I-ProHoster > Блог > Ukuphatha > I-Kubernetes 1.16: ukubuka konke okusha okuyinhloko

I-Kubernetes 1.16: ukubuka konke okusha okuyinhloko

I-Kubernetes 1.16: ukubuka konke okusha okuyinhloko

Namuhla, ngoLwesithathu, kuzokwenzeka ukukhishwa okulandelayo kwe-Kubernetes - 1.16. Ngokwesiko elenzelwe ibhulogi yethu, lesi yisikhathi sokugubha iminyaka eyishumi sikhuluma ngezinguquko ezibaluleke kakhulu enguqulweni entsha.

Ulwazi olusetshenziselwe ukulungisa le nto ithathwe kuyo Kubernetes izithuthukisi zokulandela amathebula, USHINTSHA-1.16 nezindaba ezihlobene, izicelo zokudonsa, kanye Neziphakamiso Zokuthuthukisa I-Kubernetes (KEP). Ngakho-ke, asihambe!..

Izinombolo

Inani elikhulu ngempela lezinto ezintsha eziqanjiwe (ngesimo senguqulo ye-alpha) zethulwa ohlangothini lwama-cluster nodes e-K8s (Kubelet).

Okokuqala, okuthiwa «iziqukathi ze-ephemeral» (Iziqukathi ze-Ephemeral), eklanyelwe ukwenza lula izinqubo zokususa iphutha kuma-pods. Indlela entsha ikuvumela ukuthi uqalise iziqukathi ezikhethekile eziqala endaweni yamagama yama-pods akhona futhi uphile isikhathi esifushane. Inhloso yabo ukusebenzisana namanye ama-pods neziqukathi ukuze kuxazululwe noma yiziphi izinkinga nokulungisa iphutha. Umyalo omusha usetshenziswe kulesi sici kubectl debug, okufana ncamashí ne kubectl exec: kuphela esikhundleni sokwenza inqubo esitsheni (njengaku exec) yethula isiqukathi ebhodweni. Isibonelo, lo myalo uzoxhuma isitsha esisha ku-pod:

kubectl debug -c debug-shell --image=debian target-pod -- bash

Imininingwane mayelana neziqukathi ze-ephemeral (kanye nezibonelo zokusetshenziswa kwazo) ingatholakala ku ehambisana ne-KEP. Ukuqaliswa kwamanje (ku-K8s 1.16) kuyinguqulo ye-alpha, futhi phakathi kwemibandela yokudluliselwa kwayo enguqulweni ye-beta “ukuhlola i-Ephemeral Containers API ukuze uthole okungenani ukukhishwa okungu-2 kwe-[Kubernetes].”

NB: Ngobunjalo bayo ngisho negama layo, isici sifana ne-plugin esivele ikhona kubectl-debugmayelana nathi vele ubhalile. Kulindeleke ukuthi ngokufika kweziqukathi ze-ephemeral, ukuthuthukiswa kwe-plugin yangaphandle ehlukile kuzophela.

Okunye okusha - PodOverhead - yakhelwe ukunikeza indlela yokubala izindleko eziphezulu zama-pods, ezingahluka kakhulu kuye ngesikhathi sokusebenza esisetshenzisiwe. Njengesibonelo, ababhali lokhu KEP umphumela kokuthi Iziqukathi ze-Kata, ezidinga ukusebenzisa i-kernel yesivakashi, i-ejenti ye-kata, isistimu ye-init, njll. Uma i-overhead iba nkulu kakhulu, angeke ishaywe indiva, okusho ukuthi kudingeka kube nendlela yokuyicabangela ukuze kuqhutshwe ama-quota, ukuhlela, njll. Ukukusebenzisa ku PodSpec inkambu yengeziwe Overhead *ResourceList (iqhathanisa nedatha ku RuntimeClass, uma isetshenziswa).

Enye innovation ephawulekayo umphathi we-node topology (Umphathi we-Node Topology), eklanyelwe ukuhlanganisa indlela yokulungisa kahle ukwabiwa kwezinsiza zehadiwe ezingxenyeni ezihlukahlukene ku-Kubernetes. Lesi sinyathelo siqhutshwa isidingo esikhulayo sezinhlelo ezihlukahlukene zesimanje (ezivela emkhakheni wezokuxhumana, ukufunda ngomshini, izinsizakalo zezezimali, njll.) zekhompuyutha esebenza kahle ehambisanayo kanye nokunciphisa ukubambezeleka kokwenziwa kwemisebenzi, lapho zisebenzisa i-CPU ethuthukisiwe kanye amakhono okusheshisa ihadiwe. Ukulungiswa okunjalo ku-Kubernetes kuze kube manje sekufinyelelwe ngenxa yezingxenye ezihlukene (umphathi we-CPU, imenenja yedivayisi, i-CNI), futhi manje zizokwengezwa isikhombimsebenzisi esisodwa sangaphakathi esihlanganisa indlela futhi senza lula ukuxhumana okufanayo okusha - okubizwa nge-topology- uyazi - izingxenye ohlangothini Kubelet. Imininingwane - ku ehambisana ne-KEP.

I-Kubernetes 1.16: ukubuka konke okusha okuyinhloko
Umdwebo Wengxenye Yesiphathi Se-Topology

Isici esilandelayo - ukuhlola iziqukathi ngenkathi zisebenza (uphenyo lokuqala). Njengoba nazi, eziqukathi ezithatha isikhathi eside ukwethulwa, kunzima ukuthola isimo sakamuva: kungenzeka “ziyabulawa” ngaphambi kokuba ziqale ukusebenza, noma zigcina zingasebenzi isikhathi eside. Ukuhlola okusha (kunikwe amandla ngesango lesici elibizwa StartupProbeEnabled) ikhansela - noma kunalokho, ihlehlisa - umphumela wanoma yikuphi okunye ukuhlola kuze kube yilapho i-pod iqeda ukusebenza. Ngenxa yalesi sizathu, isici ekuqaleni sabizwa i-pod-startup liveness-probe holdoff. Kuma-pods athatha isikhathi eside ukuthi aqale, ungavotela izwe ngezikhathi ezimfushane kakhulu.

Ngaphezu kwalokho, ukuthuthukiswa kwe-RuntimeClass kutholakala ngokushesha esimweni se-beta, okwengeza usekelo "lweqoqo elihlukile". C Ukuhlela i-RuntimeClass Manje akudingekile nhlobo ukuthi inodi ngayinye ibe nokusekelwa kwe-RuntimeClass ngayinye: kuma-pods ungakhetha i-RuntimeClass ngaphandle kokucabanga nge-topology yeqoqo. Ngaphambilini, ukuze kuzuzwe lokhu - ukuze ama-pods aphelele kuma-node ngokusekelwa kwakho konke abakudingayo - kwakudingeka ukunikeza imithetho efanelekile ku-NodeSelector nokubekezelela. IN I-CAP Ikhuluma ngezibonelo zokusetshenziswa futhi, yiqiniso, imininingwane yokuqaliswa.

Inethiwekhi

Izici ezimbili ezibalulekile zokuxhumana ezivele okokuqala (enguqulweni ye-alpha) ku-Kubernetes 1.16 yilezi:

  • ukweseka isitaki senethiwekhi esikabili - IPv4/IPv6 - kanye "nokuqonda" okuhambisanayo ezingeni lama-pods, ama-node, izinsizakalo. Ihlanganisa ukusebenzisana kwe-IPv4-to-IPv4 kanye ne-IPv6-kuya-IPv6 phakathi kwama-pods, kusukela kuma-pod kuya ezinsizeni zangaphandle, ukusetshenziswa kwereferensi (ngaphakathi kwe-Bridge CNI, PTP CNI kanye nama-plugin we-Host-Local IPAM), kanye nokuhlehla Iyahambisana namaqoqo e-Kubernetes asebenzayo. IPv4 noma IPv6 kuphela. Imininingwane yokusetshenziswa ingaphakathi I-CAP.

    Isibonelo sokubonisa amakheli e-IP ezinhlobo ezimbili (IPv4 ne-IPv6) ohlwini lwama-pods:

    kube-master# kubectl get pods -o wide
NAME               READY     STATUS    RESTARTS   AGE       IP                          NODE
nginx-controller   1/1       Running   0          20m       fd00:db8:1::2,192.168.1.3   kube-minion-1
kube-master#

  • I-API entsha ye-Endpoint - I-EndpointSlice API. Ixazulula izinkinga zokusebenza/ukuqina kwe-Endpoint API ekhona ethinta izingxenye ezahlukahlukene endizeni yokulawula (i-apiserver, njlld, isilawuli se-endpoints, kube-proxy). I-API entsha izokwengezwa eqenjini le-Discovery API futhi izokwazi ukuhlinzeka amashumi ezinkulungwane zama-backend endpoints kusevisi ngayinye kuqoqo elihlanganisa izinkulungwane zamanodi. Ukwenza lokhu, Isevisi ngayinye ifakwe kumephu yezinto ezingu-N EndpointSlice, ngayinye yazo ngokuzenzakalelayo ayinamaphoyinti okugcina angaphezu kuka-100 (inani liyalungiseka). I-EndpointSlice API izophinde inikeze amathuba okuthuthukiswa kwayo kwesikhathi esizayo: ukusekelwa kwamakheli amaningi e-IP ku-pod ngayinye, izifunda ezintsha zezindawo zokugcina (hhayi kuphela Ready и NotReady), isilungiselelo esingaphansi esiguqukayo samaphoyinti okugcina.

Owethulwe ekukhishweni kokugcina ufinyelele inguqulo ye-beta okokugcina, okuthiwa service.kubernetes.io/load-balancer-cleanup futhi inamathiselwe kusevisi ngayinye enohlobo LoadBalancer. Ngesikhathi sokususa isevisi enjalo, ivimbela ukususwa kwangempela kwensiza kuze kube yilapho "ukuhlanza" kwazo zonke izinsiza ezifanele zebhalansi kuqediwe.

Imishini ye-API

"Ingqophamlando yokuqinisa" isendaweni yeseva ye-Kubernetes API nokusebenzisana nayo. Lokhu kwenzeka kakhulu ngenxa ukudlulisela esimweni esizinzile labo abangadingi isingeniso esikhethekile CustomResourceDefinitions (CRD), ezibe nesimo se-beta kusukela ezinsukwini ezikude ze-Kubernetes 1.7 (futhi lona uJuni 2017!). Ukuzinza okufanayo kufike ezicini ezihlobene:

  • "imithombo engaphansi" nge /status и /scale kweCustomResources;
  • uguquko izinguqulo ze-CRD, ezisuselwe ku-webhook yangaphandle;
  • esanda kwethulwa (ku-K8s 1.15) amanani azenzakalelayo (okuzenzakalelayo) nokususwa kwensimu okuzenzakalelayo (ukuthena) kweCustomResources;
  • ithuba usebenzisa i-schema se-OpenAPI v3 ukuze udale futhi ushicilele amadokhumenti e-OpenAPI asetshenziselwa ukuqinisekisa izinsiza ze-CRD ohlangothini lweseva.

Enye indlela osekuyisikhathi eside ijwayelekile kubaphathi bakwaKubernetes: ukungena webhook - futhi yahlala isesimweni se-beta isikhathi eside (kusukela ku-K8s 1.9) futhi manje sekushiwo ukuthi izinzile.

Ezinye izici ezimbili zifinyelele ku-beta: sebenzisa uhlangothi lweseva и buka amabhukumaka.

Futhi okuwukuphela kokuqanjwa okubalulekile enguqulweni ye-alpha kwaba ukwehluleka kusukela SelfLink — i-URI ekhethekile emele into ethile nokuba yingxenye yayo ObjectMeta и ListMeta (okungukuthi, ingxenye yanoma iyiphi into ku-Kubernetes). Kungani beyilahla? Ukugqugquzela ngendlela elula imisindo njengokungabikho kwezizathu zangempela (ezinzima) zokuthi lo mkhakha usekhona. Izizathu ezengeziwe ezisemthethweni ziwukuthuthukisa ukusebenza kahle (ngokukhipha inkambu engadingekile) nokwenza lula umsebenzi we-generic-apiserver, ephoqeleka ukuthi iphathe inkambu enjalo ngendlela ekhethekile (lena ukuphela kwenkambu ebekwe ngaphambi kwento. i-serialized). Ukuphelelwa yisikhathi kwangempela (ngaphakathi kwe-beta) SelfLink kuzokwenzeka ngenguqulo ye-Kubernetes 1.20, futhi yokugcina - 1.21.

Isitoreji sedatha

Umsebenzi oyinhloko endaweni yokugcina, njengokukhishwa kwangaphambilini, uyabonwa endaweni Usekelo lwe-CSI. Izinguquko ezinkulu lapha kube:

  • ngokokuqala ngqa (ngenguqulo ye-alpha) kwavela Ukusekelwa kwe-plugin ye-CSI yamanodi ezisebenzi ze-Windows: indlela yamanje yokusebenza ngesitoreji izophinde ithathele indawo ama-plugin angaphakathi kwesihlahla ku-Kubernetes core kanye nama-plugin e-FlexVolume avela ku-Microsoft asekelwe ku-Powershell;

    I-Kubernetes 1.16: ukubuka konke okusha okuyinhloko
    Uhlelo lokuqalisa ama-plugin e-CSI ku-Kubernetes ye-Windows

  • ithuba ukushintsha usayizi wamavolumu e-CSI, eyethulwe emuva ku-K8s 1.12, isikhule yaba inguqulo ye-beta;
  • "Iphromoshini" efanayo (kusuka ku-alpha iye ku-beta) yafezwa ngokukwazi ukusebenzisa i-CSI ukuze kudaleke amavolumu e-ephemeral wendawo (I-CSI Inline Volume Support).

Kwethulwe enguqulweni yangaphambilini ye-Kubernetes umsebenzi we-volume cloning (usebenzisa i-PVC ekhona njenge DataSource ukudala i-PVC entsha) nayo manje isithole isimo se-beta.

Isihleli

Izinguquko ezimbili eziphawulekayo ekuhleleni (zombili ku-alpha):

  • EvenPodsSpreading - ithuba sebenzisa ama-pods esikhundleni samayunithi wohlelo lokusebenza anengqondo "ukusabalalisa okulungile" kwemithwalo (njenge-Deployment ne-ReplicaSet) kanye nokulungisa lokhu kusatshalaliswa (njengesidingo esinzima noma njengesimo esithambile, okungukuthi kuqala). Isici sizonweba amandla akhona okusabalalisa ama-pod ahleliwe, okwamanje anomkhawulo ngezinketho PodAffinity и PodAntiAffinity, enikeza abalawuli ukulawula okungcono kakhulu kulolu daba, okusho ukutholakala okungcono okuphezulu nokusetshenziswa okuthuthukisiwe kwensiza. Imininingwane - ku I-CAP.
  • Sebenzisa Inqubomgomo ye-BestFit в RequestedToCapacityRatio Priority Function ngesikhathi sokuhlela i-pod, okuzovumela faka isicelo ukupakisha emgqonyeni (“ukupakisha ezitsheni”) kuzo zombili izinsiza eziyisisekelo (iphrosesa, inkumbulo) kanye nezinwetshiwe (njenge-GPU). Ukuze uthole imininingwane eyengeziwe, bheka I-CAP.

    I-Kubernetes 1.16: ukubuka konke okusha okuyinhloko
    Ukuhlela ama-pods: ngaphambi kokusebenzisa inqubomgomo yokulingana okungcono kakhulu (ngokuqondile ngesihleli esimisiwe) kanye nokusetshenziswa kwayo (nge-scheduler extender)

Ngaphezu kwalokho, kwethulwe amandla okwenza awakho ama-plugin esihleli ngaphandle kwesihlahla esikhulu sokuthuthukisa i-Kubernetes (ngaphandle kwesihlahla).

Ezinye izinguquko

Futhi ekukhishweni kwe-Kubernetes 1.16 kungaphawulwa initiative for ukuletha amamethrikhi atholakalayo ngokulandelana okuphelele, noma ngokuqondile, ngokuvumelana imithethonqubo esemthethweni ku-K8s instrumentation. Bathembele kakhulu kokuhambisanayo Prometheus imibhalo. Ukungqubuzana kwavela ngenxa yezizathu ezihlukahlukene (isibonelo, amanye amamethrikhi avele adalwe ngaphambi kokuba kuvele imiyalelo yamanje), futhi abathuthukisi banquma ukuthi kwase kuyisikhathi sokuletha yonke into ezingeni elilodwa, “ngokuhambisana nayo yonke i-ecosystem ye-Prometheus.” Ukuqaliswa kwamanje kwalesi sinyathelo kusesimweni se-alpha, esizothuthukiswa kancane kancane ezinguqulweni ezilandelayo ze-Kubernetes ibe yi-beta (1.17) futhi zizinzile (1.18).

Ngaphezu kwalokho, izinguquko ezilandelayo zingaqashelwa:

  • Ukuthuthukiswa kosekelo lweWindows с ukubukeka Izinsiza ze-Kubeadm zale OS (inguqulo ye-alpha), ithuba RunAsUserName zeziqukathi zeWindows (inguqulo ye-alpha), ngcono I-Akhawunti Yesevisi Ephethwe Iqembu (gMSA) isekela kuze kufike enguqulweni ye-beta, ukusekela khweza/namathisela kumavolumu e-vSphere.
  • Kugaywe kabusha indlela yokucindezela idatha ezimpendulweni ze-API. Ngaphambilini, isihlungi se-HTTP sasisetshenziselwa lezi zinhloso, okwabeka inani lemikhawulo eyayisivimbela ukuthi sinikwe amandla ngokuzenzakalela. "Ukucindezelwa kwesicelo okusobala" manje kuyasebenza: ukuthumela amaklayenti Accept-Encoding: gzip kunhlokweni, bathola impendulo ecindezelwe ye-GZIP uma usayizi wayo udlula u-128 KB. Amaklayenti e-Go asekela ngokuzenzakalelayo ukucindezela (ukuthumela unhlokweni odingekayo), ngakho azobona ngokushesha ukuncipha kwethrafikhi. (Kungase kudingeke ukulungiswa okuncane kwezinye izilimi.)
  • Kwangenzeka ukukala i-HPA ukusuka/kuya kuziro kuma-metrics angaphandle. Uma ukala ngokusekelwe ezintweni/amamethrikhi angaphandle, lapho-ke umthwalo wokusebenza ungenzi lutho ungakwazi ukukala ngokuzenzakalelayo ufike kuma-replicas angu-0 ukuze ulondoloze izinsiza. Lesi sici kufanele sibe wusizo ikakhulukazi ezimeni lapho abasebenzi becela izinsiza ze-GPU, kanye nenani lezinhlobo ezahlukene zezisebenzi ezingenzi lutho lidlula inani lama-GPU atholakalayo.
  • Iklayenti elisha - k8s.io/client-go/metadata.Client — ukuze uthole ukufinyelela “okujwayelekile” ezintweni. Iklanyelwe ukuthola kalula imethadatha (okungukuthi isigatshana metadata) kusuka kuzinsiza zeqoqo futhi enze imisebenzi yokuqoqwa kukadoti kanye nesabelo-mali nazo.
  • Yakha i-Kubernetes manje usungakwazi ngaphandle kwefa (“eyakhelwe ngaphakathi” esihlahleni) abahlinzeki bamafu (inguqulo ye-alpha).
  • Kuhlelo lokusebenza lwe-kubeadm kwengezwe ikhono lokuhlola (inguqulo ye-alpha) lokusebenzisa amapeshi okwenza ngendlela oyifisayo ngesikhathi sokusebenza init, join и upgrade. Funda kabanzi mayelana nendlela yokusebenzisa ifulegi --experimental-kustomize, bheka ku I-CAP.
  • Isiphetho esisha se-apiserver - readyz, - ikuvumela ukuthi uthumele ulwazi mayelana nokulungela kwayo. Iseva ye-API nayo manje isinefulegi --maximum-startup-sequence-duration, okukuvumela ukuthi ulawule ukuqala kabusha kwayo.
  • Okubili izici ze-Azure kumenyezelwe ukuthi izinzile: ukwesekwa izindawo zokutholakala (Izindawo Ezitholakalayo) kanye cross resource group (RG). Ngaphezu kwalokho, i-Azure yengeze:
    • ukwesekwa kobuqiniso I-AAD ne-ADFS;
    • isichasiselo service.beta.kubernetes.io/azure-pip-name ukucacisa i-IP yomphakathi yesilinganisi somthwalo;
    • ithuba izilungiselelo LoadBalancerName и LoadBalancerResourceGroup.
  • I-AWS manje isinayo ukwesekwa ye-EBS ku-Windows kanye yenziwe kahle Izingcingo ze-EC2 API DescribeInstances.
  • I-Kubeadm manje isizimele iyafuduka Ukucushwa kwe-CoreDNS lapho uthuthukisa inguqulo ye-CoreDNS.
  • Kanambambili njll esithombeni esihambisanayo se-Docker kwenziwe i-world-executable, ekuvumela ukuthi usebenzise lesi sithombe ngaphandle kwesidingo samalungelo empande. Futhi, njlld isithombe sokuthutha wema etcd2 version ukwesekwa.
  • В I-Cluster Autoscaler 1.16.0 ishintshelwe ekusebenziseni i-distroless njengesithombe esiyisisekelo, ukusebenza okuthuthukisiwe, yengeza abahlinzeki bamafu abasha (DigitalOcean, Magnum, Packet).
  • Izibuyekezo kusofthiwe esetshenzisiwe/encike: Hamba 1.12.9, njlld 3.3.15, CoreDNS 1.6.2.

PS

Funda futhi kubhulogi yethu:

Source: www.habr.com

Engeza amazwana