ProHoster > Блог > Maamulka > Kubernetes 1.16: Tilmaamaha waxa cusub

Kubernetes 1.16: Tilmaamaha waxa cusub

Kubernetes 1.16: Tilmaamaha waxa cusub

Maanta oo Arbaco ah. dhici doona sii deynta soo socota ee Kubernetes - 1.16. Marka loo eego dhaqanka u horumaray blog-keena, tani waa sannad-guuradii tobnaad ee aan ka hadlayno isbeddellada ugu muhiimsan ee nooca cusub.

Macluumaadka loo isticmaalo diyaarinta walxahan ayaa laga soo qaatay Kubernetes kor u qaad miisaska raadraaca, ISBEDELKA-1.16 iyo arrimaha la xidhiidha, codsiyada jiid, iyo Soo jeedinta Kobcinta Kubernetes (KEP). Markaa ina keen!..

Noodhadhka

Runtii tiro badan oo hal-abuuro caan ah (oo ku jira heerka nooca alfa) ayaa lagu soo bandhigay dhinaca qanjidhada kooxda K8s (Kubelet).

Marka hore, waxa loogu yeero «weelasha ephemeral» (Konteenarada Ephemeral), oo loogu talagalay in lagu fududeeyo hababka wax-ka-hortagga ee pods-ka. Habka cusubi wuxuu kuu ogolaanayaa inaad bilowdo weel gaar ah oo ka bilaabma magaca boosaska jira oo ku nool muddo gaaban. Ujeeddadoodu waa in ay la falgalaan kubadaha kale iyo weelasha si ay u xalliyaan wixii dhib ah ee jira. Amar cusub ayaa loo hirgeliyay sifadan kubectl debug, oo la mid ah nuxur ahaan kubectl exec: kaliya halkii aad ka samayn lahayd hannaan ku jira weel (sida ku jirta exec) waxay soo riddaa weel ku jira baal. Tusaale ahaan, amarkani waxa uu ku xidhi doonaa weel cusub boodhka:

kubectl debug -c debug-shell --image=debian target-pod -- bash

Faahfaahinta ku saabsan weelasha ephemeral (iyo tusaalooyinka isticmaalkooda) ayaa laga heli karaa u dhiganta KEP. Hirgelinta hadda (ku jirta K8s 1.16) waa nooca alfa, waxaana ka mid ah shuruudaha u wareejinta nooca beta "tijaabinta Ephemeral Containers API ugu yaraan 2 siideyn [Kubernetes]."

NB: Nuxurkiisa iyo xitaa magaciisa, muuqaalku wuxuu u eg yahay plugin horay u jiray kubectl-debugtaas oo aanu hore u qoray. Waxaa la filayaa in marka ay soo baxaan weelasha ephemeral, horumarinta plugin dibadda ah oo gooni ah ayaa joogsan doonta.

Hal-abuur kale - PodOverhead - loogu talagalay in lagu bixiyo hab lagu xisaabiyo kharashaadka sare ee boodhka, kaas oo si weyn u kala duwanaan kara iyadoo ku xiran wakhtiga runtime la isticmaalo. Tusaale ahaan, qorayaasha KEP-kan natiijadii Kata Containers, oo u baahan socodsiinta kernel-ka martida, wakiilka kata, nidaamka init, iwm. Markay sare-u-qaadku sidaas u weynaado, lama iska indho-tiri karo, taas macnaheedu waa in loo baahan yahay in la helo hab lagu xisaabtamo si loo helo qoondo dheeraad ah, qorsheyn, iwm. Si loo hirgeliyo PodSpec garoonka lagu daray Overhead *ResourceList (marka la barbar dhigo xogta ku jirta RuntimeClass, haddii mid la isticmaalo).

Hal-abuur kale oo xusid mudan ayaa ah maareeyaha topology node (Maareeyaha Node Topology), loogu talagalay in lagu mideeyo habka hagaajinta hagaajinta qoondaynta agabka qalabka ee qaybaha kala duwan ee Kubernetes. Hindisahani waxa dabada ka riixaya baahida sii kordheysa ee loo qabo nidaamyada kala duwan ee casriga ah (laga bilaabo dhinacyada isgaadhsiinta, barashada mishiinada, adeegyada maaliyadeed, iwm.) si loo helo wax qabad heersare ah oo barbar socda xisaabinta iyo yaraynta dib u dhaca ku yimaada fulinta hawlaha, kuwaas oo ay u isticmaalaan CPU horumarsan iyo awoodaha dardargelinta hardware. Hagaajinta noocan oo kale ah ee Kubernetes ayaa ilaa hadda la gaadhay iyada oo ay ugu mahadcelinayaan qaybaha kala duwan (maareeyaha CPU, maamulaha Aaladda, CNI), oo hadda waxaa lagu dari doonaa hal interface gudaha ah oo mideeya habka oo fududeeya isku xirka cusub ee la midka ah - waxa loogu yeero topology- og - qaybaha dhinaca Kubelet. Faahfaahin - gudaha u dhiganta KEP.

Kubernetes 1.16: Tilmaamaha waxa cusub
Jaantuska Qaybta Maareeyaha Topology

Muuqaalka xiga - hubinta weelasha marka ay socdaan (baaritaanka bilowga). Sidaad ogtahay, weelasha qaada waqti dheer in la soo saaro, way adagtahay in la helo xaalad cusub: ama waa la "dilay" ka hor intaanay dhab ahaantii bilaabin inay shaqeeyaan, ama waxay ku dhamaanayaan wakhti dheer. Jeegaga cusub (waxaa laga furay albaabka sifada ee la yiraahdo StartupProbeEnabled) baajiso - ama beddelkeeda, dib u dhigaysa - saamaynta jeegag kasta oo kale ilaa wakhtiga boodhka uu dhammeeyo socodsiinta. Sababtan awgeed, muuqaalka ayaa markii hore loo yaqaan pod-bilawga noolaanshaha-baaritaan haynta. Caleemaha in la bilaabo wakhti dheer qaata, waxaad codayn kartaa gobolka muddo gaaban gudahood.

Intaa waxaa dheer, horumarinta RuntimeClass ayaa isla markiiba lagu heli karaa heerka beta, iyada oo ku daraysa taageerada "kutlada kala duwan". C Jadwalka RuntimeClass Hadda gabi ahaanba lagama maarmaan ma aha in nood kasta uu taageero u yeesho RuntimeClass kasta: pods-ka waxaad dooran kartaa RuntimeClass adoon ka fikirin topology-ga kutlada. Markii hore, si tan loo gaaro - si ay udubyadu ugu dhammaadaan qanjidhada iyagoo taageero wax kasta oo ay u baahan yihiin - waxay ahayd lagama maarmaan in loo qoondeeyo xeerar ku habboon NodeSelector iyo dulqaad. IN CAP Waxay ka hadlaysaa tusaalooyinka isticmaalka iyo, dabcan, faahfaahinta fulinta.

Shabakad

Laba astaamood oo xidhiidhineed oo muhiim ah oo soo muuqday markii ugu horreysay (nooca alfa) ee Kubernetes 1.16 waa:

  • Taageerada xirmo laba shabakadood ah - IPv4/IPv6 - iyo "fahamka" u dhigma ee heerka boodhka, noodhka, adeegyada. Waxaa ka mid ah IPv4-to-IPv4 iyo IPv6-ilaa-IPv6 is-dhexgalka u dhexeeya pods, min pods ilaa adeegyada dibadda, hirgelinta tixraaca (gudahood Bridge CNI, PTP CNI iyo Host-Local IPAM plugins), iyo sidoo kale rogaal celiska ah Kubernetes kutlooyinka socda. IPV4 ama IPv6 kaliya. Faahfaahinta fulinta ayaa ku jirta CAP.

    Tusaalaha muujinta ciwaannada IP-yada ee laba nooc (IPv4 iyo IPv6) ee liiska boodhadhka:

    kube-master# kubectl get pods -o wide
NAME               READY     STATUS    RESTARTS   AGE       IP                          NODE
nginx-controller   1/1       Running   0          20m       fd00:db8:1::2,192.168.1.3   kube-minion-1
kube-master#

  • API cusub ee Endpoint - EndpointSlice API. Waxay xallisaa arrimaha waxqabadka/scalability ee API Endpoint ee jira kuwaas oo saameeya qaybaha kala duwan ee diyaaradda (apiserver, etcd, endpoints-controller, kube-proxy). API-ga cusub waxaa lagu dari doonaa kooxda Discovery API wuxuuna awood u yeelan doonaa inuu u adeego tobanaan kun oo bar-dhamaadka dambe ee adeeg kasta oo ka kooban kumanaan nood ah. Si tan loo sameeyo, Adeeg kasta waxaa loo habeeyey walxaha N EndpointSlice, mid kasta oo ka mid ah sida caadiga ah ayaa leh wax ka badan 100 dhibcood (qiimaha waa la habeyn karaa). EndpointSlice API waxa kale oo ay siin doontaa fursado horumarkeeda mustaqbalka: taageerada cinwaano badan oo IP ah oo loogu talagalay boodh kasta, gobolo cusub oo dhamaadka dhibcood ah (ma aha oo kaliya Ready и NotReady), dejinta firfircoon ee dhibcaha dhamaadka.

Midka lagu soo bandhigay sii dayntii u dambaysay ayaa gaadhay nooca beta dhamaystiray, la magacaabay service.kubernetes.io/load-balancer-cleanup oo ku lifaaqan adeeg kasta oo leh nooc LoadBalancer. Waqtiga la tirtirayo adeeggan, waxay ka hortagtaa tirtirka dhabta ah ee kheyraadka ilaa "nadiifinta" dhammaan ilaha dheellitirka ee khuseeya la dhammeeyo.

Mashiinnada API

"Marxaladda xasilinta" ee dhabta ah waxay ku taal aagga Kubernetes API server iyo isdhexgalka. Tani waxay dhacday inta badan mahad u wareejinta xaalad xasiloon kuwa aan u baahnayn hordhac gaar ah Qeexitaannada Kheyraadka Custom (CRD), kuwaas oo lahaa heerka beta ilaa maalmihii fogaa ee Kubernetes 1.7 (tanina waa Juun 2017!). Xasillooni isku mid ah ayaa ku timid sifooyinka la xidhiidha:

  • "Ilaha hoose" ka /status и /scale ee CustomResources;
  • isbedel noocyada CRD, oo ku salaysan webhook dibadda;
  • dhawaan la soo bandhigay (ee K8s 1.15) qiimaha caadiga ah (defaulting) iyo ka saarida si toos ah goobta (jarjarid) ee CustomResources;
  • fursad codsanaya qorshaha OpenAPI v3 si loo abuuro loona daabaco dukumeenti OpenAPI loo isticmaalay si loo ansixiyo ilaha CRD ee dhinaca serverka.

Nidaam kale oo muddo dheer caan ku ahaa maamulayaasha Kubernetes: gelitaanka webhook - sidoo kale waxay ku sii jirtay heerka beta muddo dheer (tan iyo K8s 1.9) oo hadda lagu dhawaaqay xasilloon.

Laba astaamood oo kale ayaa gaadhay beta: dhinaca server ka codso и daawo bookmarks.

Iyo hal-abuurka kaliya ee muhiimka ah ee nooca alfa wuxuu ahaa xaflad ka SelfLink - URI gaar ah oo matalaya shayga la cayimay iyo ka mid noqoshada ObjectMeta и ListMeta (sida qayb ka mid ah shay kasta oo Kubernetes ah). Waa maxay sababta ay uga tagayaan? Dhiirigelinta hab fudud codadka Maqnaanshaha sababaha dhabta ah (aad u badan) ee goobtan inay weli jirto. Sababo badan oo rasmi ah ayaa ah in la wanaajiyo waxqabadka (iyada oo meesha laga saarayo goob aan loo baahnayn) iyo in la fududeeyo shaqada guud-apiserver, kaas oo lagu qasbay in uu si gaar ah u maareeyo goobtan (tani waa goobta kaliya ee si toos ah loo dhigay ka hor shayga. waa taxane). Waayeelnimo run ah (gudahood beta) SelfLink Waxaa dhici doona nooca Kubernetes 1.20, iyo kan ugu dambeeya - 1.21.

Kaydinta xogta

Shaqada ugu weyn ee aagga kaydinta, sida siidaynta hore, ayaa lagu arkay aagga Taageerada CSI. Isbeddellada ugu waaweyn halkan waxay ahaayeen:

  • markii ugu horeysay (nooca alfa) muuqday taageero loogu talagalay plugins-ka CSI ee qanjidhada shaqaalaha oo leh WindowsHabka hadda loo shaqeeyo ee kaydinta ayaa sidoo kale bedeli doona plugins-geedka ee Kubernetes core iyo FlexVolume plugins ee Microsoft oo ku salaysan Powershell;

    Kubernetes 1.16: Tilmaamaha waxa cusub
    Jaantuska hirgelinta ee plugins-ka CSI ee Kubernetes ee Windows

  • fursad dib u habeynta mugga CSI, dib loogu soo bandhigay K8s 1.12, ayaa u koray nooca beta;
  • "kor u qaadis" la mid ah (laga bilaabo alfa ilaa beta) ayaa lagu gaadhay awoodda adeegsiga CSI si loo abuuro mugga ephemeral maxaliga ah (Taageerada mugga khadka dhexe ee CSI).

Lagu soo bandhigay noocii hore ee Kubernetes function cloning mugga (Isticmaalka PVC ee jira sida DataSource si loo abuuro PVC cusub) sidoo kale hadda waxay heshay heerka beta.

Jadwalka

Laba isbeddel oo muuqda oo ku yimid jadwalka (labadaba alfa):

  • EvenPodsSpreading - fursad Isticmaal baaluq halkii aad ka isticmaali lahayd cutubyo codsi oo macquul ah "qaybinta cadaalad ah" ee xamuulka (sida Deployment and ReplicaSet) iyo hagaajinta qaybintan (sida shuruud adag ama xaalad jilicsan, i.e. mudnaanta). Muuqaalku wuxuu balaadhin doonaa awood qaybinta hadda jirta ee boodhadhka la qorsheeyay, oo hadda xaddidan xulashooyinka PodAffinity и PodAntiAffinity, siinta maamulayaasha koontarool fiican oo ku saabsan arrintan, taas oo macnaheedu yahay helitaan sare oo wanaagsan iyo isticmaalka kheyraadka la hagaajiyay. Faahfaahin - gudaha CAP.
  • Isticmaal Siyaasadda ugu Fiican в Waxa la codsaday inta lagu guda jiro qorshaynta boodhka, taas oo ogolaan doonta isticmaal baakadaha qashinka ("ku-xirnaanta weelasha") ee labadaba agabka aasaasiga ah (processor, xusuusta) iyo kuwa fidsan (sida GPU). Faahfaahin dheeraad ah, arag CAP.

    Kubernetes 1.16: Tilmaamaha waxa cusub
    Jadwalka jaantusyada: ka hor intaadan isticmaalin siyaasadda ugu habboon (si toos ah jadwalka jadwalka) iyo isticmaalkeeda (iyada oo loo marayo jadwalka jadwalka)

Intaas waxaa sii dheer, soo bandhigay awoodda aad u leedahay inaad abuurto jadwal kuu gaar ah oo ka baxsan geedka horumarinta ee Kubernetes (geed-ka-baxsan).

Isbeddellada kale

Sidoo kale kubernetes 1.16 siideynta waa la xusi karaa hindise loogu talagalay keenaya cabbirada la heli karo si buuxda, ama ka badan si sax ah, waafaqsan xeerarka rasmiga ah qalabaynta K8s. Waxay inta badan ku tiirsan yihiin kuwa u dhigma Dukumentiyada Prometheus. Is-khilaafsanaantu waxay u kacday sababo kala duwan (tusaale ahaan, qiyaasaha qaar ayaa si fudud loo abuuray ka hor inta aan tilmaamaha hadda muuqan), horumariyayaashu waxay go'aansadeen in la joogo waqtigii wax walba la keeni lahaa halbeeg, "iyadoo la raacayo inta kale ee nidaamka deegaanka Prometheus." Hirgelinta hadda ee dadaalkani waxa uu ku jiraa heerka alfa, kaas oo si tartiib tartiib ah loogu horumarin doono noocyada xiga ee Kubernetes ilaa beta (1.17) iyo xasilloon (1.18).

Intaa waxaa dheer, isbeddellada soo socda ayaa la xusi karaa:

  • Horumarinta taageerada Windows с muuqaal Kubeadm utilities ee OS-kan (nooca alfa), fursad RunAsUserName si ay u Windows- weelasha (nooca alfa), hagaajin Koontada Adeegga la Maamulo ee Kooxda (gMSA) waxay taageertaa ilaa nooca beta, taageero ku dheji / ku dheji mugga vSphere
  • Dib loo warshadeeyay Habka isku xidhka xogta ee jawaabaha API. Markii hore, filter HTTP ayaa loo isticmaalay ujeeddooyinkan, kaas oo soo rogay dhowr xaddidaad oo ka hortagaya in si caadi ah loo furo. "Codsiga daahfuran" hadda wuu shaqeeyaa: macaamiisha diraya Accept-Encoding: gzip madaxa, waxay helayaan jawaab-celin GZIP ah haddii cabbirkeedu ka sarreeyo 128 KB. Tag macaamiisha waxay si toos ah u taageeraan isku-buufinta (dira madaxa loo baahan yahay), markaa waxay isla markiiba ogaan doonaan dhimista taraafikada. (Wax ka bedel yar ayaa loo baahan karaa luqadaha kale.)
  • Suurto gal noqotay isku-buufinta HPA ka/ilaalinta boodhka eber ee ku salaysan cabbirada dibadda. Haddii aad cabirto ku salaysan walxaha/ cabbirada dibadda, markaa marka culayska shaqadu aanu shaqayn waxaad si toos ah u cabbiraysaa 0 nuqul si aad u kaydsato agabka. Habkani waa inuu si gaar ah faa'iido u leeyahay kiisaska ay shaqaaluhu codsadaan agabka GPU-da, iyo tirada noocyada kala duwan ee shaqaalaha shaqo-la'aanta ah ay ka badan yihiin tirada GPU-yada la heli karo.
  • Macmiil cusub - k8s.io/client-go/metadata.Client - gelitaanka "guud" ee walxaha. Waxaa loo qaabeeyey in si fudud loo soo ceshado xogta badan (sida qayb-hoosaadka metadata) laga soo bilaabo agabka kooxda oo ay la sameeyaan hawlgallo qashin ururin iyo kootada.
  • Dhis Kubernetes hadda waad awoodaa iyada oo aan lahayn dhaxal ("lagu dhex dhisay" geed-gudaha) daruur bixiyayaasha (nooca alfa).
  • Kubeadm utility ku daray tijaabo ah (nooca alfa) awoodda lagu dabaqi karo balastarrada habaynta inta lagu jiro hawlgallada init, join и upgrade. Wax badan ka baro sida loo isticmaalo calanka --experimental-kustomize, eeg gudaha CAP.
  • Bar dhamaadka cusub ee apiserver - readyz, - waxay kuu ogolaaneysaa inaad dhoofiso macluumaadka ku saabsan diyaargarowga. Serverka API wuxuu kaloo hadda leeyahay calan --maximum-startup-sequence-duration, taasoo kuu ogolaanaysa inaad nidaamiso dib u bilaabmadeeda.
  • Laba sifooyinka Azure lagu dhawaaqay xasiloon: taageero aagagga la heli karo (Aagagga la heli karo) iyo kooxda kheyraadka (RG). Intaa waxaa dheer, Azure wuxuu ku daray:
    • taageerada aqoonsiga AAD iyo ADFS;
    • faahfaahin service.beta.kubernetes.io/azure-pip-name si loo qeexo IP-ga dadweynaha ee dheellitirka culeyska;
    • fursad dejinta LoadBalancerName и LoadBalancerResourceGroup.
  • AWS hadda waxay leedahay taageero ee EBS ee gudaha Windows и la hagaajiyay EC2 API wicis DescribeInstances.
  • Kubeadm hadda waa madax banaan tahay tahriib Qaabeynta CoreDNS marka la cusboonaysiinayo nooca CoreDNS.
  • Binary iwm sawirka Docker ee u dhigma sameeyay adduunka-fulinta, kaas oo kuu ogolaanaya inaad ku socodsiiso sawirkan iyada oo aan loo baahnayn xuquuqda xididka. Sidoo kale, sawirka socdaalka iwm joogsaday etcd2 taageero.
  • В Kooxda Autoscaler 1.16.0 U beddeley in aan loo isticmaalin sida sawirka hoose oo kale, wax qabad la hagaajiyey, ku daray bixiyeyaasha daruuraha cusub (DigitalOcean, Magnum, Packet).
  • Cusboonaysiinta software-ka la isticmaalo/ku-tiirsanaanta: Go 1.12.9, etcd 3.3.15, CoreDNS 1.6.2.

PS

Sidoo kale ka akhri boggayaga:

Source: www.habr.com

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster