Ingabe kulula futhi kulula ukulungisa iqoqo le-Kubernetes? Imemezela i-addon-opharetha

Ngemva igobolondo-opharetha sethula umfowabo omdala - i-addon-opharetha. Lena iphrojekthi yomthombo ovulekile esetshenziselwa ukufaka izingxenye zesistimu kuqoqo le-Kubernetes, elingabizwa ngokuthi izengezo.

Kungani kunezengezo nhlobo?

Akuyona imfihlo ukuthi i-Kubernetes ayiwona umkhiqizo owenziwe ngomumo, futhi ukwakha iqoqo "labantu abadala" uzodinga izengezo ezihlukahlukene. I-Addon-opharetha izokusiza ukuthi ufake, ulungiselele futhi ugcine lezi zengezo zisesikhathini samanje.

Isidingo sezingxenye ezengeziwe ku-cluster sivezwa kuyo bika ozakwabo drusha. Ngamafuphi, isimo se-Kubernetes okwamanje siwukuthi ukuze kube lula ukufakwa "ukudlala ngokuzungezile" ungakwazi ukudlula ngezingxenye eziphuma ebhokisini, kubathuthukisi nokuhlola ungakwazi ukwengeza i-Ingress, kodwa ukufakwa okugcwele, mayelana nakho. ungathi "ukukhiqizwa kwakho kulungile", udinga ukungeza ngezengezo ezihlukene eziyishumi nambili: into yokuqapha, into yokugawula, ungakhohlwa ukungena kanye nomphathi we-cert, khetha amaqembu ama-node, engeza izinqubomgomo zenethiwekhi, isizini ngezilungiselelo ze-sysctl ne-pod autoscaler...

Yiziphi izici eziqondile zokusebenza nabo?

Njengoba umkhuba ubonisa, udaba alukhawulelwe ekufakweni okukodwa. Ukuze usebenze ngokunethezeka neqoqo, izengezo zizodinga ukubuyekezwa, zikhutshazwe (zikhishwe kuqoqo), futhi uzofuna ukuhlola ezinye ngaphambi kokuzifaka kuqoqo lokukhiqiza.

Ngakho-ke, mhlawumbe i-Ansible izokwanela lapha? Kungenzeka. Kodwa Ngokuvamile, izengezo ezigcwele ngokugcwele azihlali ngaphandle kwezilungiselelo. Lezi zilungiselelo zingase zehluke kuye ngokwahluka kweqoqo (aws, gce, azure, bare-metal, do, ...). Ezinye izilungiselelo azikwazi ukucaciswa kusengaphambili; kufanele zitholwe kuqoqo. Futhi iqoqo alimile: kwezinye izilungiselelo kuzodingeka uqaphe izinguquko. Futhi lapha i-Ansible isivele ilahlekile: udinga uhlelo oluhlala kuqoqo, i.e. Kubernetes Operator.

Abazamile emsebenzini igobolondo-opharetha, bazothi imisebenzi yokufaka nokubuyekeza izengezo kanye nezilungiselelo zokuqapha ingaxazululwa ngokuphelele kusetshenziswa izingwegwe okwesheli-opharetha. Ungabhala umbhalo ozokwenza okunemibandela kubectl apply futhi ugade, isibonelo, i-ConfigMap, lapho izilungiselelo zizogcinwa khona. Lokhu cishe yilokho okusetshenziswa ku-addon-opharetha.

Lokhu kuhlelwa kanjani ku-addon-opharetha?

Lapho sidala isixazululo esisha, sisuke emigomeni elandelayo:

• Isifaki-sengezo kufanele sisekele isifanekiso nokucushwa kwesimemezelo. Asenzi imibhalo yomlingo efaka izengezo. I-Addon-opharetha isebenzisa i-Helm ukufaka ama-addon. Ukuze ufake, udinga ukudala ishadi bese ukhetha amanani azosetshenziselwa ukumisa.
• Izilungiselelo zingaba khiqiza ekufakweni, ungakwazi thola ku-cluster, noma thola izibuyekezo, ukuqapha izinsiza zeqoqo. Le misebenzi ingenziwa ngokusebenzisa izingwegwe.
• Izilungiselelo zingaba gcina kuqoqo. Ukugcina izilungiselelo kuqoqo, i-ConfigMap/addon-opharetha iyakhiwa futhi iziqaphi ze-Addon-opharetha ziyashintsha kule ConfigMap. I-Addon-opharetha inika amahhuku ukufinyelela kuzilungiselelo kusetshenziswa izimiso ezilula.
• Ukwengeza kuncike kuzilungiselelo. Uma izilungiselelo zishintshile, i-Addon-opharetha izokhipha ishadi le-Helm ngamavelu amasha. Sibize inhlanganisela yeshadi le-Helm, amanani alo kanye nezingwegwe zemojuli (bona ngezansi ukuze uthole imininingwane eyengeziwe).
• Ukudlala. Azikho izikripthi zokukhishwa komlingo. Indlela yokuvuselela iyafana nohlelo lokusebenza olujwayelekile - qoqa izengezo nama-addon-opharetha esithombeni, uwafake amathegi futhi uwakhiphe.
• Ukulawulwa kwemiphumela. I-Addon-opharetha ingahlinzeka ngamamethrikhi e-Prometheus.

Yini i-padding ku-addon-opharetha?

Ukwengezwa kungabhekwa noma yini enezela imisebenzi emisha kuqoqo. Isibonelo, ukufaka i-Ingress yisibonelo esihle sesengezo. Lokhu kungaba yinoma yimuphi u-opharetha noma isilawuli esine-CRD yaso siqu: i-prometheus-opharetha, umphathi-cert, kube-controller-manager, njll. Noma into encane, kodwa elula ukuyisebenzisa - isibonelo, ikhophi eyimfihlo, ekopisha izimfihlo zokubhalisa ezindaweni ezintsha zamagama, noma ishuna ye-sysctl, elungiselela imingcele ye-sysctl kumanodi amasha.

Ukuze usebenzise izengezo, i-Addon-opharetha inikeza imiqondo eminingana:

• Ishadi lesigqoko esetshenziselwa ukufaka isofthiwe ehlukahlukene kuqoqo - isibonelo, i-Prometheus, i-Grafana, i-nginx-ingress. Uma ingxenye edingekayo ineshadi le-Helm, ukulifaka usebenzisa i-Addon-opharetha kuzoba lula kakhulu.
• Isitoreji samanani. Amashadi e-Helm ngokuvamile anezilungiselelo eziningi ezahlukene ezingashintsha ngokuhamba kwesikhathi. I-Addon-opharetha isekela ukugcina lezi zilungiselelo futhi ingaqapha izinguquko zazo ukuze ifake kabusha ishadi le-Helm ngamavelu amasha.
• Izingwegwe amafayela asebenzisekayo i-Addon-opharetha ewasebenzisayo emicimbini futhi afinyelela isitolo samanani. Ihuku ingakwazi ukuqapha izinguquko kuqoqo futhi ibuyekeze amanani esitolo samanani. Labo. Usebenzisa izingwegwe, ungathola ukuqoqa amanani kusuka kuqoqo ekuqaleni noma ngokweshejuli, noma ungathola okuqhubekayo, uqoqe amanani kusuka kuqoqo ngokusekelwe ezinguqukweni zeqoqo.
• Imodyuli iyinhlanganisela yeshadi le-Helm, isitolo samanani namahhuku. Amamojula anganikwa amandla noma akhutshazwe. Ukukhubaza imojuli kusho ukususa konke ukukhishwa kweshadi le-Helm. Amamojula angakwazi ukuzinika amandla ngokuguqukayo, isibonelo, uma wonke amamojula awadingayo enikwe amandla noma uma ukutholwa kuthole imingcele edingekayo kumahhuku - lokhu kwenziwa kusetshenziswa umbhalo osizayo onikwe amandla.
• Izingwegwe zomhlaba wonke. Lawa amahhuku “ngokwawo”, awafakiwe kumamojula futhi ayakwazi ukufinyelela esitolo samanani omhlaba, amanani atholakala kuwo wonke amahhuku kumamojula.

Lezi zingxenye zisebenza kanjani ndawonye? Ake sibheke isithombe esivela embhalweni:

Kunezimo ezimbili zokusebenza:

1. Ihuku lomhlaba wonke liculwa umcimbi - isibonelo, lapho insiza ekuqoqo ishintsha. Le hook icubungula izinguquko futhi ibhale amanani amasha esitolo samanani omhlaba. I-Addon-opharetha iyaqaphela ukuthi isitoreji somhlaba wonke sishintshile futhi siqala wonke amamojula. Imojula ngayinye, isebenzisa izingwegwe zayo, inquma ukuthi idinga ukunikwa amandla futhi ibuyekeze isitolo sayo samanani. Uma imojuli inikwe amandla, i-Addon-opharetha iqala ukufakwa kweshadi le-Helm. Kulokhu, ishadi le-Helm linokufinyelela kumanani asuka kusitoreji semojula kanye nakwisitoreji somhlaba wonke.
2. Isimo sesibili silula: i-module hook iqalwa umcimbi futhi ishintsha amanani esitolo samanani wemojula. I-Addon-opharetha iyakubona lokhu futhi yethula ishadi le-Helm elinamanani abuyekeziwe.

Ukwengezwa kungenziwa njengehhuku elilodwa, noma njengeshadi elilodwa le-Helm, noma ngisho namamojula amaningana ancike - lokhu kuncike ebunzimeni bengxenye efakwa kuqoqo kanye nezinga elifiswayo lokuguquguquka kokucushwa. Isibonelo, endaweni yokugcina (/izibonelo) kukhona isengezo se-sysctl-tuner, esisetshenziswa kokubili njengemojula elula enehhuku neshadi le-Helm, futhi kusetshenziswa isitolo samanani, okwenza kube nokwenzeka ukwengeza izilungiselelo ngokuhlela i-ConfigMap.

Ukulethwa kwezibuyekezo

Amagama ambalwa mayelana nokuhlela izibuyekezo zengxenye ezifakwa yi-Addon-opharetha.

Ukuze usebenzise i-Addon-opharetha kuqoqo, udinga yakha isithombe ngezengezo ngendlela ye-hook namafayela eshadi le-Helm, engeza ifayela kanambambili addon-operator nakho konke okudingayo ukuze uthole izingwegwe: bash, kubectl, jq, python njll. Khona-ke lesi sithombe singadluliselwa kuqoqo njengohlelo lokusebenza oluvamile, futhi cishe uzofuna ukuhlela isikimu sokumaka esisodwa noma esinye. Uma kukhona amaqoqo ambalwa, indlela efanayo neyezinhlelo zokusebenza ingase ifaneleke: ukukhishwa okusha, inguqulo entsha, hamba kuwo wonke amaqoqo futhi ulungise isithombe se-Pods. Nokho, endabeni yokukhishelwa enanini elibalulekile lamaqoqo, umqondo wokuzibuyekeza kusuka esiteshini ubufaneleka kakhulu kithi.

Nansi indlela esikwenza ngayo:

• Isiteshi empeleni siyisihlonzi esingasethwa kunoma yini (ngokwesibonelo, i-dev/stage/ea/stable).
• Igama lesiteshi umaka wesithombe. Uma udinga ukukhipha izibuyekezo esiteshini, isithombe esisha siyahlanganiswa futhi simakwe ngegama lesiteshi.
• Uma kuvela isithombe esisha kurejista, i-Addon-opharetha iqalwa kabusha futhi yethulwe ngesithombe esisha.

Lokhu akuwona umkhuba ongcono kakhulu, njengoba kubhalwe ku Kubernetes imibhalo. Akunconywa ukwenza lokhu, kodwa sikhuluma ngakho uhlelo lokusebenza oluvamile oluhlala kuqoqo elifanayo. Esimeni se-Addon-opharetha, uhlelo lokusebenza luwukusetshenziswa okuningi okuhlakazeke kuwo wonke amaqoqo, futhi ukuzibuyekeza kusiza kakhulu futhi kwenza ukuphila kube lula.

Iziteshi ziyasiza futhi ekuhlolweni: uma kukhona i-axiliary cluster, ungayilungiselela esiteshini stage futhi ufake izibuyekezo kuyo ngaphambi kokuyikhiphela eziteshini ea и stable. Uma kuneqoqo esiteshini ea kwenzeke iphutha, ungashintshela kulo stable, ngenkathi inkinga yaleli qoqo isaphenywa. Uma iqoqo likhishiwe ekusekelweni okusebenzayo, lishintshela esiteshini salo "esiqandisiwe" - isibonelo, freeze-2019-03-20.

Ngokungeziwe ekubuyekezeni izingwegwe namashadi e-Helm, ungase udinge buyekeza kanye nengxenye yenkampani yangaphandle. Isibonelo, uqaphele isiphazamisi ku-node-exporter enemibandela futhi waze wathola nendlela yokusichibiyela. Okulandelayo, uvule i-PR futhi ulinde ukukhishwa okusha ukuze kudlule kuwo wonke amaqoqo futhi kwandise inguqulo yesithombe. Ukuze ungalindi unomphela, ungakha i-node-exporter yakho futhi ushintshele kuyo ngaphambi kokwamukela i-PR.

Ngokuvamile, lokhu kungenziwa ngaphandle kwe-Addon-opharetha, kodwa nge-Addon-opharetha imodyuli yokufaka i-node-exporter izobonakala endaweni yokugcina eyodwa, i-Dockerfile yokwakha isithombe sakho ingagcinwa khona lapho, kuba lula kubo bonke abahlanganyeli. inqubo yokuqonda ukuthi kwenzekani... Futhi uma kunamaqoqo amaningana, kuba lula kokubili ukuhlola i-PR yakho bese ukhipha inguqulo entsha!

Le nhlangano yokubuyekezwa kwengxenye isebenza ngempumelelo kithi, kodwa noma yiluphi olunye uhlelo olufanelekile lungasetshenziswa - phela kulokhu i-Addon-opharetha iyifayela kanambambili elilula.

isiphetho

Izimiso ezisetshenziswa ku-Addon-opharetha zikuvumela ukuthi wakhe inqubo esobala yokudala, ukuhlola, ukufaka nokubuyekeza izengezo kuqoqo, elifana nezinqubo zokuthuthukisa izinhlelo zokusebenza ezivamile.

Izengezo ze-Addon-opharetha ngefomethi yemojuli (Ishadi le-Helm + izingwegwe) zingenziwa zitholakale esidlangalaleni. Thina, inkampani yakwaFlant, sihlela ukushicilela intuthuko yethu ngendlela yezengezo ezinjalo ehlobo. Joyina ukuthuthukiswa ku-GitHub (igobolondo-opharetha, i-addon-opharetha), zama ukwenza isengezo sakho ngokususelwe kukho izibonelo и imibhalo, linda izindaba ku-Habré nasezindabeni zethu Isiteshi se-YouTube!

PS

Funda futhi kubhulogi yethu:

• «Ukwandisa nokwengeza i-Kubernetes (uhlolojikelele kanye nombiko wevidiyo)";
• «Sethula i-shell-opharetha: ukudala ama-opharetha e-Kubernetes sekulula".

Source: www.habr.com