Vuto lakuyeretsa "mwanzeru" pazithunzi za chidebe ndi yankho lake mu werf

Nkhaniyi ikufotokoza za zovuta zotsuka zithunzi zomwe zimachulukana m'mabuku olembera (Docker Registry ndi ma analogues ake) mu zenizeni zamapaipi amakono a CI / CD a mapulogalamu amtundu wamtambo omwe amaperekedwa ku Kubernetes. Njira zazikulu zokhuza kufunikira kwa zithunzi ndi zovuta zomwe zimatsatira pakuyeretsa makina, kusunga malo ndikukwaniritsa zosowa zamagulu zimaperekedwa. Pomaliza, pogwiritsa ntchito chitsanzo cha pulojekiti inayake ya Open Source, tidzakuuzani momwe zovutazi zingagonjetsedwe.

Mau oyamba

Chiwerengero cha zithunzi mu kaundula chidebe akhoza kukula mofulumira, kutenga malo osungira zambiri ndipo motero kwambiri kuwonjezera mtengo wake. Kuwongolera, kuchepetsa kapena kusunga kukula kovomerezeka kwa malo omwe amakhala mu registry, amavomerezedwa:

1. gwiritsani ntchito ma tag okhazikika pazithunzi;
2. yeretsani zithunzizo mwanjira ina.

Kuletsa koyamba nthawi zina kumakhala kovomerezeka kwa magulu ang'onoang'ono. Ngati opanga ali ndi ma tag okwanira okhazikika (latest, main, test, boris etc.), kaundula sadzatupa kukula ndipo kwa nthawi yaitali simudzayenera kuganiza zoyeretsa konse. Kupatula apo, zithunzi zonse zopanda ntchito zimafufutidwa, ndipo palibe ntchito yotsala yotsuka (zonse zimachitidwa ndi wotolera zinyalala nthawi zonse).

Komabe, njirayi imachepetsa kwambiri chitukuko ndipo sichigwira ntchito kawirikawiri kumapulojekiti amakono a CI/CD. Mbali yofunika kwambiri ya chitukuko inali zochita zokha, zomwe zimakulolani kuyesa, kutumiza ndi kutumiza zatsopano kwa ogwiritsa ntchito mofulumira kwambiri. Mwachitsanzo, m'mapulojekiti athu onse, payipi ya CI imapangidwa yokha ndikudzipereka kulikonse. Mmenemo, chithunzicho chimasonkhanitsidwa, kuyesedwa, kuthamangitsidwa ku maulendo osiyanasiyana a Kubernetes kuti athetse zolakwika ndi macheke otsala, ndipo ngati zonse zili bwino, zosinthazo zimafika kwa wogwiritsa ntchito. Ndipo iyi sichirinso sayansi ya rocket, koma zochitika za tsiku ndi tsiku kwa ambiri - makamaka kwa inu, popeza mukuwerenga nkhaniyi.

Popeza kukonza nsikidzi ndi kupanga magwiridwe antchito atsopano kumachitika mofananira, ndipo kutulutsa kumatha kuchitidwa kangapo patsiku, zikuwonekeratu kuti chitukukochi chimatsagana ndi kuchuluka kwazinthu, zomwe zikutanthauza. zithunzi zambiri mu registry. Zotsatira zake, nkhani yokonzekera kuyeretsa bwino kwa registry imachokera, i.e. kuchotsa zithunzi zosafunika.

Koma mumadziwa bwanji ngati chithunzi chili choyenera?

Zoyimira pakufunika kwa chithunzichi

Nthawi zambiri, njira zazikuluzikulu zidzakhala:

1. Choyamba (chowonekera kwambiri komanso chotsutsa kwambiri) ndi zithunzi zomwe amagwiritsidwa ntchito pano Kubernetes. Kuchotsa zithunzizi kungapangitse kuti pakhale ndalama zambiri zochepetsera nthawi yopangira (mwachitsanzo, zithunzizo zitha kufunikira kuti zibwerezedwe) kapena kunyalanyaza zoyesayesa za gululo kuthana ndi malupu aliwonse. (Pachifukwa ichi tidapanganso chapadera Prometheus wogulitsa kunja, yomwe imatsata kusakhalapo kwa zithunzi zotere mgulu lililonse la Kubernetes.)

2. Chachiwiri (chosawonekeratu, komanso chofunikira kwambiri komanso chikugwirizananso ndi kugwiritsira ntchito) - zithunzi zomwe zofunikira pakubweza ngati muwona zovuta zazikulu mu mtundu wamakono. Mwachitsanzo, pankhani ya Helm, izi ndi zithunzi zomwe zimagwiritsidwa ntchito m'mitundu yosungidwa yotulutsidwa. (Mwa njira, mwachisawawa mu Helm malire ndi kukonzanso 256, koma sizingatheke kuti aliyense afunika kupulumutsa izi Mabaibulo ambiri? "bwererani" kwa iwo ngati kuli kofunikira.

3. Chachitatu - Zofuna mapulogalamu: Zithunzi zonse zomwe zikugwirizana ndi ntchito yawo yamakono. Mwachitsanzo, ngati tikuganiza za PR, ndiye kuti ndizomveka kusiya chithunzi chofanana ndi zomwe tachita kale, tinene, zomwe zidachitika kale: mwanjira iyi wopanga akhoza kubwereranso kuntchito iliyonse ndikugwira ntchito ndi zosintha zaposachedwa.

4. Chachinayi - zithunzi zomwe zimagwirizana ndi mitundu ya pulogalamu yathu,ndi. ndizo zomaliza: v1.0.0, 20.04.01/XNUMX/XNUMX, sierra, etc.

NB: Njira zomwe zafotokozedwa apa zidapangidwa kutengera zomwe zidachitika ndi magulu ambiri achitukuko ochokera kumakampani osiyanasiyana. Komabe, zowonadi, malingana ndi zomwe zimachitika pa chitukuko ndi zomangamanga zomwe zimagwiritsidwa ntchito (mwachitsanzo, Kubernetes sikugwiritsidwa ntchito), izi zikhoza kusiyana.

Kuyenerera ndi mayankho omwe alipo

Ntchito zodziwika bwino zokhala ndi zolembera zotengera, monga lamulo, zimapereka malingaliro awo oyeretsera zithunzi: momwemo mutha kufotokozera momwe tag imachotsedwa pa registry. Komabe, mikhalidwe iyi imachepetsedwa ndi magawo monga mayina, nthawi yolenga, ndi kuchuluka kwa ma tag*.

* Zimatengera kukhazikitsidwa kwa kaundula wa ziwiya zina. Tidawona kuthekera kwa mayankho awa: Azure CR, Docker Hub, ECR, GCR, GitHub Packages, GitLab Container Registry, Harbour Registry, JFrog Artifactory, Quay.io - kuyambira Seputembala'2020.

Izi za magawo ndizokwanira kukwaniritsa muyeso wachinayi - ndiko kuti, kusankha zithunzi zomwe zimagwirizana ndi matembenuzidwewo. Komabe, pazinthu zina zonse, munthu ayenera kusankha njira yothetsera vuto (lolimba kapena, mosiyana, ndondomeko yochepetsetsa) - malingana ndi ziyembekezo ndi mphamvu zachuma.

Mwachitsanzo, muyeso wachitatu - wokhudzana ndi zosowa za omanga - ukhoza kuthetsedwa mwa kukonza ndondomeko mkati mwa magulu: kutchula mayina enieni a zithunzi, kusunga mndandanda wapadera wololeza ndi mapangano amkati. Koma pamapeto pake ikufunikabe kukhala ndi makina. Ndipo ngati kuthekera kwa mayankho okonzeka sikukwanira, muyenera kuchita nokha.

Zomwe zili ndi njira ziwiri zoyambirira ndizofanana: sangathe kukhutitsidwa popanda kulandira deta kuchokera ku dongosolo lakunja - lomwe mapulogalamu amatumizidwa (kwa ife, Kubernetes).

Chiwonetsero cha kayendedwe ka ntchito mu Git

Tiyerekeze kuti mukugwira ntchito motere ku Git:

Chizindikiro chokhala ndi mutu pachithunzichi chikuwonetsa zithunzi za chidebe zomwe zatumizidwa ku Kubernetes kwa ogwiritsa ntchito aliwonse (ogwiritsa ntchito, oyesa, oyang'anira, ndi zina zambiri) kapena amagwiritsidwa ntchito ndi omanga pakuchotsa zolakwika ndi zolinga zofanana.

Kodi chimachitika ndi chiyani ngati malamulo oyeretsa angolola kuti zithunzi zisungidwe (osachotsedwa) ndi mayina opatsidwa?

Mwachionekere, zochitika zoterozo sizingasangalatse aliyense.

Kodi chidzasintha chiyani ngati malamulo alola kuti zithunzi zisachotsedwe? molingana ndi nthawi yopatsidwa / kuchuluka kwa zochita zomaliza?

Zotsatira zake zakhala zabwino kwambiri, koma akadali kutali kwambiri. Kupatula apo, tikadali ndi opanga omwe amafunikira zithunzi mu registry (kapena zoyikidwa mu K8s) kuti athetse zolakwika ...

Kufotokozera mwachidule zomwe zikuchitika pamsika: ntchito zomwe zimapezeka m'mabuku osungiramo zinthu sizimapereka kusinthasintha kokwanira poyeretsa, ndipo chifukwa chachikulu cha izi ndi palibe njira yolumikizirana ndi dziko lakunja. Zikuoneka kuti magulu omwe amafunikira kusinthasintha koteroko amakakamizika kuti agwiritse ntchito kuchotsa zithunzi "kuchokera kunja", pogwiritsa ntchito Docker Registry API (kapena API yachibadwidwe ya kukhazikitsidwa kofanana).

Komabe, tinali kuyang'ana njira yapadziko lonse lapansi yomwe ingapangitse kuyeretsa zithunzi kwa magulu osiyanasiyana pogwiritsa ntchito zolembera zosiyanasiyana...

Njira yathu yoyeretsera zithunzi zonse

Kodi chosowa chimenechi chimachokera kuti? Chowonadi ndi chakuti sitili gulu losiyana la omanga, koma gulu lomwe limatumikira ambiri a iwo nthawi imodzi, kuthandiza kuthetsa bwinobwino nkhani za CI/CD. Ndipo chida chachikulu chaukadaulo cha izi ndi Open Source utility werf. Chodabwitsa chake ndi chakuti sichimagwira ntchito imodzi, koma imatsagana ndi njira zoperekera mosalekeza pazigawo zonse: kuchokera ku msonkhano mpaka kutumizidwa.

Kusindikiza zithunzi ku registry * (nthawi yomweyo zitamangidwa) ndi ntchito yodziwikiratu ya zofunikira zotere. Ndipo popeza zithunzizo zimayikidwa pamenepo kuti zisungidwe, ndiye - ngati kusungirako kwanu kulibe malire - muyenera kukhala ndi udindo woyeretsa pambuyo pake. Momwe tidapindulira mu izi, kukwaniritsa zofunikira zonse zomwe zafotokozedwa, tidzakambitsirana mopitilira.

* Ngakhale ma registry omwewo angakhale osiyana (Docker Registry, GitLab Container Registry, Harbor, etc.), ogwiritsa ntchito amakumana ndi mavuto omwewo. Yankho lachilengedwe chonse mwa ife silidalira kukhazikitsidwa kwa registry, chifukwa imayendera kunja kwa zolembera zokha ndipo imapereka machitidwe omwewo kwa aliyense.

Ngakhale tikugwiritsa ntchito werf ngati chitsanzo chokhazikitsa, tikukhulupirira kuti njira zomwe zikugwiritsidwa ntchito zithandizanso magulu ena omwe akukumana ndi zovuta zomwezi.

Choncho tinatanganidwa kunja kukhazikitsa njira yoyeretsera zithunzi - m'malo mwa zomwe zidapangidwa kale m'ma registries a zotengera. Gawo loyamba linali kugwiritsa ntchito Docker Registry API kupanga mfundo zakale zomwezo za kuchuluka kwa ma tag ndi nthawi yomwe adalengedwa (zotchulidwa pamwambapa). Zowonjezeredwa kwa iwo lolani mndandanda kutengera zithunzi zomwe zagwiritsidwa ntchito,ndi. Kubernetes. Kwa omaliza, kunali kokwanira kugwiritsa ntchito Kubernetes API kubwereza kudzera pazinthu zonse zomwe zatumizidwa ndikupeza mndandanda wazinthu. image.

Yankho laling'onoli linathetsa vuto lalikulu kwambiri (chiwerengero No. 1), koma chinali chiyambi chabe cha ulendo wathu wokonza makina oyeretsera. Chotsatira - komanso chochititsa chidwi kwambiri - chinali chisankho Gwirizanitsani zithunzi zosindikizidwa ndi mbiri ya Git.

Ma tagging scheme

Poyamba, tinasankha njira yomwe chithunzi chomaliza chiyenera kusungiramo zofunikira zoyeretsera, ndikumanga ndondomeko pamakina olembera. Posindikiza chithunzi, wogwiritsa ntchitoyo adasankha njira yoti alembe (git-branch, git-commit kapena git-tag) ndipo adagwiritsa ntchito mtengo womwewo. M'makina a CI, izi zidakhazikitsidwa zokha kutengera kusiyanasiyana kwa chilengedwe. Pamenepo chithunzi chomaliza chinali cholumikizidwa ndi choyambirira cha Git, kusunga deta yofunikira yoyeretsa m'malebulo.

Njirayi idapangitsa kuti pakhale ndondomeko zomwe zidalola Git kugwiritsidwa ntchito ngati gwero limodzi lachowonadi:

• Mukachotsa nthambi / tag mu Git, zithunzi zomwe zikugwirizana nazo mu registry zidachotsedwa zokha.
• Chiwerengero cha zithunzi zomwe zimagwirizanitsidwa ndi ma tag a Git ndi zochita zitha kuwongoleredwa ndi kuchuluka kwa ma tag omwe amagwiritsidwa ntchito mu schema yosankhidwa ndi nthawi yomwe mgwirizano wogwirizanawo udapangidwa.

Ponseponse, kukhazikitsidwa kotsatirako kunakwaniritsa zosowa zathu, koma vuto lina posachedwa likutiyembekezera. Chowonadi ndi chakuti tikugwiritsa ntchito ma tagging masinthidwe otengera Git primitives, tidakumana ndi zolakwika zingapo. (Popeza mafotokozedwe awo akupitilira m'nkhaniyi, aliyense atha kudziwa zambiri apa.) Chifukwa chake, titaganiza zosinthira ku njira yabwino kwambiri yopangira ma tagging (kulemba zomwe zili), tidayenera kuganiziranso za kuyeretsa zithunzi.

Algorithm yatsopano

Chifukwa chiyani? Ndi ma tag otengera zomwe zili, tag iliyonse imatha kukhutiritsa zochita zingapo mu Git. Mukayeretsa zithunzi, simungathenso kuganiza okha kuchokera pakupanga komwe tag yatsopano idawonjezedwa ku registry.

Kwa algorithm yatsopano yoyeretsera, zidasankhidwa kuti zichoke pamakina oyika ndikumanga ndondomeko ya meta, iliyonse yomwe imasunga mulu wa:

• chopereka chomwe chinasindikizidwa (zilibe kanthu kuti chithunzicho chinawonjezedwa, chasinthidwa kapena chikhale chofanana mu kaundula wa zotengera);
• ndi chizindikiritso chathu chamkati chogwirizana ndi chithunzi chophatikizidwa.

M’mawu ena, zinaperekedwa kulumikiza ma tag osindikizidwa ndi mabizinesi mu Git.

Kusintha komaliza ndi ma algorithm ambiri

Pokonza zoyeretsa, ogwiritsa ntchito tsopano ali ndi mwayi wotsatira ndondomeko zomwe zimasankha zithunzi zamakono. Ndondomeko iliyonse yotereyi imatanthauzidwa:

• maumboni ambiri, i.e. Ma tag a Git kapena nthambi za Git zomwe zimagwiritsidwa ntchito pakusanthula;
• ndi malire a zithunzi zomwe zafufuzidwa pamtundu uliwonse kuchokera pa seti.

Kuti tichitire chitsanzo, umu ndi momwe kasinthidwe ka ndondomeko yosasinthika inayamba kuwoneka:

cleanup:
  keepPolicies:
  - references:
      tag: /.*/
      limit:
        last: 10
  - references:
      branch: /.*/
      limit:
        last: 10
        in: 168h
        operator: And
    imagesPerReference:
      last: 2
      in: 168h
      operator: And
  - references:  
      branch: /^(main|staging|production)$/
    imagesPerReference:
      last: 10

Kukonzekera uku kuli ndi mfundo zitatu zomwe zimagwirizana ndi malamulo awa:

1. Sungani chithunzi cha ma tag 10 omaliza a Git (pa tsiku lopanga ma tag).
2. Sungani zithunzi zosaposa 2 zomwe zatulutsidwa sabata yatha kuti musapitirire 10 ulusi wokhala ndi zochitika sabata yatha.
3. Sungani zithunzi 10 za nthambi main, staging и production.

Ma algorithm omaliza amatsata njira zotsatirazi:

• Kupeza ziwonetsero kuchokera ku kaundula wa zotengera.
• Kupatula zithunzi zomwe zimagwiritsidwa ntchito ku Kubernetes, chifukwa Tawasankha kale povotera K8s API.
• Kusanthula mbiri ya Git ndikupatula zithunzi kutengera mfundo zomwe zafotokozedwa.
• Kuchotsa zithunzi zotsala.

Pobwerera ku fanizo lathu, izi ndi zomwe zimachitika ndi werf:

Komabe, ngakhale simugwiritsa ntchito werf, njira yofananira yoyeretsa zithunzi zapamwamba - pakukhazikitsa kumodzi kapena kumzake (malinga ndi njira yomwe mumakonda kuyika chizindikiro) - ingagwiritsidwe ntchito kuzinthu zina / zofunikira. Kuti muchite izi, ndikwanira kukumbukira mavuto omwe amabwera ndikupeza mwayi umenewo mumtengo wanu womwe umakulolani kuti muphatikize yankho lawo bwino momwe mungathere. Tikukhulupirira kuti njira yomwe tayendamo ikuthandizani kuyang'ana nkhani yanu ndi tsatanetsatane ndi malingaliro atsopano.

Pomaliza

• Posakhalitsa, magulu ambiri amakumana ndi vuto la registry kusefukira.
• Pofufuza mayankho, choyamba ndikofunika kudziwa zofunikira za chithunzicho.
• Zida zoperekedwa ndi mautumiki otchuka olembetsa ziwiya zimakulolani kuti mukonzekere kuyeretsa kosavuta komwe sikumaganizira za "dziko lakunja": zithunzi zomwe zimagwiritsidwa ntchito ku Kubernetes ndi zomwe zimachitikira gululo.
• Algorithm yosinthika komanso yothandiza iyenera kumvetsetsa njira za CI/CD ndikugwira ntchito osati ndi zithunzi za Docker zokha.

PS

Werenganinso pa blog yathu:

• «Kuyika ma taggings mu werf collector: chifukwa chiyani ndipo imagwira ntchito bwanji?";
• «3-njira kuphatikiza ku werf: kutumizidwa ku Kubernetes ndi Helm "pa steroids"";
• «Kuthandizira kwa monorepo ndi multirepo mu werf ndipo Docker Registry ikukhudzana bwanji nazo";
• «kutulutsidwa kwa werf 1.1: kukonza kwa omanga lero ndi mapulani amtsogolo".

Source: www.habr.com