Kulo nyaka, ingqungquthela enkulu ye-European Kubernetes - i-KubeCon + CloudNativeCon Europe 2020 - ibingokoqobo. Nokho, ukuguqulwa okunjalo kwefomethi akuzange kusivimbele ekuletheni umbiko wethu osekunesikhathi eside siwuhlelile othi “Hamba? Bash! Hlangana ne-Shell-opharetha” enikezelwe kuphrojekthi yethu yomthombo ovulekile .
Lesi sihloko, sigqugquzelwe yinkulumo, siveza indlela yokwenza lula inqubo yokudala ama-opharetha e-Kubernetes futhi sibonisa ukuthi ungenza kanjani owakho ngomzamo omncane usebenzisa i-shell-operator.
Sethula (~Imizuzu engu-23 ngesiNgisi, ifundisa kakhulu kune-athikili) kanye nesiqephu esiyinhloko esivela kuso ngendlela yombhalo. Hamba!
E-Flant sihlala sithuthukisa futhi sishintsha yonke into ngokuzenzakalelayo. Namuhla sizokhuluma ngomunye umqondo othakazelisayo. Hlangana: cloud-native shell scripting!
Nokho, ake siqale ngomongo lapho konke lokhu kwenzeka: Kubernetes.
I-Kubernetes API nezilawuli
I-API eku-Kubernetes ingamelwa njengohlobo lweseva yefayela enezinkomba zohlobo ngalunye lwento. Izinto (izinsiza) kule seva zimelelwa amafayela e-YAML. Ngaphezu kwalokho, iseva ine-API eyisisekelo ekuvumela ukuthi wenze izinto ezintathu:
- thola insiza ngohlobo negama layo;
- shintsha insiza (kulokhu, iseva igcina kuphela izinto “ezilungile” - zonke ezakheke ngokungalungile noma ezihloselwe ezinye iziqondisi ziyalahlwa);
- ithrekhi ngosizo (kulokhu, umsebenzisi uthola ngokushesha inguqulo yakhe yamanje/ebuyekeziwe).
Ngakho-ke, i-Kubernetes isebenza njengohlobo lweseva yefayela (ye-YAML ibonakalisa) ngezindlela ezintathu eziyisisekelo (yebo, empeleni zikhona ezinye, kodwa sizozishiya okwamanje).
Inkinga ukuthi iseva ingagcina ulwazi kuphela. Ukuze usebenze udinga isilawuli - umqondo wesibili obaluleke kakhulu futhi oyisisekelo emhlabeni we-Kubernetes.
Kunezinhlobo ezimbili eziyinhloko zezilawuli. Eyokuqala ithatha ulwazi oluvela ku-Kubernetes, ilucubungule ngokomqondo obekwe esidlekeni, bese ilubuyisela kuma-K8s. Owesibili uthatha ulwazi oluvela ku-Kubernetes, kodwa, ngokungafani nohlobo lokuqala, lushintsha isimo sezinye izinsiza zangaphandle.
Ake sibhekisise inqubo yokudala ukuthunyelwa e-Kubernetes:
- Isilawuli Sokuthunyelwa (kufakwe ku
kube-controller-manager) ithola ulwazi mayelana nokusetshenziswa futhi idale i-ReplicaSet. - I-ReplicaSet idala ama-replica amabili (ama-pod amabili) ngokusekelwe kulolu lwazi, kodwa lezi pods azikahlelwa okwamanje.
- Umhleli uhlela ama-pods futhi wengeze ulwazi lwe-node kuma-YAML awo.
- Ama-Kubelets enza izinguquko esisetshenziswa sangaphandle (yisho i-Docker).
Bese lonke lolu chungechunge luphindaphindwa ngokulandelana okuphambene: i-kubelet ihlola iziqukathi, ibala isimo se-pod bese iyibuyisela emuva. Isilawuli se-ReplicaSet sithola isimo futhi sibuyekeze isimo sesethi ye-replica. Kwenzeka okufanayo ngesilawuli Sokuthunyelwa futhi umsebenzisi ekugcineni uthola isimo esibuyekeziwe (samanje).
I-Shell-opharetha
Kuvela ukuthi i-Kubernetes isekelwe emsebenzini ohlangene wabalawuli abahlukahlukene (abaqhubi be-Kubernetes nabo bangabalawuli). Umbuzo uphakama, indlela yokudala opharetha wakho ngomzamo omncane? Nakhu esimthuthukisile esiza . Ivumela abaphathi besistimu ukuthi bazenzele izitatimende zabo besebenzisa izindlela ezijwayelekile.
Isibonelo esilula: ukukopisha izimfihlo
Ake sibheke isibonelo esilula.
Ake sithi sineqoqo le-Kubernetes. Inendawo yamagama default ngenye Imfihlo mysecret. Ngaphezu kwalokho, kunezinye izikhala zamagama kuqoqo. Ezinye zazo zinelebula elithile elinamathiselwe kuzo. Umgomo wethu uwukukopisha Imfihlo ezindaweni zamagama ezinelebula.
Umsebenzi uxaka ngenxa yokuthi izikhala zamagama ezintsha zingavela kuqoqo, futhi ezinye zazo zingase zibe nale lebula. Ngakolunye uhlangothi, lapho ilebula isusiwe, Imfihlo nayo kufanele isuswe. Ngaphezu kwalokhu, Imfihlo ngokwayo ingashintsha: kulokhu, Imfihlo entsha kufanele ikopishwe kuzo zonke izikhala zamagama ezinamalebula. Uma Imfihlo isuswe ngephutha kunoma iyiphi indawo yamagama, u-opharetha wethu kufanele ayibuyisele ngokushesha.
Manje njengoba umsebenzi usuwenziwe, yisikhathi sokuqala ukuwusebenzisa usebenzisa i-shell-opharetha. Kodwa okokuqala kufanelekile ukusho amagama ambalwa mayelana ne-shell-opharetha ngokwayo.
Isebenza kanjani i-shell-opharetha
Njengeminye imisebenzi e-Kubernetes, i-shell-opharetha isebenza nge-pod yayo. Kulolu hlu lwemibhalo /hooks amafayela asebenzisekayo agcinwa. Lokhu kungaba imibhalo ku-Bash, Python, Ruby, njll. Sibiza amafayela anjalo asebenzisekayo ngezingwegwe (izingwegwe).
I-Shell-opharetha ibhalisela imicimbi ye-Kubernetes futhi isebenzise lezi zingwegwe ukuphendula leyo micimbi esiyidingayo.
I-shell-operator yazi kanjani ukuthi iyiphi ihuku okufanele isebenze futhi nini? Iphuzu liwukuthi ihuku ngalinye linezigaba ezimbili. Ngesikhathi sokuqalisa, i-shell-opharetha iqhuba wonke amahhuku nge-agumenti --config Lesi yisigaba sokumisa. Futhi emva kwayo, izingwegwe zethulwa ngendlela evamile - ngokuphendula izenzakalo ezinamathiselwe kuzo. Esimweni sokugcina, ihuku ithola umongo obophayo (umongo obophayo) - idatha ngefomethi ye-JSON, esizokhuluma ngayo ngokuningiliziwe ngezansi.
Ukwenza opharetha ku-Bash
Manje sesilungele ukuqaliswa. Ukuze wenze lokhu, sidinga ukubhala imisebenzi emibili (ngendlela, sincoma umtapo wolwazi , okwenza kube lula kakhulu izingwegwe zokubhala ku-Bash):
- eyokuqala iyadingeka esiteji sokumisa - sibonisa umongo obophayo;
- eyesibili iqukethe i-logic eyinhloko ye-hook.
#!/bin/bash
source /shell_lib.sh
function __config__() {
cat << EOF
configVersion: v1
# BINDING CONFIGURATION
EOF
}
function __main__() {
# THE LOGIC
}
hook::run "$@"
Isinyathelo esilandelayo siwukunquma ukuthi yiziphi izinto esizidingayo. Esimweni sethu, sidinga ukulandela:
- imfihlo yomthombo wezinguquko;
- zonke izikhala zamagama kuqoqo, ukuze wazi ukuthi yiziphi ezinelebula elinamathiselwe kuzo;
- izimfihlo eziqondiwe ukuze uqinisekise ukuthi zonke ziyavumelana nemfihlo yomthombo.
Bhalisela umthombo oyimfihlo
Ukuyibophezela ukucushwa kwayo kulula kakhulu. Sikhombisa ukuthi sinentshisekelo kuMfihlo ngegama mysecret endaweni yamagama default:
function __config__() {
cat << EOF
configVersion: v1
kubernetes:
- name: src_secret
apiVersion: v1
kind: Secret
nameSelector:
matchNames:
- mysecret
namespace:
nameSelector:
matchNames: ["default"]
group: main
EOF
Njengomphumela, ihuku lizoqalwa lapho imfihlo yomthombo ishintsha (src_secret) futhi uthole umongo olandelayo oyisibopho:
Njengoba ubona, iqukethe igama nayo yonke into.
Ukulandelela izikhala zamagama
Manje udinga ukubhalisa kuzikhala zamagama. Ukuze senze lokhu, sicacisa ukucushwa okubophayo okulandelayo:
- name: namespaces
group: main
apiVersion: v1
kind: Namespace
jqFilter: |
{
namespace: .metadata.name,
hasLabel: (
.metadata.labels // {} |
contains({"secret": "yes"})
)
}
group: main
keepFullObjectsInMemory: false
Njengoba ubona, kuvele inkambu entsha ekucushweni enegama jqIsihlungi. Njengoba igama layo liphakamisa, jqFilter ihlunga lonke ulwazi olungadingekile futhi idale into entsha ye-JSON enezinkambu esizithandayo. Ihuku elinokucushwa okufanayo lizothola umongo olandelayo oyisibopho:
Iqukethe uhlu filterResults endaweni yamagama ngayinye kuqoqo. I-Boolean variable hasLabel ibonisa ukuthi ilebula inamathiselwe endaweni yegama enikeziwe. Isikhethi keepFullObjectsInMemory: false kubonisa ukuthi asikho isidingo sokugcina izinto eziphelele enkumbulweni.
Ukulandelela izimfihlo ezihlosiwe
Sibhalisa kuzo zonke izimfihlo ezinezichasiselo ezishiwo managed-secret: "yes" (lezi yizinjongo zethu dst_secrets):
- name: dst_secrets
apiVersion: v1
kind: Secret
labelSelector:
matchLabels:
managed-secret: "yes"
jqFilter: |
{
"namespace":
.metadata.namespace,
"resourceVersion":
.metadata.annotations.resourceVersion
}
group: main
keepFullObjectsInMemory: false
Kulokhu jqFilter ihlunga lonke ulwazi ngaphandle kwendawo yamagama nepharamitha resourceVersion. Ipharamitha yokugcina idluliselwe esichasiselweni lapho udala imfihlo: ikuvumela ukuthi uqhathanise izinguqulo zezimfihlo futhi uzigcine zisesikhathini samanje.
Ihuku elungiselelwe ngale ndlela, lapho isetshenziswa, izothola izimo ezintathu ezibophezelayo ezichazwe ngenhla. Bangacatshangwa njengohlobo lwesifinyezo (isifinyezo) iqoqo.
Ngokusekelwe kulo lonke lolu lwazi, i-algorithm eyisisekelo ingathuthukiswa. Iphindaphinda kuzo zonke izikhala zamagama futhi:
- uma
hasLabelizindabatrueokwesikhala samagama samanje:- iqhathanisa imfihlo yomhlaba wonke neyendawo:
- uma zifana, akwenzi lutho;
- uma behluka - ikhiphe
kubectl replacenomacreate;
- iqhathanisa imfihlo yomhlaba wonke neyendawo:
- uma
hasLabelizindabafalseokwesikhala samagama samanje:- iqinisekisa ukuthi imfihlo ayikho endaweni yamagama enikeziwe:
- uma Imfihlo yendawo ikhona, yisuse usebenzisa
kubectl delete; - uma Imfihlo yendawo ingatholwa, ayenzi lutho.
- uma Imfihlo yendawo ikhona, yisuse usebenzisa
- iqinisekisa ukuthi imfihlo ayikho endaweni yamagama enikeziwe:
ungalanda kweyethu .
Sikwazile kanjalo ukwakha isilawuli se-Kubernetes esilula sisebenzisa imigqa engama-35 ye-YAML config kanye nenani elifanayo lekhodi ye-Bash! Umsebenzi we-shell-opharetha uwukuxhumanisa ndawonye.
Kodwa-ke, ukukopisha izimfihlo akuyona ukuphela kwendawo yokusetshenziswa kwensiza. Nazi ezinye izibonelo ezimbalwa ukukhombisa lokho akwazi ukukwenza.
Isibonelo 1: Ukwenza izinguquko ku-ConfigMap
Ake sibheke Ukuthunyelwa okuqukethe ama-pods amathathu. Amaphodi asebenzisa i-ConfigMap ukuze agcine ukucushwa okuthile. Ngenkathi ama-pods ethulwa, i-ConfigMap yayisesimweni esithile (asiyibize i-v.1). Ngokufanelekile, wonke ama-pods asebenzisa le nguqulo ye-ConfigMap.
Manje ake sicabange ukuthi i-ConfigMap isishintshile (v.2). Nokho, ama-pods azosebenzisa inguqulo yangaphambilini ye-ConfigMap (v.1):
Ngingabenza kanjani bashintshele ku-ConfigMap entsha (v.2)? Impendulo ilula: sebenzisa isifanekiso. Ake sengeze isichasiselo se-checksum esigabeni template Izilungiselelo zokusebenzisa:
Ngenxa yalokho, le-checksum izobhaliswa kuwo wonke ama-pods, futhi izofana naleyo ye-Deployment. Manje udinga nje ukubuyekeza isichasiselo uma i-ConfigMap ishintsha. Futhi i-shell-opharetha iyasiza kuleli cala. Odinga ukukwenza uhlelo ihuku ezobhalisela i-ConfigMap futhi ibuyekeze isheke.
Uma umsebenzisi enza izinguquko ku-ConfigMap, i-shell-opharetha izozibona futhi ibale kabusha i-checksum. Ngemuva kwalokho kuzosebenza umlingo weKubernetes: i-orchestrator izobulala i-pod, idale entsha, ilinde ukuthi ibe. Ready, bese idlulela kwesilandelayo. Njengomphumela, ukuthunyelwa kuzovumelanisa futhi kushintshele enguqulweni entsha ye-ConfigMap.
Isibonelo sesi-2: Ukusebenza Ngezincazelo Zensiza Yangokwezifiso
Njengoba wazi, i-Kubernetes ikuvumela ukuthi udale izinhlobo zangokwezifiso zezinto. Isibonelo, ungakha uhlobo MysqlDatabase. Ake sithi lolu hlobo lunezinhlaka ezimbili zemethadatha: name и namespace.
apiVersion: example.com/v1alpha1
kind: MysqlDatabase
metadata:
name: foo
namespace: bar
Sineqoqo le-Kubernetes elinezikhala zamagama ezahlukene lapho singakha khona imininingwane egciniwe ye-MySQL. Kulesi simo, i-shell-opharetha ingasetshenziswa ukulandelela izinsiza MysqlDatabase, iwaxhuma kuseva ye-MySQL futhi ivumelanise izifunda ezifiswayo neziqashelwayo zeqoqo.
Isibonelo sesi-3: I-Cluster Network Monitoring
Njengoba wazi, ukusebenzisa i-ping kuyindlela elula yokuqapha inethiwekhi. Kulesi sibonelo sizobonisa indlela yokuqalisa ukuqapha okunjalo usebenzisa i-shell-opharetha.
Okokuqala, uzodinga ukubhalisela ama-node. Umsebenzisi wegobolondo udinga igama nekheli le-IP lenodi ngayinye. Ngosizo lwabo, uzophonsela la ma-node.
configVersion: v1
kubernetes:
- name: nodes
apiVersion: v1
kind: Node
jqFilter: |
{
name: .metadata.name,
ip: (
.status.addresses[] |
select(.type == "InternalIP") |
.address
)
}
group: main
keepFullObjectsInMemory: false
executeHookOnEvent: []
schedule:
- name: every_minute
group: main
crontab: "* * * * *"
Ipharamitha executeHookOnEvent: [] ivimbela ihuku ekusebenzeni ekuphenduleni kunoma yimuphi umcimbi (okungukuthi, ekuphenduleni ukushintsha, ukungeza, ukususa ama-node). Nokho, yena izogijima (futhi ubuyekeze uhlu lwama-node) Okuhleliwe - njalo ngomzuzu, njengoba kunqunywe yinkundla schedule.
Manje umbuzo uphakama, sazi kanjani kahle ngezinkinga ezinjengokulahleka kwephakethe? Ake sibheke ikhodi:
function __main__() {
for i in $(seq 0 "$(context::jq -r '(.snapshots.nodes | length) - 1')"); do
node_name="$(context::jq -r '.snapshots.nodes['"$i"'].filterResult.name')"
node_ip="$(context::jq -r '.snapshots.nodes['"$i"'].filterResult.ip')"
packets_lost=0
if ! ping -c 1 "$node_ip" -t 1 ; then
packets_lost=1
fi
cat >> "$METRICS_PATH" <<END
{
"name": "node_packets_lost",
"add": $packets_lost,
"labels": {
"node": "$node_name"
}
}
END
done
}
Siphindaphinda ngohlu lwama-node, sithole amagama awo namakheli e-IP, siwafake futhi sithumele imiphumela ku-Prometheus. I-Shell-opharetha ingathekelisa amamethrikhi ku-Prometheus, iwalondoloza efayeleni elibekwe ngendlela eshiwo kuguquko lwendawo $METRICS_PATH.
ungenza i-opharetha yokuqapha inethiwekhi kalula kuqoqo.
Indlela yokwenza umugqa
Lesi sihloko sizobe singaphelele ngaphandle kokuchaza enye indlela ebalulekile eyakhelwe ku-shell-opharetha. Cabanga ukuthi yenza uhlobo oluthile lwehhuku ukuphendula umcimbi kuqoqo.
- Kwenzekani uma ngesikhathi esifanayo ku-cluster kwenzeka Okunye umcimbi?
- Ingabe i-shell-opharetha izosebenzisa esinye isibonelo sehuku?
- Kuthiwani uma, ake sithi, izehlakalo ezinhlanu zenzeka eqoqweni ngesikhathi esisodwa?
- Ingabe i-shell-opharetha izozicubungula ngokuhambisana?
- Kuthiwani ngezinsiza ezidliwe njengememori ne-CPU?
Ngenhlanhla, i-shell-opharetha inomshini owakhelwe ngaphakathi womugqa. Yonke imicimbi ikulayini futhi icutshungulwa ngokulandelana.
Ake sifanekise lokhu ngezibonelo. Ake sithi sinezingwegwe ezimbili. Umcimbi wokuqala uya kuhhuku lokuqala. Uma ukucubungula kwayo sekuqediwe, ulayini uya phambili. Imicimbi emithathu elandelayo iqondiswe kabusha ku-hook yesibili - isuswa emgqeni futhi ifakwe kuwo "inqwaba". Leyo hook ithola uxhaxha lwemicimbi - noma, ngokuqondile, uchungechunge lwezimo ezibophayo.
Futhi lezi imicimbi ingahlanganiswa ibe yinkulu eyodwa. Ipharamitha inesibopho salokhu group ekucushweni okubophezelayo.
Ungakha noma iyiphi inombolo yolayini/ohhuka nezinhlanganisela zabo ezihlukahlukene. Isibonelo, ulayini owodwa ungasebenza ngamahhuku amabili, noma ngokuphambene.
Odinga ukukwenza nje ukulungisa inkambu ngendlela efanele queue ekucushweni okubophezelayo. Uma igama lomugqa lingacacisiwe, ihuku ligijima kulayini omisiwe (default). Le nqubo yokubeka umugqa ikuvumela ukuthi uxazulule ngokuphelele zonke izinkinga zokuphatha izinsiza lapho usebenza ngezingwegwe.
isiphetho
Sichaze ukuthi iyini i-shell-opharetha, sabonisa ukuthi ingasetshenziswa kanjani ukudala ngokushesha futhi kalula ama-opharetha e-Kubernetes, futhi sanikeza izibonelo ezimbalwa zokusebenzisa kwayo.
Imininingwane enemininingwane mayelana ne-shell-opharetha, kanye nesifundo esisheshayo sokuthi isetshenziswa kanjani, iyatholakala ku- . Ungangabazi ukuxhumana nathi ngemibuzo: ungaxoxa ngayo endaweni ekhethekile (ngesiRashiya) noma ngo (ngesiNgisi).
Futhi uma ukuthandile, sihlala sikujabulele ukubona izindaba ezintsha/PR/izinkanyezi ku-GitHub, lapho, ngendlela, ungathola khona ezinye . Phakathi kwazo kufanelekile ukugqamisa , ongumfowabo omkhulu we-shell-operator. Lolu hlelo lokusebenza lisebenzisa amashadi e-Helm ukuze lufake izengezo, lungaletha izibuyekezo futhi luqaphe amapharamitha/amanani eshadi ahlukahlukene, lulawule inqubo yokufakwa kwamashadi, futhi lungawashintsha ngokuphendula imicimbi kuqoqo.
Amavidiyo namaslayidi
Ividiyo evela ekusebenzeni (~ imizuzu engama-23):
Ukwethulwa kombiko:
PS
Funda futhi kubhulogi yethu:
- «";
- «";
- «";
- «.
Source: www.habr.com