Isixhobo se-etcd-operator, esinceda ekusekweni nasekugcinweni kwe-etcd clusters kwiKubernetes, sidluliselwe kwiprojekthi yeCozystack. Kunye nokudluliselwa, kupapashwe ukuphunyezwa okutsha kwe-etcd-operator, kwabhalwa kwasekuqaleni kwaye kusetyenziswa i-API kwi-etcd-operator.cozystack.io/v1alpha2 endaweni ye-etcd.aenix.io/v1alpha1 yangaphambili. Ukuphunyezwa okutsha kubhalwe nguTimofey Larkin, omnye wabagcini be-codebase yangaphambili. Inguqulelo endala igcinwe kwisebe le-v1alpha1. Ikhowudi ibhalwe kwi-Go kwaye isasazwa phantsi kwelayisensi ye-Apache 2.0. I-Cozystack yiprojekthi ye-sandbox yombutho ongenzi nzuzo i-CNCF.
Utshintsho oluphambili kwi-etcd-operator entsha kukususwa kweStatefulSet yolawulo lwee-node. Ngoku, umqhubi ufikelela ngqo kwi-etcd's native Membership API (MemberAdd, MemberPromote, kunye neMemberRemove) aze ongeze amalungu ngokuzenzekelayo, akhuthaze abafundi kwii-node zokuvota, aze asuse ii-node kwi-quorum, enika umqhubi ulawulo olupheleleyo kubulungu beqela.
Kwangaxeshanye, abaphuhlisi beprojekthi ye-etcd baphuhlisa i-etcd-operator yabo esemthethweni ukususela ekuqaleni. Ngokuphathelele ukusebenza, i-operator esemthethweni okwangoku ingaphantsi kune-etcd-operator yeprojekthi yeCozystack. Ekubeni ukusetyenziswa kwangaphambili kwe-etcd-operator sele kusebenza kwiindawo zemveliso kwaye kusetyenziswa kwiCozystack naseKamaji, uphuhliso lwayo lwaqhubeka ngokwahlukileyo ekuphunyezweni kweprojekthi ye-etcd esemthethweni.
Umqhubi weprojekthi yeCozystack ulawula amaqela e-etcd ngokusebenzisa izixhobo ezimbini. I-EtcdCluster ichaza imeko efunekayo: inani leekopi, inguqulelo ye-etcd, iiparameter zokugcina, i-TLS, ukuqinisekiswa, kunye noseto lwe-etcd. I-etcdMember yenzelwe i-node nganye yeqela kwaye ine-Pod kunye ne-PVC yayo. Ngokungafaniyo nezisombululo eziqhelekileyo, umqhubi akasebenzisi i-StatefulSet kwaye ulawula ngokuzimeleyo i-Pod kunye ne-PVC ye-node nganye. Ubulungu beqela butshintshwa nge-etcd Membership API: umqhubi wongeza ama-node amatsha njengabafundi (MemberAdd), aze awanyusele kumalungu avotayo (MemberPromote). Ukususwa kwenziwa nge-MemberRemove, ngokususwa ngokufanelekileyo kwi-quorum. Xa iqela limisiwe, ama-node agcina ubuwena bawo.
Izinto eziphambili:
- Ukusasazwa kweqela kunye nokulinganisa kumacala omabini, i-node enye ngexesha: ii-node ezintsha ziqala kwimodi yabafundi, kwaye ukuzicima ngokuchanekileyo kuzisusa kwi-quorum;
- ukumisa iqela ngaphandle kokulahleka kwedatha (spec.replicas: 0) kunye nokuqalisa kwakhona ukusebenza ngeqela elifanayo kunye nee-ID ze-node;
- Idatha igcinwa kwi-PVC ngokuzenzekelayo okanye kwi-tmpfs ukuba idatha inokubuyiselwa; ukuba i-Pod ilahlekile, umqhubi uphinda ngokuzenzekelayo ii-nodes ezine-in-memory storage;
- Uqwalaselo olwahlukileyo lwe-TLS loqhagamshelwano lwabathengi kunye nolwe-inter-node: ungaqhagamshela iiSecrets zakho okanye uxelele umqhubi ukuba akhuphe kwaye ahlaziye izatifikethi nge-cert-manager;
- ukuqinisekiswa ngumsebenzisi omnye oyingcambu; iziqinisekiso zakhe zisetwa nge-Secret;
- ukwenza ii-snapshots kwi-S3 okanye kwi-PVC ngesixhobo se-EtcdSnapshot kunye nokubuyisela iqela kwi-snapshot ngexesha lokufakwa kokuqala;
- i-PodDisruptionBudget ezenzekelayo, ethintela imisebenzi yokukhupha amanzi ukuba ingaphazamisi i-quorum;
- ukuqinisekiswa kweenkcukacha nge-apiserver ngokusebenzisa ii-CEL expressions kwi-CRD, ngaphandle kwee-webhooks kunye nokuxhomekeka kumphathi we-cert;
- /scale subresource yesikali se-kubectl kunye ne-VerticalPodAutoscaler, i-metrics port 2381, i-affinity kunye ne-topologySpreadConstraints forwarding;
- i-plugin ye-kubectl-etcd yemisebenzi yosuku lwesibini emva kokufakwa kweqela.
Xa kuthelekiswa nokuphunyezwa okudala (v1alpha1), oku kulandelayo kutshintshile:
- Iqela le-API litshintshile ukusuka kwi-etcd.aenix.io ukuya kwi-etcd-operator.cozystack.io;
- Endaweni yeStatefulSet, umqhubi usebenzisa isixhobo esahlukileyo se-EtcdMember kwi-node nganye;
- Isichazi-magama se-spec.options esingaqhelekanga sithatyathelwe indawo yisethi yeeparameter ezichwetheziweyo: ii-quota-backend-bytes, imo ye-autocompactification kunye ne-interval, i-snapshot-count; imephu yasimahla ivumele iiflegi ukuba zidluliswe ezingqubana ne-logic yomqhubi;
- Isixhobo se-EtcdBackup sitshintshwe igama sabizwa ngokuba yi-EtcdSnapshot, intsingiselo yentsingiselo igciniwe;
- Ukuqinisekiswa kususiwe kwimithetho ye-webhook ukuya kwimithetho ye-CEL kwi-CRD;
- Inkonzo yeqela itshintshelwe kwimowudi engenantloko ukuze ii-nodes zibe namagama e-DNS azinzileyo.
Ukufuduka kwenziwa endaweni kusetyenziswa i-etcd-migrate. Esi sixhobo sihlengahlengisa iqela elisebenzayo lomqhubi omdala ngaphandle kokufuduka kwedatha, ukuqala kwakhona kwe-pod, okanye ukulahleka kwe-quorum. Sitshintsha kuphela abanini bezinto, iileyibhile, kunye neenkcazo. Emva koko, umqhubi omtsha uthatha ulawulo. Abathengi abafikelela kwiqela nge-DNS bayaqhubeka nokusebenza ngaphandle kotshintsho.
Ukuphunyezwa kwe-etcd-operator kaCozystack kujongana noninzi lwezinto zemephu yendlela yomqhubi osemthethweni we-etcd weprojekthi ye-etcd. Imeko yezinto zemephu yendlela yile ilandelayo:
Ukongeza, i-v1alpha2 inikezela ngeempawu ezingabandakanywanga kwisicwangciso sophuhliso esisemthethweni somsebenzisi:
- ukumisa iqela de kungabikho zikopi, ukuyeka nokuqhubeka ngelixa kugcinwa ubuwena beqela kunye namaqhuqhuva;
- indawo yokugcina imemori (tmpfs) ngokutshintshwa kwe-node ngokuzenzekelayo ngumsebenzisi;
- ukuqinisekiswa kwicala le-apiserver nge-CEL, ngaphandle kwee-webhooks kunye nokuxhomekeka kwizatifikethi;
- i-PodDisruptionBudget ezenzekelayo yee-nodes zokuvota;
- /scale subresource ene-status.selector ezalisiweyo ukuze i-kubectl scale kunye ne-VerticalPodAutoscaler.targetRef zisebenze ngokuthe ngqo;
- ukudlulisela phambili iiparameter zokucwangcisa i-affinity kunye ne-topologySpreadConstraints, kunye nokudibanisa i-additionalMetadata kuzo zonke izinto ezenziwe ngumqhubi;
- isixhobo sokufuduka sisuka kumqhubi wangaphambili ngaphandle kokumisa iqela;
- iplagi ye-kubectl-etcd yemisebenzi yokusebenza.
umthombo: opennet.ru
