Siya sibuzwa ngakumbi malunga nokuphuhlisa ii-microservices eKubernetes. Abaphuhlisi, ngakumbi kwiilwimi ezitolikiweyo, bafuna ukulungisa ngokukhawuleza ikhowudi kwi-IDE abayithandayo kwaye babone umphumo ngaphandle kokulinda ukwakha / ukusasazwa - ngokucofa nje uF5. Kwaye xa kufika kwisicelo se-monolithic, kwakwanele ukufaka indawo yokugcina idatha kunye neseva yewebhu (kwi-Docker, i-VirtualBox ...), kwaye ngoko nangoko ujabulele uphuhliso. Ngokusikwa kwe-monoliths kwii-microservices kunye nokufika kwe-Kubernetes, kunye nokubonakala kokuxhomekeka komnye nomnye, yonke into. . Okukhona kwezi nkonzo ezincinci, kokukhona iingxaki. Ukonwabela uphuhliso kwakhona, kufuneka unyuse ngaphezulu kwesitya esinye okanye ezibini zeDocker, kwaye ngamanye amaxesha nangaphezulu kweshumi elinesibini... Ngokubanzi, konke oku kunokuthatha ixesha elininzi, kuba kufuneka kugcinwe kusexesheni. .
Ngamaxesha ahlukeneyo siye sazama izisombululo ezahlukeneyo kule ngxaki. Kwaye ndiza kuqala ngee-workarounds eziqokelelweyo okanye ngokulula "iintonga".
1. Iintonga
Uninzi lwee-IDE ziyakwazi ukuhlela ikhowudi ngqo kwiseva usebenzisa iFTP/SFTP. Le ndlela icacile kwaye ngoko nangoko sagqiba ekubeni siyisebenzise. Ubume bayo buxhomekeke koku kulandelayo:
- Kwi-pod yeemeko zophuhliso (i-dev/review), i-container eyongezelelweyo iqaliswe ngokufikelela kwi-SSH kunye nokudlulisa isitshixo sikawonke-wonke se-SSH somphuhlisi oya kuzibophelela / asebenzise isicelo.
- Kwinqanaba lokuqala (ngaphakathi kwesitya
prepare-app) dlulisela ikhowudi kuyoemptyDirukufumana ukufikelela kwikhowudi esuka kwizikhongozeli zesicelo kunye nomncedisi we-SSH.
Ukuqonda ngcono ukuphunyezwa kobugcisa kwesikimu esinjalo, ndiza kubonelela ngamaqhekeza olungelelwaniso lwe-YAML olubandakanyekayo kwi-Kubernetes.
Ulungelelwaniso
1.1. ixabiso.yaml
ssh_pub_key:
vasya.pupkin: <ssh public key in base64>
kuyinto vasya.pupkin lixabiso loguquko ${GITLAB_USER_LOGIN}.
1.2. ukusasazwa.yaml
...
{{ if eq .Values.global.debug "yes" }}
volumes:
- name: ssh-pub-key
secret:
defaultMode: 0600
secretName: {{ .Chart.Name }}-ssh-pub-key
- name: app-data
emptyDir: {}
initContainers:
- name: prepare-app
{{ tuple "backend" . | include "werf_container_image" | indent 8 }}
volumeMounts:
- name: app-data
mountPath: /app-data
command: ["bash", "-c", "cp -ar /app/* /app-data/" ]
{{ end }}
containers:
{{ if eq .Values.global.debug "yes" }}
- name: ssh
image: corbinu/ssh-server
volumeMounts:
- name: ssh-pub-key
readOnly: true
mountPath: /root/.ssh/authorized_keys
subPath: authorized_keys
- name: app-data
mountPath: /app
ports:
- name: ssh
containerPort: 22
protocol: TCP
{{ end }}
- name: backend
volumeMounts:
{{ if eq .Values.global.debug "yes" }}
- name: app-data
mountPath: /app
{{ end }}
command: ["/usr/sbin/php-fpm7.2", "--fpm-config", "/etc/php/7.2/php-fpm.conf", "-F"]
...
1.3. imfihlo.yaml
{{ if eq .Values.global.debug "yes" }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Chart.Name }}-ssh-pub-key
type: Opaque
data:
authorized_keys: "{{ first (pluck .Values.global.username .Values.ssh_pub_key) }}"
{{ end }}
ukubamba kokugqibela
Emva koko konke okuseleyo kukudluliselwa :
dev:
stage: deploy
script:
- type multiwerf && source <(multiwerf use 1.0 beta)
- type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
- werf deploy
--namespace ${CI_PROJECT_NAME}-stage
--set "global.env=stage"
--set "global.git_rev=${CI_COMMIT_SHA}"
--set "global.debug=yes"
--set "global.username=${GITLAB_USER_LOGIN}"
tags:
- build
Voila: umphuhlisi oqalise ukuthunyelwa unokudibanisa ngegama lenkonzo (indlela yokubonelela ngokukhuselekileyo ukufikelela kwiqela, ) ukusuka kwidesktop yakho nge SFTP kwaye uhlele ikhowudi ngaphandle kokulinda ukuba iziswe kwiqela.
Esi sisisombululo esisebenza ngokupheleleyo, kodwa ngokwembono yokuphunyezwa sinezinto ezingeloncedo ezicacileyo:
- isidingo sokucokisa itshathi yeHelm, eyenza kube nzima ukuyifunda kwixesha elizayo;
- inokusetyenziswa kuphela ngumntu othumele inkonzo;
- Kufuneka ukhumbule ukuyingqamanisa nolawulo lwasekhaya ngekhowudi kwaye uyibophelele kwiGit.
2. Ubukho bomnxeba
Le projekthi yaziwa ixesha elide, kodwa thina, njengoko besitsho, "asizange sijike siyizame ngokuzimisela." Nangona kunjalo, imfuno yenze umsebenzi wayo kwaye ngoku siyavuya ukwabelana ngamava ethu, anokuba luncedo kubafundi beblogi yethu - ngakumbi kuba bekungekho ezinye izinto malunga neTelepresence kwi-hub okwangoku.
Ngamafutshane, yonke into yabonakala ingoyiki kangako. Sibeke zonke iintshukumo ezifuna ukuphunyezwa kwicala lomphuhlisi kwifayile yokubhaliweyo ye-Helm chart ebizwa NOTES.txt. Ke, emva kokuthumela inkonzo kwi-Kubernetes, umphuhlisi ubona imiyalelo yokuqalisa indawo ye-dev yendawo kwi-log yomsebenzi we-GitLab:
!!! Π Π°Π·ΡΠ°Π±ΠΎΡΠΊΠ° ΡΠ΅ΡΠ²ΠΈΡΠ° Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎ, Π² ΡΠΎΡΡΠ°Π²Π΅ Kubernetes !!!
* ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° ΠΎΠΊΡΡΠΆΠ΅Π½ΠΈΡ
* * ΠΠΎΠ»ΠΆΠ΅Π½ Π±ΡΡΡ Π΄ΠΎΡΡΡΠΏ Π΄ΠΎ ΠΊΠ»Π°ΡΡΠ΅ΡΠ° ΡΠ΅ΡΠ΅Π· VPN
* * ΠΠ° Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠΌ ΠΠ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ kubectl ( https://kubernetes.io/docs/tasks/tools/install-kubectl/ )
* * ΠΠΎΠ»ΡΡΠΈΡΡ config-ΡΠ°ΠΉΠ» Π΄Π»Ρ kubectl (ΡΠΊΠΎΠΏΠΈΡΠΎΠ²Π°ΡΡ Π² ~/.kube/config)
* * ΠΠ° Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠΌ ΠΠ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ telepresence ( https://www.telepresence.io/reference/install )
* * ΠΠΎΠ»ΠΆΠ΅Π½ Π±ΡΡΡ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ Docker
* * ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ Π΄ΠΎΡΡΡΠΏ ΡΡΠΎΠ²Π½Ρ reporter ΠΈΠ»ΠΈ Π²ΡΡΠ΅ ΠΊ ΡΠ΅ΠΏΠΎΠ·ΠΈΡΠΎΡΠΈΡ https://gitlab.site.com/group/app
* * ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ Π·Π°Π»ΠΎΠ³ΠΈΠ½ΠΈΡΡΡ Π² registry Ρ Π»ΠΎΠ³ΠΈΠ½ΠΎΠΌ/ΠΏΠ°ΡΠΎΠ»Π΅ΠΌ ΠΎΡ GitLab (Π΄Π΅Π»Π°Π΅ΡΡΡ ΠΎΠ΄ΠΈΠ½ ΡΠ°Π·):
#########################################################################
docker login registry.site.com
#########################################################################
* ΠΠ°ΠΏΡΡΠΊ ΠΎΠΊΡΡΠΆΠ΅Π½ΠΈΡ
#########################################################################
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name }}:backend --mount=/tmp/app --docker-run -v `pwd`:/app -v /tmp/app/var/run/secrets:/var/run/secrets -ti registry.site.com/group/app/backend:v8
#########################################################################Asiyi kuhlala ngokweenkcukacha kumanyathelo achazwe kulo myalelo ... ngaphandle kweyokugqibela. Kwenzeka ntoni ngexesha lokuqaliswa kweTelepresence?
Ukusebenza ngeTelepresence
Ekuqaliseni (usebenzisa umyalelo wokugqibela ochazwe kwimiyalelo engentla), sibeka:
- indawo yegama apho i-microservice isebenza khona;
- amagama okusasazwa kunye nesikhongozeli esifuna ukungena ngaphakathi.
Iingxoxo ezishiyekileyo azikhethi. Ukuba inkonzo yethu isebenzisana kunye kunye ne-Kubernetes API , kufuneka sinyuse iziqinisekiso/imiqondiso kwidesktop yethu. Ukwenza oku, sebenzisa inketho --mount=true (okanye --mount=/dst_path), eya kukhwela ingcambu (/) ukusuka kwi-Kubernetes isikhongozeli kwi-desktop yethu. Emva koko, sinako (kuxhomekeke kwi-OS kunye nendlela isicelo esiqaliswa ngayo) sebenzisa "izitshixo" ezivela kwiqela.
Okokuqala, makhe sijonge olona khetho lubalaseleyo lokuqhuba isicelo-kwisikhongozeli seDocker. Ukwenza oku siza kusebenzisa isitshixo --docker-run kwaye unyuse ulawulo ngekhowudi kwisikhongozeli: -v `pwd`:/app
Nceda uqaphele ukuba oku kuthatha ukusebenza kulawulo lweprojekthi. Ikhowudi yesicelo iya kunyuswa kulawulo /app kwisikhongozeli.
Okulandelayo: -v /tmp/app/var/run/secrets:/var/run/secrets β ukufaka uvimba weefayili kunye nesatifikethi/uphawu kwisikhongozeli.
Olu khetho ekugqibeleni lulandelwa ngumfanekiso apho isicelo sizakusebenza. NB: Xa usakha umfanekiso, kufuneka ucacise CMD okanye ENTRYPOINT!
Yintoni kanye esiza kwenzeka emva koko?
- Kwi-Kubernetes, kwi-Deployment ekhankanyiweyo, inani le-replicas liya kutshintshwa kwi-0. Endaweni yoko, i-Deployment entsha iya kuqaliswa - kunye nesitya esithatha indawo.
backend. - Izikhongozeli ze-2 ziya kuqaliswa kwi-desktop: eyokuqala ngeTelepresence (iya kucela i-proxy ukusuka / ukuya ku-Kubernetes), okwesibini kunye nesicelo esiphuhliswayo.
- Ukuba siphumeza kwisitya kunye nesicelo, ke zonke izinto eziguquguqukayo ze-ENV ezidluliselwe nguHelm ngexesha lokuthunyelwa ziya kufumaneka kuthi, kwaye zonke iinkonzo ziya kufumaneka. Ekuphela kwento eseleyo kukuhlela ikhowudi kwi-IDE oyithandayo kwaye wonwabele isiphumo.
- Ekupheleni komsebenzi, kufuneka nje uvale i-terminal apho i-Telepresence isebenza khona (ukuphelisa iseshoni nge-Ctrl + C) - Izikhongozeli ze-Docker ziya kumisa kwi-desktop, kwaye kwi-Kubernetes yonke into iya kubuyela kwimeko yayo yokuqala. Ekuphela kwento eseleyo kukuzibophelela, ukukhupha uMR kwaye uyidlulisele kuphononongo/ukudibanisa/β¦ (kuxhomekeke ekuhambeni kwakho komsebenzi).
Ukuba asifuni kuqhuba isicelo kwisikhongozeli seDocker - umzekelo, asiphuhlisi kwi-PHP, kodwa kwi-Go, kwaye sisayakha ekuhlaleni - ukusungula iTelepresence kuya kuba lula ngakumbi:
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name }}:backend --mount=trueUkuba isicelo sifikelela kwi-Kubernetes API, kuya kufuneka unyuse izitshixo (https://www.telepresence.io/howto/volumes). Kukho into eluncedo yeLinux :
proot -b $TELEPRESENCE_ROOT/var/run/secrets/:/var/run/secrets bash
Emva kokuqaliswa kweTelepresence ngaphandle kwenketho --docker-run zonke izinto eziguquguqukayo zokusingqongileyo ziya kufumaneka kwi-terminal yangoku, ngoko isicelo kufuneka siqaliswe kuyo.
NB: Xa usebenzisa, umzekelo, i-PHP, kufuneka ukhumbule ukukhubaza i-op_cache eyahlukeneyo, i-apc kunye nezinye i-accelerators zophuhliso - kungenjalo ukuhlela ikhowudi akuyi kukhokelela kwisiphumo esifunwayo.
Iziphumo
Uphuhliso lwendawo kunye neKubernetes yingxaki isisombululo sayo sikhula ngokulingana nokusasazeka kweli qonga. Ukufumana izicelo ezifanelekileyo ezivela kubaphuhlisi (kubathengi bethu), saqala ukuzisombulula ngeendlela zokuqala ezikhoyo, nangona kunjalo, azizange zibonakalise ixesha elide. Ngethamsanqa, oku kuye kwacaca kungekhona ngoku kuphela kwaye kungekhona kuthi kuphela, ngoko ke iindlela ezifanelekileyo sele zivele emhlabeni, kwaye i-Telepresence yeyona idumileyo kubo (ngendlela, kukho kwakhona. ukusuka kuGoogle). Amava ethu okuyisebenzisa akakabi mahle kangako, kodwa sele esinika isizathu sokuyicebisa βkoogxa bethu evenkileniβ - yizame!
PS
Okunye kwi K8s iingcebiso & tricks series:
- Β«";
- Β«";
- Β«";
- Β«";
- «».
umthombo: www.habr.com