Abantu abaninzi bakholelwa ukuba kwanele ukufudukela kwisicelo kwi-Kubernetes (nokuba usebenzisa i-Helm okanye ngesandla) kwaye baya konwaba. Kodwa akukho lula ngolo hlobo.
Iqela Iguqulelwe inqaku lenjineli ye-DevOps uJulian Gindi. Wabelana ngemigibe inkampani yakhe edibene nayo ngexesha lenkqubo yokufuduka ukuze unganyatheli kwiraki enye.
Inyathelo lokuqala: Ukuseta izicelo zePod kunye nemida
Masiqale ngokumisela indawo ecocekileyo apho iipods zethu ziya kusebenza khona. I-Kubernetes yenza umsebenzi omhle wokucwangcisa iipod kunye nokusingatha iimeko zokungaphumeleli. Kodwa kwavela ukuba umcwangcisi ngamanye amaxesha akakwazi ukubeka i-pod ukuba kunzima ukuqikelela ukuba zingaphi izixhobo ezifunekayo ukuze zisebenze ngempumelelo. Apha kulapho izicelo zezibonelelo kunye nemida zivela khona. Kukho iingxoxo ezininzi malunga neyona ndlela ilungileyo yokumisela izicelo kunye nemida. Ngamanye amaxesha kuvakala ngathi bubugcisa obungaphezulu kunenzululwazi. Nantsi indlela yethu.
izicelo Pod - Eli lelona xabiso lisetyenziswa ngumcwangcisi ukubeka ngokufanelekileyo ipod.
ΠΠ· : Inyathelo lokucoca limisela iiseti zeendawo apho i-pod inokucwangciswa khona. Umzekelo, isihluzi sePodFitsResources sijonga ukuba i-node inezixhobo ezaneleyo zokwanelisa izicelo ezikhethekileyo ze-pod.
Sisebenzisa izicelo zezicelo ukuze zisetyenziswe ukuqikelela ukuba zingaphi izixhobo e neneni Isicelo siyayidinga ukuze sisebenze ngokufanelekileyo. Ngale ndlela umcwangcisi unokubeka iindawo zokuhlala ngokwenyani. Ekuqaleni besifuna ukuseta izicelo ngomda ukuze siqinisekise ukuba iphodi nganye inenani elikhulu ngokwaneleyo lezibonelelo, kodwa saqaphela ukuba amaxesha okucwangcisa anyuke kakhulu kwaye ezinye iipods azizange zicwangciswe ngokupheleleyo, ngokungathi akukho zicelo zoncedo ezifunyenweyo kubo.
Kulo mzekelo, umcwangcisi angasoloko etyhala ngaphandle iipods kwaye angakwazi ukuzicwangcisa ngokutsha ngenxa yokuba inqwelomoya yolawulo ibingenalwazi lokuba zingaphi na izixhobo ezifunwa sisicelo, icandelo eliphambili le-algorithm yokucwangcisa.
Imida yePod - lo ngumda ocacileyo wepod. Imele ubuninzi bemithombo yobutyebi eya kuthi iqela liya kubela umgqomo.
Kwakhona, ukusuka : Ukuba isikhongozeli sine-4 yememori ye-GiB emiselweyo, ngoko i-kubelet (kunye nexesha lokuqhuba isikhongozeli) iyakuyinyanzelisa. Ixesha lokuqhuba alisivumeli isikhongozeli ukuba sisebenzise ngaphezu komlinganiselo ochaziweyo wesixhobo. Umzekelo, xa inkqubo kwisikhongozeli izama ukusebenzisa ngaphezu kwenani elivumelekileyo lememori, inkqubo kernel iyayiphelisa inkqubo ngempazamo ethi "out of memory" (OOM).
Isikhongozeli singasoloko sisebenzisa izixhobo ezingaphezulu kunezichaziweyo kwisicelo sobutyebi, kodwa asinakuze sisebenzise ngaphezulu kokuchazwe kumda. Eli xabiso linzima ukuseta ngokuchanekileyo, kodwa kubaluleke kakhulu.
Ngokufanelekileyo, sifuna ukuba iimfuno zezibonelelo zepod zitshintshe ngaphezu komjikelezo wobomi benkqubo ngaphandle kokuphazamisana nezinye iinkqubo kwinkqubo-yinjongo yokumisela imida.
Ngelishwa, andinakukwazi ukunika imiyalelo ecacileyo malunga nokuba yeyiphi imilinganiselo yokumisela, kodwa thina sithobela le mithetho ilandelayo:
- Ukusebenzisa isixhobo sokuvavanya umthwalo, silinganisa inqanaba lesiseko se-traffic kwaye sibeke iliso kusetyenziso lwemithombo ye-pod (imemori kunye neprosesa).
- Sibeka izicelo ze-pod kwixabiso eliphantsi ngokungenasizathu (kunye nomda wemithombo malunga namaxesha angama-5 ixabiso lezicelo) kwaye siqwalasele. Xa izicelo ziphantsi kakhulu, inkqubo ayinakuqala, ihlala ibangela iimpazamo ezingaqondakaliyo zeGo Runtime.
Qaphela ukuba imida yemithombo ephezulu yenza ukucwangcisa kube nzima ngakumbi kuba i-pod idinga indawo ekujoliswe kuyo enezibonelelo ezaneleyo ezikhoyo.
Khawufane ucinge imeko apho unomncedisi wewebhu ongasindi kunye nomda wemithombo ephezulu kakhulu, yithi i-4 GB yememori. Le nkqubo iya kufuneka ilinganise ngokuthe tye, kwaye imodyuli entsha nganye iya kufuneka icwangciswe kwindawo enobuncinci be-4 GB yememori ekhoyo. Ukuba akukho nodi enjalo ikhona, iqela kufuneka lazise indawo entsha ukuze kuqhutywe loo pod, nto leyo enokuthatha ixesha elithile. Kubalulekile ukugcina umahluko phakathi kwezicelo zezibonelelo kunye nemida ubuncinci ukuqinisekisa ukukala okukhawulezayo nokugudileyo.
Inyathelo lesibini: ukuseta iimvavanyo zokuPhila nokuLungela
Esi sesinye isihloko esifihlakeleyo esihlala sixoxwa kuluntu lwaseKubernetes. Kubalulekile ukuba ube nokuqonda kakuhle kovavanyo lokuPhila nokuLungela njengoko lubonelela ngendlela yesoftware ukuba iqhube kakuhle kwaye icuthe ixesha lokuphumla. Nangona kunjalo, zinokubangela ukusebenza okunzulu kwisicelo sakho ukuba ayilungiswanga kakuhle. Apha ngezantsi kukho isishwankathelo sokuba zombini iisampulu zinjani.
Ukuphila ibonisa ukuba isikhongozeli siyasebenza. Ukuba ayiphumelelanga, i-kubelet ibulala isikhongozeli kwaye umgaqo-nkqubo wokuqalisa ngokutsha wenzelwa wona. Ukuba isikhongozeli asixhotyiswanga nge-Liveness probe, ke imeko engagqibekanga iya kuba yimpumelelo-yilento ikutshoyo .
Iinkqubo zokuhlola ubomi kufuneka zingabizi mali ininzi, okuthetha ukuba akufuneki zisebenzise izixhobo ezininzi, kuba ziqhuba rhoqo kwaye kufuneka zazise uKubernetes ukuba isicelo siyasebenza.
Ukuba ubeka inketho yokuqhuba umzuzwana ngamnye, oku kuya kwongeza isicelo se-1 ngomzuzwana, ngoko qaphela ukuba izixhobo ezongezelelweyo ziya kufuneka ukusingatha le traffic.
Kwinkampani yethu, iimvavanyo ze-Liveness zijonga amacandelo angundoqo wesicelo, nokuba idatha (umzekelo, i-database ekude okanye i-cache) ayifumaneki ngokupheleleyo.
Siye saqwalasela ii-apps kunye nesiphelo "sezempilo" esibuyisela ngokulula ikhowudi yokuphendula ye-200. Oku kubonisa ukuba inkqubo iyasebenza kwaye iyakwazi ukucubungula izicelo (kodwa ingekafiki i-traffic).
Umzekelo Ukulungela ibonisa ukuba isikhongozeli sikulungele na ukunika izicelo. Ukuba i-probe yokulungela ayiphumelelanga, umlawuli we-endpoint ususa idilesi ye-IP ye-pod kwii-endpoints zazo zonke iinkonzo ezihambelana ne-pod. Oku kukwachazwa kuxwebhu lweKubernetes.
I-probes yokulungela idla izibonelelo ezininzi kuba kufuneka zithunyelwe kwi-backend ngendlela ebonisa ukuba isicelo sikulungele ukwamkela izicelo.
Kukho iingxoxo ezininzi kuluntu malunga nokuba ukufikelela ngqo kwi-database. Ukunikezelwa kwe-overhead (ukuhlolwa kwenziwa rhoqo, kodwa kunokulungelelaniswa), sagqiba ekubeni kwezinye izicelo, ukulungela ukukhonza i-traffic kubalwa kuphela emva kokuqinisekisa ukuba iirekhodi zibuyiselwa kwi-database. Izilingo zokulungela eziyilwe kakuhle ziqinisekise amanqanaba aphezulu okufumaneka kwaye zipheliswe ixesha lokuphumla ngexesha lokuthunyelwa.
Ukuba uthatha isigqibo sokubuza i-database ukuvavanya ukulungela kwesicelo sakho, qiniseka ukuba ayibizi kangangoko. Masithathe esi sicelo:
SELECT small_item FROM table LIMIT 1Nanku umzekelo wendlela esimisa ngayo la maxabiso mabini kwi-Kubernetes:
livenessProbe:
httpGet:
path: /api/liveness
port: http
readinessProbe:
httpGet:
path: /api/readiness
port: http periodSeconds: 2
Unokongeza ezinye iinketho zoqwalaselo ezongezelelweyo:
initialDelaySeconds- zingaphi imizuzwana eya kudlula phakathi kokuqaliswa kwesitya kunye nokuqala kweesampuli.periodSecondsβ isithuba sokulinda phakathi kobaleko lwesampulu.timeoutSecondsβ inani lemizuzwana emva kokuba iyunithi ithathwa njengengxakeko. Ukuphela kwexesha rhoqo.failureThreshold- inani lokungaphumeleli kovavanyo ngaphambi kokuba uphawu lokuqalisa ngokutsha luthunyelwe kwi-pod.successThreshold- inani lee-probes eziphumelelayo ngaphambi kokuba i-pod ingene kwisimo esilungeleyo (emva kokungaphumeleli, xa i-pod iqala okanye ibuyisela kwakhona).
Inyathelo lesithathu: ukuseta imigaqo-nkqubo yenethiwekhi engagqibekanga yepod
I-Kubernetes ine-"flat" ye-topography yenethiwekhi; ngokuzenzekelayo, zonke ii-pods zinxibelelana ngokuthe ngqo enye kwenye. Kwezinye iimeko oku akunqweneleki.
Umba onokubakho wokhuseleko kukuba umhlaseli unokusebenzisa isicelo esisesichengeni sokuthumela i-traffic kuzo zonke iipod kwinethiwekhi. Njengakwimimandla emininzi yokhuseleko, umgaqo wobuncinci bawo uyasebenza apha. Ngokufanelekileyo, imigaqo-nkqubo yothungelwano kufuneka ichaze ngokucacileyo ukuba loluphi udibaniso phakathi kweepod ezivumelekileyo nezingavumelekanga.
Umzekelo, ngezantsi ngumgaqo-nkqubo olula okhanyela yonke i-traffic engenayo kwindawo ethile yamagama:
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
spec:
podSelector: {}
policyTypes:
- Ingress
Umboniso wolu lungelelwaniso:
(https://miro.medium.com/max/875/1*-eiVw43azgzYzyN1th7cZg.gif)
Iinkcukacha ezingakumbi .
Inyathelo lesine: ukuziphatha ngokwesiko usebenzisa amagwegwe kunye nezikhongozeli zeinit
Enye yeenjongo zethu eziphambili ibikukubonelela ngokuthunyelwa kwi-Kubernetes ngaphandle kwexesha lokuphumla kubaphuhlisi. Oku kunzima kuba zininzi iinketho zokuvala usetyenziso kunye nokukhulula izixhobo abazisebenzisileyo.
Kwavela ubunzima obukhethekileyo . Siye saqaphela ukuba xa ezi pods zisetyenziswe ngokulandelelanayo, uxhulumaniso olusebenzayo lwayehliswa ngaphambi kokugqitywa ngempumelelo.
Emva kophando olubanzi kwi-intanethi, kuyavela ukuba i-Kubernetes ayilindi ukuba udibaniso lwe-Nginx luzicime ngokwalo ngaphambi kokuphelisa i-pod. Sisebenzisa ikhonkco lokumisa kwangaphambili, siphumeze oku kulandelayo kwaye salisusa ngokupheleleyo ixesha lokuphumla:
lifecycle:
preStop:
exec:
command: ["/usr/local/bin/nginx-killer.sh"]
Kodwa nginx-killer.sh:
#!/bin/bash
sleep 3
PID=$(cat /run/nginx.pid)
nginx -s quit
while [ -d /proc/$PID ]; do
echo "Waiting while shutting down nginx..."
sleep 10
done
Enye iparadigm eluncedo kakhulu kusetyenziso lwezikhongozeli ze-init ukuphatha uqalo lwezicelo ezithile. Oku kuluncedo ngakumbi ukuba unenkqubo yofuduko lwesiseko sesiseko sobutyebi obunzulu ekufuneka iqhutywe phambi kokuba isicelo siqale. Ungaphinda uchaze umda wesixhobo esiphezulu kule nkqubo ngaphandle kokumisela umda onjalo kwisicelo esingundoqo.
Esinye isikimu esiqhelekileyo kukufikelela kwiimfihlo kwi-container ye-init enikezela ezo ziqinisekiso kwimodyuli ephambili, ethintela ukufikelela okungagunyaziswanga kwiimfihlo ukusuka kwimodyuli yesicelo esiyintloko ngokwayo.
Njengesiqhelo, caphula kumaxwebhu: Izikhongozeli ze-init ziqhuba ngokukhuselekileyo ikhowudi yesiko okanye izinto eziluncedo ezinokunciphisa ukhuseleko lomfanekiso wesikhongozeli sesicelo. Ngokugcina izixhobo ezingeyomfuneko ngokwahlukileyo, unciphisa indawo yokuhlaselwa komfanekiso wesikhongozeli sesicelo.
Inyathelo lesihlanu: Ukuqwalasela iKernel
Okokugqibela, makhe sithethe ngobuchule obuphambili.
I-Kubernetes liqonga elibhetyebhetye kakhulu elikuvumela ukuba uqhube imisebenzi ngendlela obona kufanelekile ngayo. Sineqela lezicelo ezisebenza kakhulu ezinobutyebi obugqithisileyo. Emva kokwenza uvavanyo olubanzi lomthwalo, siye safumanisa ukuba isicelo esinye sasitsala nzima ekulawuleni umthwalo olindelekileyo wetrafikhi xa useto olungagqibekanga lukaKubernetes lwalusebenza.
Nangona kunjalo, iKubernetes ikuvumela ukuba uqhube isikhongozeli esinelungelo esitshintsha iiparamitha zekernel kuphela kwipod ethile. Nantsi into ebesiyisebenzisile ukutshintsha inani eliphezulu loqhagamshelo oluvulekileyo:
initContainers:
- name: sysctl
image: alpine:3.10
securityContext:
privileged: true
command: ['sh', '-c', "sysctl -w net.core.somaxconn=32768"]
Obu bubuchule obuphambili obusoloko bungafuneki. Kodwa ukuba isicelo sakho siyasokola ukumelana nomthwalo onzima, ungazama ukulungisa ezinye zezi setingi. Iinkcukacha ezingakumbi kule nkqubo kunye nokuseta amaxabiso ahlukeneyo - njengesiqhelo .
Ekugqibeleni
Ngelixa i-Kubernetes isenokubonakala ngathi sisisombululo esele silungisiwe ngaphandle kwebhokisi, kukho amanyathelo abalulekileyo ekufuneka uwathathe ukuze ugcine izicelo zakho zisebenza kakuhle.
Ngalo lonke ixesha lokufuduka kwakho kwe-Kubernetes, kubalulekile ukulandela "umjikelo wovavanyo lomthwalo": uqalise isicelo, ulayishe usivavanye, ujonge iimethrikhi kunye nokuziphatha kokulinganisa, lungisa ulungelelwaniso olusekwe kuloo datha, emva koko uphinde umjikelo kwakhona.
Yiba nenyani malunga nokugcwala kwakho okulindelekileyo kwaye uzame ukutyhala ngaphaya kwayo ukuze ubone ukuba zeziphi izinto ezaphuka kuqala. Ngale ndlela yokuphindaphinda, zimbalwa zeengcebiso ezidwelisiweyo ezinokwanela ukufikelela kwimpumelelo. Okanye inokufuna uhlengahlengiso olunzulu.
Ngalo lonke ixesha uzibuza le mibuzo:
- Zingaphi izixhobo ezisetyenziswa kwizicelo kwaye lo mqulu uya kutshintsha njani?
- Zeziphi iimfuno zokwenyani zokulinganisa? Ingakanani itrafikhi eza kuphathwa yi-app ngokomndilili? Kuthekani ngencopho yezithuthi?
- Kukangaphi apho inkonzo iya kufuna ukukala ngokuthe tye? Ingaba iipods ezintsha kufuneka ziziswe kwi-intanethi ngokukhawuleza kangakanani ukufumana itrafikhi?
- Ingaba imidumba ivaleka njani ngokuchanekileyo? Ngaba oku kuyimfuneko konke konke? Ngaba kunokwenzeka ukufezekisa ukuthunyelwa ngaphandle kwexesha lokuphumla?
- Ungawunciphisa njani umngcipheko wokhuseleko kwaye unciphise umonakalo ovela kuyo nayiphi na i-pods esengozini? Ngaba naziphi na iinkonzo ezinemvume okanye ukufikelela ezingakufuniyo?
I-Kubernetes ibonelela ngeqonga elimangalisayo elikuvumela ukuba usebenzise iindlela ezilungileyo zokusebenzisa amawaka eenkonzo kwiqela. Nangona kunjalo, zonke izicelo zahlukile. Ngamanye amaxesha ukuphunyezwa kufuna umsebenzi omncinci.
Ngethamsanqa, i-Kubernetes ibonelela ngokucwangciswa okuyimfuneko ukufezekisa zonke iinjongo zobugcisa. Usebenzisa indibaniselwano yezicelo zezixhobo kunye nemida, ukuPhila kunye nokuLungela iiprobes, izikhongozeli ze-init, imigaqo-nkqubo yenethiwekhi, kunye nokulungiswa kwe-kernel yesiko, unokufezekisa ukusebenza okuphezulu kunye nokunyamezela iimpazamo kunye nokukhawuleza ngokukhawuleza.
Yintoni enye ekufuneka uyifunde:
- .
- .
- .
umthombo: www.habr.com