Ngaba kulula kwaye kulula ukulungiselela i-Kubernetes cluster? Ukwazisa i-addon-operator

Emva koko iqokobhe-umqhubi sibonisa umkhuluwa wakhe - i-addon-operator. Le yiprojekthi yoMthombo oVulekileyo esetyenziselwa ukufaka amacandelo enkqubo kwiqela le-Kubernetes, elinokuthiwa lizongezo.

Kutheni kukho ukongeza?

Akusiyo imfihlo ukuba i-Kubernetes ayiyona imveliso esele yenziwe yonke into, kwaye ukwakha iqela "elidala" uya kufuna izongezo ezahlukeneyo. I-Addon-operator iya kukunceda ufake, uqwalasele kwaye ugcine ezi zongezo zisexesheni.

Imfuno yamacandelo ongezelelweyo kwiqela ibhengezwa kuyo ingxelo osebenza nabo drusha. Ngamafutshane, imeko kunye ne-Kubernetes okwangoku ifana nokuba kufakelo olulula "lokudlala ngokujikelezayo" ungafumana ngamacandelo aphuma kwibhokisi, kubaphuhlisi kunye novavanyo unokongeza i-Ingress, kodwa ukufakwa ngokupheleleyo, malunga nayo. unokuthi "imveliso yakho ilungile", kufuneka udibanise kunye neshumi elinesibini lezongezo ezahlukeneyo: into yokubeka iliso, into yokugawulwa kwemithi, ungalibali i-ingress kunye nomphathi we-cert, khetha amaqela ee-nodes, yongeza imigaqo-nkqubo yenethiwekhi, ixesha lonyaka. ngoseto lwe-sysctl kunye ne-pod autoscaler...

Ziziphi iinkcukacha zokusebenza kunye nabo?

Njengoko uqheliselo lubonisa, umcimbi awuphelelanga kufakelo olunye. Ukuze usebenze ngokukhululekileyo kunye neqela, izongezo ziya kufuneka zihlaziywe, zikhutshazwe (zisuswe kwiqela), kwaye uya kufuna ukuvavanya ezinye ngaphambi kokuzifaka kwiqela lemveliso.

Ke, mhlawumbi i-Ansible iya kwanela apha? Ingayiyo. Kodwa Ngokubanzi, izongezo ezipheleleyo azihlali ngaphandle kwesetingi. Olu seto lunokwahluka ngokuxhomekeke kukwahluka kweqela (aws, gce, azure, bare-metal, do, ...). Ezinye iisetingi azikwazi ukuchazwa kwangaphambili kufuneka zifunyenwe kwiqela. Kwaye iqela alimile: kwezinye iisetingi kuya kufuneka ujonge utshintsho. Kwaye apha i-Ansible sele ilahlekile: ufuna inkqubo ehlala kwiqela, okt. Kubernetes Operator.

Abo bazama ngayo emsebenzini iqokobhe-umqhubi, baya kuthi imisebenzi yokufaka kunye nokuhlaziya izongezo kunye nezicwangciso zokubeka iliso zingasombululwa ngokupheleleyo. amagwegwe yeqokobhe-umqhubi. Ungabhala iscript esiya kwenza imeko kubectl apply kwaye ubeke iliso, umzekelo, ConfigMap, apho izicwangciso ziya kugcinwa khona. Oku kumalunga noko kuphunyezwa kwi-addon-operator.

Oku kuququzelelwe njani kwi-addon-operator?

Xa sisenza isisombululo esitsha, siye sahamba kule migaqo ilandelayo:

• I-add-on installer kufuneka ixhase ithempleyithi kunye noqwalaselo olubhengezayo. Asizenzi izikripthi zomlingo ezifaka izongezo. I-Addon-operator isebenzisa iHelm ukufaka iiaddons. Ukufakela, kufuneka wenze itshathi kwaye ukhethe amaxabiso aya kusetyenziselwa uqwalaselo.
• Izicwangciso zingaba velisa kufakelo, banokuba fumana kwiqela, okanye fumana uhlaziyo, ukubeka esweni izixhobo zeqela. Le misebenzi inokuphunyezwa ngokusebenzisa amagwegwe.
• Izicwangciso zingaba gcina kwiqela. Ukugcina izicwangciso kwiqela, i-ConfigMap/addon-operator iyadalwa kwaye i-Addon-operator ihlola utshintsho kule ConfigMap. I-Addon-opharetha inika iigwegwe ukufikelela kwizicwangciso usebenzisa izivumelwano ezilula.
• Ukongezwa kuxhomekeke kwisetingi. Ukuba izicwangciso zitshintshile, ngoko i-Addon-operator ikhupha itshathi yeHelm ngamaxabiso amatsha. Sibize indibaniselwano yetshathi yeHelm, amaxabiso ayo kunye neekhonkco zemodyuli (jonga ngezantsi ukuze ufumane iinkcukacha ezingaphezulu).
• Ukwenza iqonga. Akukho zikripthi zokukhupha umlingo. Indlela yokuhlaziya iyafana nesicelo esiqhelekileyo - qokelela izongezo kunye nee-addon-operators emfanekisweni, zithegi kwaye uzikhuphe.
• Ulawulo lweziphumo. I-Addon-operator inokubonelela ngeemetrics zePrometheus.

Yintoni i-padding kwi-addon-operator?

Ukongezwa kunokuqwalaselwa nayiphi na into eyongeza imisebenzi emitsha kwiqela. Umzekelo, ukufaka i-Ingress ngumzekelo omhle we-add-on. Oku kunokuba nawuphi na umqhubi okanye umlawuli oneCRD yakhe: iprometheus-umqhubi, umphathi-cert, kube-controller-manager, njl. Okanye into encinci, kodwa kulula ukuyisebenzisa - umzekelo, umkhupheli oyimfihlo, okhuphela iimfihlo zerejista kwiindawo ezintsha zamagama, okanye i-sysctl tuner, eqwalasela i-sysctl parameters kwiindawo ezintsha.

Ukuphumeza izongezo, i-Addon-operator ibonelela ngeekhonsepthi ezininzi:

• Itshathi yeHelm isetyenziselwa ukufaka isoftware eyahlukeneyo kwiqela - umzekelo, iPrometheus, iGrafana, i-nginx-ingress. Ukuba icandelo elifunekayo linetshathi yeHelm, emva koko ukuyifaka usebenzisa i-Addon-opharetha kuya kuba lula kakhulu.
• Ugcino lwemilinganiselo. Iitshathi zeHelm zihlala zinesetingi ezininzi ezahlukeneyo ezinokutshintsha ngokuhamba kwexesha. I-Addon-opharetha ixhasa ukugcina ezi zicwangciso kwaye inokubeka esweni utshintsho lwazo ukuze iphinde ifake itshathi yeHelm ngamaxabiso amatsha.
• Iihuka ziifayile eziphunyezwayo eziqhutywa yiAddon-operator kwimisitho kwaye ifikelela kumaxabiso evenkile. I-hook inokubeka iliso kwinguqu kwi-cluster kwaye ihlaziye amaxabiso kwivenkile yamaxabiso. Ezo. Usebenzisa amagwegwe, unokwenza ufumanise ukuqokelela amaxabiso ukusuka kwiqela ekuqaleni okanye ngokweshedyuli, okanye unokwenza ubhaqo oluqhubekayo, ukuqokelela amaxabiso kwiqela ngokusekwe kutshintsho kwiqela.
• Imodyuli ludibaniso lwetshathi yeHelm, ivenkile yamaxabiso kunye namagwegwe. Iimodyuli zinokuvulwa okanye zingasebenzi. Ukuyekisa imodyuli kuthetha ukucima konke ukukhutshwa kwetshathi yeHelm. Iimodyuli zinokuzenza ngokwazo ngokuguquguqukayo, umzekelo, ukuba zonke iimodyuli ezizifunayo zenziwe zasebenza okanye ukuba ukufunyanwa kufumene iiparamitha eziyimfuneko kwiihuku - oku kwenziwa ngokusebenzisa i-script encediswayo.
• Iigwegwe zehlabathi. Ezi zikhonkco "zodwa", azifakwanga kwiimodyuli kwaye zinokufikelela kwivenkile yexabiso lehlabathi, amaxabiso afumaneka kuzo zonke iikhonkco kwiimodyuli.

Asebenzisana njani la malungu? Makhe sijonge umfanekiso kumaxwebhu:

Kukho iimeko ezimbini zomsebenzi:

1. I-hook yehlabathi ibangelwa sisiganeko - umzekelo, xa ubutyebi kwiqela litshintsha. Le hook iqhuba utshintsho kwaye ibhala amaxabiso amatsha kwivenkile yamaxabiso ehlabathi. Izaziso ze-Addon-opharetha ukuba ugcino lwehlabathi lutshintshile kwaye luqala zonke iimodyuli. Imodyuli nganye, isebenzisa iigwegwe zayo, imisela ukuba ifuna ukwenziwa kwaye ihlaziye amaxabiso ayo. Ukuba imodyuli yenziwe, i-Addon-opharetha iqalisa ufakelo lwetshathi yeHelm. Kule meko, itshathi yeHelm inokufikelela kumaxabiso ukusuka kugcino lwemodyuli kunye nogcino lwehlabathi.
2. Imeko yesibini ilula: i-hook yemodyuli ibangelwa sisiganeko kwaye itshintsha amaxabiso kwivenkile yamaxabiso emodyuli. I-Addon-operator iyakuqaphela oku kwaye iqalise itshathi yeHelm enamaxabiso ahlaziyiweyo.

Ukongezwa kunokuphunyezwa njenge hook enye, okanye njengetshathi yeHelm enye, okanye nokuba iimodyuli ezininzi ezixhomekeke - oku kuxhomekeke kubunzima becandelo elifakwe kwiqela kunye nakwinqanaba elifunwayo lokuguquguquka koqwalaselo. Umzekelo, kwindawo yokugcina (/imizekelo) kukho i-sysctl-tuner add-on, ephunyezwa zombini njengemodyuli elula enekhonkco kunye netshathi yeHelm, kunye nokusebenzisa amaxabiso evenkile, eyenza kube nokwenzeka ukongeza izicwangciso ngokuhlela iConfigMap.

Ukuhanjiswa kohlaziyo

Amagama ambalwa malunga nokulungiselela uhlaziyo lwecandelo oluhlohlwa yi-Addon-operator.

Ukusebenzisa i-Addon-operator kwiqela, kufuneka yakha umfanekiso kunye nezongezo ngokohlobo lwe hook kunye neefayile zetshathi zeHelm, yongeza ifayile yokubini addon-operator kunye nayo yonke into oyifunayo kwiikhonkco: bash, kubectl, jq, python njl. Emva koko lo mfanekiso unokukhutshelwa kwiqela njengesicelo esiqhelekileyo, kwaye ngokuqinisekileyo uya kufuna ukuququzelela enye okanye enye iskimu sokumaka. Ukuba kukho amaqoqo ambalwa, indlela efanayo kunye nezicelo inokufaneleka: ukukhululwa okutsha, inguqulelo entsha, yiya kuwo onke amaqoqo kwaye ulungise umfanekiso weePods. Nangona kunjalo, kwimeko yokukhutshwa kwinani elibalulekileyo lamaqela, ingcamango yokuzihlaziya ukusuka kumjelo yayifanelekile kuthi.

Nantsi indlela esiyenza ngayo:

• Isitishi sisachongi esinokuthi simiselwe kuyo nantoni na (umzekelo, i-dev/stage/ea/stable).
• Igama letshaneli yithegi yomfanekiso. Xa kufuneka ukhuphe uhlaziyo kwitshaneli, umfanekiso omtsha uyadityaniswa kwaye ufakwe igama letshaneli.
• Xa umfanekiso omtsha uvela kwirejista, i-Addon-opharetha iphinda iqaliswe kwaye iqaliswe ngomfanekiso omtsha.

Oku akulona qheliselo lungcono, njengoko kubhaliwe kuyo Kubernetes amaxwebhu. Akukhuthazwa ukwenza oku, kodwa sithetha ngayo isicelo esiqhelekileyo esihlala kwiqela elinye. Kwimeko ye-Addon-opharetha, usetyenziso luninzi lwe-Deployments ehlakazekile kuwo wonke amaqela, kwaye ukuzihlaziya kunceda kakhulu kwaye kwenza ubomi bube lula.

Imijelo inceda kwaye kuvavanyo: ukuba kukho iqela elincedisayo, ungaliqwalasela kwitshaneli stage kwaye uqengqeleke uhlaziyo kuyo ngaphambi kokuba uyikhuphele kumajelo ea и stable. Ukuba kunye neqela kwitshaneli ea imposiso yenzekile, ungayitshintshela kuyo stable, ngelixa ingxaki yeli qela isaphandwayo. Ukuba iqela likhutshiwe kwinkxaso esebenzayo, litshintshela kwisitishi "somkhenkce" - umzekelo, freeze-2019-03-20.

Ukongeza ekuhlaziyeni iigwegwe kunye neetshathi zeHelm, unokufuna ukuhlaziya kunye necandelo lesithathu. Umzekelo, uqaphele i-bug kwi-node-exporter enemiqathango kwaye waze wafumanisa ukuba ungayipeyisha njani. Emva koko, uvule i-PR kwaye ulindele ukukhululwa okutsha ukuya kuwo onke amaqoqo kunye nokwandisa inguqu yomfanekiso. Ukuze ungalindi ngokungenasiphelo, unokwakha i-node-exporter yakho kwaye utshintshe kuyo ngaphambi kokuba wamkele i-PR.

Ngokubanzi, oku kunokwenziwa ngaphandle kwe-Addon-operator, kodwa nge-Addon-operator imodyuli yokufakela i-node-exporter iya kubonakala kwindawo yokugcina enye, i-Dockerfile yokwakha umfanekiso wakho inokugcinwa khona apho, kuba lula kubo bonke abathathi-nxaxheba. inkqubo yokuqonda okwenzekayo ... Kwaye ukuba kukho amaqela amaninzi, ngoko kuba lula ukuvavanya zombini i-PR yakho kwaye ukhuphe inguqulelo entsha!

Lo mbutho wokuhlaziywa kwecandelo usebenza ngempumelelo kuthi, kodwa nayiphi na enye inkqubo efanelekileyo inokuphunyezwa - emva kwayo yonke into kulo mzekelo iAddon-operator yifayile yokubini elula.

isiphelo

Imigaqo ephunyezwe kwi-Addon-opharetha ikuvumela ukuba wakhe inkqubo ecacileyo yokudala, ukuvavanya, ukufaka kunye nokuhlaziya izongezo kwi-cluster, efana neenkqubo zophuhliso lwezicelo eziqhelekileyo.

Izongezo ze-Addon-opharetha kwifomathi yemodyuli (itshathi yeHelm + iigwegwe) zingenziwa zifumaneke esidlangalaleni. Thina, inkampani yeFlant, siceba ukupapasha uphuhliso lwethu ngendlela yokongezwa okunjalo ngexesha lehlobo. Joyina uphuhliso kwi-GitHub (iqokobhe-umqhubi, i-addon-operator), zama ukwenza udibaniso lwakho olusekelwe kwi imizekelo и amaxwebhu, linda iindaba kwi-Habré kunye neyethu Isitishi sikaYouTube!

PS

Funda nakwibhlog yethu:

• «Ukwandisa kunye nokuxhasa iKubernetes (uphononongo kunye nengxelo yevidiyo)";
• «Ukwazisa i-shell-operator: ukudala abasebenzi be-Kubernetes kube lula».

umthombo: www.habr.com