Pulogalamu ya ProHoster > Blog > Ulamuliro > Asanu amaphonya potumiza pulogalamu yoyamba pa Kubernetes

Asanu amaphonya potumiza pulogalamu yoyamba pa Kubernetes

Asanu amaphonya potumiza pulogalamu yoyamba pa KubernetesKulephera ndi Aris-Dreamer

Anthu ambiri amakhulupirira kuti ndikokwanira kusamukira ku Kubernetes (mwina pogwiritsa ntchito Helm kapena pamanja) ndipo adzakhala osangalala. Koma sizophweka.

timu Mail.ru Cloud Solutions adamasulira nkhani ya injiniya wa DevOps Julian Gindi. Amagawana misampha yomwe kampani yake idakumana nayo panthawi yakusamuka kuti musayende panjira yomweyo.

Khwerero XNUMX: Kukhazikitsa Zopempha za Pod ndi Malire

Tiyeni tiyambe ndi kukhazikitsa malo oyera omwe pods zathu zidzathamanga. Kubernetes amagwira ntchito yabwino yokonza ma pods ndikuwongolera zovuta. Koma zidapezeka kuti wokonza mapulani nthawi zina sangathe kuyika poto ngati kuli kovuta kuwerengera kuchuluka kwazinthu zomwe zikufunika kuti zigwire bwino ntchito. Apa ndi pamene zopempha zothandizira ndi malire zimabwera. Pali zotsutsana zambiri za njira yabwino yokhazikitsira zopempha ndi malire. Nthawi zina zimamveka ngati zaluso kwambiri kuposa sayansi. Nayi njira yathu.

Zopempha za Pod - Uwu ndiye mtengo waukulu wogwiritsidwa ntchito ndi wokonza kuti akhazikitse bwino pod.

Kuchokera Kubernetes zolemba: Gawo losefera limatsimikizira magawo omwe pod ingakonzedwe. Mwachitsanzo, fyuluta ya PodFitsResources imayang'ana ngati node ili ndi zothandizira zokwanira kukwaniritsa zopempha za pod.

Timagwiritsa ntchito zopempha kuti zigwiritsidwe ntchito kuyerekezera ndi zinthu zingati ndipotu Pulogalamuyo imafunikira kuti igwire bwino ntchito. Mwanjira iyi wokonza mapulani amatha kuyika mfundo zenizeni. Poyamba tinkafuna kuyika zopempha ndi malire kuti tiwonetsetse kuti pod iliyonse ili ndi zinthu zambiri zokwanira, koma tidawona kuti nthawi yokonzekera ikuwonjezeka kwambiri ndipo ma pods ena sanakonzedwe bwino, ngati kuti palibe zopempha zomwe zidalandiridwa.

Pachifukwa ichi, wokonza ndondomekoyo nthawi zambiri amakankhira ma pods ndikulephera kuwasintha chifukwa ndege yoyendetsa ndegeyo sankadziwa kuchuluka kwa zinthu zomwe ntchitoyo ingafune, chigawo chachikulu cha ndondomeko ya ndondomeko.

Malire a Pod - ichi ndi malire omveka bwino a pod. Imayimira kuchuluka kwazinthu zomwe gulu lingapereke ku chidebe.

Apanso, kuchokera zolemba zovomerezeka: Ngati chidebe chili ndi malire a 4 GiB kukumbukira, ndiye kubelet (ndi nthawi yoyendetsa chidebe) adzaukakamiza. Nthawi yogwiritsira ntchito sikulola kuti chidebecho chigwiritse ntchito mopitilira malire omwe aperekedwa. Mwachitsanzo, pamene ndondomeko mu chidebe ikuyesera kugwiritsa ntchito zambiri kuposa zomwe zimaloledwa kukumbukira, kernel imathetsa ndondomekoyi ndi cholakwika cha "out of memory" (OOM).

Chidebe chimatha kugwiritsa ntchito zinthu zambiri kuposa zomwe zafotokozedwera, koma sichingagwiritse ntchito zochulukirapo kuposa zomwe zatchulidwa pamalire. Mtengo uwu ndi wovuta kuyika bwino, koma ndi wofunika kwambiri.

Momwemo, tikufuna kuti zofunikira za pod zisinthe pa moyo wa ndondomeko popanda kusokoneza njira zina mu dongosolo-ndicho cholinga chokhazikitsa malire.

Tsoka ilo, sindingathe kupereka malangizo enieni pazomwe tikuyenera kukhazikitsa, koma ife tokha timatsatira malamulo awa:

  1. Pogwiritsa ntchito chida choyezera katundu, timatengera kuchuluka kwa magalimoto ndikuyang'anira kagwiritsidwe ntchito ka zinthu zapod (zokumbukira ndi purosesa).
  2. Timayika zopempha za pod kukhala zotsika kwambiri (zokhala ndi malire a nthawi pafupifupi 5 mtengo wa zopemphazo) ndikuwona. Zopempha zikachepa kwambiri, ntchitoyi singayambe, zomwe nthawi zambiri zimayambitsa zolakwika za Go runtime.

Dziwani kuti malire apamwamba amapangitsa kuti ndandanda ikhale yovuta kwambiri chifukwa pod imafuna malo omwe ali ndi zinthu zokwanira.

Ingoganizirani momwe muli ndi seva yapaintaneti yopepuka yokhala ndi malire apamwamba kwambiri, nenani 4 GB ya kukumbukira. Njirayi iyenera kukulirakulira mopingasa, ndipo gawo lililonse latsopano liyenera kukonzedwa pa node yokhala ndi kukumbukira osachepera 4 GB. Ngati palibe node yotereyi, gululo liyenera kuyambitsa node yatsopano kuti igwire ntchitoyo, zomwe zingatenge nthawi. Ndikofunika kusunga kusiyana pakati pa zopempha zothandizira ndi malire kuti zikhale zochepa kuti zitsimikizidwe mofulumira komanso zosalala.

Khwerero XNUMX: khazikitsani mayeso a Liveness ndi Readiness

Uwu ndi mutu wina wobisika womwe umakambidwa nthawi zambiri mdera la Kubernetes. Ndikofunika kumvetsetsa bwino mayeso a Liveness and Readiness popeza amapereka njira yoti mapulogalamu aziyenda bwino komanso kuchepetsa nthawi yopuma. Komabe, zitha kuyambitsa kugunda kwakukulu pakugwiritsa ntchito kwanu ngati sikunakonzedwe bwino. Pansipa pali chidule cha zomwe zitsanzo zonsezi zilili.

Moyo kuwonetsa ngati chidebe chikuyenda. Ngati sichikanika, kubelet imapha chidebecho ndipo ndondomeko yoyambitsanso imathandizidwa. Ngati chidebecho sichikhala ndi kafukufuku wa Liveness, ndiye kuti kusakhazikika kudzakhala bwino - izi ndi zomwe akunena mu Kubernetes zolemba.

Zofufuza za moyo ziyenera kukhala zotsika mtengo, kutanthauza kuti zisawononge zinthu zambiri, chifukwa zimathamanga pafupipafupi ndipo zimayenera kudziwitsa Kubernetes kuti pulogalamuyi ikugwira ntchito.

Ngati muyika njira yoyendetsera sekondi iliyonse, izi zidzawonjezera pempho la 1 pamphindikati, kotero dziwani kuti zowonjezera zidzafunika kuthana ndi magalimotowa.

Pakampani yathu, kuyesa kwa Liveness kumayang'ana zigawo zikuluzikulu za pulogalamuyo, ngakhale deta (mwachitsanzo, kuchokera ku database yakutali kapena cache) siyikupezeka.

Takonza mapulogalamuwa ndi mapeto a "thanzi" omwe amangobweza kachidindo ka 200. Ichi ndi chisonyezero chakuti ndondomekoyi ikugwira ntchito ndipo imatha kukonza zopempha (koma osati magalimoto).

Zitsanzo Kukonzekera zikuwonetsa ngati chotengeracho chakonzeka kupereka zopempha. Ngati kafukufuku wokonzekera alephera, woyang'anira mapeto amachotsa adilesi ya IP ya pod kumapeto kwa ntchito zonse zogwirizana ndi pod. Izi zanenedwanso mu zolemba za Kubernetes.

Ma probe okonzekera amadya zinthu zambiri chifukwa ziyenera kutumizidwa kumbuyo m'njira yosonyeza kuti ntchitoyo ndi yokonzeka kuvomera zopempha.

Pali mikangano yambiri m'deralo ponena za kupeza malo osungirako zinthu mwachindunji. Poganizira zamutu (macheke amachitidwa pafupipafupi, koma amatha kusinthidwa), tidaganiza kuti pazinthu zina, kukonzekera kutumiza magalimoto kumangowerengedwa pambuyo potsimikizira kuti zolemba zimabwezedwa kuchokera ku database. Mayesero okonzekera okonzekera bwino adatsimikizira kupezeka kwapamwamba ndikuchotsa nthawi yopuma panthawi yotumizidwa.

Ngati mwaganiza zofunsanso database kuti muyese kukonzekera kwa pulogalamu yanu, onetsetsani kuti ndiyotsika mtengo momwe mungathere. Tiyeni titenge pempho ili:

SELECT small_item FROM table LIMIT 1

Nachi chitsanzo cha momwe timasinthira zikhalidwe ziwirizi ku Kubernetes:

livenessProbe: 
 httpGet:   
   path: /api/liveness    
   port: http 
readinessProbe:  
 httpGet:    
   path: /api/readiness    
   port: http  periodSeconds: 2

Mutha kuwonjezera zina zosintha:

  • initialDelaySeconds - masekondi angati adzadutsa pakati pa kukhazikitsidwa kwa chidebe ndi kuyamba kwa zitsanzo.
  • periodSeconds - nthawi yodikira pakati pa zitsanzo zothamanga.
  • timeoutSeconds - chiwerengero cha masekondi pambuyo pake unit imatengedwa ngati mwadzidzidzi. Kutha kwanthawi zonse.
  • failureThreshold - chiwerengero cha zolephera zoyesa chizindikiro chisanayambe kutumizidwa ku pod.
  • successThreshold - chiwerengero cha zofufuza zopambana musanalowe m'malo okonzeka (pambuyo pa kulephera, pamene pod ikuyamba kapena kuchira).

Khwerero XNUMX: kukhazikitsa ndondomeko zokhazikika za netiweki za pod

Kubernetes ali ndi "flat" network topography; mwachisawawa, ma pod onse amalumikizana mwachindunji. Nthawi zina izi sizofunikira.

Vuto lomwe lingakhale lachitetezo ndikuti wowukira atha kugwiritsa ntchito pulogalamu imodzi yomwe ili pachiwopsezo kuti atumize kuchuluka kwa magalimoto onse pa intaneti. Monga momwe zilili ndi mbali zambiri zachitetezo, mfundo yochepetsera mwayi imagwira ntchito pano. Moyenera, ndondomeko za netiweki ziyenera kufotokoza momveka bwino kuti ndi kulumikizana kotani pakati pa ma pod ndi komwe sikuloledwa.

Mwachitsanzo, m'munsimu pali ndondomeko yosavuta yomwe imakana magalimoto onse omwe akubwera a malo enieni:

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:  
 name: default-deny-ingress
spec:  
 podSelector: {}  
 policyTypes:  
   - Ingress

Kuwona kasinthidwe uku:

Asanu amaphonya potumiza pulogalamu yoyamba pa Kubernetes
(https://miro.medium.com/max/875/1*-eiVw43azgzYzyN1th7cZg.gif)
Zambiri apa.

Khwerero XNUMX: chizolowezi chogwiritsa ntchito ndowe ndi zotengera za init

Chimodzi mwazolinga zathu zazikulu chinali kupereka zotumiza ku Kubernetes popanda nthawi yopuma kwa opanga. Izi ndizovuta chifukwa pali njira zambiri zotsekera mapulogalamu ndikumasula zomwe adagwiritsa ntchito.

Zovuta kwambiri zidabuka nazo Nginx. Tidawona kuti ma pod awa atayikidwa motsatizana, zolumikizira zogwira zidatsitsidwa zisanamalizidwe bwino.

Pambuyo pakufufuza kwakukulu pa intaneti, zikuwoneka kuti Kubernetes samadikirira kuti malumikizano a Nginx adzitope okha asanathetse pod. Pogwiritsa ntchito mbedza yoyimitsa, tinagwiritsa ntchito zotsatirazi ndikuchotsa nthawi yopuma:

lifecycle: 
 preStop:
   exec:
     command: ["/usr/local/bin/nginx-killer.sh"]

Koma nginx-killer.sh:

#!/bin/bash
sleep 3
PID=$(cat /run/nginx.pid)
nginx -s quit
while [ -d /proc/$PID ]; do
   echo "Waiting while shutting down nginx..."
   sleep 10
done

Paradigm ina yothandiza kwambiri ndikugwiritsa ntchito zotengera za init poyambira mapulogalamu enaake. Izi ndizothandiza makamaka ngati muli ndi njira yosunthika yotengera zinthu zomwe zikuyenera kuchitika pulogalamuyo isanayambe. Mukhozanso kufotokoza malire apamwamba pa ndondomekoyi popanda kukhazikitsa malire a ntchito yaikulu.

Chiwembu china chodziwika bwino ndikupeza zinsinsi mu chidebe cha init chomwe chimapereka zidziwitsozo ku gawo lalikulu, zomwe zimalepheretsa kupeza zinsinsi mosavomerezeka kuchokera ku gawo lalikulu la pulogalamuyo.

Monga mwachizolowezi, tchulani zolembedwazo: Zotengera zoyambira zimayendetsa mosamala ma code kapena zida zomwe zingachepetse chitetezo cha chidebe cha pulogalamuyo. Popatula zida zosafunikira, mumachepetsa mawonekedwe a chidebe cha pulogalamuyo.

Khwerero XNUMX: Konzani Kernel

Pomaliza, tiyeni tikambirane njira zapamwamba kwambiri.

Kubernetes ndi nsanja yosinthika kwambiri yomwe imakulolani kuyendetsa ntchito momwe mukuwonera. Tili ndi ntchito zingapo zogwira ntchito kwambiri zomwe ndizofunika kwambiri. Titayesa kuchuluka kwa katundu, tidazindikira kuti pulogalamu imodzi ikuvutikira kuthana ndi kuchuluka kwa magalimoto omwe amayembekezeredwa pomwe zosintha za Kubernetes zidayamba kugwira ntchito.

Komabe, Kubernetes imakupatsani mwayi woyendetsa chidebe chamwayi chomwe chimasintha magawo a kernel pokha pokha. Nazi zomwe tinkakonda kusintha kuchuluka kwa maulalo otseguka:

initContainers:
  - name: sysctl
     image: alpine:3.10
     securityContext:
         privileged: true
      command: ['sh', '-c', "sysctl -w net.core.somaxconn=32768"]

Iyi ndi njira yapamwamba kwambiri yomwe nthawi zambiri imakhala yosafunikira. Koma ngati pulogalamu yanu ikuvutika kuthana ndi katundu wolemetsa, mutha kuyesa zina mwazokondazi. Zambiri pazantchitoyi ndikuyika zikhalidwe zosiyanasiyana - monga nthawi zonse muzolemba zovomerezeka.

Pomaliza

Ngakhale Kubernetes angawoneke ngati yankho lomwe lapangidwa kale m'bokosi, pali njira zingapo zofunika zomwe muyenera kuchita kuti mapulogalamu anu aziyenda bwino.

Pakusamuka kwanu kwa Kubernetes, ndikofunikira kutsatira "katundu woyeserera": yambitsani pulogalamuyo, yesani kuyesa, kuyang'ana ma metric ndi makulitsidwe, sinthani masinthidwe potengera zomwe datayo, kenako bwerezaninso kuzungulira.

Dziwani zenizeni za kuchuluka kwa magalimoto omwe mukuyembekezera ndipo yesani kukankhira kupitilira kuti muwone zomwe zidayamba kusweka. Ndi njira yobwerezabwereza iyi, malingaliro ochepa chabe omwe atchulidwa angakhale okwanira kuti akwaniritse bwino. Kapena zingafunike kusintha mwakuya.

Nthawi zonse dzifunseni mafunso awa:

  1. Kodi mapulogalamu amawononga ndalama zingati ndipo voliyumuyi idzasintha bwanji?
  2. Kodi zofunika makulitsidwe enieni ndi chiyani? Kodi pulogalamuyi ikhala ndi magalimoto ochuluka bwanji? Nanga bwanji za kuchuluka kwa magalimoto pamsewu?
  3. Kodi ntchitoyo idzafunika kuonjezedwa kangati? Kodi ma pod atsopano amafunika kubweretsedwa pa intaneti mwachangu bwanji kuti alandire kuchuluka kwa magalimoto?
  4. Kodi makoko amatsekedwa bwino bwanji? Kodi izi ndizofunikira? Kodi ndizotheka kukwaniritsa kutumizidwa popanda kutsika?
  5. Kodi mungachepetse bwanji ziwopsezo zachitetezo ndikuchepetsa kuwonongeka kwa ma pod aliwonse omwe asokonezedwa? Kodi pali mautumiki omwe ali ndi zilolezo kapena mwayi womwe sakufuna?

Kubernetes imapereka nsanja yodabwitsa yomwe imakupatsani mwayi wogwiritsa ntchito njira zabwino zotumizira masauzande ambiri pagulu. Komabe, ntchito iliyonse ndi yosiyana. Nthawi zina kukhazikitsa kumafuna ntchito yochulukirapo.

Mwamwayi, Kubernetes amapereka kasinthidwe koyenera kuti akwaniritse zolinga zonse zaukadaulo. Pogwiritsa ntchito zopempha ndi malire, Liveness and Readiness probes, zotengera za init, mfundo za netiweki, ndikusintha ma kernel, mutha kuchita bwino kwambiri komanso kulolerana ndi zolakwika komanso scalability mwachangu.

Zomwe mungawerenge:

  1. Njira zabwino kwambiri zoyendetsera zotengera ndi Kubernetes m'malo opanga.
  2. Zida 90+ zothandiza za Kubernetes: kutumiza, kasamalidwe, kuwunika, chitetezo ndi zina zambiri.
  3. Njira yathu Yozungulira Kubernetes mu Telegraph.

Source: www.habr.com

Kuwonjezera ndemanga