ProHoster > Blog > Utongi > Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Gore rino, mukuru weEuropean Kubernetes musangano - KubeCon + CloudNativeCon Europe 2020 - yaive chaiyo. Zvisinei, kuchinja kwakadaro kwechimiro hakuna kutidzivisa kuendesa mushumo wedu watakanga taronga kwenguva refu wokuti “Endai? Bash! Sangana neShell-operator ”yakatsaurirwa kune yedu Open Source chirongwa shell-operator.

Chinyorwa ichi, chakafemerwa nehurukuro, chinopa nzira yekurerutsa maitiro ekugadzira maoperator eKubernetes uye inoratidza magadzirirwo aungaite yako nekuedza kushoma uchishandisa shell-operator.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Kusuma vhidhiyo yemushumo (~ maminitsi makumi maviri nematatu muChirungu, zvinonyatso dzidzisa kupfuura chinyorwa) uye chikuru chinotorwa kubva pachiri muchimiro chemavara. Enda!

PaFlant tinogara tichikwenenzvera uye otomatiki zvese. Nhasi tichataura nezveimwe pfungwa inofadza. Kusangana: cloud-native shell scripting!

Nekudaro, ngatitangei nemamiriro ezvinhu mune izvi zvese zvinoitika: Kubernetes.

Kubernetes API uye controllers

Iyo API muKubernetes inogona kumiririrwa semhando yefaira server ine madhairekitori emhando yega yega yechinhu. Zvinhu (zvishandiso) pane iyi server zvinomiririrwa neYAML mafaera. Uye zvakare, sevha ine yakakosha API inobvumidza iwe kuita zvinhu zvitatu:

  • gamuchira pfuma nerudzi rwayo uye nezita;
  • chinja resource (mune iyi kesi, sevha inongochengeta chete "chaiyo" zvinhu - zvese zvisina kuumbwa kana zvakagadzirirwa mamwe madhairekitori anoraswa);
  • track kune iyo sosi (mune iyi kesi, mushandisi anobva agamuchira yayo yazvino / yakagadziridzwa vhezheni).

Nekudaro, Kubernetes inoita senge yefaira sevha (yeYAML inoratidzira) ine nzira nhatu dzekutanga (hongu, pane dzimwe, asi isu tichavasiya izvozvi).

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Dambudziko nderekuti sevha inogona kuchengeta ruzivo chete. Kuti uzviite unoda Controller - yechipiri yakakosha uye yakakosha pfungwa munyika yeKubernetes.

Kune mhando mbiri huru dzevatongi. Yekutanga inotora ruzivo kubva Kubernetes, inoigadzirisa zvinoenderana neyakaomeswa logic, uye inoidzosera kuK8s. Yechipiri inotora ruzivo kubva Kubernetes, asi, kusiyana nemhando yekutanga, inoshandura mamiriro ezvimwe zvekunze zviwanikwa.

Ngatitarisei zvakanyanya maitiro ekugadzira Deployment muKubernetes:

  • Deployment Controller (inosanganisirwa mu kube-controller-manager) inogamuchira ruzivo nezve Deployment uye inogadzira ReplicaSet.
  • ReplicaSet inogadzira replicas mbiri (mapodhi maviri) zvichienderana neruzivo urwu, asi mapodhi aya haasati arongwa.
  • Iye anoronga anoronga mapodhi uye anowedzera node ruzivo kune yavo YAMLs.
  • Kubelets anoita shanduko kune yekunze sosi (inoti Docker).

Zvadaro kutevedzana uku kunodzokororwa mureverse order: iyo kubelet inotarisa midziyo, inoverenga chimiro chepod uye ichidzosera. Iyo ReplicaSet controller inogamuchira iyo mamiriro uye inovandudza mamiriro eiyo replica set. Chinhu chimwe chete chinoitika neDeployment Controller uye mushandisi anozopedzisira awana iyo yakagadziridzwa (yazvino) mamiriro.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Shell-operator

Zvinoitika kuti Kubernetes yakavakirwa pabasa rakabatana revatongi vakasiyana-siyana (Kubernetes vanoshanda zvakare vatongi). Mubvunzo unomuka, maitiro ekugadzira yako wega opareta nekushomeka kwekuedza? Uye heino iyo yatakagadzira inouya kuzonunura shell-operator. Inobvumira vatariri vehurongwa kuti vagadzire zvirevo zvavo vachishandisa nzira dzinozivikanwa.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Muenzaniso uri nyore: kukopa zvakavanzika

Ngatitarisei muenzaniso wakapfava.

Ngatiti isu tine Kubernetes cluster. Iine nzvimbo yezita default neimwe Secret mysecret. Mukuwedzera, kune dzimwe nzvimbo dzezita musumbu. Zvimwe zvacho zvine zita rakanamirwa pazviri. Chinangwa chedu ndechekukopa Chakavanzika munzvimbo dzemazita ine label.

Basa racho rakaomeswa nenyaya yekuti mazita matsva anogona kuoneka musumbu, uye mamwe acho anogona kunge aine iyi label. Kune rimwe divi, kana iyo label yadzimwa, Chakavanzika chinofanirawo kubviswa. Pamusoro peizvi, Chakavanzika pachacho chinogonawo kuchinja: mune iyi kesi, Chakavanzika chitsva chinofanira kuteedzerwa kune ese mazita ane mavara. Kana Chakavanzika chikabviswa netsaona mune chero nzvimbo yezita, opareta wedu anofanira kuidzosera nekukurumidza.

Iye zvino iro basa rakagadzirwa, yave nguva yekutanga kuishandisa uchishandisa shell-operator. Asi kutanga zvakakosha kutaura mazwi mashoma nezve shell-operator pachayo.

Iyo shell-operator inoshanda sei

Kufanana nemamwe mabasa muKubernetes, shell-operator inomhanya mune yayo pod. Mune iyi pod mudhairekitori /hooks executable mafaira anochengetwa. Izvi zvinogona kuve zvinyorwa muBash, Python, Ruby, nezvimwe. Tinodaidza mafaira akadaro mahokwe (hooks).

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Shell-operator inonyoresa kuKubernetes zviitiko uye inomhanyisa hoko idzi mukupindura kune izvo zviitiko zvatinoda.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Iyo shell-operator inoziva sei hoko yekumhanya uye riini? Chiripo ndechekuti chirauro chega chega chine nhanho mbiri. Panguva yekutanga, shell-operator inomhanyisa hoko dzese nekupokana --config Iyi ndiyo danho rekugadzirisa. Uye mushure mazvo, zvikorekedzo zvinotangwa nenzira yakajairika - mukupindura kune zviitiko izvo zvakabatanidzwa. Muchiitiko chekupedzisira, hoko inogamuchira inosunga mamiriro (binding context) - data muJSON fomati, yatichataura nezvayo zvakadzama pazasi.

Kugadzira opareta muBash

Iye zvino tagadzirira kushandiswa. Kuti tiite izvi, tinoda kunyora mabasa maviri (nenzira, tinokurudzira raibhurari shell_lib, iyo inorerutsa zvikuru machira ekunyora muBash):

  • yekutanga inodiwa padanho rekugadzirisa - inoratidza inosunga mamiriro;
  • yechipiri ine pfungwa huru yehoko.

#!/bin/bash

source /shell_lib.sh

function __config__() {
  cat << EOF
    configVersion: v1
    # BINDING CONFIGURATION
EOF
}

function __main__() {
  # THE LOGIC
}

hook::run "$@"

Nhanho inotevera ndeyekusarudza zvinhu zvatinoda. Muchiitiko chedu, tinofanira kutevera:

  • sosi chakavanzika chekuchinja;
  • ese mazita emazita ari musumbu, kuti uzive kuti ndeapi ane zita rakanamirwa paari;
  • tarisisa zvakavanzika kuti uve nechokwadi chekuti zvese zviri muchibvumirano nechakavanzika chakavanzika.

Nyorera kune yakavanzika sosi

Kusunga gadziriro yayo iri nyore. Tinoratidza kuti tiri kufarira Chakavanzika nezita mysecret munzvimbo yemazita default:

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

function __config__() {
  cat << EOF
    configVersion: v1
    kubernetes:
    - name: src_secret
      apiVersion: v1
      kind: Secret
      nameSelector:
        matchNames:
        - mysecret
      namespace:
        nameSelector:
          matchNames: ["default"]
      group: main
EOF

Nekuda kweizvozvo, hoko inokonzereswa kana sosi yakavanzika ichichinja (src_secret) uye gamuchira zvinotevera zvinosunga mamiriro:

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Sezvauri kuona, ine zita uye chinhu chose.

Kuchengeta mazita emazita

Iye zvino iwe unofanirwa kunyorera kune namespaces. Kuti tiite izvi, tinotsanangura zvinotevera zvinosunga zvigadziriso:

- name: namespaces
  group: main
  apiVersion: v1
  kind: Namespace
  jqFilter: |
    {
      namespace: .metadata.name,
      hasLabel: (
       .metadata.labels // {} |  
         contains({"secret": "yes"})
      )
    }
  group: main
  keepFullObjectsInMemory: false

Sezvauri kuona, imwe ndima itsva yakaonekwa mukugadziriswa ine zita jqFilter. Sezvinoreva zita rayo, jqFilter inosefa ruzivo rwese rusina basa uye inogadzira chinhu chitsva cheJSON chine minda yatinofarira. Hoko ine gadziriso yakafanana ichagamuchira inotevera inosunga mamiriro:

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Iine hurongwa filterResults yenzvimbo yega yega yezita musumbu. Boolean variable hasLabel inoratidza kana chikwangwani chakabatanidzwa panzvimbo yakapihwa mazita. Selector keepFullObjectsInMemory: false inoratidza kuti hapana kudikanwa kwekuchengeta zvinhu zvakakwana mundangariro.

Kutsvaga zvakavanzika zvakavanzika

Isu tinonyorera kune zvese Zvakavanzika zvine chirevo chakatsanangurwa managed-secret: "yes" (Izvi ndizvo zvatinovavarira dst_secrets):

- name: dst_secrets
  apiVersion: v1
  kind: Secret
  labelSelector:
    matchLabels:
      managed-secret: "yes"
  jqFilter: |
    {
      "namespace":
        .metadata.namespace,
      "resourceVersion":
        .metadata.annotations.resourceVersion
    }
  group: main
  keepFullObjectsInMemory: false

Mune ino kesi jqFilter inosefa ruzivo rwese kunze kwenzvimbo yezita uye parameter resourceVersion. Iyo yekupedzisira parameter yakapfuudzwa kune annotation paunenge uchigadzira chakavanzika: inokutendera kuti uenzanise shanduro dzezvakavanzika uye uzvichengete kusvika parizvino.

Hoko yakagadziridzwa nenzira iyi, kana ichinge yaitwa, inogashira matatu anosunga mamiriro atsanangurwa pamusoro. Vanogona kufungidzirwa semhando yemufananidzo (snapshot) sumbu.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Zvichienderana neruzivo urwu rwese, yakakosha algorithm inogona kugadzirwa. Inodzokorora pamusoro penzvimbo dzese dzezita uye:

  • kana hasLabel nyaya true yenzvimbo yazvino yemazita:
    • inoenzanisa chakavanzika chepasi rose neicho chemuno:
      • kana akafanana, haaiti chinhu;
      • kana vakasiyana - executes kubectl replace kana create;
  • kana hasLabel nyaya false yenzvimbo yazvino yemazita:
    • inoita shuwa kuti Chakavanzika hachisi munzvimbo yakapihwa zita:
      • kana Chakavanzika chemunharaunda chiripo, chibvise uchishandisa kubectl delete;
      • kana Chakavanzika chemunharaunda chikasaonekwa, hachiite chinhu.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Kuitwa kweiyo algorithm muBash unogona kudhawunirodha mune yedu repositories nemienzaniso.

Ndiwo magonero atakaita kugadzira iri nyore Kubernetes controller tichishandisa mitsara makumi matatu neshanu yeYAML config uye inosvika huwandu hwakafanana hweBash kodhi! Basa reshell-operator nderekuvabatanidza pamwechete.

Nekudaro, kukopa zvakavanzika haisiriyo yega nzvimbo yekushandisa yekushandisa. Heano mimwe mienzaniso mishoma inoratidza zvaanogona kuita.

Muenzaniso 1: Kuita shanduko kuConfigMap

Ngatitarisei kuDeployment inoumbwa nemapodhi matatu. Mapodhi anoshandisa ConfigMap kuchengetedza imwe gadziriro. Pakatangwa mapods, ConfigMap yaive mune imwe nhanho (ngatidaidzei v.1). Saizvozvo, ese mapodhi anoshandisa iyi chaiyo vhezheni yeConfigMap.

Zvino ngatifungei kuti ConfigMap yashanduka (v.2). Zvakadaro, mapodhi achashandisa yakare vhezheni yeConfigMap (v.1):

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Ndingaite sei kuti vachinjire kuConfigMap itsva (v.2)? Mhinduro iri nyore: shandisa template. Ngatiwedzerei cheki chirevo kuchikamu template Deployment configuration:

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Nekuda kweizvozvo, iyi cheki ichanyoreswa mumapodhi ese, uye ichave yakafanana neyeDeployment. Iye zvino unongoda kugadzirisa chirevo kana ConfigMap yachinja. Uye iyo shell-operator inouya inobatsira mune iyi kesi. Zvose zvaunoda kuita purogiramu chirauro chinozonyorera kuConfigMap uye kugadzirisa cheki.

Kana mushandisi akaita shanduko kuConfigMap, iyo shell-operator inovaona uye overengazve cheki. Mushure meizvozvo mashiripiti eKubernetes achauya mukutamba: mutambi achauraya pod, kugadzira imwe nyowani, kumirira kuti ive. Ready, uye yoenda kune inotevera. Nekuda kweizvozvo, Deployment ichawiriranisa uye ichichinja kune iyo itsva vhezheni yeConfigMap.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Muenzaniso 2: Kushanda neCustomer Resource Definitions

Sezvaunoziva, Kubernetes inokutendera iwe kuti ugadzire tsika dzemhando dzezvinhu. Somuenzaniso, unogona kugadzira mutsa MysqlDatabase. Ngatitii rudzi urwu rune maviri metadata paramita: name и namespace.

apiVersion: example.com/v1alpha1
kind: MysqlDatabase
metadata:
  name: foo
  namespace: bar

Isu tine Kubernetes cluster ine nzvimbo dzakasiyana dzemazita umo isu tinogona kugadzira MySQL dhatabhesi. Muchiitiko ichi shell-operator inogona kushandiswa kutevera zviwanikwa MysqlDatabase, achivabatanidza kune MySQL server uye kuwiriranisa inodiwa uye inocherechedzwa nyika dze cluster.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Muenzaniso 3: Cluster Network Monitoring

Sezvaunoziva, kushandisa ping ndiyo nzira iri nyore yekutarisa network. Mumuenzaniso uyu ticharatidza maitiro ekuita kutarisa kwakadaro uchishandisa shell-operator.

Chekutanga pane zvese, iwe uchafanirwa kunyorera kune node. Iyo shell operator inoda zita uye IP kero yeimwe node. Nerubatsiro rwavo, achaita ping idzi node.

configVersion: v1
kubernetes:
- name: nodes
  apiVersion: v1
  kind: Node
  jqFilter: |
    {
      name: .metadata.name,
      ip: (
       .status.addresses[] |  
        select(.type == "InternalIP") |
        .address
      )
    }
  group: main
  keepFullObjectsInMemory: false
  executeHookOnEvent: []
schedule:
- name: every_minute
  group: main
  crontab: "* * * * *"

Parameter executeHookOnEvent: [] inodzivirira chirauro kumhanya mukupindura kune chero chiitiko (kureva, mukupindura kuchinja, kuwedzera, kudzima node). Zvisinei, iye achamhanya (uye gadziridza rondedzero yemanode) Yakarongwa - miniti yega yega, sekurairwa nemunda schedule.

Zvino mubvunzo unomuka, tinoziva sei chaizvo nezvematambudziko senge kurasikirwa kwepaketi? Ngatitarisei kodhi:

function __main__() {
  for i in $(seq 0 "$(context::jq -r '(.snapshots.nodes | length) - 1')"); do
    node_name="$(context::jq -r '.snapshots.nodes['"$i"'].filterResult.name')"
    node_ip="$(context::jq -r '.snapshots.nodes['"$i"'].filterResult.ip')"
    packets_lost=0
    if ! ping -c 1 "$node_ip" -t 1 ; then
      packets_lost=1
    fi
    cat >> "$METRICS_PATH" <<END
      {
        "name": "node_packets_lost",
        "add": $packets_lost,
        "labels": {
          "node": "$node_name"
        }
      }
END
  done
}

Isu tinodzokorora kuburikidza nerondedzero yemanodhi, tora mazita avo uye IP kero, ping ivo uye kutumira mhinduro kuPrometheus. Shell-operator inogona kutumira metrics kuPrometheus, uchivachengeta kune faira rinowanikwa zvinoenderana negwara rakatsanangurwa mune nharaunda inoshanduka $METRICS_PATH.

Pano saizvozvo iwe unogona kugadzira opareta kune yakapusa network yekutarisa musumbu.

Kuita mumutsara

Ichi chinyorwa chingave chisina kukwana pasina kutsanangura imwe nzira yakakosha yakavakwa mushell-operator. Fungidzira kuti inoita imwe mhando yechirauro mukupindura kune chiitiko musumbu.

  • Chii chinoitika kana, panguva imwe chete, chimwe chinhu chikaitika musumbu? mumwezve chiitiko?
  • Ko shell-operator ichaita imwe muenzaniso yehuku?
  • Ko kana, toti, zviitiko zvishanu zvikaitika musumbu panguva imwe chete?
  • Ko iyo shell-operator ichazvigadzirisa zvakafanana?
  • Zvakadini nezvinodyiwa zviwanikwa zvakaita sendangariro uye CPU?

Sezvineiwo, shell-operator ine yakavakirwa-mukati queuing michina. Zviitiko zvese zvinomisikidzwa uye zvinogadziriswa sequentially.

Ngatienzanisire izvi nemienzaniso. Ngatitii tine zvikorekedzo zviviri. Chiitiko chekutanga chinoenda kune hook yekutanga. Kana kugadziriswa kwayo kwapera, mutsara unoenda mberi. Zviitiko zvitatu zvinotevera zvinodzoserwa kune yechipiri hook - ivo vanobviswa kubva pamutsetse uye vanopinda mairi mu "bundle". Ndizvozvo hook inogamuchira zviitiko zvakawanda - kana, kunyanya, nhevedzano yezvisungo zvinosunga.

Zvakare izvi zviitiko zvinogona kusanganiswa kuita imwe huru. Iyo parameter inokonzera izvi group mune inosunga gadziriso.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Iwe unogona kugadzira chero nhamba yemitsara / hoko uye nekusanganisa kwavo kwakasiyana. Semuenzaniso, mutsara mumwe unogona kushanda nezvikokovonho zviviri, kana zvakasiyana.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Zvese zvaunoda kuti uite kugadzirisa ndima zvinoenderana queue mune inosunga gadziriso. Kana zita remutsetse risina kutaurwa, hoko inomhanya pamutsara wakasarudzika (default) Iyi queuing mechanism inokutendera kuti ugadzirise zvachose matambudziko ese ekugadzirisa zviwanikwa paunenge uchishanda nemachira.

mhedziso

Isu takatsanangura chinonzi shell-operator, takaratidza kuti ingashandiswa sei kukurumidza uye pasina simba kugadzira Kubernetes vanoshanda, uye takapa akati wandei mienzaniso yekushandiswa kwayo.

Ruzivo rwakadzama nezve shell-operator, pamwe nekukurumidza dzidziso yekuti ungashandise sei, inowanikwa mune inoenderana. repositories paGitHub. Usazeza kutibata nemibvunzo: unogona kukurukura navo mune yakakosha Teregiramu boka (muRussia) kana mukati iyi forum (muChirungu).

Uye kana iwe wakaifarira, isu tinogara tichifara kuona zvitsva zvitsva / PR / nyeredzi paGitHub, uko, nenzira, iwe unogona kuwana vamwe. zvirongwa zvinonakidza. Pakati pavo zvakakodzera kujekesa addon-operator, inova mukoma mukuru we shell-operator. Ichi chishandiso chinoshandisa machati eHelm kuisa ma-add-ons, anogona kuendesa zvigadziriso uye kutarisa akasiyana machati paramita / kukosha, anodzora maitiro ekuisa machati, uye anogona zvakare kushandura iwo mukupindura kune zviitiko musumbu.

Go? Bash! Sangana neshell-operator (wongororo uye vhidhiyo mushumo kubva KubeCon EU'2020)

Vhidhiyo uye masiraidhi

Vhidhiyo kubva pakuita (~ maminitsi makumi maviri nematatu):


Mharidzo yemushumo:

PS

Verenga zvakare pablog yedu:

Source: www.habr.com

Voeg