Clever Geek Handbook

Kubernetes适用于30岁以上的人群。Nikolay Sivko(2018)



在某个时刻,我们在okmeter.io上意识到,尽管我们甚至没有CI / CD,但在生产中也需要k8,但是要在应用程序之间共享公用服务器池是一项任务,并且很容易为集群添加容量。同时,在许多情况下,k8的实现变得复杂:



  • 我们非常关注容错能力(在充分了解新技术之前,我们不会将新技术引入产品中);
  • 我们提供的响应时间少于10毫秒的服务;
  • ( 10 , 50 — ).




: 2018 , issue .





. Okmeter.io. . , . , . .





?



, , , , – .



Kubernetes.





.



Okmeter.io. :



  • , , , auto discovery.
  • , .


:



  • , , . . , . Python Go.
  • - , . Kafka, Cassandra, Elasticsearch, PostgreSQL.
  • . , , latency. .
  • DevOps , CI/CD, pipeline. , .
  • . , ( ), . , . read , . . , , .
  • , , , , – , 2 , , , .
  • .




, .



Google App Engine. . , . .



, , . , latency . .



, - . . Cassandra, Elasticsearch, Go Python.





, Elasticsearch.



, Elasticsearch , , CPU. Python.





. , Go stateless, , -, , , CPU - .



, . , , .





?



  • Ansible , , , , server -> roles . .
  • , . Ansible , , . , , , .
  • , Ansible, , , . – playbooks . , , playbooks production. , , . , .




, , instance, ?



  • inventory. , - - .
  • . , , . , . .




, , , .



  • , Kubernetes , . , .
  • , , . . , , , , , , .
  • , . . Request + Limit – , .




Kubernetes. . . . , , . , , , instances. , OOM killer, , . , , .



, , , . .



, health checks , . , , .





Ansible . Ansible? , , . , . Ansible, , .



Kubernetes, , . - . , , over kill.





, ? :



  • — , , .
  • – Ansible , , Kubernetes .




Kubernetes , Ansible? Kubernetes apply, , , . . -, , . , – , .



, ? - ? , . , pod. , , Ansible. , , .





? service discovery. , . nginx, upstream’. . . . . , , service discovery. . Kubernetes.



, . , , . - , . DNS, ETCD. , , . .





, , , , . , readiness/ liveness-. , , curl, , Kubernetes .



? , pull . , , . pod, IP, . pull . , . , , .



, , pod . , , . graceful shutdown . . , .



. , RequestID, tracing, , , . , pod – , .





– . Kubernetes, , , L2 , , .





, , ? , 20 , . ? . bgp. , bgp. bgp 10 ?



Kubernetes , service discovery iptables , . . daemon, iptables. , . , , , , .





. 20 , . iptables , .



, , . IP pod’ IP . , . SR-IOV. , 128 . switch . . , , .



, . . , -, , , . - . flannel host-gw. 24- . , , -. , .





iptables kube-proxy, , iptables Kubernetes. Google , . . headless services .





?



  • , K8s .
  • , , CI/CD.
  • . . . , ? , .
  • production .




, :



  • , K8s. docker , , Python. Go – . , docker . .
  • docker . Ansible docker: « , , ».
  • , . .




. , - etcd, ConfigMap, . , . , reconfig. , .



Helm . , .





, Helm. update/ rollback pod’, immutable ConfigMap, . , , , , , rolling update, , . , . . , production , . ConfigMap, ConfigMag.





, , – .



– , . - . pod, , immutable. , . , Helm.





. Go- , YAML . , - , -. YAML, . – .





Python Django . Settings.py – . settings . .





, , , K8s stateful . , : Cassandra, Kafka. -, , .



, , Ansible. Ansible , - K8s . ?





Kubernetes – Ansible playbook. . . playbook, , , K8s.





production - - .



. request/ limit.



, , . CPU . . , pod’ . , - , CPU.





, . , , - , OOM Killer . , 100 , .





– deployments - . , , selector , pod deployments. OOM Killer , . . deployment , . , .





- - . , – . K8s back-off. . .





, , , …, back-off .



, rollout, . . , . , , . . . . , .





, , , iptables headless. ? selector, pod’, . pod’ readiness probe, . endpoint, , . . endpoint – pod’.



IP . IP, pod.



IP. , . , iptables , upstream, .



DNS-.





? , pod. readiness probe kubelet . . , kubelet’ apiserver.



kube-proxy . kube-proxy . , .





?



  • Probes . , , .
  • . 10 000 rps, , .
  • . Kubelet -> apiserver -> kube-proxy-> iptables. , .
  • , kubelet apiserver? kube-proxy iptables? , .
  • , iptables pod, . , , . retries.




, headless service – , .



. etcd, apiserver, DNS.





envoy, L7, retry. http, retry , . , , application level . , ? Envoy.





. envoy. DNS. K8s DNS, endpoints. , . , .



envoy DeamonSet, , sidecar container. ? - .



envoy, -, , , pod’ . . . rolling-update. - , , pod .





. . . envoy nginx -t. . , : «, ». . , pod’ .



, sidecar . envoy , .





. envoy. , resolve , , 3 DNS. , envoy resolve. . . . , health check, retry.





, service mesh . service mesh, . . , .



- , GitHub , . envoy. , istio , . .





ingress-. IP, K8s-. K8s, , .



DaemonSet envoy, . DaemonSet – . IP , DaemonSet, IP - . . 3 - 4, 5, 10 upstream .



DaemonSet rolling .





ingress controller, , nginx - ingress K8s. , . . , , envoy, DaemonSet, ingress controller. . DaemonSet, . ingress.





, . .



Kubespray – , , 20 K8s-.



, , , , . , , .



playbook .





?



etcd c apiserver’. . full mesh.





, Kubelet …, . , , . . pod , . , .





CoreDNS. deployment. deployment, iptables, .



iptables, DNS deployment DaemonSet. , , . DNS , -, .





3 + N . , , . , Ansible. , .



Stateful- , , . .



, Kafka 4 10 . Kubelet , . , overbooked .





, , flannel . pod’. . 1/0. pod’ . . . . . , .





, , . , , , egress, , . flannel NAT. pod’ .



, . NAT.





  • . .
  • , . , .
  • - . . , , . , - , . 3 , , , , .
  • , Kubernetes, , . , , .




Kubernetes .





Kubernetes .



, . !



:



, ! follower, , , , Kubernetes, - ? Kubernetes ?



, , Kubernetes . , . , . . , .



, , , , , , , , . , service discovery . , , , , .



! Stateful- , . HA ? HAProxy K8s?



Cassandra . , , . . endpoints IP , .



Postgres?



Postgres . Postgres’ , . . , . , , . Postgres - . , , -, . Postgres , .



, ! ! latency. , , latency . , ?



. . . iptables , . iptables, . , , .



20 . - ?



flannel .



, , Open vSwitch ?



我只是害怕这些话。我们进行了K8的监控,并且我们必须在虚拟机上建立一个测试台,以便进行监控演示。默认情况下,Kubespray在那里部署了Calico。它有效,但是我不知道它是如何工作的。我们在那里没有运行任何基准测试,我不知道它是如何工作的。我不知道它会如何破裂。我知道绒布会折断,我已经准备好了。我不知道其他所有19个插件将如何损坏。



从隔离非安全网络的安全网络的数据保护角度来看,这个问题很有趣。



在这方面我们很幸运,我们没有那样的东西。



你很幸运。



谢谢你!



More articles:


All Articles