Kubernetes v1.19 変更点調査のまとめ / k8s-v119-updates

Transcript

1. Kubernetes Meetup Tokyo #34 (2020/9/30) Shunya Murata @shmurata_ Shinya Uemura

   @uesyn Kubernetes v1.19 มߋ఺ௐࠪͷ·ͱΊ

2. Shinya Uemura / @suemura ▶ θοτϥϘגࣜձࣾ ιϑτ΢ΣΞΤϯδχΞ ▶ 2019೥θοτϥϘגࣜձࣾʹೖࣾ ▶

   Prometheus Meetup Tokyo, Cloud Native Meetup TokyoͷӡӦ΍ͬͯ·͢

3. θοτϥϘגࣜձࣾ / Z Lab Corporation ▶ 2015೥ʹઃཱ͞ΕͨϠϑʔגࣜձࣾͷ100%ࢠձࣾ ▶ Πϯϑϥج൫ٕज़ͷௐࠪɾݚڀ։ൃ ▶

   Ϡϑʔגࣜձࣾ޲͚ͷϚωʔδυ Kubernetes αʔϏεͷ։ൃ ▶ https://zlab.co.jp/

4. ΞδΣϯμ ▶ มߋ఺ௐࠪͷऔΓ૊Έʹ͍ͭͯ ▶ @uesynͷؾʹͳͬͨมߋ఺ͷ঺հ ▶ @shmurata_ ͷؾʹͳͬͨมߋ఺ͷ঺հ

5. มߋ఺ௐࠪʹ͍ͭͯ

6. มߋ఺ௐࠪͱ͸ʁͳ࣮ͥࢪ͢Δͷ͔ʁ ▶ มߋ఺ௐࠪͱ͸ʁ + Z LabͰ͸KubernetesͷCHANGELOGΛௐࠪɾ೔ຊޠ༁ͷهࣄΛ࡞੒͍ͯ͠·͢ + ϚΠφʔόʔδϣϯͷϦϦʔεຖʹ࣮ࢪ + v1.19͸Z

   Labͱ@superbrothers͞ΜͰ࣮ࢪ + SIG (Special Interest Group) ຖʹ୲౰Λ෼୲͠ɺSIGʹؔ࿈ͨ͠಺༰Λ·ͱΊΔ ▶ ͳ࣮ͥࢪ͢Δͷ͔ʁ + ίϛϡχςΟ΁ͷߩݙͷͨΊ + CaaSΛར༻͍ͯ͠ΔϢʔβ΁Өڹ΍ศརͳػೳͷ঺հ + Kubernetesͷมߋ఺͔Βɺఏڙ͍ͯ͠ΔCaaS΁ͷӨڹΛ೺Ѳ͢ΔͨΊ + ެ։͍ͯ͠Δͷ͸ϚΠφʔόʔδϣϯ͚ͩͰ͕͢ɺύονόʔδϣϯͷมߋ΋֬ೝ

7. มߋ఺ௐࠪͱ͸ʁͳ࣮ͥࢪ͢Δͷ͔ʁ ▶ มߋ఺ௐࠪͱ͸ʁ + Z LabͰ͸KubernetesͷCHANGELOGΛௐࠪɾ೔ຊޠ༁ͷهࣄΛ࡞੒͍ͯ͠·͢ + ϚΠφʔόʔδϣϯͷϦϦʔεຖʹ࣮ࢪ + v1.19͸Z

   Labͱ@superbrothers͞ΜͰ࣮ࢪ + SIG (Special Interest Group) ຖʹ୲౰Λ෼୲͠ɺSIGʹؔ࿈ͨ͠಺༰Λ·ͱΊΔ ▶ ͳ࣮ͥࢪ͢Δͷ͔ʁ + ίϛϡχςΟ΁ͷߩݙͷͨΊ + CaaSΛར༻͍ͯ͠ΔϢʔβ΁Өڹ΍ศརͳػೳͷ঺հ + Kubernetesͷมߋ఺͔Βɺఏڙ͍ͯ͠ΔCaaS΁ͷӨڹΛ೺Ѳ͢ΔͨΊ + ެ։͍ͯ͠Δͷ͸ϚΠφʔόʔδϣϯ͚ͩͰ͕͢ɺύονόʔδϣϯͷมߋ΋֬ೝ

8. @uesyn ͷؾʹͳͬͨมߋ఺

9. ͔͜͜Βࢲ͕࿩͢಺༰ 1. Expanded CLI support for debugging workloads and nodes


   2. Deprecation warnings
 3. Avoiding permanent beta
 4. Increase the Kubernetes support window to one year
 5. Structure Logging
 6. EndpointSlices are now enabled by default

10. Expanded CLI support for debugging workloads and nodes

11. Expanded CLI support for debugging workloads and nodes ▶ ”kubectl

    alpha debug” ΁৽ͨʹ2ͭͷػೳ͕௥Ճ 1. NodeͷͨΊͷdebugػೳ + Nodeͷσόοά༻ίϯςφΛ࡞੒ + /host ΁Nodeͷ / ΛϚ΢ϯτ͠ɺNodeͷPID,IPC΍NWωʔϜεϖʔεͰىಈ 2. PodͷͨΊͷdebugػೳ + debugର৅ͷPodΛίϐʔ͠debug༻PodΛ࡞੒ + debug༻ίϯςφΛૠೖͨ͠ΓɺίϯςφΠϝʔδ΍Ҿ਺ͳͲΛมߋͨ͠΋ͷΛ࡞੒ ▶ ͲͪΒ΋FeatureGatesͷEphemeralContainersΛ༗ޮʹ͢Δඞཁͳ͠ + alphaػೳ͕༗ޮʹͰ͖ͳ͍؀ڥͰ΋ར༻Մೳ

12. ௥Ճ͞ΕͨNodeͷͨΊͷdebugػೳ(1/2)

13. ௥Ճ͞ΕͨNodeͷͨΊͷdebugػೳ(2/2) /hostʹNodeͷ/͕Ϛ΢ϯτ͞Ε͍ͯΔ NodeͷPID,IPC΍NWωʔϜεϖʔεͰ࣮ߦ debug༻ͷPod໊

14. ௥Ճ͞ΕͨPodͷͨΊͷdebugػೳ(1/2) ͜ͷ໊લͰdebug༻Pod͕࡞੒͞ΕΔ share-processͰ΋debug༻ίϯςφΛىಈՄೳ

15. ௥Ճ͞ΕͨPodͷͨΊͷdebugػೳ(2/2) share-processͰ΋debug༻ίϯςφΛىಈՄೳ ▶ ͬ͟ͱ֬ೝͨ͠ײ͡ؾΛ෇͚ͨํ͕ྑͦ͞͏ͳࣄ + label͸ίϐʔ͞Εͳ͍ + Service഑ԼͷPodΛdebug͢Δͱ͖ɺಉ͡τϥϑΟοΫ͸ྲྀΕͯ͜ͳ͍ + Volume,

    VolumeMounts΋ίϐʔ͞ΕΔ + hostPort΋ίϐʔ͞ΕΔ ౳ʑ… ▶ ىಈॱংͷ੍໿΍εέʔϧͰ͖ͳ͍ΞϓϦέʔγϣϯ΋஫ҙ͢Δඞཁ

16. ௥Ճ͞Εͨdebugػೳʹ͍ͭͯ ▶ ௥Ճ͞Εͨೋͭͷػೳ͸ڞʹɺศརPodΛ࡞ΔͨΊͷίϚϯυ ▶ ৄ͍࣮͠૷͸ҎԼΛࢀর + https://github.com/kubernetes/kubectl/blob/v0.19.2/pkg/cmd/debug/debug.go#L478-L522 + https://github.com/kubernetes/kubectl/blob/v0.19.2/pkg/cmd/debug/debug.go#L413-L476

17. Deprecation warnings

18. Deprecation warnings ▶ APIར༻࣌ʹWarningΛฦ͢ػೳ͕௥Ճ + ഇࢭ༧ఆͷAPIΛୟ͍ͨ࣌ + Admission WebhooksͷϨεϙϯεͰࢦఆ (ϢʔβఆٛՄೳ)

    + CRDͷϑΟʔϧυͰࢦఆ (ϢʔβఆٛՄೳ)

19. ValidatingWebhookΛ༻͍ͨWarningͷσϞ ▶ ԿͷK8sϦιʔεͷValidation΋ͤͣɺWarning͚ͩฦ͢ValidatingWebhookͷσϞΛ͠·͢ + https://github.com/uesyn/sample-warning-admission-webhook + ↑ޙ΄Ͳͪ͜ΒͰެ։͓͖ͯ͠·͢ + ϦιʔεͷValidation͸͠·ͤΜ͕ɺۈ຿࣌ؒͷValidation͸ͯ͘͠Ε·͢ +

    ۈ຿࣌ؒ֎ʹಇ͘͜ͱΛېࢭ͠·ͤΜ͕ɺWarningͱͯ͠ग़ྗ ▶ Admission WebhookͷWarningʹ͍ͭͯ͸ҎԼΛࢀর͍ͩ͘͞ + https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#admissionreview-response-warning

20. Avoiding permanent beta

21. Avoiding permanent beta ▶ ͣͬͱvXbetaYͰ͢ʂͱͳΒͳ͍ͨΊͷϙϦγʔΛద༻ + Ingress͸2015೥ʹ͸betaʹͳ͍ͬͯͨΑ͏Ͱ͢ ▶ ৽͍͠API͕betaʹͳΔͱɺͦͷAPI͸9ϲ݄Ҏ಺ͰҎԼͷΞΫγϣϯ͕ඞཁ +

    GAΛग़͠ɺbetaͷ΋ͷΛඇਪ঑ͱ͢Δ + ৽͍͠betaΛग़͠ɺݹ͍΋ͷΛඇਪ঑ͱ͢Δ ▶ 9ϲ݄ܦաͯ͠͠·ͬͨ৔߹ + ࣍ͷϦϦʔεͰͦͷAPIͷόʔδϣϯ͸ඇਪ঑ͱͳΔ + ಉ͡betaόʔδϣϯͰଓߦͱ͍͏બ୒ࢶ͸ͳ͍ ▶ ৄࡉ͸ҎԼ + https://kubernetes.io/blog/2020/08/21/moving-forward-from-beta/

22. Increase the Kubernetes support window to one year

23. Increase the Kubernetes support window to one year ▶ Kubernetes

    v1.19͔Βɺόάमਖ਼ͷαϙʔτ͕9ϲ݄͔Β1೥΁ ▶ ͜Ε͔Β΋ؤுͬͯΫϥελͷΞοϓάϨʔυ͍͖ͯ͠·͠ΐ͏ʂ

24. Structure Logging

25. Structure Logging ▶ ߏ଄ԽϩΪϯά͕ಋೖ͞Εͨ + ରԠ͍ͯ͠ΔkubernetesͷίϯϙʔωϯτͰ͋Ε͹—logging-formatΦϓγϣϯͰࢦఆՄೳ + json ·ͨ͸ text

    Λࢦఆ ▶ k8s.io/klog ͕v2ͱͳΓInfoS΍ErrorSͳͲͷߏ଄Խ͞ΕͨϩάΛग़ྗ͢Δؔ਺͕௥Ճ + jsonͰग़ྗ͢Δ࣮૷͸klogʹ͸ͳ͍ + SetLogger ؔ਺Ͱgithub.com/go-logr/logr Λ࣮૷ͨ͠΋ͷΛηοτ͢Δ + K8sίϯϙʔωϯτ͕ར༻͍ͯ͠Δ্ه࣮૷͸ k8s.io/component-base ʹଘࡏ

26. EndpointSlices are now enabled by default

27. EndpointSlices are now enabled by default ▶ Endpointsͷ୅ΘΓʹEndpointSlice͕kube-proxyͰσϑΥϧτͰར༻͞ΕΔΑ͏ʹ ▶ EndpointSliceϦιʔεࣗମ͸v1.18͔Β࡞੒͞ΕΔ

    ▶ EndpointsϦιʔεΛ୯ମͰ࡞੒͢ΔͱɺରԠ͢ΔEndpointSliceϦιʔε͕࡞੒͞ΕΔ + EndpointSliceMirrorling controllerʹΑΓੜ੒͞ΕΔ + labelͰendpointslice.kubernetes.io/skip-mirror: “true" ͱ͢Δ͜ͱͰϛϥʔϦϯά͞Εͳ͘ͳΔ + ࡞੒͞ΕΔEndpointSlice͸OwnerReference͕ͦͷEndpointsͱͳΔΑ͏Ͱ͢