Lokacin gina tsarin CI / CD ta amfani da Kubernetes, wani lokacin matsalar ta taso na rashin daidaituwa tsakanin buƙatun sabbin kayan aikin da aikace-aikacen da ake canjawa wuri zuwa gare shi. Musamman, a matakin ginin aikace-aikacen yana da mahimmanci don samun один hoton da za a yi amfani da shi a ciki всех muhallin aikin da tari. Wannan ka'ida tana ƙarƙashin daidai sarrafa kwantena (fiye da sau ɗaya game da wannan da sashen fasahar mu).
Koyaya, ba za ku ga kowa ba a cikin yanayin da lambar rukunin yanar gizon ke amfani da tsarin da aka shirya, amfani da shi yana sanya hani akan ƙarin amfani da shi. Kuma yayin da yake cikin "yanayin al'ada" wannan yana da sauƙin magancewa, a cikin Kubernetes wannan hali na iya zama matsala, musamman lokacin da kuka haɗu da shi a karon farko. Yayin da hankali mai ƙirƙira zai iya fito da hanyoyin samar da ababen more rayuwa waɗanda suke da alama a bayyane ko ma da kyau a kallon farko ... yana da mahimmanci a tuna cewa yawancin yanayi na iya kuma yakamata ya kamata. a warware ta architecturally.
Bari mu kalli mashahuran hanyoyin warwarewa don adana fayiloli waɗanda za su iya haifar da sakamako mara daɗi yayin aiki da tari, sannan mu nuna hanya madaidaiciya.
Adana a tsaye
Don kwatanta, yi la'akari da aikace-aikacen gidan yanar gizon da ke amfani da wani nau'in janareta na tsaye don samun saitin hotuna, salo, da sauran abubuwa. Misali, tsarin Yii PHP yana da ginannen manajan kadara wanda ke haifar da sunaye na musamman. Saboda haka, fitarwa shine saitin hanyoyin da ke tsaye wanda a bayyane yake ba sa haɗuwa da juna (an yi hakan ne saboda dalilai da yawa - alal misali, don kawar da kwafi lokacin da abubuwa da yawa ke amfani da albarkatu iri ɗaya). Don haka, daga cikin akwatin, a karon farko da kuka sami damar zuwa tsarin albarkatun yanar gizo, fayiloli na tsaye (a zahiri, sau da yawa symlinks, amma ƙari akan wancan daga baya) an ƙirƙira su tare da tushen tushen gama gari na musamman na wannan turawa:
-
webroot/assets/2072c2df/css/… -
webroot/assets/2072c2df/images/… -
webroot/assets/2072c2df/js/…
Menene wannan ke nufi dangane da gungu?
Misali mafi sauki
Bari mu ɗauki shari'ar gama-gari, lokacin da nginx ta gabace PHP don rarraba bayanan tsaye da aiwatar da buƙatu masu sauƙi. Hanya mafi sauki - girke da kwantena guda biyu:
apiVersion: apps/v1
kind: Deployment
metadata:
name: site
spec:
selector:
matchLabels:
component: backend
template:
metadata:
labels:
component: backend
spec:
volumes:
- name: nginx-config
configMap:
name: nginx-configmap
containers:
- name: php
image: own-image-with-php-backend:v1.0
command: ["/usr/local/sbin/php-fpm","-F"]
workingDir: /var/www
- name: nginx
image: nginx:1.16.0
command: ["/usr/sbin/nginx", "-g", "daemon off;"]
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.confA cikin sauƙi mai sauƙi, tsarin nginx yana tafasa zuwa mai zuwa:
apiVersion: v1
kind: ConfigMap
metadata:
name: "nginx-configmap"
data:
nginx.conf: |
server {
listen 80;
server_name _;
charset utf-8;
root /var/www;
access_log /dev/stdout;
error_log /dev/stderr;
location / {
index index.php;
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
Lokacin da kuka fara shiga rukunin yanar gizon, kadarorin suna bayyana a cikin akwati na PHP. Amma a cikin yanayin kwantena guda biyu a cikin kwasfa ɗaya, nginx bai san kome ba game da waɗannan fayilolin tsaye, waɗanda (bisa ga tsari) yakamata a ba su. A sakamakon haka, abokin ciniki zai ga kuskuren 404 don duk buƙatun zuwa fayilolin CSS da JS. Mafi sauƙi mafita anan shine tsara jagorar gama gari don kwantena. Zaɓin na farko - na gaba ɗaya emptyDir:
apiVersion: apps/v1
kind: Deployment
metadata:
name: site
spec:
selector:
matchLabels:
component: backend
template:
metadata:
labels:
component: backend
spec:
volumes:
- name: assets
emptyDir: {}
- name: nginx-config
configMap:
name: nginx-configmap
containers:
- name: php
image: own-image-with-php-backend:v1.0
command: ["/usr/local/sbin/php-fpm","-F"]
workingDir: /var/www
volumeMounts:
- name: assets
mountPath: /var/www/assets
- name: nginx
image: nginx:1.16.0
command: ["/usr/sbin/nginx", "-g", "daemon off;"]
volumeMounts:
- name: assets
mountPath: /var/www/assets
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.confYanzu fayilolin da aka ƙirƙira a cikin akwati ana ba da su ta nginx daidai. Amma bari in tunatar da ku cewa wannan shine mafita na farko, wanda ke nufin ya yi nisa daga manufa kuma yana da nasa nuances da gazawa, wanda aka tattauna a kasa.
Ƙarin ajiya mai ci gaba
Yanzu ka yi tunanin halin da ake ciki inda mai amfani ya ziyarci shafin, ya loda shafi tare da salon da ke cikin akwati, kuma yayin da yake karanta wannan shafin, mun sake tura akwati. Kas ɗin kadarorin ya zama fanko kuma ana buƙatar buƙatar PHP don fara samar da sababbi. Duk da haka, ko da bayan wannan, hanyoyin haɗi zuwa tsofaffin statistics ba za su kasance da mahimmanci ba, wanda zai haifar da kurakurai a cikin nuna ƙididdiga.
Bugu da kari, muna da yuwuwar muna da aikin da aka ɗora sama ko ƙasa da haka, wanda ke nufin cewa kwafin aikace-aikacen ɗaya ba zai isa ba:
- Mu auna shi sama girke har zuwa kwafi biyu.
- Lokacin da aka fara shiga rukunin yanar gizon, an ƙirƙiri kadara a cikin kwafi ɗaya.
- A wani lokaci, ingress ya yanke shawarar (don dalilai masu daidaita nauyi) don aika buƙatu zuwa kwafi na biyu, kuma waɗannan kadarorin ba su wanzu ba tukuna. Ko watakila ba su nan saboda muna amfani da su
RollingUpdatekuma a halin yanzu muna yin turawa.
Gabaɗaya, sakamakon shine sake kuskure.
Don guje wa asarar tsoffin kadarorin, zaku iya canzawa emptyDir a kan hostPath, ƙara a tsaye a zahiri zuwa kumburin tari. Wannan hanyar ba ta da kyau saboda a zahiri dole ne mu ɗaure zuwa takamaiman kumburin tari aikace-aikacen ku, saboda - idan akwai motsi zuwa wasu nodes - kundin adireshin ba zai ƙunshi fayilolin da suka dace ba. Ko ana buƙatar wani nau'in aiki tare na bayanan bayanan bayanan tsakanin nodes.
Menene mafita?
- Idan kayan aiki da kayan aiki sun ba da izini, kuna iya amfani da su don tsara kundin adireshi daidai wa daida don buƙatu na tsaye. yana ba da shawarar faifan SSD, aƙalla maimaita sau uku da ingantaccen haɗin “kauri” tsakanin kuɗaɗen tari.
- Zaɓin mafi ƙarancin buƙata shine tsara sabar NFS. Koyaya, to kuna buƙatar yin la'akari da yuwuwar haɓakar lokacin amsawa don sarrafa buƙatun sabar gidan yanar gizo, kuma haƙurin kuskure zai bar abin da ake so. Sakamakon gazawar yana da bala'i: asarar dutsen yana halaka gungu har ya mutu a ƙarƙashin matsi na lodin LA da ke garzayawa zuwa sama.
Daga cikin wasu abubuwa, duk zaɓuɓɓuka don ƙirƙirar ajiyar ajiya mai tsayi zasu buƙaci baya tsaftacewa tsofaffin fayilolin da aka tara a kan wani ɗan lokaci. A gaban kwantena tare da PHP zaka iya saka DaemonSet daga caching nginx, wanda zai adana kwafin kadarori na ɗan lokaci. Wannan hali yana da sauƙin daidaitawa ta amfani da shi proxy_cache tare da zurfin ajiya a cikin kwanaki ko gigabytes na sararin faifai.
Haɗa wannan hanyar tare da tsarin fayilolin da aka rarraba da aka ambata a sama yana ba da babban filin tunani, iyakance kawai ta hanyar kasafin kuɗi da fasaha na waɗanda za su aiwatar da tallafawa. Daga gwaninta, zamu iya cewa tsarin mafi sauƙi, mafi kwanciyar hankali yana aiki. Lokacin da aka ƙara irin waɗannan yadudduka, yana da wuya a kula da abubuwan more rayuwa, kuma a lokaci guda lokacin da aka kashe don ganowa da murmurewa daga duk wani gazawa yana ƙaruwa.
Shawara
Idan aiwatar da zaɓuɓɓukan ajiya da aka tsara kuma suna da alama ba daidai ba a gare ku (mai rikitarwa, tsada ...), to yana da daraja kallon halin da ake ciki daga wancan gefe. Wato, don tono cikin gine-ginen aikin da gyara matsalar a cikin code, an ɗaure shi da wasu tsarin bayanai na tsaye a cikin hoton, ma'anar abin da ke ciki ko tsari mara ma'ana don "dumama" da / ko ƙaddamar da kadarorin a matakin haɗin hoto. Ta wannan hanyar muna samun cikakkiyar halayen da za a iya faɗi da kuma saitin fayiloli iri ɗaya don duk mahalli da kwafi na aikace-aikacen da ke gudana.
Idan muka koma ga takamaiman misali tare da tsarin Yii kuma ba mu zurfafa cikin tsarinsa ba (wanda ba manufar labarin ba), ya isa ya nuna manyan hanyoyi guda biyu:
- Canja tsarin gina hoto don sanya kadarori a wurin da ake iya faɗi. Ana ba da shawarar / aiwatar da wannan a cikin kari kamar .
- Ƙayyade takamaiman hashes don kundin adireshi na kadari, kamar yadda aka tattauna a misali. (farawa daga slide No. 35). A hanyar, marubucin rahoton ƙarshe (kuma ba tare da dalili ba!) Ya ba da shawarar cewa bayan tattara dukiya a kan uwar garken ginawa, loda su zuwa babban ajiya na tsakiya (kamar S3), a gaban wanda ya sanya CDN.
Fayilolin da za a iya saukewa
Wani shari'ar da tabbas zai shigo cikin wasa yayin ƙaura aikace-aikacen zuwa gungu na Kubernetes yana adana fayilolin mai amfani a cikin tsarin fayil. Misali, muna sake samun aikace-aikacen PHP wanda ke karɓar fayiloli ta hanyar lodawa, yin wani abu tare da su yayin aiki, kuma yana mayar da su.
A Kubernetes, wurin da ya kamata a sanya waɗannan fayilolin ya zama gama gari ga duk kwafin aikace-aikacen. Dangane da rikitarwa na aikace-aikacen da buƙatar tsara dagewar waɗannan fayiloli, zaɓin na'urar da aka ambata a sama na iya zama irin wannan wurin, amma, kamar yadda muke gani, suna da nasu kurakurai.
Shawara
Mafita daya ita ce ta amfani da ma'ajin mai jituwa S3 (ko da wani nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in minio ne). Juyawa zuwa S3 zai buƙaci canje-canje a matakin code, da kuma yadda za a ba da abun ciki a gaban gaba, mun rigaya .
Zaman mai amfani
Na dabam, yana da daraja a lura da tsarin ajiya na zaman masu amfani. Sau da yawa waɗannan kuma fayiloli ne akan faifai, wanda a cikin mahallin Kubernetes zai haifar da buƙatun izini akai-akai daga mai amfani idan buƙatarsa ta ƙare a cikin wani akwati.
Ana warware matsalar wani bangare ta hanyar kunnawa stickySessions on ingress (ana goyan bayan fasalin a cikin duk shahararrun masu kula da shiga - don ƙarin cikakkun bayanai, duba )don ɗaure mai amfani zuwa takamaiman fasfo tare da aikace-aikacen:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nginx-test
annotations:
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "route"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
rules:
- host: stickyingress.example.com
http:
paths:
- backend:
serviceName: http-svc
servicePort: 80
path: /Amma wannan ba zai kawar da matsaloli tare da sake turawa ba.
Shawara
Hanyar da ta dace ita ce canja wurin aikace-aikacen zuwa adana zaman a cikin memcached, Redis da makamantan mafita - gabaɗaya, barin zaɓin fayil gaba ɗaya.
ƙarshe
Hanyoyin hanyoyin samar da ababen more rayuwa da aka tattauna a cikin rubutu sun cancanci amfani da su kawai a cikin tsari na "ƙugiya" na wucin gadi (wanda ya fi kyau a cikin Ingilishi azaman aiki). Suna iya dacewa a cikin matakan farko na ƙaura aikace-aikacen zuwa Kubernetes, amma kada suyi tushe.
Hanyar da aka ba da shawarar ita ce kawar da su don neman gyare-gyaren gine-gine na aikace-aikacen daidai da abin da aka riga aka sani ga mutane da yawa. . Duk da haka, wannan - kawo aikace-aikacen zuwa nau'i marar tushe - babu makawa yana nufin cewa za a buƙaci canje-canje a cikin lambar, kuma a nan yana da mahimmanci a sami daidaito tsakanin iyawa / buƙatun kasuwancin da kuma abubuwan da ake bukata don aiwatarwa da kiyaye hanyar da aka zaɓa. .
PS
Karanta kuma a kan shafinmu:
- «";
- «";
- «» (daga Red Hat);
- «".
source: www.habr.com