Koj puas siv Kubernetes? Npaj txav koj Camunda BPM piv txwv tawm ntawm lub tshuab virtual, lossis tej zaum tsuas yog sim khiav lawv ntawm Kubernetes? Cia peb saib qee qhov kev teeb tsa thiab cov khoom ntiag tug uas tuaj yeem hloov kho rau koj cov kev xav tau tshwj xeeb.
Nws xav tias koj tau siv Kubernetes ua ntej. Yog tsis yog vim li cas ho tsis mus saib thiab tsis pib koj thawj pawg?
sau phau ntawv
- (Alastair Firth) - Senior Site Reliability Engineer ntawm pab pawg Camunda Cloud;
- (Lars Lange) - DevOps engineer ntawm Camunda.
Hauv luv luv:
git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold
Okay, tej zaum nws tsis ua hauj lwm vim koj tsis muaj skaffold thiab kustomize ntsia. Zoo ces nyeem ntxiv!
Camunda BPM yog dab tsi
Camunda BPM yog qhov qhib kev lag luam kev tswj hwm thiab kev txiav txim siab automation platform uas txuas cov neeg siv lag luam thiab cov tsim software. Nws yog qhov zoo tagnrho rau kev sib koom tes thiab sib txuas cov neeg, (micro) cov kev pabcuam lossis txawm tias bots! Koj tuaj yeem nyeem ntxiv txog cov kev siv sib txawv ntawm .
Vim li cas thiaj siv Kubernetes
Kubernetes tau dhau los ua tus qauv de facto rau kev khiav cov ntawv thov niaj hnub ntawm Linux. Los ntawm kev siv lub kaw lus hu es tsis txhob kho vajtse emulation thiab lub kernel lub peev xwm los tswj kev nco thiab ua haujlwm hloov, lub sijhawm khau raj thiab lub sijhawm pib yog khaws cia kom tsawg. Txawm li cas los xij, qhov txiaj ntsig loj tshaj plaws tuaj yeem yog los ntawm tus qauv API uas Kubernetes muab los teeb tsa cov txheej txheem tsim nyog los ntawm txhua daim ntawv thov: khaws cia, sib tham, thiab saib xyuas. Nws muaj 2020 xyoo nyob rau lub Rau Hli 6 thiab tej zaum yog qhov thib ob loj tshaj plaws qhib qhov project (tom qab Linux). Nws tsis ntev los no tau ua haujlwm ruaj khov rau nws txoj haujlwm tom qab kev rov ua haujlwm nrawm dua ob peb xyoos dhau los vim nws dhau los ua qhov tseem ceeb rau kev tsim khoom ua haujlwm thoob ntiaj teb.
Camunda BPM Cav tuaj yeem txuas tau yooj yim rau lwm daim ntawv thov khiav ntawm tib pawg, thiab Kubernetes muab kev ua kom zoo tshaj plaws, tso cai rau koj kom nce cov nqi vaj tsev tsuas yog thaum xav tau tiag tiag (thiab yooj yim txo lawv raws li xav tau).
Kev saib xyuas zoo kuj tseem txhim kho zoo nrog cov cuab yeej xws li Prometheus, Grafana, Loki, Fluentd thiab Elasticsearch, tso cai rau koj los saib xyuas tag nrho cov haujlwm hauv ib pawg. Niaj hnub no peb yuav saib yuav ua li cas los siv Prometheus exporter rau hauv Java Virtual Machine (JVM).
Cov hom phiaj
Cia peb saib ob peb thaj chaw uas peb tuaj yeem hloov kho Camunda BPM Docker duab () kom nws cuam tshuam zoo nrog Kubernetes.
- Log thiab ntsuas;
- Database kev sib txuas;
- Kev lees paub tseeb;
- Kev tswj hwm kev sib tham.
Peb yuav saib ntau txoj hauv kev kom ua tiav cov hom phiaj no thiab qhia meej txog tag nrho cov txheej txheem.
Примечание: Koj puas siv Enterprise version? Saib thiab hloov kho cov duab txuas raws li xav tau.
Kev txhim kho kev ua haujlwm
Hauv qhov demo no, peb yuav siv Skaffold los tsim Docker dluab siv Google Cloud Build. Nws muaj kev txhawb nqa zoo rau ntau yam cuab yeej (xws li Kustomize thiab Helm), CI thiab tsim cov cuab yeej, thiab cov chaw muab kev pabcuam. Cov ntaub ntawv skaffold.yaml.tmpl suav nrog kev teeb tsa rau Google Cloud Tsim thiab GKE, muab txoj hauv kev yooj yim heev los khiav cov txheej txheem tsim khoom-qib.
make skaffold yuav thauj cov ntsiab lus Dockerfile rau hauv Huab Tsim, tsim cov duab thiab khaws cia rau hauv GCR, thiab tom qab ntawd siv cov manifests rau koj pawg. Qhov no yog qhov nws ua make skaffold, tab sis Skaffold muaj ntau lwm yam nta.
Rau yaml templates hauv Kubernetes, peb siv kustomize los tswj yaml overlays yam tsis muaj forking tag nrho manifest, cia koj siv. git pull --rebase rau kev txhim kho ntxiv. Tam sim no nws nyob hauv kubectl thiab nws ua haujlwm zoo heev rau tej yam zoo li no.
Peb kuj siv envsubst kom populate hostname thiab GCP project ID nyob rau hauv cov ntaub ntawv *.yaml.tmpl. Koj tuaj yeem pom nws ua haujlwm li cas hauv makefile los yog cia li txuas ntxiv mus.
Cov mob uas tsim nyog
- Ua haujlwm pawg
- - rau kev tsim koj tus kheej cov duab docker thiab xa mus yooj yim rau GKE
- Luam ntawm no code
- Envsubst
Kev ua haujlwm nrog cov manifests
Yog tias koj tsis xav siv kustomize lossis skaffold, koj tuaj yeem xa mus rau qhov tshwm sim hauv generated-manifest.yaml thiab hloov lawv mus rau qhov chaw ua haujlwm ntawm koj xaiv.
Log thiab metrics
Prometheus tau dhau los ua tus qauv rau kev sau cov ntsuas hauv Kubernetes. Nws nyob tib lub niche li AWS Cloudwatch Metrics, Cloudwatch Alerts, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics thiab lwm yam. Nws yog qhib qhov chaw thiab muaj lus nug muaj zog. Peb mam li tso siab rau qhov pom rau Grafana - nws los nrog ntau tus dashboards muaj tawm ntawm lub thawv. Lawv txuas rau ib leeg thiab yog ib qho yooj yim rau nruab nrog .
Los ntawm lub neej ntawd, Prometheus siv cov qauv rho tawm <service>/metrics, thiab ntxiv sidecar ntim rau qhov no yog qhov ntau. Hmoov tsis zoo, JMX metrics yog qhov zoo tshaj plaws nkag rau hauv JVM, yog li cov thawv sab hauv tsheb tsis zoo. Wb sib txuas qhib qhov chaw los ntawm Prometheus mus rau JVM los ntawm kev ntxiv nws rau lub thawv duab uas yuav muab txoj hauv kev /metrics ntawm qhov chaw nres nkoj sib txawv.
Ntxiv Prometheus jmx_exporter rau lub thawv
-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0
## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml
Zoo, qhov ntawd yog qhov yooj yim. Tus xa tawm yuav saib xyuas tomcat thiab tso saib nws cov ntsuas hauv Prometheus hom ntawm <svc>:9404/metrics
Exporter teeb tsa
Tus neeg nyeem nyeem yuav xav tias nws tuaj qhov twg los prometheus-jmx.yaml? Muaj ntau yam sib txawv uas tuaj yeem khiav hauv JVM, thiab tomcat tsuas yog ib qho ntawm lawv, yog li tus neeg xa khoom xav tau qee qhov kev teeb tsa ntxiv. Cov qauv kev teeb tsa rau tomcat, wildfly, kafka thiab lwm yam muaj . Peb yuav ntxiv tomcat li hauv Kubernetes thiab tom qab ntawd mount nws li ntim.
Ua ntej, peb ntxiv cov ntaub ntawv exporter configuration rau peb lub platform / config / directory
platform/config
└── prometheus-jmx.yaml
Ces peb ntxiv в kustomization.yaml.tmpl:
-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...]
configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml
Qhov no yuav ntxiv txhua yam files[] raws li ConfigMap configuration element. ConfigMapGenerators zoo heev vim tias lawv hash cov ntaub ntawv teeb tsa thiab yuam kom rov pib dua yog tias nws hloov pauv. Lawv kuj txo tus nqi ntawm kev teeb tsa hauv Deployment txij li thaum koj tuaj yeem txuas tag nrho "folder" ntawm cov ntaub ntawv teeb tsa hauv ib VolumeMount.
Thaum kawg, peb yuav tsum tau mount ConfigMap raws li lub ntim rau lub pod:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]
Zoo kawg. Yog tias Prometheus tsis tau teeb tsa los ua kev tu tag nrho, koj yuav tsum tau qhia nws kom ntxuav cov pods. Cov neeg siv Prometheus Operator tuaj yeem siv service-monitor.yaml pib. Tshawb nrhiav Service-monitor.yaml, и ua ntej koj pib.
Txuas tus qauv no mus rau lwm yam kev siv
Tag nrho cov ntaub ntawv peb ntxiv rau ConfigMapGenerator yuav muaj nyob rau hauv cov npe tshiab /etc/config. Koj tuaj yeem txuas ntxiv cov qauv no rau mount lwm cov ntaub ntawv teeb tsa koj xav tau. Koj muaj peev xwm txawm mount ib tug tshiab startup tsab ntawv. Koj siv tau mus mount ib tug neeg cov ntaub ntawv. Txhawm rau hloov cov ntaub ntawv xml, xav txog kev siv es sed. Nws twb suav nrog hauv daim duab.
Cov ntawv xov xwm
Xov xwm zoo heev! Daim ntawv thov cav twb muaj nyob rau ntawm stdout, piv txwv li nrog kubectl logs. Fluentd (tshem los ntawm lub neej ntawd hauv GKE) yuav xa koj cov ntawv teev npe mus rau Elasticsearch, Loki, lossis koj lub lag luam nkag platform. Yog tias koj xav siv jsonify rau cov cav ces koj tuaj yeem ua raws li cov qauv saum toj no los nruab .
Database
Los ntawm lub neej ntawd, daim duab yuav muaj H2 database. Qhov no tsis haum rau peb, thiab peb yuav siv Google Cloud SQL nrog Huab SQL Proxy - qhov no yuav xav tau tom qab los daws teeb meem sab hauv. Qhov no yog qhov kev xaiv yooj yim thiab txhim khu kev qha yog tias koj tsis muaj koj tus kheej nyiam hauv kev teeb tsa cov ntaub ntawv. AWS RDS muab kev pabcuam zoo sib xws.
Txawm hais tias koj xaiv qhov database, tshwj tsis yog nws yog H2, koj yuav tsum tau teeb tsa qhov chaw tsim nyog hloov pauv hauv platform/deploy.yaml. Nws zoo li qhov no:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]
Примечание: Koj tuaj yeem siv Kustomize los xa mus rau qhov chaw sib txawv siv qhov sib tshooj: .
Примечание: siv valueFrom: secretKeyRef. Thov, siv txawm tias thaum lub sij hawm txoj kev loj hlob kom koj secrets muaj kev ruaj ntseg.
Nws zoo li koj twb muaj qhov kev nyiam rau kev tswj Kubernetes zais cia. Yog tias tsis yog, ntawm no yog qee qhov kev xaiv: Encrypting lawv nrog koj tus kws kho mob huab cua KMS thiab tom qab ntawd txhaj rau hauv K8S raws li kev zais ntawm CD pipeline − - yuav ua hauj lwm zoo heev ua ke nrog Kustomize secrets. Muaj lwm yam cuab yeej, xws li dotGPG, uas ua haujlwm zoo sib xws: , .
Ingress
Tshwj tsis yog tias koj xaiv siv qhov chaw nres nkoj xa mus hauv zos, koj yuav xav tau Ingress Controller teeb tsa. Yog koj tsis siv () ces koj feem ntau yuav paub tias koj yuav tsum tau nruab qhov tsim nyog annotations hauv ingress-patch.yaml.tmpl los yog platform/ingress.yaml. Yog tias koj siv ingress-nginx thiab pom nginx ingress chav kawm nrog lub load balancer taw rau nws thiab ib qho DNS sab nraud lossis wildcard DNS nkag, koj zoo mus. Txwv tsis pub, teeb tsa Ingress Controller thiab DNS, lossis hla cov kauj ruam no thiab khaws cov kev sib txuas ncaj qha mus rau lub pod.
TLS
Yog koj siv los yog kube-lego thiab letsencrypt - daim ntawv pov thawj rau tus ID nkag mus tshiab yuav tau txais. Txwv tsis pub, qhib ingress-patch.yaml.tmpl thiab kho nws kom haum koj cov kev xav tau.
Tua tawm!
Yog tias koj ua raws txhua yam uas tau sau saum toj no, ces cov lus txib make skaffold HOSTNAME=<you.example.com> yuav tsum tso ib qho piv txwv muaj nyob rau hauv <hostname>/camunda
Yog tias koj tsis tau teeb tsa koj tus lej nkag mus rau qhov URL pej xeem, koj tuaj yeem hloov nws nrog localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 rau localhost:8080/camunda
Tos ob peb feeb kom txog thaum tomcat npaj txhij. Cert-manager yuav siv qee lub sijhawm los txheeb xyuas lub npe sau npe. Tom qab ntawd koj tuaj yeem saib xyuas cov cav uas siv cov cuab yeej muaj, xws li cov cuab yeej xws li kubetail, lossis tsuas yog siv kubectl:
kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f
Cov kauj ruam tom ntej
Tso Cai
Qhov no muaj feem cuam tshuam rau kev teeb tsa Camunda BPM dua li Kubernetes, tab sis nws yog ib qho tseem ceeb uas yuav tsum nco ntsoov tias los ntawm lub neej ntawd, kev lees paub yog neeg tsis taus hauv REST API. Koj ua tau los yog siv lwm txoj kev zoo li . Koj tuaj yeem siv configmaps thiab ntim kom thauj khoom xml, lossis xmlstarlet (saib saum toj no) los kho cov ntaub ntawv uas twb muaj lawm hauv daim duab, thiab siv wget lossis thauj lawv siv lub thawv init thiab ntim sib koom.
Kev tswj hwm kev sib tham
Zoo li ntau lwm daim ntawv thov, Camunda BPM tuav cov kev sib tham hauv JVM, yog li yog tias koj xav khiav ntau qhov kev hloov pauv, koj tuaj yeem ua kom cov ntu nplaum (), uas yuav muaj nyob kom txog rau thaum lub replica ploj, los yog teem lub Max-Age attribute rau ncuav qab zib. Rau qhov kev daws teeb meem zoo dua, koj tuaj yeem xa Tus Thawj Saib Xyuas Session hauv Tomcat. Lars muaj ntawm lub ncauj lus no, tab sis ib yam dab tsi zoo li:
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&
sed -i '/^</Context>/i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://redis-proxy.db:22121"
sticky="false"
sessionBackupAsync="false"
storageKeyPrefix="context"
lockingMode="auto"
/>' conf/context.xml
Примечание: koj tuaj yeem siv xmlstarlet tsis yog sed
Peb siv pem hauv ntej ntawm Google Cloud Memorystore, nrog (txhawb Redis) khiav nws.
Scaling
Yog tias koj twb nkag siab cov kev sib tham, ces thawj zaug (thiab feem ntau qhov kawg) txwv rau kev ntsuas Camunda BPM tej zaum yuav yog qhov kev sib txuas rau cov ntaub ntawv. Ib nrab customization twb muaj "" Wb kuj lov tes taw intialSize hauv cov ntaub ntawv settings.xml. Ntxiv thiab koj tuaj yeem yooj yim cia li ntsuas tus naj npawb ntawm cov pods.
Kev thov thiab kev txwv
В platform/deployment.yaml Koj yuav pom tias peb tau hard-coded cov chaw muab kev pab. Qhov no ua haujlwm zoo nrog HPA, tab sis tej zaum yuav xav tau kev teeb tsa ntxiv. Lub kustomize thaj yog haum rau qhov no. Cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl
xaus
Yog li peb tau nruab Camunda BPM ntawm Kubernetes nrog Prometheus metrics, cav, H2 database, TLS thiab Ingress. Peb ntxiv cov ntaub ntawv ntim thiab cov ntaub ntawv teeb tsa siv ConfigMaps thiab Dockerfile. Peb tham txog kev sib pauv cov ntaub ntawv rau ntim thiab ncaj qha rau ib puag ncig hloov pauv los ntawm kev zais cia. Tsis tas li ntawd, peb tau muab cov ntsiab lus ntawm kev teeb tsa Camunda rau ntau yam replicas thiab authenticated API.
ua tim khawv
github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives
05.08.2020/XNUMX/XNUMX, lus Alastair Firth, Lars Lange
Tau qhov twg los: www.hab.com