Dailymotion siv Kubernetes li cas: Daim ntawv thov xa tawm
Peb ntawm Dailymotion pib siv Kubernetes hauv kev tsim khoom 3 xyoo dhau los. Tab sis kev xa cov ntawv thov thoob plaws ntau pawg yog kev lom zem, yog li ob peb xyoos dhau los peb tau sim txhim kho peb cov cuab yeej thiab kev ua haujlwm.
Nws pib qhov twg
Ntawm no peb yuav hais txog yuav ua li cas peb xa peb cov ntawv thov hla ntau lub Kubernetes pawg thoob ntiaj teb.
Txhawm rau xa ntau yam khoom Kubernetes ib zaug, peb siv , thiab tag nrho peb cov kab kos tau muab khaws cia rau hauv ib qho chaw cia khoom git. Txhawm rau xa ib daim ntawv thov tag nrho los ntawm ntau qhov kev pabcuam, peb siv daim ntawv teev lus sau tseg. Qhov tseem ceeb, qhov no yog daim ntawv qhia uas tshaj tawm kev vam khom thiab tso cai rau koj los pib API thiab nws cov kev pabcuam nrog ib qho lus txib.
Peb kuj tau sau ib tsab ntawv me me Python rau saum Helm los ua cov tshev, tsim cov kab kos, ntxiv cov lus zais, thiab xa cov ntawv thov. Tag nrho cov haujlwm no tau ua nyob rau hauv nruab nrab CI platform siv cov duab docker.
Wb mus txog qhov twg.
Nco tseg. Raws li koj nyeem qhov no, thawj tus neeg sib tw tso tawm rau Helm 3 twb tau tshaj tawm lawm. Lub ntsiab version muaj tag nrho cov tswv cuab ntawm kev txhim kho los daws qee qhov teeb meem uas peb tau ntsib yav dhau los.
Daim ntawv txhim kho kev ua haujlwm
Peb siv branching rau daim ntawv thov, thiab peb txiav txim siab siv tib txoj hauv kev rau cov kab kos.
- Ceg dev siv los tsim cov kab kos uas yuav raug sim ntawm pawg txhim kho.
- Thaum ib daim ntawv thov rub raug xa mus rau tswv, lawv raug soj ntsuam nyob rau hauv staging.
- Thaum kawg, peb tsim ib daim ntawv thov rub los ua qhov kev hloov pauv rau ceg khoom thiab siv lawv hauv kev tsim khoom.
Txhua qhov chaw muaj nws tus kheej qhov chaw khaws cia uas khaws peb cov kab kos, thiab peb siv nrog APIs muaj txiaj ntsig zoo. Txoj kev no peb xyuas kom muaj kev sib cais nruj ntawm ib puag ncig thiab kev sim ntiaj teb tiag ntawm cov kab kos ua ntej siv lawv hauv kev tsim khoom.
Daim ntawv repositories nyob rau hauv txawv ib puag ncig
Nws tsim nyog sau cia tias thaum cov neeg tsim khoom thawb ib ceg dev, ib qho ntawm lawv daim ntawv qhia tau raug thawb mus rau dev Chartmuseum. Yog li, txhua tus neeg tsim khoom siv tib lub chaw khaws ntaub ntawv dev, thiab koj yuav tsum ua tib zoo qhia koj cov qauv ntawm daim ntawv kom tsis txhob siv lwm tus hloov pauv.
Ntxiv mus, peb cov ntawv me me Python validates Kubernetes cov khoom tawm tsam Kubernetes OpenAPI specifications siv , ua ntej tshaj tawm lawv ntawm Chartmusem.
Cov lus piav qhia dav dav ntawm daim duab qhia kev txhim kho kev ua haujlwm
- Teeb tsa cov dej num raws li kev qhia tshwj xeeb rau kev tswj kom zoo (lint, unit-test).
- Thawb cov duab docker nrog Python cov cuab yeej uas xa peb cov ntawv thov.
- Kev teeb tsa ib puag ncig los ntawm ceg npe.
- Validating Kubernetes yaml cov ntaub ntawv siv Kubeval.
- Ua kom nce cov qauv ntawm daim ntawv qhia thiab nws cov kab kos niam txiv (cov kab kos uas nyob ntawm daim ntawv hloov pauv).
- Xa daim duab mus rau Chartmuseum uas phim nws ib puag ncig
Tswj kev sib txawv ntawm pawg
Federation of Clusters
Muaj ib lub sij hawm thaum peb siv , qhov twg Kubernetes cov khoom tuaj yeem raug tshaj tawm los ntawm ib qho kawg API. Tab sis teeb meem tshwm sim. Piv txwv li, qee yam khoom Kubernetes tsis tuaj yeem tsim nyob rau hauv qhov kawg ntawm lub koomhaum, ua rau nws nyuaj rau kev tswj hwm cov khoom lag luam thiab lwm yam khoom rau ib pawg neeg.
Txhawm rau daws qhov teeb meem, peb pib tswj cov pawg ntawm nws tus kheej, uas yooj yim heev rau cov txheej txheem (peb siv thawj version ntawm tsoomfwv; qee yam yuav hloov pauv hauv qhov thib ob).
Geo-distributed platform
Peb lub platform tam sim no faib thoob plaws 6 thaj chaw - 3 hauv zos thiab 3 hauv huab.
Distributed Deployment
Ntiaj teb no Helm muaj nuj nqis
4 lub ntiaj teb Helm qhov tseem ceeb tso cai rau koj txheeb xyuas qhov sib txawv ntawm pawg. Tag nrho peb cov kab kos muaj qhov tseem ceeb yam tsawg kawg nkaus.
global:
cloud: True
env: staging
region: us-central1
clusterName: staging-us-central1Ntiaj teb no muaj nuj nqis
Cov txiaj ntsig no pab txhais cov ntsiab lus rau peb cov ntawv thov thiab siv rau ntau lub hom phiaj: saib xyuas, taug qab, nkag mus, ua rau sab nraud hu, scaling, thiab lwm yam.
- "huab": Peb muaj hybrid Kubernetes platform. Piv txwv li, peb API tau muab tso rau hauv GCP thaj chaw thiab hauv peb cov chaw khaws ntaub ntawv.
- "env": Qee qhov txiaj ntsig yuav hloov pauv rau qhov chaw tsis tsim khoom. Piv txwv li, kev txhais cov peev txheej thiab autoscaling configurations.
- "region": Cov ntaub ntawv no yuav pab txiav txim siab qhov chaw ntawm pawg thiab tuaj yeem siv los txiav txim siab cov ntsiab lus nyob ze rau cov kev pabcuam sab nraud.
- "clusterName": yog thiab thaum twg peb xav txhais tus nqi rau ib pawg neeg.
Nov yog ib qho piv txwv tshwj xeeb:
{{/* Returns Horizontal Pod Autoscaler replicas for GraphQL*/}}
{{- define "graphql.hpaReplicas" -}}
{{- if eq .Values.global.env "prod" }}
{{- if eq .Values.global.region "europe-west1" }}
minReplicas: 40
{{- else }}
minReplicas: 150
{{- end }}
maxReplicas: 1400
{{- else }}
minReplicas: 4
maxReplicas: 20
{{- end }}
{{- end -}}Helm template piv txwv
Cov logic no tau txhais nyob rau hauv tus qauv pab kom tsis txhob cluttering Kubernetes YAML.
Daim ntawv tshaj tawm
Peb cov cuab yeej xa tawm yog ua raws ntau yam ntaub ntawv YAML. Hauv qab no yog ib qho piv txwv ntawm yuav ua li cas peb tshaj tawm ib qho kev pab cuam thiab nws cov scaling topology (tus naj npawb ntawm replicas) nyob rau hauv ib pawg.
releases:
- foo.world
foo.world: # Release name
services: # List of dailymotion's apps/projects
foobar:
chart_name: foo-foobar
repo: [email protected]:dailymotion/foobar
contexts:
prod-europe-west1:
deployments:
- name: foo-bar-baz
replicas: 18
- name: another-deployment
replicas: 3Service txhais
Qhov no yog ib qho kev piav qhia ntawm tag nrho cov kauj ruam uas txhais tau peb cov kev xa mus ua haujlwm. Cov kauj ruam kawg xa daim ntawv thov mus rau ntau pawg neeg ua haujlwm ib txhij.
Jenkins Deployment Kauj ruam
Yuav ua li cas yog secrets?
Hais txog kev ruaj ntseg, peb taug qab txhua qhov tsis pub lwm tus paub los ntawm ntau qhov chaw thiab khaws cia rau hauv qhov chaw tshwj xeeb hauv Paris.
Peb cov cuab yeej xa tawm tau muab cov txiaj ntsig zais cia los ntawm Vault thiab, thaum lub sijhawm xa tawm tuaj, ntxig rau hauv Helm.
Txhawm rau ua qhov no, peb tau txiav txim siab ib daim ntawv qhia ntawm cov lus zais hauv Vault thiab cov lus zais uas peb cov ntawv thov xav tau:
secrets:
- secret_id: "stack1-app1-password"
contexts:
- name: "default"
vaultPath: "/kv/dev/stack1/app1/test"
vaultKey: "password"
- name: "cluster1"
vaultPath: "/kv/dev/stack1/app1/test"
vaultKey: "password"- Peb tau txhais cov kev cai dav dav kom ua raws thaum sau cov lus zais hauv Vault.
- Yog hais tias qhov zais cia siv rau ib lub ntsiab lus tshwj xeeb lossis pawg, koj yuav tsum tau ntxiv ib qho kev nkag. (Ntawm no cov ntsiab lus pawg1 muaj nws tus kheej tus nqi rau cov zais zais-app1-password).
- Txwv tsis pub tus nqi yog siv los vim.
- Rau txhua yam khoom hauv daim ntawv teev npe no hauv Kubernetes zais cia ib khub tseem ceeb-tus nqi raug tso. Yog li ntawd, tus qauv zais cia hauv peb cov kab kos yog qhov yooj yim heev.
apiVersion: v1
data:
{{- range $key,$value := .Values.secrets }}
{{ $key }}: {{ $value | b64enc | quote }}
{{ end }}
kind: Secret
metadata:
name: "{{ .Chart.Name }}"
labels:
chartVersion: "{{ .Chart.Version }}"
tillerVersion: "{{ .Capabilities.TillerVersion.SemVer }}"
type: OpaqueTeeb meem thiab kev txwv
Ua haujlwm nrog ntau qhov chaw khaws cia
Tam sim no peb cais txoj kev loj hlob ntawm kab kos thiab daim ntawv thov. Qhov no txhais tau hais tias cov neeg tsim khoom yuav tsum ua haujlwm hauv ob qhov chaw khaws cia git: ib qho rau daim ntawv thov, thiab ib qho rau kev txhais nws cov kev xa mus rau Kubernetes. 2 git repositories txhais tau tias 2 workflows, thiab nws yooj yim rau tus neeg tshiab kom tsis meej pem.
Tswj cov kab kos generalized yog ib qho hassle
Raws li peb twb tau hais lawm, cov kab kos dav dav muaj txiaj ntsig zoo rau kev txheeb xyuas qhov kev vam khom thiab siv sai sai rau ntau daim ntawv thov. Tab sis peb siv --reuse-valueskom tsis txhob dhau tag nrho cov txiaj ntsig txhua zaus peb xa ib daim ntawv thov uas yog ib feem ntawm daim ntawv qhia dav dav no.
Hauv kev ua haujlwm tas mus li, peb tsuas muaj ob qhov tseem ceeb uas hloov tsis tu ncua: tus naj npawb ntawm replicas thiab daim duab tag (version). Lwm yam, cov nqi ruaj khov dua yog hloov manually, thiab qhov no yog qhov nyuaj heev. Tsis tas li ntawd, ib qho yuam kev hauv kev siv daim ntawv qhia dav dav tuaj yeem ua rau muaj kev ua tsis tiav loj, raws li peb tau pom los ntawm peb tus kheej kev paub.
Hloov kho ntau cov ntaub ntawv teeb tsa
Thaum tus tsim tawm ntxiv ib daim ntawv thov tshiab, nws yuav tsum tau hloov ntau cov ntaub ntawv: daim ntawv thov tshaj tawm, daim ntawv teev npe zais cia, ntxiv daim ntawv thov raws li kev vam khom yog tias nws suav nrog hauv daim ntawv qhia dav dav.
Kev tso cai Jenkins tau txuas ntxiv hauv Vault
Tam sim no peb muaj ib qho , uas nyeem tag nrho cov secrets los ntawm Vault.
Cov txheej txheem rollback tsis yog automated
Txhawm rau rollback, koj yuav tsum khiav cov lus txib ntawm ob peb pawg, thiab qhov no yog fraught nrog yuam kev. Peb ua qhov haujlwm no manually kom paub meej tias qhov tseeb version ID raug teev tseg.
Peb tab tom mus rau GitOps
Peb lub hom phiaj
Peb xav xa daim ntawv rov qab mus rau qhov chaw cia ntawm daim ntawv thov nws xa mus.
Kev ua haujlwm yuav zoo ib yam li kev txhim kho. Piv txwv li, thaum ib ceg raug thawb mus rau tus tswv, qhov kev xa tawm yuav raug ua tiav. Qhov sib txawv tseem ceeb ntawm txoj hauv kev no thiab kev ua haujlwm tam sim no yuav yog qhov ntawd txhua yam yuav raug tswj hauv git (daim ntawv thov nws tus kheej thiab txoj hauv kev uas nws siv hauv Kubernetes).
Muaj ntau qhov zoo:
- Ntau meej dua rau tus tsim tawm. Nws yooj yim dua kom kawm paub siv cov kev hloov pauv hauv daim ntawv qhia hauv zos.
- Cov kev pab cuam deployment txhais tau hais tias tib qhov chaw raws li txoj cai kev pabcuam.
- Tswj kev tshem tawm cov kab kos dav dav. Cov kev pabcuam yuav muaj nws tus kheej Helm tso tawm. Qhov no yuav tso cai rau koj los tswj lub neej ntawm daim ntawv thov (rollback, upgrade) ntawm qhov tsawg tshaj plaws, thiaj li tsis cuam tshuam rau lwm yam kev pabcuam.
- Cov txiaj ntsig ntawm git rau kev tswj daim ntawv qhia: undo hloov pauv, audit log, thiab lwm yam Yog hais tias koj yuav tsum undo ib tug hloov rau ib daim ntawv, koj yuav ua tau qhov no siv git. Kev xa tawm pib cia li pib.
- Koj tuaj yeem xav txog kev txhim kho koj txoj haujlwm txhim kho nrog cov cuab yeej zoo li Skaffold, uas cov neeg tsim khoom tuaj yeem kuaj cov kev hloov pauv hauv cov ntsiab lus ze rau kev tsim khoom.
Ob-kauj ruam tsiv teb tsaws
Peb cov neeg tsim khoom tau siv qhov kev ua haujlwm no tau 2 xyoos tam sim no, yog li peb xav kom kev tsiv teb tsaws chaw tsis muaj mob li sai tau. Yog li ntawd, peb tau txiav txim siab ntxiv cov kauj ruam nruab nrab ntawm txoj kev mus rau lub hom phiaj.
Thawj theem yog yooj yim:
- Peb khaws cov qauv zoo sib xws rau kev teeb tsa daim ntawv thov xa tawm, tab sis hauv ib qho khoom hu ua DailymotionRelease.
apiVersion: "v1"
kind: "DailymotionRelease"
metadata:
name: "app1.ns1"
environment: "dev"
branch: "mybranch"
spec:
slack_channel: "#admin"
chart_name: "app1"
scaling:
- context: "dev-us-central1-0"
replicas:
- name: "hermes"
count: 2
- context: "dev-europe-west1-0"
replicas:
- name: "app1-deploy"
count: 2
secrets:
- secret_id: "app1"
contexts:
- name: "default"
vaultPath: "/kv/dev/ns1/app1/test"
vaultKey: "password"
- name: "dev-europe-west1-0"
vaultPath: "/kv/dev/ns1/app1/test"
vaultKey: "password"- 1 tso tawm ib daim ntawv thov (tsis muaj kab kos dav dav).
- Cov kab kos hauv daim ntawv thov git repository.
Peb tau tham nrog txhua tus tsim tawm, yog li cov txheej txheem tsiv teb tsaws tau pib lawm. Thawj theem tseem tswj tau siv CI platform. Kuv mam li sau lwm tsab xov xwm sai sai txog theem ob: yuav ua li cas peb tsiv mus rau GitOps workflow nrog . Kuv mam li qhia koj seb peb teeb txhua yam li cas thiab qhov teeb meem uas peb ntsib (ntau qhov chaw khaws cia, zais cia, thiab lwm yam). Ua raws li xov xwm.
Ntawm no peb tau sim piav qhia peb qhov kev nce qib hauv daim ntawv thov xa mus ua haujlwm nyob rau xyoo dhau los, uas ua rau muaj kev xav txog GitOps mus kom ze. Peb tseem tsis tau mus txog lub hom phiaj thiab yuav qhia txog cov txiaj ntsig, tab sis tam sim no peb ntseeg tias peb tau ua qhov yog thaum peb txiav txim siab ua kom yooj yim txhua yam thiab coj los ze zog rau cov cwj pwm ntawm cov neeg tsim khoom.
Tau qhov twg los: www.hab.com