Platform ikuvumela ukuthi wenze lula ukudalwa , okuhlanganisa nengqalasizinda yabahlinzeki besevisi yamafu, ezinkundleni zokuxhumana noma kumasistimu ensimbi engenalutho. Ukuze sakhe inkundla esekelwe amafu ngempela, kwakudingeka silawule ngokuqinile zonke izakhi ezisetshenzisiwe futhi ngaleyo ndlela sandise ukwethembeka kwenqubo eyinkimbinkimbi yokuzenzakalela.
Isixazululo esisobala kwakuwukusebenzisa iRed Hat Enterprise Linux CoreOS (okuhlukile kweRed Hat Enterprise Linux) kanye ne-CRI-O njengezinga, futhi yingakho...
Njengoba isihloko sokuhamba ngomkhumbi sisihle kakhulu ekutholeni ama-analogies lapho uchaza umsebenzi we-Kubernetes neziqukathi, ake sizame ukukhuluma ngezinkinga zebhizinisi ezixazululwa yi-CoreOS ne-CRI-O, sisebenzisa isibonelo. . Ngo-1803, uMarc Brunel wanikezwa umsebenzi wokukhiqiza amabhlokhi angu-100 okuhlotshaniswa nezidingo zebutho lasolwandle elikhulayo laseBrithani. I-rigging block uhlobo lwezintambo ezisetshenziselwa ukunamathisela izintambo kuseyili. Kuze kube sekuqaleni kwekhulu le-19, la mabhuloki enziwa ngesandla, kodwa uBrunel wakwazi ukuzenzela ukukhiqizwa futhi waqala ukukhiqiza amabhlogo ajwayelekile esebenzisa amathuluzi omshini. Ukuzenzakalela kwale nqubo kwakusho ukuthi amabhulokhi avelayo ayefana ngokuyisisekelo, angashintshwa kalula uma ephukile, futhi angakhiqizwa ngobuningi.
Manje ake ucabange ukuthi ngabe uBrunel bekufanele enze lo msebenzi kumamodeli wemikhumbi angama-20 (izinguqulo ze-Kubernetes) kanye namaplanethi amahlanu ahlukene anemimoya yolwandle ehluke ngokuphelele (abahlinzeki bamafu). Ngaphezu kwalokho, kwakudingeka ukuthi yonke imikhumbi (amaqoqo e-OpenShift), kungakhathaliseki ukuthi amaplanethi okwenziwa kuwo ukuzulazula, ngokombono wabaphathi (abaqhubi abaphethe ukusebenza kwamaqoqo) baziphathe ngendlela efanayo. Ukuze uqhubeke nesifaniso sasolwandle, okaputeni bemikhumbi abanandaba nakancane ukuthi hlobo luni lwamabhulokhi okugoqa (CRI-O) asetshenziswa emikhunjini yabo - into esemqoka kubo ukuthi la mabhuloki aqinile futhi anokwethenjelwa.
I-OpenShift 4, njengengxenyekazi yamafu, ibhekene nenselelo yebhizinisi efana kakhulu. Amanodi amasha kufanele adalwe ngesikhathi sokudala iqoqo, uma kwenzeka iphutha kwenye yamanodi, noma lapho kulinganiswa iqoqo. Uma i-node entsha idaliwe futhi iqaliswa, izingxenye zokusingatha ezibalulekile, kuhlanganise ne-CRI-O, kufanele zimiswe ngokufanele. Njengakunoma yimuphi omunye umkhiqizo, "izinto zokusetshenziswa" kufanele zinikezwe ekuqaleni. Endabeni yemikhumbi, izinto zokusetshenziswa ziyinsimbi nokhuni. Nokho, esimweni sokudala umsingathi wokuphakela iziqukathi kuqoqo le-OpenShift 4, udinga ukuba namafayela okusetha namaseva ahlinzekwe nge-API njengokufaka. I-OpenShift izobe isihlinzeka ngezinga elidingekayo lokuzenzakalela kuwo wonke umjikelezo wempilo, inikeze ukusekela komkhiqizo okudingekayo kubasebenzisi bokugcina futhi ngaleyo ndlela ibuyise ukutshalwa kwezimali kunkundla.
I-OpenShift 4 idalwe ngendlela yokuthi inikeze ikhono lokubuyekeza uhlelo kalula kuwo wonke umjikelezo wempilo weplathifomu (ngezinguqulo ezingu-4.X) kubo bonke abahlinzeki abakhulu bekhompyutha yamafu, izinkundla zokuxhumana kanye nezinhlelo zensimbi ezingenalutho. Ukuze wenze lokhu, ama-node kufanele adalwe ngesisekelo sezinto eziguquguqukayo. Uma iqoqo lidinga inguqulo entsha ye-Kubernetes, liphinde lithole inguqulo ehambisanayo ye-CRI-O ku-CoreOS. Njengoba inguqulo ye-CRI-O iboshelwe ngokuqondile ku-Kubernetes, lokhu kwenza kube lula noma yiziphi izimvume zokuhlola, ukuxazulula izinkinga, noma izinjongo zokusekela. Ngaphezu kwalokho, le ndlela inciphisa izindleko kubasebenzisi bokugcina kanye ne-Red Hat.
Lena indlela entsha yokucabanga ngamaqoqo e-Kubernetes futhi ibeka isisekelo sokuhlela izici ezintsha eziwusizo neziphoqayo. I-CRI-O (I-Container Runtime Interface - I-Open Container Initiative, i-CRI-OCI efushanisiwe) ibe yisinqumo esiphumelele kakhulu ekwakhiweni kwenqwaba yama-node adingekayo ukuze kusebenze ne-OpenShift. I-CRI-O izongena esikhundleni senjini ye-Docker esetshenziswe ngaphambilini, enikeza abasebenzisi be-OpenShift - yebo, uzwe kahle - injini yesiqukathi eyisicefe edalelwe ukusebenza neKubernetes.
Umhlaba weziqukathi ezivulekile
Umhlaba usunesikhathi eside ubheke ezitsheni ezivulekile. Kungakhathaliseki ukuthi kuse-Kubernetes, noma emazingeni aphansi, imiphumela ku-ecosystem ye-innovation kuwo wonke amazinga.
Konke kwaqala ngokwakhiwa kwe-Open Containers Initiative . Kulesi sigaba sokuqala somsebenzi, kwakhiwa imininingwane yeziqukathi ΠΈ . Lokhu kwaqinisekisa ukuthi amathuluzi angasebenzisa izinga elilodwa kanye nefomethi ehlanganisiwe yokusebenza nabo. Imininingwane yengezwa kamuva , okuvumela abasebenzisi ukuthi babelane kalula .
Umphakathi wakwaKubernetes wabe usuthuthukisa indinganiso eyodwa yesixhumi esibonakalayo esixhumeka, esibizwa . Ngenxa yalokhu, abasebenzisi bakwaKubernetes bakwazile ukuxhuma izinjini ezahlukahlukene ukuze basebenze neziqukathi ngaphezu kwe-Docker.
Onjiniyela bakwa-Red Hat naku-Google babone isidingo semakethe senjini yesiqukathi engamukela izicelo ze-Kubelet ngephrothokholi ye-CRI futhi bethula iziqukathi ezihambisana nokucaciswa kwe-OCI okukhulunywe ngenhla. Ngakho . Kodwa ngiyaxolisa, asishongo yini ukuthi le nto izonikezelwa ku-CRI-O? Empeleni kunjalo, ngokukhululwa nje iphrojekthi yaqanjwa kabusha ngokuthi CRI-O.
U-fig. 1.
Ukuqamba okusha nge-CRI-O ne-CoreOS
Ngokwethulwa kweplatifomu ye-OpenShift 4, yashintshwa , esetshenziswa ngokuzenzakalelayo endaweni yesikhulumi, futhi i-Docker yathathelwa indawo yi-CRI-O, enikeza indawo engabizi kakhulu, ezinzile, elula futhi eyisicefe yokusebenzisa isiqukathi esikhula ngokuhambisana ne-Kubernetes. Lokhu kwenza kube lula kakhulu ukwesekwa kweqoqo nokumisa. Ukucushwa kwenjini yesiqukathi nomsingathi, kanye nabaphathi babo, kuba okuzenzakalelayo ngaphakathi kwe-OpenShift 4.
Linda, kunjani lokhu?
Kulungile, ngokufika kwe-OpenShift 4, asikho isidingo sokuxhuma kubasingathi ngabanye futhi ufake injini yesiqukathi, ulungise isitoreji, ulungiselele amaseva okusesha noma ulungiselele inethiwekhi. Iplathifomu ye-OpenShift 4 yenziwe kabusha ngokuphelele ukuze isetshenziswe hhayi kuphela ngokwemibandela yezinhlelo zokusebenza zabasebenzisi bokugcina, kodwa futhi ngokwemibandela yemisebenzi eyisisekelo yeleveli yenkundla efana nokukhipha izithombe, ukulungisa isistimu, noma ukufaka izibuyekezo.
I-Kubernetes ibilokhu ivumela abasebenzisi ukuthi baphathe izinhlelo zokusebenza ngokuchaza isimo esifiswayo nokusebenzisa , ukuqinisekisa ukuthi isimo sangempela sifana nesimo okuhlosiwe ngaso eduze ngangokunokwenzeka. Lokhu ivula amathuba amahle kuwo womabili umbono wokuthuthuka nokusebenza. Onjiniyela bangachaza isimo esidingekayo ngokuthi ku-opharetha ngendlela yefayela le-YAML noma le-JSON, bese u-opharetha angadala isibonelo esidingekayo sohlelo endaweni yokukhiqiza, futhi isimo sokusebenza salesi senzakalo sizohambisana ngokugcwele nesishiwo.
Ngokusebenzisa ama-Operators endaweni yesikhulumi, i-OpenShift 4 iletha le paradigm entsha (isebenzisa umqondo wesethi nesimo sangempela) kubaphathi be-RHEL CoreOS ne-CRI-O. Imisebenzi yokumisa nokuphatha izinguqulo zesistimu yokusebenza kanye nenjini yesiqukathi i-automatic kusetshenziswa lokho okubizwa ngokuthi . I-MCO iwenza ube lula kakhulu umsebenzi womlawuli weqoqo, ngokuyisisekelo izenzele ngokuzenzakalelayo izigaba zokugcina zokufakwa, kanye nemisebenzi elandelayo yangemva kokufaka (ukusebenza kosuku lwesibili). Konke lokhu kwenza i-OpenShift 4 ibe yinkundla yamafu yangempela. Sizongena kulokhu ngokuhamba kwesikhathi.
Iziqukathi ezigijimayo
Abasebenzisi bathole ithuba lokusebenzisa injini ye-CRI-O kuplathifomu ye-OpenShift kusukela kunguqulo 3.7 esimweni sokubuka kuqala kweTech futhi kusukela kunguqulo 3.9 esimweni Esitholakala Ngokujwayelekile (okwamanje siyasekelwa). Ngaphezu kwalokho, i-Red Hat isebenzisa kakhulu ku-OpenShift Online kusukela kunguqulo 3.10. Konke lokhu kuvumele ithimba elisebenza ku-CRI-O ukuthi lithole ulwazi olunzulu ngeziqukathi zokwethulwa ngobuningi kumaqoqo amakhulu e-Kubernetes. Ukuze uthole ukuqonda okuyisisekelo kokuthi uKubernetes usebenzisa kanjani i-CRI-O, ake sibheke lo mfanekiso olandelayo, obonisa ukuthi izakhiwo zisebenza kanjani.
Ilayisi. 2. Indlela iziqukathi ezisebenza ngayo kuqoqo le-Kubernetes
I-CRI-O yenza kube lula ukudalwa kwabasingathi besitsha esisha ngokuvumelanisa lonke izinga eliphezulu lapho kuqalwa amanodi amasha, nalapho ukhulula izinguqulo ezintsha zeplathifomu ye-OpenShift. Ukubuyekezwa kweplathifomu yonke kuvumela ukubuyekezwa/ukubuyiselwa emuva kokwenzekayo, futhi kuphinde kuvimbele ukugoqana kokuncika phakathi komgogodla wesiqukathi, injini yesiqukathi, ama-node (Kubelets) kanye ne-Kubernetes Master node. Ngokuphatha zonke izingxenye zenkundla, ngokulawula nokwenza inguqulo, kuhlale kunendlela ecacile esuka kusifunda A ukuya esifundazweni B. Lokhu kwenza inqubo yokubuyekeza ibe lula, kuthuthukisa ukuvikeleka, kuthuthukisa ukubika kokusebenza, futhi kusiza ukunciphisa izindleko zokubuyekeza nokufakwa kwezinguqulo ezintsha. .
Ibonisa amandla wezinto ezishintshayo
Njengoba kushiwo ngaphambili, ukusebenzisa i-Machine Config Operator ukuphatha umsingathi weziqukathi kanye nenjini yesiqukathi ku-OpenShift 4 inikeza izinga elisha lokuzenzakalelayo elalingenzeki ngaphambilini endaweni yesikhulumi se-Kubernetes. Ukuze sibonise izici ezintsha, sizobonisa ukuthi ungenza kanjani izinguquko kufayela le-crio.conf. Ukuze ugweme ukudideka ngamagama, zama ukugxila emiphumeleni.
Okokuqala, ake sakhe lokho okubizwa ngokuthi ukucushwa kwesikhathi sokusebenza kwesitsha - I-Container Runtime Config. Kucabange njengesisetshenziswa se-Kubernetes esimele ukucushwa kwe-CRI-O. Eqinisweni, inguqulo ekhethekile yento ebizwa nge-MachineConfig, okuyinoma yikuphi ukucushwa okuthunyelwa emshinini we-RHEL CoreOS njengengxenye yeqoqo le-OpenShift.
Lesi sisetshenziswa ngokwezifiso, esibizwa nge-ContainerRuntimeConfig, sadalelwa ukwenza kube lula kubalawuli beqoqo ukulungisa i-CRI-O. Leli thuluzi linamandla ngokwanele ukuthi lingasetshenziswa kuphela kumanodi athile kuye ngezilungiselelo ze-MachineConfigPool. Kucabange njengeqembu lemishini efeza injongo efanayo.
Qaphela imigqa emibili yokugcina esizoyishintsha kufayela /etc/crio/crio.conf. Le migqa emibili ifana kakhulu nelayini ekwifayela le-crio.conf, ithi:
vi ContainerRuntimeConfig.yaml
Isiphetho:
apiVersion: machineconfiguration.openshift.io/v1
kind: ContainerRuntimeConfig
metadata:
name: set-log-and-pid
spec:
machineConfigPoolSelector:
matchLabels:
debug-crio: config-log-and-pid
containerRuntimeConfig:
pidsLimit: 2048
logLevel: debug
Manje ake siphushe leli fayela kuqoqo le-Kubernetes futhi sihlole ukuthi lakhiwe ngempela yini. Sicela uqaphele ukuthi ukusebenza kuyafana ncamashi nanoma iyiphi enye insiza yakwa-Kubernetes:
oc create -f ContainerRuntimeConfig.yaml
oc get ContainerRuntimeConfig
Isiphetho:
NAME AGE
set-log-and-pid 22h
Uma sesidale i-ContainerRuntimeConfig, sidinga ukulungisa enye ye-MachineConfigPools ukuze ibonise ku-Kubernetes ukuthi sifuna ukusebenzisa lokhu kulungiselelwa eqenjini elithile lemishini ku-cluster. Kulokhu sizoshintsha i-MachineConfigPool yamanodi ayinhloko:
oc edit MachineConfigPool/master
Isiphetho (ukuze kucace, ingqikithi eyinhloko ishiywe):
...
metadata:
creationTimestamp: 2019-04-10T23:42:28Z
generation: 1
labels:
debug-crio: config-log-and-pid
operator.machineconfiguration.openshift.io/required-for-upgrade: ""
...
Kuleli qophelo, i-MCO iqala ukudala ifayela elisha le-crio.conf leqoqo. Kulokhu, ifayela lokucushwa eliqedwe ngokuphelele lingabukwa kusetshenziswa i-Kubernetes API. Khumbula, i-ContainerRuntimeConfig iyinguqulo ekhethekile ye-MachineConfig, ngakho-ke singabona umphumela ngokubheka imigqa efanele ku-MachineConfigs:
oc get MachineConfigs | grep rendered
Isiphetho:
rendered-master-c923f24f01a0e38c77a05acfd631910b 4.0.22-201904011459-dirty 2.2.0 16h
rendered-master-f722b027a98ac5b8e0b41d71e992f626 4.0.22-201904011459-dirty 2.2.0 4m
rendered-worker-9777325797fe7e74c3f2dd11d359bc62 4.0.22-201904011459-dirty 2.2.0 16h
Sicela uqaphele ukuthi ifayela eliwumphumela lokucushwa kwamanodi ayinhloko bekuyinguqulo entsha kuneyokuqala ukucupha. Ukuze uyibuke, sebenzisa umyalo olandelayo. Ngokuhamba kwesikhathi, siqaphela ukuthi lena mhlawumbe ingelinye lama-line-line amahle kakhulu emlandweni we-Kubernetes:
python3 -c "import sys, urllib.parse; print(urllib.parse.unquote(sys.argv[1]))" $(oc get MachineConfig/rendered-master-f722b027a98ac5b8e0b41d71e992f626 -o YAML | grep -B4 crio.conf | grep source | tail -n 1 | cut -d, -f2) | grep pid
Isiphetho:
pids_limit = 2048
Manje ake siqinisekise ukuthi ukucushwa kusetshenziswe kuwo wonke ama-master node. Okokuqala sithola uhlu lwama-node ku-cluster:
oc get node | grep master
Output:
ip-10-0-135-153.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
ip-10-0-154-0.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
ip-10-0-166-79.us-east-2.compute.internal Ready master 23h v1.12.4+509916ce1
Manje ake sibheke ifayela elifakiwe. Uzobona ukuthi ifayela libuyekeziwe ngamavelu amasha we-pid kanye neziqondiso zokususa iphutha esizicacisile kusisetshenziswa se-ContainerRuntimeConfig. I-Elegance ngokwayo:
oc debug node/ip-10-0-135-153.us-east-2.compute.internal β cat /host/etc/crio/crio.conf | egrep 'debug||pidβ
Isiphetho:
...
pids_limit = 2048
...
log_level = "debug"
...
Zonke lezi zinguquko kuqoqo zenziwe ngaphandle kokusebenzisa i-SSH. Wonke umsebenzi wenziwa ngokungena ku-Kuberentes master node. Okusho ukuthi, le mingcele emisha yayilungiselelwe kuphela kuma-master node. Amanodi ezisebenzi awazange ashintshe, okubonisa izinzuzo zendlela ye-Kubernetes yokusebenzisa izifunda ezishiwo nezingokoqobo ngokuphathelene nabasingathi beziqukathi nezinjini zeziqukathi ezinezakhi ezishintshayo.
Isibonelo esingenhla sibonisa amandla okwenza izinguquko kuqoqo elincane le-OpenShift Container Platform 4 elinama-node amathathu okukhiqiza noma iqoqo elikhulu lokukhiqiza elinama-node angu-3000. Kunoma ikuphi, inani lomsebenzi lizofana - futhi lincane kakhulu - mane ulungiselele ifayela le-ContainerRuntimeConfig, bese ushintsha ilebula eyodwa ku-MachineConfigPool. Futhi ungakwenza lokhu nganoma iyiphi inguqulo ye-OpenShift Container Platform 4.X esebenzisa i-Kubernetes kuwo wonke umjikelezo wayo wokuphila.
Ngokuvamile izinkampani zobuchwepheshe zishintsha ngokushesha kangangokuthi asikwazi ukuchaza ukuthi kungani sikhetha ubuchwepheshe obuthile bezingxenye eziyisisekelo. Izinjini zamabhokisi ngokomlando beziyingxenye abasebenzisi abasebenzisana nayo ngokuqondile. Njengoba ukuthandwa kweziqukathi ngokwemvelo kwaqala ngokufika kwezinjini zeziqukathi, abasebenzisi bavame ukukhombisa isithakazelo kuzo. Lesi esinye isizathu esenza ukuthi i-Red Hat ikhethe i-CRI-O. Iziqukathi ziyathuthuka ngokugxila manje ku-orchestration, futhi sithole ukuthi i-CRI-O inikeza umuzwa ongcono kakhulu lapho usebenza ne-OpenShift 4.
Source: www.habr.com