He aha ka mea mua - ka moa a i ʻole ka hua? He hoʻomaka ʻē aʻe no kahi ʻatikala e pili ana i Infrastructure-as-Code, ʻaʻole anei?
He aha ka hua?
ʻO ka pinepine, ʻo Infrastructure-as-Code (IaC) kahi ala hoʻolaha e hōʻike ana i ka ʻoihana. I loko o ia mea mākou e wehewehe ai i ka moku'āina a mākou e makemake ai e hoʻokō, e hoʻomaka ana mai ka ʻaoʻao lako a hoʻopau me ka hoʻonohonoho polokalamu. No laila ua hoʻohana ʻia ʻo IaC no:
- Hoʻolako waiwai. ʻO kēia nā VM, S3, VPC, etc. Nā mea hana maʻamau no ka hana: и .
- . Mea paahana kumu: , Kahu, etc.
Aia kekahi code i loko o nā waihona git. A ma hope a ma hope paha e hoʻoholo ke alakaʻi o ka hui e hoʻonohonoho pono lākou. A e hana hou ʻo ia. A e hana ia i kekahi hale. A e ʻike ʻo ia he maikaʻi kēia.
Maikaʻi nō hoʻi ua loaʻa и -mea hoʻolako no Terraform (a ʻo kēia ʻo Software Configuration). Me kā lākou kōkua, hiki iā ʻoe ke hoʻokele i ka papahana holoʻokoʻa: nā lālā hui, CI/CD, git-flow, etc.
No hea mai ka hua?
No laila ke hele mālie nei mākou i ka nīnau nui.
ʻO ka mea mua, pono ʻoe e hoʻomaka me kahi waihona e wehewehe ana i ke ʻano o nā waihona ʻē aʻe, me ʻoe iho. A ʻoiaʻiʻo, ma ke ʻano o GitOps, pono ʻoe e hoʻohui iā CI i hoʻokō ʻia nā loli.
Inā ʻaʻole i hana ʻia ʻo Git?
- Pehea e mālama ai iā ia ma Git?
- Pehea e hoʻokomo ai iā CI?
- Inā mākou e kau iā Gitlab me ka hoʻohana ʻana iā IaC, a ma Kubernetes paha?
- A ʻo GitLab Runner pū kekahi ma Kubernetes?
- Pehea e pili ana i nā Kubernetes i ka mea hāʻawi kapua?
He aha ka mea i hele mua mai: ʻo ka GitLab kahi aʻu e hoʻouka ai i kaʻu code, a i ʻole ke code e wehewehe ana i ke ʻano o GitLab aʻu e pono ai?
ʻO ka moa me nā hua
«3 me kahi dinosaur" []
E ho'āʻo kākou e kuke i kīʻaha me ka hoʻohana ʻana i ke ao .
Aku; DR
Hiki paha ke hui i hoʻokahi hui i ka manawa hoʻokahi?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashMea Kai:
- moʻokāki mai my.selectel.ru;
- hōʻailona moʻokāki;
- Nā mākau Kubernetes;
- Mākaukau Helm;
- Mākaukau Terraform;
- Helm pakuhi GitLab;
- Helm pakuhi GitLab Runner.
'Apena:
- E kiʻi iā MY_SELECTEL_TOKEN mai ka papa my.selectel.ru.
- E hana i kahi hui Kubernetes ma ka hoʻoili ʻana i kahi hōʻailona moʻokāki iā ia.
- E kiʻi iā KUBECONFIG mai ka pūʻulu i hana ʻia.
- E hoʻouka iā GitLab ma nā Kubernetes.
- E kiʻi iā GitLab-token mai GitLab i hana ʻia no ka mea hoʻohana aa.
- E hana i kahi hoʻolālā papahana ma GitLab me ka hoʻohana ʻana iā GitLab-token.
- E kaomi i ke code i loaʻa iā GitLab.
- ???
- Kumakaʻa!
pani 1. Hiki ke loaʻa ka hōʻailona ma ka ʻāpana .
pani 2. Hoʻomākaukau mākou i kā mākou Terraform no ka "baking" i kahi hui o 2 nodes. Inā maopopo iā ʻoe ua lawa kāu mau kumuwaiwai no nā mea āpau, a laila hiki iā ʻoe ke hoʻā i nā quota auto:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Hoʻohui i mea hoʻohana i ka papahana:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Puka:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}E hoʻomaka kākou:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
pani 3. Loaʻa iā mākou ka cubeconfig.
No ka hoʻoiho programmatically KUBECONFIG, pono ʻoe e kiʻi i kahi hōʻailona mai OpenStack:
openstack token issue -c id -f value > tokenA me kēia hōʻailona e noi aku i ka Managed Kubernetes Selectel API. k8s_id hāʻawi i waho ʻeleʻele:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlHiki ke kiʻi ʻia ʻo Cupconfig ma o ka panel.
pani 4. Ma hope o ka hoʻomoʻa ʻia ʻana o ka pūpū a loaʻa iā mākou ke komo i laila, hiki iā mākou ke hoʻohui i ka yaml ma luna e ʻono ai.
Makemake au e hoʻohui:
- wahi inoa
- papa mālama
- kulekele palekana pod a pēlā aku.
no ka mea hiki ke lawe ia Selectel mai .
Mai ka wā mua ua koho wau i kahi hui ma ka ʻāpana ru-3a, a laila pono wau i ka Papa Waihona mai kēia wahi.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: truepani 5. E hoʻouka i kahi mea kaulike hoʻouka.
E hoʻohana mākou i ka mea maʻamau no nā mea he nui komo komo nginx. Nui nā ʻōlelo aʻo no ka hoʻokomo ʻana iā ia, no laila ʻaʻole mākou e noʻonoʻo ma luna.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlKe kali nei mākou no ka loaʻa ʻana o kahi IP waho ma kahi o 3-4 mau minuke:
Loaʻa i waho IP:
pani 6. E hoʻouka iā GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Ke kali hou nei mākou no ka piʻi ʻana o nā ʻōpala a pau.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Ua ulu nā ʻōpala:
pani 7. Loaʻa iā mākou ka GitLab-token.
ʻO ka mua, e ʻike i ka ʻōlelo huna:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeI kēia manawa e komo a loaʻa kahi hōʻailona:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.iopani 8. Ka lawe ʻana i nā waihona waihona Git i ka hierarchy kūpono me ka hoʻohana ʻana i ka Gitlab Provider.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileʻO ka mea pōʻino, loaʻa kahi mea hoʻolako terraform GitLab . A laila pono ʻoe e holoi lima i nā papahana hakakā i mea e hoʻopaʻa ʻia ai ka tf.state. A laila hoʻomaka hou i ke kauoha `$make all`
pani 9. Hoʻololi mākou i nā waihona kūloko i ke kikowaena.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)Hanaʻia:
hopena
Ua hoʻokō mākou hiki iā mākou ke hoʻokele i nā mea āpau mai kā mākou mīkini kūloko. I kēia manawa makemake wau e hoʻololi i kēia mau hana āpau iā CI a kaomi wale i nā pihi. No ka hana ʻana i kēia, pono mākou e hoʻololi i kā mākou mokuʻāina kūloko (Terraform state) i CI. Pehea e hana ai i kēia ma ka ʻāpana aʻe.
Kau inoa i kā mākou i ʻole e poina i ka hoʻokuʻu ʻia ʻana o nā ʻatikala hou!
Source: www.habr.com