ProHoster > Блог > Maamulka > Kubernetes ku socodsiinaya Camunda BPM

Kubernetes ku socodsiinaya Camunda BPM

Kubernetes ku socodsiinaya Camunda BPM

Ma isticmaaleysaa Kubernetes? Diyaar ma u tahay inaad ka guurto tusaalahaaga Camunda BPM mishiinnada farsamada gacanta, ama laga yaabee inaad isku daydo inaad ku socodsiiso Kubernetes? Aynu eegno qaar ka mid ah qaabaynta guud iyo shay gaar ah oo lagu waafajin karo baahiyahaaga gaarka ah.

Waxay u malaynaysaa inaad hore u isticmaashay Kubernetes. Haddaysan ahayn, maxaad u eegi weyday hage oo aadan bilaabin kooxdaadii ugu horeysay?

qorayaal

  • Alastair Firth (Alastair Firth) - Injineer isku halleyn kara goobta sare ee kooxda Camunda Cloud;
  • Lars Lange (Lars Lange) - Injineer DevOps oo jooga Camunda.

Marka la soo koobo:

git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold

Hagaag, waxay u badan tahay inay shaqayn wayday sababtoo ah ma haysatid skaffold iyo kustomize rakibay. Waa hagaag markaa akhri!

Waa maxay Camunda BPM

Camunda BPM waa il furan maaraynta habka ganacsiga iyo madal automation go'aan oo isku xidha isticmaalayaasha ganacsiga iyo soosaarayaasha software. Waxay ku habboon tahay isku-dubbaridka iyo isku xirka dadka, adeegyada (micro) ama xitaa bots! Waxaad ka akhrisan kartaa wax badan oo ku saabsan kiisaska kala duwan ee isticmaalka link.

Waa maxay sababta loo isticmaalo Kubernetes

Kubernetes wuxuu noqday halbeegga dhabta ah ee ku socodsiinta codsiyada casriga ah Linux. Adigoo isticmaalaya nidaamka wicitaanada halkii aad ka isticmaali lahayd kudayashada qalabka iyo awooda kernel-ku si uu u maareeyo xusuusta iyo beddelka shaqada, wakhtiga bootinta iyo wakhtiga bilawga ayaa lagu hayaa ugu yaraan. Si kastaba ha ahaatee, faa'iidada ugu weyn waxay ka iman kartaa API-ga caadiga ah ee Kubernetes ay bixiso si loo habeeyo kaabayaasha looga baahan yahay dhammaan codsiyada: kaydinta, isku-xidhka, iyo kormeerka. Waxay jirsatay 2020 sano Juun 6 waxaana laga yaabaa inay tahay mashruuca labaad ee ugu weyn ee furan (ka dib Linux). Waxay dhawaanahan si firfircoon u xasilinaysay shaqadeeda ka dib markii si degdeg ah loo falanqeeyay dhowrkii sano ee la soo dhaafay maadaama ay muhiim u tahay culeyska shaqada ee wax soo saarka adduunka oo dhan.

Mashiinka Camunda BPM wuxuu si fudud ugu xidhi karaa codsiyada kale ee ku shaqeeya koox isku mid ah, Kubernetes-na waxay bixisaa miisaan aad u fiican, taas oo kuu ogolaanaysa inaad kordhiso kharashyada kaabayaasha kaliya marka runtii loo baahdo (oo si fudud loo yareeyo haddii loo baahdo).

Tayada kormeerka ayaa sidoo kale si weyn loogu wanaajiyey qalabyada ay ka midka yihiin Prometheus, Grafana, Loki, Fluentd iyo Elasticsearch, taasoo kuu ogolaaneysa inaad si dhexe u aragto dhammaan culeysyada shaqada ee kutlada. Maanta waxaan eegi doonaa sida loo hirgeliyo dhoofiyaha Prometheus ee Java Virtual Machine (JVM).

Ujeeddooyinka

Aan eegno dhowr meelood oo aan ku habeyn karno sawirka Camunda BPM Docker (github) si ay si fiican ula falgalaan Kubernetes.

  1. Logs iyo metrik;
  2. Isku xirka xogta;
  3. Xaqiijinta;
  4. Maareynta fadhiga.

Waxaan eegi doonaa dhowr siyaabood oo lagu gaari karo yoolalkan si cadna waxaan u muujin doonaa habka oo dhan.

tacliiq: Ma isticmaaleysaa nooca Enterprise? Fiiri halkan oo cusboonaysii xiriirinta sawirka hadba sida loogu baahdo.

Horumarinta socodka shaqada

Muujintan, waxaan u isticmaali doonaa Skaffold si aan u dhisno sawirada Docker anagoo adeegsanayna Google Cloud Build. Waxay taageero wanaagsan u haysaa qalabyo kala duwan (sida Kustomize iyo Helm), CI iyo qalab dhis, iyo bixiyeyaasha kaabayaasha. Faylka skaffold.yaml.tmpl waxaa ku jira dejinta Google Cloud Build iyo GKE, oo siinaya hab aad u fudud oo lagu socodsiiyo kaabayaasha heerka-soo-saarka.

make skaffold wuxuu ku shubi doonaa macnaha guud ee Dockerfile Cloud Build, wuxuu dhisi doonaa sawirka oo ku kaydin doonaa GCR, ka dibna ku dabaqi doonaa muujinta kooxdaada. Tani waa waxa ay qabato make skaffold, laakiin Skaffold waxay leedahay astaamo kale oo badan.

Qaababka yaml ee Kubernetes, waxaan u isticmaalnaa kustomize si aan u maareyno dulsaaryada yamalka annagoo fargeeto dhammaan muujinta, taasoo kuu oggolaaneysa inaad isticmaasho git pull --rebase horumar dheeraad ah. Hadda waxay ku jirtaa kubectl waxayna si fiican ugu shaqeysaa waxyaalahan oo kale.

Waxaan sidoo kale isticmaalnaa envsubst si aan ugu shubno magaca martida loo yahay iyo aqoonsiga mashruuca GCP ee * .yaml.tmpl. Waxaad arki kartaa sida ay u shaqeyso makefile ama sii wad.

Xaaladaha lagama maarmaanka ah

  • Kooxda shaqada Kubureteska
  • Habbee
  • Skaffold - si aad u abuurto sawirada docker-kaaga oo si sahlan loo geeyo GKE
  • Nuqul ka mid ah koodkan
  • Envsubst

Socodka shaqada iyadoo la adeegsanayo muujinta

Haddii aadan rabin inaad isticmaasho kustomize ama skaffold, waxaad tixraaci kartaa muujinta gudaha generated-manifest.yaml oo la waafaji habka shaqada ee aad dooratay.

Logs iyo metrik

Prometheus waxa uu noqday halbeega ururinta cabbirada Kubernetes. Waxay haysataa isla niche sida AWS Cloudwatch Metrics, Cloudwatch Alerts, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics iyo kuwa kale. Waa il furan waxayna leedahay luuqad waydiineed oo awood leh. Waxaan u wakiin doonaa sawirka Grafana - waxay la timid tiro badan oo dashboards ah oo laga heli karo sanduuqa dhexdiisa. Way isku xidhan yihiin oo way fududahay in lagu rakibo prometheus-operator.

Sida caadiga ah, Prometheus waxay isticmaashaa qaabka soo saarista <service>/metrics, iyo ku darida weelasha dhinaca baabuurka ee tan waa wax caadi ah. Nasiib darro, cabbirka JMX ayaa sida ugu fiican loo geliyaa JVM-ka, sidaa darteed weelasha dhinacyadu si fiican uma shaqeeyaan. Aan isku xirno jmx_ dhoofiye il furan oo ka timid Prometheus ilaa JVM adoo ku daraya sawirka weelka kaas oo bixin doona wadada /metrics deked kale.

Ku dar Prometheus jmx_exporter weelka

-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0

## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml

Hagaag, taasi way fududahay. Dhoofintu waxay la socon doontaa Tomcat oo ku soo bandhigi doona cabbirkeeda qaabka Prometheus at <svc>:9404/metrics

Dejinta dhoofiyaha

Akhristaha u fiirsada waxa laga yaabaa inuu is weydiiyo xaggee ka timid prometheus-jmx.yaml? Waxaa jira waxyaabo badan oo kala duwan oo ku dhex socon kara JVM, iyo tomcat waa mid ka mid ah, markaa dhoofiyuhu wuxuu u baahan yahay qaabeyn dheeraad ah. Habaynta caadiga ah ee tomcat, wildfly, kafka iyo wixii la mid ah ayaa la heli karaa halkan. Waxaan ku dari doonaa tomcat sida ConfigMap Kubernetes ka dibna ku dheji sida mugga.

Marka hore, waxaan ku darnaa faylka qaabeynta dhoofiyaha ee madal/habayn/ hagahayaga

platform/config
└── prometheus-jmx.yaml

Kadibna waxaan ku daraynaa ConfigMapGenerator в kustomization.yaml.tmpl:

-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...] configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml

Tani waxay ku dari doontaa walxo kasta files[] Qaabaynta ConfigMap ahaan. ConfigMapGenerators aad bay u fiican yihiin sababtoo ah waxay xadhkahaan xogta qaabeynta waxayna ku qasbaan in boodhka dib loo bilaabo haddii ay isbedelaan. Waxay sidoo kale yareeyaan qadarka qaabeynta ee Deployment maadaama aad ku dhejin karto "folder" oo dhan ee faylasha qaabeynta hal VolumeMount.

Ugu dambeyntii, waxaan u baahannahay inaan kor ugu qaadno ConfigMap-ka sida mugga korka:

-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...] spec:
template:
spec:
[...] volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]

Cajiib. Haddii Prometheus aan loo habeynin inuu sameeyo nadiifin buuxda, waxaa laga yaabaa inaad u sheegto si aad u nadiifiso boodhka. Isticmaalayaasha Prometheus Operator way isticmaali karaan service-monitor.yaml si loo bilaabo. Baadh Service-monitor.yaml, naqshadeynta hawlwadeenka и ServiceMonitorSpec inta aadan bilaabin.

Ku dheeraynta qaabkan kiisaska kale ee isticmaalka

Dhammaan faylasha aan ku darno ConfigMapGenerator waxay ku jiri doonaan hagaha cusub /etc/config. Waxaad kordhin kartaa template-ka si aad ugu dhejiso faylasha qaabeynta kale ee aad u baahan tahay. Waxaad xitaa dhejin kartaa qoraal cusub oo bilow ah. Waad isticmaali kartaa Waddada hoose in lagu dhejiyo faylal gaar ah. Si aad u cusboonaysiiso faylasha xml, tixgeli isticmaalka xmlstarlet halkii sed. Horay ayaa loogu daray sawirka.

Majalado

War wanaagsan! Logyada arjiga ayaa horay looga heli jiray stdout, tusaale ahaan kubectl logs. Fluentd (oo si caadi ah loogu rakibay GKE) ayaa u gudbin doonta diiwaannadaada Elasticsearch, Loki, ama goobta ganacsigaaga. Haddii aad rabto inaad isticmaasho jsonify for logs markaas waxaad raaci kartaa template kor ku xusan si loo rakibo dib u dhac.

Database

Sida caadiga ah, sawirku wuxuu lahaan doonaa kaydka H2. Kani naguma habboona, waxaanan isticmaali doonaa Google Cloud SQL oo wata Cloud SQL Proxy - tan ayaa loo baahan doonaa hadhow si loo xalliyo dhibaatooyinka gudaha. Tani waa ikhtiyaar fudud oo la isku halayn karo haddii aanad lahayn dookh adiga kuu gaar ah si aad u dejiso kaydka xogta. AWS RDS waxay bixisaa adeeg la mid ah.

Iyadoo aan loo eegin database-ka aad doorato, ilaa ay tahay H2, waxaad u baahan doontaa inaad dejiso doorsoomayaasha deegaanka ee ku habboon platform/deploy.yaml. Waxay u egtahay sidan:

-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...] spec:
template:
spec:
[...] containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]

tacliiq: Waxaad isticmaali kartaa Kustomize si aad u geyso deegaanno kala duwan adiga oo isticmaalaya dulsaar: Tusaale.

tacliiq: Isticmaalka valueFrom: secretKeyRef. Fadlan isticmaal muuqaalkan Kubernetes xitaa inta lagu jiro horumarka si aad sirtaada u ilaaliso.

Waxay u badan tahay inaad horey u haysatay nidaam aad door bidayso inaad ku maamusho siraha Kubernetes. Haddaysan ahayn, waa kuwan ikhtiyaarrada qaarkood: Ku sir sir bixiyahaaga KMS ka dibna ku duri K8S sir ahaan iyada oo loo marayo dhuumaha CD-ga Mozilla SOPS - si aad u wanaagsan ayuu u shaqayn doonaa marka lagu daro Kustomize sirta. Waxa jira qalabyo kale, sida dotGPG, oo qabta hawlo la mid ah: XaashiCorp Vault, Habbee Plugins Qiimaha Qarsoon.

Ingress

Ilaa aad dooratid inaad isticmaasho gudbinta dekedaha deegaanka, waxaad u baahan doontaa kontorool la habeeyey. Haddii aadan isticmaalin gudaha-nginx (shaxda Helm) ka dib waxay u badan tahay inaad hore u ogaatay inaad u baahan tahay inaad ku rakibto tafsiiryada lagama maarmaanka ah gudaha ingress-patch.yaml.tmpl ama platform/ingress.yaml. Haddii aad isticmaalayso ingress-nginx oo aad aragto fasalka nginx oo leh miisaan culeyska oo tilmaamaya isaga iyo DNS dibadeed ama galitaanka DNS, waad fiicantahay inaad tagto. Haddii kale, habee Controller Ingress iyo DNS, ama ka bood tillaabooyinkan oo xaji xiriirka tooska ah ee boodhka.

TLS

Hadaad isticmaaleyso maamule ceer ama kube-lego iyo letsencrypt - shahaadooyinka gelitaanka cusub si toos ah ayaa loo heli doonaa. Haddii kale, fur ingress-patch.yaml.tmpl oo u habayn si ay ugu habboonaato baahiyahaaga.

Bilaw!

Haddii aad raacdo wax kasta oo kor ku qoran, ka dibna amarka make skaffold HOSTNAME=<you.example.com> waa in ay bilaabaan tusaale la heli karo gudaha <hostname>/camunda

Haddii aadan dejin galitaankaaga URL dadweyne, waxaad dib ugu hagaajin kartaa localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 on localhost:8080/camunda

Sug dhowr daqiiqo ilaa tomcat uu si buuxda diyaar u yahay. Cert-maareeyaha waxay qaadan doontaa wakhti si loo xaqiijiyo magaca domainka Waxaad markaa la socon kartaa diiwaannada adigoo isticmaalaya qalabka la heli karo sida qalab sida kubetail, ama si fudud u isticmaalaya kubectl:

kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f

Tallaabooyinka xiga

Oggolaanshaha

Tani waxay aad ugu habboon tahay habaynta Camunda BPM marka loo eego Kubernetes, laakiin waxaa muhiim ah in la ogaado in asal ahaan, xaqiijintu ay naafo tahay REST API. Waad awoodaa awood xaqiijinta aasaasiga ah ama isticmaal hab kale sida J.W.T.. Waxaad isticmaali kartaa qaabaynta iyo mugga si aad ugu shubto xml, ama xmlstarlet (kor eeg) si aad u saxdo faylalka jira ee sawirka, oo ama isticmaal wget ama ku shub iyaga oo isticmaalaya weel init iyo mugga la wadaago.

Maareynta fadhiga

Sida codsiyo kale oo badan, Camunda BPM waxay qabataa kalfadhiyada JVM-ka, marka haddii aad rabto inaad socodsiiso nuqullo badan, waxaad awood u yeelan kartaa kulamo dhegdheg leh (tusaale ahaan ingress-nginx), kaas oo jiri doona ilaa nuqulku ka baaba'o, ama dejiyo sifada ugu badan ee da'da cookies. Si loo helo xal ka sii adag, waxaad geyn kartaa Maareeyaha Kalfadhi Tomcat. Lars ayaa leh boosto gaar ah mawduucan, laakiin wax u eg:

wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&

sed -i '/^</Context>/i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://redis-proxy.db:22121"
sticky="false"
sessionBackupAsync="false"
storageKeyPrefix="context"
lockingMode="auto"
/>' conf/context.xml

tacliiq: waxaad isticmaali kartaa xmlstarlet bedelkii sed

Waxaan isticmaalnay twemproxy hortiisa Google Cloud Memorystore, oo leh memcached-fadhi-maareeyaha (waxay taageertaa Redis) si ay u socodsiiso.

Isku-dheellitirnaan

Haddii aad hore u fahantay fadhiyada, ka dib kow (iyo inta badan kan ugu dambeeya) xaddidaadda miisaanka Camunda BPM waxa laga yaabaa inay tahay xidhiidhka xogta. Waxka beddelka qayb ka mid ah mar hore ayaa la heli karaa"ka santuuqa" Aynu sidoo kale daminno intialSize ee faylka settings.xml. Ku dar Horizontal Pod Autoscaler (HPA) oo si fudud ayaad si toos ah u cabbiri kartaa tirada galalka.

Codsiyada iyo xannibaadaha

В platform/deployment.yaml Waxaad arki doontaa inaan si adag u sumad-dhignay goobta kheyraadka. Tani waxay si fiican ula shaqeysaa HPA, laakiin waxay u baahan kartaa qaabayn dheeri ah. Xirmada kustomize ayaa ku habboon tan. Cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl

gunaanad

Markaa waxaan ku rakibnay Camunda BPM Kubernetes oo wata Prometheus metrics, logs, database H2, TLS iyo Ingress. Waxaan ku darnay faylalka weelka iyo faylalka qaabeynta anagoo adeegsanayna ConfigMaps iyo Dockerfile. Waxaan ka hadalnay ku beddelashada xogta mugga iyo si toos ah doorsoomayaasha deegaanka ee siraha. Intaa waxaa dheer, waxaan bixinay dulmar ku saabsan dejinta Camunda nuqulo badan iyo API la xaqiijiyay.

tixraacyada

github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes

├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives

05.08.2020/XNUMX/XNUMX, tarjumaad qodobbada Alastair Firth, Lars Lange

Source: www.habr.com

Add a comment