Yintoni iGitOps?

Phawula. transl.: Emva kwempapasho yakutshanje izinto malunga neendlela zokutsalwa kunye nokutyhala kwi-GitOps, sibone umdla kulo mzekelo ngokubanzi, kodwa bekukho iimpapasho zolwimi lwesiRashiya ezimbalwa kulo mxholo (akukho nanye eHabré). Ke ngoko, siyavuya ukunika ingqalelo yakho ukuguqulelwa kwelinye inqaku - nangona phantse unyaka ophelileyo! - ukusuka kwi-Weaveworks, intloko eyaqulunqa igama elithi "GitOps." Isicatshulwa sichaza undoqo wendlela yokusebenza kunye nomahluko ophambili kwezi zikhoyo.

Kunyaka ophelileyo sapapasha intshayelelo kwiGitOps. Emva phaya, sabelana ngendlela iqela le-Weaveworks elaphehlelela ngayo i-SaaS ngokupheleleyo esekwe kwi-Kubernetes kwaye yaphuhlisa iseti yeendlela ezilungileyo zokusebenzisa, ukulawula, kunye nokubeka iliso kwindawo yendalo yelifu.

Eli nqaku labonakala lithandwa. Abanye abantu baqala ukuthetha ngeGitOps kwaye baqala ukupapasha izixhobo ezitsha ze git Push, uphuhliso, iimfihlo, imisebenzi, indibaniselwano eqhubekayo kwaye nangokunjalo. Ivele kwiwebhusayithi yethu inani elikhulu upapasho kunye neemeko zokusetyenziswa kweGitOps. Kodwa abanye abantu basenemibuzo. Lo mzekelo wahluke njani kulowo wemveli? iziseko njengekhowudi kunye nonikezelo oluqhubekayo (ukuhanjiswa okuqhubekayo)? Ngaba kuyimfuneko ukusebenzisa iKubernetes?

Kungekudala siye sabona ukuba ingcaciso entsha iyafuneka, inika:

1. Inani elikhulu lemizekelo kunye namabali;
2. Inkcazo ethile yeGitOps;
3. Ukuthelekisa nonikezelo lwemveli oluqhubekayo.

Kweli nqaku sizame ukugubungela zonke ezi zihloko. Inika intshayelelo ehlaziyiweyo kwi-GitOps kunye nomphuhlisi kunye nombono we-CI / CD. Ngokukodwa sigxile kwi-Kubernetes, nangona imodeli inokwenziwa ngokubanzi.

Dibana neGitOps

Khawube nomfanekiso ka-Alice. Uqhuba i-Inshurensi yoSapho, ebonelela ngezempilo, i-auto, ikhaya, kunye ne-inshurensi yokuhamba kubantu abaxakeke kakhulu ukuba baqonde i-ins kunye nokuphuma kweekontraki ngokwabo. Ishishini lakhe laqala njengeprojekthi esecaleni xa u-Alice wayesebenza ebhankini njengososayensi wedatha. Ngenye imini waqaphela ukuba unokusebenzisa i-algorithms yekhompyuter ephucukileyo ukuhlalutya idatha ngokufanelekileyo kwaye enze iipakethe zeinshurensi. Abatyalomali baxhasa le projekthi, kwaye ngoku inkampani yakhe izisa ngaphezulu kwe-20 yezigidi zeedola ngonyaka kwaye ikhula ngokukhawuleza. Okwangoku, iqeshe abantu abayi-180 kwizikhundla ezahlukeneyo. Oku kubandakanya iqela leteknoloji eliphuhlisayo, ligcina iwebhusayithi, i-database, kwaye lihlalutya isiseko sabathengi. Iqela labantu abangama-60 likhokelwa nguBob, umlawuli wezobugcisa wenkampani.

Iqela likaBob lihambisa iinkqubo zokuvelisa efini. Izicelo zabo eziphambili zisebenza kwi-GKE, zithatha ithuba leKubernetes kwiLifu likaGoogle. Ukongeza, basebenzisa izixhobo ezahlukeneyo zedatha kunye ne-analytics emsebenzini wabo.

I-Inshurensi yoSapho ayizange izimisele ukusebenzisa izikhongozeli, kodwa yabanjwa kumdla weDocker. Inkampani yakhawuleza yafumanisa ukuba i-GKE yenza kube lula ukuhambisa amaqela ukuvavanya iimpawu ezintsha. I-Jenkins ye-CI kunye ne-Quay yongezwa ukuba iququzelele irejistri yesikhongozeli, izikripthi zabhalwa kwi-Jenkins ezityhala izitya ezintsha kunye noqwalaselo kwi-GKE.

Lihambile ixesha. U-Alice noBob baphoxekile ngokusebenza kwendlela abakhethiweyo kunye nefuthe layo kwishishini. Ukwaziswa kweekhonteyina akuzange kuyiphucule imveliso njengoko iqela lalilindele. Ngamanye amaxesha ukuthunyelwa kwakuya kuphuka, kwaye kwakungacacanga ukuba utshintsho lwekhowudi lubangele. Kwaye kwabonakala kunzima ukulandelela utshintsho lwe-config. Rhoqo bekuyimfuneko ukwenza iqela elitsha kwaye uhambise izicelo kuyo, kuba le ibiyeyona ndlela ilula yokuphelisa ubumdaka obukhoyo inkqubo. U-Alice wayesoyika ukuba imeko iya kuba mbi njengoko isicelo siphuhliswa (ukongeza, iprojekthi entsha esekelwe kumatshini wokufunda yayisenziwa). UBob wayezenzele umsebenzi omninzi kwaye wayengasiqondi isizathu sokuba umbhobho ungekazinzi, ungakhange unyuke kakuhle, kwaye ufuna ungenelelo ngesandla ngamaxesha athile?

Emva koko bafunda ngeGitOps. Esi sigqibo sajika saba yeyona nto babeyidinga ukuze baqhubele phambili ngokuzithemba.

UAlice noBob bebesiva malunga neGit, iDevOps, kunye neziseko zophuhliso njengekhowudi yokuhamba komsebenzi iminyaka. Yintoni ekhethekileyo nge-GitOps kukuba izisa iseti yeendlela ezilungileyo-zombini ezicacileyo kunye neziqhelekileyo-zokuphumeza ezi ngcamango kumxholo we-Kubernetes. Lo mxholo wenyuka ngokuphindaphindiweyo, kubandakanywa kwi Weaveworks blog.

I-Inshurensi yoSapho yenza isigqibo sokuphumeza i-GitOps. Inkampani ngoku inemodeli yokusebenza ezenzekelayo ehambelana neKubernetes kwaye idibanisa ngesivinini kunye uzinzongokuba bona:

• yafumanisa ukuba imveliso yeqela iphindaphindeka kabini kungekho mntu uyaphambana;
• wayeka ukukhonza imibhalo. Kunoko, ngoku banokugxila kwiimpawu ezintsha kunye nokuphucula iindlela zobunjineli - umzekelo, ukwazisa ukukhutshwa kwe-canary kunye nokuphucula uvavanyo;
• siyiphucule inkqubo yokusasazwa kwabasebenzi ukuze ingafane iqhawuke;
• ufumene ithuba lokubuyisela ukuthunyelwa emva kokusilela okungaphelelanga ngaphandle kokungenelela okwenziwa ngesandla;
• ezithengiweyo zisetyenzisiweоUkuzithemba okukhulu kwiinkqubo zokuhanjiswa. U-Alice noBob bafumanisa ukuba banokuhlula iqela libe ngamaqela amancinci asebenza ngokufanayo;
• unokwenza utshintsho lwe-30-50 kwiprojekthi yonke imihla ngeenzame zeqela ngalinye kwaye uzame iindlela ezintsha;
• kulula ukutsala abaphuhlisi abatsha kwiprojekthi, abanethuba lokukhupha ukuhlaziywa kwimveliso usebenzisa izicelo zokutsala kwiiyure ezimbalwa;
• luphumelele ngokulula uphicotho ngokwesakhelo se-SOC2 (ukuthobela ababoneleli ngeenkonzo ngeemfuno zolawulo olukhuselekileyo lwedatha; funda ngakumbi, umzekelo, apha - malunga. guqulela.).

Kwenzekentoni?

I-GitOps zizinto ezimbini:

1. Imodeli yokusebenza yeKubernetes kunye nemveli yelifu. Ibonelela ngeseti yezona ndlela zilungileyo zokusebenzisa, ukulawula, nokubeka iliso kumaqela aqulathiweyo kunye nokusetyenziswa. Inkcazo eqaqambileyo kwifom isilayidi esinye ukusuka Luis Faceira:
2. Indlela yokudala indawo yolawulo lwesicelo somphuhlisi. Sisebenzisa ukuhamba komsebenzi we-Git kuyo yomibini imisebenzi kunye nophuhliso. Nceda uqaphele ukuba oku akukhona nje malunga nokutyhala kwe-Git, kodwa malunga nokulungelelanisa yonke isethi ye-CI/CD kunye ne-UI/UX izixhobo.

Amagama ambalwa malunga neGit

Ukuba awuqhelananga neenkqubo zolawulo lwenguqulelo kunye nokuhamba komsebenzi okusekwe kwi-Git, sicebisa kakhulu ukuba ufunde ngazo. Ukusebenza kunye namasebe kunye nezicelo zokutsala kunokubonakala ngathi ngumlingo omnyama ekuqaleni, kodwa izibonelelo zifanelekile umgudu. Apha ngileyo ukuqala.

Usebenza njani uKubernetes

Kwibali lethu, uAlice noBob baphendukela kwiGitOps emva kokusebenza noKubernetes okwethutyana. Ngokwenene, i-GitOps inxulumene ngokusondeleyo ne-Kubernetes - yimodeli yokusebenza yeziseko ezingundoqo kunye nezicelo ezisekelwe kwi-Kubernetes.

I-Kubernetes ibanika ntoni abasebenzisi?

Nazi ezinye iimpawu eziphambili:

1. Kwimodeli ye-Kubernetes, yonke into inokuchazwa ngendlela yokuvakalisa.
2. Iseva ye-Kubernetes API ithatha esi sibhengezo njengegalelo kwaye ngokuqhubekayo izama ukuzisa iqela kwilizwe elichazwe kwisibhengezo.
3. Izibhengezo zanele ukuchaza nokulawula iintlobo ngeentlobo zemithwalo yemisebenzi—“izicelo.”
4. Ngenxa yoko, utshintsho kwisicelo kunye neqela lenzeka ngenxa:
   • utshintsho kwimifanekiso yesikhongozeli;
   • utshintsho kwinkcazo yenkcazo;
   • iimpazamo kwimekobume - umzekelo, ukungqubana kwesikhongozeli.

Kubernetes 'Great Convergence Capabilities

Xa umlawuli esenza utshintsho kuqwalaselo, i Kubernetes orchestrator iya kuzisebenzisa kwiqela ukuba nje imeko yayo ayizukusondela kuqwalaselo olutsha. Le modeli isebenza kuyo nayiphi na imithombo ye-Kubernetes kwaye iyandiswa ngeeNgcaciso zeSibonelelo seSiko (CRDs). Ke ngoko, ukuthunyelwa kwe-Kubernetes kuneempawu ezintle zilandelayo:

• Ukuzenzekelayo: Uhlaziyo lweKubernetes lubonelela ngendlela yokwenza inkqubo yokufaka utshintsho ngobubele nangexesha elifanelekileyo.
• Ukudibana: I-Kubernetes iya kuqhubeka nokuzama uhlaziyo kude kube yimpumelelo.
• Ukungabi namandla: Ukusetyenziswa okuphindaphindiweyo kokudibanisa kukhokelela kwisiphumo esifanayo.
• Ukuzimisela: Xa izibonelelo zanele, imeko yeqela elihlaziyiweyo ixhomekeke kuphela kwisimo esifunwayo.

Isebenza njani iGitOps

Sifunde ngokwaneleyo malunga neKubernetes ukuchaza indlela iGitOps esebenza ngayo.

Masibuyele kumaqela amancinci e-Inshurensi yoSapho. Yintoni abadla ngokuyenza? Jonga kuluhlu olungezantsi (ukuba naziphi na izinto ezikulo zibonakala zingaqhelekanga okanye aziqhelekanga, nceda urhoxe ekugxekeni kwaye uhlale nathi). Le yimizekelo nje ye-Jenkins esekelwe ku-workflows. Kukho ezinye iinkqubo ezininzi xa usebenza nezinye izixhobo.

Into ephambili kukuba sibona ukuba uhlaziyo ngalunye luphela ngotshintsho kwiifayile zoqwalaselo kunye neGit yokugcina. Olu tshintsho kwiGit lubangela ukuba "umqhubi weGitOps" ahlaziye iqela:

1. Inkqubo yokusebenza: "Jenkins ukwakha - master isebe».
Uluhlu lomsebenzi:

• UJenkins utyhala imifanekiso ephawulweyo kwiQuay;
• UJenkins utyhala i-config kunye neetshathi zeHelm kwibhakethi yokugcina eyintloko;
• Umsebenzi welifu ukhuphela uqwalaselo kunye neetshathi ukusuka kwibhakethi yogcino eyinkosi ukuya kwindawo yokugcina iGit;
• Umsebenzisi weGitOps uhlaziya iqela.

2. Ukwakhiwa kweJenkins - ukukhululwa okanye isebe le-hotfix:

• UJenkins utyhala imifanekiso engabhalwanga kwiQuay;
• UJenkins utyhala i-config kunye neetshathi zeHelm kwibhakethi yokugcina;
• Umsebenzi welifu ukhuphela uqwalaselo kunye neetshathi ukusuka kwibhakethi yokugcina yeqonga ukuya kwindawo yokugcina iGit;
• Umsebenzisi weGitOps uhlaziya iqela.

3. Ukwakhiwa kweJenkins-ukuphuhlisa okanye ukufaka isebe:

• UJenkins utyhala imifanekiso engabhalwanga kwiQuay;
• UJenkins utyhala i-config kunye neetshathi zeHelm kwibhakethi yokugcina ukuphuhlisa;
• Umsebenzi welifu ukhuphela uqwalaselo kunye neetshathi ukusuka kuphuhliso logcino ibhakethi ukuya kuphuhliso logcino lweGit;
• Umsebenzisi weGitOps uhlaziya iqela.

4. Ukongeza umxhasi omtsha:

• Umphathi okanye umlawuli (LCM/ops) ubiza i-Gradle ukuba iqale isebenzise kwaye ilungise i-network load balancers (NLBs);
• I-LCM/ops yenza ubumbeko olutsha ukulungiselela ukusasazwa kohlaziyo;
• Umsebenzisi weGitOps uhlaziya iqela.

Inkcazo emfutshane yeGitOps

1. Chaza imeko efunwayo yenkqubo yonke usebenzisa inkcazo echazayo yendawo nganye (kwibali lethu, iqela likaBob lichaza yonke inkqubo yoqwalaselo kwiGit).
   • Uvimba weGit ngumthombo omnye wenyaniso malunga nemeko efunwayo yenkqubo yonke.
   • Lonke utshintsho kwilizwe elifunwayo lwenziwa ngokuzibophelela kwiGit.
   • Zonke iiparamitha ze-cluster ezinqwenelekayo zikwabonwa kwi-cluster ngokwayo. Ngale ndlela sinokubona ukuba ziyahambelana na ( ziyadibana, dibana) okanye yahluke (yahlukana, hlukana) iindawo ezinqwenelekayo nezijongiwe.
2. Ukuba izinto ezifunwayo nezijongiweyo ziyahluka, ngoko ke:
   • Kukho indlela yokudibanisa enokuthi ngokukhawuleza okanye kamva ilungelelanise ngokuzenzekelayo ithagethi kunye namazwe ajongiweyo. Ngaphakathi kweqela, iKubernetes yenza oku.
   • Inkqubo iqala ngoko nangoko ngesilumkiso "sotshintsho oluzinikeleyo".
   • Emva kwexesha elithile elilungelelanisiweyo, "diff" isilumkiso sinokuthunyelwa ukuba amazwe ahlukile.
3. Ngale ndlela, konke ukuzibophelela kwi-Git kubangela ukuba kuqinisekiswe kunye nohlaziyo olungenamsebenzi kwiqela.
   • Ukubuyisela umva kukudibana kwimeko ebinqwenelwa ngaphambili.
4. Ukuhlangana kokugqibela. Ukwenzeka kwayo kuboniswa ngu:
   • Akukho zilumkiso zahlukeneyo zexesha elithile.
   • "i-converged" isilumkiso (umzekelo webhook, isiganeko sokubhala emva kweGit).

Yintoni umahluko?

Masiphinde kwakhona: zonke iipropathi ezifunwayo zeqela kufuneka zibonakale kwiqela ngokwalo.

Eminye imizekelo yokwahlukana:

• Utshintsho kwifayile yoqwalaselo ngenxa yokudibanisa amasebe kwiGit.
• Utshintsho kwifayile yoqwalaselo ngenxa yesibophelelo seGit esenziwe ngumthengi we GUI.
• Utshintsho oluninzi kwimeko efunwayo ngenxa yePR kwiGit elandelwa ngokwakha umfanekiso wesikhongozeli kunye notshintsho loqwalaselo.
• Utshintsho kwimeko yeqela ngenxa yempazamo, ukungqubana kwezixhobo okukhokelela "kwisimilo esibi", okanye ukutenxa nje ngokungacwangciswanga kwimeko yentsusa.

Yintoni indlela yokudibanisa?

Imizekelo embalwa:

• Kwimigqomo kunye namaqela, indlela yokudibanisa ibonelelwa nguKubernetes.
• Indlela efanayo ingasetyenziselwa ukulawula izicelo ezisekelwe ku-Kubernetes kunye noyilo (ezifana ne-Istio kunye ne-Kubeflow).
• Indlela yokulawula unxibelelwano olusebenzayo phakathi kweKubernetes, iindawo zokugcina imifanekiso kunye neGit ibonelela Umqhubi weGitOps Weave Flux, eyinxalenye Weave Cloud.
• Kumatshini wesiseko, indlela yokudibanisa kufuneka ibe yinkcazo kunye nokuzimela. Ngokusuka kumava ethu sinokuthi Terraform ikufutshane kule nkcazo, kodwa isafuna ulawulo lomntu. Ngale ndlela, i-GitOps yandisa isithethe seZiseko zoPhuhliso njengeKhowudi.

I-GitOps idibanisa i-Git kunye ne-injini yokudibanisa ebalaseleyo ye-Kubernetes ukubonelela ngemodeli yokuxhatshazwa.

I-GitOps isivumela ukuba sithi: Kuphela ezo nkqubo zinokuchazwa kwaye zijongwe ezinokuthi zizenzele kwaye zilawulwe.

I-GitOps yenzelwe ifu elipheleleyo lokupakisha (umzekelo, iTerraform, njl.)

I-GitOps ayisiyiyo iKubernetes kuphela. Sifuna yonke inkqubo iqhutywe ngokubhengeza kwaye isebenzise ukuhlangana. Ngenkqubo yonke sithetha ingqokelela yeendawo ezisebenza kunye neKubernetes - umzekelo, "dev cluster 1", "production", njl njl. Indawo nganye ibandakanya oomatshini, amaqela, izicelo, kunye nojongano lweenkonzo zangaphandle ezibonelela ngedatha, ukubeka iliso. kunye njl.

Qaphela ukuba ibaluleke kangakanani iTerraform kwingxaki yokuqalisa inkqubo kule meko. I-Kubernetes kufuneka ibekwe kwindawo ethile, kwaye ukusebenzisa iTerraform kuthetha ukuba sinokusebenzisa i-GitOps workflows efanayo ukudala umaleko wolawulo oxhasa i-Kubernetes kunye nezicelo. Olu lolona qheliselo luluncedo.

Kukho ugxininiso olomeleleyo ekusebenziseni iikhonsepthi zeGitOps kumaleko ngaphezulu kweKubernetes. Okwangoku, kukho izisombululo zohlobo lwe-GitOps ze-Istio, i-Helm, i-Ksonnet, i-OpenFaaS kunye ne-Kubeflow, kunye, umzekelo, i-Pulumi, eyenza umaleko wokuphuhlisa izicelo ze-cloud native.

I-Kubernetes CI / CD: ukuthelekisa i-GitOps kunye nezinye iindlela

Njengoko kuchaziwe, iGitOps zizinto ezimbini:

1. Imodeli yokusebenza yeKubernetes kunye nemveli yelifu echazwe ngasentla.
2. Indlela eya kumphuhlisi-ophakathi kwendawo yolawulo lwesicelo.

Kwabaninzi, i-GitOps ngokuyintloko kukuhamba komsebenzi okusekwe kwi-Git pushs. Nathi siyamthanda. Kodwa akuphelelanga apho: ngoku makhe sijonge imibhobho yeCI/CD.

I-GitOps yenza ukuhanjiswa okuqhubekayo (CD) kwi-Kubernetes

I-GitOps ibonelela ngendlela eqhubekayo yokuhambisa esusa imfuno "yeenkqubo zolawulo lokusasazwa." UKubernetes ukwenzela wonke umsebenzi.

• Ukuhlaziya usetyenziso kufuna uhlaziyo kwiGit. Olu luhlaziyo lwentengiselwano kwisimo esifunwayo. "Ukusasazwa" emva koko kwenziwa ngaphakathi kweqela nguKubernetes ngokwalo ngokusekwe kwinkcazo ehlaziyiweyo.
• Ngenxa yobume bendlela uKubernetes asebenza ngayo, olu hlaziyo luyaguquka. Oku kubonelela ngendlela yokuhanjiswa okuqhubekayo apho lonke uhlaziyo luyi-atomic.
• Qaphela: Weave Cloud inikeza umqhubi weGitOps odibanisa iGit kunye neKubernetes kwaye ivumela iCD ukuba yenziwe ngokulungelelanisa imeko efunwayo kunye nekhoyo ngoku yeqela.

Ngaphandle kwe-bectl kunye nezikripthi

Kuya kufuneka ugweme ukusebenzisa i-Kubectl ukuhlaziya iqoqo lakho, kwaye ngakumbi ukunqanda ukusebenzisa izikripthi kwiqela le-kubectl imiyalelo. Endaweni yoko, ngombhobho weGitOps, umsebenzisi unokuhlaziya iqoqo labo leKubernetes ngeGit.

Izibonelelo ziquka:

1. Kunene. Iqela lohlaziyo linokusetyenziswa, liguqulelwe kwaye liqinisekiswe ekugqibeleni, lisisondeza kwinjongo yokuthunyelwa kweathomu. Ngokwahlukileyo, ukusebenzisa izikripthi akuboneleli nasiphi na isiqinisekiso sokuhlangana (ngaphezulu koku ngezantsi).
2. Khu seleko. Ukucaphula UKelsey Hightower: "Khawulela ukufikelela kwiqela lakho le-Kubernetes kwizixhobo ezizenzekelayo kunye nabalawuli abanoxanduva lokuyilungisa okanye ukuyigcina." bona kwakho upapasho lwam malunga nokhuseleko kunye nokuthotyelwa kweenkcukacha zobugcisa, ngokunjalo inqaku malunga nokugqekeza iHomebrew ngokuba iziqinisekiso kwiJenkins ebhalwe ngokungakhathaliyo.
3. Amava oMsebenzisi. I-Kubectl ibonisa ubuxhakaxhaka bemodeli ye-Kubernetes, enzima kakhulu. Ngokufanelekileyo, abasebenzisi kufuneka banxibelelane nenkqubo kwinqanaba eliphezulu lokutsalwa. Apha ndiya kuphinda ndibhekiselele kuKelsey kwaye ndincome ukubukela ukuqalisa kwakhona.

Umahluko phakathi kweCI kunye neCD

I-GitOps iphucula iimodeli ezikhoyo zeCI/CD.

Iseva ye-CI yangoku sisixhobo se-orchestration. Ngokukodwa, sisixhobo sokucwangcisa imibhobho yeCI. Ezi ziquka ukwakha, ukuvavanya, ukudibanisa kwi-trunk, njl. Isilingo esiqhelekileyo kukubhala iseti ye-Kubernetes yohlaziyo kwaye uyiqhube njengenxalenye yombhobho ukutyhala utshintsho kwiqela. Ngokwenene, oku koko kwenziwa ziingcali ezininzi. Nangona kunjalo, oku akulunganga, kwaye nantsi isizathu.

I-CI kufuneka isetyenziswe ukutyhala uhlaziyo kwi-trunk, kunye neqela le-Kubernetes kufuneka litshintshe ngokwalo ngokusekelwe kwezo zihlaziyo zokulawula i-CD ngaphakathi. Siyibiza tsala imodeli yeCD, ngokungafaniyo nemodeli yokutyhala yeCI. I-CD yinxalenye ixesha lokudlala okhestra.

Kutheni iiSeva zeCI kungafanele Zenze iiCD ngoHlaziyo oluthe ngqo kwiKubernetes

Musa ukusebenzisa iseva yeCI ukwenza uhlaziyo oluthe ngqo kwiKubernetes njengeseti yemisebenzi yeCI. Le yi-anti-pattern sithetha ngayo sele uxelelwe kwiblogi yakho.

Masibuyele kuAlice noBob.

Ziziphi iingxaki abajamelana nazo? Umncedisi ka-Bob we-CI usebenzisa utshintsho kwiqela, kodwa ukuba iyantlitheka kwinkqubo, uBob akayi kuyazi ukuba iphi i-cluster (okanye kufuneka ibe) kuyo okanye indlela yokuyilungisa. Kunjalo ke nakwimeko yokuphumelela.

Makhe sicinge ukuba iqela likaBob lenze umfanekiso omtsha kwaye emva koko lafakela ukuthunyelwa kwalo ukuze lithumele umfanekiso (zonke zisuka kumbhobho weCI).

Ukuba umfanekiso wakha ngokwesiqhelo, kodwa umbhobho uyasilela, iqela kuya kufuneka lifumanise:

• Ngaba uhlaziyo lukhutshiwe?
• Ngaba siqalisa isakhiwo esitsha? Ngaba oku kuya kukhokelela kwiziphumo ebezingalindelekanga ezingeyomfuneko - kunye nokuba nokwenzeka kokwakhiwa kabini komfanekiso ofanayo ongenakuguqulwa?
• Ngaba kufuneka silinde uhlaziyo olulandelayo ngaphambi kokuba siqhube isakhiwo?
• Yintoni eyonakeleyo? Ngawaphi amanyathelo afuna ukuphinda-phinda (kwaye ngawaphi akhuselekileyo ukuba angaphinda)?

Ukuseka ukuhamba komsebenzi okusekwe kwiGit akuqinisekisi ukuba iqela likaBob alizukudibana nezi ngxaki. Basenokwenza impazamo ngokutyhala, ithegi, okanye enye iparameter; nangona kunjalo, le ndlela isondele kakhulu kwindlela ecacileyo yonke-okanye-nto.

Ukushwankathela, nasi isizathu sokuba iiseva zeCI zingamelanga zijongane neCD:

• Izikripthi zohlaziyo azisoloko zimisela; Kulula ukwenza iimpazamo kubo.
• Iiseva zeCI azihlangani kwimodeli yeqela elibhengezayo.
• Kunzima ukuqinisekisa ukungabikho kwamandla. Abasebenzisi kufuneka baqonde i-semantics enzulu yenkqubo.
• Kunzima ngakumbi ukuchacha emva kokusilela.

Qaphela malunga neHelm: Ukuba ufuna ukusebenzisa iHelm, sincoma ukuyidibanisa nomsebenzisi weGitOps onje Flux-Helm. Oku kuya kunceda ukuqinisekisa ukuhlangana. I-Helm ngokwayo ayisiyiyo i-deterministic okanye i-atomic.

I-GitOps njengeyona ndlela ilungileyo yokuphumeza uNiko oluqhubekayo lwe-Kubernetes

Iqela lika-Alice kunye noBob lisebenzisa i-GitOps kwaye lifumanisa ukuba kube lula kakhulu ukusebenza kunye neemveliso zesoftware, ukugcina ukusebenza okuphezulu kunye nokuzinza. Masiliqukumbele eli nqaku ngomzekeliso obonisa ukuba indlela yabo entsha ijongeka njani. Gcina ukhumbula ukuba sithetha kakhulu malunga nezicelo kunye neenkonzo, kodwa i-GitOps inokusetyenziselwa ukulawula iqonga lilonke.

Imodeli yokusebenza yeKubernetes

Jonga lo mzobo ulandelayo. Ibonisa iGit kunye nendawo yokugcina umfanekiso wesikhongozeli njengezixhobo ekwabelwana ngazo kumjikelo wobomi olungelelanisiweyo:

• Umbhobho wokudibanisa oqhubekayo ofunda kwaye ubhale iifayile kwi-Git kwaye unokuhlaziya indawo yokugcina imifanekiso yesikhongozeli.
• Umbhobho we-Runtime GitOps odibanisa ukusasazwa kunye nolawulo kunye nokuqwalaselwa. Ifunda kwaye ibhale iifayile kwiGit kwaye inokukhuphela imifanekiso yesikhongozeli.

Ziziphi ezona ziphumo ziphambili?

1. Ukwahlula iinkxalabo: Nceda uqaphele ukuba yomibini imibhobho inokunxibelelana kuphela ngokuhlaziya iGit okanye indawo yokugcina umfanekiso. Ngamanye amazwi, kukho i-firewall phakathi kwe-CI kunye nemeko yendawo yokusebenza. Siyibiza ngokuba "yi-firewall engenakuguquguquka" (i-firewall engenakuguquleka), kuba lonke uhlaziyo lwendawo yokugcina ludala iinguqulelo ezintsha. Ngolwazi oluthe vetshe ngesi sihloko, jonga kwizilayidi 72-87 le ntetho.
2. Ungasebenzisa nayiphi na i-CI kunye ne-Git server: I-GitOps isebenza nalo naliphi na icandelo. Unako ukuqhubeka ukusebenzisa ozithandayo CI kunye neeseva Git, imifanekiso yokugcina, kunye namagumbi ovavanyo. Phantse zonke ezinye izixhobo zokuNikezela ngokuQolekileyo kwimarike zifuna eyazo iseva yeCI/Git okanye indawo yokugcina umfanekiso. Oku kunokuba yinto ethintelayo kuphuhliso lwemveli yelifu. NgeGitOps, unokusebenzisa izixhobo eziqhelekileyo.
3. Iziganeko njengesixhobo sokuhlanganisa: Ngokukhawuleza ukuba idatha kwi-Git ihlaziywe, i-Weave Flux (okanye i-Weave Cloud operator) yazisa ixesha lokusebenza. Nanini na uKubernetes esamkela iseti yotshintsho, iGit iyahlaziywa. Oku kubonelela ngemodeli elula yokudibanisa yokulungiselela ukuhamba komsebenzi kwi-GitOps, njengoko kuboniswe ngezantsi.

isiphelo

I-GitOps ibonelela ngeziqinisekiso zohlaziyo ezinamandla ezifunwa nasiphi na isixhobo sanamhlanje seCI/CD:

• ukuzenzela
• ukuhlangana;
• ukungabi namandla;
• ukuzimisela.

Oku kubalulekile kuba inika imodeli yokusebenza kubaphuhlisi bomthonyama belifu.

• Izixhobo zemveli zokulawula kunye neenkqubo zokubeka iliso zidibene namaqela okusebenza asebenza ngaphakathi kwe-runbook (uluhlu lweenkqubo zesiqhelo kunye nokusebenza - malunga noguqulelo.), ibotshelelwe kubhengezo oluthile.
• Kulawulo lwendalo lwamafu, izixhobo zokubonwa yeyona ndlela ilungileyo yokulinganisa iziphumo zokuthunyelwa ukuze iqela lophuhliso liphendule ngokukhawuleza.

Khawufane ucinge amaqela amaninzi asasazeke kumafu ahlukeneyo kunye neenkonzo ezininzi ezinamaqela azo kunye nezicwangciso zokusasaza. I-GitOps ibonelela ngemodeli engaguqukiyo yesikali yokulawula yonke le ntabalala.

PS evela kumguquleli

Funda nakwibhlog yethu:

• «I-GitOps: Ukuthelekiswa kweeNdlela zokuTsala kunye noTyhulo";
• «Ukwazisa i-bedog, ithala leencwadi lokulandela umkhondo wezixhobo zeKubernetes";
• «Ukwandisa kunye nokuxhasa iKubernetes (uphononongo kunye nengxelo yevidiyo)».

Ngabasebenzisi ababhalisiweyo kuphela abanokuthatha inxaxheba kuphando. Ngena, ndiyacela.

Ngaba ubusazi ngeGitOps ngaphambi kokuba ezi nguqulelo zimbini zivele kwiHabré?

• Ewe, ndandisazi yonke into

• Ngokucacileyo kuphela

• akukho

Bali-35 abasebenzisi abavotileyo. Abasebenzisi abasi-10 abakhange.

umthombo: www.habr.com