Nchiyani chinayamba - nkhuku kapena dzira? Kuyamba kodabwitsa kwa nkhani yokhudza Infrastructure-as-Code, sichoncho?
Kodi dzira ndi chiyani?
Nthawi zambiri, Infrastructure-as-Code (IaC) ndi njira yowonetsera yoyimira zomangamanga. M'menemo timafotokozera za chikhalidwe chomwe tikufuna kukwaniritsa, kuyambira ku gawo la hardware ndikutha ndi kasinthidwe ka mapulogalamu. Chifukwa chake, IaC imagwiritsidwa ntchito:
- Kupereka Zothandizira. Izi ndi ma VM, S3, VPC, ndi zina. Zida zoyambira zogwirira ntchito: ΠΈ .
- . Zida zoyambira: , Chef, etc.
Khodi iliyonse ili mu git repositories. Ndipo posakhalitsa mtsogoleri wa gulu adzasankha kuti akuyenera kukhazikitsidwa. Ndipo adzasintha. Ndipo idzapanga dongosolo lina. Ndipo adzaona kuti zimenezi nβzabwino.
Ndibwinonso kuti ilipo kale ΠΈ -provider wa Terraform (ndipo iyi ndi Software Configuration). Ndi chithandizo chawo, mutha kuyang'anira polojekiti yonse: mamembala amagulu, CI/CD, git-flow, etc.
Kodi dziralo linachokera kuti?
Kotero ife tikuyandikira pang'onopang'ono funso lalikulu.
Choyamba, muyenera kuyamba ndi chosungira chomwe chimafotokoza kapangidwe ka nkhokwe zina, kuphatikiza inuyo. Ndipo, monga gawo la GitOps, muyenera kuwonjezera CI kuti zosintha zizichitika zokha.
Ngati Git sanapangidwebe?
- Momwe mungasungire ku Git?
- Kodi kukhazikitsa CI?
- Ngati titumizanso Gitlab pogwiritsa ntchito IaC, komanso ku Kubernetes?
- Ndipo GitLab Runner nawonso ku Kubernetes?
- Nanga bwanji Kubernetes mu opereka mtambo?
Chimene chinabwera choyamba ndi chiyani: GitLab komwe ndiyika khodi yanga, kapena code yomwe ikufotokoza mtundu wa GitLab yomwe ndikufuna?
Nkhuku ndi mazira
Β«3 ndi dinosaur" []
Tiyeni tiyese kuphika mbale pogwiritsa ntchito mtambo wothandizira .
TL; DR
Kodi ndizotheka kujowina timu imodzi nthawi imodzi?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashZosakaniza:
- Akaunti kuchokera my.selectel.ru;
- Chizindikiro cha akaunti;
- Maluso a Kubernetes;
- Maluso a Helm;
- Maluso a Terraform;
- Helm chart GitLab;
- Chithunzi cha Helm GitLab Runner.
Chinsinsi:
- Pezani MY_SELECTEL_TOKEN kuchokera pagulu my.selectel.ru.
- Pangani gulu la Kubernetes posamutsira chizindikiro cha akaunti.
- Pezani KUBECONFIG kuchokera pagulu lopangidwa.
- Ikani GitLab pa Kubernetes.
- Pezani chizindikiro cha GitLab kuchokera ku GitLab chopangidwira ogwiritsa ntchito muzu.
- Pangani dongosolo la projekiti ku GitLab pogwiritsa ntchito chizindikiro cha GitLab.
- Kankhani nambala yomwe ilipo ku GitLab.
- ???
- Phindu!
mwatsatane 1. Chizindikiro chikhoza kupezeka mu gawoli .
mwatsatane 2. Timakonzekera Terraform yathu "kuphika" gulu la node 2. Ngati mukutsimikiza kuti muli ndi zothandizira zokwanira chilichonse, ndiye kuti mutha kuloleza ma auto quotas:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Onjezani wogwiritsa ntchito:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Zotulutsa:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Timakhazikitsa:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
mwatsatane 3. Timapeza cubeconfig.
Kuti mutsitse mwadongosolo KUBECONFIG, muyenera kupeza chizindikiro kuchokera ku OpenStack:
openstack token issue -c id -f value > tokenNdipo ndi chizindikiro ichi pangani pempho kwa Managed Kubernetes Selectel API. k8s_id nkhani terraform:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlCupconfig imatha kupezekanso kudzera pagulu.
mwatsatane 4. Tsango likaphikidwa ndipo titha kulipeza, titha kuwonjezera yaml pamwamba kuti tilawe.
Ndikufuna kuwonjezera:
- malo a mayina
- kalasi yosungirako
- pod chitetezo ndondomeko ndi zina zotero.
kwa Selectel ikhoza kutengedwa kuchokera .
Kuyambira pachiyambi ndinasankha tsango mu zone ndi 3a, ndiye ndikufunika Kalasi Yosungirako kuchokera kuderali.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: truemwatsatane 5. Ikani chosungira katundu.
Tidzagwiritsa ntchito muyezo kwa ambiri ndinx-ingress. Pali kale malangizo ambiri oyikapo, kotero sitikhalabe pamenepo.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlTimadikirira kuti ilandire IP yakunja kwa mphindi 3-4:
Adalandila akunja akunja:
mwatsatane 6. Ikani GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Apanso timadikirira kuti makoko onse adzuke.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Mitundu ya rose:
mwatsatane 7. Timalandila chizindikiro cha GitLab.
Choyamba, pezani mawu achinsinsi olowera:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeTsopano tiyeni tilowe ndikupeza chizindikiro:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.iomwatsatane 8. Kubweretsa zosungira za Git kumalo oyenerera pogwiritsa ntchito Gitlab Provider.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileTsoka ilo, wopereka terraform GitLab ali ndi choyandama . Kenako muyenera kuchotsa ntchito zosemphana pamanja kuti tf.state ikonzedwe. Kenako yesaninso lamulo la `$make all`
mwatsatane 9. Timasamutsa nkhokwe zakomweko ku seva.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)Zachitika:
Pomaliza
Takwanitsa kuti titha kuyang'anira chilichonse momveka bwino kuchokera pamakina athu am'deralo. Tsopano ndikufuna kusamutsa ntchito zonsezi ku CI ndikungodina mabatani. Kuti tichite izi, tifunika kusamutsa madera athu amderali (Terraform state) kupita ku CI. Momwe mungachitire izi ndi gawo lotsatira.
Lembani ku wathu kuti musaphonye kutulutsidwa kwa nkhani zatsopano!
Source: www.habr.com