziwe zambiri, onani malingaliro opanga. Kusamuka kumeneku kunachititsanso kukana kuchokera ku malire a voliyumu omwe amafotokozedwa ndi omwe amapereka mitambo (AWS, Azure, GCE, Cinder).

Kuphatikiza apo, kuthandizira kwa zida zotchinga ndi CSI (CSIBlockVolume) kusamutsidwa ku beta version.

Nodes/Kubelet

Mtundu wa Alpha waperekedwa mapeto atsopano mu Kubelet, yopangidwira bweretsani ma metric pazinthu zazikulu. Nthawi zambiri, ngati Kubelet m'mbuyomu adalandira ziwerengero zakugwiritsa ntchito chidebe kuchokera ku cAdvisor, tsopano izi zimachokera kumalo ogwiritsira ntchito chidebe kudzera pa CRI (Container Runtime Interface), koma kuyanjana kwa ntchito ndi mitundu yakale ya Docker kumasungidwanso. M'mbuyomu, ziwerengero zomwe zinasonkhanitsidwa ku Kubelet zidatumizidwa kudzera pa REST API, koma tsopano mapeto omwe ali pa /metrics/resource/v1alpha1. Njira yayitali ya opanga muli ndikuchepetsa ma metrics operekedwa ndi Kubelet. Mwa njira, ma metric awa okha tsopano akuitana osati "ma core metrics", koma "ma metrics othandizira", ndipo amafotokozedwa ngati "zinthu zoyambira, monga cpu, ndi memory".

Chochititsa chidwi kwambiri: ngakhale mwayi wowonekera bwino wa gRPC kumapeto kwake poyerekeza ndi zochitika zosiyanasiyana zogwiritsa ntchito mtundu wa Prometheus. (onani zotsatira za chimodzi mwa zizindikiro pansipa), olembawo adakonda zolemba za Prometheus chifukwa cha utsogoleri womveka bwino wa dongosolo loyang'anira m'deralo.

"gRPC sagwirizana ndi njira zazikulu zowunikira. Endpoint ingokhala yothandiza popereka ma metrics ku Metrics Server kapena zowunikira zomwe zimalumikizana nayo. Mawonekedwe amtundu wa Prometheus mukamagwiritsa ntchito caching mu Metrics Server zabwino mokwanira kuti ife tikonde Prometheus kuposa gRPC chifukwa cha kufalikira kwa Prometheus m'deralo. Mawonekedwe a OpenMetrics akakhazikika, titha kuyang'ana magwiridwe antchito a gRPC ndi mawonekedwe otengera proto."

Chimodzi mwazoyesa zofananira zogwiritsa ntchito mawonekedwe a gRPC ndi Prometheus mu Kubelet kumapeto kwa ma metrics. Ma graph ochulukirapo ndi zina zambiri zitha kupezeka mkati KAPA.

Mwa zina zosintha:

• Kubelet now (nthawi imodzi) kuyesa kuyimitsa muli m'malo osadziwika musanayambe kuyambiranso ndikuchotsa ntchito.
• Mukamagwiritsa ntchito PodPresets tsopano ku chidebe cha init anawonjezera chidziwitso chofanana ndi chotengera chokhazikika.
• kubelet anayamba kugwiritsa ntchito usageNanoCores kuchokera kwa wothandizira ziwerengero za CRI, ndi ma node ndi zotengera pa Windows anawonjezera ziwerengero zapaintaneti.
• Zambiri zamakina ogwiritsira ntchito komanso zomangamanga zalembedwa m'malebulo kubernetes.io/os и kubernetes.io/arch Zinthu za Node (zosamutsidwa kuchokera ku beta kupita ku GA).
• Kutha kufotokozera gulu linalake la ogwiritsa ntchito pazotengera mu pod (RunAsGroup, adawonekera mkati K8s 1.11) patsogolo pamaso pa beta (yothandizidwa mwachisawawa).
• du ndikupeza zomwe zimagwiritsidwa ntchito mu cAdvisor, m'malo pa Go kukhazikitsa.

CLI

Mu cli-runtime ndi kubectl anawonjezera -k mbendera kuti iphatikizidwe ndi makonda (mwa njira, chitukuko chake tsopano chikuchitika mu malo osiyana), i.e. kuti muthe kukonza mafayilo owonjezera a YAML kuchokera kuzinthu zapadera za kustomization (kuti mumve zambiri zakuwagwiritsa ntchito, onani KAPA):

Chitsanzo chosavuta kugwiritsa ntchito mafayilo makonda (kuvuta kwambiri kustomize kumatheka mkati zopondera)

Kuwonjezera apo:

• Zowonjezedwa timu yatsopano kubectl create cronjob, amene dzina lake limadzinenera lokha.
• В kubectl logs tsopano mungathe kuphatikiza mbendera -f (--follow kwa zipika zosinthira) ndi -l (--selector kwa funso la label).
• kubctl anaphunzitsa koperani mafayilo osankhidwa ndi khadi yakutchire.
• Ku timu kubectl wait anawonjezera mbendera --all kusankha zothandizira zonse mu malo a mayina a mtundu wazinthu zomwe zatchulidwa.

Zina

Maluso otsatirawa adalandira mawonekedwe okhazikika (GA):

• ReadinessGate, yogwiritsidwa ntchito mu ndondomeko ya pod kuti ifotokoze zina zowonjezera zomwe zimaganiziridwa mu kukonzekera kwa pod;
• Kuthandizira masamba akulu (chipata cha mawonekedwe otchedwa HugePages);
• CustomPodDNS;
• PriorityClass API Pod Chofunika Kwambiri & Kudziteteza.

Zosintha zina zomwe zidayambitsidwa Kubernetes 1.14:

• Mfundo zotsikirapo za RBAC sizilolanso API kupeza discovery и access-review ogwiritsa ntchito popanda kutsimikizika (zosatsimikizika).
• Thandizo lovomerezeka la CoreDNS zotsimikizika Linux kokha, chifukwa chake mukamagwiritsa ntchito kubeadm kuyiyika (CoreDNS) mgulu, ma node ayenera kuthamanga pa Linux (nodeSelectors amagwiritsidwa ntchito pazoletsa izi).
• Kusintha kofikira kwa CoreDNS kuli tsopano amagwiritsa patsogolo pulogalamu yowonjezera m'malo mwa proxy. Komanso, mu CoreDNS anawonjezera ReadinessProbe, yomwe imalepheretsa kusanjika kwa katundu pamakadi oyenera (osakonzekera kugwira ntchito).
• Mu kubeadm, pa magawo init kapena upload-certs, zinatheka kwezani ziphaso zomwe zimafunikira kuti mulumikize ndege yowongolera yatsopano ku chinsinsi cha kubeadm-certs (gwiritsani ntchito mbendera --experimental-upload-certs).
• Mtundu wa alpha wawonekera pakuyika kwa Windows thandizo gMSA (Group Managed Service Account) - maakaunti apadera mu Active Directory omwe angagwiritsidwenso ntchito ndi makontena.
• Kwa G.C.E. adamulowetsa mTLS encryption pakati etcd ndi kube-apiserver.
• Zosintha pamapulogalamu ogwiritsidwa ntchito/odalira: Pitani 1.12.1, CSI 1.1, CoreDNS 1.3.1, Docker 18.09 thandizo mu kubeadm, ndipo mtundu wocheperako wothandizidwa wa Docker API tsopano ndi 1.26.

PS

Werenganinso pa blog yathu:

• «Kubernetes 1.13: Zowonetsa zatsopano";
• «Kubernetes 1.12: Zowonetsa zatsopano";
• «Kubernetes 1.11: Zowonetsa zatsopano";
• «Kubernetes 1.10: Zowonetsa zatsopano".

Source: www.habr.com