Waxaa si isa soo taraysa naloo waydiiyaa horumarinta adeegyada yaryar ee Kubernetes. Horumarinta, gaar ahaan luqadaha la tarjumo, waxay rabaan inay si degdeg ah u saxaan koodka IDE-ga ee ay jecel yihiin oo ay arkaan natiijada iyaga oo aan sugin dhismo/ diritaan - iyagoo si fudud u riixaya F5. Oo markii ay timaaddo codsiga monolithic, waxay ku filnayd in gudaha lagu rakibo kaydka xogta iyo server-ka webka (Docker, VirtualBox ...), ka dibna isla markiiba ku raaxayso horumarka. Iyada oo la jarayo monoliths ee loo yaqaan 'microservices' iyo imaatinka Kubernetes, oo leh muuqaalka ku tiirsanaanta midba midka kale, wax walba . Inta ka badan adeegyadan yar-yar, waa dhibatooyin badan. Si aad ugu raaxaysato horumarka mar kale, waxaad u baahan tahay inaad kor u qaaddo in ka badan hal ama laba weel oo Docker ah, iyo mararka qaarkood xitaa in ka badan darsin... .
Waqtiyo kala duwan waxaan isku daynay xalal kala duwan dhibaatada. Oo waxaan ku bilaabi doonaa meelaha la ururiyey ee shaqada ama si fudud "qalab".
1. Kalluun
Inta badan IDE-yada waxay awood u leeyihiin inay si toos ah wax uga beddelaan koodka server-ka iyagoo isticmaalaya FTP/SFTP. Jidkani waa mid aad u muuqda, isla markiiba waxaan go'aansanay inaan isticmaalno. Nuxurkeedu waxa uu hoos ugu soo dhacay:
- Qaybta horumarinta deegaanka (dev/dib u eegis), weel dheeraad ah ayaa lagu bilaabay gelitaanka SSH iyo gudbinta furaha SSH ee dadweynaha ee horumariyaha samayn doona/ diri doona codsiga.
- Marxaladda galitaanka (kunta dhexdeeda
prepare-app) ku wareeji koodkaemptyDirsi aad u hesho koodka weelasha codsiga iyo server-ka SSH.
Si aad si fiican u fahamto hirgelinta farsamada ee nidaamkan, waxaan bixin doonaa qaybo ka mid ah habaynta YAML ku lug leh ee Kubernetes.
Habaynta
1.1. qiyamka.yaml
ssh_pub_key:
vasya.pupkin: <ssh public key in base64>
waa vasya.pupkin waa qiimaha doorsoomayaasha ${GITLAB_USER_LOGIN}.
1.2. hawlgelin.yaml
...
{{ if eq .Values.global.debug "yes" }}
volumes:
- name: ssh-pub-key
secret:
defaultMode: 0600
secretName: {{ .Chart.Name }}-ssh-pub-key
- name: app-data
emptyDir: {}
initContainers:
- name: prepare-app
{{ tuple "backend" . | include "werf_container_image" | indent 8 }}
volumeMounts:
- name: app-data
mountPath: /app-data
command: ["bash", "-c", "cp -ar /app/* /app-data/" ]
{{ end }}
containers:
{{ if eq .Values.global.debug "yes" }}
- name: ssh
image: corbinu/ssh-server
volumeMounts:
- name: ssh-pub-key
readOnly: true
mountPath: /root/.ssh/authorized_keys
subPath: authorized_keys
- name: app-data
mountPath: /app
ports:
- name: ssh
containerPort: 22
protocol: TCP
{{ end }}
- name: backend
volumeMounts:
{{ if eq .Values.global.debug "yes" }}
- name: app-data
mountPath: /app
{{ end }}
command: ["/usr/sbin/php-fpm7.2", "--fpm-config", "/etc/php/7.2/php-fpm.conf", "-F"]
...
1.3. sir.yaml
{{ if eq .Values.global.debug "yes" }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Chart.Name }}-ssh-pub-key
type: Opaque
data:
authorized_keys: "{{ first (pluck .Values.global.username .Values.ssh_pub_key) }}"
{{ end }}
Taabashada kama dambaysta ah
Intaa ka dib waxa hadhay oo dhan waa wareejinta :
dev:
stage: deploy
script:
- type multiwerf && source <(multiwerf use 1.0 beta)
- type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
- werf deploy
--namespace ${CI_PROJECT_NAME}-stage
--set "global.env=stage"
--set "global.git_rev=${CI_COMMIT_SHA}"
--set "global.debug=yes"
--set "global.username=${GITLAB_USER_LOGIN}"
tags:
- build
Voila: horumariyaha bilaabay hawlgelinta waxa uu ku xidhi karaa magaca adeega (sida ammaana loogu ogolaan karo gelitaanka kooxda, ) laga bilaabo miiskaaga SFTP oo ka beddel koodka adoon sugin in la geeyo kooxda.
Tani waa xal si buuxda u shaqeeya, laakiin marka laga eego dhinaca fulinta waxay leedahay faa'iidooyin muuqda:
- baahida loo qabo in la nadiifiyo shaxda Helm, taas oo adkeynaysa in mustaqbalka la akhriyo;
- waxa isticmaali kara oo kaliya qofka adeega geeyey;
- waxa aad u baahantahay in aad xasuusato in aad lasocoto hagaha deegaanka ee koodka oo aad u fuliso Git.
2. Joogitaanka Telefoonka
Mashruuca muddo dheer ayaa la yaqaanay, laakiin annagu, sida ay yiraahdaan, "ma aanaan gaarin inaan si dhab ah u tijaabino ficil ahaan." Si kastaba ha noqotee, baahida ayaa qabatay shaqadeeda, hadda waxaan ku faraxsanahay inaan wadaagno khibradeena, taas oo laga yaabo inay faa'iido u leedahay akhristayaasha blog-ka - gaar ahaan maadaama aysan jirin qalab kale oo ku saabsan Telepresence oo ku yaal xuddunta weli.
Marka la soo koobo, wax walbaa waxay noqdeen kuwo aan cabsi lahayn. Waxaan dhignay dhammaan ficillada u baahan fulinta qeybta horumariyaha galka qoraalka shaxda Helm ee la yiraahdo NOTES.txt. Markaa, ka dib markii la geeyo adeegga Kubernetes, horumariyuhu wuxuu arkaa tilmaamaha lagu bilaabayo deegaanka dev ee gudaha GitLab log log:
!!! Π Π°Π·ΡΠ°Π±ΠΎΡΠΊΠ° ΡΠ΅ΡΠ²ΠΈΡΠ° Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎ, Π² ΡΠΎΡΡΠ°Π²Π΅ Kubernetes !!!
* ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° ΠΎΠΊΡΡΠΆΠ΅Π½ΠΈΡ
* * ΠΠΎΠ»ΠΆΠ΅Π½ Π±ΡΡΡ Π΄ΠΎΡΡΡΠΏ Π΄ΠΎ ΠΊΠ»Π°ΡΡΠ΅ΡΠ° ΡΠ΅ΡΠ΅Π· VPN
* * ΠΠ° Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠΌ ΠΠ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ kubectl ( https://kubernetes.io/docs/tasks/tools/install-kubectl/ )
* * ΠΠΎΠ»ΡΡΠΈΡΡ config-ΡΠ°ΠΉΠ» Π΄Π»Ρ kubectl (ΡΠΊΠΎΠΏΠΈΡΠΎΠ²Π°ΡΡ Π² ~/.kube/config)
* * ΠΠ° Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠΌ ΠΠ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ telepresence ( https://www.telepresence.io/reference/install )
* * ΠΠΎΠ»ΠΆΠ΅Π½ Π±ΡΡΡ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ Docker
* * ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ Π΄ΠΎΡΡΡΠΏ ΡΡΠΎΠ²Π½Ρ reporter ΠΈΠ»ΠΈ Π²ΡΡΠ΅ ΠΊ ΡΠ΅ΠΏΠΎΠ·ΠΈΡΠΎΡΠΈΡ https://gitlab.site.com/group/app
* * ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ Π·Π°Π»ΠΎΠ³ΠΈΠ½ΠΈΡΡΡ Π² registry Ρ Π»ΠΎΠ³ΠΈΠ½ΠΎΠΌ/ΠΏΠ°ΡΠΎΠ»Π΅ΠΌ ΠΎΡ GitLab (Π΄Π΅Π»Π°Π΅ΡΡΡ ΠΎΠ΄ΠΈΠ½ ΡΠ°Π·):
#########################################################################
docker login registry.site.com
#########################################################################
* ΠΠ°ΠΏΡΡΠΊ ΠΎΠΊΡΡΠΆΠ΅Π½ΠΈΡ
#########################################################################
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name }}:backend --mount=/tmp/app --docker-run -v `pwd`:/app -v /tmp/app/var/run/secrets:/var/run/secrets -ti registry.site.com/group/app/backend:v8
#########################################################################Si faahfaahsan uga hadli mayno tillaabooyinka lagu tilmaamay tilmaamahan...marka laga reebo kan u dambeeya. Maxaa dhacaya inta lagu guda jiro furitaanka Telepresence?
La shaqaynta Telepresence
Bilawga (adigoo isticmaalaya amarkii ugu dambeeyay ee lagu qeexay tilmaamaha kore), waxaanu dejinaynaa:
- meel magac ah oo adeeg-yaruhu ku socdo;
- Magacyada la geynayo iyo weelka aan rabno inaan dhex galno.
Doodaha soo hadhay waa ikhtiyaari. Haddii adeegayagu uu la falgalo iyo Kubernetes API , waxaan u baahanahay in aan ku dhejino shahaadooyinka / calaamadaha miiskayaga. Si tan loo sameeyo, isticmaal ikhtiyaarka --mount=true (ama --mount=/dst_path), kaas oo ku dhejin doona xididka (/) laga bilaabo weelka Kubernetes ilaa miiskayaga. Taas ka dib, waxaan awoodnaa (iyadoo ku xiran OS-ka iyo sida codsiga loo bilaabay) isticmaalka "furayaasha" ee kutlada.
Marka hore, aan eegno ikhtiyaarka ugu caalamisan ee socodsiinta codsiga - weelka Docker. Si tan loo sameeyo waxaan isticmaali doonaa furaha --docker-run oo ku dheji tusaha koodka ku jira weelka: -v `pwd`:/app
Fadlan ogow in tani ay u malaynayso in laga bilaabo hagaha mashruuca. Koodhka codsiga waxa lagu dhejin doonaa tusaha /app weel ku jira.
Xiga: -v /tmp/app/var/run/secrets:/var/run/secrets - in lagu dhejiyo hagaha shahaado/calaamad ku jirta weel.
Doorashadan waxaa ugu dambeyntii raacaya sawirka kaas oo codsigu ku socon doono. NB: Markaad dhiseyso sawir, waa inaad qeexdaa CMD ama ENTRYPOINT!
Maxaa xigi doona dhab ahaan?
- Kubernetes gudaheeda, geynta la cayimay, tirada nuqulada waxaa loo bedeli doonaa 0. Taa baddalkeeda, hawlgelin cusub ayaa la bilaabayaa - oo leh weel beddel ah.
backend. - 2 weel ayaa ka bilaaban doona miiska: kan ugu horreeya ee leh Telepresence (waxay ku siin doontaa codsiyada wakiil ka ah / Kubernetes), kan labaad oo leh codsiga la soo saaray.
- Haddii aan ku dhex galno weelka codsiga, markaas dhammaan doorsoomayaasha ENV ee uu wareejiyay Helm inta lagu guda jiro howlgalka waa diyaar, dhammaan adeegyada sidoo kale waa la heli doonaa. Waxa hadhay oo dhan waa inaad wax ka beddesho koodka IDE-ga aad jeceshahay oo aad ku raaxaysato natiijada.
- Dhamaadka shaqada, kaliya waxaad u baahan tahay inaad xirto terminaalka uu Telepresence ku shaqeynayo (ka jooji fadhiga Ctrl + C) - Weelasha Docker waxay joogsan doonaan miiska, iyo Kubernetes wax walba waxay ku soo laaban doonaan xaaladdoodii hore. Waxa hadhay oo dhan waa in aad ballan qaaddo, soo saarto MR oo aad u wareejiso si aad dib ugu eegto/ku biirto/β¦ (waxay kuxirantahay socodka shaqadaada).
Haddii aynaan rabno inaan ku socodsiino codsiga weelka Docker - tusaale ahaan, kuma horumarineyno PHP, laakiin Go, oo aan wali ku dhisno gudaha - bilaabista Telepresence waxay noqon doontaa mid ka sii fudud:
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name }}:backend --mount=trueHaddii codsigu galo Kubernetes API, waxaad u baahan doontaa inaad ku rakibto hagaha furayaasha (https://www.telepresence.io/howto/volumes). Waxaa jira utility Linux :
proot -b $TELEPRESENCE_ROOT/var/run/secrets/:/var/run/secrets bash
Ka dib markii la bilaabay Telepresence iyada oo aan ikhtiyaarka lahayn --docker-run Dhammaan doorsoomayaasha deegaanka ayaa laga heli doonaa terminalka hadda jira, markaa codsiga waa in lagu dhex billowdaa.
NB: Markaad isticmaalayso, tusaale ahaan, PHP, waa inaad xasuusataa inaad joojiso op_cache kala duwan, apc iyo dardar-galiyeyaasha kale ee horumarinta - haddii kale tafatirka koodka ma horseedi doonto natiijada la rabo.
Natiijooyinka
Horumarinta maxalliga ah ee Kubernetes waa dhibaato xalkeedu u korayo marka loo eego faafitaanka goobtan. Helitaanka codsiyada khuseeya horumariyeyaasha (macaamiisheena), waxaan bilownay inaan ku xallinno hababka ugu horreeya ee la heli karo, taas oo, si kastaba ha ahaatee, ma aysan caddayn naftooda muddada dheer. Nasiib wanaag, tani waxay noqotay mid cad hadda oo keliya maaha oo kaliya annaga, sidaas darteed habab badan oo ku habboon ayaa horay u soo muuqday adduunka, iyo Telepresence waa kuwa ugu caansan iyaga (sida, waxaa sidoo kale jira). ka Google). Waayo-aragnimadeena isticmaalkeedu weli aad uma weyna, laakiin waxay mar hore na siinaysaa sabab aan kula talinno "saaxiibadayada dukaanka" - isku day!
PS
Wax kale oo ka mid ah talooyinka iyo tabaha K8s:
- Β«";
- Β«";
- Β«";
- Β«";
- Β«".
Source: www.habr.com