Sawubona Habr!
Ekupheleni kwehlobo, sifuna ukukukhumbuza ukuthi siyaqhubeka nokusebenza ngesihloko futhi yanquma ukushicilela i-athikili evela ku-Stackoverflow ebonisa isimo sezindaba kule phrojekthi ekuqaleni kukaJuni.
Jabulela ukufunda!
Ngesikhathi sokubhala lesi sihloko, iminyaka kaKubernetes isicishe ibe. , futhi kule minyaka emibili edlule ukuthandwa kwayo kukhule kakhulu kangangokuthi ihlezi ibalwa phakathi amapulatifomu. UKubernetes ukleliswe endaweni yesithathu kulo nyaka. Ukuphindaphinda: I-Kubernetes iyinkundla eklanyelwe ukusebenzisa nokuhlela imithwalo yemisebenzi efakwe esitsheni.
Iziqukathi zaqala njengomklamo okhethekile wokuhlukanisa izinqubo ku-Linux; iziqukathi zifakiwe kusukela ngo-2007 , futhi kusukela ngo-2002 - izikhala zamagama. Iziqukathi zakhiwe kangcono nakakhulu ngo-2008, lapho sezitholakala , futhi i-Google ithuthukise indlela yayo yangaphakathi yenkampani ebizwa ngokuthi , lapho “wonke umsebenzi wenziwa ezitsheni.” Kusukela lapha siyashesha ukuya ku-2013, lapho ukukhululwa kokuqala kwe-Docker kwenzeka, futhi iziqukathi ekugcineni zaba yisixazululo esithandwayo. Ngaleso sikhathi, ithuluzi eliyinhloko le-orchestration ye-container kwaba , nakuba ayengadumile. I-Kubernetes yakhululwa okokuqala ngo-2015, okwathi ngemva kwalokho leli thuluzi laba indinganiso ye-de facto emkhakheni we-container orchestration.
Ukuzama ukuqonda ukuthi kungani uKubernetes ethandwa kangaka, ake sizame ukuphendula imibuzo embalwa. Kunini lapho onjiniyela begcine khona ukuvumelana ngokuthi bangathumela kanjani izinhlelo zokusebenza ekukhiqizeni? Bangaki onjiniyela obaziyo abasebenzisa amathuluzi njengoba enikezwa ngaphandle kwebhokisi? Bangaki abaphathi bamafu namuhla abangaqondi ukuthi izinhlelo zokusebenza zisebenza kanjani? Sizobheka izimpendulo zale mibuzo kulesi sihloko.
Ingqalasizinda njenge-YAML
Emhlabeni osuke kuPuppet noChef waya ku-Kubernetes, olunye lwezinguquko ezinkulu kwaba ukusuka “kungqalasizinda njengekhodi” kuya “kwingqalasizinda njengedatha”—ikakhulukazi, njenge-YAML. Zonke izinsiza ku-Kubernetes, ezihlanganisa ama-pods, ukuhlela, izimo ezisetshenzisiwe, amavolumu, njll., zingachazwa kalula kufayela le-YAML. Ngokwesibonelo:
apiVersion: v1
kind: Pod
metadata:
name: site
labels:
app: web
spec:
containers:
- name: front-end
image: nginx
ports:
- containerPort: 80Lokhu kubuka kwenza kube lula kuchwepheshe be-DevOps noma be-SRE ukuthi baveze ngokugcwele umthwalo wabo wokusebenza ngaphandle kokuthi babhale ikhodi ngezilimi ezifana ne-Python noma i-Javascript.
Ezinye izinzuzo zokuhlela ingqalasizinda njengedatha ihlanganisa:
- I-GitOps noma i-Git Operations Version Control. Le ndlela ikuvumela ukuthi ugcine wonke amafayela e-Kubernetes YAML kumakhosombe e-git, ukuze ukwazi ukulandelela ngqo ukuthi lwenziwa nini ushintsho, ubani olwenzile, nokuthi yini ngempela eshintshile. Lokhu kukhulisa ukusebenza obala kwenhlangano kuyo yonke inhlangano futhi kuthuthukisa ukusebenza kahle ngokususa ukungaqondakali, ikakhulukazi lapho abasebenzi kufanele babheke izinsiza abazidingayo. Ngesikhathi esifanayo, kuba lula ukwenza izinguquko ngokuzenzakalelayo kuzinsiza ze-Kubernetes ngokumane uhlanganise isicelo sokudonsa.
- I-Scalability. Uma izinsiza zichazwa njenge-YAML, kuba lula kakhulu kuma-opharetha weqoqo ukushintsha inombolo eyodwa noma ezimbili kusisetshenziswa se-Kubernetes, ngaleyo ndlela kushintshe ukuthi sikala kanjani. I-Kubernetes inikeza indlela yokulinganisa okuzenzakalelayo kwama-pods, engasetshenziswa ukuze kutholakale kalula ukuthi ingakanani inani elincane kanye nenani eliphakeme lama-pods adingekayo ekucushweni okuthile ukuze kusingathwe amazinga aphansi naphezulu wethrafikhi. Isibonelo, uma usebenzise ukucushwa okudinga umthamo owengeziwe ngenxa yokwenyuka okungazelelwe kwethrafikhi, khona-ke i-maxReplicas ingashintshwa isuke ku-10 iye ku-20:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: myapp
namespace: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp-deployment
minReplicas: 1
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50- Ukuphepha nokuphatha. I-YAML inhle ekuhloleni ukuthi izinto zisetshenziswa kanjani e-Kubernetes. Isibonelo, ukukhathazeka okukhulu kwezokuvikela kumayelana nokuthi umsebenzi wakho uyasebenza yini njengomsebenzisi ongeyena umphathi. Kulokhu, singase sidinge amathuluzi afana , isiqinisekisi se-YAML/JSON, kanye , isiqinisekisi senqubomgomo sokuqinisekisa ukuthi umongo umthwalo wakho wokusebenza awukuvumeli isiqukathi ukuthi sisebenze namalungelo omlawuli. Uma lokhu kudingekile, abasebenzisi bangasebenzisa inqubomgomo elula , kanje:
package main
deny[msg] {
input.kind = "Deployment"
not input.spec.template.spec.securityContext.runAsNonRoot = true
msg = "Containers must not run as root"
}- Izinketho zokuhlanganiswa nomhlinzeki wamafu. Enye yezitayela eziphawuleka kakhulu kubuchwepheshe obuphezulu banamuhla ukusebenzisa imithwalo yemisebenzi kubahlinzeki bamafu bomphakathi. Ukusebenzisa isakhi I-Kubernetes ivumela noma iyiphi iqoqo ukuthi ihlanganiswe nomhlinzeki wamafu esebenza kuyo. Isibonelo, uma umsebenzisi asebenzisa uhlelo ku-Kubernetes ku-AWS futhi efuna ukuveza lolo hlelo lokusebenza ngesevisi, umhlinzeki wamafu usiza ukudala isevisi ngokuzenzakalelayo.
LoadBalancerokuzohlinzeka ngokuzenzakalelayo isilinganisi somthwalo ukuqondisa kabusha ithrafikhi kuma-pods ohlelo.
Ukunwetshwa
I-Kubernetes inwebeka kakhulu futhi abathuthukisi bayayithanda. Kukhona isethi yezinsiza ezitholakalayo njengama-pods, ukuthunyelwa, StatefulSets, izimfihlo, ConfigMaps, njll. Yiqiniso, abasebenzisi nabathuthukisi bangangeza ezinye izinsiza efomini .
Isibonelo, uma sifuna ukuchaza insiza CronTab, khona-ke ungenza okuthile okufana nalokhu:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: crontabs.my.org
spec:
group: my.org
versions:
- name: v1
served: true
storage: true
Schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
cronSpec:
type: string
pattern: '^(d+|*)(/d+)?(s+(d+|*)(/d+)?){4}$'
replicas:
type: integer
minimum: 1
maximum: 10
scope: Namespaced
names:
plural: crontabs
singular: crontab
kind: CronTab
shortNames:
- ct
Kamuva singakha insiza ye-CronTab into efana nale:
apiVersion: "my.org/v1"
kind: CronTab
metadata:
name: my-cron-object
spec:
cronSpec: "* * * * */5"
image: my-cron-image
replicas: 5
Enye inketho yokwandiswa ku-Kubernetes ukuthi umthuthukisi angakwazi ukubhala izitatimende zakhe. kuyinqubo ekhethekile ku-Kubernetes cluster esebenza ngokuvumelana ne-“" Ngosizo lomsebenzisi, umsebenzisi angakwazi ukwenza ngokuzenzakalelayo ukuphathwa kwama-CRD (izincazelo zensiza yangokwezifiso) ngokushintshisana ngolwazi ne-Kubernetes API.
Kunamathuluzi amaningana emphakathini akwenza kube lula konjiniyela ukuthi bakhe ama-opharetha abo. Phakathi kwazo - kanye neyakhe . Le SDK ihlinzeka ngesisekelo lapho unjiniyela angaqala ngokushesha ukudala u-opharetha. Ake sithi ungaqala kulayini womyalo into enjengale:
$ operator-sdk new my-operator --repo github.com/myuser/my-operatorLokhu kudala yonke ikhodi ye-boilerplate ka-opharetha wakho, okuhlanganisa amafayela e-YAML nekhodi ye-Golang:
.
|____cmd
| |____manager
| | |____main.go
|____go.mod
|____deploy
| |____role.yaml
| |____role_binding.yaml
| |____service_account.yaml
| |____operator.yaml
|____tools.go
|____go.sum
|____.gitignore
|____version
| |____version.go
|____build
| |____bin
| | |____user_setup
| | |____entrypoint
| |____Dockerfile
|____pkg
| |____apis
| | |____apis.go
| |____controller
| | |____controller.goBese ungangeza ama-API nesilawuli esidingekayo, kanje:
$ operator-sdk add api --api-version=myapp.com/v1alpha1 --kind=MyAppService
$ operator-sdk add controller --api-version=myapp.com/v1alpha1 --kind=MyAppServiceBese, ekugcineni, hlanganisa opharetha bese uyithumela kurejista yesiqukathi sakho:
$ operator-sdk build your.container.registry/youruser/myapp-operator
Uma unjiniyela efuna ukulawula okwengeziwe, ikhodi ye-boilerplate kumafayela e-Go ingashintshwa. Isibonelo, ukuze uguqule imininingwane yesilawuli, ungenza izinguquko kufayela controller.go.
Enye iphrojekthi , ikuvumela ukuthi udale izitatimende usebenzisa amafayela e-YAML esimemezelo kuphela. Isibonelo, i-opharetha ye-Apache Kafka izochazwa cishe . Ngayo, ungafaka iqoqo le-Kafka phezulu kwe-Kubernetes ngemiyalo embalwa nje:
$ kubectl kudo install zookeeper
$ kubectl kudo install kafkaBese uyilungiselela ngomunye umyalo:
$ kubectl kudo install kafka --instance=my-kafka-name
-p ZOOKEEPER_URI=zk-zookeeper-0.zk-hs:2181
-p ZOOKEEPER_PATH=/my-path -p BROKER_CPUS=3000m
-p BROKER_COUNT=5 -p BROKER_MEM=4096m
-p DISK_SIZE=40Gi -p MIN_INSYNC_REPLICAS=3
-p NUM_NETWORK_THREADS=10 -p NUM_IO_THREADS=20
Ukusungula
Eminyakeni embalwa edlule, ukukhishwa okukhulu kwe-Kubernetes bekuphuma njalo ezinyangeni ezimbalwa - okungukuthi, ukukhishwa okukhulu okuthathu kuya kwezine ngonyaka. Inani lezici ezintsha ezethulwe kuzo zonke azinciphi. Ngaphezu kwalokho, azikho izimpawu zokwehla ijubane ngisho nakulezi zikhathi ezinzima - bheka ukuthi isimo sinjani manje .
Amakhono amasha akuvumela ukuthi uhlanganise imisebenzi evumelana nezimo kuwo wonke umsebenzi ohlukahlukene. Ngaphezu kwalokho, abahleli bezinhlelo bajabulela ukulawula okukhulu lapho bethumela izinhlelo zokusebenza ngokuqondile ekukhiqizeni.
Umphakathi
Esinye isici esikhulu sokuthandwa kukaKubernetes amandla omphakathi wawo. Ngo-2015, lapho ifinyelela inguqulo 1.0, i-Kubernetes yaxhaswa yi- .
Kukhona nemiphakathi eyahlukene (Amaqembu Anentshisekelo Ekhethekile) agxile ekusebenzeni ezindaweni ezahlukahlukene zase-Kubernetes njengoba iphrojekthi ithuthuka. Lawa maqembu ahlala engeza izici ezintsha, okwenza ukusebenza ne-Kubernetes kube lula futhi kube lula.
I-Cloud Native Foundation iphinde isingathe i-CloudNativeCon/KubeCon, okuthi, ngesikhathi sokubhala, kube ingqungquthela enkulu kunazo zonke yomthombo ovulekile emhlabeni. Ivamise ukubanjwa kathathu ngonyaka, ihlanganisa izinkulungwane zochwepheshe abafuna ukuthuthukisa i-Kubernetes ne-ecosystem yayo, kanye nokufunda izici ezintsha ezivela njalo ezinyangeni ezintathu.
Ngaphezu kwalokho, i-Cloud Native Foundation ine , okuthi, kanye nama-SIG, kubuyekezwe okusha nakhona izimali ezigxile ku-ecosystem yamafu. Iningi lala maphrojekthi lisiza ukuthuthukisa amandla e-Kubernetes.
Okokugcina, ngikholelwa ukuthi u-Kubernetes ngeke aphumelele njengoba kwenzeka ngaphandle kwemizamo eqotho yomphakathi wonke, lapho abantu benamathelana kodwa ngesikhathi esifanayo bamukele abasanda kungena emhlambini.
Ikusasa
Enye yezinselelo ezinkulu abathuthukisi okuzodingeka babhekane nazo esikhathini esizayo yikhono lokugxila emininingwaneni yekhodi ngokwayo, hhayi nengqalasizinda esebenza kuyo. Ihlangabezana nalezi zindlela , okungenye ehamba phambili namuhla. Izinhlaka ezithuthukile sezivele zikhona, isb. и , ezisebenzisa i-Kubernetes ukuze ikhiphe ingqalasizinda kunjiniyela.
Kulesi sihloko, siklwebhele kuphela ingaphezulu lesimo samanje sase-Kubernetes—eqinisweni, kumane kuyisihloko nje seqhwa. Abasebenzisi be-Kubernetes banezinye izinsiza eziningi, amakhono, nokucushwa abanakho.
Source: www.habr.com