Na rubuta kwanan nan , Inda ya ambata a taƙaice cewa za ku iya yin tsarin daidaitawar ku don sabis ɗin ya yi aiki sosai a Kuber, yana jan sirri, kuma yana gudana cikin sauƙi, har ma a waje da Docker gaba ɗaya. Babu wani abu mai rikitarwa, amma “abincin girke-girke” da aka kwatanta yana iya zama da amfani ga wani :) Lambar tana cikin Python, amma dabaru ba a haɗa su da harshen ba.
Abin da ke tattare da tambayar shi ne: sau ɗaya a wani lokaci akwai aiki guda ɗaya, da farko wani ƙaramin monolith ne tare da kayan aiki da rubutu, amma bayan lokaci ya girma, ya kasu kashi a cikin sabis, wanda hakan ya fara rarraba zuwa microservices, kuma sa'an nan aka haɓaka. Da farko, duk wannan an yi shi ne akan VPS mara amfani, hanyoyin kafawa da ƙaddamar da code akan waɗanda aka sarrafa ta atomatik ta amfani da Mai yiwuwa, kuma an haɗa kowane sabis tare da tsarin YAML tare da saitunan da maɓallan da suka wajaba, kuma an yi amfani da fayil ɗin daidaitawa iri ɗaya. ƙaddamar da gida, wanda ya dace sosai, saboda .k an ɗora wannan tsarin a cikin wani abu na duniya, wanda zai iya samuwa daga ko'ina cikin aikin.
Koyaya, haɓakar adadin microservices, haɗin su, da , ya nuna alamar motsi zuwa Kuber, wanda har yanzu yana ci gaba. Tare da taimako wajen magance matsalolin da aka ambata, Kubernetes yana ba da hanyoyinsa don sarrafa kayan more rayuwa, gami da и . Tsarin yana da ma'auni kuma abin dogara, don haka a zahiri zunubi ne rashin amfani da shi! Amma a lokaci guda, Ina so in kula da tsarina na yanzu don aiki tare da saitin: na farko, don amfani da shi daidai a cikin microservices daban-daban na aikin, kuma na biyu, don samun damar gudanar da lambar akan na'ura na gida ta amfani da guda ɗaya mai sauƙi. config fayil.
Dangane da wannan, an canza tsarin aikin ginin abu don samun damar yin aiki tare da babban fayil ɗin daidaitawar mu da kuma sirrin Kuber. An kuma ƙayyadadden tsari mai tsauri, a cikin yaren Python na uku, kamar haka:
Dict[str, Dict[str, Union[str, int, float]]]
Wato, cogfig na ƙarshe ƙamus ne tare da sassa masu suna, kowannensu ƙamus ne mai ƙima daga nau'ikan sauƙi. Kuma sassan suna bayyana tsari da samun dama ga albarkatun wani nau'i. Misalin yanki na tsarin mu:
adminka:
django_secret: "ExtraLongAndHardCode"
db_main:
engine: mysql
host: 256.128.64.32
user: cool_user
password: "SuperHardPassword"
redis:
host: 256.128.64.32
pw: "SuperHardPassword"
port: 26379
smtp:
server: smtp.gmail.com
port: 465
email: [email protected]
pw: "SuperHardPassword"A lokaci guda, filin engine Za a iya shigar da bayanan bayanai akan SQLite, kuma redis saita zuwa mock, Ƙayyade kuma sunan fayil ɗin don adanawa - waɗannan sigogi ana gane su daidai kuma ana sarrafa su, wanda ke sauƙaƙa gudanar da lambar a cikin gida don yin kuskure, gwajin naúrar da kowane buƙatu. Wannan yana da mahimmanci a gare mu saboda akwai wasu buƙatu da yawa - ɓangaren code ɗinmu an yi shi ne don ƙididdige ƙididdiga daban-daban, yana gudana ba kawai akan sabar tare da ƙungiyar kade-kade ba, har ma da rubutun daban-daban, da kwamfutocin manazarta waɗanda ke buƙatar yin aiki ta hanyar. da kuma gyara rikitattun bututun sarrafa bayanai ba tare da damuwa da matsalolin baya ba. Af, ba zai yi zafi ba don raba cewa manyan kayan aikin mu, gami da lambar shimfidar wuri, an shigar ta ta setup.py - tare wannan yana haɗa lambar mu zuwa tsarin muhalli guda ɗaya, mai zaman kansa daga dandamali da hanyar amfani.
Bayanin kwafsa na Kubernetes yayi kama da haka:
containers:
- name : enter-api
image: enter-api:latest
ports:
- containerPort: 80
volumeMounts:
- name: db-main-secret-volume
mountPath: /etc/secrets/db-main
volumes:
- name: db-main-secret-volume
secret:
secretName: db-main-secretWato kowane sirri yana siffanta sashe ɗaya. Su kansu asirin an halicce su kamar haka:
apiVersion: v1
kind: Secret
metadata:
name: db-main-secret
type: Opaque
stringData:
db_main.yaml: |
engine: sqlite
filename: main.sqlite3Tare wannan yana haifar da ƙirƙirar fayilolin YAML akan hanya /etc/secrets/db-main/section_name.yaml
Kuma don ƙaddamar da gida, ana amfani da saitin, wanda ke cikin tushen tsarin aikin ko kuma tare da hanyar da aka ƙayyade a cikin yanayin yanayi. Ana iya ganin lambar da ke da alhakin waɗannan abubuwan jin daɗi a cikin mai ɓarna.
config.py
__author__ = 'AivanF'
__copyright__ = 'Copyright 2020, AivanF'
import os
import yaml
__all__ = ['config']
PROJECT_DIR = os.path.abspath(__file__ + 3 * '/..')
SECRETS_DIR = '/etc/secrets'
KEY_LOG = '_config_log'
KEY_DBG = 'debug'
def is_yes(value):
if isinstance(value, str):
value = value.lower()
if value in ('1', 'on', 'yes', 'true'):
return True
else:
if value in (1, True):
return True
return False
def update_config_part(config, key, data):
if key not in config:
config[key] = data
else:
config[key].update(data)
def parse_big_config(config, filename):
'''
Parse YAML config with multiple section
'''
if not os.path.isfile(filename):
return False
with open(filename) as f:
config_new = yaml.safe_load(f.read())
for key, data in config_new.items():
update_config_part(config, key, data)
config[KEY_LOG].append(filename)
return True
def parse_tiny_config(config, key, filename):
'''
Parse YAML config with a single section
'''
with open(filename) as f:
config_tiny = yaml.safe_load(f.read())
update_config_part(config, key, config_tiny)
config[KEY_LOG].append(filename)
def combine_config():
config = {
# To debug config load code
KEY_LOG: [],
# To debug other code
KEY_DBG: is_yes(os.environ.get('DEBUG')),
}
# For simple local runs
CONFIG_SIMPLE = os.path.join(PROJECT_DIR, 'config.yaml')
parse_big_config(config, CONFIG_SIMPLE)
# For container's tests
CONFIG_ENVVAR = os.environ.get('CONFIG')
if CONFIG_ENVVAR is not None:
if not parse_big_config(config, CONFIG_ENVVAR):
raise ValueError(
f'No config file from EnvVar:n'
f'{CONFIG_ENVVAR}'
)
# For K8s secrets
for path, dirs, files in os.walk(SECRETS_DIR):
depth = path[len(SECRETS_DIR):].count(os.sep)
if depth > 1:
continue
for file in files:
if file.endswith('.yaml'):
filename = os.path.join(path, file)
key = file.rsplit('.', 1)[0]
parse_tiny_config(config, key, filename)
return config
def build_config():
config = combine_config()
# Preprocess
for key, data in config.items():
if key.startswith('db_'):
if data['engine'] == 'sqlite':
data['filename'] = os.path.join(PROJECT_DIR, data['filename'])
# To verify correctness
if config[KEY_DBG]:
print(f'** Loaded config:n{yaml.dump(config)}')
else:
print(f'** Loaded config from: {config[KEY_LOG]}')
return config
config = build_config()Ma'anar a nan abu ne mai sauƙi: muna haɗa manyan saiti daga kundin tsarin aiki da hanyoyi ta hanyar canjin yanayi, da ƙananan sassan saiti daga sirrin Kuber, sannan mu tsara su kaɗan. Da wasu masu canji. Na lura cewa lokacin neman fayiloli daga asirce, ana amfani da ƙayyadaddun ƙayyadaddun ƙayyadaddun bayanai, saboda K8s suna ƙirƙirar babban fayil ɗin ɓoye a cikin kowane sirri inda asirin kansu ke adanawa, kuma kawai hanyar haɗi yana samuwa a matakin mafi girma.
Ina fatan abin da aka bayyana zai zama da amfani ga wani :) Duk wani sharhi da shawarwari game da tsaro ko wasu wurare don inganta ana karɓa. Har ila yau, ra'ayin jama'a yana da ban sha'awa, watakila yana da daraja ƙara goyon baya ga ConfigMaps (aikin mu bai yi amfani da su ba tukuna) da buga lambar akan GitHub / PyPI? Da kaina, ina tsammanin cewa irin waɗannan abubuwa sun kasance daidai da mutum don ayyukan su zama na duniya, da kuma ɗan leƙen ayyukan wasu mutane, kamar wanda aka ba a nan, da tattaunawa game da nuances, tukwici da ayyuka mafi kyau, wanda nake fatan gani a cikin sharhi. , ya isa 😉
Masu amfani da rajista kawai za su iya shiga cikin binciken. don Allah.
Shin zan iya bugawa azaman aikin / ɗakin karatu?
-
0,0%Ee, zan yi amfani da gudummawar / gudummawa0
-
33,3%Ee, wannan yana da kyau4
-
41,7%A'a, wa ya kamata su yi da kansu a cikin nasu tsarin da kuma dacewa da bukatunsu5
-
25,0%Zan dena amsawa3
12 masu amfani sun kada kuri'a. Masu amfani 3 sun kaurace.
source: www.habr.com