ProHoster > I-blog > Ukuphatha > I-CSE: I-Kubernetes yalabo abaku-vCloud

I-CSE: I-Kubernetes yalabo abaku-vCloud

I-CSE: I-Kubernetes yalabo abaku-vCloud
Sawubona wonke umuntu!

Kwenzeka lokhu nje ithimba lethu elincane, hhayi kamuva nje futhi ngokungazelelwe, selikhule laze lathuthela eminye yemikhiqizo yethu (futhi okungenzeka yonke) iye ku-Kubernetes.

Kwakunezizathu eziningi zalokhu, kodwa indaba yethu ayikhulumi ngempi engcwele.

Besinokuncane ukukhetha ngokwengqalasizinda: Umqondisi we-vCloud kanye noMqondisi we-vCloud. Sakhetha entsha futhi sanquma ukuqalisa.

Ngemva kokuphenya "Indlela Enzima" futhi, ngisheshe ngafinyelela esiphethweni sokuthi ithuluzi lokuzenzakalela okungenani izinqubo eziyisisekelo njengokuthunyelwa nokulinganisa belidingeka izolo. Ukungena ngokujulile ku-Google kuveze umkhiqizo obizwa nge-VMware Container Service Extension (CSE)—umkhiqizo ovulekile owenza ngokuzenzakalelayo ukudalwa nokulinganisa amaqoqo e-K8S kulabo abasebenzisa i-vCloud.

Umshwana wokuzihlangula: I-CSE inemikhawulo yayo, kodwa ibiphelele ngokwezinjongo zethu. Isixazululo futhi sidinga ukusekelwa umhlinzeki wamafu, kodwa njengoba ingxenye yeseva nayo ingumthombo ovulekile, sicela uyicele kumphathi wakho wendawo.

Ukuze uqalise, udinga i-akhawunti yomlawuli enhlanganweni ye-vCloud kanye nenethiwekhi edalwe kusengaphambili yeqoqo (ukufinyelela i-inthanethi kusuka kule nethiwekhi kuyadingeka ngesikhathi sokuthunyelwa; ungakhohlwa ukulungisa i-firewall/NAT). Ukukhuluma akunandaba. Kulesi sibonelo, sizosebenzisa 10.0.240.0/24.

I-CSE: I-Kubernetes yalabo abaku-vCloud

Njengoba iqoqo lizodinga ukuphathwa ngemva kokudalwa, kuyanconywa ukuthi ube ne-VPN enomzila oya kunethiwekhi edaliwe. Sisebenzisa i-SSL VPN ejwayelekile elungiselelwe ku-Edge Gateway yenhlangano yethu.

Okulandelayo, udinga ukufaka iklayenti le-CSE lapho uzobe ulawula khona amaqoqo akho e-K8s. Endabeni yami, leyo yilaptop esebenzayo kanye neziqukathi ezimbalwa ezifihlwe kahle eziphatha okuzenzakalelayo.

Iklayenti lidinga inguqulo yePython 3.7.3 noma ngaphezulu futhi imojula ifakiwe. vcd-cli, ngakho sizofaka kokubili.

pip3 install vcd-cli

pip3 install container-service-extension

Ngemva kokufaka, sibheka inguqulo ye-CSE futhi sithole okulandelayo:

# vcd cse version
Error: No such command "cse".

Akulindelekile, kodwa kuyalungiseka. Kuvele ukuthi i-CSE idinga ukufakwa njengemojula ku-vcd-cli.
Ukuze wenze lokhu, kufanele uqale ungene ngemvume kunhlangano yethu usebenzisa i-vcd-cli:

# vcd login MyCloud.provider.com org-dev admin
Password: 
admin logged in, org: 'org-dev', vdc: 'org-dev_vDC01'

Ngemva kwalokhu, i-vcd-cli izodala ifayela lokumisa ~/.vcd-cli/profiles.yaml
Ekupheleni kwayo udinga ukwengeza okulandelayo:

extensions:
  - container_service_extension.client.cse

Ngemva kwalokho, sihlola futhi:

# vcd cse version
CSE, Container Service Extension for VMware vCloud Director, version 2.5.0

Isigaba sokufaka iklayenti siphelile. Ake sizame ukusebenzisa iqoqo lokuqala.
I-CSE inamasethi amaningana amapharamitha wokusetshenziswa, wonke angabukwa lapha.

Okokuqala, masidale okhiye bokufinyelela okungenaphasiwedi kuqoqo elizayo. Lokhu kubalulekile, njengoba ukufinyelela okusekelwe ku-password kumanodi kukhutshazwa ngokuzenzakalela, futhi ngaphandle kokhiye, ungagcina wenze umsebenzi omningi ngokusebenzisa ama-virtual machine consoles, okungelula neze.

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

Ake sizame ukuqala ukwakha iqoqo:

vcd cse cluster create MyCluster --network k8s_cluster_net --ssh-key ~/.ssh/id_rsa.pub --nodes 3 --enable-nfs

Uma sithola iphutha Iphutha: Isikhathi siphelelwe yisikhathi noma umsebenzisi akangenanga ngemvume. Sicela ungene futhi. - ngena ngemvume ku-vCloud futhi usebenzisa i-vcd-cli njengoba kuchazwe ngenhla bese uzama futhi.

Kulokhu konke kuhamba kahle futhi umsebenzi wokudala iqoqo uqalile.

cluster operation: Creating cluster vApp 'MyCluster' (38959587-54f4-4a49-8f2e-61c3a3e879e0) from template 'photon-v2_k8-1.12_weave-2.3.0' (revision 1)

Umsebenzi uzothatha cishe imizuzu engu-20 ukuqeda, kodwa okwamanje, ake sidlule amapharamitha okuqalisa ayisisekelo.

— inethiwekhi — inethiwekhi esiyidale ngaphambilini.
--ssh-key - okhiye esibadalile abazobhalwa kuma-cluster nodes
--nodes n - Inani lamanodi ezisebenzi kuqoqo. Kuyohlala kukhona i-master node eyodwa; lokhu kuwumkhawulo we-CSE.
--enable-nfs - dala enye i-node yamasheya e-NFS ngaphansi kwamavolumu aqhubekayo. Lena kancane inketho fiddly; sizobuyela ekulungiseni kahle ukusebenza kwayo ngokuhamba kwesikhathi.

Ngaleso sikhathi, ku-vCloud ungabheka ngokubonakalayo ukudalwa kweqoqo.
I-CSE: I-Kubernetes yalabo abaku-vCloud

Uma umsebenzi wokudala iqoqo usuqediwe, usulungele ukusebenza.

Ake sihlole ukufaneleka kokuthunyelwa ngomyalo Ulwazi lweqoqo le-vcd cse MyCluster

I-CSE: I-Kubernetes yalabo abaku-vCloud

Okulandelayo sidinga ukuthola ukucushwa kweqoqo ukuze sikusebenzise kubctl

# vcd cse cluster config MyCluster > ./.kube/config

Futhi ungabheka isimo seqoqo ulisebenzisa:

I-CSE: I-Kubernetes yalabo abaku-vCloud

Kuleli qophelo, iqoqo lingabhekwa njengelisebenzayo, uma kungenjalo ngenxa yenkinga yevolumu eqhubekayo. Njengoba siku-vCloud, ukusebenzisa i-vSphere Provider akuyona inketho. -vumela-nfs Yayiklanyelwe ukuxazulula le nkinga, kodwa ayizange isebenze ngokuphelele. Kudingeka ukulungiswa mathupha.

Ukuqala, indawo yethu idinga ukudala idiski ezimele ehlukile ku-vCloud. Lokhu kuqinisekisa ukuthi idatha yethu ngeke inyamalale kanye neqoqo uma lisuswa. Sizophinda sikhweze idiski ku-NFS.

# vcd disk create nfs-shares-1 100g --description 'Kubernetes NFS shares'
# vcd vapp attach mycluster nfsd-9604 nfs-shares-1

Ngemuva kwalokho, sihamba nge-ssh (udale okhiye ngempela, akunjalo?) ku-node yethu ye-NFS futhi ekugcineni sixhuma idiski:

root@nfsd-9604:~# parted /dev/sdb
(parted) mklabel gpt
Warning: The existing disk label on /dev/sdb will be destroyed and all data on
this disk will be lost. Do you want to continue?
Yes/No? yes
(parted) unit GB
(parted) mkpart primary 0 100
(parted) print
Model: VMware Virtual disk (scsi)
Disk /dev/sdb: 100GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End    Size   File system  Name     Flags
 1      0.00GB  100GB  100GB               primary

(parted) quit
root@nfsd-9604:~# mkfs -t ext4 /dev/sdb1
Creating filesystem with 24413696 4k blocks and 6111232 inodes
Filesystem UUID: 8622c0f5-4044-4ebf-95a5-0372256b34f0
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
	4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

Sakha uhla lwemibhalo lwedatha futhi sikhweze ukwahlukanisa okusha lapho:

mkdir /export
echo '/dev/sdb1  /export   ext4  defaults   0 0' >> /etc/fstab
mount -a

Masidale izingxenye ezinhlanu zokuhlola futhi sabelane ngazo kulo lonke iqoqo:

>cd /export
>mkdir vol1 vol2 vol3 vol4 vol5
>vi /etc/exports
#Добавим это в конец файла
/export/vol1 *(rw,sync,no_root_squash,no_subtree_check)
/export/vol2 *(rw,sync,no_root_squash,no_subtree_check)
/export/vol3 *(rw,sync,no_root_squash,no_subtree_check)
/export/vol4 *(rw,sync,no_root_squash,no_subtree_check)
/export/vol5 *(rw,sync,no_root_squash,no_subtree_check)
#:wq! ;)
#Далее - экспортируем разделы
>exportfs -r

Ngemuva kwawo wonke lo mlingo, singakha i-PV ne-PVC kuqoqo lethu kanje:
I-PV:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-vol1
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteMany
  nfs:
    # Same IP as the NFS host we ssh'ed to earlier.
    server: 10.150.200.22
    path: "/export/vol1"
EOF

I-PVC:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: ""
  resources:
    requests:
      storage: 10Gi
EOF

Lokhu kuphetha indaba yokudala iqoqo elilodwa futhi kuqala indaba yomjikelezo wayo wokuphila. Njengebhonasi, nansi imiyalo emibili ye-CSE ewusizo ngezinye izikhathi engavumela ukonga okubalulekile kwensiza:

#Увеличиваем размер кластера до 8 воркер нод
>cse cluster resize MyCluster --network k8s_cluster_net --nodes 8

#Выводим ненужные ноды из кластера с их последующим удалением
>vcd cse node delete MyCluster node-1a2v node-6685 --yes

Ngiyabonga nonke ngesikhathi senu. Uma unemibuzo, sicela uyibuze kumazwana.

Source: www.habr.com

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster