编程知识 cdmana.com

Understanding k8s from the perspective of application development

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":" Cloud native application "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" We are experiencing a technology trend from single application to distributed microservice architecture application . Distributed microservice architecture as more and more software development design patterns , To guide the design and design of the business model . Entity abstraction or boundary division of business , Micro service architecture as the landing point , Form micro service cluster . And the implementation runs in the cloud native choreography platform ."}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/01/013b22edc66739cb3f42827eb6c55f6c.png","alt":null,"title":" Cloud native application structure from Kubernetes-Patterns","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" The cornerstone of cloud native applications is clean and tidy , The business logic is relatively single , And independent code implementation with other domain objects . At this stage, it is the basic programming skills that guarantee the quality of business , And high coverage of automated testing capabilities ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Domain design driven is the mainstream design pattern under the upsurge of microservice technology in recent years , The main problem to be solved is how to disassemble a complex business scenario into multiple micro service units . Domain design driver is the design pattern of microservice architecture , Microservice architecture is based on domain design pattern . A microservice can correspond to a domain object , It can also be a domain service ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Cloud native applications implemented by distributed microservice architecture are highly available , Stretch and stretch , Tolerance of failure and healthy introspection . It makes our ability to deal with the growing business requirements gradually shift from the complexity of development programming to resource integration , The complexity of operation and management ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Microservices are single , Simple applications running in a single process . Container technology can just provide this kind of isolation encapsulation , Put a simple microservice to Dockfile Standardization of template mode , Distributed resources can run in any cluster ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K8S As the most popular cloud native platform architecture , Interaction for a set of microservices , Continuous data storage , Or implement multiple microservices running with dependencies , And capacity planning , Can provide a set of automatic systematic solutions ."}]}]}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":" use OOP How to interpret K8S"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" For application developers , The object-oriented pattern must be well understood .OOP This paper designs a methodology for the life cycle management of a logical object , analogy OOP Ideas , The author will introduce some in detail K8S Core resource object and application mode ."}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a1/a1495432cb615caf9d3a76fb8448aac9.png","alt":null,"title":"OOP vs K8S from Kubernetes-Patterns","style":[{"key":"width","value":"100%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":" structure / Deployment remains isolated Pod/Deployment"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Image"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Container mirror analogy OOP Class , All attributes and functions of a module are defined , Provides the only exposed API Call mode and parameter set , A complete release cycle , Container design is like a blueprint . This way of static definition , You can define and initialize the container for , Make them behave exactly the same at any time in any environment . A container image corresponds to a microservice , It belongs to the development team ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Container"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Container analogy OOP The object of , It's the running state of the container image . A container is a container image of the running process , A container image can create any number of containers in any environment at any time ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Pod"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Java Application developers know that it is based on Springboot-MVC Framework of the Java When the application is deployed, you only need to provide one Jar package ,Jar The internal source code of the package cannot be changed after being compiled .Pod It is the smallest unit of resource scheduling and deployment of cloud native choreography platform .Pod It's similar to the container Java Of Jar Packages and objects , The container image delivered by the application developer is passed through Pod stay K8S Deploy and schedule on the cluster , The container is Pod The internal resource object of ,K8S No sense, no intervention ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K8S Design Pod The smallest unit scheduled for deployment , Because Pod Realize a group of containers in the storage space , Network space and process space can share the Pod resources , It is similar to running multiple processes on a virtual machine at the same time . Inter container communication is similar to single node inter process communication .Pod The design of the , It's about sharing containers as much as possible Linux Namespace, Keep only the necessary isolation and limitation capabilities ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod similar OOP Of Module, In other words, the logical collection of objects usually belongs to an independent module .Pod An example of the definition of is as follows :"}]}]}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"apiVersion: v1\nkind: Pod\nmetadata:\n name: index-helm-57677c549-lgww5\n namespace: bss-dev\nspec:\n containers:\n - command:\n - java\n - '-jar'\n - /home/demo/app.jar\n env:\n - name: aliyun_logs_release_tags\n value: revision=3f44253.20201030-1039\n image: 'registry-vpc.cn-shanghai-finance-1.aliyuncs.com/XXX/XXX.XXX:latest'\n imagePullPolicy: Always"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod->spec The following contains one or more container template definitions .PodYAML Provides many properties , Interested in-depth readers can refer to learning "},{"type":"link","attrs":{"href":"https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/api/core/v1/types.go","title":""},"content":[{"type":"text","text":"https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/api/core/v1/types.go"}]}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod->spec There is a very special container template definition , The key words are initContainer, As the name suggests, it is the container for initialization . The initialization container must be started and executed before the application container , And it can only be executed successfully ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod->spec In addition to defining container templates , It also defines the shared storage resources between containers Volume Mounting method , And influence Pod Node selector label for resource scheduling , Affinity and tolerance ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"NameSpace"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" A namespace is the concept of a group , It provides the ability of logical partition for cluster resources . This way of use is similar to OOP Of Package. When the project gets bigger , A class or object with the same name , In order to distinguish , And we will packge Prefix the path with , Define and reference the corresponding object .K8S Hundreds of application services are often running in a cluster , There will also be cases of resources with the same name . Namespace can be in K8S On the implementation of a group of resource object isolation and permission management ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" The most common scenario for a namespace is in a K8S Cluster distinguishes development environment from test environment . A namespace can also provide a multi tenant running environment , Or for the application to run in isolation , Name a separate namespace for an application deployment ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Although the namespace provides the ability to logically partition the scope of resources , But it doesn't really isolate the inside of a cluster Pod Communication between , In other words, it belongs to more than one namespace in the same cluster Pod Still able to communicate with each other within the cluster . If you need to achieve complete isolation between the namespace , May adopt NetworkPolicy Realization ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Deployment"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" stay K8S To create a new version of an application is to create an upgrade service Pod, And destroy the old version Pod The process of , from Deployment Resource object definition . There are hundreds of microservice architecture applications , If you deploy it manually , Human errors will be introduced and deployment operations can easily become the bottleneck of the whole system .K8S Will deploy Pod All operations are defined in Deployment Resource objects , Deployed automatically by the platform Pod."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Deployment In addition to defining deployment Pod What kind of other things , It also defines the expected deployment state . such as , Expected deployment Pod Number , Or on which node to deploy ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Deploying a new version will either generate additional versions with new versions Pod, To be confirmed by health examination, etc Pod Can provide services , And the old version of the original Pod The destruction , Finally, the expected deployment state is achieved ; Or destroy the old version first Pod, Regenerate into a new version Pod, Until the expected deployment state is reached . The first way is Rolling Update, The advantage is that there is no downtime, The disadvantage is that there will be multiple versions providing services at the same time , Cause service state inconsistency . The second way is Recreate, The advantage is that there will be no more than one version of the application service at any time , The disadvantage is that deployment exists downtime.K8S The default deployment strategy is Rolling Update."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Deployment adopt ReplicaSet Controller creation and management Pod, Make sure Pod Can run as expected , And satisfy Deployment Deployment definition of , For example, open several copies , Meet the deployment strategy, etc .ReplicaSet Decouples deployment from Pod function ,Pod be in Running Successful deployment does not represent the application state .Deployment Yes Pod Number of copies and... Of the application container Health Probe Set it up , To ensure that the process starts and the application runs successfully . Only when new ReplicaSet Of Pod The successful running , And the number of copies is up to Deployment Set up ReplicaSet The number of , old ReplicaSet Managed Pod When it is no longer loaded or destroyed ,Deployment Achieve the expected deployment state , To represent successful deployment ."}]}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":" Constructors InitContainer"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Initialize at OOP in , such as Java Class definition , It's a constructor . Encapsulates the initialization operations necessary before the object is used . Initialize container InitContainer,InitContainer yes Pod Level initialization , Empathy , yes Pod->spec A special container template definition of , The main application container process is isolated from the initialization operation , Make sure the initialization is done before the application container starts ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Initialization can also be done at the container level , Use the container to mirror the template Dockerfile->ENTERPOINT Definition . The scope of container level initialization is within the container image definition , and Pod Initialization operation level InitContainer It's right Pod All container group definitions in . In general , Container initialization is more Devops Care for , It has little relevance to the work of application developers .InitContainer Container template definitions can be completely isolated from the development run cycle ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod Initialization operation level InitContainer The advantage is that access sharing can be set uniformly Volume Access rights of ; Prepare the dependent components or data before the application service starts ; Verify the dependence and health of application services . Before the application service main container process starts , Make sure the preconditions are ready , To ensure that the application service can run successfully ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" In terms of access control and other security considerations , Open definition is not recommended in general Pod Access to shared resources . We try to put Pod The shared resource management operation is left to the layout platform settings and control , Isolated from the application service itself . Maximize to ensure that the application service itself does not have platform dependent properties . therefore ,InitContainer It also improves the security of microservice application development ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" One Pod The template can define multiple InitContainer And multiple application containers .K8S Make sure InitContainer The initialization operations are performed in the order defined , Finished before the application container starts , The application container starts in parallel ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"InitContainer It is basically the same as the general application container , however ,InitContainer It's usually Completed, No existence Failed Put an end to the state , Because when InitContainer Failure of execution will directly lead to Pod restart , Restart execution InitContainer."}]}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":" Portfolio model Sidecar"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" In the previous article, we compared container image to container OOP Class and object of , Because container image defines a micro service with single responsibility . If the service is running , We need to extend or add some bypass operations , here , similar OOP The combination design pattern of , We can actually directly integrate another container image definition into the same Pod, This is it. Sidecar."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Sidecar Ensure that the application container has a single responsibility , meanwhile , Can also be in Pod Level to add update data to it , The configuration file , A set of bypass operations that can be reused independently, such as static resources or collection of log data .Sidecar The ability to combine multiple containers with a single responsibility , Provides a fully functional , Application microservices with online capabilities , meanwhile , Make sure that the development team only considers the business application function itself ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Sidecar And InitContainer It's two different container definitions . First InitContainer Definition is Pod A collection of initialization operations at level , It must be done before all application containers are started , There is a strict order of execution .Sidecar There is no strict control on the execution order of application container , The two are usually run simultaneously in one Pod Inside , share Pod resources , Joint completion Pod Exposed service capabilities ."}]}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":" Configuration Management ConfigMap/Secret"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Application development 12 One of the principles is to store the configuration in the environment . The configuration information is isolated from the application , You can store application configuration information through environment variables . Environment variables are global , It can be loaded when the application process is running . When the configuration information is large , Using environment variables to transfer configuration information is not a good way .Java-Springboot The app provides Profile file , Record and save application related configuration information , Developers can differentiate between environments Profile file ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" stay K8S Configuration management ConfigMap and Secret It also supports environment variables Key/Value Form and application configuration Profile File form . Environment variable Key It's usually all capital letters ; Application configuration Profile The file is in lower case to indicate the file name ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K8S Provide Secret Resource objects to configure sensitive data . such as , The user name of the database link , Password etc. ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ConfigMap And Secret Object passing Volume Mount to Pod in , So the configuration information is Pod Container group sharing within .ConfigMap And Secret The upper limit of data storage for is 1MB, So when the configuration file is too large , Consider using InitContainer Initialize a configuration management container in the same Pod Next . Before the application container starts , Transfer the application configuration to the specified mount directory of the application , To update the application configuration information ."}]}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":" asynchronous / Concurrent execution Job/Cronjob"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" In the process of application development , We often face batch tasks / Timed mission requirements . The current popular application framework , such as Java Of Spring-Batch perhaps Python Of Celery Can achieve asynchronous tasks / Timing task . But this application level approach , In cloud native , It will make the implementation of application services very heavy , For example, asynchronous tasks usually require their applications to be highly available , Resource elasticity and self-healing . These features are K8S The platform comes naturally with , Consider delegating the application's asynchronous task implementation to K8S Of Job/Cronjob Controller object ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K8S Of Job Controller object , similar Deployment, It's creating and managing Pod One way to implement the lifecycle . And Deployment The difference is ,Job The control of the Pod It's the end of the run , namely Pod The final state of is Completed.Job Of Pod By default, it will not be destroyed directly , The main purpose is to provide the view of task running log results ."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K8S Of Cronjob Controller object , seeing the name of a thing one thinks of its function , stay Job On the timing of the event combination . The main scenarios used include but are not limited to file transfer , Send email or SMS notification , And backup and regular cleaning, expired backup and so on ."}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":" Conclusion "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" I sort out a part of K8S The original intention of the basic knowledge point is to examine K8S In this huge technology stack, developers master and use K8S The minimum set of knowledge points to understand . I believe that future applications are built on the cloud , So no matter what role it is , We have to master the necessary K8S Knowledge points can smoothly open the cloud native development journey ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" A lot of the above is what the author is learning "},{"type":"link","attrs":{"href":"https://time.geekbang.org/column/intro/116","title":""},"content":[{"type":"text","text":"https://time.geekbang.org/column/intro/116"}]},{"type":"text","text":" as well as Kubernetes-patterns"},{"type":"link","attrs":{"href":"https://developers.redhat.com/blog/2020/05/11/top-10-must-know-kubernetes-design-patterns/","title":""},"content":[{"type":"text","text":"https://developers.redhat.com/blog/2020/05/11/top-10-must-know-kubernetes-design-patterns/"}]},{"type":"text","text":" When the learning experience and reading experience , Benefit from the masters K8S Interpretation and carding of technology stack from various angles ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Finally, the opportunity of systematic learning and carding comes from the team's understanding of K8S The importance of Technology , Thank you very much for your attention and support ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1}},{"type":"heading","attrs":{"align":null,"level":2}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1}}]}

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢

Scroll to Top