ProHoster > Ibhulogi > Ulawulo > I-Kubernetes 1.16: isishwankathelo sezinto ezintsha ezintsha

I-Kubernetes 1.16: isishwankathelo sezinto ezintsha ezintsha

I-Kubernetes 1.16: isishwankathelo sezinto ezintsha ezintsha

Namhlanje, ngoLwesithathu, iyakwenzeka ukukhutshwa okulandelayo kweKubernetes - 1.16. Ngokwesithethe esiye saphuhliswa kwiblogi yethu, eli lixesha leshumi leminyaka sithetha ngotshintsho olubalulekileyo kwinguqulelo entsha.

Ulwazi olusetyenzisiweyo ukulungisa le mathiriyeli luthatyathwe I-Kubernetes iitheyibhile zokulandelela umkhondo, UTSHINTSHO-1.16 kunye nemiba enxulumeneyo, izicelo zotsalo, kunye ne-Kubernetes Enhancement Proposals (KEP). Ngoko, masihambe!..

Iimpawu

Inani elikhulu ngokwenene lezinto ezintsha eziphawulekayo (kwimo yoguqulelo lwealpha) ziboniswe kwicala leendibano zeqela le-K8s (Kubelet).

Okokuqala, into ebizwa «izitya ze-ephemeral» (Izikhongozeli ze-Ephemeral), eyenzelwe ukwenza lula iinkqubo zokulungiswa kweepods. Indlela entsha ikuvumela ukuba uqalise izikhongozeli ezikhethekileyo eziqala kwindawo yamagama yeepods ezikhoyo kwaye ziphile ixesha elifutshane. Injongo yabo kukunxibelelana nezinye iipod kunye nezikhongozeli ukuze kuzisombululwe naziphi na iingxaki kunye nolungiso. Umyalelo omtsha uphunyeziwe kolu phawu kubectl debug, iyafana ne kubectl exec: kuphela endaweni yokuqhuba inkqubo kwisikhongozeli (njengaku exec) ikhupha isikhongozeli kwipod. Umzekelo, lo myalelo uya kudibanisa isikhongozeli esitsha kwipod:

kubectl debug -c debug-shell --image=debian target-pod -- bash

Iinkcukacha malunga nezikhongozeli ze-ephemeral (kunye nemizekelo yokusetyenziswa kwazo) inokufumaneka kwi ehambelana ne-KEP. Ukuphunyezwa kwangoku (kwi-K8s 1.16) yinguqulelo ye-alpha, kwaye phakathi kweekhrayitheriya zokudluliselwa kwayo kuguqulelo lwe-beta "kukuvavanya i-Ephemeral Containers API malunga nokukhutshwa kwe-2 ye- [Kubernetes]."

NB: Kwisiseko sayo kunye negama layo, inqaku lifana neplagin esele ikhona kubectl-debugmalunga nathi sele ibhaliwe. Kulindeleke ukuba ngokufika kwezikhongozeli ze-ephemeral, ukuphuhliswa kweplagin yangaphandle eyahlukileyo kuya kuphela.

Enye into entsha - PodOverhead - yenzelwe ukubonelela indlela yokubala iindleko eziphezulu zeepods, enokwahluka kakhulu ngokuxhomekeke kwixesha elisetyenzisiweyo. Ngokomzekelo, ababhali le KEP iziphumo kwimigqomo yeKata, efuna ukuqhuba ikernel yeendwendwe, iarhente yekata, inkqubo yeinit, njl. Xa i-overhead iba nkulu kakhulu, ayinakungahoywa, oku kuthetha ukuba kufuneka kubekho indlela yokuyithathela ingqalelo kwi-quotas ezongezelelweyo, ukucwangcisa, njl. Ukuyiphumeza kwi PodSpec indawo yongezwa Overhead *ResourceList (uthelekisa nedatha kwi RuntimeClass, ukuba isetyenziswa).

Enye into entsha ephawulekayo umphathi we-node topology (Umphathi we-Node Topology), eyenzelwe ukudibanisa indlela yokulungisa kakuhle ulwabiwo lwezixhobo ze-hardware kumacandelo ahlukeneyo e-Kubernetes. Eli nyathelo liqhutywa yimfuno ekhulayo yeenkqubo ezahlukeneyo zanamhlanje (ukusuka kwintsimi yonxibelelwano, ukufundwa koomatshini, iinkonzo zezemali, njl.njl.) kwi-computing ehambelanayo yokusebenza okuphezulu kunye nokunciphisa ukulibaziseka ekusebenzeni kwemisebenzi, apho basebenzisa i-CPU ephezulu kunye izakhono zokukhawulezisa izixhobo zehardware. Ukulungiswa okunjalo kwi-Kubernetes ukuza kuthi ga ngoku kuye kwaphunyezwa ngenxa yamacandelo ahlukeneyo (umphathi we-CPU, umphathi weSixhobo, i-CNI), kwaye ngoku baya kongezwa ujongano olulodwa lwangaphakathi oludibanisa indlela kunye nokwenza lula ukudityaniswa kwezinto ezifanayo - ezibizwa ngokuba yi-topology- uyazi - amacandelo kwicala Kubelet. Iinkcukacha - ngaphakathi ehambelana ne-KEP.

I-Kubernetes 1.16: isishwankathelo sezinto ezintsha ezintsha
ISazobe seCandelo loMphathi we-Topology

Uphawu olulandelayo - ukujonga izikhongozeli ngelixa zibaleka (inkqubo yokuqalisa). Njengoko usazi, kwizikhongozeli ezithatha ixesha elide ukumiliselwa, kunzima ukufumana imeko esexesheni: mhlawumbi “ziyabulawa” ngaphambi kokuba ziqale ukusebenza, okanye ziphele zingasebenzi ixesha elide. Itshekhi entsha (yenziwe ngesango elibonakalayo elibizwa StartupProbeEnabled) iyacima - okanye kunoko, iyalibazisa - isiphumo sayo nayiphi na enye ikhangeli kude kube ngumzuzu ogqityiweyo wokusebenza. Ngenxa yesi sizathu, eli nqaku lalibizwa kuqala i-pod-startup liveness-probe holdoff. Kwiipods ezithatha ixesha elide ukuqala, ungavotela urhulumente ngexesha elifutshane.

Ukongeza, uphuculo lwe-RuntimeClass lufumaneka ngoko nangoko kwimeko ye-beta, yongeza inkxaso "yee-heterogeneous clusters". C Ukucwangciswa kweKlasi yeRuntime Ngoku akuyomfuneko kwaphela ukuba i-node nganye ibe nenkxaso kwi-RuntimeClass nganye: kwiipod ungakhetha i-RuntimeClass ngaphandle kokucinga malunga ne-cluster topology. Ngaphambili, ukufezekisa oku - ukwenzela ukuba iipods ziphele kwii-nodes kunye nenkxaso yazo zonke izinto ezifunekayo - kwakuyimfuneko ukunika imithetho efanelekileyo kwiNodeSelector kunye nokunyamezela. IN ICAP Ithetha ngemizekelo yokusetyenziswa kwaye, ngokuqinisekileyo, iinkcukacha zokuphunyezwa.

Inethiwekhi

Iimpawu ezimbini ezibalulekileyo zenethiwekhi ezivele okokuqala (kwinguqulelo ye-alpha) kwi-Kubernetes 1.16 zezi:

  • inkxaso inethiwekhi yestakhi ephindwe kabini-IPv4/IPv6 - kunye "nokuqonda" kwayo okuhambelanayo kwinqanaba leepods, ii-nodes, iinkonzo. Iquka i-IPv4-to-IPv4 kunye ne-IPv6-ukuya-IPv6 ukusebenzisana phakathi kwee-pods, ukusuka kwii-pods ukuya kwiinkonzo zangaphandle, ukuphunyezwa kwereferensi (ngaphakathi kweBridge CNI, i-PTP CNI kunye ne-Host-Local IPAM plugins), kunye nokubuyisela umva Iyahambelana ne-Kubernetes amaqela asebenzayo. IPv4 okanye IPv6 kuphela. Iinkcukacha zokuphunyezwa zingaphakathi ICAP.

    Umzekelo wokubonisa iidilesi ze-IP zeentlobo ezimbini (IPv4 kunye ne-IPv6) kuluhlu lwee-pods:

    kube-master# kubectl get pods -o wide
NAME               READY     STATUS    RESTARTS   AGE       IP                          NODE
nginx-controller   1/1       Running   0          20m       fd00:db8:1::2,192.168.1.3   kube-minion-1
kube-master#

  • I-API entsha ye-Endpoint - EndpointSlice API. Isombulula imiba yokusebenza / ye-scalability ye-Endpoint API ekhoyo echaphazela amacandelo ahlukeneyo kwi-control-plane (i-apiserver, etcd, i-endpoints-controller, i-kube-proxy). I-API entsha iya kongezwa kwiqela le-Discovery API kwaye iya kukwazi ukukhonza amashumi amawaka e-backend endpoints kwinkonzo nganye kwiqela elibandakanya amawaka eendawo. Ukwenza oku, iNkonzo nganye iboniswe kwizinto ezi-N EndpointSlice, nganye apho ngokungagqibekanga ayinayo isiphelo esingaphezu kwe-100 (ixabiso liyalungiseka). I-EndpointSlice API iya kubonelela ngamathuba ophuhliso lwayo lwexesha elizayo: inkxaso yeedilesi ezininzi ze-IP kwi-pod nganye, amazwe amatsha okuphela (kungekhona kuphela). Ready и NotReady), useto olusezantsi oluguqukayo lweendawo zokuphela.

Le inikezelwe kukhupho lokugqibela ifikelele kwinguqulelo ye-beta umgqibeli, igama service.kubernetes.io/load-balancer-cleanup kwaye iqhotyoshelwe kwinkonzo nganye enohlobo LoadBalancer. Ngexesha lokucima inkonzo enjalo, kuthintela ukucinywa kwangempela kwesixhobo kude kube "ukucocwa" kwazo zonke izibonelelo ezifanelekileyo zokulinganisa kugqityiwe.

API oomatshini

Elona "lona nqanaba lokuzinzisa" likummandla we-Kubernetes API iseva kunye nokusebenzisana nayo. Oku kwenzeka ubukhulu becala ngenxa ukutshintshela kwisimo esizinzileyo abo bangayifuniyo intshayelelo eyodwa CustomResourceDefinitions (CRD), eziye zinesimo se-beta ukususela kwiintsuku ezikude ze-Kubernetes 1.7 (kwaye oku ngoJuni 2017!). Uzinziso olufanayo lweza kwiimpawu ezinxulumeneyo:

  • "imithombo engaphantsi" kunye /status и /scale yeCustomResources;
  • inguqu iinguqulelo zeCRD, ezisekwe kwiwebhook yangaphandle;
  • kutsha nje (kwi-K8s 1.15) amaxabiso angagqibekanga (ehlala ikho) kunye nokususwa kwentsimi okuzenzekelayo (ukuthena) yeCustomResources;
  • ithuba usebenzisa i-OpenAPI v3 schema ukwenza kunye nokupapasha amaxwebhu e-OpenAPI asetyenziselwa ukungqinisisa izixhobo zeCRD kwicala lomncedisi.

Enye indlela esele iqhelekile kubalawuli beKubernetes: ukwamkelwa webhook -kwaye yahlala ikwimo ye-beta ixesha elide (ukususela kwi-K8s 1.9) kwaye ngoku ibhengezwe njengezinzile.

Ezinye izinto ezimbini zifikelele kwi-beta: sebenzisa icala lomncedisi и jonga iibhukhimakhi.

Kwaye eyona nto ibalulekileyo kuguqulelo lwe alpha yaba ukuhluleka ukusuka SelfLink — i-URI ekhethekileyo emele into echaziweyo nokuba yinxalenye yayo ObjectMeta и ListMeta (okt inxalenye yayo nayiphi na into eKubernetes). Kutheni beyishiya nje? Inkuthazo ngendlela elula izandi njengokungabikho kwezizathu zokwenyani (ezothusayo) zokuba lo mmandla ubekho. Izizathu ezininzi ezisesikweni kukwandisa ukusebenza (ngokususa intsimi engeyomfuneko) kunye nokwenza lula umsebenzi we-generic-apiserver, enyanzeliswa ukuba iphathe intsimi ngendlela ekhethekileyo (le yintsimi kuphela ebekwe ekunene phambi kwento. ilandelelwe). Ukuphelelwa yinyani (ngaphakathi kwe-beta) SelfLink kuya kwenzeka nge Kubernetes version 1.20, kwaye yokugqibela - 1.21.

Ukugcinwa kwedatha

Owona msebenzi uphambili kwindawo yokugcina, njengoko kukhutshiweyo kwangaphambili, ubonwa kwindawo Inkxaso yeCSI. Olona tshintsho luphambili lwalululo:

  • okokuqala (kwinguqulelo yealpha) yavela Inkxaso yeplagin yeCSI yeenodi zabasebenzi beWindows: indlela yangoku yokusebenza ngogcino iya kuthatha indawo yeeplagi ezingaphakathi emthini kwi-Kubernetes core kunye neeplagi ze-FlexVolume ezivela kwi-Microsoft ezisekwe kwi-Powershell;

    I-Kubernetes 1.16: isishwankathelo sezinto ezintsha ezintsha
    Inkqubo yokuphumeza iiplagi zeCSI kwiKubernetes yeeWindows

  • ithuba uhlengahlengiso lwemithamo yeCSI, yaziswa emva kwi-K8s 1.12, ikhule yaba yinguqulelo ye-beta;
  • "Ukunyuswa" okufanayo (ukusuka kwi-alpha ukuya kwi-beta) kwaphunyezwa ngokukwazi ukusebenzisa i-CSI ukwenza imiqulu ye-ephemeral yendawo (Inkxaso yeVolumu ye-CSI engaphakathi).

Yaziswa kwinguqulelo yangaphambili ye-Kubernetes umsebenzi wokuhlanganisa umthamo (usebenzisa iPVC ekhoyo njenge DataSource ukwenza iPVC entsha) nayo ngoku ifumene imo ye-beta.

Umcwangcisi

Iinguqu ezimbini eziphawulekayo kucwangciso (zombini kwi-alpha):

  • EvenPodsSpreading - ithuba sebenzisa ii-pods endaweni yeeyunithi zesicelo esinengqiqo "unikezelo olufanelekileyo" lwemithwalo (njenge-Deployment kunye ne-ReplicaSet) kunye nokulungelelanisa oku kuhanjiswa (njengemfuno enzima okanye njengemeko ethambileyo, oko kukuthi kuqala). Uphawu luya kwandisa amandla osasazo akhoyo eepods ezicwangcisiweyo, okwangoku zilinganiselwe ngokhetho PodAffinity и PodAntiAffinity, ukunika abalawuli ulawulo olusulungekileyo kulo mba, nto leyo ethetha ukufumaneka okuphezulu okuphezulu kunye nokusetyenziswa kakuhle kwezibonelelo. Iinkcukacha - ngaphakathi ICAP.
  • Sebenzisa Ipolisi yeBestFit в CeliweToCapacityRatio Umsebenzi oPhambili ngexesha lokucwangcisa i-pod, eya kuvumela faka isicelo ukupakishwa komgqomo ("ukupakisha kwizikhongozeli") kuzo zombini izibonelelo ezisisiseko (iprosesa, imemori) kunye nezandisiweyo (njengeGPU). Ukuze ufumane iinkcukacha ezithe vetshe, bona ICAP.

    I-Kubernetes 1.16: isishwankathelo sezinto ezintsha ezintsha
    Ukucwangcisa iipod: phambi kokusebenzisa eyona nkqubo ifanelekileyo (ngokuthe ngqo usebenzisa umcwangcisi ongagqibekanga) kunye nokusetyenziswa kwayo (ngokwenza umcwangcisi)

Ukongeza, imelwe ngu ukukwazi ukwenza iiplagi zakho zomcwangcisi ngaphandle komthi omkhulu wophuhliso weKubernetes (ngaphandle komthi).

Olunye utshintsho

Kwakhona kwi-Kubernetes 1.16 ukukhutshwa unokuqaphela inyathelo le ukuzisa iimetrics ezifumanekayo ngolandelelwano olupheleleyo, okanye ngokuchanekileyo, ngokungqinelana ne imimiselo esemthethweni ukuya kwisixhobo se-K8s. Ubukhulu becala baxhomekeke kuhambelanayo Uxwebhu lwePrometheus. Ukungahambelani kuye kwavela ngenxa yezizathu ezahlukeneyo (umzekelo, ezinye iimetriki zenziwe nje ngaphambi kokuba kuvele imiyalelo yangoku), kwaye abaphuhlisi bagqiba kwelokuba yayilixesha lokuzisa yonke into kumgangatho omnye, "ngokuhambelana nayo yonke iPrometheus ecosystem." Ukuphunyezwa kwangoku kweli nyathelo kukwimo ye-alpha, eya kukhuthazwa ngokuqhubekayo kwiinguqulelo ezilandelayo ze-Kubernetes kwi-beta (1.17) kunye ne-stable (1.18).

Ukongeza, olu tshintsho lulandelayo lunokuqatshelwa:

  • Uphuhliso lwenkxaso yeWindows с inkangeleko Kubeadm eziluncedo kule OS (uguqulelo lwealpha), ithuba RunAsUserName kwizikhongozeli zeWindows (uguqulelo lwealpha), ukuphuculwa Iakhawunti yeNkonzo eLawulwayo yeQela (gMSA) inkxaso ukuya kuguqulelo lwebeta, inkxaso nyusa/ncamathela kwimiqulu yevSphere.
  • Recycled indlela yoxinzelelo lwedatha kwiimpendulo ze-API. Ngaphambili, i-HTTP filter yayisetyenziselwa ezi njongo, ebeke inani lezithintelo ezithintela ukuba zenziwe ngokuzenzakalelayo. "Ukunyanzeliswa kwesicelo esicacileyo" ngoku kuyasebenza: abathengi bayathumela Accept-Encoding: gzip kwiheda, bafumana impendulo ecinezelweyo ye-GZIP ukuba ubungakanani bayo bungaphezulu kwe-128 KB. Hamba abathengi baxhasa ngokuzenzekelayo ukunyanzeliswa (ukuthumela i-header efunekayo), ngoko baya kuqaphela ngokukhawuleza ukunciphisa i-traffic. (Kusenokufuneka uhlengahlengiso oluncinane kwezinye iilwimi.)
  • Kuye kwenzeka ukulinganisa i-HPA ukusuka / ukuya kwi-zero pods ngokusekelwe kwiimetriki zangaphandle. Ukuba ulinganisa ngokusekelwe kwizinto / iimethrikhi zangaphandle, ngoko xa umthwalo womsebenzi ungenzi nto unokukala ngokuzenzekelayo kwi-0 replicas ukugcina izibonelelo. Eli nqaku kufuneka libe luncedo ngakumbi kwiimeko apho abasebenzi bacela izixhobo ze-GPU, kwaye inani leentlobo ezahlukeneyo zabasebenzi abangasebenziyo lingaphezulu kwenani le-GPUs ezikhoyo.
  • Umxhasi omtsha - k8s.io/client-go/metadata.Client — ukwenzela ufikelelo “lolwazelelekileyo” kwizinto. Yenzelwe ukufumana ngokulula imetadata (okt icandelwana metadata) ukusuka kwizixhobo zeqela kunye nokwenza imisebenzi yokuqokelelwa kwenkunkuma kunye nezabelo kunye nabo.
  • Yakha iKubernetes ngoku ungakwazi ngaphandle kwelifa ("eyakhelwe ngaphakathi" emthini) ababoneleli belifu (uguqulelo lwe-alpha).
  • Kwi-beadm eluncedo yongezwa umfuniselo (uguqulelo lwealpha) ukukwazi ukusebenzisa iipetshi ezilungeleyo ngexesha lokusebenza init, join и upgrade. Funda ngakumbi malunga nendlela yokusebenzisa iflegi --experimental-kustomize, bona kwi ICAP.
  • Isiphelo esitsha se-apiserver - readyz, - ikuvumela ukuba uthumele ngaphandle ulwazi malunga nokulungela kwayo. Iseva ye-API nayo ngoku ineflegi --maximum-startup-sequence-duration, ikuvumela ukuba ulawule ukuqala kwayo kwakhona.
  • Mbini Iimpawu zeAzure ibhengezwe izinzile: inkxaso iindawo zokufumaneka (IiNdawo zokufumaneka) kunye iqela lemithombo yolwazi (RG). Ukongeza, i-Azure yongezelele:
    • inkxaso yoqinisekiso I-AAD kunye ne-ADFS;
    • inkcazo service.beta.kubernetes.io/azure-pip-name ukucacisa i-IP yoluntu yomlinganisi womthwalo;
    • ithuba izicwangciso LoadBalancerName и LoadBalancerResourceGroup.
  • I-AWS ngoku inayo inkxaso ye-EBS kwiWindows kunye ilungiselelwe Iminxeba ye-EC2 API DescribeInstances.
  • UKubeadm ngoku uzimele iyafuduka Uqwalaselo lweCoreDNS xa uphucula inguqulelo yeCoreDNS.
  • Iibhinari njl kumfanekiso weDocker ohambelanayo yenziwe Ihlabathi-ephunyeziweyo, ekuvumela ukuba usebenzise lo mfanekiso ngaphandle kwesidingo samalungelo engcambu. Kwakhona, etcd umfanekiso wokufuduka wayeka etcd2 uguqulelo inkxaso.
  • В Iqela le-Autoscaler 1.16.0 itshintshelwe ekusebenziseni i-distroless njengomfanekiso wesiseko, ukusebenza okuphuculweyo, ukongeza ababoneleli belifu abatsha (DigitalOcean, Magnum, Packet).
  • Uhlaziyo kwisoftware esetyenzisiweyo/exhomekeke: Hamba 1.12.9, etcd 3.3.15, CoreDNS 1.6.2.

PS

Funda nakwibhlog yethu:

umthombo: www.habr.com

Yongeza izimvo