I-ProHoster > Блог > Ukuphatha > Izithombe ezilungele ukukhiqizwa zama-k8s

Izithombe ezilungele ukukhiqizwa zama-k8s

Le ndaba imayelana nendlela esisebenzisa ngayo iziqukathi endaweni yokukhiqiza, ikakhulukazi i-Kubernetes. I-athikili igxile ekuqoqeni amamethrikhi namalogi kusukela ezitsheni, kanye nokwakha izithombe.

Izithombe ezilungele ukukhiqizwa zama-k8s

Sivela enkampanini ye-fintech i-Exness, ethuthukisa izinsizakalo zokuhweba nge-inthanethi kanye nemikhiqizo ye-fintech ye-B2B ne-B2C. I-R&D yethu inamaqembu amaningi ahlukene, umnyango wezokuthuthukiswa unabasebenzi abayi-100+.

Simele ithimba elinesibopho senkundla ukuze onjiniyela bethu baqoqe futhi basebenzise ikhodi. Ikakhulukazi, sinesibopho sokuqoqa, ukugcina kanye nokubika amamethrikhi, amalogi, nemicimbi evela ezinhlelweni zokusebenza. Njengamanje sisebenzisa iziqukathi ze-Docker ezicishe zibe izinkulungwane ezintathu endaweni yokukhiqiza, sigcina isitoreji sethu sedatha esikhulu esingu-50 TB, futhi sinikeza izixazululo zezakhiwo ezakhiwe eduze kwengqalasizinda yethu: I-Kubernetes, i-Rancher, nabahlinzeki bamafu abahlukahlukene bomphakathi. 

Ugqozi lwethu

Yini eshisayo? Akekho ongaphendula. Likuphi iziko? Kunzima ukuqonda. Iqale nini umlilo? Ungathola, kodwa hhayi ngokushesha. 

Izithombe ezilungele ukukhiqizwa zama-k8s

Kungani ezinye iziqukathi zimile kuyilapho ezinye ziwile? Isiphi isiqukathi esasinecala? Phela ingaphandle lezitsha ziyafana, kodwa ngaphakathi ngayinye ineNeo yayo.

Izithombe ezilungele ukukhiqizwa zama-k8s

Onjiniyela bethu abafana abanekhono. Benza izinsizakalo ezinhle eziletha inzuzo enkampanini. Kodwa kuba khona ukwehluleka uma iziqukathi ezinezicelo ziduka. Isitsha esisodwa sisebenzisa i-CPU eningi, esinye sisebenzisa inethiwekhi, esesithathu sisebenzisa imisebenzi ye-I/O, kanti esesine akucaci kahle ukuthi senzani ngamasokhethi. Kuyawa wonke umkhumbi uyacwila. 

Ama-ejenti

Ukuze siqonde ukuthi kwenzekani ngaphakathi, sinqume ukubeka ama-agent ngqo ezitsheni.

Izithombe ezilungele ukukhiqizwa zama-k8s

Lawa ma-ejenti ayizinhlelo ezivimbayo ezigcina ama-container esesimweni sokuthi angaphuli. Ama-ejenti ajwayelekile, futhi lokhu kuvumela indlela esezingeni lokusevisa iziqukathi. 

Esimeni sethu, ama-ejenti kufanele anikeze amalogi ngefomethi evamile, amakiwe futhi agxiliwe. Kufanele futhi basinikeze ngamamethrikhi amisiwe anndiswayo ngokombono wesicelo sebhizinisi.

Ama-ejenti aphinde asho izinsiza zokusebenza nokunakekela ezingasebenza kumasistimu e-orchestration ahlukene asekela izithombe ezihlukene (i-Debian, Alpine, Centos, njll.).

Okokugcina, ama-ejenti kufanele asekele i-CI/CD elula ehlanganisa amafayela e-Docker. Uma kungenjalo, umkhumbi uzohlukana, ngoba iziqukathi zizoqala ukuhanjiswa ngomzila "ogwetshiwe".

Yakha inqubo futhi uqondise idivayisi yesithombe

Ukugcina yonke into isezingeni futhi ilawuleka, uhlobo oluthile lwenqubo yokwakha ejwayelekile idinga ukulandelwa. Ngakho-ke, sinqume ukuqoqa iziqukathi ngeziqukathi - lokhu ukuphindaphinda.

Izithombe ezilungele ukukhiqizwa zama-k8s

Lapha iziqukathi zimelelwe uhlaka oluqinile. Ngesikhathi esifanayo, banquma ukufaka izinto zokusabalalisa kuzo ukuze “ukuphila kungabonakali njengamajikijolo.” Kungani lokhu kwenziwa, sizochaza ngezansi.
 
Umphumela uyithuluzi lokwakha—isiqukathi esiqondene nenguqulo esikhomba izinguqulo ezithile zokusabalalisa nezinguqulo ezithile zombhalo.

Siyisebenzisa kanjani? Sine-Docker Hub equkethe isiqukathi. Silingisa ngaphakathi kwesistimu yethu ukuze sisuse ukuncika kwangaphandle. Umphumela uba isiqukathi esimakwe ngokuphuzi. Sakha isifanekiso ukuze sifake konke ukusatshalaliswa kanye nemibhalo esiyidingayo esitsheni. Ngemuva kwalokho, sihlanganisa isithombe esilungele ukusetshenziswa: abathuthukisi bafaka ikhodi nokunye okuncike kubo okukhethekile kukho. 

Yini enhle ngale ndlela? 

  • Okokuqala, ukulawulwa kwenguqulo egcwele yamathuluzi okwakha - isitsha sokwakha, izinguqulo zeskripthi nezinguqulo zokusabalalisa. 
  • Okwesibili, sizuze ukulinganisa: sakha izifanekiso, isithombe esimaphakathi nesilungele ukusetshenziswa ngendlela efanayo. 
  • Okwesithathu, iziqukathi zisinika ukuphatheka. Namuhla sisebenzisa i-Gitlab, futhi kusasa sizoshintshela ku-TeamCity noma ku-Jenkins futhi sizokwazi ukusebenzisa iziqukathi zethu ngendlela efanayo. 
  • Okwesine, ukunciphisa ukuncika. Akubanga nje ukuqondana ukuthi sibeke amakhithi okusabalalisa esitsheni, ngoba lokhu kusivumela ukuthi sigweme ukuwalanda ku-inthanethi ngaso sonke isikhathi. 
  • Okwesihlanu, isivinini sokwakha sinyukile - ukuba khona kwamakhophi wendawo wezithombe kukuvumela ukuthi ugweme ukuchitha isikhathi ekulandeni, njengoba kunesithombe sendawo. 

Ngamanye amazwi, sizuze inqubo yokuhlanganisa elawulwayo nevumelana nezimo. Sisebenzisa amathuluzi afanayo ukwakha noma yiziphi iziqukathi ezinenguqulo ephelele. 

Isebenza kanjani inqubo yethu yokwakha

Izithombe ezilungele ukukhiqizwa zama-k8s

Umhlangano wethulwa ngomyalo owodwa, inqubo yenziwa esithombeni (eqokonyiswe ngokubomvu). Umthuthukisi unefayela le-Docker (eligqanyiswe ngokuphuzi), siyalinikeza, sishintsha okuguquguqukayo ngamavelu. Futhi endleleni singeza izihloko nonyaweni - lawa ama-ejenti ethu. 

Unhlokweni wengeza ukusatshalaliswa okuvela ezithombeni ezihambisanayo. Futhi unyaweni ufaka amasevisi ethu ngaphakathi, ulungise ukwethulwa komsebenzi, ukugawulwa kwemithi namanye ama-ejenti, umiselela indawo yokungena, njll. 

Izithombe ezilungele ukukhiqizwa zama-k8s

Sacabanga isikhathi eside ukuthi sifake umphathi. Ekugcineni, sanquma ukuthi siyamdinga. Sakhetha i-S6. Umphathi uhlinzeka ngokuphathwa kwesiqukathi: ikuvumela ukuthi uxhume kukho uma inqubo eyinhloko iphahlazeka futhi inikeze ngokuphathwa ngesandla kwesiqukathi ngaphandle kokusidala kabusha. Amalogi namamethrikhi yizinqubo ezisebenza ngaphakathi kwesiqukathi. Kudingeka futhi zilawulwe ngandlela thize, futhi lokhu sikwenza ngosizo lomphathi. Ekugcineni, i-S6 inakekela ukugcinwa kwendlu, ukucubungula amasignali neminye imisebenzi.

Njengoba sisebenzisa izinhlelo ezihlukene zokucula, ngemva kokwakha nokusebenza, isiqukathi kufanele siqonde ukuthi ikuphi indawo esikuyo futhi senze ngokuvumelana nesimo. Ngokwesibonelo:
Lokhu kusivumela ukuthi sakhe isithombe esisodwa futhi sisiqhube kumasistimu e-orchestration ahlukene, futhi sizokwethulwa kucatshangelwa imininingwane yalolu hlelo lokucula.

 Izithombe ezilungele ukukhiqizwa zama-k8s

Esitsheni esifanayo sithola izihlahla zezinqubo ezihlukene e-Docker nase-Kubernetes:

Izithombe ezilungele ukukhiqizwa zama-k8s

Umthwalo okhokhelwayo wenziwa ngaphansi kokugadwa kwe-S6. Naka abaqoqi kanye nemicimbi - laba abenzeli bethu abanomthwalo wemfanelo kumalogi namamethrikhi. UKubernetes akanazo, kodwa u-Docker unazo. Kungani? 

Uma sibheka ukucaciswa kwe "pod" (ngemuva kwalokhu - i-Kubernetes pod), sizobona ukuthi isitsha semicimbi sibulawa ku-pod, esinesitsha esihlukile somqoqi esenza umsebenzi wokuqoqa amamethrikhi namalogi. Singasebenzisa amakhono e-Kubernetes: ukusebenzisa iziqukathi ku-pod eyodwa, ngenqubo eyodwa kanye/noma isikhala senethiwekhi. Empeleni yethula ama-agent akho futhi wenze imisebenzi ethile. Futhi uma isitsha esifanayo sethulwa ku-Docker, sizothola wonke amandla afanayo nokuphumayo, okungukuthi, sizokwazi ukuletha amalogi namamethrikhi, njengoba ama-ejenti azokwethulwa ngaphakathi. 

Amamethrikhi namalogi

Ukuletha amamethrikhi namalogi kuwumsebenzi onzima. Kunezici eziningana esinqumweni sakhe.
Ingqalasizinda yenzelwe ukwenziwa komthwalo okhokhelwayo, hhayi ukulethwa kwenqwaba yamalogi. Okusho ukuthi, le nqubo kufanele yenziwe ngezidingo ezincane zezinsiza zeziqukathi. Silwela ukusiza abathuthukisi bethu: “Thola isiqukathi se-Docker Hub, sisebenzise, ​​futhi singaletha amalogi.” 

Isici sesibili sikhawulela umthamo wamalogi. Uma ukwanda kwevolumu yamalogi kwenzeka ezitsheni ezimbalwa (uhlelo lokusebenza lubonisa ukulandelela isitaki ku-loop), umthwalo ku-CPU, iziteshi zokuxhumana, nohlelo lokucubungula amalogi, futhi lokhu kuthinta ukusebenza komsingathi njenge- yonke kanye nezinye iziqukathi kumsingathi, kwesinye isikhathi lokhu kuholela "ekuwa" komsingathi. 

Isici sesithathu siwukuthi kuyadingeka ukusekela izindlela eziningi zokuqoqa amamethrikhi ngangokunokwenzeka ngaphandle kwebhokisi. Ukusuka kokufunda amafayela nokuvota kwe-Prometheus-endpoint kuya ekusebenziseni izivumelwano ezithile zohlelo lokusebenza.

Futhi isici sokugcina siwukunciphisa ukusetshenziswa kwezinsiza.

Sikhethe isisombululo se-Go esivulekile esibizwa nge-Telegraf. Lesi isixhumi sendawo yonke esisekela izinhlobo ezingaphezu kuka-140 zamashaneli okokufaka (ama-plugin okokufaka) nezinhlobo ezingu-30 zamashaneli okukhiphayo (ama-plugin okukhiphayo). Sikuphothulile futhi manje sizokutshela ukuthi siyisebenzisa kanjani sisebenzisa i-Kubernetes njengesibonelo. 

Izithombe ezilungele ukukhiqizwa zama-k8s

Ake sithi unjiniyela uthumela umsebenzi futhi u-Kubernetes athole isicelo sokwenza i-pod. Kuleli qophelo, isiqukathi esibizwa ngokuthi Umqoqi sidalelwa ngokuzenzakalelayo i-pod ngayinye (sisebenzisa i-mutation webhook). Umqoqi yi-ejenti yethu. Ekuqaleni, lesi sitsha sizilungiselela ukuthi sisebenze ne-Prometheus kanye nesistimu yokuqoqwa kwelogi.

  • Ukwenza lokhu, isebenzisa izichasiselo ze-pod, futhi kuye ngokuqukethwe kwayo, idala, ithi, iphuzu lokugcina le-Prometheus; 
  • Ngokusekelwe ekucacisweni kwe-pod kanye nezilungiselelo ezithile zesiqukathi, inquma ukuthi iwaletha kanjani amalogi.

Siqoqa amalogi nge-Docker API: abathuthukisi badinga nje ukuwafaka ku-stdout noma ku-stderr, futhi uMqoqi uzokulungisa. Amalogi aqoqwa abe yizingxenyana ngokubambezeleka okuthile ukuze kuvinjelwe ukugcwala komsingathi okungaba khona. 

Amamethrikhi aqoqwa kuzo zonke izimo zomthwalo wokusebenza (izinqubo) ezitsheni. Yonke into imakiwe: i-namespace, ngaphansi, njalonjalo, bese iguqulelwa kufomethi ye-Prometheus - futhi itholakalela ukuqoqwa (ngaphandle kwamalogi). Siphinde sithumele amalogi, amamethrikhi nemicimbi e-Kafka nokunye:

  • Amalogi ayatholakala nge-Greylog (ukuhlaziya okubukwayo);
  • Amalogi, amamethrikhi, imicimbi ithunyelwa ku-Clickhouse ukuze igcinwe isikhathi eside.

Yonke into isebenza ngendlela efanayo ku-AWS, kuphela esifaka i-Greylog nge-Kafka nge-Cloudwatch. Sithumela izingodo lapho, futhi yonke into iba lula kakhulu: kuyacaca ngokushesha ukuthi ikuphi iqoqo nesiqukathi okungezakho. Kungokufanayo ku-Google Stackdriver. Okusho ukuthi, uhlelo lwethu lusebenza kokubili endaweni kanye ne-Kafka nasefwini. 

Uma singenayo i-Kubernetes ene-pods, uhlelo luyinkimbinkimbi kancane, kodwa lusebenza ngezimiso ezifanayo.

Izithombe ezilungele ukukhiqizwa zama-k8s

Izinqubo ezifanayo zenziwa ngaphakathi kwesitsha, zihlelwa kusetshenziswa i-S6. Zonke izinqubo ezifanayo ziyasebenza ngaphakathi kwesiqukathi esifanayo.

Ekugcineni

Sidale isixazululo esiphelele sokwakha nokwethula izithombe, ngezinketho zokuqoqa nokuletha amalogi namamethrikhi:

  • Sakhe indlela emisiwe yokuhlanganisa izithombe, futhi ngokusekelwe kuyo sakha izifanekiso ze-CI;
  • Ama-ejenti wokuqoqwa kwedatha izandiso zethu ze-Telegraf. Sazihlola kahle ekukhiqizeni;
  • Sisebenzisa i-mutation webhook ukuze sisebenzise iziqukathi ezinama-ejenti kuma-pods; 
  • Kuhlanganiswe ku-Kubernetes/Rancher ecosystem;
  • Singasebenzisa iziqukathi ezifanayo ezinhlelweni ezihlukene ze-orchestration futhi sithole umphumela esiwulindele;
  • Idale ukucushwa kokuphathwa kwesiqukathi okuguquguqukayo ngokuphelele. 

Omunye umbhali: Ilya Prudnikov

Source: www.habr.com

Engeza amazwana