Inyathelo lokuqala lokuthumela kuKubernetes kukubeka isicelo sakho kwisikhongozeli. Kolu ngcelele, siza kujonga ukuba ungawenza njani umfanekiso omncinci, okhuselekileyo wesikhongozeli.
Enkosi kuDocker, ukwenza imifanekiso yesikhongozeli akukaze kube lula. Cacisa umfanekiso osisiseko, yongeza utshintsho lwakho, kwaye wenze isitya.
Ngelixa obu buchule bulungile ekuqaliseni, ukusebenzisa imifanekiso esisiseko engagqibekanga kunokukhokelela kumsebenzi ongakhuselekanga onemifanekiso emikhulu egcwele ubuthathaka.
Ukongeza, uninzi lwemifanekiso kwi-Docker isebenzisa i-Debian okanye Ubuntu kumfanekiso osisiseko, kwaye ngelixa oku kubonelela ngokuhambelana okugqwesileyo kunye nokwenza lula ngokwezifiso (ifayile yeDocker ithatha imigca emibini yekhowudi), imifanekiso esisiseko inokongeza amakhulu eemegabytes zomthwalo owongezelelweyo kwisitya sakho. Umzekelo, ifayile ye-node.js elula yesicelo se-Go "hello-world" imalunga nama-700 eemegabytes, ngelixa esona sicelo sakho sinobukhulu beemegabytes ezimbalwa.
Ke wonke lo msebenzi owongezelelweyo yinkcitho yendawo yedijithali kunye nendawo enkulu yokufihla ubuthathaka bokhuseleko kunye neebhugi. Ngoko ke makhe sijonge iindlela ezimbini zokunciphisa ubungakanani bomfanekiso wesikhongozeli.
Eyokuqala kukusetyenziswa kwemifanekiso encinci yesiseko, okwesibini kukusetyenziswa kwePhatheni yoMakhi. Ukusebenzisa imifanekiso emincinci yesiseko yeyona ndlela ilula yokunciphisa ubungakanani besikhongozeli sakho. Okunokwenzeka, ulwimi okanye istaki osisebenzisayo sibonelela ngomfanekiso wesicelo soqobo esincinci kunomfanekiso omiselweyo. Makhe sijonge kwisikhongozeli sethu se-node.js.
Ngokungagqibekanga kwi-Docker, i-node: ubungakanani besiseko se-8 somfanekiso ngu-670 MB, kunye ne-node: i-8-alpine ubungakanani bomfanekiso ngu-65 MB kuphela, oko kukuthi, amaxesha angama-10 amancinci. Ngokusebenzisa umfanekiso omncinci wesiseko seAlpine, uya kunciphisa kakhulu ubungakanani besitya sakho. IAlpine yindawo encinci kunye nekhaphukhaphu yeLinux esasazwayo edume kakhulu phakathi kwabasebenzisi beDocker kuba iyahambelana nezicelo ezininzi ngelixa igcina izitya ezincinci. Ngokungafaniyo nomfanekiso oqhelekileyo we-Docker "node", "i-node: alpine" isusa iifayile ezininzi zenkonzo kunye neenkqubo, ishiya kuphela ezo zaneleyo ukuqhuba isicelo sakho.
Ukuya kumfanekiso omncinci wesiseko, vele uhlaziye i-Dockerfile ukuze uqale ukusebenza ngomfanekiso omtsha wesiseko:
Ngoku, ngokungafaniyo nomfanekiso omdala we-onbuild, kufuneka ukope ikhowudi yakho kwisikhongozeli kwaye ufake nayiphi na into exhomekeke kuyo. Kwi-Dockerfile entsha, isikhongozeli siqala nge-node: umfanekiso we-alpine, emva koko yenze ulawulo lwekhowudi, ifakela ukuxhomekeka usebenzisa umphathi wephakheji ye-NPM, kwaye ekugqibeleni iqhube i-server.js.
Olu hlaziyo luphumela kwisikhongozeli esiphindwe ka-10 esincinci ngobukhulu. Ukuba ulwimi lwakho lwenkqubo okanye isitaki asinalo isiseko sokunciphisa umfanekiso, sebenzisa iAlpine Linux. Iza kubonelela ngesakhono sokulawula ngokupheleleyo imixholo yesingxobo. Ukusebenzisa imifanekiso emincinci yesiseko yindlela enhle yokudala ngokukhawuleza izitya ezincinci. Kodwa ukuncitshiswa okukhulu kunokufezekiswa kusetyenziswa iPhatheni yoMakhi.
Kwiilwimi ezitolikwayo, ikhowudi yomthombo kuqala igqithiselwa kwitoliki ize isetyenziswe ngokuthe ngqo. Kwiilwimi ezihlanganisiweyo, ikhowudi yomthombo kuqala iguqulwa ibe yikhowudi ehlanganisiweyo. Nangona kunjalo, ukudibanisa kudla ngokusetyenziswa izixhobo ezingafunekiyo ukwenza ikhowudi. Oku kuthetha ukuba ungazisusa ngokupheleleyo ezi zixhobo kwisingxobo sokugqibela. Ungasebenzisa iPatheni yoMakhi kule nto.
Ikhowudi yenziwe kwisitya sokuqala kwaye ihlanganiswe. Ikhowudi ehlanganisiweyo ke ipakishwe kwisikhongozeli sokugqibela ngaphandle kwabaqulunqi kunye nezixhobo ezifunekayo ukuqulunqa loo khowudi. Masiqhube isicelo seGo ngale nkqubo. Okokuqala, siya kusuka kumfanekiso we-onbuild siye kwiAlpine Linux.
KwiDockerfile entsha, isikhongozeli siqala ngegolang:alpine image. Emva koko yenza uluhlu lwekhowudi, ikhuphele kwikhowudi yomthombo, yakha loo khowudi yomthombo, kwaye iqhuba isicelo. Esi sikhongozeli sincinci kunesikhongozeli se-onbuild, kodwa siqulethe umqokeleli kunye nezinye izixhobo zeGo esingazifuniyo ngokwenene. Ke masikhuphe inkqubo ehlanganisiweyo kwaye siyibeke kwisikhongozeli sayo.
Unokuqaphela into engaqhelekanga kule fayile yeDocker: iqulethe imigca emibini UKUSUKA. Icandelo lokuqala lomgca we-4 lijonge ngokufanayo ne-Dockerfile yangaphambili ngaphandle kokuba isebenzisa igama elingundoqo le-AS ukubiza eli nqanaba. Icandelo elilandelayo linomgca omtsha we-FROM ukuqala umfanekiso omtsha, apho endaweni ye-golang: umfanekiso we-alpine siza kusebenzisa i-Raw alpine njengomfanekiso wesiseko.
I-Raw Alpine Linux ayinazo izatifikethi ze-SSL ezifakiweyo, nto leyo eya kubangela ukuba uninzi lweefowuni ze-API ngaphezulu kwe-HTTPS zisilele, ngoko ke masifake ezinye izatifikethi ze-CA zengcambu.
Ngoku kuza indawo eyonwabisayo: ukukopa ikhowudi ehlanganisiweyo ukusuka kwisitya sokuqala ukuya kwesesibini, ungasebenzisa ngokulula i-COPY umyalelo obekwe kumgca we-5 wecandelo lesibini. Iza kukopa kuphela ifayile yesicelo enye kwaye ayiyi kuchaphazela izixhobo eziluncedo zeGo. Ifayile entsha ye-Docker enezigaba ezininzi iya kuba nomfanekiso wesikhongozeli esine-megabytes ezili-12 kuphela ngobukhulu, xa kuthelekiswa nomfanekiso wesikhongozeli sokuqala owawuyi-700 megabytes, umahluko omkhulu!
Ke ukusebenzisa imifanekiso emincinci yesiseko kunye nePatheni yoMakhi ziindlela ezintle zokwenza izikhongozeli ezincinci ngaphandle komsebenzi omninzi.
Kuyenzeka ukuba kuxhomekeke kwisitaki sesicelo, kukho iindlela ezongezelelweyo zokunciphisa umfanekiso kunye nobukhulu besikhongozeli, kodwa ngaba iziqulathi ezincinci zinenzuzo enokulinganiswa? Makhe sijonge kwiindawo ezimbini apho izikhongozeli ezincinci zisebenza ngokugqithisileyo - ukusebenza kunye nokhuseleko.
Ukuvavanya ukunyuka komsebenzi, qwalasela ixesha lenkqubo yokudala isitya, ukuyifaka kwirejista (push), uze uyibuyisele ukusuka apho (ukudonsa). Uyabona ukuba isikhongozeli esincinci sinenzuzo eyahlukileyo ngaphezulu kwesikhongozeli esikhulu.
I-Docker iya kubamba iileya ukuze ukwakhiwa okulandelayo kuya kukhawuleza kakhulu. Nangona kunjalo, iinkqubo ezininzi zeCI ezisetyenziselwa ukwakha kunye nokuvavanya izikhongozeli azigcini i-cache, ngoko kukho ukugcinwa kwexesha elibalulekileyo. Njengoko ubona, ixesha lokwakha isitya esikhulu, ngokuxhomekeke kumandla omatshini wakho, livela kwimizuzwana engama-34 ukuya kwengama-54, kwaye xa usebenzisa isikhongozeli esincitshisiweyo usebenzisa iPatheni yomakhi - ukusuka kwimizuzwana engama-23 ukuya kwengama-28. Ukusebenza kolu hlobo, ukunyuka kwemveliso kuya kuba ngama-40-50%. Ngoko cinga nje malunga nokuba mangaphi amaxesha owakhayo kwaye uvavanye ikhowudi yakho.
Emva kokuba isikhongozeli sakhiwe, kufuneka utyhale umfanekiso waso (umfanekiso wesikhongozeli sotyhala) kwirejista yesikhongozeli ukuze ukwazi ukuwusebenzisa kwiqela lakho leKubernetes. Ndincoma ukusebenzisa iRegistry Container kaGoogle.
NgeRegistry Container kaGoogle (GCR), uhlawulela kuphela ugcino olungakrwada kunye nothungelwano, kwaye akukho mali ezongezelelweyo zolawulo lwesikhongozeli. Iyimfihlo, ikhuselekile kwaye ikhawuleza kakhulu. I-GCR isebenzisa amaqhinga amaninzi ukukhawulezisa umsebenzi wokutsala. Njengoko ubona, ukufaka i-Docker Container Image container usebenzisa i-go:onbuild iya kuthatha ukusuka kwi-15 ukuya kwi-48 imizuzwana, kuxhomekeke ekusebenzeni kwekhompyutheni, kunye nokusebenza okufanayo kunye nesitya esincinci kuya kuthatha ukusuka kwi-14 ukuya kwi-16 imizuzwana, kunye noomatshini abavelisa ngaphantsi. i-advanteji kwisantya sokusebenza inyuka ngamaxesha ama-3. Koomatshini abakhulu, ixesha liyafana, kuba i-GCR isebenzisa i-cache yehlabathi kwisiseko sedatha ekwabelwana ngaso semifanekiso, okuthetha ukuba awudingi ukuyilayisha kwaphela. Kwikhompyuter enamandla aphantsi, i-CPU yingxaki, ngoko ke inzuzo yokusebenzisa izikhongozeli ezincinci inkulu kakhulu apha.
Ukuba usebenzisa i-GCR, ndincoma kakhulu ukusebenzisa i-Google Container Builder (GCB) njengenxalenye yenkqubo yakho yokwakha.
Njengoko ubona, ukusetyenziswa kwayo kukuvumela ukuba ufezekise iziphumo ezingcono kakhulu ekunciphiseni ixesha lokusebenza kwe-Build + Push kunomatshini ovelisayo - kulo mzekelo, inkqubo yokwakha kunye nokuthumela izikhongozeli kumsingathi ikhawuleza phantse amaxesha ama-2. . Ngaphezu koko, ufumana i-120 yemizuzu yokwakha yasimahla yonke imihla, egubungela iimfuno zakho zokwakha isikhongozeli kwiimeko ezininzi.
Okulandelayo kuza i-metric yentsebenzo ebalulekileyo - isantya sokubuyisela, okanye ukukhuphela, Tsala izitya. Kwaye ukuba awukhathali kakhulu malunga nexesha elichithwe kumsebenzi wokutyhala, ngoko ubude benkqubo yokutsala bunempembelelo enkulu ekusebenzeni kwenkqubo iyonke. Masithi uneqela leendawo ezintathu kwaye enye yazo iyasilela. Ukuba usebenzisa inkqubo yokulawula efana ne-Google Kubernetes Engine, iya kutshintsha ngokuzenzekelayo indawo efileyo entsha. Nangona kunjalo, le node entsha iya kuba ingenanto ngokupheleleyo kwaye kuya kufuneka urhuqe zonke izikhongozeli zakho kuyo ukuze iqalise ukusebenza. Ukuba umsebenzi wokutsala uthatha ixesha elide ngokwaneleyo, iqela lakho liya kuqhuba ngokusebenza okuphantsi ngalo lonke ixesha.
Kukho iimeko ezininzi apho oku kunokwenzeka khona: ukongeza i-node entsha kwiqela, ukuphucula iindawo zokuhlala, okanye ukutshintshela kwisikhongozeli esitsha sokusasazwa. Ngaloo ndlela, ukunciphisa ixesha lokutsalwa kwento kuba yinto ephambili. Ayinakuphikiswa into yokuba isikhongozeli esincinci sikhuphela ngokukhawuleza kunesikhulu. Ukuba usebenzisa izikhongozeli ezininzi kwiqela leKubernetes, ukonga ixesha kunokubaluleka.
Jonga lo thelekiso: umsebenzi wokutsala kwizikhongozeli ezincinci kuthatha amaxesha angama-4-9 ngaphantsi, kuxhomekeke kumandla omatshini, kunokusebenza okufanayo usebenzisa i-go:onbuild. Ukusebenzisa ekwabelwana ngako, imifanekiso emincinci yesiseko sesikhongozeli kukhawuleza ngokukhawuleza ixesha kunye nesantya apho iinodi ezintsha zeKubernetes zinokufakwa kwaye zize kwi-Intanethi.
Makhe sijonge umba wokhuseleko. Izikhongozeli ezincinci zibonwa zikhuseleke kakhulu kunezikhulu kuba zinendawo encinci yokuhlasela. Ngaba ngokwenene? Enye yezona zinto ziluncedo kakhulu kwiRejistri yoMgqomo kaGoogle kukukwazi ukuskena ngokuzenzekelayo izikhongozeli zakho ngobuthathaka. Kwiinyanga ezimbalwa ezidlulileyo ndidale zombini izikhongozeli ze-onbuild kunye ne-multistage, ke makhe sibone ukuba kukho ubuthathaka apho.
Isiphumo siyamangalisa: kuphela ubuthathaka obuphakathi obu-3 bafunyanwa kwisikhongozeli esincinci, kwaye i-16 ebalulekileyo kunye ne-376 nezinye iziphene zafunyanwa kwisitya esikhulu. Ukuba sijonga imixholo yesikhongozeli esikhulu, sinokubona ukuba uninzi lweengxaki zokhuseleko azinanto yakwenza nesicelo sethu, kodwa zinxulumene neenkqubo esingazisebenzisiyo. Ke xa abantu bethetha ngomhlaba omkhulu wohlaselo, yiloo nto abayithethayo.
I-takeaway icacile: yakha izikhongozeli ezincinci kuba zibonelela ngentsebenzo yangempela kunye neenzuzo zokhuseleko kwinkqubo yakho.
Ezinye iintengiso π
Enkosi ngokuhlala nathi. Ngaba uyawathanda amanqaku ethu? Ngaba ufuna ukubona umxholo onomdla ngakumbi? Sixhase ngokufaka iodolo okanye ngokucebisa abahlobo, , i-analogue eyodwa yeeseva zomgangatho wokungena, eyenzelwe wena: (ifumaneka nge-RAID1 kunye ne-RAID10, ukuya kuthi ga kwi-24 cores kunye ne-40GB DDR4).
Dell R730xd 2x ngexabiso eliphantsi kwiziko ledatha le-Equinix Tier IV eAmsterdam? Kuphela apha eNetherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - ukusuka $99! Funda malunga
umthombo: www.habr.com