@Rays
2019-11-04T11:55:46.000000Z
字数 12521
阅读 963
摘要:
作者: Marcos Vallim
正文:
“千里之行,始于足下”——中国谚语
引用自:https://en.wikipedia.org/wiki/A_journey_of_a_thousand_miles_begins_with_a_single_step
我们的Kubernetes已颇有进展。在第一篇文章中,我们概要介绍了IT产业目前的发展情况;第二篇文章给出了我们解决方案的架构情况;第三篇文章深入构成解决方案各技术组件的细节方方面面;第四篇文章详细介绍了支持我们解决方案的网络架构。
We have walked a long path already in this journey. In the first article, we briefly described how the IT industry has evolved to the point we are now. Next, in the second article, we defined how the architecture of our solution what will look like. We then started diving a bit deeper into the bits and pieces of the technology components that will make part of our solution in the third article and finally got into the details of the network architecture that will support our solution.
I hope you are learning something along this way and (why not?) having fun as much as I’m!
I know you are probably anxious to start getting your hands dirty with actual code but I think it’s really important to set a good basis of all the concepts needed to build our solution. This way, when we get to the point to do the actual work, you’ll have a clear idea of why each of the steps are needed.
在该系列教程的本篇文章中,我们终于开始介绍Kubernetes。我们将概要阐述Kubernetes的架构及主要组件,包括Pods、服务、卷、命名空间等。为避免长篇累牍,我们将另起文章介绍一下需要深入解释的重要概念,例如master/worker、etcd和k8s网络等。
In this article, we’ll finally start talking about Kubernetes. We’ll provide a brief introduction of its architecture and its main objects (Pods, services, volumes, namespaces, etc). To avoid it gets too long, we’ll talk in more detail about other important topics that demand a deeper explanation (masters and workers, etcd and k8s network) in separate articles.
想要先睹为快的读者,不必等待所有文章更新,可直接克隆该项目的GitHub代码库。代码库中的文档正在持续改进中,并完全可用。代码库地址为:
mvallim/kubernetes-under-the-hood
本教程适用于那些规划安装Kubernetes集群并希望理解各组件工作机制的读者。
“Kubernetes是一个可移植的,可扩展的开源平台,用于管理容器化的工作负载和服务,可促进声明式配置和自动化。 它拥有一个庞大且快速增长的生态系统。 Kubernetes的服务,支持和工具广泛可用。
Kubernetes is a portable, extensible open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.”“Google在2014年开源了Kubernetes项目。Kubernetes建立在Google十年半的大规模生产工作负载经验的基础上,并结合了社区中最好的想法和实践。
Google open-sourced the Kubernetes project in 2014. Kubernetes builds upon a decade and a half of experience that Google has with running production workloads at scale, combined with best-of-breed ideas and practices from the community.”
引用自:https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/
Kubernetes的优点包括:
* 敏捷应用开发和部署:与使用虚拟机镜像相比,Kubernetes增加了容器镜像创建和简易和效率。Agile application development and deployment: Increased ease and efficiency of container image creation compared to VM image use.
* 容器开发、集成和部署:提供可靠和频繁容器镜像构建和部署,支持快速和简易的回滚(归因于镜像不可修改)。Continuous development, integration, and deployment: Provides for reliable and frequent container image build and deployment with quick and easy rollbacks (due to image immutability).
* 开发(Dev)和运维(Ops)关注隔离:在构建/发布阶段创建应用容器镜像,而不适在部署阶段,这样将应用从架构中解耦。 and Ops separation of concerns: Create application container images at build/release time rather than deployment time, thereby decoupling applications from infrastructure.
* 能观性(Observability):不仅流于表面的操作系统层级信息和度量,而且应用健康等深层信息。: Not only surfacing OS-level information and metrics but also application health and other signals.
* 开发、测试和生产环节中的环境一致性:无论在云上,还是在个人笔记本上,运行环境一致。Environmental consistency across development, testing, and production: Runs the same on a laptop as it does in the cloud.
* 云上和操作系统发行版可移植性:运行在Debian、Ubuntu、CoreOS、本地部署、Google Kubernetes Engine、Amazon Elastic Container Service等任何环境中。Cloud and OS distribution portability: Runs on Debian, Ubuntu, CoreOS, on-prem, Google Kubernetes Engine, Amazon Elastic Container Service and anywhere else.
* 以应用为中心的管理:提升了抽象层级,从在虚拟硬件上运行操作系统,提升为使用逻辑资源在操作系统上运行应用。Application-centric management: Raises the level of abstraction from running an OS on virtual hardware to running an application on an OS using logical resources.
* 松耦合、分布式、弹性、无约束微服务:应用分隔为更小独立部分,可动态部署并管理。不是运行在单一用途机器上的单体应用栈。Loosely coupled, distributed, elastic, liberated micro-services: Applications are broken into smaller, independent pieces and can be deployed and managed dynamically — not a monolithic stack running on a big single-purpose machine.
* 资源隔离:可预测的应用性能。Resource isolation: Predictable application performance.
* 资源使用:高效率和密度。Resource utilization: High efficiency and density.
引用自:https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/
为尽可能发挥Kubernetes的最大效能,它依赖并使用其它开源攻击。其中包括:
In order for Kubernetes to reach its full capacity, it depends on and makes use of other open source tools. Among them we can include:
* 注册:例如Docker Registry。Registry, such as the Docker Registry.
* 网络:例如Flannel、Calico、MetalLB、CoreDNS等。
* 遥测:例如Prometheus、Sysdig和Istio。
* 安全:例如LDAP、SELinux、RBAC和具有多层的OAuth。
* 服务:基于广为使用的应用模式所创建的内容,以多种目录形式提供。Services, offered in a varied catalog of previously created content from popular application patterns.
图 Kubernetes架构图 Architecture Diagram
Kubernetes管理的集群通常具有两大操作单元:主节点(Master)和工作节点(Worker)。
A cluster managed by Kubernetes basically has two large operational units: Master node(s) and Worker nodes.
* 主节点(Master):是负责编排与在工作节点上运行的容器相关的所有活动的元素。 它负责安排和部署集群应用程序,并获得有关工作节点和Pod的信息以及许多其他活动。: is the element responsible for orchestrating all activities related to the containers that run on the worker nodes. It is responsible for scheduling and deploying a clustered application and obtaining information about worker nodes and Pods, among many other activities.
* 工作节点(Worker):由Kubernetes管理的容器有效运行的机器(节点,可以是物理机或VM)。 为了让Kubernetes管理工作节点,必须在其上安装Kubernetes的Kubelet代理。 通过该代理,可以执行与主机的所有通信,因此,可以执行集群操作。: are the machines (nodes, which can be physical or VMs) where the containers managed by Kubernetes effectively run. In order for worker nodes to be managed by Kubernetes, they must have Kubelet agents from Kubernetes installed on them. It is through this agent that all communication with the master is performed and, as a consequence, the cluster operations are performed.
Kubernetes主节点从开发人员/运维人员(DevOps)接收命令,并将指令传递给工作节点。 这些指令由一组服务处理和重传,这些服务会自动确定最适合处理所请求任务的工作节点,然后将资源分配并分配给选定的满足所请求指令的工作节点。
Kubernetes master receives the commands from the Developer/Operator (DevOps) and passes the instructions to the worker nodes. These instructions are processed and retransmitted by a set of services that automatically decide which worker node is most suitable to process the requested the task. The resources are then allocated and assigned to the selected worker node to satisfy the requested statement.
容器管理在更高和更精细的级别上进行,而无需有人主动对容器和工作节点进行微管理。
Container management takes place at a higher and more refined level, without someone needs to actively micromanage containers and worker nodes individually.
参考资料:https://kubernetes.io/docs/reference/glossary/?fundamental=true
Image from Rising Stack
kubectl是与Kubernetes API服务交互的命令行工具。用户可使用kubectl创建、更新和删除Kubernetes对象。
is a command line tool for communicating with a Kubernetes API server. You can use kubectl to create, inspect, update, and delete Kubernetes objects.
Docker保持其原始功能。 所发生的变化是,当Kubernetes配置Pod时,它会将指令发送到所选工作程序节点的kubelet,其中包含有关Docker启动(或停止)具有给定规范的容器的指令。 反过来,kubelet继续从Docker及其容器中收集信息,并将所有这些信息汇总到master中。 此处的最大区别在于,所有这些操作都是自动进行的,而无需管理员必须手动进行所有这些配置和信息收集。
Docker keeps its original function. What changes is that when Kubernetes configures a Pod, it sends instructions to the kubelet of the selected worker node with instructions for Docker to start (or stop) a container with the given specification. kubelet, in turn, continues collecting information from Docker and its containers and aggregating all this information in the master. The big difference here is that all of this happens in an automated way, without the need of an administrator having to do all this configuration and information gathering manually.
以下是Kubernetes管理的每个主要对象的简要定义。 我们将在本系列的下一篇文章中详细介绍它们:
Following is a brief definition of each of the main objects managed by Kubernetes. We’ll get into more detail about them in the next articles in this series:
参考资料:https://kubernetes.io/docs/reference/glossary/?fundamental=true
希望读者喜欢该文,以及系列教程中的其它文章。下一篇文章将深入介绍Kubernetes架构,解释每个组件是如何应用的。
欢迎在文章下面给出反馈和评论,这对于改进系列文章非常重要。
建议读者关注[作者的Medium账号](Marcos Vallim),一览系列教程全貌,并第一时间掌握新文章的发布。
查看英文原文: Kubernetes Journey — Up and running out of the cloud — Kubernetes Overview