TL, DR: za a sami bayanin Keycloak, tsarin kula da damar samun tushen tushen budewa, nazarin na'urar ciki, cikakkun bayanai.
Gabatarwa da manyan ra'ayoyi
A cikin wannan labarin, za mu ga manyan ra'ayoyin da za mu tuna lokacin da ake tura gungu na Keycloak a saman Kubernetes.
Idan kana son ƙarin sani game da Keycloak, da fatan za a koma zuwa hanyoyin haɗin da ke ƙarshen labarin. Domin nutsad da kanku sosai a aikace, zaku iya yin karatu tare da tsarin da ke aiwatar da mahimman ra'ayoyin wannan labarin (jagorancin ƙaddamarwa yana nan, a cikin wannan labarin za a yi bayyani na na'urar da saitunan, kusan mai fassara).
Keycloak tsari ne mai rikitarwa da aka rubuta a cikin Java kuma an gina shi a saman sabar aikace-aikacen. . A takaice, tsarin izini ne wanda ke ba wa masu amfani da aikace-aikacen tarayya damar da SSO (sa hannu guda).
Muna gayyatar ku don karanta hukuma ko don cikakken fahimta.
Fara Keycloak
Keycloak yana buƙatar tushen bayanai guda biyu masu tsayi don gudana:
- Rubutun bayanai da ake amfani da su don adana bayanan dagewa, kamar bayanai game da masu amfani
- Datagrid cache, wanda ake amfani da shi don adana bayanai daga ma'ajin bayanai, da kuma adana wasu gajerun bayanai da aka canza akai-akai, kamar zaman mai amfani. An sake shi , wanda yawanci yana da sauri fiye da bayanan bayanai. Amma a kowane hali, bayanan da aka adana a cikin Infinispan abin al'ajabi ne - kuma baya buƙatar ajiyewa a wani wuri lokacin da aka sake kunna tarin.
Keycloak yana aiki ta hanyoyi huɗu daban-daban:
- talakawa - tsari ɗaya da guda ɗaya, wanda aka saita ta hanyar fayil kadai.xml
- gungu na yau da kullun (zaɓi mai yawa) - Duk matakai dole ne su yi amfani da tsari iri ɗaya, wanda dole ne a haɗa shi da hannu. Ana adana saituna a cikin fayil tsaye-ha.xml, Bugu da ƙari, kuna buƙatar yin hanyar haɗin kai zuwa bayanan bayanai da ma'auni mai nauyi.
- Tarin yanki - fara gungu a yanayin al'ada da sauri ya zama aiki na yau da kullun kuma mai ban sha'awa yayin da gungu ke girma, tunda duk lokacin da aka canza tsarin, dole ne a yi duk canje-canje akan kowane kumburi na tari. Yanayin aiki na yanki yana magance wannan batu ta hanyar kafa wasu ma'ajiyar da aka raba da buga tsarin. Ana adana waɗannan saitunan a cikin fayil yankin.xml
- Maimaituwa tsakanin cibiyoyin bayanai - idan kuna son kunna Keycloak a cikin gungu na cibiyoyin bayanai da yawa, galibi a wurare daban-daban. A cikin wannan zaɓi, kowace cibiyar bayanai za ta sami nata gungun sabar Maɓalli.
A cikin wannan labarin, za mu yi nazari sosai kan zaɓi na biyu, watau. tari na al'ada, da kuma ɗan taɓawa kan batun maimaitawa tsakanin cibiyoyin bayanai, tun da yake yana da ma'ana don gudanar da waɗannan zaɓuɓɓuka guda biyu a Kubernetes. An yi sa'a Kubernetes ba shi da matsala tare da daidaita saitunan kwasfan fayiloli da yawa (Keycloak nodes), don haka gungu na yanki ba zai yi wuya a yi ba.
Hakanan don Allah a lura cewa kalmar gungu har zuwa karshen labarin zai yi amfani ne kawai ga ƙungiyar Keycloak nodes da ke aiki tare, babu buƙatar komawa zuwa gungu na Kubernetes.
Tarin Maɓalli na yau da kullun
Don kunna Keycloak a wannan yanayin, kuna buƙatar:
- kafa rumbun adana bayanai na waje
- shigar da ma'aunin nauyi
- sami cibiyar sadarwa ta ciki tare da goyan bayan multicast ip
Ba za mu yi nazarin tsarin tsarin bayanan waje ba, tun da ba manufar wannan labarin ba ne. Bari mu ɗauka cewa wani wuri akwai bayanan aiki - kuma muna da hanyar haɗi zuwa gare ta. Za mu ƙara wannan bayanai kawai zuwa masu canjin yanayi.
Don ƙarin fahimtar yadda Keycloak ke aiki a cikin gungu mai gazawa (HA), yana da mahimmanci a san nawa duk ya dogara da damar tari na Wildfly.
Wildfly yana amfani da tsarin ƙasa da yawa, wasu ana amfani da su azaman ma'aunin nauyi, wasu ana amfani da su don gazawar. Ma'auni mai ɗaukar nauyi yana tabbatar da samun aikace-aikacen lokacin da kullin cluster ya yi yawa, kuma rashin nasara yana tabbatar da samuwar aikace-aikacen ko da wasu daga cikin kuɗaɗen tari sun gaza. Wasu daga cikin waɗannan tsarin ƙasa sune:
-
mod_cluster: yana aiki tare da Apache azaman ma'auni mai ɗaukar nauyi na HTTP, ya dogara da multicast TCP don ganowar tsoho. Ana iya maye gurbinsu da ma'auni na waje. -
infinispan: rarraba cache ta amfani da tashoshi na JGroups azaman layin sufuri. Zabi, yana iya amfani da ka'idar HotRod don sadarwa tare da gungu na Infinispan na waje don daidaita abubuwan da ke cikin cache. -
jgroups: Yana ba da goyon baya ga ƙungiyar ƙungiya don samar da ayyuka masu yawa dangane da tashoshin JGroups. Bututu mai suna suna ba da damar haɗa misalan aikace-aikace a cikin tari zuwa ƙungiyoyi domin haɗin yana da kaddarorin kamar amintacce, tsari, da azancin gazawa.
load balancer
Lokacin shigar da ma'auni azaman mai sarrafa ingress a cikin gungu na Kubernetes, yana da mahimmanci a kiyaye abubuwa masu zuwa a hankali:
Ayyukan Keycloak yana nuna cewa adireshin nesa na abokin ciniki yana haɗa ta hanyar HTTP zuwa uwar garken tabbatarwa shine ainihin adireshin IP na kwamfutar abokin ciniki. Ma'auni da saitunan shiga yakamata su saita taken HTTP daidai X-Forwarded-For и X-Forwarded-Proto, da kuma kiyaye ainihin take HOST. sabuwar siga ingress-nginx (> 0.22.0)
Kunna tuta proxy-address-forwarding ta hanyar saita canjin yanayi PROXY_ADDRESS_FORWARDING в true yana ba Keycloak fahimtar cewa yana gudana a bayan wakili.
Kuna buƙatar kunna m zaman a ciki. Keycloak yana amfani da ma'ajin da aka rarraba na Infinispan don adana bayanan da ke da alaƙa da zaman tabbatarwa na yanzu da zaman mai amfani. Ma'ajiyar ma'ajiyar ma'auni ɗaya ne ta tsohuwa, a wasu kalmomin wannan takamaiman zaman ana adana shi akan wasu kullin tari kuma wasu nodes dole ne su nemi shi nan da nan idan suna buƙatar samun dama ga wannan zaman.
Musamman, akasin takaddun, haɗa zaman tare da sunan kuki bai yi aiki a gare mu ba
AUTH_SESSION_ID. Maɓalli ya madauki turawa, don haka muna ba da shawarar zabar sunan kuki na daban don zaman m.
Keycloak kuma ya haɗa sunan mai watsa shiri wanda ya fara amsawa AUTH_SESSION_ID, kuma tun da kowane kumburi a cikin sigar da ake samu sosai yana amfani da bayanai iri ɗaya, kowannensu ID na kumburi daban kuma na musamman don sarrafa ma'amaloli. Ana ba da shawarar saka a ciki JAVA_OPTS sigogi jboss.node.name и jboss.tx.node.id na musamman ga kowane kumburi - alal misali, zaku iya saita sunan kwafsa. Idan kun sanya sunan kwafsa - kar a manta game da iyakar haruffa 23 don masu canjin jboss, don haka yana da kyau a yi amfani da StatefulSet, ba Ƙaddamarwa ba.
Wani rake - idan an goge kwasfa ko kuma aka sake kunnawa, cache ɗinsa ya ɓace. Tare da wannan a zuciya, yana da daraja saita adadin masu cache ga duk cache zuwa akalla biyu, don haka za a sami kwafin cache. Maganin shine a gudu lokacin fara kwafsa, sanya shi a cikin kundin adireshi /opt/jboss/startup-scripts a cikin akwati:
Abubuwan rubutun
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
echo * Setting CACHE_OWNERS to "${env.CACHE_OWNERS}" in all cache-containers
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
run-batch
stop-embedded-serversannan saita darajar canjin yanayi CACHE_OWNERS ga abin da ake bukata.
Cibiyar sadarwa mai zaman kanta tare da goyan bayan multicast ip
Idan kuna amfani da Weavenet azaman CNI, multicast zai yi aiki nan da nan - kuma nodes ɗin Keycloak ɗinku za su ga juna da zarar sun tashi suna aiki.
Idan baku da tallafin ip multicast a cikin gungu na Kubernetes, zaku iya saita JGroups don aiki tare da wasu ka'idoji don nemo nodes.
Zaɓin farko shine amfani KUBE_DNSwanda ke amfani headless service don nemo nodes na Keycloak, kawai ku wuce JGroups sunan sabis ɗin da za a yi amfani da su don nemo nodes.
Wani zaɓi shine a yi amfani da hanyar KUBE_PING, wanda ke aiki tare da API don gano nodes (kana buƙatar saita serviceAccount da hakkoki list и get, sannan saita kwas ɗin don aiki tare da wannan serviceAccount).
Yadda ake neman nodes don JGroups an saita su ta hanyar saita masu canjin yanayi JGROUPS_DISCOVERY_PROTOCOL и JGROUPS_DISCOVERY_PROPERTIES. don KUBE_PING kuna buƙatar zaɓar kwas ɗin ta tambaya namespace и labels.
Idan kuna amfani da multicast kuma kuna gudanar da gungu na Keycloak guda biyu ko fiye a cikin gungu na Kubernetes iri ɗaya (bari mu faɗi ɗaya a cikin sarari suna.
production, na biyu -staging) - nodes daga gungu na Maɓalli ɗaya na iya haɗawa da wani gungu. Tabbatar yin amfani da keɓaɓɓen adireshin multicast don kowane gungu ta hanyar saita masu canjijboss.default.multicast.addressиjboss.modcluster.multicast.addressвJAVA_OPTS.
Maimaituwa tsakanin cibiyoyin bayanai
Haɗuwa
Keycloak yana amfani da maɓalli daban-daban na Infinispan Cache Clusters don kowane cibiyar bayanai da ke ɗaukar gungu na maɓallai waɗanda suka ƙunshi nodes ɗin maɓalli. Amma a lokaci guda, babu bambanci tsakanin nodes na Keycloak a cikin cibiyoyin bayanai daban-daban.
Nodes na maɓalli suna amfani da Grid Data Java na waje (Sabar Infinispan) don sadarwa tsakanin cibiyoyin bayanai. Sadarwa yana aiki bisa ga ka'ida .
Dole ne a saita caches Infinispan tare da sifa remoteStore, ta yadda za a iya adana bayanan a cikin nesa (a cikin wata cibiyar bayanai, kusan mai fassara) cache. Akwai gungu na infinispan daban a tsakanin sabar JDG, don haka bayanan da aka adana akan JDG1 akan rukunin yanar gizon. site1 za a kwaikwaya zuwa JDG2 akan rukunin yanar gizon site2.
A ƙarshe, uwar garken JDG mai karɓa tana sanar da sabar maɓalli ta cluster ta hanyar haɗin gwiwar abokin ciniki, wanda shine sifa na ka'idar HotRod. Maɓallin maɓalli a kunne site2 sabunta ma'ajin Infinispan ɗin su kuma takamaiman zaman mai amfani yana samuwa akan nodes ɗin Maɓalli a kunne site2.
Hakanan yana yiwuwa kada a adana wasu cache kuma su ƙi rubuta bayanai gaba ɗaya ta uwar garken Infinispan. Don yin wannan, kuna buƙatar cire saitin remote-store takamaiman Infinispan cache (a cikin fayil tsaye-ha.xml), bayan haka wasu takamaiman replicated-cache Hakanan ba za a ƙara buƙatar a gefen sabar Infinispan ba.
Saita caches
Akwai nau'ikan caches guda biyu a cikin Keycloak:
-
Na gida. Yana kusa da tushe, yana aiki don rage nauyin da ke kan bayanan, da kuma rage jinkirin amsawa. Wannan nau'in cache yana adana daula, abokan ciniki, matsayi, da metadata mai amfani. Wannan nau'in cache ɗin ba a maimaita shi koda kuwa wannan ma'ajin ɗin wani ɓangare ne na gungu na Maɓalli. Idan wani shigarwa a cikin cache ya canza, ana aika saƙon canji zuwa sauran sabobin da ke cikin gungu, bayan haka an cire shigarwar daga cache. duba bayanin
workda ke ƙasa don ƙarin cikakken bayanin hanya. -
Maimaituwa. Yana aiwatar da zaman mai amfani, alamomin layi, da sa ido kan gazawar shiga don gano ƙoƙarin ɓata kalmar sirri da sauran hare-hare. Bayanan da aka adana a cikin waɗannan caches ɗin na ɗan lokaci ne, ana adana su a cikin RAM kawai, amma ana iya maimaita su a cikin gungu.
Infinispan Caches
Zama - ra'ayi a cikin Keycloak, caches daban, waɗanda ake kira authenticationSessions, ana amfani da su don adana bayanan takamaiman masu amfani. Buƙatun daga waɗannan caches yawanci ana buƙata ta mai lilo da sabar Maɓalli, ba aikace-aikace ba. Wannan shi ne inda dogara ga m zaman ya bayyana kanta, kuma irin wannan caches da kansu ba sa bukatar a maimaita, ko da a cikin yanayin Active-Active yanayin.
Alamomin aiki. Wani ra'ayi, yawanci ana amfani da shi don yanayi daban-daban, lokacin, alal misali, mai amfani yana buƙatar yin wani abu ba tare da la'akari da saƙo ba. Misali, a lokacin hanya forget password cache actionTokens da aka yi amfani da shi don bin diddigin metadata na alamu masu alaƙa - alal misali, an riga an yi amfani da alamar kuma ba za a iya sake kunna ta ba. Irin wannan nau'in cache ya kamata a saba maimaita shi tsakanin ma'aikatan bayanai.
Caching da ƙarewar bayanan da aka adana yana aiki don cire kaya daga database. Wannan caching yana inganta aiki amma yana ƙara matsala bayyananne. Idan uwar garken Keycloak ɗaya ta sabunta bayanan, sauran sabobin dole ne a sanar da su don su sabunta cache ɗin su. Keycloak yana amfani da caches na gida realms, users и authorization domin caching data daga database.
Hakanan akwai maɓalli daban work, wanda aka yi kwafi a duk cibiyoyin bayanai. Ita kanta ba ta adana duk wani bayanai daga ma'ajin bayanai, amma tana aiki don aika saƙonnin tsufa na bayanai zuwa kuɗaɗɗen kuɗaɗe tsakanin cibiyoyin bayanai. Wato, da zarar an sabunta bayanan, kullin Keycloak yana aika sako zuwa wasu nodes da ke cikin cibiyar bayanai, da kuma nodes a wasu cibiyoyin bayanai. Bayan samun irin wannan saƙon, kowane kumburi yana share bayanan da suka dace a cikin ma'ajin sa na gida.
Zaman mai amfani. Caches tare da sunaye sessions, clientSessions, offlineSessions и offlineClientSessions, yawanci ana maimaita su tsakanin cibiyoyin bayanai kuma suna hidima don adana bayanai game da zaman mai amfani waɗanda suke aiki yayin da mai amfani ke aiki a cikin mai lilo. Waɗannan cache ɗin suna aiki tare da aikace-aikacen da ke sarrafa buƙatun HTTP daga masu amfani na ƙarshe, don haka ana danganta su da zaman m kuma dole ne a kwaikwayi su tsakanin masu ba da bayanai.
kariyar karfi na zalunci. Cache loginFailures ana amfani da shi don bin diddigin bayanan kuskuren shiga, kamar adadin lokutan da mai amfani ya shigar da kalmar sirri mara daidai. Maimaita wannan cache ya rage ga mai gudanarwa. Amma don ingantaccen lissafi, yana da daraja kunna kwafi tsakanin cibiyoyin bayanai. Amma a daya bangaren, idan ba a maimaita wannan bayanan ba, zai inganta aikin, kuma idan wannan tambaya ta taso, mai yiwuwa ba za a kunna kwafi ba.
Lokacin fitar da gungu na Infinispan, kuna buƙatar ƙara ma'anar cache zuwa fayil ɗin saituna:
<replicated-cache-configuration name="keycloak-sessions" mode="ASYNC" start="EAGER" batching="false">
</replicated-cache-configuration>
<replicated-cache name="work" configuration="keycloak-sessions" />
<replicated-cache name="sessions" configuration="keycloak-sessions" />
<replicated-cache name="offlineSessions" configuration="keycloak-sessions" />
<replicated-cache name="actionTokens" configuration="keycloak-sessions" />
<replicated-cache name="loginFailures" configuration="keycloak-sessions" />
<replicated-cache name="clientSessions" configuration="keycloak-sessions" />
<replicated-cache name="offlineClientSessions" configuration="keycloak-sessions" />Dole ne ku daidaita kuma ku fara gungun Infinispan kafin gudanar da gunkin maɓalli
Sannan kuna buƙatar saita remoteStore don maɓalli na Keycloak. Don wannan, rubutun ya isa, wanda aka yi daidai da na baya, wanda ake amfani da shi don saita canjin CACHE_OWNERS, kana buƙatar ajiye shi zuwa fayil kuma saka shi a cikin kundin adireshi /opt/jboss/startup-scripts:
Abubuwan rubutun
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
echo *** Update infinispan subsystem ***
/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module, value=org.keycloak.keycloak-model-infinispan)
echo ** Add remote socket binding to infinispan server **
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-cache:add(host=${remote.cache.host:localhost}, port=${remote.cache.port:11222})
echo ** Update replicated-cache work element **
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=work,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache sessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=sessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache offlineSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=offlineSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache clientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=clientSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache offlineClientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=offlineClientSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache loginFailures element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=loginFailures,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache actionTokens element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
cache=actionTokens,
remote-servers=["remote-cache"],
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache authenticationSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=statistics-enabled,value=true)
echo *** Update undertow subsystem ***
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
run-batch
stop-embedded-serverKar a manta don shigarwa JAVA_OPTS don maɓallan Keycloak don yin aiki HotRod: remote.cache.host, remote.cache.port da sunan sabis jboss.site.name.
Hanyoyin haɗi da ƙarin takaddun bayanai
Ma'aikata ne suka fassara da kuma shirya labarin don Habr - intensives, darussan bidiyo da horar da kamfanoni daga ma'aikata (Kubernetes, DevOps, Docker, Mai yiwuwa, Ceph, SRE)
source: www.habr.com