Dab tsi tuaj ua ntej - nqaij qaib lossis qe? Qhov pib coj txawv txawv rau ib tsab xov xwm hais txog Infrastructure-as-Code, puas yog?
Lub qe yog dab tsi?
Feem ntau, Infrastructure-as-Code (IaC) yog ib txoj hauv kev tshaj tawm ntawm kev sawv cev rau kev tsim kho vaj tse. Hauv nws peb piav qhia txog lub xeev uas peb xav ua tiav, pib los ntawm cov khoom siv kho vajtse thiab xaus nrog kev teeb tsa software. Yog li IaC siv rau:
- Kev Pabcuam. Cov no yog VMs, S3, VPC, thiab lwm yam. Cov cuab yeej yooj yim rau kev ua haujlwm: ΠΈ .
- . Cov cuab yeej yooj yim: , Kws ua zaub mov, thiab lwm yam.
Txhua tus lej yog nyob rau hauv git repositories. Thiab tsis ntev los sis tom qab ntawd tus thawj coj pab pawg yuav txiav txim siab tias lawv yuav tsum tau muab tso rau hauv kev txiav txim. Thiab nws yuav refactor. Thiab nws yuav tsim ib co qauv. Thiab nws yuav pom tias qhov no yog qhov zoo.
Nws kuj yog qhov zoo uas nws twb muaj lawm ΠΈ -provider rau Terraform (thiab qhov no yog Software Configuration). Nrog lawv cov kev pab, koj tuaj yeem tswj hwm tag nrho qhov project: pab pawg neeg, CI / CD, git-flow, thiab lwm yam.
Lub qe tuaj qhov twg?
Yog li peb maj mam nce mus rau lo lus nug tseem ceeb.
Ua ntej ntawm tag nrho cov, koj yuav tsum pib nrog ib tug repository uas piav txog cov qauv ntawm lwm repositories, nrog rau koj tus kheej. Thiab tau kawg, ua ib feem ntawm GitOps, koj yuav tsum tau ntxiv CI kom cov kev hloov pauv tau ua tiav.
Yog Git tseem tsis tau tsim?
- Yuav khaws nws li cas hauv Git?
- Yuav ua li cas rau nruab CI?
- Yog tias peb tseem xa Gitlab siv IaC, thiab txawm nyob hauv Kubernetes?
- Thiab GitLab Khiav kuj tseem nyob hauv Kubernetes?
- Yuav ua li cas txog Kubernetes hauv huab muab kev pabcuam?
Dab tsi los ua ntej: GitLab qhov twg kuv yuav xa kuv cov lej, lossis tus lej uas piav qhia yam GitLab kuv xav tau?
Qaib nrog qe
Β«3 nrog ib tug dinosaur []
Cia peb sim ua ib lub tais uas siv los ua huab cua .
TL; DR
Puas muaj peev xwm koom nrog ib pab neeg ib zaug?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashCov khoom xyaw:
- Tus account los ntawm my.selectel.ru;
- Tus account token;
- Kubernetes kev txawj ntse;
- Kev txawj ntse;
- Kev txawj ntse Terraform;
- Helm chart GitLab;
- Helm chart GitLab Runner.
Daim ntawv qhia:
- Tau MY_SELECTEL_TOKEN los ntawm lub vaj huam sib luag kuv.selectel.ru.
- Tsim ib pab pawg Kubernetes los ntawm kev hloov pauv tus lej token rau nws.
- Tau KUBECONFIG los ntawm pawg tsim.
- Nruab GitLab ntawm Kubernetes.
- Tau GitLab-token los ntawm GitLab tsim rau cov neeg siv hauv paus.
- Tsim ib qhov project qauv hauv GitLab siv GitLab-token.
- Thawb cov code uas twb muaj lawm rau GitLab.
- ???
- Tau paj zoo!
kauj ruam 1. Lub token tuaj yeem tau txais hauv ntu .
kauj ruam 2. Peb npaj peb Terraform rau "ci" ib pawg ntawm 2 nodes. Yog tias koj paub tseeb tias koj muaj peev xwm txaus rau txhua yam, ces koj tuaj yeem ua kom nws pib quotas:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Ntxiv tus neeg siv rau qhov project:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Cov zis:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Cia peb pib:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
kauj ruam 3. Peb tau txais lub cubeconfig.
Txhawm rau rub tawm KUBECONFIG programmatically, koj yuav tsum tau txais lub cim los ntawm OpenStack:
openstack token issue -c id -f value > tokenThiab nrog rau qhov token no thov rau Managed Kubernetes Selectel API. k8s ib teeb meem terraform:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlCupconfig kuj tuaj yeem nkag los ntawm lub vaj huam sib luag.
kauj ruam 4. Tom qab cov pawg tau ci thiab peb muaj kev nkag mus rau nws, peb tuaj yeem ntxiv yaml rau sab saum toj kom saj.
Kuv nyiam ntxiv:
- npespace
- chav kawm khaws cia
- pod kev ruaj ntseg txoj cai thiab lwm yam.
rau Selectel tuaj yeem raug coj los ntawm .
Txij thaum pib kuv xaiv ib pawg hauv cheeb tsam ru-3 ua, ces kuv xav tau Chav Kawm Cia ntawm thaj chaw no.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: truekauj ruam 5. Nruab ib lub load balancer.
Peb yuav siv tus qauv rau ntau tus nginx-ingress. Muaj ntau cov lus qhia rau kev txhim kho nws, yog li peb yuav tsis nyob ntawm nws.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlPeb tos kom nws tau txais tus IP sab nraud li 3-4 feeb:
Tau txais IP sab nraud:
kauj ruam 6. Nruab GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Ib zaug ntxiv peb tos kom tag nrho cov pods nce.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Roses liab:
kauj ruam 7. Peb tau txais GitLab-token.
Ua ntej, nrhiav tus ID nkag mus password:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeTam sim no cia peb nkag mus thiab tau txais ib qho token:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.iokauj ruam 8. Nqa Git repositories mus rau qhov tseeb hierarchy siv Gitlab Provider.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileHmoov tsis zoo, terraform GitLab tus neeg zov me nyuam muaj ntab . Tom qab ntawd koj yuav tau tshem tawm qhov tsis sib haum xeeb tej yaam num manually thiaj li yuav kho tf.state. Tom qab ntawd rov ua qhov hais kom ua '$make all'
kauj ruam 9. Peb xa cov chaw khaws cia hauv zos rau lub server.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)Ua li cas:
xaus
Peb tau ua tiav tias peb tuaj yeem tswj hwm txhua yam kev tshaj tawm los ntawm peb lub tshuab hauv zos. Tam sim no kuv xav hloov tag nrho cov haujlwm no rau CI thiab tsuas yog nias khawm. Ua li no, peb yuav tsum hloov peb lub xeev hauv zos (Terraform xeev) mus rau CI. Yuav ua li cas qhov no yog nyob rau hauv qhov txuas ntxiv.
Subscribe rau peb kom tsis txhob nco qhov kev tso tawm ntawm cov ntawv tshiab!
Tau qhov twg los: www.hab.com