Kumasulira kwa nkhaniyi kunakonzedwa madzulo a chiyambi cha maphunziro .
Ngati mukuwerenga izi, mwina mwamvapo za Kubernetes (ndipo ngati sichoncho, munafika bwanji kuno?) Koma kodi Kubernetes ndi chiyani kwenikweni? Izi ? Kapena ? Kodi izi zikutanthauza chiyani?
Kunena zowona, sindiri wotsimikiza 100%. Koma ndikuganiza kuti ndizosangalatsa kukumba zamkati ndikuwona zomwe zikuchitika ku Kubernetes pansi pazigawo zake zambiri. Chifukwa chake kungosangalala, tiyeni tiwone momwe gulu laling'ono la "Kubernetes" limawonekera. (Izi zidzakhala zosavuta kuposa .)
Ndikuganiza kuti mumadziwa zambiri za Kubernetes, Linux, ndi zotengera. Chilichonse chomwe tikukamba pano ndi cha kafukufuku/zolinga zophunzirira zokha, osayika chilichonse pakupanga!
mwachidule
Kubernetes ili ndi zigawo zambiri. Malinga ndi , zomangamanga zimawoneka motere:
Pali zigawo zisanu ndi zitatu zomwe zikuwonetsedwa pano, koma sitinyalanyaza zambiri. Ndikufuna kunena kuti chinthu chochepa chomwe chitha kutchedwa Kubernetes chili ndi zigawo zitatu zazikulu:
- cubelet
- kube-apiserver (zomwe zimatengera etcd - database yake)
- nthawi yogwiritsira ntchito chidebe (Docker pakadali pano)
Tiyeni tiwone zomwe zolembedwazo zimanena za aliyense wa iwo (., .). Poyamba cubelet:
Wothandizira akuyenda pa mfundo iliyonse pagulu. Zimatsimikizira kuti zotengera zikuyenda mu pod.
Zikumveka zosavuta mokwanira. Nanga bwanji nthawi ya kontena (chotengera nthawi yothamanga)?
Kuthamanga kwa chidebe ndi pulogalamu yopangidwa kuti iziyendetsa zotengera.
Zodziwitsa kwambiri. Koma ngati mumadziwa Docker, ndiye kuti muyenera kukhala ndi lingaliro lazomwe amachita. (Zambiri zakulekanitsidwa kwa maudindo pakati pa nthawi yoyendetsera chidebe ndi kubelet ndizowoneka bwino ndipo sindilowa nazo pano.)
Π API seva?
API Server ndi gawo lowongolera la Kubernetes lomwe limawululira Kubernetes API. Seva ya API ndiye gawo la kasitomala la gulu lowongolera la Kubernetes
Aliyense amene adachitapo chilichonse ndi Kubernetes adalumikizana ndi API mwachindunji kapena kudzera kubectl. Uwu ndiye mtima wa zomwe zimapangitsa Kubernetes Kubernetes - ubongo womwe umasintha mapiri a YAML omwe tonse timawadziwa komanso kuwakonda (?) kukhala maziko ogwirira ntchito. Zikuwoneka zodziwikiratu kuti API iyenera kupezeka pamasinthidwe athu ochepa.
Zowonongeka
- Makina enieni a Linux kapena akuthupi okhala ndi mizu (ndikugwiritsa ntchito Ubuntu 18.04 pamakina enieni).
- Ndipo ndizo zonse!
Wotopetsa unsembe
Tiyenera kukhazikitsa Docker pamakina omwe tidzagwiritse ntchito. (Sindifotokoza mwatsatanetsatane momwe Docker ndi zotengera zimagwirira ntchito; ngati mukufuna, pali ). Tiyeni tingoyiyika nayo apt:
$ sudo apt install docker.io
$ sudo systemctl start docker
Pambuyo pake, tifunika kupeza ma binaries a Kubernetes. M'malo mwake, pakuyambitsa koyambirira kwa "cluster" yathu timangofunikira kubelet, popeza kuyendetsa zigawo zina za seva zomwe tingagwiritse ntchito kubelet. Kuti tigwirizane ndi gulu lathu litatha, tidzagwiritsanso ntchito kubectl.
$ curl -L https://dl.k8s.io/v1.18.5/kubernetes-server-linux-amd64.tar.gz > server.tar.gz
$ tar xzvf server.tar.gz
$ cp kubernetes/server/bin/kubelet .
$ cp kubernetes/server/bin/kubectl .
$ ./kubelet --version
Kubernetes v1.18.5
Chimachitika ndi chiyani tikangothamanga kubelet?
$ ./kubelet
F0609 04:03:29.105194 4583 server.go:254] mkdir /var/lib/kubelet: permission denied
kubelet iyenera kuyenda ngati mizu. Zomveka bwino, chifukwa amayenera kuyang'anira node yonse. Tiyeni tiwone magawo ake:
$ ./kubelet -h
<ΡΠ»ΠΈΡΠΊΠΎΠΌ ΠΌΠ½ΠΎΠ³ΠΎ ΡΡΡΠΎΠΊ, ΡΡΠΎΠ±Ρ ΡΠ°Π·ΠΌΠ΅ΡΡΠΈΡΡ Π·Π΄Π΅ΡΡ>
$ ./kubelet -h | wc -l
284Wow, zosankha zambiri! Mwamwayi, timangofunikira angapo a iwo. Nayi imodzi mwamagawo omwe timakonda:
--pod-manifest-path stringNjira yopita ku chikwatu chomwe chili ndi mafayilo a static pods, kapena njira yopita ku fayilo yofotokoza ma static pod. Mafayilo oyambira ndi madontho sanyalanyazidwa. (KUSINTHA: Njira iyi iyenera kukhazikitsidwa mufayilo yosinthira yomwe idaperekedwa ku Kubelet kudzera pa --config. Kuti mudziwe zambiri, onani .)
Njirayi imatithandiza kuthamanga - ma pod omwe samayendetsedwa kudzera pa Kubernetes API. Madontho osasunthika sagwiritsidwa ntchito kawirikawiri, koma ndi osavuta kukweza gulu mwachangu, ndipo izi ndi zomwe timafunikira. Tidzanyalanyaza chenjezo lalikululi (kachiwiri, musayendetse izi popanga!)
Choyamba tipanga chikwatu cha ma static pods ndikuyendetsa kubelet:
$ mkdir pods
$ sudo ./kubelet --pod-manifest-path=podsKenako, pawindo lina/tmux/chilichonse, tidzapanga chiwonetsero cha pod:
$ cat <<EOF > pods/hello.yaml
apiVersion: v1
kind: Pod
metadata:
name: hello
spec:
containers:
- image: busybox
name: hello
command: ["echo", "hello world!"]
EOF
kubelet amayamba kulemba machenjezo ndipo zikuwoneka ngati palibe chomwe chikuchitika. Koma zimenezo si zoona! Tiyeni tiwone Docker:
$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8c8a35e26663 busybox "echo 'hello world!'" 36 seconds ago Exited (0) 36 seconds ago k8s_hello_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_4
68f670c3c85f k8s.gcr.io/pause:3.2 "/pause" 2 minutes ago Up 2 minutes k8s_POD_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_0
$ sudo docker logs k8s_hello_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_4
hello world!
kubelet Ndidawerenga chiwonetsero cha pod ndikupatsa a Docker kuti akhazikitse zotengera zingapo malinga ndi zomwe tikufuna. (Ngati mukuganiza za chidebe cha "pause", ndi Kubernetes kuthyolako - onani .) Kubelela kulakonzya kutugwasya busybox ndi lamulo lotchulidwa ndipo adzayambitsanso mpaka kalekale mpaka static pod ichotsedwa.
Dziyamikireni nokha. Tangobwera ndi imodzi mwa njira zosokoneza kwambiri zotulutsira mawu ku terminal!
Launch etcd
Cholinga chathu chachikulu ndikuyendetsa Kubernetes API, koma kuti tichite zimenezo choyamba tiyenera kuthamanga . Tiyeni tiyambe gulu laling'ono la etcd poyika zoikamo zake mu bukhu la pods (mwachitsanzo, pods/etcd.yaml):
apiVersion: v1
kind: Pod
metadata:
name: etcd
namespace: kube-system
spec:
containers:
- name: etcd
command:
- etcd
- --data-dir=/var/lib/etcd
image: k8s.gcr.io/etcd:3.4.3-0
volumeMounts:
- mountPath: /var/lib/etcd
name: etcd-data
hostNetwork: true
volumes:
- hostPath:
path: /var/lib/etcd
type: DirectoryOrCreate
name: etcd-dataNgati mudagwirapo ntchito ndi Kubernetes, mafayilo awa a YAML ayenera kukhala odziwika kwa inu. Pali mfundo ziwiri zokha zofunika kuziganizira apa:
Tayika chikwatu chokhazikitsa /var/lib/etcd mu pod kuti deta ya etcd isungidwe pambuyo poyambitsanso (ngati izi sizinachitike, gulu lamagulu lidzachotsedwa nthawi iliyonse pod ikayambiranso, zomwe sizingakhale zabwino ngakhale kukhazikitsa Kubernetes kochepa).
Tayika hostNetwork: true. Kukhazikitsa uku, mosadabwitsa, kumakonza etcd kuti agwiritse ntchito netiweki yolandila m'malo mwa netiweki yamkati ya pod (izi zipangitsa kuti seva ya API ikhale yosavuta kupeza gulu la etcd).
Cheke chosavuta chikuwonetsa kuti etcd ikuyendadi pa localhost ndikusunga deta ku disk:
$ curl localhost:2379/version
{"etcdserver":"3.4.3","etcdcluster":"3.4.0"}
$ sudo tree /var/lib/etcd/
/var/lib/etcd/
βββ member
βββ snap
β βββ db
βββ wal
βββ 0.tmp
βββ 0000000000000000-0000000000000000.walKuyambitsa seva ya API
Kuyendetsa seva ya Kubernetes API ndikosavuta. Parameter yokhayo yomwe ikufunika kudutsa ndi --etcd-servers, amachita zomwe mukuyembekezera:
apiVersion: v1
kind: Pod
metadata:
name: kube-apiserver
namespace: kube-system
spec:
containers:
- name: kube-apiserver
command:
- kube-apiserver
- --etcd-servers=http://127.0.0.1:2379
image: k8s.gcr.io/kube-apiserver:v1.18.5
hostNetwork: true
Ikani fayilo ya YAML iyi m'ndandanda pods, ndipo seva ya API iyamba. Kufufuza ndi curl ikuwonetsa kuti Kubernetes API ikumvera pa doko 8080 ndi mwayi wotseguka - palibe kutsimikizika kofunikira!
$ curl localhost:8080/healthz
ok
$ curl localhost:8080/api/v1/pods
{
"kind": "PodList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/pods",
"resourceVersion": "59"
},
"items": []
}(Kachiwiri, musamayendetse izi popanga! Ndinadabwitsidwa pang'ono kuti zosintha zosasinthika ndizosatetezeka. Koma ndikuganiza kuti izi ndikupangitsa chitukuko ndi kuyesa kukhala kosavuta.)
Ndipo, modabwitsa, kubectl imagwira ntchito m'bokosi popanda zina zowonjezera!
$ ./kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:47:41Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:39:24Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
$ ./kubectl get pod
No resources found in default namespace.vuto
Koma ngati mukumba mozama, chinachake chikuwoneka kuti sichikuyenda bwino:
$ ./kubectl get pod -n kube-system
No resources found in kube-system namespace.Ma static pod omwe tidapanga apita! M'malo mwake, node yathu ya kubelet sinapezeke konse:
$ ./kubectl get nodes
No resources found in default namespace.Vuto ndi chiyani? Ngati mukukumbukira ndime zingapo zapitazo, tidayambitsa kubelet ndi magawo osavuta kwambiri a mzere wamalamulo, kotero kubelet sadziwa kulumikizana ndi seva ya API ndikudziwitsa za momwe akukhalira. Titaphunzira zolembedwazo, timapeza mbendera yofananira:
--kubeconfig string
Njira yopita ku fayilo kubeconfig, yomwe imalongosola momwe mungalumikizire ku seva ya API. Kupezeka --kubeconfig imathandizira mawonekedwe a seva ya API, ayi --kubeconfig imathandizira mawonekedwe akunja.
Nthawi yonseyi, osadziwa, timayendetsa kubelet mu "offline mode." (Tikadakhala oyenda, titha kuganiza za kubelet yoyima ngati "Kubernetes yocheperako", koma zingakhale zotopetsa). Kuti kasinthidwe "zenizeni" agwire ntchito, tifunika kupatsira fayilo ya kubeconfig ku kubelet kuti idziwe kulankhula ndi seva ya API. Mwamwayi ndizosavuta (popeza tilibe kutsimikizika kapena zovuta za satifiketi):
apiVersion: v1
kind: Config
clusters:
- cluster:
server: http://127.0.0.1:8080
name: mink8s
contexts:
- context:
cluster: mink8s
name: mink8s
current-context: mink8s
Sungani izi ngati kubeconfig.yaml, kupha ndondomeko kubelet ndikuyambanso ndi magawo ofunikira:
$ sudo ./kubelet --pod-manifest-path=pods --kubeconfig=kubeconfig.yaml(Mwa njira, ngati mutayesa kupeza API kudzera mu curl pamene kubelet sikuyenda, mudzapeza kuti ikugwirabe ntchito! Kubelet si "kholo" la ma pod ake ngati Docker, ali ngati "control daemon.β Mitsuko yoyendetsedwa ndi kubelet idzapitilirabe mpaka kubelet itayimitsa.)
Mumphindi zochepa kubectl Ayenera kutiwonetsa makoko ndi mfundo monga tikuyembekezera:
$ ./kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default hello-mink8s 0/1 CrashLoopBackOff 261 21h
kube-system etcd-mink8s 1/1 Running 0 21h
kube-system kube-apiserver-mink8s 1/1 Running 0 21h
$ ./kubectl get nodes -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
mink8s Ready <none> 21h v1.18.5 10.70.10.228 <none> Ubuntu 18.04.4 LTS 4.15.0-109-generic docker://19.3.6Tiyeni tidziyamike nthawi ino (ndikudziwa kuti ndadziyamikira kale) - tili ndi "gulu" lochepa la Kubernetes lomwe likuyenda ndi API yogwira ntchito mokwanira!
Timayamba pansi
Tsopano tiyeni tiwone zomwe API imatha. Tiyeni tiyambe ndi nginx pod:
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: nginx
name: nginxApa tikupeza cholakwika chochititsa chidwi:
$ ./kubectl apply -f nginx.yaml
Error from server (Forbidden): error when creating "nginx.yaml": pods "nginx" is
forbidden: error looking up service account default/default: serviceaccount
"default" not found
$ ./kubectl get serviceaccounts
No resources found in default namespace.Apa tikuwona momwe chilengedwe chathu cha Kubernetes sichinakwaniritsire - tilibe akaunti zantchito. Tiyeni tiyesenso popanga pawokha akaunti yantchito ndikuwona zomwe zimachitika:
$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: default
EOS
serviceaccount/default created
$ ./kubectl apply -f nginx.yaml
Error from server (ServerTimeout): error when creating "nginx.yaml": No API
token found for service account "default", retry after the token is
automatically created and added to the service accountNgakhale titapanga akaunti yautumiki pamanja, chizindikiro chotsimikizika sichimapangidwa. Pamene tikupitiliza kuyesa "gulu" lathu la minimalistic, tipeza kuti zinthu zambiri zothandiza zomwe zimachitika zokha sizikhala zikusoweka. Seva ya Kubernetes API ndi yocheperako kwambiri, ndikukweza kolemetsa komanso kusinthika kwadzidzidzi kumachitika mwa owongolera osiyanasiyana ndi ntchito zakumbuyo zomwe sizikuyendabe.
Titha kuthana ndi vutoli pokhazikitsa njira automountServiceAccountToken pa akaunti yautumiki (popeza sitidzayenera kuigwiritsa ntchito):
$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: default
automountServiceAccountToken: false
EOS
serviceaccount/default configured
$ ./kubectl apply -f nginx.yaml
pod/nginx created
$ ./kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 0/1 Pending 0 13mPomaliza, chithunzichi chawonekera! Koma kwenikweni siziyamba chifukwa tilibe (scheduler) ndi gawo lina lofunikira la Kubernetes. Apanso, tikuwona kuti Kubernetes API ndi "osayankhula" modabwitsa - mukapanga Pod mu API, imalembetsa, koma samayesa kudziwa kuti ndi node yanji yoyendetsa.
M'malo mwake, simusowa wokonza kuti ayendetse pod. Mutha kuwonjezera pamanja node ku chiwonetsero chazithunzi nodeName:
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: nginx
name: nginx
nodeName: mink8s
(Sinthani mink8s ku dzina la node.) Mukachotsa ndikuyika, tikuwona kuti nginx yayamba ndipo ikumvetsera adilesi ya IP yamkati:
$ ./kubectl delete pod nginx
pod "nginx" deleted
$ ./kubectl apply -f nginx.yaml
pod/nginx created
$ ./kubectl get pods -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 30s 172.17.0.2 mink8s <none> <none>
$ curl -s 172.17.0.2 | head -4
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>Kuti muwonetsetse kuti maukonde pakati pa ma pod akugwira ntchito moyenera, titha kuyendetsa ma curl kuchokera ku pod ina:
$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: curl
spec:
containers:
- image: curlimages/curl
name: curl
command: ["curl", "172.17.0.2"]
nodeName: mink8s
EOS
pod/curl created
$ ./kubectl logs curl | head -6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>Ndizosangalatsa kukumba m'malo awa ndikuwona zomwe zimagwira ntchito ndi zomwe sizikuyenda. Ndinapeza kuti ConfigMap ndi Chinsinsi zimagwira ntchito monga momwe zimayembekezeredwa, koma Service ndi Deployment sizitero.
Kupambana!
Cholembachi chikutalika, kotero ndilengeza chipambano ndikunena kuti uku ndikusintha koyenera komwe kumatha kutchedwa "Kubernetes".Kufotokozera mwachidule: ma binaries anayi, magawo asanu a mzere wamalamulo ndi "okha" mizere 45 ya YAML (osati kwambiri ndi Kubernetes) ndipo tili ndi zinthu zingapo zomwe zikugwira ntchito:
- Ma Pods amayendetsedwa pogwiritsa ntchito Kubernetes API yokhazikika (yokhala ndi ma hacks ochepa)
- Mutha kukweza ndi kukonza zithunzi zokhala ndi anthu ambiri
- Ma Pod amakhalabe amoyo ndikuyambiranso
- Kulumikizana pakati pa ma pod mkati mwa node yomweyo kumagwira ntchito bwino
- ConfigMap, Chinsinsi ndi ntchito yosavuta yosungiramo momwe amayembekezera
Koma zambiri zomwe zimapangitsa Kubernetes kukhala zothandiza zikusowabe, monga:
- Pod Scheduler
- Kutsimikizira / chilolezo
- Manode angapo
- Network of services
- Magulu amkati a DNS
- Owongolera maakaunti a ntchito, kutumiza, kuphatikiza ndi opereka mtambo ndi zina zambiri zomwe Kubernetes amabweretsa
Ndiye tinapeza chiyani kwenikweni? Kubernetes API, ikuyenda yokha, ndi nsanja chabe chotengera chochita zokha. Sichichita zambiri - ndi ntchito kwa owongolera osiyanasiyana ndi ogwiritsa ntchito API - koma imapereka malo okhazikika opangira zokha.
Werengani zambiri:
Source: www.habr.com