O le a le mea na muamua - o le moa po o le fuamoa? Ose amataga uiga ese mo se tusiga e uiga i Infrastructure-as-Code, a ea?
O le a le fuamoa?
O le tele o taimi, Infrastructure-as-Code (IaC) o se auala faʻaalia e fai ma sui o mea tetele. I totonu matou te faʻamatalaina le setete matou te manaʻo e ausia, amata mai le vaega o meafaigaluega ma faʻaiʻu i le faʻatulagaina o polokalama. O le mea lea e faʻaaogaina ai le IaC mo:
- Tuuina atu o Punaoa. O VM nei, S3, VPC, ma isi. Meafaigaluega autu mo galuega: и .
- . Meafaigaluega fa'avae: , Faifeau, ma isi.
Soʻo se code o loʻo i totonu o faleoloa git. Ma e le'i umi ae filifili le ta'ita'i o le 'au e tatau ona fa'atulaga lelei. Ma o le a ia refactor. Ma o le a fausia ai se fausaga. Ma o le a ia vaai i ai e lelei lenei mea.
E lelei foi ona ua iai и -o le tu'uina atu mo Terraform (ma o le Software Configuration lea). Faatasi ai ma la latou fesoasoani, e mafai ona e pulea le poloketi atoa: sui o le au, CI / CD, git-flow, ma isi.
O fea na sau ai le fuamoa?
O lea ua faasolosolo malie ona tatou agai atu i le fesili autu.
Muamua lava, e tatau ona e amata i se fale teu oloa e faʻamatalaina le fausaga o isi fale teu oloa, e aofia ai oe. Ma o le mea moni, o se vaega o GitOps, e te manaʻomia le faʻaopoopoina o le CI ina ia otometi ona faʻatinoina suiga.
Afai e le'i faia le Git?
- E faʻafefea ona teu i Git?
- Faʻafefea ona faʻapipiʻi CI?
- Afai tatou te faʻaogaina foi Gitlab e faʻaaoga ai IaC, ma e oʻo lava ile Kubernetes?
- Ma GitLab Runner foi i Kubernetes?
- Ae faapefea Kubernetes i le cloud provider?
O le a le mea na muamua: o le GitLab lea o le a ou lafoina ai laʻu code, poʻo le code e faʻamatalaina ai le ituaiga GitLab ou te manaʻomia?
Moa ma fuamoa
«3 ma se tainasoa" []
Se'i o tatou taumafai e kuka se mea'ai e fa'aaoga e fai ai le ao .
TL; AMA
E mafai ona auai i le au e tasi i le taimi e tasi?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashMeaʻai:
- Tala mai my.selectel.ru;
- Fa'ailoga tupe;
- Kubernetes tomai;
- Tomai Foiuli;
- Tomai i Terraform;
- Siata foeuli GitLab;
- Siata foeuli GitLab Runner.
Fua:
- Maua MY_SELECTEL_TOKEN mai le laulau my.selectel.ru.
- Fausia se fuifui Kubernetes e ala i le fesiitaiga o se fa'ailoga fa'amatalaga i ai.
- Maua le KUBECONFIG mai le fuifui na faia.
- Faʻapipiʻi GitLab ile Kubernetes.
- Maua GitLab-token mai GitLab na faia mo le tagata faʻaoga aʻa.
- Fausia se fausaga o galuega i GitLab faʻaaoga GitLab-token.
- Tu'i le code o iai ile GitLab.
- ???
- Faʻamanuia!
laa 1. E mafai ona maua le faʻailoga i le vaega .
laa 2. Matou te saunia a matou Terraform mo le " taoina "se fuifui o 2 nodes. Afai e te mautinoa o loʻo lava au punaoa mo mea uma, ona mafai lea ona e faʻaogaina le autoquotas:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Fa'aopoopo se tagata fa'aoga ile poloketi:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Fa'atosina:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Tatou amata:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
laa 3. Matou te maua le cubeconfig.
Ina ia fa'apolokalameina le download KUBECONFIG, e tatau ona e maua se fa'ailoga mai OpenStack:
openstack token issue -c id -f value > tokenMa fa'atasi ai ma lenei fa'ailoga fai se talosaga i le Managed Kubernetes Selectel API. k8s_id mataupu terraform:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlCupconfig e mafai foi ona maua e ala i le laulau.
laa 4. A uma ona tao le fuifui ma maua le avanoa i ai, e mafai ona tatou faʻaopopoina le yaml i luga e tofo ai.
Ou te fia faaopoopo atu:
- igoa avanoa
- vasega teuina
- faiga faavae saogalemu pod ma isi.
mo Selectel e mafai ona ave mai .
Talu mai le taimi muamua na ou filifilia ai se fuifui i le sone ru-3a, ona ou manaʻomia lea o le Vasega Teuina mai lenei sone.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: truelaa 5. Fa'apipi'i se paleni uta.
O le a matou faʻaaogaina le tulaga masani mo le tele nginx-ulufale. O loʻo i ai le tele o faʻatonuga mo le faʻapipiʻiina, o lea o le a tatou le mafaufau ai i ai.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlMatou te faʻatali mo le mauaina o se IP fafo mo le 3-4 minute:
Maua IP fafo:
laa 6. Faʻapipiʻi GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Matou te toe faʻatali mo le tulaʻi uma o pusa.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Ua tulaʻi mai fatu:
laa 7. Matou te mauaina GitLab-token.
Muamua, su'e le password login:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeSei o tatou saini ma maua se faailoga:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.iolaa 8. Aumai Git repositories i le faʻatonuga saʻo e faʻaaoga ai le Gitlab Provider.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileAe paga lea, terraform GitLab provider o loʻo i ai se faʻafefe . Ona tatau lea ona e tapeina ma le lima ia galuega fete'ena'i ina ia mafai ona toe faaleleia le tf.state. Ona toe fai lea o le poloaiga `$faia uma`
laa 9. Matou te tuʻuina atu faleoloa i le lotoifale i le 'auʻaunaga.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)Ua faia:
iʻuga
Ua matou ausia e mafai ona matou faʻatautaia mea uma mai le matou masini faʻapitonuʻu. O lea ou te manaʻo e faʻafeiloaʻi uma nei galuega ile CI ma na o le oomiina o faʻamau. Ina ia faia lenei mea, matou te manaʻomia le tuʻuina atu o matou setete faʻapitonuʻu (Terraform state) i CI. O le auala e fai ai lenei mea o loʻo i le isi vaega.
Fa'asoa i la matou ina ia aua nei misia le tatalaina o tala fou!
puna: www.habr.com