Platform
Isixazululo esisobala kwakuwukusebenzisa iRed Hat Enterprise Linux CoreOS (okuhlukile kweRed Hat Enterprise Linux) kanye ne-CRI-O njengezinga, futhi yingakho...
Njengoba isihloko sokuhamba ngomkhumbi sisihle kakhulu ekutholeni ama-analogies lapho uchaza umsebenzi we-Kubernetes neziqukathi, ake sizame ukukhuluma ngezinkinga zebhizinisi ezixazululwa yi-CoreOS ne-CRI-O, sisebenzisa isibonelo.
Manje ake ucabange ukuthi ngabe uBrunel bekufanele enze lo msebenzi kumamodeli wemikhumbi angama-20 (izinguqulo ze-Kubernetes) kanye namaplanethi amahlanu ahlukene anemimoya yolwandle ehluke ngokuphelele (abahlinzeki bamafu). Ngaphezu kwalokho, kwakudingeka ukuthi yonke imikhumbi (amaqoqo e-OpenShift), kungakhathaliseki ukuthi amaplanethi okwenziwa kuwo ukuzulazula, ngokombono wabaphathi (abaqhubi abaphethe ukusebenza kwamaqoqo) baziphathe ngendlela efanayo. Ukuze uqhubeke nesifaniso sasolwandle, okaputeni bemikhumbi abanandaba nakancane ukuthi hlobo luni lwamabhulokhi okugoqa (CRI-O) asetshenziswa emikhunjini yabo - into esemqoka kubo ukuthi la mabhuloki aqinile futhi anokwethenjelwa.
I-OpenShift 4, njengengxenyekazi yamafu, ibhekene nenselelo yebhizinisi efana kakhulu. Amanodi amasha kufanele adalwe ngesikhathi sokudala iqoqo, uma kwenzeka iphutha kwenye yamanodi, noma lapho kulinganiswa iqoqo. Uma i-node entsha idaliwe futhi iqaliswa, izingxenye zokusingatha ezibalulekile, kuhlanganise ne-CRI-O, kufanele zimiswe ngokufanele. Njengakunoma yimuphi omunye umkhiqizo, "izinto zokusetshenziswa" kufanele zinikezwe ekuqaleni. Endabeni yemikhumbi, izinto zokusetshenziswa ziyinsimbi nokhuni. Nokho, esimweni sokudala umsingathi wokuphakela iziqukathi kuqoqo le-OpenShift 4, udinga ukuba namafayela okusetha namaseva ahlinzekwe nge-API njengokufaka. I-OpenShift izobe isihlinzeka ngezinga elidingekayo lokuzenzakalela kuwo wonke umjikelezo wempilo, inikeze ukusekela komkhiqizo okudingekayo kubasebenzisi bokugcina futhi ngaleyo ndlela ibuyise ukutshalwa kwezimali kunkundla.
I-OpenShift 4 idalwe ngendlela yokuthi inikeze ikhono lokubuyekeza uhlelo kalula kuwo wonke umjikelezo wempilo weplathifomu (ngezinguqulo ezingu-4.X) kubo bonke abahlinzeki abakhulu bekhompyutha yamafu, izinkundla zokuxhumana kanye nezinhlelo zensimbi ezingenalutho. Ukuze wenze lokhu, ama-node kufanele adalwe ngesisekelo sezinto eziguquguqukayo. Uma iqoqo lidinga inguqulo entsha ye-Kubernetes, liphinde lithole inguqulo ehambisanayo ye-CRI-O ku-CoreOS. Njengoba inguqulo ye-CRI-O iboshelwe ngokuqondile ku-Kubernetes, lokhu kwenza kube lula noma yiziphi izimvume zokuhlola, ukuxazulula izinkinga, noma izinjongo zokusekela. Ngaphezu kwalokho, le ndlela inciphisa izindleko kubasebenzisi bokugcina kanye ne-Red Hat.
Lena indlela entsha yokucabanga ngamaqoqo e-Kubernetes futhi ibeka isisekelo sokuhlela izici ezintsha eziwusizo neziphoqayo. I-CRI-O (I-Container Runtime Interface - I-Open Container Initiative, i-CRI-OCI efushanisiwe) ibe yisinqumo esiphumelele kakhulu ekwakhiweni kwenqwaba yama-node adingekayo ukuze kusebenze ne-OpenShift. I-CRI-O izongena esikhundleni senjini ye-Docker esetshenziswe ngaphambilini, enikeza abasebenzisi be-OpenShift
Umhlaba weziqukathi ezivulekile
Umhlaba usunesikhathi eside ubheke ezitsheni ezivulekile. Kungakhathaliseki ukuthi kuse-Kubernetes, noma emazingeni aphansi,
Konke kwaqala ngokwakhiwa kwe-Open Containers Initiative
Umphakathi wakwaKubernetes wabe usuthuthukisa indinganiso eyodwa yesixhumi esibonakalayo esixhumeka, esibizwa
Onjiniyela bakwa-Red Hat naku-Google babone isidingo semakethe senjini yesiqukathi engamukela izicelo ze-Kubelet ngephrothokholi ye-CRI futhi bethula iziqukathi ezihambisana nokucaciswa kwe-OCI okukhulunywe ngenhla. Ngakho
U-fig. 1.
Ukuqamba okusha nge-CRI-O ne-CoreOS
Ngokwethulwa kweplatifomu ye-OpenShift 4, yashintshwa
Linda, kunjani lokhu?
Kulungile, ngokufika kwe-OpenShift 4, asikho isidingo sokuxhuma kubasingathi ngabanye futhi ufake injini yesiqukathi, ulungise isitoreji, ulungiselele amaseva okusesha noma ulungiselele inethiwekhi. Iplathifomu ye-OpenShift 4 yenziwe kabusha ngokuphelele ukuze isetshenziswe
I-Kubernetes ibilokhu ivumela abasebenzisi ukuthi baphathe izinhlelo zokusebenza ngokuchaza isimo esifiswayo nokusebenzisa
Ngokusebenzisa ama-Operators endaweni yesikhulumi, i-OpenShift 4 iletha le paradigm entsha (isebenzisa umqondo wesethi nesimo sangempela) kubaphathi be-RHEL CoreOS ne-CRI-O. Imisebenzi yokumisa nokuphatha izinguqulo zesistimu yokusebenza kanye nenjini yesiqukathi i-automatic kusetshenziswa lokho okubizwa ngokuthi
Iziqukathi ezigijimayo
Abasebenzisi bathole ithuba lokusebenzisa injini ye-CRI-O kuplathifomu ye-OpenShift kusukela kunguqulo 3.7 esimweni sokubuka kuqala kweTech futhi kusukela kunguqulo 3.9 esimweni Esitholakala Ngokujwayelekile (okwamanje siyasekelwa). Ngaphezu kwalokho, i-Red Hat isebenzisa kakhulu
Ilayisi. 2. Indlela iziqukathi ezisebenza ngayo kuqoqo le-Kubernetes
I-CRI-O yenza kube lula ukudalwa kwabasingathi besitsha esisha ngokuvumelanisa lonke izinga eliphezulu lapho kuqalwa amanodi amasha, nalapho ukhulula izinguqulo ezintsha zeplathifomu ye-OpenShift. Ukubuyekezwa kweplathifomu yonke kuvumela ukubuyekezwa/ukubuyiselwa emuva kokwenzekayo, futhi kuphinde kuvimbele ukugoqana kokuncika phakathi komgogodla wesiqukathi, injini yesiqukathi, ama-node (Kubelets) kanye ne-Kubernetes Master node. Ngokuphatha zonke izingxenye zenkundla, ngokulawula nokwenza inguqulo, kuhlale kunendlela ecacile esuka kusifunda A ukuya esifundazweni B. Lokhu kwenza inqubo yokubuyekeza ibe lula, kuthuthukisa ukuvikeleka, kuthuthukisa ukubika kokusebenza, futhi kusiza ukunciphisa izindleko zokubuyekeza nokufakwa kwezinguqulo ezintsha. .
Ibonisa amandla wezinto ezishintshayo
Njengoba kushiwo ngaphambili, ukusebenzisa i-Machine Config Operator ukuphatha umsingathi weziqukathi kanye nenjini yesiqukathi ku-OpenShift 4 inikeza izinga elisha lokuzenzakalelayo elalingenzeki ngaphambilini endaweni yesikhulumi se-Kubernetes. Ukuze sibonise izici ezintsha, sizobonisa ukuthi ungenza kanjani izinguquko kufayela le-crio.conf. Ukuze ugweme ukudideka ngamagama, zama ukugxila emiphumeleni.
Okokuqala, ake sakhe lokho okubizwa ngokuthi ukucushwa kwesikhathi sokusebenza kwesitsha - I-Container Runtime Config. Kucabange njengesisetshenziswa se-Kubernetes esimele ukucushwa kwe-CRI-O. Eqinisweni, inguqulo ekhethekile yento ebizwa nge-MachineConfig, okuyinoma yikuphi ukucushwa okuthunyelwa emshinini we-RHEL CoreOS njengengxenye yeqoqo le-OpenShift.
Lesi sisetshenziswa ngokwezifiso, esibizwa nge-ContainerRuntimeConfig, sadalelwa ukwenza kube lula kubalawuli beqoqo ukulungisa i-CRI-O. Leli thuluzi linamandla ngokwanele ukuthi lingasetshenziswa kuphela kumanodi athile kuye ngezilungiselelo ze-MachineConfigPool. Kucabange njengeqembu lemishini efeza injongo efanayo.
Qaphela imigqa emibili yokugcina esizoyishintsha kufayela /etc/crio/crio.conf. Le migqa emibili ifana kakhulu nelayini ekwifayela le-crio.conf, ithi:
vi ContainerRuntimeConfig.yaml
Isiphetho:
apiVersion: machineconfiguration.openshift.io/v1
kind: ContainerRuntimeConfig
metadata:
name: set-log-and-pid
spec:
machineConfigPoolSelector:
matchLabels:
debug-crio: config-log-and-pid
containerRuntimeConfig:
pidsLimit: 2048
logLevel: debug
Manje ake siphushe leli fayela kuqoqo le-Kubernetes futhi sihlole ukuthi lakhiwe ngempela yini. Sicela uqaphele ukuthi ukusebenza kuyafana ncamashi nanoma iyiphi enye insiza yakwa-Kubernetes:
oc create -f ContainerRuntimeConfig.yaml
oc get ContainerRuntimeConfig
Isiphetho:
NAME AGE
set-log-and-pid 22h
Uma sesidale i-ContainerRuntimeConfig, sidinga ukulungisa enye ye-MachineConfigPools ukuze ibonise ku-Kubernetes ukuthi sifuna ukusebenzisa lokhu kulungiselelwa eqenjini elithile lemishini ku-cluster. Kulokhu sizoshintsha i-MachineConfigPool yamanodi ayinhloko:
oc edit MachineConfigPool/master
Isiphetho (ukuze kucace, ingqikithi eyinhloko ishiywe):
...
metadata:
creationTimestamp: 2019-04-10T23:42:28Z
generation: 1
labels:
debug-crio: config-log-and-pid
operator.machineconfiguration.openshift.io/required-for-upgrade: ""
...
Kuleli qophelo, i-MCO iqala ukudala ifayela elisha le-crio.conf leqoqo. Kulokhu, ifayela lokucushwa eliqedwe ngokuphelele lingabukwa kusetshenziswa i-Kubernetes API. Khumbula, i-ContainerRuntimeConfig iyinguqulo ekhethekile ye-MachineConfig, ngakho-ke singabona umphumela ngokubheka imigqa efanele ku-MachineConfigs:
oc get MachineConfigs | grep rendered
Isiphetho:
rendered-master-c923f24f01a0e38c77a05acfd631910b 4.0.22-201904011459-dirty 2.2.0 16h
rendered-master-f722b027a98ac5b8e0b41d71e992f626 4.0.22-201904011459-dirty 2.2.0 4m
rendered-worker-9777325797fe7e74c3f2dd11d359bc62 4.0.22-201904011459-dirty 2.2.0 16h
Sicela uqaphele ukuthi ifayela eliwumphumela lokucushwa kwamanodi ayinhloko bekuyinguqulo entsha kuneyokuqala ukucupha. Ukuze uyibuke, sebenzisa umyalo olandelayo. Ngokuhamba kwesikhathi, siqaphela ukuthi lena mhlawumbe ingelinye lama-line-line amahle kakhulu emlandweni we-Kubernetes:
python3 -c "import sys, urllib.parse; print(urllib.parse.unquote(sys.argv[1]))" $(oc get MachineConfig/rendered-master-f722b027a98ac5b8e0b41d71e992f626 -o YAML | grep -B4 crio.conf | grep source | tail -n 1 | cut -d, -f2) | grep pid
Isiphetho:
pids_limit = 2048
Manje ake siqinisekise ukuthi ukucushwa kusetshenziswe kuwo wonke ama-master node. Okokuqala sithola uhlu lwama-node ku-cluster:
oc get node | grep master
Output:
ip-10-0-135-153.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
ip-10-0-154-0.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
ip-10-0-166-79.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
Manje ake sibheke ifayela elifakiwe. Uzobona ukuthi ifayela libuyekeziwe ngamavelu amasha we-pid kanye neziqondiso zokususa iphutha esizicacisile kusisetshenziswa se-ContainerRuntimeConfig. I-Elegance ngokwayo:
oc debug node/ip-10-0-135-153.us-east-2.compute.internal β cat /host/etc/crio/crio.conf | egrep 'debug||pidβ
Isiphetho:
...
pids_limit = 2048
...
log_level = "debug"
...
Zonke lezi zinguquko kuqoqo zenziwe ngaphandle kokusebenzisa i-SSH. Wonke umsebenzi wenziwa ngokungena ku-Kuberentes master node. Okusho ukuthi, le mingcele emisha yayilungiselelwe kuphela kuma-master node. Amanodi ezisebenzi awazange ashintshe, okubonisa izinzuzo zendlela ye-Kubernetes yokusebenzisa izifunda ezishiwo nezingokoqobo ngokuphathelene nabasingathi beziqukathi nezinjini zeziqukathi ezinezakhi ezishintshayo.
Isibonelo esingenhla sibonisa amandla okwenza izinguquko kuqoqo elincane le-OpenShift Container Platform 4 elinama-node amathathu okukhiqiza noma iqoqo elikhulu lokukhiqiza elinama-node angu-3000. Kunoma ikuphi, inani lomsebenzi lizofana - futhi lincane kakhulu - mane ulungiselele ifayela le-ContainerRuntimeConfig, bese ushintsha ilebula eyodwa ku-MachineConfigPool. Futhi ungakwenza lokhu nganoma iyiphi inguqulo ye-OpenShift Container Platform 4.X esebenzisa i-Kubernetes kuwo wonke umjikelezo wayo wokuphila.
Ngokuvamile izinkampani zobuchwepheshe zishintsha ngokushesha kangangokuthi asikwazi ukuchaza ukuthi kungani sikhetha ubuchwepheshe obuthile bezingxenye eziyisisekelo. Izinjini zamabhokisi ngokomlando beziyingxenye abasebenzisi abasebenzisana nayo ngokuqondile. Njengoba ukuthandwa kweziqukathi ngokwemvelo kwaqala ngokufika kwezinjini zeziqukathi, abasebenzisi bavame ukukhombisa isithakazelo kuzo. Lesi esinye isizathu esenza ukuthi i-Red Hat ikhethe i-CRI-O. Iziqukathi ziyathuthuka ngokugxila manje ku-orchestration, futhi sithole ukuthi i-CRI-O inikeza umuzwa ongcono kakhulu lapho usebenza ne-OpenShift 4.
Source: www.habr.com