Iindlela ezi-3 zokudityaniswa kwe-werf: ukuthunyelwa kwi-Kubernetes kunye neHelm "kwi-steroids"

Yintoni thina (kwaye hayi thina kuphela) ebesiyilindile ixesha elide yenzeka: i-werf, usetyenziso lwethu loMthombo oVulekileyo wokwakha usetyenziso kunye nokuzihambisa kwi-Kubernetes, ngoku ixhasa ukutshintshwa kweenguqu usebenzisa iindlela ezi-3 zokudibanisa iipetshi! Ukongeza koku, kuyenzeka ukwamkela izixhobo ezikhoyo ze-K8s kukukhutshwa kweHelm ngaphandle kokuphinda kwakhiwe ezi zixhobo.

Ukuba lifutshane kakhulu, ngoko sibeka WERF_THREE_WAY_MERGE=enabled - sifumana ukusasazwa “njengaku kubectl apply", iyahambelana nofakelo olukhoyo lwe-Helm 2 kunye nangaphezulu.

Kodwa makhe siqale ngethiyori: zeziphi kanye iipatches ze-3-way-merge, abantu beza njani nendlela yokuzivelisa, kwaye kutheni zibalulekile kwiinkqubo zeCI/CD ezineziseko ezisekelwe kuKubernetes? Kwaye emva koko, makhe sibone ukuba yeyiphi i-3-way-merge kwi-werf, zeziphi iindlela ezisetyenziswa ngokungagqibekanga kunye nendlela yokulawula.

Yintoni i-3-way-dinning patch?

Ke, masiqale ngomsebenzi wokukhupha izixhobo ezichazwe kwi-YAML zibonakalisa kwi-Kubernetes.

Ukusebenza ngezixhobo, i-Kubernetes API inikezela ngale misebenzi ilandelayo: dala, patch, buyisela kwaye ucime. Kucingelwa ukuba ngoncedo lwabo kuyimfuneko ukwakha ukukhutshwa okuqhubekayo okuqhubekayo kwezixhobo kwiqela. Njani?

kubectl imiyalelo efunekayo

Indlela yokuqala yokulawula izinto kwi-Kubernetes kukusebenzisa i-kubectl imiyalelo efunekayo ukwenza, ukuguqula, kunye nokucima ezo zinto. Ngokulula:

• Iqela kubectl run ungaqhuba ukusasazwa okanye umsebenzi:

  kubectl run --generator=deployment/apps.v1 DEPLOYMENT_NAME --image=IMAGE

• Iqela kubectl scale -tshintsha inani leekopi:

  kubectl scale --replicas=3 deployment/mysql

• njalo njalo.

Le ndlela isenokubonakala ifanelekile xa uqala ukuyijonga. Nangona kunjalo, kukho iingxaki:

1. Kunzima izenzekela.
2. njani bonisa ubumbeko kwiGit? Uluphonononga njani utshintsho olwenzekayo kwiqela?
3. Indlela yokubonelela ukuvelisa kwakhona uqwalaselo xa kuphinda kuqalwa?
4. ...

Kucacile ukuba le ndlela ayihambisani kakuhle nokugcinwa kwesicelo kunye neziseko zophuhliso njengekhowudi (IaC; okanye nokuba GitOps njengokhetho lwangoku ngakumbi, ukufumana ukuthandwa kwiKubernetes ecosystem). Ke ngoko, le miyalelo ayikhange ifumane phuhliso lungaphaya kwi kubectl.

Yenza, fumana, buyisela kwaye ucime imisebenzi

Ngeprimary indalo ilula: thumela i-manifest kumsebenzi create kube api kwaye isibonelelo senziwe. Umelo lwe-YAML lwe-manifest lunokugcinwa kwi-Git kwaye lwenziwe kusetyenziswa umyalelo kubectl create -f manifest.yaml.

С ukususa kwakhona elula: endaweni efanayo manifest.yaml ukusuka kwiGit ukuya kwiqela kubectl delete -f manifest.yaml.

Ukusebenza replace ikuvumela ukuba ubuyisele ngokupheleleyo uqwalaselo lwesixhobo ngentsha, ngaphandle kokwenza kwakhona uvimba. Oku kuthetha ukuba ngaphambi kokwenza utshintsho kwisixhobo, kunengqiqo ukubuza uguqulelo lwangoku kunye nokusebenza get, yitshintshe kwaye uyihlaziye ngokusebenza replace. kube apiserver yakhelwe ngaphakathi ukutshixa okunethemba kwaye, ukuba emva kotyando get into itshintshile, emva koko umsebenzi replace ayizukusebenza.

Ukugcina uqwalaselo kwi-Git kwaye uyihlaziye usebenzisa indawo, kufuneka wenze umsebenzi get, Dibanisa uqwalaselo oluvela kwiGit noko sikufumeneyo, kwaye siphumeze replace. Ngokungagqibekanga, kubectl ikuvumela kuphela ukuba usebenzise umyalelo kubectl replace -f manifest.yamlphi manifest.yaml — esele ilungiswe ngokupheleleyo (kwimeko yethu, idityanisiwe) i-manifest efuna ukufakwa. Kuyavela ukuba umsebenzisi kufuneka aphumeze ukudibanisa okubonakalayo, kwaye oku ayisiyonto incinci...

Kuyafaneleka ukuba uqaphele ukuba nangona kunjalo manifest.yaml kwaye igcinwe kwi-Git, asinakwazi kwangaphambili ukuba kuyimfuneko ukwenza into okanye ukuyihlaziya - oku kufuneka kwenziwe ngesofthiwe yomsebenzisi.

Iyonke: singakwazi ukwakha ukukhutshwa okuqhubekayo usebenzisa kuphela ukudala, ukubuyisela kunye nokucima, ukuqinisekisa ukuba uqwalaselo lweziseko ezingundoqo lugcinwe kwi-Git kunye nekhowudi kunye ne-CI / CD efanelekileyo?

Ngokomgaqo, singakwazi ... Kuba oku kuya kufuneka wenze umsebenzi wokudibanisa i-manifesto kunye nolunye uhlobo lokubophelela oku:

• ijonga ubukho bento kwiqela,
• yenza imveliso yokuqala,
• iyahlaziya okanye uyayicima.

Xa uhlaziya, nceda uqaphele ukuba ubutyebi bunokuba butshintshile okokugqibela get kwaye uphathe ngokuzenzekelayo imeko yokutshixa okunethemba - yenza imizamo yokuhlaziya ephindaphindiweyo.

Nangona kunjalo, kutheni ukubuyisela ivili xa kube-apiserver ibonelela ngenye indlela yokuhlaziya izixhobo: ukusebenza patch, ekhulula umsebenzisi kwezinye zeengxaki ezichazwe?

Patch

Ngoku sifika kwiipatches.

Iipetshi ziyindlela ephambili yokufaka utshintsho kwizinto ezikhoyo eKubernetes. Ukusebenza patch isebenza ngolu hlobo:

• umsebenzisi we-kube-apiserver ufuna ukuthumela isiqwenga kwifomu ye-JSON kwaye uchaze into,
• kwaye i-apiserver ngokwayo iyakujongana nemeko yangoku yento kwaye iyizise kwifomu efunekayo.

Ukutshixa okunethemba akuyomfuneko kulo mzekelo. Lo msebenzi ubhengeza ngakumbi kunokubuyisela, nangona ekuqaleni kunokubonakala ngenye indlela.

Ke:

• usebenzisa uqhaqho create sidala into ngokomboniso ovela kwiGit,
• ngoncedo delete - cima ukuba into ayisafuneki,
• ngoncedo patch - sitshintsha into, siyizisa kwifom echazwe kwiGit.

Nangona kunjalo, ukwenza oku, kufuneka udale isiqwenga esichanekileyo!

Zisebenza njani iipetshi kwiHelm 2: 2-way-dinger

Xa uqala ukufaka ukukhutshwa, iHelm yenza utyando create kwimithombo yetshathi.

Xa uhlaziya ukukhutshwa kweHelm kwisixhobo ngasinye:

• ithathela ingqalelo isiziba phakathi koguqulelo lovimba olusuka kwitshathi yangaphambili kunye nenguqulelo yetshathi yangoku,
• iyasebenza le patch.

Siza kuyibiza le patch 2-indlela yokudibanisa ipatch, kuba i-2 manifestos ibandakanyeka ekudalweni kwayo:

• isibonakaliso somthombo kukhupho lwangaphambili,
• Isixhobo sibonakala kwisixhobo sangoku.

Xa ususa ukusebenza delete kwi kube apiserver ibizelwa izibonelelo ezibhengezwe kukhupho lwangaphambili, kodwa ezingaxelwanga kweyangoku.

Indlela ye-2 yokudibanisa i-patch inengxaki: ikhokelela kwi ngaphandle kokudityaniswa nemeko yokwenyani yomthombo kwiqela kunye nemanifest kwiGit.

Umzekeliso wengxaki ngomzekelo

• Kwi-Git, itshathi igcina i-manifest apho intsimi image Imicimbi yokusasazwa ubuntu:18.04.
• Umsebenzisi nge kubectl edit utshintshe ixabiso lalo mhlaba ukuya ubuntu:19.04.
• Xa kuthunyelwa kwakhona itshathi yeHelm ayivelisi isiqwenga, ngokuba intsimi image kwinguqulo yangaphambili yokukhululwa kunye netshathi yangoku iyafana.
• Emva kokusasazwa ngokutsha image ihlala ubuntu:19.04, nangona isicangca sithi ubuntu:18.04.

Sifumene i-desynchronization kwaye silahlekelwe sibhengezo.

Yintoni uvimba olungelelanisiweyo?

Ngokubanzi gqibezela Akunakwenzeka ukufumana umdlalo phakathi kobutyebi obubonakalayo kwiqela eliqhubayo kunye nemanifest evela kwiGit. Ngenxa yokuba kwi-manifest yokwenyani kunokubakho izichasiselo/iilebhile zenkonzo, izikhongozeli ezongezelelweyo kunye nenye idatha ezongeziweyo kwaye zisuswe kwisixhobo ngokuguquguqukayo ngabalawuli abathile. Asikwazi kwaye asifuni ukugcina le datha kwi-Git. Nangona kunjalo, sifuna iindawo esizichaze ngokucacileyo kwi-Git ukuba zithathe amaxabiso afanelekileyo ekukhutshweni.

Kuvela ngokubanzi Umgaqo wemithombo elungelelanisiweyo.

3-indlela yokudibanisa ipatch

Ingcamango e phambili 3-indlela yokudibanisa ipatch: yenza isiqwenga phakathi koguqulelo lokugqibela olusetyenzisiweyo lwe-manifest esuka kwiGit kunye noguqulelo ekujoliswe kulo lwe-manifest esuka kwi-Git, kuthathelwa ingqalelo uguqulelo lwangoku lwe-manifest kwiqela elisebenzayo. Isiqendu esinesiphumo kufuneka sihambelane nomgaqo wesixhobo esilungelelanisiweyo:

• imihlaba emitsha eyongezwe kuguqulelo ekujoliswe kuyo yongezwa kusetyenziswa isiqwenga;
• imimandla esele ikhona kuguqulelo lokugqibela olusetyenzisiweyo kwaye engekhoyo kuguqulelo ekujoliswe kulo iphinda isetyenziswe kusetyenziswa isiziba;
• imihlaba kuguqulelo lwangoku lwento eyahlukileyo kuguqulelo ekujoliswe kulo lwe-manifest ihlaziywa kusetyenziswa isiziba.

Kukulo mgaqo ukuba ivelisa iipetshi kubectl apply:

• uguqulelo lokugqibela olusetyenzisiweyo lwe-manifest lugcinwe kwingcaciso yento ngokwayo,
• ithagethi - ithathwe kwifayile yeYAML ekhankanyiweyo,
• ekhoyo isuka kwiqela elisebenzayo.

Ngoku ekubeni siyilungisile ithiyori, lixesha lokuba sikuxelele into esiyenzileyo kwi-werf.

Ukufaka utshintsho kwi-werf

Ngaphambili, i-werf, njenge-Helm 2, yasebenzisa iipatches ezi-2.

Lungisa isiziba

Ukuze utshintshele kuhlobo olutsha lweepatches - 3-way-merge - inyathelo lokuqala sazisa into ebizwa ngokuba ukulungisa amabala.

Xa uhambisa, umgangatho we-2-way-merge patch isetyenziswa, kodwa i-werf iphinda ivelise isiqwenga esiza kungqamanisa imeko yokwenyani yomthombo kunye nokubhaliweyo kwi-Git (isikhuseli esinjalo senziwe kusetyenziswa umgaqo wovimba wongqamaniso ofanayo ochazwe ngasentla) .

Ukuba i-desynchronization iyenzeka, ekupheleni kokusasazwa komsebenzisi ufumana ISILUMKISO ngomyalezo ohambelanayo kunye nesiqwenga esimele sisetyenziswe ukuzisa isibonelelo kwifom ehambelanayo. Esi siqwenga sikwarekhodwa kwisichasiselo esikhethekileyo werf.io/repair-patch. Kucingelwa ukuba izandla zomsebenzisi сам izakusebenzisa le patch: i-werf ayizukuyisebenzisa kwaphela.

Ukuvelisa iipetshi zokulungisa ngumlinganiselo wexeshana ovumela ukuba uvavanye ngokwenene ukudalwa kweepatches ngokusekelwe kumgaqo-nkqubo we-3-ukudibanisa, kodwa ungasebenzisi ngokuzenzekelayo ezi ziqwenga. Okwangoku, le ndlela yokusebenza ivuliwe ngokungagqibekanga.

I-3-way-merge patch kukhupho olutsha kuphela

Ukuqala nge-1 kaDisemba 2019, iinguqulelo ze-beta kunye ne-alpha ze-werf ziyaqala ngokungagqibekanga sebenzisa iipetshi ezigcweleyo ezi-3-ndlela-yokudibanisa ukufaka utshintsho kuphela kukhupho olutsha lwe-Helm olukhutshiweyo nge-werf. Ukukhutshwa okukhoyo kuya kuqhubeka nokusebenzisa indlela ye-2-way-merge + ukulungisa ama-patches.

Le ndlela yokusebenza inokuvulwa ngokucacileyo ngokucwangcisa WERF_THREE_WAY_MERGE_MODE=onlyNewReleases ngoku.

Qaphela:: umboniso uvele kwi-werf ngaphezulu kokhupho oluninzi: kumjelo wealpha iye yalunga ngoguqulelo v1.0.5-alpha.19, nakwijelo le-beta - nge v1.0.4-beta.20.

3-indlela-yokudibanisa isiqwenga kuko konke ukukhutshwa

Ukuqala nge-15 kaDisemba 2019, iinguqulelo ze-beta kunye ne-alpha ze-werf ziqala ukusebenzisa iindlela ezi-3 ezipheleleyo zokudibanisa iipetshi ngokuzenzekela ukufaka utshintsho kulo lonke ukhupho.

Le ndlela yokusebenza inokuvulwa ngokucacileyo ngokucwangcisa WERF_THREE_WAY_MERGE_MODE=enabled ngoku.

Yintoni enokuyenza ngesixhobo sokwenza i-autoscaling?

Kukho iintlobo ezi-2 ze-autoscaling kwi-Kubernetes: i-HPA (horizontal) kunye ne-VPA (ethe nkqo).

I-Horizontal ikhetha ngokuzenzekelayo inani leekopi, ngokuthe nkqo - inani lezibonelelo. Zombini inani leekopi kunye neemfuno zoovimba zichaziwe kwi-manifest yesixhobo (jonga iResource Manifest). spec.replicas okanye spec.containers[].resources.limits.cpu, spec.containers[].resources.limits.memory и nezinye).

Ingxaki: ukuba umsebenzisi uqwalasela uvimba kwitshati ukuze ichaze amaxabiso athile ezixhobo okanye iireplicas kunye ne-autoscalers zinikwe amandla kwesi sixhobo, emva koko nge-werf nganye yokusasazwa iya kuphinda imisele la maxabiso kwinto ebhaliweyo kwitshathi. .

Zimbini izisombululo kule ngxaki. Ukuqala, kungcono ukunqanda ngokucacileyo amaxabiso azenzekelayo kwi-manifest yetshathi. Ukuba olu khetho alufanelekanga ngenxa yesizathu esithile (umzekelo, kuba kulungele ukuseta imida yomthombo wokuqala kunye nenani leekopi eziphindiweyo kwitshati), ngoko i-werf inikezela ngezi nkcazo zilandelayo:

• werf.io/set-replicas-only-on-creation=true
• werf.io/set-resources-only-on-creation=true

Ukuba isichasiselo esinjalo sikhona, i-werf ayisayi kuphinda imisele amaxabiso ahambelanayo kubhengezo ngalunye, kodwa iya kumisa kuphela xa uvimba wenziwa ekuqaleni.

Ukufumana iinkcukacha ezithe vetshe, jonga amaxwebhu eprojekthi HPA и VPA.

Ukuthintela ukusetyenziswa kwe-3-way-merge patch

Umsebenzisi okwangoku unokuthintela ukusetyenziswa kweepetshi ezintsha kwi-werf esebenzisa imo eguquguqukayo WERF_THREE_WAY_MERGE_MODE=disabled. Nangona kunjalo, ukuqala Ukusukela nge-1 kaMatshi 2020, oku kuvalwa akusayi kusebenza. kwaye kuya kwenzeka kuphela ukusebenzisa iindlela ezi-3 zokudibanisa iipetshi.

Ukwamkelwa kwezibonelelo kwi-werf

Ukuba nobuchule kwindlela yokufaka utshintsho nge-3-way-merge patches kusivumele ukuba siphumeze ngokukhawuleza into efana nokwamkela izixhobo ezikhoyo kwiqela kukhupho lweHelm.

I-Helm 2 inengxaki: awukwazi ukongeza isibonelelo kwitshati ebonisayo esele ikhona kwiqela ngaphandle kokuphinda wenze lo mthombo ukusuka ekuqaleni (bona. #6031, #3275). Safundisa i-werf ukwamkela izixhobo ezikhoyo ukuze zikhutshwe. Ukwenza oku, kufuneka ufakele inkcazo kuguqulelo lwangoku lwesixhobo ukusuka kwiqela elisebenzayo (umzekelo, usebenzisa kubectl edit):

"werf.io/allow-adoption-by-release": RELEASE_NAME

Ngoku isibonelelo kufuneka sichazwe kwitshathi kwaye kwixesha elizayo i-werf ihambisa ukukhululwa ngegama elifanelekileyo, isibonelelo esikhoyo siyakwamkelwa kolu kukhululwa kwaye sihlale siphantsi kolawulo lwayo. Ngaphezu koko, kwinkqubo yokwamkela uvimba wokukhululwa, i-werf iza kuzisa imeko yangoku yesixhobo ukusuka kwiqela eliqhubayo ukuya kwimeko echazwe kwitshathi, isebenzisa iindlela ezi-3 ezifanayo zokudibanisa kunye nomgaqo womthombo ongqamanisiweyo.

Qaphela:: ukuseta WERF_THREE_WAY_MERGE_MODE ayichaphazeli ukwamkelwa kwezibonelelo - kwimeko yokwamkelwa, i-patch ye-3-way-merge isetyenziswa rhoqo.

Iinkcukacha - ngaphakathi amaxwebhu.

Izigqibo nezicwangciso zexesha elizayo

Ndiyathemba ukuba emva kweli nqaku kuye kwacaca ukuba zeziphi iipatches ze-3-way-merge kwaye kutheni beza kubo. Ngokwembono esebenzayo yophuhliso lweprojekthi ye-werf, ukuphunyezwa kwayo kwaba lelinye inyathelo lokuphucula usasazo olufana neHelm. Ngoku unokulibala malunga neengxaki ngolungelelwaniso lokucwangciswa, oluhlala luvela xa usebenzisa i-Helm 2. Ngelo xesha, into entsha eluncedo yokwamkela izixhobo ze-Kubernetes esele zikhutshiwe zongezwa kwi-Helm release.

Kusekho imiba kunye nemingeni kunye ne-Helm-like deployments, efana nokusetyenziswa kwe-Go templates, esiya kuqhubeka nokujongana nayo.

Ulwazi malunga neendlela zohlaziyo lwezibonelelo kunye nokwamkelwa nazo zinokufunyanwa apha eli phepha loxwebhu.

Helm 3

Ifanele ukuqwalaselwa ngokukodwa khululwe ngenye imini uguqulelo olukhulu olutsha lweHelm - v3 - ekwasebenzisa i-3-way-merge patches kwaye ikhuphe iTiller. Inguqulelo entsha yeHelm ifuna ukufuduka ufakelo olukhoyo ukuziguqulela kwifomati entsha yokugcina ukukhululwa.

I-Werf, ngokwenxalenye yayo, ngoku iyekile ukusebenzisa iTiller, yatshintshela kwi-3-way-merge kwaye yongezwa. Okuninzi, ngelixa lihlala lihambelana nofakelo lwe-Helm 2 olukhoyo (akukho mibhalo yokufuduka kufuneka iqhutywe). Ke ngoko, de i-werf itshintshele kwi-Helm 3, abasebenzisi be-werf abaphulukani nezona zinto ziluncedo kwi-Helm 3 ngaphezulu kwe-Helm 2 (i-werf inazo).

Nangona kunjalo, ukutshintshela i-werf kwi-Helm 3 codebase akunakuphepheka kwaye kuya kwenzeka kungekudala. Kuqikelelwa ukuba le iyakuba yi werf 1.1 okanye i-werf 1.2 (okwangoku, uguqulelo olungundoqo lwe-werf yi-1.0; ngolwazi oluthe vetshe malunga nesixhobo soguqulelo lwe-werf, bona apha). Ngeli xesha, iHelm 3 iya kuba nexesha lokuzinza.

PS

Funda nakwibhlog yethu:

• Uthotho lwamanqaku malunga nezinto ezintsha kwi-werf:
  • «Ukusebenzisa i-werf ukukhupha iitshathi zeHelm ezintsonkothileyo";
  • «Inkxaso ye-monorepo kunye ne-multirepo kwi-werf kwaye i-Docker Registry inento yokwenza nayo";
  • «Ngoku unokwakha imifanekiso yeDocker kwi-werf usebenzisa iDockerfile eqhelekileyo».
• «i-werf - isixhobo sethu seCI / CD kwi-Kubernetes (umboniso kunye nengxelo yevidiyo)";
• «Yakha kwaye usebenzise ii-microservices zohlobo olufanayo nge-werf kunye ne-GitLab CI";
• «Ukwazisa iHelm 3».

umthombo: www.habr.com