Haye Habr!
Dhammaadka xagaaga, waxaan rabnaa in aan ku xasuusino in aan sii wadno ka shaqeynta mowduuca waxayna go'aansatay inay daabacdo maqaal ka socda Stackoverflow oo muujinaya xaaladda arrimaha mashruucan bilawga Juun.
Ku raaxeyso akhriska!
Waqtiga qorista maqaalkan, da'da Kubernetes waa qiyaastii. , labadii sano ee la soo dhaafayna caannimadeeda aad ayay u kordheen oo si joogto ah ayay ugu jirtay dhufto ee. Kubernetes ayaa sanadkan galay kaalinta saddexaad. Si loo soo koobo: Kubernetes waa madal loogu talagalay in lagu socodsiiyo laguna abaabulo culeyska shaqada ee weelaysan.
Konteenarada waxay u bilaabeen sidii naqshad gaar ah oo lagu go'doomiyo hababka Linux; weelasha ayaa ku jiray ilaa 2007 , iyo tan iyo 2002 - magacyo. Konteenarada waxa la nashqadeeyay xitaa si ka sii wanaagsan 2008dii, markii la helay , Google-kuna waxa uu samaystay hannaan shirkadeed oo u gaar ah oo loo yaqaan , halkaas oo "dhammaan shaqada lagu sameeyo weelasha." Laga soo bilaabo halkan waxaan si degdeg ah ugu soconaa 2013, markii ugu horeysay ee Docker la sii daayay, iyo weelasha ugu dambeyntii waxay noqdeen xal ballaaran oo caan ah. Waqtigaas, qalabka ugu muhiimsan ee habaynta weelka wuxuu ahaa , inkastoo uusan si weyn caan u ahayn. Kubernetes ayaa markii ugu horreysay la sii daayay 2015, ka dib qalabkani wuxuu noqday heerka dhabta ah ee goobta abaabulka weelka.
Si aad isugu daydo in aad fahamto sababta Kubernetes ay caan u tahay, aan isku dayno in aan ka jawaabno dhowr su'aalood. Goorma ayay ahayd markii ugu dambeysay ee horumariyayaashu ay awoodaan inay ku heshiiyaan sida loo diro codsiyada wax soo saarka? Immisa horumariye ayaad taqaanaa kuwaas oo u isticmaala agabka maadaama laga bixiyo sanduuqa? Immisa maamule daruur ayaa jira maanta oo aan fahmin sida codsiyadu u shaqeeyaan? Jawaabaha su'aalahan waxaan ku eegi doonaa maqaalkan.
Kaabayaasha sida YAML
Dunida oo ka tagtay Puppet iyo Chef ilaa Kubernetes, mid ka mid ah isbeddelada ugu weyn ayaa ah ka guurista "kaabayaasha sida code" una gudubta "kaabayaasha xogta" -gaar ahaan, sida YAML. Dhammaan agabyada Kubernetes, oo ay ku jiraan pods, habayn, tusaaleyaal la geeyay, mugga, iwm, ayaa si fudud loogu qeexi karaa faylka YAML. Tusaale ahaan:
apiVersion: v1
kind: Pod
metadata:
name: site
labels:
app: web
spec:
containers:
- name: front-end
image: nginx
ports:
- containerPort: 80Aragtidani waxay u fududaynaysaa DevOps ama xirfadlayaasha SRE inay si buuxda u muujiyaan culayskooda shaqo iyagoon ku qorin koodh luqadaha sida Python ama Javascript.
Faa'iidooyinka kale ee habaynta kaabayaasha xog ahaan waxaa ka mid ah:
- GitOps ama Git Operations Version Control. Habkani wuxuu kuu ogolaanayaa inaad ku hayso dhammaan faylasha Kubernetes YAML gudaha git repositories, si aad si sax ah ula socon karto goorta isbeddelka la sameeyay, cidda samaysay, iyo waxa saxda ah ee isbeddelay. Tani waxay kordhinaysaa hufnaanta hawlaha ururka oo dhan waxayna wanaajisaa hufnaanta hawlgelinta iyadoo meesha ka saaraysa madmadowga, gaar ahaan halka shaqaaluhu ay tahay inay raadiyaan agabka ay u baahan yihiin. Isla mar ahaantaana, way sahlanaan doontaa in si toos ah isbeddel loogu sameeyo ilaha Kubernetes iyadoo si fudud loo mideynayo codsiga jiidista.
- Miisaanka. Marka agabka lagu qeexo YAML, aad bay ugu fududaanaysaa hawl-wadeenada kooxdu inay beddelaan hal ama laba lambar ee khayraadka Kubernetes, si ay u beddelaan sida ay u miisaamayaan. Kubernetes waxay bixisaa hab toosan autoscaling of pods, kaas oo loo isticmaali karo si ku haboon loo go'aamiyo waxa ugu yar iyo tirada ugu badan ee pods looga baahan yahay qaabeynta geynta gaar ah si ay u xakameeyaan heerarka hoose iyo sare ee taraafikada. Tusaale ahaan, haddii aad geysay qaabayn u baahan awood dheeri ah sababtuna tahay kororka degdega ah ee taraafikada, markaa maxReplicas waxaa laga beddeli karaa 10 ilaa 20:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: myapp
namespace: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp-deployment
minReplicas: 1
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50- Amniga iyo maamulka. YAML waxay ku fiican tahay qiimeynta sida wax loo geeyo Kubernetes. Tusaale ahaan, welwelka weyn ee amniga wuxuu khuseeyaa haddii culeyska shaqadaadu u socdo isticmaale aan maamul ahayn. Xaaladdan oo kale, waxaa laga yaabaa inaan u baahanahay qalab sida , ansaxiyaha YAML/JSON, lagu daray , ansixiyaha siyaasadda si loo hubiyo in macnaha guud culayska shaqadaadu ma ogola in weelka uu ku shaqeeyo mudnaanta maamulaha. Haddii tan loo baahdo, isticmaalayaashu waxay dalban karaan siyaasad fudud , sida tan:
package main
deny[msg] {
input.kind = "Deployment"
not input.spec.template.spec.securityContext.runAsNonRoot = true
msg = "Containers must not run as root"
}- Ikhtiyaarada isdhexgalka ee bixiyaha daruuraha. Mid ka mid ah isbeddellada ugu caansan ee tignoolajiyada sare ee maanta waa in lagu socodsiiyo culeyska shaqada bixiyeyaasha daruuraha dadweynaha. Isticmaalka qaybta Kubernetes waxay u ogolaataa koox kasta inay la mid noqoto bixiyaha daruuraha ay ku shaqeyso. Tusaale ahaan, haddii adeegsaduhu uu codsi ku sameeyo Kubernetes ee AWS oo uu rabo inuu ku muujiyo arjigaas adeeg, bixiyaha daruuraha ayaa si toos ah u caawiya abuuritaanka adeegga
LoadBalancerkaas oo si toos ah u bixin doona miisaanka culayska si gaadiidka loogu jiheeyo sanduuqyada codsiga.
Balaadhinta
Kubernetes waa mid aad u badan oo horumariyayaashu way jecel yihiin. Waxa jira agabyo la heli karo sida boodhadhka, geynta, StatefulSets, siraha ConfigMapsiwm. Run, isticmaalayaasha iyo horumariyayaashu waxay ku dari karaan agabyo kale foomka .
Tusaale ahaan, haddii aan rabno inaan qeexno kheyraadka CronTab, markaas waxaad samayn kartaa wax sidan oo kale ah:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: crontabs.my.org
spec:
group: my.org
versions:
- name: v1
served: true
storage: true
Schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
cronSpec:
type: string
pattern: '^(d+|*)(/d+)?(s+(d+|*)(/d+)?){4}$'
replicas:
type: integer
minimum: 1
maximum: 10
scope: Namespaced
names:
plural: crontabs
singular: crontab
kind: CronTab
shortNames:
- ct
Ka dib waxaan abuuri karnaa kheyraadka CronTab wax sidan oo kale ah:
apiVersion: "my.org/v1"
kind: CronTab
metadata:
name: my-cron-object
spec:
cronSpec: "* * * * */5"
image: my-cron-image
replicas: 5
Ikhtiyaarka kale ee fidinta ee Kubernetes waa in horumariyuhu qori karo hadaladiisa. waa nidaam gaar ah oo ka tirsan kooxda Kubernetes oo u shaqeysa si waafaqsan "" Caawinta hawl-wadeenka, isticmaaluhu waxa uu si otomaatig ah u samayn karaa maamulka CRDs (Qeexitaannada Khayraadka gaarka ah) isaga oo ku beddelanaya macluumaadka Kubernetes API.
Waxaa jira dhowr qalab oo bulshada dhexdeeda ah oo u sahlaya horumariyayaashu inay abuuraan hawlwadeenadooda. Iyaga ka mid ah - iyo isaga . SDK-gani waxa uu bixiyaa aasaas uu horumariyuhu si dhakhso ah u bilaabi karo samaynta hawlwadeen. Aynu nidhaahno waxaad ka bilaabi kartaa khadka taliska wax sidan oo kale ah:
$ operator-sdk new my-operator --repo github.com/myuser/my-operatorTani waxay u abuurtaa dhammaan koodka kululeeyaha ee hawlwadeenkaaga, oo ay ku jiraan faylasha YAML iyo koodka Golang:
.
|____cmd
| |____manager
| | |____main.go
|____go.mod
|____deploy
| |____role.yaml
| |____role_binding.yaml
| |____service_account.yaml
| |____operator.yaml
|____tools.go
|____go.sum
|____.gitignore
|____version
| |____version.go
|____build
| |____bin
| | |____user_setup
| | |____entrypoint
| |____Dockerfile
|____pkg
| |____apis
| | |____apis.go
| |____controller
| | |____controller.goMarkaa waxaad ku dari kartaa API-yada loo baahan yahay iyo kantaroolayaasha, sida tan:
$ operator-sdk add api --api-version=myapp.com/v1alpha1 --kind=MyAppService
$ operator-sdk add controller --api-version=myapp.com/v1alpha1 --kind=MyAppServiceDabadeed, ugu dambayntii, soo ururi hawlwadeenka oo u dir diiwaanka weelkaaga:
$ operator-sdk build your.container.registry/youruser/myapp-operator
Haddi horumariyuhu rabo in ka badan kantarool, koodhka weelka ee ku jira faylasha Go waa la bedeli karaa. Tusaale ahaan, si aad wax uga beddesho waxyaabaha gaarka ah ee kantaroolaha, waxaad wax ka beddeli kartaa faylka controller.go.
Mashruuc kale , wuxuu kuu ogolaanayaa inaad abuurto bayaan adiga oo isticmaalaya kaliya faylasha YAML ee caddaynaya. Tusaale ahaan, hawlwadeenka Apache Kafka waxaa lagu qeexi doonaa ku dhawaad . Iyada, waxaad ku rakibi kartaa kooxda Kafka dusha sare ee Kubernetes oo leh dhowr amar:
$ kubectl kudo install zookeeper
$ kubectl kudo install kafkaKa dibna ku hagaaji amar kale:
$ kubectl kudo install kafka --instance=my-kafka-name
-p ZOOKEEPER_URI=zk-zookeeper-0.zk-hs:2181
-p ZOOKEEPER_PATH=/my-path -p BROKER_CPUS=3000m
-p BROKER_COUNT=5 -p BROKER_MEM=4096m
-p DISK_SIZE=40Gi -p MIN_INSYNC_REPLICAS=3
-p NUM_NETWORK_THREADS=10 -p NUM_IO_THREADS=20
Hal-abuurnimo
Dhawrkii sano ee la soo dhaafay, siideynnada waaweyn ee Kubernetes waxay soo baxayeen dhowrkii biloodba mar - taas oo ah, saddex ilaa afar siideyn oo waaweyn sannadkii. Tirada sifooyinka cusub ee lagu soo bandhigay mid kasta oo iyaga ka mid ah ma dhimaan. Waxaa intaa dheer, ma jiraan wax calaamado ah oo hoos u dhigaya xitaa waqtiyadan adag - fiiri sida ay xaaladdu hadda tahay .
Awoodaha cusubi waxay kuu oggolaanayaan inaad si dabacsanaan leh u ururiso hawlo shaqo oo kala duwan. Intaa waxaa dheer, barnaamij-bixiyeyaashu waxay ku raaxaystaan ββkoontarool weyn marka ay si toos ah u geynayaan codsiyada wax soo saarka.
Bulshada
Arrin kale oo weyn oo ku saabsan caannimada Kubernetes waa xoogga bulshadeeda. 2015, markii la gaaray nooca 1.0, Kubernetes waxaa kafaala qaaday .
Waxaa kaloo jira bulshooyin kala duwan (Kooxaha Daneeya Gaarka ah) waxay diiradda saareen ka shaqaynta aagag kala duwan ee Kubernetes marka uu mashruucu kobcayo. Kooxahani waxay si joogto ah ugu daraan astaamo cusub, iyagoo ka dhigaya la shaqaynta Kubernetes mid ku habboon oo ku habboon.
Cloud Native Foundation sidoo kale waxay martigelisaa CloudNativeCon/KubeCon, kaas, wakhtiga qorista, waa shirka isha furan ee ugu weyn adduunka. Caadi ahaan waxaa la qabtaa saddex jeer sannadkii, waxay isu keentaa kumanaan xirfadlayaal ah oo raba inay hagaajiyaan Kubernetes iyo nidaamka deegaanka, iyo sidoo kale inay bartaan sifooyin cusub oo soo baxa saddexdii biloodba mar.
Intaa waxaa dheer, Cloud Native Foundation waxay leedahay , kuwaas oo ay weheliyaan SIG-yada, dib u eegis ku sameynaya kuwa cusub iyo kuwa jira lacagaha diiradda lagu saaray nidaamka deegaanka ee daruuraha. Mashaariicdan intooda badan waxay caawiyaan hagaajinta awooda Kubernetes.
Ugu dambeyntii, waxaan aaminsanahay in Kubernetes uusan noqon doonin mid guulaysta sida uu yahay la'aanteed dadaalka miyir-qabka ah ee bulshada oo dhan, halkaas oo dadku ay isku dhejiyaan laakiin isla mar ahaantaana soo dhaweynayaan kuwa cusub ee soo galaya.
Mustaqbalka
Mid ka mid ah caqabadaha ugu waaweyn ee horumariyayaashu ay la tacaali doonaan mustaqbalka waa awoodda ay diiradda saaraan faahfaahinta koodhka laftiisa, ee maaha in la eego kaabayaasha uu ku shaqeeyo. Waxay la kulmeysaa isbeddelladan , oo ah mid ka mid ah hormuudka maanta. Nidaamyo horumarsan ayaa horay u jiray, tusaale. ΠΈ , kuwaas oo u isticmaala Kubernetes si ay u soo saaraan kaabayaasha horumarinta.
Maqaalkan, waxaanu kaliya xoqinay dusha sare ee xaaladda hadda ee Kubernetes-run ahaantii, waa uun cirifka barafka. Isticmaalayaasha Kubernetes waxay haystaan ββilo kale oo badan, awoodo, iyo habayntooda.
Source: www.habr.com