Sawubona Habr!
Ekupheleni kwehlobo, sifuna ukukukhumbuza ukuthi siyaqhubeka nokusebenza ngesihloko
Jabulela ukufunda!
Ngesikhathi sokubhala lesi sihloko, iminyaka kaKubernetes isicishe ibe.
Iziqukathi zaqala njengomklamo okhethekile wokuhlukanisa izinqubo ku-Linux; iziqukathi zifakiwe kusukela ngo-2007
Ukuzama ukuqonda ukuthi kungani uKubernetes ethandwa kangaka, ake sizame ukuphendula imibuzo embalwa. Kunini lapho onjiniyela begcine khona ukuvumelana ngokuthi bangathumela kanjani izinhlelo zokusebenza ekukhiqizeni? Bangaki onjiniyela obaziyo abasebenzisa amathuluzi njengoba enikezwa ngaphandle kwebhokisi? Bangaki abaphathi bamafu namuhla abangaqondi ukuthi izinhlelo zokusebenza zisebenza kanjani? Sizobheka izimpendulo zale mibuzo kulesi sihloko.
Ingqalasizinda njenge-YAML
Emhlabeni osuke kuPuppet noChef waya ku-Kubernetes, olunye lwezinguquko ezinkulu kwaba ukusuka “kungqalasizinda njengekhodi” kuya “kwingqalasizinda njengedatha”—ikakhulukazi, njenge-YAML. Zonke izinsiza ku-Kubernetes, ezihlanganisa ama-pods, ukuhlela, izimo ezisetshenzisiwe, amavolumu, njll., zingachazwa kalula kufayela le-YAML. Ngokwesibonelo:
apiVersion: v1
kind: Pod
metadata:
name: site
labels:
app: web
spec:
containers:
- name: front-end
image: nginx
ports:
- containerPort: 80
Lokhu kubuka kwenza kube lula kuchwepheshe be-DevOps noma be-SRE ukuthi baveze ngokugcwele umthwalo wabo wokusebenza ngaphandle kokuthi babhale ikhodi ngezilimi ezifana ne-Python noma i-Javascript.
Ezinye izinzuzo zokuhlela ingqalasizinda njengedatha ihlanganisa:
- I-GitOps noma i-Git Operations Version Control. Le ndlela ikuvumela ukuthi ugcine wonke amafayela e-Kubernetes YAML kumakhosombe e-git, ukuze ukwazi ukulandelela ngqo ukuthi lwenziwa nini ushintsho, ubani olwenzile, nokuthi yini ngempela eshintshile. Lokhu kukhulisa ukusebenza obala kwenhlangano kuyo yonke inhlangano futhi kuthuthukisa ukusebenza kahle ngokususa ukungaqondakali, ikakhulukazi lapho abasebenzi kufanele babheke izinsiza abazidingayo. Ngesikhathi esifanayo, kuba lula ukwenza izinguquko ngokuzenzakalelayo kuzinsiza ze-Kubernetes ngokumane uhlanganise isicelo sokudonsa.
- I-Scalability. Uma izinsiza zichazwa njenge-YAML, kuba lula kakhulu kuma-opharetha weqoqo ukushintsha inombolo eyodwa noma ezimbili kusisetshenziswa se-Kubernetes, ngaleyo ndlela kushintshe ukuthi sikala kanjani. I-Kubernetes inikeza indlela yokulinganisa okuzenzakalelayo kwama-pods, engasetshenziswa ukuze kutholakale kalula ukuthi ingakanani inani elincane kanye nenani eliphakeme lama-pods adingekayo ekucushweni okuthile ukuze kusingathwe amazinga aphansi naphezulu wethrafikhi. Isibonelo, uma usebenzise ukucushwa okudinga umthamo owengeziwe ngenxa yokwenyuka okungazelelwe kwethrafikhi, khona-ke i-maxReplicas ingashintshwa isuke ku-10 iye ku-20:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: myapp
namespace: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp-deployment
minReplicas: 1
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
- Ukuphepha nokuphatha. I-YAML inhle ekuhloleni ukuthi izinto zisetshenziswa kanjani e-Kubernetes. Isibonelo, ukukhathazeka okukhulu kwezokuvikela kumayelana nokuthi umsebenzi wakho uyasebenza yini njengomsebenzisi ongeyena umphathi. Kulokhu, singase sidinge amathuluzi afana
umbango , isiqinisekisi se-YAML/JSON, kanyeVula Umenzeli Wenqubomgomo , isiqinisekisi senqubomgomo sokuqinisekisa ukuthi umongoSecurityContext umthwalo wakho wokusebenza awukuvumeli isiqukathi ukuthi sisebenze namalungelo omlawuli. Uma lokhu kudingekile, abasebenzisi bangasebenzisa inqubomgomo elularego , kanje:
package main
deny[msg] {
input.kind = "Deployment"
not input.spec.template.spec.securityContext.runAsNonRoot = true
msg = "Containers must not run as root"
}
- Izinketho zokuhlanganiswa nomhlinzeki wamafu. Enye yezitayela eziphawuleka kakhulu kubuchwepheshe obuphezulu banamuhla ukusebenzisa imithwalo yemisebenzi kubahlinzeki bamafu bomphakathi. Ukusebenzisa isakhi
umhlinzeki wamafu I-Kubernetes ivumela noma iyiphi iqoqo ukuthi ihlanganiswe nomhlinzeki wamafu esebenza kuyo. Isibonelo, uma umsebenzisi asebenzisa uhlelo ku-Kubernetes ku-AWS futhi efuna ukuveza lolo hlelo lokusebenza ngesevisi, umhlinzeki wamafu usiza ukudala isevisi ngokuzenzakalelayo.LoadBalancer
okuzohlinzeka ngokuzenzakalelayo isilinganisi somthwaloI-Amazon Elastic Load Balancer ukuqondisa kabusha ithrafikhi kuma-pods ohlelo.
Ukunwetshwa
I-Kubernetes inwebeka kakhulu futhi abathuthukisi bayayithanda. Kukhona isethi yezinsiza ezitholakalayo njengama-pods, ukuthunyelwa, StatefulSets
, izimfihlo, ConfigMaps
, njll. Yiqiniso, abasebenzisi nabathuthukisi bangangeza ezinye izinsiza efomini
Isibonelo, uma sifuna ukuchaza insiza CronTab
, khona-ke ungenza okuthile okufana nalokhu:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: crontabs.my.org
spec:
group: my.org
versions:
- name: v1
served: true
storage: true
Schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
cronSpec:
type: string
pattern: '^(d+|*)(/d+)?(s+(d+|*)(/d+)?){4}$'
replicas:
type: integer
minimum: 1
maximum: 10
scope: Namespaced
names:
plural: crontabs
singular: crontab
kind: CronTab
shortNames:
- ct
Kamuva singakha insiza ye-CronTab into efana nale:
apiVersion: "my.org/v1"
kind: CronTab
metadata:
name: my-cron-object
spec:
cronSpec: "* * * * */5"
image: my-cron-image
replicas: 5
Enye inketho yokwandiswa ku-Kubernetes ukuthi umthuthukisi angakwazi ukubhala izitatimende zakhe.
Kunamathuluzi amaningana emphakathini akwenza kube lula konjiniyela ukuthi bakhe ama-opharetha abo. Phakathi kwazo -
$ operator-sdk new my-operator --repo github.com/myuser/my-operator
Lokhu kudala yonke ikhodi ye-boilerplate ka-opharetha wakho, okuhlanganisa amafayela e-YAML nekhodi ye-Golang:
.
|____cmd
| |____manager
| | |____main.go
|____go.mod
|____deploy
| |____role.yaml
| |____role_binding.yaml
| |____service_account.yaml
| |____operator.yaml
|____tools.go
|____go.sum
|____.gitignore
|____version
| |____version.go
|____build
| |____bin
| | |____user_setup
| | |____entrypoint
| |____Dockerfile
|____pkg
| |____apis
| | |____apis.go
| |____controller
| | |____controller.go
Bese ungangeza ama-API nesilawuli esidingekayo, kanje:
$ operator-sdk add api --api-version=myapp.com/v1alpha1 --kind=MyAppService
$ operator-sdk add controller --api-version=myapp.com/v1alpha1 --kind=MyAppService
Bese, ekugcineni, hlanganisa opharetha bese uyithumela kurejista yesiqukathi sakho:
$ operator-sdk build your.container.registry/youruser/myapp-operator
Uma unjiniyela efuna ukulawula okwengeziwe, ikhodi ye-boilerplate kumafayela e-Go ingashintshwa. Isibonelo, ukuze uguqule imininingwane yesilawuli, ungenza izinguquko kufayela controller.go
.
Enye iphrojekthi
$ kubectl kudo install zookeeper
$ kubectl kudo install kafka
Bese uyilungiselela ngomunye umyalo:
$ kubectl kudo install kafka --instance=my-kafka-name
-p ZOOKEEPER_URI=zk-zookeeper-0.zk-hs:2181
-p ZOOKEEPER_PATH=/my-path -p BROKER_CPUS=3000m
-p BROKER_COUNT=5 -p BROKER_MEM=4096m
-p DISK_SIZE=40Gi -p MIN_INSYNC_REPLICAS=3
-p NUM_NETWORK_THREADS=10 -p NUM_IO_THREADS=20
Ukusungula
Eminyakeni embalwa edlule, ukukhishwa okukhulu kwe-Kubernetes bekuphuma njalo ezinyangeni ezimbalwa - okungukuthi, ukukhishwa okukhulu okuthathu kuya kwezine ngonyaka. Inani lezici ezintsha ezethulwe kuzo zonke azinciphi. Ngaphezu kwalokho, azikho izimpawu zokwehla ijubane ngisho nakulezi zikhathi ezinzima - bheka ukuthi isimo sinjani manje
Amakhono amasha akuvumela ukuthi uhlanganise imisebenzi evumelana nezimo kuwo wonke umsebenzi ohlukahlukene. Ngaphezu kwalokho, abahleli bezinhlelo bajabulela ukulawula okukhulu lapho bethumela izinhlelo zokusebenza ngokuqondile ekukhiqizeni.
Umphakathi
Esinye isici esikhulu sokuthandwa kukaKubernetes amandla omphakathi wawo. Ngo-2015, lapho ifinyelela inguqulo 1.0, i-Kubernetes yaxhaswa yi-
Kukhona nemiphakathi eyahlukene
I-Cloud Native Foundation iphinde isingathe i-CloudNativeCon/KubeCon, okuthi, ngesikhathi sokubhala, kube ingqungquthela enkulu kunazo zonke yomthombo ovulekile emhlabeni. Ivamise ukubanjwa kathathu ngonyaka, ihlanganisa izinkulungwane zochwepheshe abafuna ukuthuthukisa i-Kubernetes ne-ecosystem yayo, kanye nokufunda izici ezintsha ezivela njalo ezinyangeni ezintathu.
Ngaphezu kwalokho, i-Cloud Native Foundation ine
Okokugcina, ngikholelwa ukuthi u-Kubernetes ngeke aphumelele njengoba kwenzeka ngaphandle kwemizamo eqotho yomphakathi wonke, lapho abantu benamathelana kodwa ngesikhathi esifanayo bamukele abasanda kungena emhlambini.
Ikusasa
Enye yezinselelo ezinkulu abathuthukisi okuzodingeka babhekane nazo esikhathini esizayo yikhono lokugxila emininingwaneni yekhodi ngokwayo, hhayi nengqalasizinda esebenza kuyo. Ihlangabezana nalezi zindlela
Kulesi sihloko, siklwebhele kuphela ingaphezulu lesimo samanje sase-Kubernetes—eqinisweni, kumane kuyisihloko nje seqhwa. Abasebenzisi be-Kubernetes banezinye izinsiza eziningi, amakhono, nokucushwa abanakho.
Source: www.habr.com