NgoAprili 27 kwinkomfa , njengenxalenye yecandelo elithi "DevOps", ingxelo ethi "Autoscaling and resource management in Kubernetes" inikwe. Ithetha malunga nendlela onokuzisebenzisa ngayo ii-K8s ukuqinisekisa ukufumaneka okuphezulu kwezicelo zakho kunye nokuqinisekisa ukusebenza okuphezulu.
Ngokwesithethe, siyavuya ukunikezela (imizuzu engama-44, inolwazi kakhulu kunenqaku) kunye nesishwankathelo esiphambili kwifom yesicatshulwa. Hamba!
Makhe sihlalutye isihloko sengxelo yegama negama kwaye siqale ukusuka ekugqibeleni.
Kubernetes
Masithi sinezikhongozeli zeDocker kubamkeli bethu. Yantoni? Ukuqinisekisa ukuphindaphinda kunye nokuhlukaniswa, okukuvumela ukuba kube lula kunye nokuhanjiswa okulungileyo, i-CI / CD. Sineenqwelo ezininzi ezinjalo ezinemigqomo.
Ubonelela ntoni uKubernetes kule meko?
- Siyayeka ukucinga ngaba matshini kwaye siqale ukusebenza "ngelifu" iqoqo lezikhongozeli okanye imidumba (amaqela ezikhongozeli).
- Ngaphezu koko, asicingi nokuba sicinga ngeepods zomntu ngamnye, kodwa lawula ngaphezuluΠΎamaqela amakhulu. Enjalo umgangatho ophezulu wangaphambili sivumele ukuba sitsho ukuba kukho itemplate yokuqhuba umsebenzi othile, kwaye nantsi inani elifunekayo lemizekelo yokuyiqhuba. Ukuba emva koko sitshintsha ithempleyithi, zonke iimeko ziya kutshintsha.
- Ngo kunceda declarative API Esikhundleni sokwenza ulandelelwano lwemiyalelo ethile, sichaza "isakhiwo sehlabathi" (kwi-YAML), eyenziwe nguKubernetes. Kwaye kwakhona: xa inkcazo itshintsha, umboniso wayo wokwenene uya kutshintsha.
Ulawulo lwezibonelelo
ICPU
Masiqhube nginx, php-fpm kunye ne-mysql kumncedisi. Ezi nkonzo ngokwenene ziya kuba neenkqubo ezininzi ezisebenzayo, nganye kuzo ifuna izixhobo zekhompyutha:
(amanani akwisilayidi βzizikhweneneβ, imfuno engacacanga yenkqubo nganye yamandla ekhompyutha)
Ukwenza kube lula ukusebenza nale nto, kunengqiqo ukudibanisa iinkqubo zibe ngamaqela (umzekelo, zonke iinkqubo ze-nginx kwiqela elinye "nginx"). Indlela elula necacileyo yokwenza oku kukubeka iqela ngalinye kwisingxobo:
Ukuqhubeka, kufuneka ukhumbule ukuba yintoni isikhongozeli (kwiLinux). Inkangeleko yabo yenziwa ngenxa yeempawu ezintathu eziphambili kwi-kernel, eziphunyezwe kwakudala kakhulu: , ΠΈ . Kwaye uphuhliso olongezelelekileyo lwaququzelelwa zezinye iitekhnoloji (kubandakanya "amaqokobhe" afanelekileyo afana neDocker):
Kumxholo wengxelo, sinomdla kuphela Amaqela, kuba amaqela olawulo ayingxenye yokusebenza kwee-container (i-Docker, njl.) eyenza ulawulo lwezibonelelo. Iinkqubo ezidityanisiweyo ngokwamaqela, njengoko besifuna, ngamaqela olawulo.
Masibuyele kwiimfuno ze-CPU kwezi nkqubo, kwaye ngoku kumaqela eenkqubo:
(Ndiphinda ndithi onke amanani ayimbonakalo engabonakaliyo yemfuno yezibonelelo)
Kwangaxeshanye, i-CPU ngokwayo inomthombo othile onomda (kumzekelo lo yi-1000), apho wonke umntu unokuswela (isimbuku seemfuno zawo onke amaqela 150+850+460=1460). Kuya kwenzeka ntoni kule meko?
I-kernel iqala ukusasaza izixhobo kwaye iyenze "ngokufanelekileyo", inika inani elifanayo lezibonelelo kwiqela ngalinye. Kodwa kwimeko yokuqala, zininzi zazo kunokuba zifuneka (333> 150), ngoko ke okungaphezulu (333-150 = 183) kuhlala kugcinwe, okukwasasazwa ngokulinganayo phakathi kwezinye izikhongozeli ezibini:
Ngenxa yoko: isitya sokuqala sasinemithombo eyaneleyo, eyesibini - yayingenazo izixhobo ezaneleyo, okwesithathu - yayingenazo izixhobo ezaneleyo. Esi sisiphumo sezenzo "unyanisekile" umcwangcisi kwiLinux - . Ukusebenza kwayo kunokulungiswa kusetyenziswa isabelo iintsimbi isikhongozeli ngasinye. Umzekelo, njengale:
Makhe sijonge imeko yokunqongophala kwezixhobo kwisitya sesibini (php-fpm). Zonke izixhobo zeekhonteyina zabiwa ngokulinganayo phakathi kweenkqubo. Ngenxa yoko, inkqubo yenkosi isebenza kakuhle, kodwa bonke abasebenzi bayacotha, befumana ngaphantsi kwesiqingatha sento abayidingayo:
Le yindlela esebenza ngayo umcwangcisi weCFS. Siza kuphinda sibize iintsimbi esizabela izikhongozeli izicelo. Kutheni le nto kunjalo - bona ngakumbi.
Makhe sijonge yonke imeko kwelinye icala. Njengoko uyazi, zonke iindlela zikhokelela eRoma, kwaye kwimeko yekhompyutheni, kwi-CPU. I-CPU enye, imisebenzi emininzi - ufuna isibane sendlela. Indlela elula yokulawula izibonelelo "ukukhanya kwezithuthi": banike inkqubo enye ixesha lokufikelela okusisigxina kwi-CPU, emva koko elandelayo, njl.
Le ndlela ibizwa ngokuba yi-hard quotas (ukunciphisa nzima). Masiyikhumbule ngokulula nje imida. Nangona kunjalo, ukuba usasaza imida kuzo zonke izitya, ingxaki ivela: i-mysql yayiqhuba endleleni kwaye ngexesha elithile imfuno yayo ye-CPU iphelile, kodwa zonke ezinye iinkqubo zinyanzeliswa ukuba zilinde de i-CPU. engasebenziyo.
Masibuyele kwi-Linux kernel kunye nokusebenzisana kwayo ne-CPU - umfanekiso opheleleyo umi ngolu hlobo lulandelayo:
Iqela linesetingi ezimbini - ngokusisiseko ezi zimbini "iijiji" ezilula ezikuvumela ukuba umisele:
- ubunzima besikhongozeli (izicelo) bu izabelo;
- ipesenteji yexesha lilonke le-CPU yokusebenza kwimisebenzi yesikhongozeli (imida) yi quota.
Indlela yokulinganisa i-CPU?
Kukho iindlela ezahlukeneyo:
- into iiproti, akukho mntu waziyo - kufuneka uthethe ngalo lonke ixesha.
- Umdla icace ngakumbi, kodwa ihlobene: i-50% yeseva ene-4 cores kunye ne-20 cores zizinto ezahlukeneyo ngokupheleleyo.
- Ungasebenzisa ezi sele zikhankanyiwe iintsimbi, leyo iLinux iyayazi, kodwa nayo ihlobene.
- Olona khetho lufanelekileyo kukulinganisa izixhobo zekhompyutha imizuzwana. Ezo. kwimizuzwana yexesha lomqhubekekisi xa kuthelekiswa nesekondi yexesha lokwenyani: isekhondi enye yexesha lomqhubekekisi yanikwa ngomzuzwana oyi-1 wokwenyani β lo ngundoqo we-CPU.
Ukwenza kube lula ukuthetha, baqala ukulinganisa ngokuthe ngqo iinkozo, okuthetha ngabo ixesha elifanayo le-CPU xa lithelekiswa nelokwenene. Kuba iLinux iyabuqonda ubunzima, kodwa hayi kangako ixesha le-CPU/iicores, bekudingeka indlela yokuguqulela ukusuka kwenye ukuya kwenye.
Makhe siqwalasele umzekelo olula kunye nomncedisi kunye ne-3 CPU cores, apho ii-pods ezintathu ziya kunikwa ubunzima (500, 1000 kunye ne-1500) eziguqulelwa ngokulula kwiindawo ezihambelanayo ze-cores ezabelwe zona (0,5, 1 kunye ne-1,5).
Ukuba uthatha umncedisi wesibini, apho kuya kubakho kabini i-cores (6), kwaye ubeke iipods ezifanayo apho, ukuhanjiswa kwee-cores kungabalwa ngokulula ngokuphindaphinda ngo-2 (1, 2 kunye no-3, ngokulandelanayo). Kodwa umzuzu obalulekileyo uyenzeka xa i-pod yesine ibonakala kulo mncedisi, ubunzima bayo, ukuze kube lula, buya kuba yi-3000. Ithatha inxalenye yezixhobo ze-CPU (isiqingatha se-cores), kunye neepods eziseleyo ziphinda zibalwe (isiqingatha):
I-Kubernetes kunye nezixhobo ze-CPU
Kwi-Kubernetes, izixhobo ze-CPU zihlala zilinganiswa miliadrax, okt. I-0,001 cores ithathwa njengobunzima besiseko. (Into enye kwi-Linux/cgroups terminology ibizwa ngokuba yi-CPU share, nangona, ngokuchanekileyo, 1000 millicores = 1024 CPU shares.) I-K8s iqinisekisa ukuba ayibeki iipods ezininzi kumncedisi kunokuba kukho izibonelelo ze-CPU kwisamba sobunzima bazo zonke iipod.
Kwenzeka njani oku? Xa usongeza iseva kwiqela le-Kubernetes, kuxelwa ukuba zingaphi ii-CPU cores ezifumanekayo. Kwaye xa udala ipod entsha, umcwangcisi we-Kubernetes uyazi ukuba zingaphi ii-cores eziya kuzifuna le pod. Ngaloo ndlela, i-pod iya kwabelwa kumncedisi apho kukho ii-cores ezaneleyo.
Kuya kwenzeka ntoni ukuba hayi isicelo sicacisiwe (oko kukuthi i-pod ayinalo inani elichaziweyo leecores elifunekayo)? Makhe sibone ukuba uKubernetes ubala njani izixhobo ngokubanzi.
Kwi-pod ungakhankanya zombini izicelo (umcwangcisi weCFS) kunye nemida (uyakhumbula ilobhothi?):
- Ukuba zichazwe ngokulinganayo, ke i-pod inikwe iklasi yeQoS Kuqinisekisiwe. Eli nani lee-cores lihlala lifumaneka kulo liqinisekisiwe.
- Ukuba isicelo singaphantsi komda - iklasi yeQoS kuqhuma. Ezo. Silindele i-pod, umzekelo, ukuba ihlale isebenzisa i-1 core, kodwa eli xabiso ayisiyiyo imida yalo: ngamanye amaxesha i-pod ingasebenzisa ngakumbi (xa umncedisi enemithombo yasimahla yoku).
- Kukho neklasi yeQoS eyona nzame β ibandakanya ezona pods isicelo esingachazwanga. Izibonelelo zinikwa bona okokugqibela.
Imemori
Ngenkumbulo, imeko iyafana, kodwa ihluke kancinci - emva kwayo yonke loo nto, ubume bezi zibonelelo buhlukile. Ngokubanzi, isifaniso simi ngolu hlobo lulandelayo:
Makhe sibone ukuba izicelo ziphunyezwa njani kwinkumbulo. Vumela iipods ziphile kumncedisi, zitshintshe ukusetyenziswa kwememori, de enye yazo ibe nkulu kangangokuba iphelelwe yimemori. Kule meko, umbulali we-OOM uvela kwaye ubulala eyona nkqubo inkulu:
Oku akusoloko kusilungele, ngoko ke kunokwenzeka ukulawula ukuba zeziphi iinkqubo ezibalulekileyo kuthi kwaye akufanele zibulawe. Ukwenza oku, sebenzisa iparameter ooom_score_adj.
Masibuyele kwiiklasi ze-QoS ze-CPU kwaye sizobe isifaniso kunye ne-oom_score_adj amaxabiso amisela izinto eziphambili zokusetyenziswa kwememori kwiipods:
- Elona xabiso liphantsi oom_score_adj lepod - -998 - lithetha ukuba iphod enje kufuneka ibulawe okokugqibela, oku Kuqinisekisiwe.
- Elona liphezulu - 1000 - li eyona nzame, imidumba enjalo ibulawa kuqala.
- Ukubala amaxabiso aseleyo (kuqhuma) kukho ifomyula, undoqo wayo ophumela kwinto yokuba okukhona izibonelelo ezininzi eziceliwe, kokukhona kunokwenzeka ukuba zibulawe.
Okwesibini "twist" - umda_nge_iibhayithi - kuba imida. Ngayo, yonke into ilula: sinikezela ngokulula ubuninzi bememori ekhutshiweyo, kwaye apha (ngokungafaniyo ne-CPU) akukho mbuzo wendlela yokulinganisa (inkumbulo).
Iyonke
Ipod nganye eKubernetes inikwe requests ΠΈ limits -Zombini iiparamitha ze-CPU kunye nememori:
- ngokusekwe kwizicelo, umcwangcisi weKubernetes usebenza, osasaza iipod phakathi kwabancedisi;
- ngokusekelwe kuzo zonke iiparameters, iklasi ye-pod QoS izimisele;
- Ubunzima obunxulumeneyo bubalwa ngokusekelwe kwizicelo ze-CPU;
- umcwangcisi weCFS uqwalaselwe ngokusekelwe kwizicelo zeCPU;
- Umbulali we-OOM iqwalaselwe ngokusekelwe kwizicelo zememori;
- "Isibane sendlela" siqwalaselwe ngokusekelwe kwimida ye-CPU;
- Ngokusekwe kwimida yenkumbulo, umda uqwalaselwe kwiqela.
Ngokubanzi, lo mfanekiso uphendula yonke imibuzo malunga nendlela inxalenye ephambili yolawulo lwemithombo eyenzekayo kwi-Kubernetes.
Autoscaling
K8s iqela-autoscaler
Masicinge ukuba iqela lonke sele lihleli kwaye i-pod entsha kufuneka yenziwe. Ngelixa i-pod ingabonakali, ijinga kwisimo Kulindwe. Ukuze ivele, sinokudibanisa umncedisi omtsha kwiqela okanye... faka i-cluster-autoscaler, eya kusenzela yona: lawula umatshini obonakalayo ovela kumnikezeli welifu (usebenzisa isicelo se-API) kwaye uyidibanise kwiqela. , emva koko i-pod iya kongezwa.
Oku kukwenza i-autoscaling ye-Kubernetes cluster, esebenza kakuhle (kumava ethu). Nangona kunjalo, njengakwezinye iindawo, kukho ama-nuances apha ...
Ngethuba nje sandisa ubungakanani beqela, yonke into yayilungile, kodwa kwenzeka ntoni xa iqela waqala ukuzikhulula? Ingxaki kukuba ukufuduka kweepods (ukukhulula imikhosi) kunzima kakhulu ngokobugcisa kwaye kuyabiza ngokwezibonelelo. UKubernetes usebenzisa indlela eyahlukileyo ngokupheleleyo.
Qwalasela iqela leeseva ezi-3 ezinoSabelo. Ineepod ezi-6: ngoku kukho i-2 kwiseva nganye. Ngesizathu esithile besifuna ukucima enye yeeseva. Ukwenza oku siza kusebenzisa umyalelo kubectl drain, apho:
- izakwalela ukuthumela iipod ezintsha kulo mncedisi;
- izakucima iipods ezikhoyo kumncedisi.
Ekubeni i-Kubernetes inoxanduva lokugcina inani lee-pods (6), ngokulula iyakwenza kwakhona kwezinye iindawo, kodwa hayi kule ikhubazekileyo, kuba sele iphawulwe njengengafumanekiyo ekusingatheni iipod ezintsha. Lo ngumatshini osisiseko weKubernetes.
Nangona kunjalo, kukho i-nuance apha kwakhona. Kwimeko efanayo, kwi-StatefulSet (endaweni yokusasazwa), izenzo ziya kwahluka. Ngoku sele sinesicelo esicacileyo-umzekelo, iipod ezintathu ezine-MongoDB, enye yazo inengxaki ethile (idatha yonakalisiwe okanye enye impazamo evimbela ukuba i-pod iqale ngokuchanekileyo). Kwaye sithatha isigqibo sokuvala iseva enye. Kuya kwenzeka ntoni?
MongoDB unakho fa kuba ifuna ikhoram: kwiqela lofakelo oluthathu, ubuncinane ezimbini kufuneka zisebenze. Nangona kunjalo, oku ayenzeki - Enkosi Ku PodDisruptionBudget. Le parameter imisela inani elincinci elifunekayo leepod zokusebenza. Ukwazi ukuba enye yeepod zeMongoDB ayisasebenzi, kwaye ukubona ukuba iPodDisruptionBudget imiselwe iMongoDB. minAvailable: 2, I-Kubernetes ayiyi kukuvumela ukuba ucime i-pod.
Umgca ophantsi: ukwenzela ukuba ukunyakaza (kwaye ngokwenene, ukudalwa kwakhona) kweepods zisebenze ngokuchanekileyo xa iqela likhutshwa, kuyimfuneko ukuqwalasela iPodDisruptionBudget.
Ukukala okuthe tye
Makhe siqwalasele enye imeko. Kukho isicelo esisebenza njengokusasazwa kwi-Kubernetes. I-traffic yomsebenzisi ifika kwiipods zayo (umzekelo, kukho ezintathu zazo), kwaye silinganisa isalathisi esithile kubo (thi, umthwalo we-CPU). Xa umthwalo ukhula, sirekhoda oku kwishedyuli kwaye sandise inani leepods ukusabalalisa izicelo.
Namhlanje kwi-Kubernetes oku akufuneki ukuba kwenziwe ngesandla: ukunyuka ngokuzenzekelayo / ukuhla kwenani leepods ziqwalaselwe ngokuxhomekeke kumaxabiso ezibonakaliso zomthwalo olinganisiweyo.
Imibuzo ephambili apha yile: yintoni kanye kanye ukulinganisa ΠΈ indlela yokutolika amaxabiso afunyenweyo (ukwenza isigqibo ekutshintsheni inani leepods). Unokulinganisa kakhulu:
Indlela yokwenza oku ngobuchwephesha - ukuqokelela i-metrics, njl. - Ndathetha ngokubanzi kwingxelo malunga . Kwaye ingcebiso ephambili yokukhetha iiparamitha ezifanelekileyo umfuniselo!
kukho (Ukusetyenziswa kweSatuation kunye neempazamo), intsingiselo yalo ngolu hlobo lulandelayo. Kwesiphi isiseko esenza ingqiqo ukukala, umzekelo, php-fpm? Ngokusekelwe kwinto yokuba abasebenzi bayaphelelwa, oku ukusetyenziswa. Kwaye ukuba abasebenzi baphelile kwaye uqhagamshelo olutsha alwamkelwa, oku sele kusele indawo yokuhlala. Zombini ezi parameters kufuneka zilinganiswe, kwaye kuxhomekeke kumaxabiso, ukukala kufuneka kwenziwe.
Endaweni yesiphelo
Ingxelo inokuqhubeka: malunga nokulinganisa ngokuthe nkqo kunye nendlela yokukhetha izixhobo ezifanelekileyo. Ndiza kuthetha ngale nto kwiividiyo ezizayo -bhalisa ukuze ungaphoswa!
Iividiyo kunye nezilayidi
Ividiyo evela kumdlalo (imizuzu engama-44):
Ukunikezelwa kwengxelo:
PS
Ezinye iingxelo malunga neKubernetes kwibhlog yethu:
- «» (Andrey Polovov; ngoAprili 8, 2019 eSaint HighLoad++);
- «» (UDmitry Stolyarov; ngoNovemba 8, 2018 kwi-HighLoad ++);
- «» (UDmitry Stolyarov; ngoMeyi 28, 2018 kwi-RootConf);
- «» (UDmitry Stolyarov; ngoNovemba 7, 2017 kwi-HighLoad ++);
- «» (UDmitry Stolyarov; NgoJuni 6, 2017 kwi-RootConf).
umthombo: www.habr.com