Ekupheleni kukaMeyi ubambe umhlangano we-inthanethi ngesihloko . Sikhulume ngeziqukathi, i-Kubernetes kanye ne-orchestration ngokomthetho, izindlela zokukhetha ingqalasizinda nokunye okuningi. Abahlanganyeli babelane ngamacala asuka ekusebenzeni kwabo.
Amalungu:
- U-Evgeniy Potapov, i-CEO ye-ITSumma. Ngaphezu kwesigamu samakhasimende ayo avele ahamba noma afuna ukushintshela ku-Kubernetes.
- UDmitry Stolyarov, CTO "Flant". Uneminyaka engu-10+ yesipiliyoni sokusebenza ngamasistimu weziqukathi.
- U-Denis Remchukov (owaziwa nangokuthi u-Eric Oldmann), i-COO argotech.io, owayeyi-RAO UES. Uthembise ukukhuluma ngamacala ebhizinisini “eligcwele igazi”.
- U-Andrey Fedorovsky, CTO "News360.com"Ngemuva kokuthenga inkampani ngomunye umdlali, unesibopho samaphrojekthi nengqalasizinda ye-ML ne-AI.
- U-Ivan Kruglov, unjiniyela wezinhlelo, ex-Booking.com.Umuntu ofanayo owenza okuningi noKubernetes ngezandla zakhe.
Izingqikithi:
- Инсайты участников про контейнеры и оркестрацию (Docker, Kubernetes и прочее); что пробовали на практике или анализировали.
- Icala: Inkampani yakha uhlelo lokuthuthukisa ingqalasizinda iminyaka. Senziwa kanjani isinqumo sokuthi kwakhiwe (noma kuthuthelwe ingqalasizinda yamanje) kuziqukathi kanye ne-Kuber noma cha?
- Izinkinga emhlabeni wamafu, okushodayo, ake sicabange ukuthi kuzokwenzekani kusasa.
Kwalandela ingxoxo ethakazelisayo, imibono yabahlanganyeli yayihluke kakhulu futhi yabangela ukuphawula okuningi kangangokuthi ngifuna ukwabelana nawe ngakho. Yidla , futhi ngezansi isifinyezo sengxoxo.
Ingabe i-Kubernetes isivele iyimakethe evamile noma enhle?
“Sifike kukho (Kubernetes. - Ed.) lapho kungekho muntu owayazi ngakho. Safika kuyena noma engekho. Besiyifuna ngaphambili" - UDmitry Stolyarov
Isithombe esivela ku-Reddit.com
Eminyakeni engu-5-10 edlule kwakukhona inani elikhulu lamathuluzi, futhi kwakungekho indinganiso eyodwa. Njalo ezinyangeni eziyisithupha kuvela umkhiqizo omusha, noma ongaphezu kowodwa. Okokuqala Vagrant, bese kuba uSalt, Chef, Puppet,... “futhi wakha kabusha ingqalasizinda yakho njalo ezinyangeni eziyisithupha. Unabaphathi abahlanu abahlale bematasa bebhala kabusha izilungiselelo,” kukhumbula u-Andrey Fedorovsky. Ukholelwa ukuthi u-Docker no-Kubernetes "bagcwele" bonke abanye. I-Docker isiphenduke indinganiso eminyakeni emihlanu edlule, uKubernetes eminyakeni emibili edlule. Futhi kuhle embonini.
UDmitry Stolyarov nethimba lakhe bathanda uKuber. Babefuna ithuluzi elinjalo ngaphambi kokuba livele, futhi beza kulo lapho kungekho muntu owaziyo ngalo. Njengamanje, ngenxa yezizathu ezilula, abathathi iklayenti uma beqonda ukuthi ngeke basebenzise uKubernetes naye. Ngesikhathi esifanayo, ngokusho kukaDmitry, inkampani “inezindaba eziningi zempumelelo mayelana nokwenza kabusha ifa elibi.”
I-Kubernetes ayiyona nje i-orchestration yesiqukathi, iwuhlelo lokuphatha lokucushwa olune-API ethuthukisiwe, ingxenye yokuxhumana, i-L3 balancing kanye nezilawuli ze-Ingress, okwenza kube lula ukuphatha izinsiza, isikali kanye nokungafinyeleli ezigabeni ezingezansi zengqalasizinda.
Ngeshwa, empilweni yethu kufanele sikhokhele yonke into. Futhi le ntela inkulu, ikakhulukazi uma sikhuluma ngokuguqukela ku-Kubernetes yenkampani enengqalasizinda ethuthukisiwe, njengoba u-Ivan Kruglov ekholelwa. Angasebenza ngokukhululeka enkampanini enengqalasizinda yendabuko kanye noKuber. Into esemqoka ukuqonda izici zenkampani kanye nemakethe. Kodwa, isibonelo, ku-Evgeny Potapov, owayezohlanganisa i-Kubernetes kunoma yiliphi ithuluzi lokucula lesitsha, umbuzo onjalo awuveli.
U-Evgeniy wadweba isifaniso nesimo ngeminyaka yawo-1990, lapho uhlelo olugxile entweni luvela njengendlela yokuhlela izinhlelo zokusebenza eziyinkimbinkimbi. Ngaleso sikhathi, inkulumo-mpikiswano yaqhubeka futhi kwavela amathuluzi amasha asekela i-OOP. Khona-ke ama-microservices avela njengendlela yokuqhela kumqondo we-monolithic. Lokhu-ke kuholele ekuqhamukeni kweziqukathi namathuluzi okuphatha amakhonteyna. "Ngicabanga ukuthi maduze sizofika esikhathini lapho kungeke kube khona umbuzo mayelana nokuthi kufanelekile ukubhala isicelo esincane se-microservice, sizobhalwa njenge-microservice ngokuzenzakalelayo," ukholelwa. Ngokunjalo, i-Docker ne-Kubernetes ekugcineni izoba yisixazululo esijwayelekile ngaphandle kwesidingo sokuzikhethela.
Inkinga yokugcinwa kolwazi ku-stateless
Isithombe ngu
Namuhla, ziningi izindlela zokupheka zokuqalisa isizindalwazi ku-Kubernetes. Ngisho nendlela yokuhlukanisa ingxenye esebenza nediski ye-I/O kusukela, ngokwemibandela, ingxenye yohlelo lokusebenza yesizindalwazi. Kungenzeka yini ukuthi esikhathini esizayo imininingwane izoshintsha kakhulu kangangokuthi izolethwa ebhokisini, lapho ingxenye eyodwa izohlelwa nge-Docker ne-Kubernetes, futhi kwenye ingxenye yengqalasizinda, ngokusebenzisa isofthiwe ehlukene, ingxenye yokugcina izonikezwa ? Ingabe izisekelo zizoshintsha njengomkhiqizo?
Le ncazelo ifana nokuphathwa kolayini, kodwa izidingo zokuthembeka nokuvumelanisa ulwazi kusizindalwazi sendabuko ziphakeme kakhulu, u-Andrey ukholelwa ukuthi. Isilinganiso se-cache hit kusizindalwazi esivamile sihlala ku-99%. Uma isisebenzi sehla, kwethulwa esisha, futhi inqolobane "iyafudumala" kusukela ekuqaleni. Kuze kube yilapho inqolobane ifudunyezwa, isisebenzi sisebenza kancane, okusho ukuthi asikwazi ukulayishwa ngomthwalo wabasebenzisi. Ngenkathi kungekho mthwalo wabasebenzisi, i-cache ayishisi. Kuyindilinga enonya.
U-Dmitry akavumelani ngokuyisisekelo - amakhoramu nokwabelana kuxazulula inkinga. Kodwa u-Andrey ugcizelela ukuthi isisombululo asifanele wonke umuntu. Kwezinye izimo, ikhoramu ifanelekile, kodwa ibeka umthwalo owengeziwe kunethiwekhi. I-database ye-NoSQL ayifaneleki kuzo zonke izimo.
Abahlanganyeli bomhlangano bahlukaniswe amakamu amabili.
U-Denis no-Andrey baphikisana ngokuthi konke okulotshwe kudiski - imininingwane yolwazi nokunye - akunakwenzeka ukukwenza ku-ecosystem yamanje ye-Kuber. Akunakwenzeka ukugcina ubuqotho nokuvumelana kwedatha yokukhiqiza ku-Kubernetes. Lesi isici esiyisisekelo. Isixazululo: ingqalasizinda eyi-hybrid.
Ngisho nesizindalwazi sesimanje samafu njenge-MongoDB ne-Cassandra, noma imigqa yemilayezo efana ne-Kafka noma i-RabbitMQ, idinga izitolo zedatha eziqhubekayo ngaphandle kwe-Kubernetes.
U-Evgeniy uthi: "Izisekelo e-Kubera ziwukulimala eduze kwaseRussia, noma eduze kwebhizinisi, okuhlotshaniswa neqiniso lokuthi akukho I-Cloud Adoption eRussia." Izinkampani ezincane noma eziphakathi nendawo eNtshonalanga zingamafu. Izizindalwazi ze-Amazon RDS kulula ukuzisebenzisa kunokuxoxa nge-Kubernetes ngokwakho. E-Russia basebenzisa i-Kuber “on-premise” futhi badlulisela izisekelo kuyo lapho bezama ukuqeda i-zoo.
UDmitry uphinde waphikisana nesitatimende sokuthi azikho izingosi zolwazi ezingagcinwa ku-Kubernetes: “Isisekelo sihlukile kunesisekelo. Futhi uma ucindezela i-database enkulu yobudlelwane, akukho ngaphansi kwezimo. Uma uphusha into encane futhi eyifu, elungiselelwe ngokwengqondo impilo ye-semi-ephemeral, konke kuzolunga. " UDmitry uphinde waveza ukuthi amathuluzi okuphatha i-database awalungele i-Docker noma i-Kuber, ngakho-ke kuvela ubunzima obukhulu.
U-Ivan, naye, uqinisekile ukuthi noma ngabe siphuma emicabangweni yezwe nengenasimo, i-ecosystem yezixazululo zebhizinisi e-Kubernetes ayikalungi. Nge-Kuber, kunzima ukugcina izidingo zomthetho nezokulawula. Isibonelo, akwenzeki ukwenza isixazululo sokuhlinzeka umazisi lapho kudingeka khona iziqinisekiso eziqinile zokuhlonza iseva, kuze kufike ku-hardware eshuthekwa eziphakelini. Le ndawo iyathuthuka, kodwa asikho isisombululo okwamanje.
Abahlanganyeli abakwazanga ukuvumelana, ngakho-ke azikho iziphetho ezizokwenziwa kule ngxenye. Ake sinikeze izibonelo ezimbalwa ezingokoqobo.
Ikesi 1. I-Cybersecurity "ye-mega-regulator" enezisekelo ezingaphandle kwe-Kubera
Endabeni yohlelo oluthuthukisiwe lwe-cybersecurity, ukusetshenziswa kweziqukathi kanye ne-orchestration kwenza kube nokwenzeka ukulwa nokuhlasela nokungena. Isibonelo, kwesinye isilawuli esikhulu, u-Denis nethimba lakhe basebenzise inhlanganisela ye-orchestrator enesevisi ye-SIEM eqeqeshiwe ehlaziya amalogi ngesikhathi sangempela futhi inqume inqubo yokuhlasela, ukugebenga noma ukwehluleka. Uma kwenzeka ukuhlaselwa, umzamo wokubeka okuthile, noma uma kwenzeka ukuhlasela kwegciwane le-ransomware, yona, ngokusebenzisa i-orchestrator, ithatha iziqukathi ezinezicelo ngokushesha kunokuba zitheleleke, noma ngokushesha kunokuba umhlaseli abahlasele.
Ikesi 2. Ukuthuthwa kwengxenye yolwazi lwe-Booking.com kuya ku-Kubernetes
Ku-Booking.com, i-database eyinhloko i-MySQL ene-asynchronous replication - kukhona inkosi kanye nohlu oluphelele lwezigqila. Ngesikhathi u-Ivan eshiya inkampani, kwaqalwa iphrojekthi yokudlulisa izigqila ezingase "zidutshulwe" ngomonakalo othile.
Ngaphezu kwesisekelo esiyinhloko, kukhona ukufakwa kwe-Cassandra nge-orchestration ebhalwe ngokwakho, eyabhalwa ngisho nangaphambi kokuba u-Kuber angene ku-mainstream. Azikho izinkinga mayelana nalokhu, kodwa iphikelela kuma-SSD endawo. Isitoreji esikude, ngisho nangaphakathi kwesikhungo sedatha esifanayo, asisetshenziswa ngenxa yenkinga yokubambezeleka okuphezulu.
Isigaba sesithathu semininingwane yolwazi yisevisi yokusesha ye-Booking.com, lapho inodi yesevisi ngayinye iyisizindalwazi. Imizamo yokudlulisa isevisi yokusesha ku-Kuber yehlulekile, ngoba i-node ngayinye ingu-60-80 GB wesitoreji sendawo, okunzima "ukuphakamisa" kanye "nokufudumala".
Ngenxa yalokho, injini yokusesha ayizange idluliselwe ku-Kubernetes, futhi u-Ivan akacabangi ukuthi kuzoba nemizamo emisha esikhathini esizayo esiseduze. I-database ye-MySQL idluliselwe phakathi: Izigqila kuphela, ezingesabi "ukudutshulwa". UCassandra uzinze ngokuphelele.
Ukukhetha ingqalasizinda njengomsebenzi ngaphandle kwesixazululo esijwayelekile
Isithombe ngu
Ake sithi sinenkampani entsha, noma inkampani lapho ingxenye yengqalasizinda yakhiwe ngendlela endala. Yakha uhlelo lokuthuthukisa ingqalasizinda yeminyaka. Sithathwa kanjani isinqumo sokuthi kwakhiwe ingqalasizinda kuma-container kanye ne-Kuber noma cha?
Izinkampani ezilwela ama-nanosecond azifakiwe engxoxweni. I-conservatism enempilo ikhokha ngokwethembeka, kodwa kusenezinkampani okufanele zicabangele izindlela ezintsha.
U-Ivan: “Nakanjani ngizoqala inkampani esebenza ngamafu manje, ngenxa nje yokuthi iyashesha,” nakuba kungabizi ngempela. Ngokuthuthuka kwe-venture capitalism, abaqalayo abanazo izinkinga ezinkulu ngemali, futhi umsebenzi omkhulu ukunqoba imakethe.
U-Ivan unombono wokuthi ukuthuthukiswa kwengqalasizinda yamanje kuwumbandela wokukhetha. Uma bekukhona ukutshalwa kwezimali okungathi sína esikhathini esidlule, futhi kusebenza, ngakho-ke asikho isidingo sokuphinda kwenziwe. Uma ingqalasizinda ingathuthukisiwe, futhi kunezinkinga ngamathuluzi, ukuphepha nokuqapha, ngakho-ke kunengqondo ukubheka ingqalasizinda esabalalisiwe.
Intela kuyodingeka ikhokhwe kunoma yikuphi, futhi u-Ivan wayezokhokha leyo eyayimvumela ukuba akhokhe kancane esikhathini esizayo. "Ngoba ngenxa nje yokuthi ngigibele isitimela esihamba abanye, ngizohamba ibanga elide kunalapho ngihlala kwesinye isitimela, lapho kufanele ngizifakele uphethiloli."kusho u-Ivan. Uma inkampani iyintsha, futhi izidingo zokubambezeleka zingamashumi ama-millisecond, khona-ke u-Ivan uzobheka “kubahlinzeki” lapho ukugcinwa kwemininingwane yakudala “kusongwe” namuhla. Baphakamisa uchungechunge lokuphindaphinda, oluzishintshayo uma kwenzeka iphutha, njll ...
Enkampanini encane enamaseva ambalwa, iKubera ayinangqondo,” kusho u-Andrey. Kodwa uma ihlela ukukhula ibe ngamakhulu amaseva noma ngaphezulu, idinga i-automation kanye nohlelo lokuphatha izinsiza. Amacala angu-90% afanele izindleko. Ngaphezu kwalokho, kungakhathaliseki izinga lomthwalo nezinsiza. Kunengqondo kuwo wonke umuntu, kusukela kwabaqalayo kuya ezinkampanini ezinkulu ezinezithameli eziyizigidi, ukuthi kancane kancane abheke emikhiqizweni ye-orchestration yeziqukathi. “Yebo, leli ikusasa ngempela,” uqinisekile u-Andrey.
UDenis uveze izindlela ezimbili ezibalulekile - scalability nokuzinza kokusebenza. Uzokhetha amathuluzi afaneleka kangcono kulo msebenzi. “Kungaba igama elingelona igama elihlanganiswe emadolweni akho, futhi ineNutanix Community Edition kuyo. Lokhu kungaba umugqa wesibili ngendlela yesicelo ku-Kuber enesizindalwazi esingemuva, esiphindaphindwayo futhi esicacise imingcele ye-RTO ne-RPO" (izinjongo zesikhathi sokuthola kabusha/zephoyinti - cishe.).
U-Evgeniy uhlonze inkinga engase ibe nabasebenzi. Okwamanje, abekho ochwepheshe abaningi abaqeqeshiwe emakethe abaqonda “amathumbu.” Ngempela, uma ubuchwepheshe obukhethiwe budala, khona-ke kunzima ukuqasha noma ubani ngaphandle kwabantu abaneminyaka ephakathi abanesithukuthezi futhi bakhathele ukuphila. Nakuba abanye abahlanganyeli bekholelwa ukuthi lokhu kuyindaba yokuqeqeshwa kwabasebenzi.
Uma sibeka umbuzo wokuzikhethela: ukwethula inkampani encane ku-Public Cloud enemininingwane ku-Amazon RDS noma "esakhiweni" esinemininingwane yolwazi ku-Kubernetes, khona-ke naphezu kokushiyeka okuthile, i-Amazon RDS yaba ukukhetha kwabahlanganyeli.
Ngakho-ke, njengoba iningi labalaleli be-meetup bengaveli ebhizinisini “eligcwele igazi” izixazululo ezisatshalaliswa yizo okufanele sizilwele. Izinhlelo zokugcina idatha kufanele zisatshalaliswe, zithembeke, futhi zidale ukubambezeleka kukalwa ngamayunithi ama-millisecond, amashumi kakhulu", kuphetha u-Andrey.
Ukuhlola Ukusetshenziswa kwe-Kubernetes
Umlaleli u-Anton Zhbankov ubuze umbuzo owugibe kubaxolisi bakwa-Kubernetes: ukhethe kanjani futhi ulwenze kanjani ucwaningo lokungenzeka? Kungani uKubernetes, kungani kungenjalo imishini ebonakalayo, isibonelo?
Isithombe ngu
UDmitry no-Ivan bawuphendula. Kuzo zombili izimo, ngokuzama nangephutha, ukulandelana kwezinqumo kwenziwa, ngenxa yalokho bobabili abahlanganyeli bafika e-Kubernetes. Manje amabhizinisi aqala ukuthuthukisa ngokuzimela isofthiwe enengqondo ukuyidlulisela ku-Kuber. Asikhulumi ngamasistimu ezinkampani zangaphandle zakudala, njenge-1C. I-Kubernetes isiza lapho onjiniyela bedinga ukwenza ngokushesha ukukhishwa, ngokuthuthukiswa okuqhubekayo okuqhubekayo.
Ithimba lika-Andrey lizame ukwakha iqoqo elinokwehla elisuselwe emishinini ebonakalayo. Ama-Node awela njengama-dominoes, ngezinye izikhathi okwakuholela ekuweni kweqoqo. “Ngokucatshangelwa, ungayiqeda futhi uyisekele ngezandla zakho, kodwa iyacika. Futhi uma kunesixazululo emakethe esikuvumela ukuthi usebenze ngaphandle kwebhokisi, khona-ke siyajabula ukukuthola. Futhi sashintsha ngenxa yalokho, ”kusho u-Andrey.
Kunamazinga okuhlaziya nokubala okunjalo, kodwa akekho ongasho ukuthi anembe kangakanani ku-hardware yangempela esebenzayo. Ukuze uthole izibalo, kubalulekile futhi ukuqonda ithuluzi ngalinye kanye ne-ecosystem, kodwa lokhu akunakwenzeka.
Yini esilindele
Isithombe ngu
Njengoba ubuchwepheshe buthuthuka, kuvela izingcezu eziningi ezihlukene, bese kuba noshintsho lwesigaba, kuvela umdayisi obulale inhlama eyanele ukuze yonke into ihlangane ngethuluzi elilodwa.
Ngabe ucabanga ukuthi kuzofika isikhathi lapho kuzoba nethuluzi elifana no-Ubuntu lomhlaba weLinux? Mhlawumbe ithuluzi elilodwa lokuhlanganisa kanye ne-orchestration lizofaka i-Kuber. Kuzokwenza kube lula ukwakha amafu endaweni.
Impendulo inikezwe u-Ivan: "I-Google manje seyakha i-Anthos - lesi yisipho sabo esihlanganisiwe esifaka ifu futhi sifaka i-Kuber, i-Service Mesh, ukuqapha - yonke i-hardware edingekayo kuma-microservices asendaweni." Cishe sesizayo."
UDenis uphinde wakhuluma nge-Nutanix ne-VMWare ngomkhiqizo we-vRealize Suite, ongabhekana nomsebenzi ofanayo ngaphandle kokufakwa kweziqukathi.
UDmitry wabelane ngombono wakhe wokuthi ukunciphisa "ubuhlungu" nokunciphisa intela yizindawo ezimbili lapho singalindela khona ukuthuthukiswa.
Ukufingqa le ngxoxo, sigqamisa lezi zinkinga ezilandelayo zengqalasizinda yesimanje:
- Abahlanganyeli abathathu bahlonze ngokushesha inkinga nge-stateful.
- Izinkinga ezahlukahlukene zokusekelwa kwezokuphepha, kufaka phakathi ukuthi kungenzeka ukuthi i-Docker izogcina inezinguqulo eziningi zePython, amaseva wohlelo lokusebenza, kanye nezingxenye.
Ukusebenzisa ngokweqile, okungcono ukuthi kuxoxwe emhlanganweni ohlukile.
Inselele yokufunda njenge-orchestration i-ecosystem eyinkimbinkimbi.
Inkinga evamile embonini ukusetshenziswa kabi kwamathuluzi.Ezinye iziphetho ziphuma kuwe. Kusenomuzwa wokuthi akulula ngenhlanganisela ye-Docker+Kubernetes ukuba yingxenye “emaphakathi” yohlelo. Isibonelo, amasistimu wokusebenza afakwe ku-hardware kuqala, okungenakushiwo mayelana neziqukathi kanye ne-orchestration. Mhlawumbe esikhathini esizayo, izinhlelo zokusebenza neziqukathi zizohlangana nesofthiwe yokuphatha amafu.
Isithombe nguNgicela ukuthatha lelithuba ngibingelele kumama nginikhumbuze ukuthi sineqembu likaFacebook , isiteshi ngezincwadi ezithakazelisayo ezivela kumabhulogi ahlukahlukene we-tech. Nesiteshi sami , lapho ngikhuluma ngokuphatha intuthuko ezinkampanini zomkhiqizo.
Source: www.habr.com