Ana ƙara tambayar mu game da haɓaka ƙananan sabis a Kubernetes. Masu haɓakawa, musamman na harsunan da aka fassara, suna so su gyara lamba cikin sauri a cikin IDE ɗin da suka fi so kuma su ga sakamakon ba tare da jiran gini ko turawa ba - ta danna F5 kawai. Kuma idan ya zo ga aikace-aikacen monolithic, ya isa a shigar da bayanan gida da sabar gidan yanar gizo (a cikin Docker, VirtualBox ...), sannan kuma nan da nan jin daɗin ci gaba. Tare da yankan monoliths a cikin microservices da zuwan Kubernetes, tare da bayyanar dogara ga juna, komai. . Yawancin waɗannan ƙananan ayyukan, ƙarin matsaloli. Don jin daɗin ci gaba kuma, kuna buƙatar haɓaka kwantena Docker fiye da ɗaya ko biyu, kuma wani lokacin har ma fiye da dozin ... Gabaɗaya, duk wannan na iya ɗaukar lokaci mai yawa, tunda kuma yana buƙatar kiyaye shi har zuwa yau. .
A lokuta daban-daban mun gwada hanyoyin magance matsalar daban-daban. Kuma zan fara tare da abubuwan da aka tara tarawa ko kuma kawai "ƙuƙwalwa".
1. Kumburi
Yawancin IDEs suna da ikon gyara lamba kai tsaye akan sabar ta amfani da FTP/SFTP. Wannan hanya a bayyane take kuma nan da nan muka yanke shawarar amfani da ita. Asalinsa ya gangaro zuwa kamar haka:
- A cikin wuraren ci gaba (dev/bita), an ƙaddamar da ƙarin kwantena tare da samun damar SSH da tura maɓallin SSH na jama'a na mai haɓakawa wanda zai ƙaddamar / tura aikace-aikacen.
- A matakin init (a cikin akwati
prepare-app) canja wurin lambar zuwaemptyDirdon samun damar yin amfani da lambar daga kwantena aikace-aikacen da uwar garken SSH.
Don ƙarin fahimtar aiwatar da fasaha na irin wannan makirci, zan samar da ɓangarorin daidaitawar YAML da ke cikin Kubernetes.
Tsarin tsari
1.1. dabi'u.yaml
ssh_pub_key:
vasya.pupkin: <ssh public key in base64>
Yana da vasya.pupkin shine darajar ma'auni ${GITLAB_USER_LOGIN}.
1.2. turawa.yaml
...
{{ if eq .Values.global.debug "yes" }}
volumes:
- name: ssh-pub-key
secret:
defaultMode: 0600
secretName: {{ .Chart.Name }}-ssh-pub-key
- name: app-data
emptyDir: {}
initContainers:
- name: prepare-app
{{ tuple "backend" . | include "werf_container_image" | indent 8 }}
volumeMounts:
- name: app-data
mountPath: /app-data
command: ["bash", "-c", "cp -ar /app/* /app-data/" ]
{{ end }}
containers:
{{ if eq .Values.global.debug "yes" }}
- name: ssh
image: corbinu/ssh-server
volumeMounts:
- name: ssh-pub-key
readOnly: true
mountPath: /root/.ssh/authorized_keys
subPath: authorized_keys
- name: app-data
mountPath: /app
ports:
- name: ssh
containerPort: 22
protocol: TCP
{{ end }}
- name: backend
volumeMounts:
{{ if eq .Values.global.debug "yes" }}
- name: app-data
mountPath: /app
{{ end }}
command: ["/usr/sbin/php-fpm7.2", "--fpm-config", "/etc/php/7.2/php-fpm.conf", "-F"]
...
1.3. sirrin.yaml
{{ if eq .Values.global.debug "yes" }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Chart.Name }}-ssh-pub-key
type: Opaque
data:
authorized_keys: "{{ first (pluck .Values.global.username .Values.ssh_pub_key) }}"
{{ end }}
Taɓawar ƙarshe
Bayan haka duk abin da ya rage shi ne canja wurin :
dev:
stage: deploy
script:
- type multiwerf && source <(multiwerf use 1.0 beta)
- type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
- werf deploy
--namespace ${CI_PROJECT_NAME}-stage
--set "global.env=stage"
--set "global.git_rev=${CI_COMMIT_SHA}"
--set "global.debug=yes"
--set "global.username=${GITLAB_USER_LOGIN}"
tags:
- build
Voila: mai haɓakawa wanda ya ƙaddamar da turawa zai iya haɗawa da sunan sabis (yadda ake ba da damar shiga gungu cikin amintacciyar hanya, ) daga tebur ɗin ku ta hanyar SFTP kuma gyara lambar ba tare da jira an isar da shi zuwa gungu ba.
Wannan mafita ce gaba ɗaya mai aiki, amma ta fuskar aiwatarwa tana da fa'ida a bayyane:
- buƙatar tsaftace ginshiƙi na Helm, wanda ya sa ya zama da wuya a karanta a nan gaba;
- wanda ya tura sabis ɗin zai iya amfani da shi kawai;
- kuna buƙatar tunawa sannan kuyi aiki tare da kundin adireshin gida tare da lambar kuma sanya shi zuwa Git.
2. Tashar wayar tarho
Wannan aikin An san shi na dogon lokaci, amma mu, kamar yadda suke faɗa, "ba mu taɓa gwada shi sosai a aikace ba." Duk da haka, buƙatar ta yi aikinta kuma yanzu muna farin cikin raba kwarewarmu, wanda zai iya zama da amfani ga masu karatu na blog ɗin mu - musamman tun da babu wasu kayan aiki game da Telepresence a kan cibiya tukuna.
A takaice dai, komai ya juya bai zama mai ban tsoro ba. Mun sanya duk ayyukan da ke buƙatar aiwatarwa a ɓangaren mai haɓakawa a cikin fayil ɗin rubutun ginshiƙi da ake kira NOTES.txt. Don haka, bayan tura sabis ɗin zuwa Kubernetes, mai haɓakawa yana ganin umarni don ƙaddamar da yanayin dev na gida a cikin log ɗin aikin GitLab:
!!! Разработка сервиса локально, в составе Kubernetes !!!
* Настройка окружения
* * Должен быть доступ до кластера через VPN
* * На локальном ПК установлен kubectl ( https://kubernetes.io/docs/tasks/tools/install-kubectl/ )
* * Получить config-файл для kubectl (скопировать в ~/.kube/config)
* * На локальном ПК установлен telepresence ( https://www.telepresence.io/reference/install )
* * Должен быть установлен Docker
* * Необходим доступ уровня reporter или выше к репозиторию https://gitlab.site.com/group/app
* * Необходимо залогинится в registry с логином/паролем от GitLab (делается один раз):
#########################################################################
docker login registry.site.com
#########################################################################
* Запуск окружения
#########################################################################
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name }}:backend --mount=/tmp/app --docker-run -v `pwd`:/app -v /tmp/app/var/run/secrets:/var/run/secrets -ti registry.site.com/group/app/backend:v8
#########################################################################Ba za mu yi daki-daki kan matakan da aka siffanta a cikin wannan umarni ba... ban da na ƙarshe. Menene ya faru yayin ƙaddamar da Telepresence?
Yin aiki tare da Telepresence
A farawa (ta amfani da umarni na ƙarshe da aka ƙayyade a cikin umarnin da ke sama), mun saita:
- sarari suna wanda microservice ke gudana;
- sunayen turawa da kwantena da muke son kutsawa.
Ragowar gardama na zaɓi ne. Idan sabis ɗinmu yana hulɗa da kuma don Kubernetes API , muna buƙatar hawa takaddun shaida/alamu akan tebur ɗin mu. Don yin wannan, yi amfani da zaɓi --mount=true (ko --mount=/dst_path), wanda zai hau tushen (/) daga kwandon Kubernetes zuwa tebur ɗin mu. Bayan haka, zamu iya (dangane da OS da yadda aka ƙaddamar da aikace-aikacen) amfani da "maɓallai" daga gungu.
Da farko, bari mu kalli mafi kyawun zaɓi na duniya don gudanar da aikace-aikacen - a cikin akwati Docker. Don yin wannan za mu yi amfani da maɓalli --docker-run kuma saka kundin adireshi tare da lambar a cikin akwati: -v `pwd`:/app
Lura cewa wannan yana ɗauka yana gudana daga kundin tsarin aiki. Za a saka lambar aikace-aikacen a cikin kundin adireshi /app a cikin akwati.
Gaba: -v /tmp/app/var/run/secrets:/var/run/secrets - don hawan kundin adireshi tare da takaddun shaida/alama a cikin akwati.
A ƙarshe wannan zaɓi yana biye da hoton da aikace-aikacen zai gudana. NB: Lokacin gina hoto, dole ne ka saka CMD ko ENTRYPOINT!
Menene ainihin zai faru a gaba?
- A cikin Kubernetes, don ƙayyadadden ƙaddamarwa, za a canza adadin kwafi zuwa 0. Maimakon haka, za a ƙaddamar da sabon Ƙaddamarwa - tare da akwati mai maye gurbin.
backend. - 2 kwantena za su kaddamar a kan tebur: na farko tare da Telepresence (zai zama wakilin buƙatun daga / zuwa Kubernetes), na biyu tare da aikace-aikacen da ake haɓaka.
- Idan muka shiga cikin akwati tare da aikace-aikacen, to duk masu canjin ENV da Helm ya tura yayin turawa za su kasance a gare mu, kuma duk sabis ɗin za su kasance. Abin da ya rage shi ne shirya lambar a cikin IDE da kuka fi so kuma ku ji daɗin sakamakon.
- A ƙarshen aikin, kawai kuna buƙatar rufe tashar da Telepresence ke gudana (kashe zaman tare da Ctrl + C) - kwantena Docker zai tsaya akan tebur, kuma a cikin Kubernetes duk abin da zai dawo zuwa yanayin farko. Duk abin da ya rage shine ƙaddamarwa, fitar da MR kuma canza shi zuwa sake dubawa / haɗawa /… (dangane da ayyukan ku).
Idan ba ma son gudanar da aikace-aikacen a cikin akwati Docker - alal misali, ba mu haɓaka a cikin PHP ba, amma a cikin Go, kuma har yanzu muna gina shi a cikin gida - ƙaddamar da Telepresence zai zama mafi sauƙi:
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name }}:backend --mount=trueIdan aikace-aikacen ya sami dama ga Kubernetes API, kuna buƙatar hawa kundin adireshin maɓalli (https://www.telepresence.io/howto/volumes). Akwai mai amfani don Linux :
proot -b $TELEPRESENCE_ROOT/var/run/secrets/:/var/run/secrets bash
Bayan ƙaddamar da Telepresence ba tare da zaɓi ba --docker-run duk masu canjin yanayi za su kasance a cikin tashar ta yanzu, don haka dole ne a ƙaddamar da aikace-aikacen a ciki.
NB: Lokacin amfani, alal misali, PHP, dole ne a tuna don kashe nau'ikan op_cache, apc da sauran masu haɓakawa don haɓakawa - in ba haka ba gyara lambar ba zai haifar da sakamakon da ake so ba.
Sakamakon
Ci gaban gida tare da Kubernetes shine matsala wanda maganinsa yana girma daidai da yaduwar wannan dandamali. Karɓar buƙatun da suka dace daga masu haɓakawa (daga abokan cinikinmu), mun fara magance su tare da hanyoyin da ake samu na farko, wanda, duk da haka, ba su tabbatar da kansu ba tsawon lokaci. Abin farin ciki, wannan ya zama a bayyane ba kawai a yanzu ba kuma ba kawai a gare mu ba, don haka mafi dacewa hanyoyin sun riga sun bayyana a cikin duniya, kuma Telepresence shine mafi shaharar su (a hanya, akwai kuma). daga Google). Kwarewarmu ta amfani da shi bai riga ya girma ba, amma ya riga ya ba mu dalilin ba da shawarar shi ga "abokan aikinmu a cikin shagon" - gwada shi!
PS
Sauran daga jerin shawarwari da dabaru na K8s:
- «";
- «";
- «";
- «";
- «".
source: www.habr.com