Kuna amfani da Kubernetes? Shirya don matsar da misalin BPM na ku na Camunda daga na'urori masu kama-da-wane, ko wataƙila kawai gwada su akan Kubernetes? Bari mu kalli wasu jeri na gama-gari da abubuwa guda ɗaya waɗanda za a iya keɓance su da takamaiman buƙatun ku.
Yana ɗauka cewa kun yi amfani da Kubernetes a baya. Idan ba haka ba, me zai hana a duba kuma ba fara gungu na farko ba?
Authors
- (Alastair Firth) - Babban Injiniyan Amintaccen Yanar Gizo akan ƙungiyar Camunda Cloud;
- (Lars Lange) - Injiniya DevOps a Camunda.
A takaice:
git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold
Ok, mai yiwuwa bai yi aiki ba saboda ba ku da skaffold kuma kustomize shigar. To sai ku karanta!
Menene Camunda BPM
Camunda BPM buɗaɗɗen tsarin gudanarwar kasuwanci ne da dandamalin yanke shawara wanda ke haɗa masu amfani da kasuwanci da masu haɓaka software. Yana da manufa don daidaitawa da haɗa mutane, sabis (micro) ko ma bots! Kuna iya karanta ƙarin game da lokuta daban-daban na amfani a .
Me yasa ake amfani da Kubernetes
Kubernetes ya zama ma'auni na gaskiya don gudanar da aikace-aikacen zamani akan Linux. Ta amfani da kiran tsarin maimakon kwaikwayar kayan aiki da ikon kernel don sarrafa ƙwaƙwalwar ajiya da sauya ɗawainiya, lokacin taya da lokacin farawa ana kiyaye su zuwa mafi ƙanƙanta. Koyaya, babbar fa'ida na iya zuwa daga daidaitaccen API ɗin da Kubernetes ke bayarwa don saita kayan aikin da duk aikace-aikacen ke buƙata: ajiya, hanyar sadarwa, da saka idanu. Ya juya shekaru 2020 a cikin Yuni 6 kuma watakila shine aikin budewa mafi girma na biyu (bayan Linux). Kwanan nan ya kasance yana ƙarfafa aikin sa bayan saurin haɓakawa a cikin ƴan shekarun da suka gabata yayin da ya zama mahimmanci ga samar da ayyukan aiki a duniya.
Injin Camunda BPM yana iya haɗawa cikin sauƙi zuwa wasu aikace-aikacen da ke gudana akan gungu iri ɗaya, kuma Kubernetes yana ba da ingantaccen ƙima, yana ba ku damar haɓaka farashin kayan aikin kawai lokacin da ake buƙata da gaske (da sauƙin rage su kamar yadda ake buƙata).
Hakanan ana inganta ingancin saka idanu tare da kayan aikin kamar Prometheus, Grafana, Loki, Fluentd da Elasticsearch, yana ba ku damar duba duk nauyin aiki a cikin tari. A yau za mu kalli yadda ake aiwatar da mai fitar da Prometheus a cikin Injin Virtual na Java (JVM).
Manufofin
Bari mu kalli ƴan wuraren da za mu iya keɓance hoton Camunda BPM Docker () don haka yana hulɗa da kyau tare da Kubernetes.
- Logs da awo;
- Haɗin bayanan bayanai;
- Tabbatarwa;
- Gudanar da zama.
Za mu dubi hanyoyi da yawa don cimma waɗannan manufofin kuma mu nuna a fili gaba ɗaya tsarin.
Примечание: Kuna amfani da sigar Enterprise? Duba da sabunta hanyoyin haɗin hoto kamar yadda ake buƙata.
Ci gaban aikin aiki
A cikin wannan demo, za mu yi amfani da Skaffold don gina hotunan Docker ta amfani da Google Cloud Build. Yana da kyakkyawan tallafi ga kayan aikin daban-daban (kamar Kustomize da Helm), CI da kayan aikin gini, da masu samar da ababen more rayuwa. Fayil skaffold.yaml.tmpl ya haɗa da saituna don Google Cloud Build da GKE, suna ba da hanya mai sauƙi don gudanar da kayan aikin samarwa.
make skaffold zai loda mahallin Dockerfile a cikin Gine-ginen Cloud, gina hoton kuma adana shi a cikin GCR, sannan a yi amfani da bayanan ga tarin ku. Wannan shi ne abin da yake yi make skaffold, amma Skaffold yana da wasu fasaloli da yawa.
Don samfuran yaml a cikin Kubernetes, muna amfani da kustomize don sarrafa yaml overlays ba tare da ƙera dukkan bayanan ba, yana ba ku damar amfani da su. git pull --rebase don ƙarin ingantawa. Yanzu yana cikin kubectl kuma yana aiki sosai don irin waɗannan abubuwan.
Muna kuma amfani da envsubst don cika sunan mai masauki da ID na aikin GCP a cikin fayilolin * .yaml.tmpl. Kuna iya ganin yadda yake aiki a ciki makefile ko dai ci gaba da gaba.
Abubuwan da ake bukata
- Tarin aiki
- - don ƙirƙirar hotunan docker naku da sauƙin turawa zuwa GKE
- Kwafin wannan lambar
- Envsubst
Yin amfani da kayan aiki da kayan aiki
Idan baku son yin amfani da kustomize ko skaffold, kuna iya komawa ga bayyanawa a ciki generated-manifest.yaml kuma daidaita su zuwa tsarin aikin da kuka zaɓa.
Logs da awo
Prometheus ya zama ma'auni don tattara awo a cikin Kubernetes. Ya mamaye niche iri ɗaya kamar AWS Cloudwatch Metrics, Faɗakarwar Cloudwatch, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics da sauransu. Buɗaɗɗen tushe ne kuma yana da yaren tambaya mai ƙarfi. Za mu ba da amanar gani ga Grafana - ya zo tare da adadi mai yawa na dashboards da ake samu daga cikin akwatin. An haɗa su da juna kuma suna da sauƙin shigar da su .
Ta hanyar tsoho, Prometheus yana amfani da samfurin hakar <service>/metrics, kuma ƙara kwantena na gefe don wannan abu ne na kowa. Abin takaici, ma'aunin JMX ya fi dacewa a cikin JVM, don haka kwantena na gefe ba su da inganci. Mu haɗa bude tushen daga Prometheus zuwa JVM ta ƙara shi zuwa hoton akwati wanda zai samar da hanyar /metrics a wata tashar ruwa ta daban.
Ƙara Prometheus jmx_exporter zuwa akwati
-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0
## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml
To, hakan ya yi sauki. Mai fitarwa zai saka idanu akan tomcat kuma ya nuna ma'aunin sa a cikin tsarin Prometheus a <svc>:9404/metrics
Saitin mai fitarwa
Mai karatu mai hankali na iya mamakin inda ya fito prometheus-jmx.yaml? Akwai abubuwa da yawa daban-daban waɗanda zasu iya gudana a cikin JVM, kuma tomcat ɗaya ne kawai daga cikinsu, don haka mai fitarwa yana buƙatar ƙarin tsari. Daidaitaccen daidaitawa don tomcat, wildfly, kafka da sauransu suna samuwa . Za mu ƙara tomcat kamar yadda a Kubernetes sa'an nan kuma saka shi azaman ƙara.
Da farko, muna ƙara fayil ɗin daidaitawar mai fitarwa zuwa dandalin mu/daidaita/ shugabanci
platform/config
└── prometheus-jmx.yaml
Sai mu kara в kustomization.yaml.tmpl:
-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...]
configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml
Wannan zai ƙara kowane kashi files[] azaman sigar daidaitawar ConfigMap. ConfigMapGenerators suna da kyau saboda suna hash bayanan daidaitawa kuma suna tilasta faifan sake kunnawa idan ya canza. Hakanan suna rage adadin daidaitawa a cikin Ƙaddamarwa tunda kuna iya hawa gabaɗayan "fayil" na fayilolin sanyi a cikin VolumeMount ɗaya.
A ƙarshe, muna buƙatar hawa ConfigMap a matsayin ƙarar zuwa kwafsa:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]
Abin al'ajabi. Idan ba a saita Prometheus don yin cikakken tsaftacewa ba, ƙila za ku iya gaya masa don tsaftace kwas ɗin. Masu amfani da Prometheus Operator na iya amfani da su service-monitor.yaml don farawa. Bincika Service-monitor.yaml, и kafin ka fara.
Ƙaddamar da wannan tsari zuwa wasu lokuta masu amfani
Duk fayilolin da muka ƙara zuwa ConfigMapGenerator za su kasance a cikin sabon kundin adireshi /etc/config. Kuna iya tsawaita wannan samfuri don hawa kowane fayilolin sanyi da kuke buƙata. Kuna iya harba sabon rubutun farawa. Kuna iya amfani da don ɗora fayiloli guda ɗaya. Don sabunta fayilolin xml, yi la'akari da amfani maimakon sed. An riga an haɗa shi a cikin hoton.
Mujallu
Babban labari! An riga an sami rajistan ayyukan aikace-aikacen akan stdout, misali tare da kubectl logs. Fluentd (wanda aka shigar ta tsohuwa a cikin GKE) zai tura rajistan ayyukan ku zuwa Elasticsearch, Loki, ko dandalin shiga kasuwancin ku. Idan kuna son amfani da jsonify don rajistan ayyukan to zaku iya bin samfurin da ke sama don shigarwa .
Database
Ta hanyar tsoho, hoton zai sami bayanan H2. Wannan bai dace da mu ba, kuma za mu yi amfani da Google Cloud SQL tare da Cloud SQL Proxy - za a buƙaci wannan daga baya don magance matsalolin ciki. Wannan zaɓi ne mai sauƙi kuma abin dogaro idan ba ku da abubuwan da kuke so wajen saita bayanan. AWS RDS yana ba da irin wannan sabis ɗin.
Ba tare da la'akari da bayanan da kuka zaɓa ba, sai dai idan H2 ne, kuna buƙatar saita masu canjin yanayi masu dacewa a ciki. platform/deploy.yaml. Yana kama da wani abu kamar haka:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]
Примечание: Kuna iya amfani da Kustomize don tura zuwa wurare daban-daban ta amfani da abin rufe fuska: .
Примечание: amfani valueFrom: secretKeyRef. Don Allah, yi amfani ko da a lokacin ci gaba don kiyaye sirrin ku.
Wataƙila kun riga kun sami tsarin da aka fi so don sarrafa asirin Kubernetes. Idan ba haka ba, ga wasu zaɓuɓɓuka: Rufe su tare da KMS na mai ba da girgije sannan kuma shigar da su cikin K8S azaman sirri ta bututun CD - - zai yi aiki sosai a hade tare da Kustomize asirin. Akwai wasu kayan aikin, kamar dotGPG, waɗanda ke yin irin wannan ayyuka: , .
Ingress
Sai dai idan kun zaɓi yin amfani da isar da tashar jiragen ruwa na gida, kuna buƙatar ingantaccen Mai sarrafa Ingress. Idan baka amfani () to tabbas kun riga kun san cewa kuna buƙatar shigar da bayanan da suka dace a ciki ingress-patch.yaml.tmpl ko platform/ingress.yaml. Idan kuna amfani da ingress-nginx kuma ku ga ajin inginx na nginx tare da ma'auni mai ɗaukar nauyi da ke nuna shi da wani DNS na waje ko shigarwar DNS, kuna da kyau ku tafi. In ba haka ba, saita Ingress Controller da DNS, ko tsallake waɗannan matakan kuma kiyaye haɗin kai tsaye zuwa kwafsa.
TLS
Idan kana amfani ko kube-lego da letsencrypt - takaddun shaida don sabon shiga za a samu ta atomatik. In ba haka ba, bude ingress-patch.yaml.tmpl kuma ku tsara shi don dacewa da bukatunku.
Kaddamar!
Idan kun bi duk abin da aka rubuta a sama, sannan umarnin make skaffold HOSTNAME=<you.example.com> yakamata a ƙaddamar da misalin da ke akwai a ciki <hostname>/camunda
Idan baku saita shigar ku zuwa URL na jama'a ba, zaku iya tura shi da shi localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 a kan localhost:8080/camunda
Jira ƴan mintuna har sai tomcat ya shirya gaba ɗaya. Cert-manager zai ɗauki ɗan lokaci don tabbatar da sunan yankin. Hakanan zaka iya saka idanu akan rajistan ayyukan ta amfani da kayan aikin da ake da su kamar kayan aiki kamar kubetail, ko kawai ta amfani da kubectl:
kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f
Mataki na gaba
Izini
Wannan ya fi dacewa da daidaitawar Camunda BPM fiye da Kubernetes, amma yana da mahimmanci a lura cewa ta tsohuwa, an kashe tabbaci a cikin REST API. Za ka iya ko amfani da wata hanya kamar . Kuna iya amfani da configmaps da kundin don loda xml, ko xmlstarlet (duba sama) don shirya fayilolin da ke cikin hoton, kuma ko dai amfani da wget ko loda su ta amfani da akwati init da ƙarar da aka raba.
Gudanar da zama
Kamar sauran aikace-aikacen da yawa, Camunda BPM yana gudanar da zaman a cikin JVM, don haka idan kuna son gudanar da kwafi da yawa, zaku iya kunna zaman m.), wanda zai wanzu har sai kwafin ya ɓace, ko saita sifa Max-Age don kukis. Don ƙarin ingantaccen bayani, zaku iya tura Manajan Zama a Tomcat. Lars da akan wannan batu, amma wani abu kamar:
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&
sed -i '/^</Context>/i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://redis-proxy.db:22121"
sticky="false"
sessionBackupAsync="false"
storageKeyPrefix="context"
lockingMode="auto"
/>' conf/context.xml
Примечание: zaka iya amfani da xmlstarlet maimakon sed
Mun yi amfani a gaban Google Cloud Memorystore, tare da (yana goyan bayan Redis) don gudanar da shi.
Sikeli
Idan kun riga kun fahimci zaman, to farkon (kuma sau da yawa na ƙarshe) iyakancewa ga ƙaddamar da Camunda BPM na iya zama haɗin kai zuwa bayanan bayanai. An riga an sami gyare-gyaren wani ɓangare"" Bari mu kuma musaki intialSize a cikin settings.xml fayil. Ƙara kuma zaka iya auna adadin kwas ɗin cikin sauƙi ta atomatik.
Bukatu da ƙuntatawa
В platform/deployment.yaml Za ku ga cewa mun yi hard-coded filin albarkatun. Wannan yana aiki da kyau tare da HPA, amma yana iya buƙatar ƙarin tsari. Kustomize patch ya dace da wannan. Cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl
ƙarshe
Don haka mun shigar da Camunda BPM akan Kubernetes tare da matakan Prometheus, logs, H2 database, TLS da Ingress. Mun ƙara fayilolin kwalba da fayilolin sanyi ta amfani da ConfigMaps da Dockerfile. Mun yi magana game da musayar bayanai zuwa juzu'i da kai tsaye zuwa masu canjin yanayi daga sirri. Bugu da kari, mun bayar da bayyani na kafa Camunda don kwafi da yawa da ingantaccen API.
nassoshi
github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives
05.08.2020/XNUMX/XNUMX, tafsiri Alastair Firth, Lars Lange
source: www.habr.com