Taa, anyị ga-ekwu maka ụkpụrụ na ụdị nke GitOps, yana otu esi etinye ụdị ndị a n'elu ikpo okwu OpenShift. Ntuziaka mmekọrịta maka isiokwu a dị .
Na nkenke, GitOps bụ usoro omume maka iji Git ịdọrọ arịrịọ iji jikwaa akụrụngwa na nhazi ngwa. A na-emeso ebe nchekwa Git dị na GitOps dị ka otu isi mmalite nke ozi gbasara ọnọdụ nke sistemụ, na mgbanwe ọ bụla na steeti a bụ nke a na-achọpụta nke ọma ma na-enyocha ya.
Echiche nke mgbanwe mgbanwe na GitOps abụghị ihe ọhụrụ; ogologo oge ejirila usoro a mee ihe fọrọ nke nta ka ọ bụrụ ụwa niile mgbe ị na-arụ ọrụ na koodu isi mmalite. GitOps na-arụ ọrụ naanị atụmatụ ndị yiri ya (nyocha, ịdọrọ arịrịọ, mkpado, wdg) na akụrụngwa na njikwa nhazi ngwa ma na-enye uru ndị yiri ya dị ka ọ dị na njikwa koodu isi mmalite.
Enweghị nkọwa agụmakwụkwọ ma ọ bụ usoro iwu kwadoro maka GitOps, naanị otu ụkpụrụ nke ejiri rụọ ọrụ a:
- A na-echekwa nkọwa nkwupụta nke sistemụ na ebe nchekwa Git (nhazi, nlekota oru, wdg).
- A na-eme mgbanwe steeti site na arịrịọ ndọpụta.
- A na-ewebata steeti sistemụ na-agba ọsọ na data dị na ebe nchekwa site na iji arịrịọ Git push.
Ụkpụrụ GitOps
- A kọwara nkọwa sistemụ dị ka koodu isi mmalite
A na-emeso nhazi sistemu dị ka koodu ka e wee chekwaa ya ma dezie ya na-akpaghị aka na ebe nchekwa Git, nke na-eje ozi dị ka otu isi iyi nke eziokwu. Usoro a na-eme ka ọ dị mfe ibugharị na ịtụgharị mgbanwe na sistemụ.
- Edobere steeti na nhazi nke sistemu achọrọ na ụdị ya na Git
Site na ịchekwa na mbipute steeti sistemụ chọrọ na Git, anyị na-enwe ike ịtụgharị ngwa ngwa wee tụgharịa mgbanwe na sistemụ na ngwa. Anyị nwekwara ike iji usoro nchekwa Git jikwaa nwe koodu wee chọpụta na ọ bụ eziokwu.
- Enwere ike itinye mgbanwe nhazi na-akpaghị aka site na arịrịọ ịdọrọ
Iji Git ịdọrọ arịrịọ, anyị nwere ike ijikwa ngwa ngwa ka esi etinye mgbanwe na nhazi na ebe nchekwa. Dịka ọmụmaatụ, enwere ike ịnye ndị otu ndị ọzọ maka nyocha ma ọ bụ na-agba ọsọ na ule CI, wdg.
Ma n'otu oge ahụ, ọ dịghị mkpa ikesa ikike nchịkwa aka ekpe na aka nri. Iji mee mgbanwe nhazi, ndị ọrụ chọrọ naanị ikike kwesịrị ekwesị na ebe nchekwa Git ebe echekwara nhazi ndị ahụ.
- Idozi nsogbu nke mbanye nhazi na-achịkwaghị achịkwa
Ozugbo echekwara ọnọdụ sistemụ ahụ achọrọ na ebe nchekwa Git, naanị ihe anyị ga-eme bụ ịchọta sọftụwia nke ga-ahụ na ọnọdụ sistemụ dị ugbu a dabara na steeti ọ chọrọ. Ọ bụrụ na nke a abụghị ikpe, mgbe ahụ software a kwesịrị - dabere na ntọala - ma ọ bụ wepụ ihe dị iche n'onwe ya, ma ọ bụ gwa anyị banyere nhazi nhazi.
Ụdị GitOps maka OpenShift
Na-Cluster Resource Reconciler
Dị ka ihe nlereanya a si dị, ụyọkọ ahụ nwere onye njikwa nke na-ahụ maka ịtụnyere akụrụngwa Kubernetes (faịlụ YAML) na ebe nchekwa Git na ezigbo akụrụngwa nke ụyọkọ ahụ. Ọ bụrụ na achọpụtara ndịiche, onye njikwa na-eziga ọkwa na ikekwe mee ihe iji dozie esemokwu ahụ. A na-eji ụdị GitOps a na Anthos Config Management na Weaveworks Flux.
Ndozi ihe enyemaka mpụga (Push)
Enwere ike iwere ihe nlereanya a dị ka mgbanwe nke nke gara aga, mgbe anyị nwere otu ma ọ bụ karịa ndị njikwa na-ahụ maka ịmekọrịta akụrụngwa na ụzọ abụọ "Git repository - Kubernetes cluster". Ihe dị iche ebe a bụ na ụyọkọ ọ bụla a na-achịkwa agaghị enwerịrị onye njikwa nke ya. A na-akọwakarị ụyọkọ Git - k8s dị ka CRD (nkọwa akụrụngwa omenala), nke nwere ike ịkọwa ka onye njikwa kwesịrị isi rụọ ọrụ mmekọrịta. N'ime ihe nlereanya a, ndị na-ahụ maka njikwa na-atụnyere ebe nchekwa Git akọwapụtara na CRD yana akụrụngwa ụyọkọ Kubernetes, nke akọwapụtara na CRD, ma na-eme omume kwesịrị ekwesị dabere na nsonaazụ ntụnyere ahụ. Karịsịa, a na-eji ụdị GitOps a na ArgoCD.
GitOps na ikpo okwu OpenShift
Nlekọta nke akụrụngwa Kubernetes ọtụtụ ụyọkọ
Site na mgbasa nke Kubernetes na mmụba na-ewu ewu nke atụmatụ igwe ojii na ịgbakọ ọnụ ọnụ, nkezi ọnụọgụ OpenShift maka onye ahịa na-abawanye.
Dịka ọmụmaatụ, mgbe ị na-eji kọmpụta ihu, enwere ike ibunye ụyọkọ ndị ahịa n'ọtụtụ narị ma ọ bụ ọbụna puku kwuru puku. N'ihi ya, a na-amanye ya ijikwa ọtụtụ ụyọkọ OpenShift nọọrọ onwe ya ma ọ bụ ahaziri ahazi na igwe ojii yana n'ime ụlọ.
N'okwu a, a ga-edozi ọtụtụ nsogbu, karịsịa:
- Jikwaa na ụyọkọ ndị ahụ nọ n'otu ọnọdụ (nhazi, nlekota, nchekwa, wdg)
- Megharịa (ma ọ bụ weghachi) ụyọkọ dabere na steeti amaara.
- Mepụta ụyọkọ ọhụrụ dabere na steeti amaara.
- Wepụta mgbanwe na ọtụtụ ụyọkọ OpenShift.
- Mgbanwe tụgharịa gafee ọtụtụ ụyọkọ OpenShift.
- Jikọọ nhazi ndebiri na gburugburu dị iche iche.
Nhazi ngwa
N'oge usoro ndụ ha, ngwa na-agafekarị n'agbụ nke ụyọkọ (dev, ogbo, wdg) tupu ha ejedebe na ụyọkọ mmepụta. Na mgbakwunye, n'ihi nnweta na scalability chọrọ, ndị ahịa na-ebugharị ngwa n'ofe ọtụtụ ụyọkọ na-arụ ọrụ ma ọ bụ ọtụtụ mpaghara nke ikpo okwu igwe ojii.
N'okwu a, a ga-edozi ọrụ ndị a:
- Gbaa mbọ hụ na mmegharị nke ngwa (binary, configs, wdg) n'etiti ụyọkọ (dev, ogbo, wdg.).
- Wepụ mgbanwe na ngwa (binary, configs, wdg) n'ọtụtụ ụyọkọ OpenShift.
- Weghachite mgbanwe na ngwa gaa na steeti amaara mbụ.
OpenShift GitOps Jiri Okwu
1. Itinye mgbanwe site na ebe nchekwa Git
Onye nchịkwa ụyọkọ nwere ike ịchekwa nhazi ụyọkọ OpenShift na ebe nchekwa Git wee tinye ha na-akpaghị aka ka ha mepụta ụyọkọ ọhụrụ na-enweghị ike ma webata ha na steeti yiri steeti amaara nke echekwara na ebe nchekwa Git.
2. Mmekọrịta na onye njikwa nzuzo
Onye nchịkwa ga-eritekwa uru site n'ikike imekọrịta ihe nzuzo OpenShift na ngwanrọ dabara adaba dị ka Vault iji jikwaa ha site na iji ngwaọrụ emepụtara maka nke a.
3. Njikwa nhazi nhazi
Onye nlekọta ahụ ga-akwado naanị ma ọ bụrụ na OpenShift GitOps n'onwe ya na-achọpụta ma dọọ aka ná ntị banyere ọdịiche dị n'etiti ezigbo nhazi yana ndị akọwapụtara na ebe nchekwa ahụ, ka ha wee nwee ike ịzaghachi ngwa ngwa na mkpagharị.
4. Ịma ọkwa banyere nhazi mbanye
Ha bara uru n'okwu ahụ mgbe onye nchịkwa chọrọ ngwa ngwa ịmụta banyere ikpe nke nhazi nhazi iji mee ngwa ngwa n'onwe ya.
5. Mmekọrịta ntuziaka nke nhazi mgbe ị na-ebugharị
Na-enye onye nchịkwa ohere ịmekọrịta ụyọkọ OpenShift na ebe nchekwa Git ma ọ bụrụ na nhazi nhazi, iji weghachi ụyọkọ ahụ ngwa ngwa na steeti amaburu.
6.Auto-mmekọrịta nhazi nke nhazi mgbe ị na-ebugharị
Onye nchịkwa nwekwara ike hazie ụyọkọ OpenShift ka ọ ga-emekọrịta ozugbo na ebe nchekwa mgbe achọpụtara drift, nke mere na nhazi ụyọkọ ahụ na-adaba na nhazi na Git mgbe niile.
7. Ọtụtụ ụyọkọ - otu ebe nchekwa
Onye nchịkwa nwere ike ịchekwa nhazi nke ọtụtụ ụyọkọ OpenShift dị iche iche n'otu ebe nchekwa Git wee họrọ ya tinye ha dịka achọrọ.
8. Usoro nhazi ụyọkọ (ihe nketa)
Onye nchịkwa nwere ike ịtọ ọkwa nhazi ụyọkọ n'ime ebe nchekwa (ogbo, prod, ngwa pọtụfoliyo, wdg. nwere ihe nketa). N'ikwu ya n'ụzọ ọzọ, ọ nwere ike ikpebi ma a ga-etinye nhazi na otu ụyọkọ ma ọ bụ karịa.
Dịka ọmụmaatụ, ọ bụrụ na onye nchịkwa na-edobe ọkwa "ụyọkọ mmepụta (prod) → System X ụyọkọ → mmepụta ụyọkọ nke usoro X" na ebe nchekwa Git, mgbe ahụ, a na-etinye ngwakọta nke nhazi ndị a na ụyọkọ mmepụta nke usoro X:
- Configs a na-ahụkarị na ụyọkọ mmepụta niile.
- Configs maka ụyọkọ Sistemu X.
- Configs maka ụyọkọ mmepụta sistemụ X.
9. Ụdị na nhazi na-agbagha
Onye nchịkwa nwere ike ịkagbu otu nhazi nke ketara eketa na ụkpụrụ ha, dịka ọmụmaatụ, iji dozie nhazi maka ụyọkọ kpọmkwem nke a ga-etinye ha n'ọrụ.
10. Nhọrọ gụnyere ma wepụ maka nhazi, nhazi ngwa ngwa
Onye nchịkwa nwere ike ịtọ ọnọdụ maka ngwa ma ọ bụ enweghị ntinye nke ụfọdụ nhazi na ụyọkọ nwere ụfọdụ njirimara.
11. Nkwado ndebiri
Ndị nrụpụta ga-erite uru site n'ikike ịhọrọ ka a ga-esi kọwaa akụrụngwa ngwa (Helm Chart, pure Kubernetes yaml, wdg) iji jiri usoro dabara adaba maka ngwa ọ bụla akọwapụtara.
Ngwa GitOps na ikpo okwu OpenShift
ArgoCD
ArgoCD na-emejuputa ụdị Mpụga Resource Reconcile ma na-enye UI etiti maka ịhazi otu-na-ọtụtụ mmekọrịta n'etiti ụyọkọ na ebe nchekwa Git. Ọdịmma nke mmemme a gụnyere enweghị ike ijikwa ngwa mgbe ArgoCD anaghị arụ ọrụ.
asọpụta
Flux na-arụ ọrụ On-Cluster Resource Reconcile model na, n'ihi ya, enweghị njikwa etiti nke ebe nchekwa nkọwa, nke bụ ebe adịghị ike. N'aka nke ọzọ, kpọmkwem n'ihi enweghị centralization, ikike ijikwa ngwa na-anọgide ọbụna ma ọ bụrụ na otu ụyọkọ ada ada.
Ịwụnye ArgoCD na OpenShift
ArgoCD na-enye ọmarịcha ahịrị ahịrị iwu yana njikwa webụ, yabụ anyị agaghị ekpuchi Flux na ụzọ ndị ọzọ ebe a.
Iji bukwasa ArgoCD na ikpo okwu OpenShift 4, soro usoro ndị a dị ka onye nchịkwa ụyọkọ:
Na-ebuga ngwa ArgoCD na ikpo okwu OpenShift
# Create a new namespace for ArgoCD components
oc create namespace argocd
# Apply the ArgoCD Install Manifest
oc -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.2.2/manifests/install.yaml
# Get the ArgoCD Server password
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')Mmelite nke ArgoCD Server ka OpenShift Route wee hụ ya
# Patch ArgoCD Server so no TLS is configured on the server (--insecure)
PATCH='{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"argocd-server"}],"containers":[{"command":["argocd-server","--insecure","--staticassets","/shared/app"],"name":"argocd-server"}]}}}}'
oc -n argocd patch deployment argocd-server -p $PATCH
# Expose the ArgoCD Server using an Edge OpenShift Route so TLS is used for incoming connections
oc -n argocd create route edge argocd-server --service=argocd-server --port=http --insecure-policy=RedirectNa-ebuga ngwa ArgoCD Cli
# Download the argocd binary, place it under /usr/local/bin and give it execution permissions
curl -L https://github.com/argoproj/argo-cd/releases/download/v1.2.2/argocd-linux-amd64 -o /usr/local/bin/argocd
chmod +x /usr/local/bin/argocdỊgbanwe ArgoCD Server paswọọdụ admin
# Get ArgoCD Server Route Hostname
ARGOCD_ROUTE=$(oc -n argocd get route argocd-server -o jsonpath='{.spec.host}')
# Login with the current admin password
argocd --insecure --grpc-web login ${ARGOCD_ROUTE}:443 --username admin --password ${ARGOCD_SERVER_PASSWORD}
# Update admin's password
argocd --insecure --grpc-web --server ${ARGOCD_ROUTE}:443 account update-password --current-password ${ARGOCD_SERVER_PASSWORD} --new-password
Mgbe ịmechara usoro ndị a, ị nwere ike ịrụ ọrụ na ArgoCD Server site na ngwa ngwa ngwa ArgoCD WebUI ma ọ bụ ngwa ahịrị ArgoCD Cli.
GitOps - Ọ dịghị mgbe akaha
"Ụgbọ oloko ahụ ahapụla" - nke a bụ ihe ha na-ekwu banyere ọnọdụ mgbe ohere ime ihe na-efunahụ. N'ihe banyere OpenShift, ọchịchọ ịmalite ozugbo iji ikpo okwu ọhụrụ a dị mma na-emepụtakarị ọnọdụ a na njikwa na nhazi nke ụzọ, ntinye na ihe OpenShift ndị ọzọ. Ma ohere ọ na-efunahụ mgbe niile?
Na-aga n'ihu usoro isiokwu gbasara , taa, anyị ga-egosi gị ka ị ga-esi gbanwee ngwa ejiri aka mee na ihe onwunwe ya ka ọ bụrụ usoro ebe ihe niile na-eji GitOps ngwá ọrụ. Iji mee nke a, anyị ga-ebu ụzọ were aka bufee ngwa httpd. Nseta ihuenyo dị n'okpuru na-egosi otu anyị si emepụta oghere aha, ntinye na ọrụ, wee kpughee ọrụ a iji mepụta ụzọ.
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/namespace.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/deployment.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/service.yaml
oc expose svc/httpd -n simple-appYabụ na anyị nwere ngwa ejiri aka rụọ. Ugbu a ọ dị mkpa ka ebufe ya n'okpuru njikwa GitOps na-enweghị nkwụsị nke nnweta. Na nkenke, ọ na-eme nke a:
- Mepụta ebe nchekwa Git maka koodu ahụ.
- Anyị na-ebupụ ihe anyị ugbu a ma bulite ha na ebe nchekwa Git.
- Ịhọrọ na ibuga ngwaọrụ GitOps.
- Anyị na-agbakwunye ebe nchekwa anyị na ngwa ngwa a.
- Anyị na-akọwapụta ngwa na ngwa GitOps anyị.
- Anyị na-eji ngwa GitOps na-eme nnwale nnwale.
- Anyị na-emekọrịta ihe site na iji ngwa ngwa GitOps.
- Kwado ịkwachaa na mmekọrịta akpaaka nke ihe.
Dị ka e kwuru na mbụ , na GitOps e nwere otu na naanị otu isi iyi nke ozi gbasara ihe niile dị na Kubernetes ụyọkọ (s) - Git repository. Na-esote, anyị ga-esi na ntọala ụlọ ọrụ gị ejirila ebe nchekwa Git. Ọ nwere ike ịbụ nke ọha ma ọ bụ nke nzuzo, mana ọ ga-enwerịrị ike ịnweta ụyọkọ Kubernetes. Nke a nwere ike ịbụ otu ebe nchekwa dị ka koodu ngwa, ma ọ bụ ebe nchekwa dị iche emepụtara maka mbugharị. A na-atụ aro ka ịnwe ikike siri ike na ebe nchekwa ebe a ga-echekwa ihe nzuzo, ụzọ, na ihe ndị ọzọ nwere mmetụta nchekwa n'ebe ahụ.
N'ihe atụ anyị, anyị ga-emepụta ebe nchekwa ọha ọhụrụ na GitHub. Ị nwere ike ịkpọ ya ihe ọ bụla masịrị gị, anyị na-eji aha blogpost.
Ọ bụrụ na echekwaghị faịlụ ihe YAML na mpaghara ma ọ bụ na Git, mgbe ahụ ị ga-eji ọnụọgụ oc ma ọ bụ kubectl. Na nseta ihuenyo dị n'okpuru ebe a, anyị na-arịọ YAML maka aha ohere anyị, ntinye, ọrụ na ụzọ. Tupu nke a, anyị kpuchiri ebe nchekwa ọhụrụ emepụtara na cd n'ime ya.
oc get namespace simple-app -o yaml --export > namespace.yaml
oc get deployment httpd -o yaml -n simple-app --export > deployment.yaml
oc get service httpd -o yaml -n simple-app --export > service.yaml
oc get route httpd -o yaml -n simple-app --export > route.yamlUgbu a ka anyị dezie faịlụ deployment.yaml iji wepụ ubi Argo CD enweghị ike ịmekọrịta.
sed -i '/sgeneration: .*/d' deployment.yamlNa mgbakwunye, ụzọ ahụ kwesịrị ịgbanwe. Anyị ga-ebu ụzọ tọọ mgbanwe multiline wee dochie ingress: efu na ọdịnaya nke mgbanwe ahụ.
export ROUTE=" ingress:
- conditions:
- status: 'True'
type: Admitted"
sed -i "s/ ingress: null/$ROUTE/g" route.yamlYabụ, anyị ahaziela faịlụ ndị ahụ, naanị ihe fọdụrụ bụ ịchekwa ha na ebe nchekwa Git. Mgbe nke a gasịrị, ebe nchekwa a na-aghọ naanị isi iyi nke ozi, na mgbanwe ọ bụla akwụkwọ ntuziaka ekwesịrị ka amachibidoro nke ọma.
git commit -am ‘initial commit of objects’
git push origin masterỌzọkwa, anyị na-aga n'ihu na eziokwu ahụ bụ na i tinyelarị ArgoCD (otu esi eme nke a - lee nke gara aga ). Ya mere, anyị ga-agbakwunye na Argo CD ebe nchekwa anyị mepụtara, nwere koodu ngwa site na ihe atụ anyị. Naanị jide n'aka na ị kọwapụta kpọmkwem ebe nchekwa ị mepụtara na mbụ.
argocd repo add https://github.com/cooktheryan/blogpostUgbu a ka anyị mepụta ngwa. Ngwa ahụ na-edobe ụkpụrụ ka GitOps Toolkit ghọta ebe nchekwa na ụzọ a ga-eji, nke OpenShift dị mkpa iji jikwaa ihe, nke ngalaba nke ebe nchekwa chọrọ, yana ma akụrụngwa kwesịrị ịmekọrịta onwe ya.
argocd app create --project default
--name simple-app --repo https://github.com/cooktheryan/blogpost.git
--path . --dest-server https://kubernetes.default.svc
--dest-namespace simple-app --revision master --sync-policy none
Ozugbo etinyere ngwa n'ime CD Argo, ngwa ọrụ na-amalite ịlele ihe etinyelarị megide nkọwa ndị dị na ebe nchekwa. N'ọmụmaatụ anyị, auto-sync na Cleanup nwere nkwarụ, ya mere ihe ndị ahụ agbanwebeghị. Biko mara na na Argo CD interface ngwa anyị ga-enwe ọnọdụ "Out of Sync" n'ihi na ọ nweghị akara ArgoCD na-enye.
Nke a bụ ya mere mgbe anyị malitere mmekọrịta obere oge ka e mesịrị, a gaghị ebugharị ihe ndị ahụ.
Ugbu a, ka anyị mee nnwale nnwale iji hụ na enweghị njehie na faịlụ anyị.
argocd app sync simple-app --dry-runỌ bụrụ na enweghị njehie, ị nwere ike ịga n'ihu na mmekọrịta.
argocd app sync simple-appMgbe agbachara argocd nweta iwu na ngwa anyị, anyị kwesịrị ịhụ na ọnọdụ ngwa agbanweela ka Healthy ma ọ bụ Synced. Nke a ga-apụta na akụrụngwa niile dị na ebe nchekwa Git kwekọrọ ugbu a na akụrụngwa ndị ebugorolarị.
argocd app get simple-app
Name: simple-app
Project: default
Server: https://kubernetes.default.svc
Namespace: simple-app
URL: https://argocd-server-route-argocd.apps.example.com/applications/simple-app
Repo: https://github.com/cooktheryan/blogpost.git
Target: master
Path: .
Sync Policy: <none>
Sync Status: Synced to master (60e1678)
Health Status: Healthy
... Ugbu a, ị nwere ike ime ka mmekọrịta akpaaka na nhichapụ iji hụ na ọ dịghị ihe ejiri aka mee ya nakwa na oge ọ bụla e mepụtara ma ọ bụ emelite ihe na ebe nchekwa, ntinye ga-eme.
argocd app set simple-app --sync-policy automated --auto-prune
Yabụ, anyị ewetala ngwa nke ọma n'okpuru njikwa GitOps nke na-ejighi GitOps n'ụzọ ọ bụla.
isi: www.habr.com