Kumhanya Camunda BPM paKubernetes

Uri kushandisa Kubernetes? Wagadzirira kufambisa yako Camunda BPM zviitiko kubva mumakina chaiwo, kana pamwe kungoedza kuamhanyisa paKubernetes? Ngatitarisei mamwe magadzirirwo akajairwa uye zvinhu zvega zvinogona kugadzirwa kune zvaunoda chaizvo.

Zvinofungidzira kuti wakamboshandisa Kubernetes kare. Kana zvisina kudaro, wadii kutarisa gwara uye kusatanga sumbu rako rekutanga?

Authors

• Alastair Firth (Alastair Firth) - Senior Site Reliability Engineer paCamunda Cloud team;
• Lars Lange (Lars Lange) - DevOps injiniya kuCamunda.

Muchidimbu:

git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold


Okay, pamwe hazvina kushanda nekuti hauna skaffold uye kustomize yakaiswa. Zvakanaka zvino verenga!

Chii chinonzi Camunda BPM

Camunda BPM ndeye yakavhurika sosi bhizinesi maitiro manejimendi uye sarudzo otomatiki chikuva chinobatanidza vashandisi vebhizinesi uye vanogadzira software. Yakanakira kurongedza nekubatanidza vanhu, (micro) masevhisi kana kunyange bots! Iwe unogona kuverenga zvakawanda nezve akasiyana ekushandisa kesi pa batanidzo.

Sei kushandisa Kubernetes

Kubernetes yave ndiyo nzira chaiyo yekushandisa maapplication emazuva ano mu LinuxNekushandisa ma "system calls" pachinzvimbo che "hardware emulation" uye kubvumira kernel kuti ikwanise kudzora memory ne "task switching", nguva dze "boot" ne "startup" dzinoderedzwa. Zvisinei, mukana mukuru unogona kubva ku "standard API" iyo Kubernetes inopa yekugadzirisa zvivakwa zvinodiwa nemapurogiramu ese: kuchengetedza, networking, uye monitoring. Yakapemberera gore rayo rechitanhatu muna Chikumi 2020, zvichiita kuti ive yechipiri pakukura chirongwa che "open source" (mushure me Linux). Ichangobva kugadzirisa mashandiro ayo mushure mekudzokorora nekukurumidza mumakore mashoma apfuura, sezvo ichiva yakakosha pamabasa ekugadzira pasi rese.

Camunda BPM Injini inogona kubatana zviri nyore kune mamwe maapplication ari kushanda pane imwechete cluster, uye Kubernetes inopa yakanakisa scalability, ichikubvumidza kuti uwedzere mitengo yezvivakwa chete kana ichinyatso kudiwa (uye kudzideredza zviri nyore sezvinodiwa).

Hunhu hwekutarisisa hunovandudzwa zvakare nemidziyo yakadai sePrometheus, Grafana, Loki, Fluentd uye Elasticsearch, ichikubvumidza kuti utarise nechepakati mabasa ese ari musumbu. Nhasi tichatarisa maitiro ekuita iyo Prometheus mutengesi muJava Virtual Machine (JVM).

Zvinangwa

Ngatitarisei nzvimbo shoma kwatinogona kugadzirisa iyo Camunda BPM Docker mufananidzo (github) kuitira kuti iwirirane zvakanaka neKubernetes.

1. Logs uye metrics;
2. Database connections;
3. Authentication;
4. Session management.

Tichatarisa nzira dzinoverengeka dzekuzadzisa zvinangwa izvi uye kuratidza zvakajeka maitiro ese.

taura pfungwa: Uri kushandisa iyo Enterprise vhezheni? Tarisa pano uye gadzirisa zvinongedzo zvemufananidzo sezvinodiwa.

Workflow development

Mune iyi demo, isu tichashandisa Skaffold kuvaka Docker mifananidzo tichishandisa Google Cloud Build. Iyo ine rutsigiro rwakanaka rwezvishandiso zvakasiyana (seKustomize neHelm), CI uye kuvaka maturusi, uye vanopa zvivakwa. File skaffold.yaml.tmpl inosanganisira marongero eGoogle Cloud Build neGKE, ichipa nzira iri nyore yekumhanyisa zvigadzirwa zvegiredhi.

make skaffold ichaisa iyo Dockerfile mamiriro mu Cloud Build, kuvaka chifananidzo uye chichengete muGCR, uye wobva waisa zviratidziro kuboka rako. Izvi ndizvo zvainoita make skaffold, asi Skaffold ine zvimwe zvakawanda.

Kune yaml templates muKubernetes, isu tinoshandisa kustomize kubata yaml overlays pasina kuforoma iyo yese manifest, ichikubvumidza iwe kushandisa. git pull --rebase kuitira zvimwe zvigadziriso. Ikozvino iri mu kubectl uye inoshanda chaizvo kuzvinhu zvakadaro.

Isu tinoshandisawo envsubst kuzadza zita remugamuchiri uye GCP chirongwa ID mumafaira e *.yaml.tmpl. Unogona kuona kuti inoshanda sei mukati makefile kana kungoenderera mberi.

Mamiriro ezvinhu anodikanwa

• Basa sumbu Kubernetes
• Customize
• Skaffold - yekugadzira yako docker mifananidzo uye nyore kutumira kuGKE
• Kopi yekodhi iyi
• Envsubst

Kufambiswa kwebasa uchishandisa manifesheni

Kana iwe usingade kushandisa kustomize kana skaffold, unogona kureva mamanifesiti mukati generated-manifest.yaml uye zvigadzirise kuti zvienderane nekufamba kwesarudzo yako.

Logs uye metrics

Prometheus yave chiyero chekuunganidza metrics muKubernetes. Iyo inogara niche yakafanana neAWS Cloudwatch Metrics, Cloudwatch Alerts, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics nevamwe. Iyo yakavhurika sosi uye ine simba rekubvunza mutauro. Isu tinopa iyo yekuona kuGrafana - inouya nehuwandu hukuru hwemadhibhodhi anowanikwa kunze kwebhokisi. Iwo akabatana kune mumwe nemumwe uye ari nyore kuisa nawo prometheus-operator.

Nekutadza, Prometheus anoshandisa iyo yekubvisa modhi <service>/metrics, uye kuwedzera sidecar midziyo yeizvi kwakajairika. Nehurombo, maJMX metrics anonyatso kurodha mukati meJVM, saka midziyo yepadivi haina kunyatsoita. Ngatibatanei jmx_exporter yakavhurika sosi kubva kuPrometheus kuenda kuJVM nekuwedzera kumufananidzo wemudziyo unozopa nzira /metrics pachiteshi chakasiyana.

Wedzera Prometheus jmx_exporter kumudziyo

-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0

## Wedzera prometheus mutengesi
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 ndiyo yakachengeterwa prometheus-jmx chiteshi
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml

Zvakanaka, izvo zvaive nyore. Iye anotengesa kunze anozotarisa tomcat uye kuratidza mametric ayo muPrometheus fomati pa <svc>:9404/metrics

Exporter setup

Muverengi anonyatsoteerera anogona kushamisika kuti yakabva kupi prometheus-jmx.yaml? Pane zvakawanda zvakasiyana zvinhu zvinogona kumhanya muJVM, uye tomcat ingori imwe yacho, saka mutengesi anoda kumwe kugadziridzwa. Magadzirirwo akajairwa etomcat, wildfly, kafka uye zvichingodaro zviripo pano. Isu tichawedzera tomcat se ConfigMap muKubernetes wobva waiisa sevhoriyamu.

Kutanga, isu tinowedzera iyo yekunze gadziriso faira kune yedu chikuva/config/dhairekitori

platform/config
└── prometheus-jmx.yaml


Zvadaro tinowedzera ConfigMapGenerator в kustomization.yaml.tmpl:

-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...]
configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml


Izvi zvichawedzera chimwe nechimwe chinhu files[] sechinhu cheConfigMap chekugadzirisa. ConfigMapGenerators yakanaka nekuti vane hash yekumisikidza data uye vanomanikidza podhi kutangazve kana ikachinja. Ivo zvakare vanodzikisira huwandu hwekumisikidzwa muDeployment sezvo iwe uchigona kukwira yakazara "folder" yemafaira ekugadzirisa mune imwe VolumeMount.

Chekupedzisira, isu tinofanirwa kukwidza iyo ConfigMap sevhoriyamu kune pod:

-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]


Wonderful. Kana Prometheus isina kugadzirwa kuti iite kuchenesa kwakazara, unogona kuitaurira kuti ichenese mapodhi. Prometheus Operator vashandisi vanogona kushandisa service-monitor.yaml kuti nditange. Explore Service-monitor.yaml, opareta design и ServiceMonitorSpec usati watanga.

Kuwedzera iyi pateni kune mamwe makesi ekushandisa

Ese mafaera atinowedzera kuConfigMapGenerator achave aripo mudhairekitori idzva /etc/config. Iwe unogona kuwedzera iyi template kuti uise chero mamwe mafaera ekugadzirisa aunoda. Iwe unogona kutoisa script nyowani yekutanga. Unogona kushandisa subPath kuisa mafaira ega. Kuti ugadzirise mafaera exml, funga kushandisa xmlstarlet panzvimbo sed. Yakatoiswa mumufananidzo.

Magazini

Nhau dzakanaka! matanda ekushandisa atovepo pastdout, semuenzaniso ne kubectl logs. Fluentd (yakaiswa neyakagadzika muGKE) inoendesa matanda ako kuElasticsearch, Loki, kana bhizinesi rako rekutema matanda. Kana iwe uchida kushandisa jsonify yematanda saka unogona kutevedzera iri pamusoro template yekuisa logback.

Database

Nekumisikidza, mufananidzo unenge uine H2 dhatabhesi. Izvi hazvina kukodzera kwatiri, uye tichashandisa Google Cloud SQL ne Cloud SQL Proxy - izvi zvichazodiwa gare gare kugadzirisa matambudziko emukati. Iyi isarudzo yakapusa uye yakavimbika kana iwe usina zvaunofarira pakugadzira dhatabhesi. AWS RDS inopa sevhisi yakafanana.

Pasinei nedhatabhesi yaunosarudza, kunze kwekunge iri H2, iwe unozofanirwa kuseta akakodzera nharaunda akasiyana mukati. platform/deploy.yaml. Zvinotaridzika seizvi:

-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]


taura pfungwa: Unogona kushandisa Kustomize kuendesa kunzvimbo dzakasiyana uchishandisa overlay: muenzaniso.

taura pfungwa: kushandiswa valueFrom: secretKeyRef. Ndapota, shandisa ichi Kubernetes chimiro kunyangwe panguva yekuvandudza kuchengetedza zvakavanzika zvako.

Zvingangodaro kuti iwe watove uine yakasarudzika sisitimu yekugadzirisa Kubernetes zvakavanzika. Kana zvisina kudaro, hedzino dzimwe sarudzo: Kudzivharira neKMS yewako wekupa gore wobva wadzipinza muK8S sezvakavanzika kuburikidza nepombi yeCD − Mozilla SOPS - ichashanda zvakanyanya mukubatana neKustomize zvakavanzika. Kune mamwe maturusi, senge dotGPG, anoita mabasa akafanana: HashiCorp Vault, Gadzirisa Chakavanzika Kukosha Plugins.

Ingress

Kunze kwekunge iwe ukasarudza kushandisa yemuno chiteshi kutumira, iwe unozoda yakagadziriswa Ingress Controller. Kana usingashandisi ingress-nginx (Helm chati) ipapo iwe unogona kunge uchitoziva kuti unofanirwa kuisa anonots anodiwa mukati ingress-patch.yaml.tmpl kana platform/ingress.yaml. Kana iwe uri kushandisa ingress-nginx uye woona nginx ingress kirasi ine mutoro unongedza kwairi uye yekunze DNS kana wildcard DNS yekupinda, iwe wakanaka kuenda. Zvikasadaro, gadzira iyo Ingress Controller uye DNS, kana kusvetuka aya matanho uye chengetedza yakananga kubatana kune pod.

TLS

Kana iwe uri kushandisa cert-maneja kana kube-lego uye letsencrypt - zvitupa zvekupinda kutsva zvichawanikwa otomatiki. Zvikasadaro, vhura ingress-patch.yaml.tmpl uye gadzirisa kuti ienderane nezvido zvako.

Launch!

Kana iwe wakatevera zvese zvakanyorwa pamusoro, ipapo murairo make skaffold HOSTNAME=<you.example.com> inofanira kutanga chiitiko chinowanikwa mukati <hostname>/camunda

Kana usati waisa yako yekuenda kune yeruzhinji URL, unogona kuitungamira nayo localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 pamusoro localhost:8080/camunda

Mirira maminetsi mashoma kusvika tomcat yagadzirira zvachose. Cert-maneja zvinotora nguva kuti ione zita rezita. Iwe unogona ipapo kutarisa matanda uchishandisa anowanikwa maturusi senge chishandiso sekubetail, kana kungoshandisa kubectl:

kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f


Matanho anotevera

Mvumo

Izvi zvakakosha pakugadzirisa Camunda BPM kupfuura Kubernetes, asi zvakakosha kuti uzive kuti nekusarudzika, kuvimbiswa kwakadzimwa muREST API. Unogona gonesa basic authentication kana kushandisa imwe nzira se J.W.T.. Unogona kushandisa configmaps uye mavhoriyamu kurodha xml, kana xmlstarlet (ona pamusoro) kugadzirisa mafaera aripo mumufananidzo, uye kushandisa wget kana kuaisa uchishandisa init mudziyo uye vhoriyamu yakagovaniswa.

Session management

Kufanana nezvimwe zvakawanda zvinoshandiswa, Camunda BPM inobata zvikamu muJVM, saka kana iwe uchida kumhanyisa akawanda replicas, unogona kugonesa zvikamu zvinonamira (semuenzaniso we ingress-nginx), iyo ichavapo kusvika replica yanyangarika, kana kuseta iyo Max-Age hunhu hwemakuki. Kuti uwane imwe yakasimba mhinduro, unogona kuendesa Session Maneja muTomcat. Lars akadaro patsanura post pamusoro penyaya iyi, asi chimwe chinhu chakadai:

wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&

sed -i'/^ /i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes = "redis://redis-proxy.db:22121"
zvinonamira = "nhema"
sessionBackupAsync="nhema"
storageKeyPrefix="context"
LockingMode = "otomatiki"
/>' conf/context.xml

taura pfungwa: unogona kushandisa xmlstarlet pane sed

Takashandisa twemproxy pamberi peGoogle Cloud Memorystore, ine memcached-session-maneja (inotsigira Redis) kuti imhanye.

Kuyera

Kana iwe uchitonzwisisa zvikamu, saka yekutanga (uye kazhinji yekupedzisira) kumisa kuyera Camunda BPM inogona kunge iri yekubatanidza kune dhatabhesi. Partial customization yatovepo "kubva mubhokisi" Ngatidzimeiwo intialSize mumasetting.xml file. Wedzera Horizontal Pod Autoscaler (HPA) uye iwe unogona nyore nyore kuyera huwandu hwepods.

Zvikumbiro uye zvirambidzo

В platform/deployment.yaml Iwe uchaona kuti isu takaomesesa-coded yezviwanikwa munda. Izvi zvinoshanda nemazvo neHPA, asi zvingangoda imwe gadziriso. Iyo kustomize chigamba inokodzera izvi. Cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl

mhedziso

Saka isu takaisa Camunda BPM paKubernetes ine Prometheus metrics, matanda, H2 dhatabhesi, TLS uye Ingress. Takawedzera mafaera ejagi uye mafaera ekugadzirisa tichishandisa ConfigMaps uye Dockerfile. Takataura nezve kuchinjanisa data kune mavhoriyamu uye zvakananga kune zvakatipoteredza zvinosiyana kubva kune zvakavanzika. Uye zvakare, isu takapa tarisiro yekumisikidza Camunda kune akawanda replicas uye yakatendeseka API.

nezvakanyorwa

github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives


05.08.2020/XNUMX/XNUMX, shanduro zvinyorwa Alastair Firth, Lars Lange

Source: www.habr.com