Dambudziko rekuchenesa "smart" yemifananidzo yemidziyo uye mhinduro yayo mune werf

Chinyorwa chinokurukura nezvematambudziko ekuchenesa mifananidzo inoungana mumatura emidziyo (Docker Registry nemaanalogues ayo) mune chokwadi chemazuva ano CI/CD mapaipi emakonzo ekare ekare akaunzwa kuKubernetes. Maitiro makuru ekukoshera kwemifananidzo uye matambudziko anokonzeresa mukuchenesa otomatiki, kuchengetedza nzvimbo uye kusangana nezvinodiwa zvezvikwata zvinopihwa. Chekupedzisira, tichishandisa muenzaniso weiyo Open Source purojekiti, isu tichakuudza kuti matambudziko aya anogona sei kukundwa.

Nhanganyaya

Nhamba yemifananidzo mune registry yemidziyo inogona kukura nekukurumidza, ichitora nzvimbo yakawanda yekuchengetedza uye nekudaro ichiwedzera zvakanyanya mutengo wayo. Kudzora, kudzikisira kana kuchengetedza kukura kunogamuchirika kwenzvimbo inogarwa mune registry, inogamuchirwa:

1. shandisa nhamba yakatarwa yematagi yemifananidzo;
2. chenesa mifananidzo neimwe nzira.

Muganho wekutanga dzimwe nguva unogamuchirwa kuzvikwata zvidiki. Kana vagadziri vaine akakwana ma tag echigarire (latest, main, test, boris nezvimwewo), iyo registry haizozvimba muhukuru uye kwenguva yakareba iwe haufanirwe kufunga nezvekuchenesa zvachose. Mushure mezvose, mifananidzo yose isina basa inodzimwa, uye hapana basa rasara rekuchenesa (zvose zvinoitwa nemunhu anogara achiunganidza marara).

Nekudaro, nzira iyi inodzikamisa budiriro uye haiwanzo kushanda kumapurojekiti emazuva ano eCI/CD. Chikamu chakakosha chebudiriro yaive kushandisa michina, iyo inokutendera kuti uedze, shandisa uye kuendesa mashandiro matsva kune vashandisi nekukurumidza. Semuenzaniso, mumapurojekiti edu ese, pombi yeCI inogadzirwa otomatiki nekuzvipira kwega kwega. Mariri, chifananidzo chinounganidzwa, chakaedzwa, chakatenderedzwa kune akasiyana Kubernetes maseketi ekugadzirisa uye asara macheki, uye kana zvese zvakanaka, shanduko dzinosvika kumushandisi wekupedzisira. Uye ichi hachisisiri rocket sainzi, asi chiitiko chemazuva ese kune vakawanda - zvakanyanya iwe, sezvo uri kuverenga chinyorwa ichi.

Sezvo kugadzirisa tsikidzi uye kugadzira mashandiro matsva kunoitwa nenzira yakafanana, uye kuburitswa kunogona kuitwa kakawanda pazuva, zviri pachena kuti maitiro ekuvandudza anoperekedzwa nehuwandu hwakakosha hwekuita, zvinoreva kuti. nhamba huru yemifananidzo mu registry. Somugumisiro, nyaya yekuronga kuchenesa kunobudirira kweregistry inomuka, i.e. kubvisa mifananidzo isina basa.

Asi iwe unotoziva sei kana mufananidzo wakakodzera?

Maitiro ekukoshera kwemufananidzo

Muzviitiko zvakawanda, maitiro makuru achava:

1. Yekutanga (inonyanya kujeka uye inonyanya kutsoropodza yezvose) ndiyo mifananidzo iyo parizvino inoshandiswa muKubernetes. Kubvisa mifananidzo iyi kunogona kukonzera kudhura kwekugadzira nguva yekudzikira (semuenzaniso, mifananidzo inogona kudikanwa kuti idzokorore) kana kuramba kuedza kwechikwata kugadzirisa pane chero zvishwe. (Nechikonzero ichi takatoita yakakosha Prometheus mutengesi, iyo inoteedzera kusavapo kwemifananidzo yakadaro mune chero Kubernetes cluster.)

2. Chechipiri (zvishoma zvakajeka, asiwo zvakakosha zvikuru uye zvakare zvine chokuita nekushandiswa) - mifananidzo iyo inodiwa pakudzosera kumashure kana paine matambudziko akakomba mushanduro yazvino. Semuenzaniso, munyaya yeHelm, iyi mifananidzo inoshandiswa muzvinyorwa zvakachengetwa zvekusunungurwa. (Nenzira, nekusarudzika muHelm muganho ndeye 256 kudzokorora, asi hazvigoneke kuti chero munhu anonyatsoda kuchengetedza. akadaro a nhamba huru yeshanduro?..) Mushure mezvose, isu, kunyanya, tinochengetedza shanduro kuitira kuti tigone kuzvishandisa gare gare, i.e. “dzokera shure” kwavari kana zvichidiwa.

3. Chechitatu - developer needs: Mifananidzo yese inoenderana nebasa ravo razvino. Semuenzaniso, kana isu tichifunga nezvePR, saka zvine musoro kusiya mufananidzo unoenderana nekupedzisira kuzvipira uye, toti, yakambozvipira: nenzira iyi mugadziri anogona kukurumidza kudzoka kune chero basa uye kushanda neazvino shanduko.

4. Yechina - mifananidzo iyo zvinoenderana neshanduro dzekushandisa kwedu, i.e. ndiwo chigadzirwa chekupedzisira: v1.0.0, 20.04.01/XNUMX/XNUMX, sierra, nezvimwe.

NB: Maitiro anotsanangurwa pano akagadzirwa zvichibva paruzivo rwekudyidzana nevakawanda vezvikwata zvebudiriro kubva kumakambani akasiyana. Nekudaro, hongu, zvichienderana nezvakatsanangurwa mumaitiro ekusimudzira uye zvivakwa zvinoshandiswa (semuenzaniso, Kubernetes haina kushandiswa), maitiro aya anogona kusiyana.

Kukodzera uye mhinduro dziripo

Masevhisi akakurumbira ane registries yemidziyo, sekutonga, vanopa yavo yega mifananidzo yekuchenesa marongero: mavari iwe unogona kutsanangura mamiriro ayo iyo tag inobviswa kubva kurejista. Nekudaro, aya mamiriro anoganhurirwa nemaparamita akadai semazita, nguva yekugadzira, uye nhamba yema tag*.

* Zvinobva pane chaiyo mudziyo registry kuita. Takafunga nezvemikana yemhinduro dzinotevera: Azure CR, Docker Hub, ECR, GCR, GitHub Packages, GitLab Container Registry, Harbour Registry, JFrog Artifactory, Quay.io - kubva munaGunyana'2020.

Iyi seti yemaparamendi yakakwana zvakakwana kugutsa chiyero chechina - ndiko kuti, kusarudza mifananidzo inoenderana neshanduro. Nekudaro, kune mamwe ese maitiro, munhu anofanirwa kusarudza imwe mhando yemhinduro yekukanganisika (yakaoma kana, neimwe nzira, yakawedzera kureruka mutemo) - zvichienderana netarisiro uye kugona kwemari.

Semuyenzaniso, chiyero chechitatu - chine chekuita nezvinodiwa nevagadziri - chinogona kugadziriswa nekuronga maitiro mukati mezvikwata: kudoma mazita emifananidzo, kuchengetedza zvakakosha bvumidza zvinyorwa uye zvibvumirano zvemukati. Asi pakupedzisira ichiri kuda kuve otomatiki. Uye kana zvikwanisiro zvezvigadziriso zvakagadzirirwa hazvina kukwana, iwe unofanirwa kuita chimwe chinhu chako pachako.

Mamiriro ezvinhu ane maviri ekutanga maitiro akafanana: havagone kugutsikana pasina kugamuchira data kubva kune yekunze sisitimu - iyo inotumirwa zvikumbiro (munyaya yedu, Kubernetes).

Mufananidzo wekufambiswa kwebasa muGit

Ngatiti uri kushanda seizvi muGit:

Iyo icon ine musoro mudhayagiramu inoratidza midziyo yemidziyo iyo ikozvino yakaiswa muKubernetes kune chero vashandisi (vashandisi vekupedzisira, vanoedza, mamaneja, nezvimwewo) kana inoshandiswa nevagadziri pakugadzirisa uye zvinangwa zvakafanana.

Chii chinoitika kana mitemo yekuchenesa ichingobvumira mifananidzo kuchengetwa (kwete kubviswa) nemazita ema tag?

Zviri pachena kuti chiitiko chakadaro hachizofadzi munhu.

Chii chichachinja kana mitemo ichibvumira kuti mifananidzo isadzime? zvinoenderana nenguva yakapihwa nguva / nhamba yekupedzisira kuita?

Chigumisiro chave chiri nani zvikuru, asi chichiri kure nekunaka. Mushure mezvose, tichine vanogadzira vanoda mifananidzo muregistry (kana kutoiswa muK8s) kugadzirisa tsikidzi ...

Kupfupisa mamiriro azvino emusika: mabasa anowanikwa muzvinyorwa zvemidziyo haapi kuchinjika kwakakwana kana uchichenesa, uye chikonzero chikuru cheizvi. hapana nzira yekudyidzana nenyika yekunze. Zvinoitika kuti zvikwata zvinoda kuchinjika zvakadaro zvinomanikidzwa kuita zvakasununguka kudzima mufananidzo "kubva kunze", uchishandisa iyo Docker Registry API (kana iyo yekuzvarwa API yeinoenderana kuita).

Nekudaro, isu taitsvaga mhinduro yepasirese iyo yaizoita otomatiki kucheneswa kwemifananidzo kuzvikwata zvakasiyana vachishandisa maregistries akasiyana...

Nzira yedu yekuchenesa mifananidzo yepasirese

Kudiwa uku kunobva kupi? Icho chokwadi ndechekuti isu hatisi boka rakasiyana revagadziri, asi timu inoshandira vazhinji vavo kamwechete, ichibatsira kugadzirisa zvizere nyaya dzeCI/CD. Uye iyo huru tekinoroji chishandiso cheichi ndiyo Open Source utility werf. Hunhu hwayo ndehwekuti haiite basa rimwechete, asi rinoperekedza kuenderera mberi kwekuendesa maitiro pamatanho ese: kubva pagungano kuenda kune kutumirwa.

Kutsikisa mifananidzo kune registry* (pakarepo mushure mekunge yavakwa) ibasa riri pachena rekushandisa kwakadaro. Uye sezvo iyo mifananidzo yakaiswa ipapo kuti ichengetedzwe, saka - kana chengetedzo yako isina muganho - iwe unofanirwa kuve nemutoro wekucheneswa kwavo kunotevera. Kuti takabudirira sei mune izvi, tichigutsa zvese zvakatarwa, zvichakurukurwa zvakare.

* Kunyangwe maregistries pachawo angave akasiyana (Docker Registry, GitLab Container Registry, Harbour, nezvimwewo), vashandisi vawo vanotarisana nematambudziko mamwe chete. Mhinduro yepasirese munyaya yedu haibvi pakushandiswa kweregistry, nekuti inomhanya kunze kwemaregistries pachayo uye inopa maitiro akafanana kune wese munhu.

Kunyangwe isu tiri kushandisa werf semuenzaniso wekuita, isu tinovimba kuti nzira dzinoshandiswa dzichabatsira kune zvimwe zvikwata zvakatarisana nematambudziko akafanana.

Saka takapinda busy external kushandiswa kwechigadziriso chekuchenesa mifananidzo - pachinzvimbo cheaya masimba ayo akatovakwa muzvinyorwa zvemidziyo. Danho rekutanga raive rekushandisa iyo Docker Registry API kugadzira iwo ekare marongero ehuwandu hwemategi uye nguva yekusikwa kwavo (yataurwa pamusoro). Vakawedzerwa kwavari bvumira runyorwa rwakavakirwa pamifananidzo yakashandiswa mune zvakaiswa zvivakwa, i.e. Kubernetes. Kune yekupedzisira, zvaive zvakakwana kushandisa iyo Kubernetes API kudzokorora kuburikidza nezvose zvakaiswa zviwanikwa uye kuwana runyorwa rwezvakakosha. image.

Iyi mhinduro isingakoshi yakagadzirisa dambudziko rinonyanya kukosha (chirevo Nha. 1), asi yaingova kutanga kwerwendo rwedu rwekuvandudza nzira yekuchenesa. Iyo inotevera - uye yakawanda inonakidza - nhanho yaive sarudzo batanidza mifananidzo yakaburitswa neGit nhoroondo.

Tagging zvirongwa

Kutanga, takasarudza nzira iyo mufananidzo wekupedzisira unofanirwa kuchengetedza ruzivo rwakakosha rwekuchenesa, uye kuvaka maitiro pazvirongwa zvekumaka. Pakuburitsa mufananidzo, mushandisi anosarudza imwe yekumaka sarudzo (git-branch, git-commit kana git-tag) uye akashandisa kukosha kunoenderana. Mune maCI masisitimu, aya hunhu akaiswa otomatiki zvichienderana nemamiriro ekunze. Saizvozvo mufananidzo wekupedzisira waisanganiswa neiyo Git yekutanga, kuchengetedza data inodiwa yekuchenesa mumalebula.

Iyi nzira yakakonzera seti yemitemo yakabvumira Git kushandiswa seyo chete sosi yechokwadi:

• Pakubvisa bazi / tag muGit, mifananidzo yakabatana mune registry yakadzimwa otomatiki.
• Huwandu hwemifananidzo yakabatana neGit tags uye kuzvipira inogona kudzorwa nenhamba yemategi anoshandiswa mune yakasarudzwa schema uye nguva iyo yakabatana kuzvipira yakagadzirwa.

Pakazara, kuita kwakazoitwa kwakagutsa zvatinoda, asi dambudziko idzva rakakurumidza kutimirira. Icho chokwadi ndechekuti tichishandisa tagging zvirongwa zvinoenderana neGit primitives, takasangana nehuwandu hwekukanganisa. (Sezvo tsananguro yavo iri pamusoro pechikamu chechinyorwa chino, munhu wese anogona kujairana neruzivo pano.) Naizvozvo, tafunga kuchinjika kune imwe nzira inoshanda yekumaka (content-based tagging), taifanira kufunga zvakare kuita kwekuchenesa mifananidzo.

New algorithm

Sei? Iine zvemukati-based tagging, yega teki inogona kugutsa akawanda maiti muGit. Paunenge uchichenesa mifananidzo, hauchakwanisi kufungidzira chete kubva pakuita uko iyo tag nyowani yakawedzerwa kune registry.

Kune iyo nyowani yekuchenesa algorithm, zvakasarudzwa kuti zvibve kubva pamakaki zvirongwa uye kuvaka meta-mufananidzo maitiro, imwe neimwe inochengeta boka re:

• chibvumirano chakaitwa kuburitswa (hazvina basa kuti mufananidzo wacho wakawedzerwa, wakashandurwa kana kuramba wakafanana muregistry yemidziyo);
• uye chiziviso chedu chemukati chinoenderana nemufananidzo wakaunganidzwa.

Nemamwe mashoko, yakapiwa kubatanidza ma tag akadhindwa pamwe nekuita muGit.

Kugadziriswa kwekupedzisira uye general algorithm

Paunenge uchigadzira kuchenesa, vashandisi vava kuwana marongero anosarudza mifananidzo iripo. Imwe neimwe mutemo wakadaro unotsanangurwa:

• zvinyorwa zvakawanda, i.e. Git tags kana Git matavi anoshandiswa panguva yekuongorora;
• uye muganho wemifananidzo yakatsvaga yereferensi yega yega kubva pane seti.

Kuenzanisira, izvi ndizvo zvakatanga kutaridzika sekumisikidzwa kwepolicy:

cleanup:
  keepPolicies:
  - references:
      tag: /.*/
      limit:
        last: 10
  - references:
      branch: /.*/
      limit:
        last: 10
        in: 168h
        operator: And
    imagesPerReference:
      last: 2
      in: 168h
      operator: And
  - references:  
      branch: /^(main|staging|production)$/
    imagesPerReference:
      last: 10

Iyi gadziriso ine matatu marongero anoenderana nemitemo inotevera:

1. Sevha iyo mufananidzo wegumi ekupedzisira maGit tag (nemazuva ekugadzira tag).
2. Chengetedza zvisingapfuure 2 mifananidzo yakaburitswa muvhiki rapfuura isingapfuure gumi shinda ine chiitiko musvondo rapfuura.
3. Sevha mifananidzo gumi yemapazi main, staging и production.

Iyo yekupedzisira algorithm inodzika kusvika kune anotevera matanho:

• Kutora zviratidziro kubva mumudziyo wekunyoresa.
• Kusasanganisa mifananidzo inoshandiswa muKubernetes, nekuti Isu takatovasarudza kare nekuvhota iyo K8s API.
• Kuongorora nhoroondo yeGit uye kusasanganisa mifananidzo kubva pane yakatarwa marongero.
• Kubvisa mifananidzo yasara.

Tichidzokera kumufananidzo wedu, izvi ndizvo zvinoitika ne werf:

Nekudaro, kunyangwe ukasashandisa werf, nzira yakafanana yekuchenesa mufananidzo wepamberi - mune imwe kuita kana imwe (maererano nemaitiro akasarudzika ekumaka mufananidzo) - inogona kushandiswa kune mamwe masisitimu / zvishandiso. Kuti uite izvi, zvakakwana kuti uyeuke matambudziko anomuka uye uwane iwo mikana mune yako stack iyo inokubvumira kuti ubatanidze mhinduro yavo zvakanaka sezvinobvira. Tinovimba kuti nzira yatakafamba ichakubatsira iwe kutarisa nyaya yako neruzivo rutsva uye pfungwa.

mhedziso

• Nenguva isipi, zvikwata zvakawanda zvinosangana nedambudziko reregistry kufashukira.
• Paunenge uchitsvaga mhinduro, zvinotanga kudikanwa kuti uone maitiro ekukosha kwemufananidzo.
• Zvishandiso zvinopihwa neyakakurumbira midziyo yekunyoresa masevhisi zvinokutendera kuti uronge yakapusa kuchenesa iyo isingafungi nezve "nyika yekunze": iyo mifananidzo inoshandiswa muKubernetes uye zvinotaridzika zvechikwata chekufamba kwebasa.
• Iyo inoshanduka uye inoshanda algorithm inofanirwa kuve nekunzwisisa kweCI / CD maitiro uye kushanda kwete chete neDocker mufananidzo data.

PS

Verenga zvakare pablog yedu:

• «Zvemukati-based tagging mune werf muunganidzi: nei uye inoshanda sei?";
• «3-nzira yekubatanidza kune werf: kuendeswa kuKubernetes neHelm "pane steroids"";
• «Tsigiro ye monorepo uye multirepo mu werf uye iyo Docker Registry ine chekuita nazvo";
• «werf 1.1 kuburitswa: kuvandudzwa kune muvaki nhasi uye zvirongwa zveramangwana".

Source: www.habr.com