Indlela iDailisai eyisebenzisa ngayo iKubernetes: Ukuhanjiswa kwesicelo
Thina kwaDailymday saqala ukusebenzisa iKubernetes kwimveliso kwiminyaka emi-3 eyadlulayo. Kodwa ukusasaza usetyenziso kumaqela amaninzi kuyonwabisa, ke kule minyaka imbalwa idlulileyo besizama ukuphucula izixhobo zethu kunye nokuhamba komsebenzi.
Iqale phi
Apha siza kugubungela indlela esizisebenzisa ngayo izicelo zethu kuzo zonke amaqela eKubernetes kwihlabathi liphela.
Ukuhambisa izinto ezininzi zeKubernetes ngaxeshanye, sisebenzisa , kwaye zonke iitshathi zethu zigcinwe kwindawo enye yokugcina igit. Ukuhambisa istaki esipheleleyo sesicelo kwiinkonzo ezininzi, sisebenzisa into ebizwa ngokuba yitshati yesishwankathelo. Ngokusisiseko, le tshati echaza ukuxhomekeka kwaye ikuvumela ukuba uqalise i-API kunye neenkonzo zayo ngomyalelo omnye.
Siphinde sabhala iskripthi esincinci sePython ngaphezulu kweHelm ukwenza iitshekhi, ukwenza iitshathi, ukongeza iimfihlo, kunye nokuhambisa izicelo. Yonke le misebenzi yenziwa kwiqonga eliphakathi leCI kusetyenziswa umfanekiso wedoki.
Makhe sifikelele kwinqanaba.
Phawula. Njengoko ufunda oku, umviwa wokuqala wokukhululwa weHelm 3 sele ebhengeziwe. Inguqulelo ephambili iqulethe intaphane yophuculo lokujongana neminye imiba esiye sadibana nayo ngaphambili.
Inkqubo yophuhliso lwetshathi
Sisebenzisa i-branching kwizicelo, kwaye sagqiba ekubeni sisebenzise indlela efanayo kwiitshathi.
- Isebe dev isetyenziselwa ukwenza iitshathi eziya kuvavanywa kumaqela ophuhliso.
- Xa isicelo sokutsalwa singeniswa ku inkosi, zijongwa ngokweqonga.
- Ekugqibeleni, senza isicelo sokutsala ukwenza utshintsho kwisebe Qhuba kwaye uwasebenzise kwimveliso.
Indawo nganye inovimba wayo wabucala ogcina iitshathi zethu, kwaye siyazisebenzisa ngeeAPIs eziluncedo kakhulu. Ngale ndlela siqinisekisa ukwahlukaniswa okungqongqo phakathi kokusingqongileyo kunye novavanyo lwehlabathi lokwenyani lweetshathi ngaphambi kokuzisebenzisa kwimveliso.
Iindawo zokugcina itshathi kwiindawo ezahlukeneyo
Kuyaphawuleka ukuba xa abaphuhlisi betyhala isebe le-dev, uguqulelo lwetshati yabo lutyhalelwa ngokuzenzekelayo kwi-dev Chartmuseum. Ke, bonke abaphuhlisi basebenzisa indawo yogcino lwedev efanayo, kwaye kufuneka uluchaze ngononophelo uguqulelo lwakho lwetshati ukuze ungasebenzisi ngempazamo utshintsho lomnye umntu.
Ngapha koko, iskripthi sethu esincinci sePython siqinisekisa izinto zeKubernetes ngokuchasene ne-Kubernetes OpenAPI ecacisiweyo usebenzisa. , ngaphambi kokuzipapasha kwiChartmusem.
Inkcazo ngokubanzi yophuhliso lwetshathi yokuhamba komsebenzi
- Ukumisela imisebenzi yemibhobho ngokweenkcukacha kulawulo lomgangatho (i-lint, iyunithi-yovavanyo).
- Ukutyhala umfanekiso wedocker ngezixhobo zePython ezithumela usetyenziso lwethu.
- Ukumisela imeko-bume ngegama lesebe.
- Ukuqinisekisa iifayile ze-yaml ze-Kubernetes usebenzisa i-Kubeval.
- Ukwandisa ngokuzenzekelayo uguqulelo lwetshathi kunye neetshathi zabazali (iitshathi ezixhomekeke kwitshathi eguqulwayo).
- Ukungenisa itshati kwiChartmuseum ehambelana nokusingqongileyo
Ukulawula iiyantlukwano kumaqela
Umanyano lwamaqela
Kwakukho ixesha apho sasisebenzisa , apho izinto zeKubernetes zinokubhengezwa ukusuka kwindawo enye ye-API. Kodwa kwavela iingxaki. Ngokomzekelo, ezinye izinto ze-Kubernetes azikwazanga ukudalwa kwi-endpoint ye-federation, okwenza kube nzima ukugcina izinto ezidibeneyo kunye nezinye izinto zeqela ngalinye.
Ukucombulula ingxaki, saqala ukulawula amaqela ngokuzimeleyo, nto leyo eyayenza lula kakhulu inkqubo (sasebenzisa inguqulelo yokuqala ye-federation; kukho into enokutshintsha okwesibini).
Iqonga elisasazwe nge-geo
Iqonga lethu okwangoku lisasazwe kwimimandla emi-6 - emi-3 yalapha kunye ne-3 efini.
Ukusasazwa kokusasazwa
Amaxabiso e-Global Helm
Amaxabiso ama-4 eHelm yehlabathi akuvumela ukuba uchonge umahluko phakathi kwamaqela. Zonke iitshathi zethu zinexabiso elisezantsi elingagqibekanga.
global:
cloud: True
env: staging
region: us-central1
clusterName: staging-us-central1Amaxabiso ehlabathi
Ezi xabiso zinceda ukucacisa umxholo wezicelo zethu kwaye zisetyenziselwa iinjongo ezahlukeneyo: ukubeka iliso, ukulandelela, ukugawulwa kwemithi, ukwenza iminxeba yangaphandle, ukukala, njl.
- "ilifu": Sineqonga elixubileyo leKubernetes. Ngokomzekelo, i-API yethu ifakwe kwiindawo ze-GCP nakumaziko ethu edatha.
- "env": Amanye amaxabiso anokutshintsha kwiimeko ezingezizo ezemveliso. Umzekelo, iinkcazo zezibonelelo kunye noqwalaselo lwe-autoscaling.
- "ingingqi": Olu lwazi lunceda ukugqiba indawo yeqela kwaye lunokusetyenziswa ukumisela iindawo ezikufutshane zokuphela kweenkonzo zangaphandle.
- "clusterName": ukuba kwaye xa sifuna ukuchaza ixabiso leqela ngalinye.
Nanku umzekelo othile:
{{/* Returns Horizontal Pod Autoscaler replicas for GraphQL*/}}
{{- define "graphql.hpaReplicas" -}}
{{- if eq .Values.global.env "prod" }}
{{- if eq .Values.global.region "europe-west1" }}
minReplicas: 40
{{- else }}
minReplicas: 150
{{- end }}
maxReplicas: 1400
{{- else }}
minReplicas: 4
maxReplicas: 20
{{- end }}
{{- end -}}Helm template umzekelo
Le ngqiqo ichazwa kwitemplate yomncedisi ukunqanda ukudityaniswa kweKubernetes YAML.
Isibhengezo seSicelo
Izixhobo zethu zokuthumela zisekwe kwiifayile ezininzi ze-YAML. Apha ngezantsi kukho umzekelo wendlela esiyibhengeza ngayo inkonzo kunye ne-topology yokulinganisa (inani leekopi) kwiqela.
releases:
- foo.world
foo.world: # Release name
services: # List of dailymotion's apps/projects
foobar:
chart_name: foo-foobar
repo: git@github.com:dailymotion/foobar
contexts:
prod-europe-west1:
deployments:
- name: foo-bar-baz
replicas: 18
- name: another-deployment
replicas: 3Inkcazo yeNkonzo
Esi sisishwankathelo sawo onke amanyathelo achaza ukuhamba komsebenzi wethu wokusasazwa. Inyathelo lokugqibela lihambisa isicelo kumaqela abasebenzi abaninzi ngaxeshanye.
Amanyathelo okusasazwa kweJenkins
Kuthekani ngeemfihlo?
Ngokuphathelele ukhuseleko, silandelela zonke iimfihlo ezivela kwiindawo ezahlukeneyo kwaye sizigcine kwindawo ekhethekileyo eParis.
Izixhobo zethu zokuthumela zikhupha amaxabiso ayimfihlo kwiVault kwaye, xa ixesha lokuthunyelwa lifika, liwafake kwiHelm.
Ukwenza oku, sichaze imephu phakathi kweemfihlo kwiVault kunye neemfihlo ezidingwa sisicelo sethu:
secrets:
- secret_id: "stack1-app1-password"
contexts:
- name: "default"
vaultPath: "/kv/dev/stack1/app1/test"
vaultKey: "password"
- name: "cluster1"
vaultPath: "/kv/dev/stack1/app1/test"
vaultKey: "password"- Sichaze imithetho jikelele emayilandelwe xa urekhoda iimfihlo kwiVault.
- Ukuba imfihlo iyasebenza kumxholo okanye iqela elithile, kufuneka udibanise ungeno oluthile. (Apha umxholo cluster1 unexabiso layo lemfihlo istaki-app1-password).
- Kungenjalo ixabiso liyasetyenziswa ngokungagqibekanga.
- Kwinto nganye kolu luhlu kwi Kubernetes imfihlo isitshixo-ixabiso iperi ifakiwe. Ke ngoko, itemplate eyimfihlo kwiitshathi zethu ilula kakhulu.
apiVersion: v1
data:
{{- range $key,$value := .Values.secrets }}
{{ $key }}: {{ $value | b64enc | quote }}
{{ end }}
kind: Secret
metadata:
name: "{{ .Chart.Name }}"
labels:
chartVersion: "{{ .Chart.Version }}"
tillerVersion: "{{ .Capabilities.TillerVersion.SemVer }}"
type: OpaqueIingxaki kunye nezithintelo
Ukusebenza ngoovimba abaninzi
Ngoku sihlula ukuphuhliswa kweetshathi kunye nezicelo. Oku kuthetha ukuba abaphuhlisi kufuneka basebenze kwiindawo ezimbini zokugcina i-git: enye yesicelo, kwaye enye yokuchaza ukusasazwa kwayo kwi-Kubernetes. Ii-git zokugcina zithetha ukuhamba komsebenzi oku-2, kwaye kulula ukuba umntu oqalayo abhideke.
Ukulawula iitshathi eziqhelekileyo kuyingxaki
Njengoko besesitshilo, iitshathi eziqhelekileyo ziluncedo kakhulu ekuchongeni ukuxhomekeka kunye nokuthumela ngokukhawuleza izicelo ezininzi. Kodwa sisebenzisa --reuse-valuesukunqanda ukudlula onke amaxabiso ngalo lonke ixesha sifaka usetyenziso oluyinxalenye yale tshati eqhelekileyo.
Kukuhanjiswa komsebenzi okuqhubekayo, sinamaxabiso amabini kuphela atshintsha rhoqo: inani leekopi kunye nethegi yomfanekiso (uguqulelo). Okunye, amaxabiso azinzileyo aguqulwa ngesandla, kwaye oku kunzima kakhulu. Ngaphezu koko, impazamo enye ekusetyenzisweni kwetshati ngokubanzi inokukhokelela kwintsilelo enzulu, njengoko sibonile kumava ethu.
Ukuhlaziya iifayile zoqwalaselo ezininzi
Xa umphuhlisi engeza isicelo esitsha, kufuneka atshintshe iifayile ezininzi: isibhengezo sesicelo, uluhlu lweemfihlo, ukongeza isicelo njengokuxhomekeka ukuba kufakwe kwitshathi ngokubanzi.
Iimvume zeJenkins zandiswe kakhulu kwiVault
Ngoku sinenye , efunda zonke iimfihlo ezivela kwiVault.
Inkqubo yokubuyisela umva ayizenzekeli
Ukubuyisela umva, kufuneka usebenzise umyalelo kumaqela amaninzi, kwaye oku kugcwele iimpazamo. Senza lo msebenzi ngesandla ukuqinisekisa ukuba i-ID yoguqulelo oluchanekileyo luchaziwe.
Sisiya ngakwiGitOps
Injongo yethu
Sifuna ukubuyisela itshati kwindawo yokugcina yesicelo esisebenzisayo.
Ukuhamba komsebenzi kuya kufana nophuhliso. Umzekelo, xa isebe lityhalwa ukuba libe ngumphathi, ukusasazwa kuya kuqhutywa ngokuzenzekelayo. Umahluko omkhulu phakathi kwale ndlela kunye nokuhamba komsebenzi wangoku kuya kuba yileyo yonke into iya kulawulwa kwi-git (isicelo ngokwaso kunye nendlela esetyenziswa ngayo kwi-Kubernetes).
Kukho iingenelo ezininzi:
- Kakhulu icace ngakumbi kubaphuhlisi. Kulula ukufunda indlela yokufaka utshintsho kwitshathi yendawo.
- Inkcazelo yokusasazwa kwenkonzo ingachazwa indawo efanayo nekhowudi inkonzo.
- Ukulawula ukususwa kweetshathi eziqhelekileyo. Inkonzo iya kuba neHelm yayo yokukhululwa. Oku kuya kukuvumela ukuba ulawule i-lifecycle yesicelo (i-rollback, ukuphuculwa) kwinqanaba elincinci, ukwenzela ukuba ungachaphazeli ezinye iinkonzo.
- Iinzuzo zegit kulawulo lwetshathi: hlehlisa utshintsho, log log, njl.njl. Ukuba ufuna ukuhlehlisa utshintsho kwitshathi, ungakwenza oku usebenzisa i-git. Ukusasazwa kuqala ngokuzenzekelayo.
- Unokucinga ngokuphucula ukuhamba kwakho komsebenzi ngezixhobo ezifana I-Skaffold, apho abaphuhlisi banokuvavanya utshintsho kwimeko ekufutshane nemveliso.
Ukufuduka kwamanyathelo amabini
Abaphuhlisi bethu bebesebenzisa le ndlela yokusebenza iminyaka emi-2 ngoku, ke sifuna ukufuduka kungabi nantlungu kangangoko. Ngoko ke, sagqiba ekubeni songeze inyathelo eliphakathi kwindlela eya kwinjongo.
Inqanaba lokuqala lilula:
- Sigcina ulwakhiwo olufanayo lokuseta ukuhanjiswa kwesicelo, kodwa kwinto enye ebizwa ngokuba yi- DailymotionRelease.
apiVersion: "v1"
kind: "DailymotionRelease"
metadata:
name: "app1.ns1"
environment: "dev"
branch: "mybranch"
spec:
slack_channel: "#admin"
chart_name: "app1"
scaling:
- context: "dev-us-central1-0"
replicas:
- name: "hermes"
count: 2
- context: "dev-europe-west1-0"
replicas:
- name: "app1-deploy"
count: 2
secrets:
- secret_id: "app1"
contexts:
- name: "default"
vaultPath: "/kv/dev/ns1/app1/test"
vaultKey: "password"
- name: "dev-europe-west1-0"
vaultPath: "/kv/dev/ns1/app1/test"
vaultKey: "password"- Ukukhutshwa kwe-1 ngesicelo ngasinye (ngaphandle kweetshathi eziqhelekileyo).
- Iitshathi kwindawo yokugcina ye-git.
Sithethe nabo bonke abaphuhlisi, ngoko ke inkqubo yokufuduka sele iqalile. Inqanaba lokuqala lisalawulwa ngokusebenzisa iqonga leCI. Ndiza kubhala esinye isithuba kungekudala malunga nesigaba sesibini: indlela esafudukela ngayo kwi-GitOps workflow nayo . Ndiza kukuxelela ukuba simisa njani yonke into kunye nobunzima obunjani esiye sadibana nabo (iindawo zokugcina ezininzi, iimfihlo, njl.). Landela iindaba.
Apha sizame ukuchaza inkqubela yethu kwindlela yokusebenza yokuthunyelwa kwesicelo kwiminyaka edlulileyo, eyakhokelela kwiingcamango malunga nendlela yeGitOps. Asikafiki kwiinjongo kwaye siya kunika ingxelo ngeziphumo, kodwa ngoku siqinisekile ukuba senze into efanelekileyo xa sigqibe ukwenza lula yonke into kwaye siyisondeze kwimikhwa yabaphuhlisi.
umthombo: www.habr.com
