Otu Dailymotion na-eji Kubernetes: Nkwanye ngwa
Anyị na Dailymotion malitere iji Kubernetes na mmepụta 3 afọ gara aga. Mana ibugharị ngwa n'ofe ọtụtụ ụyọkọ na-atọ ụtọ, yabụ n'ime afọ ole na ole gara aga, anyị na-agbalị imeziwanye ngwa ọrụ na usoro ọrụ anyị.
Ebee ka ọ malitere
N'ebe a, anyị ga-ekpuchi otu anyị si ebuga ngwa anyị gafee ọtụtụ ụyọkọ Kubernetes gburugburu ụwa.
Iji bufee ọtụtụ ihe Kubernetes otu oge, anyị na-eji , na echekwara eserese anyị niile n'otu ebe nchekwa git. Iji wepụta nchịkọta ngwa zuru ezu site na ọtụtụ ọrụ, anyị na-eji ihe a na-akpọ chaatị nchịkọta. N'ụzọ bụ isi, nke a bụ eserese na-ekwupụta ịdabere na-enye gị ohere iji otu iwu malite API na ọrụ ya.
Anyị dekwara obere edemede Python n'elu Helm iji mee nlele, mepụta chaatị, tinye ihe nzuzo, na itinye ngwa. A na-arụ ọrụ ndị a niile n'elu ikpo okwu etiti CI site na iji onyonyo docker.
Ka anyị ruo n'isi okwu.
Rịba ama. Ka ị na-agụ nke a, ekwupụtala ọkwa ntọhapụ mbụ maka Helm 3. Ụdị nke bụ isi nwere ọtụtụ ndozi iji lebara ụfọdụ nsogbu anyị zutere n'oge gara aga.
Usoro mmepe eserese
Anyị na-eji alaka ụlọ ọrụ maka ngwa, anyị kpebiri itinye otu usoro ahụ na chaatị.
- Alaka di a na-eji emepụta chaatị ndị a ga-anwale na ụyọkọ mmepe.
- Mgbe etinyere arịrịọ ịdọrọ nwe-, a na-enyocha ha na nhazi.
- N'ikpeazụ, anyị na-emepụta arịrịọ ịdọrọ iji mee mgbanwe na alaka ụlọ ọrụ eb ma tinye ha n'ọrụ na mmepụta.
Gburugburu ebe ọ bụla nwere ebe nchekwa nke ya nke na-echekwa eserese anyị, anyị na-ejikwa ya nwere API bara uru nke ukwuu. N'ụzọ dị otú a, anyị na-ahụ na ikewapụ iche n'etiti gburugburu na ezigbo ụwa ule nke chaatị dị tupu iji ha na mmepụta.
Ebe nchekwa eserese dị na gburugburu dị iche iche
Ọ dị mma ịmara na mgbe ndị nrụpụta na-agbanye alaka dev, a na-ebugharị ụdị eserese ha na dev Chartmuseum ozugbo. Yabụ, ndị nrụpụta niile na-eji otu ebe nchekwa dev, ma ịkwesịrị iji nlezianya kọwaa ụdị eserese gị ka ị ghara iji mgbanwe onye ọzọ na mberede mee ihe.
Ọzọkwa, obere edemede Python anyị kwadoro ihe Kubernetes megide nkọwa Kubernetes OpenAPI site na iji , tupu ibipụta ha na Chartmusem.
Nkọwa zuru oke nke usoro mmepe eserese eserese
- Ịtọlite ọrụ pipeline dị ka nkọwapụta maka njikwa mma (lint, unit-ule).
- Iji ngwa Python na-ebugharị onyonyo docker na-ebuga ngwa anyị.
- Ịtọlite gburugburu site na aha alaka.
- Na-akwado Kubernetes yaml faịlụ site na iji Kubeval.
- Na-ebuli ụdị eserese eserese na eserese ndị nne na nna ya na-akpaghị aka (akara ngosi dabere na eserese a na-agbanwe).
- Ịnyefe eserese na Chartmuseum nke dabara na gburugburu ya
Ijikwa ndịiche n'ofe ụyọkọ
Njikọ nke ụyọkọ
O nwere mgbe anyị ji , ebe enwere ike ịkpọpụta ihe Kubernetes site na otu njedebe API. Ma nsogbu bilitere. Dịka ọmụmaatụ, ụfọdụ ihe Kubernetes enweghị ike ịmepụta na njedebe nke gọọmenti etiti, na-eme ka o sie ike idobe ihe federated na ihe ndị ọzọ maka ụyọkọ nke ọ bụla.
Iji dozie nsogbu ahụ, anyị malitere ijikwa ụyọkọ ahụ n'onwe ya, nke mere ka usoro ahụ dịkwuo mfe (anyị na-eji ụdị mbụ nke federation, ihe nwere ike gbanwee na nke abụọ).
Ikpokoro geo-ekesa
A na-ekesa ikpo okwu anyị ugbu a n'ofe mpaghara 6 - 3 na mpaghara yana 3 na igwe ojii.
Nkesa ekesara
Global Helm ụkpụrụ
4 ụkpụrụ Helm zuru ụwa ọnụ na-enye gị ohere ịchọpụta ọdịiche dị n'etiti ụyọkọ. Chaatị anyị niile nwere ụkpụrụ kacha nta nke ndabara.
global:
cloud: True
env: staging
region: us-central1
clusterName: staging-us-central1Ụkpụrụ zuru ụwa ọnụ
Ụkpụrụ ndị a na-enyere aka ịkọwa ọnọdụ maka ngwa anyị ma jiri ya mee ihe maka ebumnuche dị iche iche: nlekota, ịchụ nta, ịde osisi, ịkpọ oku mpụga, scaling, wdg.
- "igwe ojii": Anyị nwere ngwakọ Kubernetes ikpo okwu. Dịka ọmụmaatụ, API anyị na-ebunye na mpaghara GCP na ebe data anyị.
- "env": Ụfọdụ ụkpụrụ nwere ike ịgbanwe maka gburugburu anaghị emepụta ya. Dịka ọmụmaatụ, nkọwa akụrụngwa na nhazi autoscaling.
- "Region": Ozi a na-enyere aka ịchọpụta ebe ụyọkọ ahụ dị ma enwere ike iji ya chọpụta njedebe dị nso maka ọrụ mpụga.
- "ụyọkọAha": ọ bụrụ na mgbe anyị chọrọ ịkọwa uru maka ụyọkọ n'otu n'otu.
Nke a bụ otu ọmụmaatụ:
{{/* Returns Horizontal Pod Autoscaler replicas for GraphQL*/}}
{{- define "graphql.hpaReplicas" -}}
{{- if eq .Values.global.env "prod" }}
{{- if eq .Values.global.region "europe-west1" }}
minReplicas: 40
{{- else }}
minReplicas: 150
{{- end }}
maxReplicas: 1400
{{- else }}
minReplicas: 4
maxReplicas: 20
{{- end }}
{{- end -}}Ihe atụ template Helm
A kọwapụtara mgbagha a na ndebiri inyeaka ka ịzenarị ntakiri Kubernetes YAML.
Nkwupụta ngwa
Ngwá ọrụ mbugharị anyị dabere na ọtụtụ faịlụ YAML. N'okpuru ebe a bụ ọmụmaatụ otu anyị si ekwupụta ọrụ na topology ya (ọnụọgụ nke oyiri) na ụyọkọ.
releases:
- foo.world
foo.world: # Release name
services: # List of dailymotion's apps/projects
foobar:
chart_name: foo-foobar
repo: [email protected]:dailymotion/foobar
contexts:
prod-europe-west1:
deployments:
- name: foo-bar-baz
replicas: 18
- name: another-deployment
replicas: 3Nkọwa ọrụ
Nke a bụ ndepụta nke usoro niile na-akọwapụta usoro nhazi ọrụ anyị. Nzọụkwụ ikpeazụ na-ebuga ngwa ahụ na ụyọkọ ndị ọrụ n'otu oge.
Usoro ntinye nke Jenkins
Gịnị banyere ihe nzuzo?
Banyere nchekwa, anyị na-enyocha ihe nzuzo niile site na ebe dị iche iche ma chekwaa ya na oghere pụrụ iche na Paris.
Ngwá ọrụ mbugharị anyị na-ewepụ ụkpụrụ nzuzo sitere na Vault na, mgbe oge mbugharị bịara, tinye ha na Helm.
Iji mee nke a, anyị kọwapụtara maapụ n'etiti ihe nzuzo dị na Vault na ihe nzuzo nke ngwa anyị chọrọ:
secrets:
- secret_id: "stack1-app1-password"
contexts:
- name: "default"
vaultPath: "/kv/dev/stack1/app1/test"
vaultKey: "password"
- name: "cluster1"
vaultPath: "/kv/dev/stack1/app1/test"
vaultKey: "password"- Anyị akọwaala iwu izugbe anyị ga-agbaso mgbe ị na-edekọ ihe nzuzo na Vault.
- Ọ bụrụ na nzuzo na-emetụta n'otu akụkụ ma ọ bụ ụyọkọ, ịkwesịrị ịgbakwunye otu ntinye. (Ebe a ụyọkọ gbara ya gburugburu nwere uru nke ya maka stack-app1-password nzuzo).
- Ma ọ bụghị ya, a na-eji uru ahụ ndabara.
- Maka ihe ọ bụla dị na listi a na Kubernetes nzuzo etinyere ụzọ isi uru. Ya mere, ndebiri nzuzo na eserese anyị dị nnọọ mfe.
apiVersion: v1
data:
{{- range $key,$value := .Values.secrets }}
{{ $key }}: {{ $value | b64enc | quote }}
{{ end }}
kind: Secret
metadata:
name: "{{ .Chart.Name }}"
labels:
chartVersion: "{{ .Chart.Version }}"
tillerVersion: "{{ .Capabilities.TillerVersion.SemVer }}"
type: OpaqueNsogbu na njedebe
Na-arụ ọrụ na ọtụtụ ebe nchekwa
Ugbu a, anyị na-ekewapụta mmepe nke eserese na ngwa. Nke a pụtara na ndị mmepe ga-arụ ọrụ na ebe nchekwa git abụọ: otu maka ngwa, na otu maka ịkọwapụta mbugharị ya na Kubernetes. 2 git repositories pụtara 2 workflows, na ọ dị mfe maka newbie inwe mgbagwoju anya.
Ijikwa eserese n'ozuzu ya bụ nsogbu
Dịka anyị kwurula, eserese ọnụọgụ na-aba uru nke ukwuu maka ịchọpụta ndị dabere na ibuga ọtụtụ ngwa ngwa ngwa. Ma anyị na-eji --reuse-valuesiji zere ịfefe ụkpụrụ niile oge ọ bụla anyị na-ebuga ngwa nke bụ akụkụ nke chaatị a n'ozuzu ya.
N'ime usoro nnyefe na-aga n'ihu, anyị nwere naanị ụkpụrụ abụọ na-agbanwe mgbe niile: ọnụọgụ nke oyiri na mkpado onyonyo (ụdị). A na-eji aka gbanwere ụkpụrụ ndị ọzọ kwụsiri ike, nke a siri ezigbo ike. Ọzọkwa, otu ihie ụzọ n'iwepụta chaatị a na-achịkọta ọnụ nwere ike ibute ọdịda dị oke njọ, dịka anyị hụworo site n'ahụmahụ nke anyị.
Na-emelite ọtụtụ faịlụ nhazi
Mgbe onye nrụpụta gbakwunyere ngwa ọhụrụ, ọ ga-agbanwe ọtụtụ faịlụ: nkwupụta ngwa, ndepụta ihe nzuzo, na-agbakwunye ngwa ahụ dị ka ndabere ma ọ bụrụ na etinyere ya na eserese a na-achịkọta.
A gbatịkwara ikike Jenkins na Vault
Anyị nwere otu ugbu a , nke na-agụ ihe nzuzo niile sitere na Vault.
Usoro nlọghachi azụ abụghị akpaaka
Iji tụgharịa, ịkwesịrị ịme iwu ahụ n'ọtụtụ ụyọkọ, nke a juputara na mperi. Anyị na-eji aka anyị na-arụ ọrụ a iji hụ na akọwapụtara ụdị NJ ziri ezi.
Anyị na-aga n'ihu GitOps
Ebumnuche anyị
Anyị chọrọ iweghachi eserese ahụ na ebe nchekwa ngwa ọ na-ebuga.
Usoro ọrụ ga-abụ otu maka mmepe. Dịka ọmụmaatụ, mgbe a kwanyere alaka ụlọ ọrụ ka ọ mara ọkwa, a ga-akpalite mbugharị ya na-akpaghị aka. Isi ihe dị iche n'etiti usoro a na usoro ọrụ ugbu a ga-abụ nke ahụ a ga-ahazi ihe niile na git (ngwa n'onwe ya na otu esi etinye ya na Kubernetes).
Enwere ọtụtụ uru:
- Ọtụtụ dokwuo anya maka onye mmepụta. Ọ dị mfe ịmụta ka esi etinye mgbanwe na chaatị mpaghara.
- Enwere ike ịkọwa nkọwa nke mbukwa ọrụ Otu ebe dị ka koodu ọrụ.
- Ijikwa mwepụ nke chaatị ndị a na-achịkọta ọnụ. Ọrụ a ga-enwe ntọhapụ Helm nke ya. Nke a ga-enye gị ohere ijikwa usoro ndụ ngwa ngwa (ọlaghachi, nkwalite) na ọkwa kacha nta, ka ọ ghara imetụta ọrụ ndị ọzọ.
- Uru nke git maka njikwa eserese: megharia mgbanwe, ndekọ nyocha, wdg Ọ bụrụ na ịchọrọ ịmegharị mgbanwe na eserese, ịnwere ike iji git mee nke a. Nbunye na-amalite na akpaghị aka.
- Ị nwere ike ịtụle ịkwalite usoro mmepe gị site na iji ngwaọrụ ndị dị ka Skaffold, nke ndị mmepe nwere ike ịnwale mgbanwe na ọnọdụ dị nso na mmepụta.
Mbugharị nzọụkwụ abụọ
Ndị mmepe anyị na-eji usoro ọrụ a maka afọ 2 ugbu a, yabụ anyị chọrọ ka mbugharị ahụ bụrụ nke enweghị mgbu dịka enwere ike. Ya mere, anyị kpebiri ịgbakwunye nzọụkwụ etiti n'ụzọ na mgbaru ọsọ.
Nzọụkwụ mbụ dị mfe:
- Anyị na-edobe usoro yiri nke ahụ maka ịtọlite ntinye ngwa, mana n'otu ihe akpọrọ DailymotionRelease.
apiVersion: "v1"
kind: "DailymotionRelease"
metadata:
name: "app1.ns1"
environment: "dev"
branch: "mybranch"
spec:
slack_channel: "#admin"
chart_name: "app1"
scaling:
- context: "dev-us-central1-0"
replicas:
- name: "hermes"
count: 2
- context: "dev-europe-west1-0"
replicas:
- name: "app1-deploy"
count: 2
secrets:
- secret_id: "app1"
contexts:
- name: "default"
vaultPath: "/kv/dev/ns1/app1/test"
vaultKey: "password"
- name: "dev-europe-west1-0"
vaultPath: "/kv/dev/ns1/app1/test"
vaultKey: "password"- 1 ntọhapụ kwa ngwa (na-enweghị chaatị zuru ezu).
- Charts dị na ebe nchekwa git ngwa.
Anyị agwala ndị nrụpụta niile okwu, yabụ usoro mbugharị amalitelarị. A ka na-achịkwa ọkwa mbụ site na iji ikpo okwu CI. Aga m ede akwụkwọ ọzọ n'oge na-adịghị anya gbasara usoro nke abụọ: otu anyị siri jiri rụọ ọrụ GitOps . Aga m agwa gị otu anyị si edozi ihe niile na ihe isi ike anyị zutere (ọtụtụ ebe nchekwa, ihe nzuzo, wdg). Soro akụkọ.
N'ebe a, anyị nwara ịkọwa ọganihu anyị na ntinye ọrụ ntinye ngwa ngwa n'ime afọ gara aga, nke butere echiche banyere ụzọ GitOps. Anyị erubeghị ihe mgbaru ọsọ ahụ, anyị ga-akọkwa nsonaazụ ya, ma ugbu a, anyị kwenyesiri ike na anyị mere ihe ziri ezi mgbe anyị kpebiri ime ka ihe niile dị mfe ma mee ka ọ dịkwuo nso na àgwà nke ndị mmepe.
isi: www.habr.com