Imikhuba Engcono Kakhulu Nemikhuba Engcono Kakhulu Yokusebenzisa Iziqukathi Ne-Kubernetes Ezindaweni Zokukhiqiza

I-ecosystem yobuchwepheshe bokufaka iziqukathi ishintsha ngokushesha futhi iyashintsha, ngakho-ke kukhona ukuntuleka kwezindlela zokusebenza ezinhle kule ndawo. Kodwa-ke, i-Kubernetes neziqukathi zisetshenziswa ngokwandayo, kokubili ukwenza izinhlelo zokusebenza zefa zibe zesimanje kanye nokuthuthukisa izinhlelo zokusebenza zamafu zesimanje. 

Ithimba I-Kubernetes aaS evela ku-Mail.ru izibikezelo eziqoqiwe, izeluleko nezindlela ezinhle kakhulu zabaholi bemakethe abavela ku-Gartner, 451 Research, StacxRoх nabanye. Azokwenza futhi asheshise ukuthunyelwa kweziqukathi ezindaweni zokukhiqiza.

Ungazi Kanjani Uma Inkampani Yakho Isikulungele Ukuthumela Iziqukathi Endaweni Yokukhiqiza

Ngokusho kukaGartner, ngo-2022, izinhlangano ezingaphezu kuka-75% zizosebenzisa izinhlelo zokusebenza ezifakiwe ekukhiqizeni. Lokhu kungaphezulu kakhulu kunamanje, lapho izinkampani ezingaphansi kwama-30% ezisebenzisa lezi zicelo. 

Ngokusho 451 UcwaningoImakethe ehlongozwayo yezicelo zobuchwepheshe beziqukathi ngo-2022 izoba ngama-dollar ayizigidi eziyizinkulungwane ezingama-4,3. Lokhu kungaphezu kokuphindwe kabili kwenani elihlongozwayo ngo-2019, ngezinga lokukhula kwemakethe lama-30%.

В Inhlolovo ye-Portworx ne-Aqua Security U-87% wabaphenduli uthe njengamanje usebenzisa ubuchwepheshe bamakhonteyna. Uma kuqhathaniswa, ngo-2017 kwakukhona i-55% yabaphenduli abanjalo. 

Ngaphandle kwentshisekelo ekhulayo nokwamukelwa kweziqukathi, ukuzifaka ekukhiqizeni kudinga ijika lokufunda ngenxa yokungavuthwa kwezobuchwepheshe kanye nokuntula ulwazi. Izinhlangano kufanele zibe namaqiniso mayelana nezinqubo zebhizinisi ezidinga ukufaka isicelo. Abaholi be-IT kufanele bahlole ukuthi banalo yini ikhono lokuqhubekela phambili nesidingo sokufunda ngokushesha. 

Ochwepheshe beGartner Sicabanga ukuthi imibuzo esesithombeni esingezansi izokusiza ukuthi unqume ukuthi usukulungele yini ukusebenzisa iziqukathi ekukhiqizeni:

Amaphutha ajwayelekile uma usebenzisa iziqukathi ekukhiqizeni

Izinhlangano zivame ukuwubukela phansi umzamo odingekayo ukuze kusetshenziswe iziqukathi ekukhiqizeni. UGartner wathola Amanye amaphutha ajwayelekile ezimeni zekhasimende lapho kusetshenziswa iziqukathi ezindaweni zokukhiqiza:

Uzigcina kanjani iziqukathi zivikelekile

Ukuphepha akukwazi ukubhekwana nakho “kamuva”. Kumele yakhelwe kunqubo ye-DevOps, yingakho kukhona ngisho negama elikhethekile - i-DevSecOps. Izinhlangano kumele zihlele ukuvikela indawo yakho yesitsha kuwo wonke umjikelezo wokuphila wokuthuthukisa, ohlanganisa inqubo yokwakha nokuthuthukiswa, ukuthunyelwa nokwethulwa kohlelo lokusebenza.

Izincomo ezivela ku-Gartner: 

1. Hlanganisa inqubo yokuskena izithombe zohlelo lokusebenza ukuze uthole ubungozi epayipini lakho lokuhlanganisa/ukulethwa okuqhubekayo (CI/CD). Izicelo ziskenwa ekwakhiweni kwesoftware nasezigabeni zokuqalisa. Gcizelela isidingo sokuskena nokuhlonza izingxenye zomthombo ovulekile, imitapo yolwazi, nezinhlaka. Onjiniyela abasebenzisa izinguqulo ezindala, ezisengozini ingenye yezimbangela eziyinhloko zobungozi beziqukathi.
2. Thuthukisa ukumisa kwakho nge-Center for Internet Security tests (CIS), ezitholakala kuzo zombili i-Docker ne-Kubernetes.
3. Qiniseka ukuthi usebenzisa izilawuli zokufinyelela, uqinisekise ukuhlukaniswa kwemisebenzi, futhi usebenzise inqubomgomo yokuphatha izimfihlo. Ulwazi olubucayi, olufana nokhiye be-Secure Sockets Layer (SSL) noma imininingwane yesizindalwazi, ibethelwa i-orchestrator noma izinsizakalo zokuphatha zezinkampani zangaphandle futhi zivezwe ngesikhathi sokusebenza.
4. Gwema iziqukathi eziphakeme ngokuphatha izinqubomgomo zokuphepha ukuze unciphise izingozi ezingaba khona zokuphulwa komthetho.
5. Sebenzisa amathuluzi okuvikela anikeza ukugunyazwa, ukuqapha ukuziphatha, nokutholwa okudidayo ukuze uvimbele umsebenzi onobungozi.

Izincomo ezivela ku-StacxRox:

1. Sebenzisa amandla akhelwe ngaphakathi e-Kubernetes. Setha ukufinyelela kwabasebenzisi usebenzisa izindima. Qiniseka ukuthi awunikezi izimvume ezingadingekile emabhizinisini angawodwana, nakuba kungase kuthathe isikhathi ukucabanga ngezimvume ezincane ezidingekayo. Kungase kulingeke ukunikeza umlawuli weqoqo amalungelo abanzi njengoba lokhu konga isikhathi ekuqaleni. Nokho, noma yikuphi ukuyekethisa noma amaphutha ku-akhawunti kungaholela emiphumeleni elimazayo ngokuhamba kwesikhathi. 
2. Gwema izimvume zokufinyelela eziyimpinda. Kungase kube usizo ngezinye izikhathi ukuba nezindima ezihlukene ezigqagqene, kodwa lokhu kungaholela ezinkingeni zokusebenza futhi kudale nezindawo eziyimpumputhe lapho kususwa izimvume. Kubalulekile futhi ukususa izindima ezingasetshenzisiwe nezingasebenzi.
3. Setha izinqubomgomo zenethiwekhi: hlukanisa amamojula ukuze ukhawulele ukufinyelela kuwo; vumela ngokucacile ukufinyelela kwe-inthanethi kulawo mamojula awadingayo usebenzisa omaka; Vumela ngokusobala ukuxhumana phakathi kwalawo mamojuli adinga ukuxhumana namanye. 

Ungahlela kanjani ukuqashwa kweziqukathi kanye nezinsizakalo ezikuzo

Ukuphepha Nokuqapha - izinkinga ezinkulu zezinkampani lapho kuthunyelwa amaqoqo e-Kubernetes. Onjiniyela bahlale begxile kakhulu kuzici zezinhlelo zokusebenza abazithuthukisayo kunezici ukuqapha lezi zinhlelo zokusebenza. 

Izincomo ezivela ku-Gartner:

1. Zama ukuqapha isimo seziqukathi noma izinsizakalo ezikuzo ngokuhambisana nokuqapha amasistimu okusingatha.
2. Bheka abathengisi namathuluzi anokuhlanganiswa okujulile ku-orchestration yesiqukathi, ikakhulukazi i-Kubernetes.
3. Khetha amathuluzi anikeza ukuloga okunemininingwane, ukutholwa kwesevisi okuzenzakalelayo, nezincomo zesikhathi sangempela usebenzisa izibalo kanye/noma ukufunda komshini.

Ibhulogi yeSolarWinds iyeluleka:

1. Sebenzisa amathuluzi ukuze uthole futhi ulandelele ngokuzenzakalelayo amamethrikhi esiqukathi, amamethrikhi okusebenza ahlobanisa njenge-CPU, inkumbulo, nesikhathi.
2. Qinisekisa ukuhlelwa komthamo okuphelele ngokubikezela izinsuku zokuqedwa kwamandla ngokusekelwe kumamethrikhi okuqapha esiqukathi.
3. Gada izinhlelo zokusebenza ezifakwe esitsheni ngokutholakala nokusebenza, ziwusizo kukho kokubili ukuhlelwa kwamandla kanye nezinkinga zokusebenza zokuxazulula izinkinga.
4. Yenza ngokuzenzakalela ukugeleza komsebenzi ngokunikeza ukwesekwa kokuphatha nokukala kweziqukathi kanye nezindawo zazo zokubamba.
5. Ukulawula ukufinyelela ngokuzenzakalela ukuze kuqashwe isisekelo somsebenzisi wakho, ukukhubaza ama-akhawunti angasebenzi kanye nezihambeli, futhi ususe amalungelo angadingekile.
6. Qinisekisa ukuthi isethi yakho yamathuluzi ingaqapha lezi ziqukathi nezinhlelo zokusebenza ezindaweni eziningi (ifu, endaweni, noma ingxubevange) ukuze ubone ngeso lengqondo nokusebenza kwebhentshimakhi kuyo yonke ingqalasizinda, inethiwekhi, amasistimu, nezinhlelo zokusebenza.

Indlela yokugcina idatha futhi uqinisekise ukuphepha kwayo

Ngokukhula kweziqukathi zezisebenzi ezisezingeni eliphezulu, amaklayenti adinga ukucabangela ukuba khona kwedatha ngaphandle komsingathi kanye nesidingo sokuvikela leyo datha. 

Ngokusho Inhlolovo ye-Portworx ne-Aqua Security, ukuvikeleka kwedatha kubeka phezulu ohlwini lokukhathazeka ngokuvikeleka okukhulunywe ngakho iningi labaphenduli (61%). 

Ukubethelwa kwedatha kuyisu eliyinhloko lokuvikela (64%), kodwa abaphendulayo futhi basebenzisa ukuqapha kwesikhathi sokusebenza

(49%), ukuskena okubhaliswa ukuze kutholakale ubungozi (49%), ukuskena ubungozi kumapayipi e-CI/CD (49%), kanye nokuvimbela okudidayo ngokuvikela isikhathi sokusebenza (48%).

Izincomo ezivela ku-Gartner:

1. Khetha izixazululo zesitoreji ezakhelwe phezu kwezimiso microservice architecture. Kungcono ukugxila kulezo ezihlangabezana nezidingo zokugcinwa kwedatha yezinsizakalo zeziqukathi, ezizimele zehadiwe, ziqhutshwa i-API, zinezakhiwo ezisabalalisiwe, zisekela ukuthunyelwa kwendawo kanye nokuthunyelwa efwini lomphakathi.
2. Gwema ama-plugin obunikazi nezixhumi ezibonakalayo. Khetha abathengisi abahlinzeka ngokuhlanganiswa kwe-Kubernetes kanye nokusekelwa kokuxhumana okujwayelekile okufana ne-CSI (I-Container Storage Interfaces).

Ungasebenza kanjani ngamanethiwekhi

Imodeli yenethiwekhi yebhizinisi evamile, lapho amaqembu e-IT enza khona ukuthuthukiswa kwenethiwekhi, ukuhlola, ukuqinisekiswa kwekhwalithi, nezimo zokukhiqiza zephrojekthi ngayinye, ayihlali ihambisana kahle nokugeleza komsebenzi wokuthuthukiswa okuqhubekayo. Ngaphezu kwalokho, amanethiwekhi esiqukathi ahlanganisa izendlalelo eziningi.

В ibhulogi Magalix iqoqiwe imithetho esezingeni eliphezulu ukuqaliswa kwesisombululo senethiwekhi yeqoqo okumele kuthotshelwe:

1. Amaphodi ahlelwe endaweni efanayo kufanele akwazi ukuxhumana namanye ama-pod ngaphandle kokusebenzisa i-NAT (I-Network Address Translation).
2. Wonke ama-daemon esistimu (izinqubo zangemuva ezifana ne-kubelet) asebenza endaweni ethile angaxhumana nama-pods asebenza endaweni efanayo.
3. Ama-pods asetshenziswa inethiwekhi yokusingatha, kufanele ikwazi ukuxhumana nawo wonke amanye ama-pods kuwo wonke amanye ama-node ngaphandle kokusebenzisa i-NAT. Sicela uqaphele ukuthi inethiwekhi yosokhaya isekelwa kuphela kubasingathi be-Linux.

Izisombululo zenethiwekhi kufanele zihlanganiswe ngokuqinile nezakudala nezinqubomgomo ze-Kubernetes. Abaholi be-IT kufanele balwele izinga eliphezulu lokuzenzakalela kwenethiwekhi futhi banikeze abathuthukisi ngamathuluzi afanele kanye nokuvumelana nezimo okwanele.

Izincomo ezivela ku-Gartner:

1. Thola ukuthi i-CaaS yakho (isitsha njengesevisi) noma i-SDN (Inethiwekhi Ecacisiwe Yesofthiwe) iyawasekela yini amanethiwekhi e-Kubernetes. Uma kungenjalo noma usekelo lunganele, sebenzisa inethiwekhi ye-CNI (Container Network Interface) yeziqukathi zakho, esekela ukusebenza okudingekayo nezinqubomgomo.
2. Qiniseka ukuthi i-CaaS noma i-PaaS yakho (inkundla njengesevisi) isekela ukudalwa kwezilawuli ezingenayo kanye/noma izilinganisi zokulayisha ezisabalalisa ithrafikhi engenayo phakathi kwamanodi eqoqo. Uma lokhu kungeyona inketho, hlola usebenzisa ama-proxi ezinkampani zangaphandle noma ama-meshes wesevisi.
3. Qeqesha onjiniyela benethiwekhi yakho kumanethiwekhi e-Linux namathuluzi enethiwekhi ezishintshayo ukuze unciphise igebe lamakhono futhi ukhuphule ukusebenza kahle.

Uwuphatha kanjani umjikelezo wempilo wohlelo lokusebenza

Ngokulethwa kohlelo lokusebenza okuzenzakalelayo nokungenazihibe, udinga ukuhambisana ne-orchestration yesiqukathi namanye amathuluzi ezishintshayo, njengengqalasizinda njengemikhiqizo yekhodi (IaC). Lezi zihlanganisa Chef, Puppet, Ansible kanye Terraform. 

Amathuluzi okuzenzakalelayo okwakha kanye nokukhipha izinhlelo zokusebenza nawo ayadingeka (bona “I-Magic Quadrant Ye-Orchestration Yokukhishwa Kwesicelo"). Iziqukathi ziphinde zinikeze amandla okunwebeka afana nalawo atholakalayo lapho kuthunyelwa imishini ebonakalayo (ama-VM). Ngakho-ke, abaholi be-IT kufanele babe amathuluzi okuphatha umjikelezo wokuphila kwesitsha.

Izincomo ezivela ku-Gartner:

1. Setha izindinganiso zezithombe zesiqukathi esisekelwe kusayizi, ukugunyazwa, nokuvumelana nezimo ukuze onjiniyela bengeze izingxenye.
2. Sebenzisa amasistimu okuphatha ukulungisa ukuze ulawule umjikelezo wempilo weziqukathi ezinesendlalelo sokucushwa okusekelwe ezithombeni eziyisisekelo ezitholakala kumakhosombe asesidlangalaleni noma angasese.
3. Hlanganisa iplathifomu yakho ye-CaaS ngamathuluzi azenzakalelayo ukuze wenze ngokuzenzakalelayo lonke uhlelo lwakho lokusebenza.

Indlela yokuphatha iziqukathi ezinama-orchestrators

Umsebenzi owumongo wokuphakela iziqukathi unikezwa ku-orchestration nesendlalelo sokuhlela. Ngesikhathi sokuhlela, iziqukathi zibekwa kubasingathi abangcono kakhulu kuqoqo, njengoba kushiwo izidingo zesendlalelo se-orchestration. 

I-Kubernetes isiphenduke indinganiso ye-orchestration yesiqukathi se-de facto nomphakathi osebenzayo futhi isekelwa abathengisi abaningi bezentengiselwano abahamba phambili. 

Izincomo ezivela ku-Gartner:

1. Chaza izidingo eziyisisekelo zezilawuli zokuphepha, ukuqapha, ukuphathwa kwenqubomgomo, ukuphikelela kwedatha, ukunethiwekha kanye nokuphathwa komjikelezo wempilo yesiqukathi.
2. Ngokusekelwe kulezi zidingo, khetha ithuluzi elifanelana kangcono nezidingo zakho kanye namacala okusebenzisa.
3. Sebenzisa ucwaningo lwe-Gartner (bona "Ungakhetha kanjani imodeli yokuthunyelwa kwe-Kubernetes") ukuze uqonde okuhle nokubi kwamamodeli ahlukene okuthunyelwa kwe-Kubernetes bese ukhetha elungele uhlelo lwakho lokusebenza.
4. Khetha umhlinzeki onganikeza i-hybrid orchestration yeziqukathi zomsebenzi ezindaweni eziningi ezinokuhlanganiswa okuqinile kwasemuva, izinhlelo zokuphatha ezivamile, namamodeli entengo angashintshi.

Asetshenziswa kanjani amakhono abahlinzeki bamafu

UGartner uyakholwaleyo ntshisekelo yokuthumela iziqukathi kumafu omphakathi i-IaaS iyakhula ngenxa yokutholakala kweminikelo ye-CaaS eseyenziwe ngomumo, kanye nokuhlanganiswa okuqinile kwalokhu kunikezwa neminye imikhiqizo ehlinzekwa abahlinzeki bamafu.

Amafu e-IaaS anikezela ngokusetshenziswa kwensiza okudingekayo, ukukala okusheshayo kanye ukuphathwa kwesevisi, okuzosiza ekugwemeni isidingo solwazi olujulile lwengqalasizinda nokugcinwa kwayo. Abahlinzeki abaningi bamafu banikeza isevisi yokuphatha iziqukathi, futhi abanye banikeza izinketho eziningi zokucula. 

Abahlinzeki besevisi abaphethwe ngamafu ababalulekile bethulwa kuthebula: 

Umhlinzeki wamafu
Uhlobo lwesevisi
Umkhiqizo/isevisi

Alibaba
Isevisi Yamafu Yomdabu
Isevisi ye-Alibaba Cloud Container, i-Alibaba Cloud Container Service ye-Kubernetes

Ama-Web Web Services (AWS)
Isevisi Yamafu Yomdabu
I-Amazon Elastic Container Services (ECS), i-Amazon ECS ye-Kubernetes (EKS), i-AWS Fargate

I-Giant Swarm
MSP
I-Giant Swarm Ephethe Ingqalasizinda ye-Kubernetes

-Google
Isevisi Yamafu Yomdabu
I-Google Container Engine (GKE)

IBM
Isevisi Yamafu Yomdabu
Isevisi ye-IBM Cloud Kubernetes

Microsoft
Isevisi Yamafu Yomdabu
Isevisi ye-Azure Kubernetes, Indwangu Yesevisi ye-Azure

Oracle
Isevisi Yamafu Yomdabu
Injini Yesiqukathi ye-OCI ye-Kubernetes

I-Platform9
MSP
Uphethwe u-Kubernetes

I-Red Hat
Isevisi ephethwe
I-OpenShift Inikezelwe & Iku-inthanethi

VMware
Isevisi ephethwe
Cloud PKS (Beta)

I-Mail.ru Cloud Solutions*
Isevisi Yamafu Yomdabu
I-Mail.ru Cloud Containers

* Ngeke sikufihle, sizingezile lapha ngesikhathi sokuhumusha :)

Abahlinzeki bamafu omphakathi nabo bengeza amakhono amasha futhi bakhipha imikhiqizo esemagcekeni. Esikhathini esizayo esiseduze, abahlinzeki bamafu bazothuthukisa ukusekelwa kwamafu ayingxube nezindawo ezinamafu amaningi. 

Izincomo zikaGartner:

1. Hlola ngokunenhloso ikhono lenhlangano yakho lokusebenzisa nokuphatha amathuluzi afanelekile, futhi ucabangele amanye amasevisi okuphatha isiqukathi sefu.
2. Khetha isofthiwe ngokucophelela, sebenzisa umthombo ovulekile lapho kungenzeka khona.
3. Khetha abahlinzeki abanamamodeli okusebenza avamile ezindaweni ezixubile ezinikeza ifasitelana elilodwa lokuphathwa kwengilazi yamaqoqo ahlanganisiwe, kanye nabahlinzeki abenza kube lula ukuzibambela wena ngokwakho i-IaaS.

Amanye amathiphu wokukhetha umhlinzeki we-Kubernetes aaS kubhulogi le-Replex:

1. Kuyafaneleka ukufuna ukusabalalisa okusekela ukutholakala okuphezulu ngaphandle kwebhokisi. Lokhu kuhlanganisa ukusekelwa kwezakhiwo eziningi ezinkulu, izingxenye ezitholakala kakhulu njlld, nokwenza isipele nokuthola usizo.
2. Ukuze uqinisekise ukuhamba endaweni yakho ye-Kubernetes, kungcono ukhethe abahlinzeki bamafu abasekela inhlobo ebanzi yamamodeli okuthunyelwa, kusukela endaweni okukuyo ukuya ku-hybrid ukuya kumafu amaningi. 
3. Iminikelo yabahlinzeki kufanele futhi ihlolwe ngokusekelwe ekubeni lula kokusetha, ukufakwa, nokudala iqoqo, kanye nezibuyekezo, ukuqapha, nokuxazulula izinkinga. Imfuneko eyisisekelo iwukusekela ngokugcwele izibuyekezo zeqoqo ezingasebenzi isikhathi sokuphumula. Isixazululo osikhethayo kufanele futhi sikuvumele ukuthi wenze izibuyekezo mathupha. 
4. Ubunikazi nokuphathwa kokufinyelela kubalulekile ngokokubheka kokubili ukuphepha nokuphatha. Qiniseka ukuthi ukusabalalisa kwe-Kubernetes oyikhethayo kusekela ukuhlanganiswa namathuluzi okufakazela ubuqiniso nokugunyaza owasebenzisa ngaphakathi. I-RBAC nokulawula kokufinyelela okuhlaziywe kahle nakho kuyisethi yezici ezibalulekile.
5. Ukusabalalisa okukhethayo kufanele kube nesixazululo sohleloxhumano esichazwe yi-software esihlanganisa ububanzi obubanzi bezidingo zezinhlelo zokusebenza ezihlukene noma ingqalasizinda, noma sisekele ukusetshenziswa kwenethiwekhi okusekelwe ku-CNI okudumile, okuhlanganisa i-Flannel, i-Calico, i-kube-router, noma i-OVN.

Ukwethulwa kweziqukathi ekukhiqizeni sekuyiyona ndlela ehamba phambili, njengoba kufakazelwa yimiphumela yocwaningo olwenziwe Izikhathi zikaGartner kungqalasizinda, imisebenzi namasu amafu (IOCS) ngoDisemba 2018:

Njengoba ubona, u-27% wabaphenduli kakade usebenzisa iziqukathi emsebenzini wabo, futhi u-63% uhlela ukwenza kanjalo.

В Inhlolovo ye-Portworx ne-Aqua Security U-24% wabaphenduli babike ukuthi batshala imali engaphezu kwengxenye yesigidi samadola ngonyaka kubuchwepheshe bamakhonteyna, futhi u-17% wabaphenduli basebenzisa imali engaphezu kwesigidi samadola ngonyaka kubo. 

I-athikili ilungiswe ithimba lenkundla yamafu I-Mail.ru Cloud Solutions.

Yini enye ongayifunda esihlokweni:

1. I-DevOps Best Practices: Umbiko we-DORA.
2. U-Kubernetes emoyeni wobugebengu ngesifanekiso sokusetshenziswa.
3. 25 Amathuluzi Awusizo Okuthunyelwa Kwe-Kubernetes Nokwamukelwa.

Source: www.habr.com