ProHoster > Блог > Gudanarwa > Gabatarwa zuwa GitOps don OpenShift

Gabatarwa zuwa GitOps don OpenShift

A yau za mu yi magana game da ka'idoji da samfuran GitOps, da kuma yadda ake aiwatar da waɗannan samfuran akan dandalin OpenShift. Akwai jagorar hulɗa akan wannan batu mahada.

Gabatarwa zuwa GitOps don OpenShift

A taƙaice, GitOps saitin ayyuka ne don amfani da buƙatun ja na Git don sarrafa abubuwan more rayuwa da saitunan aikace-aikace. Ma'ajiyar Git a cikin GitOps ana kula da ita azaman tushen bayanai guda ɗaya game da yanayin tsarin, kuma duk wani canje-canje ga wannan jihar ana iya gano su kuma ana iya duba su.

Tunanin canjin bin diddigin a GitOps ba sabon abu bane; an dade ana amfani da wannan hanyar kusan ko'ina yayin aiki tare da lambar tushen aikace-aikacen. GitOps kawai yana aiwatar da fasali iri ɗaya (bita, buƙatun ja, alamomi, da sauransu) a cikin abubuwan more rayuwa da sarrafa tsarin aikace-aikacen kuma yana ba da fa'idodi iri ɗaya kamar na sarrafa lambar tushe.

Babu wata ma'anar ilimi ko ƙa'idodin da aka amince da su don GitOps, kawai saiti na ƙa'idodi waɗanda aka gina wannan aikin a kai:

  • Ana adana bayanin bayanin tsarin a cikin ma'ajiyar Git (tsari, saka idanu, da sauransu).
  • Ana yin canje-canjen jihohi ta hanyar buƙatun ja.
  • An kawo yanayin tsarin tafiyarwa cikin layi tare da bayanan da ke cikin ma'ajiyar ta amfani da buƙatun turawa Git.

Ka'idodin GitOps

  • Ana bayyana ma'anar tsarin azaman lambar tushe

Ana kula da tsarin tsarin azaman lambar don haka ana iya adana shi kuma a buga shi ta atomatik a cikin ma'ajin Git, wanda ke aiki azaman tushen gaskiya guda ɗaya. Wannan hanyar tana ba da sauƙi don fitar da canje-canje a cikin tsarin.

  • An saita yanayin da ake so da tsarin tsarin a Git

Ta hanyar adanawa da sigar tsarin tsarin da ake so a cikin Git, muna samun damar fitar da sauƙi da jujjuya canje-canje zuwa tsarin da aikace-aikace. Hakanan zamu iya amfani da hanyoyin tsaro na Git don sarrafa ikon mallakar lamba da kuma tabbatar da sahihancin sa.

  • Ana iya amfani da canje-canjen saiti ta atomatik ta buƙatun ja

Yin amfani da buƙatun ja na Git, za mu iya sarrafa sauƙin yadda ake amfani da canje-canje ga saiti a cikin ma'ajiyar. Misali, ana iya ba su ga sauran membobin ƙungiyar don dubawa ko gudanar da gwajin CI, da sauransu.

Kuma a lokaci guda, babu buƙatar rarraba ikon gudanarwa hagu da dama. Don aiwatar da canje-canje na sanyi, masu amfani kawai suna buƙatar izini masu dacewa a cikin ma'ajiyar Git inda aka adana waɗannan saitunan.

  • Kayyade matsalar ƙwanƙwasa ɗimbin saiti

Da zarar an adana yanayin tsarin da ake so a cikin ma'ajiyar Git, abin da za mu yi shi ne nemo software da za ta tabbatar da cewa yanayin tsarin na yanzu ya dace da yanayin da ake so. Idan ba haka lamarin yake ba, to wannan software ya kamata - ya danganta da saitunan - ko dai ta kawar da sabani da kanta, ko kuma ta sanar da mu game da faifan sanyi.

GitOps Model don OpenShift

Mai daidaita Albarkatun Kan-Cluster

Bisa ga wannan ƙirar, tarin yana da mai sarrafawa wanda ke da alhakin kwatanta albarkatun Kubernetes (Faylolin YAML) a cikin ma'ajin Git tare da ainihin albarkatu na gungu. Idan an gano bambance-bambance, mai sarrafawa yana aika sanarwa kuma zai yiwu ya ɗauki mataki don gyara bambance-bambancen. Ana amfani da wannan ƙirar GitOps a cikin Gudanarwar Config na Anthos da Weaveworks Flux.

Gabatarwa zuwa GitOps don OpenShift

Mai daidaita Albarkatun Waje (Tura)

Ana iya la'akari da wannan ƙirar azaman bambancin na baya, lokacin da muke da ɗaya ko fiye masu kulawa da ke da alhakin daidaita albarkatu a cikin nau'i-nau'i na "Git repository - Kubernetes cluster". Bambancin anan shine kowane gungu da aka sarrafa ba lallai bane ya sami nashi mai sarrafa kansa. Git - k8s gungu nau'i-nau'i galibi ana bayyana su azaman CRDs (ma'anar albarkatu na al'ada), waɗanda zasu iya bayyana yadda mai sarrafawa yakamata yayi aiki tare. A cikin wannan ƙirar, masu sarrafawa suna kwatanta ma'ajiyar Git da aka ƙayyade a cikin CRD tare da albarkatu na Kubernetes, waɗanda kuma aka ƙayyade a cikin CRD, kuma suna yin ayyuka masu dacewa dangane da sakamakon kwatancen. Musamman, ana amfani da wannan ƙirar GitOps a cikin ArgoCD.

Gabatarwa zuwa GitOps don OpenShift

GitOps akan dandalin OpenShift

Gudanar da kayan aikin Kubernetes masu tarin yawa

Tare da yaɗuwar Kubernetes da haɓakar shaharar dabarun girgije da yawa da ƙididdigar ƙira, matsakaicin adadin gungu na OpenShift kowane abokin ciniki shima yana ƙaruwa.

Misali, lokacin amfani da na'ura mai kwakwalwa, ana iya tura gungu na abokin ciniki ɗaya cikin ɗaruruwa ko ma dubbai. Sakamakon haka, an tilasta masa gudanar da gungu na OpenShift masu zaman kansu da yawa a cikin gajimare na jama'a da kan-gida.

A wannan yanayin, dole ne a warware matsaloli da yawa, musamman:

  • Sarrafa cewa gungu suna cikin yanayi iri ɗaya (tsari, saka idanu, ajiya, da sauransu)
  • Sake ƙirƙira (ko mayar) gungu dangane da sanannen yanayi.
  • Ƙirƙiri sababbin gungu bisa sanannen jiha.
  • Fitar da canje-canje zuwa gungu na OpenShift da yawa.
  • Mirgine canje-canje a cikin ƙungiyoyin OpenShift da yawa.
  • Haɗa saiti mai ƙima zuwa mahalli daban-daban.

Saitunan Aikace-aikace

Lokacin zagayowar rayuwarsu, aikace-aikace sukan wuce ta cikin jerin gungu (dev, mataki, da sauransu) kafin su ƙare cikin gungu na samarwa. Bugu da ƙari, saboda samuwa da buƙatun ƙididdiga, abokan ciniki sukan tura aikace-aikace a cikin ƙungiyoyi masu yawa na kan layi ko yankuna da yawa na dandalin girgije na jama'a.

A wannan yanayin, dole ne a warware wadannan ayyuka:

  • Tabbatar da motsi na aikace-aikace (binaries, configs, da dai sauransu) tsakanin gungu (dev, mataki, da sauransu).
  • Fitar da canje-canje zuwa aikace-aikace (binaries, configs, da dai sauransu) a cikin gungu na OpenShift da yawa.
  • Mayar da canje-canje zuwa aikace-aikace zuwa sanannen jihar da ta gabata.

OpenShift GitOps Amfani da Lambobi

1. Aiwatar da canje-canje daga ma'ajiyar Git

Mai gudanar da tari zai iya adana saitin gungu na OpenShift a cikin ma'ajin Git kuma ya yi amfani da su ta atomatik don ƙirƙirar sabbin gungu ba tare da wahala ba kuma ya kawo su cikin yanayi mai kama da sanannen jihar da aka adana a ma'ajiyar Git.

2. Aiki tare tare da Mai sarrafa Sirri

Hakanan mai gudanarwa zai amfana daga ikon daidaita abubuwan sirri na OpenShift tare da software masu dacewa kamar Vault don sarrafa su ta amfani da kayan aikin da aka kera musamman don wannan.

3. Sarrafa ƙa'idodin drift

Mai gudanarwa kawai zai sami tagomashi idan OpenShift GitOps da kansa ya gano kuma yayi gargaɗi game da bambance-bambance tsakanin ƙayyadaddun saiti na ainihi da waɗanda aka ƙayyade a cikin ma'ajiyar, ta yadda za su iya ba da amsa da sauri ga drift.

4. Fadakarwa game da drift na sanyi

Suna da amfani a cikin yanayin lokacin da mai gudanarwa yana so ya koya da sauri game da lamuran drift na daidaitawa don ɗaukar matakan da suka dace da kansa.

5. Aiki tare da hannu na daidaitawa lokacin tuƙi

Yana ba mai gudanarwa damar aiki tare da OpenShift cluster tare da ma'ajiyar Git a yayin da aka yi sanyi, don dawo da gungu cikin sauri zuwa sanannen jihar da ta gabata.

6.Auto-synchronization na jeri a lokacin drifting

Hakanan mai gudanarwa na iya saita gungu na OpenShift don yin aiki tare ta atomatik tare da ma'ajiyar lokacin da aka gano drift, ta yadda tsarin gungu koyaushe ya dace da saitunan Git.

7. Tari da yawa - ma'ajiyar ajiya daya

Mai gudanarwa na iya adana jeri na gungu na OpenShift daban-daban a cikin ma'ajiyar Git guda ɗaya kuma zaɓi amfani da su kamar yadda ake buƙata.

8. Matsayin tsarin gungu (gado)

Mai gudanarwa na iya saita tsarin tsarin gungu a cikin ma'ajiyar (mataki, samfuri, fayil ɗin app, da sauransu tare da gado). A wasu kalmomi, yana iya ƙayyade ko ya kamata a yi amfani da saiti zuwa ɗaya ko fiye da gungu.

Misali, idan mai gudanarwa ya saita matsayi "gungu na samarwa (samfurin) → Tsarin X clusters → Samar da gungu na tsarin X" a cikin ma'ajin Git, to ana amfani da haɗin waɗannan saiti masu zuwa ga tsarin samar da tsarin X:

  • Saituna gama gari ga duk gungu na samarwa.
  • Tsari don gungu na System X.
  • Saituna don gungu samar da tsarin X.

9. Samfura da daidaitawa sun soke

Mai gudanarwa na iya soke saitin saitin saitin da aka gada da kimarsu, alal misali, don daidaita yanayin ƙayyadaddun gungu waɗanda za a yi amfani da su.

10. Zaɓin haɗawa da keɓance don daidaitawa, saitunan aikace-aikacen

Mai gudanarwa na iya saita sharuɗɗan aikace-aikace ko rashin aikace-aikacen wasu jeri zuwa gungu tare da wasu halaye.

11. Taimakon samfuri

Masu haɓakawa za su amfana daga ikon zaɓar yadda za a ayyana albarkatun aikace-aikacen (Chart Helm, pure Kubernetes yaml, da sauransu) don amfani da mafi kyawun tsari ga kowane takamaiman aikace-aikacen.

GitOps kayan aikin akan dandalin OpenShift

ArgoCD

ArgoCD yana aiwatar da ƙirar Reconcile Resource Reconcile kuma yana ba da UI na tsakiya don tsara alaƙa ɗaya zuwa da yawa tsakanin gungu da ma'ajin Git. Abubuwan da ke cikin wannan shirin sun haɗa da rashin iya sarrafa aikace-aikace lokacin da ArgoCD ba ya aiki.

Official website

ƙarƙashinsu

Flux yana aiwatar da tsarin Sasantawa na Kan-Cluster Resource Reconcile kuma, a sakamakon haka, babu wani tsarin gudanarwa na tsakiya na ma'anar ma'anar, wanda ke da rauni. A gefe guda, daidai saboda rashin daidaituwa, ikon sarrafa aikace-aikacen ya kasance ko da gungu ɗaya ya gaza.

Official website

Shigar da ArgoCD akan OpenShift

ArgoCD yana ba da ingantaccen layin umarni da na'ura wasan bidiyo na yanar gizo, don haka ba za mu rufe Flux da sauran madadin anan ba.

Don tura ArgoCD akan dandalin OpenShift 4, bi waɗannan matakan azaman mai gudanar da tari:

Ƙaddamar da abubuwan ArgoCD akan dandalin OpenShift

# Create a new namespace for ArgoCD components
oc create namespace argocd
# Apply the ArgoCD Install Manifest
oc -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.2.2/manifests/install.yaml
# Get the ArgoCD Server password
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')

Inganta ArgoCD Server ta yadda za a iya gani ta hanyar OpenShift Route

# Patch ArgoCD Server so no TLS is configured on the server (--insecure)
PATCH='{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"argocd-server"}],"containers":[{"command":["argocd-server","--insecure","--staticassets","/shared/app"],"name":"argocd-server"}]}}}}'
oc -n argocd patch deployment argocd-server -p $PATCH
# Expose the ArgoCD Server using an Edge OpenShift Route so TLS is used for incoming connections
oc -n argocd create route edge argocd-server --service=argocd-server --port=http --insecure-policy=Redirect

Ana tura kayan aikin ArgoCD Cli

# Download the argocd binary, place it under /usr/local/bin and give it execution permissions
curl -L https://github.com/argoproj/argo-cd/releases/download/v1.2.2/argocd-linux-amd64 -o /usr/local/bin/argocd
chmod +x /usr/local/bin/argocd

Canza kalmar wucewa ta ArgoCD Server

# Get ArgoCD Server Route Hostname
ARGOCD_ROUTE=$(oc -n argocd get route argocd-server -o jsonpath='{.spec.host}')
# Login with the current admin password
argocd --insecure --grpc-web login ${ARGOCD_ROUTE}:443 --username admin --password ${ARGOCD_SERVER_PASSWORD}
# Update admin's password
argocd --insecure --grpc-web --server ${ARGOCD_ROUTE}:443 account update-password --current-password ${ARGOCD_SERVER_PASSWORD} --new-password

Bayan kammala waɗannan matakan, zaku iya aiki tare da ArgoCD Server ta hanyar ArgoCD WebUI na'ura wasan bidiyo ko kayan aikin layin umarni na ArgoCD Cli.
https://blog.openshift.com/is-it-too-late-to-integrate-gitops/

GitOps - Bai Taba Latti ba

"Tsarin jirgin ya tafi" - wannan shine abin da suke fada game da halin da ake ciki lokacin da aka rasa damar yin wani abu. A cikin yanayin OpenShift, sha'awar fara amfani da wannan sabon dandamali mai sanyi sau da yawa yana haifar da daidai wannan yanayin tare da gudanarwa da kula da hanyoyi, turawa da sauran abubuwan OpenShift. Amma dama ko yaushe a rasa gaba daya?

Ci gaba da jerin labaran game da GitOps, a yau za mu nuna muku yadda ake canza aikace-aikacen hannu da albarkatunsa zuwa tsari inda kayan aikin GitOps ke sarrafa komai. Don yin wannan, za mu fara tura aikace-aikacen httpd da hannu. Hoton da ke ƙasa yana nuna yadda muke ƙirƙira wurin suna, turawa da sabis, sannan mu fallasa wannan sabis ɗin don ƙirƙirar hanya.

oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/namespace.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/deployment.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/service.yaml
oc expose svc/httpd -n simple-app

Don haka muna da aikace-aikacen hannu. Yanzu yana buƙatar canjawa wuri ƙarƙashin gudanarwar GitOps ba tare da asarar samuwa ba. A takaice, yana yin haka:

  • Ƙirƙiri wurin ajiyar Git don lambar.
  • Muna fitar da abubuwan mu na yanzu kuma muna loda su zuwa ma'ajiyar Git.
  • Zaɓi da tura kayan aikin GitOps.
  • Mun ƙara ma'ajiyar mu zuwa wannan kayan aikin.
  • Mun ayyana aikace-aikacen a cikin kayan aikin mu na GitOps.
  • Muna yin gwajin gwajin aikace-aikacen ta amfani da kayan aikin GitOps.
  • Muna daidaita abubuwa ta amfani da kayan aikin GitOps.
  • Kunna datsa da aiki tare da atomatik abubuwa.

Kamar yadda aka ambata a baya labarin, A cikin GitOps akwai tushen bayanai guda ɗaya da ɗaya kawai game da duk abubuwa a cikin gungu na Kubernetes - ma'ajin Git. Bayan haka, muna ci gaba daga yanayin da ƙungiyarku ta riga ta yi amfani da ma'ajiyar Git. Yana iya zama na jama'a ko na sirri, amma dole ne ya kasance mai isa ga gungu na Kubernetes. Wannan na iya zama ma'ajiya iri ɗaya da na lambar aikace-aikacen, ko wani ma'adana daban da aka ƙirƙira musamman don turawa. Ana ba da shawarar samun izini mai tsauri a cikin ma'ajin tunda za a adana sirri, hanyoyi, da sauran abubuwan da ke da tsaro a wurin.

A cikin misalinmu, za mu ƙirƙiri sabon ma'ajiyar jama'a akan GitHub. Kuna iya kiran shi duk abin da kuke so, muna amfani da sunan blogpost.

Idan ba a adana fayilolin abu na YAML a cikin gida ko a cikin Git ba, to dole ne ku yi amfani da oc ko kubectl binaries. A cikin hoton da ke ƙasa muna neman YAML don sunan mu, turawa, sabis da hanya. Kafin wannan, mun rufe sabon ma'ajiyar da aka ƙirƙira da cd a ciki.

oc get namespace simple-app -o yaml --export > namespace.yaml
oc get deployment httpd -o yaml -n simple-app --export > deployment.yaml
oc get service httpd -o yaml -n simple-app --export > service.yaml
oc get route httpd -o yaml -n simple-app --export > route.yaml

Yanzu bari mu gyara fayil ɗin deployment.yaml don cire filin da Argo CD ba zai iya daidaitawa ba.

sed -i '/sgeneration: .*/d' deployment.yaml

Bugu da ƙari, ana buƙatar canza hanyar. Za mu fara saita maɓalli na multiline sa'an nan kuma mu maye gurbin ingress: null tare da abubuwan da ke cikin wannan canjin.

export ROUTE="  ingress:                                                            
    - conditions:
        - status: 'True'
          type: Admitted"

sed -i "s/  ingress: null/$ROUTE/g" route.yaml

Don haka, mun tsara fayilolin, abin da ya rage shine adana su zuwa ma'ajiyar Git. Bayan haka wannan ma'ajiyar ta zama tushen bayanai kawai, kuma duk wani canji na hannu zuwa abubuwa ya kamata a haramta shi sosai.

git commit -am ‘initial commit of objects’
git push origin master

Muna ci gaba daga gaskiyar cewa kun riga kun tura ArgoCD (yadda ake yin wannan - duba baya post). Don haka, za mu ƙara zuwa CD ɗin Argo wurin ajiyar da muka ƙirƙira, mai ɗauke da lambar aikace-aikacen daga misalinmu. Kawai tabbatar cewa kun saka ainihin ma'ajiyar da kuka ƙirƙiri a baya.

argocd repo add https://github.com/cooktheryan/blogpost

Yanzu bari mu ƙirƙiri aikace-aikacen. Aikace-aikacen yana tsara dabi'u don GitOps Toolkit ya fahimci wace ma'ajiya da hanyoyin da za a yi amfani da su, wanda OpenShift ake buƙata don sarrafa abubuwa, wanda takamaiman reshe na ma'ajiyar ke buƙata, kuma ko albarkatun yakamata su daidaita kai tsaye.

argocd app create --project default 
--name simple-app --repo https://github.com/cooktheryan/blogpost.git 
--path . --dest-server https://kubernetes.default.svc 
--dest-namespace simple-app --revision master --sync-policy none

Da zarar an ayyana aikace-aikace a cikin CD ɗin Argo, kayan aikin yana fara duba abubuwan da aka riga aka tura akan ma'anar ma'ajin. A cikin misalinmu, daidaitawa ta atomatik da tsaftacewa ba su da kyau, don haka abubuwan ba su canza ba tukuna. Lura cewa a cikin Argo CD interface aikace-aikacenmu zai sami matsayi "Out of Sync" saboda babu alamar da ArgoCD ke bayarwa.
Wannan shine dalilin da ya sa idan muka fara aiki tare kadan daga baya, abubuwan ba za a sake tura su ba.

Yanzu bari mu yi gwajin gwaji don tabbatar da cewa babu kurakurai a cikin fayilolin mu.

argocd app sync simple-app --dry-run

Idan babu kurakurai, to zaku iya ci gaba zuwa aiki tare.

argocd app sync simple-app

Bayan gudanar da argocd samun umarni akan aikace-aikacen mu, yakamata mu ga cewa matsayin aikace-aikacen ya canza zuwa Lafiya ko Aiki tare. Wannan yana nufin cewa duk albarkatun da ke cikin ma'ajiyar Git yanzu sun yi daidai da waɗancan albarkatun da aka riga aka tura.

argocd app get simple-app
Name:               simple-app
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          simple-app
URL:                https://argocd-server-route-argocd.apps.example.com/applications/simple-app
Repo:               https://github.com/cooktheryan/blogpost.git
Target:             master
Path:               .
Sync Policy:        <none>
Sync Status:        Synced to master (60e1678)
Health Status:      Healthy
...

Yanzu zaku iya kunna daidaitawa ta atomatik da tsaftacewa don tabbatar da cewa babu wani abu da aka ƙirƙira da hannu kuma duk lokacin da aka ƙirƙira wani abu ko sabunta shi zuwa ma'ajiyar, turawa zai faru.

argocd app set simple-app --sync-policy automated --auto-prune

Don haka, mun sami nasarar kawo aikace-aikacen ƙarƙashin ikon GitOps wanda da farko bai yi amfani da GitOps ta kowace hanya ba.

source: www.habr.com

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster