Umuzwa wethu wokuthuthukisa umshayeli we-CSI e-Kubernetes ye-Yandex.Cloud

Siyajabula ukumemezela ukuthi i-Flant inweba umnikelo wayo kumathuluzi omthombo ovulekile we-Kubernetes ngokukhipha inguqulo ye-alpha yomshayeli we-CSI (I-Container Storage Interface) ye-Yandex.Cloud.

Kodwa ngaphambi kokudlulela emininingwaneni yokuqaliswa, ake siphendule umbuzo wokuthi kungani lokhu kuyadingeka nhlobo lapho i-Yandex isivele inesevisi. Isevisi Ephethwe ye-Kubernetes.

Isingeniso

Kungani lokhu?

Ngaphakathi kwenkampani yethu, kusukela ekuqaleni kokusebenzisa i-Kubernetes ekukhiqizeni (okungukuthi iminyaka eminingana manje), besisakha ithuluzi lethu (i-deckhouse), okuyinto, ngendlela, futhi sihlela ukuyenza itholakale njengephrojekthi yomthombo ovulekile. . Ngosizo lwayo, silungiselela ngokulinganayo futhi silungiselela wonke amaqoqo ethu, futhi njengamanje asevele angaphezulu kwe-100 awo, ezinhlobonhlobo zokucushwa kwehadiwe nakuzo zonke izinsiza zamafu ezitholakalayo.

Amaqoqo asebenzisa i-deckhouse anazo zonke izingxenye ezidingekayo ekusebenzeni: abalinganisi, ukuqapha ngamashadi afanelekile, amamethrikhi nezixwayiso, ukuqinisekiswa komsebenzisi ngabahlinzeki bangaphandle ukuze kufinyelelwe kuwo wonke amadeshibhodi, nokunye. Asikho iphuzu ekufakeni iqoqo elinjalo "le-pumped up" kusixazululo esiphethwe, ngoba lokhu ngokuvamile akunakwenzeka noma kuzoholela esidingweni sokukhubaza ingxenye yezingxenye.

NB: Lokhu kungokuhlangenwe nakho kwethu, futhi kucacile. Asiphakamisi nakancane ukuthi wonke umuntu kufanele asebenzise amaqoqo e-Kubernetes eyedwa esikhundleni sokusebenzisa izixazululo esezivele zenziwe. Ngendlela, asinaso isipiliyoni sangempela sokusebenzisa i-Kubernetes evela ku-Yandex futhi ngeke sinikeze noma yikuphi ukuhlolwa kwale sevisi kulesi sihloko.

Kuyini futhi kubani?

Ngakho-ke, sesivele sikhulume ngendlela yesimanje yokugcina e-Kubernetes: isebenza kanjani i-CSI? и umphakathi ufike kanjani kule ndlela.

Njengamanje, abahlinzeki abaningi bensizakalo yamafu amakhulu bathuthukise abashayeli bokusebenzisa amadiski abo amafu njenge-Persistent Volume ku-Kubernetes. Uma umphakeli engenawo umshayeli onjalo, kodwa yonke imisebenzi edingekayo inikezwa nge-API, ngakho-ke akukho lutho olukuvimbela ekusebenziseni umshayeli ngokwakho. Yilokhu okwenzekile nge-Yandex.Cloud.

Sathatha njengesisekelo sentuthuko Umshayeli we-CSI wefu le-DigitalOcean kanye nemibono embalwa evela abashayeli be-GCP, njengoba ukusebenzisana ne-API yalawa mafu (i-Google ne-Yandex) kunokufana okuningi. Ikakhulukazi, i-API kanye I-GCP, kanye y Yandex buyisela into Operation ukulandelela isimo semisebenzi esebenza isikhathi eside (isibonelo, ukudala idiski entsha). Ukuze uhlanganyele ne-Yandex.Cloud API, sebenzisa I-Yandex.Cloud Go SDK.

Umphumela womsebenzi owenziwe ishicilelwe ku-GitHub futhi ingase ibe usizo kulabo, ngesizathu esithile, abasebenzisa ukufakwa kwabo kwe-Kubernetes emishinini ebonakalayo ye-Yandex.Cloud (kodwa hhayi iqoqo eliphethwe esenziwe ngomumo) futhi bangathanda ukusebenzisa (uku-oda) amadiski nge-CSI.

Ukuqaliswa

Izici Eziyinhloko

Okwamanje umshayeli usekela imisebenzi elandelayo:

• Uku-oda amadiski kuzo zonke izindawo zeqoqo ngokuya nge-topology yama-node kuqoqo;
• Ukukhipha ama-disc a-odwe ngaphambilini;
• Shintsha usayizi ongaxhunyiwe ku-inthanethi wamadiski (Yandex.Cloud ungasekeli ukwandisa amadiski afakwe emshinini we-virtual). Ukuze uthole ulwazi mayelana nokuthi umshayeli kwadingeka ashintshwe kanjani ukuze enze usayizi omusha ungabi buhlungu ngangokunokwenzeka, bheka ngezansi.

Ngokuzayo, sihlela ukusebenzisa ukwesekwa kokudala kanye nokususa izifinyezo zediski.

Ubunzima obukhulu kanye nendlela yokubunqoba

Ukuntuleka kwekhono lokukhulisa amadiski ngesikhathi sangempela ku-Yandex.Cloud API kuwumkhawulo ohlanganisa ukusebenza kokushintsha usayizi we-PV (Ivolumu Eqhubekayo): kulokhu, kuyadingeka ukuthi i-pod yesicelo esebenzisa idiski imiswe, futhi lokhu kungabangela ukungasebenzi kwezinhlelo zokusebenza.

Ngokusho Imininingwane ye-CSI, uma isilawuli se-CSI sibika ukuthi singashintsha usayizi wamadiski kuphela “ngokungaxhunyiwe ku-inthanethi” (VolumeExpansion.OFFLINE), khona-ke inqubo yokwandisa idiski kufanele ihambe kanje:

Uma i-plugin inakho kuphela VolumeExpansion.OFFLINE amandla okunweba kanye nevolumu okwamanje ishicilelwe noma iyatholakala ku-node ke ControllerExpandVolume KUMELE kubizwe KUPHELA ngemva kokunye:

• I-plugin inesilawuli PUBLISH_UNPUBLISH_VOLUME ikhono kanye ControllerUnpublishVolume icelwe ngempumelelo.

OKANYE

• I-plugin AYINASO isilawuli PUBLISH_UNPUBLISH_VOLUME amandla, i-plugin ine-node STAGE_UNSTAGE_VOLUME ikhono, futhi NodeUnstageVolume kuqedwe ngempumelelo.

OKANYE

• I-plugin AYINASO isilawuli PUBLISH_UNPUBLISH_VOLUME ikhono, noma i-node STAGE_UNSTAGE_VOLUME ikhono, futhi NodeUnpublishVolume iqede ngempumelelo.

Lokhu kusho ukuthi udinga ukukhipha idiski emshinini obonakalayo ngaphambi kokuyandisa.

Nokho, ngeshwa ukuqaliswa Ukucaciswa kwe-CSI ngama-sidecars akuhlangabezani nalezi zidingo:

• Esitsheni senqola eseceleni csi-attacher, okufanele kube nesibopho sokuba khona kwegebe elidingekayo phakathi kwezikhwezi, lokhu kusebenza akwenziwanga ekushintsheni usayizi ongaxhunyiwe ku-inthanethi. Kwaqalwa ingxoxo ngalokhu lapha.
• Siyini ngempela isiqukathi senqola eseceleni kulo mongo? I-plugin ye-CSI ngokwayo ayisebenzisani ne-Kubernetes API, kodwa iphendula kuphela izingcingo ze-gRPC ezithunyelwe kuyo ngeziqukathi ze-sidecar. Okwakamuva ziyathuthukiswa ngumphakathi wakwaKubernetes.

Esimweni sethu (i-plugin ye-CSI), ukusebenza kokukhulisa idiski kubukeka kanje:

1. Sithola ikholi ye-gRPC ControllerExpandVolume;
2. Sizama ukukhulisa idiski ku-API, kodwa sithola iphutha mayelana nokungenzeki kokwenza umsebenzi ngoba idiski ifakwe;
3. Sigcina isihlonzi sediski kumephu, equkethe amadiski okumele kwenziwe umsebenzi wokukhuphula. Ngezansi, ngokufushane, sizobiza le mephu njenge volumeResizeRequired;
4. Khipha mathupha i-pod esebenzisa idiski. U-Kubernetes uzoyiqala kabusha. Ukuze idiski ingabi naso isikhathi sokufaka (ControllerPublishVolume) ngaphambi kokuqedela umsebenzi wokukhulisa lapho sizama ukukhweza, sihlola ukuthi idiski enikeziwe isekhona volumeResizeRequired futhi ubuyisele iphutha;
5. Umshayeli we-CSI uzama ukwenza kabusha umsebenzi wokushintsha usayizi. Uma ukusebenza kuphumelele, susa idiski kuyo volumeResizeRequired;
6. Ngoba I-ID yediski ayikho volumeResizeRequired, ControllerPublishVolume idlula ngempumelelo, idiski ifakwe, i-pod iqala.

Konke kubukeka kulula ngokwanele, kodwa njengoba kuhlale kunezingibe. Yandisa amadiski usayizi wangaphandle wangaphandle, okuthi uma kwenzeka kuba nephutha ngesikhathi sokusebenza isebenzisa ulayini ngokunyuka okukhulu kwesikhathi sokuvala kufika kumasekhondi angu-1000:

func DefaultControllerRateLimiter() RateLimiter {
  return NewMaxOfRateLimiter(
  NewItemExponentialFailureRateLimiter(5*time.Millisecond, 1000*time.Second),
  // 10 qps, 100 bucket size.  This is only for retry speed and its only the overall factor (not per item)
  &BucketRateLimiter{Limiter: rate.NewLimiter(rate.Limit(10), 100)},
  )
}

Lokhu kungase kubangele ngezikhathi ezithile ukuthi umsebenzi wokunwetshwa kwediski unwetshwe imizuzu engu-15+ futhi, ngaleyo ndlela, i-pod ehambisanayo ingatholakali.

Okuwukuphela kwenketho eyasivumela kalula nangokungenabuhlungu ukuthi sinciphise isikhathi esingase sibe khona kwakuwukusetshenziswa kwenguqulo yethu ye-external-resizer enomkhawulo omkhulu wokuvala. emizuzwaneni emi-5:

workqueue.NewItemExponentialFailureRateLimiter(5*time.Millisecond, 5*time.Second)

Asikubonanga kudingekile ukuqalisa ingxoxo ngokushesha futhi sichibiyele i-external-resizer, ngoba ukushintsha usayizi ongaxhunyiwe ku-inthanethi wamadiski kuwukubuyisela emuva okuzonyamalala kubo bonke abahlinzeki bamafu.

Ungaqala kanjani ukusebenzisa?

Umshayeli usekelwa ku-Kubernetes version 1.15 nangaphezulu. Ukuze umshayeli asebenze, lezi zidingo ezilandelayo kufanele zihlangabezane nazo:

• Maka umkhosi --allow-privileged setha inani true okweseva ye-API kanye ne-kubelet;
• Kufakiwe --feature-gates=VolumeSnapshotDataSource=true,KubeletPluginsWatcher=true,CSINodeInfo=true,CSIDriverRegistry=true okweseva ye-API kanye ne-kubelet;
• I-Mount propagation (i-mount propagation) kumele ivulwe ku-cluster. Uma usebenzisa i-Docker, i-daemon kufanele ilungiswe ukuze ivumele ukukhweza okwabiwe.

Zonke izinyathelo ezidingekayo zokufaka ngokwayo kuchazwe kokuthi README. Ukufakwa kufaka phakathi ukudala izinto ku-Kubernetes kusuka kuma-manifest.

Ukuze umshayeli asebenze uzodinga okulandelayo:

• Cacisa isihlonzi sohla lwemibhalo ku-manifest (folder-id) Yandex.Cloud (bheka imibhalo);
• Ukuze uhlanganyele ne-Yandex.Cloud API, umshayeli we-CSI usebenzisa i-akhawunti yesevisi. Ku-manifest, Imfihlo kufanele idluliswe okhiye abagunyaziwe kusuka ku-akhawunti yesevisi. Embhalweni kuchaziwe, ungayenza kanjani i-akhawunti yesevisi futhi uthole okhiye.

Sekukonke - zama, futhi sizojabula ukuthola impendulo futhi izindaba ezintshauma uhlangabezana nezinkinga!

Ukwesekwa okwengeziwe

Ngenxa yalokho, sithanda ukuqaphela ukuthi asisebenzise lo mshayeli we-CSI ngenxa yesifiso esikhulu sokuzijabulisa ngokubhala izicelo ku-Go, kodwa ngenxa yesidingo esiphuthumayo ngaphakathi kwenkampani. Akubonakali kuwusizo kithi ukugcina ukuqaliswa kwethu siqu, ngakho-ke uma i-Yandex ibonisa isithakazelo futhi inquma ukuqhubeka nokusekela umshayeli, sizokujabulela ukudlulisela indawo yokugcina kubo.

Ngaphezu kwalokho, i-Yandex cishe inokuqaliswa kwayo komshayeli we-CSI kuqoqo layo eliphethwe i-Kubernetes, elingakhululwa ku-Open Source. Futhi sibona le nketho yokuthuthukisa njengeyinhle - umphakathi uzokwazi ukusebenzisa umshayeli oqinisekisiwe ovela kumhlinzeki wesevisi, hhayi ovela enkampanini yangaphandle.

PS

Funda futhi kubhulogi yethu:

• «Ama-plugin wevolumu okugcinwa kwe-Kubernetes: ukusuka ku-Flexvolume kuya ku-CSI";
• «Siyasiqonda I-Container Storage Interface (ku-Kubernetes hhayi kuphela)";
• «Ingabe kulula futhi kulula ukulungisa iqoqo le-Kubernetes? Imemezela i-addon-opharetha";
• «Ukwandisa nokwengeza i-Kubernetes (uhlolojikelele kanye nombiko wevidiyo)".

Source: www.habr.com