ProHoster > Ibhulogi > Ulawulo > Ukhuseleko lweHelm

Ukhuseleko lweHelm

Undoqo webali malunga nomphathi wepakethe owaziwayo weKubernetes unokuboniswa usebenzisa i-emoji:

  • ibhokisi nguHelm (yeyona nto ikufutshane nokukhutshwa kweEmoji yamva nje);
  • lock - ukhuseleko;
  • indoda encinci sisisombululo sengxaki.

Ukhuseleko lweHelm

Enyanisweni, yonke into iya kuba nzima ngakumbi, kwaye ibali ligcwele iinkcukacha zobugcisa malunga Uyenza njani iHelm ikhuseleke.

  • Ngokufutshane ukuba yintoni iHelm xa ubungayazi okanye uyilibele. Zeziphi iingxaki ezisombululayo kwaye ibekwe phi kwi-ecosystem.
  • Makhe sijonge uyilo lweHelm. Akukho ncoko malunga nokhuseleko kunye nendlela yokwenza isixhobo okanye isisombululo sikhuseleke ngakumbi sigqityiwe ngaphandle kokuqonda ukwakhiwa kwecandelo.
  • Makhe sixoxe ngamacandelo eHelm.
  • Owona mbuzo utshisa kakhulu yikamva - inguqulelo entsha yeHelm 3. 

Yonke into kweli nqaku isebenza kwiHelm 2. Le nguqulo okwangoku ikwimveliso kwaye inokwenzeka ukuba yileyo oyisebenzisayo ngoku, kwaye yinguqulelo equlethe imingcipheko yokhuseleko.


Malunga nesithethi: Alexander Khayorov (allxx) sele iphuhlisa iminyaka eyi-10, inceda ukuphucula umxholo I-Python yaseMoscow Conf++ kwaye wazibandakanya nekomiti Helm Summit. Ngoku usebenza e-Chainstack njengenkokeli yophuhliso - lo ngumxube phakathi komphathi wophuhliso kunye nomntu onoxanduva lokuhambisa ukukhutshwa kokugqibela. Oko kukuthi, ibekwe kwindawo yedabi, apho yonke into yenzeka ukususela ekudalweni kwemveliso ukuya ekusebenzeni kwayo.

I-Chainstack sisiqalo esincinci, esikhulayo esinomsebenzi wokwenza abathengi balibale malunga neziseko zophuhliso kunye nobunzima bokusebenza kwezicelo ezinabileyo; Iqela lophuhliso liseSingapore. Musa ukubuza i-Chainstack ukuba ithengise okanye ithenge i-cryptocurrency, kodwa nikela ukuthetha malunga nezakhelo ze-blockchain yezoshishino, kwaye baya kukuphendula ngovuyo.

Helm

Le yiphakheji (itshati) yomphathi weKubernetes. Eyona ndlela ibonakalayo kunye neyendalo yonke yokuzisa izicelo kwiqela leKubernetes.

Ukhuseleko lweHelm

Sithetha, ewe, malunga nendlela yolwakhiwo kunye neshishini kunokwenza eyakho i-YAML ibonakalisa kwaye ubhale izinto ezincinci eziluncedo.

IHelm yeyona ilungileyo ekhoyo ngoku kwaye idumile.

Kutheni iHelm? Ikakhulu ngenxa yokuba ixhaswa yi-CNCF. I-Cloud Native ngumbutho omkhulu kwaye yinkampani engumzali yeeprojekthi iKubernetes, etcd, Fluentd kunye nabanye.

Enye into ebalulekileyo kukuba iHelm yiprojekthi ethandwa kakhulu. Ukuqala kwam ukuthetha ngendlela yokwenza iHelm ikhuseleke ngoJanuwari 2019, iprojekthi yayinewaka leenkwenkwezi kwiGitHub. NgoMeyi kwakukho i-12 lamawaka kubo.

Abantu abaninzi banomdla kwiHelm, ke nokuba awuyisebenzisi okwangoku, uya kuzuza ekwazini ngokhuseleko lwayo. Ukhuseleko lubalulekile.

Iqela leHelm eliphambili lixhaswa yiMicrosoft Azure kwaye ke yiprojekthi ezinzile ngokufanelekileyo, ngokungafaniyo nabanye abaninzi. Ukukhutshwa kweHelm 3 Alpha 2 phakathi kuJulayi kubonisa ukuba baninzi kakhulu abantu abasebenza kwiprojekthi, kwaye banomnqweno kunye namandla okuphuhlisa nokuphucula iHelm.

Ukhuseleko lweHelm

I-Helm isombulula iingxaki ezininzi zeengcambu zolawulo lwesicelo kwi-Kubernetes.

  • Ukupakishwa kwesicelo. Kwanesicelo esifana ne "Molo, ihlabathi" kwi-WordPress sele sineenkonzo ezininzi, kwaye ufuna ukupakisha kunye.
  • Ukulawula ukuntsonkotha okuza nokulawula ezi zicelo.
  • Umjikelo wobomi ongapheli emva kokuba isicelo sifakwe okanye sisetyenziswe. Iyaqhubeka iphila, kufuneka ihlaziywe, kwaye iHelm inceda ngale nto kwaye izama ukuzisa imilinganiselo efanelekileyo kunye nemigaqo-nkqubo yale nto.

Bagging ihlelwe ngendlela ecacileyo: kukho imethadatha ngokuhambelana ngokupheleleyo nomsebenzi womphathi wephakheji oqhelekileyo weLinux, Windows okanye MacOS. Oko kukuthi, indawo yokugcina, ukuxhomekeka kwiipakethe ezahlukeneyo, ulwazi lwemeta lwezicelo, izicwangciso, iimpawu zoqwalaselo, ulwazi lwesalathiso, njalo njalo. IHelm ikuvumela ukuba ufumane kwaye usebenzise konke oku kwizicelo.

Ulawulo oluntsonkothileyo. Ukuba unezicelo ezininzi zohlobo olufanayo, ngoko ke iparameterization iyafuneka. Iitemplates zivela kule nto, kodwa ukunqanda ukuba uze nendlela yakho yokwenza iitemplates, ungasebenzisa oko uHelm akunikayo ngaphandle kwebhokisi.

Ulawulo lweSicelo soBomi - ngokombono wam, lo ngowona mbuzo unomdla kwaye ungasonjululwanga. Kungenxa yoko le nto ndize eHelm emva kwemini. Sasidinga ukubeka iliso kwi-lifecycle yesicelo kwaye sifuna ukuhambisa i-CI / CD yethu kunye nemijikelezo yesicelo kule paradigm.

IHelm ikuvumela ukuba:

  • lawula ukusasazwa komsebenzi, wazisa ingqikelelo yolungiselelo nohlaziyo;
  • ukwenza ukubuyisela ngempumelelo;
  • sebenzisa amagwegwe kwiziganeko ezahlukeneyo;
  • yongeza iitshekhi ezongezelelweyo zesicelo kwaye uphendule kwiziphumo zabo.

Ukongeza IHelm ine "ibhetri" -Inani elikhulu lezinto ezimnandi ezinokuthi zifakwe ngendlela yeeplagi, ukwenza lula ubomi bakho. Iiplagi zinokubhalwa ngokuzimeleyo, zibekwe zodwa kwaye azifuni zakhiwo ezihambelanayo. Ukuba ufuna ukuphumeza into ethile, ndincoma ukuba uyenze njengeplagin, kwaye mhlawumbi uyifake phezulu.

I-Helm isekwe kwiingcamango ezintathu eziphambili:

  • Itshathi Repo -Inkcazelo kunye noluhlu lweparameterisation enokwenzeka kwimanifest yakho. 
  • Lungiselela -oko kukuthi, amaxabiso aya kusetyenziswa (umbhalo, amanani amanani, njl.njl.).
  • khulula iqokelela amacandelo amabini aphezulu, kwaye kunye ajike abe nguKhupho. Ukukhutshwa kunokuguqulelwa, ngaloo ndlela kufezekise umjikelezo wobomi obulungelelanisiweyo: encinci ngexesha lofakelo kunye nelikhulu ngexesha lokuphucula, ukuhla okanye ukubuyisela umva.

Uyilo lweHelm

Umzobo ubonisa ngokwengqiqo uyilo olukwinqanaba eliphezulu leHelm.

Ukhuseleko lweHelm

Makhe ndikukhumbuze ukuba iHelm yinto enxulumene neKubernetes. Ke ngoko, asinakwenza ngaphandle kweqela leKubernetes (uxande). Icandelo le-kube-apiserver lihlala kwi-master. Ngaphandle kweHelm sineKubeconfig. I-Helm izisa ibhinari enye encinci, ukuba ungayibiza loo nto, i-Helm CLI utility, efakwe kwikhompyutheni, i-laptop, i-mainframe - nantoni na.

Kodwa oku akwanelanga. IHelm inecandelo leseva elibizwa ngokuba yiTiller. Imele umdla weHelm ngaphakathi kweqela; sisicelo ngaphakathi kweqela leKubernetes, njengayo nayiphi na enye.

Icandelo elilandelayo leTshati yeRepo yindawo yokugcina enetshathi. Kukho uvimba osemthethweni, kwaye kusenokubakho uvimba wabucala wenkampani okanye weprojekthi.

Ukusebenzisana

Makhe sijonge indlela amacandelo okwakha asebenzisana ngayo xa sifuna ukufaka isicelo sisebenzisa iHelm.

  • Siyathetha Helm install, ukufikelela kwindawo yokugcina (iTshati yeRepo) kwaye ufumane itshathi yeHelm.

  • Umsebenzi weHelm (Helm CLI) unxibelelana neKubeconfig ukuze ufumanise ukuba leliphi iqela onokuthi uqhagamshelane nalo. 
  • Ukufumana olu lwazi, usetyenziso lubhekiselele kwiTiller, ebekwe kwiqela lethu, njengesicelo. 
  • UTiller ufowunela uKube-apiserver ukuba enze iintshukumo eKubernetes, enze ezinye izinto (iinkonzo, iipod, iireplicas, iimfihlo, njl. njl.).

Okulandelayo, siya kuwenza nzima umzobo ukuze sibone i-vector yohlaselo enokuthi yonke i-Helm uyilo lulonke luvezwe kuyo. Kwaye ke siya kuzama ukumkhusela.

Vector yohlaselo

Inqaku lokuqala elinokuthi libe buthathaka ilungelo API-umsebenzisi. Njengenxalenye yeskimu, lo ngumqaphi oye wafumana ukufikelela kwi-admin kwi-Helm CLI.

Umsebenzisi we-API ongenalungelo inokubangela ingozi ukuba ikwindawo ekufutshane. Umsebenzisi onjalo uya kuba nomxholo owahlukileyo, umzekelo, unokulungiswa kwindawo yegama leqela kwi-Kubeconfig.

Eyona vector yohlaselo inomdla inokuba yinkqubo ehlala ngaphakathi kweqela kwindawo ethile kufutshane neTiller kwaye inokufikelela kuyo. Oku kunokuba ngumncedisi wewebhu okanye i-microservice ebona indawo yenethiwekhi yeqela.

Olunye uhlaselo olungaqhelekanga, kodwa luya luthandwa, lubandakanya iTshati yeRepo. Itshathi eyenziwe ngumbhali ongathembekanga inokuqulatha izixhobo ezingakhuselekanga, kwaye uya kuyigqiba ngokuyithatha ngokholo. Okanye ingathatha indawo yetshathi oyikhuphelayo kwindawo yokugcina esemthethweni kwaye, umzekelo, yenza isibonelelo ngendlela yemigaqo-nkqubo kwaye yandise ukufikelela kwayo.

Ukhuseleko lweHelm

Makhe sizame ukukhusela ukuhlaselwa kuwo onke la macala omane kwaye sibone apho kukho iingxaki kwi-architecture ye-Helm, kwaye apho, mhlawumbi, akukho nanye.

Masikhulise umzobo, songeze ezinye izinto, kodwa sigcine onke amacandelo asisiseko.

Ukhuseleko lweHelm

I-Helm CLI inxibelelana neChart Repo, isebenzisana ne-Kubeconfig, kwaye umsebenzi udluliselwa kwiqela kwi-Tiller component.

I-Tiller imelwe zizinto ezimbini:

  • I-Tiller-deploy svc, eveza inkonzo ethile;
  • I-Tiller-deploy pod (kumzobo kwikopi enye kwi-replica enye), apho wonke umthwalo uqhuba, ofikelela kwiqela.

Iiprothokholi ezahlukeneyo kunye nezikimu zisetyenziselwa ukusebenzisana. Ngokwembono yokhuseleko, sinomdla kakhulu:

  • Indlela apho iHelm CLI ifikelela kwirepo yetshathi: yeyiphi iprotocol, kukho uqinisekiso kwaye yintoni enokwenziwa ngayo.
  • Umthetho olandelwayo apho iHelm CLI, isebenzisa kubectl, inxibelelana neTiller. Le yiseva yeRPC efakwe ngaphakathi kweqela.
  • I-Tiller ngokwayo iyafikeleleka kwii-microservices ezihlala kwiqela kwaye isebenzisana ne-Kube-apiserver.

Ukhuseleko lweHelm

Makhe sixoxe zonke ezi ndawo ngokulandelelana kwazo.

RBAC

Akukho sizathu sokuthetha malunga naluphi na ukhuseleko lweHelm okanye nayiphi na enye inkonzo ngaphakathi kweqela ngaphandle kokuba i-RBAC ivuliwe.

Kubonakala ngathi le ayisiyiyo isincomo samva nje, kodwa ndiqinisekile ukuba abantu abaninzi abakayivumeli i-RBAC nakwimveliso, kuba zininzi iingxabano kwaye izinto ezininzi kufuneka ziqwalaselwe. Nangona kunjalo, ndiyakukhuthaza ukuba wenze oku.

Ukhuseleko lweHelm

https://rbac.dev/ - Igqwetha lewebhusayithi ye-RBAC. Iqulethe isixa esikhulu sezinto ezinomdla eziza kukunceda umise i-RBAC, bonisa ukuba kutheni ilungile kunye nendlela yokuphila ngokusisiseko kwimveliso.

Ndiza kuzama ukucacisa ukuba iTiller kunye ne-RBAC zisebenza njani. I-Tiller isebenza ngaphakathi kweqela phantsi kwe-akhawunti yenkonzo ethile. Ngokuqhelekileyo, ukuba i-RBAC ayiqwalaselwanga, oku kuya kuba ngumsebenzisi ophezulu. Kuqwalaselo olusisiseko, iTiller iya kuba ngumlawuli. Yiyo loo nto kudla ngokuthiwa iTiller yitonela ye-SSH kwiqela lakho. Enyanisweni, oku kuyinyani, ngoko ungasebenzisa i-akhawunti yenkonzo enikezelweyo eyahlukileyo endaweni yeAkhawunti yeNkonzo eMiselweyo kumzobo ongentla.

Xa uqalisa iHelm kwaye uyifake kwiseva okokuqala, unokuseta iakhawunti yenkonzo usebenzisa --service-account. Oku kuya kukuvumela ukuba usebenzise umsebenzisi oneseti efunekayo yamalungelo. Enyanisweni, kuya kufuneka udale "igarland" enjalo: indima kunye neRoleBinding.

Ukhuseleko lweHelm

Ngelishwa, iHelm ayizukukwenzela oku. Wena okanye umlawuli wakho weqela le-Kubernetes kufuneka ulungiselele iseti yeendima kunye ne-RoleBindings kwi-akhawunti yenkonzo kwangaphambili ukuze udlule kwi-Helm.

Umbuzo ophakamayo - yintoni umahluko phakathi kwendima kunye ne-ClusterRole? Umahluko kukuba i-ClusterRole isebenza kuzo zonke izithuba zamagama, ngokungafaniyo neendima eziqhelekileyo kunye ne-RoleBindings, esebenza kuphela kwisithuba samagama esikhethekileyo. Ungaqwalasela imigaqo-nkqubo yeqela lonke kunye nazo zonke izithuba zamagama, okanye ezenzelwe wena kwindawo yamagama nganye.

Kufanelekile ukukhankanya ukuba i-RBAC isombulula enye ingxaki enkulu. Abantu abaninzi bakhalaza ukuba iHelm, ngelishwa, ayikho i-multitenancy (ayixhasi i-multitenancy). Ukuba amaqela amaninzi asebenzisa i-cluster kwaye asebenzise i-Helm, ngokusisiseko akunakwenzeka ukuseta imigaqo-nkqubo kunye nokunciphisa ukufikelela kwabo ngaphakathi kweli qela, kuba kukho i-akhawunti yenkonzo ethile apho i-Helm isebenza phantsi kwayo, kwaye idala zonke izibonelelo kwi-cluster evela phantsi kwayo. , nto leyo ngamanye amaxesha inzima kakhulu. Oku kuyinyani - njengefayile yokubini ngokwayo, njengenkqubo, IHelm Tiller ayinayo ingcamango ye-multitenancy.

Nangona kunjalo, kukho indlela enkulu ekuvumela ukuba usebenzise iTiller amaxesha amaninzi kwiqela. Akukho ngxaki ngale nto, iTiller inokusungulwa kuyo yonke indawo yamagama. Ke, ungasebenzisa i-RBAC, Kubeconfig njengomxholo, kwaye unciphise ukufikelela kwiHelm ekhethekileyo.

Kuya kujongeka ngolu hlobo.

Ukhuseleko lweHelm

Umzekelo, kukho iiKubeconfigs ezimbini ezinomxholo wamaqela ahlukeneyo (izithuba zamagama ezimbini): Iqela le-X leqela lophuhliso kunye neqela lolawulo. Iqela lolawulo lineTiller yalo ebanzi, efumaneka kwi-Kube-system namespace, i-akhawunti yenkonzo ehambelanayo. Kwaye indawo yamagama eyahlukileyo kwiqela lophuhliso, baya kukwazi ukuhambisa iinkonzo zabo kwindawo yamagama ekhethekileyo.

Le yindlela esebenzayo, iTiller ayilambanga kakhulu kangangokuba iyakuchaphazela kakhulu uhlahlo lwabiwo-mali lwakho. Esi sesinye sezisombululo ezikhawulezayo.

Zive ukhululekile ukuqwalasela i-Tiller ngokwahlukileyo kwaye unikeze i-Kubeconfig kunye nomxholo weqela, kumphuhlisi othile okanye kwindawo engqongileyo: I-Dev, i-Staging, iMveliso (akuthandabuzeki ukuba yonke into iya kuba kwiqela elifanayo, nangona kunjalo, oku kunokwenziwa).

Ukuqhubela phambili ibali lethu, masitshintshe kwi-RBAC kwaye sithethe ngeConfigMaps.

ConfigMaps

IHelm isebenzisa iConfigMaps njengendawo yokugcina idatha. Xa sithetha ngolwakhiwo, akukho siseko sedatha naphi na apho singagcina ulwazi malunga nokukhutshwa, ulungelelwaniso, ukubuyisela umva, njl njl. I-ConfigMaps isetyenziselwa oku.

Eyona ngxaki ngeConfigMaps iyaziwa - ayikhuselekanga kumgaqo; akunakwenzeka ukugcina idatha ebuthathaka. Sithetha ngayo yonke into engafanele ihambe ngaphaya kwenkonzo, umzekelo, iiphasiwedi. Eyona ndlela yemveli yeHelm ngoku kukutshintshela ekusebenziseni i-ConfigMaps ukuya kwiimfihlo.

Oku kwenziwa ngokulula kakhulu. Khipha ngaphezulu isicwangciso seTiller kwaye ucacise ukuba ugcino luya kuba ziimfihlo. Ke kubhengezo ngalunye awuzukufumana iConfigMap, kodwa imfihlo.

Ukhuseleko lweHelm

Unokuphikisa ukuba iimfihlo ngokwazo ziyingcamango engaqhelekanga kwaye ayikhuselekanga kakhulu. Nangona kunjalo, kufanelekile ukuqonda ukuba abaphuhlisi be-Kubernetes ngokwabo benza oku. Ukuqala kwinguqulo 1.10, i.e. Ixesha elithile ngoku, kuye kwenzeka, ubuncinci kumafu oluntu, ukudibanisa indawo yokugcina echanekileyo yokugcina iimfihlo. Iqela ngoku lisebenza kwiindlela zokusasaza ngcono ukufikelela kwiimfihlo, iipods zomntu ngamnye, okanye amanye amaziko.

Kungcono ukudlulisela iHelm yokuGcina kwiimfihlo, kwaye zona, zikhuselwe kwindawo ephakathi.

Ngokuqinisekileyo iya kuhlala umda wogcino lwedatha oyi-1 MB. IHelm apha isebenzisa etcd njengogcino olusasaziweyo lweConfigMaps. Kwaye apho bajonga ukuba le yayiyidatha efanelekileyo yokuphindaphinda, njl. Kukho ingxoxo enomdla malunga noku kwiReddit, ndincoma ukuba ndifumane oku kufundwe okuhlekisayo ngempelaveki okanye ukufunda isicatshulwa apha.

IiRepos zetshathi

Iitshathi zizona zisengozini kakhulu kwintlalo kwaye zinokuba ngumthombo we "Man in the middle", ngakumbi ukuba usebenzisa isisombululo sesitokhwe. Okokuqala, sithetha ngeendawo zokugcina ezivezwa nge-HTTP.

Ngokuqinisekileyo kufuneka uveze i-Helm Repo ngaphezulu kwe-HTTPS - le yeyona ndlela ilungileyo kwaye ayibizi.

naka u indlela yotyikityo lwetshathi. Itekhnoloji ilula njengesihogo. Le yinto enye oyisebenzisayo kwi-GitHub, umatshini we-PGP oqhelekileyo onezitshixo zikawonke-wonke nezabucala. Misa kwaye uqiniseke, ukuba nezitshixo eziyimfuneko kunye nokusayina yonke into, ukuba le yitshathi yakho ngokwenene.

Ukongeza, Umxhasi weHelm uxhasa i-TLS (kungekhona kwicala le-HTTP lomncedisi, kodwa i-TLS efanayo). Ungasebenzisa iseva kunye nezitshixo zomthengi ukuze unxibelelane. Ukunyaniseka, andisebenzisi isixhobo esinjalo kuba andizithandi izatifikethi ezifanayo. Ngokwenene, chartmuseum - esona sixhobo siphambili sokuseta i-Helm Repo ye-Helm 2 - ikwaxhasa i-auth eyisiseko. Ungasebenzisa i-auth esisiseko ukuba iluncedo kwaye ithule.

Kukho kwakhona i-plugin ihelm-gcs, ekuvumela ukuba ubambe iiRepos zeTshati kuGcino lweLifu likaGoogle. Oku kulula kakhulu, kusebenza kakuhle kwaye kukhuselekile, kuba zonke iindlela ezichaziweyo ziyarisayikilishwa.

Ukhuseleko lweHelm

Ukuba wenza i-HTTPS okanye i-TLS, sebenzisa i-mTLS, kwaye uvule i-auth eyisiseko ukuqhubela phambili ukunciphisa umngcipheko, uya kufumana umjelo wonxibelelwano okhuselekileyo kunye ne-Helm CLI kunye ne-Chart Repo.

gRPC API

Isinyathelo esilandelayo sibaluleke kakhulu - ukukhusela iTiller, ebekwe kwiqela kwaye, kwelinye icala, umncedisi, kwelinye icala, yona ngokwayo ifikelela kwamanye amacandelo kwaye izama ukuzenza umntu.

Njengoko besenditshilo, iTiller yinkonzo eveza i-gRPC, umxhasi weHelm uza kuyo nge-gRPC. Ngokungagqibekanga, kunjalo, i-TLS ivaliwe. Kutheni le nto yenziwe ngumbuzo oxoxayo, kubonakala kum ukwenza lula ukuseta ekuqaleni.

Ukwenziwa kwemveliso kunye neqonga, ndincoma ukwenza i-TLS kwi-gRPC.

Ngokombono wam, ngokungafaniyo ne-mTLS yeetshathi, oku kufanelekile apha kwaye kwenziwa ngokulula kakhulu - ukuvelisa isiseko se-PQI, yenza isatifikethi, uqalise iTiller, udlulise isatifikethi ngexesha lokuqalisa. Emva koku, ungenza yonke imiyalelo yeHelm, uzibonakalisa ngesatifikethi esenziwe kunye nesitshixo sabucala.

Ukhuseleko lweHelm

Ngale ndlela uya kuzikhusela kuzo zonke izicelo eziya kuTiller ngaphandle kweqela.

Ke, sikhusele umjelo wokuqhagamshelwa kwi-Tiller, sele sixoxe nge-RBAC kwaye silungelelanise amalungelo e-Kubernetes apiserver, sinciphisa i-domain enokunxibelelana nayo.

IHelm ekhuselweyo

Makhe sijonge kumzobo wokugqibela. Yinto yolwakhiwo olufana neentolo ezifanayo.

Ukhuseleko lweHelm

Lonke uqhagamshelo ngoku lunokuzotywa ngokukhuselekileyo ngokuluhlaza:

  • kwiTshati yeRepo sisebenzisa i-TLS okanye i-mTLS kunye ne-auth esisiseko;
  • i-mTLS yeTiller, kwaye ityhilwe njengenkonzo ye-gRPC ene-TLS, sisebenzisa izatifikethi;
  • iqela lisebenzisa i-akhawunti yenkonzo eyodwa enendima kunye neRoleBinding. 

Silikhusele kakhulu iqela, kodwa umntu ohlakaniphile wathi:

"Kunokubakho isisombululo esinye esikhuselekileyo-ikhompyuter ecinyiweyo, ebekwe kwibhokisi yekhonkrithi kwaye igadwe ngamajoni."

Kukho iindlela ezahlukeneyo zokukhohlisa idatha kunye nokufumana ii-vectors ezintsha zokuhlasela. Nangona kunjalo, ndiqinisekile ukuba ezi ngcebiso ziyakufezekisa umgangatho woshishino olusisiseko lokhuseleko.

Ibhonasi

Le nxalenye ayinxulumene ngokuthe ngqo nokhuseleko, kodwa iya kuba luncedo. Ndiza kukubonisa izinto ezinomdla abantu abambalwa abaziyo. Umzekelo, indlela yokukhangela iitshathi - ezisemthethweni kunye nezingekho semthethweni.

Kwindawo yokugcina github.com/helm/charts Ngoku kukho iitshathi ezimalunga nama-300 kunye nemisinga emibini: ezinzile kunye ne-incubator. Nabani na ofaka igalelo uyazi kakuhle ukuba kunzima kangakanani ukusuka kwi-incubator ukuya kwindawo ezinzileyo, kwaye kulula kangakanani ukubhabha uphume kwindawo ezinzileyo. Nangona kunjalo, esi ayisosona sixhobo silungileyo sokukhangela iitshathi zePrometheus kunye nantoni na oyithandayo, ngesizathu esinye esilula - ayisiyiyo i-portal apho unokukhangela ngokulula iipakethi.

Kodwa kukho inkonzo hub.helm.sh, eyenza kube lula ngakumbi ukufumana iitshathi. Okona kubaluleke kakhulu, zininzi iindawo zokugcina zangaphandle kunye namakhubalo angama-800 akhoyo. Kwaye, unokuqhagamshela indawo yakho yokugcina ukuba ngesizathu esithile awufuni ukuthumela iitshathi zakho ukuba zizinzile.

Zama i-hub.helm.sh kwaye masiyiphuhlise kunye. Le nkonzo iphantsi kweprojekthi yeHelm, kwaye unokuba negalelo kwi-UI yayo ukuba ungumphuhlisi ongaphambili kwaye ufuna nje ukuphucula inkangeleko.

Ndingathanda kwakhona ukutsalela ingqalelo yakho Vula udibaniso lwe-API ye-Service Broker. Ivakala inzima kwaye ayicacanga, kodwa isombulula iingxaki ajongana nazo wonke umntu. Makhe ndichaze ngomzekelo olula.

Ukhuseleko lweHelm

Kukho iqela leKubernetes apho sifuna ukuqhuba usetyenziso lwakudala-WordPress. Ngokubanzi, uvimba weenkcukacha uyafuneka ukuze usebenze ngokupheleleyo. Kukho izisombululo ezininzi ezahlukeneyo, umzekelo, ungaqalisa eyakho inkonzo yelizwe. Oku akulula kakhulu, kodwa abantu abaninzi bayayenza.

Abanye, njengathi kwi-Chainstack, basebenzisa i-database elawulwayo njenge-MySQL okanye i-PostgreSQL kwiiseva zabo. Yiyo loo nto oovimba bethu bemi kwindawo ethile efini.

Kodwa kuvela ingxaki: kufuneka sidibanise inkonzo yethu kunye nedathabheyisi, senze i-flavour yedatha, sidlulisele ubungqina kwaye ngandlela-thile siyilawule. Konke oku kuqhele ukwenziwa ngesandla ngumlawuli wenkqubo okanye umphuhlisi. Kwaye akukho ngxaki xa kukho izicelo ezimbalwa. Xa zininzi, kufuneka udibanise. Kukho isivuni esinjalo - yi-Service Broker. Ikuvumela ukuba usebenzise i-plugin ekhethekileyo kwi-cluster yefu yoluntu kunye ne-odolo yemithombo evela kumnikezeli nge-Broker, njengokungathi yi-API. Ukwenza oku, ungasebenzisa izixhobo zomthonyama zeKubernetes.

Ilula kakhulu. Unokubuza, umzekelo, i-MySQL eLawulwayo kwi-Azure kunye nesiseko se-tier (oku kungaqwalaselwa). Ukusebenzisa i-Azure API, i-database iya kwenziwa kwaye ilungiselelwe ukusetyenziswa. Awudingi ukuphazamisa oku, i-plugin inoxanduva loku. Ngokomzekelo, i-OSBA (i-plugin ye-Azure) iya kubuyisela ubungqina kwinkonzo kwaye idlulisele kwiHelm. Uya kukwazi ukusebenzisa i-WordPress ngelifu le-MySQL, ungajongani nedathabheyisi elawulwayo kwaphela kwaye ungakhathazeki malunga neenkonzo ezisemthethweni ngaphakathi.

Sinokuthi iHelm isebenza njengeglue, kwelinye icala, ikuvumela ukuba usebenzise iinkonzo, kwaye ngakolunye, udle izibonelelo zababoneleli bamafu.

Ungabhala iplagin yakho kwaye usebenzise eli bali lonke kwisiseko. Emva koko uya kuba neplagin yakho ngokulula kumboneleli weLifu weshishini. Ndincoma ukuba uzame le ndlela, ngakumbi ukuba unomlinganiselo omkhulu kwaye ufuna ukuhambisa ngokukhawuleza i-dev, i-staging, okanye yonke isiseko somfanekiso. Oku kuya kwenza ubomi bube lula kwimisebenzi yakho okanye kwi-DevOps.

Enye into efunyenweyo sele ndiyikhankanyile helm-gcs iplagi, ekuvumela ukuba usebenzise iibhakethi zeGoogle (ukugcinwa kwento) ukugcina iitshathi zeHelm.

Ukhuseleko lweHelm

Ufuna kuphela imiyalelo emine ukuze uqale ukuyisebenzisa:

  1. faka iplagin;
  2. yiqale;
  3. seta indlela eya kwibhakethi, ebekwe kwi-gcp;
  4. ukupapasha iitshathi ngendlela eqhelekileyo.

Ubuhle kukuba indlela yemveli ye-gcp iya kusetyenziselwa ugunyaziso. Ungasebenzisa i-akhawunti yenkonzo, i-akhawunti yomphuhlisi, nantoni na oyifunayo. Kulula kakhulu kwaye akubizi nto ukusebenza. Ukuba wena, njengam, ukhuthaza ifilosofi ye-opsless, oku kuya kuba lula kakhulu, ngakumbi kumaqela amancinci.

Iindlela ezizezinye

I-Helm ayisona isisombululo solawulo lwenkonzo kuphela. Kukho imibuzo emininzi malunga nayo, mhlawumbi kungenxa yokuba inguqulelo yesithathu yavela ngokukhawuleza. Ewe zikhona ezinye iindlela.

Ezi zinokuba zizisombululo ezikhethekileyo, umzekelo, i-Ksonnet okanye i-Metaparticle. Ungasebenzisa izixhobo zakho zolawulo lweziseko ezingundoqo (Ansible, Terraform, Chef, njl.) ngeenjongo ezifanayo endithethe ngazo.

Ekugqibeleni kukho isisombululo Isakhelo soMsebenzi, ethandwa kakhulu.

Isakhelo soMsebenzisi yeyona ndlela iphezulu yeHelm enokuqwalaselwa.

Ivela ngakumbi kwiCNCF kunye neKubernetes, kodwa umqobo ekungeneni uphezulu kakhulu, kufuneka ucwangcise ngakumbi kwaye uchaze ukubonakaliswa kancinci.

Kukho ii-addon ezahlukeneyo, ezinje ngeDrafti, iScaffold. Benza ubomi bube lula kakhulu, umzekelo, benza lula umjikelo wokuthumela kunye nokuqaliswa kweHelm kubaphuhlisi ukuba basebenzise indawo yokuvavanya. Ndingababiza ngokuba ngabaxhobisi.

Nantsi itshathi ebonakalayo apho yonke into ikhoyo.

Ukhuseleko lweHelm

Kwi-x-axis linqanaba lolawulo lwakho lobuqu kwinto eyenzekayo, kwi-y-axis linqanaba lobuzwe baseKubernetes. Helm version 2 iwela kwenye indawo embindini. Kwinguqulo yesi-3, hayi kakhulu, kodwa zombini ulawulo kunye nenqanaba lobuzwe liphuculwe. Izisombululo kwinqanaba le-Ksonnet zisangaphantsi nakwi-Helm 2. Nangona kunjalo, zifanelekile ukujonga ukuba yintoni enye into kweli hlabathi. Ewe kunjalo, umphathi wakho woqwalaselo uya kuba phantsi kolawulo lwakho, kodwa ngokuqinisekileyo ayisiyonzalelwane yaseKubernetes.

Isakhelo soMsebenzi siyinzalelwane ngokupheleleyo yeKubernetes kwaye ikuvumela ukuba usilawule ngobuhle nangokucokisekileyo (kodwa khumbula malunga nenqanaba lokungena). Endaweni yoko, oku kufanelekile kwisicelo esikhethekileyo kunye nokuyilwa kolawulo lwayo, endaweni yesivuni esikhulu sokupakisha inani elikhulu lezicelo usebenzisa iHelm.

Izandisi ziphucula ngokulula ulawulo oluncinci, zincedisana nokuhamba komsebenzi, okanye zisike iikona kwimibhobho yeCI/CD.

Ikamva leHelm

Iindaba ezilungileyo kukuba i-Helm 3 iyeza. I-alpha version ye-Helm 3.0.0-alpha.2 sele ikhululiwe, ungayizama. Izinzile, kodwa ukusebenza kusenomda.

Kutheni ufuna iHelm 3? Okokuqala, eli libali malunga Ukunyamalala kweTiller, njengenxalenye. Oku, njengoko sele uqonda, linyathelo elikhulu eliya phambili, kuba ukusuka kwindawo yokujonga ukhuseleko lwezakhiwo, yonke into yenziwe lula.

Xa i-Helm 2 yadalwa, eyayijikeleze ixesha le-Kubernetes 1.8 okanye nangaphambili, ezininzi zeengcamango zazingekho. Umzekelo, ingqikelelo yeCRD ngoku iphunyezwa ngokusebenzayo, kwaye iHelm iya kuthi sebenzisa iCRDukugcina izakhiwo. Kuya kwenzeka ukusebenzisa umxhasi kuphela kwaye ungagcini inxalenye yomncedisi. Ngokufanelekileyo, sebenzisa imiyalelo yemveli yaseKubernetes ukuze usebenze ngezakhiwo kunye nezixhobo. Eli linyathelo elikhulu ukuya phambili.

Kuya kuvela inkxaso yogcino lwendalo lwe OCI (Vula Inyathelo leSikhongozeli). Eli linyathelo elikhulu, kwaye iHelm inomdla ikakhulu ukuze ithumele iitshathi zayo. Kuza kwinqanaba lokuba, umzekelo, i-Docker Hub ixhasa imigangatho emininzi ye-OCI. Andiqiqi, kodwa mhlawumbi ababoneleli bendawo yokugcina iDocker baya kuqala ukukunika ithuba lokubamba iitshathi zakho zeHelm.

Ibali eliphikisanayo kum Lua inkxaso, njenge-injini yokulinganisa ukubhala izikripthi. Andingomlandeli omkhulu weLua, kodwa oku kuya kuba yinto yokuzikhethela ngokupheleleyo. Ndajonga oku amaxesha ama-3 - ukusebenzisa uLua akuyi kuba yimfuneko. Ke ngoko, abo bafuna ukukwazi ukusebenzisa uLua, abo bathanda iGo, bajoyine inkampu yethu enkulu kwaye basebenzise i-go-tmpl kule nto.

Ekugqibeleni, eyona nto ndandiyiphosa yayikukuba ukuvela kwe-schema kunye nokuqinisekiswa kohlobo lwedatha. Akusayi kuphinda kubekho iingxaki nge-int okanye umtya, akukho mfuneko yokusongela i-zero kwizicaphulo eziphindwe kabini. I-schema ye-JSONS iya kuvela eya kukuvumela ukuba uchaze ngokucacileyo oku kumaxabiso.

Iza kulungiswa kakhulu imodeli eqhutywa ngumsitho. Sele ichaziwe ngokwengqiqo. Jonga i-Helm yesebe le-3, kwaye uya kubona ukuba zingaphi iziganeko kunye neekhonkco kunye nezinye izinto ezongeziweyo, eziya kwenza lula kakhulu kwaye, ngakolunye uhlangothi, zongeze ulawulo kwiinkqubo zokuthunyelwa kunye nokuphendula kuzo.

I-Helm 3 iya kuba lula, ikhuseleke, kwaye ibe mnandi ngakumbi, kungekhona ngenxa yokuba asithandi i-Helm 2, kodwa ngenxa yokuba i-Kubernetes iya iqhubela phambili. Ngokufanelekileyo, iHelm inokusebenzisa uphuhliso lweKubernetes kwaye idale abaphathi ababalaseleyo beKubernetes kuyo.

Ezinye iindaba ezimnandi zezo DevOpsConf Alexander Khayorov uya kukuxelela, ingaba izitya zikhuselekile? Masikukhumbuze ukuba inkomfa yokudibanisa uphuhliso, uvavanyo kunye neenkqubo zokusebenza ziya kubanjelwa eMoscow NgoSeptemba 30 kunye no-Oktobha 1. Usenokwenza kude kube yi-20 ka-Agasti ngenisa ingxelo kwaye usixelele ngamava akho ngesisombululo enye kwezininzi imisebenzi yendlela ye-DevOps.

Landela iindawo zokukhangela inkomfa kunye neendaba kwi uluhlu lokuposa ΠΈ itshaneli yetelegram.

umthombo: www.habr.com

Yongeza izimvo