Hayi Habr!
Ekupheleni kwehlobo, sifuna ukukukhumbuza ukuba siqhubeka sisebenza ngesihloko kwaye sagqiba ekubeni sipapashe inqaku elivela kwi-Stackoverflow ebonisa imeko yemicimbi kule projekthi ekuqaleni kukaJuni.
Jabulela ukufunda!
Ngexesha lokubhalwa kweli nqaku, ubudala bukaKubernetes bumalunga. , kwaye kule minyaka mibini idlulileyo ukuthandwa kwayo kuye kwanda kakhulu kangangokuba ihlala ibekwa phakathi amaqonga. IKubernetes ikwindawo yesithathu kulo nyaka. Ukuphinda uhlaziye: I-Kubernetes liqonga elenzelwe ukuqhuba kunye nokucwangcisa imithwalo yemisebenzi enezikhongozeli.
Imigqomo yaqala njengoyilo olukhethekileyo lweenkqubo zokwahlula kwiLinux; Izikhongozeli zibandakanyiwe ukusukela ngo-2007 , kwaye ukususela ngo-2002 - izithuba zamagama. Izikhongozeli ziyilwe ngcono nangakumbi ngo-2008, xa zafumaneka , kwaye uGoogle waphuhlisa eyakhe indlela yeshishini yangaphakathi ebizwa , apho “wonke umsebenzi wenziwa ngezikhongozelo.” Ukusuka apha sikhawuleza ukuya kwi-2013, xa ukukhutshwa kokuqala kwe-Docker kwenzeka, kwaye izitya ekugqibeleni zaba sisisombululo esithandwayo. Ngelo xesha, esona sixhobo somculo we-container orchestration sasi , nangona wayengathandwa kakhulu. I-Kubernetes yakhululwa okokuqala ngo-2015, emva koko esi sixhobo saba ngumgangatho we-de facto kwintsimi ye-orchestration ye-container.
Ukuzama ukuqonda ukuba kutheni uKubernetes ethandwa kangaka, makhe sizame ukuphendula imibuzo embalwa. Kunini apho abaphuhlisi bexesha lokugqibela bekwazi ukuvumelana malunga nendlela yokuhambisa izicelo kwimveliso? Bangaphi abaphuhlisi obaziyo abasebenzisa izixhobo njengoko zinikezelwe ngaphandle kwebhokisi? Bangaphi abalawuli bamafu namhlanje abangayiqondiyo indlela izicelo ezisebenza ngayo? Siza kujonga iimpendulo zale mibuzo kweli nqaku.
Iziseko zophuhliso njenge YAML
Ehlabathini eliye lasuka kwiPuppet kunye neChef laya eKubernetes, olona tshintsho lukhulu lusuka “kwiziseko ezingundoqo njengekhowudi” ukuya “kwiziseko ezingundoqo njengedatha”—ngokukodwa, njenge-YAML. Zonke izixhobo kwi-Kubernetes, ezibandakanya ii-pods, ulungelelwaniso, iimeko ezisetyenzisiweyo, imiqulu, njl., zinokuchazwa ngokulula kwifayile ye-YAML. Umzekelo:
apiVersion: v1
kind: Pod
metadata:
name: site
labels:
app: web
spec:
containers:
- name: front-end
image: nginx
ports:
- containerPort: 80Lo mbono wenza kube lula kwii-DevOps okanye iingcali ze-SRE ukuba zivakalise ngokupheleleyo umthwalo wazo ngaphandle kokubhala ikhowudi kwiilwimi ezinjengePython okanye iJavascript.
Olunye uncedo lokuququzelela iziseko zophuhliso njengoko idatha ibandakanya:
- IGitOps okanye iGit Operations Version Control. Le ndlela ikuvumela ukuba ugcine zonke iifayile ze-Kubernetes YAML kwiindawo zokugcina ze-git, ukuze ukwazi ukulandelela kanye ukuba utshintsho lwenziwe nini, ngubani olwenzileyo, kwaye yintoni kanye etshintshileyo. Oku kwandisa ukusebenza elubala kweziko lilonke kwaye kuphucula ukusebenza kakuhle ngokususa ukungacaci, ngakumbi apho abasebenzi kufuneka bajonge izibonelelo abazifunayo. Kwangaxeshanye, kuba lula ukwenza utshintsho ngokuzenzekelayo kwizixhobo zeKubernetes ngokudibanisa ngokulula isicelo sokutsala.
- Ukubaleka. Xa izixhobo zichazwa njenge-YAML, kuba lula kakhulu kubasebenzi beqela ukutshintsha inani elinye okanye amabini kwisixhobo se-Kubernetes, ngaloo ndlela betshintsha indlela esika ngayo. I-Kubernetes ibonelela ngomatshini wokulinganisa okuthe tyaba kweepods, ezinokusetyenziswa ukumisela ngokulula ukuba yeyiphi na inani elincinci kunye nobuninzi beepods ezifunekayo kulungiselelo oluthile lokusasazwa ukuphatha amanqanaba aphantsi kunye aphezulu ezithuthi. Umzekelo, ukuba ubeke ulungelelwaniso olufuna umthamo owongezelelweyo ngenxa yokunyuka ngequbuliso kwitrafikhi, emva koko i-maxReplicas inokutshintshwa ukusuka kwi-10 ukuya kwi-20:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: myapp
namespace: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp-deployment
minReplicas: 1
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50- Ukhuseleko nolawulo. I-YAML ilungile ekuvavanyeni indlela izinto ezibekwa ngayo eKubernetes. Umzekelo, inkxalabo enkulu yokhuseleko ichaphazela ukuba ingaba umthwalo wakho usebenza njengomsebenzisi ongeyena umphathi. Kule meko, sinokufuna izixhobo ezifana , i-YAML/JSON yokuqinisekisa, kunye , umqinisekisi womgaqo-nkqubo wokuqinisekisa ukuba umxholo imithwalo yakho yomsebenzi ayivumeli isikhongozeli ukuba sisebenze ngamalungelo omlawuli. Ukuba oku kuyimfuneko, abasebenzisi banokusebenzisa umgaqo-nkqubo olula , ndiyayithanda lento:
package main
deny[msg] {
input.kind = "Deployment"
not input.spec.template.spec.securityContext.runAsNonRoot = true
msg = "Containers must not run as root"
}- Iinketho zokudibanisa kunye nomboneleli wefu. Enye yeendlela eziphawuleka kakhulu kwitekhnoloji ephezulu yanamhlanje kukuqhuba imithwalo yemisebenzi kubaboneleli belifu loluntu. Ukusebenzisa icandelo I-Kubernetes ivumela nayiphi na i-cluster ukuba idibanise nomnikezeli wefu eqhuba kuyo. Umzekelo, ukuba umsebenzisi uqhuba isicelo kwi-Kubernetes kwi-AWS kwaye ufuna ukuveza eso sicelo ngenkonzo, umboneleli welifu unceda ngokuzenzekelayo ukwenza inkonzo.
LoadBalancereya kubonelela ngokuzenzekelayo isilinganisi somthwalo ukuqondisa ngokutsha itrafikhi kwiipod zesicelo.
Ukwandiswa
I-Kubernetes yanda kakhulu kwaye abaphuhlisi bayayithanda. Kukho uluhlu lwezixhobo ezikhoyo ezifana neepods, ukuthunyelwa, StatefulSets, iimfihlo, ConfigMaps, njl. Enyanisweni, abasebenzisi kunye nabaphuhlisi banokongeza ezinye izixhobo kwifom .
Umzekelo, ukuba sifuna ukuchaza umthombo CronTab, emva koko unokwenza into enje:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: crontabs.my.org
spec:
group: my.org
versions:
- name: v1
served: true
storage: true
Schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
cronSpec:
type: string
pattern: '^(d+|*)(/d+)?(s+(d+|*)(/d+)?){4}$'
replicas:
type: integer
minimum: 1
maximum: 10
scope: Namespaced
names:
plural: crontabs
singular: crontab
kind: CronTab
shortNames:
- ct
Emva kwexesha sinokwenza isixhobo seCronTab into enje:
apiVersion: "my.org/v1"
kind: CronTab
metadata:
name: my-cron-object
spec:
cronSpec: "* * * * */5"
image: my-cron-image
replicas: 5
Enye inketho yokwandiswa kwi-Kubernetes kukuba umphuhlisi unokubhala ingxelo yakhe. yinkqubo ekhethekileyo kwiqela leKubernetes esebenza ngoku “" Ngoncedo lomsebenzisi, umsebenzisi unokwenza ngokuzenzekelayo ulawulo lwe-CRDs (iinkcazo zemithombo yesiko) ngokutshintshiselana ngolwazi kunye ne-Kubernetes API.
Kukho izixhobo ezininzi kuluntu ezenza kube lula kubaphuhlisi ukuba benze ababo abasebenzisi. Phakathi kwabo - kunye neyakhe . Le SDK ibonelela ngesiseko apho umphuhlisi anokuqalisa ngokukhawuleza ukwenza umsebenzi. Masithi ungaqala kumgca womyalelo into enje:
$ operator-sdk new my-operator --repo github.com/myuser/my-operatorOku kudala yonke ikhowudi yebhoilerplate yomsebenzisi wakho, ukuquka iifayile zeYAML kunye nekhowudi yeGolang:
.
|____cmd
| |____manager
| | |____main.go
|____go.mod
|____deploy
| |____role.yaml
| |____role_binding.yaml
| |____service_account.yaml
| |____operator.yaml
|____tools.go
|____go.sum
|____.gitignore
|____version
| |____version.go
|____build
| |____bin
| | |____user_setup
| | |____entrypoint
| |____Dockerfile
|____pkg
| |____apis
| | |____apis.go
| |____controller
| | |____controller.goEmva koko unokongeza ii-APIs ezifunekayo kunye nomlawuli, ngolu hlobo:
$ operator-sdk add api --api-version=myapp.com/v1alpha1 --kind=MyAppService
$ operator-sdk add controller --api-version=myapp.com/v1alpha1 --kind=MyAppServiceEmva koko, ekugqibeleni, hlanganisa umqhubi kwaye uyithumele kubhaliso lwesikhongozeli sakho:
$ operator-sdk build your.container.registry/youruser/myapp-operator
Ukuba umphuhlisi ufuna ulawulo olungakumbi, ikhowudi ye-boilerplate kwiifayile zeGo inokutshintshwa. Umzekelo, ukuguqula izinto ezithile zomlawuli, unokwenza utshintsho kwifayile controller.go.
Enye iprojekthi , ikuvumela ukuba wenze iingxelo usebenzisa iifayile ze-YAML ezichazayo kuphela. Umzekelo, umqhubi we-Apache Kafka uya kuchazwa malunga . Ngayo, unokufaka iqela leKafka ngaphezulu kweKubernetes ngemiyalelo nje embalwa:
$ kubectl kudo install zookeeper
$ kubectl kudo install kafkaKwaye emva koko uyiqwalasele ngomnye umyalelo:
$ kubectl kudo install kafka --instance=my-kafka-name
-p ZOOKEEPER_URI=zk-zookeeper-0.zk-hs:2181
-p ZOOKEEPER_PATH=/my-path -p BROKER_CPUS=3000m
-p BROKER_COUNT=5 -p BROKER_MEM=4096m
-p DISK_SIZE=40Gi -p MIN_INSYNC_REPLICAS=3
-p NUM_NETWORK_THREADS=10 -p NUM_IO_THREADS=20
Ulutsha
Kwiminyaka embalwa edlulileyo, ukukhutshwa okukhulu kwe-Kubernetes bekuphuma rhoqo kwiinyanga ezimbalwa - oko kukuthi, ezintathu ukuya kwezine ezinkulu ezikhutshwa ngonyaka. Inani leefitsha eziveliswe kuzo zonke azinciphi. Ngaphezu koko, akukho zimpawu zokucotha nakula maxesha anzima - jonga ukuba imeko injani ngoku .
Izakhono ezitsha zikuvumela ukuba wenze imisebenzi yeqela ebhetyebhetye kuyo yonke imisebenzi eyahlukeneyo. Ukongeza, abadwelisi benkqubo banandipha ulawulo olukhulu xa behambisa izicelo ngokuthe ngqo kwimveliso.
Yoluntu
Omnye umba ophambili wokuthandwa kukaKubernetes ngamandla oluntu lwayo. Kwi-2015, ekufikeleleni kwi-version 1.0, i-Kubernetes ixhaswe ngu .
Kukwakho neendawo ezahlukeneyo zokuhlala (Amaqela oMdla okhethekileyo) agxile ekusebenzeni kwiindawo ezahlukeneyo zaseKubernetes njengoko iprojekthi ikhula. La maqela ahlala esongeza izinto ezintsha, okwenza ukusebenza kunye ne-Kubernetes kube lula kwaye kulula.
I-Cloud Native Foundation ikwabamba i-CloudNativeCon/KubeCon, ethi, ngexesha lokubhala, yeyona nkomfa inkulu yomthombo ovulekileyo kwihlabathi. Ngokuqhelekileyo ibanjwa kathathu ngonyaka, idibanisa amawaka eengcali ezifuna ukuphucula i-Kubernetes kunye ne-ecosystem yayo, kunye nokufunda izinto ezintsha ezivela rhoqo kwiinyanga ezintathu.
Ngaphezu koko, i-Cloud Native Foundation ine , ethi, kunye neeSIG, iphonononge entsha kunye nekhoyo imali egxile kwi-ecosystem yelifu. Uninzi lwezi projekthi zinceda ukuphucula amandla eKubernetes.
Okokugqibela, ndiyakholelwa ukuba i-Kubernetes ayinakuphumelela njengokuba injalo ngaphandle kwemizamo yolwazi yoluntu lonke, apho abantu banamathelana kodwa kwangaxeshanye bamkele abantu abatsha emhlambini.
Ixesha elizayo
Enye yeengxaki eziphambili abaphuhlisi abaza kujongana nayo kwixesha elizayo kukukwazi ukugxila kwiinkcukacha zekhowudi ngokwayo, kwaye kungekhona kwiziseko ezisebenza kuyo. Idibana nale mikhwa , yenye yezona ziphambili namhlanje. Izikhokelo ezikwinqanaba eliphezulu sele zikhona, umz. и , esebenzisa i-Kubernetes ukukhupha isiseko esivela kumphuhlisi.
Kweli nqaku, sikrwele kuphela umphezulu wemeko yangoku ye-Kubernetes-eneneni, yincam nje ye-iceberg. Abasebenzisi beKubernetes banezinye izixhobo ezininzi, amandla, kunye noqwalaselo abanalo.
umthombo: www.habr.com