Ndisanda kubhala , apho wathetha ngokufutshane ukuba unokwenza inkqubo yakho yoqwalaselo ukuze inkonzo isebenze kakuhle kwi-Kuber, ikhuphe iimfihlo, kwaye iqhube kwindawo ngokufanelekileyo, nangaphandle kweDocker ngokupheleleyo. Akukho nto inzima, kodwa "iresiphi" echazwe inokuba luncedo kumntu :) Ikhowudi ikwiPython, kodwa ingqiqo ayibophelwanga kulwimi.
Imvelaphi yombuzo yile: kanye ngexesha kwakukho iprojekthi enye, ekuqaleni yayiyi-monolith encinci kunye nezixhobo kunye nezikripthi, kodwa ekuhambeni kwexesha yakhula, yahlula kwiinkonzo, eyaqala ukuhlulwa kwiinkonzo ezincinci, kwaye emva koko wenyuswa phezulu. Ekuqaleni, konke oku kwenziwa kwi-VPS engenanto, iinkqubo zokuseta kunye nokuthunyelwa kwekhowudi apho kwakuzenzekelayo kusetyenziswa i-Ansible, kwaye inkonzo nganye yahlanganiswa kunye ne-YAML config kunye nezicwangciso eziyimfuneko kunye nezitshixo, kwaye ifayile yoqwalaselo efanayo yasetyenziselwa. uphehlelelo lwasekhaya, obelulungele kakhulu, kuba .k olu qwalaselo lulayishwe kwinto yehlabathi, efumaneka naphi na kwiprojekthi.
Nangona kunjalo, ukukhula kwenani lee-microservices, unxibelelwano lwabo, kunye , yayifanekisela ukufudukela eKuber, okusaqhubekayo. Kanye kunye noncedo ekuxazululeni iingxaki ezikhankanyiweyo, i-Kubernetes inikeza iindlela zayo zokulawula iziseko zophuhliso, kubandakanywa ΠΈ . Umatshini usemgangathweni kwaye uthembekile, ngoko kusisono ukungawusebenzisi! Kodwa kwangaxeshanye, ndingathanda ukugcina ifomathi yam yangoku yokusebenza kunye noqwalaselo: okokuqala, ukuyisebenzisa ngokufanayo kwiinkonzo ezincinci zeprojekthi, kwaye okwesibini, ukukwazi ukuqhuba ikhowudi kumatshini wendawo usebenzisa enye elula. config file.
Kule nkalo, indlela yokwakha into yoqwalaselo yatshintshwa ukuze ikwazi ukusebenza zombini kunye nefayile yethu ye-classic config kunye neemfihlo ezivela ku-Kuber. Ulwakhiwo loqwalaselo olungqongqo ngakumbi lwachazwa, ngolwimi lwePython yesithathu, ngolu hlobo lulandelayo:
Dict[str, Dict[str, Union[str, int, dada]]
Oko kukuthi, i-cogfig yokugqibela sisichazi-magama esinamacandelo abizwa ngamagama, ngalinye lisisichazi-magama esinamaxabiso asuka kwiintlobo ezilula. Kwaye amacandelo achaza uqwalaselo kunye nokufikelela kwizibonelelo zohlobo oluthile. Umzekelo wesiqwenga soqwalaselo lwethu:
adminka:
django_secret: "ExtraLongAndHardCode"
db_main:
engine: mysql
host: 256.128.64.32
user: cool_user
password: "SuperHardPassword"
redis:
host: 256.128.64.32
pw: "SuperHardPassword"
port: 26379
smtp:
server: smtp.gmail.com
port: 465
email: [email protected]
pw: "SuperHardPassword"Ngelo xesha, intsimi engine idatabase inokufakwa kwiSQLite, kwaye redis cwangcisa uku mock, ichaza kwakhona igama lefayile yokugcina - ezi parameters ziqatshelwe ngokuchanekileyo kwaye ziqhutywe, okwenza kube lula ukuqhuba ikhowudi kwindawo yokulungisa ingxaki, uvavanyo lweyunithi kunye naziphi na ezinye iimfuno. Oku kubaluleke kakhulu kuthi kuba kukho ezinye iimfuno ezininzi-inxalenye yekhowudi yethu yenzelwe izibalo ezahlukeneyo zohlalutyo, ayiqhubeki nje kwiiseva ezine-orchestration, kodwa kunye nemibhalo eyahlukeneyo, kunye neekhompyuter zabahlalutyi ekufuneka basebenze. kunye nokulungisa imibhobho yokusetyenzwa kwedatha entsonkothileyo ngaphandle kokukhathazeka ngemiba ye-backend. Ngendlela, akuyi kuba buhlungu ukwabelana ukuba izixhobo zethu eziphambili, kubandakanywa nekhowudi yokucwangcisa, ifakwe nge setup.py β ngokudibeneyo oku kudibanisa ikhowudi yethu ibe yinkqubo yendalo enye, ezimeleyo kwiqonga kunye nendlela yokusetyenziswa.
Inkcazo ye-Kubernetes pod ibonakala ngolu hlobo:
containers:
- name : enter-api
image: enter-api:latest
ports:
- containerPort: 80
volumeMounts:
- name: db-main-secret-volume
mountPath: /etc/secrets/db-main
volumes:
- name: db-main-secret-volume
secret:
secretName: db-main-secretOko kukuthi, imfihlelo nganye ichaza icandelo elinye. Iimfihlo ngokwazo zenziwe ngolu hlobo:
apiVersion: v1
kind: Secret
metadata:
name: db-main-secret
type: Opaque
stringData:
db_main.yaml: |
engine: sqlite
filename: main.sqlite3Ngokudibeneyo oku kuphumela ekwenziweni kweefayile ze-YAML ecaleni kwendlela /etc/secrets/db-main/section_name.yaml
Kwaye kuphehlelelo lwasekhaya, uqwalaselo luyasetyenziswa, lubekwe kulawulo lweengcambu zeprojekthi okanye ecaleni kwendlela echazwe kuguquguquko lokusingqongileyo. Ikhowudi ejongene nolu ncedo ingabonwa kwi-spoiler.
config.py
__author__ = 'AivanF'
__copyright__ = 'Copyright 2020, AivanF'
import os
import yaml
__all__ = ['config']
PROJECT_DIR = os.path.abspath(__file__ + 3 * '/..')
SECRETS_DIR = '/etc/secrets'
KEY_LOG = '_config_log'
KEY_DBG = 'debug'
def is_yes(value):
if isinstance(value, str):
value = value.lower()
if value in ('1', 'on', 'yes', 'true'):
return True
else:
if value in (1, True):
return True
return False
def update_config_part(config, key, data):
if key not in config:
config[key] = data
else:
config[key].update(data)
def parse_big_config(config, filename):
'''
Parse YAML config with multiple section
'''
if not os.path.isfile(filename):
return False
with open(filename) as f:
config_new = yaml.safe_load(f.read())
for key, data in config_new.items():
update_config_part(config, key, data)
config[KEY_LOG].append(filename)
return True
def parse_tiny_config(config, key, filename):
'''
Parse YAML config with a single section
'''
with open(filename) as f:
config_tiny = yaml.safe_load(f.read())
update_config_part(config, key, config_tiny)
config[KEY_LOG].append(filename)
def combine_config():
config = {
# To debug config load code
KEY_LOG: [],
# To debug other code
KEY_DBG: is_yes(os.environ.get('DEBUG')),
}
# For simple local runs
CONFIG_SIMPLE = os.path.join(PROJECT_DIR, 'config.yaml')
parse_big_config(config, CONFIG_SIMPLE)
# For container's tests
CONFIG_ENVVAR = os.environ.get('CONFIG')
if CONFIG_ENVVAR is not None:
if not parse_big_config(config, CONFIG_ENVVAR):
raise ValueError(
f'No config file from EnvVar:n'
f'{CONFIG_ENVVAR}'
)
# For K8s secrets
for path, dirs, files in os.walk(SECRETS_DIR):
depth = path[len(SECRETS_DIR):].count(os.sep)
if depth > 1:
continue
for file in files:
if file.endswith('.yaml'):
filename = os.path.join(path, file)
key = file.rsplit('.', 1)[0]
parse_tiny_config(config, key, filename)
return config
def build_config():
config = combine_config()
# Preprocess
for key, data in config.items():
if key.startswith('db_'):
if data['engine'] == 'sqlite':
data['filename'] = os.path.join(PROJECT_DIR, data['filename'])
# To verify correctness
if config[KEY_DBG]:
print(f'** Loaded config:n{yaml.dump(config)}')
else:
print(f'** Loaded config from: {config[KEY_LOG]}')
return config
config = build_config()Ingqiqo apha ilula kakhulu: sidibanisa uqwalaselo olukhulu olusuka kulawulo lweprojekthi kunye neendlela ngokuguquguquka kwemekobume, kunye namacandelo amancinci oqwalaselo avela kwiimfihlo zeKuber, kwaye emva koko uqhubele phambili kancinci. Ukongeza kwezinye iinguqu. Ndiyaqaphela ukuba xa ukhangela iifayile kwiimfihlo, ukulinganiselwa kobunzulu kusetyenziswa, kuba i-K8s idala ifolda efihliweyo kwimfihlo nganye apho iimfihlo ngokwazo zigcinwe khona, kwaye ikhonkco nje ibekwe kwinqanaba eliphezulu.
Ndiyathemba ukuba oko kuchazwe kuya kuba luncedo kumntu :) Naziphi na izimvo kunye neengcebiso malunga nokhuseleko okanye ezinye iindawo zokuphucula zamkelwe. Uluvo loluntu lunomdla, mhlawumbi kuyafaneleka ukongeza inkxaso ye-ConfigMaps (iprojekthi yethu ayikasebenzisi okwangoku) kwaye ipapashe ikhowudi kwiGitHub / PyPI? Ngokwam, ndicinga ukuba izinto ezinjalo zizimele kakhulu ukuba iiprojekthi zifikeleleke kwihlabathi liphela, kunye nokujonga kancinci ukuphunyezwa kwabanye abantu, njengaleyo inikwe apha, kunye nengxoxo yee-nuances, iingcebiso kunye nezenzo ezilungileyo, endinethemba lokuzibona kumagqabantshintshi. , kwanele π
Ngabasebenzisi ababhalisiweyo kuphela abanokuthatha inxaxheba kuphando. , ndiyacela.
Ngaba kufuneka ndipapashe njengeprojekthi/ithala leencwadi?
-
0,0%Ewe, ndingasebenzisa /contribution0
-
33,3%Ewe, oko kuvakala kulungile4
-
41,7%Hayi, ngubani ekufuneka azenzele ngokwakhe ngokwefomathi yakhe kwaye ihambelane neemfuno zabo5
-
25,0%Ndizakuyeka ukuphendula3
Bangama-12 abasebenzisi abavotileyo. Abasebenzisi abangama-3 abakhange.
umthombo: www.habr.com