Nhasi tichataura nezve misimboti uye mhando dzeGitOps, pamwe nemashandisirwo emhando idzi papuratifomu yeOpenShift. Gwaro rinopindirana panyaya iyi rinowanikwa .
Muchidimbu, GitOps seti yemaitiro ekushandisa Git kudhonza zvikumbiro kubata zvivakwa uye mashandisirwo ekushandisa. Iyo Git repository muGitOps inobatwa senge sosi yeruzivo nezve mamiriro eiyo sisitimu, uye chero shanduko kune ino nyika inoteedzerwa zvizere uye inoongororwa.
Iyo pfungwa yekuchinja yekutevera muGitOps haisi nyowani; nzira iyi yagara ichishandiswa kunenge pasirese kana uchishanda nekodhi yekushandisa sosi. GitOps inongoshandisa maficha akafanana (wongororo, kudhonza zvikumbiro, ma tag, nezvimwewo) mune zvivakwa uye mashandisirwo ekugadzirisa manejimendi uye inopa mabhenefiti akafanana neaya ekwakabva kodhi manejimendi.
Iko hakuna tsananguro yedzidzo kana seti yakatenderwa yemitemo yeGitOps, chete seti yemisimboti pakavakirwa tsika iyi:
- Rondedzero yekuzivisa yehurongwa inochengetwa muGit repository (configs, monitoring, etc.).
- Shanduko dzehurumende dzinoitwa kuburikidza nekudhonza zvikumbiro.
- Mamiriro ekumhanya masisitimu anounzwa mukuwirirana nedata riri mune repository uchishandisa Git push zvikumbiro.
GitOps Mitemo
- Tsanangudzo dzeSistimu dzinotsanangurwa sekodhi kodhi
Kugadziriswa kweSystem inobatwa sekodhi saka inogona kuchengetwa uye kushandurwa otomatiki muGit repository, iyo inoshanda sechinhu chimwe chete chechokwadi. Iyi nzira inoita kuti zvive nyore kuburitsa uye kudzoreredza shanduko mumasystem.
- Iyo inodiwa mamiriro uye kumisikidzwa kwemasisitimu akaiswa uye akashandurwa muGit
Nekuchengeta uye nekushandura mamiriro anodiwa ehurongwa muGit, isu tinokwanisa kuburitsa zviri nyore uye kudzosera kumashure shanduko kumasystem uye maapplication. Tinogona zvakare kushandisa nzira dzekuchengetedza dzeGit kudzora muridzi wekodhi uye kuona kuti ndeyechokwadi.
- Shanduko dzekugadzirisa dzinogona kuiswa otomatiki kuburikidza nekudhonza zvikumbiro
Tichishandisa zvikumbiro zvekudhonza zveGit, tinogona kudzora zviri nyore kuti shanduko dzinoshandiswa sei kune zvigadziriso munzvimbo inochengeterwa. Semuenzaniso, vanogona kupihwa kune dzimwe nhengo dzechikwata kuti dziongororwe kana kumhanya kuburikidza neCI bvunzo, nezvimwe.
Uye panguva imwecheteyo, hapana chikonzero chekugovera masimba e admin kuruboshwe uye kurudyi. Kuita shanduko yekumisikidza, vashandisi vanongoda mvumo yakakodzera muGit repository panochengetwa izvo zvigadziriso.
- Kugadzirisa dambudziko rekusadzora kudonha kwezvigadziriso
Kana iyo yaidiwa mamiriro ehurongwa yachengetwa muGit repository, chatinofanira kuita kutsvaga software inova nechokwadi chekuti mamiriro azvino ehurongwa anoenderana neyaanoda. Kana zvisiri izvo, saka software iyi inofanirwa - zvichienderana nezvirongwa - ingabvisa mutsauko pachayo, kana kutizivisa nezve dhizaini yekudhirowa.
GitOps Models yeOpenShift
On-Cluster Resource Reconciler
Zvinoenderana nemuenzaniso uyu, cluster ine mutongi ane basa rekuenzanisa Kubernetes zviwanikwa (YAML mafaera) muGit repository nezviwanikwa zvecluster. Kana kusawirirana kukaonekwa, mutongi anotumira zviziviso uye pamwe anotora matanho kugadzirisa kusawirirana. Iyi GitOps modhi inoshandiswa muAnthos Config Management uye Weaveworks Flux.
Yekunze Resource Reconciler (Push)
Iyi modhi inogona kutariswa seyakasiyana yeyapfuura, kana isu tine mutongi mumwe kana anopfuura ane basa rekubatanidza zviwanikwa mu "Git repository - Kubernetes cluster" pairi. Musiyano uri pano ndewekuti sumbu rega rega rinotarisirwa harifanire kunge riine raro rakasiyana controller. Git - k8s zvikwata zviviri zviviri zvinowanzotsanangurwa seCRDs (tsika resource tsananguro), iyo inogona kutsanangura kuti mutongi anofanira kuita sei kuwiriranisa. Mukati memuenzaniso uyu, vatongi vanofananidza Git repository inotsanangurwa muCRD neKubernetes cluster resources, iyo inotsanangurwawo muCRD, uye kuita zviito zvakakodzera zvichienderana nemigumisiro yekuenzanisa. Kunyanya, iyi GitOps modhi inoshandiswa muArgoCD.
GitOps pane OpenShift papuratifomu
Kutonga kweakawanda-masumbu Kubernetes zvivakwa
Nekupararira kweKubernetes uye mukurumbira uri kukura weakawanda-makore mazano uye edge komputa, avhareji nhamba yeOpenShift masumbu pamutengi iri kuwedzera zvakare.
Semuenzaniso, kana uchishandisa edge computing, masumbu emutengi anogona kuiswa mumazana kana kunyange zviuru. Nekuda kweizvozvo, anomanikidzwa kubata akati wandei akazvimirira kana akarongeka OpenShift masumbu mune yeruzhinji gore uye pane-nzvimbo.
Muchiitiko ichi, matambudziko mazhinji anofanirwa kugadziriswa, kunyanya:
- Dzora kuti masumbu ari mumamiriro akafanana (configs, monitoring, storage, etc.)
- Gadzirazve (kana dzosera) masumbu zvichienderana nenzvimbo inozivikanwa.
- Gadzira masumbu matsva anoenderana nenyika inozivikanwa.
- Bvisa shanduko kune akawanda OpenShift masumbu.
- Dzorera kumashure shanduko kune akawanda OpenShift masumbu.
- Batanidza templated masisitimu kune akasiyana nharaunda.
Zvirongwa zveMashandisirwo
Munguva yehupenyu hwavo, zvikumbiro zvinowanzopfuura nemuketani yemasumbu (dev, nhanho, nezvimwewo) zvisati zvapera muboka rekugadzira. Pamusoro pezvo, nekuda kwekuwanikwa uye scalability zvinodiwa, vatengi vanowanzo tumira zvikumbiro kune akawanda-pane-nzvimbo masumbu kana akawanda matunhu eruzhinji cloud platform.
Muchiitiko ichi, mabasa anotevera anofanira kugadziriswa:
- Ita shuwa yekufamba kwemaapplication (mabhinari, magadzirirwo, nezvimwewo) pakati pemasumbu (dev, nhanho, nezvimwewo).
- Buritsa shanduko kumashandisirwo (mabhinari, magadzirirwo, nezvimwewo) mune akati wandei OpenShift masumbu.
- Dzorera kumashure shanduko kune maapplication kune yaimbozivikanwa nyika.
OpenShift GitOps Shandisa Nyaya
1. Kushandisa shanduko kubva kuGit repository
A cluster administrator anogona kuchengeta OpenShift cluster zvigadziriso muGit repository uye ozvishandisa kuti zvisashande kugadzira masumbu matsva uye kuaunza munzvimbo yakafanana nenyika inozivikanwa yakachengetwa muGit repository.
2. Kuwiriranisa neChakavanzika Maneja
Iye maneja anozobatsirwawo nekugona kuwiriranisa OpenShift zvakavanzika zvinhu nesoftware yakakodzera seVault kuitira kuti uzvibate uchishandisa zvishandiso zvakagadzirirwa izvi.
3. Kudzora kwemaitiro ekukukurwa
Iyo admin inongo farira kana OpenShift GitOps pachayo ikaratidza uye kunyevera nezve mutsauko pakati pemagadzirirwo chaiwo uye ayo anotsanangurwa mune repository, kuti ivo vakurumidze kupindura kukukurwa.
4. Zviziviso nezve configuration drift
Izvo zvinobatsira mune iyo kesi apo maneja anoda kukurumidza kudzidza nezve nyaya dzekugadzirisa dhirivha kuitira kuti akurumidze kutora matanho akakodzera ari ega.
5. Manual synchronization yezvigadziriso kana uchikukurwa
Inobvumira iyo admin kuwiriranisa OpenShift cluster neGit repository muchiitiko chekugadzirisa kudonha, kukurumidza kudzorera sumbu kune yakambozivikanwa nyika.
6.Auto-synchronization yezvigadziro painodonha
Iye maneja anogona zvakare kugadzirisa iyo OpenShift cluster kuti ienderane otomatiki neiyo repository kana dhift yaonekwa, kuitira kuti iyo cluster kumisikidzwa inogara ichienderana nemagadzirirwo muGit.
7. Masumbu akati wandei - imwe repository
Iye maneja anogona kuchengeta zvigadziriso zveakasiyana akasiyana OpenShift masumbu mune imwe Git repository uye nekusarudza shandisa iwo sezvinodiwa.
8. Hierarchy ye cluster configurations (nhaka)
Iyo admin inogona kuseta hierarchy yemasumbu masisitimu mune repository (nhanho, prod, app portfolio, nezvimwe nenhaka). Mune mamwe mazwi, inogona kuona kana zvigadziriso zvichifanira kuiswa kune rimwe kana mamwe masumbu.
Semuenzaniso, kana maneja akaseta hierarchy "Masumbu ekugadzira (prod) β System X masumbu β Masumbu ekugadzira ehurongwa X" muGit repository, ipapo musanganiswa weanotevera magadzirirwo anoiswa kumasumbu ekugadzira system X:
- Configs zvakafanana kune ese ekugadzira masumbu.
- Magadzirirwo eSystem X cluster.
- Configs yeX system yekugadzira cluster.
9. Matemplate uye magadzirirwo anodarika
Mutungamiri anogona kudarika seti yezvigadziro zvakagarwa nhaka uye maitiro avo, semuenzaniso, kunyatsogadzirisa gadziriro yemasumbu chaiwo ayo achashandiswa.
10. Kusarudzika kunosanganisira uye kusabvisa kune zvigadziriso, zvigadziriso zvekushandisa
Administrator anogona kuseta mamiriro ekushandisa kana kusashandisa mamwe magadzirirwo kumasumbu ane humwe hunhu.
11. Tsigiro yetemplate
Vagadziri vanozobatsirwa nekugona kusarudza kuti zviwanikwa zvekushandisa zvichatsanangurwa sei (Helm Chati, yakachena Kubernetes yaml, nezvimwewo) kuitira kushandisa iyo yakanyanya kufanirwa fomati kune yega yega application.
GitOps zvishandiso pane OpenShift papuratifomu
ArgoCD
ArgoCD inoshandisa External Resource Reconcile modhi uye inopa UI yepakati yekuronga hukama-humwe-kune-hwakawanda pakati pemasumbu neGit repositori. Zvakaipa zvechirongwa ichi zvinosanganisira kusakwanisa kubata zvikumbiro kana ArgoCD isiri kushanda.
yerera
Flux inoshandisa iyo On-Cluster Resource Reconcile modhi uye, semhedzisiro, hapana yepakati manejimendi yetsanangudzo repository, inova nzvimbo isina simba. Nekune rimwe divi, chaizvo nekuda kwekushaikwa kwepakati, kugona kubata maapplication kunoramba kuri kunyangwe sumbu rimwe rikatadza.
Kuisa ArgoCD pane OpenShift
ArgoCD inopa yakanakisa yekuraira mutsara interface uye webhu koni, saka isu hatifukidze Flux nedzimwe nzira pano.
Kuendesa ArgoCD papuratifomu yeOpenShift 4, tevera matanho aya semutongi weboka:
Kuendesa zvinhu zveArgoCD pane OpenShift papuratifomu
# Create a new namespace for ArgoCD components
oc create namespace argocd
# Apply the ArgoCD Install Manifest
oc -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.2.2/manifests/install.yaml
# Get the ArgoCD Server password
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')Kuvandudzwa kweArgoCD Server kuitira kuti ionekwe neOpenShift Route
# Patch ArgoCD Server so no TLS is configured on the server (--insecure)
PATCH='{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"argocd-server"}],"containers":[{"command":["argocd-server","--insecure","--staticassets","/shared/app"],"name":"argocd-server"}]}}}}'
oc -n argocd patch deployment argocd-server -p $PATCH
# Expose the ArgoCD Server using an Edge OpenShift Route so TLS is used for incoming connections
oc -n argocd create route edge argocd-server --service=argocd-server --port=http --insecure-policy=RedirectKutumira ArgoCD Cli Tool
# Download the argocd binary, place it under /usr/local/bin and give it execution permissions
curl -L https://github.com/argoproj/argo-cd/releases/download/v1.2.2/argocd-linux-amd64 -o /usr/local/bin/argocd
chmod +x /usr/local/bin/argocdKuchinja iyo ArgoCD Server admin password
# Get ArgoCD Server Route Hostname
ARGOCD_ROUTE=$(oc -n argocd get route argocd-server -o jsonpath='{.spec.host}')
# Login with the current admin password
argocd --insecure --grpc-web login ${ARGOCD_ROUTE}:443 --username admin --password ${ARGOCD_SERVER_PASSWORD}
# Update admin's password
argocd --insecure --grpc-web --server ${ARGOCD_ROUTE}:443 account update-password --current-password ${ARGOCD_SERVER_PASSWORD} --new-password
Mushure mekupedza nhanho idzi, unogona kushanda neArgoCD Server kuburikidza neArgoCD WebUI web console kana ArgoCD Cli command line tool.
GitOps - Hazvina Kunyanya Kunonoka
"Chitima chaenda" - izvi ndizvo zvavanotaura nezvemamiriro ezvinhu apo mukana wekuita chimwe chinhu wakarasika. Panyaya yeOpenShift, chishuwo chekungotanga kushandisa iyi inotonhorera chikuva chinowanzo gadzira chaizvo mamiriro aya nekutonga uye kugadzirisa nzira, deployments uye zvimwe OpenShift zvinhu. Asi mukana wacho unogara wakarasika zvachose here?
Kuenderera mberi nenhevedzano yezvinyorwa nezve , nhasi tichakuratidza maitiro ekushandura application yakagadzirwa nemaoko uye zviwanikwa zvayo kuita maitiro ayo zvese zvinotungamirwa neGitOps zvishandiso. Kuti tiite izvi, isu tichatanga nemaoko kutumira iyo httpd application. Iyo skrini pazasi inoratidza magadzirirwo atinoita nzvimbo yezita, kutumira uye sevhisi, uye tozofumura iyi sevhisi kugadzira nzira.
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/namespace.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/deployment.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/service.yaml
oc expose svc/httpd -n simple-appSaka tine application yakagadzirwa nemaoko. Ikozvino inoda kuendeswa pasi peGitOps manejimendi pasina kurasikirwa kwekuwanikwa. Muchidimbu, inoita izvi:
- Gadzira Git repository yekodhi.
- Isu tinotumira kunze zvinhu zvedu zvazvino uye tozviisa kuGit repository.
- Kusarudza uye kutumira GitOps zvishandiso.
- Isu tinowedzera repository yedu kune iyi Toolkit.
- Isu tinotsanangura iyo application mune yedu GitOps toolkit.
- Isu tinoita bvunzo yekumhanyisa application tichishandisa GitOps toolkit.
- Isu tinowiriranisa zvinhu tichishandisa GitOps toolkit.
- Gonesa kuchekerera uye otomatiki-synchronization yezvinhu.
Sezvambotaurwa mune yapfuura , muGitOps pane imwechete uye chete sosi yeruzivo nezve zvese zvinhu muKubernetes cluster(s) - iyo Git repository. Tevere, isu tinopfuurira kubva pachifungidziro chekuti sangano rako rinotoshandisa Git repository. Inogona kuve yeruzhinji kana yakavanzika, asi inofanirwa kuwanikwa kune Kubernetes masumbu. Iyi inogona kuve iyo yakafanana repository neyeyekunyorera kodhi, kana yakaparadzana repository yakagadzirwa yakanangana nekutumirwa. Zvinokurudzirwa kuve nemvumo dzakasimba munzvimbo inochengeterwa sezvo zvakavanzika, nzira, uye zvimwe zvinhu zvine chengetedzo zvichachengetwa ipapo.
Mumuenzaniso wedu, tichagadzira nzvimbo itsva yeruzhinji paGitHub. Unogona kuidaidza chero chaunoda, isu tinoshandisa zita rekuti blogpost.
Kana iyo YAML chinhu mafaera asina kuchengetwa munharaunda kana muGit, saka uchafanirwa kushandisa oc kana kubectl binaries. Mumufananidzo uri pazasi tiri kukumbira YAML yenzvimbo yedu yezita, kutumira, sevhisi uye nzira. Izvi zvisati zvaitika, takagadzira iyo ichangobva kugadzirwa repository uye cd mairi.
oc get namespace simple-app -o yaml --export > namespace.yaml
oc get deployment httpd -o yaml -n simple-app --export > deployment.yaml
oc get service httpd -o yaml -n simple-app --export > service.yaml
oc get route httpd -o yaml -n simple-app --export > route.yamlZvino ngatigadzirise faira re deployment.yaml kuti tibvise nzvimbo iyo Argo CD isingakwanise kuwiriranisa.
sed -i '/sgeneration: .*/d' deployment.yamlMukuwedzera, nzira inoda kuchinjwa. Isu tinotanga taseta mutsara wemitsara yakawanda tozotsiva ingress: null nezviri mukati meiyo shanduko.
export ROUTE=" ingress:
- conditions:
- status: 'True'
type: Admitted"
sed -i "s/ ingress: null/$ROUTE/g" route.yamlSaka, isu takarongedza mafaera, chasara kuachengeta kuGit repository. Mushure mezvo iyi repository inova iyo chete sosi yeruzivo, uye chero shanduko yemanyorero kune zvinhu inofanira kurambidzwa zvachose.
git commit -am βinitial commit of objectsβ
git push origin masterKupfuurirazve isu tinoenderera mberi kubva kune chokwadi chekuti wakatoisa ArgoCD (maitirwo eizvi - ona yapfuura ) Naizvozvo, isu tichawedzera kuArgo CD iyo repository yatakagadzira, ine kodhi yekushandisa kubva kumuenzaniso wedu. Ingoita shuwa kuti unotsanangura iyo chaiyo repository yawakagadzira kare.
argocd repo add https://github.com/cooktheryan/blogpostZvino ngatigadzirirei application. Chishandiso chinoisa kukosha kuitira kuti GitOps toolkit inzwisise kuti ndeipi repository uye nzira dzekushandisa, iyo OpenShift inodiwa kubata zvinhu, iro rakananga bazi renzvimbo inodiwa, uye kuti zviwanikwa zvinofanirwa kuwiriranisa otomatiki.
argocd app create --project default
--name simple-app --repo https://github.com/cooktheryan/blogpost.git
--path . --dest-server https://kubernetes.default.svc
--dest-namespace simple-app --revision master --sync-policy none
Kana chikumbiro chatsanangurwa muArgo CD, iyo Toolkit inotanga kutarisa zvakatoiswa zvinhu zvichipesana netsanangudzo dziri mudura. Mumuenzaniso wedu, auto-sync uye kuchenesa zvakadzimwa, saka zvinhu hazvisati zvachinja. Ndokumbira utarise kuti muArgo CD interface application yedu ichange iine chinzvimbo "Out of Sync" nekuti hapana zita rinopihwa neArgoCD.
Ichi ndicho chikonzero kana isu tichitanga kuwiriranisa gare gare, zvinhu hazvizoiswazve.
Zvino ngatiitei bvunzo kumhanya kuti tive nechokwadi chekuti hapana zvikanganiso mumafaira edu.
argocd app sync simple-app --dry-runKana pasina zvikanganiso, saka unogona kuenderera kune synchronization.
argocd app sync simple-appMushure mokumhanyisa argoc tora rairo pane yedu application, isu tinofanirwa kuona kuti chimiro chekushandisa chachinja kuita Healthy kana Synced. Izvi zvinoreva kuti zviwanikwa zvese zviri muGit repository zvino zvinoenderana neizvo zviwanikwa zvakatoiswa.
argocd app get simple-app
Name: simple-app
Project: default
Server: https://kubernetes.default.svc
Namespace: simple-app
URL: https://argocd-server-route-argocd.apps.example.com/applications/simple-app
Repo: https://github.com/cooktheryan/blogpost.git
Target: master
Path: .
Sync Policy: <none>
Sync Status: Synced to master (60e1678)
Health Status: Healthy
... Iye zvino unogona kugonesa auto-sync uye kuchenesa kuti uone kuti hapana chinogadzirwa nemaoko uye kuti pese pese chinhu chinogadzirwa kana kuvandudzwa kune repository, kutumirwa kuchaitika.
argocd app set simple-app --sync-policy automated --auto-prune
Saka, takabudirira kuunza application pasi peGitOps control iyo yakatanga isingashandise GitOps chero nzira.
Source: www.habr.com