Ki sa ki te vini an premye - poul la oswa ze a? Byen yon kòmansman etranj pou yon atik sou enfrastrikti-kòm-kòd, pa vre?
Ki sa ki se yon ze?
Pi souvan, Infrastructure-as-Code (IaC) se yon fason deklaratif pou reprezante enfrastrikti. Nan li nou dekri eta a ke nou vle reyalize, kòmanse nan pati pyès ki nan konpitè epi fini ak konfigirasyon lojisyèl an. Se poutèt sa yo itilize IaC pou:
- Pwovizyon Resous. Sa yo se VMs, S3, VPC, elatriye. Zouti debaz pou travay: и .
- . Zouti debaz: , Chef, elatriye.
Nenpòt kòd se nan depo git. Ak pi bonè oswa pita lidè ekip la pral deside ke yo bezwen yo dwe mete nan lòd. Epi li pral refactorize. Epi li pral kreye kèk estrikti. Apre sa, li pral wè ke sa a se yon bon bagay.
Li bon tou ke li deja egziste и -founisè pou Terraform (e sa se Configuration lojisyèl). Avèk èd yo, ou ka jere tout pwojè a: manm ekip, CI/CD, git-flow, elatriye.
Ki kote ze a soti?
Se konsa, nou piti piti apwoche kesyon prensipal la.
Premye a tout, ou bezwen kòmanse ak yon depo ki dekri estrikti nan lòt depo, ki gen ladan tèt ou. Ak nan kou, kòm yon pati nan GitOps, ou bezwen ajoute CI pou ke chanjman yo egzekite otomatikman.
Si Git poko te kreye?
- Ki jan yo estoke li nan Git?
- Ki jan yo enstale CI?
- Si nou tou deplwaye Gitlab lè l sèvi avèk IaC, e menm nan Kubernetes?
- Ak GitLab Runner tou nan Kubernetes?
- E Kubernetes nan founisè nwaj la?
Ki sa ki te vini an premye: GitLab kote mwen pral telechaje kòd mwen an, oswa kòd ki dekri ki kalite GitLab mwen bezwen?
Poul ak ze
«3 ak yon dinozò" []
Ann eseye kwit yon plat lè l sèvi avèk kòm yon founisè nwaj .
TL; DR
Èske li posib pou rantre nan yon sèl ekip alafwa?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashEngredyan:
- Kont soti nan my.selectel.ru;
- Jeton kont;
- ladrès Kubernetes;
- Helm Ladrès;
- Konpetans Terraform;
- Helm tablo GitLab;
- Tablo Helm GitLab Runner.
Resèt:
- Jwenn MY_SELECTEL_TOKEN nan panèl la my.selectel.ru.
- Kreye yon gwoup Kubernetes lè w transfere yon siy kont nan li.
- Jwenn KUBECONFIG nan gwoup la kreye.
- Enstale GitLab sou Kubernetes.
- Jwenn GitLab-token soti nan GitLab kreye pou itilizatè rasin.
- Kreye yon estrikti pwojè nan GitLab lè l sèvi avèk GitLab-token.
- Pouse kòd ki egziste deja nan GitLab.
- ??
- Pwofi!
Etap 1. Ou ka jwenn siy la nan seksyon an .
Etap 2. Nou prepare Terraform nou an pou "boulanjri" yon gwoup 2 nœuds. Si ou sèten ke ou gen ase resous pou tout bagay, Lè sa a, ou ka pèmèt kota oto:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Ajoute yon itilizatè nan pwojè a:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Sòti:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Ann lanse:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile 
Etap 3. Nou jwenn cubeconfig la.
Pou telechaje KUBECONFIG pwogramasyon, ou bezwen jwenn yon siy nan OpenStack:
openstack token issue -c id -f value > tokenAk siy sa a fè yon demann nan Managed Kubernetes Selectel API la. k8s_id pwoblèm terraform:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlOu ka jwenn aksè nan Cupconfig tou atravè panèl la.
Etap 4. Apre grap la kwit epi nou gen aksè a li, nou ka ajoute yaml sou tèt gou.
Mwen prefere ajoute:
- espas non
- klas depo
- politik sekirite gous ak sou sa.
pou Selectel ka pran nan .
Depi okòmansman mwen te chwazi yon gwoup nan zòn nan ru-3a, Lè sa a, mwen bezwen Klas Depo ki soti nan zòn sa a.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: trueEtap 5. Enstale yon balans chaj.
Nou pral sèvi ak yon sèl estanda a pou anpil moun nginx-ingress. Gen deja anpil enstriksyon pou enstale li, kidonk nou pa pral rete sou li.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlNou tann pou li resevwa yon IP ekstèn pou apeprè 3-4 minit:
Resevwa IP ekstèn:
Etap 6. Enstale GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Ankò nou tann tout gous yo monte.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Gous yo leve:
Etap 7. Nou resevwa GitLab-token.
Premyèman, chèche konnen modpas la konekte:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeKoulye a, ann konekte epi jwenn yon siy:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.ioEtap 8. Pote depo Git nan yerachi ki kòrèk la lè l sèvi avèk Founisè Gitlab la.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileMalerezman, terraform GitLab founisè gen yon k ap flote . Lè sa a, ou pral oblije efase pwojè konfli yo manyèlman yo nan lòd pou tf.state yo dwe fiks. Lè sa a, relanse kòmandman an `$make all`
Etap 9. Nou transfere depo lokal yo nan sèvè a.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)Fè:
Konklizyon
Nou te reyalize ke nou ka jere tout bagay deklaratif nan machin lokal nou an. Koulye a, mwen vle transfere tout travay sa yo nan CI epi jis peze bouton. Pou fè sa, nou bezwen transfere eta lokal nou yo (eta Terraform) nan CI. Ki jan fè sa a se nan pwochen pati a.
Abònman ak nou pou pa rate lage nouvo atik!
Sous: www.habr.com
