3-nzira yekubatanidza kune werf: kuendeswa kuKubernetes neHelm "pane steroids"

Zvatave takamirira (uye kwete isu chete) kwenguva yakareba zvakaitika: werf, yedu Open Source utility yekuvaka zvikumbiro uye kuendesa kuKubernetes, ikozvino inotsigira kushandisa shanduko uchishandisa 3-nzira yekubatanidza zvigamba! Pamusoro peizvi, zvinokwanisika kutora zviwanikwa zveK8s zviripo muHelm inoburitswa pasina kuvakazve zviwanikwa izvi.

Kana iri pfupi kwazvo, saka tinoisa WERF_THREE_WAY_MERGE=enabled - tinowana kutumirwa "sekuna mukati kubectl apply", inoenderana neiyo iripo Helm 2 kumisikidzwa uye kunyange zvishoma.

Asi ngatitangei nedzidziso: chii chaizvo chiri matatu-nzira-kubatanidza zvigamba, vanhu vakauya sei nemaitiro ekuagadzira, uye nei zvakakosha muCI/CD maitiro ane Kubernetes-based infrastructure? Uye mushure meizvozvo, ngationei kuti 3-way-merge iri muwerf, ndeapi mamodhi anoshandiswa nekusarudzika uye maitiro ekuzvibata.

Chii chinonzi 3-way-merge patch?

Saka, ngatitange nebasa rekuburitsa zviwanikwa zvinotsanangurwa muYAML zvinoratidza muKubernetes.

Kushanda nezviwanikwa, iyo Kubernetes API inopa anotevera ekutanga mashandiro: kugadzira, chigamba, kutsiva uye kudzima. Zvinofungidzirwa kuti nerubatsiro rwavo zvinodikanwa kuvaka yakaringana inoenderera kuburitsa zviwanikwa kune cluster. Sei?

kubectl imperative commands

Nzira yekutanga yekugadzirisa zvinhu muKubernetes ndeyekushandisa kubectl mirairo yekugadzira, kugadzirisa, uye kudzima izvo zvinhu. Zviri nyore:

• team kubectl run unogona kumhanya Deployment kana Job:

  kubectl run --generator=deployment/apps.v1 DEPLOYMENT_NAME --image=IMAGE

• team kubectl scale - shandura nhamba ye replicas:

  kubectl scale --replicas=3 deployment/mysql

• uye zvakadaro.

Iyi nzira ingaita seyakanaka pakutanga kuiona. Zvisinei, pane matambudziko:

1. Zvakaoma chinja.
2. sei ratidza configuration muGit? Nzira yekuongorora sei shanduko dziri kuitika kune cluster?
3. Kupa sei reproducibility zvigadziriso pakutangazve?
4. ...

Zviripachena kuti nzira iyi haienderane zvakanaka nekuchengetedza application uye zvivakwa sekodhi (IaC; kana kunyange GitOps seimwe yazvino sarudzo, kuwana mukurumbira muKubernetes ecosystem). Naizvozvo, iyi mirairo haina kugamuchira imwe budiriro mukubectl.

Gadzira, tora, tsiva uye udzime mashandiro

Nepuraimari kusikwa zviri nyore: tumira manifest kune kushanda create kube api uye sosi yagadzirwa. Iyo YAML inomiririra yekuratidzira inogona kuchengetwa muGit uye yakagadzirwa uchishandisa murairo kubectl create -f manifest.yaml.

С kubvisa zvakare nyore: kutsiva zvakafanana manifest.yaml kubva kuGit kuenda kuchikwata kubectl delete -f manifest.yaml.

Kushanda replace inobvumidza iwe kutsiva zvachose iyo sosi yekumisikidza neitsva, pasina kudzoreredza sosi. Izvi zvinoreva kuti usati waita shanduko kune sosi, zvine musoro kubvunza iyo yazvino vhezheni nekushanda get, chinja uye uvandudze nekushanda replace. kube apiserver inovakwa mukati kukiya kwetarisiro uye, kana mushure mekuvhiyiwa get chinhu chachinja, ipapo oparesheni replace hazvishande.

Kuti uchengetedze kurongeka muGit uye kuigadzirisa uchishandisa kutsiva, unofanirwa kuita oparesheni get, batanidza iyo config kubva kuGit nezvatakagamuchira, uye ita replace. Nekumisikidza, kubectl inongobvumidza iwe kushandisa rairo kubectl replace -f manifest.yamlkupi manifest.yaml - yakatogadzirirwa zvizere (munyaya yedu, yakabatanidzwa) inoratidza inoda kuiswa. Zvinoitika kuti mushandisi anofanirwa kuita merge manifests, uye iyi haisi nyaya diki...

Zvakakoshawo kuziva kuti kunyange zvakadaro manifest.yaml uye yakachengetwa muGit, hatigone kuziva pachine nguva kana zvakakosha kugadzira chinhu kana kuchivandudza - izvi zvinofanirwa kuitwa nemushandisi software.

Zvose: tinokwanisa here kuvaka kuburitswa kunoenderera Kungoshandisa kugadzira, kutsiva uye kudzima, kuve nechokwadi chekuti gadziriso yezvivakwa inochengetwa muGit pamwe nekodhi uye iri nyore CI / CD?

Muchirevo, tinogona ... Nokuda kweizvi iwe unozofanirwa kuita iyo yekubatanidza oparesheni Manifestos uye imwe mhando yekusunga iyo:

• inotarisa kuvapo kwechinhu musumbu,
• inoita yekutanga kugadzira zviwanikwa,
• inovandudza kana kuidzima.

Kana uchigadziridza, ndapota cherechedza izvozvo resource inogona kunge yachinja kubva pakupedzisira get uye gadzirisa otomatiki nyaya yekukiyiwa kwetarisiro - ita kudzokorora kuedza.

Nekudaro, nei kudzoreredza vhiri kana kube-apiserver ichipa imwe nzira yekuvandudza zviwanikwa: iko kushanda patch, iyo inosunungura mushandisi wezvimwe zvezvinetso zvinorondedzerwa?

chigamba

Iye zvino tasvika kune zvigamba.

Mapeche ndiyo nzira yekutanga yekushandisa shanduko kune zviripo zvinhu muKubernetes. Operation patch inoshanda seizvi:

• mushandisi wekube-apiserver anoda kutumira chigamba muJSON fomu uye tsanangura chinhu,
• uye apiserver pachayo inobata nemamiriro ezvinhu ezvino echinhu uye kuiunza kune fomu inodiwa.

Optimistic locking haidiwi munyaya iyi. Kuvhiya uku kunozivisa kupfuura kutsiva, kunyangwe pakutanga zvingaite seimwe nzira.

Nokudaro:

• kushandisa oparesheni create isu tinogadzira chinhu zvinoenderana nekuratidzwa kubva kuGit,
• nerubatsiro delete - bvisa kana chinhu chisisadiwe,
• nerubatsiro patch - tinoshandura chinhu, tichichiunza kune fomu inotsanangurwa muGit.

Nekudaro, kuti uite izvi, unofanirwa kugadzira chigamba chakarurama!

Mashandiro anoita zvigamba muHelm 2: 2-nzira-kubatanidza

Paunotanga kuisa kuburitswa, Helm inoita oparesheni create zvechati zviwanikwa.

Kana uchigadziridza kuburitswa kweHelm kune yega yega sosi:

• inotarisa chigamba pakati pechishandiso vhezheni kubva kune yapfuura chati uye yazvino chart version,
• inoshandisa chigamba ichi.

Tichadaidza chigamba ichi 2-nzira yekubatanidza chigamba, nekuti 2 manifestos inobatanidzwa mukusikwa kwayo:

• resource inoratidza kubva mukuburitswa kwapfuura,
• resource inoratidza kubva kune yazvino sosi.

Pakubvisa kushanda delete mu kube apiserver inodaidzwa zviwanikwa zvakaziviswa mukuburitswa kwekutanga, asi zvisina kuziviswa mune yazvino.

Iyo 2 nzira yekubatanidza chigamba nzira ine dambudziko: inotungamira kune kunze kwekuenderana neiyo chaiyo mamiriro eiyo sosi musumbu uye manifest muGit.

Mufananidzo wedambudziko nemuenzaniso

• MuGit, chati inochengetedza kuratidza mune iyo munda image Deployment nyaya ubuntu:18.04.
• Mushandisi kuburikidza kubectl edit yakachinja kukosha kwendima iyi kuti ubuntu:19.04.
• Paunenge uchiisa zvakare iyo Helm chati haigadziri chigamba, nokuti munda image mune yakapfuura vhezheni yekuburitswa uye mune yazvino chati yakafanana.
• Mushure mekutumirwazve image masaridzwa ubuntu:19.04, kunyange zvazvo chati ichiti ubuntu:18.04.

Isu tine desynchronization uye takarasa declarativeness.

Chii chinonzi synchronized resource?

Kazhinji kutaura полное Izvo hazvigoneke kuwana mutambo pakati peiyo sosi inoratidzirwa mune inomhanya cluster uye manifest kubva kuGit. Nekuti muchiratidzo chaicho panogona kunge paine masevhisi / zvinyorwa, mamwe midziyo uye imwe data inowedzerwa nekubviswa kubva kune sosi zvine simba nevamwe vatongi. Hatigone uye hatidi kuchengeta iyi data muGit. Nekudaro, isu tinoda kuti minda yatakanyatso tsanangura muGit itore pane akakodzera kukosha pakuburitswa.

Zvinobva zvanyanya synchronized resource mutemo: kana uchiburitsa sosi, unogona kushandura kana kudzima minda chete idzo dzakanyatsotsanangurwa mumanifest kubva kuGit (kana dzakatsanangurwa mushanduro yapfuura uye dzadzimwa).

3-nzira yekubatanidza chigamba

Pfungwa huru 3-nzira yekubatanidza chigamba: isu tinogadzira chigamba pakati pekupedzisira kushandiswa vhezheni yemanifesiti kubva kuGit uye yakananga vhezheni yemanifesiti kubva kuGit, tichifunga nezve yazvino vhezheni yemanifesiti kubva kuboka rinomhanya. Chigamba chinobuda chinofanira kuenderana neyakawiriraniswa resource mutemo:

• minda mitsva yakawedzerwa kune yakanangwa vhezheni inowedzerwa uchishandisa chigamba;
• minda yaimbovepo mune yekupedzisira yakashandiswa vhezheni uye isiripo mune yakananga vhezheni inoiswa patsva uchishandisa chigamba;
• minda mune yazvino vhezheni yechinhu chakasiyana kubva kune yakananga vhezheni yemanifesiti inovandudzwa pachishandiswa chigamba.

Iri pamusimboti uyu kuti inogadzira zvigamba kubectl apply:

• iyo yekupedzisira yakashandiswa vhezheni yemanifesiti inochengetwa mune chirevo chechinhu chacho,
• chinangwa - chakatorwa kubva kune yakatsanangurwa YAML faira,
• yazvino iri kubva kuboka rinomhanya.

Zvino zvatagadzirisa dzidziso, yave nguva yekukuudza zvatakaita muwerf.

Kushandisa shanduko kune werf

Pakutanga, werf, senge Helm 2, yakashandisa 2-nzira-kubatanidza zvigamba.

Gadzirisa chigamba

Kuti uchinje kune rudzi rutsva rwezvigamba - 3-nzira-kubatanidza - danho rekutanga isu takaunza inonzi inonzi. kugadzirisa zvigamba.

Kana uchitumira, yakajairwa 2-nzira-merge chigamba inoshandiswa, asi werf inowedzerawo chigamba chinoyananisa mamiriro chaiwo echishandiso nezvakanyorwa muGit (chigamba chakadaro chinogadzirwa uchishandisa iwo akafanana akawiriraniswa sosi mutemo watsanangurwa pamusoro) .

Kana desynchronization ikaitika, pakupera kwekutumirwa mushandisi anogamuchira YAMBIRO ine meseji inoenderana uye chigamba chinofanira kushandiswa kuunza sosi kune yakawiriraniswa fomu. Ichi chigamba zvakarekodhwa mune yakakosha rondedzero werf.io/repair-patch. Zvinofungidzirwa kuti mushandisi maoko сам ichashandisa chigamba ichi: werf haizoishandise zvachose.

Kugadzira zvigamba zvekugadzirisa chiyero chenguva pfupi chinokutendera kuti unyatso kuyedza kusikwa kwezvigamba zvinoenderana neiyo 3-nzira-yekubatanidza musimboti, asi usazvishandise wega zvigamba izvi. Parizvino, iyi modhi yekushandisa inogoneswa neiyo default.

3-nzira-merge chigamba chete kune zvitsva zvinoburitswa

Kutanga Zvita 1, 2019, beta uye alpha shanduro dze werf dzinotanga by default shandisa yakazara-yakazara 3-nzira-kubatanidza zvigamba kushandisa shanduko chete kune nyowani Helm inoburitswa yakatenderedzwa kuburikidza ne werf. Kuburitswa kuripo kuchaenderera mberi nekushandisa iyo 2-way-merge + kugadzirisa zvigamba.

Iyi modhi yekushandisa inogona kugoneswa zvakajeka nekuseta WERF_THREE_WAY_MERGE_MODE=onlyNewReleases ikozvino.

taura pfungwa: iyo ficha yakaonekwa mune werf pamusoro akati wandei kuburitswa: mu alpha chiteshi yakagadzirira neshanduro v1.0.5-alpha.19, uye muchiteshi chebeta - ne v1.0.4-beta.20.

3-nzira-kubatanidza chigamba kune zvese zvinoburitswa

Kutanga Zvita 15, 2019, beta uye alpha vhezheni dzewerf dzinotanga kushandisa yakazara 3-nzira-kubatanidza zvigamba nekukasira kuisa shanduko kune zvese zvinoburitswa.

Iyi modhi yekushandisa inogona kugoneswa zvakajeka nekuseta WERF_THREE_WAY_MERGE_MODE=enabled ikozvino.

Chii chekuita neresource autoscaling?

Kune mhando mbiri dzeautoscaling muKubernetes: HPA (yakatwasuka) uye VPA (yakatwasuka).

Horizontal inosarudza otomatiki nhamba yezvinyorwa, vertical - nhamba yezviwanikwa. Dzese huwandu hwezvakadzokororwa uye zvinodiwa zvekushandisa zvinotsanangurwa mune resource manifest (ona Resource Manifest). spec.replicas kana spec.containers[].resources.limits.cpu, spec.containers[].resources.limits.memory и другие).

Dambudziko: kana mushandisi akagadzirisa sosi muchati kuitira kuti itaure humwe hunhu hwezviwanikwa kana replicas uye autoscalers inogoneswa kune iyi sosi, ipapo nechero deployment werf inogadzirisa izvi kukosha kune izvo zvakanyorwa muchati manifest. .

Pane mhinduro mbiri kudambudziko. Kutanga, zvakanakisa kudzivirira kutsanangura zvakajeka maitiro eautoscaled muchati manifest. Kana iyi sarudzo isina kukodzera kune chimwe chikonzero (semuenzaniso, nekuti zviri nyore kuseta yekutanga zviwanikwa zviganho uye nhamba yezvakadzokororwa muchati), ipapo werf inopa anotevera zvirevo:

• werf.io/set-replicas-only-on-creation=true
• werf.io/set-resources-only-on-creation=true

Kana chirevo chakadaro chiripo, werf haizogadzirise hutsika hunoenderana pane imwe neimwe yekutumirwa, asi inongozvimisa kana sosi yagadzirwa.

Kuti uwane rumwe ruzivo, ona zvinyorwa zveprojekiti zve HPA и VPA.

Rambidza kushandiswa kwe3-way-merge patch

Mushandisi parizvino anogona kurambidza kushandiswa kwezvigamba zvitsva muwerf uchishandisa shanduko yenharaunda WERF_THREE_WAY_MERGE_MODE=disabled. Zvisinei, kutanga Kubva munaKurume 1, 2020, kurambidzwa uku hakuchashande. uye zvinongogoneka kushandisa 3-nzira-kubatanidza zvigamba.

Kugamuchirwa kwezviwanikwa mu werf

Kuziva nzira yekushandisa shanduko ne 3-way-merge patches kwakatibvumira kuti tiite nekukurumidza kuita senge kutora zviwanikwa zviripo musumbu mukuburitswa kweHelm.

Helm 2 ine dambudziko: haugone kuwedzera sosi kune maratidziro echati atovepo musumbu pasina kudzoreredza sosi iyi kubva kutanga (ona. #6031, #3275) Takadzidzisa werf kugamuchira zviwanikwa kuti zviburitswe. Kuti uite izvi, unofanirwa kuisa annotation pane yazvino vhezheni yechishandiso kubva kune inomhanya cluster (semuenzaniso, kushandisa. kubectl edit):

"werf.io/allow-adoption-by-release": RELEASE_NAME

Ikozvino zviwanikwa zvinoda kutsanangurwa muchati uye nguva inotevera werf painoburitsa kuburitswa ine zita rakakodzera, iyo iripo sosi inogamuchirwa mukuburitswa uku uye irambe iri pasi pesimba rayo. Zvakare, mukugamuchira sosi kuti isunungurwe, werf ichaunza mamiriro azvino echishandiso kubva kuboka rinomhanya kuenda kudunhu rinotsanangurwa muchati, uchishandisa zvakafanana 3-nzira-kubatanidza zvigamba uye yakawiriraniswa resource mutemo.

taura pfungwa: kuisa WERF_THREE_WAY_MERGE_MODE haikanganisi kutorwa kwezviwanikwa - kana iri nyaya yekugamuchirwa, 3-nzira-merge patch inogara ichishandiswa.

Details - in zvinyorwa.

Mhedziso nezvirongwa zveramangwana

Ndinovimba kuti mushure meichi chinyorwa zvave pachena kuti ndezvipi 3-nzira-kubatanidza zvigamba uye nei vakauya kwavari. Kubva pamaonero anoshanda ekuvandudzwa kweprojekti yewerf, kuita kwavo yaive imwe nhanho yekuvandudza iyo Helm-yakafanana nekutumirwa. Iye zvino unogona kukanganwa nezvematambudziko nekugadzirisa kuwiriranisa, iyo yaiwanzomuka kana uchishandisa Helm 2. Panguva imwecheteyo, chinhu chitsva chinobatsira chekutora yakatodhawunirwa Kubernetes zviwanikwa zvakawedzerwa kuHelm kuburitswa.

Pachine dzimwe nyaya uye matambudziko ane Helm-akafanana deployments, akadai kushandisa Go templates, kuti ticharamba kugadzirisa.

Ruzivo nezve nzira dzekuvandudza zviwanikwa uye kugamuchirwa zvinogona kuwanikwawo pa peji ino yezvinyorwa.

Helm 3

Yakakodzera kucherechedzwa kusunungurwa rimwe zuva vhezheni huru yeHelm - v3 - iyo inoshandisawo 3-nzira-kubatanidza zvigamba uye inobvisa Tiller. Iyo itsva vhezheni yeHelm inoda kutama zvigadziriso zviripo kuti zvishandure kuita iyo nyowani yekuburitsa yekuchengetedza fomati.

Werf, kune chikamu chayo, parizvino yabvisa kushandisa Tiller, yakachinjirwa ku3-nzira-kubatanidza uye yakawedzerwa. zvakawanda, ichiri kuenderana neiyo iripo Helm 2 kumisikidzwa (hapana magwaro ekufambisa anoda kuurayiwa). Naizvozvo, kudzamara werf achinja kuHelm 3, vashandisi ve werf havarasikirwe nemabhenefiti makuru eHelm 3 pamusoro peHelm 2 (werf zvakare inavo).

Nekudaro, switch ye werf kuenda kuHelm 3 codebase haidzivisike uye ichaitika munguva pfupi iri kutevera. Zvichida iyi ichave werf 1.1 kana werf 1.2 (parizvino, iyo huru vhezheni yewerf ndeye 1.0; kuti uwane rumwe ruzivo nezve werf vhezheni mudziyo, ona pano) Munguva ino, Helm 3 ichave nenguva yekudzikama.

PS

Verenga zvakare pablog yedu:

• Nhepfenyuro yezvinyorwa pamusoro pezvinhu zvitsva mu werf:
  • «Kushandisa werf kuburitsa machati eHelm akaomarara";
  • «Tsigiro ye monorepo uye multirepo mu werf uye iyo Docker Registry ine chekuita nazvo";
  • «Iwe unogona ikozvino kuvaka Docker mifananidzo mune werf uchishandisa yakajairwa Dockerfile".
• «werf - chishandiso chedu cheCI / CD muKubernetes (muongorori uye mushumo wevhidhiyo)";
• «Kuvaka uye kutumira ma microservices akafanana ne werf uye GitLab CI";
• «Kusuma Helm 3".

Source: www.habr.com