Isinyathelo sokuqala sokuthumela ku-Kubernetes ukubeka isicelo sakho esitsheni. Kulolu chungechunge, sizobheka ukuthi ungakha kanjani isithombe sesitsha esivikelekile.
Ngenxa ye-Docker, ukudala izithombe zesitsha akukaze kube lula. Cacisa isithombe esiyisisekelo, engeza izinguquko zakho, bese udala isiqukathi.
Nakuba le nqubo inhle kakhulu ekuqaliseni, ukusebenzisa izithombe eziyisisekelo ezizenzakalelayo kungaholela emsebenzini ongaphephile ngezithombe ezinkulu ezigcwele ubungozi.
Ukwengeza, izithombe eziningi ku-Docker zisebenzisa i-Debian noma Ubuntu ngesithombe esiyisisekelo, futhi nakuba lokhu kunikeza ukuhambisana okuhle kakhulu nokwenza ngokwezifiso okulula (ifayela le-Docker lithatha imigqa emibili kuphela yekhodi), izithombe eziyisisekelo zingangeza amakhulu amamegabhayithi omthwalo owengeziwe esitsheni sakho. Isibonelo, ifayela le-node.js elilula lohlelo lokusebenza lwe-Go "hello-world" lilinganiselwa ku-700 megabytes, kuyilapho uhlelo lwakho lokusebenza lungamamegabhayithi ambalwa kuphela ngosayizi.
Ngakho wonke lo msebenzi owengeziwe uwukumosha indawo yedijithali nendawo enhle yokucasha ngobungozi bokuphepha nezimbungulu. Ngakho-ke ake sibheke izindlela ezimbili zokunciphisa usayizi wesithombe sesitsha.
Okokuqala ukusetshenziswa kwezithombe ezincane eziyisisekelo, okwesibili ukusetshenziswa kwephethini yomakhi. Ukusebenzisa izithombe eziyisisekelo ezincane cishe kuyindlela elula yokunciphisa usayizi wesiqukathi sakho. Ngokunokwenzeka, ulimi noma isitaki osisebenzisayo sinikeza isithombe soqobo sohlelo lokusebenza esincane kakhulu kunesithombe esimisiwe. Ake sibheke isitsha sethu se-node.js.
Ngokuzenzakalelayo ku-Docker, i-node: usayizi wesithombe oyisisekelo esingu-8 ngu-670 MB, futhi indawo: usayizi wesithombe se-8-alpine ngu-65 MB kuphela, okungukuthi, izikhathi ezingu-10 ezincane. Ngokusebenzisa isithombe esincane sesisekelo se-Alpine, uzonciphisa kakhulu usayizi wesiqukathi sakho. I-Alpine ukusatshalaliswa kweLinux encane futhi engasindi okudume kakhulu phakathi kwabasebenzisi be-Docker ngoba iyahambisana nezinhlelo zokusebenza eziningi ngenkathi igcina iziqukathi zincane. Ngokungafani nesithombe esijwayelekile se-Docker "node", "i-node:alpine" isusa amafayela amaningi nezinhlelo zesevisi, ishiya kuphela lezo ezanele ukusebenzisa uhlelo lwakho lokusebenza.
Ukuze uye esithombeni esincane esiyisisekelo, vele ubuyekeze i-Dockerfile ukuze uqale ukusebenza ngesithombe esisha sesisekelo:
Manje, ngokungafani nesithombe esidala se-onbuild, udinga ukukopisha ikhodi yakho kusiqukathi futhi ufake noma yikuphi ukuncika. Ku-Dockerfile entsha, isiqukathi siqala nge-node:isithombe se-alpine, bese sidala uhla lwemibhalo lwekhodi, sifaka okuncikile kusetshenziswa umphathi wephakheji ye-NPM, futhi ekugcineni sisebenzisa i-server.js.
Lokhu kuthuthukiswa kuphumela esitsheni esinosayizi ophindwe ka-10. Uma ulimi lwakho lohlelo noma isitaki singenakho ukusebenza kokunciphisa isithombe esiyisisekelo, sebenzisa i-Alpine Linux. Izophinde inikeze amandla okuphatha ngokugcwele okuqukethwe kwesitsha. Ukusebenzisa izithombe ezincane eziyisisekelo kuyindlela enhle yokudala ngokushesha iziqukathi ezincane. Kodwa ukuncishiswa okukhulu nakakhulu kungafinyelelwa kusetshenziswa i-Builder Pattern.
Ngezilimi ezihunyushiwe, ikhodi yomthombo iqale idluliselwe kumhumushi bese isetshenziswa ngokuqondile. Ezilimini ezihlanganisiwe, ikhodi yomthombo iqala ukuguqulwa ibe ikhodi ehlanganisiwe. Nokho, ukuhlanganisa kuvame ukusebenzisa amathuluzi angadingeki ngempela ukusebenzisa ikhodi. Lokhu kusho ukuthi ungakwazi ukususa ngokuphelele lawa mathuluzi esitsheni sokugcina. Ungasebenzisa Iphethini Yomakhi kulokhu.
Ikhodi idalwe esitsheni sokuqala futhi ihlanganiswe. Ikhodi ehlanganisiwe ibe isipakishwa esitsheni sokugcina ngaphandle kwabahlanganisi namathuluzi adingekayo ukuze kuhlanganiswe leyo khodi. Masiqalise uhlelo lokusebenza lwe-Go ngale nqubo. Okokuqala, sizosuka esithombeni se-onbuild siye e-Alpine Linux.
Ku-Dockerfile entsha, isiqukathi siqala ngesithombe se-golang:alpine. Ibese idala uhla lwemibhalo lwekhodi, ilikopishele kukhodi yomthombo, yakha leyo khodi yomthombo, futhi iqalise uhlelo lokusebenza. Lesi sitsha sincane kakhulu kunesitsha se-onbuild, kodwa sisaqukethe isihlanganisi namanye amathuluzi we-Go esingawadingi ngempela. Ngakho-ke ake sivele sikhiphe uhlelo oluhlanganisiwe bese silufaka esitsheni salo.
Ungase ubone okuthile okungajwayelekile kuleli fayela le-Docker: liqukethe imigqa emibili ethi FROM. Isigaba sokuqala somugqa we-4 sibukeka sifana ncamashi ne-Dockerfile yangaphambilini ngaphandle kokuthi sisebenzisa igama elingukhiye elithi AS ukuqamba lesi sigaba. Isigaba esilandelayo sinomugqa omusha othi FROM ukuze siqale isithombe esisha, lapho esikhundleni sesithombe se-golang:alpine sizosebenzisa i-Raw alpine njengesithombe esiyisisekelo.
I-Raw Alpine Linux ayinazo izitifiketi ze-SSL ezifakiwe, okuzokwenza ukuthi amakholi amaningi e-API nge-HTTPS ahluleke, ngakho-ke masifake izitifiketi ze-CA zempande.
Manje sekuza ingxenye ejabulisayo: ukukopisha ikhodi ehlanganisiwe ukusuka esitsheni sokuqala uye kwesesibili, ungamane usebenzise umyalo othi COPY otholakala kulayini 5 wesigaba sesibili. Izokopisha ifayela elilodwa lohlelo lokusebenza futhi ngeke ithinte amathuluzi okusetshenziswayo we-Go. Ifayela elisha le-Docker lezigaba eziningi lizoqukatha isithombe sesitsha esingamamegabhayithi angu-12 kuphela ngosayizi, uma siqhathaniswa nesithombe sokuqala sesiqukathi esasingamamegabhayithi angu-700, okuwumehluko omkhulu!
Ngakho ukusebenzisa izithombe ezincane eziyisisekelo kanye Nephethini Yomakhi kuyizindlela ezinhle zokudala iziqukathi ezincane kakhulu ngaphandle komsebenzi omningi.
Kungenzeka ukuthi kuye ngesitaki sohlelo lokusebenza, kunezindlela ezengeziwe zokunciphisa usayizi wesithombe nesiqukathi, kodwa ingabe iziqukathi ezincane zinenzuzo elinganisekayo ngempela? Ake sibheke izindawo ezimbili lapho iziqukathi ezincane zisebenza kahle kakhulu - ukusebenza nokuphepha.
Ukuze uhlole ukukhuphuka kokusebenza, cabanga ubude besikhathi senqubo yokudala isitsha, usifake ebhukwini (push), bese usikhipha lapho (donsa). Ungabona ukuthi isiqukathi esincane sinenzuzo ehlukile kunesitsha esikhulu.
I-Docker izogcina izendlalelo ukuze ukwakhiwa okulandelayo kuzoshesha kakhulu. Kodwa-ke, amasistimu amaningi e-CI asetshenziselwa ukwakha kanye neziqukathi zokuhlola azigcini inqolobane izendlalelo, ngakho-ke kukhona ukonga kwesikhathi okubalulekile. Njengoba ubona, isikhathi sokwakha isitsha esikhulu, kuye ngamandla omshini wakho, sisuka kumasekhondi angama-34 kuye kwangama-54, futhi lapho usebenzisa isitsha sincishisiwe kusetshenziswa i-Builder Pattern - kusuka kumasekhondi angama-23 kuye kwangama-28. Ngokusebenza kwalolu hlobo, ukwanda kokukhiqiza kuzoba ngama-40-50%. Ngakho-ke cabanga nje ukuthi wakha izikhathi ezingaki futhi uhlole ikhodi yakho.
Ngemuva kokuthi isiqukathi sesakhiwe, udinga ukusunduza isithombe saso (isithombe sesitsha sokusunduza) kurejista yesiqukathi ukuze ukwazi ukusisebenzisa kuqoqo lakho le-Kubernetes. Ngincoma ukusebenzisa i-Google Container Registry.
Nge-Google Container Registry (GCR), ukhokhela kuphela isitoreji esingavuthiwe kanye nenethiwekhi, futhi azikho izinkokhelo ezengeziwe zokuphatha isiqukathi. Iyimfihlo, ivikelekile futhi ishesha kakhulu. I-GCR isebenzisa amaqhinga amaningi ukusheshisa ukusebenza kokudonsa. Njengoba ubona, ukufaka isitsha se-Docker Container Image usebenzisa i-go:onbuild kuzothatha imizuzwana eyi-15 kuye kwengama-48, kuye ngokusebenza kwekhompyutha, futhi ukusebenza okufanayo ngesiqukathi esincane kuzothatha imizuzwana eyi-14 kuye kweyi-16, kanye nemishini ekhiqiza kancane. inzuzo ngesivinini sokusebenza ikhuphuka izikhathi ezi-3. Emishinini emikhulu, isikhathi sesicishe sifane, njengoba i-GCR isebenzisa inqolobane yomhlaba wonke yesizindalwazi esabiwe sezithombe, okusho ukuthi awudingi nhlobo ukuzilayisha. Kukhompyutha enamandla aphansi, i-CPU iyibhodlela, ngakho-ke inzuzo yokusebenzisa iziqukathi ezincane inkulu kakhulu lapha.
Uma usebenzisa i-GCR, ngincoma kakhulu ukusebenzisa i-Google Container Builder (GCB) njengengxenye yesistimu yakho yokwakha.
Njengoba ubona, ukusetshenziswa kwayo kukuvumela ukuthi uzuze imiphumela engcono kakhulu yokunciphisa isikhathi sokusebenza kwe-Build+Push kunomshini okhiqizayo - kulokhu, inqubo yokwakha nokuthumela iziqukathi kumsingathi isheshisa cishe izikhathi ezi-2. . Futhi, uthola imizuzu yokwakha yamahhala engu-120 nsuku zonke, ehlanganisa izidingo zakho zesakhiwo sesitsha ezikhathini eziningi.
Okulandelayo kuza imethrikhi yokusebenza ebaluleke kakhulu - isivinini sokubuyisa, noma ukulanda, iziqukathi zokudonsa. Futhi uma ungenandaba kakhulu nesikhathi esichithwe ekusebenzeni kokusunduza, ubude benqubo yokudonsa bunomthelela ongathi sΓna ekusebenzeni kohlelo lonke. Ake sithi uneqoqo lamanodi amathathu futhi eyodwa yawo iyehluleka. Uma usebenzisa isistimu yokuphatha efana ne-Google Kubernetes Engine, izongena ngokuzenzakalelayo esikhundleni se-node efile ibe entsha. Nokho, le nodi entsha izobe ingenalutho ngokuphelele futhi kuzodingeka uhudulele zonke iziqukathi zakho kuyo ukuze iqale ukusebenza. Uma ukusebenza kokudonsa kuthatha isikhathi eside ngokwanele, iqoqo lakho lizosebenza ngokusebenza okuphansi ngaso sonke isikhathi.
Kunezimo eziningi lapho lokhu kungenzeka khona: ukwengeza i-node entsha kuqoqo, ukuthuthukisa ama-node, noma ngisho nokushintshela esitsheni esisha ukuze sisetshenziswe. Ngakho-ke, ukunciphisa isikhathi sokudonsa kuba yinto ebalulekile. Akunakuphikwa ukuthi isiqukathi esincane silanda ngokushesha kakhulu kunesikhulu. Uma usebenzisa iziqukathi eziningi kuqoqo le-Kubernetes, ukonga isikhathi kungase kubaluleke.
Bheka lesi siqhathaniso: umsebenzi wokudonsa ezitsheni ezincane kuthatha isikhathi esincane esiphindwe izikhathi ezingu-4-9, kuye ngamandla omshini, kunokusebenza okufanayo usebenzisa i-go:onbuild. Ukusebenzisa okwabiwe, izithombe zesisekelo seziqukathi ezincane kusheshisa kakhulu isikhathi nesivinini lapho amanodi amasha e-Kubernetes angafakwa futhi eze ku-inthanethi.
Ake sibheke indaba yezokuphepha. Iziqukathi ezincane zibhekwa njengeziphephe kakhulu kunezinkulu ngoba zinendawo encane yokuhlasela. Ingabe ngempela? Esinye sezici eziwusizo kakhulu ze-Google Container Registry yikhono lokuskena iziqukathi zakho ngokuzenzakalelayo ukuze uthole ubungozi. Ezinyangeni ezimbalwa ezedlule ngidale kokubili iziqukathi ze-onbuild ne-multistage, ngakho-ke ake sibone ukuthi abukho yini ubungozi lapho.
Umphumela uyamangalisa: 3 kuphela ubungozi obumaphakathi obutholwe esitsheni esincane, futhi 16 obubucayi kanye nobunye ubungozi obungu-376 kutholwe esitsheni esikhulu. Uma sibheka okuqukethwe kwesitsha esikhulu, singabona ukuthi izinkinga eziningi zokuphepha azihlangene nesicelo sethu, kodwa zihlobene nezinhlelo esingazisebenzisi ngisho. Ngakho-ke lapho abantu bekhuluma ngendawo enkulu yokuhlasela, yilokho abakushoyo.
I-takeaway icacile: yakha iziqukathi ezincane ngoba zinikeza ukusebenza kwangempela nezinzuzo zokuphepha ohlelweni lwakho.
Ezinye izikhangiso π
Siyabonga ngokuhlala nathi. Uyazithanda izindatshana zethu? Ufuna ukubona okuqukethwe okuthakaselayo okwengeziwe? Sisekele ngokufaka i-oda noma ngokuncoma kubangani, , i-analogue ehlukile yamaseva ezinga lokungena, esungulwe yithi ngenxa yakho: (itholakala nge-RAID1 kanye ne-RAID10, kufika kuma-cores angu-24 kuze kufike ku-40GB DDR4).
I-Dell R730xd 2x ishibhile esikhungweni sedatha se-Equinix Tier IV e-Amsterdam? Lapha kuphela eNetherlands! I-Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - isuka ku-$99! Funda mayelana
Source: www.habr.com