نوٽ. ترجمو: مضمون جو ليکڪ - Erkan Erol، SAP مان هڪ انجنيئر - پنهنجي مطالعي کي شيئر ڪري ٿو ٽيم جي ڪم جي ميڪانيزم جو kubectl exec، هر ڪنهن کان واقف آهي جيڪو ڪبرنيٽس سان ڪم ڪري ٿو. هو پوري الگورتھم سان گڏ ڪبرنيٽس سورس ڪوڊ (۽ لاڳاپيل پروجيڪٽس) جي لسٽن سان گڏ آهي، جيڪو توهان کي موضوع کي سمجهڻ جي اجازت ڏئي ٿو جيترو ضروري آهي.
هڪ جمعه، هڪ همراهه مون وٽ آيو ۽ پڇيو ته پوڊ ۾ ڪمانڊ ڪيئن استعمال ڪجي کلائنٽ وڃڻ. مان کيس جواب نه ڏئي سگهيس ۽ اوچتو محسوس ڪيم ته مون کي ڪم جي ميکانيزم جي ڪا به خبر نه هئي kubectl exec. ها، مون کي هن جي ڊوائيس بابت ڪجهه خيال هئا، پر مون کي انهن جي صحيحيت جي 100٪ پڪ نه هئي ۽ تنهن ڪري هن مسئلي کي حل ڪرڻ جو فيصلو ڪيو. بلاگز، دستاويزن ۽ سورس ڪوڊ جو مطالعو ڪرڻ سان، مون گهڻو ڪجهه سکيو، ۽ هن آرٽيڪل ۾ مان پنهنجي دريافتن ۽ سمجھن کي شيئر ڪرڻ چاهيان ٿو. جيڪڏهن ڪجهه غلط آهي، مهرباني ڪري مون سان رابطو ڪريو تي Twitter.
جي تياري
ميڪ بڪ تي ڪلسٽر ٺاهڻ لاءِ، مون ڪلون ڪيو ecomm-integration-ballerina/kubernetes-cluster. ان کان پوء مون kubelet'a config ۾ نوڊس جي IP پتي کي درست ڪيو، ڇو ته ڊفالٽ سيٽنگون اجازت نه ڏنيون آهن kubectl exec. توهان هن جي بنيادي سبب بابت وڌيڪ پڙهي سگهو ٿا هتي.
ڪا به مشين = منهنجو ميڪ بڪ
ماسٽر نوڊ IP = 192.168.205.10
IP ورڪر نوڊ = 192.168.205.11
API سرور پورٽ = 6443
اجزاء
kubectl exec عمل: جڏهن اسان ڪندا آهيون "kubectl exec..." اهو عمل شروع ڪيو ويندو آهي. توهان اهو ڪري سگهو ٿا ڪنهن به مشين تي K8s API سرور تائين رسائي سان. نوٽ. ترجمو: وڌيڪ ڪنسول لسٽنگ ۾، ليکڪ تبصرو استعمال ڪري ٿو "ڪنهن به مشين"، انهي جو مطلب آهي ته هيٺيون حڪم ڪنهن به اهڙي مشين تي ڪبرنيٽس تائين رسائي سان عمل ڪري سگهجي ٿو.
api سرور: ماسٽر نوڊ تي هڪ جزو جيڪو ڪبرنيٽس API تائين رسائي فراهم ڪري ٿو. هي آهي سامهون آخر Kubernetes ۾ ڪنٽرول جهاز لاء.
ڪوبلٽ: ايجنٽ جيڪو ڪلستر ۾ هر نوڊ تي هلندو آهي. اهو پوڊ ۾ ڪنٽينرز جو ڪم مهيا ڪري ٿو.
ڪنٽينر هلائڻ وقت (container runtime): سافٽ ويئر ڪنٽينر هلائڻ جو ذميوار. مثال: Docker، CRI-O، ڪنٽينر...
ڪٿا: ڪم ڪندڙ نوڊ تي او ايس ڪنييل؛ عمل جي انتظام لاء ذميوار.
ھدف (هدف) ڪتب: هڪ ڪنٽينر جيڪو پوڊ جو حصو آهي ۽ ڪم ڪندڙ نوڊس مان هڪ تي هلندو آهي.
مون کي ڇا دريافت ڪيو
1. ڪلائنٽ جي پاسي تي سرگرمي
نالي جي جڳهه ۾ هڪ پوڊ ٺاهيو default:
// any machine
$ kubectl run exec-test-nginx --image=nginx
ان کان پوء اسان exec حڪم تي عمل ڪيو ۽ وڌيڪ مشاهدو لاء 5000 سيڪنڊن جو انتظار ڪريو:
// any machine
$ kubectl exec -it exec-test-nginx-6558988d5-fgxgg -- sh
# sleep 5000
kubectl عمل ظاهر ٿئي ٿو (pid = 8507 سان اسان جي صورت ۾):
handler.go:143] kube-apiserver: POST "/api/v1/namespaces/default/pods/exec-test-nginx-6558988d5-fgxgg/exec" satisfied by gorestful with webservice /api/v1
upgradeaware.go:261] Connecting to backend proxy (intercepting redirects) https://192.168.205.11:10250/exec/default/exec-test-nginx-6558988d5-fgxgg/exec-test-nginx?command=sh&input=1&output=1&tty=1
Headers: map[Connection:[Upgrade] Content-Length:[0] Upgrade:[SPDY/3.1] User-Agent:[kubectl/v1.12.10 (darwin/amd64) kubernetes/e3c1340] X-Forwarded-For:[192.168.205.1] X-Stream-Protocol-Version:[v4.channel.k8s.io v3.channel.k8s.io v2.channel.k8s.io channel.k8s.io]]
نوٽ ڪريو ته HTTP درخواست ۾ پروٽوڪول تبديلي جي درخواست شامل آھي. ايس پي آءِ stdin/stdout/stderr/spdy-error جي الڳ "اسٽريمز" کي اجازت ڏئي ٿو ته هڪ واحد TCP ڪنيڪشن تي ملٽي پلڪس ڪيو وڃي.
API سرور درخواست وصول ڪري ٿو ۽ ان کي تبديل ڪري ٿو PodExecOptions:
// PodExecOptions is the query options to a Pod's remote exec call
type PodExecOptions struct {
metav1.TypeMeta
// Stdin if true indicates that stdin is to be redirected for the exec call
Stdin bool
// Stdout if true indicates that stdout is to be redirected for the exec call
Stdout bool
// Stderr if true indicates that stderr is to be redirected for the exec call
Stderr bool
// TTY if true indicates that a tty will be allocated for the exec call
TTY bool
// Container in which to execute the command.
Container string
// Command is the remote command to execute; argv array; not executed within a shell.
Command []string
}
گهربل عملن کي انجام ڏيڻ لاءِ، api-server کي ڄاڻڻ جي ضرورت آهي ته ان کي ڪهڙي پوڊ سان رابطو ڪرڻ جي ضرورت آهي:
// ExecLocation returns the exec URL for a pod container. If opts.Container is blank
// and only one container is present in the pod, that container is used.
func ExecLocation(
getter ResourceGetter,
connInfo client.ConnectionInfoGetter,
ctx context.Context,
name string,
opts *api.PodExecOptions,
) (*url.URL, http.RoundTripper, error) {
return streamLocation(getter, connInfo, ctx, name, opts, opts.Container, "exec")
}
nodeName := types.NodeName(pod.Spec.NodeName)
if len(nodeName) == 0 {
// If pod has not been assigned a host, return an empty location
return nil, nil, errors.NewBadRequest(fmt.Sprintf("pod %s does not have a host assigned", name))
}
nodeInfo, err := connInfo.GetConnectionInfo(ctx, nodeName)
هوري! Kubelet هاڻي هڪ بندرگاهه آهي (node.Status.DaemonEndpoints.KubeletEndpoint.Port) جنهن سان API سرور ڳنڍي سگھي ٿو:
// GetConnectionInfo retrieves connection info from the status of a Node API object.
func (k *NodeConnectionInfoGetter) GetConnectionInfo(ctx context.Context, nodeName types.NodeName) (*ConnectionInfo, error) {
node, err := k.nodes.Get(ctx, string(nodeName), metav1.GetOptions{})
if err != nil {
return nil, err
}
// Find a kubelet-reported address, using preferred address type
host, err := nodeutil.GetPreferredNodeAddress(node, k.preferredAddressTypes)
if err != nil {
return nil, err
}
// Use the kubelet-reported port, if present
port := int(node.Status.DaemonEndpoints.KubeletEndpoint.Port)
if port <= 0 {
port = k.defaultPort
}
return &ConnectionInfo{
Scheme: k.scheme,
Hostname: host,
Port: strconv.Itoa(port),
Transport: k.transport,
}, nil
}
پر انتظار ڪريو، ڪبيليٽ هن کي ڪيئن ڇڪايو؟ kubelet وٽ هڪ ڊيمون آهي جيڪو API تائين رسائي کي بندرگاهن ذريعي ايپ-سرور جي درخواستن لاءِ کولي ٿو:
// Server is the library interface to serve the stream requests.
type Server interface {
http.Handler
// Get the serving URL for the requests.
// Requests must not be nil. Responses may be nil iff an error is returned.
GetExec(*runtimeapi.ExecRequest) (*runtimeapi.ExecResponse, error)
GetAttach(req *runtimeapi.AttachRequest) (*runtimeapi.AttachResponse, error)
GetPortForward(*runtimeapi.PortForwardRequest) (*runtimeapi.PortForwardResponse, error)
// Start the server.
// addr is the address to serve on (address:port) stayUp indicates whether the server should
// listen until Stop() is called, or automatically stop after all expected connections are
// closed. Calling Get{Exec,Attach,PortForward} increments the expected connection count.
// Function does not return until the server is stopped.
Start(stayUp bool) error
// Stop the server, and terminate any open connections.
Stop() error
}
Kubelet هڪ انٽرفيس لاڳو ڪري ٿو RuntimeServiceClient، جيڪو ڪنٽينر رن ٽائم انٽرفيس جو حصو آهي (اسان ان بابت وڌيڪ لکيو، مثال طور، هتي - لڳ ڀڳ ترجمو.):
kubernetes/kubernetes ۾ cri-api کان ڊگهي لسٽنگ
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type RuntimeServiceClient interface {
// Version returns the runtime name, runtime version, and runtime API version.
Version(ctx context.Context, in *VersionRequest, opts ...grpc.CallOption) (*VersionResponse, error)
// RunPodSandbox creates and starts a pod-level sandbox. Runtimes must ensure
// the sandbox is in the ready state on success.
RunPodSandbox(ctx context.Context, in *RunPodSandboxRequest, opts ...grpc.CallOption) (*RunPodSandboxResponse, error)
// StopPodSandbox stops any running process that is part of the sandbox and
// reclaims network resources (e.g., IP addresses) allocated to the sandbox.
// If there are any running containers in the sandbox, they must be forcibly
// terminated.
// This call is idempotent, and must not return an error if all relevant
// resources have already been reclaimed. kubelet will call StopPodSandbox
// at least once before calling RemovePodSandbox. It will also attempt to
// reclaim resources eagerly, as soon as a sandbox is not needed. Hence,
// multiple StopPodSandbox calls are expected.
StopPodSandbox(ctx context.Context, in *StopPodSandboxRequest, opts ...grpc.CallOption) (*StopPodSandboxResponse, error)
// RemovePodSandbox removes the sandbox. If there are any running containers
// in the sandbox, they must be forcibly terminated and removed.
// This call is idempotent, and must not return an error if the sandbox has
// already been removed.
RemovePodSandbox(ctx context.Context, in *RemovePodSandboxRequest, opts ...grpc.CallOption) (*RemovePodSandboxResponse, error)
// PodSandboxStatus returns the status of the PodSandbox. If the PodSandbox is not
// present, returns an error.
PodSandboxStatus(ctx context.Context, in *PodSandboxStatusRequest, opts ...grpc.CallOption) (*PodSandboxStatusResponse, error)
// ListPodSandbox returns a list of PodSandboxes.
ListPodSandbox(ctx context.Context, in *ListPodSandboxRequest, opts ...grpc.CallOption) (*ListPodSandboxResponse, error)
// CreateContainer creates a new container in specified PodSandbox
CreateContainer(ctx context.Context, in *CreateContainerRequest, opts ...grpc.CallOption) (*CreateContainerResponse, error)
// StartContainer starts the container.
StartContainer(ctx context.Context, in *StartContainerRequest, opts ...grpc.CallOption) (*StartContainerResponse, error)
// StopContainer stops a running container with a grace period (i.e., timeout).
// This call is idempotent, and must not return an error if the container has
// already been stopped.
// TODO: what must the runtime do after the grace period is reached?
StopContainer(ctx context.Context, in *StopContainerRequest, opts ...grpc.CallOption) (*StopContainerResponse, error)
// RemoveContainer removes the container. If the container is running, the
// container must be forcibly removed.
// This call is idempotent, and must not return an error if the container has
// already been removed.
RemoveContainer(ctx context.Context, in *RemoveContainerRequest, opts ...grpc.CallOption) (*RemoveContainerResponse, error)
// ListContainers lists all containers by filters.
ListContainers(ctx context.Context, in *ListContainersRequest, opts ...grpc.CallOption) (*ListContainersResponse, error)
// ContainerStatus returns status of the container. If the container is not
// present, returns an error.
ContainerStatus(ctx context.Context, in *ContainerStatusRequest, opts ...grpc.CallOption) (*ContainerStatusResponse, error)
// UpdateContainerResources updates ContainerConfig of the container.
UpdateContainerResources(ctx context.Context, in *UpdateContainerResourcesRequest, opts ...grpc.CallOption) (*UpdateContainerResourcesResponse, error)
// ReopenContainerLog asks runtime to reopen the stdout/stderr log file
// for the container. This is often called after the log file has been
// rotated. If the container is not running, container runtime can choose
// to either create a new log file and return nil, or return an error.
// Once it returns error, new container log file MUST NOT be created.
ReopenContainerLog(ctx context.Context, in *ReopenContainerLogRequest, opts ...grpc.CallOption) (*ReopenContainerLogResponse, error)
// ExecSync runs a command in a container synchronously.
ExecSync(ctx context.Context, in *ExecSyncRequest, opts ...grpc.CallOption) (*ExecSyncResponse, error)
// Exec prepares a streaming endpoint to execute a command in the container.
Exec(ctx context.Context, in *ExecRequest, opts ...grpc.CallOption) (*ExecResponse, error)
// Attach prepares a streaming endpoint to attach to a running container.
Attach(ctx context.Context, in *AttachRequest, opts ...grpc.CallOption) (*AttachResponse, error)
// PortForward prepares a streaming endpoint to forward ports from a PodSandbox.
PortForward(ctx context.Context, in *PortForwardRequest, opts ...grpc.CallOption) (*PortForwardResponse, error)
// ContainerStats returns stats of the container. If the container does not
// exist, the call returns an error.
ContainerStats(ctx context.Context, in *ContainerStatsRequest, opts ...grpc.CallOption) (*ContainerStatsResponse, error)
// ListContainerStats returns stats of all running containers.
ListContainerStats(ctx context.Context, in *ListContainerStatsRequest, opts ...grpc.CallOption) (*ListContainerStatsResponse, error)
// UpdateRuntimeConfig updates the runtime configuration based on the given request.
UpdateRuntimeConfig(ctx context.Context, in *UpdateRuntimeConfigRequest, opts ...grpc.CallOption) (*UpdateRuntimeConfigResponse, error)
// Status returns the status of the runtime.
Status(ctx context.Context, in *StatusRequest, opts ...grpc.CallOption) (*StatusResponse, error)
}
ڪنٽينر رن ٽائم لاڳو ڪرڻ جو ذميوار آهي RuntimeServiceServer:
kubernetes/kubernetes ۾ cri-api کان ڊگهي لسٽنگ
// RuntimeServiceServer is the server API for RuntimeService service.
type RuntimeServiceServer interface {
// Version returns the runtime name, runtime version, and runtime API version.
Version(context.Context, *VersionRequest) (*VersionResponse, error)
// RunPodSandbox creates and starts a pod-level sandbox. Runtimes must ensure
// the sandbox is in the ready state on success.
RunPodSandbox(context.Context, *RunPodSandboxRequest) (*RunPodSandboxResponse, error)
// StopPodSandbox stops any running process that is part of the sandbox and
// reclaims network resources (e.g., IP addresses) allocated to the sandbox.
// If there are any running containers in the sandbox, they must be forcibly
// terminated.
// This call is idempotent, and must not return an error if all relevant
// resources have already been reclaimed. kubelet will call StopPodSandbox
// at least once before calling RemovePodSandbox. It will also attempt to
// reclaim resources eagerly, as soon as a sandbox is not needed. Hence,
// multiple StopPodSandbox calls are expected.
StopPodSandbox(context.Context, *StopPodSandboxRequest) (*StopPodSandboxResponse, error)
// RemovePodSandbox removes the sandbox. If there are any running containers
// in the sandbox, they must be forcibly terminated and removed.
// This call is idempotent, and must not return an error if the sandbox has
// already been removed.
RemovePodSandbox(context.Context, *RemovePodSandboxRequest) (*RemovePodSandboxResponse, error)
// PodSandboxStatus returns the status of the PodSandbox. If the PodSandbox is not
// present, returns an error.
PodSandboxStatus(context.Context, *PodSandboxStatusRequest) (*PodSandboxStatusResponse, error)
// ListPodSandbox returns a list of PodSandboxes.
ListPodSandbox(context.Context, *ListPodSandboxRequest) (*ListPodSandboxResponse, error)
// CreateContainer creates a new container in specified PodSandbox
CreateContainer(context.Context, *CreateContainerRequest) (*CreateContainerResponse, error)
// StartContainer starts the container.
StartContainer(context.Context, *StartContainerRequest) (*StartContainerResponse, error)
// StopContainer stops a running container with a grace period (i.e., timeout).
// This call is idempotent, and must not return an error if the container has
// already been stopped.
// TODO: what must the runtime do after the grace period is reached?
StopContainer(context.Context, *StopContainerRequest) (*StopContainerResponse, error)
// RemoveContainer removes the container. If the container is running, the
// container must be forcibly removed.
// This call is idempotent, and must not return an error if the container has
// already been removed.
RemoveContainer(context.Context, *RemoveContainerRequest) (*RemoveContainerResponse, error)
// ListContainers lists all containers by filters.
ListContainers(context.Context, *ListContainersRequest) (*ListContainersResponse, error)
// ContainerStatus returns status of the container. If the container is not
// present, returns an error.
ContainerStatus(context.Context, *ContainerStatusRequest) (*ContainerStatusResponse, error)
// UpdateContainerResources updates ContainerConfig of the container.
UpdateContainerResources(context.Context, *UpdateContainerResourcesRequest) (*UpdateContainerResourcesResponse, error)
// ReopenContainerLog asks runtime to reopen the stdout/stderr log file
// for the container. This is often called after the log file has been
// rotated. If the container is not running, container runtime can choose
// to either create a new log file and return nil, or return an error.
// Once it returns error, new container log file MUST NOT be created.
ReopenContainerLog(context.Context, *ReopenContainerLogRequest) (*ReopenContainerLogResponse, error)
// ExecSync runs a command in a container synchronously.
ExecSync(context.Context, *ExecSyncRequest) (*ExecSyncResponse, error)
// Exec prepares a streaming endpoint to execute a command in the container.
Exec(context.Context, *ExecRequest) (*ExecResponse, error)
// Attach prepares a streaming endpoint to attach to a running container.
Attach(context.Context, *AttachRequest) (*AttachResponse, error)
// PortForward prepares a streaming endpoint to forward ports from a PodSandbox.
PortForward(context.Context, *PortForwardRequest) (*PortForwardResponse, error)
// ContainerStats returns stats of the container. If the container does not
// exist, the call returns an error.
ContainerStats(context.Context, *ContainerStatsRequest) (*ContainerStatsResponse, error)
// ListContainerStats returns stats of all running containers.
ListContainerStats(context.Context, *ListContainerStatsRequest) (*ListContainerStatsResponse, error)
// UpdateRuntimeConfig updates the runtime configuration based on the given request.
UpdateRuntimeConfig(context.Context, *UpdateRuntimeConfigRequest) (*UpdateRuntimeConfigResponse, error)
// Status returns the status of the runtime.
Status(context.Context, *StatusRequest) (*StatusResponse, error)
}