Malebela le maqheka a Kubernetes: mabapi le nts'etsopele ea lehae le Telepresence

Re ntse re botsoa khafetsa mabapi le ho nts'etsapele li-microservices ho Kubernetes. Bahlahisi, haholo-holo ba lipuo tse tolokiloeng, ba batla ho lokisa kapele khoutu ho IDE eo ba e ratang 'me ba bone sephetho ntle le ho emela ho aha / ho tsamaisoa - ka ho tobetsa F5 feela. 'Me ha ho tluoa tabeng ea kopo ea monolithic, ho ne ho lekane ho kenya database le seva sa websaete (ho Docker, VirtualBox ...), ebe hang-hang u thabela tsoelo-pele. Ka ho khaola li-monoliths ho li-microservices le ho fihla ha Kubernetes, ka ponahalo ea ho itšetleha ka e mong, ntho e 'ngoe le e' ngoe. ho ile ha thatafala hanyane. Ha li-microservices tsena li ntse li eketseha, mathata le ho feta. Ho thabela nts'etsopele hape, o hloka ho phahamisa lijana tsa Docker tse fetang e le 'ngoe kapa tse peli,' me ka linako tse ling le ho feta tse leshome le metso e 'meli ... Ka kakaretso, sena sohle se ka nka nako e ngata haholo, kaha se boetse se hloka ho bolokoa esale pele. .

Ka linako tse fapaneng re ile ra leka ho rarolla bothata bona ka litsela tse fapaneng. 'Me ke tla qala ka li-workaround tse bokelletsoeng kapa "lithupa" feela.

1. Liikokotlelo

Li-IDE tse ngata li na le bokhoni ba ho hlophisa khoutu ka kotloloho ho seva ho sebelisa FTP/SFTP. Tsela ena e hlakile haholo 'me hang-hang re ile ra etsa qeto ea ho e sebelisa. Boleng ba eona bo itšetlehile ka lintlha tse latelang:

1. Ka har'a maemo a nts'etsopele (dev/review), ho hlahisoa setshelo se eketsehileng se nang le phihlello ea SSH le ho fetisetsa senotlolo sa sechaba sa SSH sa mohlahlami ea tla kenya / ho tsamaisa kopo.
2. Boemong ba ho qala (ka har'a setshelo prepare-app) fetisetsa khoutu ho emptyDirho ba le phihlello ea khoutu ho tsoa ho lijana tsa kopo le seva sa SSH.

Ho utloisisa hamolemo ts'ebetsong ea tekheniki ea morero o joalo, ke tla fana ka likaroloana tsa meralo e amehang ea YAML ho Kubernetes.

Litlhophiso

1.1. boleng.yaml

ssh_pub_key:
  vasya.pupkin: <ssh public key in base64> 

ke vasya.pupkin ke boleng ba phetoho ${GITLAB_USER_LOGIN}.

1.2. thomelo.yaml

...
{{ if eq .Values.global.debug "yes" }}
      volumes:
      - name: ssh-pub-key
        secret:
          defaultMode: 0600
          secretName: {{ .Chart.Name }}-ssh-pub-key
      - name: app-data
        emptyDir: {}
      initContainers:
      - name: prepare-app
{{ tuple "backend" . | include "werf_container_image" | indent 8 }}
        volumeMounts:
        - name: app-data
          mountPath: /app-data
        command: ["bash", "-c", "cp -ar /app/* /app-data/" ]
{{ end }}
      containers:
{{ if eq .Values.global.debug "yes" }}
      - name: ssh
        image: corbinu/ssh-server
        volumeMounts:
        - name: ssh-pub-key
          readOnly: true
          mountPath: /root/.ssh/authorized_keys
          subPath: authorized_keys
        - name: app-data
          mountPath: /app
        ports:
        - name: ssh
          containerPort: 22
          protocol: TCP
{{ end }}
      - name: backend
        volumeMounts:
{{ if eq .Values.global.debug "yes" }}
        - name: app-data
          mountPath: /app
{{ end }}
        command: ["/usr/sbin/php-fpm7.2", "--fpm-config", "/etc/php/7.2/php-fpm.conf", "-F"]
...

1.3. sephiri.yaml

{{ if eq .Values.global.debug "yes" }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ .Chart.Name }}-ssh-pub-key
type: Opaque
data:
  authorized_keys: "{{ first (pluck .Values.global.username .Values.ssh_pub_key) }}"
{{ end }}

Tšoaro ea ho qetela

Ka mor'a moo ho setseng ke ho fetisetsa e hlokahalang mefuta e fapaneng ea gitlab-ci.yml:

dev:
  stage: deploy
  script:
   - type multiwerf && source <(multiwerf use 1.0 beta)
   - type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
   - werf deploy
     --namespace ${CI_PROJECT_NAME}-stage
     --set "global.env=stage"
     --set "global.git_rev=${CI_COMMIT_SHA}"
     --set "global.debug=yes"
     --set "global.username=${GITLAB_USER_LOGIN}"
 tags:
   - build

Voila: moqapi ea qalileng ho romelloa a ka hokela ka lebitso la ts'ebeletso (mokhoa oa ho fana ka phihlello ho sehlopha ka mokhoa o sireletsehileng, re se re boletse) ho tsoa komporong ea hau ka SFTP ebe u hlophisa khoutu ntle le ho emela hore e isoe sehlopheng.

Ena ke tharollo e sebetsang ka botlalo, empa ho latela pono ea ts'ebetsong e na le mefokolo e hlakileng:

• tlhokahalo ea ho ntlafatsa chate ea Helm, e etsang hore ho be thata ho bala nakong e tlang;
• e ka sebelisoa feela ke motho ea rometseng tšebeletso;
• o hloka ho hopola ho e hokahanya le bukana ea lehae ka khoutu ebe o e kenya ho Git.

2. Boteng ba thelevishene

Morero telepresence e ’nile ea tsebahala ka nako e telele, empa rōna, joalokaha ba bolela, “ha rea ​​ka ra itloaetsa ho e leka ka matla.” Leha ho le joalo, tlhokahalo e entse mosebetsi oa eona 'me joale re thabela ho arolelana phihlelo ea rona, e ka' nang ea e-ba molemo ho babali ba blog ea rona - haholo-holo kaha ha ho e-s'o be le lisebelisoa tse ling mabapi le Telepresence setsing leha ho le joalo.

Ka bokhutšoanyane, ntho e 'ngoe le e' ngoe e ile ea bonahala e se ntho e tšosang hakaalo. Re kentse liketso tsohle tse hlokang ho etsoa ho tsoa ho mohlahlami ka har'a faele ea mongolo ea Helm chart e bitsoang NOTES.txt. Kahoo, kamora ho romella ts'ebeletso ho Kubernetes, mohlahlami o bona litaelo tsa ho qala tikoloho ea lehae sebakeng sa mosebetsi oa GitLab:

!!! Разработка сервиса локально, в составе Kubernetes !!!

* Настройка окружения
* * Должен быть доступ до кластера через VPN
* * На локальном ПК установлен kubectl ( https://kubernetes.io/docs/tasks/tools/install-kubectl/ )
* * Получить config-файл для kubectl (скопировать в ~/.kube/config)
* * На локальном ПК установлен telepresence ( https://www.telepresence.io/reference/install )
* * Должен быть установлен Docker
* * Необходим доступ уровня reporter или выше к репозиторию https://gitlab.site.com/group/app
* * Необходимо залогинится в registry с логином/паролем от GitLab (делается один раз):

#########################################################################
docker login registry.site.com
#########################################################################

* Запуск окружения

#########################################################################
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name  }}:backend --mount=/tmp/app --docker-run -v `pwd`:/app -v /tmp/app/var/run/secrets:/var/run/secrets -ti registry.site.com/group/app/backend:v8
#########################################################################

Re ke ke ra lula ka ho qaqileng ka mehato e hlalositsoeng taelong ena ... ntle le ea ho qetela. Ho etsahala'ng nakong ea ho qala Telepresence?

Ho sebetsa le Telepresence

Ha re qala (re sebelisa taelo ea ho qetela e boletsoeng litaelong tse ka holimo), re beha:

• sebaka sa mabitso moo microservice e sebetsang teng;
• mabitso a deployment le setshelo re batla ho phunyeletsa.

Likhang tse setseng ke tsa boikhethelo. Haeba tšebeletso ea rona e sebelisana le Kubernetes API ServiceAccount e entsoe, re hloka ho kenya litifikeiti/li-tokens komporong ea rona. Ho etsa sena, sebelisa khetho --mount=true (kapa --mount=/dst_path), e tla beha motso (/) ho tloha setshelo sa Kubernetes ho ea komporong ea rona. Ka mor'a sena, re ka (ho itšetlehile ka OS le hore na kopo e qalisoa joang) sebelisa "linotlolo" tse tsoang sehlopheng.

Taba ea pele, a re shebeng khetho ea bokahohleng ea ho tsamaisa kopo - ka sejaneng sa Docker. Ho etsa sena re tla sebelisa senotlolo --docker-run 'me u kenye directory ka khoutu ka har'a setshelo: -v `pwd`:/app

Ka kopo hlokomela hore sena se sebetsa ho tsoa bukeng ea morero. Khoutu ea ts'ebeliso e tla kenngoa bukeng /app ka setshelong.

E latelang: -v /tmp/app/var/run/secrets:/var/run/secrets — ho kenya setifikeiti/letshwao ka hara setshelo.

Khetho ena e qetella e lateloa ke setšoantšo seo sesebelisoa se tla sebetsa ho sona. NB: Ha u theha setšoantšo, u tlameha ho hlakisa CMD kapa ENTRYPOINT!

Hantle-ntle ho tla etsahala’ng ka mor’a moo?

• Ho Kubernetes, bakeng sa Deployment e boletsoeng, palo ea replicas e tla fetoloa ho 0. Ho e-na le hoo, ho tla hlahisoa Deployment e ncha - e nang le sejana se nkelang sebaka. backend.
• Lijana tsa 2 li tla qala komporong: ea pele e nang le Telepresence (e tla etsa likopo tsa proxy ho tloha ho / ho Kubernetes), ea bobeli ka kopo e ntseng e ntlafatsoa.
• Haeba re kenya ka har'a setshelo ka kopo, joale mefuta eohle ea ENV e fetisitsoeng ke Helm nakong ea phepelo e tla ba teng ho rona, 'me lits'ebeletso tsohle le tsona li tla ba teng. Se setseng ke ho hlophisa khoutu ho IDE eo u e ratang haholo 'me u natefeloe ke sephetho.
• Qetellong ea mosebetsi, o hloka feela ho koala setsi seo Telepresence e sebetsang ho sona (ho felisa seboka ka Ctrl + C) - Lijana tsa Docker li tla emisa ho desktop, 'me ho Kubernetes ntho e' ngoe le e 'ngoe e tla khutlela boemong ba eona ba pele. Ho setseng ke ho itlama, ho fana ka MR le ho e fetisetsa ho hlahloba / ho kopanya / ... (ho itšetlehile ka mosebetsi oa hau).

Haeba re sa batle ho kenya ts'ebeliso ka har'a sets'oants'o sa Docker - mohlala, ha re hlahise PHP, empa ho Go, 'me re ntse re e haha ​​​​bakeng sa heno - ho qala Telepresence ho tla ba bonolo le ho feta:

telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name  }}:backend --mount=true

Haeba kopo ea hau e fihlella Kubernetes API, u tla hloka ho kenya lenane la linotlolo (https://www.telepresence.io/howto/volumes). Ho na le lisebelisoa tsa Linux motso:

proot -b $TELEPRESENCE_ROOT/var/run/secrets/:/var/run/secrets bash

Kamora ho qala Telepresence ntle le khetho --docker-run mefuta eohle ea tikoloho e tla fumaneha sebakeng sa hajoale, ka hona ts'ebeliso e tlameha ho hlahisoa ho eona.

NB: Ha u sebelisa, ka mohlala, PHP, u tlameha ho hopola ho tima op_cache, apc le li-accelerator tse ling bakeng sa nts'etsopele - ho seng joalo ho hlophisa khoutu ho ke ke ha lebisa sephethong se lakatsehang.

Liphello

Nts'etsopele ea lehae le Kubernetes ke bothata boo tharollo ea bona e ntseng e eketseha ho latela ho amoheloa ha sethala sena. Ha re fumana likōpo tse loketseng tse tsoang ho bahlahisi (ho tsoa ho bareki ba rona), re ile ra qala ho li rarolla ka mekhoa ea pele e fumanehang, eo, leha ho le joalo, e sa kang ea ipaka ka nako e telele. Ka lehlohonolo, sena ha sea totobala eseng hona joale feela, eseng ho rona feela, ka hona ho se ho ntse ho e-na le mekhoa e nepahetseng lefatšeng, 'me Telepresence ke eona e tummeng ka ho fetisisa ho bona (ka tsela, ho na le hape. sekefo ho tsoa ho Google). Phihlelo ea rona ea ho e sebelisa ha e e-s'o be kholo hakaalo, empa e se e re fa lebaka la ho e khothaletsa ho "basebetsi-'moho le rona lebenkeleng" - leka!

PES

Tse ling ho tsoa letotong la malebela le maqheka a K8s:

• «Malebela le maqheka a Kubernetes: maqephe a phoso a tloaelo ho NGINX Ingress";
• «Ho fetisetsa lisebelisoa tse sebetsang ka sehlopha ho tsamaiso ea Helm 2";
• «Mabapi le kabo ea li-node le meroalo ho sesebelisoa sa webo";
• «Ho fihlella libaka tsa marang-rang";
• «Ho potlakisa bootstrap bakeng sa li-database tse kholo".

Source: www.habr.com