Shulou(Shulou.com)06/02 Report--

Author: brother-duff Source: Yunqi Community

Original link: https://yq.aliyun.com/articles/631182?spm=a2c4e.11153940.bloghomeflow.78.7ada291a5uIWrz

Do developers want to know about Kuberntes?

Now Kubernters is getting hotter and hotter, and many companies are gradually using Kubernetes as a container cluster management platform in development, testing and production. The latest survey shows that more than 40% of the production environments in 5000 + large enterprises have used Kubernetes (*). But it is generally understood that Kubernetes is a more dimensional system, and developers don't seem to pay too much attention to it, is that so? The answer is no!

Although most developers can migrate / move these applications to the container platform without changing the original applications (here "moving" means that users treat containers directly as virtual machines), if you need to make better use of Kubernetes, developers need to understand some of the architecture and principles of kubernetes, and make adjustments to the program architecture and some implementation details. This article explains the adaptation points that the program needs to make from some details in order to better run the program on Kuberentes.

Deal with IP irrelevant / dynamic

In the program, it is necessary to make the mutual calls between programs not to write dead IP, but also to be able to adapt to the IP drift of the container. IP independence can be achieved in the following ways:

The peer IP is obtained through service registration and discovery of micro-services. Note that this is the container IP, which is generally not visible outside the cluster. If there are applications outside the Kubernetes cluster, if you want to access POD directly (especially the mixed distribution of Springcloud applications), you need to consider the problem of network model. In Aliyun, the network mode of Terway is provided, and the elastic network card technology (ENI) can directly support the interworking between ECS and POD, and well support the evolution of the program to containerization.

(terway has opened up https://github.com/AliyunContainerService/terway and asked for star)

Access POD through Kubernetes's SLB Service or Ingress. Especially for the direct relocation of traditional non-modified applications, it is necessary to use this model. Because the external IP of SLB/Ingress is fixed. If it is accessed in a cluster, it is better to use the domain name method of service.

Deal with the external configuration of the program

Usually, the original program writes the relevant configuration to the local configuration file. When you get to the container, especially the Kubernetes, this method must be changed, because the startup process of the program can no longer be artificially intervened, and it needs to be able to adapt to support the scaling of program instances, rather than designing the program to a fixed number of instances.

Make full use of Kubernetes's configmap/secret

For startup configuration and environment variable configuration, configure in configmap and secret as much as possible. It is important to note that the change to configmap/secret does not change the environment variable of the container that is already running. If it is used by volume, the corresponding file will take effect in the existing program when the time is uncertain. Therefore, for the use of configmap/secret, subsequent changes have to be made through rolling upgrade to make the new configuration effective.

Take advantage of configuration center

Configuration changes in the running state need to be handled by using the concept of configuration center in the micro-service architecture, which needs to better support the following core features:

Dynamic push must be supported

Version management must be supported

Fault tolerance and recovery must be supported

Support for secure communication

The configuration center, ACM, is available free of charge on Aliyun, which already provides the above features. And it has been open source, called NACOS (https://nacos.io))

Understand the startup process and startup time of the program.

Although most of the time we hear that the promotion of the container is started in "seconds", it requires a clear understanding of how the program starts in the container / Kubernetes.

It is important to note here that "seconds start" cannot be equated with "seconds available". Because the startup process of the program in the container is roughly as follows:

Cdn.com/1e9b2c7cc652ee02326a2f63d4076cf8abda4a32.png ">

The time level shown here takes an ordinary tomcat business program as an example (for example, it needs to connect to mysql, etc.)

So developers need to consider the impact of this process on the program.

Make good use of the health check and double insurance of Kubernetes

In the past, the concept of health examination was to do health check, but to Kubernetes, it became a double check, namely: liveness and readiness. Why? As can be seen from the above program startup process, container startup does not mean that the program has been accessed, especially for java programs, as well as springboot/tomcat startup process, this process is also more time-consuming. It is easy to timeout if you visit the program at this time.

Liveness: make sure the application is still alive, or Kubernetes will restart the POD

Liveness prob reasonably sets the initialDelaySecond value to avoid constantly restarting POD (it is appropriate to consider using the maximum delay of 99%)

Readiness: make sure the application is ready to receive traffic, otherwise it will not be distributed to him, such as the first access timeout.

Three types of probes for inspection: http, cmd, tcp, can be used according to the program

Based on this design principle, the program needs to consider providing two checked interfaces. An immediate euro is used to determine whether the program is alive, such as returning http 200directly. An interface is used to determine whether the program can handle the request properly, especially if the program relies on connecting to the database, redis and other external resources to provide services, then this interface needs to check whether these external resources can be used. These two interfaces have a clear meaning, so don't use them backwards.

Summary

Today, when the IT system architecture is becoming more and more complex and intelligent, developers can pay more attention to business development, but from the perspective of architecture design, they still need to have a deep understanding of Kubernetes so as not to violate the design principles of Kubernetes.

(*) data source: https://www.cncf.io/blog/2018/08/29/cncf-survey-use-of-cloud-native-technologies-in-production-has-grown-over-200-percent/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.