Vanhu vazhinji vanotenda kuti zvakakwana kutamisa application kuKubernetes (kungave uchishandisa Helm kana nemaoko) uye ivo vachafara. Asi hazvisi nyore kudaro.
chikwata yakadudzira chinyorwa naDevOps mainjiniya Julian Gindi. Anogovera zvipingamupinyi zvakasangana nekambani yake panguva yekutama kuti usatsike pane imwe reki.
Nhanho yekutanga: Kumisikidza Pod Zvikumbiro uye Miganhu
Ngatitange nekugadzirisa nzvimbo yakachena umo mapodhi edu anomhanya. Kubernetes anoita basa rakakura kuronga mapodhi uye kubata mamiriro ekutadza. Asi zvakazoitika kuti mugadziri dzimwe nguva haagone kuisa pod kana zvakaoma kufungidzira kuti zvingani zviwanikwa zvinoda kushanda zvinobudirira. Apa ndipo panouya zvikumbiro zvezviwanikwa nemiganhu. Pane gakava rakawanda pamusoro penzira yakanakisa yekuisa zvikumbiro nemiganhu. Dzimwe nguva zvinonyatsonzwa senge hunyanzvi kupfuura sainzi. Heino maitiro edu.
Zvikumbiro zvePod - Uku ndiko kukosha kukuru kunoshandiswa neanoronga kuisa zvakanaka podhi.
Of : Nhanho yekusefa inosarudza seti yemanodhi panogona kurongwa podhi. Semuenzaniso, iyo PodFitsResources sefa inotarisa kana node ine zviwanikwa zvakakwana kugutsa zvikumbiro zvepod chaiyo.
Isu tinoshandisa zvikumbiro zvekushandisa kuitira kuti zvigone kushandiswa kufungidzira kuti zvingani zviwanikwa chokwadi Chishandiso chinoda kuti chishande nemazvo. Nenzira iyi mugadziri anogona kuisa node sezvazviri. Pakutanga taida kuisa zvikumbiro zvine margin kuti tive nechokwadi chokuti pod imwe neimwe ine nhamba yakawanda yakakwana yezviwanikwa, asi takaona kuti nguva dzekugadzirisa dzakawedzera zvakanyanya uye mamwe mapodhi haana kumbobvira akanyatsorongwa, sekunge pasina zvikumbiro zvekushandisa zvakagamuchirwa kwavari.
Muchiitiko ichi, mugadziri aigara achisundira kunze mapods uye otadza kuaronga zvakare nekuti ndege yekudzora yakanga isingazive kuti zvingani zviwanikwa izvo application yaizoda, chinhu chakakosha cheiyo algorithm yekuronga.
Pod miganhu - uyu ndiwo muganho wakajeka wepodhi. Inomiririra huwandu hwehuwandu hwezviwanikwa izvo cluster ichagovera kune mudziyo.
Zvakare, kubva : Kana mudziyo une 4 GiB ndangariro muganho wakagadzwa, ipapo kubelet (uye mudziyo runtime) ichaisimbisa. Iyo yekumhanyisa nguva haitenderi mudziyo kushandisa zvinopfuura zvakatarwa zviwanikwa. Semuenzaniso, kana maitirwo ari mumudziyo akaedza kushandisa zvinopfuura mwero unobvumidzwa wendangariro, system kernel inomisa maitiro ne "out of memory" (OOM) kukanganisa.
Chigaba chinogona kugara chichishandisa zviwanikwa zvakawanda kupfuura zvakatsanangurwa muchikumbiro chechishandiso, asi hachigone kushandisa zvinopfuura zvakatsanangurwa mumuganhu. Kukosha uku kwakaoma kuisa nemazvo, asi zvakakosha.
Zvakanaka, tinoda kuti zviwanikwa zvepod zvishanduke pamusoro pehupenyu hwekuita pasina kupindirana nemamwe maitiro muhurongwa - ndicho chinangwa chekuisa miganhu.
Nehurombo, ini handikwanise kupa mirairo chaiyo pane izvo zvakakosha zvekuisa, asi isu pachedu tinoomerera kune inotevera mitemo:
- Tichishandisa chishandiso chekuyedza mutoro, tinotevedzera nhanho yekutanga yetraffic uye kutarisa kushandiswa kwepod zviwanikwa (ndangariro uye processor).
- Isu tinoisa zvikumbiro zvepod kune yakaderera kukosha (ine muganho wezvekushandisa weanosvika kashanu kukosha kwezvikumbiro) uye cherechedza. Kana zvikumbiro zvanyanya kuderera, maitiro haakwanise kutanga, kazhinji achikonzera zvisinganzwisisike Go runtime kukanganisa.
Ziva kuti miganho yakakwira zviwanikwa inoita kuti kuronga kunyanye kuoma nekuti iyo pod inoda node inotangwa ine zvakakwana zviwanikwa zviripo.
Fungidzira mamiriro ezvinhu apo iwe une huremu hwewebhu sevha ine yakakwira zvakanyanya zviwanikwa, taura 4 GB yekuyeuka. Iyi maitiro angangofanira kuyera yakachinjika, uye yega yega module nyowani ichafanirwa kurongwa pane node ine inokwana 4 GB yendangariro iripo. Kana pasina node yakadaro iripo, cluster inofanira kuunza node itsva kugadzirisa iyo pod, izvo zvinogona kutora nguva. Izvo zvakakosha kuchengetedza mutsauko pakati pezvikumbiro zvezvishandiso uye miganho kune hushoma kuti uve nechokwadi chekukurumidza uye kutsetseka kuyera.
Nhanho yechipiri: kumisikidza Liveness uye Readiness bvunzo
Iyi ndiyo imwe nyaya yakavanzika inowanzo kurukurwa munharaunda yeKubernetes. Izvo zvakakosha kuve nekunzwisisa kwakanaka kweLiveness uye Readiness bvunzo sezvo ivo vachipa maitiro ekuti software ifambe zvakanaka uye kuderedza nguva yekudzikira. Nekudaro, ivo vanogona kukonzera yakakomba kuita kurova kune yako application kana isina kugadzirwa nemazvo. Pazasi pane pfupiso yekuti masampuli ese ari maviri akaita sei.
Hupenyu inoratidza kana mudziyo uri kushanda. Kana ikatadza, kubelet inouraya mudziyo uye hurongwa hwekutangazve hunogoneswa. Kana mudziyo usina kurongedzerwa neLiveness probe, ipapo iyo default mamiriro ichave kubudirira - izvi ndizvo zvazvinotaura mukati. .
Hupenyu hwekuferefeta hunofanirwa kunge hwakachipa, zvichireva kuti havafanirwe kushandisa zviwanikwa zvakawanda, nekuti vanomhanya kazhinji uye vanofanirwa kuzivisa Kubernetes kuti application iri kushanda.
Kana iwe ukaisa sarudzo yekumhanya sekondi yega yega, izvi zvinowedzera 1 chikumbiro pasekondi, saka ziva kuti zvimwe zviwanikwa zvichadikanwa kubata iyi traffic.
Kukambani yedu, Liveness bvunzo tarisa izvo zvakakosha zvechikumbiro, kunyangwe iyo data (semuenzaniso, kubva kure kure dhatabhesi kana cache) isingawanikwe zvizere.
Takagadzirisa mapurogiramu ane "hutano" endpoint iyo inongodzorera kodhi yemhinduro ye 200. Ichi chiratidzo chokuti nzira iri kushanda uye inokwanisa kugadzirisa zvikumbiro (asi isati yasvika).
Sampula Kugadzirira inoratidza kana mudziyo wagadzirira kupa zvikumbiro. Kana iyo yekugadzirira probe ikatadza, magumo ekupedzisira anobvisa iyo IP kero kubva kumagumo emasevhisi anoenderana nepodhi. Izvi zvakataurwa zvakare muKubernetes zvinyorwa.
Kugadzirira kuongorora kunodya zvimwe zviwanikwa nekuti zvinofanirwa kutumirwa kubackend nenzira inoratidza kuti chikumbiro chagadzirira kugamuchira zvikumbiro.
Pane kukakavara kwakawanda munharaunda pamusoro pekuwana dhatabhesi zvakananga. Tichifunga nezvepamusoro (cheki dzinoitwa kazhinji, asi dzinogona kugadziridzwa), takasarudza kuti kune mamwe maapplication, kugadzirira kushandira traffic inoverengerwa mushure mekuona kuti marekodhi anodzoserwa kubva kudhatabhesi. Miedzo yekugadzirira yakanyatsogadzirwa yakachengetedza mazinga epamusoro ekuwanikwa uye yakabvisa nguva yekuderedza panguva yekuendeswa.
Kana ukafunga kubvunza dhatabhesi kuti uedze kugadzirira kwechikumbiro chako, ita shuwa kuti yakachipa sezvinobvira. Ngatitorei chikumbiro ichi:
SELECT small_item FROM table LIMIT 1Heino muenzaniso wemagadzirirwo atinoita aya maviri maitiro muKubernetes:
livenessProbe:
httpGet:
path: /api/liveness
port: http
readinessProbe:
httpGet:
path: /api/readiness
port: http periodSeconds: 2
Iwe unogona kuwedzera dzimwe sarudzo dzekugadzirisa:
initialDelaySeconds- mangani masekonzi achapfuura pakati pekuvhurwa kwemudziyo uye kutanga kwemasampuli.periodSeconds- nguva yekumirira pakati pemuenzaniso unomhanya.timeoutSeconds- nhamba yemasekonzi mushure mezvo chikwata chinoonekwa sechimbichimbi. Regular timeout.failureThreshold- nhamba yekukundikana kwekuedzwa isati yatangazve chiratidzo chinotumirwa kune pod.successThreshold- nhamba yezvakabudirira probes isati yapinda pod yakagadzirira (mushure mekukundikana, apo pod inotanga kana kupora).
Nhanho yechitatu: kumisikidza default network marongero eiyo pod
Kubernetes ine "flat" network topography; nekusingaperi, ese mapodhi anotaurirana zvakananga kune mumwe nemumwe. Mune zvimwe zviitiko izvi hazvidiwi.
Chinhu chingango chengetedzeka ndechekuti munhu anorwisa anogona kushandisa imwechete isina njodzi application kutumira traffic kune ese mapods panetiweki. Sezvinoita nzvimbo zhinji dzechengetedzo, musimboti weropafadzo shoma unoshanda pano. Nenzira yakanaka, mitemo yetiweki inofanirwa kunyatso tsanangura kuti ndezvipi zvinongedzo pakati pemapodhi zvinotenderwa uye izvo zvisingabvumirwe.
Semuenzaniso, pazasi pane iri nyore mutemo unoramba zvese zvinouya traffic kune yakatarwa zita nzvimbo:
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
spec:
podSelector: {}
policyTypes:
- Ingress
Kuona kwechigadziro ichi:
(https://miro.medium.com/max/875/1*-eiVw43azgzYzyN1th7cZg.gif)
More details .
Nhanho yechina: tsika yetsika uchishandisa zviredzo uye init midziyo
Chimwe chezvinangwa zvedu chikuru chaive chekupa deployments kuKubernetes pasina downtime yevagadziri. Izvi zvakaoma nekuti kune dzakawanda sarudzo dzekudzima maapplication uye kusunungura zviwanikwa zvavaishandisa.
Matambudziko chaiwo akamuka nawo . Takaona kuti apo mapodhi aya akaiswa sequentially, hukama hunoshanda hwakadonhedzwa husati hwapera.
Mushure mekutsvaga kwakawanda pamhepo, zvinoonekwa kuti Kubernetes haamirire kuti Nginx yekubatanidza ipedze simba isati yamisa pod. Tichishandisa pre-stop hook, takaita zvinotevera mashandiro uye takabvisa zvachose nguva yekudzikira:
lifecycle:
preStop:
exec:
command: ["/usr/local/bin/nginx-killer.sh"]
Asi nginx-killer.sh:
#!/bin/bash
sleep 3
PID=$(cat /run/nginx.pid)
nginx -s quit
while [ -d /proc/$PID ]; do
echo "Waiting while shutting down nginx..."
sleep 10
done
Imwe paradigm inobatsira zvakanyanya ndeye kushandiswa kweinit midziyo kubata kutanga kweiyo chaiyo maapplication. Izvi zvinonyanya kubatsira kana iwe uine resource-yakadzika dhatabhesi yekufambisa maitiro inoda kumhanya isati yatanga application. Iwe unogona zvakare kutsanangura yakakwira zviwanikwa muganho weiyi maitiro pasina kuseta muganho wakadaro weiyo huru application.
Chimwe chirongwa chakajairwa ndechekuwana zvakavanzika mumudziyo weinit unopa izvo zvitupa kune iyo huru module, iyo inodzivirira kusingatenderwe kuwana zvakavanzika kubva kune huru application module pachayo.
Semazuva ese, tora kubva mugwaro: Init midziyo inomhanya zvakachengeteka tsika kodhi kana zvishandiso izvo zvingaderedze kuchengetedzeka kweiyo application mudziyo mufananidzo. Nekuchengeta maturusi asina basa akaparadzana, unodzikamisa nzvimbo yekurwisa yemufananidzo wemudziyo wekushandisa.
Nhanho yechishanu: Kugadzirisa Kernel
Pakupedzisira, ngatitaure nezveimwe nzira yepamusoro.
Kubernetes ipuratifomu inochinjika zvakanyanya iyo inoita kuti iwe umhanye mabasa nenzira yaunoona yakakodzera. Tine akati wandei epamusoro-kuita maapplication ayo akanyanya kushandisa zviwanikwa. Mushure mekuita kuyedza kwakakura kwemutoro, takaona kuti imwe application yanga ichinetseka kubata iyo yaitarisirwa kuremerwa traffic apo Kubernetes' default marongero akange ave kushanda.
Nekudaro, Kubernetes inobvumidza iwe kumhanyisa mudziyo wakasarudzika unoshandura kernel paramita chete kune chaiyo pod. Hezvino zvataishandisa kushandura huwandu hwepamusoro hwekubatanidza kwakavhurika:
initContainers:
- name: sysctl
image: alpine:3.10
securityContext:
privileged: true
command: ['sh', '-c', "sysctl -w net.core.somaxconn=32768"]
Iyi inyanzvi yepamusoro-soro inowanzosadiwa. Asi kana chikumbiro chako chiri kunetsekana kurarama nemutoro unorema, unogona kuedza kugadzirisa mamwe ezvirongwa izvi. Mamwe mashoko pamusoro peichi chiitiko uye kuseta akasiyana maitiro - sekugara .
Mukupedzisa
Nepo Kubernetes ingaite senge yakagadzirira-yakagadzirwa mhinduro kunze kwebhokisi, pane mashoma akakosha matanho aunofanirwa kutora kuti zvikumbiro zvako zvifambe zvakanaka.
Mukufamba kwako kwese Kubernetes, zvakakosha kuti uteedzere iyo "mutoro wekuyedza kutenderera": vhura iyo application, iremedze iedze, tarisa metrics uye scaling maitiro, gadzirisa masisitimu zvichienderana neiyo data, wozodzokorora kutenderera zvakare.
Iva nechokwadi nezve traffic yako inotarisirwa uye edza kusunda kupfuura iyo kuti uone kuti ndezvipi zvikamu zvinotanga kutanga. Neiyi nzira yekudzokorora, mashoma chete eakarongwa mazano anogona kukwana kuti abudirire. Kana kuti zvingada zvakadzama kugadzirisa.
Nguva dzose zvibvunze mibvunzo iyi:
- Zvingani zviwanikwa zvinodyiwa nemaapplication uye vhoriyamu iyi ichachinja sei?
- Ndezvipi zvinodiwa chaizvo zvekuyera? Yakawanda sei traffic ichabatwa neapp paavhareji? Zvakadini nepeak traffic?
- Kangani sevhisi ichada kuyera yakachinjika? Mapodhi matsva anoda kuunzwa sei pamhepo kuti agamuchire traffic?
- Mapodhi anovhara sei nenzira kwayo? Izvi zvakakodzera zvachose here? Zvinoita here kuzadzisa kutumirwa pasina downtime?
- Iwe unogona sei kuderedza njodzi dzekuchengetedza uye kudzikisira kukuvadzwa kubva kune chero yakakanganiswa pods? Pane masevhisi ane mvumo here kana kuwana zvavasingade?
Kubernetes inopa inoshamisa puratifomu iyo inokutendera iwe kukwidziridza akanakisa maitiro ekuendesa zviuru zvemasevhisi musumbu. Zvisinei, kushandiswa kwese kwakasiyana. Dzimwe nguva kushandiswa kunoda basa rakawanda zvishoma.
Neraki, Kubernetes inopa iyo inodiwa kumisikidzwa kuzadzisa zvese zvibodzwa zvehunyanzvi. Uchishandisa musanganiswa wezvikumbiro zvezvishandiso uye muganho, Kurarama uye Kugadzirira probes, init midziyo, network marongero, uye tsika kernel tuning, unogona kuita yakakwirira kuita pamwe nekutadza kushivirira uye nekukurumidza scalability.
Zvimwe zvekuverenga:
- .
- .
- .
Source: www.habr.com