Gabatar da Helm 3

Lura. fassara: Mayu 16 na wannan shekara ta nuna gagarumin ci gaba a ci gaban mai sarrafa kunshin na Kubernetes - Helm. A wannan rana, an gabatar da sakin farko na alpha na gaba babban sigar aikin - 3.0 -. Sakin sa zai kawo gagarumin canje-canje da ake jira a Helm, wanda da yawa a cikin al'ummar Kubernetes ke da babban bege. Mu kanmu muna ɗaya daga cikin waɗannan, tunda muna amfani da Helm sosai don tura aikace-aikacen: mun haɗa shi cikin kayan aikin mu don aiwatar da CI / CD. wuf kuma daga lokaci zuwa lokaci muna ba da gudummawarmu don ci gaba na sama. Wannan fassarar ta haɗu da bayanin kula na 7 daga shafin yanar gizon Helm na hukuma, waɗanda aka sadaukar da su ga farkon alpha release na Helm 3 da kuma magana game da tarihin aikin da kuma manyan siffofin Helm 3. Mawallafin su shine Matt "bacongobbler" Fisher, ma'aikacin Microsoft. kuma daya daga cikin manyan masu kula da Helm.

A ranar 15 ga Oktoba, 2015, an haifi aikin yanzu da ake kira Helm. Bayan shekara guda bayan kafuwarta, al'ummar Helm sun shiga Kubernetes, yayin da suke aiki sosai akan Helm 2. A watan Yuni 2018, Helm ya koma CNCF a matsayin aikin haɓaka (incubating). Ci gaba da sauri zuwa yanzu, kuma farkon sakin alpha na sabon Helm 3 yana kan hanya. (wannan saki ya riga ya faru a tsakiyar watan Mayu - kimanin. fassara).

A cikin wannan yanki, zan yi magana game da inda aka fara, yadda muka isa inda muke a yau, gabatar da wasu abubuwa na musamman da ke akwai a farkon fitowar alpha na Helm 3, da kuma bayyana yadda muke shirin ci gaba.

Takaitawa:

• tarihin halittar Helm;
• bankwana da Tiller;
• ɗakunan ajiya na ginshiƙi;
• gudanarwar saki;
• canje-canje a cikin abubuwan dogara;
• jadawalin ɗakin karatu;
• me ke gaba?

Tarihin Helm

Haihuwa

Helm 1 ya fara ne azaman aikin Buɗewa wanda Deis ya ƙirƙira. Mu ne ƙaramin farawa tsoma baki Microsoft a cikin bazara 2017. Wani aikin mu na Buɗewa, kuma mai suna Deis, yana da kayan aiki deisctl, wanda aka yi amfani da shi (a tsakanin sauran abubuwa) don shigarwa da sarrafa dandalin Deis a ciki Tarin jirgin ruwa. A lokacin, Fleet yana ɗaya daga cikin dandamali na ƙungiyar kade-kade na farko.

A tsakiyar 2015, mun yanke shawarar canza hanya kuma mun ƙaura Deis (a lokacin da aka sake masa suna Deis Workflow) daga Fleet zuwa Kubernetes. Ɗaya daga cikin na farko da aka sake fasalin shine kayan aikin shigarwa. deisctl. Mun yi amfani da shi don shigarwa da sarrafa Deis Workflow a cikin rukunin Fleet.

An ƙirƙiri Helm 1 a cikin hoton shahararrun manajan fakitin kamar Homebrew, apt da yum. Babban burinsa shine sauƙaƙe ayyuka kamar tattarawa da shigar da aikace-aikace akan Kubernetes. An gabatar da Helm bisa hukuma a cikin 2015 a taron KubeCon a San Francisco.

Ƙoƙarinmu na farko da Helm ya yi aiki, amma ba tare da wasu iyakoki mai tsanani ba. Ya ɗauki saitin bayyanar da Kubernetes, wanda aka ɗanɗana tare da janareta azaman tubalan YAML na gabatarwa (al'amari na gaba)*, kuma an loda sakamakon a cikin Kubernetes.

* Lura. fassara: Daga farkon sigar Helm, YAML syntax an zaɓi don bayyana albarkatun Kubernetes, kuma ana tallafawa samfuran Jinja da rubutun Python lokacin rubuta jeri. Mun rubuta ƙarin game da wannan da tsarin sigar farko ta Helm gabaɗaya a cikin babin “Taƙaitaccen Tarihin Helm” wannan abu.

Misali, don maye gurbin fili a cikin fayil ɗin YAML, dole ne ka ƙara ginin mai zuwa zuwa bayyani:

#helm:generate sed -i -e s|ubuntu-debootstrap|fluffy-bunny| my/pod.yaml

Yana da kyau cewa injunan samfuri sun wanzu a yau, ko ba haka ba?

Don dalilai da yawa, wannan farkon mai sakawa Kubernetes yana buƙatar jerin manyan fayiloli na bayyanuwa kuma kawai ya aiwatar da ƙarami, ƙayyadaddun jerin abubuwan da suka faru. Yana da matukar wahala a yi amfani da shi cewa ƙungiyar Deis Workflow R&D suna da wahala lokacin da suke ƙoƙarin canja wurin samfuran su zuwa wannan dandamali - duk da haka, an riga an shuka tsaba na ra'ayin. Ƙoƙarinmu na farko shine babban damar koyo: mun fahimci cewa muna da sha'awar ƙirƙirar kayan aiki na yau da kullun waɗanda ke magance matsalolin yau da kullun ga masu amfani da mu.

Dangane da gogewar kurakuran da suka gabata, mun fara haɓaka Helm 2.

Yin Helm 2

A ƙarshen 2015, ƙungiyar Google ta tuntube mu. Suna aiki akan irin wannan kayan aiki don Kubernetes. Manajan turawa na Kubernetes tashar jiragen ruwa ce ta kayan aikin data kasance wanda aka yi amfani da shi don Google Cloud Platform. "Za mu so," in ji su, "mu shafe ƴan kwanaki muna tattauna kamanceceniya da bambance-bambancen?"

A cikin Janairu 2016, ƙungiyoyin Manajan Helm da Deployment sun hadu a Seattle don musayar ra'ayoyi. Tattaunawar ta ƙare tare da kyakkyawan tsari: don haɗa ayyukan biyu don ƙirƙirar Helm 2. Tare da Deis da Google, mutanen daga SkippBox (yanzu wani ɓangare na Bitnami - kusan fassarar.), kuma mun fara aiki akan Helm 2.

Mun so mu ci gaba da sauƙin amfani da Helm, amma ƙara mai zuwa:

• ginshiƙi don gyare-gyare;
• Gudanar da intra-cluster don ƙungiyoyi;
• wurin ajiyar ginshiƙi na duniya;
• tsarin fakitin barga tare da zaɓin sa hannu;
• ƙwaƙƙwaran sadaukarwa ga fassarar fassarar fassarar da kuma kiyaye daidaituwar baya tsakanin nau'ikan.

Don cimma waɗannan buƙatun, an ƙara kashi na biyu zuwa yanayin yanayin Helm. Ana kiran wannan ɓangaren gungu na Tiller kuma yana da alhakin shigar da sigogin Helm da sarrafa su.

Tun lokacin da aka saki Helm 2 a cikin 2016, Kubernetes ya kara da yawa manyan sababbin abubuwa. Ƙara sarrafa ikon isa ga tushen rawar (RBAC), wanda a ƙarshe ya maye gurbin Ƙwararren Ƙwararren Ƙwararren Ƙwararru (ABAC). An gabatar da sabbin nau'ikan albarkatu (Har yanzu aikace-aikacen yana cikin beta a lokacin). An ƙirƙira Ma'anar Ma'anar Albarkatun Al'ada (asali ana kiran albarkatu na ɓangare na uku ko TPRs). Kuma mafi mahimmanci, saitin mafi kyawun ayyuka ya fito.

A cikin duk waɗannan canje-canje, Helm ya ci gaba da bauta wa masu amfani da Kubernetes da aminci. Bayan shekaru uku da sababbin abubuwan da suka faru, ya bayyana a fili cewa lokaci ya yi da za a yi canje-canje masu mahimmanci ga codebase don tabbatar da cewa Helm zai iya ci gaba da biyan bukatun ci gaban yanayin yanayin yanayi.

Tausayi bankwana ga Tiller

A yayin haɓaka Helm 2, mun gabatar da Tiller a matsayin wani ɓangare na haɗin kai tare da Manajan Rarraba Google. Tiller ya taka muhimmiyar rawa ga ƙungiyoyin da ke aiki a cikin gungu na gama gari: ya ba da damar ƙwararrun ƙwararru daban-daban waɗanda ke aiki da abubuwan more rayuwa don yin hulɗa tare da saƙo iri ɗaya.

Tun lokacin da aka kunna ikon tushen tushen rawar (RBAC) ta tsohuwa a cikin Kubernetes 1.6, aiki tare da Tiller a samarwa ya zama mafi wahala. Saboda yawan yuwuwar manufofin tsaro, matsayinmu shine bayar da tsari mai izini ta tsohuwa. Wannan ya ba wa sababbin damar gwaji tare da Helm da Kubernetes ba tare da fara nutsewa cikin saitunan tsaro ba. Abin takaici, wannan saitin izini na iya baiwa mai amfani da kewayon izini da yawa waɗanda ba sa buƙata. DevOps da injiniyoyin SRE dole ne su koyi ƙarin matakai na aiki lokacin shigar da Tiller a cikin tari mai yawan haya.

Ta hanyar koyon yadda al'umma ke amfani da Helm a wasu yanayi na musamman, mun gane cewa tsarin gudanarwar sakin Tiller baya buƙatar dogaro da wani ɓangaren gungu don kula da jihohi ko aiki azaman cibiyar tsakiya don sakin bayanai. Madadin haka, za mu iya kawai karɓar bayanai daga uwar garken Kubernetes API, samar da ginshiƙi a gefen abokin ciniki, da adana rikodin shigarwa a Kubernetes.

Babban aikin Tiller na iya cika ba tare da Tiller ba, don haka ɗayan yanke shawara na farko game da Helm 3 shine barin Tiller gaba ɗaya.

Tare da tafiyar Tiller, samfurin tsaro na Helm ya sauƙaƙa sosai. Helm 3 yanzu yana goyan bayan duk tsaro na zamani, ainihi, da hanyoyin izini na Kubernetes na yanzu. An ƙayyade izinin Helm ta amfani da shi kubeconfig fayil. Masu gudanar da tari na iya ƙuntata haƙƙin mai amfani zuwa kowane matakin girma. Har yanzu ana adana abubuwan da aka fitar a cikin gungu, kuma sauran ayyukan Helm suna nan lafiyayye.

Ma'ajiyar jadawali

A babban mataki, ma'ajin ginshiƙi wuri ne da za a iya adanawa da raba taswira. Abokin abokin ciniki na Helm yana tattarawa kuma yana aika taswirorin zuwa wurin ajiya. A taƙaice, ma'ajin taswira tsohuwar uwar garken HTTP ce tare da fayil index.yaml da wasu fakitin ginshiƙi.

Duk da yake akwai wasu fa'idodi ga Ma'ajin Ma'ajin API wanda ke saduwa da mafi yawan buƙatun ajiya, akwai kuma ƴan rashin amfani:

• Ma'ajiyar ginshiƙi ba su dace da yawancin aiwatar da tsaro da ake buƙata a yanayin samarwa ba. Samun daidaitaccen API don tantancewa da izini yana da matukar mahimmanci a yanayin samarwa.
• Kayan aikin tabbatar da ginshiƙi na Helm, waɗanda aka yi amfani da su don sa hannu, tabbatar da mutunci da ingancin ginshiƙi, wani yanki ne na zaɓi na tsarin buga Chart.
• A cikin yanayin masu amfani da yawa, wani mai amfani zai iya loda ginshiƙi ɗaya, yana ninka adadin sararin da ake buƙata don adana abun ciki iri ɗaya. An ƙera ma'ajiyar wayo don magance wannan matsalar, amma ba sa cikin ƙayyadaddun ƙa'ida.
• Yin amfani da fayil ɗin fihirisa guda ɗaya don nema, adana bayanan metadata, da dawo da sigogi ya sa ya yi wahala haɓaka amintattun aiwatar da masu amfani da yawa.

Wannan aikin Rarraba Docker (wanda kuma aka sani da Docker Registry v2) shine magajin Docker Registry kuma da gaske yana aiki azaman saitin kayan aikin don marufi, jigilar kaya, adanawa da isar da hotunan Docker. Yawancin manyan sabis na girgije suna ba da samfuran tushen Rarraba. Godiya ga wannan ƙarin kulawa, aikin Rarraba ya ci gajiyar shekaru na gyare-gyare, mafi kyawun ayyuka na tsaro, da gwajin filin da ya sanya ya zama ɗaya daga cikin manyan jaruman da ba a ba da su ba na Duniyar Open Source.

Amma ka san cewa an tsara aikin Rarraba don rarraba kowane nau'i na abun ciki, ba kawai hotuna na kwantena ba?

Godiya ga kokarin Buɗe Injin Akwati (ko OCI), ana iya sanya sigogin Helm akan kowane misalin Rarraba. A yanzu, wannan tsari na gwaji ne. Tallafin shiga da sauran fasalulluka da ake buƙata don cikakken Helm 3 aiki ne na ci gaba, amma muna farin cikin koyo daga binciken da ƙungiyoyin OCI da Rarraba suka yi tsawon shekaru. Kuma ta hanyar jagoranci da jagororinsu, mun koyi yadda ake yin aiki da sabis mai matuƙar samuwa a sikeli.

Ana samun ƙarin cikakken bayanin wasu canje-canje masu zuwa ga ma'ajiyar taswirar Helm mahada.

Gudanar da sakin

A cikin Helm 3, ana bin yanayin aikace-aikacen a cikin gungu ta abubuwa biyu:

• abu saki - wakiltar misali aikace-aikace;
• sirrin sigar saki - yana wakiltar yanayin da ake so na aikace-aikacen a wani takamaiman lokaci (misali, sakin sabon sigar).

Kira helm install yana haifar da abin saki da sigar sigar sakin. Kira helm upgrade yana buƙatar abu na saki (wanda zai iya canzawa) kuma ya ƙirƙiri sabon sigar sigar saki wanda ke ɗauke da sabbin dabi'u da kuma bayanan da aka shirya.

Abun sakewa ya ƙunshi bayani game da sakin, inda saki shine takamaiman shigarwa na ginshiƙi mai suna da ƙima. Wannan abu yana bayyana babban matakin metadata game da sakin. Abun sakin yana ci gaba a duk tsawon rayuwar aikace-aikacen kuma yana aiki azaman mai mallakar duk sigar sigar saki, da kuma duk abubuwan da aka ƙirƙira ta taswirar Helm kai tsaye.

Sirrin sigar sakin yana haɗa sakin tare da jerin bita-da-kulli (sakawa, sabuntawa, jujjuyawa, gogewa).

A cikin Helm 2, sake dubawa sun yi daidai sosai. Kira helm install ƙirƙira v1, sabuntawa na gaba (haɓakawa) - v2, da sauransu. An ruguje sigar sigar sakin da saki zuwa abu guda daya da aka sani da bita. An adana bita-bita a cikin sarari iri ɗaya da Tiller, wanda ke nufin cewa kowane sakin “na duniya ne” dangane da sararin suna; saboda haka, ana iya amfani da misali ɗaya kawai na sunan.

A cikin Helm 3, kowane saki yana da alaƙa da ɗaya ko fiye da sirrin sigar saki. Abun sakin koyaushe yana bayyana sakin na yanzu da aka tura zuwa Kubernetes. Kowane sirrin sigar saki yana bayyana siga ɗaya kaɗai na wannan sakin. Haɓakawa, alal misali, zai ƙirƙiri sabon sigar sigar saki sannan a canza abin da aka saki don nuna sabon sigar. Idan ana sake dawowa, zaku iya amfani da sirrin sigar saki na baya don mirgine sakin zuwa jihar da ta gabata.

Bayan da aka watsar da Tiller, Helm 3 yana adana bayanan da aka saki a cikin sunan suna ɗaya da sakin. Wannan canjin yana ba ku damar shigar da ginshiƙi tare da sunan saki iri ɗaya a cikin wani wurin suna daban, kuma an adana bayanan tsakanin ɗaukakawa/sake kunnawa a da sauransu. Misali, zaku iya shigar da WordPress a cikin sunan "foo" sannan a cikin "bar" sunaye, kuma duka biyun za a iya sanya wa suna "wordpress".

Canje-canje zuwa abubuwan dogaro na ginshiƙi

Charts cushe (amfani helm package) don amfani tare da Helm 2 za a iya shigar da shi tare da Helm 3, duk da haka tsarin aikin ci gaban ginshiƙi ya ƙare gaba ɗaya, don haka dole ne a yi wasu canje-canje don ci gaba da ci gaba da ginshiƙi tare da Helm 3. Musamman ma, tsarin tsarin dogara da ginshiƙi ya canza.

Tsarin sarrafa dogaron ginshiƙi ya ƙaura daga requirements.yaml и requirements.lock a kan Chart.yaml и Chart.lock. Wannan yana nufin cewa sigogin da suka yi amfani da umarnin helm dependency, na buƙatar wasu saitin don aiki a Helm 3.

Bari mu kalli misali. Bari mu ƙara dogaro ga ginshiƙi a Helm 2 kuma mu ga abin da ke canzawa yayin ƙaura zuwa Helm 3.

In Helm 2 requirements.yaml yayi kamar haka:

dependencies:
- name: mariadb
  version: 5.x.x
  repository: https://kubernetes-charts.storage.googleapis.com/
  condition: mariadb.enabled
  tags:
    - database

A cikin Helm 3, dogaro iri ɗaya zai bayyana a cikin ku Chart.yaml:

dependencies:
- name: mariadb
  version: 5.x.x
  repository: https://kubernetes-charts.storage.googleapis.com/
  condition: mariadb.enabled
  tags:
    - database

Har yanzu ana zazzagewa kuma ana sanya su a cikin kundin adireshi charts/, haka subcharts (shafukan ƙasa), kwance a cikin kasida charts/, zai ci gaba da aiki ba tare da canje-canje ba.

Gabatar da Charts Library

Helm 3 yana goyan bayan nau'in ginshiƙi mai suna ginshiƙi na ɗakin karatu (tsarin ɗakin karatu). Wannan ginshiƙi ana amfani da shi ta wasu ginshiƙi, amma baya ƙirƙira kowane kayan aikin saki da kansa. Samfuran ginshiƙi na ɗakin karatu na iya bayyana abubuwa kawai define. Ana watsi da sauran abun ciki kawai. Wannan yana ba masu amfani damar sake amfani da raba snippets na lamba waɗanda za a iya amfani da su a cikin ginshiƙi da yawa, ta haka ne ke guje wa kwafi da bin ƙa'idar. bushe.

An bayyana sigogin ɗakin karatu a cikin sashin dependencies cikin fayil Chart.yaml. Shigarwa da sarrafa su baya bambanta da sauran sigogi.

dependencies:
  - name: mylib
    version: 1.x.x
    repository: quay.io

Muna farin ciki game da shari'o'in amfani da wannan sashin zai buɗe don masu haɓaka ginshiƙi, da kuma mafi kyawun ayyuka waɗanda zasu iya fitowa daga sigogin laburare.

Abin da ke gaba?

Helm 3.0.0-alpha.1 shine tushen da muka fara gina sabon sigar Helm akansa. A cikin labarin na bayyana wasu siffofi masu ban sha'awa na Helm 3. Yawancin su har yanzu suna cikin matakan farko na ci gaba kuma wannan al'ada ne; Manufar sakin alpha shine a gwada ra'ayin, tattara ra'ayi daga masu amfani da farko, da kuma tabbatar da zato.

Da zaran an fitar da sigar alfa (ka tuna cewa wannan ya riga ya faru - kimanin. fassara), za mu fara karɓar faci na Helm 3 daga al'umma. Kuna buƙatar ƙirƙirar tushe mai ƙarfi wanda ke ba da damar haɓaka sabbin ayyuka da ɗauka, kuma don masu amfani su ji suna shiga cikin tsarin ta buɗe tikiti da yin gyare-gyare.

Na yi ƙoƙari in haskaka wasu manyan ci gaban da ke zuwa Helm 3, amma wannan jeri ba ya ƙarewa. Cikakken taswirar Helm 3 ya haɗa da fasali kamar ingantattun dabarun sabuntawa, haɗin kai mai zurfi tare da rajistar OCI, da kuma amfani da tsarin JSON don inganta ƙimar taswira. Mun kuma shirya tsaftace codebase da sabunta sassan da aka yi watsi da shekaru uku da suka gabata.

Idan kuna jin kamar mun rasa wani abu, za mu so jin ra'ayoyin ku!

Kasance tare da tattaunawa akan mu Slack tashoshi:

• #helm-users don tambayoyi da sauƙin sadarwa tare da al'umma;
• #helm-dev don tattauna buƙatun ja, lamba da kwari.

Hakanan zaka iya yin taɗi a cikin Kiran Haɓaka Jama'a na mako-mako a ranar Alhamis a 19:30 MSK. An sadaukar da tarurruka don tattauna batutuwan da manyan masu haɓakawa da al'umma ke aiki akai, da kuma batutuwan tattaunawa na mako. Kowa zai iya shiga ya shiga cikin taron. Ana samun hanyar haɗi a cikin tashar Slack #helm-dev.

PS daga mai fassara

Karanta kuma a kan shafinmu:

• «Manajan fakiti na Kubernetes - Helm: baya, yanzu, nan gaba";
• «A hankali kallon Helm 2: "Wannan shine abin da yake..."";
• «Gabatarwa mai amfani ga mai sarrafa fakiti na Kubernetes - Helm";
• «Kubernetes nasihu & dabaru: canja wurin albarkatun da ke gudana a cikin gungu zuwa gudanarwar Helm 2";
• «Yi aiki tare da dapp. Sashe na 2. Ana tura hotunan Docker zuwa Kubernetes ta amfani da Helm".

source: www.habr.com