Ukwazisa iKubernetes CCM (uMlawuli woLawulo lwamafu) yeYandex.Cloud

Ukuqhubekeka kwangoku Ukukhutshwa komqhubi we-CSI yeYandex.Cloud sipapasha enye iprojekthi yoMthombo oVulekileyo wale lifu - UMlawuli woLawulo lwamafu. I-CCM ayifuneki kuphela kwi-cluster iyonke, kodwa nakumqhubi we-CSI ngokwayo. Iinkcukacha malunga nenjongo yayo kunye nezinye iimpawu zokuphunyezwa ziphantsi kokusikwa.

Intshayelelo

Kutheni kunje?

Iinjongo ezibangele ukuba siphuhlise i-CCM yeYandex.Cloud ihambelana ngokupheleleyo nezo sele zichazwe kuyo isaziso Abaqhubi beCSI. Sigcina amaqela amaninzi e-Kubernetes kubaboneleli belifu abahlukeneyo, apho sisebenzisa isixhobo esinye. Isebenzisa uncedo oluninzi "lokudlula" izisombululo ezilawulwayo zaba baboneleli. Ewe, sinemeko ethile kunye neemfuno, kodwa uphuhliso oludalwe ngenxa yabo lunokuba luncedo kwabanye abasebenzisi.

Yintoni kanye kanye i-CCM?

Ngokuqhelekileyo, silungiselela indawo esingqongileyo yeqela ukusuka ngaphandle - umzekelo, usebenzisa iTerraform. Kodwa ngamanye amaxesha kukho imfuneko yokulawula imeko yelifu elisingqongileyo ukusuka kwiqela. Oku kunokwenzeka kubonelelwe, kwaye kukwaphunyezwa CCM.

Ngokukodwa, uMphathi wesiLawuli seLifu ubonelela ngeentlobo ezintlanu eziphambili zokusebenzisana:

1. Amaxesha -sebenzisa ubudlelwane be-1: 1 phakathi kwento ye-node kwi-Kubernetes (Node) kunye nomatshini obonakalayo kumnikezeli welifu. Kule nto thina:
   • gcwalisa intsimi spec.providerID kwinto Node. Umzekelo, kwi-OpenStack CCM le ndawo inefomathi ilandelayo: openstack:///d58a78bf-21b0-4682-9dc6-2132406d2bb0. Ungabona igama lomboneleli welifu kunye ne-UUID eyodwa yomncedisi (umatshini obonakalayo kwi-OpenStack) yento;
   • umphelelisi nodeInfo kwinto Node ulwazi malunga nomatshini wenyani. Umzekelo, sikhankanya uhlobo lomzekelo kwi-AWS;
   • Sijonga ubukho bomatshini obonakalayo efini. Umzekelo, ukuba into Node waya kwimo NotReady, ungajonga ukuba ngaba umatshini wenyani ukhona kwaphela kumnikezeli welifu nge providerID. Ukuba ayikho, cima into Node, ebiya kuthi ngenye indlela ihlale kwiqela ngonaphakade;
2. KwiiNdawo - icwangcisa indawo yokusilela kwinto Node, ukuze umcwangcisi akhethe i-node yePod ngokwemimandla kunye nemimandla kumnikezeli welifu;
3. LoadBalancer – xa udala into Service ngodidi LoadBalancer yenza uhlobo lwe-balancer oluya kuqondisa i-traffic ukusuka ngaphandle ukuya kwiindawo ze-cluster. Ngokomzekelo, kwiYandex.Cloud ungasebenzisa NetworkLoadBalancer и TargetGroup ngenxa yezi njongo;
4. Umzila – yakha uthungelwano phakathi kweendawo zokuhlala, kuba Ngokweemfuno zeKubernetes, i-pod nganye kufuneka ibe nedilesi yayo ye-IP kwaye ikwazi ukufikelela kuyo nayiphi na enye i-pod. Ukwenzela ezi njongo, ungasebenzisa umsebenzi womnatha wokwaleka (VXLAN, GENEVE) okanye usete itafile yomzila ngokuthe ngqo kuthungelwano lwenyani lomnikezeli welifu:

   

5. umqulu -Ivumela ukuodolwa okuguquguqukayo kwePV usebenzisa iPVC kunye neSC. Ekuqaleni, lo msebenzi wawuyinxalenye ye-CCM, kodwa ngenxa yobunzima bayo obukhulu yafuduselwa kwiprojekthi eyahlukileyo, i-Container Storage Interface (CSI). Siye sathetha ngeCSI ngaphezulu kwakanye wabhala kwaye, njengoko sele kukhankanyiwe, nkqu kukhutshwa Umqhubi weCSI.

Ngaphambili, yonke ikhowudi esebenzisana nelifu yayikwindawo yokugcina iGit yeprojekthi yeKubernetes. k8s.io/kubernetes/pkg/cloudprovider/providers, kodwa bagqiba ekubeni bayeke oku ngenxa yokuphazamiseka kokusebenza kunye nesiseko esikhulu sekhowudi. Lonke ufezekiso oludala lusiwe indawo yokugcina eyahlukileyo. Ukulungiselela inkxaso eyongezelelekileyo kunye nophuhliso, onke amacandelo afanayo nawo asiwe kuwo indawo yokugcina eyahlukileyo.

Njengakwi-CSI, uninzi lwababoneleli ngamafu amakhulu sele beyiyile ii-CCM zabo ukuze basebenzise amafu eKubernetes. Ukuba umthengisi akanayo i-CCM, kodwa yonke imisebenzi efunekayo ifumaneka nge-API, ngoko unokuphumeza i-CCM ngokwakho.

Ukubhala ukuphunyezwa kwakho kwe-CCM, kwanele ukuphumeza efunekayo Go ujongano.

И yile nto sinayo.

Ukuphunyezwa

Ufike njani kulento

Saqala uphuhliso (okanye kunoko, nokuba sisebenzise) nge ilungile(!) CCM yeYandex.Cloud kunyaka ophelileyo.

Nangona kunjalo, kolu phumezo besingekho:

• uqinisekiso nge-JWT IAM uphawu;
• Inkxaso yomlawuli wenkonzo.

Ngokuvumelana nombhali (dlisin) kwiTelegram, siye safaka i-yandex-cloud-controller-manager kwaye songeza imisebenzi engekho.

Iimpawu eziphambili

Okwangoku, i-CCM ixhasa olu nxibelelwano lulandelayo:

• Amaxesha;
• KwiiNdawo;
• LoadBalancer.

Kwixesha elizayo, xa i-Yandex.Cloud iqala ukusebenza ngezakhono eziphezulu zeVPC, siya kongeza i-interface Routes.

LoadBalanacer njengomngeni ophambili

Ekuqaleni, sizame, njengolunye uphunyezo lwe-CCM, ukwenza iperi LoadBalancer и TargetGroup yanganye Service ngodidi LoadBalancer. Nangona kunjalo, iYandex.Cloud ifumene umda omnye onomdla: awukwazi ukusebenzisa TargetGroups ngokunqumlana Targets (isibini SubnetID - IpAddress).

Ngoko ke, ngaphakathi kwe-CCM eyenziwe, umlawuli uqaliswa, apho, xa izinto zitshintsha Node iqokelela ulwazi malunga nalo lonke ujongano kumatshini ngamnye onenyani, amaqela ngokwezinto zawo ezithile NetworkID, idala nge TargetGroup phezu NetworkID, kwaye ikwabeke esweni ukufaneleka. Emva koko, xa udala into Service ngodidi LoadBalanacer sincamathela nje into eyenziwe kwangaphambili TargetGroup kwabatsha NetworkLoadBalanacer'ndim.

Ukuqala njani ukusebenzisa?

I-CCM ixhasa i-Kubernetes version 1.15 nangaphezulu. Kwiqela, ukuze isebenze, kufuneka iflegi --cloud-provider=external yamiselwa ukuba true ye kube-apiserver, kube-controller-manager, kube-scheduler nazo zonke iikubelets.

Onke amanyathelo ayimfuneko ofakelo ngokwawo achazwe kwi README. Ukufakela kubilisa ekudaleni izinto kwi-Kubernetes ukusuka kwi-manifest.

Ukusebenzisa i-CCM kuya kufuneka:

• bonisa kumboniso wesalathisi (folder-id) Yandex.Cloud;
• iakhawunti yenkonzo yokusebenzisana neYandex.Cloud API. Kwi-manifesto Secret iyimfuneko dlulisa izitshixo ezigunyazisiweyo kwiakhawunti yenkonzo. Kumaxwebhu ichazwe, indlela yokwenza i-akhawunti yenkonzo kwaye ufumane izitshixo.

Siya kukuvuyela ukufumana impendulo yakho kwaye imiba emitshaukuba ufumana naziphi na iingxaki!

Iziphumo

Sisebenzise i-CCM ephunyeziweyo kumaqela amahlanu e-Kubernetes kwiiveki ezimbini ezidlulileyo kwaye siceba ukwandisa inani labo kwi-20 kwinyanga ezayo. Okwangoku asicebisi ukusebenzisa i-CCM kufakelo olukhulu nolubalulekileyo lwe-K8s.

Njengakwimeko yeCSI, siya kuvuya ukuba abaphuhlisi beYandex bathatha uphuhliso kunye nenkxaso yale projekthi - sikulungele ukudlulisela indawo yokugcina kwisicelo sabo ukuze sijongane nemisebenzi efanelekileyo kuthi.

PS

Funda nakwibhlog yethu:

• «Amava ethu ekuphuhliseni umqhubi weCSI eKubernetes yeYandex.Cloud";
• «Ngaba kulula kwaye kulula ukulungiselela i-Kubernetes cluster? Ukwazisa i-addon-operator";
• «Ukwandisa kunye nokuxhasa iKubernetes (uphononongo kunye nengxelo yevidiyo)».

umthombo: www.habr.com