🥇Uzifinyelela kanjani izinsiza ze-Kubernetes Pod

Umvuzo kaTohad

Uma uqala nge-Kubernetes, kuvamile ukukhohlwa ngokusetha izinsiza zeziqukathi. Kuleli qophelo, kwanele ukuqinisekisa ukuthi isithombe se-Docker siyasebenza futhi singathunyelwa kuqoqo le-Kubernetes.

Kodwa ngokuhamba kwesikhathi isicelo sidinga ukufakwa kuqoqo lokukhiqiza kanye nezinye izinhlelo zokusebenza. Ukwenza lokhu, udinga ukwaba izinsiza zesitsha futhi uqiniseke ukuthi zanele ukuze uhlelo lusebenze, nokuthi ezinye izinhlelo zokusebenza ezisebenzayo ngeke zibe nezinkinga.

Ithimba I-Kubernetes aaS evela ku-Mail.ru uhumushe i-athikili mayelana nezinsiza zeziqukathi (CPU & MEM), izicelo kanye nemikhawulo yezinsiza. Uzofunda izinzuzo zalezi zilungiselelo nokuthi kwenzekani uma ungazisethi.

Izinsiza zekhompyutha

Sinezinhlobo ezimbili zezinsiza ezinamayunithi alandelayo:

Iyunithi yokucubungula emaphakathi (CPU) - ama-cores;
Imemori (MEM) - amabhayithi.

Izinsiza zicaciswe esitsheni ngasinye. Efayeleni elilandelayo le-Pod YAML, uzobona ingxenye yensiza equkethe izinsiza eziceliwe futhi ezinomkhawulo:

Izinsiza Ze-Pod eziceliwe = isamba sezinsiza eziceliwe zazo zonke iziqukathi;
Umkhawulo Wensiza Ye-Pod = Isamba sayo yonke Imikhawulo Yensiza Ye-Pod.

apiVersion: v1
kind: Pod
metadata:
  name: backend-pod-name
  labels:
    application: backend
spec:
  containers:
    — name: main-container
      image: my-backend
      tag: v1
      ports:
      — containerPort: 8080
      resources:
        requests:
          cpu: 0.2 # REQUESTED CPU: 200m cores
          memory: "1Gi" # REQUESTED MEM: 1Gi
        limits:
          cpu: 1 # MAX CPU USAGE: 1 core
          memory: "1Gi" # MAX MEM USAGE:  1Gi
    — name: other-container
      image: other-app
      tag: v1
      ports:
      — containerPort: 8000
      resources:
        requests:
          cpu: "200m" # REQUESTED CPU: 200m cores
          memory: "0.5Gi" # REQUESTED MEM: 0.5Gi
        limits:
          cpu: 1 # MAX CPU USAGE: 1 core
          memory: "1Gi" # MAX MEM USAGE:  1Gi

Isibonelo Sezinsiza Eziceliwe Nezikhawulelwe

Insimu resources.requested kusukela ku-Specification Pod ingenye yezinto ezisetshenziselwa ukuthola indawo oyifunayo. Usuvele ukuhlelele ukuthunyelwa kwe-Pod. Uyithola kanjani i-node efanelekile?

I-Kubernetes iqukethe izingxenye ezimbalwa, okuhlanganisa i-master node noma i-master node (Kubernetes Control Plane). I-master node inezinqubo ezimbalwa: kube-apiserver, kube-controller-manager kanye ne-kube-scheduler.

Inqubo ye-kube-scheduler inomthwalo wemfanelo wokubuyekeza ama-pod asanda kwakhiwa kanye nokuthola ama-node angaba khona ezisebenzi afana nazo zonke izicelo ze-pod, okuhlanganisa nenani lezinsiza eziceliwe. Uhlu lwama-node atholwe ngu-kube-scheduler lubekwe zibalwa. I-pod ihlelwe ku-node enamaphuzu aphezulu kakhulu.

Izobekwa kuphi iPod ensomi?

Esithombeni ungabona ukuthi i-kube-scheduler kufanele ihlele iPod entsha ensomi. Iqoqo le-Kubernetes liqukethe ama-node amabili: A no-B. Njengoba ubona, i-kube-scheduler ayikwazi ukuhlela i-Pod ku-node A - izinsiza ezitholakalayo (ezingaceliwe) azifani nezicelo zePod ensomi. Ngakho-ke, inkumbulo engu-1 GB ecelwe iPod onsomi ngeke ilingane ku-node A, njengoba inkumbulo etholakalayo ingu-0,5 GB. Kodwa inodi B inezinsiza ezanele. Njengomphumela, i-kube-scheduler inquma ukuthi indawo yePod onsomi iyinodi B.

Manje siyazi ukuthi izinsiza eziceliwe zikuthinta kanjani ukukhethwa kwe-node ukusebenzisa i-Pod. Kodwa uyini umthelela wezinsiza ezingaphansi?

Umkhawulo wensiza ungumngcele i-CPU/MEM engakwazi ukuweqa. Kodwa-ke, insiza ye-CPU iyavumelana nezimo, ngakho-ke iziqukathi ezifinyelela umkhawulo wazo we-CPU ngeke zibangele ukuthi i-Pod iphume. Kunalokho, i-CPU throttling izoqala. Uma umkhawulo wokusetshenziswa kwe-MEM ufinyelelwa, isiqukathi sizomiswa ngenxa ye-OOM-Killer futhi siqaliswe kabusha uma kuvunyelwe ukulungiselelwa kwe-RestartPolicy.

Izinsiza eziceliwe neziningi ngemininingwane

Ukuxhumana kwezinsiza phakathi kwe-Docker ne-Kubernetes

Indlela engcono kakhulu yokuchaza ukuthi izicelo zensiza kanye nemikhawulo yensiza zisebenza kanjani ukwethula ubudlelwano phakathi kuka-Kubernetes ne-Docker. Esithombeni esingenhla ungabona ukuthi izinkambu ze-Kubernetes namafulegi wokuqalisa we-Docker ahlobene kanjani.

Inkumbulo: isicelo kanye nomkhawulo

containers:
...
 resources:
   requests:
     memory: "0.5Gi"
   limits:
     memory: "1Gi"

Njengoba kushiwo ngenhla, inkumbulo ikalwa ngamabhayithi. Ngokusekelwe ku Kubernetes imibhalo, singacacisa inkumbulo njengenombolo. Ngokuvamile iyinombolo, isibonelo 2678 - okungukuthi, 2678 bytes. Ungasebenzisa futhi izijobelelo G и Gi, into eyinhloko ukukhumbula ukuthi azilingani. Eyokuqala idesimali kanti eyesibili inambambili. Njengesibonelo esishiwo emibhalweni ye-k8s: 128974848, 129e6, 129M, 123Mi - ziyalingana ngokoqobo.

Inketho ye-Kubernetes limits.memory ihambisana nefulegi --memory kusuka ku-Docker. Uma kwenzeka request.memory Awukho umcibisholo we-Docker ngoba i-Docker ayisebenzisi le nkambu. Ungase ubuze, ingabe lokhu kuyadingeka? Yebo isidingo. Njengoba ngishilo ngaphambili, inkambu ibalulekile ku-Kubernetes. Ngokusekelwe olwazini olusuka kuyo, i-kube-scheduler inquma ukuthi iyiphi i-node okufanele ihlele i-Pod.

Kwenzekani uma usetha inkumbulo enganele ngesicelo?

Uma isiqukathi sesifinyelele umkhawulo wememori eceliwe, i-Pod ibekwa eqenjini lama-Pods ayekayo lapho inkumbulo ingekho eyanele endaweni.

Kwenzekani uma usetha umkhawulo wememori uphansi kakhulu?

Uma isiqukathi seqa umkhawulo wememori, sizonqanyulwa ngenxa ye-OOM-Killed. Futhi izoqala kabusha uma kungenzeka ngokusekelwe ku-RestartPolicy lapho inani elizenzakalelayo likhona Always.

Kwenzekani uma ungayicacisi inkumbulo eceliwe?

I-Kubernetes izothatha inani elilinganiselwe futhi ilisethe njengenani elizenzakalelayo.

Kungenzekani uma ungacacisi umkhawulo wenkumbulo?

Isiqukathi asinawo imingcele; singasebenzisa inkumbulo eningi ngendlela esiyifunayo. Uma eqala ukusebenzisa yonke inkumbulo etholakalayo yenodi, khona-ke u-OOM uzombulala. Isiqukathi sizobe sesiqalwa kabusha uma kungenzeka ngokusekelwe ku-RestartPolicy.

Kwenzekani uma ungacacisi imikhawulo yenkumbulo?

Lesi yisimo esibi kakhulu: umhleli akazi ukuthi zingaki izinsiza ezidingwa isiqukathi, futhi lokhu kungabangela izinkinga ezinkulu endaweni. Kulokhu, kungaba kuhle ukuba nemikhawulo ezenzakalelayo endaweni yamagama (emiswe yi-LimitRange). Ayikho imikhawulo emisiwe - iPod ayinamkhawulo, ingasebenzisa inkumbulo eningi ngokuthanda kwayo.

Uma imemori eceliwe ingaphezu kwenodi enganikezwa, iPod ngeke ihlelwe. Kubalulekile ukukhumbula lokho Requests.memory - hhayi inani elincane. Lena incazelo yenani lememori eyanele ukugcina isiqukathi sisebenza ngokuqhubekayo.

Ngokuvamile kunconywa ukusetha inani elifanayo lalo request.memory и limit.memory. Lokhu kuqinisekisa ukuthi i-Kubernetes ngeke ihlele i-Pod endaweni enenkumbulo eyanele yokusebenzisa i-Pod kodwa enganele ukuyiqhuba. Khumbula: Ukuhlela kwe-Kubernetes Pod kubheka kuphela requests.memory, futhi limits.memory akunaki.

CPU: isicelo kanye nomkhawulo

containers:
...
 resources:
   requests:
     cpu: 1
   limits:
     cpu: "1200m"

Nge-CPU yonke into iyinkimbinkimbi kakhulu. Ukubuyela esithombeni sobudlelwano phakathi kukaKubernetes noDocker, ungakubona lokho request.cpu соответствует --cpu-shares, kanti limit.cpu ihambisana nefulegi cpus e-Docker.

I-CPU ecelwa u-Kubernetes iphindaphindwa ngo-1024, ingxenye yemijikelezo ye-CPU. Uma ufuna ukucela umongo o-1 ogcwele, kufanele wengeze cpu: 1njengoba kuboniswe ngenhla.

Ukucela i-kernel egcwele (ingxenye = 1024) akusho ukuthi isiqukathi sakho sizoyithola. Uma umshini wakho wokusingathwa unomgogodla owodwa kuphela futhi usebenzisa isiqukathi esingaphezu kwesisodwa, zonke iziqukathi kufanele zabelane nge-CPU etholakalayo phakathi kwazo. Kwenzeka kanjani lokhu? Ake sibheke isithombe.

Isicelo se-CPU - Uhlelo Olulodwa Lwe-Core

Ake sicabange ukuthi une-single-core host system egijima iziqukathi. Umama (Kubernetes) ubhake uphaya (CPU) futhi ufuna ukulihlukanisa phakathi kwezingane (izitsha). Izingane ezintathu zifuna uphaya ophelele (isilinganiso = 1024), enye ingane ifuna uhhafu kaphaya (512). Umama ufuna ukuba nobulungisa futhi wenza izibalo ezilula.

# Сколько пирогов хотят дети?
# 3 ребенка хотят по целому пирогу и еще один хочет половину пирога
cakesNumberKidsWant = (3 * 1) + (1 * 0.5) = 3.5
# Выражение получается так:
3 (ребенка/контейнера) * 1 (целый пирог/полное ядро) + 1 (ребенок/контейнер) * 0.5 (половина пирога/половина ядра)
# Сколько пирогов испечено?
availableCakesNumber = 1
# Сколько пирога (максимально) дети реально могут получить?
newMaxRequest = 1 / 3.5 =~ 28%

Ngokusekelwe esibalweni, izingane ezintathu zizothola u-28% womnyombo, hhayi wonke umnyombo. Ingane yesine izothola u-14% we-kernel egcwele, hhayi uhhafu. Kodwa izinto zizohluka uma unesistimu ye-multi-core.

Isicelo se-CPU - Isistimu ye-Multi-Core (4).

Esithombeni esingenhla ungabona ukuthi izingane ezintathu zifuna i-pie yonke, kanti enye ifuna isigamu. Njengoba umama abhake ophaya abane, ingane ngayinye izothola abaningi ngokuthanda kwayo. Kusistimu enama-multi-core, izinsiza zokucubungula zisatshalaliswa kuwo wonke ama-processor cores atholakalayo. Uma isiqukathi sikhawulelwe ngaphansi komgogodla owodwa ogcwele we-CPU, sisengasisebenzisa ku-100%.

Izibalo ezingenhla zenziwe lula ukuze kuqondwe ukuthi i-CPU isatshalaliswa kanjani phakathi kweziqukathi. Yiqiniso, ngaphandle kweziqukathi ngokwazo, kunezinye izinqubo ezisebenzisa izinsiza ze-CPU. Uma izinqubo esitsheni esisodwa zingenzi lutho, ezinye zingasebenzisa insiza yayo. CPU: "200m" соответствует CPU: 0,2, okusho ukuthi cishe u-20% wengqikithi eyodwa.

Manje ake sikhulume limit.cpu. I-CPU ekhawulwa ngu-Kubernetes iphindaphindwa ngo-100. Umphumela uyinani lesikhathi isiqukathi esingasisebenzisa njalo ngo-100 µs (cpu-period).

limit.cpu ihambisana nefulegi le-Docker --cpus. Lena inhlanganisela entsha yakudala --cpu-period и --cpu-quota. Ngokuyisetha, sibonisa ukuthi zingaki izinsiza ze-CPU ezitholakalayo isiqukathi esingazisebenzisa kakhulu ngaphambi kokuthi kuqale:

cpus - inhlanganisela cpu-period и cpu-quota. cpus = 1.5 kulingana nesilungiselelo cpu-period = 100000 и cpu-quota = 150000;
Isikhathi se-CPU - isikhathi Isihleli se-CPU CFS, ama-microsecond angu-100 azenzakalelayo;
cpu-quota - inani lama-microseconds ngaphakathi cpu-period, eboshwe yisitsha.

Kwenzekani uma ufaka i-CPU enganele eceliwe?

Uma isiqukathi sidinga okungaphezu kwalokho esisifakile, sizontshontsha i-CPU kwezinye izinqubo.

Kwenzekani uma usetha umkhawulo we-CPU uphansi kakhulu?

Njengoba insiza ye-CPU ilungiseka, i-throttling izovuleka.

Kwenzekani uma ungasicacisi isicelo se-CPU?

Njengenkumbulo, inani lesicelo lilingana nomkhawulo.

Kwenzekani uma ungacacisi umkhawulo we-CPU?

Isiqukathi sizosebenzisa i-CPU eningi njengoba sidinga. Uma inqubomgomo ye-CPU ezenzakalelayo (LimitRange) ichazwa endaweni yamagama, lo mkhawulo nawo uyasetshenziswa esiqukathi.

Kwenzekani uma ungacacisi isicelo noma umkhawulo we-CPU?

Njengenkumbulo, lesi yisimo esibi kakhulu. Umhleli akazi ukuthi zingaki izinsiza ezidingwa isiqukathi sakho, futhi lokhu kungabangela izinkinga ezinkulu endaweni. Ukuze ugweme lokhu, udinga ukusetha imikhawulo ezenzakalelayo yezikhala zamagama (LimitRange).

Khumbula: uma ucela i-CPU eningi kunamanodi angakunikeza, iPod ngeke ihlelwe. Requests.cpu - hhayi inani elincane, kodwa inani elanele ukuqala iPod futhi usebenze ngaphandle kokwehluleka. Uma uhlelo lokusebenza lungenzi izibalo eziyinkimbinkimbi, inketho engcono kakhulu ukufaka request.cpu <= 1 futhi wethule ama-replicas amaningi njengoba kudingeka.

Inani elifanelekile lezinsiza eziceliwe noma umkhawulo wensiza

Sifunde ngomkhawulo wezinsiza zekhompyutha. Manje sekuyisikhathi sokuphendula umbuzo: “Zingaki izinsiza ezidingwa i-Pod yami ukuze isebenzise uhlelo ngaphandle kwezinkinga? Ingakanani inani elifanelekile?

Ngeshwa, azikho izimpendulo ezicacile zale mibuzo. Uma ungazi ukuthi uhlelo lwakho lokusebenza lusebenza kanjani noma ukuthi ludinga i-CPU engakanani noma inkumbulo, inketho engcono kakhulu ukunikeza uhlelo lokusebenza inkumbulo eningi ne-CPU bese uqhuba izivivinyo zokusebenza.

Ngokungeziwe ekuhlolweni kokusebenza, qapha ukuziphatha kohlelo lokusebenza ekuqapheni iviki lonke. Uma amagrafu ekhombisa ukuthi uhlelo lwakho lokusebenza lisebenzisa izinsiza ezimbalwa kunalokho obucelile, unganciphisa inani le-CPU noma inkumbulo eceliwe.

Njengesibonelo bona lokhu Grafana dashboard. Ibonisa umehluko phakathi kwezinsiza eziceliwe noma umkhawulo wensiza kanye nokusetshenziswa kwamanje kwensiza.

isiphetho

Ukucela nokukhawulela izinsiza kusiza ukugcina iqoqo lakho le-Kubernetes liphilile. Ukucushwa okufanelekile komkhawulo kunciphisa izindleko futhi kugcina izinhlelo zokusebenza zisebenza ngaso sonke isikhathi.

Ngamafuphi, kunezinto ezimbalwa okufanele uzikhumbule:

Izinsiza eziceliwe ziwukucushwa okucatshangelwa ngesikhathi sokuqalisa (lapho u-Kubernetes ehlela ukusingatha uhlelo lokusebenza). Ngokuphambene, ukukhawulela izinsiza kubalulekile ngesikhathi sokusebenza—lapho uhlelo seluvele lusebenza endaweni.
Uma kuqhathaniswa nenkumbulo, i-CPU iyinsiza elawulwayo. Uma ingekho i-CPU eyanele, iPod yakho ngeke ivaleke futhi indlela yokudonsa izovuleka.
Izinsiza eziceliwe kanye nomkhawulo wezinsiza akuzona amanani amancane futhi aphezulu! Ngokuchaza izinsiza eziceliwe, uqinisekisa ukuthi uhlelo lokusebenza luzosebenza ngaphandle kwezinkinga.
Umkhuba omuhle ukusetha isicelo sememori silingane nomkhawulo wememori.
Kuceliwe ukufaka isicelo CPU <=1, uma uhlelo lokusebenza lungenzi izibalo eziyinkimbinkimbi.
Uma ucela izinsiza eziningi kunalezo ezitholakala endaweni, i-Pod ayisoze yahlelelwa kuleyo nodi.
Ukuze unqume inani elilungile lezinsiza/imikhawulo yensiza eceliwe, sebenzisa ukuhlolwa komthwalo nokuqapha.

Ngithemba ukuthi lesi sihloko sikusiza ukuthi uqonde umqondo oyisisekelo wokukhawulelwa kwezinsiza. Futhi uzokwazi ukusebenzisa lolu lwazi emsebenzini wakho.

Good luck!

Okunye ongakufunda:

Source: www.habr.com

Ungafinyelela kanjani izinsiza ze-Kubernetes Pod