Zofunikira za nkhaniyo za woyang'anira phukusi wotchuka wa Kubernetes zitha kuwonetsedwa pogwiritsa ntchito emoji:
- bokosi ndi Helm (chimene chiri pafupi kwambiri ndi kutulutsidwa kwaposachedwa kwa Emoji);
- loko - chitetezo;
- kamwanako ndiye njira yothetsera vutolo.
M'malo mwake, zonse zikhala zovuta kwambiri, ndipo nkhaniyo ili ndi zambiri zaukadaulo Momwe mungapangire Helm kukhala otetezeka.
- Mwachidule chomwe Helm ali ngati simunadziwe kapena kuiwala. Kodi imathetsa mavuto ati ndipo ili pati mu chilengedwe.
- Tiyeni tiwone kamangidwe ka Helm. Palibe kukambirana zachitetezo komanso momwe mungapangire chida kapena yankho kukhala lotetezeka kwambiri popanda kumvetsetsa kamangidwe ka gawolo.
- Tiyeni tikambirane zigawo za Helm.
- Funso loyaka kwambiri ndi tsogolo - mtundu watsopano wa Helm 3.
Chilichonse chomwe chili m'nkhaniyi chikugwira ntchito ku Helm 2. Baibuloli likupangidwa panopa ndipo ndilomwe mukugwiritsa ntchito panopa, ndipo ndilo mtundu womwe uli ndi zoopsa zachitetezo.
Za wokamba: Alexander Khayorov () yakhala ikukula kwa zaka 10, kuthandiza kukonza zomwe zili ndipo adalowa mu komitiyi . Tsopano amagwira ntchito ku Chainstack monga mtsogoleri wachitukuko - ichi ndi chosakanizira pakati pa woyang'anira chitukuko ndi munthu yemwe ali ndi udindo wopereka zomaliza. Ndiko kuti, ili pabwalo lankhondo, pomwe chilichonse chimachitika kuyambira kupangidwa kwa chinthu mpaka kugwira ntchito kwake.
Chainstack ndichiyambi chaching'ono, chomwe chikukula mwachangu chomwe cholinga chake ndikupangitsa makasitomala kuyiwala za zomangamanga ndi zovuta zomwe zimagwira ntchito; gulu lachitukuko lili ku Singapore. Osafunsa Chainstack kugulitsa kapena kugula cryptocurrency, koma perekani kuyankhula za bizinesi blockchain frameworks, ndipo iwo mosangalala kuyankha inu.
Helm
Uyu ndi woyang'anira phukusi (tchati) wa Kubernetes. Njira yodziwika bwino komanso yapadziko lonse lapansi yobweretsera mapulogalamu ku gulu la Kubernetes.
Tikulankhula za njira yokhazikika komanso yamafakitale kuposa kupanga ma YAML anu ndikulemba zida zazing'ono.
Helm ndiye yabwino kwambiri yomwe ilipo komanso yotchuka.
Chifukwa chiyani Helm? Makamaka chifukwa imathandizidwa ndi CNCF. Cloud Native ndi bungwe lalikulu ndipo ndi kampani yama projekiti Kubernetes, etcd, Fluentd ndi ena.
Mfundo ina yofunika ndi yakuti Helm ndi ntchito yotchuka kwambiri. Nditayamba kulankhula za momwe mungapangire Helm kukhala wotetezeka mu Januware 2019, ntchitoyi inali ndi nyenyezi chikwi pa GitHub. Pofika Meyi anali 12 a iwo.
Anthu ambiri ali ndi chidwi ndi Helm, kotero ngakhale simuigwiritsa ntchito, mupindula podziwa za chitetezo chake. Chitetezo ndi chofunikira.
Gulu lalikulu la Helm limathandizidwa ndi Microsoft Azure motero ndi projekiti yokhazikika, mosiyana ndi ena ambiri. Kutulutsidwa kwa Helm 3 Alpha 2 mkati mwa Julayi kukuwonetsa kuti pali anthu ambiri omwe akugwira ntchitoyo, ndipo ali ndi chikhumbo ndi mphamvu zopanga ndi kukonza Helm.
Helm imathetsa zovuta zingapo zoyendetsera ntchito ku Kubernetes.
- Kupaka pulogalamu. Ngakhale ntchito ngati "Moni, Dziko" pa WordPress ili kale ndi mautumiki angapo, ndipo mukufuna kuwayika pamodzi.
- Kuwongolera zovuta zomwe zimabwera ndikuwongolera mapulogalamuwa.
- Kuzungulira kwa moyo komwe sikutha pulogalamu ikakhazikitsidwa kapena kutumizidwa. Ikupitirizabe kukhala ndi moyo, ikuyenera kusinthidwa, ndipo Helm imathandizira ndi izi ndikuyesera kubweretsa miyeso yoyenera ndi ndondomeko za izi.
Kunyamula katundu imakonzedwa momveka bwino: pali metadata mogwirizana ndi ntchito ya woyang'anira phukusi wamba wa Linux, Windows kapena MacOS. Ndiko kuti, nkhokwe, zodalira pamaphukusi osiyanasiyana, zambiri za meta zamapulogalamu, zoikamo, mawonekedwe, kusanja chidziwitso, ndi zina zambiri. Helm imakupatsani mwayi wopeza ndikugwiritsa ntchito zonsezi.
Kuwongolera Kwazovuta. Ngati muli ndi mapulogalamu ambiri amtundu womwewo, ndiye kuti parameterization ikufunika. Ma templates amachokera ku izi, koma kuti mupewe kubwera ndi njira yanu yopangira ma tempuleti, mutha kugwiritsa ntchito zomwe Helm imapereka kuchokera m'bokosilo.
Kugwiritsa Ntchito Lifecycle Management - mwa lingaliro langa, ili ndilo funso lochititsa chidwi komanso losayankhidwa. Ichi ndichifukwa chake ndinabweranso ku Helm masana. Tinkafunika kuyang'anira moyo wa ntchito ndipo tikufuna kusuntha ma CI/CD ndi magwiritsidwe ntchito athu ku paradigm iyi.
Helm amakulolani kuti:
- kuyang'anira kutumizidwa, kumayambitsa lingaliro la kasinthidwe ndi kukonzanso;
- kuchita bwino rollback;
- kugwiritsa ntchito mbedza pazochitika zosiyanasiyana;
- onjezani macheke owonjezera ndikuyankha pazotsatira zawo.
Kuwonjezera apo Helm ili ndi "mabatire" - kuchuluka kwa zinthu zokoma zomwe zitha kuphatikizidwa mu mawonekedwe a mapulagini, kufewetsa moyo wanu. Mapulagini amatha kulembedwa paokha, amakhala otalikirana ndipo safuna zomangamanga zogwirizana. Ngati mukufuna kukhazikitsa china chake, ndikupangira kuchita ngati pulogalamu yowonjezera, kenako ndikuphatikiza kumtunda.
Helm imachokera pa mfundo zazikulu zitatu:
- Chithunzi cha Repo - Kufotokozera ndi kuchuluka kwa magawo omwe angathe pa chiwonetsero chanu.
- Sintha -ndiko kuti, zomwe zidzagwiritsidwe ntchito (zolemba, manambala, ndi zina).
- kumasulidwa amasonkhanitsa zigawo ziwiri zapamwamba, ndipo palimodzi zimasandulika Kumasulidwa. Zotulutsa zimatha kusinthidwa, potero kukwaniritsa dongosolo la moyo: laling'ono panthawi yoyika komanso lalikulu panthawi yokweza, kutsitsa kapena kubweza.
Helm zomangamanga
Chithunzichi chikuwonetseratu kamangidwe kapamwamba ka Helm.
Ndiroleni ndikukumbutseni kuti Helm ndichinthu chogwirizana ndi Kubernetes. Chifukwa chake, sitingachite popanda gulu la Kubernetes (rectangle). Gawo la kube-apiserver limakhala pa master. Popanda Helm tili ndi Kubeconfig. Helm imabweretsa binary yaying'ono, ngati mutha kuyitcha, Helm CLI zofunikira, zomwe zimayikidwa pa kompyuta, laputopu, mainframe - pa chilichonse.
Koma izi sizokwanira. Helm ili ndi gawo la seva lotchedwa Tiller. Imayimira zokonda za Helm mkati mwa tsango; ndikugwiritsa ntchito mkati mwa gulu la Kubernetes, monga lina lililonse.
Chigawo chotsatira cha Chart Repo ndi malo okhala ndi ma chart. Pali malo osungira ovomerezeka, ndipo pakhoza kukhala nkhokwe yachinsinsi ya kampani kapena polojekiti.
Kuyanjana
Tiyeni tiwone momwe zigawo zomanga zimagwirira ntchito tikafuna kukhazikitsa pulogalamu pogwiritsa ntchito Helm.
- Tikuyankhula
Helm install, pezani chosungira (Chati Repo) ndikupeza tchati cha Helm.
- The Helm utility (Helm CLI) imalumikizana ndi Kubeconfig kuti muwone gulu lomwe mungalumikizane nalo.
- Atalandira izi, zofunikira zimatanthawuza Tiller, yomwe ili mgulu lathu, ngati ntchito.
- Tiller amayitanitsa Kube-apiserver kuti achitepo kanthu ku Kubernetes, kupanga zinthu zina (ntchito, ma pod, zofananira, zinsinsi, ndi zina).
Kenako, tidzasokoneza chithunzicho kuti tiwone chowombera chomwe chimapangidwa ndi Helm yonse yonse. Ndipo tidzayesetsa kumuteteza.
Attack vector
Choyamba chotheka chofooka mfundo ndi mwayi API-wogwiritsa ntchito. Monga gawo lachiwembu, uyu ndi wobera yemwe wapeza mwayi wa admin ku Helm CLI.
Wogwiritsa ntchito API wopanda mwayi ikhozanso kuyambitsa ngozi ngati ili penapake pafupi. Wogwiritsa ntchito woteroyo adzakhala ndi chikhalidwe chosiyana, mwachitsanzo, akhoza kukhazikitsidwa mumtundu umodzi wa mayina amtundu wa Kubeconfig.
Vector yochititsa chidwi kwambiri ingakhale njira yomwe imakhala mkati mwa gulu kwinakwake pafupi ndi Tiller ndipo imatha kuyipeza. Izi zitha kukhala seva yapaintaneti kapena microservice yomwe imawona malo ochezera a gululo.
Mtundu wachilendo, koma womwe ukuchulukirachulukira, kuukira kumaphatikizapo Chart Repo. Tchati chopangidwa ndi mlembi wosakhulupirika chikhoza kukhala ndi zinthu zosatetezeka, ndipo mudzamaliza pochitenga ndi chikhulupiriro. Kapena ikhoza kulowa m'malo mwa tchati chomwe mumatsitsa kuchokera kunkhokwe yovomerezeka, mwachitsanzo, kupanga chothandizira m'njira zamalamulo ndikukulitsa mwayi wawo.
Tiyeni tiyesetse kuthana ndi zigawenga kuchokera kumbali zonse zinayi ndikuwona komwe kuli mavuto muzomangamanga za Helm, ndipo pomwe, mwina, palibe.
Tiyeni tikulitse chithunzicho, onjezerani zinthu zina, koma sungani zigawo zonse zofunika.
Helm CLI imalankhulana ndi Chart Repo, imagwirizana ndi Kubeconfig, ndipo ntchitoyo imasamutsidwa kumagulu kupita ku gawo la Tiller.
Tiller imayimiridwa ndi zinthu ziwiri:
- Tiller-deploy svc, yomwe imawonetsa ntchito inayake;
- Tiller-deploy pod (pachithunzi mu kope limodzi mu chojambula chimodzi), pomwe katundu wonse amayendetsa, omwe amafika pagulu.
Ma protocol ndi ziwembu zosiyanasiyana zimagwiritsidwa ntchito polumikizana. Kuchokera kumbali yachitetezo, tikufuna kwambiri:
- Njira yomwe Helm CLI imafikira pa chart repo: protocol, pali kutsimikizika ndi zomwe zingachitike nayo.
- Protocol yomwe Helm CLI, pogwiritsa ntchito kubectl, amalumikizana ndi Tiller. Iyi ndi seva ya RPC yoyikidwa mkati mwa gulu.
- Tiller yokha imapezeka ku ma microservices omwe amakhala mgululi ndipo amalumikizana ndi Kube-apiserver.
Tiyeni tikambirane mbali zonsezi mwadongosolo.
Mtengo wa RBAC
Palibe chifukwa cholankhula za chitetezo chilichonse cha Helm kapena ntchito ina iliyonse mkati mwa gulu pokhapokha ngati RBAC itathandizidwa.
Zikuwoneka kuti izi siziri zovomerezeka zaposachedwa, koma ndikutsimikiza kuti anthu ambiri sanathandizebe RBAC ngakhale kupanga, chifukwa ndizovuta kwambiri ndipo zinthu zambiri ziyenera kukonzedwa. Komabe, ndikukulimbikitsani kuti muchite izi.
- loya watsamba la RBAC. Lili ndi zinthu zambiri zosangalatsa zomwe zingakuthandizeni kukhazikitsa RBAC, kusonyeza chifukwa chake ndi zabwino komanso momwe mungakhalire nazo pakupanga.
Ndiyesera kufotokoza momwe Tiller ndi RBAC amagwirira ntchito. Tiller amagwira ntchito mkati mwa gulu pansi pa akaunti ina yautumiki. Nthawi zambiri, ngati RBAC sinakonzedwe, iyi idzakhala superuser. Pakusintha koyambira, Tiller adzakhala admin. Ichi ndichifukwa chake nthawi zambiri zimanenedwa kuti Tiller ndi ngalande ya SSH kumagulu anu. M'malo mwake, izi ndi zoona, kotero mutha kugwiritsa ntchito akaunti yodzipatulira yodzipatulira m'malo mwa Akaunti ya Default Service yomwe ili pamwambapa.
Mukayambitsa Helm ndikuyiyika pa seva kwa nthawi yoyamba, mutha kukhazikitsa akaunti yautumiki pogwiritsa ntchito --service-account. Izi zikuthandizani kuti mugwiritse ntchito wosuta yemwe ali ndi ufulu wochepera wofunikira. Zowona, muyenera kupanga "garland" yotere: Udindo ndi RoleBinding.
Tsoka ilo, Helm sakuchitirani izi. Inu kapena woyang'anira gulu lanu la Kubernetes muyenera kukonzekera Maudindo ndi RoleBindings pa akaunti yautumiki pasadakhale kuti mudutse Helm.
Funso limabuka - pali kusiyana kotani pakati pa Role ndi ClusterRole? Kusiyana kwake ndikuti ClusterRole imagwira ntchito m'malo onse a mayina, mosiyana ndi Maudindo anthawi zonse ndi RoleBindings, omwe amangogwira malo apadera. Mukhoza kukonza ndondomeko za gulu lonse ndi malo onse a mayina, kapena makonda amtundu uliwonse payekhapayekha.
Ndikoyenera kutchula kuti RBAC imathetsa vuto lina lalikulu. Anthu ambiri amadandaula kuti Helm, mwatsoka, si multitenancy (sikuthandizira multitenancy). Ngati magulu angapo amadya gulu ndikugwiritsa ntchito Helm, kwenikweni sizingatheke kukhazikitsa ndondomeko ndi kuchepetsa mwayi wawo mkati mwa gululi, chifukwa pali akaunti ina yautumiki yomwe Helm imayendetsa, ndipo imapanga zonse zomwe zili mgululi kuchokera pansi pake. , zomwe nthawi zina zimakhala zovuta kwambiri. Izi ndi zoona - monga fayilo ya binary yokha, monga ndondomekoyi, Helm Tiller alibe lingaliro la multitenancy.
Komabe, pali njira yabwino yomwe imakulolani kuyendetsa Tiller kangapo pamagulu. Palibe vuto ndi izi, Tiller ikhoza kukhazikitsidwa m'malo aliwonse a mayina. Chifukwa chake, mutha kugwiritsa ntchito RBAC, Kubeconfig ngati nkhani, ndikuchepetsa mwayi wopita ku Helm yapadera.
Zidzawoneka chonchi.
Mwachitsanzo, pali ma Kubeconfigs awiri okhala ndi magulu osiyanasiyana (malo awiri a mayina): Gulu la X la gulu lachitukuko ndi gulu la admin. Gulu la admin lili ndi Tiller yake yayikulu, yomwe ili mu Kube-system namespace, akaunti yotsogola yofananira. Ndipo dzina lapadera la gulu lachitukuko, adzatha kutumiza mautumiki awo kumalo apadera a mayina.
Iyi ndi njira yogwirira ntchito, Tiller sakhala ndi njala yamphamvu kotero kuti ingakhudze kwambiri bajeti yanu. Iyi ndi imodzi mwamayankho ofulumira.
Khalani omasuka kukonza Tiller padera ndikupereka Kubeconfig ndi nkhani za gululo, kwa omanga enieni kapena chilengedwe: Dev, Staging, Production (ndizokayikitsa kuti chirichonse chidzakhala pa gulu lomwelo, komabe, izi zikhoza kuchitika).
Kupitiliza nkhani yathu, tiyeni tichoke ku RBAC ndikulankhula za ConfigMaps.
ConfigMaps
Helm imagwiritsa ntchito ConfigMaps ngati sitolo yake ya data. Pamene tinkakambirana za zomangamanga, panalibe deta kulikonse komwe kungasunge zambiri zokhudza kutulutsidwa, masanjidwe, ma rollbacks, ndi zina zotero. ConfigMaps imagwiritsidwa ntchito pa izi.
Vuto lalikulu ndi ConfigMaps limadziwika - ndizosatetezeka kwenikweni; n'zosatheka kusunga deta tcheru. Tikukamba za chirichonse chomwe sichiyenera kupitirira utumiki, mwachitsanzo, mawu achinsinsi. Njira yodziwika bwino ya Helm pakali pano ndikusintha kuchoka ku ConfigMaps kupita ku zinsinsi.
Izi zimachitika mosavuta. Sonyezani zoikamo za Tiller ndipo tchulani kuti zosungirako zidzakhala zinsinsi. Ndiye pakutumiza kulikonse simudzalandira ConfigMap, koma chinsinsi.
Mutha kutsutsa kuti zinsinsi zokha ndi lingaliro lachilendo komanso losatetezeka kwambiri. Komabe, ndikofunikira kumvetsetsa kuti opanga Kubernetes nawonso akuchita izi. Kuyambira pa mtundu 1.10, i.e. Kwa nthawi ndithu tsopano, zakhala zotheka, osachepera mu mitambo ya anthu, kulumikiza kusungirako koyenera kusunga zinsinsi. Gululi tsopano likukonzekera njira zogawira bwino zinsinsi, ma pod, kapena mabungwe ena.
Ndi bwino kusamutsa Helm Storage ku zinsinsi, ndipo iwonso, amatetezedwa chapakati.
Ndithudi izo zidzakhalapo malire osungira deta ndi 1 MB. Helm pano imagwiritsa ntchito etcd ngati malo osungidwa a ConfigMaps. Ndipo pamenepo adawona kuti iyi inali chiwongolero choyenera cha data kubwereza, ndi zina. Pali zokambirana zosangalatsa za izi pa Reddit, ndikupangira kupeza zowerengera zoseketsa izi kumapeto kwa sabata kapena kuwerenga zomwe zatulutsidwa .
Ma chart Repos
Ma chart ndi omwe ali pachiwopsezo kwambiri pagulu ndipo amatha kukhala gwero la "Munthu wapakati", makamaka ngati mugwiritsa ntchito njira yothetsera masheya. Choyamba, tikulankhula za nkhokwe zomwe zimawululidwa kudzera pa HTTP.
Muyenera kuwulula Helm Repo pa HTTPS - iyi ndiye njira yabwino kwambiri komanso yotsika mtengo.
Samalani tchati signature makina. Ukadaulo ndi wosavuta ngati gehena. Izi ndi zomwe mumagwiritsa ntchito pa GitHub, makina okhazikika a PGP okhala ndi makiyi apagulu ndi achinsinsi. Konzani ndikutsimikiza, kukhala ndi makiyi ofunikira ndikusaina chilichonse, kuti iyi ndiye tchati chanu.
Komanso, Helm kasitomala amathandizira TLS (osati kumbali ya HTTP ya seva, koma TLS yogwirizana). Mutha kugwiritsa ntchito makiyi a seva ndi kasitomala kuti mulankhule. Kunena zowona, sindigwiritsa ntchito njira yotere chifukwa sindimakonda ziphaso zolumikizana. Kwenikweni, - chida chachikulu chokhazikitsa Helm Repo ya Helm 2 - imathandizanso auth yoyambira. Mutha kugwiritsa ntchito auth yoyambira ngati ndiyosavuta komanso yopanda phokoso.
Palinso pulogalamu yowonjezera , zomwe zimakulolani kuti mulandire Chart Repos pa Google Cloud Storage. Izi ndizosavuta, zimagwira ntchito bwino komanso ndizotetezeka, chifukwa njira zonse zomwe zafotokozedwazo zimasinthidwanso.
Ngati mutsegula HTTPS kapena TLS, gwiritsani ntchito mTLS, ndikuthandizira auth yoyambira kuti muchepetse zoopsa, mupeza njira yolumikizirana yotetezeka ndi Helm CLI ndi Chart Repo.
gRPC API
Gawo lotsatira ndilofunika kwambiri - kuteteza Tiller, yomwe ili m'gululi ndipo, kumbali imodzi, seva, kumbali ina, imapeza zigawo zina ndikuyesera kudziyesa ngati munthu.
Monga ndanenera kale, Tiller ndi ntchito yomwe imawulula gRPC, kasitomala wa Helm amabwera kudzera pa gRPC. Mwachikhazikitso, zachidziwikire, TLS ndiyoyimitsidwa. Chifukwa chiyani izi zidachitika ndi funso lokangana, zikuwoneka kuti ndizosavuta kukhazikitsa poyambira.
Pakupanga komanso ngakhale masitepe, ndikupangira kuthandizira TLS pa gRPC.
M'malingaliro anga, mosiyana ndi mTLS ya ma chart, izi ndizoyenera pano ndipo zimachitika mophweka - pangani maziko a PQI, pangani satifiketi, yambitsani Tiller, sinthani satifiketi pakuyambitsa. Pambuyo pa izi, mutha kutsata malamulo onse a Helm, kudziwonetsera nokha ndi satifiketi yopangidwa ndi kiyi yachinsinsi.
Mwanjira iyi mudzadziteteza ku zopempha zonse kwa Tiller kuchokera kunja kwa tsango.
Chifukwa chake, tateteza njira yolumikizira ku Tiller, takambirana kale RBAC ndikusintha ufulu wa Kubernetes apiserver, kuchepetsa dera lomwe lingagwirizane nalo.
Helm Wotetezedwa
Tiyeni tiwone chithunzi chomaliza. Ndi zomanga zomwezo ndi mivi yomweyo.
Malumikizidwe onse tsopano atha kukokedwa bwino ndi zobiriwira:
- pa Chart Repo timagwiritsa ntchito TLS kapena mTLS ndi maziko auth;
- mTLS ya Tiller, ndipo imawululidwa ngati ntchito ya gRPC yokhala ndi TLS, timagwiritsa ntchito ziphaso;
- gululi limagwiritsa ntchito akaunti yapadera yothandizira ndi Role ndi RoleBinding.
Tateteza kwambiri gululi, koma wina wanzeru adati:
"Pangakhale njira imodzi yokha yotetezeka - kompyuta yozimitsa, yomwe ili m'bokosi la konkire ndipo imayang'aniridwa ndi asitikali."
Pali njira zosiyanasiyana zosinthira deta ndikupeza ma vector atsopano. Komabe, ndili ndi chidaliro kuti malingalirowa akwaniritsa zofunikira zachitetezo chamakampani.
Bonasi
Gawoli silikugwirizana mwachindunji ndi chitetezo, komanso lidzakhala lothandiza. Ndikuwonetsani zinthu zosangalatsa zomwe anthu ochepa amadziwa. Mwachitsanzo, momwe mungafufuzire ma chart - ovomerezeka komanso osavomerezeka.
M'nkhokwe Tsopano pali ma chart pafupifupi 300 ndi mitsinje iwiri: yokhazikika ndi chofungatira. Aliyense amene amathandizira amadziwa bwino momwe zimavutira kuchoka pa chofungatira kupita ku khola, komanso momwe zimakhalira zosavuta kuwuluka popanda khola. Komabe, ichi si chida chabwino kwambiri chofufuzira ma chart a Prometheus ndi china chilichonse chomwe mungafune, pazifukwa zophweka - si malo omwe mungafufuze mosavuta phukusi.
Koma pali utumiki , zomwe zimapangitsa kuti zikhale zosavuta kupeza ma chart. Chofunika kwambiri, pali zosungirako zambiri zakunja ndi zithumwa pafupifupi 800 zomwe zilipo. Kuphatikiza apo, mutha kulumikiza chosungira chanu ngati pazifukwa zina simukufuna kutumiza ma chart anu kuti akhale okhazikika.
Yesani hub.helm.sh ndipo tiyeni tipange limodzi. Ntchitoyi ili pansi pa polojekiti ya Helm, ndipo mutha kuthandizira ku UI yake ngati ndinu oyambitsa kutsogolo ndikungofuna kukonza mawonekedwe.
Ndikufunanso kukuwonetsani chidwi chanu Open Service Broker API kuphatikiza. Zikumveka zovuta komanso zosadziwika bwino, koma zimathetsa mavuto omwe aliyense amakumana nawo. Ndiloleni ndifotokoze ndi chitsanzo chosavuta.
Pali gulu la Kubernetes momwe tikufuna kuyendetsa pulogalamu yapamwamba - WordPress. Nthawi zambiri, database imafunika kuti igwire ntchito zonse. Pali mayankho ambiri osiyanasiyana, mwachitsanzo, mutha kuyambitsa ntchito yanu yokhazikika. Izi sizothandiza kwambiri, koma anthu ambiri amachita.
Ena, monga ife ku Chainstack, amagwiritsa ntchito nkhokwe zosungidwa monga MySQL kapena PostgreSQL pa maseva awo. Ichi ndichifukwa chake ma database athu ali kwinakwake mumtambo.
Koma pali vuto: tiyenera kulumikiza ntchito yathu ndi nkhokwe, kupanga kukoma kwa database, kusamutsa zidziwitso ndikuwongolera mwanjira ina. Zonsezi zimachitika pamanja ndi woyang'anira dongosolo kapena wopanga mapulogalamu. Ndipo palibe vuto ngati pali ochepa ntchito. Pamene pali zambiri, muyenera kuphatikiza. Pali chokolola chotere - ndi Service Broker. Zimakulolani kuti mugwiritse ntchito plugin yapadera pagulu lamtambo la anthu ndikuyitanitsa zothandizira kuchokera kwa wothandizira kudzera pa Broker, ngati kuti ndi API. Kuti muchite izi, mutha kugwiritsa ntchito zida zakubadwa za Kubernetes.
Ndi zophweka kwambiri. Mutha kufunsa, mwachitsanzo, Managed MySQL ku Azure ndi gawo loyambira (izi zitha kukhazikitsidwa). Pogwiritsa ntchito Azure API, nkhokweyo idzapangidwa ndikukonzekera kugwiritsidwa ntchito. Simuyenera kusokoneza izi, pulogalamu yowonjezera ili ndi udindo pa izi. Mwachitsanzo, OSBA (plugin ya Azure) idzabwezeretsanso mbiri yautumiki ndikuupereka ku Helm. Mudzatha kugwiritsa ntchito WordPress ndi MySQL yamtambo, osathana ndi nkhokwe zoyendetsedwa konse komanso osadandaula ndi ntchito zanthawi zonse mkati.
Titha kunena kuti Helm imagwira ntchito ngati guluu lomwe, kumbali imodzi, limakupatsani mwayi wotumiza mautumiki, ndipo kwina, kumawononga chuma chaopereka mtambo.
Mutha kulemba pulogalamu yowonjezera yanu ndikugwiritsa ntchito nkhani yonseyi poyambira. Kenako mudzakhala ndi pulogalamu yowonjezera yanu yamakampani a Cloud. Ndikupangira kuyesa njira iyi, makamaka ngati muli ndi sikelo yayikulu ndipo mukufuna kutumiza mwachangu dev, masitepe, kapena zida zonse zamawonekedwe. Izi zipangitsa moyo kukhala wosavuta pantchito zanu kapena DevOps.
Kupeza kwina komwe ndatchula kale ndiko helm-gcs pulogalamu yowonjezera, zomwe zimakulolani kugwiritsa ntchito ndowa za Google (chinthu chosungira) kusunga ma chart a Helm.
Mungofunika malamulo anayi kuti muyambe kugwiritsa ntchito:
- kukhazikitsa pulogalamu yowonjezera;
- yambitsani;
- ikani njira yopita ku chidebe, chomwe chili mu gcp;
- kusindikiza ma chart m'njira yokhazikika.
Ubwino wake ndikuti njira ya gcp idzagwiritsidwa ntchito pakuvomerezeka. Mutha kugwiritsa ntchito akaunti yautumiki, akaunti yamapulogalamu, chilichonse chomwe mungafune. Ndi yabwino kwambiri ndipo si ndalama kanthu ntchito. Ngati inu, monga ine, mumalimbikitsa filosofi ya opsless, ndiye kuti izi zidzakhala zosavuta, makamaka kwa magulu ang'onoang'ono.
Njira zina
Helm si njira yokhayo yoyendetsera ntchito. Pali mafunso ambiri okhudza izi, mwina chifukwa chake buku lachitatu lidawonekera mwachangu. Inde pali njira zina.
Izi zitha kukhala mayankho apadera, mwachitsanzo, Ksonnet kapena Metaparticle. Mutha kugwiritsa ntchito zida zanu zakale zowongolera zomangamanga (Ansible, Terraform, Chef, etc.) pazolinga zomwe ndidalankhula.
Pomaliza pali yankho , amene kutchuka kwawo kukukulirakulira.
Operator Framework ndiye njira yabwino kwambiri ya Helm yomwe mungaganizire.
Ndiwochokera ku CNCF ndi Kubernetes, koma chotchinga cholowa ndi chachikulu kwambiri, muyenera kupanga zambiri ndikufotokozera ziwonetsero zochepa.
Pali ma addons osiyanasiyana, monga Draft, Scaffold. Amapangitsa moyo kukhala wosavuta, mwachitsanzo, amathandizira kutumiza ndi kuyambitsa Helm kwa opanga kuti atumize malo oyesera. Ndikhoza kuwatcha opatsa mphamvu.
Nayi tchati chowonera pomwe chilichonse chili.
Pa x-axis pali mulingo wakuwongolera kwanu pazomwe zikuchitika, pa y-axis pali mulingo wakubadwa kwa Kubernetes. Helm version 2 imagwera penapake pakati. Mu mtundu 3, osati mokulirapo, koma kuwongolera komanso kuchuluka kwa mbadwa zasinthidwa. Mayankho pa mlingo wa Ksonnet akadali otsika ngakhale Helm 2. Komabe, akuyenera kuyang'ana kuti adziwe zomwe zili padziko lapansi. Zachidziwikire, woyang'anira masinthidwe anu azikhala pansi paulamuliro wanu, koma siwochokera ku Kubernetes.
The Operator Framework ndiyomwe idabadwira Kubernetes ndipo imakupatsani mwayi wowongolera bwino kwambiri komanso mosamala (koma kumbukirani za gawo lolowera). M'malo mwake, izi ndizoyenera kugwiritsa ntchito mwapadera komanso kupanga kasamalidwe kake, m'malo mokolola zambiri kuti zisungidwe ntchito zambiri pogwiritsa ntchito Helm.
Owonjezera amangowongolera kuwongolera pang'ono, kumathandizira kayendedwe kantchito, kapena kudula ngodya pamapaipi a CI/CD.
Tsogolo la Helm
Nkhani yabwino ndiyakuti Helm 3 ikubwera. Mtundu wa alpha wa Helm 3.0.0-alpha.2 watulutsidwa kale, mutha kuyesa. Ndizokhazikika, koma magwiridwe antchito akadali ochepa.
Chifukwa chiyani mukufunikira Helm 3? Choyamba, iyi ndi nkhani ya kusowa kwa Tiller, monga gawo. Izi, monga momwe mukudziwira kale, ndi sitepe yaikulu kwambiri, chifukwa pakuwona chitetezo cha zomangamanga, zonse zimakhala zosavuta.
Pamene Helm 2 idapangidwa, yomwe inali nthawi ya Kubernetes 1.8 kapena ngakhale kale, malingaliro ambiri anali osakhwima. Mwachitsanzo, lingaliro la CRD tsopano likuyendetsedwa mwachangu, ndipo Helm atero gwiritsani ntchito CRDkusunga zomanga. Zidzakhala zotheka kugwiritsa ntchito kasitomala yekha osati kusunga gawo la seva. Chifukwa chake, gwiritsani ntchito malamulo aku Kubernetes kuti mugwire ntchito ndi zomanga ndi zothandizira. Ichi ndi sitepe yaikulu patsogolo.
Ziwoneka kuthandizira nkhokwe zakomweko za OCI (Open Container Initiative). Ichi ndi chochita chachikulu, ndipo Helm ali ndi chidwi makamaka kuti atumize ma chart ake. Zimafika poti, mwachitsanzo, Docker Hub imathandizira miyezo yambiri ya OCI. Sindikulingalira, koma mwina operekera zakale a Docker ayamba kukupatsani mwayi wokhala ndi ma chart awo a Helm.
Nkhani yotsutsana kwa ine ndi Lua thandizo, ngati injini yoyeserera polemba zolemba. Sindine wokonda kwambiri Lua, koma ichi chingakhale chosankha. Ndinayang'ana izi katatu - kugwiritsa ntchito Lua sikudzakhala kofunikira. Chifukwa chake, omwe akufuna kugwiritsa ntchito Lua, omwe amakonda Go, alowa nawo msasa wathu waukulu ndikugwiritsa ntchito go-tmpl pa izi.
Pomalizira pake, chimene ndinali kusoΕ΅a chinali kuwonekera kwa schema ndi kutsimikizika kwa mtundu wa data. Sipadzakhalanso mavuto ndi int kapena chingwe, palibe chifukwa chokulunga ziro pamawu awiri. Dongosolo la JSONS lidzawoneka lomwe limakupatsani mwayi wofotokozera izi momveka bwino.
Zasinthidwa kwambiri chitsanzo choyendetsedwa ndi zochitika. Zafotokozedwa kale mwamalingaliro. Yang'anani pa nthambi ya Helm 3, ndipo muwona kuchuluka kwa zochitika ndi mbedza ndi zinthu zina zomwe zawonjezeredwa, zomwe zidzakuthandizani kwambiri ndipo, kumbali ina, kuwonjezera kulamulira njira zotumizira ndi machitidwe kwa iwo.
Helm 3 idzakhala yosavuta, yotetezeka, komanso yosangalatsa, osati chifukwa sitikonda Helm 2, koma chifukwa Kubernetes ikupita patsogolo. Chifukwa chake, Helm imatha kugwiritsa ntchito chitukuko cha Kubernetes ndikupanga oyang'anira abwino a Kubernetes pamenepo.
Nkhani ina yabwino ndi imeneyo Alexander Khayorov adzakuuzani, Tiyeni tikukumbutseni kuti msonkhano wokhudzana ndi kuphatikizika kwa chitukuko, kuyesa ndi ntchito zidzachitikira ku Moscow September 30 ndi October 1. Mutha kuchitabe mpaka pa Ogasiti 20 ndipo tiuzeni zomwe mwakumana nazo ndi yankho ntchito za njira ya DevOps.
Tsatirani malo oyendera misonkhano ndi nkhani pa ΠΈ .
Source: www.habr.com