Apa sing luwih dhisik - pitik utawa endhog? Wiwitan sing aneh kanggo artikel babagan Infrastruktur-as-Code, ta?
Apa iku endhog?
Paling asring, Infrastructure-as-Code (IaC) minangka cara deklaratif kanggo makili infrastruktur. Ing kono kita njlèntrèhaké negara sing arep digayuh, wiwit saka bagean hardware lan pungkasan karo konfigurasi piranti lunak. Mulane IaC digunakake kanggo:
- Penyediaan Sumber Daya. Iki minangka VM, S3, VPC, lsp. Alat dhasar kanggo karya: и .
- . Alat dhasar: , Koki, lsp.
Sembarang kode ana ing repositori git. Lan cepet utawa mengko pimpinan tim bakal mutusake manawa kudu ditata. Lan dheweke bakal refactor. Lan bakal nggawe sawetara struktur. Lan dheweke bakal weruh yen iki apik.
Iku uga apik yen wis ana и -panyedhiya kanggo Terraform (lan iki Konfigurasi Software). Kanthi bantuan, sampeyan bisa ngatur kabeh proyek: anggota tim, CI / CD, git-flow, lsp.
Saka endi endhoge?
Supaya kita mboko sithik nyedhaki pitakonan utama.
Kaping pisanan, sampeyan kudu miwiti karo repositori sing nggambarake struktur repositori liyane, kalebu sampeyan dhewe. Lan mesthi, minangka bagéan saka GitOps, sampeyan kudu nambah CI supaya owah-owahan dieksekusi kanthi otomatis.
Yen Git durung digawe?
- Kepiye cara nyimpen ing Git?
- carane kanggo nginstal CI?
- Yen kita uga nyebar Gitlab nggunakake IaC, lan malah ing Kubernetes?
- Lan GitLab Runner uga ing Kubernetes?
- Kepiye babagan Kubernetes ing panyedhiya awan?
Apa sing luwih dhisik: GitLab ing ngendi aku bakal ngunggah kodeku, utawa kode sing nggambarake jenis GitLab sing aku butuhake?
Pitik karo endhog
«3 karo dinosaurus" []
Ayo nyoba masak sajian nggunakake minangka panyedhiya awan .
TL; DR
Apa bisa gabung siji tim bebarengan?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashÚa:
- Akun saka my.selectel.ru;
- Token akun;
- skills Kubernetes;
- Skills Helm;
- Skills Terraform;
- Bagan helm GitLab;
- Bagan helm GitLab Runner.
Resep:
- Entuk MY_SELECTEL_TOKEN saka panel my.selectel.ru.
- Gawe kluster Kubernetes kanthi nransfer token akun kasebut.
- Entuk KUBECONFIG saka kluster sing digawe.
- Instal GitLab ing Kubernetes.
- Entuk GitLab-token saka GitLab digawe kanggo pangguna ROOT.
- Nggawe struktur proyek ing GitLab nggunakake GitLab-token.
- Push kode sing ana menyang GitLab.
- ???
- Keuntungan!
langkah 1. Token bisa dipikolehi ing bagean kasebut .
langkah 2. Kita nyiapake Terraform kanggo "baking" kluster 2 simpul. Yen sampeyan yakin duwe sumber daya sing cukup kanggo kabeh, sampeyan bisa ngaktifake kuota otomatis:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Tambah pangguna menyang proyek:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Output:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Ayo diluncurake:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
langkah 3. Kita njaluk cubeconfig.
Kanggo ndownload KUBECONFIG kanthi program, sampeyan kudu entuk token saka OpenStack:
openstack token issue -c id -f value > tokenLan kanthi token iki, njaluk menyang Managed Kubernetes Selectel API. k8s_id menehi metu wangun terra:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlCupconfig uga bisa diakses liwat panel.
langkah 4. Sawise kluster dipanggang lan kita duwe akses menyang, kita bisa nambah yaml ing ndhuwur kanggo rasa.
Aku luwih seneng nambah:
- papan jeneng
- kelas panyimpenan
- kabijakan keamanan pod lan liya-liyane.
kanggo Selectel bisa dijupuk saka .
Wiwit wiwitane aku milih kluster ing zona kasebut ru-3a, banjur aku kudu Storage Class saka zona iki.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: truelangkah 5. Pasang imbangan beban.
Kita bakal nggunakake standar kanggo akeh nginx-ingress. Wis akeh instruksi kanggo nginstal, mula kita ora bakal mikir babagan iki.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlKita ngenteni nganti nampa IP eksternal udakara 3-4 menit:
Ditampa IP eksternal:
langkah 6. Instal GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Maneh kita ngenteni kabeh pods munggah.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Kembang wungu:
langkah 7. Kita nampa GitLab-token.
Pisanan, goleki sandhi mlebu:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeSaiki ayo mlebu lan entuk token:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.iolangkah 8. Nggawa repositori Git menyang hierarki sing bener nggunakake Panyedhiya Gitlab.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileSayange, panyedhiya terraform GitLab duwe floating . Banjur sampeyan kudu mbusak proyèk konflik kanthi manual supaya tf.state bisa didandani. Banjur mulihake printah `$make all`
langkah 9. Kita nransfer repositori lokal menyang server.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)Rampung:
kesimpulan
Kita wis entuk manawa bisa ngatur kabeh kanthi deklaratif saka mesin lokal. Saiki aku pengin nransfer kabeh tugas kasebut menyang CI lan mung pencet tombol. Kanggo nindakake iki, kita kudu nransfer negara lokal kita (negara Terraform) menyang CI. Carane nindakake iki ing bagean sabanjure.
Langganan kita supaya ora kantun release artikel anyar!
Source: www.habr.com