Maitiro ekuwana Kubernetes Pod zviwanikwa

Mubayiro naTohad

Kana uchitanga neKubernetes, zvakajairika kukanganwa nezve kumisikidza zviwanikwa zvemidziyo. Panguva ino, zvakakwana kuve nechokwadi chekuti mufananidzo weDocker unoshanda uye unogona kuendeswa kune Kubernetes cluster.

Asi gare gare chikumbiro chinoda kuiswa muchikwata chekugadzira pamwe nemamwe maapplication. Kuti uite izvi, unofanirwa kugovera zviwanikwa zvemudziyo uye ita shuwa kuti pane zvakakwana kuti zvigadzirise application, uye kuti mamwe maapplication anoshanda haazosangana nematambudziko.

chikwata Kubernetes aaS kubva kuMail.ru yakashandura chinyorwa nezve zviwanikwa zvemidziyo (CPU & MEM), zvikumbiro uye zvisingakwanisi. Iwe uchadzidza mabhenefiti ezvirongwa izvi uye zvinoitika kana ukasazviseta.

Computing zviwanikwa

Tine marudzi maviri ezviwanikwa ane mayunitsi anotevera:

• Central processing unit (CPU) - cores;
• Memory (MEM) - bytes.

Zvishandiso zvinotsanangurwa pamudziyo wega wega. Mune inotevera Pod YAML faira, iwe uchaona chikamu chezvekushandisa icho chine zvakakumbirwa uye zvigadziriso zviwanikwa:

• Yakakumbirwa Pod Zviwanikwa = huwandu hwezviwanikwa zvakakumbirwa zvemidziyo yese;
• Pod Resource Limit = Sum yeese Pod Resource Limits.

apiVersion: v1
kind: Pod
metadata:
  name: backend-pod-name
  labels:
    application: backend
spec:
  containers:
    — name: main-container
      image: my-backend
      tag: v1
      ports:
      — containerPort: 8080
      resources:
        requests:
          cpu: 0.2 # REQUESTED CPU: 200m cores
          memory: "1Gi" # REQUESTED MEM: 1Gi
        limits:
          cpu: 1 # MAX CPU USAGE: 1 core
          memory: "1Gi" # MAX MEM USAGE:  1Gi
    — name: other-container
      image: other-app
      tag: v1
      ports:
      — containerPort: 8000
      resources:
        requests:
          cpu: "200m" # REQUESTED CPU: 200m cores
          memory: "0.5Gi" # REQUESTED MEM: 0.5Gi
        limits:
          cpu: 1 # MAX CPU USAGE: 1 core
          memory: "1Gi" # MAX MEM USAGE:  1Gi

Muenzaniso Wezvakakumbirwa uye Zvishoma Zviwanikwa

munda resources.requested kubva pane yakatarwa Pod ndechimwe chezvinhu zvinoshandiswa kutsvaga inodiwa node. Iwe unogona kutoronga Pod deployment yayo. Iwe unowana sei node yakakodzera?

Kubernetes ine zvikamu zvakati wandei, kusanganisira master node kana master node (Kubernetes Control Plane). Iyo master node ine akati wandei maitiro: kube-apiserver, kube-controller-maneja uye kube-scheduler.

Iyo kube-scheduler process ine basa rekuongorora mapodhi achangobva kugadzirwa uye kutsvaga anogoneka evashandi manode anoenderana nezvose zvikumbiro zvepod, kusanganisira huwandu hwezviwanikwa zvakakumbirwa. Rondedzero yemanode inowanikwa ne kube-scheduler inoiswa. Iyo pod yakarongwa pane node ine zvibodzwa zvepamusoro.

Ko Pod yepepuru ichaiswa kupi?

Mumufananidzo unogona kuona kuti kube-scheduler inofanirwa kuronga itsva yepepuru Pod. Iyo Kubernetes cluster ine node mbiri: A uye B. Sezvauri kuona, kube-scheduler haigone kuronga Pod pane node A - inowanikwa (isina kukumbirwa) zviwanikwa hazvienderane nezvikumbiro zvepepuru Pod. Saka, iyo 1 GB yendangariro yakakumbirwa nepepuru Pod haikwane pane node A, sezvo iripo ndangariro iri 0,5 GB. Asi node B ine zviwanikwa zvakakwana. Nekuda kweizvozvo, kube-scheduler inosarudza kuti kwainoenda yepepuru Pod ndiyo node B.

Iye zvino tava kuziva kuti zviwanikwa zvakakumbirwa zvinokanganisa sei sarudzo yenode yekumhanyisa Pod. Asi chii chinokonzeresa zviwanikwa zvemarginal?

Muganho wekushandisa muganho uyo CPU/MEM haigone kuyambuka. Nekudaro, iyo CPU sosi inoshanduka, saka midziyo inosvika yavo CPU miganho haizokonzerese iyo Pod kubuda. Pane kudaro, CPU throttling inotanga. Kana muganho wekushandisa weMEM wasvikwa, mudziyo unomiswa nekuda kweOOM-Killer uye wotangwazve kana uchibvumidzwa neRestartPolicy kuseta.

Yakakumbirwa uye yakawanda zviwanikwa mune zvakadzama

Resource kutaurirana pakati Docker uye Kubernetes

Nzira yakanakisa yekutsanangura kuti zvikumbiro zvezvishandiso uye miganho yezvishandiso zvinoshanda sei kuunza hukama pakati peKubernetes naDocker. Mumufananidzo uri pamusoro unogona kuona kuti Kubernetes minda uye Docker yekutanga mireza ine hukama.

Memory: chikumbiro uye muganhu

containers:
...
 resources:
   requests:
     memory: "0.5Gi"
   limits:
     memory: "1Gi"

Sezvataurwa pamusoro apa, ndangariro inoyerwa nemabhaiti. Maererano ne Kubernetes zvinyorwa, tinogona kutsanangura ndangariro senhamba. Kazhinji kacho inhamba, semuenzaniso 2678 - kureva, 2678 bytes. Unogonawo kushandisa suffixes G и Gi, chinhu chikuru ndechokuyeuka kuti hazvina kuenzana. Yekutanga idesimali uye yechipiri ibhinari. Kufanana nemuenzaniso unotaurwa mune k8s zvinyorwa: 128974848, 129e6, 129M, 123Mi - dzinenge dzakaenzana.

Kubernetes sarudzo limits.memory zvinoenderana nemureza --memory kubva kuDocker. In case of request.memory Iko hakuna museve weDocker nekuti Docker haashandise iyi ndima. Unogona kubvunza, izvi zvinotodiwa here? Hongu zvinoda. Sezvandambotaura, munda une basa kuKubernetes. Zvichienderana neruzivo kubva kwairi, kube-scheduler inosarudza pane node yekuronga iyo Pod.

Chii chinoitika kana iwe ukaisa ndangariro isina kukwana yechikumbiro?

Kana chigadziko chasvika pamiganhu yeyeuchidzo yakakumbirwa, ipapo Pod inoiswa muboka rePods rinomira kana pasina chiyeuchidzo chakakwana mune node.

Chii chinoitika kana iwe ukaseta muganho wendangariro wakaderera zvakanyanya?

Kana mudziyo ukapfuura muganho wekurangarira, unomiswa nekuda kweOOM-Kuurayiwa. Uye ichatangazve kana zvichibvira zvichibva paRestartPolicy uko kukosha kwacho kuri Always.

Chii chinoitika kana ukasatsanangura ndangariro yakakumbirwa?

Kubernetes inotora muganho kukosha uye kuimisa seyakanyanya kukosha.

Chii chingaitika kana ukasataura muganhu wendangariro?

Iyo mudziyo haina zvirambidzo; inogona kushandisa yakawanda ndangariro sezvainoda. Kana akatanga kushandisa ese aripo ndangariro yenode, ipapo OOM inomuuraya. Iyo mudziyo inozotangwazve kana zvichibvira zvichibva paRestartPolicy.

Chii chinoitika kana ukasataura miganhu yendangariro?

Iyi ndiyo yakaipisisa mamiriro ezvinhu: mugadziri haazive kuti zvingani zviwanikwa izvo mudziyo unoda, uye izvi zvinogona kukonzera matambudziko akakomba pane node. Mune ino kesi, zvingave zvakanaka kuve neyakagadzika miganho pane iyo namespace (yakaiswa neLimitRange). Iko hakuna miganho yakasarudzika - iyo Pod haina miganhu, inogona kushandisa yakawanda ndangariro sezvainoda.

Kana iyo yakakumbirwa ndangariro inopfuura iyo node inogona kupa, iyo Pod haizorongwa. Zvakakosha kuyeuka izvozvo Requests.memory - kwete iyo shoma kukosha. Iyi irondedzero yehuwandu hwendangariro inokwana kuchengetedza gaba richishanda risingaperi.

Inowanzokurudzirwa kuisa kukosha kwakafanana request.memory и limit.memory. Izvi zvinovimbisa kuti Kubernetes haizoronga Pod pane node ine ndangariro yakakwana yekumhanyisa iyo Pod asi isingakwane kuimhanyisa. Ramba uchifunga: Kubernetes Pod kuronga kunongofunga chete requests.memoryuye limits.memory hazvirangariri.

CPU: chikumbiro uye muganho

containers:
...
 resources:
   requests:
     cpu: 1
   limits:
     cpu: "1200m"

NeCPU zvese zvakatonyanya kuoma. Kudzokera kumufananidzo wehukama pakati peKubernetes naDocker, unogona kuona izvozvo request.cpu соответствck --cpu-shares, nepo limit.cpu zvinoenderana nemureza cpus muDocker.

Iyo CPU inokumbirwa naKubernetes inopetwa ne1024, chikamu cheCPU kutenderera. Kana iwe uchida kukumbira 1 yakazara core, unofanira kuwedzera cpu: 1sezvaratidzwa pamusoro.

Kukumbira kernel yakazara (chikamu = 1024) hazvireve kuti mudziyo wako uchachigamuchira. Kana muchina wako wekugamuchira uchingove nemusimboti mumwe chete uye urikumhanyisa chigaba chinopfuura chimwe, saka midziyo yese inofanira kugovera iyo CPU iripo pakati pavo. Izvi zvinoitika sei? Ngatitarisei pamufananidzo.

CPU Chikumbiro - Single Core System

Ngatimbofungidzira kuti une imwechete-core host system inomhanyisa midziyo. Amai (Kubernetes) vakabika pie (CPU) uye vanoda kuipatsanura pakati pevana (midziyo). Vana vatatu vanoda pie yakazara (chikamu = 1024), mumwe mwana anoda hafu yepai (512). Amai vanoda kuita zvakanaka uye vanoita masvomhu ari nyore.

# Сколько пирогов хотят дети?
# 3 ребенка хотят по целому пирогу и еще один хочет половину пирога
cakesNumberKidsWant = (3 * 1) + (1 * 0.5) = 3.5
# Выражение получается так:
3 (ребенка/контейнера) * 1 (целый пирог/полное ядро) + 1 (ребенок/контейнер) * 0.5 (половина пирога/половина ядра)
# Сколько пирогов испечено?
availableCakesNumber = 1
# Сколько пирога (максимально) дети реально могут получить?
newMaxRequest = 1 / 3.5 =~ 28%

Kubva pakuverenga, vana vatatu vachagamuchira 28% yepakati, uye kwete iyo yose. Mwana wechina achawana 14% yekernel yakazara, kwete hafu. Asi zvinhu zvichave zvakasiyana kana uine multi-core system.

CPU Chikumbiro - Multi-Core (4) System

Mumufananidzo uri pamusoro apa unogona kuona kuti vana vatatu vanoda pie yose, uye mumwe anoda hafu. Sezvo amai vakabika mapai mana, mumwe nemumwe wevana vavo achawana akawanda sezvavanoda. Mune akawanda-musimboti system, processor zviwanikwa zvinogoverwa kune ese anowanikwa processor cores. Kana mudziyo wakaganhurirwa kune isingasviki imwechete yakazara CPU musimboti, unogona kuishandisa pa100%.

Iwo maverengero ari pamusoro akarerutswa kuti unzwisise kuti CPU inogovaniswa sei pakati pemidziyo. Ehe, kunze kwemidziyo pachayo, kune mamwe maitiro anoshandisawo CPU zviwanikwa. Kana maitiro ari mumudziyo mumwe asina basa, vamwe vanogona kushandisa sosi yayo. CPU: "200m" соответствck CPU: 0,2, zvinoreva inenge 20% yeimwe core.

Zvino ngatitaure nezvazvo limit.cpu. Iyo CPU inoganhurwa naKubernetes inopetwa nezana. Mhedzisiro yacho ndeyenguva iyo mudziyo unogona kushandisa 100 µs yega.cpu-period).

limit.cpu inofanana nemureza weDocker --cpus. Uyu musanganiswa mutsva wekare --cpu-period и --cpu-quota. Nekuchigadzika, tinoratidza kuti mangani aripo CPU zviwanikwa izvo mudziyo unogona kushandisa zvakanyanya kusati kwatanga throttling:

• cpus - musanganiswa cpu-period и cpu-quota. cpus = 1.5 zvakaenzana nekuisa cpu-period = 100000 и cpu-quota = 150000;
• CPU-nguva - nguva CPU CFS scheduler, default 100 microseconds;
• cpu-quota - nhamba ye microseconds mukati cpu-period, iyo yakasungwa nemudziyo.

Chii chinoitika kana iwe ukaisa isina kukwana yakakumbirwa CPU?

Kana iyo mudziyo ichida kupfuura yayakaisa, inoba CPU kubva kune mamwe maitiro.

Chii chinoitika kana iwe ukaseta CPU muganho wakaderera zvakanyanya?

Sezvo iyo CPU sosi ichichinjika, throttling inovhura.

Chii chinoitika kana ukasatsanangura chikumbiro cheCPU?

Sezvakaita nendangariro, kukosha kwekukumbira kwakaenzana nemuganhu.

Chii chinoitika kana ukasataura muganho weCPU?

Iyo mudziyo ichashandisa yakawanda CPU sezvainoda. Kana iyo default CPU mutemo (LimitRange) ichitsanangurwa munzvimbo yezita, saka muganhu uyu unoshandiswawo kune mudziyo.

Chii chinoitika kana ukasatsanangura chero chikumbiro kana CPU muganho?

Sekurangarira, iyi ndiyo yakaipisisa mamiriro ezvinhu. Iye anoronga haazive kuti zvingani zviwanikwa zvemudziyo wako zvinoda, uye izvi zvinogona kukonzera matambudziko akakomba pane node. Kuti udzivise izvi, unofanirwa kuseta miganho yakasarudzika yemazita (LimitRange).

Rangarira: kana iwe ukakumbira yakawanda CPU kupfuura iyo node inogona kupa, iyo Pod haizorongwa. Requests.cpu - kwete iyo shoma kukosha, asi kukosha kwakakwana kutanga Pod uye kushanda pasina kukundikana. Kana iyo application ikasaita maverengero akaomarara, yakanakisa sarudzo ndeyekuisa request.cpu <= 1 uye vhura replicas dzakawanda sezvinodiwa.

Yakanaka huwandu hwezvakakumbirwa zviwanikwa kana resource muganho

Takadzidza nezvekuganhurwa kwezviwanikwa zvekombuta. Iye zvino yave nguva yekupindura mubvunzo: "Zvingani zviwanikwa izvo Pod yangu inoda kumhanyisa application pasina matambudziko? Ndeipi mari yakakodzera?

Zvinosuruvarisa, hapana mhinduro dzakajeka kumibvunzo iyi. Kana iwe usingazive kuti application yako inoshanda sei kana kuti yakawanda sei CPU kana ndangariro yainoda, yakanakisa sarudzo ndeyekupa iyo application yakawanda ndangariro uye CPU wobva wamhanyisa bvunzo dzekuita.

Pamusoro pebvunzo dzekuita, tarisa maitiro echishandiso mukutarisa kwevhiki. Kana magirafu achiratidza kuti application yako iri kushandisa zviwanikwa zvishoma pane zvawakumbira, unogona kuderedza huwandu hweCPU kana ndangariro yakakumbirwa.

Somuenzaniso ona izvi Grafana dashboard. Inoratidza mutsauko pakati pezvakakumbirwa zviwanikwa kana resource muganho uye yazvino zviwanikwa kushandiswa.

mhedziso

Kukumbira uye kudzikisira zviwanikwa kunobatsira kuchengeta yako Kubernetes cluster ine hutano. Kugadziriswa kwemuganho kwakaringana kunoderedza mutengo uye kunoita kuti maapplication arambe achimhanya nguva dzese.

Muchidimbu, pane zvinhu zvishoma zvekuchengeta mupfungwa:

1. Yakakumbirwa zviwanikwa igadziriso inotariswa panguva yekutanga (apo Kubernetes inoronga kuitisa application). Mukupesana, kudzikisira zviwanikwa kwakakosha panguva yekumhanya-apo application yave kutoshanda pane node.
2. Kuenzaniswa nendangariro, iyo CPU inzvimbo yakadzorwa. Kana pasina CPU yakakwana, Pod yako haizovharike uye iyo throttling mechanism ichabatika.
3. Yakakumbirwa zviwanikwa uye resource muganho hausi hushoma uye hwakanyanya kukosha! Nekutsanangura zviwanikwa zvakakumbirwa, unova nechokwadi chekuti application yacho inomhanya pasina matambudziko.
4. Tsika yakanaka kuseta chikumbiro chendangariro chakaenzana nemuganhu wendangariro.
5. Ok install wakumbira CPU <=1, kana iyo application isingaite macalculation akaomarara.
6. Kana iwe ukakumbira zvimwe zviwanikwa pane zviripo pane node, iyo Pod haizombofa yakarongwa kune iyo node.
7. Kuti uone huwandu hwakakodzera hwezviwanikwa zvakakumbirwa / zviwanikwa zviwanikwa, shandisa kuyera kuyerwa uye kutarisa.

Ndinovimba chinyorwa ichi chinokubatsira kuti unzwisise iyo yakakosha pfungwa yekumisikidza zviwanikwa. Uye unozogona kushandisa ruzivo urwu mubasa rako.

Good luck!

Zvimwe zvekuverenga:

1. SRE Kucherechedzwa: Nzvimbo dzeMazita uye Metric Chimiro.
2. 90+ maturusi anobatsira eKubernetes: kuendesa, manejimendi, kutarisa, kuchengetedza uye nezvimwe.
3. Yedu chiteshi Around Kubernetes muTeregiramu.

Source: www.habr.com