Na'urar Helm da illolinsa

Tunani mai ɗaukar kaya na Typhon, Anton Swanepoel

Sunana Dmitry Sugrobov, Ni mai haɓakawa ne a Leroy Merlin. A cikin wannan labarin zan gaya muku dalilin da yasa ake buƙatar Helm, yadda yake sauƙaƙe aiki tare da Kubernetes, abin da ya canza a cikin nau'i na uku, da kuma yadda ake amfani da shi don sabunta aikace-aikace a cikin samarwa ba tare da raguwa ba.

Wannan taƙaitaccen bayani ne a kan jawabin da aka yi a wani taro @Taron Kubernetes by Mail.ru Cloud Solutions — idan ba kwa son karantawa, kalli bidiyon.

Me yasa muke amfani da Kubernetes wajen samarwa

Leroy Merlin jagora ne a kasuwar dillalan DIY a Rasha da Turai. Kamfaninmu yana da masu haɓaka sama da ɗari, ma'aikata na cikin gida 33 da adadi mai yawa na mutanen da ke ziyartar manyan kantunan da gidan yanar gizon. Domin mu sa su farin ciki duka, mun yanke shawarar bin ka'idodin masana'antu. Ƙirƙirar sababbin aikace-aikace ta amfani da gine-ginen microservice; yi amfani da kwantena don ware wurare da tabbatar da isar da kyau; da kuma amfani da Kubernetes don ƙungiyar makaɗa. Farashin yin amfani da makada yana saurin zama mai rahusa: yawan injiniyoyin da suka kware a fasaha na karuwa a kasuwa, kuma masu samarwa suna bayyana suna ba da Kubernetes a matsayin sabis.

Duk abin da Kubernetes ya yi, ba shakka, ana iya yin shi ta wasu hanyoyi, alal misali, ta hanyar rufe wasu Jenkins da docker-compose tare da rubutun, amma me yasa ya dagula rayuwa idan akwai shirye-shiryen da aka yi da kuma abin dogara? Shi ya sa muka zo Kubernetes kuma muka yi amfani da shi wajen samarwa har shekara guda yanzu. A halin yanzu muna da gungu na Kubernetes ashirin da huɗu, waɗanda mafi tsufansu ya fi shekara ɗaya, tare da kwafsa kusan ɗari biyu.

La'anar manyan fayilolin YAML a cikin Kubernetes

Don ƙaddamar da microservice a Kubernetes, za mu ƙirƙiri aƙalla fayilolin YAML guda biyar: don Aiwatar da Sabis, Sabis, Ingress, ConfigMap, Sirrin - kuma aika su zuwa gungu. A aikace na gaba za mu rubuta irin wannan kunshin na jamb, da na uku za mu rubuta wani, da sauransu. Idan muka ninka adadin takardu da adadin mahalli, za mu riga mun sami ɗaruruwan fayiloli, kuma wannan bai riga ya yi la'akari da yanayi mai ƙarfi ba.

Adam Reese, babban mai kula da Helm, ya gabatar da manufar "Zagayowar Ci gaba a Kubernetes", wanda yayi kama da haka:

1. Kwafi YAML - kwafi fayil ɗin YAML.
2. Manna YAML - manna shi.
3. Gyara Indents - gyara indents.
4. Maimaita - maimaita sake.

Zaɓin yana aiki, amma dole ne ku kwafi fayilolin YAML sau da yawa. Don canza wannan sake zagayowar, an ƙirƙira Helm.

Menene Helm

Da farko, Helm - kunshin sarrafa, wanda ke taimaka maka nemo da shigar da shirye-shiryen da kuke buƙata. Don shigarwa, alal misali, MongoDB, ba kwa buƙatar zuwa gidan yanar gizon hukuma kuma zazzage binaries, kawai gudanar da umarni. helm install stable/mongodb.

Na biyu, Helm - injin samfuri, yana taimakawa wajen daidaita fayiloli. Bari mu koma halin da ake ciki tare da fayilolin YAML a cikin Kubernetes. Yana da sauƙin rubuta fayil ɗin YAML iri ɗaya, ƙara wasu masu riƙe da shi, wanda Helm zai maye gurbin ƙimar. Wato, a maimakon ɗimbin ɓangarorin ɓangarorin, za a sami ɗimbin samfura waɗanda za a musanya abubuwan da ake buƙata a cikin su a lokacin da ya dace.

Na uku, Helm - maigidan turawa. Da shi zaka iya shigarwa, jujjuyawa da sabunta aikace-aikace. Bari mu gano yadda za a yi wannan.

Yadda ake amfani da Helm don ƙaddamar da aikace-aikacen ku

Bari mu shigar da abokin ciniki Helm akan kwamfutarka, bin hukuma umarnin. Na gaba, za mu ƙirƙiri saitin fayilolin YAML. Maimakon ƙayyadaddun ƙayyadaddun ƙididdiga, za mu bar masu sanya wuri, wanda Helm zai cika da bayanai a nan gaba. Saitin irin waɗannan fayilolin ana kiransa taswirar Helm. Ana iya aika shi zuwa ga abokin ciniki na Helm console ta hanyoyi uku:

• nuna babban fayil tare da samfuri;
• tattara tarihin cikin .tar kuma ku nuna shi;
• saka samfuri a cikin ma'ajiyar nesa kuma ƙara hanyar haɗi zuwa ma'ajiyar a cikin abokin ciniki Helm.

Hakanan kuna buƙatar fayil mai ƙima - values.yaml. Za a shigar da bayanan daga can cikin samfuri. Mu kirkiro shi ma.

Siga na biyu na Helm yana da ƙarin aikace-aikacen uwar garken - Tiller. Yana rataye a waje da Kubernetes kuma yana jiran buƙatun daga abokin ciniki na Helm, kuma lokacin da aka kira shi, yana canza ƙimar da ake buƙata a cikin samfuri kuma aika shi zuwa Kubernetes.

Helm 3 ya fi sauƙi: maimakon sarrafa samfura akan sabar, yanzu ana sarrafa bayanai gaba ɗaya a gefen abokin ciniki na Helm kuma a aika kai tsaye zuwa Kubernetes API. Wannan sauƙaƙan yana inganta tsaro ta gungu kuma yana sauƙaƙe tsarin ƙaddamarwa.

Yaya duk yake aiki

Gudanar da umarnin helm install. Mu nuna sunan sakin aikace-aikacen kuma mu ba da hanyar ƙima.yaml. A karshen za mu nuna ma'ajiyar da ginshiƙi a ciki da kuma sunan ginshiƙi. A cikin misalin, waɗannan sune "lmru" da "bestchart", bi da bi.

helm install --name bestapp --values values.yaml lmru/bestchart

Ana iya aiwatar da umarnin sau ɗaya kawai, idan an sake aiwatar da shi maimakon haka install bukatar amfani upgrade. Don sauƙi, maimakon umarni biyu, kuna iya gudanar da umarnin upgrade tare da ƙarin maɓalli --install. Lokacin da aka kashe shi a karon farko, Helm zai aika umarni don shigar da sakin, kuma zai sabunta shi a nan gaba.

helm upgrade --install bestapp --values values.yaml lmru/bestchart

Matsalolin tura sabbin nau'ikan aikace-aikace tare da Helm

A wannan lokacin a cikin labarin, Ina wasa Wanene yake son zama Miloniya tare da masu sauraro, kuma muna gano yadda ake samun Helm don sabunta sigar app. Kalli bidiyon.

Lokacin da nake koyon yadda Helm ke aiki, na yi mamakin baƙon hali lokacin ƙoƙarin sabunta nau'ikan aikace-aikacen da ke gudana. Na sabunta lambar aikace-aikacen, na loda sabon hoto zuwa rajistar Docker, na aika umarnin turawa - kuma ba abin da ya faru. A ƙasa akwai wasu hanyoyin da ba cikakkiyar nasara ba don sabunta aikace-aikace. Ta hanyar nazarin kowannensu daki-daki, za ku fara fahimtar tsarin ciki na kayan aiki da kuma dalilan wannan halin da ba a bayyana ba.

Hanyar 1. Kar a canza bayani tun lokacin ƙaddamar da ƙarshe

Kamar yadda yake cewa official website Helm, "Tsarin Kubernetes na iya zama babba kuma mai rikitarwa, don haka Helm yayi ƙoƙarin kada ya taɓa wani abu da yawa." Don haka, idan kun sabunta sabon sigar hoton aikace-aikacen a cikin rajistar docker kuma ku aiwatar da umarni helm upgrade, to babu abin da zai faru. Helm zai yi tunanin cewa babu abin da ya canza kuma babu buƙatar aika umarni zuwa Kubernetes don sabunta aikace-aikacen.

Anan da ƙasa, ana nuna sabon tag ɗin kawai azaman misali. Lokacin da kuka saka wannan alamar, Kubernetes zai zazzage hoton daga wurin rajistar docker kowane lokaci, ba tare da la'akari da sigar hotoPullPolicy ba. Yin amfani da sabbin abubuwan samarwa baya so kuma yana haifar da illa.

Hanya 2. Sabunta LABEL a hoto

Kamar yadda aka rubuta a cikin guda takardun, "Helm zai sabunta aikace-aikacen ne kawai idan ya canza tun daga ƙarshe." Zaɓin ma'ana don wannan yana da alama yana ɗaukaka LABEL a cikin hoton docker kanta. Koyaya, Helm baya duba hotunan aikace-aikacen kuma bashi da masaniya game da kowane canje-canje a gare su. Saboda haka, lokacin sabunta alamun a cikin hoton, Helm ba zai san game da su ba, kuma ba za a aika umarnin sabunta aikace-aikacen zuwa Kubernetes ba.

Hanyar 3: Yi amfani da maɓalli --force

Bari mu juya zuwa littafin jagora kuma mu nemi maɓallin da ake buƙata. Makullin yana yin mafi ma'ana --force. Duk da sunan da aka sani, halin ya bambanta da yadda ake tsammani. Maimakon tilasta sabunta aikace-aikacen, ainihin manufarsa ita ce maido da sakin da ke cikin halin FAILED. Idan baku yi amfani da wannan maɓalli ba, kuna buƙatar aiwatar da umarni a jere helm delete && helm install --replace. Ana ba da shawarar amfani da maɓallin maimakon --force, wanda ke sarrafa aiwatar da waɗannan umarni a jere. Karin bayani a cikin wannan ja roƙon. Domin gaya wa Helm ya sabunta sigar aikace-aikacen, abin takaici, wannan maɓallin ba zai yi aiki ba.

Hanyar 4. Canja lakabi kai tsaye a cikin Kubernetes

Ana sabunta tambarin kai tsaye a cikin gungu ta amfani da umarni kubectl edit - mummunan ra'ayi. Wannan matakin zai haifar da rashin daidaituwa na bayanai tsakanin aikace-aikacen da ke gudana da wanda aka aiko da farko don turawa. Halin Helm yayin turawa a cikin wannan yanayin ya bambanta da sigar sa: Helm 2 ba zai yi komai ba, kuma Helm 3 zai tura sabon sigar aikace-aikacen. Don fahimtar dalilin da yasa, kuna buƙatar fahimtar yadda Helm ke aiki.

Ta yaya Helm ke aiki?

Don tantance idan aikace-aikacen ya canza tun lokacin da aka sake shi, Helm na iya amfani da:

• aikace-aikacen da ke gudana a Kubernetes;
• sababbin dabi'u.yaml da ginshiƙi na yanzu;
• Bayanin sakin ciki na Helm.

Don ƙarin ban sha'awa: a ina Helm ke adana bayanan ciki game da sakewa?Ta hanyar aiwatar da umarnin helm history, za mu sami duk bayanan game da sigar da aka shigar ta amfani da Helm.

Hakanan akwai cikakkun bayanai game da samfuran da aka aiko da ƙima. Za mu iya nema:

A cikin sigar Helm ta biyu, wannan bayanin yana cikin filin suna guda ɗaya inda Tiller ke gudana (kube-system by tsohuwa), a cikin ConfigMap, mai alamar “OWNER=TILLER”:

Lokacin da sigar Helm ta uku ta bayyana, bayanin ya koma ga sirri, kuma zuwa wurin suna guda ɗaya inda aikace-aikacen ke gudana. Godiya ga wannan, ya zama mai yiwuwa a gudanar da aikace-aikace da yawa lokaci guda a cikin wurare daban-daban tare da sunan saki iri ɗaya. A cikin sigar ta biyu ya kasance babban ciwon kai lokacin da aka ware wuraren suna amma suna iya rinjayar junansu.

Helm na biyu, lokacin ƙoƙarin fahimtar ko ana buƙatar sabuntawa, yana amfani da tushen bayanai guda biyu kawai: abin da aka ba shi yanzu, da bayanan ciki game da sakewa, waɗanda ke cikin ConfigMap.

Helm na uku yana amfani da dabarun haɗin kai uku: ban da wannan bayanin, yana kuma la'akari da aikace-aikacen da ke gudana yanzu a Kubernetes.

Don haka, tsohuwar sigar Helm ba za ta yi komai ba, tunda ba ta la'akari da bayanan aikace-aikacen a cikin gungu ba, amma Helm 3 zai karɓi canje-canje kuma ya aika sabon aikace-aikacen don turawa.

Hanyar 5. Yi amfani da --recreate-pods switch

Tare da maɓalli --recreate-pods za ku iya cimma abin da kuka shirya don cimmawa da maɓalli --force. Kwantena za su sake farawa kuma, bisa ga hotonPullPolicy: Koyaushe manufofin don sabon tag (ƙari akan wannan a cikin bayanin kula a sama), Kubernetes zai zazzage kuma ya ƙaddamar da sabon sigar hoton. Ba za a yi wannan ta hanya mafi kyau ba: ba tare da la'akari da Dabarun Nau'in turawa ba, ba zato ba tsammani zai kashe duk tsoffin aikace-aikacen aikace-aikacen kuma fara ƙaddamar da sababbi. A lokacin sake farawa, tsarin ba zai yi aiki ba, masu amfani za su sha wahala.

A cikin Kubernetes kanta, irin wannan matsala kuma ta wanzu na dogon lokaci. Kuma yanzu, shekaru 4 bayan budewa Issue, an gyara matsalar, kuma farawa da sigar 1.15 na Kubernetes, ikon sake kunna kwasfan fayiloli yana bayyana.

Helm kawai yana kashe duk aikace-aikace kuma ya ƙaddamar da sabbin kwantena kusa. Ba za ku iya yin wannan a cikin samarwa ba, don kada ku haifar da raguwar aikace-aikacen. Ana buƙatar wannan kawai don buƙatun ci gaba kuma ana iya yin shi ne kawai a cikin yanayin yanayi.

Yadda ake sabunta sigar aikace-aikacen ta amfani da Helm?

Za mu canza dabi'un da aka aika zuwa Helm. Yawanci, waɗannan ƙimomi ne waɗanda aka maye gurbinsu da alamar hoton. A cikin yanayin na baya-bayan nan, wanda galibi ana amfani da shi don yanayin da ba shi da amfani, bayanan da za a iya canzawa shine annotation, wanda ba shi da amfani ga Kubernetes kanta, kuma ga Helm zai yi aiki azaman sigina don buƙatar sabunta aikace-aikacen. Zaɓuɓɓuka don cika ƙimar annotation:

1. Ƙimar bazuwar ta amfani da daidaitaccen aiki - {{ randAlphaNum 6 }}.
   Akwai faɗakarwa: bayan kowane turawa ta amfani da ginshiƙi tare da irin wannan m, ƙimar annotation za ta kasance na musamman, kuma Helm zai ɗauka cewa akwai canje-canje. Ya zama cewa za mu sake kunna aikace-aikacen, koda kuwa ba mu canza sigar sa ba. Wannan ba mahimmanci ba ne, tun da ba za a sami raguwa ba, amma har yanzu yana da dadi.
2. Manna halin yanzu kwanan wata da lokaci - {{ .Release.Date }}.
   Bambancin yana kama da ƙimar bazuwar tare da madaidaicin madaidaicin dindindin.
3. Hanyar da ta fi dacewa ita ce amfani checksums. Wannan shine SHA na hoton ko SHA na ƙaddamarwar ƙarshe a cikin git - {{ .Values.sha }}.
   Za a buƙaci a ƙidaya su kuma aika zuwa abokin ciniki na Helm a gefen kira, misali a Jenkins. Idan aikace-aikacen ya canza, to checksum zai canza. Don haka, Helm zai sabunta aikace-aikacen ne kawai lokacin da ake buƙata.

Bari mu taƙaita ƙoƙarinmu

• Helm yana yin canje-canje a cikin mafi ƙarancin ɓarna, don haka duk wani canji a matakin hoton aikace-aikacen a cikin Docker Registry ba zai haifar da sabuntawa ba: babu abin da zai faru bayan an aiwatar da umarnin.
• Key --force da ake amfani dashi don maido da fitowar matsala kuma baya alaƙa da sabuntawar tilastawa.
• Key --recreate-pods zai sabunta aikace-aikace da ƙarfi, amma zai yi ta ta hanyar ɓarna: zai kashe duk kwantena kwatsam. Masu amfani za su sha wahala daga wannan; bai kamata ku yi wannan a samarwa ba.
• Yi canje-canje kai tsaye zuwa gungu na Kubernetes ta amfani da umarnin kubectl edit kar a: za mu karya daidaito, kuma halin zai bambanta dangane da sigar Helm.
• Tare da sakin sabon sigar Helm, nuances da yawa sun bayyana. An bayyana batutuwan da ke cikin ma'ajin Helm a cikin harshe mai haske, za su taimaka muku fahimtar cikakkun bayanai.
• Ƙara bayanin da za a iya gyarawa zuwa ginshiƙi zai sa ya fi sauƙi. Wannan zai baka damar fitar da aikace-aikacen daidai, ba tare da bata lokaci ba.

Tunanin "zaman lafiya na duniya" wanda ke aiki a duk sassan rayuwa: karanta umarnin kafin amfani, ba bayan haka ba. Sai kawai tare da cikakken bayani zai yiwu a gina ingantaccen tsarin da kuma sa masu amfani farin ciki.

Sauran alaƙa masu alaƙa:

1. Sanin da Hanya 3
2. Gidan yanar gizon Helm
3. Wurin ajiya na Helm akan GitHub
4. 25 Kayan Aikin Kubernetes masu Amfani: Ƙaddamarwa da Gudanarwa

An fara gabatar da wannan rahoto a @Taron Kubernetes Ta hanyar Mail.ru Cloud Solutions. Duba видео sauran wasan kwaikwayo da kuma biyan kuɗi zuwa sanarwar taron akan Telegram A kusa da Kubernetes a Ƙungiyar Mail.ru.

source: www.habr.com