ProHoster > Blog > Ulamuliro > Za kutchuka kwa Kubernetes

Za kutchuka kwa Kubernetes

Pa Habr!

Kumapeto kwa chilimwe, tikufuna kukukumbutsani kuti tikupitiriza kugwira ntchito pamutuwu Kubernetes ndipo adaganiza zofalitsa nkhani kuchokera ku Stackoverflow yosonyeza momwe zinthu zilili mu polojekitiyi kumayambiriro kwa June.

Za kutchuka kwa Kubernetes

Kusangalala kuwerenga!

Panthawi yolemba nkhaniyi, zaka za Kubernetes zili pafupi. zaka zisanu ndi chimodzi, ndipo pazaka ziwiri zapitazi kutchuka kwake kwakula kwambiri kotero kuti nthawi zonse kumayikidwa pakati okondedwa kwambiri nsanja. Kubernetes ali pachitatu chaka chino. Kubwerezanso: Kubernetes ndi nsanja yopangidwira kuyendetsa ndikuwongolera zolemetsa zonyamula.

Ziwiyazo zinayamba ngati kapangidwe kapadera kopezera njira zodzipatula Linuxkuyambira mu 2007, makontenawa akhala akuphatikizapo magulu, ndipo kuyambira 2002 - malo a mayina. Zotengera zidapangidwa bwino kwambiri pofika 2008, pomwe zidapezeka Mtengo wa LXC, ndipo Google idapanga njira yakeyake yamakampani yotchedwa Borg, kumene “ntchito zonse zimachitikira m’zotengera.” Kuchokera apa timafulumira kupita ku 2013, pamene kutulutsidwa koyamba kwa Docker kunachitika, ndipo zotengerazo zinakhala njira yotchuka kwambiri. Panthawiyo, chida chachikulu choyimba chidebe chinali Miyezi, ngakhale kuti sanali wotchuka kwambiri. Kubernetes idatulutsidwa koyamba mu 2015, pambuyo pake chida ichi chidakhala chodziwika bwino pantchito yoyimba chidebe.

Kuti timvetse chifukwa chake Kubernetes ndi otchuka kwambiri, tiyeni tiyese kuyankha mafunso angapo. Kodi ndi liti pamene opanga mapulogalamu adatha kuvomereza momwe angatumizire mapulogalamu kuti apange? Ndi opanga angati omwe mumawadziwa omwe amagwiritsa ntchito zida zomwe zimaperekedwa kunja kwa bokosi? Ndi angati oyang'anira mitambo alipo lero omwe samamvetsetsa momwe mapulogalamu amagwirira ntchito? Tiona mayankho a mafunso amenewa m’nkhani ino.

Zomangamanga ngati YAML

M'dziko lomwe lidachokera ku Chidole ndi Chef kupita ku Kubernetes, chimodzi mwazosintha zazikulu chinali kuchoka ku "zomangamanga monga ma code" kupita ku "zomangamanga monga deta" -makamaka, monga YAML. Zida zonse ku Kubernetes, zomwe zikuphatikiza ma pod, masanjidwe, zochitika zotumizidwa, ma voliyumu, ndi zina zambiri, zitha kufotokozedwa mosavuta mufayilo ya YAML. Mwachitsanzo:

apiVersion: v1
kind: Pod
metadata:
  name: site
  labels:
    app: web
spec:
  containers:
    - name: front-end
      image: nginx
      ports:
        - containerPort: 80

Kuwona uku kumapangitsa kuti zikhale zosavuta kwa akatswiri a DevOps kapena SRE kufotokoza mokwanira ntchito zawo popanda kulemba zilankhulo monga Python kapena Javascript.

Ubwino wina wokonzekera maziko monga ma data ndi awa:

  • GitOps kapena Git Operations Version Control. Njirayi imakupatsani mwayi wosunga mafayilo onse a Kubernetes YAML mu git repositories, kuti mutha kutsata ndendende pomwe kusintha kudachitika, ndani adapanga, ndi zomwe zidasintha. Izi zimawonjezera kuwonekera kwa ntchito m'bungwe lonse ndikuwongolera magwiridwe antchito pochotsa kusamvetsetsana, makamaka pomwe ogwira ntchito ayenera kuyang'ana zofunikira zomwe akufuna. Nthawi yomweyo, zimakhala zosavuta kuti zisinthidwe zokha kuzinthu za Kubernetes mwa kungophatikiza kukoka.
  • Scalability. Zida zikafotokozedwa kuti ndi YAML, zimakhala zosavuta kuti ogwiritsira ntchito magulu asinthe nambala imodzi kapena ziwiri muzinthu za Kubernetes, motero amasintha momwe amakulira. Kubernetes imapereka njira yosinthira ma pods mopingasa, yomwe ingagwiritsidwe ntchito kudziwa mosavuta kuchuluka kwa ma pod ndi kuchuluka kwake komwe kumafunikira pakukhazikitsidwa kwapadera kuti athe kuthana ndi kuchuluka kwa magalimoto otsika komanso okwera. Mwachitsanzo, ngati mwatumiza masinthidwe omwe amafunikira mphamvu yowonjezera chifukwa cha kuchuluka kwadzidzidzi kwa magalimoto, ndiye kuti maxReplicas ikhoza kusinthidwa kuchoka pa 10 kupita ku 20:

apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
  name: myapp
  namespace: default
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: myapp-deployment
  minReplicas: 1
  maxReplicas: 20
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 50

  • Chitetezo ndi kasamalidwe. YAML ndiyabwino kuwunika momwe zinthu zimayendera ku Kubernetes. Mwachitsanzo, vuto lalikulu lachitetezo limakhudza ngati ntchito zanu zikuyenda ngati osagwiritsa ntchito admin. Pankhaniyi, tingafunike zida monga mpikisano, YAML/JSON yovomerezeka, kuphatikiza Open Policy Agent, wotsimikizira ndondomeko kuti atsimikizire kuti nkhaniyo SecurityContext ntchito zanu sizimalola kuti chidebecho chizigwira ntchito ndi maudindo a woyang'anira. Ngati izi zikufunika, ogwiritsa ntchito angagwiritse ntchito ndondomeko yosavuta ngalande, ngati chonchi:

package main

deny[msg] {
  input.kind = "Deployment"
  not input.spec.template.spec.securityContext.runAsNonRoot = true
  msg = "Containers must not run as root"
}

  • Zosankha zophatikizira ndi wopereka mtambo. Chimodzi mwazinthu zodziwika kwambiri paukadaulo wapamwamba wamakono ndikuyendetsa ntchito zambiri paopereka anthu pamtambo. Kugwiritsa ntchito gawo mtambo-wopereka Kubernetes amalola gulu lililonse kuti liphatikizidwe ndi wopereka mtambo momwe imayendera. Mwachitsanzo, ngati wogwiritsa ntchito akugwiritsa ntchito Kubernetes pa AWS ndipo akufuna kuwulula pulogalamuyo kudzera muutumiki, wopereka mtambo amathandizira kupanga ntchitoyo. LoadBalancerzomwe zidzangopereka zolemetsa zolemetsa Amazon Elastic Load Balancerkuwongolera kuchuluka kwa magalimoto kumapulogalamu ogwiritsira ntchito.

Kukulitsa

Kubernetes ndiwowonjezereka kwambiri ndipo opanga amaukonda. Pali zida zomwe zilipo monga ma pods, deployments, StatefulSets, zinsinsi, ConfigMaps, ndi zina. Zowona, ogwiritsa ntchito ndi opanga amatha kuwonjezera zinthu zina mu mawonekedwe matanthauzo gwero mwambo.

Mwachitsanzo, ngati tikufuna kufotokozera gwero CronTab, ndiye mutha kuchita izi:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: crontabs.my.org
spec:
  group: my.org
  versions:
    - name: v1
      served: true
      storage: true
      Schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                cronSpec:
                  type: string
                  pattern: '^(d+|*)(/d+)?(s+(d+|*)(/d+)?){4}$'
                replicas:
                  type: integer
                  minimum: 1
                  maximum: 10
  scope: Namespaced
  names:
    plural: crontabs
    singular: crontab
    kind: CronTab
    shortNames:
    - ct

Pambuyo pake titha kupanga chida cha CronTab chonga ichi:

apiVersion: "my.org/v1"
kind: CronTab
metadata:
  name: my-cron-object
spec:
  cronSpec: "* * * * */5"
  image: my-cron-image
  replicas: 5

Njira ina yowonjezera ku Kubernetes ndikuti wopanga akhoza kulemba zomwe akunena. Woyendetsa ndi njira yapadera mu gulu la Kubernetes lomwe limagwira ntchito molingana ndi "control circuit" Mothandizidwa ndi wogwiritsa ntchito, wogwiritsa ntchito amatha kusintha kasamalidwe ka ma CRD (matanthauzidwe azinthu zamwambo) posinthana zambiri ndi Kubernetes API.

Pali zida zingapo m'deralo zomwe zimapangitsa kuti zikhale zosavuta kuti opanga adzipangire okha ogwira ntchito. Mwa iwo - Opaleshoni Framework ndi ake Othandizira SDK. SDK iyi imapereka maziko omwe wopanga atha kuyamba kupanga opareshoni. Tiyerekeze kuti mutha kuyamba kuchokera pamzere wolamula motere:

$ operator-sdk new my-operator --repo github.com/myuser/my-operator

Izi zimapanga khodi yonse ya boilerplate ya woyendetsa wanu, kuphatikiza mafayilo a YAML ndi Golang code:

.
|____cmd
| |____manager
| | |____main.go
|____go.mod
|____deploy
| |____role.yaml
| |____role_binding.yaml
| |____service_account.yaml
| |____operator.yaml
|____tools.go
|____go.sum
|____.gitignore
|____version
| |____version.go
|____build
| |____bin
| | |____user_setup
| | |____entrypoint
| |____Dockerfile
|____pkg
| |____apis
| | |____apis.go
| |____controller
| | |____controller.go

Kenako mutha kuwonjezera ma API ndi owongolera, monga chonchi:

$ operator-sdk add api --api-version=myapp.com/v1alpha1 --kind=MyAppService

$ operator-sdk add controller --api-version=myapp.com/v1alpha1 --kind=MyAppService

Kenako, pomaliza, sonkhanitsani wogwiritsa ntchitoyo ndikutumiza ku registry ya chidebe chanu:

$ operator-sdk build your.container.registry/youruser/myapp-operator

Ngati wopangayo akufuna kuwongolera kwambiri, nambala ya boilerplate mu mafayilo a Go itha kusinthidwa. Mwachitsanzo, kuti musinthe zenizeni za wowongolera, mutha kusintha mafayilo controller.go.

Ntchito ina KULIKONSE, imakupatsani mwayi wopanga ziganizo pogwiritsa ntchito mafayilo olengeza a YAML okha. Mwachitsanzo, wogwiritsa ntchito Apache Kafka angatanthauzidwe pafupifupi kotero. Ndi iyo, mutha kukhazikitsa gulu la Kafka pamwamba pa Kubernetes ndi malamulo angapo:

$ kubectl kudo install zookeeper
$ kubectl kudo install kafka

Kenako konzani ndi lamulo lina:

$ kubectl kudo install kafka --instance=my-kafka-name 
            -p ZOOKEEPER_URI=zk-zookeeper-0.zk-hs:2181 
            -p ZOOKEEPER_PATH=/my-path -p BROKER_CPUS=3000m 
            -p BROKER_COUNT=5 -p BROKER_MEM=4096m 
            -p DISK_SIZE=40Gi -p MIN_INSYNC_REPLICAS=3 
            -p NUM_NETWORK_THREADS=10 -p NUM_IO_THREADS=20

Kubweretsa

Pazaka zingapo zapitazi, zotulutsa zazikulu za Kubernetes zakhala zikutuluka miyezi ingapo iliyonse - ndiye kuti, zotulutsa zazikulu zitatu kapena zinayi pachaka. Kuchuluka kwa zinthu zatsopano zomwe zimayambitsidwa mu chilichonse mwazo sikuchepa. Komanso, palibe zizindikiro zochepetsera ngakhale mu nthawi zovuta zino - yang'anani momwe zinthu zilili tsopano Ntchito ya Kubernetes pa Github.

Kuthekera kwatsopano kumakupatsani mwayi wophatikiza magwiridwe antchito mosiyanasiyana pantchito zosiyanasiyana. Kuphatikiza apo, opanga mapulogalamu amasangalala ndi kuwongolera kwakukulu akamatumiza mapulogalamu mwachindunji pakupanga.

Anthu

Chinanso chachikulu pakutchuka kwa Kubernetes ndi mphamvu ya anthu amdera lawo. Mu 2015, atafika mtundu 1.0, Kubernetes adathandizidwa ndi Cloud Native Computing Foundation.

Palinso madera osiyanasiyana SIG (Magulu Achidwi Apadera) adayang'ana kugwira ntchito kumadera osiyanasiyana a Kubernetes momwe polojekiti ikuyendera. Maguluwa akuwonjezera zatsopano nthawi zonse, kupangitsa kugwira ntchito ndi Kubernetes kukhala kosavuta komanso kosavuta.

Cloud Native Foundation imakhalanso ndi CloudNativeCon/KubeCon, yomwe, panthawi yolemba, ndi msonkhano waukulu kwambiri padziko lonse lapansi. Zomwe zimachitika katatu pachaka, zimabweretsa akatswiri masauzande ambiri omwe akufuna kukonza Kubernetes ndi chilengedwe chake, komanso kuphunzira zatsopano zomwe zimawoneka miyezi itatu iliyonse.

Komanso, Cloud Native Foundation ili ndi Komiti Yoyang'anira zaukadaulo, omwe, pamodzi ndi ma SIG, amawunikira zatsopano ndi zomwe zilipo ntchito ndalama zomwe zimayang'ana pamtambo wachilengedwe. Zambiri mwazinthuzi zimathandizira kukonza mphamvu za Kubernetes.

Pomaliza, ndikukhulupirira kuti Kubernetes sangakhale wopambana monga momwe zilili popanda khama la gulu lonse, pomwe anthu amakhala limodzi koma nthawi yomweyo amalandila obwera kumene mu khola.

Zamtsogolo

Chimodzi mwazovuta zazikulu zomwe omanga adzayenera kuthana nazo m'tsogolomu ndikutha kuyang'ana tsatanetsatane wa kachidindo komweko, osati pazomangamanga zomwe zimayendera. Zimakumana ndi izi paradigm yomanga yopanda seva, yomwe ndi imodzi mwa atsogoleri masiku ano. Zomangamanga zapamwamba zilipo kale, mwachitsanzo. Wosintha и OpenFaas, yomwe imagwiritsa ntchito Kubernetes kuti iwononge zomangamanga kuchokera kwa wopanga.

M'nkhaniyi, tangoyang'ana momwe Kubernetes alili pano - ndiye kuti ndi nsonga chabe ya madzi oundana. Ogwiritsa ntchito a Kubernetes ali ndi zina zambiri, kuthekera, ndi masinthidwe omwe ali nawo.

Source: www.habr.com

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster