Maxaa u horeeyay - digaaga mise ukunta? Bilaw la yaab leh maqaal ku saabsan Kaabayaasha-sida-Code, miyaanay ahayn?
Waa maxay ukun?
Inta badan, Kaabayaasha-sida-Code (IaC) waa hab lagu caddeeyo oo lagu matalo kaabayaasha. Dhexdeeda waxaan ku qeexaynaa gobolka aan rabno inaan gaarno, laga bilaabo qaybta qalabka oo aan ku dhameyno habka software. Sidaa darteed IaC waxaa loo isticmaalaa:
- Bixinta Kheyraadka. Kuwani waa VMs, S3, VPC, iwm. Qalabka aasaasiga ah ee shaqada: ΠΈ .
- . Qalabka aasaasiga ah: , Kuug, iwm.
kood kasta ayaa ku jira kaydka git Dhawaan ama hadhow hogaamiyaha kooxdu wuxuu go'aansan doonaa inay u baahan yihiin in la hagaajiyo. Oo isna wuu soo celin doonaa. Waxayna abuuri doontaa qaab dhismeed. Oo isna wuxuu arki doonaa in tani ay wanaagsan tahay.
Sidoo kale way wanaagsan tahay inay hore u jirtay ΠΈ -bixiyaha Terraform (oo kani waa Habaynta Software). Caawintooda, waxaad maamuli kartaa mashruuca oo dhan: xubnaha kooxda, CI/CD, git-flow, iwm.
Halkee bay ukuntu ka timid?
Markaa waxaan si tartiib tartiib ah u soo dhowaanaynaa su'aasha ugu muhiimsan.
Ugu horreyntii, waxaad u baahan tahay inaad ku bilowdo bakhaar qeexaya qaabka kaydka kale, oo ay ku jiraan naftaada. Dabcan, sida qayb ka mid ah GitOps, waxaad u baahan tahay inaad ku darto CI si isbeddelada si toos ah loo fuliyo.
Haddii Git aan weli la abuurin?
- Sidee loogu kaydiyaa Git?
- Sidee loo rakibaa CI?
- Haddii aan sidoo kale geyno Gitlab anagoo adeegsanayna IaC, iyo xitaa Kubernetes?
- Iyo GitLab Runner sidoo kale gudaha Kubernetes?
- Ka warran Kubernetes ee ku jira bixiyaha daruuraha?
Maxaa markii hore yimid: GitLab halkaas oo aan ku dhejin doono koodka, ama koodka qeexaya nooca GitLab ee aan u baahanahay?
Digaag ukun leh
Β«3 oo leh dinosaur"]
Aan isku dayno inaan karsano saxan anagoo adeegsanayna daruur bixiye ahaan .
TL, DR
Suurtagal ma tahay inaad hal koox ku biirto hal mar?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashWaxyaabaha ay ka kooban tahay:
- Akoonka my.selectel.ru;
- Calaamada xisaabta;
- Xirfadaha Kubernetes;
- Xirfadaha Helm;
- Xirfadaha Terraform;
- Shaxda Helm GitLab;
- Shaxda Helm GitLab Runner.
Cunto:
- Ka hel MY_SELECTEL_TOKEN guddida my.selectel.ru.
- Samee kutlada Kubernetes adiga oo u wareejinaya calaamada akoontada
- Ka hel KUBECONFIG kooxda la abuuray.
- Ku rakib GitLab Kubernetes
- Ka hel GitLab-token GitLab oo loo sameeyay isticmaale xidid.
- Ku samee qaab dhismeed mashruuc gudaha GitLab adoo isticmaalaya GitLab-token.
- Ku riix koodka jira GitLab.
- ???
- Faa'iido!
talaabo 1. Calaamadda waxaa laga heli karaa qaybta .
talaabo 2. Waxaan u diyaarinaa Terraform-kayaga "dubo" koox ka kooban 2 nood. Haddii aad hubto in aad haysatid kheyraad kugu filan wax walba, markaa waxaad awood u yeelan kartaa kootooyinka auto:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Ku dar isticmaale mashruuca:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Natiijada:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Aan bilowno:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
talaabo 3. Waxaan helnaa cubeconfig.
Si aad barnaamij ahaan u soo dejiso KUBECONFIG, waxaad u baahan tahay inaad calaamad ka hesho OpenStack:
openstack token issue -c id -f value > tokenOo calaamadan ku samee codsi kubernetes Selectel API oo la maamulay. k8s_id bixisa xayawaanka:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlCupconfig sidoo kale waxaa laga heli karaa iyada oo loo marayo guddiga.
talaabo 4. Ka dib marka kooxdu la dubato oo aan marin u helno, waxaan ku dari karnaa yammka korka si aad u dhadhamiso.
Waxaan doorbidayaa inaan ku daro:
- meel magaceed
- fasalka kaydinta
- siyaasadda ammaanka pod iyo wixii la mid ah.
waayo Selectel waxaa laga soo qaadan karaa .
Tan iyo markii hore waxaan doortay koox aagga ru-3a, markaa waxaan u baahanahay fasalka kaydinta ee aaggan.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: truetalaabo 5. Ku rakib miisaan-dheeyeyaasha culayska.
Waxaan u isticmaali doonaa kuwa caadiga ah kuwa badan nginx-gudbinta. Waxaa horeba u jiray tilmaamo badan oo lagu rakibayo, markaa ma sii joogi doono.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlWaxaan sugeynaa inuu helo IP dibadeed qiyaastii 3-4 daqiiqo:
IP dibadeed helay:
talaabo 6. Ku rakib GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Mar labaad waxaanu sugayna in dhammaan gafku kor u kaco.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Caleemaha ayaa kacay:
talaabo 7. Waxaan helnaa GitLab-token.
Marka hore, ogow erayga sirta ah ee login:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeHadda aan galno oo helno calaamad:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.iotalaabo 8. Keenista xarumaha Git ee kala sareynta saxda ah iyadoo la adeegsanayo Bixiyaha Gitlab.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileNasiib darro, bixiyaha terraform GitLab wuxuu leeyahay sabayn . Markaa waa inaad gacanta ku tirtirtaa mashaariicda iska soo horjeeda si tf.state loo hagaajiyo. Kadib dib u samee amarka `$make all'
talaabo 9. Waxaan u wareejinaa kaydadka maxaliga ah ee server-ka.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)La sameeyay:
gunaanad
Waxa aanu gaadhnay in aanu si cad wax walba uga maarayn karno mishiinkeena maxaliga ah. Hadda waxaan rabaa inaan ku wareejiyo dhammaan hawlahan CI oo kaliya riix badhamada. Si tan loo sameeyo, waxaan u baahanahay inaan u wareejino goboladayaga maxalliga ah (Terraform state) CI. Sida tan loo sameeyo waa qaybta xigta.
Subscribe noo si aanay u seegin soo saarista maqaallo cusub!
Source: www.habr.com