ProHoster > Blog > Tsamaiso > Kenyelletso ea GitOps bakeng sa OpenShift

Kenyelletso ea GitOps bakeng sa OpenShift

Kajeno re tla bua ka melao-motheo le mehlala ea GitOps, hammoho le hore na mefuta ena e sebelisoa joang sethaleng sa OpenShift. Tataiso e sebetsanang le taba ena e teng link tsa.

Kenyelletso ea GitOps bakeng sa OpenShift

Ka bokhuts'oane, GitOps ke sete sa litloaelo tsa ho sebelisa likopo tsa ho hula tsa Git ho laola lits'ebetso le litlhophiso tsa ts'ebeliso. Sebaka sa polokelo ea Git ho GitOps se nkoa e le mohloli o le mong oa tlhahisoleseding mabapi le boemo ba tsamaiso, 'me liphetoho leha e le life sebakeng sena li ka lateloa ka ho feletseng le ho hlahlojoa.

Mohopolo oa ho latela phetoho ho GitOps ha o ncha ho hang; mokhoa ona esale o sebelisoa hoo e batlang e le hohle ha o sebetsa ka khoutu ea mohloli oa kopo. GitOps e sebelisa feela likarolo tse ts'oanang (litlhahlobo, likopo tsa ho hula, li-tag, joalo-joalo) lits'ebetsong tsa ts'ebetso le ts'ebetso ea ts'ebetso mme e fana ka melemo e ts'oanang le ea taolo ea khoutu ea mohloli.

Ha ho na tlhaloso ea thuto kapa melao e amohetsoeng bakeng sa GitOps, ke melaoana feela eo tloaelo ena e hahiloeng holim'a eona:

  • Tlhaloso ea phatlalatso ea sistimi e bolokiloe sebakeng sa polokelo ea Git (litlhophiso, tlhokomelo, joalo-joalo).
  • Liphetoho tsa naha li etsoa ka likopo tsa ho hula.
  • Boemo ba lits'ebetso bo tsamaisana le data e polokelong ho sebelisoa likopo tsa Git push.

GitOps Melao-motheo

  • Litlhaloso tsa sistimi li hlalosoa e le khoutu ea mohloli

Litlhophiso tsa sistimi li nkuoa e le khoutu kahoo e ka bolokoa le ho fetoleloa ka bo eona sebakeng sa polokelo ea Git, e sebetsang e le mohloli o le mong oa 'nete. Mokhoa ona o etsa hore ho be bonolo ho qala le ho khutlisa liphetoho tsa sistimi.

  • Boemo bo lakatsehang le tlhophiso ea litsamaiso li behiloe le ho fetoleloa ho Git

Ka ho boloka le ho fetolela boemo bo lakatsehang ba litsamaiso ho Git, re khona ho qala le ho khutlisetsa liphetoho lits'ebetsong le lits'ebetsong habonolo. Hape re ka sebelisa mekhoa ea ts'ireletso ea Git ho laola beng ba khoutu le ho netefatsa bonnete ba eona.

  • Liphetoho tsa tlhophiso li ka sebelisoa ka bo eona ka likopo tsa ho hula

Re sebelisa likopo tsa ho hula tsa Git, re ka laola habonolo hore na liphetoho li sebelisoa joang ho litlhophiso sebakeng sa polokelo. Mohlala, li ka fuoa litho tse ling tsa sehlopha bakeng sa tlhahlobo kapa ho tsamaisa liteko tsa CI, jj.

'Me ka nako e ts'oanang, ha ho hlokahale ho aba matla a admin ka ho le letšehali le ka ho le letona. Ho etsa liphetoho tsa tlhophiso, basebelisi ba hloka feela tumello e nepahetseng sebakeng sa polokelo ea Git moo litlhophiso tseo li bolokiloeng teng.

  • Ho lokisa bothata ba ho hoholeha ho sa laoleheng ha litlhophiso

Hang ha boemo bo lakatsehang ba sistimi bo bolokiloe polokelong ea Git, sohle seo re lokelang ho se etsa ke ho fumana software e tla netefatsa hore boemo ba hajoale ba sistimi bo lumellana le boemo boo e bo batlang. Haeba ho se joalo, software ena e lokela - ho latela litlhophiso - e felise ho se lumellane ka bo eona, kapa e re tsebise mabapi le ho hoholeha ha tlhophiso.

Mefuta ea GitOps bakeng sa OpenShift

On-Cluster Resource Reconciler

Ho latela mohlala ona, sehlopha se na le molaoli ea ikarabellang ho bapisa mehloli ea Kubernetes (lifaele tsa YAML) sebakeng sa polokelo ea Git le lisebelisoa tsa sebele tsa sehlopha. Haeba ho se lumellane ho fumanoa, molaoli o romela litsebiso mme mohlomong a nke khato ho lokisa liphapang. Mohlala ona oa GitOps o sebelisoa ho Anthos Config Management le Weaveworks Flux.

Kenyelletso ea GitOps bakeng sa OpenShift

Reconciler ea Kantle (Push)

Moetso ona o ka nkuoa e le phapang ea o fetileng, ha re e-na le molaoli a le mong kapa ba bangata ba ikarabellang bakeng sa ho hokahanya lisebelisoa ka lipara tsa "Git repository - Kubernetes cluster". Phapang mona ke hore sehlopha ka seng se laoloang ha se hakaalo hore se na le molaoli oa sona ea arohaneng. Li-pair tsa lihlopha tsa Git - k8s hangata li hlalosoa e le li-CRD (litlhaloso tsa lisebelisoa tsa moetlo), tse ka hlalosang hore na molaoli o lokela ho etsa tumellano joang. Ka har'a mohlala ona, balaoli ba bapisa polokelo ea Git e boletsoeng ho CRD le lisebelisoa tsa lihlopha tsa Kubernetes, tse boletsoeng hape ho CRD, 'me ba etsa liketso tse nepahetseng ho latela liphello tsa papiso. Haholo-holo, mohlala ona oa GitOps o sebelisoa ho ArgoCD.

Kenyelletso ea GitOps bakeng sa OpenShift

GitOps sethaleng sa OpenShift

Tsamaiso ea mekhoa ea mekhoa ea mekhoa e mengata ea lihlopha tsa Kubernetes

Ka ho ata ha Kubernetes le botumo bo ntseng bo eketseha ba maano a maru a mangata le komporo ea moeli, palo e tloaelehileng ea lihlopha tsa OpenShift ka moreki le eona e ntse e eketseha.

Ka mohlala, ha u sebelisa k'homphieutha ea moeli, lihlopha tsa moreki a le mong li ka sebelisoa ka makholo kapa esita le likete. Ka lebaka leo, o qobelloa ho laola lihlopha tse 'maloa tse ikemetseng kapa tse hokahaneng tsa OpenShift marung a sechaba le sebakeng sa pele.

Tabeng ena, mathata a mangata a tlameha ho rarolloa, haholo-holo:

  • Laola hore lihlopha li boemong bo tšoanang (litlhophiso, tlhokomelo, polokelo, joalo-joalo)
  • Theha bocha (kapa khutlisetsa) lihlopha ho ipapisitse le naha e tsebahalang.
  • Theha lihlopha tse ncha ho latela naha e tsebahalang.
  • Hlahisa liphetoho ho lihlopha tse ngata tsa OpenShift.
  • Khutlisetsa liphetoho ho pholletsa le lihlopha tse ngata tsa OpenShift.
  • Kopanya litlhophiso tse entsoeng ka sebopeho le maemo a fapaneng.

Litlhophiso tsa Ts'ebeliso

Nakong ea bophelo ba bona, likopo li atisa ho feta har'a lihlopha tsa lihlopha (dev, sethala, joalo-joalo) pele li qetella li le sehlopheng sa tlhahiso. Ho feta moo, ka lebaka la boteng le litlhoko tsa scalability, bareki ba atisa ho romela likopo ho pholletsa le lihlopha tse ngata tsa sebaka sa marang-rang kapa libaka tse ngata tsa sethala sa maru sa sechaba.

Tabeng ena, mesebetsi e latelang e tlameha ho rarolloa:

  • Netefatsa motsamao oa lits'ebetso (li-binaries, configs, joalo-joalo) lipakeng tsa lihlopha (dev, sethala, joalo-joalo).
  • Hlahisa liphetoho lits'ebetsong (li-binaries, configs, joalo-joalo) ka lihlopha tse 'maloa tsa OpenShift.
  • Khutlisetsa liphetoho lits'ebetsong boemong bo tsejoang pele.

OpenShift GitOps Sebelisa Maemo

1. Ho sebelisa liphetoho ho tsoa polokelong ea Git

Motsamaisi oa sehlopha a ka boloka litlhophiso tsa lihlopha tsa OpenShift sebakeng sa polokelo ea Git mme a li sebelisa ka bohona ho theha lihlopha tse ncha le ho li tlisa boemong bo ts'oanang le boemo bo tsejoang bo bolokiloeng polokelong ea Git.

2. Ho lumellana le Mookameli oa Lekunutu

Mookameli o tla rua molemo ho bokhoni ba ho hokahanya lintho tsa lekunutu tsa OpenShift le software e nepahetseng joalo ka Vault e le ho li laola ka lisebelisoa tse etselitsoeng sena ka ho khetheha.

3. Taolo ea litlhophiso tsa drift

Tsamaiso e tla amohela feela haeba OpenShift GitOps ka boeona e tsebahatsa le ho hlokomelisa ka liphapang lipakeng tsa tlhophiso ea 'nete le tse boletsoeng sebakeng sa polokelo, e le hore ba ka arabela kapele ho hoholeha.

4. Litsebiso mabapi le ho hoholeha ha tlhophiso

Li na le thuso ha molaoli a batla ho ithuta ka potlako ka linyeoe tsa ho hoholeha e le hore a nke mehato e nepahetseng a le mong.

5. Khokahano ea litlhophiso ka letsoho ha e hoholeha

E lumella admin ho hokahanya sehlopha sa OpenShift le polokelo ea Git ha ho ka ba le ts'ireletseho ea litlhophiso, ho khutlisetsa sehlopha sebakeng se tsebahalang pele.

6.Auto-synchronization ea tlhophiso ha ho hoholeha

Mookameli a ka boela a lokisa sehlopha sa OpenShift hore se ikamahanye le sebaka sa polokelo ha ho fumanoa ho hoholeha, e le hore tlhophiso ea sehlopha e lula e lumellana le configs ho Git.

7. Lihlopha tse 'maloa - polokelo e le' ngoe

Motsamaisi a ka boloka litlhophiso tsa lihlopha tse fapaneng tse fapaneng tsa OpenShift sebakeng se le seng sa Git mme a li sebelise ka mokhoa o ikhethileng kamoo ho hlokahalang.

8. Tsamaiso ea litlhophiso tsa lihlopha (lefa)

Mookameli a ka theha sehlopha sa litlhophiso tsa lihlopha sebakeng sa polokelo (sethala, prod, portfolio ea app, joalo-joalo ka lefa). Ka mantsoe a mang, e ka etsa qeto ea hore na litlhophiso li lokela ho sebelisoa sehlopheng se le seng kapa ho feta.

Ka mohlala, haeba mookameli a beha sehlopha sa "Production clusters (prod) → Lihlopha tsa X System → Lihlopha tsa tlhahiso ea tsamaiso X" sebakeng sa polokelo ea Git, joale motsoako oa litlhophiso tse latelang o sebelisoa ho lihlopha tsa tlhahiso ea tsamaiso X:

  • Litlhophiso tse tloaelehileng ho lihlopha tsohle tsa tlhahiso.
  • Litlhophiso tsa sehlopha sa System X.
  • Litlhophiso tsa sehlopha sa tlhahiso ea sistimi ea X.

9. Lithempleite le litlhophiso lia feta

Mookameli a ka fetisa sehlopha sa li-configs tse futsitsoeng le boleng ba tsona, mohlala, ho lokisa tlhophiso bakeng sa lihlopha tse itseng tseo li tla sebelisoa ho tsona.

10. Khetho e kenyelletsa le ho qhelela ka thoko bakeng sa litlhophiso, litlhophiso tsa ts'ebeliso

Mookameli a ka beha maemo bakeng sa ts'ebeliso kapa ho se sebelisoe ha litlhophiso tse itseng ho lihlopha tse nang le litšobotsi tse itseng.

11. Tšehetso ea template

Bahlahisi ba tla rua molemo ka bokhoni ba ho khetha hore na lisebelisoa tsa kopo li tla hlalosoa joang (Helm Chart, pure Kubernetes yaml, joalo-joalo) e le ho sebelisa mokhoa o nepahetseng ka ho fetisisa bakeng sa kopo ka 'ngoe e khethehileng.

Lisebelisoa tsa GitOps sethaleng sa OpenShift

ArgoCD

ArgoCD e sebelisa mohlala oa External Resource Reconcile 'me e fana ka UI e bohareng bakeng sa ho hlophisa likamano tse le 'ngoe ho tse ngata pakeng tsa lihlopha le polokelo ea Git. Mefokolo ea lenaneo lena e kenyelletsa ho se khone ho laola lits'ebetso ha ArgoCD e sa sebetse.

Websaete ea molao

phalla

Flux e sebelisa mohlala oa On-Cluster Resource Reconcile 'me, ka lebaka leo, ha ho na tsamaiso e bohareng ea sebaka sa tlhaloso, e leng ntlha e fokolang. Ka lehlakoreng le leng, hantle ka lebaka la khaello ea setsi, bokhoni ba ho laola lits'ebetso bo sala le haeba sehlopha se le seng se hloleha.

Websaete ea molao

Ho kenya ArgoCD ho OpenShift

ArgoCD e fana ka sebopeho se setle sa mohala oa taelo le khomphutha ea webo, kahoo re ke ke ra koahela Flux le mekhoa e meng mona.

Ho kenya ArgoCD sethaleng sa OpenShift 4, latela mehato ena joaloka mookameli oa lihlopha:

Ho tsamaisa likarolo tsa ArgoCD sethaleng sa OpenShift

# Create a new namespace for ArgoCD components
oc create namespace argocd
# Apply the ArgoCD Install Manifest
oc -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.2.2/manifests/install.yaml
# Get the ArgoCD Server password
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')

Ntlafatso ea ArgoCD Server e le hore e ka bonoa ke OpenShift Route

# Patch ArgoCD Server so no TLS is configured on the server (--insecure)
PATCH='{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"argocd-server"}],"containers":[{"command":["argocd-server","--insecure","--staticassets","/shared/app"],"name":"argocd-server"}]}}}}'
oc -n argocd patch deployment argocd-server -p $PATCH
# Expose the ArgoCD Server using an Edge OpenShift Route so TLS is used for incoming connections
oc -n argocd create route edge argocd-server --service=argocd-server --port=http --insecure-policy=Redirect

Ho tsamaisa ArgoCD Cli Tool

# Download the argocd binary, place it under /usr/local/bin and give it execution permissions
curl -L https://github.com/argoproj/argo-cd/releases/download/v1.2.2/argocd-linux-amd64 -o /usr/local/bin/argocd
chmod +x /usr/local/bin/argocd

Ho fetola phasewete ea admin ea ArgoCD Server

# Get ArgoCD Server Route Hostname
ARGOCD_ROUTE=$(oc -n argocd get route argocd-server -o jsonpath='{.spec.host}')
# Login with the current admin password
argocd --insecure --grpc-web login ${ARGOCD_ROUTE}:443 --username admin --password ${ARGOCD_SERVER_PASSWORD}
# Update admin's password
argocd --insecure --grpc-web --server ${ARGOCD_ROUTE}:443 account update-password --current-password ${ARGOCD_SERVER_PASSWORD} --new-password

Kamora ho qeta mehato ena, o ka sebetsa le ArgoCD Server ka ArgoCD WebUI web console kapa ArgoCD Cli command line tool.
https://blog.openshift.com/is-it-too-late-to-integrate-gitops/

GitOps - Ha e So morao haholo

"Terene e tsamaile" - sena ke seo ba se buang ka boemo ha monyetla oa ho etsa ntho e itseng o fosa. Tabeng ea OpenShift, takatso ea ho qala hang-hang ho sebelisa sethala sena se secha se pholileng hangata se baka boemo bona hantle ka tsamaiso le tlhokomelo ea litsela, li-deployments le lintho tse ling tsa OpenShift. Empa na monyetla oo o lula o lahleha ka ho feletseng?

Ho tsoela pele letoto la lihlooho tse mabapi le GitOps, kajeno re tla u bontša mokhoa oa ho fetola kopo e entsoeng ka letsoho le lisebelisoa tsa eona hore e be mokhoa oo ntho e 'ngoe le e' ngoe e laoloang ke lisebelisoa tsa GitOps. Ho etsa sena, re tla qala ka letsoho ho sebelisa kopo ea httpd. Sets'oants'o se ka tlase se bonts'a mokhoa oa ho theha sebaka sa mabitso, phepelo le lits'ebeletso, ebe re pepesa ts'ebeletso ena ho theha tsela.

oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/namespace.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/deployment.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/service.yaml
oc expose svc/httpd -n simple-app

Kahoo re na le kopo e entsoeng ka letsoho. Hona joale e hloka ho fetisetsoa tlas'a tsamaiso ea GitOps ntle le tahlehelo ea ho fumaneha. Ka bokhutšoanyane, e etsa sena:

  • Theha sebaka sa polokelo ea Git bakeng sa khoutu.
  • Re romella lintho tsa rona tsa hajoale ebe re li kenya sebakeng sa polokelo ea Git.
  • Ho khetha le ho tsamaisa lisebelisoa tsa GitOps.
  • Re kenya pokello ea rona ea pokello ea lisebelisoa.
  • Re hlalosa ts'ebeliso ho lisebelisoa tsa rona tsa GitOps.
  • Re etsa tlhahlobo ea ts'ebeliso ka sesebelisoa sa GitOps.
  • Re hokahanya lintho ka lisebelisoa tsa GitOps.
  • Numella ho faola le ho amahanya ka bohona ha lintho.

Joalokaha ho boletsoe pejana sehlooho, ho GitOps ho na le mohloli o le mong feela oa tlhahisoleseding mabapi le lintho tsohle tse ka har'a lihlopha tsa Kubernetes - polokelo ea Git. Ka mor'a moo, re tsoela pele ka taba ea hore mokhatlo oa hau o se o ntse o sebelisa polokelo ea Git. E ka ba ea sechaba kapa ea lekunutu, empa e tlameha ho fumaneha ho lihlopha tsa Kubernetes. Sena e ka ba sebaka sa polokelo se ts'oanang le sa khoutu ea kopo, kapa polokelo e arohaneng e etselitsoeng ho romelloa. Ho khothaletsoa ho ba le litumello tse tiileng sebakeng sa polokelo kaha liphiri, litsela, le lintho tse ling tse sa tsotelleng ts'ireletso li tla bolokoa moo.

Mohlala oa rona, re tla theha polokelo e ncha ea sechaba ho GitHub. U ka e bitsa eng kapa eng eo u e ratang, re sebelisa lebitso blogpost.

Haeba lifaele tsa ntho ea YAML li ne li sa bolokoa sebakeng sa heno kapa ho Git, u tla tlameha ho sebelisa li-binaries tsa oc kapa kubectl. Sets'oants'ong se ka tlase re kopa YAML bakeng sa sebaka sa rona sa mabitso, phepelo, litšebeletso le tsela. Pele ho mona, re ile ra kopanya polokelo e sa tsoa thehoa le cd ho eona.

oc get namespace simple-app -o yaml --export > namespace.yaml
oc get deployment httpd -o yaml -n simple-app --export > deployment.yaml
oc get service httpd -o yaml -n simple-app --export > service.yaml
oc get route httpd -o yaml -n simple-app --export > route.yaml

Joale ha re fetoleng faele ea deployment.yaml ho tlosa karolo eo Argo CD e sa khoneng ho e hokahanya.

sed -i '/sgeneration: .*/d' deployment.yaml

Ho feta moo, tsela e tlameha ho fetoloa. Re tla qala ka ho seta mefuta e mengata ea mela e mengata ebe re kenya ingress: null le likahare tsa phapang eo.

export ROUTE="  ingress:                                                            
    - conditions:
        - status: 'True'
          type: Admitted"

sed -i "s/  ingress: null/$ROUTE/g" route.yaml

Kahoo, re hlophisitse lifaele, se setseng ke ho li boloka sebakeng sa polokelo ea Git. Ka mor'a moo polokelo ena e fetoha mohloli o le mong oa boitsebiso, 'me liphetoho leha e le life tsa matsoho ho lintho li lokela ho thibeloa ka thata.

git commit -am ‘initial commit of objects’
git push origin master

Ho feta moo re tsoela pele ka taba ea hore u se u sebelisitse ArgoCD (mokhoa oa ho etsa sena - bona tse fetileng poso). Ka hona, re tla kenyelletsa ho Argo CD polokelo eo re e entseng, e nang le khoutu ea kopo e tsoang mohlaleng oa rona. Etsa bonnete ba hore u hlakisa sebaka sa polokelo seo u se entseng pejana.

argocd repo add https://github.com/cooktheryan/blogpost

Joale ha re theheng kopo. Sesebelisoa se beha litekanyetso e le hore sesebelisoa sa GitOps se utloisise hore na ke polokelo efe le litsela tse lokelang ho sebelisoa, tse hlokahalang OpenShift ho laola lintho, ho hlokahala lekala lefe la polokelo, le hore na lisebelisoa li lokela ho ikamahanya le maemo.

argocd app create --project default 
--name simple-app --repo https://github.com/cooktheryan/blogpost.git 
--path . --dest-server https://kubernetes.default.svc 
--dest-namespace simple-app --revision master --sync-policy none

Hang ha kopo e hlalositsoe ho Argo CD, sephutheloana sa lisebelisoa se qala ho lekola lintho tse seng li kentsoe khahlano le litlhaloso tse polokelong. Mohlaleng oa rona, ho lumellana ha otho le ho hloekisa ho koetsoe, kahoo likarolo ha li fetohe. Ka kopo hlokomela hore ho Argo CD interface kopo ea rona e tla ba le boemo ba "Out of Sync" hobane ha ho na leibole eo ArgoCD e fanang ka eona.
Ke ka lebaka lena ha re qala ho hokahanya hamorao, lintho li ke ke tsa sebelisoa hape.

Joale ha re etseng liteko ho netefatsa hore ha ho na liphoso lifaeleng tsa rona.

argocd app sync simple-app --dry-run

Haeba ho se na liphoso, u ka tsoela pele ho amahanya.

argocd app sync simple-app

Ka mor'a ho tsamaisa taelo ea argoc ho kopo ea rona, re lokela ho bona hore boemo ba kopo bo fetohile ho Healthy or Synced. Sena se tla bolela hore lisebelisoa tsohle tse polokelong ea Git joale li lumellana le lisebelisoa tse seng li kentsoe.

argocd app get simple-app
Name:               simple-app
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          simple-app
URL:                https://argocd-server-route-argocd.apps.example.com/applications/simple-app
Repo:               https://github.com/cooktheryan/blogpost.git
Target:             master
Path:               .
Sync Policy:        <none>
Sync Status:        Synced to master (60e1678)
Health Status:      Healthy
...

Hona joale o ka nolofalletsa ho lumellana le ho hloekisa le ho hloekisa ho etsa bonnete ba hore ha ho letho le entsoeng ka letsoho le hore nako le nako ha ntho e etsoa kapa e ntlafatsoa sebakeng sa polokelo, ho tla tsamaisoa.

argocd app set simple-app --sync-policy automated --auto-prune

Kahoo, re atlehile ho tlisa kopo tlasa taolo ea GitOps eo qalong e neng e sa sebelise GitOps ka tsela efe kapa efe.

Source: www.habr.com

Eketsa ka tlhaloso