Kunezincwadi eziningi zokubhekisela ku-inthanethi, kodwa ngezinye izikhathi iseluleko esilula sibaluleke kakhulu. Ithimba kuhunyushwe , umlobi wesihloko owaqoqa ngemva konyaka esebenza noKubernetes. Amathiphu awahlelwa ngokubaluleka, kodwa sicabanga ukuthi wonke umuntu uzothola okuthile okuwusizo kuye.
Umyalo olula kakhulu wokusebenza noKubernetes
Okokuqala, mhlawumbe isenzo esilula nesiwusizo kakhulu ekusebenzeni noKubernetes. Umyalo olandelayo unika amandla ukuqedwa komyalo kubectl ku-bash shell:
echo "source <(kubectl completion bash)" >> ~/.bashrc
Ukuqedela okuzenzakalelayo kubectl izobhalwa kufayela elithi .bashrc futhi izosebenza ngokuzenzakalelayo njalo uma igobolondo liqaliswa. Lokhu kusheshisa ukuthayipha imiyalo emide namapharamitha afana all-namespaces. Funda okungakumbi ngo- .
Inkumbulo ezenzakalelayo nemikhawulo ye-CPU endaweni yamagama
Uma uhlelo lokusebenza lubhalwe ngokungalungile, isibonelo, luvula uxhumano olusha ku-database njalo ngomzuzwana kodwa lungalokothi luvale, khona-ke iqoqo linokuvuza kwememori. Futhi uma uhlelo lokusebenza lungenawo umkhawulo wememori obekiwe ngesikhathi sokuthunyelwa, lokhu kungaholela ekuhlulekeni kwenodi.
Ukuze uvimbele lokhu, i-Kubernetes ikuvumela ukuthi usethe imikhawulo ezenzakalelayo endaweni yegama ngalinye. Abhalwe kufayela le-yaml endaweni ethile yamagama. Nasi isibonelo sefayela elinjalo:
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
spec:
limits:
- default:
memory: 512Mi
defaultRequest:
memory: 256Mi
type: Container
Dala i-yaml enjalo futhi usebenzise kunoma iyiphi indawo yamagama. Isibonelo, endaweni yamagama limit-example. Manje noma yisiphi isiqukathi esisetshenziswe kulesi siqukathi sizoba nomkhawulo ongu-512Mi, ngaphandle kwalapho kubekwe omunye umkhawulo ngamunye kulesi siqukathi.
Ukuqoqwa kukadoti ezinguqulweni ezindala ze-Kubernetes
I-Kubelet ngokuzenzakalelayo iqala ukuqoqwa kukadoti lapho var/lib/docker ithatha u-90% wesikhala sediski esitholakalayo. Lokhu kuhle, nokho, kuze kube yilapho i-Kubernetes 1.7 ingekho umkhawulo ozenzakalelayo enanini lama-inode asetshenzisiwe, ahambisana nenani lamafayela ohlelweni lwefayela.
Ngokunokwenzeka isiqukathi sakho var/lib/docker ingasebenzisa kuphela i-50% yesikhala sediski, kodwa ingase iphele ama-inode, okuzodala izinkinga kubasebenzi.
Ezinguqulweni ezindala ze-kubelet kusuka ku-1.4 kuye ku-1.6 kuzodingeka wengeze leli fulegi:
--eviction-hard
=memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%
Ezinguqulweni ezingu-1.7 nakamuva leli fulegi lisethwa ngokuzenzakalelayo. Kodwa-ke, izinguqulo zangaphambilini aziqapheli umkhawulo we-inode.
I-Minikube... i-Kubernetes yasendaweni encane kodwa enamandla
I-Minikube iyindlela elula yokusebenzisa iqoqo le-Kubernetes lasendaweni. Yethulwa ngomyalo olula:
minikube start
Ukusebenzisa lo myalo kubangela iqoqo langempela le-Kubernetes elisebenza emshinini wakho.
Iqhinga liwukuthi ulwakha kanjani uhlelo lokusebenza futhi uluqhube endaweni kulelo qoqo. Ngaphandle kokuthi kuyalelwe ngokuqondile, isithombe se-Docker sizokwakhiwa kukhompyutha yakho hhayi kuqoqo.
Ukuphoqa i-Docker ukuthi iphushele isithombe kuqoqo le-Kubernetes lendawo, umshini we-docker unikezwa umyalo olandelayo:
eval $(minikube docker-env)
Manje sesingakha izinhlelo zokusebenza kuqoqo lendawo le-Kubernetes.
Unganiki i-kubectl ukufinyelela kuwo wonke umuntu
Lokhu kubonakala kusobala, kodwa uma amaqembu amaningi esebenzisa iqoqo elifanayo ezinhlelweni zawo (okuyikho i-Kubernetes eyadalelwa yona), akufanele nje unikeze wonke umuntu. kubectl. Kungcono ukuhlukanisa imiyalo, ukwabela ngayinye indawo yayo yegama futhi ukhawulele ukufinyelela usebenzisa izinqubomgomo ze-RBAC.
Ungadideka ngokunikeza amalungelo okufinyelela, ukufunda, ukudala, ukususa nokunye ukusebenza kwe-pod ngayinye. Kodwa into eyinhloko ukukhawulela ukufinyelela ezimfihlo, ukuvumela kuphela kubaphathi. Ngale ndlela sizohlukanisa phakathi kwalabo abakwazi ukuphatha iqoqo nalabo abangavele bathumele kulo.
Phatha Izabelomali ZePod
Ungaqinisekisa kanjani ukuthi asikho isikhathi sokuphumula sohlelo lokusebenza kuqoqo le-Kubernetes? I-PodDisruptionBudget kanye ne-PodDisruptionBudget.
Amaqoqo abuyekezwa ngezikhathi ezithile futhi amanodi ayakhishwa. Akukho okumile, lokho yiqiniso. Konke ukuthunyelwa okunezimo ezingaphezu kwesisodwa kufanele kufake i-PDB (PodDisruptionBudget). Idalwe kufayela le-yaml elilula elisetshenziswa kuqoqo. Indawo ekhavayo ye-PDB ethile inqunywa ngabakhethi zelebula.
Qaphela: Isabelomali se-PDB sibhekwa kuphela uma ukwephulwa kwesabelomali kubuyiselwa emuva (). Ezimweni ezifana nokuhluleka kwehadiwe, i-PDB ngeke isebenze.
Isibonelo se-PDB:
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: app-a-pdb
spec:
minAvailable: 2
selector:
matchLabels:
app: app-a
Imingcele emibili eyinhloko yi matchLabels и minAvailable. Ipharamitha yokuqala icacisa ukuthi yiziphi izinhlelo zokusebenza isabelomali esisebenza kuzo. Isibonelo, uma nginokuthunyelwa okunamalebula app: app-a и app: app-b, bese le PDB izosebenza kweyokuqala kuphela.
Ipharamitha minAvailable kucatshangelwe lapho kuthululwa (ukuhlanza) indawo. Isibonelo, esibonelweni sethu, ngesikhathi sokuthulula, zonke izimo ziyaxoshwa app: app-a, ngaphandle kwababili.
Lokhu kukuvumela ukuthi ulawule ukuthi zingaki izimo zohlelo lokusebenza okufanele zisebenze nganoma yisiphi isikhathi.
Isicelo ukuqapha impilo
Ukuqapha okunjalo kungenzeka ngezindlela ezimbili: ukusebenzisa ukuhlolwa kokulungela noma i-Liveness.
Uphenyo lokuqala (ukulungela) lunquma ukulungela kwesiqukathi ukuthola ithrafikhi.
Owesibili (ukuphila) kukhombisa ukuthi isiqukathi siphilile noma sidinga ukuqaliswa kabusha.
Izilungiselelo ezifanele zimane zengezwe ku-yaml ukuze zisetshenziswe. Lapho ungacacisa izikhathi zokuvala, izikhathi zokulibaziseka kanye nenani lokuqulwa kabusha. Bona imininingwane eyengeziwe ngabo .
Omaka bakhona yonke indawo
Amalebula angomunye wemiqondo eyisisekelo ku-Kubernetes. Bavumela izinto ukuthi zixhumane ngokukhululekile, kanye nokudala imibuzo esekelwe kumalebula. Ku-Kubernetes, ungaya ngisho kuklayenti futhi ubuke imicimbi ukuze uthole omaka abathile.
Ungenza cishe noma yini ngamathegi, kodwa isibonelo esihle kungaba ukudala izindawo eziningi ukuze uqhube izinhlelo kuqoqo elifanayo.
Ake sithi usebenzisa iqoqo elifanayo dev и qa. Lokhu kusho ukuthi ungaba nohlelo lokusebenza app-a, ngesikhathi esisodwa kuzo zombili izindawo qa и dev. Kulokhu, singakwazi ukufinyelela ngokwehlukana isenzakalo sohlelo endaweni ethile ngokucacisa ipharamitha efanelekile environment... Ngokwesibonelo, app: app-a и environment: dev endaweni eyodwa, futhi app: app-a и environment: qa okwesibili.
Lokhu kukuvumela ukuthi ufinyelele kuzo zombili izimo zohlelo lokusebenza, isibonelo, ukwenza ukuhlola kanyekanye.
Hlela
I-Kubernetes iwuhlelo olunamandla kakhulu, kodwa noma yiluphi uhlelo lungagcina luboshwe ngezinqubo eziningi kakhulu. I-Kubelet iqhuba zonke izinqubo futhi ihlola ozicacisayo, kanye nezayo.
Impela, isevisi eyodwa yezintandane ngeke ibambezele uhlelo, futhi i-Kubernetes yakhelwe ukukala isuka phansi iye phezulu. Kodwa uma esikhundleni senkonzo eyodwa kuvela isigidi, i-kubelet iqala ukuminyanisa.
Uma ngesizathu esithile ususa ukuthunyelwa (isitsha, isithombe, noma yini), vele uqiniseke ukuthi wenza ukuhlanza okuphelele.
Hlanganani Go
Sigcine iseluleko esikhulu okokugcina. Funda ulimi lokuhlela lwe-Go.
I-Kubernetes ithuthukiswe ku-Go, zonke izandiso zibhalwa kokuthi Go, futhi umtapo wezincwadi weklayenti le-client-go nawo usekelwa ngokusemthethweni.
Ingasetshenziselwa izinto ezahlukene futhi ezithakazelisayo. Isibonelo, ukwandisa uhlelo lwe-Kubernetes ngendlela othanda ngayo. Ngakho-ke, ungasebenzisa izinhlelo zakho ukuqoqa idatha, ukuphakela izinhlelo zokusebenza, noma ukumane uhlanze iziqukathi.
Ukufunda ulimi lohlelo lwe-Go kanye nokwenza kahle iklayenti-go mhlawumbe iseluleko esibaluleke kakhulu ongasinikeza abasebenzisi abasha be-Kubernetes.
Yini enye ongayifunda:
- .
- ?
- .
Source: www.habr.com