Pulogalamu ya ProHoster > Blog > Ulamuliro > Chidziwitso cha GitOps cha OpenShift

Chidziwitso cha GitOps cha OpenShift

Lero tikambirana za mfundo ndi zitsanzo za GitOps, komanso momwe zitsanzozi zimagwiritsidwira ntchito pa nsanja ya OpenShift. Kalozera wokambirana pamutuwu alipo kugwirizana.

Chidziwitso cha GitOps cha OpenShift

Mwachidule, GitOps ndi machitidwe ogwiritsira ntchito kukoka kwa Git kuti ayang'anire zomangamanga ndi masanjidwe a mapulogalamu. Malo osungira a Git mu GitOps amatengedwa ngati gwero limodzi lachidziwitso chokhudza momwe dongosololi lilili, ndipo zosintha zilizonse m'bomali zimatha kutsatiridwa komanso kuwerengedwa.

Lingaliro lakusintha kutsata kwa GitOps silatsopano; njira iyi yakhala ikugwiritsidwa ntchito pafupifupi padziko lonse lapansi pogwira ntchito ndi code source source. GitOps imangogwiritsa ntchito zofananira (ndemanga, zopempha zokoka, ma tag, ndi zina zambiri) muzomangamanga ndi kasamalidwe ka makonzedwe a ntchito ndipo imapereka zopindulitsa zofananira monga momwe zimakhalira pakuwongolera ma code source.

Palibe tanthauzo lamaphunziro kapena malamulo ovomerezeka a GitOps, mfundo zokhazo zomwe mchitidwewu umapangidwira:

  • Mafotokozedwe ofotokozera a dongosololi amasungidwa mu Git repository (configs, monitoring, etc.).
  • Kusintha kwa boma kumapangidwa kudzera muzopempha zokoka.
  • Mkhalidwe wamakina oyendetsa umalumikizidwa ndi zomwe zili munkhokwe pogwiritsa ntchito zopempha za Git.

Mfundo za GitOps

  • Matanthauzidwe amachitidwe amafotokozedwa ngati code code

Kukonzekera kwamakina kumawonedwa ngati kachidindo kotero kuti kumatha kusungidwa ndikusinthidwa zokha munkhokwe ya Git, yomwe imakhala ngati gwero limodzi lachowonadi. Njirayi imapangitsa kuti zikhale zosavuta kutulutsa ndi kubwezeretsa kusintha kwa machitidwe.

  • Mkhalidwe wofunidwa ndi kasinthidwe ka machitidwe amayikidwa ndikusinthidwa mu Git

Posunga ndikusintha mawonekedwe omwe tikufuna ku Git, timatha kutulutsa ndikubwezeretsanso zosintha pamakina ndi mapulogalamu. Titha kugwiritsanso ntchito njira zachitetezo za Git kuwongolera umwini wamakhodi ndikutsimikizira zowona.

  • Kusintha kwa kasinthidwe kutha kugwiritsidwa ntchito pokhapokha popempha kukoka

Pogwiritsa ntchito zopempha za Git kukoka, titha kuwongolera mosavuta momwe zosintha zimagwiritsidwira ntchito pakusintha kosungirako. Mwachitsanzo, atha kuperekedwa kwa mamembala ena amgulu kuti awonenso kapena kuthamanga mayeso a CI, ndi zina.

Ndipo nthawi yomweyo, palibe chifukwa chogawa mphamvu za admin kumanzere ndi kumanja. Kuti musinthe masinthidwe, ogwiritsa ntchito amangofunika zilolezo zoyenera munkhokwe ya Git pomwe zosinthazo zimasungidwa.

  • Kukonza vuto la kusuntha kosalamulirika kwa kasinthidwe

Pomwe dongosolo lomwe likufunidwa likasungidwa m'malo osungira a Git, zomwe tiyenera kuchita ndikupeza mapulogalamu omwe angawonetsetse kuti dongosololi likugwirizana ndi zomwe akufuna. Ngati sizili choncho, ndiye kuti pulogalamuyo iyenera - kutengera makonda - mwina kuthetsa kusiyanako palokha, kapena kutidziwitsa za kasinthidwe kachitidwe.

Mitundu ya GitOps ya OpenShift

On-Cluster Resource Reconciler

Malinga ndi chitsanzo ichi, gululi lili ndi wolamulira yemwe ali ndi udindo wofanizira zinthu za Kubernetes (mafayilo a YAML) mu malo a Git ndi zinthu zenizeni za gululo. Ngati kusagwirizana kuzindikirika, wolamulirayo amatumiza zidziwitso ndipo mwina amachitapo kanthu kuti akonze zolakwikazo. Mtundu uwu wa GitOps umagwiritsidwa ntchito mu Anthos Config Management ndi Weaveworks Flux.

Chidziwitso cha GitOps cha OpenShift

Wogwirizanitsa Zida Zakunja (Kankhani)

Mtunduwu ukhoza kuwonedwa ngati wosiyana wa m'mbuyomu, tikakhala ndi owongolera m'modzi kapena angapo omwe ali ndi udindo wolumikiza zinthu mumagulu a "Git repository - Kubernetes cluster". Kusiyana apa ndikuti gulu lililonse loyendetsedwa silikhala ndi wowongolera wake. Magulu awiri a magulu a Git - k8s nthawi zambiri amatanthauzidwa ngati ma CRD (matanthauzidwe azinthu zamwambo), omwe amatha kufotokozera momwe wowongolera ayenera kugwirizanitsa. Mkati mwachitsanzo ichi, olamulira amayerekezera malo a Git omwe atchulidwa mu CRD ndi zothandizira zamagulu a Kubernetes, zomwe zimatchulidwanso mu CRD, ndikuchita zoyenera malinga ndi zotsatira za kufananitsa. Makamaka, mtundu uwu wa GitOps umagwiritsidwa ntchito ku ArgoCD.

Chidziwitso cha GitOps cha OpenShift

GitOps pa nsanja ya OpenShift

Ulamuliro wa zomangamanga zamagulu ambiri a Kubernetes

Ndi kufalikira kwa Kubernetes komanso kutchuka komwe kukuchulukirachulukira kwa njira zamitundu yambiri ndi makompyuta am'mphepete, kuchuluka kwamagulu a OpenShift pa kasitomala akuchulukiranso.

Mwachitsanzo, mukamagwiritsa ntchito komputa yam'mphepete, magulu a kasitomala amatha kutumizidwa mazana kapena masauzande. Zotsatira zake, amakakamizika kuyang'anira magulu angapo odziyimira pawokha kapena ogwirizana a OpenShift pamtambo wapagulu komanso pamalopo.

Pankhaniyi, mavuto ambiri ayenera kuthetsedwa, makamaka:

  • Onetsetsani kuti magulu ali ofanana (makonzedwe, kuyang'anira, kusungirako, etc.)
  • Panganinso (kapena bwezeretsani) magulu kutengera dziko lodziwika.
  • Pangani magulu atsopano kutengera dziko lodziwika.
  • Sinthani zosintha kumagulu angapo a OpenShift.
  • Sinthani zosintha m'magulu angapo a OpenShift.
  • Lumikizani masinthidwe azithunzi kumadera osiyanasiyana.

Masanjidwe a Ntchito

Pa nthawi ya moyo wawo, mapulogalamu nthawi zambiri amadutsa magulu angapo (dev, siteji, ndi zina zotero) asanakhale m'gulu la kupanga. Kuonjezera apo, chifukwa cha kupezeka ndi zofunikira za scalability, makasitomala nthawi zambiri amatumiza mapulogalamu m'magulu angapo omwe ali pamtunda kapena madera angapo a mtambo wamtambo.

Pankhaniyi, ntchito zotsatirazi ziyenera kuthetsedwa:

  • Onetsetsani kusuntha kwa mapulogalamu (mabinaries, configs, etc.) pakati pamagulu (dev, stage, etc.).
  • Sinthani zosintha pamapulogalamu (mabinari, ma configs, ndi zina) m'magulu angapo a OpenShift.
  • Bwezeretsani zosintha kuzinthu zomwe zidadziwika kale.

OpenShift GitOps Gwiritsani Ntchito Milandu

1. Kugwiritsa ntchito zosintha kuchokera kunkhokwe ya Git

Woyang'anira gulu amatha kusunga masanjidwe amagulu a OpenShift m'malo osungira a Git ndikuwagwiritsa ntchito kuti apange magulu atsopano ndikuwabweretsa m'malo ofanana ndi omwe amadziwika omwe amasungidwa munkhokwe ya Git.

2. Kuyanjanitsa ndi Secret Manager

Woyang'anira adzapindulanso ndi kuthekera kolumikiza zinthu zachinsinsi za OpenShift ndi mapulogalamu oyenera monga Vault kuti azitha kuwawongolera pogwiritsa ntchito zida zopangidwira izi.

3. Kuwongolera masinthidwe a drift

Woyang'anira azingovomereza ngati OpenShift GitOps imadzizindikiritsa ndikuchenjeza za kusagwirizana pakati pa masinthidwe enieni ndi omwe afotokozedwa m'malo osungira, kuti athe kuyankha mwachangu kusuntha.

4. Zidziwitso za kusintha kwa kasinthidwe

Zimakhala zothandiza ngati woyang'anira akufuna kuphunzira mwachangu zamilandu yosinthira masinthidwe kuti achitepo kanthu moyenera payekha.

5. Kulunzanitsa pamanja kwa masinthidwe mukamayenda

Amalola woyang'anira kuti agwirizanitse gulu la OpenShift ndi chosungira cha Git pakachitika kusintha kwakusintha, kubweza gululo mwachangu kumalo odziwika kale.

6.Auto-synchronization ya kasinthidwe pamene akuyendetsa

Woyang'anira amathanso kukonza gulu la OpenShift kuti ligwirizane ndi malo osungira pamene kukwera kumapezeka, kotero kuti kasinthidwe kamagulu nthawi zonse kumagwirizana ndi makonzedwe a Git.

7. Masango angapo - malo amodzi

Woyang'anira amatha kusunga masinthidwe amagulu angapo a OpenShift m'malo amodzi a Git ndikusankha momwe angafunikire.

8. Ulamuliro wa masanjidwe a magulu (cholowa)

Woyang'anira atha kukhazikitsa mindandanda yamakasinthidwe amagulu munkhokwe (siteji, prod, portfolio ya pulogalamu, ndi zina zambiri ndi cholowa). Mwanjira ina, imatha kudziwa ngati masinthidwe akuyenera kugwiritsidwa ntchito pagulu limodzi kapena angapo.

Mwachitsanzo, ngati woyang'anira akhazikitsa gulu la "Magulu opanga (prod) β†’ Magulu a System X β†’ Magulu opangira a system X" munkhokwe ya Git, ndiye kuphatikiza kotsatiraku kumagwiritsidwa ntchito pamagulu opanga X:

  • Imakonza zofanana ndi magulu onse opanga.
  • Zosintha za gulu la System X.
  • Zosintha zamagulu opanga makina a X.

9. Ma templates ndi kasinthidwe zimadutsa

Woyang'anira atha kuwongolera ma configs omwe adatengera cholowa ndi zikhalidwe zawo, mwachitsanzo, kukonza masinthidwe amagulu enaake omwe adzagwiritsidwe.

10. Zosankha ziphatikizepo ndikupatula zosintha, masinthidwe a pulogalamu

Woyang'anira atha kukhazikitsa mikhalidwe yogwiritsira ntchito kapena kusagwiritsa ntchito masinthidwe ena kumagulu okhala ndi mawonekedwe ena.

11. Thandizo la template

Madivelopa adzapindula ndi kuthekera kosankha momwe zogwirira ntchito zidzafotokozedwere (Helm Chart, Kubernetes yaml yoyera, ndi zina zotero) kuti agwiritse ntchito mtundu woyenera kwambiri pa pulogalamu iliyonse.

Zida za GitOps pa nsanja ya OpenShift

ArgoCD

ArgoCD imagwiritsa ntchito chitsanzo cha External Resource Reconcile ndipo imapereka UI wapakati pakukonza maubwenzi amodzi ndi ambiri pakati pa magulu ndi zosungira za Git. Kuipa kwa pulogalamuyi kumaphatikizapo kulephera kuyang'anira mapulogalamu pamene ArgoCD sikugwira ntchito.

Webusaiti yathuyi

ikuyenda

Flux imagwiritsa ntchito chitsanzo cha On-Cluster Resource Reconcile ndipo, chifukwa chake, palibe kasamalidwe kapakati pa malo ofotokozera, omwe ndi ofooka. Kumbali ina, ndendende chifukwa cha kusowa kwa centralization, kuthekera koyang'anira mapulogalamu kumakhalabe ngakhale gulu limodzi likulephera.

Webusaiti yathuyi

Kuyika ArgoCD pa OpenShift

ArgoCD imapereka mawonekedwe abwino kwambiri a mzere wamalamulo ndi intaneti, chifukwa chake sitikhudza Flux ndi njira zina pano.

Kuti mutumize ArgoCD pa nsanja ya OpenShift 4, tsatirani izi ngati woyang'anira magulu:

Kutumiza zida za ArgoCD papulatifomu ya OpenShift

# Create a new namespace for ArgoCD components
oc create namespace argocd
# Apply the ArgoCD Install Manifest
oc -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.2.2/manifests/install.yaml
# Get the ArgoCD Server password
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')

Kupititsa patsogolo kwa ArgoCD Server kuti iwonekere ndi OpenShift Route

# Patch ArgoCD Server so no TLS is configured on the server (--insecure)
PATCH='{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"argocd-server"}],"containers":[{"command":["argocd-server","--insecure","--staticassets","/shared/app"],"name":"argocd-server"}]}}}}'
oc -n argocd patch deployment argocd-server -p $PATCH
# Expose the ArgoCD Server using an Edge OpenShift Route so TLS is used for incoming connections
oc -n argocd create route edge argocd-server --service=argocd-server --port=http --insecure-policy=Redirect

Kutumiza ArgoCD Cli Tool

# Download the argocd binary, place it under /usr/local/bin and give it execution permissions
curl -L https://github.com/argoproj/argo-cd/releases/download/v1.2.2/argocd-linux-amd64 -o /usr/local/bin/argocd
chmod +x /usr/local/bin/argocd

Kusintha achinsinsi a ArgoCD Server admin

# Get ArgoCD Server Route Hostname
ARGOCD_ROUTE=$(oc -n argocd get route argocd-server -o jsonpath='{.spec.host}')
# Login with the current admin password
argocd --insecure --grpc-web login ${ARGOCD_ROUTE}:443 --username admin --password ${ARGOCD_SERVER_PASSWORD}
# Update admin's password
argocd --insecure --grpc-web --server ${ARGOCD_ROUTE}:443 account update-password --current-password ${ARGOCD_SERVER_PASSWORD} --new-password

Mukamaliza izi, mutha kugwira ntchito ndi ArgoCD Server kudzera pa ArgoCD WebUI web console kapena chida cha mzere wa ArgoCD Cli.
https://blog.openshift.com/is-it-too-late-to-integrate-gitops/

GitOps - Sikuchedwa Kwambiri

"Sitima yachoka" - izi ndi zomwe akunena pazochitika pamene mwayi wochita chinachake wasowa. Pankhani ya OpenShift, chikhumbo chofuna kuyamba kugwiritsa ntchito nsanja yatsopanoyi nthawi zambiri chimapanga izi ndi kasamalidwe ndi kukonza njira, kutumiza ndi zinthu zina za OpenShift. Koma kodi mwayiwo umatayika nthawi zonse?

Kupitiliza nkhani za GitOps, lero tikuwonetsani momwe mungasinthire ntchito yopangidwa ndi manja ndi zipangizo zake kuti zikhale njira yomwe chirichonse chimayang'aniridwa ndi zida za GitOps. Kuti tichite izi, titha kutumiza pamanja pulogalamu ya httpd. Chithunzi chili m'munsichi chikuwonetsa momwe timapangira dzina, kutumiza ndi ntchito, ndikuwonetsa ntchitoyi kuti tipange njira.

oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/namespace.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/deployment.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/service.yaml
oc expose svc/httpd -n simple-app

Chifukwa chake tili ndi pulogalamu yopangidwa ndi manja. Tsopano ikuyenera kusamutsidwa pansi pa kasamalidwe ka GitOps popanda kutaya kupezeka. Mwachidule, imachita izi:

  • Pangani chosungira cha Git cha code.
  • Timatumiza zinthu zathu zamakono ndikuziyika kumalo osungirako a Git.
  • Kusankha ndi kutumiza zida za GitOps.
  • Timawonjezera nkhokwe yathu ku zida izi.
  • Timatanthauzira kugwiritsa ntchito mu zida zathu za GitOps.
  • Timayesa kugwiritsa ntchito pulogalamuyo pogwiritsa ntchito zida za GitOps.
  • Timagwirizanitsa zinthu pogwiritsa ntchito zida za GitOps.
  • Yambitsani kudulira ndi kulunzanitsa zinthu zokha.

Monga tafotokozera m'mbuyomu nkhani, mu GitOps pali gwero limodzi lokha la chidziwitso pazinthu zonse mumagulu a Kubernetes - malo osungira a Git. Kenako, timachoka pamalingaliro akuti gulu lanu likugwiritsa ntchito kale malo osungira a Git. Itha kukhala yapagulu kapena yachinsinsi, koma iyenera kupezeka kumagulu a Kubernetes. Izi zitha kukhala malo osungira omwewo ngati ma code ogwiritsira ntchito, kapena malo osiyana opangidwa kuti atumizidwe. Ndikoyenera kukhala ndi zilolezo zokhazikika m'nkhokwe popeza zinsinsi, mayendedwe, ndi zinthu zina zotengera chitetezo zidzasungidwa pamenepo.

Muchitsanzo chathu, tipanga malo atsopano pa GitHub. Mutha kuyitcha chilichonse chomwe mungafune, timagwiritsa ntchito dzina la blogpost.

Ngati mafayilo a chinthu cha YAML sanasungidwe kwanuko kapena ku Git, ndiye kuti muyenera kugwiritsa ntchito oc kapena kubectl binaries. Pazithunzi pansipa tikupempha YAML kuti tipeze malo athu, kutumiza, ntchito ndi njira. Izi zisanachitike, tidapanga chosungira chatsopano ndi ma cd mmenemo.

oc get namespace simple-app -o yaml --export > namespace.yaml
oc get deployment httpd -o yaml -n simple-app --export > deployment.yaml
oc get service httpd -o yaml -n simple-app --export > service.yaml
oc get route httpd -o yaml -n simple-app --export > route.yaml

Tsopano tiyeni tisinthe fayilo ya deployment.yaml kuchotsa gawo lomwe Argo CD silingalumikize.

sed -i '/sgeneration: .*/d' deployment.yaml

Kuphatikiza apo, njirayo iyenera kusinthidwa. Tikhazikitsa kaye mizere yambiri ndikuyika ingress: null ndi zomwe zili mumitunduyo.

export ROUTE="  ingress:                                                            
    - conditions:
        - status: 'True'
          type: Admitted"

sed -i "s/  ingress: null/$ROUTE/g" route.yaml

Chifukwa chake, takonza mafayilo, chomwe chatsala ndikusunga kunkhokwe ya Git. Pambuyo pake malowa amakhala gwero lokhalo lachidziwitso, ndipo kusintha kulikonse pamanja kuzinthu kuyenera kuletsedwa.

git commit -am β€˜initial commit of objects’
git push origin master

Kupitilira apo tikupitilirabe kuti mwatumiza kale ArgoCD (momwe mungachitire izi - onani zam'mbuyomu positi). Chifukwa chake, tidzawonjezera ku Argo CD chosungira chomwe tidapanga, chokhala ndi nambala yofunsira kuchokera ku chitsanzo chathu. Ingotsimikizirani kuti mwatchulanso malo enieni omwe mudapanga kale.

argocd repo add https://github.com/cooktheryan/blogpost

Tsopano tiyeni tipange ntchito. Pulogalamuyi imayika zofunikira kuti zida za GitOps zimvetsetse malo ndi njira zogwiritsira ntchito, zomwe OpenShift imafunika kuyang'anira zinthu, ndi nthambi iti yankhokwe yomwe ikufunika, komanso ngati zothandizira ziyenera kulunzanitsa.

argocd app create --project default 
--name simple-app --repo https://github.com/cooktheryan/blogpost.git 
--path . --dest-server https://kubernetes.default.svc 
--dest-namespace simple-app --revision master --sync-policy none

Ntchito ikangotchulidwa mu Argo CD, zida zoyambira zimayamba kuyang'ana zinthu zomwe zayikidwa kale motsutsana ndi matanthauzo omwe ali munkhokwe. Muchitsanzo chathu, kulunzanitsa ndi kuyeretsa kwadzidzidzi kuzimitsa, kotero kuti zinthu sizikusintha. Chonde dziwani kuti mu mawonekedwe a Argo CD pulogalamu yathu idzakhala ndi "Out of Sync" chifukwa palibe zilembo zomwe ArgoCD imapereka.
Ichi ndichifukwa chake tikayamba kulunzanitsa pakapita nthawi, zinthu sizidzatumizidwanso.

Tsopano tiyeni tiyese kuyesa kuti tiwonetsetse kuti palibe zolakwika m'mafayilo athu.

argocd app sync simple-app --dry-run

Ngati palibe zolakwa, ndiye inu mukhoza chitani kalunzanitsidwe.

argocd app sync simple-app

Pambuyo poyendetsa lamulo la argoc get pa ntchito yathu, tiyenera kuwona kuti mawonekedwe a pulogalamuyo asintha kukhala Healthy kapena Synced. Izi zikutanthauza kuti zonse zomwe zili munkhokwe ya Git tsopano zikugwirizana ndi zomwe zatumizidwa kale.

argocd app get simple-app
Name:               simple-app
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          simple-app
URL:                https://argocd-server-route-argocd.apps.example.com/applications/simple-app
Repo:               https://github.com/cooktheryan/blogpost.git
Target:             master
Path:               .
Sync Policy:        <none>
Sync Status:        Synced to master (60e1678)
Health Status:      Healthy
...

Tsopano mutha kuloleza kulunzanitsa ndi kuyeretsa kuti muwonetsetse kuti palibe chomwe chimapangidwa pamanja komanso kuti nthawi iliyonse chinthu chikapangidwa kapena kusinthidwa kumalo osungira, kutumizidwa kudzachitika.

argocd app set simple-app --sync-policy automated --auto-prune

Chifukwa chake, tabweretsa bwino pulogalamu pansi pa GitOps control yomwe poyamba sinagwiritse ntchito GitOps mwanjira iliyonse.

Source: www.habr.com

Kuwonjezera ndemanga