Nini kilikuja kwanza - kuku au yai? Mwanzo wa kushangaza kabisa kwa nakala kuhusu Miundombinu-kama-Msimbo, sivyo?
Je, yai ni nini?
Mara nyingi, Miundombinu-kama-Msimbo (IaC) ni njia ya kutangaza ya kuwakilisha miundombinu. Ndani yake tunaelezea hali ambayo tunataka kufikia, kuanzia sehemu ya vifaa na kuishia na usanidi wa programu. Kwa hivyo IaC inatumika kwa:
- Utoaji wa Rasilimali. Hizi ni VM, S3, VPC, nk. Vyombo vya msingi vya kufanya kazi: ΠΈ .
- . Zana za msingi: , Mpishi, nk.
Nambari yoyote iko kwenye hazina za git. Na mapema au baadaye kiongozi wa timu ataamua kwamba wanahitaji kuwekwa kwa utaratibu. Naye atarekebisha. Na itaunda muundo fulani. Na ataona kuwa hii ni nzuri.
Ni vizuri pia kuwa tayari iko ΠΈ -mtoa huduma kwa Terraform (na hii ni Usanidi wa Programu). Kwa msaada wao, unaweza kudhibiti mradi mzima: washiriki wa timu, CI/CD, mtiririko wa git, n.k.
Yai lilitoka wapi?
Kwa hivyo tunakaribia swali kuu hatua kwa hatua.
Kwanza kabisa, unahitaji kuanza na hazina inayoelezea muundo wa hazina zingine, pamoja na wewe mwenyewe. Na bila shaka, kama sehemu ya GitOps, unahitaji kuongeza CI ili mabadiliko yatekelezwe kiotomatiki.
Ikiwa Git bado haijaundwa?
- Jinsi ya kuihifadhi katika Git?
- Jinsi ya kufunga CI?
- Ikiwa pia tutapeleka Gitlab kwa kutumia IaC, na hata katika Kubernetes?
- Na GitLab Runner pia huko Kubernetes?
- Vipi kuhusu Kubernetes kwenye mtoa huduma wa wingu?
Ni nini kilikuja kwanza: GitLab ambapo nitapakia nambari yangu, au nambari inayoelezea ni aina gani ya GitLab ninayohitaji?
Kuku na mayai
Β«3 na dinosaur" []
Wacha tujaribu kupika sahani kwa kutumia kama mtoaji wa wingu .
TL; DR
Je, inawezekana kujiunga na timu moja mara moja?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashIngredients:
- Akaunti kutoka kwa my.selectel.ru;
- Ishara ya akaunti;
- ujuzi wa Kubernetes;
- Ujuzi wa Helm;
- Ujuzi wa Terraform;
- Chati ya usukani GitLab;
- Chati ya usukani GitLab Runner.
Kichocheo:
- Pata MY_SELECTEL_TOKEN kutoka kwa paneli my.selectel.ru.
- Unda kikundi cha Kubernetes kwa kuhamisha tokeni ya akaunti kwake.
- Pata KUBECONFIG kutoka kwa nguzo iliyoundwa.
- Sakinisha GitLab kwenye Kubernetes.
- Pata ishara ya GitLab kutoka kwa GitLab iliyoundwa kwa mtumiaji mizizi.
- Unda muundo wa mradi katika GitLab ukitumia ishara ya GitLab.
- Sukuma msimbo uliopo kwa GitLab.
- ?
- Faida!
Hatua ya 1. Ishara inaweza kupatikana katika sehemu .
Hatua ya 2. Tunatayarisha Terraform yetu kwa "kuoka" kikundi cha nodes 2. Ikiwa una uhakika kuwa una rasilimali za kutosha kwa kila kitu, basi unaweza kuwezesha upendeleo wa otomatiki:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Ongeza mtumiaji kwenye mradi:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Pato:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Wacha tuzindue:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
Hatua ya 3. Tunapata cubeconfig.
Ili kupakua KUBECONFIG kiprogramu, unahitaji kupata tokeni kutoka OpenStack:
openstack token issue -c id -f value > tokenNa kwa ishara hii fanya ombi kwa API ya Kudhibiti ya Kubernetes Selectel. k8s_kitambulisho inatoa nje terraform:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlCupconfig pia inaweza kupatikana kupitia paneli.
Hatua ya 4. Baada ya nguzo kuoka na tunaweza kuipata, tunaweza kuongeza yaml juu ili kuonja.
Napendelea kuongeza:
- nafasi ya majina
- darasa la kuhifadhi
- sera ya usalama wa pod na kadhalika.
kwa Selectel inaweza kuchukuliwa kutoka .
Tangu hapo awali nilichagua nguzo katika ukanda ru-3a, basi ninahitaji Darasa la Hifadhi kutoka eneo hili.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: trueHatua ya 5. Sakinisha kusawazisha mzigo.
Tutatumia ile ya kawaida kwa wengi nginx-ingress. Tayari kuna maagizo mengi ya kuiweka, kwa hivyo hatutakaa juu yake.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlTunasubiri ipokee IP ya nje kwa takriban dakika 3-4:
Imepokea IP ya nje:
Hatua ya 6. Weka GitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Tena tunasubiri maganda yote yapande.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Mifupa iliongezeka:
Hatua ya 7. Tunapokea ishara ya GitLab.
Kwanza, tafuta nenosiri la kuingia:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeSasa hebu tuingie na tupate ishara:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.ioHatua ya 8. Kuleta hazina za Git kwa uongozi sahihi kwa kutumia Mtoaji wa Gitlab.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileKwa bahati mbaya, mtoaji wa terraform GitLab ana kuelea . Kisha itabidi ufute mwenyewe miradi inayokinzana ili tf.state irekebishwe. Kisha endesha tena amri `$make all`
Hatua ya 9. Tunahamisha hazina za ndani kwa seva.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)Imemaliza:
Hitimisho
Tumefanikiwa kuwa tunaweza kudhibiti kila kitu kwa njia ya wazi kutoka kwa mashine yetu ya ndani. Sasa nataka kuhamisha kazi hizi zote kwa CI na bonyeza tu vitufe. Ili kufanya hivyo, tunahitaji kuhamisha majimbo yetu ya ndani (jimbo la Terraform) hadi CI. Jinsi ya kufanya hivyo ni katika sehemu inayofuata.
Jiandikishe kwa yetu ili usikose kutolewa kwa nakala mpya!
Chanzo: mapenzi.com