Na u sebelisa Kubernetes? U se u itokiselitse ho tlosa maemo a hau a Camunda BPM ho tsoa mecheng ea sebele, kapa mohlomong u leke ho li tsamaisa ho Kubernetes? Ha re shebeng litlhophiso tse ling tse tloaelehileng le lintho ka bomong tse ka hlophisoang ho latela litlhoko tsa hau tse ikhethileng.
Ho nka hore o kile oa sebelisa Kubernetes pele. Haeba ha ho joalo, ke hobane'ng ha u sa shebe le ho se qale sehlopha sa hau sa pele?
Bangoli
- (Alastair Firth) - Moenjiniere e Moholo oa Tšepahalang ea Sebaka ho sehlopha sa Camunda Cloud;
- (Lars Lange) - Moenjiniere oa DevOps ho Camunda.
Ka bokhutšoane:
git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold
Ho lokile, mohlomong ha e ea sebetsa hobane ha o na skaffold le kustomize e kentsoeng. Joale bala pele!
Camunda BPM ke eng
Camunda BPM ke sebaka se bulehileng sa taolo ea ts'ebetso ea khoebo le sethala sa boiketsetso sa liqeto se hokahanyang basebelisi ba khoebo le bahlahisi ba software. E loketse ho hokahanya le ho hokahanya batho, (micro) lits'ebeletso kapa esita le bots! U ka bala ho eketsehileng ka linyeoe tse fapaneng tsa tšebeliso ho .
Hobaneng u sebelisa Kubernetes
Kubernetes e se e le tekanyetso ea de facto ea ho tsamaisa lits'ebetso tsa sejoale-joale ho Linux. Ka ho sebelisa mehala ea sistimi sebakeng sa emulation ea Hardware le bokhoni ba kernel ba ho laola mohopolo le ho fetola mesebetsi, nako ea ho qala le nako ea ho qala e beoa bonyane. Leha ho le joalo, molemo o moholo o ka tsoa ho API e tloaelehileng eo Kubernetes e fanang ka eona ho hlophisa lits'ebetso tse hlokoang ke lits'ebetso tsohle: polokelo, marang-rang le ho beha leihlo. E fetohile lilemo tse 2020 ka Phuptjane 6 mme mohlomong ke projeke ea bobeli e kholo ea mohloli o bulehileng (kamora Linux). Haufinyane tjena e ntse e tsitsisa ts'ebetso ea eona ka mor'a ho pheta-pheta ka potlako lilemong tse 'maloa tse fetileng kaha e ntse e le bohlokoa bakeng sa mesebetsi e mengata ea tlhahiso lefatšeng ka bophara.
Camunda BPM Engine e ka hokela habonolo lits'ebetsong tse ling tse sebetsang sehlopheng se le seng, 'me Kubernetes e fana ka scalability e ntle haholo, e u lumellang ho eketsa litšenyehelo tsa meaho ha ho hlokahala (le ho li fokotsa habonolo kamoo ho hlokahalang).
Boleng ba ho beha leihlo bo boetse bo ntlafatsoa haholo ka lisebelisoa tse kang Prometheus, Grafana, Loki, Fluentd le Elasticsearch, tse u lumellang hore u shebelle mesebetsi eohle ka har'a sehlopha. Kajeno re tla sheba mokhoa oa ho kenya tšebetsong morekisi oa Prometheus ho Java Virtual Machine (JVM).
Sepheo
Ha re shebeng libaka tse 'maloa moo re ka iketsetsang setšoantšo sa Camunda BPM Docker () e le hore e sebelisane hantle le Kubernetes.
- Li-log le metrics;
- Lihokelo tsa database;
- Netefatso;
- Tsamaiso ea nako.
Re tla sheba litsela tse 'maloa tsa ho finyella lipakane tsena le ho bontša ka ho hlaka tshebetso eohle.
mantsoe: Na u sebelisa mofuta oa Enterprise? Sheba le ho ntlafatsa lihokelo tsa setšoantšo ha ho hlokahala.
Tsoelo-pele ea mosebetsi
Ho demo ena, re tla sebelisa Skaffold ho aha litšoantšo tsa Docker re sebelisa Google Cloud Build. E na le ts'ehetso e ntle bakeng sa lisebelisoa tse fapaneng (tse kang Kustomize le Helm), CI le lisebelisoa tsa ho haha, le bafani ba litšebeletso tsa motheo. Faele skaffold.yaml.tmpl e kenyelletsa litlhophiso tsa Google Cloud Build le GKE, e fanang ka mokhoa o bonolo oa ho tsamaisa lisebelisoa tsa boemo ba tlhahiso.
make skaffold e tla kenya moelelo oa Dockerfile ho Cloud Build, haha setšoantšo ebe u se boloka ho GCR, ebe u sebelisa lipontšo ho sehlopha sa hau. Sena ke seo e se etsang make skaffold, empa Skaffold e na le likarolo tse ling tse ngata.
Bakeng sa litempele tsa yaml ho Kubernetes, re sebelisa kustomize ho laola likoahelo tsa yaml ntle le ho qhekella ponahatso eohle, ho u lumella ho sebelisa git pull --rebase bakeng sa lintlafatso tse ling. Hona joale e ho kubectl 'me e sebetsa hantle bakeng sa lintho tse joalo.
Hape re sebelisa envsubst ho kenya lebitso la moamoheli le ID ea projeke ea GCP ho lifaele tsa *.yaml.tmpl. U ka bona kamoo e sebetsang kateng makefile kapa ho tswela pele feela.
Maemo a hlokahalang
- Sehlopha sa mosebetsi
- - bakeng sa ho iketsetsa litšoantšo tsa docker le ho tsamaisoa habonolo ho GKE
- Kopi ea khoutu ena
- Envsubst
Mokhoa oa ho sebetsa o sebelisa lipontšo
Haeba u sa batle ho sebelisa kustomize kapa skaffold, u ka bua ka lipontšo ho generated-manifest.yaml 'me u li fetole hore li lumellane le tsamaiso ea khetho ea hau.
Li-log le metrics
Prometheus e se e le tekanyetso ea ho bokella metrics ho Kubernetes. E na le niche e tšoanang le ea AWS Cloudwatch Metrics, Cloudwatch Alerts, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics le tse ling. Ke mohloli o bulehileng 'me o na le puo e matla ea ho botsa. Re tla beha pono ho Grafana - e tla le palo e kholo ea li-dashboard tse fumanehang ka ntle ho lebokose. Li hokahane 'me li batla li le bonolo ho kenya le tsona .
Ka ho sa feleng, Prometheus o sebelisa mohlala oa ho ntša <service>/metrics, 'me ho eketsa lijana tsa li-sidecar bakeng sa sena ho tloaelehile. Ka bomalimabe, metrics ea JMX e kentsoe hantle ka har'a JVM, ka hona, lijana tsa likoloi tse ka thoko ha li sebetse hantle. Ha re hokahaneng mohloli o bulehileng ho tloha Prometheus ho ea JVM ka ho e kenyelletsa setšoantšong sa setshelo se tla fana ka tsela /metrics boemakepeng bo fapaneng.
Kenya Prometheus jmx_exporter ho setshelo
-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0
## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml
Ho ne ho le bonolo. Morekisi o tla beha leihlo tomcat le ho bonts'a metrics ea eona ka sebopeho sa Prometheus ho <svc>:9404/metrics
Tlhophiso ea kantle ho naha
'Mali ea hlokolosi a ka ipotsa hore na e tsoa hokae prometheus-jmx.yaml? Ho na le lintho tse ngata tse fapaneng tse ka sebetsang ho JVM, 'me tomcat ke e' ngoe ea tsona, kahoo morekisi o hloka tlhophiso e 'ngoe e eketsehileng. Litlhophiso tse tloaelehileng tsa tomcat, wildfly, kafka joalo-joalo lia fumaneha . Re tla eketsa tomcat joalo ka ho Kubernetes ebe o e phahamisa joalo ka molumo.
Taba ea pele, re kenyelletsa faele ea tlhophiso ea kantle ho sethala sa rona / config/ directory
platform/config
└── prometheus-jmx.yaml
Ebe rea eketsa в kustomization.yaml.tmpl:
-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...]
configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml
Sena se tla eketsa ntho e 'ngoe le e' ngoe files[] joalo ka karolo ea tlhophiso ea ConfigMap. ConfigMapGenerators e ntle hobane e na le data ea tlhophiso mme e qobella ho qala ha pod haeba e fetoha. Ba boetse ba fokotsa palo ea tlhophiso ho Deployment kaha o ka beha "foldara" eohle ea lifaele tsa tlhophiso ho VolumeMount e le 'ngoe.
Qetellong, re hloka ho kenya ConfigMap joalo ka molumo ho pod:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]
E makatsang. Haeba Prometheus e sa hlophisoa hore e hloekise ka botlalo, u ka tlameha ho e bolella hore e hloekise li-pods. Basebelisi ba Prometheus Operator ba ka e sebelisa service-monitor.yaml ho qala. Hlahloba Service-monitor.yaml, и pele o qala.
Ho eketsa mokhoa ona ho lisebelisoa tse ling
Lifaele tsohle tseo re li kenyang ho ConfigMapGenerator li tla fumaneha bukeng e ncha /etc/config. U ka eketsa template ena ho kenya lifaele tse ling tseo u li hlokang. U ka boela ua kenya mongolo o mocha oa ho qala. U ka sebelisa ho kenya lifaele ka bomong. Ho ntlafatsa lifaele tsa xml, nahana ka ho sebelisa sebakeng sa sed. E se e kenyelelitsoe setšoantšong.
Limakasine
Litaba tse monate! Li-log tsa kopo li se li ntse li fumaneha ho stdout, mohlala ka kubectl logs. Fluentd (e kentsoeng ka ho sa feleng ho GKE) e tla fetisetsa lits'oants'o tsa hau ho Elasticsearch, Loki, kapa sethala sa hau sa ho rema lifate. Haeba u batla ho sebelisa jsonify bakeng sa li-log, u ka latela template e kaholimo ho e kenya .
Sebaka sa polokelo ea litaba
Ka ho sa feleng, setšoantšo se tla ba le database ea H2. Sena ha sea lokela ho rona, 'me re tla sebelisa Google Cloud SQL le Cloud SQL Proxy - sena se tla hlokahala hamorao ho rarolla mathata a ka hare. Ena ke khetho e bonolo le e ka tšeptjoang haeba u se na likhetho tsa hau ho theha database. AWS RDS e fana ka ts'ebeletso e ts'oanang.
Ho sa tsotelehe database eo u e khethang, ntle le haeba e le H2, o tla hloka ho beha mefuta e nepahetseng ea tikoloho ho platform/deploy.yaml. E shebahala tjena:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]
mantsoe: U ka sebelisa Kustomize ho isa libakeng tse fapaneng u sebelisa sekoaelo: .
mantsoe: tšebeliso valueFrom: secretKeyRef. Ka kopo, sebelisa esita le nakong ea tsoelo-pele ho boloka liphiri tsa hau li sireletsehile.
Ho ka etsahala hore ebe u se u ntse u e-na le sistimi eo u e ratang ea ho laola liphiri tsa Kubernetes. Haeba ho se joalo, likhetho ke tsena: Ho li ngolla ka KMS ea mofani oa hau oa maru ebe u li kenya ka har'a K8S e le makunutu ka liphaephe tsa CD − - e tla sebetsa hantle haholo hammoho le liphiri tsa Kustomize. Ho na le lisebelisoa tse ling, joalo ka dotGPG, tse etsang mesebetsi e tšoanang: , .
Ingress
Ntle le haeba o khetha ho sebelisa phetisetso ea boema-kepe ea lehae, o tla hloka Ingress Controller e hlophisitsoeng. Haeba u sa e sebelise () joale mohlomong u se u ntse u tseba hore u hloka ho kenya litlhaloso tse hlokahalang ho ingress-patch.yaml.tmpl kapa platform/ingress.yaml. Haeba u sebelisa ingress-nginx 'me u bona sehlopha sa nginx se nang le sekala sa mojaro se se supang le ho kena ka ntle ho DNS kapa wildcard DNS, u loketse ho ea. Ho seng joalo, lokisa Ingress Controller le DNS, kapa u tlōle mehato ena 'me u boloke khokahanyo e tobileng ho pod.
TLS
Haeba u sebelisa kapa kube-lego le letsencrypt - litifikeiti tsa ho kena ho ncha li tla fumanoa ka bohona. Ho seng joalo, bula ingress-patch.yaml.tmpl 'me u e hlophise hore e lumellane le litlhoko tsa hau.
Qala!
Haeba u latetse ntho e 'ngoe le e' ngoe e ngotsoeng ka holimo, joale taelo make skaffold HOSTNAME=<you.example.com> e lokela ho qala mohlala o fumanehang ho <hostname>/camunda
Haeba ha o so behe ho kena ha hau ho URL ea sechaba, u ka e tsamaisa hape ka localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 mabapi le localhost:8080/camunda
Ema metsotso e seng mekae ho fihlela tomcat e se e loketse ka ho feletseng. Cert-manager e tla nka nako ho netefatsa lebitso la domain. Joale o ka beha leihlo lits'oants'o o sebelisa lisebelisoa tse teng, joalo ka sesebelisoa se joalo ka kubetail, kapa o sebelisa kubectl feela:
kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f
Mehato e latelang
Tlhahiso
Sena se bohlokoa haholo ho tlhophisong ea Camunda BPM ho feta Kubernetes, empa ho bohlokoa ho hlokomela hore ka boiketsetso, netefatso e koetsoe ho REST API. U ka khona kapa sebelisa mokhoa o mong joalo ka . U ka sebelisa li-configmaps le li-volumes ho kenya xml, kapa xmlstarlet (bona ka holimo) ho hlophisa lifaele tse teng setšoantšong, 'me u sebelise wget kapa u li laole u sebelisa setshelo sa init le molumo o arolelanoang.
Tsamaiso ea nako
Joalo ka lits'ebetso tse ling tse ngata, Camunda BPM e sebetsana le linako ho JVM, ka hona, haeba u batla ho etsa likopi tse ngata, u ka khona ho nolofalletsa linako tse khomarelang (), e tla ba teng ho fihlela replica e nyamela, kapa beha tšobotsi ea Max-Age bakeng sa li-cookies. Bakeng sa tharollo e matla haholoanyane, o ka sebelisa Session Manager ho Tomcat. Lars o entse joalo tabeng ena, empa ntho e kang:
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&
sed -i '/^</Context>/i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://redis-proxy.db:22121"
sticky="false"
sessionBackupAsync="false"
storageKeyPrefix="context"
lockingMode="auto"
/>' conf/context.xml
mantsoe: o ka sebelisa xmlstarlet sebakeng sa sed
Re ile ra sebelisa ka pel'a Google Cloud Memorystore, ka (e tšehetsa Redis) ho e tsamaisa.
Katoloso
Haeba u se u ntse u utloisisa linako, joale moeli oa pele ('me hangata oa ho qetela) oa ho eketsa Camunda BPM e kanna ea ba khokahano ho database. Ho itlhophisa ka mokhoa o itseng ho se ho ntse ho fumaneha "" Hape ha re tima intialSize faeleng ea li-setting.xml. Eketsa 'me u ka khona ho lekanya palo ea li-pods habonolo.
Likopo le lithibelo
В platform/deployment.yaml U tla bona hore re kentse sebaka sa lisebelisoa ka thata. Sena se sebetsa hantle le HPA, empa se ka hloka tlhophiso e eketsehileng. Patch ea kustomize e loketse sena. Cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl
fihlela qeto e
Kahoo re kentse Camunda BPM ho Kubernetes ka metrics ea Prometheus, logs, database ea H2, TLS le Ingress. Re kentse lifaele tsa nkho le lifaele tsa tlhophiso re sebelisa ConfigMaps le Dockerfile. Re buile ka ho fapanyetsana data ho li-volumes le ka ho toba ho mefuta e fapaneng ea tikoloho ho tloha liphiring. Ntle le moo, re fane ka kakaretso ea ho theha Camunda bakeng sa likopi tse ngata le API e netefalitsoeng.
litšupiso
github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives
05.08.2020/XNUMX/XNUMX, phetolelo Alastair Firth, Lars Lange
Source: www.habr.com