Itekhnoloji yetekhnoloji ye-ecosystem iyavela ngokukhawuleza kwaye iyatshintsha, ngoko ke kukho ukunqongophala kweendlela ezilungileyo zokusebenza kule ndawo. Nangona kunjalo, i-Kubernetes kunye nezikhongozeli zisetyenziswa ngokwandayo, zombini ukuhlaziya usetyenziso lwelifa kunye nokuphuhlisa usetyenziso lwamafu lwangoku.
Iqela uqikelelo oluqokelelweyo, iingcebiso kunye nezenzo ezilungileyo kwiinkokeli zentengiso ezivela eGartner, 451 Research, StacxRoΡ
kunye nabanye. Ziya kwenza kwaye zikhawulezise ukuthunyelwa kwezikhongozeli kwiindawo zemveliso.
Ungazi njani ukuba iNkampani yakho ikulungele ukuFaka imigqomo kwindawo yeMveliso
, ngo-2022, ngaphezu kwe-75% yemibutho iya kusebenzisa izicelo ezifakwe kwi-container kwimveliso. Oku kungaphezulu kakhulu kunangoku, xa ngaphantsi kwe-30% yeenkampani ezisebenzisa izicelo ezinjalo.
Ngokutsho Imakethi eqikelelweyo yezicelo zetekhnoloji yeekhonteyina ngo-2022 iya kuba yi-4,3 yezigidigidi zeedola.
Π I-87% yabaphenduli bathi ngoku basebenzisa iitekhnoloji zeekhonteyina. Ukuthelekisa, kwi-2017 kwakukho i-55% yabaphenduli abanjalo.
Ngaphandle komdla okhulayo kunye nokwamkelwa kwezikhongozeli, ukuzifaka kwimveliso kufuna ijiko lokufunda ngenxa yokungakhuli kwetekhnoloji kunye nokunqongophala kolwazi. Imibutho kufuneka ibe nenyani malunga neenkqubo zoshishino ezifuna ukufakwa kwesicelo. Iinkokeli ze-IT kufuneka zivavanye ukuba banaso na isakhono esisekwe ukuqhubela phambili nesidingo sokufunda ngokukhawuleza.
Sicinga ukuba le mibuzo ekulo mfanekiso ungezantsi iya kukunceda ubone ukuba ukulungele na ukuthumela izitya kwimveliso:
Iimpazamo eziqhelekileyo xa usebenzisa izitya kwimveliso
Imibutho idla ngokuyijongela phantsi inzame efunekayo yokusebenzisa izikhongozeli kwimveliso. Ezinye iimpazamo eziqhelekileyo kwiimeko zabathengi xa usebenzisa izikhongozeli kwindawo yemveliso:
Uzigcina njani izikhongozeli zikhuselekile
Ukhuseleko alunakwenziwa βkamvaβ. Kufuneka yakhelwe kwinkqubo ye-DevOps, yiyo loo nto kukho negama elikhethekileyo-i-DevSecOps. Imibutho kufuneka icwangcise kuwo wonke umjikelo wophuhliso wobomi, oquka inkqubo yokwakha nophuhliso, ukusasazwa nokuqaliswa kwesicelo.
:
- Hlanganisa inkqubo yokuskena imifanekiso yesicelo sobuthathaka kumbhobho wakho wokudibanisa/unikezelo oluqhubekayo (CI/CD). Usetyenziso luyaskenwa kulwakhiwo lwesoftware kunye nenqanaba lokuphehlelelwa. Gxininisa imfuno yokuskena kunye nokuchonga amacandelo emithombo evulekileyo, amathala eencwadi kunye nesikhokelo. Abaphuhlisi abasebenzisa iinguqulelo ezindala, ezisesichengeni ngomnye wezona zizathu ziphambili zobuthathaka besikhongozeli.
- Phucula uqwalaselo lwakho ngeZiko lovavanyo loKhuseleko lwe-Intanethi (), ezifumanekayo kuzo zombini iDocker kunye neKubernetes.
- Qinisekisa ukunyanzelisa ulawulo lokufikelela, uqinisekise ukwahlulwa kwemisebenzi, kwaye uphumeze umgaqo-nkqubo wolawulo lweemfihlo. Ulwazi olunobuzaza, olufana nezitshixo eziKhuselekileyo zoMaleko (SSL) okanye iinkcukacha zesiseko sedata, ziguqulelwa ngokuntsonkothileyo yiorchestrator okanye iinkonzo zolawulo lomntu wesithathu kwaye ziyavezwa ngexesha lokusebenza.
- Ziphephe izikhongozeli eziphakamileyo ngokulawula imigaqo-nkqubo yokhuseleko ukunciphisa imingcipheko enokwenzeka yokwaphulwa.
- Sebenzisa izixhobo zokhuseleko ezibonelela ngoluhlu olumhlophe, ukujonga indlela yokuziphatha, kunye nobhaqo olungaqhelekanga ukunqanda umsebenzi ongalunganga.
:
- Sebenzisa amandla okwakhelwe ngaphakathi kweKubernetes. Misela ukufikelela kubasebenzisi usebenzisa iindima. Qinisekisa ukuba awuziniki iimvume ezingeyomfuneko kumaqumrhu ngamanye, nangona kungathatha ixesha ukucinga ngobuncinane beemvume ezifunekayo. Kusenokuhenda ukunika umlawuli weqela amalungelo abanzi njengoko oku konga ixesha ekuqaleni. Nangona kunjalo, nayiphi na i-compromise okanye iimpazamo kwi-akhawunti inokukhokelela kwimiphumo emibi kamva.
- Ziphephe iimvume zofikelelo eziphindiweyo. Ngamanye amaxesha kunokuba luncedo ukuba neendima ezahlukeneyo eziyeleleneyo, kodwa oku kunokukhokelela kwimiba yokusebenza kunye nokudala iindawo ezingaboniyo xa ususa iimvume. Kwakhona kubalulekile ukususa iindima ezingasetyenziswanga nezingasebenziyo.
- Cwangcisa imigaqo-nkqubo yenethiwekhi: khetha iimodyuli zokunqanda ukufikelela kuzo; vumela ngokucacileyo ufikelelo lwe-Intanethi kwezo modyuli ziyifunayo usebenzisa iithegi; Vumela ngokucacileyo unxibelelwano phakathi kwezo modyuli zifuna ukunxibelelana enye kwenye.
ΠΠ°ΠΊ ΠΎΡΠ³Π°Π½ΠΈΠ·ΠΎΠ²Π°ΡΡ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³ ΠΊΠΎΠ½ΡΠ΅ΠΉΠ½Π΅ΡΠΎΠ² ΠΈ ΡΠ΅ΡΠ²ΠΈΡΠΎΠ² Π² Π½ΠΈΡ
Ukhuseleko kunye nokuBeka iliso - xa kuthunyelwa amaqela eKubernetes. Abaphuhlisi bahlala begxininise ngakumbi kwiimpawu zezicelo abaziphuhlisayo kunemiba .
:
- Zama ukubeka esweni imeko yezikhongozeli okanye iinkonzo ezikuzo ngokubambisana neenkqubo zokubeka iliso zokusingatha.
- Jonga abathengisi kunye nezixhobo ngokudityaniswa okunzulu kwiokhestra yesikhongozeli, ngakumbi iKubernetes.
- Khetha izixhobo ezibonelela ngokungena ngeenkcukacha, ukufunyanwa kwenkonzo ngokuzenzekelayo, kunye neengcebiso ngexesha lokwenyani usebenzisa uhlalutyo kunye/okanye ukufunda ngomatshini.
:
- Sebenzisa izixhobo ukuze ufumane kwaye ulandelele ngokuzenzekelayo iimetriki zesikhongozeli, iimetriki ezinxibelelanisayo ezinje nge-CPU, inkumbulo, kunye nexesha lokuphumla.
- Qinisekisa ukucwangciswa kwezakhono ngokuqikelela imihla yokuncipha kwamandla ngokusekwe kwiimetrics zokubeka iliso kwiikhonteyina.
- Ukubeka iliso kwizicelo eziqulathiweyo zokufumaneka kunye nokusebenza, ziluncedo kuzo zombini isicwangciso somthamo kunye nemiba yokusebenza yokusombulula ingxaki.
- Ukuziqhelanisa nokuhamba komsebenzi ngokubonelela ngenkxaso yolawulo kunye nokulinganisa kwizikhongozeli kunye neendawo zazo zokubamba.
- Ukulawula ukufikelela ngokuzenzekelayo ukujonga isiseko sakho somsebenzisi, ukuvala iiakhawunti eziphelelwe lixesha kunye neendwendwe, kwaye ususe amalungelo angeyomfuneko.
- Qinisekisa ukuba isixhobo sakho sesixhobo sinokubeka iliso ezi zikhongozeli kunye nosetyenziso kwiindawo ezininzi (ilifu, kwindawo, okanye i-hybrid) ukujonga kunye nokusebenza kwebhentshi kwiziseko zophuhliso, inethiwekhi, iinkqubo, kunye nezicelo.
Indlela yokugcina idatha kunye nokuqinisekisa ukhuseleko lwayo
Ngokunyuka kwezikhongozeli zabasebenzi ezisemthethweni, abathengi kufuneka baqwalasele ubukho bedatha ngaphandle komsingathi kunye nesidingo sokukhusela loo datha.
Ngokutsho , ukhuseleko lwedatha luphakamisa uluhlu lweenkxalabo zokhuseleko ezichazwe luninzi lwabaphenduli (61%).
Ufihlo lwedatha sesona sicwangciso siphambili sokhuseleko (64%), kodwa abaphendulayo nabo basebenzisa ixesha lokubeka iliso
(49%), iirejistri zokuskena ngobuthathaka (49%), ukuskena ubuthathaka kwimibhobho ye-CI/CD (49%), kunye nokuthintela okungaqhelekanga ngokhuseleko lwexesha lokusebenza (48%).
:
- Khetha izisombululo zokugcina ezakhiwe kwimigaqo . Kungcono ukugxila kulabo abahlangabezana neemfuno zokugcinwa kwedatha kwiinkonzo zekhonteyina, i-hardware ezimeleyo, i-API iqhutywa, i-architecture esasazwayo, inkxaso yokuthunyelwa kwendawo kunye nokuthunyelwa kwifu likawonkewonke.
- Ziphephe iiplagi ezizezinye kunye nojongano. Khetha abathengisi ababonelela ngokudityaniswa kwe-Kubernetes kunye nenkxaso yojongano olusemgangathweni olufana ne-CSI (IiNdawo zokuGcinwa kweSikhongozeli).
Indlela yokusebenza kunye neenethiwekhi
Imodeli yothungelwano lweshishini lemveli, apho amaqela e-IT enza uphuhliso lwenethiwekhi, uvavanyo, ukuqinisekiswa komgangatho, kunye nemeko yemveliso yeprojekthi nganye, ayisoloko ihambelana kakuhle nophuhliso oluqhubekayo. Ukongeza, iinethiwekhi zeekhonteyina zithatha iileya ezininzi.
Π imithetho ekumgangatho ophezulu ekufuneka ukuphunyezwa kwesisombululo se-cluster-network ihambelane nayo:
- Iipods ezicwangcisiweyo kwindawo enye kufuneka zikwazi ukunxibelelana nezinye iipod ngaphandle kokusebenzisa i-NAT (I-Network Address Translation).
- Zonke iidaemoni zesixokelelwano (iinkqubo zangasemva ezinje nge-kubelet) esebenza kwindawo ethile inokunxibelelana neepods ezisebenza kwindawo enye.
- Iipods usebenzisa kufuneka ikwazi ukunxibelelana nazo zonke ezinye ii-pods kuzo zonke ezinye iindawo ngaphandle kokusebenzisa i-NAT. Nceda uqaphele ukuba uthungelwano lomamkeli uxhaswa kuphela kwiinginginya ze-Linux.
Izisombululo zenethiwekhi kufuneka zidityaniswe ngokuqinileyo kunye ne-Kubernetes primitives kunye nemigaqo-nkqubo. Iinkokeli ze-IT kufuneka zizabalazele iqondo eliphezulu le-automation yenethiwekhi kunye nokubonelela abaphuhlisi ngezixhobo ezifanelekileyo kunye nokuguquguquka okwaneleyo.
:
- Fumana ukuba i-CaaS yakho (isikhongozeli njengenkonzo) okanye i-SDN yakho (i-Software Defined Network) ixhasa uthungelwano lwe-Kubernetes. Ukuba akunjalo okanye inkxaso ayanelanga, sebenzisa i-CNI (Isikhongozelo soMnatha wonxibelelwano) ujongano lomsebenzi wothungelwano kwizikhongozeli zakho, ezixhasa usetyenziso oluyimfuneko kunye nemigaqo-nkqubo.
- Qinisekisa ukuba i-CaaS okanye i-PaaS yakho (iqonga njengenkonzo) isekela ukudalwa kwabalawuli be-ingress kunye / okanye abalinganisi bomthwalo abahambisa i-traffic engenayo phakathi kwee-cluster nodes. Ukuba oku ayisiyiyo inketho, hlola usebenzisa i-third party proxies okanye i-meshes zenkonzo.
- Qeqesha iinjineli zakho zenethiwekhi kuthungelwano lweLinux kunye nezixhobo ezizisebenzelayo zenethiwekhi ukunciphisa umsantsa wezakhono kunye nokwandisa i-agility.
Uwulawula njani umjikelo wobomi besicelo
Ukunikezelwa kwesicelo esizenzekelayo kunye nesingenamthungo, kufuneka uncedise i-orchestration yesikhongozeli kunye nezinye izixhobo ezizenzekelayo, ezifana neziseko ezifana nekhowudi (IaC) iimveliso. Ezi ziquka iChef, i-Puppet, i-Ansible kunye ne-Terraform.
Izixhobo ezizenzekelayo zokwakha kunye nokukhutshwa kwezicelo nazo ziyafuneka (bona ""). Izikhongozeli zikwabonelela ngesakhono sokwandiswa okufanayo nezo zikhoyo xa kuthunyelwa oomatshini bokwenene (VMs). Ke ngoko, iinkokeli ze-IT kufuneka zibe nazo .
:
- Cwangcisa imigangatho yemifanekiso yesikhongozeli esisiseko esekwe kubungakanani, ilayisensi, kunye nokuguquguquka kubaphuhlisi ukongeza amacandelo.
- Sebenzisa iisistim zolawulo loqwalaselo ukulawula umjikelo wobomi bezikhongozeli ezinobumbeko bomaleko ngokusekelwe kwimifanekiso esisiseko ebekwe kwiindawo zokugcina zikawonke-wonke okanye zabucala.
- Hlanganisa iqonga lakho leCaaS kunye nezixhobo ezizenzekelayo ukuze wenze ngokuzenzekelayo ukuhamba komsebenzi wakho wesicelo.
Uzilawula njani izikhongozeli ezineokhestra
Umsebenzi ongundoqo wokusasaza izikhongozeli unikiwe kwi-orchestration kunye namaleya okucwangcisa. Ngexesha lokucwangciswa, izikhongozeli zibekwe kweyona mikhosi ilungileyo kwiqela, njengoko kuchaziwe kwiimfuno zomaleko we-okhestration.
I-Kubernetes ibe ngumgangatho we-orchestration yesikhongozeli se-de facto kunye noluntu olusebenzayo kwaye ixhaswa ngabathengisi abaninzi abakhokelayo.
:
- Chaza iimfuno ezisisiseko zolawulo lokhuseleko, ukubeka esweni, ulawulo lomgaqo-nkqubo, ukuzingisa kwedatha, uthungelwano kunye nolawulo lwemijikelo yobomi.
- Ngokusekwe kwezi mfuno, khetha isixhobo esifanelana neemfuno zakho kunye namatyala okusebenzisa.
- Sebenzisa uphando lukaGartner (bona "") ukuqonda okulungileyo kunye nokungalunganga kweemodeli ezahlukeneyo zokusasazwa kwe-Kubernetes kwaye ukhethe eyona ilungileyo kwisicelo sakho.
- Khetha umboneleli onokubonelela nge-ochestration ye-hybrid yezikhongozelo zomsebenzi kwiindawo ezininzi ezingqongileyo kunye nokuhlanganiswa kwe-backend eqinile, izicwangciso zokulawula eziqhelekileyo, kunye neemodeli zamaxabiso angaguqukiyo.
Indlela yokusebenzisa amandla ababoneleli belifu
loo mdla wokuhambisa izitya kwifu likawonkewonke i-IaaS ikhula ngenxa yokufumaneka kweminikelo ye-CaaS esele yenziwe, kunye nokuhlanganiswa okuqinileyo kwezi zibonelelo kunye nezinye iimveliso ezinikezelwa ngababoneleli bamafu.
Amafu e-IaaS anikezela ngokusetyenziswa kwezixhobo ezifunwayo, ukukhawuleza kunye nokukhawuleza , eya kunceda ukuphepha imfuno yolwazi olunzulu lweziseko zophuhliso kunye nokugcinwa kwayo. Uninzi lwababoneleli bamafu banikezela ngenkonzo yolawulo lwesikhongozeli, kwaye abanye banikezela ngeendlela ezininzi zokukhetha i-orchestration.
Ababoneleli ngenkonzo abalawulwa ngamafu babonisiwe kwitheyibhile:
Cloud umboneleli
Uhlobo lwenkonzo
Imveliso/inkonzo
Alibaba
Inkonzo yamafu eNative
Inkonzo ye-Alibaba Cloud Container, i-Alibaba Cloud Container Service ye-Kubernetes
IiNkonzo zeWebhu zeWebhu (AWS)
Inkonzo yamafu eNative
Iinkonzo ze-Amazon Elastic Container (ECS), i-Amazon ECS ye-Kubernetes (EKS), i-AWS Fargate
Igquba elikhulu
MSP
I-Swarm enkulu eLawula i-Kubernetes Infrastructure
Uphando
Inkonzo yamafu eNative
Injini yesiqulathi sikaGoogle (GKE)
IBM
Inkonzo yamafu eNative
Inkonzo ye-IBM Cloud Kubernetes
Microsoft
Inkonzo yamafu eNative
Inkonzo yeAzure Kubernetes, iFabric yeNkonzo yeAzure
Oracle
Inkonzo yamafu eNative
Injini ye-OCI ye-Container ye-Kubernetes
Iplatform9
MSP
iKubernetes elawulwayo
Red Hat
Inkonzo ebanjwe
I-OpenShift inikezelwe kunye ne-Intanethi
VMware
Inkonzo ebanjwe
Cloud PKS (Beta)
Mail.ru Cloud Solutions*
Inkonzo yamafu eNative
Mail.ru Cloud Izikhongozeli
* Asizukuyifihla, songeze apha ngexesha loguqulelo :)
Ababoneleli bamafu oluntu nabo bongeza amandla amatsha kunye nokukhupha iimveliso zangaphakathi. Kwixesha elizayo elingekude, ababoneleli ngamafu baya kuphuhlisa inkxaso yamafu e-hybridi kunye neendawo ezininzi zamafu.
:
- Ukuvavanya ngokufanelekileyo amandla ombutho wakho wokuhambisa nokulawula izixhobo ezifanelekileyo, kwaye uqwalasele ezinye iinkonzo zolawulo lwesikhongozeli selifu.
- Khetha isoftware ngononophelo, sebenzisa umthombo ovulekileyo apho kunokwenzeka.
- Khetha ababoneleli abaneemodeli zokusebenza eziqhelekileyo kwiindawo ezixubeneyo ezibonelela ngefestile enye yolawulo lweglasi yamaqela adibeneyo, kunye nababoneleli abenza kube lula ukuzibamba i-IaaS.
:
- Kufanelekile ukukhangela unikezelo oluxhasa ukufumaneka okuphezulu ngaphandle kwebhokisi. Oku kubandakanya inkxaso yezakhiwo ezininzi eziphambili, izinto ezifumanekayo kakhulu njl njl, kunye ne-backup kunye nokubuyisela.
- Ukuqinisekisa ukuhamba kwindawo yakho ye-Kubernetes, kungcono ukhethe ababoneleli belifu abaxhasa uluhlu olubanzi lweemodeli zokusasazwa, ukusuka kwizakhiwo ukuya kwi-hybrid ukuya kumafu amaninzi.
- Iminikelo yababoneleli nayo kufuneka ivavanywe ngokusekwe ekuhleni ukuseta, ukufakwa, kunye nokudalwa kweqela, kunye nohlaziyo, ukubeka iliso, kunye nokusombulula ingxaki. Imfuneko esisiseko kukuxhasa ngokupheleleyo uhlaziyo lweqela elizenzekelayo kunye nexesha lokuphumla elingu-zero. Isisombululo osikhethayo kufuneka sikuvumele ukuba usebenzise uhlaziyo ngesandla.
- Isazisi kunye nolawulo lofikelelo lubalulekile ukusuka kwimbono yokhuseleko kunye nolawulo. Qinisekisa ukuba ukuhanjiswa kwe-Kubernetes oyikhethayo kuxhasa ukudityaniswa kunye nezixhobo zokuqinisekisa kunye nokugunyazisa ozisebenzisayo ngaphakathi. I-RBAC kunye nolawulo lwe-fine-grained access control nazo zibalulekile iiseti zeempawu.
- Unikezelo olukhethayo kufuneka nokuba lube nesisombululo sothungelwano esichazwe kwisoftware yemveli esigubungela uluhlu olubanzi lwezicelo ezahlukeneyo okanye iimfuno zeziseko zophuhliso, okanye uxhase enye yeenkqubo ezithandwayo zothungelwano ezisekelwe kwi-CNI, kuquka iFlannel, Calico, kube-router, okanye i-OVN.
Ukwaziswa kwezikhongozeli kwimveliso kuba yeyona ndlela iphambili, njengoko kungqinwa ziziphumo zophando olwenziweyo kwiziseko zophuhliso, imisebenzi kunye nezicwangciso zamafu (IOCS) ngoDisemba 2018:
Njengoko ubona, i-27% yabaphenduli sele besebenzisa izitya emsebenzini wabo, kwaye i-63% iceba ukwenza njalo.
Π I-24% yabaphenduli baxela ukuba batyala imali engaphezulu kwesiqingatha sesigidi seedola ngonyaka kubuchwepheshe beekhonteyina, kwaye i-17% yabaphenduli bachitha ngaphezulu kwesigidi seedola ngonyaka kubo.
Inqaku elilungiselelwe liqela leqonga lelifu .
Yintoni enye ekufuneka uyifunde ngesihloko:
- .
- .
- .
umthombo: www.habr.com