前言

最近又读了一遍 Borg, Omega, and Kubernetes 这篇文章,觉得这个文章写得很好,让我对架构设计有了进一步的认识,所以想写一篇读后笔记。

原文地址,还有篇中文翻译的,这个中文翻译感觉有的地方没有翻译,有的地方我有不同的理解,这里我就以英文原版为例,参考中文翻译来写这篇读后笔记。

容器管理系统的介绍

Borg was built to manage both long-running services and batch jobs, which had previously been handled by two separate systems: Babysitter and the Global Work Queue.

Borg 主要是管理长期运行的服务和批处理作业,Borg 的复杂度也是逐渐增加的,有很多定制化的东西,所以和谷歌的内部系统耦合很紧。

Omega, an offspring of Borg, was driven by a desire to improve the software engineering of the Borg ecosystem.
It applied many of the patterns that had proved successful
in Borg, but was built from the ground up to have a more consistent, principled architecture.

Omega 强调更高的一致性。

More importantly, Kubernetes
was developed with a stronger focus on the experience of developers writing applications that run in a cluster: its main design goal is to make it easy to deploy and manage complex distributed systems, while still benefiting from the improved utilization that containers enable.

这句话我还是想强调一下的,K8s 在开发的时候非常强调开发者在开发集群中应用的体验,它的主要目标就是简化管理和部署复杂的分布式系统,同时还能受益于容器的高利用率。

现在的大厂竞争其实就是开发者的竞争,现在越来越强调注重开发者体验而非最终用户体验这个理念(其实就是 API 设计是否良好,或者说编程体验是不是良好)。

面向应用的基础设施

over time it became clear that the benefits of containerization go beyond merely enabling higher levels of utilization.

  1. Containers encapsulate the application environment, abstracting away many details of machines and operating systems from the application developer and the deployment infrastructure.

  2. Because well-designed containers and container images are scoped to a single application, managing containers means managing applications rather than machines. This shift of management APIs from machine-oriented to application oriented dramatically improves application deployment and introspection.

应用环境

One consequence is that Google has only a small number of OS versions deployed across its entire fleet of machines at any one time, and it needs only a small staff of people to maintain them and push out new versions.

容器作为管理单元

Building management APIs around containers rather than machines shifts the “primary key” of the data center from machine to application.

A common use pattern is for a pod to hold an instance
of a complex application. The major part of the application sits in one of the child containers, and other child containers run supporting functions such as log rotation or click-
log offloading to a distributed file system. Compared to combining the functionality into a single binary, this makes it easy to have different teams develop the distinct pieces of functionality, and it improves robustness (the offloading continues even if the main application gets wedged), composability (it’s easy to add a new small support service, because it operates in the private execution environment provided by its own container), and fine-grained resource isolation (each runs in its own resources, so the logging system can’t starve the main app, or vice versa).

编排只是开始,不是结束

Consistency is also achieved through common design patterns for different Kubernetes components. The idea of a reconciliation controller loop is shared throughout Borg, Omega, and Kubernetes to improve the resiliency of a system: it compares a desired state (e.g., how many pods should match a label-selector query) against the observed state (the number of such pods that it can find), and takes actions to converge the observed and desired states.Because all action is based on observation rather than a state diagram, reconciliation loops are robust to failures and perturbations: when a controller fails or restarts it simply picks up where it left off.

需要避免的事情

不要让容器系统管理端口

不要只是标识容器:给他们标签

注意所有权

In Kubernetes, pod-lifecycle management components such as replication controllers determine which pods
they are responsible for using label selectors, so multiple controllers might think they have jurisdiction over a single pod. It is important to prevent such conflicts through appropriate configuration choices. But the flexibility of labels has compensating advantages—for example, the separation of controllers and pods means that it is possible to “orphan” and “adopt” containers.

不要暴露裸状态

A key difference between Borg, Omega, and Kubernetes is
in their API architectures.

一些开放并且困难的问题

配置

依赖管理

结语

A decade's worth of experience building container-management systems has taught us much, and we have embedded many of those lessons into Kubernetes, Google's most recent container-management system. Its goals are to build on the capabilities of containers to provide significant gains in programmer productivity and ease of both manual and automated system management. We hope you'll join us in extending and improving it.