Iprojekthi yeCozystack iqalise i-etcd-operator ehlaziyiweyo ene-API entsha.

Isixhobo se-etcd-operator, esinceda ekusekweni nasekugcinweni kwe-etcd clusters kwiKubernetes, sidluliselwe kwiprojekthi yeCozystack. Kunye nokudluliselwa, kupapashwe ukuphunyezwa okutsha kwe-etcd-operator, kwabhalwa kwasekuqaleni kwaye kusetyenziswa i-API kwi-etcd-operator.cozystack.io/v1alpha2 endaweni ye-etcd.aenix.io/v1alpha1 yangaphambili. Ukuphunyezwa okutsha kubhalwe nguTimofey Larkin, omnye wabagcini be-codebase yangaphambili. Inguqulelo endala igcinwe kwisebe le-v1alpha1. Ikhowudi ibhalwe kwi-Go kwaye isasazwa phantsi kwelayisensi ye-Apache 2.0. I-Cozystack yiprojekthi ye-sandbox yombutho ongenzi nzuzo i-CNCF.

Utshintsho oluphambili kwi-etcd-operator entsha kukususwa kweStatefulSet yolawulo lwee-node. Ngoku, umqhubi ufikelela ngqo kwi-etcd's native Membership API (MemberAdd, MemberPromote, kunye neMemberRemove) aze ongeze amalungu ngokuzenzekelayo, akhuthaze abafundi kwii-node zokuvota, aze asuse ii-node kwi-quorum, enika umqhubi ulawulo olupheleleyo kubulungu beqela.

Kwangaxeshanye, abaphuhlisi beprojekthi ye-etcd baphuhlisa i-etcd-operator yabo esemthethweni ukususela ekuqaleni. Ngokuphathelele ukusebenza, i-operator esemthethweni okwangoku ingaphantsi kune-etcd-operator yeprojekthi yeCozystack. Ekubeni ukusetyenziswa kwangaphambili kwe-etcd-operator sele kusebenza kwiindawo zemveliso kwaye kusetyenziswa kwiCozystack naseKamaji, uphuhliso lwayo lwaqhubeka ngokwahlukileyo ekuphunyezweni kweprojekthi ye-etcd esemthethweni.

Umqhubi weprojekthi yeCozystack ulawula amaqela e-etcd ngokusebenzisa izixhobo ezimbini. I-EtcdCluster ichaza imeko efunekayo: inani leekopi, inguqulelo ye-etcd, iiparameter zokugcina, i-TLS, ukuqinisekiswa, kunye noseto lwe-etcd. I-etcdMember yenzelwe i-node nganye yeqela kwaye ine-Pod kunye ne-PVC yayo. Ngokungafaniyo nezisombululo eziqhelekileyo, umqhubi akasebenzisi i-StatefulSet kwaye ulawula ngokuzimeleyo i-Pod kunye ne-PVC ye-node nganye. Ubulungu beqela butshintshwa nge-etcd Membership API: umqhubi wongeza ama-node amatsha njengabafundi (MemberAdd), aze awanyusele kumalungu avotayo (MemberPromote). Ukususwa kwenziwa nge-MemberRemove, ngokususwa ngokufanelekileyo kwi-quorum. Xa iqela limisiwe, ama-node agcina ubuwena bawo.

Izinto eziphambili:

  • Ukusasazwa kweqela kunye nokulinganisa kumacala omabini, i-node enye ngexesha: ii-node ezintsha ziqala kwimodi yabafundi, kwaye ukuzicima ngokuchanekileyo kuzisusa kwi-quorum;
  • ukumisa iqela ngaphandle kokulahleka kwedatha (spec.replicas: 0) kunye nokuqalisa kwakhona ukusebenza ngeqela elifanayo kunye nee-ID ze-node;
  • Idatha igcinwa kwi-PVC ngokuzenzekelayo okanye kwi-tmpfs ukuba idatha inokubuyiselwa; ukuba i-Pod ilahlekile, umqhubi uphinda ngokuzenzekelayo ii-nodes ezine-in-memory storage;
  • Uqwalaselo olwahlukileyo lwe-TLS loqhagamshelwano lwabathengi kunye nolwe-inter-node: ungaqhagamshela iiSecrets zakho okanye uxelele umqhubi ukuba akhuphe kwaye ahlaziye izatifikethi nge-cert-manager;
  • ukuqinisekiswa ngumsebenzisi omnye oyingcambu; iziqinisekiso zakhe zisetwa nge-Secret;
  • ukwenza ii-snapshots kwi-S3 okanye kwi-PVC ngesixhobo se-EtcdSnapshot kunye nokubuyisela iqela kwi-snapshot ngexesha lokufakwa kokuqala;
  • i-PodDisruptionBudget ezenzekelayo, ethintela imisebenzi yokukhupha amanzi ukuba ingaphazamisi i-quorum;
  • ukuqinisekiswa kweenkcukacha nge-apiserver ngokusebenzisa ii-CEL expressions kwi-CRD, ngaphandle kwee-webhooks kunye nokuxhomekeka kumphathi we-cert;
  • /scale subresource yesikali se-kubectl kunye ne-VerticalPodAutoscaler, i-metrics port 2381, i-affinity kunye ne-topologySpreadConstraints forwarding;
  • i-plugin ye-kubectl-etcd yemisebenzi yosuku lwesibini emva kokufakwa kweqela.

Xa kuthelekiswa nokuphunyezwa okudala (v1alpha1), oku kulandelayo kutshintshile:

  • Iqela le-API litshintshile ukusuka kwi-etcd.aenix.io ukuya kwi-etcd-operator.cozystack.io;
  • Endaweni yeStatefulSet, umqhubi usebenzisa isixhobo esahlukileyo se-EtcdMember kwi-node nganye;
  • Isichazi-magama se-spec.options esingaqhelekanga sithatyathelwe indawo yisethi yeeparameter ezichwetheziweyo: ii-quota-backend-bytes, imo ye-autocompactification kunye ne-interval, i-snapshot-count; imephu yasimahla ivumele iiflegi ukuba zidluliswe ezingqubana ne-logic yomqhubi;
  • Isixhobo se-EtcdBackup sitshintshwe igama sabizwa ngokuba yi-EtcdSnapshot, intsingiselo yentsingiselo igciniwe;
  • Ukuqinisekiswa kususiwe kwimithetho ye-webhook ukuya kwimithetho ye-CEL kwi-CRD;
  • Inkonzo yeqela itshintshelwe kwimowudi engenantloko ukuze ii-nodes zibe namagama e-DNS azinzileyo.

Ukufuduka kwenziwa endaweni kusetyenziswa i-etcd-migrate. Esi sixhobo sihlengahlengisa iqela elisebenzayo lomqhubi omdala ngaphandle kokufuduka kwedatha, ukuqala kwakhona kwe-pod, okanye ukulahleka kwe-quorum. Sitshintsha kuphela abanini bezinto, iileyibhile, kunye neenkcazo. Emva koko, umqhubi omtsha uthatha ulawulo. Abathengi abafikelela kwiqela nge-DNS bayaqhubeka nokusebenza ngaphandle kotshintsho.

Ukuphunyezwa kwe-etcd-operator kaCozystack kujongana noninzi lwezinto zemephu yendlela yomqhubi osemthethweni we-etcd weprojekthi ye-etcd. Imeko yezinto zemephu yendlela yile ilandelayo:

  • Ukudala iqela elitsha le-etcd, umzekelo lama-node ama-3 okanye ama-5, kunye nenguqulelo echaziweyo ye-etcd kuyasetyenziswa.
  • Ukufunyanwa kwesimo sempilo yeqela - kuqalisiwe.
  • Ukuvumela ukubethelwa kweTLS kwiinxibelelwano, kuquka nokuhlaziywa kwesatifikethi, kuye kwenziwa.
  • Ukuhlaziywa kwiinguqulelo zepatch okanye ngenguqulelo enye encinci kusetyenziswa ngokuyinxenye: ixabiso le-spec.version lisetyenziswa kuphela kwii-nodes ezintsha.
  • Ukulinganisa kuzo zombini iindlela, umzekelo 1 -> 3 -> 5 nodes kunye nomva, kuyasetyenziswa.
  • Ukumisela iiparameter ze-etcd ngokusebenzisa iiflegi okanye ii-environment variables kuphunyezwa njengeseti yeeparameter ezichwetheziweyo.
  • Ukufunyanwa kwelungu elinye leqela elingasebenziyo ukuba ikhoram igciniwe kuyaphunyezwa ngokuyinxenye: akukho kutshintshwa ngokuzenzekelayo kwamalungu ngePVC eyonakeleyo okwangoku.
  • Ukubuyiselwa kwimeko yesiqhelo emva kokusilela kwamalungu amaninzi eqela kunye nokulahlekelwa linani elifunekayo akwenziwa, umsebenzi ucwangcisiwe.
  • Ukudalwa kwe-cluster backup ngexesha elifunekayo kuyenziwa.
  • Ii-backups ze-cluster zexesha elithile zisuswa ngabom ngaphandle kwesikali somsebenzisi: ii-snapshots zexesha eliqhelekileyo zicetywayo ukuba zisetyenziswe kusetyenziswa i-CronJob eqhelekileyo.

    Ukongeza, i-v1alpha2 inikezela ngeempawu ezingabandakanywanga kwisicwangciso sophuhliso esisemthethweni somsebenzisi:

    • ukumisa iqela de kungabikho zikopi, ukuyeka nokuqhubeka ngelixa kugcinwa ubuwena beqela kunye namaqhuqhuva;
    • indawo yokugcina imemori (tmpfs) ngokutshintshwa kwe-node ngokuzenzekelayo ngumsebenzisi;
    • ukuqinisekiswa kwicala le-apiserver nge-CEL, ngaphandle kwee-webhooks kunye nokuxhomekeka kwizatifikethi;
    • i-PodDisruptionBudget ezenzekelayo yee-nodes zokuvota;
    • /scale subresource ene-status.selector ezalisiweyo ukuze i-kubectl scale kunye ne-VerticalPodAutoscaler.targetRef zisebenze ngokuthe ngqo;
    • ukudlulisela phambili iiparameter zokucwangcisa i-affinity kunye ne-topologySpreadConstraints, kunye nokudibanisa i-additionalMetadata kuzo zonke izinto ezenziwe ngumqhubi;
    • isixhobo sokufuduka sisuka kumqhubi wangaphambili ngaphandle kokumisa iqela;
    • iplagi ye-kubectl-etcd yemisebenzi yokusebenza.

    umthombo: opennet.ru

  • Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS πŸ”₯ Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster