Ngobu busuku
Ulwazi olusetyenzisiweyo ukulungisa le mathiriyeli luthatyathwe
Masiqale ngentshayelelo ebalulekileyo evela kumjikelo wobomi beqela le-SIG: amaqela e-failover aguqukayo I-Kubernetes (okanye ukuchaneka ngakumbi, ukuzibamba kwe-HA deployments) ngoku kubeadm
(init
и join
). Ngamafutshane, kule nto:
- izatifikethi ezisetyenziswe liqela zikhutshelwa kwiimfihlo;
- ukulungiselela ukusebenzisa iqela le etcd ngaphakathi kweqela le-K8s (o.k.t. ukususa ukuxhomekeka kwangaphandle obekukho ngaphambili)
etcd-umqhubi ; - Amaxwebhu useto olucetyiswayo lwe-balancer yomthwalo wangaphandle obonelela ngolungelelwaniso lokunyamezela impazamo (kwixesha elizayo kucetywa ukuphelisa oku kuxhomekeka, kodwa hayi kweli nqanaba).
Uyilo lweqela le-Kubernetes HA elenziwe nge-kubeadm
Iinkcukacha zokuphunyezwa zingafunyanwa kwi
API
Iqela apply
kwaye ngokuthetha ngokubanzi Ulawulo lwento ebhengezayo kubectl
kwi-apiserver. Abaphuhlisi ngokwabo bachaza ngokufutshane isigqibo sabo ngokuthi kubectl apply
- inxalenye esisiseko yokusebenza kunye nokucwangciswa kwe-Kubernetes, nangona kunjalo, "igcwele iibhugi kwaye kunzima ukuyilungisa," kwaye ngoko ke lo msebenzi kufuneka ubuyiselwe ngokuqhelekileyo kwaye udluliselwe kwindiza yokulawula. Imizekelo elula necacileyo yeengxaki ezikhoyo namhlanje:
Iinkcukacha malunga nokuphunyezwa zingaphakathi
Yenziwe ifumaneke kuguqulelo lwealpha kubectl
) yenza uqinisekiso kwicala lakho (ngaphakathi kubectl create
и kubectl apply
) kwaye ikhuphe amaxwebhu ngokwenkqubo (kubectl explain
). Iinkcukacha - ngaphakathi
Izigodo esele zikhona O_APPEND
(kodwa hayi O_TRUNC
) ukunqanda ilahleko yezigodo kwezinye iimeko kunye nokwenza lula ukucutha iilog ngezixhobo zangaphandle zokujikeleza.
Kwakhona kumxholo we-Kubernetes API, kunokuqatshelwa ukuba kwi PodSandbox
и PodSandboxStatus
runtime_handler
ukurekhoda ulwazi malunga RuntimeClass
kwi-pod (funda ngakumbi ngayo kwisicatshulwa malunga AdmissionReview
bayaxhasa. Okokugqibela, imithetho ye-Admission Webhooks ngoku
Iivenkile
PersistentLocalVolumes
subPath
subPathExpr
, esetyenziswa ngoku ukumisela igama likavimba weefayili elifunwayo. Isici saqala savela kwi-Kubernetes 1.11, kodwa kwi-1.14 yahlala ikwimo yenguqulo ye-alpha.
Njengokukhutshwa kwe-Kubernetes yangaphambili, utshintsho oluninzi olubalulekileyo lwaziswa kuphuhliso olusebenzayo lwe-CSI (i-Container Storage Interface):
CSI
Ifumaneke (njengenxalenye yoguqulelo lwealpha) ExpandCSIVolumes
, kunye nobukho benkxaso yalo msebenzi kumqhubi othile weCSI.
Olunye uphawu lweCSI kuguqulelo lwealpha - CSIInlineVolume
isango lesici.
Kukho nenkqubela phambili "kwi-internals" ye-Kubernetes enxulumene ne-CSI, engabonakali kangako kubasebenzisi bokugqibela (abalawuli benkqubo) ... Okwangoku, abaphuhlisi banyanzelekile ukuba baxhase iinguqulelo ezimbini zeplagin yokugcina nganye: enye - "kwi indlela endala”, ngaphakathi kwe K8s codebase (in -tree), kunye neyesibini - njengenxalenye yeCSI entsha (funda ngakumbi ngayo, umzekelo, kwi
Konke oku kukhokelele kwinto yokuba inguqulelo yealpha ifikelele
Ukongeza, inkxaso yezixhobo zebhloko ezineCSI (CSIBlockVolume
)
Nodes/Kubelet
Uguqulelo lweAlpha lubonisiwe /metrics/resource/v1alpha1
. Isicwangciso sexesha elide sabaphuhlisi
I-nuance enomdla kakhulu: ngaphandle kwenzuzo ecacileyo yokusebenza kwesiphelo se-gRPC xa kuthelekiswa neemeko ezahlukeneyo zokusebenzisa ifomathi yePrometheus. (jonga isiphumo somnye webenchmarks ezingezantsi), ababhali bakhetha ifomathi yombhalo wePrometheus ngenxa yobunkokeli obucacileyo bale nkqubo yokubeka iliso kuluntu.
“I-gRPC ayihambelani nemibhobho emikhulu yokubeka iliso. Isiphelo siya kuba luncedo ekuhambiseni iimetrics kwiSeva yeeMetrics okanye iinxalenye zokubeka iliso ezidibanisa ngqo nayo. Ukusebenza kwefomathi yombhalo we-Prometheus xa usebenzisa i-caching kwi-Metrics Server ilunge ngokwanele ukuba sikhethe i-Prometheus kune-gRPC ngenxa yokwamkelwa ngokubanzi kwe-Prometheus eluntwini. Nje ukuba ifomathi ye-OpenMetrics izinze ngakumbi, siya kukwazi ukusondela ekusebenzeni kwe-gRPC ngefomathi esekwe kwiproto.
Olunye lovavanyo lothelekiso lokusebenzisa iifomati ze-gRPC kunye ne-Prometheus kwisiphelo se-Kubelet entsha yeemetriki. Iigrafu ezingakumbi kunye nezinye iinkcukacha zinokufumaneka kwi
Phakathi kolunye utshintsho:
- Kubelet ngoku (kanye)
ezama ukuyeka Izikhongozeli ezikwimeko engaziwayo phambi kokuba uqalise kwaye ucime imisebenzi. - Sebenzisa
ngoku kwi init containerPodPresets
yongezwa ulwazi olufanayo nolwesikhongozeli esiqhelekileyo. - kubelet
waqala ukusebenzisa usageNanoCores
ukusuka kumboneleli weenkcukacha-manani we-CRI, kunye neendawo zokuhlala kunye nezikhongozeli kwiWindowsyongezwe manani womnatha. - Inkqubo yokusebenza kunye nolwazi lwezakhiwo ngoku zirekhodwa kwiilebhile
kubernetes.io/os
иkubernetes.io/arch
Izinto zeNode (zidluliselwe kwi-beta ukuya kwi-GA). - Ukukwazi ukukhankanya inkqubo ethile yeqela labasebenzisi kwizikhongozeli ezikwipod (
RunAsGroup
, wavela ngaphakathiK8s 1.11 )phambili phambi kwe-beta (yenziwe ngokuzenzekelayo). - du kwaye ufumane esetyenziswa kwi-cAdvisor,
kutshintshwa kuphumezo lweGo.
CLI
Kwi-cli-runtime kunye ne-kubectl
Umzekelo wokusetyenziswa kwefayile elula
Ukongeza:
-
Yongeziwe iqela elitshakubectl create cronjob
, ogama lakhe liyazithethela. - В
kubectl logs
ngoku ungakwaziukudibanisa iiflegi-f
(--follow
kwimiqulu yostrimisho) kunye-l
(--selector
ngombuzo weleyibhile). - kubectl
wafundiswa khuphela iifayile ezikhethwe ngekhadi lasendle. - Eqela
kubectl wait
yongezwa iflegi--all
ukukhetha zonke izibonelelo kwisithuba samagama sohlobo lovimba oluxeliweyo.
Okunye
Ezi zakhono zilandelayo zifumene iwonga elizinzileyo (GA):
-
, isetyenziswe kwinkcazo ye-pod ukuchaza iimeko ezongezelelweyo ezithathelwe ingqalelo kwi-pod yokulungela;ReadinessGate
- Inkxaso yamaphepha amakhulu (isici sesango elibizwa ngokuba yi
);HugePages
-
CustomPodDNS ; - PriorityClass API
I-Pod ePhambili kunye nokuQalwa .
Olunye utshintsho lwaziswa kwi-Kubernetes 1.14:
- Umgaqo-nkqubo we-RBAC omiselweyo awusavumeli ukufikelela kwi-API
discovery
иaccess-review
abasebenzisi ngaphandle koqinisekiso (ayiqinisekiswanga). - Inkxaso ye-CoreDNS esemthethweni
iqinisekisiwe I-Linux kuphela, ngoko xa usebenzisa i-kubeadm ukuyihambisa (CoreDNS) kwiqela, iindawo kufuneka ziqhube kuphela kwi-Linux (i-nodeSelectors zisetyenziselwa lo mda). - Ubumbeko lwe-CoreDNS oluhlala lukhona ngoku
isebenzisa phambili iplagi endaweni yommeli. Kwakhona, kwiCoreDNSyongezwe ReadinessProbe, ethintela ulungelelwaniso lomthwalo kwiipodi ezifanelekileyo (ezingekakulungeli inkonzo). - Kwi-beadm, kwizigaba
init
okanyeupload-certs
,yenzeka layisha izatifikethi ezifunekayo ukuqhagamshela inqwelomoya-moya entsha kwimfihlo ye-kubeadm-certs (sebenzisa iflegi--experimental-upload-certs
). - Uguqulelo lwealpha luye lwavela kufakelo lweWindows
inkxaso I-gMSA (iAkhawunti yeNkonzo eLawulwayo yeQela) - ii-akhawunti ezikhethekileyo ezikwi-Active Directory ezinokuthi zisetyenziswe zizikhongozeli. - KuG.C.E.
yenziwe yasebenza uguqulelo oluntsonkothileyo lwe-mTLS phakathi kwe- etcd kunye ne kube-apiserver. - Uhlaziyo kwisoftware esetyenzisiweyo/exhomekeke kwisoftware: Hamba 1.12.1, CSI 1.1, CoreDNS 1.3.1, Docker 18.09 inkxaso kwi kubeadm, kwaye ubuncinci obuxhaswayo iDocker API version ngoku yi-1.26.
PS
Funda nakwibhlog yethu:
- «
I-Kubernetes 1.13: isishwankathelo sezinto ezintsha ezintsha "; - «
I-Kubernetes 1.12: isishwankathelo sezinto ezintsha ezintsha "; - «
I-Kubernetes 1.11: isishwankathelo sezinto ezintsha ezintsha "; - «
I-Kubernetes 1.10: isishwankathelo sezinto ezintsha ezintsha ».
umthombo: www.habr.com