Ukukala okuzenzakalelayo nokuphathwa kwezinsiza ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Ephreli 27 engqungqutheleni Isiteleka sango-2019, njengengxenye yesigaba se-“DevOps”, umbiko othi “Autoscaling nokuphathwa kwezinsiza ku-Kubernetes” unikiwe. Ikhuluma ngokuthi ungasebenzisa kanjani ama-K8 ukuze uqinisekise ukutholakala okuphezulu kwezinhlelo zakho zokusebenza nokuqinisekisa ukusebenza okuphezulu.

Ngokwesiko, siyajabula ukwethula ividiyo yombiko (Imizuzu engama-44, inolwazi kakhulu kune-athikili) kanye nesifinyezo esiyinhloko efomini yombhalo. Hamba!

Ake sihlaziye isihloko sombiko igama negama futhi siqale kusukela ekugcineni.

Kubernetes

Ake sithi sineziqukathi ze-Docker kumsingathi wethu. Kwani? Ukuqinisekisa ukuphindaphinda nokuhlukaniswa, okubuye kuvumele ukuthunyelwa okulula nokuhle, i-CI/CD. Sinezimoto eziningi ezinjalo ezinamabhokisi.

U-Kubernetes uhlinzeka ngani kuleli cala?

1. Siyayeka ukucabanga ngale mishini bese siqala ukusebenza "nefu" iqoqo lezitsha noma ama-pods (amaqembu ezitsha).
2. Ngaphezu kwalokho, asicabangi ngisho ngama-pods ngamanye, kodwa siphatha okuningiоamaqembu amakhulu. Enjalo ama-primitives aphezulu sivumele ukuthi sisho ukuthi kukhona isifanekiso sokuqalisa umsebenzi othile, futhi nali inombolo edingekayo yezimo zokuyiqhuba. Uma ngokulandelayo sishintsha isifanekiso, zonke izimo zizoshintsha.
3. Ngosizo luka declarative API Esikhundleni sokwenza ukulandelana kwemiyalelo ethile, sichaza "isakhiwo somhlaba" (ku-YAML), esidalwe ngu-Kubernetes. Futhi futhi: lapho incazelo ishintsha, isibonisi sayo sangempela sizoshintsha.

Ukuphathwa kwezinsiza

CPU

Masigijime nginx, php-fpm kanye ne-mysql kuseva. Lezi zinsizakalo empeleni zizoba nezinqubo ezengeziwe ezisebenzayo, ngayinye yazo edinga izinsiza zekhompyutha:

(izinombolo ezikuslayidi “zingamapholi”, isidingo esingabonakali senqubo ngayinye yamandla ekhompyutha)

Ukwenza kube lula ukusebenza nalokhu, kunengqondo ukuhlanganisa izinqubo zibe ngamaqembu (isibonelo, zonke izinqubo ze-nginx zibe yiqembu elilodwa elithi "nginx"). Indlela elula nesobala yokwenza lokhu ukubeka iqembu ngalinye esitsheni:

Ukuze uqhubeke, udinga ukukhumbula ukuthi siyini isiqukathi (ku-Linux). Ukubukeka kwabo kwenziwa ngenxa yezici ezintathu ezibalulekile ku-kernel, ezisetshenziswe kudala kakhulu: amandla, ama-namespaces и amaqoqo. Futhi ukuthuthukiswa okuqhubekayo kwaqhutshwa ngobunye ubuchwepheshe (okuhlanganisa “amagobolondo” alula njenge-Docker):

Ngokwengqikithi yombiko, sinentshisekelo kuphela kuyo amaqoqo, ngoba amaqembu okulawula ayingxenye yokusebenza kweziqukathi (i-Docker, njll.) esebenzisa ukuphathwa kwensiza. Izinqubo ezihlanganiswe ngamaqembu, njengoba besifuna, zingamaqembu okulawula.

Ake sibuyele kuzidingo ze-CPU zalezi zinqubo, futhi manje ngamaqembu ezinqubo:

(Ngiyaphinda ngithi zonke izinombolo ziwukubonakaliswa okungacacile kwesidingo sezinsiza)

Ngesikhathi esifanayo, i-CPU ngokwayo inomthombo othile olinganiselwe (esibonelweni lokhu kungu-1000), wonke umuntu angase aswele (isamba sezidingo zawo wonke amaqembu ngu-150+850+460=1460). Kuzokwenzekani kuleli cala?

I-kernel iqala ukusabalalisa izinsiza futhi ikwenze "ngokufanele", inikeze inani elifanayo lezinsiza eqenjini ngalinye. Kodwa esimweni sokuqala, ziningi kunalokho okudingekayo (333> 150), ngakho-ke okweqile (333-150 = 183) kusele kugcinwe, okuphinde kusatshalaliswe ngokulinganayo phakathi kwezinye iziqukathi ezimbili:

Ngenxa yalokho: isitsha sokuqala sasinezinsiza ezanele, okwesibili - sasingenazo izinsiza ezanele, okwesithathu - sasingenazo izinsiza ezanele. Lona umphumela wezenzo Isihleli "esithembekile" ku-Linux - CFS. Ukusebenza kwayo kungalungiswa kusetshenziswa isabelo izinsimbi ngayinye yezitsha. Ngokwesibonelo, kanje:

Ake sibheke icala lokuntuleka kwezinsiza esitsheni sesibili (php-fpm). Zonke izinsiza zeziqukathi zabiwa ngokulinganayo phakathi kwezinqubo. Ngenxa yalokho, inqubo eyinhloko isebenza kahle, kodwa bonke abasebenzi behlisa ijubane, bethola ngaphansi kwengxenye yalokho abakudingayo:

Lena yindlela umhleli we-CFS osebenza ngayo. Sizophinde sibize izisindo esizabela iziqukathi izicelo. Kungani lokhu kunjalo - bheka okwengeziwe.

Ake sibheke sonke isimo ngakolunye uhlangothi. Njengoba wazi, yonke imigwaqo iholela eRoma, futhi endabeni yekhompyutha, iholela ku-CPU. I-CPU eyodwa, imisebenzi eminingi - udinga ukukhanya kwethrafikhi. Indlela elula yokuphatha izinsiza “ukukhanya kwethrafikhi”: banikeze inqubo eyodwa isikhathi esinqunyiwe sokufinyelela ku-CPU, bese kulandela esilandelayo, njll.

Le ndlela ibizwa ngokuthi ama-hard quotas (ukukhawulela kanzima). Ake sikukhumbule kalula nje imikhawulo. Kodwa-ke, uma usakaza imikhawulo kuzo zonke iziqukathi, kuphakama inkinga: i-mysql ibishayela emgwaqeni futhi ngesinye isikhathi isidingo sayo se-CPU siphelile, kodwa zonke ezinye izinqubo ziphoqeleka ukuthi zilinde kuze kube yilapho i-CPU. engenzi lutho.

Ake sibuyele ku-Linux kernel kanye nokusebenzisana kwayo ne-CPU - isithombe sonke simi kanje:

I-cgroup inezilungiselelo ezimbili - empeleni lawa "ama-twist" amabili alula akuvumela ukuthi unqume:

1. isisindo sesitsha (izicelo) si ukwabelana;
2. iphesenti lesikhathi esiphelele se-CPU sokusebenza emisebenzini yesiqukathi (imikhawulo). isabelo.

Ilinganisa kanjani i-CPU?

Kunezindlela ezahlukene:

1. Yini amaproti, akekho owaziyo - udinga ukuxoxisana ngaso sonke isikhathi.
2. Inzalo kucace kakhudlwana, kodwa kuhlobene: I-50% yeseva enama-cores angu-4 kanye nama-cores angu-20 yizinto ezihluke ngokuphelele.
3. Ungasebenzisa lezi esezibaluliwe izinsimbi, okuyinto i-Linux eyaziyo, kodwa futhi ihlobene.
4. Inketho eyanele kakhulu ukukala izinsiza zekhompiyutha ku imizuzwana. Labo. ngemizuzwana yesikhathi sokucubungula ngokuhlobene namasekhondi esikhathi sangempela: isekhondi elingu-1 lesikhathi sokuphrosesa lanikezwa ngomzuzwana ongu-1 wangempela - lena ingqikithi eyodwa ye-CPU.

Ukuze kube lula nakakhulu ukukhuluma, baqala ukulinganisa ngokuqondile izinhlamvu, okusho ngabo isikhathi esifanayo se-CPU esihlobene nesangempela. Njengoba i-Linux iqonda izisindo, kodwa hhayi isikhathi esiningi se-CPU/ama-cores, kwakudingeka indlela yokuhumusha isuka kokunye iye kwenye.

Ake sicabangele isibonelo esilula ngeseva enama-cores angu-3 we-CPU, lapho ama-pods amathathu azonikezwa izisindo (500, 1000 kanye ne-1500) eziguqulwa kalula zibe izingxenye ezihambisanayo zama-cores abelwe wona (0,5, 1 kanye no-1,5).

Uma uthatha iseva yesibili, lapho kuzoba khona ama-cores amaningi aphindwe kabili (6), futhi ubeke ama-pods afanayo lapho, ukusatshalaliswa kwama-cores kungabalwa kalula ngokuphindaphinda ngo-2 (1, 2 no-3, ngokulandelana). Kodwa umzuzu obalulekile uvela lapho i-pod yesine ibonakala kule seva, isisindo sayo, ukuze kube lula, sizoba ngu-3000. Isusa ingxenye yezinsiza ze-CPU (ingxenye yama-cores), futhi kuma-pods asele abalwa kabusha (isigamu):

Izinsiza ze-Kubernetes ne-CPU

Ku-Kubernetes, izinsiza ze-CPU zivame ukukalwa i-milliadrax, i.e. Ama-cores angu-0,001 athathwa njengesisindo esiyisisekelo. (Into efanayo ku-Linux/cgroups terminology ibizwa nge-CPU share, nakuba, ngokuqondile, 1000 millicores = 1024 CPU amasheya.) I-K8s iqinisekisa ukuthi ayibeki ama-pods amaningi kuseva kunezinsiza ze-CPU zesamba sezisindo zawo wonke ama-pods.

Kwenzeka kanjani lokhu? Uma ungeza iseva kuqoqo le-Kubernetes, kuyabikwa ukuthi mangaki ama-CPU cores enawo. Futhi lapho udala i-pod entsha, umhleli we-Kubernetes uyazi ukuthi mangaki ama-cores le pod azowadinga. Ngakho-ke, i-pod izokwabelwa kuseva lapho kukhona ama-cores anele.

Kuzokwenzekani uma hhayi isicelo sicacisiwe (okungukuthi i-pod ayinayo inombolo ecacisiwe yama-cores eyidingayo)? Ake sithole ukuthi uKubernetes uvame ukubala kanjani izinsiza.

Nge-pod ungacacisa zombili izicelo (isihleli se-CFS) kanye nemikhawulo (ukhumbula irobhothi?):

• Uma zichazwe zilingana, khona-ke i-pod inikezwa isigaba se-QoS okuqinisekisiwe. Le nombolo yama-cores ehlala itholakala kuyo iqinisekisiwe.
• Uma isicelo singaphansi komkhawulo - isigaba se-QoS kuqhuma. Labo. Silindele i-pod, ngokwesibonelo, ukuthi ihlale isebenzisa umongo ongu-1, kodwa leli nani aliwona umkhawulo kulo: ngezinye izikhathi i-pod ingasebenzisa okuningi (uma iseva inezinsiza zamahhala zalokhu).
• Kukhona nekilasi le-QoS umzamo omuhle kakhulu - kuhlanganisa lawo ma-pods isicelo esingashiwongo. Izinsiza zinikezwa bona okokugcina.

inkumbulo

Ngenkumbulo, isimo siyefana, kodwa sihluke kancane - phela, uhlobo lwalezi zinsiza luhlukile. Ngokuvamile, isifaniso simi kanje:

Ake sibone ukuthi izicelo zenziwa kanjani kumemori. Vumela ama-pods aphile kuseva, aguqule ukusetshenziswa kwememori, kuze kube yilapho enye yazo iba nkulu kangangokuthi iphelelwa yinkumbulo. Kulokhu, umbulali we-OOM uyavela futhi abulale inqubo enkulu kunazo zonke:

Lokhu akuhambisani nathi ngaso sonke isikhathi, ngakho-ke kungenzeka ukulawula ukuthi yiziphi izinqubo ezibalulekile kithi futhi akufanele zibulawe. Ukuze wenze lokhu, sebenzisa ipharamitha oom_score_adj.

Ake sibuyele emakilasini e-QoS e-CPU futhi sidwebe isifaniso namanani we-oom_score_adj anquma izinto eziza kuqala ukusetshenziswa kwememori kuma-pods:

• Inani eliphansi le-oom_score_adj le-pod - -998 - lisho ukuthi i-pod enjalo kufanele ibulawe ekugcineni, lokhu okuqinisekisiwe.
• Okuphakeme kakhulu - 1000 - kuyinto umzamo omuhle kakhulu, izidumba ezinjalo zibulawa kuqala.
• Ukubala amanani asele (kuqhuma) kunefomula, ingqikithi yayo efika eqinisweni lokuthi uma izinsiza ezengeziwe i-pod eceliwe, mancane amathuba okuthi ibulawe.

Eyesibili "twist" - umkhawulo_ngamabhayithi - ngemikhawulo. Ngayo, konke kulula: simane sinikeze inani eliphakeme lememori ekhishiwe, futhi lapha (ngokungafani ne-CPU) akukho mbuzo wokuthi ungayilinganisa kanjani (inkumbulo).

Inani

I-pod ngayinye e-Kubernetes inikezwa requests и limits - womabili amapharamitha we-CPU nenkumbulo:

1. ngokusekelwe ezicelweni, umhleli we-Kubernetes uyasebenza, esabalalisa ama-pod phakathi kwamaseva;
2. ngokusekelwe kuwo wonke amapharamitha, isigaba se-QoS se-pod sinqunywa;
3. Izisindo ezihlobene zibalwa ngokusekelwe ezicelweni ze-CPU;
4. isihleli se-CFS simisiwe ngokusekelwe ezicelweni ze-CPU;
5. I-OOM killer ilungiselelwe ngokusekelwe kwizicelo zememori;
6. "ukukhanya kwethrafikhi" kulungiselelwa ngokusekelwe emikhawulweni ye-CPU;
7. Ngokusekelwe emikhawulweni yenkumbulo, umkhawulo uyalungiselelwa iqembu.

Ngokuvamile, lesi sithombe siphendula yonke imibuzo mayelana nokuthi ingxenye eyinhloko yokuphathwa kwezinsiza kwenzeka kanjani ku-Kubernetes.

Ukukala okuzenzakalelayo

I-K8s cluster-autoscaler

Ake sicabange ukuthi iqoqo lonke selivele ligcwele futhi i-pod entsha idinga ukwakhiwa. Nakuba i-pod ingakwazi ukuvela, ilenga esimweni okulindile. Ukuze ivele, singaxhuma iseva entsha ku-cluster noma... faka i-cluster-autoscaler, ezosenzela yona: oda umshini obonakalayo kumhlinzeki wamafu (usebenzisa isicelo se-API) futhi uyixhume kuqoqo. , emva kwalokho kuzofakwa i-pod.

Lokhu ukulinganisa okuzenzakalelayo kweqoqo le-Kubernetes, elisebenza kahle (kokuhlangenwe nakho kwethu). Kodwa-ke, njengakwezinye izindawo, kukhona ama-nuances lapha ...

Uma nje sandise usayizi weqoqo, konke kwakuhamba kahle, kodwa kwenzekani lapho iqoqo waqala ukuzikhulula? Inkinga ukuthi ukuthutha ama-pods (ukukhulula ababungazi) kunzima kakhulu ngokobuchwepheshe futhi kuyabiza ngokwezinsiza. UKubernetes usebenzisa indlela ehluke ngokuphelele.

Cabangela iqoqo lamaseva angu-3 anokusebenzisa. Inama-pods ayi-6: manje sekukhona ama-2 kuseva ngayinye. Ngesizathu esithile besifuna ukuvala enye yeziphakeli. Ukwenza lokhu sizosebenzisa umyalo kubectl drain, okuthi:

• izokwenqabela ukuthumela ama-pod amasha kule seva;
• izosusa ama-pod akhona kuseva.

Njengoba uKubernetes enesibopho sokugcina inani lama-pods (6), kulula izodala kabusha kwamanye ama-node, kodwa hhayi kule ekhubazekile, njengoba isivele imakwe njengengatholakali ekusingatheni ama-pods amasha. Lona umakhenikha oyisisekelo we-Kubernetes.

Nokho, kukhona i-nuance lapha futhi. Esimeni esifanayo, ku-StatefulSet (esikhundleni Soku-Deployment), izenzo zizohluka. Manje sesivele sinesicelo esibucayi - isibonelo, ama-pods amathathu ane-MongoDB, enye yazo enenkinga ethile (idatha yonakalisiwe noma elinye iphutha elivimbela i-pod ukuthi iqale kahle). Futhi siphinda sinquma ukukhubaza iseva eyodwa. Kuzokwenzekani?

I-MongoDB kungenzeka iyafa ngoba idinga ikhoramu: kuqoqo lokufakwa okuthathu, okungenani okubili kufanele kusebenze. Nokho, lokhu kungenzeki - sibonga u I-PodDisruptionBudget. Le parameter inquma inani elincane elidingekayo lama-pods asebenzayo. Ukwazi ukuthi enye ye-MongoDB pods ayisasebenzi, futhi ukubona ukuthi i-PodDisruptionBudget isethelwe i-MongoDB. minAvailable: 2, i-Kubernetes ngeke ikuvumele ukuthi ususe i-pod.

Ngezansi: ukuze ukunyakaza (futhi empeleni, ukwakhiwa kabusha) kwama-pods kusebenze kahle lapho iqoqo likhishwa, kuyadingeka ukulungisa i-PodDisruptionBudget.

Ukukala okuvundlile

Ake sicabangele esinye isimo. Kukhona uhlelo lokusebenza olusebenza njengokuthunyelwa ku-Kubernetes. I-traffic yomsebenzisi ifika kuma-pods ayo (isibonelo, kukhona ezintathu zazo), futhi silinganisa inkomba ethile kuzo (ithi, umthwalo we-CPU). Lapho umthwalo ukhula, siyawuqopha ohlelweni futhi sikhulise inani lama-pods ukusabalalisa izicelo.

Namuhla ku-Kubernetes lokhu akudingi ukwenziwa ngesandla: ukukhuphuka okuzenzakalelayo/ukwehla kwenani lama-pods kuhlelwa ngokuya ngamanani wezinkomba zomthwalo okaliwe.

Imibuzo eyinhloko lapha: yini ngempela ukukala и indlela yokuhumusha amanani atholakele (wokwenza isinqumo sokushintsha inani lama-pods). Ungakwazi ukukala okuningi:

Ungakwenza kanjani lokhu ngobuchwepheshe - qoqa amamethrikhi, njll. - Ngakhuluma ngokuningiliziwe embikweni mayelana Ukuqapha kanye ne-Kubernetes. Futhi iseluleko esiyinhloko sokukhetha amapharamitha alungile ukuhlola!

Zikhona SEBENZISA indlela (Ukusetshenziswa kweSaturation namaphutha), incazelo yalo imi kanje. Kukusiphi isisekelo kunengqondo ukukala, isibonelo, php-fpm? Ngokusekelwe eqinisweni lokuthi abasebenzi bayaphela, lokhu ukusetshenziswa. Futhi uma abasebenzi sebephelile futhi ukuxhumana okusha kungamukelwa, lokhu sekuvele kuphelile ukugcwala. Yomibili le mingcele kufanele ikalwe, futhi kuye ngamavelu, ukukala kufanele kwenziwe.

Esikhundleni isiphetho

Umbiko unokuqhubeka: mayelana nokukala okuqondile kanye nendlela yokukhetha izinsiza ezifanele. Ngizokhuluma ngalokhu kumavidiyo azayo i-YouTube yethu - bhalisa ukuze ungaphuthelwa!

Amavidiyo namaslayidi

Ividiyo evela ekusebenzeni (imizuzu engama-44):

Ukwethulwa kombiko:

PS

Eminye imibiko mayelana ne-Kubernetes kubhulogi yethu:

• «Inweba futhi igcwalise i-Kubernetes» (Andrey Polovov; Ephreli 8, 2019 ku-Saint HighLoad++);
• «Databases kanye Kubernetes» (Dmitry Stolyarov; Novemba 8, 2018 ku-HighLoad++);
• «Ukuqapha kanye ne-Kubernetes» (Dmitry Stolyarov; May 28, 2018 at RootConf);
• «I-CI/CD Imikhuba Engcono Kakhulu nge-Kubernetes kanye ne-GitLab» (Dmitry Stolyarov; Novemba 7, 2017 ku-HighLoad++);
• «Okuhlangenwe nakho kwethu ne-Kubernetes kumaphrojekthi amancane» (Dmitry Stolyarov; Juni 6, 2017 e-RootConf).

Source: www.habr.com