Kodi mukugwiritsa ntchito Kubernetes? Mwakonzeka kusuntha zochitika zanu za Camunda BPM kuchokera pamakina enieni, kapena mungoyesa kuyendetsa pa Kubernetes? Tiyeni tiwone masinthidwe wamba ndi zinthu zomwe zingagwirizane ndi zosowa zanu.
Zimangoganiza kuti mudagwiritsapo kale Kubernetes. Ngati sichoncho, bwanji osayang'ana ndipo osayambitsa gulu lanu loyamba?
olemba
- (Alastair Firth) - Senior Site Reliability Engineer pa gulu la Camunda Cloud;
- (Lars Lange) - injiniya wa DevOps ku Camunda.
Mwachidule:
git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold
Chabwino, mwina sizinagwire ntchito chifukwa mulibe skaffold ndi kustomize install. Chabwino ndiye werengani!
Camunda BPM ndi chiyani
Camunda BPM ndi njira yotseguka yoyendetsera bizinesi ndi njira yopangira zisankho yomwe imalumikiza ogwiritsa ntchito mabizinesi ndi opanga mapulogalamu. Ndizoyenera kugwirizanitsa ndi kulumikiza anthu, (micro) mautumiki kapena bots! Mutha kuwerenga zambiri zamitundu yosiyanasiyana yogwiritsira ntchito .
Chifukwa chiyani kugwiritsa ntchito Kubernetes
Kubernetes yakhala mulingo wodziwika bwino pakuyendetsa mapulogalamu amakono pa Linux. Pogwiritsa ntchito mafoni amtundu m'malo motengera ma hardware ndi kuthekera kwa kernel kuyang'anira kukumbukira ndikusintha ntchito, nthawi yoyambira ndi nthawi yoyambira imachepetsedwa. Komabe, phindu lalikulu likhoza kubwera kuchokera ku API yokhazikika yomwe Kubernetes amapereka kuti akonze zowonongeka zomwe zimafunidwa ndi mapulogalamu onse: kusungirako, kugwirizanitsa, ndi kuyang'anira. Zinasintha zaka 2020 mu June 6 ndipo mwina ndi pulojekiti yachiwiri yayikulu kwambiri (pambuyo pa Linux). Posachedwa yakhala ikukhazikitsa magwiridwe antchito ake pambuyo pobwereza mwachangu zaka zingapo zapitazi chifukwa imakhala yofunika kwambiri pantchito yopanga padziko lonse lapansi.
Injini ya Camunda BPM imatha kulumikizana mosavuta ndi mapulogalamu ena omwe akuyenda pagulu lomwelo, ndipo Kubernetes imapereka mwayi wabwino kwambiri, kukulolani kuti muwonjezere mtengo wa zomangamanga pokhapokha pakufunika (ndikuwachepetsa mosavuta ngati pakufunika).
Ubwino wowunikira umawongoleredwanso kwambiri ndi zida monga Prometheus, Grafana, Loki, Fluentd ndi Elasticsearch, zomwe zimakulolani kuti muwone pakati pazantchito zonse mgulu. Lero tiwona momwe tingagwiritsire ntchito Prometheus kunja kwa Java Virtual Machine (JVM).
Zolinga
Tiyeni tiwone madera ochepa momwe tingasinthire makonda a Camunda BPM Docker () kotero kuti imalumikizana bwino ndi Kubernetes.
- zipika ndi metrics;
- Kulumikizana kwa database;
- Kutsimikizira;
- Kuwongolera gawo.
Tidzawona njira zingapo zokwaniritsira zolingazi ndikuwonetsa momveka bwino ndondomeko yonseyi.
ndemanga: Kodi mukugwiritsa ntchito mtundu wa Enterprise? Penyani! ndikusintha maulalo azithunzi ngati pakufunika.
Kupititsa patsogolo ntchito
Muchiwonetserochi, tidzagwiritsa ntchito Skaffold kupanga zithunzi za Docker pogwiritsa ntchito Google Cloud Build. Ili ndi chithandizo chabwino pazida zosiyanasiyana (monga Kustomize ndi Helm), CI ndi zida zomangira, ndi othandizira zomangamanga. Fayilo skaffold.yaml.tmpl imaphatikizapo zoikidwiratu za Google Cloud Build ndi GKE, zomwe zimapereka njira yosavuta yoyendetsera zomangamanga zopangira.
make skaffold idzakweza zolemba za Dockerfile mu Cloud Build, pangani chithunzicho ndikuchisunga mu GCR, kenako ndikuyika zowonetsera pagulu lanu. Izi ndi zomwe zimachita make skaffold, koma Skaffold ili ndi zina zambiri.
Pazithunzi zaml ku Kubernetes, timagwiritsa ntchito kustomize kuyang'anira zokutira zaml popanda kufooketsa chiwonetsero chonse, kukulolani kugwiritsa ntchito git pull --rebase kuti muwonjezere zina. Tsopano ili mu kubectl ndipo imagwira ntchito bwino pazinthu zotere.
Timagwiritsanso ntchito envsubst kudzaza dzina la olandila ndi ID ya projekiti ya GCP mumafayilo a *.yaml.tmpl. Mutha kuwona momwe zimagwirira ntchito makefile kapena ingopitirirani.
Zinthu zofunikira
- Gulu la ntchito
- - popanga zithunzi zanu za docker ndikutumiza mosavuta ku GKE
- Kopi ya code iyi
- Zithunzi za Envsubst
Njira yogwiritsira ntchito mawonekedwe
Ngati simukufuna kugwiritsa ntchito kustomize kapena skaffold, mutha kulozera pazowonetsa mu generated-manifest.yaml ndi kuzisintha kuti zigwirizane ndi kachitidwe kanu.
Zolemba ndi metrics
Prometheus wakhala muyeso wotolera ma metric ku Kubernetes. Imakhala ndi niche yofanana ndi AWS Cloudwatch Metrics, Cloudwatch Alerts, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics ndi ena. Ndi gwero lotseguka ndipo lili ndi chilankhulo champhamvu chofunsa. Tipereka zowonera ku Grafana - zimabwera ndi ma dashboard ambiri omwe akupezeka m'bokosi. Iwo olumikizidwa kwa wina ndi mzake ndipo ndi zosavuta kukhazikitsa ndi .
Mwachikhazikitso, Prometheus amagwiritsa ntchito chitsanzo chochotsa <service>/metrics, ndi kuwonjezera zotengera zam'mbali za izi ndizofala. Tsoka ilo, ma metric a JMX amalowetsedwa bwino mu JVM, kotero zotengera zam'mbali sizigwira ntchito bwino. Tiyeni tigwirizane gwero lotseguka kuchokera ku Prometheus kupita ku JVM powonjezera pa chithunzi cha chidebe chomwe chidzapereke njira /metrics padoko lina.
Onjezani Prometheus jmx_exporter ku chidebecho
-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0
## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml
Chabwino, izo zinali zophweka. Wotumiza kunja aziyang'anira tomcat ndikuwonetsa ma metric ake mumtundu wa Prometheus pa <svc>:9404/metrics
Kukonzekera kwa kunja
Wowerenga mwachidwi angadabwe kuti idachokera kuti prometheus-jmx.yaml? Pali zinthu zambiri zosiyanasiyana zomwe zimatha kuthamanga mu JVM, ndipo tomcat ndi imodzi mwa izo, kotero wotumiza kunja amafunikira kasinthidwe kowonjezera. Kukonzekera kokhazikika kwa tomcat, wildfly, kafka ndi zina zotero zilipo . Tidzawonjezera tomcat ngati mu Kubernetes ndikuyiyika ngati voliyumu.
Choyamba, timawonjezera fayilo yosinthira kunja ku nsanja yathu/config/ directory
platform/config
└── prometheus-jmx.yaml
Ndiye ife kuwonjezera в kustomization.yaml.tmpl:
-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...]
configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml
Izi zidzawonjezera chinthu chilichonse files[] monga chinthu chosinthira ConfigMap. ConfigMapGenerators ndizabwino chifukwa amasunga zosintha ndikukakamiza kuyambiranso ngati zisintha. Amachepetsanso kuchuluka kwa kasinthidwe mu Deployment popeza mutha kuyika "foda" yonse yamafayilo osintha mu VolumeMount imodzi.
Pomaliza, tifunika kuyika ConfigMap ngati voliyumu ku pod:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]
Zodabwitsa. Ngati Prometheus sanakonzekere kuyeretsa kwathunthu, mungafunike kuwauza kuti ayeretse makoko. Ogwiritsa ntchito a Prometheus angagwiritse ntchito service-monitor.yaml kuti ndiyambe. Onani Service-monitor.yaml, и musanayambe.
Kuwonjezera chitsanzo ichi ku zochitika zina
Mafayilo onse omwe timawonjezera ku ConfigMapGenerator apezeka m'ndandanda watsopano /etc/config. Mutha kuwonjezera template iyi kuti muyike mafayilo ena aliwonse omwe mungafune. Mutha kuyikanso script yatsopano yoyambira. Mutha kugwiritsa ntchito kuyika mafayilo payekha. Kuti musinthe mafayilo a xml, lingalirani kugwiritsa ntchito m'malo mwa sed. Zaphatikizidwa kale pachithunzichi.
Magazini
Nkhani yabwino! Zolemba zamapulogalamu zilipo kale pa stdout, mwachitsanzo ndi kubectl logs. Fluentd (yokhazikitsidwa mwachisawawa mu GKE) idzatumiza zipika zanu ku Elasticsearch, Loki, kapena nsanja yanu yodula mitengo. Ngati mukufuna kugwiritsa ntchito jsonify pazipika ndiye mutha kutsatira template yomwe ili pamwambapa kuti muyike .
Nawonsomba
Mwachikhazikitso, chithunzicho chidzakhala ndi database ya H2. Izi sizoyenera kwa ife, ndipo tidzagwiritsa ntchito Google Cloud SQL ndi Cloud SQL Proxy - izi zidzafunika pambuyo pake kuthetsa mavuto amkati. Iyi ndi njira yosavuta komanso yodalirika ngati mulibe zomwe mumakonda pakukhazikitsa database. AWS RDS imapereka ntchito yofananira.
Mosasamala kanthu za nkhokwe yomwe mwasankha, pokhapokha ngati ili H2, muyenera kuyika zosintha zoyenera mu platform/deploy.yaml. Zikuwoneka motere:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]
ndemanga: Mutha kugwiritsa ntchito Kustomize kutumiza kumalo osiyanasiyana pogwiritsa ntchito zokutira: .
ndemanga: kugwiritsa ntchito valueFrom: secretKeyRef. Chonde, gwiritsani ntchito ngakhale panthawi ya chitukuko kuti muteteze zinsinsi zanu.
Ndikoyenera kuti muli ndi njira yomwe mumakonda yoyendetsera zinsinsi za Kubernetes. Ngati sichoncho, nazi zina zomwe mungachite: Kuzisunga ndi KMS ya wopereka mtambo ndikuzilowetsa mu K8S ngati zinsinsi kudzera papaipi ya CD − - idzagwira ntchito bwino kwambiri kuphatikiza ndi zinsinsi za Kustomize. Palinso zida zina, monga dotGPG, zomwe zimagwira ntchito zofananira: , .
Ingress
Pokhapokha mutasankha kugwiritsa ntchito kutumiza kwa doko kwanuko, mudzafunika Ingress Controller yokhazikitsidwa. Ngati simugwiritsa ntchito () ndiye kuti mukudziwa kale kuti muyenera kukhazikitsa zolemba zofunika ingress-patch.yaml.tmpl kapena platform/ingress.yaml. Ngati mukugwiritsa ntchito ingress-nginx ndikuwona kalasi ya nginx ingress yokhala ndi cholozera cholozera ndi cholowera chakunja cha DNS kapena wildcard DNS, ndiwabwino kupita. Kupanda kutero, konzani Ingress Controller ndi DNS, kapena kudumpha izi ndikusunga kulumikizana kwachindunji ndi pod.
TLS
Ngati mukugwiritsa ntchito kapena kube-lego ndi letsencrypt - ziphaso zolowera kwatsopano zizipezeka zokha. Apo ayi, tsegulani ingress-patch.yaml.tmpl ndikusintha mwamakonda kuti zigwirizane ndi zosowa zanu.
Lautsani!
Ngati mwatsatira zonse zomwe zalembedwa pamwambapa, ndiye lamulo make skaffold HOSTNAME=<you.example.com> ayenera kukhazikitsa chitsanzo chomwe chilipo <hostname>/camunda
Ngati simunakhazikitse malowedwe anu ku ulalo wapagulu, mutha kuulozeranso ndi localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 pa localhost:8080/camunda
Dikirani mphindi zingapo mpaka tomcat itakonzeka. Cert-manager zidzatenga nthawi kuti zitsimikizire dzina la domain. Mutha kuyang'anira zipikazo pogwiritsa ntchito zida zomwe zilipo monga chida ngati kubetail, kapena kungogwiritsa ntchito kubectl:
kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f
Masitepe otsatira
Kulowa
Izi ndizofunikira kwambiri pakukonza Camunda BPM kuposa Kubernetes, koma ndikofunikira kudziwa kuti mwachisawawa, kutsimikizika kumayimitsidwa mu REST API. Mutha kapena kugwiritsa ntchito njira ina . Mutha kugwiritsa ntchito configmaps ndi ma voliyumu kuti mukweze xml, kapena xmlstarlet (onani pamwambapa) kuti musinthe mafayilo omwe alipo pachithunzichi, ndikugwiritsa ntchito wget kapena kuwayika pogwiritsa ntchito chidebe cha init ndi voliyumu yogawana.
Kuwongolera gawo
Monga mapulogalamu ena ambiri, Camunda BPM imayendetsa magawo mu JVM, kotero ngati mukufuna kuyendetsa zobwereza zingapo, mutha kuloleza magawo okhazikika (), yomwe idzakhalapo mpaka chofananacho chizimiririka, kapena khazikitsani mawonekedwe a Max-Age a makeke. Kuti mupeze yankho lamphamvu, mutha kutumiza Session Manager ku Tomcat. Lars ali pamutuwu, koma zinthu monga:
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&
sed -i '/^</Context>/i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://redis-proxy.db:22121"
sticky="false"
sessionBackupAsync="false"
storageKeyPrefix="context"
lockingMode="auto"
/>' conf/context.xml
ndemanga: mutha kugwiritsa ntchito xmlstarlet m'malo mwa sed
Tinagwiritsa ntchito pamaso pa Google Cloud Memorystore, ndi (imathandizira Redis) kuyendetsa.
Kukulitsa
Ngati mumamvetsetsa kale magawo, ndiye kuti choletsa choyamba (ndipo nthawi zambiri chomaliza) pakukulitsa Camunda BPM chikhoza kukhala cholumikizira ku database. Kusintha pang'ono kulipo kale "" Tiyeni tiyimitsenso intialSize mu fayilo ya settings.xml. Onjezani ndipo mutha kukulitsa mosavuta kuchuluka kwa ma pod.
Zopempha ndi zoletsa
В platform/deployment.yaml Mudzawona kuti takhomerera kwambiri gawo lazothandizira. Izi zimagwira ntchito bwino ndi HPA, koma zingafunike kusinthidwa kowonjezera. Chigamba cha kustomize ndichoyenera izi. Cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl
Pomaliza
Chifukwa chake tidayika Camunda BPM pa Kubernetes ndi ma Prometheus metrics, mitengo, H2 database, TLS ndi Ingress. Tidawonjezera mafayilo amatsuko ndi mafayilo osinthira pogwiritsa ntchito ConfigMaps ndi Dockerfile. Tinakambirana za kusinthanitsa deta ku ma voliyumu komanso mwachindunji ku zosintha zachilengedwe kuchokera ku zinsinsi. Kuphatikiza apo, tidapereka chiwongolero chakukhazikitsa Camunda kwa ma replicas angapo komanso API yotsimikizika.
powatsimikizira
github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives
05.08.2020/XNUMX/XNUMX, kumasulira Alastair Firth, Lars Lange
Source: www.habr.com