Ukuqhubekeka kwangoku
Intshayelelo
Kutheni kunje?
Iinjongo ezibangele ukuba siphuhlise i-CCM yeYandex.Cloud ihambelana ngokupheleleyo nezo sele zichazwe kuyo
Yintoni kanye kanye i-CCM?
Ngokuqhelekileyo, silungiselela indawo esingqongileyo yeqela ukusuka ngaphandle - umzekelo, usebenzisa iTerraform. Kodwa ngamanye amaxesha kukho imfuneko yokulawula imeko yelifu elisingqongileyo ukusuka kwiqela. Oku kunokwenzeka kubonelelwe, kwaye kukwaphunyezwa
Ngokukodwa, uMphathi wesiLawuli seLifu ubonelela ngeentlobo ezintlanu eziphambili zokusebenzisana:
- Amaxesha -sebenzisa ubudlelwane be-1: 1 phakathi kwento ye-node kwi-Kubernetes (
Node
) kunye nomatshini obonakalayo kumnikezeli welifu. Kule nto thina:- gcwalisa intsimi
spec.providerID
kwintoNode
. Umzekelo, kwi-OpenStack CCM le ndawo inefomathi ilandelayo:openstack:///d58a78bf-21b0-4682-9dc6-2132406d2bb0
. Ungabona igama lomboneleli welifu kunye ne-UUID eyodwa yomncedisi (umatshini obonakalayo kwi-OpenStack) yento; - umphelelisi
nodeInfo
kwintoNode
ulwazi malunga nomatshini wenyani. Umzekelo, sikhankanya uhlobo lomzekelo kwi-AWS; - Sijonga ubukho bomatshini obonakalayo efini. Umzekelo, ukuba into
Node
waya kwimoNotReady
, ungajonga ukuba ngaba umatshini wenyani ukhona kwaphela kumnikezeli welifu ngeproviderID
. Ukuba ayikho, cima intoNode
, ebiya kuthi ngenye indlela ihlale kwiqela ngonaphakade;
- gcwalisa intsimi
- KwiiNdawo - icwangcisa indawo yokusilela kwinto
Node
, ukuze umcwangcisi akhethe i-node yePod ngokwemimandla kunye nemimandla kumnikezeli welifu; - LoadBalancer β xa udala into
Service
ngodidiLoadBalancer
yenza uhlobo lwe-balancer oluya kuqondisa i-traffic ukusuka ngaphandle ukuya kwiindawo ze-cluster. Ngokomzekelo, kwiYandex.Cloud ungasebenzisaNetworkLoadBalancer
ΠΈTargetGroup
ngenxa yezi njongo; - Umzila β yakha uthungelwano phakathi kweendawo zokuhlala, kuba Ngokweemfuno zeKubernetes, i-pod nganye kufuneka ibe nedilesi yayo ye-IP kwaye ikwazi ukufikelela kuyo nayiphi na enye i-pod. Ukwenzela ezi njongo, ungasebenzisa umsebenzi womnatha wokwaleka (VXLAN, GENEVE) okanye usete itafile yomzila ngokuthe ngqo kuthungelwano lwenyani lomnikezeli welifu:
- umqulu -Ivumela ukuodolwa okuguquguqukayo kwePV usebenzisa iPVC kunye neSC. Ekuqaleni, lo msebenzi wawuyinxalenye ye-CCM, kodwa ngenxa yobunzima bayo obukhulu yafuduselwa kwiprojekthi eyahlukileyo, i-Container Storage Interface (CSI). Siye sathetha ngeCSI ngaphezulu kwakanye
wabhala kwaye, njengoko sele kukhankanyiwe, nkqukukhutshwa Umqhubi weCSI.
Ngaphambili, yonke ikhowudi esebenzisana nelifu yayikwindawo yokugcina iGit yeprojekthi yeKubernetes. k8s.io/kubernetes/pkg/cloudprovider/providers
, kodwa bagqiba ekubeni bayeke oku ngenxa yokuphazamiseka kokusebenza kunye nesiseko esikhulu sekhowudi. Lonke ufezekiso oludala lusiwe
Njengakwi-CSI, uninzi lwababoneleli ngamafu amakhulu sele beyiyile ii-CCM zabo ukuze basebenzise amafu eKubernetes. Ukuba umthengisi akanayo i-CCM, kodwa yonke imisebenzi efunekayo ifumaneka nge-API, ngoko unokuphumeza i-CCM ngokwakho.
Ukubhala ukuphunyezwa kwakho kwe-CCM, kwanele ukuphumeza
Π
Ukuphunyezwa
Ufike njani kulento
Saqala uphuhliso (okanye kunoko, nokuba sisebenzise) nge
Nangona kunjalo, kolu phumezo besingekho:
- uqinisekiso nge-JWT IAM uphawu;
- Inkxaso yomlawuli wenkonzo.
Ngokuvumelana nombhali (dlisin) kwiTelegram, siye safaka i-yandex-cloud-controller-manager kwaye songeza imisebenzi engekho.
Iimpawu eziphambili
Okwangoku, i-CCM ixhasa olu nxibelelwano lulandelayo:
- Amaxesha;
- KwiiNdawo;
- LoadBalancer.
Kwixesha elizayo, xa i-Yandex.Cloud iqala ukusebenza ngezakhono eziphezulu zeVPC, siya kongeza i-interface Routes.
LoadBalanacer njengomngeni ophambili
Ekuqaleni, sizame, njengolunye uphunyezo lwe-CCM, ukwenza iperi LoadBalancer
ΠΈ TargetGroup
yanganye Service
ngodidi LoadBalancer
. Nangona kunjalo, iYandex.Cloud ifumene umda omnye onomdla: awukwazi ukusebenzisa TargetGroups
ngokunqumlana Targets
(isibini SubnetID
- IpAddress
).
Ngoko ke, ngaphakathi kwe-CCM eyenziwe, umlawuli uqaliswa, apho, xa izinto zitshintsha Node
iqokelela ulwazi malunga nalo lonke ujongano kumatshini ngamnye onenyani, amaqela ngokwezinto zawo ezithile NetworkID
, idala nge TargetGroup
phezu NetworkID
, kwaye ikwabeke esweni ukufaneleka. Emva koko, xa udala into Service
ngodidi LoadBalanacer
sincamathela nje into eyenziwe kwangaphambili TargetGroup
kwabatsha NetworkLoadBalanacer
'ndim.
Ukuqala njani ukusebenzisa?
I-CCM ixhasa i-Kubernetes version 1.15 nangaphezulu. Kwiqela, ukuze isebenze, kufuneka iflegi --cloud-provider=external
yamiselwa ukuba true
ye kube-apiserver, kube-controller-manager, kube-scheduler nazo zonke iikubelets.
Onke amanyathelo ayimfuneko ofakelo ngokwawo achazwe kwi
Ukusebenzisa i-CCM kuya kufuneka:
-
bonisa kumboniso wesalathisi (folder-id
) Yandex.Cloud; - iakhawunti yenkonzo yokusebenzisana neYandex.Cloud API. Kwi-manifesto
Secret
iyimfunekodlulisa izitshixo ezigunyazisiweyo kwiakhawunti yenkonzo. Kumaxwebhuichazwe , indlela yokwenza i-akhawunti yenkonzo kwaye ufumane izitshixo.
Siya kukuvuyela ukufumana impendulo yakho kwaye
Iziphumo
Sisebenzise i-CCM ephunyeziweyo kumaqela amahlanu e-Kubernetes kwiiveki ezimbini ezidlulileyo kwaye siceba ukwandisa inani labo kwi-20 kwinyanga ezayo. Okwangoku asicebisi ukusebenzisa i-CCM kufakelo olukhulu nolubalulekileyo lwe-K8s.
Njengakwimeko yeCSI, siya kuvuya ukuba abaphuhlisi beYandex bathatha uphuhliso kunye nenkxaso yale projekthi - sikulungele ukudlulisela indawo yokugcina kwisicelo sabo ukuze sijongane nemisebenzi efanelekileyo kuthi.
PS
Funda nakwibhlog yethu:
- Β«
Amava ethu ekuphuhliseni umqhubi weCSI eKubernetes yeYandex.Cloud "; - Β«
Ngaba kulula kwaye kulula ukulungiselela i-Kubernetes cluster? Ukwazisa i-addon-operator "; - Β«
Ukwandisa kunye nokuxhasa iKubernetes (uphononongo kunye nengxelo yevidiyo) Β».
umthombo: www.habr.com