Ke eng e tlileng pele - khoho kapa lehe? Ke qalo e makatsang ea sengoloa se buang ka Infrastructure-as-Code, na ha ho joalo?
Lehe ke eng?
Hangata, Infrastructure-as-Code (IaC) ke mokhoa o phatlalatsang oa ho emela litšebeletso tsa motheo. Ho eona re hlalosa boemo boo re batlang ho bo fihlela, ho qala ka karolo ea hardware le ho qetella ka tlhophiso ea software. Ka hona, IaC e sebelisetsoa:
- Phano ea Mehloli. Tsena ke li-VM, S3, VPC, joalo-joalo. Lisebelisoa tsa mantlha tsa mosebetsi: и .
- . Lisebelisoa tsa mantlha: , Chef, joalo-joalo.
Khoutu efe kapa efe e ka har'a polokelo ea git. 'Me kapele kapa hamorao moeta-pele oa sehlopha o tla etsa qeto ea hore ba hloka ho behoa ka tatellano. 'Me o tla refactor. 'Me e tla theha sebopeho se itseng. 'Me o tla bona hore sena se molemo.
Hape ho molemo hore e se e ntse e le teng и -mofani bakeng sa Terraform (mme sena ke Software Configuration). Ka thuso ea bona, o ka tsamaisa morero oohle: litho tsa sehlopha, CI/CD, git-flow, joalo-joalo.
Lehe le ne le tsoa hokae?
Kahoo butle-butle re ntse re atamela potso ea sehlooho.
Pele ho tsohle, o hloka ho qala ka polokelo e hlalosang sebopeho sa libaka tse ling tsa polokelo, ho kenyeletsoa le uena. Ehlile, joalo ka karolo ea GitOps, o hloka ho eketsa CI e le hore liphetoho li ka etsoa ka bohona.
Haeba Git ha e so thehoe?
- U ka e boloka joang ho Git?
- Mokhoa oa ho kenya CI?
- Haeba re boetse re tsamaisa Gitlab re sebelisa IaC, esita le ho Kubernetes?
- Le GitLab Runner le eona e ho Kubernetes?
- Ho thoe'ng ka Kubernetes ho mofani oa maru?
Ke eng e tlileng pele: GitLab moo ke tla kenya khoutu ea ka, kapa khoutu e hlalosang hore na ke hloka GitLab ea mofuta ofe?
Khoho e nang le mahe
«3 le dinosaur" []
A re leke ho pheha sejana re sebelisa mofani oa leru .
TL; DR
Na hoa khoneha ho kena sehlopheng se le seng ka nako e le 'ngoe?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashLijo:
- Ak'haonte e tsoang ho my.selectel.ru;
- Letšoao la akhaonto;
- litsebo tsa Kubernetes;
- Tsebo ea Helm;
- Tsebo ea Terraform;
- Chate ea Helm GitLab;
- Chate ea Helm GitLab Runner.
Recipe:
- Fumana MY_SELECTEL_TOKEN ho phanele my.selectel.ru.
- Theha sehlopha sa Kubernetes ka ho fetisetsa token ea akhaonto ho eona.
- Fumana KUBECONFIG ho tsoa sehlopheng se entsoeng.
- Kenya GitLab ho Kubernetes.
- Fumana GitLab-token ho tsoa ho GitLab e etselitsoeng mosebelisi motso.
- Theha sebopeho sa projeke ho GitLab u sebelisa GitLab-token.
- Tobetsa khoutu e teng ho GitLab.
- ???
- Moputso!
hata 1. Letšoao le ka fumanoa karolong .
hata 2. Re lokisa Terraform ea rona bakeng sa "ho baka" sehlopha sa li-node tse peli. Haeba u na le bonnete ba hore u na le lisebelisoa tse lekaneng bakeng sa ntho e 'ngoe le e' ngoe, u ka khona ho nolofalletsa li-quotas tsa likoloi:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Kenya mosebelisi ho projeke:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Sephetho:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Re qala:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
hata 3. Re fumana cubeconfig.
Ho khoasolla KUBECONFIG ka mokhoa o hlophisitsoeng, o hloka ho fumana letšoao ho tsoa ho OpenStack:
openstack token issue -c id -f value > token'Me ka letšoao lena etsa kopo ho Managed Kubernetes Selectel API. k8s_id litaba terraform:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlCupconfig e ka fumaneha hape ka phanele.
hata 4. Ka mor'a hore sehlopha se behoe 'me re khone ho se fumana, re ka eketsa yaml ka holimo ho latsoa.
Ke khetha ho eketsa:
- sebaka sa mabitso
- sehlopha sa polokelo
- pholisi ea tšireletso ea pod joalo-joalo.
bakeng sa Selectel e ka nkoa ho .
Ho tloha qalong ke khethile sehlopha sebakeng seo ru-3a, ebe ke hloka Storage Class ho tloha sebakeng sena.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: truehata 5. Kenya selekanyi sa mojaro.
Re tla sebelisa e tloaelehileng bakeng sa ba bangata nginx-ingress. Ho se ho na le litaelo tse ngata tsa ho e kenya, kahoo re ke ke ra lula ho eona.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlRe emetse hore e fumane IP ea kantle bakeng sa metsotso e ka bang 3-4:
E amohetse IP ea kantle:
hata 6. Kenya GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Hape re emetse hore li-pods tsohle li tsohe.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Litholoana li ile tsa phahama:
hata 7. Re amohela GitLab-token.
Ntlha ea pele, fumana password ea ho kena:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeJoale ha re kene 'me re fumane letšoao:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.iohata 8. Ho tlisa li-repositories tsa Git ho sehlopha se nepahetseng ho sebelisa Mofani oa Gitlab.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileKa bomalimabe, mofani oa terraform GitLab o na le phaphametseng . Ebe o tla tlameha ho hlakola merero e hanyetsanang ka letsoho hore tf.state e lokisoe. Ebe u tsamaisa taelo hape `$make all`
hata 9. Re fetisetsa polokelo ea lehae ho seva.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)E entsoe:
fihlela qeto e
Re fihletse hore re ka laola ntho e 'ngoe le e' ngoe ka mokhoa o hlakileng ho tloha mochine oa rona oa lehae. Joale ke batla ho fetisetsa mesebetsi ena kaofela ho CI ebe ke tobetsa likonopo feela. Ho etsa sena, re hloka ho fetisetsa linaha tsa habo rona (Terraform state) ho CI. Mokhoa oa ho etsa sena o karolong e latelang.
Ngolisa ho rona e le hore u se ke ua fetoa ke ho lokolloa ha lihlooho tse ncha!
Source: www.habr.com