Me ya fara zuwa - kaza ko kwai? Wani bakon farawa ga labarin game da Kayan Aiki-as-Code, ko ba haka ba?
Menene kwai?
Mafi sau da yawa, Infrastructure-as-Code (IaC) hanya ce ta bayyanawa ta wakiltar ababen more rayuwa. A ciki muna bayyana yanayin da muke son cimmawa, farawa daga sashin kayan masarufi kuma muna ƙarewa tare da tsarin software. Don haka ana amfani da IaC don:
- Samar da Albarkatu. Waɗannan su ne VMs, S3, VPC, da sauransu. Kayan aiki na asali don aiki: и .
- . Kayan aiki na asali: , Chef, da sauransu.
Kowane lamba yana cikin ma'ajiyar git. Kuma ba dade ko ba dade shugaban tawagar zai yanke shawarar cewa suna bukatar a daidaita su. Kuma zai yi refactor. Kuma zai haifar da wani tsari. Kuma zai ga cewa wannan yana da kyau.
Hakanan yana da kyau cewa ya riga ya wanzu и -mai ba da sabis na Terraform (kuma wannan Kanfigareshan Software ne). Tare da taimakonsu, zaku iya sarrafa duk aikin: membobin ƙungiyar, CI/CD, git-flow, da sauransu.
Daga ina kwan ya fito?
Don haka sannu a hankali muna fuskantar babbar tambaya.
Da farko, kuna buƙatar farawa tare da ma'ajiyar da ke bayyana tsarin sauran ma'ajiyar, ciki har da kanku. Kuma ba shakka, a matsayin wani ɓangare na GitOps, kuna buƙatar ƙara CI domin a aiwatar da canje-canje ta atomatik.
Idan Git ba a halicce shi ba tukuna?
- Yadda za a adana shi a Git?
- Yadda za a girka CI?
- Idan kuma mun tura Gitlab ta amfani da IaC, har ma a cikin Kubernetes?
- Kuma GitLab Runner shima a Kubernetes?
- Me game da Kubernetes a cikin mai ba da girgije?
Me ya fara zuwa: GitLab inda zan loda lambara, ko lambar da ta bayyana irin GitLab da nake buƙata?
Kaza da qwai
«3 tare da dinosaur" []
Bari mu yi ƙoƙarin dafa tasa ta amfani da matsayin mai samar da girgije .
TL, DR
Shin yana yiwuwa a shiga ƙungiya ɗaya lokaci ɗaya?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashSinadaran:
- Asusu daga my.selectel.ru;
- Alamar asusu;
- Kubernetes basira;
- Kwarewar Helm;
- Ƙwarewar Terraform;
- Tsarin Helm GitLab;
- Taswirar Helm GitLab Runner.
Abun girkewa:
- Samu MY_SELECTEL_TOKEN daga panel my.selectel.ru.
- Ƙirƙiri gungu na Kubernetes ta hanyar canja wurin alamar asusu zuwa gare shi.
- Samu KUBECONFIG daga gungu da aka ƙirƙira.
- Shigar GitLab akan Kubernetes.
- Samu GitLab-token daga GitLab wanda aka ƙirƙira don mai amfani tushen.
- Ƙirƙiri tsarin aiki a GitLab ta amfani da GitLab-token.
- Tura lambar data kasance zuwa GitLab.
- ???
- Riba!
Mataki 1. Ana iya samun alamar a cikin sashin .
Mataki 2. Muna shirya Terraform ɗin mu don "yin burodi" gungu na nodes 2. Idan kun tabbata cewa kuna da isassun albarkatu don komai, to zaku iya ba da damar keɓaɓɓun keɓaɓɓun keɓaɓɓun ta atomatik:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Ƙara mai amfani zuwa aikin:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Fitowa:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Mun ƙaddamar:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
Mataki 3. Muna samun cubeconfig.
Don zazzage KUBECONFIG ta tsari, kuna buƙatar samun alama daga OpenStack:
openstack token issue -c id -f value > tokenKuma tare da wannan alamar yi buƙatu zuwa API ɗin Kubernetes Selectel Managed. k8s_id al'amura terraform:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlHakanan za'a iya samun dama ga Cupconfig ta hanyar panel.
Mataki 4. Bayan an toya cluster kuma mun sami damar shiga, za mu iya ƙara yaml a kai don dandana.
Na fi so in ƙara:
- sararin suna
- ajiya aji
- manufofin tsaro na kwaf da sauransu.
domin Selectel za a iya dauka daga .
Tun da farko na zabi gungu a shiyyar ru-3a, to ina bukatan Ajin Adana daga wannan yanki.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: trueMataki 5. Shigar da ma'aunin nauyi.
Za mu yi amfani da daidaitattun ɗaya don mutane da yawa nginx - shigarwa. An riga an sami umarni da yawa don shigar da shi, don haka ba za mu dakata a kai ba.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlMuna jira shi don karɓar IP na waje na kimanin mintuna 3-4:
An karɓi IP na waje:
Mataki 6. Shigar GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Har ila yau muna jira duk kwas ɗin su tashi.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Pods sun tashi:
Mataki 7. Muna karɓar GitLab-token.
Da farko, gano kalmar shiga:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeYanzu bari mu shiga mu sami alama:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.ioMataki 8. Kawo ma'ajiyar Git zuwa madaidaicin matsayi ta amfani da Mai Ba da Gitlab.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileAbin takaici, terraform GitLab mai bada yana da iyo . Sa'an nan kuma dole ne ku share ayyukan da ke karo da juna da hannu domin a daidaita tf.state. Sa'an nan kuma sake kunna umarnin `$make all'
Mataki 9. Muna canja wurin ma'ajiyar gida zuwa uwar garken.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)An gama:
ƙarshe
Mun cimma cewa za mu iya sarrafa komai a fili daga injin mu na gida. Yanzu ina so in canja wurin duk waɗannan ayyuka zuwa CI kuma kawai danna maballin. Don yin wannan, muna buƙatar canja wurin jihohin mu (jihar Terraform) zuwa CI. Yadda za a yi wannan yana cikin kashi na gaba.
Kuyi subscribing din mu don kar a rasa fitowar sabbin labarai!
source: www.habr.com