Kulobu busuku
Ulwazi olusetshenziselwe ukulungisa le nto ithathwe kuyo
Ake siqale ngesingeniso esibalulekile esivela ku-SIG cluster-lifecycle: amaqoqo e-failover ashukumisayo I-Kubernetes (noma ukunemba kakhudlwana, ukuthunyelwa kwe-HA okuzibambele yona) manje kubeadm
(init
и join
). Ngamafuphi, kulokhu:
- izitifiketi ezisetshenziswa iqoqo zidluliselwa ezimfihlo;
- ukuze kusetshenziswe iqoqo le- etcd ngaphakathi kweqoqo le-K8s (okungukuthi ukususa ukuncika okukhona ngaphambili kwangaphandle)
njlld-opharetha ; - Ibhala izilungiselelo ezinconyiwe zesilinganisi somthwalo wangaphandle esinikeza ukucushwa okubekezelela iphutha (esikhathini esizayo kuhlelwa ukususa lokhu kuncika, kodwa hhayi kulesi sigaba).
Ukwakhiwa kweqoqo le-Kubernetes HA elakhiwe nge-kubeadm
Imininingwane yokusetshenziswa ingatholakala ku
API
Ithimba apply
futhi ngokujwayelekile ukuphathwa kwento ememezelayo kubectl
ku-apiserver. Abathuthukisi ngokwabo bachaza kafushane isinqumo sabo ngokusho lokho kubectl apply
- ingxenye eyisisekelo yokusebenza nezilungiselelo ku-Kubernetes, nokho, "igcwele iziphazamisi futhi kunzima ukuyilungisa," ngakho-ke lokhu kusebenza kudinga ukubuyiselwa kokujwayelekile futhi kudluliselwe endizeni yokulawula. Izibonelo ezilula nezicacile zezinkinga ezikhona namuhla:
Imininingwane mayelana nokusetshenziswa ingaphakathi
Kwenziwe kutholakale kunguqulo ye-alpha kubectl
) yenza ukuqinisekiswa ohlangothini lwakho (ngaphakathi kubectl create
и kubectl apply
) futhi akhiphe imibhalo ngokohlelo (kubectl explain
). Imininingwane - ku
Amalogi avele akhona O_APPEND
(kodwa hhayi O_TRUNC
) ukugwema ukulahleka kwamalogi kwezinye izimo kanye nokwenza kube lula ukunqamula izingodo ngezinsiza zangaphandle ukuze zizungeziswe.
Futhi kumongo we-Kubernetes API, kungaphawulwa ukuthi ku PodSandbox
и PodSandboxStatus
runtime_handler
ukurekhoda ulwazi mayelana RuntimeClass
ku-pod (funda kabanzi ngakho embhalweni mayelana AdmissionReview
bayasekela. Ekugcineni, imithetho ye-Admission Webhooks isikhona manje
Isitoreji
PersistentLocalVolumes
subPath
subPathExpr
, manje esisetshenziselwa ukunquma igama lohla lwemibhalo olufunayo. Isici ekuqaleni savela ku-Kubernetes 1.11, kodwa ku-1.14 sahlala esimweni senguqulo ye-alpha.
Njengokukhishwa kwe-Kubernetes okwedlule, izinguquko eziningi ezibalulekile zethulwa i-CSI ethuthukayo (I-Container Storage Interface):
CSI
Itholakale (njengengxenye yenguqulo ye-alpha) ExpandCSIVolumes
, kanye nokuba khona kokusekelwa kwalo msebenzi kumshayeli othile we-CSI.
Esinye isici se-CSI enguqulweni ye-alpha - CSIInlineVolume
isango lesici.
Kubuye kube nenqubekelaphambili “kokwangaphakathi” kwe-Kubernetes ehlobene ne-CSI, engabonakali kangako kubasebenzisi bokugcina (abaphathi bohlelo) ... Okwamanje, abathuthukisi baphoqeleka ukuthi basekele izinguqulo ezimbili ze-plugin ngayinye yokugcina: eyodwa - “ku- indlela endala”, ngaphakathi kwe-codebase ye-K8s (in -tree), kanti eyesibili - njengengxenye ye-CSI entsha (funda kabanzi ngakho, isibonelo, ku
Konke lokhu kuholele ekutheni inguqulo ye-alpha ifinyelele
Ukwengeza, ukusekelwa kwamadivayisi wokuvimba nge-CSI (CSIBlockVolume
)
Nodes/Kubelet
Inguqulo ye-Alpha yethuliwe /metrics/resource/v1alpha1
. Isu lesikhathi eside lonjiniyela
I-nuance ethakazelisa kakhulu: naphezu kwenzuzo ecacile yokusebenza kwesiphetho se-gRPC uma kuqhathaniswa nezimo ezihlukahlukene zokusebenzisa ifomethi ye-Prometheus. (bona umphumela welinye lamabhentshimakhi angezansi), ababhali bakhetha ifomethi yombhalo we-Prometheus ngenxa yobuholi obucacile balolu hlelo lokuqapha emphakathini.
“I-gRPC ayihambisani namapayipi amakhulu okuqapha. I-Endpoint izoba usizo kuphela ekuletheni ama-metrics Kuseva Ye-Metrics noma izingxenye zokuqapha ezihlangana nayo ngokuqondile. Ukusebenza kwefomethi yombhalo we-Prometheus uma usebenzisa inqolobane Kuseva Ye-Metrics kuhle ngokwanele ukuze sikhethe i-Prometheus kune-gRPC uma kubhekwa ukwamukelwa okusabalele kwe-Prometheus emphakathini. Uma ifomethi ye-OpenMetrics isizinze kakhudlwana, sizokwazi ukusondela ekusebenzeni kwe-gRPC ngefomethi esekelwe ku-proto."
Olunye lokuhlolwa kokusebenza okuqhathaniswayo kokusebenzisa amafomethi e-gRPC ne-Prometheus endaweni yokugcina ye-Kubelet yamamethrikhi. Amagrafu engeziwe neminye imininingwane ingatholakala ku
Phakathi kwezinye izinguquko:
- Kubelet manje (kanye)
ezama ukuyeka iziqukathi ezisesimweni esingaziwa ngaphambi kokuqala kabusha nokususa imisebenzi. - Lapho usebenzisa
manje ku-container ye-initPodPresets
kungezwe ulwazi olufanayo nolwesitsha esijwayelekile. - kubelet
waqala ukusebenzisa usageNanoCores
kusukela kumhlinzeki wezibalo we-CRI, kanye namanodi neziqukathi ku-Windowskwengezwe izibalo zenethiwekhi. - Ulwazi lwesistimu yokusebenza nolwazi lwezakhiwo manje seluqoshwa kumalebula
kubernetes.io/os
иkubernetes.io/arch
Izinto ze-Node (zidluliselwe kusuka ku-beta kuya ku-GA). - Ikhono lokucacisa iqembu elithile labasebenzisi besistimu yeziqukathi ku-pod (
RunAsGroup
,avele phakathiI-K8s 1.11 )ethuthukisiwe ngaphambi kwe-beta (inikwe amandla ngokuzenzakalela). - du futhi uthole esetshenziswa ku-cAdvisor,
kufakwe esikhundleni ekusetshenzisweni kwe-Go.
CLI
Esikhathini se-cli-runtime kanye ne-kubectl
Isibonelo sokusetshenziswa kwefayela okulula
Ngaphezu kwalokho:
-
Kwengeziwe iqembu elishakubectl create cronjob
, ogama lakhe liyazikhulumela. - В
kubectl logs
manje usungakwazihlanganisa amafulege-f
(--follow
zokusakaza izingodo) kanye-l
(--selector
ngombuzo welebula). - kubctl
wafundisa kopisha amafayela akhethwe ngekhadi lasendle. - Eqenjini
kubectl wait
kwengezwe ifulege--all
ukukhetha zonke izinsiza endaweni yamagama yohlobo lwensiza olushiwo.
Okunye
Amakhono alandelayo athole isimo esizinzile (GA):
-
, esetshenziswa ekucacisweni kwe-pod ukuchaza izimo ezengeziwe ezicatshangelwe ekulungeni kwe-pod;ReadinessGate
- Ukusekelwa kwamakhasi amakhulu (isango lesici elibizwa ngokuthi
);HugePages
-
I-CustomPodDNS ; - I-PriorityClass API
I-Pod Priority & Preemption .
Ezinye izinguquko ezethulwe ku-Kubernetes 1.14:
- Inqubomgomo ye-RBAC ezenzakalelayo ayisakuvumeli ukufinyelela kwe-API
discovery
иaccess-review
abasebenzisi ngaphandle kokuqinisekisa (akuqinisekisiwe). - Usekelo olusemthethweni lwe-CoreDNS
enikeziwe I-Linux kuphela, ngakho-ke uma usebenzisa i-kubeadm ukuyiphakela (i-CoreDNS) kuqoqo, ama-node kufanele asebenze ku-Linux kuphela (ama-nodeSelectors asetshenziselwa lo mkhawulo). - Ukucushwa kwe-CoreDNS okuzenzakalelayo manje
isebenzisa phambili i-plugin esikhundleni se-proxy. Futhi, ku-CoreDNSkwengezwe ReadinessProbe, evimbela ukulinganisa komthwalo kumaphodi afanelekile (angakalungeli ukusetshenzelwa). - Ku-kubeadm, ngezigaba
init
nomaupload-certs
,kwenzeka layisha izitifiketi ezidingekayo ukuxhuma indiza yokulawula entsha kumfihlo ye-kubeadm-certs (sebenzisa ifulegi--experimental-upload-certs
). - Inguqulo ye-alpha ivele yokufakwa kwe-Windows
ukwesekwa I-gMSA (I-Akhawunti Yesevisi Ephethwe Ngeqembu) - ama-akhawunti akhethekile ku-Active Directory angasetshenziswa neziqukathi. - OkwaG.C.E.
yenziwe yasebenza Umbhalo wemfihlo we-mTLS phakathi kwe- etcd kanye ne-kube-apiserver. - Izibuyekezo kusofthiwe esetshenzisiwe/encike: Hamba 1.12.1, CSI 1.1, CoreDNS 1.3.1, Docker 18.09 ukwesekwa ku-kubeadm, kanye nenguqulo encane esekelwayo ye-Docker API manje isingu-1.26.
PS
Funda futhi kubhulogi yethu:
- «
I-Kubernetes 1.13: ukubuka konke okusha okuyinhloko "; - «
I-Kubernetes 1.12: ukubuka konke okusha okuyinhloko "; - «
I-Kubernetes 1.11: ukubuka konke okusha okuyinhloko "; - «
I-Kubernetes 1.10: ukubuka konke okusha okuyinhloko ".
Source: www.habr.com