ProHoster > Блог > Gudanarwa > Southbridge a Chelyabinsk da Bitrix a Kubernetes

Southbridge a Chelyabinsk da Bitrix a Kubernetes

Ana gudanar da taron masu gudanar da tsarin Sysadminka a Chelyabinsk, kuma a ƙarshe na ba da rahoto game da mafita don gudanar da aikace-aikace akan 1C-Bitrix a Kubernetes.

Bitrix, Kubernetes, Ceph - babban cakuda?

Zan gaya muku yadda muka hada mafita mai aiki daga duk wannan.

Bari mu tafi!

Southbridge a Chelyabinsk da Bitrix a Kubernetes

An gudanar da taron a ranar 18 ga Afrilu a Chelyabinsk. Kuna iya karanta game da haduwarmu a Timepad kuma duba YouTube.

Idan kuna son zuwa mana da rahoto ko kuma mai sauraro - barka da zuwa, ku rubuto mana [email kariya] kuma akan Telegram t.me/vadimisakanov.

Rahotona

Southbridge a Chelyabinsk da Bitrix a Kubernetes

Nunin faifai

Magani "Bitrix a cikin Kubernetes, sigar Southbridge 1.0"

Zan yi magana game da mafitarmu a cikin tsarin "don dummies in Kubernetes", kamar yadda aka yi a taron. Amma ina ɗauka cewa kun san kalmomin Bitrix, Docker, Kubernetes, Ceph aƙalla a matakin labarai akan Wikipedia.

Menene shirye-shiryen da aka yi game da Bitrix a cikin Kubernetes?

Akwai ƙarancin bayanai akan duk Intanet game da ayyukan aikace-aikacen Bitrix a cikin Kubernetes.
Na sami waɗannan kayan kawai:

Rahoton Alexander Serbul, 1C-Bitrix, da Anton Tuzlukov daga Qsoft:

Ina ba da shawarar sauraron sa.

Ƙirƙirar maganin ku daga mai amfani serkyron ku Habre.
An sami ƙarin irin wannan shawarar.

Aaand...a zahiri, shi ke nan.

Ina yi muku gargaɗi, ba mu bincika ingancin mafita ba a cikin hanyoyin haɗin da ke sama :)
Af, a lokacin da shirya mu mafita, na yi magana da Alexander Serbul, sa'an nan rahoton bai bayyana ba tukuna, don haka a cikin nunin faifai akwai wani abu "Bitrix ba ya amfani da Kubernetes."

Amma akwai riga da yawa shirye-shiryen Docker hotuna don gudanar da Bitrix a Docker: https://hub.docker.com/search?q=bitrix&type=image

Shin wannan ya isa ya haifar da cikakken bayani ga Bitrix a cikin Kubernetes?
A'a. Akwai matsaloli masu yawa da ake buƙatar warwarewa.

Menene matsalolin Bitrix a cikin Kubernetes?

Na farko, shirye-shiryen hotuna daga Dockerhub ba su dace da Kubernetes ba

Idan muna son gina gine-ginen microservices (kuma a cikin Kubernetes yawanci muna yi), muna buƙatar raba aikace-aikacen Kubernetes a cikin kwantena kuma kowane akwati ya yi ƙaramin aiki ɗaya (kuma yayi shi da kyau). Me yasa daya kawai? A takaice dai, mafi sauki shine mafi aminci.
Don ƙarin bayani, kalli wannan labarin da bidiyo, don Allah: https://habr.com/ru/company/southbridge/blog/426637/

Hotunan Dockerhub a Dockerhub an gina su ne akan ƙa'idar gaba ɗaya, don haka har yanzu dole ne mu kera keken namu har ma da ƙirƙirar hotuna daga karce.

Na biyu - an gyara lambar rukunin yanar gizon daga rukunin gudanarwa

Mun ƙirƙiri sabon sashe akan rukunin yanar gizon - an sabunta lambar (an ƙara adireshi tare da sunan sabon sashe).

Idan kun canza kaddarorin wani bangare daga rukunin gudanarwa, lambar ta canza.

Kubernetes "ta tsohuwa" ba zai iya aiki tare da wannan ba; dole ne kwantena su zama marasa ƙasa.

Dalili: Kowane akwati (pod) a cikin gungu yana aiwatar da wani yanki ne kawai na zirga-zirga. Idan kun canza lambar a cikin akwati ɗaya kawai (pod), to lambar za ta bambanta a cikin kwasfa daban-daban, rukunin yanar gizon zai yi aiki daban-daban, kuma za a nuna nau'ikan rukunin yanar gizon ga masu amfani daban-daban. Ba za ku iya rayuwa haka ba.

Na uku - kana buƙatar warware matsalar tare da turawa

Idan muna da monolith da uwar garken "classic" ɗaya, duk abin da yake da sauƙi: muna tura sabon tushe na lambar, ƙaura bayanan, canza zirga-zirga zuwa sabon sigar lambar. Sauyawa yana faruwa nan take.
Idan muna da rukunin yanar gizon a Kubernetes, a yanka a cikin microservices, akwai kwantena da yawa tare da lambar - oh. Kuna buƙatar tattara kwantena tare da sabon sigar lambar, fitar da su maimakon tsoffin, ƙaura daidaitattun bayanai, kuma da kyau ku yi hakan ba tare da ganin baƙi ba. Abin farin ciki, Kubernetes yana taimaka mana da wannan, yana goyan bayan gungun nau'ikan turawa daban-daban.

Na hudu - kana buƙatar warware batun adana ƙididdiga

Idan rukunin yanar gizon ku "kawai" gigabytes 10 ne kuma kun tura shi gaba ɗaya a cikin kwantena, zaku ƙare tare da kwantena gigabyte 10 waɗanda ke ɗaukar har abada don turawa.
Kuna buƙatar adana sassan "mafi nauyi" na rukunin yanar gizon a waje da kwantena, kuma tambayar ta taso game da yadda ake yin hakan daidai.

Menene ya ɓace daga maganinmu?

Ba a rarraba gaba dayan lambar Bitrix zuwa microfunctions/microservices (domin rajista ya bambanta, tsarin kantin kan layi ya bambanta, da sauransu). Muna adana duk tushen lambar a cikin kowane akwati.

Har ila yau, ba mu adana bayanan a cikin Kubernetes (Har yanzu ina aiwatar da mafita tare da bayanan bayanai a Kubernetes don yanayin ci gaba, amma ba don samarwa ba).

Har yanzu zai zama sananne ga masu gudanar da rukunin yanar gizon cewa rukunin yanar gizon yana gudana akan Kubernetes. Aikin “System Check” baya aiki daidai; don gyara lambar rukunin yanar gizon daga rukunin gudanarwa, dole ne ka fara danna maɓallin “Ina son gyara lambar”.

An gano matsalolin, an ƙayyade buƙatar aiwatar da microservices, makasudin ya bayyana a fili - don samun tsarin aiki don gudanar da aikace-aikacen akan Bitrix a Kubernetes, yana kiyaye dukkanin damar Bitrix da kuma fa'idodin Kubernetes. Mu fara aiwatarwa.

gine

Akwai faifan “aiki” da yawa tare da sabar gidan yanar gizo (ma’aikata).
Ɗayan ƙarƙashin da ayyukan cron (ɗaya kawai ake buƙata).
Haɓaka ɗaya don gyara lambar rukunin yanar gizon daga rukunin gudanarwa (kuma ɗaya kawai ake buƙata).

Southbridge a Chelyabinsk da Bitrix a Kubernetes

Muna warware tambayoyi:

  • Inda za a adana zaman?
  • A ina za a adana cache?
  • Inda za a adana statistics, ba don sanya gigabytes na statics a cikin tarin kwantena ba?
  • Ta yaya database zai yi aiki?

Hoton Docker

Mun fara da gina hoton Docker.

Kyakkyawan zaɓi shine muna da hoton duniya ɗaya ɗaya, akan sa muna samun kwas ɗin ma'aikata, kwasfa tare da Crontasks, da haɓaka kwasfa.

Mun yi irin wannan hoton.

Ya haɗa da nginx, apache/php-fpm (ana iya zaɓar lokacin ginawa), msmtp don aika wasiku, da cron.

Lokacin haɗa hoton, ana kwafi gabaɗayan tushen lambar rukunin yanar gizon zuwa kundin adireshin aikace-aikacen (banda waɗannan ɓangarorin waɗanda za mu matsa zuwa keɓan ma'ajiyar da aka raba).

Microservices, ayyuka

ma'aikata kwasfa:

  • Kwantena tare da nginx + akwati apache/php-fpm + msmtp
  • Bai yi aiki ba don matsar da msmtp zuwa wani microservice daban, Bitrix yana fara jin haushin cewa ba zai iya aika saƙon kai tsaye ba.
  • Kowane kwantena yana da cikakken madaidaicin lamba.
  • Hana canza lamba a cikin kwantena.

cron karkashin:

  • akwati tare da apache, php, cron
  • cikakken code tushe hada
  • hana canza code a cikin kwantena

haɓakawa ƙarƙashin:

  • kwandon nginx + apache/php-fpm akwati + msmtp
  • Babu wani hani akan canza lamba a cikin kwantena

ajiyar lokaci

Bitrix cache ajiya

Wani muhimmin abu: muna adana kalmomin shiga don haɗawa da komai, daga bayanan bayanai zuwa wasiku, a cikin sirrin kubernetes. Muna samun kari: kalmomin sirri suna bayyane kawai ga waɗanda muke ba da damar yin amfani da sirrin, kuma ba ga duk wanda ke da damar yin amfani da tushen lambar aikin ba.

Adana don ƙididdiga

Kuna iya amfani da komai: ceph, nfs (amma ba mu bada shawarar nfs don samarwa ba), ajiyar cibiyar sadarwa daga masu samar da girgije, da sauransu.

Ana buƙatar haɗa ma'ajiyar a cikin kwantena zuwa / lodawa/ kundin adireshi na rukunin yanar gizon da sauran kundayen adireshi masu tsayayyen abun ciki.

Database

Don sauƙi, muna ba da shawarar matsar da bayanai a wajen Kubernetes. Tushen a Kubernetes aiki ne mai rikitarwa daban; zai sa tsarin ya zama tsari na girma mafi rikitarwa.

Adana taro

Muna amfani da memcached :)

Yana sarrafa ma'ajiyar zaman da kyau, yana taruwa, kuma ana tallafawa "a asali" azaman zaman.save_path a cikin php. An gwada irin wannan tsarin sau da yawa a cikin tsarin gine-ginen monolithic na gargajiya, lokacin da muka gina gungu tare da adadi mai yawa na sabar yanar gizo. Don turawa muna amfani da helm.

$ helm install stable/memcached --name session

php.ini - a nan hoton yana ƙunshe da saitunan don adana zaman a cikin memcached

Mun yi amfani da Canjin Muhalli don ba da bayanai game da runduna tare da memcached https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/.
Wannan yana ba ku damar amfani da lambar guda ɗaya a cikin dev, mataki, gwaji, mahallin prod (sunaye masu ɓoye a cikin su za su bambanta, don haka muna buƙatar ƙaddamar da sunan mai masauki na musamman don zaman zuwa kowane yanayi).
Bitrix cache ajiya

Muna buƙatar ma'ajiya mai jurewa kuskure wanda duk kwas ɗin za su iya rubutawa da karantawa daga gare su.

Muna kuma amfani da memcached.
Wannan bayani yana ba da shawarar ta Bitrix kanta.

$ helm install stable/memcached --name cache

bitrix/.settings_extra.php - a nan a cikin Bitrix an ƙayyade inda aka adana cache

Muna kuma amfani da Canjin Muhalli.

Krontaski

Akwai hanyoyi daban-daban don gudanar da Crontasks a Kubernetes.

  • daban daban tare da kwasfa don gudanar da Crontasks
  • cronjob don aiwatar da crontasks (idan wannan aikace-aikacen yanar gizo ne - tare da wget https://$host$cronjobname, ko kubectl exec a cikin ɗaya daga cikin kwas ɗin ma'aikaci, da sauransu)
  • da dai sauransu.

Kuna iya yin gardama game da mafi daidai, amma a wannan yanayin mun zaɓi zaɓi "rarrabuwar turawa tare da kwasfa don Crontasks"

Yadda aka yi:

  • ƙara ayyukan cron ta hanyar ConfigMap ko ta hanyar daidaitawa / addcron fayil
  • a wani misali mun ƙaddamar da akwati mai kama da kwas ɗin ma'aikaci + ba da izinin aiwatar da ayyukan rawani a ciki
  • Ana amfani da tushe na lambar guda ɗaya, godiya ga haɗin kai, haɗuwa da akwati yana da sauƙi

Abin da muka samu:

  • muna da Crontasks masu aiki a cikin yanayi mai kama da yanayin masu haɓakawa (docker)
  • Crontasks baya buƙatar "sake rubutawa" don Kubernetes, suna aiki a cikin tsari iri ɗaya kuma a cikin tushe iri ɗaya kamar yadda yake a baya.
  • Za a iya ƙara ayyukan cron ta duk membobin ƙungiyar tare da haƙƙin haƙƙin reshen samarwa, ba kawai admins ba

Southbridge K8SDeploy module da code tace daga admin panel

Muna magana ne game da haɓakawa a ƙarƙashin?
Yadda ake jagorantar zirga-zirga a wurin?
Hurray, mun rubuta wani module don wannan a cikin PHP :) Wannan ƙaramin ƙirar al'ada ce don Bitrix. Har yanzu bai fito fili ba, amma muna shirin bude shi.
An shigar da tsarin kamar na yau da kullun a cikin Bitrix:

Southbridge a Chelyabinsk da Bitrix a Kubernetes

Kuma ga alama kamar haka:

Southbridge a Chelyabinsk da Bitrix a Kubernetes

Yana ba ku damar saita kuki wanda ke gano mai gudanar da rukunin yanar gizon kuma yana ba Kubernetes damar aika zirga-zirga zuwa kwaf ɗin haɓakawa.

Lokacin da aka kammala canje-canje, kuna buƙatar danna git push, za a aika canjin lambar zuwa git, sannan tsarin zai gina hoto tare da sabon nau'in lambar kuma "mirgine shi" a cikin gungu, yana maye gurbin tsoffin kwasfa. .

Ee, dan kadan ne, amma a lokaci guda muna kula da gine-ginen microservice kuma ba mu cire masu amfani da Bitrix damar da suka fi so don gyara lambar daga kwamitin gudanarwa. A ƙarshe, wannan zaɓi ne; zaku iya magance matsalar gyara lambar ta wata hanya dabam.

Tsarin Helm

Don gina aikace-aikace akan Kubernetes, yawanci muna amfani da manajan kunshin Helm.
Don maganinmu na Bitrix a Kubernetes, Sergey Bondarev, babban mai kula da tsarin mu, ya rubuta taswirar Helm na musamman.

Yana gina ma'aikaci, haɓakawa, cron pods, yana daidaita abubuwan shiga, ayyuka, da canja wurin masu canji daga sirrin Kubernetes zuwa kwasfa.

Muna adana lambar a Gitlab, kuma muna gudanar da ginin Helm daga Gitlab.

A takaice dai, kamar haka

$ helm upgrade --install project .helm --set image=registrygitlab.local/k8s/bitrix -f .helm/values.yaml --wait --timeout 300 --debug --tiller-namespace=production

Helm kuma yana ba ku damar yin jujjuyawar "marasa ƙarfi" idan wani abu ya faru ba zato ba tsammani yayin turawa. Yana da kyau lokacin da ba a cikin firgita "gyara lambar ta hanyar ftp saboda prod ya fadi," amma Kubernetes yana yin ta ta atomatik, kuma ba tare da bata lokaci ba.

tura

Ee, mu magoya bayan Gitlab & Gitlab CI ne, muna amfani da shi :)
Lokacin yin aiki a Gitlab zuwa wurin ajiyar aikin, Gitlab ya ƙaddamar da bututun da ke tura sabon yanayin muhalli.

Matsayi:

  • gina (gina sabon hoton Docker)
  • gwaji (gwaji)
  • tsaftacewa (cire yanayin gwaji)
  • tura (mun aika shi zuwa rajistar Docker)
  • tura (mun tura aikace-aikacen zuwa Kubernetes ta hanyar Helm).

Southbridge a Chelyabinsk da Bitrix a Kubernetes

Hurray, ya shirya, bari mu aiwatar da shi!
To, ko yi tambayoyi idan akwai.

To me muka yi

Daga mahangar fasaha:

  • Dockerized Bitrix;
  • "yanke" Bitrix a cikin kwantena, kowannensu yana yin ƙananan ayyuka;
  • an cimma rashin jiha na kwantena;
  • warware matsalar tare da sabunta Bitrix a Kubernetes;
  • duk ayyukan Bitrix sun ci gaba da aiki (kusan duka);
  • Mun yi aiki a kan turawa zuwa Kubernetes da sake dawowa tsakanin sigogin.

Daga mahangar kasuwanci:

  • hakuri da laifi;
  • Kayan aikin Kubernetes (saukin haɗin kai tare da Gitlab CI, ƙaddamarwa mara kyau, da sauransu);
  • kalmomin sirri na sirri (wanda ake iya gani kawai ga waɗanda aka ba da damar shiga kalmar sirri kai tsaye);
  • Yana da dacewa don ƙirƙirar ƙarin yanayi (don haɓakawa, gwaje-gwaje, da sauransu) a cikin kayan aikin guda ɗaya.

source: www.habr.com

Add a comment