梗概
Provisioning和Orchestration是云原生基础设施管理的两个核心概念,前者负责资源的创建和准备,后者负责资源的协调和管理。
核心区别
- Provisioning(资源供给):你起了3台服务器,作为编排中可用的节点
- Orchestration(编排):你告诉它们分别跑哪几个容器、怎么通信,可以用刚起来的几个新node
详细说明
Provisioning(资源供给)
定义
Provisioning是指创建、配置和准备计算资源(如服务器、网络、存储)的过程,使其能够运行应用程序。
核心职责
-
硬件资源创建
- 创建虚拟机或物理服务器
- 分配CPU、内存、存储资源
- 配置网络连接
-
系统环境准备
- 安装操作系统
- 配置基础软件包
- 设置安全策略和防火墙
-
运行时环境配置
- 安装容器运行时(如Docker)
- 配置kubernetes节点组件
- 设置监控和日志收集
实现工具
Infrastructure as Code (IaC)
# Terraform 示例 - AWS EC2实例
resource "aws_instance" "k8s_node" {
count = 3
ami = "ami-0c55b159cbfafe1d0"
instance_type = "t3.medium"
key_name = "my-key-pair"
security_groups = [aws_security_group.k8s_sg.name]
tags = {
Name = "k8s-worker-${count.index + 1}"
Role = "kubernetes-node"
}
user_data = <<-EOF
#!/bin/bash
# 安装Docker
yum update -y
yum install -y docker
systemctl start docker
systemctl enable docker
# 安装kubeadm, kubelet, kubectl
cat <<EOF2 > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF2
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet
EOF
}Cloud Provider APIs
# AWS SDK 示例
import boto3
ec2 = boto3.resource('ec2')
# 创建实例
instances = ec2.create_instances(
ImageId='ami-0c55b159cbfafe1d0',
MinCount=3,
MaxCount=3,
InstanceType='t3.medium',
KeyName='my-key-pair',
SecurityGroupIds=['sg-12345678'],
UserData='''#!/bin/bash
# 节点初始化脚本
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
'''
)配置管理工具
# Ansible Playbook 示例
---
- name: 准备Kubernetes节点
hosts: new_nodes
become: yes
tasks:
- name: 更新系统包
yum:
name: "*"
state: latest
- name: 安装Docker
yum:
name: docker
state: present
- name: 启动Docker服务
systemd:
name: docker
state: started
enabled: yes
- name: 添加Kubernetes仓库
yum_repository:
name: kubernetes
description: Kubernetes Repository
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
gpgcheck: yes
gpgkey: |
https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: 安装Kubernetes组件
yum:
name:
- kubelet
- kubeadm
- kubectl
state: present
- name: 启动kubelet服务
systemd:
name: kubelet
enabled: yesOrchestration(编排)
定义
Orchestration是指协调和管理已准备好的资源,决定在哪些资源上运行什么应用,以及这些应用如何交互。
核心职责
-
工作负载调度
-
服务协调
-
生命周期管理
- 管理应用的部署、更新、回滚
- 监控应用健康状态
- 自动故障恢复和扩缩容
实现示例
应用部署编排
# Kubernetes Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
labels:
app: web-app
spec:
replicas: 3
selector:
matchLabels:
app: web-app
template:
metadata:
labels:
app: web-app
spec:
containers:
- name: web
image: nginx:1.20
ports:
- containerPort: 80
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
# 节点选择器 - 使用provisioning阶段准备的节点
nodeSelector:
node-type: worker
# 容忍度 - 允许调度到特定节点
tolerations:
- key: "dedicated"
operator: "Equal"
value: "web-tier"
effect: "NoSchedule"服务通信编排
# Service 配置
apiVersion: v1
kind: Service
metadata:
name: web-service
spec:
selector:
app: web-app
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
---
# Ingress 配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80自动扩缩容编排
# HPA 配置
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: web-app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: web-app
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80两者的协作关系
典型工作流程
-
Provisioning阶段
# 1. 使用Terraform创建基础设施 terraform apply # 2. 使用Ansible配置节点 ansible-playbook setup-k8s-nodes.yml # 3. 初始化Kubernetes集群 kubeadm init --pod-network-cidr=10.244.0.0/16 # 4. 加入工作节点 kubeadm join <master-ip>:6443 --token <token> --discovery-token-ca-cert-hash <hash> -
Orchestration阶段
# 1. 部署应用 kubectl apply -f deployment.yaml # 2. 创建服务 kubectl apply -f service.yaml # 3. 配置入口 kubectl apply -f ingress.yaml # 4. 设置自动扩缩容 kubectl apply -f hpa.yaml
边界与职责
| 阶段 | 关注点 | 输出 | 典型工具 |
|---|---|---|---|
| Provisioning | 基础设施准备 | 可用的计算节点 | Terraform, Ansible, Cloud APIs |
| Orchestration | 应用管理 | 运行中的服务 | kubernetes, Docker Swarm |
现代实践中的融合
GitOps工作流
# ArgoCD Application 配置
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: infrastructure
spec:
source:
repoURL: https://github.com/company/infrastructure
path: terraform/
targetRevision: main
destination:
server: https://kubernetes.default.svc
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: web-app
spec:
source:
repoURL: https://github.com/company/web-app
path: k8s/
targetRevision: main
destination:
server: https://kubernetes.default.svc
namespace: production云原生平台集成
现代云平台(如AWS EKS、Google GKE、Azure AKS)将Provisioning和Orchestration进行了深度集成:
# AWS EKS集群配置(同时包含provisioning和orchestration)
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: my-cluster
region: us-west-2
# Provisioning配置
nodeGroups:
- name: worker-nodes
instanceType: t3.medium
desiredCapacity: 3
minSize: 1
maxSize: 5
volumeSize: 20
ssh:
allow: true
publicKeyName: my-key
# Orchestration配置
addons:
- name: vpc-cni
- name: coredns
- name: kube-proxy
- name: aws-load-balancer-controller最佳实践
1. 分离关注点
- 基础设施代码与应用配置分开管理
- 使用不同的Git仓库和CI/CD流水线
- 建立清晰的依赖关系
2. 自动化程度
- Provisioning:完全自动化,支持一键创建和销毁
- Orchestration:声明式配置,支持GitOps工作流
3. 监控和观测
# 基础设施监控
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-config
data:
prometheus.yml: |
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-nodes'
kubernetes_sd_configs:
- role: node
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: podProvisioning和Orchestration是云原生架构的两个基础支柱,它们的有效协作是实现现代应用高效运维的关键。通过合理的工具选择和流程设计,可以实现从基础设施到应用的全自动化管理。