🥇Kubernetes 1.16: pfupiso yezvakanyanya kuvandudzwa

Nhasi, Chitatu, zvichaitika kuburitswa kunotevera kweKubernetes - 1.16. Zvinoenderana netsika yakagadziridzwa yebhurogu yedu, ino inguva yegumi yemakore yatiri kutaura nezve shanduko dzakakosha mushanduro itsva.

Ruzivo rwakashandiswa kugadzira chinyorwa ichi rwunotorwa kubva Kubernetes inosimudzira yekutevera matafura, CHANGELOG-1.16 uye zvine chekuita nenyaya, zvikumbiro zvekudhonza, uye Kubernetes Enhancement Proposals (KEP). Saka, handei! ..

Node

Nhamba yakakura zvechokwadi yezvitsva zvinozivikanwa (mune alpha vhezheni chimiro) inoratidzwa padivi peK8s cluster nodes (Kubelet).

Kutanga, izvo zvinonzi «ephemeral midziyo» (Ephemeral Containers), yakagadzirirwa kurerutsa maitiro ekugadzirisa mumapods. Iyo nyowani meshini inobvumidza iwe kuvhura yakakosha midziyo inotanga munzvimbo yemazita emapodhi aripo uye kurarama kwenguva pfupi. Chinangwa chavo ndechekudyidzana nemamwe mapodhi nemidziyo kuitira kugadzirisa chero matambudziko uye debug. Murairo mutsva waitwa pachinhu ichi kubectl debug, zvakafanana pakureva kubectl exec: chete pachinzvimbo chekumhanyisa maitiro mumudziyo (semu exec) inoburitsa mudziyo mupodhi. Semuenzaniso, uyu murairo uchabatanidza mudziyo mutsva kune pod:

kubectl debug -c debug-shell --image=debian target-pod -- bash

Ruzivo nezve ephemeral midziyo (uye mienzaniso yekushandiswa kwavo) inogona kuwanikwa mukati zvinoenderana KEP. Kuitwa kwazvino (muK8s 1.16) ivhezheni yealpha, uye pakati pemaitiro ekuchinjisa kune beta vhezheni "kuyedza Ephemeral Containers API kuti ingangoita maviri aburitswa e [Kubernetes]."

NB: Muhunhu hwayo uye kunyangwe zita rayo, chimiro chakafanana nechekare plugin kubectl-debugpamusoro pazvo isu kare akanyora. Zvinotarisirwa kuti nekuuya kwe ephemeral containers, kugadzirwa kweimwe plugin yekunze kwakasiyana kunopera.

Imwe innovation - PodOverhead - yakagadzirirwa kupa nzira yekuverenga mari yepamusoro yemapods, iyo inogona kusiyana zvakanyanya zvichienderana nenguva yekumhanya inoshandiswa. Somuenzaniso, vanyori iyi KEP mhedzisiro muKata Containers, inoda kumhanya muenzi kernel, kata mumiriri, init system, nezvimwe. Kana kumusoro kukava hombe, haigone kufuratirwa, zvinoreva kuti panofanirwa kuve nenzira yekuzvifunga nezve mamwe maquotas, kuronga, nezvimwe. Kurishandisa mukati PodSpec munda wakawedzerwa Overhead *ResourceList (inoenzanisa ne data in RuntimeClass, kana imwe yakashandiswa).

Imwe tsvakiridzo yakakurumbira ndeye node topology maneja (Node Topology Maneja), yakagadzirirwa kubatanidza nzira yekugadzirisa zvakanaka kugoverwa kwezviwanikwa zvehardware zvezvikamu zvakasiyana muKubernetes. Ichi chirongwa chinofambiswa nekukura kuri kuda kweakasiyana masisitimu emazuva ano (kubva kundima yenharembozha, kudzidza muchina, masevhisi emari, nezvimwewo) zvemhando yepamusoro-performance parallel computing uye kuderedza kunonoka mukuita mashandiro, ayo avanoshandisa advanced CPU uye. Hardware acceleration kugona. Kugadziridzwa kwakadaro muKubernetes kusvika parizvino kwave kuwanikwa nekuda kwekusiyana kwezvikamu (CPU maneja, Chishandiso maneja, CNI), uye ikozvino ivo vanozowedzerwa imwe yemukati interface inobatanidza nzira uye kurerutsa kubatana kweiyo mitsva yakafanana - inonzi topology- kuziva - zvikamu paKubelet side. Details - in zvinoenderana KEP.

Topology Maneja Chikamu Dhiyagiramu

Chinotevera chimiro - kutarisa midziyo pavanenge vachimhanya (kutanga probe). Sezvaunoziva, kune midziyo inotora nguva yakareba kuti itange, zvakaoma kuwana chimiro chemazuva ano: vanogona "kuurayiwa" vasati vatanga kushanda, kana kuti vanoguma vafa kwenguva refu. Cheki nyowani (inogoneswa kuburikidza negedhi remhando inonzi StartupProbeEnabled) inokanzura - kana kuti, inononoka - mhedzisiro yeimwe cheki kusvika panguva iyo pod yapedza kushanda. Nechikonzero ichi, chimiro chakadanwa pakutanga pod-kutanga liveness-probe holdoff. Kune mapodhi anotora nguva yakareba kutanga, unogona kuvhota nyika munguva pfupi pfupi.

Pamusoro pezvo, kuvandudzwa kweRuntimeClass kunobva kwawanikwa mubeta chimiro, ichiwedzera rutsigiro rwe "heterogeneous clusters". C RuntimeClass Kuronga Ikozvino hazvitombodi kuti imwe node ive nerutsigiro kune yega yega RuntimeClass: kune pods unogona kusarudza RuntimeClass usinga funge nezve cluster topology. Kare, kuita izvi - kuitira kuti mapodhi apedzisire pane node nerutsigiro rwezvese zvavanoda - zvaive zvakafanira kupa mitemo yakakodzera kuNodeSelector uye kushivirira. IN CAP Inotaura nezvemienzaniso yekushandisa uye, hongu, ruzivo rwekuita.

Network

Zvinhu zviviri zvakakosha zvetiweki zvakaonekwa kekutanga (mune alpha vhezheni) muKubernetes 1.16 ndeidzi:

tsigira mbiri network stack - IPv4/IPv6 - uye "kunzwisisa" kwayo kunoenderana pamwero wepods, node, masevhisi. Inosanganisira IPv4-kune-IPv4 uye IPv6-ku-IPv6 kudyidzana pakati pemapods, kubva kumapodhi kuenda kune ekunze masevhisi, mareferensi masevhisi (mukati meBridge CNI, PTP CNI uye Host-Local IPAM plugins), pamwe nereverse Inoenderana neKubernetes masumbu ari kushanda. IPv4 kana IPv6 chete. Tsanangudzo dzekuita dzirimo CAP.
Muenzaniso wekuratidza IP kero dzemhando mbiri (IPv4 uye IPv6) mune rondedzero yemapods:
```
kube-master# kubectl get pods -o wide
NAME               READY     STATUS    RESTARTS   AGE       IP                          NODE
nginx-controller   1/1       Running   0          20m       fd00:db8:1::2,192.168.1.3   kube-minion-1
kube-master#
```
New API yeEndpoint - Purogiramu inonzi EndpointSlice. Inogadzirisa nyaya dzekuita / scalability dzeiyo iripo Endpoint API inobata zvikamu zvakasiyana-siyana mukudzora-ndege (apiserver, etcd, endpoints-controller, kube-proxy). Iyo API nyowani ichawedzerwa kuboka reDiscovery API uye ichakwanisa kushandira makumi ezviuru zvemashure ekupedzisira pane imwe neimwe sevhisi musumbu rine zviuru zvemanodhi. Kuti uite izvi, Sevhisi yega yega inomepu kune N zvinhu EndpointSlice, imwe neimwe iyo nekusarudzika haina anopfuura zana emagumo (ukoshi hunogadziriswa). Iyo EndpointSlice API ichapawo mikana yekuvandudza kwayo kweramangwana: rutsigiro rweakawanda IP kero kune yega pod, nyika nyowani dzemagumo (kwete chete. Ready и NotReady), dynamic subsetting yemagumo.

Iyo inoratidzwa mukuburitswa kwekupedzisira yasvika pabeta vhezheni finalizer, zita service.kubernetes.io/load-balancer-cleanup uye yakabatanidzwa kune imwe neimwe sevhisi ine mhando LoadBalancer. Panguva yekudzima sevhisi yakadaro, inodzivirira kubviswa chaiko kweiyo sosi kusvikira "kuchenesa" kwese kwakakodzera zviwanikwa zvebalancer kwapera.

API Michina

Iyo chaiyo "kudzikamisa chiitiko" iri munzvimbo yeKubernetes API server uye kudyidzana nayo. Izvi zvakaitika zvakanyanya thanks to kuendesa kunzvimbo yakagadzikana avo vasingadi sumo yakakosha CustomResourceDefinitions (CRD), iyo yanga iine beta mamiriro kubvira mazuva ari kure eKubernetes 1.7 (uye uyu ndiChikumi 2017!). Kudzikamisa kwakafanana kwakauya kune zvine hukama maficha:

"subresources" со /status и /scale yeCustomResources;
kutendeuka shanduro dzeCRD, zvichibva pawebhook yekunze;
ichangoburwa (muK8s 1.15) default values (defaulting) uye otomatiki munda kubviswa (kuchekerera) yeCustomResources;
mukana uchishandisa OpenAPI v3 schema kugadzira uye kuburitsa OpenAPI zvinyorwa zvinoshandiswa kusimbisa CRD zviwanikwa padivi reseva.

Imwe nzira yagara ichizivikanwa nevakuru veKubernetes: admission webhook - yakaramba iri mubeta kwenguva yakareba (kubvira K8s 1.9) uye ikozvino yakanzi yakagadzikana.

Mamwe maficha maviri asvika pabeta: server-side shandisa и tarisa mabhukumaki.

Uye iyo chete yakakosha hunyanzvi mune alpha vhezheni yaive kuramba от SelfLink - yakakosha URI inomiririra chinhu chakataurwa uye kuve chikamu che ObjectMeta и ListMeta (kureva chikamu chechero chinhu muKubernetes). Sei vachiirasa? Kukurudzira nenzira iri nyore kurira sekushaikwa kwezvikonzero zvechokwadi (zvakakura) zvekuti munda uyu urambe uripo. Zvimwe zvikonzero zvepamutemo ndezvekukwidziridza mashandiro (nekubvisa munda usina kufanira) uye kurerutsa basa reiyo generic-apiserver, iyo inomanikidzwa kubata munda wakadaro nenzira yakakosha (iyi ndiyo yega ndima yakagadzwa pamberi pechinhu. iri serialized). Chokwadi kupera (mukati mebeta) SelfLink zvichaitika neKubernetes vhezheni 1.20, uye yekupedzisira - 1.21.

Dhata yekuchengetedza

Basa guru munzvimbo yekuchengetera, sekuburitswa kwakapfuura, rinoonekwa munzvimbo CSI rutsigiro. Shanduko huru apa dzaive:

kekutanga (mune alpha vhezheni) akaonekwa CSI plugin rutsigiro rweWindows worker node: iyo yazvino nzira yekushanda nekuchengetedza ichatsiva mu-muti plugins muKubernetes core uye FlexVolume plugins kubva kuMicrosoft yakavakirwa paPowershell;

Scheme yekushandisa CSI plugins muKubernetes yeWindows
mukana kuchinja mavhoriyamu eCSI, yakaunzwa kumashure muK8s 1.12, yakakura kusvika kune beta vhezheni;
"Kusimudzira" kwakafanana (kubva ku alpha kuenda ku beta) kwakave nekugona kushandisa CSI kugadzira ephemeral volumes (CSI Inline Volume Support).

Yakaunzwa mune yakapfuura vhezheni yeKubernetes vhoriyamu cloning basa (uchishandisa iripo PVC se DataSource kugadzira PVC itsva) zvakare yakagamuchira beta mamiriro.

scheduler

Shanduko mbiri dzinozivikanwa pakuronga (zvese zviri mualpha):

EvenPodsSpreading - mukana shandisa mapodhi panzvimbo yezvishandiso zvine musoro zve "kugovera kwakanaka" kwemitoro (seDeployment uye ReplicaSet) uye kugadzirisa kugovera uku (sechinhu chakaoma chinodiwa kana sechimiro chakapfava, i.e. pamberi). Iyo ficha ichawedzera iripo yekugovera kugona kweakarongwa mapodhi, parizvino akaganhurirwa nesarudzo PodAffinity и PodAntiAffinity, kupa vatariri kutonga kwakanaka mune iyi nyaya, zvinoreva kuti zvirinani kuwanikwa kwepamusoro uye nekushandisa zviwanikwa. Details - in CAP.
Shandisa BestFit Policy в YakakumbirwaToCapacityRatio Yekutanga Basa panguva yekuronga pod, izvo zvinobvumira shandisa bin kurongedza ("kurongedza mumidziyo") kune ese ari maviri zviwanikwa (processor, memory) uye akawedzera (seGPU). Kuti uwane rumwe ruzivo, ona CAP.

Kuronga mapodhi: usati washandisa yakanakisa fit policy (zvakananga kuburikidza neyakagadzika scheduler) uye nekushandiswa kwayo (kuburikidza ne scheduler extender)

Mukuwedzera, yakaunzwa kugona kugadzira yako wega scheduler plugins kunze kweiyo huru Kubernetes yekuvandudza muti (kunze-kwemuti).

Dzimwe shanduko

Zvakare muKubernetes 1.16 kuburitswa inogona kucherechedzwa initiative for kuunza mametric anowanikwa muhurongwa hwakazara, kana kuti kunyanya, maererano mitemo yepamutemo kuK8s chiridzwa. Ivo vanonyanya kuvimba neinoenderana Prometheus zvinyorwa. Kusawirirana kwakamuka nekuda kwezvikonzero zvakasiyana-siyana (semuenzaniso, mamwe ma metrics akangogadzirwa mirairo yazvino isati yaoneka), uye vagadziri vakafunga kuti yaive nguva yekuunza zvese kune imwechete chiyero, "zvichienderana neimwe yePrometheus ecosystem." Kuitwa kwazvino kwechirongwa ichi kuri mune alpha chimiro, icho chichasimudzirwa zvishoma nezvishoma mune dzinotevera shanduro dzeKubernetes kuita beta (1.17) uye yakagadzikana (1.18).

Mukuwedzera, shanduko dzinotevera dzinogona kucherechedzwa:

Windows support development с chitarisiko Kubeadm zvishandiso zveiyi OS (alpha vhezheni), mukana RunAsUserName yeWindows midziyo (alpha vhezheni), kuvandudzika Group Managed Service Account (gMSA) inotsigira kusvika kune beta vhezheni, kutsigira gomo / batanidza kune vSphere mavhoriyamu.
Recycled data compression mechanism mune API mhinduro. Kare, sefa yeHTTP yaishandiswa nekuda kwezvinangwa izvi, izvo zvaiisa zvirambidzo zvakati kuti zvaitadzisa kugoneswa nekusarudzika. "Transparent chikumbiro compression" ikozvino inoshanda: vatengi kutumira Accept-Encoding: gzip mumusoro, vanogashira mhinduro yeGZIP-yakadzvanywa kana saizi yayo ichipfuura 128 KB. Enda vatengi vanongotsigira kumanikidza (kutumira inodiwa musoro), saka ivo vanobva vangoona kudzikiswa kwetraffic. (Kugadziridza zvishoma kungadikanwa kune mimwe mitauro.)
Zvakakwanisika kuyera HPA kubva/kusvika zero pods zvichibva pane ekunze metrics. Kana iwe ukayera zvichibva pane zvinhu / ekunze metrics, saka kana basa rakawandisa unokwanisa kuyera otomatiki kusvika ku0 replicas kuchengetedza zviwanikwa. Ichi chimiro chinofanirwa kunyanya kubatsira kune zviitiko apo vashandi vanokumbira zviwanikwa zveGPU, uye huwandu hwemhando dzakasiyana dzevashandi vasina basa hunodarika huwandu hwemaGPU aripo.
Mutengi mutsva - k8s.io/client-go/metadata.Client - ye "generalized" kuwana zvinhu. Yakagadzirwa kuti itore nyore metadata (kureva chidimbu metadata) kubva kune zviwanikwa zvemapoka uye kuita kuunganidza marara uye quota maoperation navo.
Vaka Kubernetes zvino unogona pasina nhaka ("yakavakirwa-mukati" mu-muti) gore vanopa (alpha vhezheni).
Kubeadm utility akawedzera kuyedza (alpha vhezheni) kugona kushandisa gadzirisa zvigamba panguva yekushanda init, join и upgrade. Dzidza zvakawanda pamusoro pekushandisa mureza --experimental-kustomize, ona mu CAP.
Nzvimbo itsva yekupedzisira ye apiserver - readyz, - inokubvumira kutumira kunze ruzivo pamusoro pekugadzirira kwayo. Iyo API server zvakare ikozvino ine mureza --maximum-startup-sequence-duration, zvichikubvumidza kuti udzore kutanga kwayo.
Two zvinhu zveAzure yakaziviswa yakagadzikana: rutsigiro nzvimbo dzinowanikwa (Kuwanikwa Nzvimbo) uye cross resource group (RG). Mukuwedzera, Azure yakawedzera:
- kutsigira kwechokwadi AAD uye ADFS;
- tsumo service.beta.kubernetes.io/azure-pip-name kutsanangura IP yeruzhinji yemuyero wemutoro;
- mukana zvirongwa LoadBalancerName и LoadBalancerResourceGroup.
AWS ikozvino ine kutsigira yeEBS paWindows uye optimized EC2 API inofona DescribeInstances.
Kubeadm yave kuzvimiririra migrates CoreDNS kumisikidzwa paunenge uchivandudza iyo CoreDNS vhezheni.
Binaries nezvimwewo mune inoenderana Docker mufananidzo yakagadzirwa world-executable, iyo inokutendera kuti umhanye mufananidzo uyu pasina kudiwa kwekodzero dzemidzi. Zvakare, etcd kutama mufananidzo akamira etcd2 vhezheni rutsigiro.
В Cluster Autoscaler 1.16.0 yakachinjirwa kushandisa distroless seyakadzika mufananidzo, yakagadziridzwa mashandiro, yakawedzera vatsva vanopa gore (DigitalOcean, Magnum, Packet).
Zvigadziriso mumapurogiramu anoshandiswa/anotsamira: Enda 1.12.9, etcd 3.3.15, CoreDNS 1.6.2.

PS

Verenga zvakare pablog yedu:

Source: www.habr.com

Kubernetes 1.16: mhedziso yehukuru hutsva