Kubernetes 1.17: mhedziso yehukuru hutsva

Nezuro, Zvita 9, zvakaitika kuburitswa kunotevera kweKubernetes - 1.17. Zvinoenderana netsika yakagadziridzwa kune yedu blog, tinotaura nezve shanduko dzakakosha mushanduro itsva.

Ruzivo rwakashandiswa kugadzirira chinyorwa ichi rwunotorwa kubva pachiziviso chepamutemo, Kubernetes inosimudzira yekutevera matafura, CHANGELOG-1.17 uye zvine chekuita nenyaya, zvikumbiro zvekudhonza, uye Kubernetes Enhancement Proposals (KEP). Saka, chii chitsva? ..

Topology-inoziva nzira

Nharaunda yeKubernetes yanga yakamirira ichi chimiro kwenguva yakareba - Topology-inoziva sevhisi nzira. kana CAP inotanga muna Gumiguru 2018, uye mukuru Kukurudzira - 2 makore apfuura, zvakajairika nyaya (sa izvozvo) - uye makore mashoma apfuura ...

Pfungwa yakajairika ndeyekupa kugona kuita "yenzvimbo" nzira yemasevhisi anogara muKubernetes. "Nzvimbo" munyaya iyi zvinoreva "mwero wepamusoro wepamusoro" (topology level), izvo zvinogona kuva:

• node yakafanana nemasevhisi,
• iyo yakafanana server rack,
• nzvimbo imwe chete
• mupi mumwe chete wegore,
• ...

Mienzaniso yekushandisa chimiro ichi:

• kuchengetedza patraffic mukumisikidzwa kwegore neakawanda anowanikwa nzvimbo (yakawanda-AZ) - ona. mufananidzo mutsva kushandisa muenzaniso wemotokari kubva kunharaunda imwe chete, asi yakasiyana AZs muAWS;
• kuderera kwekuita latency / zvirinani throughput;
• sevhisi yakaomeswa ine ruzivo rwemunharaunda nezve node mune imwe neimwe shard;
• kuiswa kwechitsetse (kana analogues) pane imwechete node nemashandisirwo ane matanda anounganidzwa;
• ...

Nzira yakadaro, iyo "inoziva" nezve topology, inonziwo network affinity - nekuenzanisa node affinity, pod affinity/anti-affinity kana kuoneka kwete kare Topology-Aware Volume Kuronga (uye Kugovera Vhoriyamu) Chiyero chezvino chekuita ServiceTopology muKubernetes - alpha vhezheni.

Kuti uwane ruzivo rwekuti iyo ficha inoshanda sei uye kuti iwe unogona kutoishandisa sei, verenga ichi chinyorwa kubva kune mumwe wevanyori.

IPv4/IPv6 dual stack rutsigiro

Kufambira mberi kwakakosha fixed mune imwe network ficha: panguva imwe chete tsigiro yeaviri IP stacks, iyo yakatanga kuunzwa mukati K8s 1.16. Kunyanya, kuburitswa kutsva kwakaunza shanduko dzinotevera:

• mu kube-proxy itwa mukana wekushanda panguva imwe chete mune ese maviri modes (IPv4 uye IPv6);
• в Pod.Status.PodIPs akaonekwa rutsigiro rwekudzika API (panguva imwe chete semu /etc/hosts ikozvino vanoda kuti mugadziri awedzere IPv6 kero);
• dual stack rutsigiro RUDO (Kubernetes IN Docker) uye kubeadm;
• yakagadziridzwa e2e bvunzo.

Mufananidzo uchishandisa mbiri mbiri IPV4/IPv6 muKIND

Kufambira mberi paCSI

Yakanzi yakagadzikana topology rutsigiro yeCSI-based storage, yakatanga kuunzwa mukati K8s 1.12.

Initiative ye kutama kwevhoriyamu plugins kuenda kuCSI - CSI Kutama - yakasvika beta vhezheni. Ichi chinhu chakakosha kuitira kushandura maplugins ekuchengetera aripo (mumuti) kune yazvino interface (CSI, kunze kwemuti) zvisingaonekwe kune Kubernetes yekupedzisira vashandisi. Cluster administrators vachangoda kugonesa CSI Migration, mushure mezvo zviwanikwa zviripo zvehurumende uye mabasa acharamba "achingoshanda" ... asi kushandisa madhiraivha eCSI achangoburwa panzvimbo yeakare akabatanidzwa muKubernetes core.

Parizvino, kutama kwevatyairi veAWS EBS kwakagadzirira mubeta vhezheni (kubernetes.io/aws-ebs) uye GCE PD (kubernetes.io/gce-pd) Forecast kune dzimwe nzvimbo dzekuchengetera ndeidzi:

Takataura nezve "tsika" yekuchengetedza rutsigiro muK8s yakauya kuCSI mukati ichi chinyorwa. Uye shanduko yeCSI kutama kuenda kune beta chinzvimbo yakatsaurirwa kudhindwa kwakasiyana pane blog yeprojekiti.

Pamusoro pezvo, kumwe kushanda kwakakosha muchimiro cheCSI, chinotanga (alpha kuita) muK1.17s 8, chakasvika pabeta (kureva kuti inogoneswa nekusarudzika) muKubernetes 1.12 kuburitswa - kugadzira snapshots uye kupora kubva kwavari. Pakati peshanduko dzakaitwa Kubernetes Vhoriyamu Snapshot munzira yekuburitsa beta:

• kupatsanura iyo CSI yekunze-snapshotter sidecar kuita maviri controller,
• akawedzera chakavanzika chekudzimwa (chakavanzika chekudzima) sechirevo kune zviri mukati mevhoriyamu snapshot,
• new finalizer (mupedzisi) kudzivirira iyo snapshot API chinhu kubva pakudzimwa kana paine chasara chinongedzo.

Panguva yekuburitswa 1.17, chimiro chinotsigirwa nevatyairi vatatu veCSI: GCE Persistent Disk CSI Driver, Portworx CSI Driver uye NetApp Trident CSI Driver. Mamwe mashoko pamusoro pekushandiswa kwayo uye kushandiswa anogona kuwanikwa mukati chinyorwa ichi pa blog.

Cloud Provider Labels

Mazita izvo zvoga yakagoverwa kune akagadzirwa node uye mavhoriyamu zvichienderana neyakashandiswa gore rinopa, yave iripo muKubernetes seye beta vhezheni kwenguva yakareba - kubva pakaburitswa K8s 1.2 (Kubvumbi 2016!). Tichifunga kushandiswa kwavo kwakapararira kwenguva yakareba, vagadziri akasarudza, kuti yave nguva yekuzivisa chimiro chakagadzikana (GA).

Naizvozvo, ese akatumidzwa zita zvinoenderana (netopology):

• beta.kubernetes.io/instance-type → node.kubernetes.io/instance-type
• failure-domain.beta.kubernetes.io/zone → topology.kubernetes.io/zone
• failure-domain.beta.kubernetes.io/region → topology.kubernetes.io/region

... asi vachiri kuwanikwa pasi pemazita avo ekare (kumashure kunoenderana). Nekudaro, vese maneja vanokurudzirwa kuti vachinjire kune azvino mavara. Related Documentation K8s yakagadziridzwa.

Yakagadzirwa kubuda kwe kubeadm

Yakapihwa mushanduro yealpha kekutanga yakarongeka yakabuda yeiyo kubeadm utility. Mafomati anotsigirwa: JSON, YAML, Go template.

Kukurudzira kuita ichi chimiro (maererano ne CAP) ndizvo:

Nepo Kubernetes inogona kuisirwa nemaoko, iyo de facto (kana isiri de jure) yakajairwa yekuvhiya uku ndeye kushandisa kubeadm. Yakakurumbira masisitimu manejimendi maturusi seTerraform anovimba nekubeadm yeKubernetes kutumirwa. Kuvandudzwa kwakarongwa kuCluster API kunosanganisira compostable package yeKubernetes bootstrapping ine kubeadm uye cloud-init.

Pasina yakarongeka yakabuda, kunyangwe iyo isingakuvadzi shanduko pakutanga kutarisa inogona kutyora Terraform, Cluster API uye imwe software inoshandisa mhedzisiro yekubeadm.

Zvirongwa zvedu zvekukurumidza zvinosanganisira tsigiro (muchimiro cheyakagadzirwa kubuda) kune inotevera kubeadm mirairo:

• alpha certs
• config images list
• init
• token create
• token list
• upgrade plan
• version

Mufananidzo wemhinduro yeJSON kune murairo kubeadm init -o json:

{
  "node0": "192.168.20.51:443",
  "caCrt": "sha256:1f40ff4bd1b854fb4a5cf5d2f38267a5ce5f89e34d34b0f62bf335d74eef91a3",
  "token": {
    "id":          "5ndzuu.ngie1sxkgielfpb1",
    "ttl":         "23h",
    "expires":     "2019-05-08T18:58:07Z",
    "usages":      [
      "authentication",
      "signing"
    ],
    "description": "The default bootstrap token generated by 'kubeadm init'.",
    "extraGroups": [
      "system:bootstrappers:kubeadm:default-node-token"
    ]
  },
  "raw": "Rm9yIHRoZSBhY3R1YWwgb3V0cHV0IG9mIHRoZSAia3ViZWFkbSBpbml0IiBjb21tYW5kLCBwbGVhc2Ugc2VlIGh0dHBzOi8vZ2lzdC5naXRodWIuY29tL2FrdXR6LzdhNjg2ZGU1N2JmNDMzZjkyZjcxYjZmYjc3ZDRkOWJhI2ZpbGUta3ViZWFkbS1pbml0LW91dHB1dC1sb2c="
}

Kudzikamiswa kwezvimwe zvitsva

Kazhinji, kuburitswa kweKubernetes 1.17 kwakaitika pasi pe motto "Kugadzikana" Izvi zvakafambiswa nenyaya yekuti akawanda maficha mairi (nhamba yavo yese ndeye 14) yakagamuchira GA chimiro. Pakati pavo:

• "kumaka" node zvinoenderana nemamwe mamiriro (TaintNodesByCondition), akaonekwa mukati K8s 1.8;
• Watch Bookmarks - rudzi rutsva rwezviitiko zvine zita rekuti zvinhu zvese zviri kune imwe vhezheni (resourceVersion) dzakatogadziriswa newachi;
• default values (defaulting) yeCustom Resources;
• zvakagovaniswa pakati pemidziyo mune iyo pod process nzvimbo dzemazita;
• ScheduleDaemonSetPods - kuronga pods muDaemonSet kushandisa kube-scheduler (panzvimbo yeDaemonSet controller);
• dynamic limits pahuwandu hwemavhoriyamu zvichienderana nerudzi rwenode;
• nharaunda chinja tsigiro yemazita edhairekitori akaiswa se subPath;
• Kubelet heartbeats transfer kune yakasarudzika Lease API;
• "Finalizer kudzivirira" (Finalizer Dziviriro) yezviyereso zvemutoro (kutarisa izvo zvinoenderana neSevhisi zviwanikwa usati wadzima LoadBalancer zviwanikwa);
• kube-apiserver optimization mukuita kana uchishanda newachi dzakawanda uchitarisisa seti dzakafanana dzezvinhu - zvinowanikwa nekunzvenga kudzokorora kutevedzana kwezvinhu zvakafanana kune mumwe nemumwe anotarisa.

Dzimwe shanduko

Rondedzero yakazara yezvinyowani muKubernetes 1.17, hongu, haina kuganhurirwa kune idzo dzakanyorwa pamusoro. Heano mamwe mamwe (uye kune rumwe runyorwa ruzere, ona CHANGELOG):

• Chimiro chakaratidzwa mukuburitswa kwekupedzisira chasvika pabeta vhezheni RunAsUserName yemahwindo;
• shanduko yakafanana zvakaitika EndpointSlice API (zvakare kubva kuK8s 1.16), zvisinei ikozvino mhinduro iyi yekuvandudza kushanda / scalability yeEndpoint API haibvumirwi nekusingaperi;
• mapodhi ikozvino akakosha pakushanda kwechikwata inogona kugadzirwa kwete mumazita chete kube-system (kuti uwane ruzivo, ona zvinyorwa zve Chengetedza mashandisirwo eKirasi Yekutanga);
• sarudzo itsva ye kubelet - --reserved-cpus - inobvumidza iwe kutsanangura zvakajeka runyorwa rweCPUs dzakachengeterwa sisitimu;
• nokuti kubectl logs yakaunzwa mureza mutsva --prefix, kuwedzera zita repodhi uye chitubu chemudziyo kumutsara wega wega wegiyo;
• в label.Selector akawedzera RequiresExactMatch;
• midziyo yese mukube-dns vava kumhanya neropafadzo shoma;
• hyperkube yakapatsanurwa mune yakaparadzana GitHub repository uye haichazoverengerwa muKubernetes kuburitswa;
• zvikuru kuvandudzwa kwekuita kube-proxy kune isiri-UDP ports.

Dependency shanduko:

• CoreDNS vhezheni inosanganisirwa mukubeadm ndeye 1.6.5;
• crictl shanduro yakagadziridzwa kuv1.16.1;
• CSI 1.2.0;
• etcd 3.4.3;
• Yazvino yakaedzwa Docker vhezheni yakakwidziridzwa kusvika 19.03;
• Iyo shoma Go vhezheni inodiwa kuvaka Kubernetes 1.17 ndeye 1.13.4.

PS

Verenga zvakare pablog yedu:

• «Kubernetes 1.16: mhedziso yehukuru hutsva";
• «Kubernetes 1.15: mhedziso yehukuru hutsva";
• «Kubernetes 1.14: mhedziso yehukuru hutsva";
• «Kubernetes 1.13: mhedziso yehukuru hutsva".

Source: www.habr.com