Sanibonani nonke! Igama lami ngingu-Oleg Sidorenkov, ngisebenza kwa-DomClick njengenhloko yethimba lengqalasizinda. Besilokhu sisebenzisa i-Kubik ekukhiqizeni iminyaka engaphezu kwemithathu, futhi phakathi nalesi sikhathi sihlangabezane nezikhathi eziningi ezithakazelisayo ezihlukene ngayo. Namuhla ngizokutshela ukuthi, ngendlela efanele, ungacindezela kanjani ukusebenza okwengeziwe ku-vanilla Kubernetes yeqoqo lakho. Ilungele ukuhamba kancane!
Nonke nazi kahle kamhlophe ukuthi i-Kubernetes iyisistimu yomthombo ovulekile ehlanjululwayo ye-orchestration yesiqukathi; kahle, noma amabhanari angu-5 asebenza ngomlingo ngokuphatha umjikelezo wempilo wama-microservices akho endaweni yeseva. Ngaphezu kwalokho, iyithuluzi elivumelana nezimo elingahlanganiswa njenge-Lego ukuze wenze ngokwezifiso ubuningi bemisebenzi ehlukene.
Futhi konke kubonakala kuhamba kahle: phonsa amaseva eqoqweni njengezinkuni ebhokisini lomlilo, futhi ngeke wazi noma yiluphi usizi. Kodwa uma ungowemvelo, uzocabanga: βNgingawugcina kanjani umlilo uvutha futhi ngiphephise ihlathi?β Ngamanye amazwi, indlela yokuthola izindlela zokuthuthukisa ingqalasizinda nokunciphisa izindleko.
1. Qapha ithimba nezinsiza zesicelo
Enye yezindlela ezivame kakhulu, kodwa ezisebenzayo ukwethulwa kwezicelo/imikhawulo. Hlukanisa izinhlelo zokusebenza ngezikhala zamagama, nezikhala ngamaqembu okuthuthukisa. Ngaphambi kokuthunyelwa, setha amanani wohlelo lokusebenza ukuze asetshenziswe isikhathi seprosesa, inkumbulo, nesitoreji se-ephemeral.
resources:
requests:
memory: 2Gi
cpu: 250m
limits:
memory: 4Gi
cpu: 500mNgokuhlangenwe nakho kwethu, sifinyelele esiphethweni: akufanele ukhulise izicelo ezivela emikhawulweni izikhathi ezingaphezu kokuphindwe kabili. Ivolumu yeqoqo ibalwa ngokusekelwe kuzicelo, futhi uma unikeza izinhlelo zokusebenza umehluko wezinsiza, isibonelo, izikhathi ezingu-5-10, bese ucabanga ukuthi kuzokwenzekani ku-node yakho uma igcwele ama-pods futhi ithola umthwalo ngokuzumayo. Akukho okuhle. Okungenani, i-throttling, futhi ngezinga eliphezulu, uzovalelisa isisebenzi futhi uthole umthwalo we-cyclic kuma-node asele ngemva kokuba ama-pods eqala ukunyakaza.
Ngaphezu kwalokho, ngosizo limitranges Ekuqaleni, ungasetha amanani wensiza esitsheni - ubuncane, ubukhulu kanye nokuzenzakalelayo:
β ~ kubectl describe limitranges --namespace ops
Name: limit-range
Namespace: ops
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 50m 10 100m 100m 2
Container ephemeral-storage 12Mi 8Gi 128Mi 4Gi -
Container memory 64Mi 40Gi 128Mi 128Mi 2Ungakhohlwa ukukhawulela izinsiza ze-namespace ukuze iqembu elilodwa lingakwazi ukuthatha zonke izinsiza zeqoqo:
β ~ kubectl describe resourcequotas --namespace ops
Name: resource-quota
Namespace: ops
Resource Used Hard
-------- ---- ----
limits.cpu 77250m 80
limits.memory 124814367488 150Gi
pods 31 45
requests.cpu 53850m 80
requests.memory 75613234944 150Gi
services 26 50
services.loadbalancers 0 0
services.nodeports 0 0Njengoba kungabonakala encazelweni resourcequotas, uma ithimba le-ops lifuna ukusebenzisa ama-pods azodla enye i-10 cpu, umhleli ngeke akuvumele lokhu futhi uzophonsa iphutha:
Error creating: pods "nginx-proxy-9967d8d78-nh4fs" is forbidden: exceeded quota: resource-quota, requested: limits.cpu=5,requests.cpu=5, used: limits.cpu=77250m,requests.cpu=53850m, limited: limits.cpu=10,requests.cpu=10Ukuxazulula inkinga enjalo, ungabhala ithuluzi, isibonelo, njenge , ekwazi ukugcina nokusebenzisa izinsiza zesimo semiyalo.
2. Khetha isitoreji sefayela esifanele
Lapha ngithanda ukuthinta esihlokweni samavolumu aqhubekayo kanye ne-disk subsystem ye-Kubernetes worker node. Ngithemba ukuthi akekho osebenzisa i- "Cube" ku-HDD ekukhiqizeni, kodwa ngezinye izikhathi i-SSD evamile ayisanele. Sihlangabezane nenkinga lapho amalogi abebulala khona idiski ngenxa yemisebenzi ye-I/O, futhi azikho izixazululo eziningi:
-
Sebenzisa ama-SSD asebenza kahle kakhulu noma ushintshele ku-NVMe (uma uphatha ihadiwe yakho).
-
Yehlisa izinga lokungena.
-
Yenza ukulinganisa "okuhlakaniphile" kwama-pods adlwengula idiski (
podAntiAffinity).
Isikrini esingenhla sibonisa ukuthi kwenzekani ngaphansi kwe-nginx-ingress-controller kudiski lapho ukungena_kwamalogi kunikwe amandla (~12 thousand logs/sec). Lesi simo, yiqiniso, singaholela ekulimazeni kwazo zonke izinhlelo zokusebenza kule node.
Ngokuqondene ne-PV, maye, angizange ngizame konke Imiqulu Ephikelelayo. Sebenzisa inketho engcono kakhulu evumelana nawe. Ngokomlando, kuye kwenzeka ezweni lakithi ukuthi ingxenye encane yezinsizakalo idinga imiqulu ye-RWX, futhi kudala baqala ukusebenzisa isitoreji se-NFS kulo msebenzi. Kushibhile futhi... ngokwanele. Yebo, mina naye sadla i-shit - ikubusise, kodwa safunda ukuyishuna, futhi ikhanda lami alisabuhlungu. Futhi uma kungenzeka, thuthela kusitoreji sento ye-S3.
3. Qoqa izithombe ezithuthukisiwe
Kungcono kakhulu ukusebenzisa izithombe ezilungiselelwe iziqukathi ukuze u-Kubernetes akwazi ukuzilanda ngokushesha futhi azenze ngokuphumelelayo.
Ukulungiselelwa kusho ukuthi izithombe:
-
ziqukethe uhlelo olulodwa kuphela noma zenze umsebenzi owodwa kuphela;
-
kuncane ngosayizi, ngoba izithombe ezinkulu zidluliselwa kabi kakhulu kunethiwekhi;
-
babe neziphetho zempilo nokulungela ezivumela u-Kubernetes ukuthi athathe isinyathelo uma kwenzeka ukuphumula;
-
sebenzisa amasistimu wokusebenza alungele iziqukathi (njenge-Alpine noma i-CoreOS), amelana kakhulu namaphutha okumisa;
-
sebenzisa ukwakhiwa kwezigaba eziningi ukuze ukwazi ukuphakela kuphela izinhlelo zokusebenza ezihlanganisiwe hhayi imithombo ehambisana naso.
Kunamathuluzi amaningi nezinsizakalo ezikuvumela ukuthi uhlole futhi ulungiselele izithombe lapho undiza. Kubalulekile ukuthi uhlale unolwazi lwakamuva futhi uhlolelwe ukuphepha. Ngenxa yalokho uthola:
-
Kwehlisiwe umthwalo wenethiwekhi kulo lonke iqoqo.
-
Ukunciphisa isikhathi sokuqalisa isiqukathi.
-
Usayizi omncane werejista yakho yonke ye-Docker.
4. Sebenzisa inqolobane ye-DNS
Uma sikhuluma ngemithwalo ephezulu, impilo ilula kakhulu ngaphandle kokulungisa uhlelo lwe-DNS yeqoqo. Kudala, abathuthukisi be-Kubernetes basekela isisombululo sabo se-kube-dns. Iphinde yasetshenziswa lapha, kodwa le software ayizange ishunwe ngokukhethekile futhi ayizange ikhiqize ukusebenza okudingekayo, nakuba kwakubonakala kuwumsebenzi olula. Kwabe sekuvela ama-coredns, esashintshela kuwo futhi sangenalo usizi; kamuva kwaba insizakalo ye-DNS ezenzakalelayo kuma-K8s. Ngesinye isikhathi, sikhule saba ngama-rps ayizinkulungwane ezingama-40 ohlelweni lwe-DNS, futhi lesi sixazululo sabuye sanganeli. Kodwa, ngenhlanhla, amaNodelocaldns aphuma, aka node inqolobane yendawo, aka .
Kungani sisebenzisa lokhu? Kunesiphazamisi ku-kernel ye-Linux okuthi, lapho izingcingo eziningi zisebenzisa i-NAT nge-UDP, ziholela esimeni somjaho sokungenela amathebula e-contrack, futhi ingxenye yethrafikhi nge-NAT ilahleke (uhambo ngalunye ngeSevisi yi-NAT). I-Nodelocaldns ixazulula le nkinga ngokususa i-NAT futhi ithuthukise ukuxhumana ku-TCP ukuze ikhuphukele phezulu kwe-DNS, kanye nokufaka kunqolobane nemibuzo ye-DNS ekhuphuka nomfula (kuhlanganise nenqolobane emfushane eyi-negative yamasekhondi angu-5).
5. Kala ama-pods ngokuvundlile nangokuqondile ngokuzenzakalelayo
Ungasho ngokuqiniseka ukuthi wonke ama-microservices akho alungele ukukhuphuka kabili noma kathathu komthwalo? Uzaba kanjani izinsiza ngendlela efanele kuzicelo zakho? Ukugcina ama-pods ambalwa egijima ngaphezu komthwalo wokusebenza kungase kungabi namandla, kodwa ukuwagcina emuva kubeka ingozi yesikhathi sokuphumula kusukela ekwenyukeni okungazelelwe kwethrafikhi eya enkonzweni. Izinkonzo ezifana ΠΈ .
VPA ikuvumela ukuthi uphakamise ngokuzenzakalelayo izicelo/imikhawulo yeziqukathi zakho ku-pod kuye ngokusetshenziswa kwangempela. Ingaba usizo kanjani? Uma unama-pods angakwazi ukukalwa ngokuvundlile ngesizathu esithile (okungathembeki ngokuphelele), ungazama ukuphathisa izinguquko kuzinsiza zayo ku-VPA. Isici salo siwuhlelo lokuncoma olusekelwe kudatha yomlando neyamanje evela kuseva yemethrikhi, ngakho-ke uma ungafuni ukushintsha izicelo/imikhawulo ngokuzenzakalelayo, ungavele ugade izinsiza ezinconyiwe zeziqukathi zakho futhi ulungiselele izilungiselelo ukuze wonge i-CPU futhi. inkumbulo ku-cluster.
Isithombe sithathwe ku-https://levelup.gitconnected.com/kubernetes-autoscaling-101-cluster-autoscaler-horizontal-pod-autoscaler-and-vertical-pod-2a441d9ad231
Umhleli ku-Kubernetes uhlala esekelwe ezicelweni. Noma ngabe yiliphi inani olifakile lapho, umhleli uzocinga i-node efanelekile esekelwe kuyo. Amanani wemikhawulo ayadingeka ukuze i-cubelet iqonde ukuthi kufanele iphonswe nini noma ibulale i-pod. Futhi njengoba ipharamitha ebalulekile kuphela inani lezicelo, i-VPA izosebenza nayo. Noma kunini uma ukala uhlelo lokusebenza luqonde phezulu, uchaza ukuthi izicelo kufanele zibe yini. Kuyokwenzekani ngemingcele ngaleso sikhathi? Le pharamitha nayo izokalwa ngokulinganayo.
Isibonelo, nazi izilungiselelo ezijwayelekile ze-pod:
resources:
requests:
memory: 250Mi
cpu: 200m
limits:
memory: 500Mi
cpu: 350mInjini yokuncoma inquma ukuthi uhlelo lwakho lokusebenza ludinga u-300m CPU kanye no-500Mi ukuze lusebenze kahle. Uzothola izilungiselelo ezilandelayo:
resources:
requests:
memory: 500Mi
cpu: 300m
limits:
memory: 1000Mi
cpu: 525mNjengoba kushiwo ngenhla, lokhu ukukala okulinganayo okusekelwe esilinganisweni sezicelo/imikhawulo ku-manifest:
-
CPU: 200m β 300m: isilinganiso 1:1.75;
-
Imemori: 250Mi β 500Mi: isilinganiso 1:2.
Mayelana HPA, khona-ke indlela yokusebenza ibonakala ngokucacile. Amamethrikhi afana ne-CPU nenkumbulo ayashesha, futhi uma isilinganiso sazo zonke izifaniso sidlula umkhawulo, isicelo sikalwa nge-+1 sub kuze kube yilapho inani lehla ngaphansi komkhawulo noma kuze kube yilapho kufinyelelwa inombolo enkulu yokuphindaphinda.
Isithombe sithathwe ku-https://levelup.gitconnected.com/kubernetes-autoscaling-101-cluster-autoscaler-horizontal-pod-autoscaler-and-vertical-pod-2a441d9ad231
Ngokungeziwe kumamethrikhi avamile afana ne-CPU nenkumbulo, ungasetha ama-threshold kumamethrikhi akho angokwezifiso kusuka ku-Prometheus futhi usebenze nawo uma ucabanga ukuthi lokho kuyinkomba enembe kakhulu yokuthi ungasikala nini isicelo sakho. Uma uhlelo lokusebenza seluzinzile ngaphansi komkhawulo we-metric oshiwo, i-HPA izoqala ukukala ama-pod yehle iye enanini elincane lokuphindaphinda noma kuze kube yilapho umthwalo ufinyelela umkhawulo oshiwo.
6. Ungakhohlwa mayelana Node Affinity kanye Pod Affinity
Akuwona wonke ama-node asebenza ku-hardware efanayo, futhi akuwona wonke ama-pods adinga ukusebenzisa izinhlelo zokusebenza zekhompyutha. I-Kubernetes ikuvumela ukuthi usethe ukukhethekile kwama-node nama-pods usebenzisa I-Node Affinity ΠΈ I-Pod Affinity.
Uma unama-node afanele ukusebenza kwe-compute-intensive, khona-ke ukuze usebenze kahle kakhulu kungcono ukubopha izinhlelo zokusebenza kuma-node ahambisanayo. Ukuze wenze lokhu sebenzisa nodeSelector enelebula le-node.
Ake sithi unamanodi amabili: eyodwa nge CPUType=HIGHFREQ kanye nenani elikhulu lama-cores asheshayo, elinye elina MemoryType=HIGHMEMORY inkumbulo eyengeziwe nokusebenza ngokushesha. Indlela elula yokwabela ukuthunyelwa ku-node HIGHFREQngokwengeza esigabeni spec lesi sikhethi:
β¦
nodeSelector:
CPUType: HIGHFREQIndlela ebiza kakhulu futhi eqondile yokwenza lokhu ukusebenzisa nodeAffinity ensimini affinity i-razdela spec. Kunezinketho ezimbili:
-
requiredDuringSchedulingIgnoredDuringExecution: ukusetha okuqinile (umhleli uzosebenzisa ama-pods kuphela kumanodi athile (futhi akukho kwenye indawo)); -
preferredDuringSchedulingIgnoredDuringExecution: ukulungiselelwa okuthambile (umhleli uzozama ukuphakela kumanodi athile, futhi uma lokho kwehluleka, uzozama ukuphakela endaweni elandelayo etholakalayo).
Ungacacisa i-syntax ethile yokuphatha amalebula e-node, njenge In, NotIn, Exists, DoesNotExist, Gt noma Lt. Nokho, khumbula ukuthi izindlela eziyinkimbinkimbi ezinhlwini ezinde zamalebula zizobambezela ukwenziwa kwezinqumo ezimeni ezibucayi. Ngamanye amazwi, kugcine kulula.
Njengoba kushiwo ngenhla, i-Kubernetes ikuvumela ukuthi usethe ukuhambisana kwama-pods amanje. Okusho ukuthi, ungaqiniseka ukuthi ama-pods athile asebenza ndawonye namanye ama-pods endaweni yokutholakala efanayo (efanele amafu) noma ama-node.
Π podAffinity amasimu affinity i-razdela spec izinkambu ezifanayo ziyatholakala njengoba esimweni nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution ΠΈ preferredDuringSchedulingIgnoredDuringExecution. Umehluko kuphela ukuthi matchExpressions izobophezela ama-pods endaweni esevele isebenzisa i-pod enaleyo lebula.
I-Kubernetes iphinde inikeze insimu podAntiAffinity, okuyinto, ngokuphambene nalokho, ayibopheli i-pod ku-node ene-pods ethize.
Mayelana nezinkulumo nodeAffinity Iseluleko esifanayo singanikezwa: zama ukugcina imithetho elula futhi enengqondo, ungazami ukulayisha ngokweqile ukucaciswa kwe-pod ngesethi yemithetho eyinkimbinkimbi. Kulula kakhulu ukudala umthetho ongeke uhambisane nemibandela yeqoqo, ukudala umthwalo ongadingekile kumhleli nokunciphisa ukusebenza okuphelele.
7. Ama-Taints & Tolerances
Kukhona enye indlela yokuphatha isihleli. Uma uneqoqo elikhulu elinamakhulu ama-node nezinkulungwane zama-microservices, ngakho-ke kunzima kakhulu ukungavumeli ama-pods athile ukuba abanjwe kuma-node athile.
Indlela yokwenza amabala-imithetho evimbelayo-iyasiza kulokhu. Isibonelo, ezimweni ezithile ungavimbela ama-node athile ekusebenzeni kwama-pods. Ukuze usebenzise i-taint ku-node ethile udinga ukusebenzisa inketho taint kwe kubectl. Cacisa ukhiye kanye nenani bese ungcolisa njengo NoSchedule noma NoExecute:
$ kubectl taint nodes node10 node-role.kubernetes.io/ingress=true:NoScheduleKuyaqapheleka futhi ukuthi indlela yokungcola isekela imiphumela emithathu eyinhloko: NoSchedule, NoExecute ΠΈ PreferNoSchedule.
-
NoSchedulekusho ukuthi okwamanje ngeke kube nokungena okuhambisanayo ekucacisweni kwe-podtolerations, ngeke ikwazi ukuthunyelwa ku-node (kulesi sibonelonode10). -
PreferNoSchedule- Inguqulo eyenziwe lulaNoSchedule. Kulesi simo, umhleli uzozama ukungawabi ama-pods angenakho okufaniswayotolerationsnge-node ngayinye, kodwa lokhu akuwona umkhawulo onzima. Uma zingekho izinsiza kuqoqo, khona-ke ama-pods azoqala ukusetshenziswa kule nodi. -
NoExecute- lo mphumela udala ukukhishwa ngokushesha kwama-pods angenakho okungenayo okuhambisanayotolerations.
Kuyathakazelisa ukuthi lokhu kuziphatha kungakhanselwa kusetshenziswa indlela yokubekezelela. Lokhu kulula uma kune-node "enqatshelwe" futhi udinga kuphela ukubeka izinsizakalo zengqalasizinda kuyo. Kwenziwa kanjani? Vumela kuphela lezo pods lapho kukhona ukubekezelelana okufanele.
Nakhu ukuthi ukucaciswa kwe-pod kungabukeka kanjani:
spec:
tolerations:
- key: "node-role.kubernetes.io/ingress"
operator: "Equal"
value: "true"
effect: "NoSchedule"Lokhu akusho ukuthi ukufakwa kabusha okulandelayo kuzowela kule node ethile, lokhu akuyona indlela ye-Node Affinity futhi nodeSelector. Kepha ngokuhlanganisa izici ezimbalwa, ungafinyelela izilungiselelo zeshejuli eziguquguqukayo.
8. Setha Okubalulekile Kokuthunyelwa KwePod
Ngenxa yokuthi unama-pods anikezwe ama-node akusho ukuthi wonke ama-pods kufanele aphathwe ngokuqalwa okufanayo. Isibonelo, ungase ufune ukuphakela ama-pods ngaphambi kwamanye.
I-Kubernetes inikezela ngezindlela ezihlukile zokumisa i-Pod Priority and Preemption. Isilungiselelo siqukethe izingxenye ezimbalwa: into PriorityClass nezincazelo zenkambu priorityClassName ekucacisweni kwe-pod. Ake sibheke isibonelo:
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: high-priority
value: 99999
globalDefault: false
description: "This priority class should be used for very important pods only"Siyadala PriorityClass, inikeze igama, incazelo kanye nenani. Okuphezulu value, kulapho okubaluleke kakhulu khona. Inani lingaba yinoma iyiphi inombolo engu-32-bit engaphansi noma elingana no-1. Amanani aphezulu agcinelwe ama-pods esistimu abalulekile ngokuvamile angakwazi ukukhishwa ngaphambili. Ukufuduka kuzokwenzeka kuphela uma i-pod ebaluleke kakhulu ingenayo indawo yokujika, khona-ke amanye ama-pods avela endaweni ethile azokhishwa. Uma lo mshini uqine kakhulu kuwe, ungangeza inketho preemptionPolicy: Never, futhi-ke ngeke kube khona ukukhululwa, i-pod izoma kuqala kulayini futhi ilinde umhleli ukuthi ayitholele izinsiza zamahhala.
Okulandelayo, sakha i-pod lapho sibonisa khona igama priorityClassName:
apiVersion: v1
kind: Pod
metadata:
name: static-web
labels:
role: myrole
spec:
containers:
- name: web
image: nginx
ports:
- name: web
containerPort: 80
protocol: TCP
priorityClassName: high-priority
Ungakha amakilasi amaningi abalulekile ngendlela othanda ngayo, nakuba kunconywa ukuthi ungathatheki ngalokhu (yithi, zikhawulele kokubalulekile okuphansi, okumaphakathi nokuphezulu).
Ngakho-ke, uma kunesidingo, ungakwazi ukwandisa ukusebenza kahle kokuthumela izinsizakalo ezibucayi ezifana ne-nginx-ingress-controller, coredns, njll.
9. Lungiselela iqoqo le-ETCD
I-ETCD ingabizwa ngokuthi ubuchopho beqoqo lonke. Kubaluleke kakhulu ukugcina ukusebenza kwalesi sizindalwazi ezingeni eliphezulu, ngoba isivinini sokusebenza ku-Cube sincike kuyo. Izinga elifanelekile, futhi ngesikhathi esifanayo, isixazululo esihle kungaba ukugcina iqoqo le-ETCD kuma-master nodes ukuze kube nokubambezeleka okuncane ku-kube-apiserver. Uma ungeke ukwazi ukwenza lokhu, beka i-ETCD eduze ngangokunokwenzeka, ngomkhawulokudonsa omuhle phakathi kwabahlanganyeli. Qaphela futhi ukuthi mangaki ama-node avela ku-ETCD angawa ngaphandle kokulimala kuqoqo
Khumbula ukuthi ukwandisa ngokweqile inani lamalungu kuqoqo kungakhuphula ukubekezelelana kwamaphutha ngezindleko zokusebenza, yonke into kufanele ibe ngokulinganisela.
Uma sikhuluma ngokusetha isevisi, kunezincomo ezimbalwa:
-
Yiba ne-hardware enhle, ngokusekelwe kusayizi weqoqo (ungafunda ).
-
Lungisa amapharamitha ambalwa uma usabalalise iqoqo phakathi kwepheya lama-DC noma inethiwekhi yakho namadiski kushiya okuningi okungafunwa (ungafunda ).
isiphetho
Lesi sihloko sichaza amaphuzu ithimba lethu elizama ukuthobelana nawo. Lena akuyona incazelo yesinyathelo ngesinyathelo sezenzo, kodwa izinketho ezingase zibe usizo ekuthuthukiseni phezulu kweqoqo. Kuyacaca ukuthi iqoqo ngalinye lihlukile ngendlela yalo, futhi izixazululo zokumisa zingahluka kakhulu, ngakho-ke kungajabulisa ukuthola impendulo yakho yokuthi uliqapha kanjani iqoqo lakho le-Kubernetes nokuthi uthuthukisa kanjani ukusebenza kwalo. Yabelana ngolwazi lwakho kumazwana, kuzoba mnandi ukwazi.
Source: www.habr.com