Izolo, nge-9 kaDisemba, ukukhutshwa okulandelayo kweKubernetes - 1.17. Ngokwesithethe esiye saphuhliswa kwiblogi yethu, sithetha ngotshintsho olubaluleke kakhulu kwinguqulelo entsha.
Ulwazi olusetyenzisiweyo ukulungisa le mathiriyeli luthatyathwe kwisibhengezo esisemthethweni, , kunye nemiba enxulumeneyo, izicelo zotsalo, kunye ne-Kubernetes Enhancement Proposals (KEP). Ke, yintoni entsha? ..
I-Topology-aware routing
Uluntu lwaseKubernetes lulinde eli nqaku ixesha elide- I-Topology-aware umzila wenkonzo. ukuba iqala ngo-Oktobha 2018, kunye negosa - 2 kwiminyaka eyadlulayo, imiba eqhelekileyo (nje ) - kwaye ngaphezulu kweminyaka embalwa ...
Ingcamango jikelele kukubonelela ngokukwazi ukuphumeza "indawo" yomzila kwiinkonzo ezihlala eKubernetes. "Indawo" kule meko ithetha "inqanaba elifanayo le-topological" (inqanaba le-topology), enokuba:
- indawo efanayo yeenkonzo,
- iseva efanayo yokubeka,
- ingingqi enye
- umboneleli welifu omnye,
- ...
Imizekelo yokusebenzisa olu phawu:
- ukugcinwa kwitrafikhi kufakelo lwamafu kunye neendawo ezininzi zokufumaneka (ezininzi-AZ) - bona. usebenzisa umzekelo wetrafikhi ukusuka kummandla omnye, kodwa ii-AZ ezahlukeneyo kwi-AWS;
- ukubambezeleka okusezantsi kokusebenza/ukugqiba okungcono;
- inkonzo eyabiweyo enolwazi lwendawo malunga ne-node kwi-shard nganye;
- ukubekwa ngokutyibilikayo (okanye ii-analogues) kwindawo enye nezicelo ekuqokelelwa kuzo iilogi;
- ...
Indlela enjalo, "eyazi" malunga ne-topology, ikwabizwa ngokuba yi-network affinity - ngokufanisa , okanye wavela (kunye ). Inqanaba langoku lokuphunyezwa ServiceTopology kwi Kubernetes - inguqulelo yealpha.
Ukufumana iinkcukacha malunga nendlela elisebenza ngayo eli nqaku kunye nendlela onokuthi uyisebenzise ngayo, funda ukusuka komnye wababhali.
IPv4/IPv6 inkxaso yezipaki ezimbini
Inkqubela phambili ebalulekileyo kwenye inkalo yenethiwekhi: inkxaso ngaxeshanye kwizitaki ezimbini ze-IP, ezathi zaziswa kuqala . Ngokukodwa, ukhupho olutsha lweza olu tshintsho lulandelayo:
- kwi-kube-proxy ukuba nokwenzeka kokusebenza ngaxeshanye kuzo zombini iindlela (IPv4 kunye ne-IPv6);
- в
Pod.Status.PodIPsinkxaso ye-API esezantsi (ngaxeshanye njengakwi/etc/hostsngoku bafuna umamkeli afake idilesi ye IPv6); - inkxaso yemfumba emibini (Kubernetes IN Docker) kunye ;
- iimvavanyo ze-e2e ezihlaziyiweyo.
usebenzisa i-IPV4/IPv6 yokupakishwa kabini kwi-KIND
Inkqubela kwi-CSI
Ibhengezwe izinzile kugcino olusekwe kwiCSI, yaqala yaziswa .
Inyathelo le ukufuduka kweeplagi zevolumu kwi-CSI - -ifikelelwe kwinguqulelo ye-beta. Olu phawu lubalulekile ukuze uguqulele iiplagi ezikhoyo zogcino (emthini) kujongano lwangoku (CSI, ngaphandle komthi) ayibonakali kubasebenzisi bokugqibela bakaKubernetes. Abalawuli beQela baya kufuna kuphela ukunika i-CSI Migration, emva koko izibonelelo ezikhoyo ezikhoyo kunye nomthwalo womsebenzi uya kuqhubeka "ukusebenza nje" ... kodwa usebenzisa abaqhubi be-CSI bamva nje endaweni yexesha elidlulileyo elifakwe kwi-core Kubernetes.
Okwangoku, ukufuduka kwabaqhubi be-AWS EBS sele belungile kuguqulelo lwe-beta (kubernetes.io/aws-ebs) kunye neGCE PD (kubernetes.io/gce-pd). Uqikelelo lwezinye iindawo zokugcina zezi zilandelayo:
Sathetha malunga nendlela "yemveli" yokugcina inkxaso kwi-K8s yeza kwi-CSI . Kwaye inguqu ye-CSI yokufudukela kwimo ye-beta inikezelwe kwibhlog yeprojekthi.
Ukongeza, omnye umsebenzi obalulekileyo kumxholo we-CSI, ovela (ukuphunyezwa kwe-alpha) kwi-K1.17s 8, ifikelele kwimo ye-beta (okt yenziwe ngokuzenzekelayo) kwi-Kubernetes 1.12 ukukhululwa - nokuchacha kubo. Phakathi kweenguqu ezenziweyo kwi-Kubernetes Volume Snapshot kwindlela yokukhutshwa kwe-beta:
- ukwahlula iCSI yangaphandle-snapshotter sidecar ibe ngabalawuli ababini,
- imfihlo eyongeziweyo yokucima (imfihlo yokucima) njengesichasiselo kwimixholo yomfanekiso okhawulezayo wevolumu,
- umgqibeli omtsha (umgqibeli) ukuthintela umfanekiso we-API into ekucinyweni ukuba kukho imidibaniso eseleyo.
Ngexesha lokukhululwa kwe-1.17, isici sixhaswa ngabaqhubi abathathu be-CSI: i-GCE Persistent Disk CSI Driver, i-Portworx CSI Driver kunye ne-NetApp Trident CSI Driver. Iinkcukacha ezithe vetshe malunga nokuphunyezwa kwayo kunye nokusetyenziswa inokufumaneka kwi kwiblogi.
Iileyibhile zoMboneleli wamafu
Ileyibheli ezizenzekelayo yabelwe iindawo ezidaliweyo kunye nemiqulu ngokuxhomekeke kumboneleli welifu osetyenzisiweyo, sele ikhona kwi-Kubernetes njengenguqulo ye-beta ixesha elide kakhulu - ukususela ekukhululweni kwe-K8s 1.2 (Epreli 2016!). Ngenxa yokusetyenziswa kwabo ngokubanzi ixesha elide, abaphuhlisi , ukuba lixesha lokubhengeza uphawu oluzinzileyo (GA).
Ke ngoko, zonke zathiywa ngokutsha ngokufanelekileyo (nge-topology):
-
beta.kubernetes.io/instance-type→node.kubernetes.io/instance-type -
failure-domain.beta.kubernetes.io/zone→topology.kubernetes.io/zone -
failure-domain.beta.kubernetes.io/region→topology.kubernetes.io/region
... kodwa zisafumaneka phantsi kwamagama azo amadala (ngokuhambelana ngasemva). Nangona kunjalo, bonke abalawuli bayacetyiswa ukuba batshintshele kwiileyibhile zangoku. Ii-K8s zihlaziyiwe.
Imveliso ecwangcisiweyo ye kubeadm
Zinikiwe kuguqulelo lwealpha okokuqala . Iifomati ezixhaswayo: JSON, YAML, Hamba itemplate.
Inkuthazo yokuphumeza olu phawu (ngoku ) yi:
Ngelixa i-Kubernetes inokubekwa ngesandla, i-de facto (ukuba ayiyiyo i-jure) umgangatho walo msebenzi kukusebenzisa kubeadm. Izixhobo zolawulo lweenkqubo ezidumileyo ezifana neTerraform zixhomekeke kwi-beadm yokuhanjiswa kweKubernetes. Uphuculo olucwangcisiweyo lweCluster API lubandakanya ipakethe edibeneyo ye-Kubernetes bootstrapping nge-kubeadm kunye nefu-init.
Ngaphandle kwemveliso ecwangcisiweyo, nolona tshintsho lungenabungozi ekuqaleni lunokwaphula iTerraform, iCluster API kunye nenye isoftware esebenzisa iziphumo ze kubeadm.
Izicwangciso zethu zangoku zibandakanya inkxaso (ngendlela yemveliso ecwangcisiweyo) kule miyalelo ye-kubeadm ilandelayo:
-
alpha certs -
config images list -
init -
token create -
token list -
upgrade plan -
version
Umzekeliso wempendulo ye-JSON kumyalelo kubeadm init -o json:
{
"node0": "192.168.20.51:443",
"caCrt": "sha256:1f40ff4bd1b854fb4a5cf5d2f38267a5ce5f89e34d34b0f62bf335d74eef91a3",
"token": {
"id": "5ndzuu.ngie1sxkgielfpb1",
"ttl": "23h",
"expires": "2019-05-08T18:58:07Z",
"usages": [
"authentication",
"signing"
],
"description": "The default bootstrap token generated by 'kubeadm init'.",
"extraGroups": [
"system:bootstrappers:kubeadm:default-node-token"
]
},
"raw": "Rm9yIHRoZSBhY3R1YWwgb3V0cHV0IG9mIHRoZSAia3ViZWFkbSBpbml0IiBjb21tYW5kLCBwbGVhc2Ugc2VlIGh0dHBzOi8vZ2lzdC5naXRodWIuY29tL2FrdXR6LzdhNjg2ZGU1N2JmNDMzZjkyZjcxYjZmYjc3ZDRkOWJhI2ZpbGUta3ViZWFkbS1pbml0LW91dHB1dC1sb2c="
}Ukuzinziswa kwezinye izinto ezintsha
Ngokubanzi, ukukhululwa kweKubernetes 1.17 kwenzeka phantsi kwesiqubulo esithi "Uzinzo" Oku kwaququzelelwa yinyaniso yokuba ezininzi iimpawu kuyo (inani labo lilonke li 14) ifumene isimo se-GA. Phakathi kwabo:
- iindawo “zokumakisha” ngokwemiqathango ethile (), yavela ngaphakathi ;
- -udidi olutsha lweziganeko ezineleyibhile ezinokuthi zonke izinto zifikelele kuguqulelo oluthile (
resourceVersion) sele zisenziwa liwotshi; - (ehlala ikho) kwiCustomer Resources;
- kwisithuba senkqubo ye-pod;
-
ScheduleDaemonSetPods- usebenzisa kube-scheduler (endaweni yesilawuli seDaemonSet); - kwinani lemiqulu ngokuxhomekeke kuhlobo lwe-node;
- kuluhlu lwamagama anyuswe njenge
subPath; - kwi-API ye-Lease ekhethekileyo;
- "ukhuseleko lomgqibeli" () kubalinganisi bomthwalo (ukukhangela izibonelelo zeNkonzo ezihambelanayo ngaphambi kokuba kucinywe izibonelelo zeLoadBalancer);
- ekusebenzeni xa usebenza ngeewotshi ezininzi esweni iiseti ezifanayo zezinto - eziphunyeziweyo ngokunqanda ukuphindaphinda uthotho lwezinto ezifanayo kumlindi ngamnye.
Olunye utshintsho
Uluhlu olupheleleyo lwezinto ezintsha kwi-Kubernetes 1.17, ngokuqinisekileyo, alukhawulelwanga kwezo zidweliswe ngasentla. Nazi ezinye (kunye noluhlu olupheleleyo, bona ):
- Uphawu oluboniswe kukhupho lokugqibela lufikelele kwinguqulelo ye-beta ;
- utshintsho olufanayo I-EndpointSlice API (nayo isuka kwi-K8s 1.16), nangona kunjalo ngoku esi sisombululo sokuphucula ukusebenza / ukulinganisa kwe-Endpoint API akwenziwanga ngokungagqibekanga;
- iipod ngoku zibalulekile ekusebenzeni kweqela hayi kwizithuba zamagama kuphela
kube-system(ukufumana iinkcukacha, bona uxwebhu lwe ); - ukhetho olutsha lwe kubelet - - ikuvumela ukuba uchaze ngokucacileyo uluhlu lwee-CPU ezigcinelwe inkqubo;
- kuba
kubectl logsiflegi entsha--prefix, ukongeza igama lepod kunye nesitya somthombo kumgca ngamnye welogi; - в
label.SelectorRequiresExactMatch; - zonke izitya kwi-kube-dns ngamalungelo amancinci;
- yahlulwe kwindawo yokugcina yeGitHub kwaye ayisayi kuphinda ifakwe kukhupho lweKubernetes;
- kakhulu kube-ummeleli wezibuko ezingezizo ze-UDP.
Ukuxhomekeka kutshintsho:
- Inguqulo ye-CoreDNS ebandakanyiweyo kwi-beadm yi-1.6.5;
- inguqulo yecrictl ihlaziywe kwi-v1.16.1;
- CSI 1.2.0;
- njl njl 3.4.3;
- Uhlobo lwamva nje oluvavanyiweyo lweDocker luphuculwe kwi-19.03;
- Ubuncinci benguqulo ye-Go efunekayo ukwakha i-Kubernetes 1.17 yi-1.13.4.
PS
Funda nakwibhlog yethu:
- «";
- «";
- «";
- «».
umthombo: www.habr.com