Akuwona wonke amapulatifomu eseva, ngisho nalawo anamandla kakhulu futhi angakala, anelisa zonke izidingo njengoba enjalo. Ngenkathi i-Kubernetes isebenza kahle iyodwa, ingase iswele izingxenye ezifanele ukuthi iphelele. Uzothola njalo icala elikhethekile elingasinaki isidingo sakho, noma lapho i-Kubernetes ingeke isebenze ekufakweni okuzenzakalelayo - isibonelo, ukusekelwa kwedathabhesi noma ukusebenza kwe-CD.
Yilapho izengezo, izandiso nezinye izinto ezinhle zale orchestrator yesiqukathi zivela khona, zisekelwa umphakathi obanzi. Lesi sihloko sizobonisa izinto ezingcono kakhulu eziyi-11 esizitholile. Kwethu phakathi athakazelisa kakhulu, futhi sihlela ukubhekana nawo ngokoqobo - sihlukanise sibe izikulufu namantongomane futhi sibone ukuthi yini engaphakathi. Ezinye zazo zizophelelisa ngokuphelele noma yiliphi iqoqo le-Kubernetes, kanti ezinye zizosiza ukuxazulula izinkinga ezithile ezingasetshenziswanga kuphakheji evamile ye-Kubernetes.
Umgcini-sango: Ukuphathwa Kwenqubomgomo
Le phrojekthi (OPA) inikeza ikhono lokudala izinqubomgomo phezu kwezitaki zohlelo lokusebenza lwamafu ku-Kubernetes, ukusuka ekungeneni kuye kuma-mesh wesevisi. inika i-Kubernetes-native ikhono lokusebenzisa izinqubomgomo ngokuzenzakalelayo kulo lonke iqoqo, futhi ihlinzeka ngokuhlola noma yimiphi imicimbi noma izinsiza ezephula inqubomgomo. Konke lokhu kusingathwa indlela entsha ku-Kubernetes, imenenja yokwamukelwa kwe-Webhooks, eqalwa lapho izinsiza zishintsha. Ngomgcini-sango, izinqubomgomo ze-OPA ziba enye ingxenye yezempilo yeqoqo lakho le-Kubernetes ngaphandle kwesidingo sokugadwa njalo.
Amandla adonsela phansi: Amaqoqo e-Kubernetes Aphathekayo
Uma ufuna ukuthumela isicelo ku-Kubernetes, izinhlelo zokusebenza eziningi zineshadi le-Helm eliqondisa futhi lenze le nqubo ngokuzenzakalelayo. Kepha kuthiwani uma ufuna ukuthatha iqoqo lakho le-Kubernetes njengoba linjalo bese ulikhipha kwenye indawo?
ithatha izifinyezo zesifunda samaqoqo e-Kubernetes, okubhaliswa kwawo kwezithombe zeziqukathi, nokusebenzisa izinhlelo zokusebenza ezibizwa ngokuthi βamaphakheji wohlelo lokusebenza.β Iphakheji elinjalo, okuyifayela elivamile .tar, ingaphindaphinda iqoqo noma kuphi lapho i-Kubernetes ingasebenza khona.
Amandla adonsela phansi aphinde aqinisekise ukuthi ingqalasizinda eqondiwe iziphatha ngendlela efanayo nomthombo, nokuthi imvelo ye-Kubernetes kulokho okuhlosiwe iyatholakala. Inguqulo ekhokhelwayo yeGravity iphinda yengeze izici zokuphepha, ezifaka i-RBAC kanye nekhono lokuvumelanisa izilungiselelo zokuphepha kuwo wonke amaqoqo ahlukene.
Inguqulo yakamuva enkulu, i-Gravity 7, ingakhipha isithombe se-Gravity kuqoqo elikhona le-Kubernetes, esikhundleni sokuzungeza iqoqo elisha elivela esithombeni. I-Gravity 7 ingaphinda isebenze ngamaqoqo afakwe ngaphandle kwesithombe se-Gravity. I-Gravity iphinde isekele i-SELinux, futhi isebenza ngokwendabuko ngesango le-Teleport SSH.
I-Kaniko: Yakha iziqukathi ngeqoqo le-Kubernetes
Izithombe eziningi zeziqukathi zakhiwe kumasistimu angaphandle kwesitaki sesiqukathi. Nokho, ngezinye izikhathi udinga ukwakha isithombe ngaphakathi kwesitaki sesitsha, isibonelo, endaweni ethile esitsheni esigijimayo, noma kuqoqo le-Kubernetes.
yakha iziqukathi ngaphakathi kwendawo yeziqukathi, kodwa ngaphandle kokuncika ngesevisi yokufaka iziqukathi, njenge-Docker. Esikhundleni salokho, u-Kaniko ukhipha uhlelo lwefayela emfanekisweni oyisisekelo, ugijima yonke imiyalo yokwakha endaweni yomsebenzisi phezu kwesistimu yefayela ekhishiwe, ethatha isifinyezo sesistimu yefayela ngemva komyalo ngamunye.
Qaphela: I-Kaniko okwamanje (May 2020, cishe. umhumushi) ayikwazi ukwakha iziqukathi zeWindows.
I-Kubecost: Imingcele yezindleko zokuqalisa i-Kubernetes
Amathuluzi amaningi okuphatha e-Kubernetes agxile ekusebenziseni kalula, ukuqapha, ukuqonda ukuziphatha ngaphakathi kwe-pod, njll. Kodwa kuthiwani ngokubheka izindleko - ngamadola namasenti - ahlobene nokugijima i-Kubernetes?
Icubungula amapharamitha e-Kubernetes ngesikhathi sangempela, okuholela olwazini lwakamuva lwezindleko olusuka kumaqoqo asebenza kubahlinzeki abakhulu bamafu, aboniswa kudeshibhodi ebonisa izindleko zanyanga zonke zeqoqo ngalinye. Izintengo ze-RAM, isikhathi se-CPU, i-GPU ne-subsystem yediski zihlukaniswa yingxenye ye-Kubernetes (isitsha, i-pod, isevisi, njll.)
I-Kubecost iphinde ilandelele izindleko zezinsiza ze-off-cluster ezifana namabhakede e-Amazon S3, nakuba lokhu kukhawulelwe ku-AWS. Idatha yezindleko ingathunyelwa ku-Prometheus ukuze ukwazi ukuyisebenzisela ukushintsha ngokohlelo ukuziphatha kweqoqo.
I-Kubecost imahhala ukuyisebenzisa inqobo nje uma izinsuku ezingu-15 zedatha yelogi zanele kuwe. Ukuze uthole izici ezengeziwe, izintengo ziqala ku-$199 nyanga zonke zokuqapha izindawo ezingu-50.
I-KubeDB: Isebenzisa imininingwane yokulwa ku-Kubernetes
Izizindalwazi nazo zinzima kakhulu ukuzisebenzisa ngempumelelo ku-Kubernetes. Uzothola ama-opharetha e-Kubernetes e-MySQL, PostgreSQL, MongoDB, kanye neRedis, kodwa wonke anezihibe. Futhi, isethi evamile yesici se-Kubernetes ayixazululi ngokuqondile izinkinga eziningi zesizindalwazi.
ikusiza ukuthi udale izitatimende zakho ze-Kubernetes ukuze uphathe isizindalwazi. Ukwenza izipele, ukwenza i-cloning, ukuqapha, izifinyezo, nokudalwa kwesizindalwazi esimemezelayo kuyizingxenye zakhona. Sicela uqaphele ukuthi ukusekelwa kwesici kungahluka ngesizindalwazi. Isibonelo, ukudala iqoqo kusebenzela i-PostgreSQL, kodwa hhayi i-MySQL ( kukhona, njengoba kuphawulwe kahle , cishe. umhumushi).
I-Kube-monkey: I-Chaos Monkey ye-Kubernetes
Indlela engenaphutha kakhulu yokuhlola ingcindezi ithathwa njengokuhlukana okungahleliwe. Lowo ngumbono we-Chaos Monkey ye-Netflix, ithuluzi lobunjiniyela elinesiphithiphithi elivala ngokuzenzakalelayo imishini ebonakalayo neziqukathi zokukhiqiza ukuze "kukhuthazwe" onjiniyela bakhe amasistimu aqinile. - ukuqaliswa kwethiyori eyisisekelo efanayo yokuhlolwa kwengcindezi yamaqoqo e-Kubernetes. Isebenza ngokubulala ngokungahleliwe ama-pods kuqoqo olikhethile, futhi ingalungiselelwa ukuthi isebenze ngesikhathi esithile.
I-Kubernetes Ingress Controller ye-AWS
I-Kubernetes inikeza isilinganisi somthwalo wangaphandle kanye nezinsizakalo zokuxhumana zeqoqo ngesevisi ebizwa I-AWS ihlinzeka ngokusebenza kokulinganisa komthwalo, kodwa ayikuxhumi ngokuzenzakalelayo namandla afanayo e-Kubernetes. ivala lesi sikhala.
Iphatha ngokuzenzakalela izinsiza ze-AWS zento ngayinye yokungena kuqoqo, idale izilinganisi zomthwalo wezinsiza ezintsha zokungena, futhi isuse izilinganisi zomthwalo lapho izinsiza zisuswa. Isebenzisa i-CloudFormation ukuqinisekisa ukuthi isimo seqoqo sihlala singaguquki. Iphinde isekele izilungiselelo ze-Alarm ye-CloudWatch futhi ilawule ngokuzenzakalelayo ezinye izici ezisetshenziswa kuqoqo, njengezitifiketi ze-SSL ne-EC2 Auto Scalling Groups.
I-Kubespray: Ukufakwa okuzenzakalelayo kwe-Kubernetes
izenzela ngokuzenzakalelayo ukufakwa kweqoqo le-Kubernetes elilungele ukukhiqiza, kusukela ekufakweni kumaseva wehadiwe kuya kumafu omphakathi amakhulu. Isebenzisa i-Ansible (Vagrant - ozikhethela yona) ukuze iqalise ukuthunyelwa futhi idale iqoqo elitholakala kakhulu kusukela ekuqaleni ngokukhetha kwakho isengezo senethiwekhi (njengeFlannel, Calico nezinye) ekusabalaliseni kwakho okuthandwayo kweLinux lapho ifakwe kumaseva wehadiwe.
I-Skaffold: I-Iterative Development ye-Kubernetes
- elinye lamathuluzi e-Google asetshenziswa ukuhlela izinhlelo zokusebenza ze-CD ku-Kubernetes. Lapho nje wenza izinguquko kukhodi yomthombo, i-skaffold ithola lokhu ngokuzenzakalelayo, iqala ukwakha nokuphakela, futhi iyakuxwayisa uma kukhona amaphutha. I-Skaffold isebenza ngokuphelele ngasohlangothini lweklayenti, ngakho-ke kungase kube nezinkinga ezincane zokufakwa noma zokuvuselela. Ingasetshenziswa namapayipi akhona e-CICD futhi ingaxhuma namanye amathuluzi okwakha angaphandle, ikakhulukazi i-Bazel yakwa-Google.
U-Teresa: I-PaaS elula kakhulu ku-Kubernetes
iwuhlelo lokuthunyelwa kwezicelo olusebenzisa i-PaaS elula phezu kwe-Kubernetes. Abasebenzisi abahlelwe ngamaqembu bangasebenzisa futhi baphathe izinhlelo zokusebenza ezingabanikazi. Lokhu kwenza izinto zibe lula kubantu abathemba uhlelo lokusebenza futhi abafuni ukubhekana ne-Kubernetes nazo zonke izinto eziyinkimbinkimbi.
Tshekisa: Ukusakaza-bukhoma izibuyekezo zesiqukathi kumaqoqo e-Kubernetes
, ethuthukiswe yi-Windmill Engineering, ibheka izinguquko kuma-Dockerfiles ahlukene bese kancane kancane ithumela iziqukathi ezihambisanayo kuqoqo le-Kubernetes. Empeleni, ikuvumela ukuthi ubuyekeze iqoqo lakho lokukhiqiza ngesikhathi sangempela ngokubuyekeza ama-Dockerfiles. I-Tilt yakha ngaphakathi kweqoqo, ikhodi yomthombo iyona kuphela edinga ukushintshwa. Ungakwazi futhi ukuthatha isifinyezo sempilo yeqoqo futhi uthwebule izimo zephutha ngokuqondile ukusuka ku-Tilt ukuze wabelane namalungu eqembu ukuze kulungiswe iphutha.
PS Sisebenzise kaningi la mathuluzi siphenye ngezandla zethu ezifuna ukwazi. Ukwethula izinqubo zangempela kakade (ngethemba!) ezifundweni ezijulile ezingaxhunyiwe ku-inthanethi ngoFebruwari. February 8β10, 2021. Futhi Februwari 12-14. Ngokweqiniso, futhi sikhumbula isimo esifudumele nesigcwele amandla sokufunda ungaxhunyiwe ku-inthanethi. Kungakhathaliseki ukuthi ubuchwepheshe buthuthuke kangakanani, abukwazi ukuthatha indawo yokuxhumana kwabantu okubukhoma kanye nomoya okhethekile lapho abantu abanomqondo ofanayo bebuthana.
Source: www.habr.com