🥇 Kubernetes ugu Yar

Turjumaada maqaalka waxaa la diyaariyay ka hor bilowga koorsada "Dhaqanka iyo qalabka DevOps".

Haddii aad tan akhrinayso, waxay u badan tahay inaad wax ka maqashay Kubernetes (iyo haddii kale, sidee ku dhamaatay halkan?) Laakiin waa maxay dhabta Kubernetes? Tani "Ururka weelasha heerka warshadaha"? Ama "Nidaamka Hawlgelinta Daruuraha- Dhaladka ah"? Waa maxay tani xitaa macnaheedu?

Run ahaantii, ma hubo 100%. Laakiin waxaan u maleynayaa inay xiiso leedahay in la qodo gudaha gudaha oo aan arko waxa runtii ka socda Kubernetes oo hoos yimaada lakabyo badan oo aan la taaban karin. Markaa madadaalo uun, aynu eegno sida ay dhab ahaantii u ekaanayso "Kubernetes cluster" ugu yar. (Tani aad bay uga sahlanaan doontaa Kubernetes The Hard Way.)

Waxaan u maleynayaa inaad leedahay aqoonta aasaasiga ah ee Kubernetes, Linux, iyo weelasha. Wax kasta oo aan halkan kaga hadalno waa cilmi-baaris/ujeeddooyin waxbarasho oo keliya, midna ha gelin wax-soo-saarka!

guudmar

Kubernetes wuxuu ka kooban yahay qaybo badan. Sida laga soo xigtay Wikipedia, dhismuhu wuxuu u eg yahay sidan:

Waxaa jira ugu yaraan siddeed qaybood oo halkan lagu muujiyey, laakiin waanu iska indhatiray doonaa badidood. Waxaan rabaa in aan sheego in sheyga ugu yar ee si macquul ah loogu yeeri karo Kubernetes uu ka kooban yahay saddex qaybood oo waaweyn:

kubelet
kube-apiserver (kaas oo ku xidhan etcd - xogtiisa)
Wakhtiga socodsiinta weelka (Docker kiiskan)

Aynu aragno waxa dukumeentiyadu ka sheegaan mid kasta oo iyaga ka mid ah (ruus., Ingiriis.) Marka hore kubelet:

Wakiilka ku ordaya nood kasta oo kutlada ah. Waxay hubisaa in weelku ku dhex yaaco godka.

Waxay u muuqataa mid fudud oo ku filan. Ka warran weel runtimes (waqtiga konteenarada)?

Runtime weelka waa barnaamij loogu talagalay in lagu socodsiiyo weelasha.

Xog badan. Laakiin haddii aad aqoon u leedahay Docker, markaa waa inaad fikrad guud ka haysataa waxa ay qabato. (Faahfaahinta kala soocida mas'uuliyadaha u dhexeeya wakhtiga weelka iyo kubeletku runtii waa wax aan macquul ahayn oo anigu halkan kuma geli doono.)

И server API?

Server-ka API waa qaybta xakamaynta Kubernetes ee soo bandhigta Kubernetes API. Adeegaha API waa dhinaca macmiilka ee guddiga kantaroolka ee Kubernetes

Qof kasta oo waligiis wax ku sameeyay Kubernetes waa inuu si toos ah ula falgala API-ga ama kubectl. Tani waa wadnaha waxa ka dhigaya Kubernetes Kubernetes - maskaxda u rogta buuraha YAML dhammaanteen waan ognahay oo jecel (?) Kaabayaasha shaqada. Waxay u muuqataa wax iska cad in API uu ku jiro qaabeyntayada ugu yar.

Shuruudaha

Linux Virtual ama mashiinka jireed oo leh marin xidid (waxaan ku isticmaalayaa Ubuntu 18.04 mashiinka farsamada).
Waana dhan!

Rakibaadda caajiska ah

Waxaan u baahanahay inaan ku rakibno Docker mashiinka aan isticmaali doono. (Ma doonayo inaan faahfaahin ka bixiyo sida ay u shaqeeyaan Docker iyo weelasha; haddii aad xiisaynayso, waxaa jira articles cajiib ah). Aynu ku rakibno apt:

$ sudo apt install docker.io
$ sudo systemctl start docker

Taas ka dib, waxaan u baahanahay inaan helno binaries Kubernetes. Dhab ahaantii, bilawga bilowga ah ee "kutlada" waxaan u baahanahay oo kaliya kubelet, tan iyo si loo socodsiiyo qaybaha kale ee server waxaan isticmaali karnaa kubelet. Si loola falgalo kutladayada marka ay socoto ka dib, waxaan sidoo kale isticmaali doonaa kubectl.

$ curl -L https://dl.k8s.io/v1.18.5/kubernetes-server-linux-amd64.tar.gz > server.tar.gz
$ tar xzvf server.tar.gz
$ cp kubernetes/server/bin/kubelet .
$ cp kubernetes/server/bin/kubectl .
$ ./kubelet --version
Kubernetes v1.18.5

Maxaa dhacaya haddaynu orodno kubelet?

$ ./kubelet
F0609 04:03:29.105194    4583 server.go:254] mkdir /var/lib/kubelet: permission denied

kubelet waa inuu u ordaa sidii xidid. Aad u macquul ah, maadaama uu u baahan yahay inuu maareeyo noodhka oo dhan. Aynu eegno xuduudaheeda:

$ ./kubelet -h
<слишком много строк, чтобы разместить здесь>
$ ./kubelet -h | wc -l
284

Wow, doorashooyin badan! Nasiib wanaag, waxaan u baahanahay kaliya labo ka mid ah. Waa kan mid ka mid ah halbeegyada aan xiisayno:

--pod-manifest-path string

Jidka loo maro tusaha ay ku jiraan faylal loogu talagalay pods-ka taagan, ama dariiqa loo maro fayl qeexaya galalka taagan. Faylasha ka bilaabma dhibco waa la iska indhatiraa (XOG: Doorashadan waa in lagu dhejiyaa faylka qaabeynta ee loo gudbiyay Kubelet-ka xulashada --config. Wixii macluumaad dheeraad ah, arag kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file .)

Doorashadani waxay noo ogolaanaysaa inaan ordo galalka taagan - boodhyo aan lagu maamulin Kubernetes API. Qaybaha taagan si dhif ah ayaa loo isticmaalaa, laakiin aad bay ugu habboon yihiin in si degdeg ah kor loogu qaado koox, taasina waa waxa aan u baahanahay. Waanu iska indho tiraynaa digniintan weyn (mar kale, tan ha ku socodsiin wax soo saarka!) Oo bal aynu eegno haddii aan heli karno boodhka.

Marka hore waxaanu samayn doonaa hagaha meelaha taagan oo ordi kubelet:

$ mkdir pods
$ sudo ./kubelet --pod-manifest-path=pods

Kadibna, daaqad kale oo terminal/tmux ah/waxkasta, waxaan ku abuuri doonaa muuqaal cad:

$ cat <<EOF > pods/hello.yaml
apiVersion: v1
kind: Pod
metadata:
  name: hello
spec:
  containers:
  - image: busybox
    name: hello
    command: ["echo", "hello world!"]
EOF

kubelet bilaabay qorista digniinaha qaar waxayna u muuqataa in aanay waxba dhacayn. Laakiin taasi run maaha! Aynu eegno Docker:

$ sudo docker ps -a
CONTAINER ID        IMAGE                  COMMAND                 CREATED             STATUS                      PORTS               NAMES
8c8a35e26663        busybox                "echo 'hello world!'"   36 seconds ago      Exited (0) 36 seconds ago                       k8s_hello_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_4
68f670c3c85f        k8s.gcr.io/pause:3.2   "/pause"                2 minutes ago       Up 2 minutes                                    k8s_POD_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_0
$ sudo docker logs k8s_hello_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_4
hello world!

kubelet Waan akhriyay bayaanka boodhka waxaanan siiyay Docker amar ah inuu bilaabo dhowr weel sida ku cad qeexitaankayada. (Haddii aad la yaabban tahay weelka "hakinta", waa hack Kubernetes - eeg blog this.) Kubelet ayaa soo saari doona weelkayaga busybox oo leh amarka la cayimay oo dib ayuu u bilaabi doonaa si aan xad lahayn ilaa laga tirtiro boodhka taagan.

Isku hambalyee. Waxaan hadda la nimid mid ka mid ah siyaabaha ugu wareersan ee qoraalka loogu soo saari karo terminalka!

Bilaabida iwm

Hadafkayagu kama dambaysta ah waa in aan wadno Kubernetes API, laakiin si aan taas u samayno waxaan marka hore u baahanahay inaan socodsiino iwm. Aynu bilowno kutlada iwm ee ugu yar annagoo dejinaya jaangooyooyinkeeda tusaha boodhka (tusaale ahaan, pods/etcd.yaml):

apiVersion: v1
kind: Pod
metadata:
  name: etcd
  namespace: kube-system
spec:
  containers:
  - name: etcd
    command:
    - etcd
    - --data-dir=/var/lib/etcd
    image: k8s.gcr.io/etcd:3.4.3-0
    volumeMounts:
    - mountPath: /var/lib/etcd
      name: etcd-data
  hostNetwork: true
  volumes:
  - hostPath:
      path: /var/lib/etcd
      type: DirectoryOrCreate
    name: etcd-data

Haddii aad waligaa la shaqeysay Kubernetes, faylashan YAML waa inay ku yaqaanaan. Waxaa jira laba qodob oo keliya oo mudan in halkan lagu xuso:

Waxaan ku rakibnay galka martida loo yahay /var/lib/etcd gudaha podska si xogta etcd loo xafido ka dib dib u bilaabashada (haddii tan la samayn waayo, kooxda kutlada waa la tirtiri doonaa mar kasta oo boodhka dib loo bilaabo, taas oo aan u fiicnaan doonin xitaa rakibaadda ugu yar ee Kubernetes).

Waanu rakibnay hostNetwork: true. Goobtan, si aan la yaab lahayn, waxay u habaysaa etcd si ay u isticmaalaan shabakada martida loo yahay halkii ay ka isticmaali lahaayeen shabakada gudaha ee pod-ka (tani waxay u sahlaysaa serverka API inuu helo kooxda iwm).

Jeeg fudud ayaa tusinaya in etcd ay runtii ku shaqaynayso localhost oo xogta ku kaydinaysa saxanka:

$ curl localhost:2379/version
{"etcdserver":"3.4.3","etcdcluster":"3.4.0"}
$ sudo tree /var/lib/etcd/
/var/lib/etcd/
└── member
    ├── snap
    │   └── db
    └── wal
        ├── 0.tmp
        └── 0000000000000000-0000000000000000.wal

Bilaabida serverka API

Ku-shaqeeyaha API ee Kubernetes waa xitaa fududahay. Halbeegga kaliya ee u baahan in la dhaafo waa --etcd-servers, samee waxaad filayso:

apiVersion: v1
kind: Pod
metadata:
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - name: kube-apiserver
    command:
    - kube-apiserver
    - --etcd-servers=http://127.0.0.1:2379
    image: k8s.gcr.io/kube-apiserver:v1.18.5
  hostNetwork: true

Geli faylkan YAML tusaha pods, iyo server-ka API ayaa bilaaban doona. Hubinta curl waxay tusinaysaa in Kubernetes API uu ku dhegaysanayo dekedda 8080 oo leh gelitaan gebi ahaanba furan - caddayn looma baahna!

$ curl localhost:8080/healthz
ok
$ curl localhost:8080/api/v1/pods
{
  "kind": "PodList",
  "apiVersion": "v1",
  "metadata": {
    "selfLink": "/api/v1/pods",
    "resourceVersion": "59"
  },
  "items": []
}

(Mar kale, tan ha ku socodsiin wax soo saarka! Waxaan la yaabay in goobta caadiga ah ay tahay mid aan ammaan ahayn. Laakiin waxaan qiyaasayaa in tani ay tahay in la sameeyo horumarinta iyo tijaabinta.)

Iyo, la yaab wacan, kubectl waxay ka shaqeysaa sanduuqa iyada oo aan wax dejin dheeri ah la helin!

$ ./kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:47:41Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:39:24Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
$ ./kubectl get pod
No resources found in default namespace.

dhibaato

Laakiin haddii aad hoos u yara qodo, wax ayaa u muuqda inay khaldan yihiin:

$ ./kubectl get pod -n kube-system
No resources found in kube-system namespace.

Gacmihii aan abuurnay waa ay baxeen! Dhab ahaantii, noodhkayaga kubelet gabi ahaanba lama helin:

$ ./kubectl get nodes
No resources found in default namespace.

Maxaa jira? Haddii aad xasuusato dhawr cutub ka hor, waxaanu kubelet ku bilownay hab aad u fudud oo ah xuduudaha taliska, markaa kubelet ma garanayo sida loola xidhiidho server-ka API oo u ogeysiiyo xaaladdiisa. Ka dib markaan baranay dukumentiyada, waxaan helnaa calanka u dhigma:

--kubeconfig string

Jidka loo maro faylka kubeconfig, kaas oo qeexaya sida loogu xidho server-ka API. Helitaanka --kubeconfig waxa ay suurta gelisaa habka server API, maya --kubeconfig wuxuu sahla habka offline.

Waqtigaan oo dhan, annagoo aan ogeyn, waxaan kubelet ku wadnay "qaabka khadka tooska ah." (Haddii aan nahay kuwa lugeynaya, waxaan u maleyn karnaa kubelet gooni u taagan inuu yahay "Kubernetes ugu yar ee la hirgelin karo", laakiin taasi waxay noqon doontaa caajis). Si loo sameeyo qaabeynta "dhabta ah", waxaan u baahanahay inaan u gudubno faylka kubeconfig kubelet si ay u ogaato sida loola hadlo server-ka API. Nasiib wanaag way fududahay (maadaama aynaan haysan wax xaqiijin ah ama arrimo shahaado):

apiVersion: v1
kind: Config
clusters:
- cluster:
    server: http://127.0.0.1:8080
  name: mink8s
contexts:
- context:
    cluster: mink8s
  name: mink8s
current-context: mink8s

U keydi kan sida kubeconfig.yaml, dil habka kubelet oo dib u billow xuduudaha lagama maarmaanka ah:

$ sudo ./kubelet --pod-manifest-path=pods --kubeconfig=kubeconfig.yaml

(Sidoo kale, haddii aad isku daydo inaad API-ka ka gasho curl markii kubeletku aanu soconayn, waxaad ogaanaysaa inuu wali socdo! daemon." Konteenarada uu maamulo kubelet way sii socon doonaan ilaa kubeletku joojiyo iyaga.)

Dhowr daqiiqo gudahood kubectl waa in ay na tustaa galalka iyo qanjidhada sida aan fileyno:

$ ./kubectl get pods -A
NAMESPACE     NAME                    READY   STATUS             RESTARTS   AGE
default       hello-mink8s            0/1     CrashLoopBackOff   261        21h
kube-system   etcd-mink8s             1/1     Running            0          21h
kube-system   kube-apiserver-mink8s   1/1     Running            0          21h
$ ./kubectl get nodes -owide
NAME     STATUS   ROLES    AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION       CONTAINER-RUNTIME
mink8s   Ready    <none>   21h   v1.18.5   10.70.10.228   <none>        Ubuntu 18.04.4 LTS   4.15.0-109-generic   docker://19.3.6

Aynu runtii isu hambalyayno markan (waan ogahay in aan horeba ugu hambalyeeyay nafteena) - waxaan haysanaa Kubernetes "kutlada" ugu yar oo ku socota API si buuxda u shaqeeya!

Waxaan ku bilaabay hoos

Hadda aan aragno waxa API awood u leeyahay. Aan ku bilowno nginx pod:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - image: nginx
    name: nginx

Halkan waxaan ku helnay qalad aad u xiiso badan:

$ ./kubectl apply -f nginx.yaml
Error from server (Forbidden): error when creating "nginx.yaml": pods "nginx" is
forbidden: error looking up service account default/default: serviceaccount
"default" not found
$ ./kubectl get serviceaccounts
No resources found in default namespace.

Halkan waxaan ku aragnaa sida xun ee aan u dhamaystirnayn deegaankayaga Kubernetes - wax xisaabaad ah uma hayno adeegyada. Aan mar kale isku dayno annagoo gacanta ku samaynayna akoon adeeg oo arag waxa dhaca:

$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: default
EOS
serviceaccount/default created
$ ./kubectl apply -f nginx.yaml
Error from server (ServerTimeout): error when creating "nginx.yaml": No API
token found for service account "default", retry after the token is
automatically created and added to the service account

Xataa markii aan gacanta ku samaynay akoontada adeegga, calaamada xaqiijinta lama soo saarin. Marka aan sii wadno tijaabinta "kutladayada" ugu yar, waxaan ogaan doonaa in inta badan waxyaabaha waxtarka leh ee sida caadiga ah si toos ah u dhaca ay maqnaan doonaan. Adeegga Kubernetes API waa mid aad u yar, iyada oo inta badan qaadista culus iyo qaabeynta tooska ah ay ka dhacayso kontaroolayaasha kala duwan iyo shaqooyinka asalka ah ee aan wali socon.

Waxaan ka shaqayn karnaa dhibaatadan innagoo dejinaya ikhtiyaarka automountServiceAccountToken koontada adeegga (maadaama aynaan isticmaali doonin si kastaba):

$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: default
automountServiceAccountToken: false
EOS
serviceaccount/default configured
$ ./kubectl apply -f nginx.yaml
pod/nginx created
$ ./kubectl get pods
NAME    READY   STATUS    RESTARTS   AGE
nginx   0/1     Pending   0          13m

Ugu dambeyntii, boodhka ayaa soo muuqday! Laakiin dhab ahaantii ma bilaaban doonto sababtoo ah ma haysanno qorsheeye (Jadwalka) waa qayb kale oo muhiim ah oo ka mid ah Kubernetes. Mar labaad, waxaan aragnaa in Kubernetes API uu si la yaab leh u yahay "dob" - markaad abuurto Pod API-ga, waxay diiwaangelisaa, laakiin ma isku daydo inay ogaato noode si ay ugu shaqeyso.

Dhab ahaantii, uma baahnid jadwal si aad u socodsiiso boodh. Waxaad gacanta ku dari kartaa noodhka muujinta cabbirka nodeName:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - image: nginx
    name: nginx
  nodeName: mink8s

(Beddel mink8s Magaca node-ka

$ ./kubectl delete pod nginx
pod "nginx" deleted
$ ./kubectl apply -f nginx.yaml
pod/nginx created
$ ./kubectl get pods -owide
NAME    READY   STATUS    RESTARTS   AGE   IP           NODE     NOMINATED NODE   READINESS GATES
nginx   1/1     Running   0          30s   172.17.0.2   mink8s   <none>           <none>
$ curl -s 172.17.0.2 | head -4
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>

Si loo hubiyo in shabakada udhaxeysa pods-ku ay si sax ah u shaqeyso, waxaan ka saari karnaa curlka boodhka kale:

$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: curl
spec:
  containers:
  - image: curlimages/curl
    name: curl
    command: ["curl", "172.17.0.2"]
  nodeName: mink8s
EOS
pod/curl created
$ ./kubectl logs curl | head -6
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>

Waa arrin aad u xiiso badan in la dhex geliyo deegaankan oo la arko waxa shaqeeya iyo waxa aan shaqayn. Waxaan ogaaday in ConfigMap iyo Sirtu ay u shaqeeyaan sidii la filayey, laakiin Adeegga iyo Gelintu ma shaqeeyaan.

Guul!

Maqaalkani wuu dheeraanayaa, markaa waxaan ku dhawaaqi doonaa guusha oo waxaan sheegayaa in tani ay tahay qaabeyn la taaban karo oo loogu yeeri karo "Kubernetes" Si loo soo koobo: afar binary, shan xuruufta taliska iyo "kaliya" 45 xariiq oo YAML ah (ma aha in badan marka loo eego halbeegyada Kubernetes) waxaanan haynaa waxyaabo yar oo shaqeynaya:

Pods waxaa lagu maareeyaa iyada oo la isticmaalayo Kubernetes API-ga caadiga ah (oo leh dhowr jabsi)
Waxaad soo gelin kartaa oo maamuli kartaa sawirada weelka dadweynaha
Pods waa nool yihiin oo si toos ah ayay dib u bilaabmaan
Isku xirka u dhexeeya galalka isku mid ah ayaa si fiican u shaqeeya
ConfigMap, Sirta iyo shaqada kaydinta fudud ee kor u qaadida sida la filayo

Laakiin inta badan waxa ka dhigaya Kubernetes runtii faa'iido leh ayaa wali maqan, sida:

Jadwalka Pod
Xaqiijinta/oggolaanshaha
Noocyo badan
Shabakadda adeegyada
DNS gudaha oo urursan
Koontaroolayaasha xisaabaadka adeegga, hawlgelinta, is dhexgalka bixiyeyaasha daruuraha iyo badi waxyaalaha kale ee wanaagsan ee uu keeno Kubernetes

Haddaba maxaynu dhab ahaantii helnay? Kubernetes API, oo keligiis u ordaya, runtii waa madal loogu talagalay weelka automation. Wax badan ma qabato - waa shaqo loogu talagalay kontaroolayaasha kala duwan iyo hawl wadeenada isticmaalaya API - laakiin waxay bixisaa jawi joogto ah oo otomaatig ah.

Wax badan ka baro koorsada webinaarka bilaashka ah.

Akhri wax dheeraad ah:

Source: www.habr.com

Kubernetes ugu yar ee la shaqayn karo