Yintoni eza kuqala - inkukhu okanye iqanda? Isiqalo esingaqhelekanga senqaku malunga ne-Infrastructure-as-Code, akunjalo?
Yintoni iqanda?
Amaxesha amaninzi, i-Infrastructure-as-Code (IaC) yindlela ebhengezayo yokumela iziseko zophuhliso. Kuyo sichaza imeko esifuna ukuyifeza, ukuqala kwinxalenye ye-hardware kwaye iphele ngokucwangciswa kwesoftware. Ke ngoko i-IaC isetyenziselwa:
- Ubonelelo lweziBonelelo. Ezi ziiVM, S3, VPC, njl. Izixhobo ezisisiseko zomsebenzi: ΠΈ .
- . Izixhobo ezisisiseko: , Umpheki, njl.
Nayiphi na ikhowudi ikwiindawo zokugcina zegit. Kwaye ngokukhawuleza okanye kamva inkokeli yeqela iya kuthatha isigqibo sokuba kufuneka zibekwe ngolungelelwano. Kwaye uya refactor. Kwaye kuya kudala isakhiwo esithile. Kwaye uya kubona ukuba oku kulungile.
Kuhle nokuba sele ikhona ΠΈ -umnikezeli weTerraform (kwaye oku kuLungiswa kweSoftware). Ngoncedo lwabo, unokulawula yonke iprojekthi: amalungu eqela, i-CI / CD, i-git-flow, njl.
Livela phi iqanda?
Ngoko ngokuthe ngcembe sisondela kumbuzo ophambili.
Okokuqala, kufuneka uqale ngovimba ochaza ubume bezinye iindawo zokugcina, kubandakanywa nawe. Kwaye kunjalo, njengenxalenye yeGitOps, kufuneka udibanise iCI ukuze utshintsho lwenziwe ngokuzenzekelayo.
Ukuba iGit ayikadalwa okwangoku?
- Uyigcina njani kwiGit?
- Indlela yokufaka i-CI?
- Ukuba sikwahambisa i-Gitlab sisebenzisa i-IaC, nakwi-Kubernetes?
- Kwaye iGitLab Runner ikwaseKubernetes?
- Kuthekani ngeKubernetes kumboneleli welifu?
Yintoni eza kuqala: iGitLab apho ndizakufaka khona ikhowudi yam, okanye ikhowudi echaza ukuba loluphi uhlobo lweGitLab endiyifunayo?
Inkukhu namaqanda
Β«3 kunye nedayinaso" []
Makhe sizame ukupheka isitya usebenzisa njengomboneleli wefu .
TL; DR
Ngaba kuyenzeka ukujoyina iqela elinye ngexesha elinye?
$ export MY_SELECTEL_TOKEN=<token>
$ curl https://gitlab.com/chicken-or-egg/mks/make/-/snippets/2002106/raw | bashIzithako:
- Iakhawunti evela kum.selectel.ru;
- uphawu lweakhawunti;
- izakhono zeKubernetes;
- Izakhono zoHelm;
- izakhono zeTerraform;
- Itshathi yeHelm yeGitLab;
- Helm itshati yeGitLab Runner.
Recipe:
- Fumana MY_SELECTEL_TOKEN kwiqela lenjongo yam.selectel.ru.
- Yenza iqela le-Kubernetes ngokudlulisela ithokheni yeakhawunti kuyo.
- Fumana KUBECONFIG kwiqela elenziweyo.
- Faka iGitLab kwiKubernetes.
- Fumana i-GitLab-token kwi-GitLab eyenzelwe umsebenzisi Ingcambu.
- Yenza ubume beprojekthi kwi-GitLab usebenzisa i-GitLab-token.
- Tyhila ikhowudi ekhoyo kwiGitLab.
- ???
- Inzuzo!
Isinyathelo 1. Ithokheni inokufumaneka kwicandelo .
Isinyathelo 2. Silungiselela i-Terraform yethu "yokubhaka" i-cluster of 2 nodes. Ukuba uqinisekile ukuba unemithombo eyaneleyo kuyo yonke into, ngoko unokwenza ukuba iiquota ezizenzekelayo:
provider "selectel" {
token = var.my_selectel_token
}
variable "my_selectel_token" {}
variable "username" {}
variable "region" {}
resource "selectel_vpc_project_v2" "my-k8s" {
name = "my-k8s-cluster"
theme = {
color = "269926"
}
quotas {
resource_name = "compute_cores"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 16
}
}
quotas {
resource_name = "network_floatingips"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "load_balancers"
resource_quotas {
region = var.region
value = 1
}
}
quotas {
resource_name = "compute_ram"
resource_quotas {
region = var.region
zone = "${var.region}a"
value = 32768
}
}
quotas {
resource_name = "volume_gigabytes_fast"
resource_quotas {
region = var.region
zone = "${var.region}a"
# (20 * 2) + 50 + (8 * 3 + 10)
value = 130
}
}
}
resource "selectel_mks_cluster_v1" "k8s-cluster" {
name = "k8s-cluster"
project_id = selectel_vpc_project_v2.my-k8s.id
region = var.region
kube_version = "1.17.9"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.k8s-cluster.id
project_id = selectel_mks_cluster_v1.k8s-cluster.project_id
region = selectel_mks_cluster_v1.k8s-cluster.region
availability_zone = "${var.region}a"
nodes_count = 2
cpus = 8
ram_mb = 16384
volume_gb = 15
volume_type = "fast.${var.region}a"
labels = {
"project": "my",
}
}Yongeza umsebenzisi kwiprojekthi:
resource "random_password" "my-k8s-user-pass" {
length = 16
special = true
override_special = "_%@"
}
resource "selectel_vpc_user_v2" "my-k8s-user" {
password = random_password.my-k8s-user-pass.result
name = var.username
enabled = true
}
resource "selectel_vpc_keypair_v2" "my-k8s-user-ssh" {
public_key = file("~/.ssh/id_rsa.pub")
user_id = selectel_vpc_user_v2.my-k8s-user.id
name = var.username
}
resource "selectel_vpc_role_v2" "my-k8s-role" {
project_id = selectel_vpc_project_v2.my-k8s.id
user_id = selectel_vpc_user_v2.my-k8s-user.id
}Isiphumo:
output "project_id" {
value = selectel_vpc_project_v2.my-k8s.id
}
output "k8s_id" {
value = selectel_mks_cluster_v1.k8s-cluster.id
}
output "user_name" {
value = selectel_vpc_user_v2.my-k8s-user.name
}
output "user_pass" {
value = selectel_vpc_user_v2.my-k8s-user.password
}Masiqalise:
$ env
TF_VAR_region=ru-3
TF_VAR_username=diamon
TF_VAR_my_selectel_token=<token>
terraform plan -out planfile
$ terraform apply -input=false -auto-approve planfile
Isinyathelo 3. Sifumana i-cubeconfig.
Ukukhuphela ngenkqubo KUBECONFIG, kufuneka ufumane ithokheni kwi-OpenStack:
openstack token issue -c id -f value > tokenKwaye ngalo mqondiso wenze isicelo kwi-Managed Kubernetes Selectel API. k8s_id imiba iterraform:
curl -XGET -H "x-auth-token: $(cat token)" "https://ru-3.mks.selcloud.ru/v1/clusters/$(cat k8s_id)/kubeconfig" -o kubeConfig.yamlI-Cupconfig inokufikelelwa ngendawo yolawulo.
Isinyathelo 4. Emva kokuba i-cluster ibhakiwe kwaye sinokufikelela kuyo, singongeza i-yaml phezulu ukunambitha.
Ndikhetha ukongeza:
- indawo yamagama
- iklasi yokugcina
- umgaqo-nkqubo wokhuseleko we-pod njalo njalo.
kuba i-Selectel inokuthathwa kuyo .
Ukusukela ekuqaleni ndiye ndakhetha iqela kwizowuni ru-3a, emva koko ndifuna iClass yoGcino ukusuka kule zowuni.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast.ru-3a
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: cinder.csi.openstack.org
parameters:
type: fast.ru-3a
availability: ru-3a
allowVolumeExpansion: trueIsinyathelo 5. Faka isilinganisi somthwalo.
Siza kusebenzisa umgangatho kwabaninzi nginx-ukungena. Sele mininzi imiyalelo yokuyifakela, ngoko ke asizukuhlala kuyo.
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm upgrade nginx-ingress nginx-stable/nginx-ingress -n ingress --install -f ../internal/K8S-cluster/ingress/values.ymlSilindele ukuba ifumane i-IP yangaphandle malunga nemizuzu eyi-3-4:
Kufunyenwe i-IP yangaphandle:
Isinyathelo 6. Faka iGitLab.
$ helm repo add gitlab https://charts.gitlab.io
$ helm upgrade gitlab gitlab/gitlab -n gitlab --install -f gitlab/values.yml --set "global.hosts.domain=gitlab.$EXTERNAL_IP.nip.io"Kwakhona silindele ukuba zonke iipods ziphakame.
kubectl get po -n gitlab
NAME READY STATUS RESTARTS AGE
gitlab-gitaly-0 0/1 Pending 0 0s
gitlab-gitlab-exporter-88f6cc8c4-fl52d 0/1 Pending 0 0s
gitlab-gitlab-runner-6b6867c5cf-hd9dp 0/1 Pending 0 0s
gitlab-gitlab-shell-55cb6ccdb-h5g8x 0/1 Init:0/2 0 0s
gitlab-migrations.1-2cg6n 0/1 Pending 0 0s
gitlab-minio-6dd7d96ddb-zd9j6 0/1 Pending 0 0s
gitlab-minio-create-buckets.1-bncdp 0/1 Pending 0 0s
gitlab-postgresql-0 0/2 Pending 0 0s
gitlab-prometheus-server-6cfb57f575-v8k6j 0/2 Pending 0 0s
gitlab-redis-master-0 0/2 Pending 0 0s
gitlab-registry-6bd77b4b8c-pb9v9 0/1 Pending 0 0s
gitlab-registry-6bd77b4b8c-zgb6r 0/1 Init:0/2 0 0s
gitlab-shared-secrets.1-pc7-5jgq4 0/1 Completed 0 20s
gitlab-sidekiq-all-in-1-v1-54dbcf7f5f-qbq67 0/1 Pending 0 0s
gitlab-task-runner-6fd6857db7-9x567 0/1 Pending 0 0s
gitlab-webservice-d9d4fcff8-hp8wl 0/2 Pending 0 0s
Waiting gitlab
./wait_gitlab.sh ../internal/gitlab/gitlab/.pods
waiting for pod...
waiting for pod...
waiting for pod...Iipods zavuka:
Isinyathelo 7. Sifumana i-GitLab-token.
Okokuqala, fumana igama lokungena:
kubectl get secret -n gitlab gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}' | base64 --decodeNgoku masingene kwaye sithathe ithokheni:
python3 get_gitlab_token.py root $GITLAB_PASSWORD http://gitlab.gitlab.$EXTERNAL_IP.nip.ioIsinyathelo 8. Ukuzisa oovimba beGit kuluhlu oluchanekileyo usebenzisa uMboneleli weGitlab.
cd ../internal/gitlab/hierarchy && terraform apply -input=false -auto-approve planfileNgelishwa, umboneleli weGitLab weterraform unento edadayo . Emva koko kuya kufuneka ucime iiprojekthi eziphikisanayo ngesandla ukuze i-tf.state ilungiswe. Emva koko sebenzisa kwakhona umyalelo `$make all`
Isinyathelo 9. Sidlulisela iindawo zokugcina zendawo kumncedisi.
$ make push
[master (root-commit) b61d977] Initial commit
3 files changed, 46 insertions(+)
create mode 100644 .gitignore
create mode 100644 values.yml
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 770 bytes | 770.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)Kwenziwe:
isiphelo
Siphumelele ukuba singakwazi ukulawula yonke into ngokubhengeza kumatshini wethu wasekhaya. Ngoku ndifuna ukudlulisela yonke le misebenzi kwi-CI kwaye ndicinezele amaqhosha. Ukwenza oku, kufuneka sidlulisele amazwe ethu asekuhlaleni (i-Terraform state) kwi-CI. Indlela yokwenza oku ikwicandelo elilandelayo.
Bhalisela yethu ukuze ungaphuthelwa ukukhutshwa kwamanqaku amatsha!
umthombo: www.habr.com