Namhlanje siza kuthetha ngemigaqo kunye neemodeli zeGitOps, kunye nendlela ezi modeli ziphunyezwa ngayo kwiqonga le-OpenShift. Isikhokelo esisebenzisanayo kwesi sihloko siyafumaneka .
Ngamafutshane, i-GitOps yiseti yezenzo zokusebenzisa izicelo zokutsalwa kwe-Git ukulawula iziseko zophuhliso kunye noqwalaselo lwesicelo. I-Git repository kwi-GitOps iphathwa njengomthombo omnye wolwazi malunga nemeko yenkqubo, kwaye naluphi na utshintsho kulo mbuso luyalandeleka ngokupheleleyo kwaye lunokuphicothwa.
Umbono wokutshintsha umkhondo kwi-GitOps ayisiyonto intsha; le ndlela kudala isetyenziswa phantse jikelele xa usebenza ngekhowudi yomthombo wesicelo. I-GitOps ivele isebenzise iimpawu ezifanayo (uphononongo, izicelo zokutsala, iithegi, njl.) kwiziseko zophuhliso kunye nolawulo lokucwangciswa kwesicelo kwaye ibonelela ngeenzuzo ezifanayo njengakwimeko yolawulo lwekhowudi yomthombo.
Akukho nkcazelo yezemfundo okanye iseti evunyiweyo yemithetho ye-GitOps, kuphela iseti yemigaqo apho lo mkhuba wakhelwe khona:
- Inkcazo yokubhengeza yenkqubo igcinwe kwindawo yokugcina yeGit (i-configs, esweni, njl.).
- Utshintsho lukaRhulumente lwenziwa ngokutsalwa kwezicelo.
- Imeko yeenkqubo ezisebenzayo iziswe kumgca wedatha kwindawo yokugcina kusetyenziswa izicelo zokutyhala zeGit.
GitOps Imigaqo
- Iinkcazo zenkqubo zichazwa njengekhowudi yomthombo
Ubumbeko lweenkqubo luphathwa njengekhowudi ukuze lugcinwe kwaye luguqulelwe ngokuzenzekelayo kwindawo yokugcina yeGit, esebenza njengomthombo omnye wenyaniso. Le ndlela yenza kube lula ukukhupha kunye nokubuyisela umva utshintsho kwiinkqubo.
- Ubume obufunwayo kunye noqwalaselo lweenkqubo zisetiwe kwaye ziguqulelwe kwiGit
Ngokugcina kunye noguqulelo lwemeko efunwayo yeenkqubo kwi-Git, siyakwazi ukukhupha ngokulula kunye nokubuyisela utshintsho kwiinkqubo kunye nezicelo. Sinokusebenzisa iindlela zokhuseleko ze-Git ukulawula ubunini bekhowudi kunye nokuqinisekisa ubunyani bayo.
- Utshintsho kubumbeko lunokusetyenziswa ngokuzenzekelayo ngokutsalwa kwezicelo
Ukusebenzisa izicelo zokutsalwa kweGit, sinokulawula ngokulula ukuba utshintsho lusetyenziswa njani kuqwalaselo kwindawo yokugcina. Ngokomzekelo, banokunikwa amanye amalungu eqela ukuba baphonononge okanye baqhube ngeemvavanyo zeCI, njl.
Kwaye kwangaxeshanye, akukho mfuneko yokusasaza amandla olawulo ngasekhohlo nasekunene. Ukwenza utshintsho loqwalaselo, abasebenzisi bafuna kuphela iimvume ezifanelekileyo kwindawo yokugcina iGit apho olo lungelelwaniso lugcinwa khona.
- Ukulungisa ingxaki yokukhukuliseka okungalawulwayo kolungelelwaniso
Nje ukuba imeko efunwayo yenkqubo igcinwe kwindawo yokugcina iGit, konke ekufuneka sikwenze kukufumana isoftware eya kuqinisekisa ukuba imeko yangoku yenkqubo ihambelana nemeko efunwayo. Ukuba oku akunjalo, ke le software kufuneka - ngokuxhomekeke kwizicwangciso - mhlawumbi isuse ukungafani ngokwayo, okanye isazise malunga noqwalaselo lwe-drift.
Iimodeli zeGitOps ze-OpenShift
I-On-Cluster Reconciler
Ngokwalo mzekelo, iqela linomlawuli onoxanduva lokuthelekisa i-Kubernetes izibonelelo (iifayile ze-YAML) kwindawo yokugcina i-Git kunye nezixhobo zangempela zeqela. Ukuba ukungafani kufunyenwe, umlawuli uthumela izaziso kwaye mhlawumbi athathe inyathelo lokulungisa ukungafani. Le modeli ye-GitOps isetyenziswa kwi-Anthos Config Management kunye ne-Weaveworks Flux.
IsiXhobo seSibonelelo saNgaphandle (Tyhiliza)
Le modeli inokuthathwa njengokwahluka kweyangaphambili, xa sinomlawuli omnye okanye abaninzi abanoxanduva lokulungelelanisa izixhobo kwi-"Git repository - Kubernetes cluster" ngababini. Umahluko apha kukuba iqela ngalinye elilawulwayo alinamlawuli walo owahlukileyo. Izibini zeqela le-Git - k8s zihlala zichazwa njenge-CRDs (iinkcazelo zezixhobo zesiko), ezinokuchaza ukuba umlawuli kufuneka enze njani ungqamaniso. Kulo mzekelo, abalawuli bathelekisa i-Git repository echazwe kwi-CRD kunye nezixhobo ze-cluster ye-Kubernetes, ezichazwe kwi-CRD, kwaye zenze izenzo ezifanelekileyo ngokusekelwe kwiziphumo zokuthelekisa. Ngokukodwa, le modeli yeGitOps isetyenziswa kwiArgoCD.
GitOps kwiqonga le-OpenShift
Ulawulo lweziseko ezingundoqo zeKubernetes
Ngokusasazeka kwe-Kubernetes kunye nokuthandwa okukhulayo kwezicwangciso zamafu amaninzi kunye ne-edge computing, umndilili wenani leqela le-OpenShift ngomthengi liyanda.
Umzekelo, xa usebenzisa i-edge computing, amaqela omthengi omnye anokubekwa kumakhulu okanye kumawaka. Ngenxa yoko, unyanzelekile ukuba alawule amaqela amaninzi azimeleyo okanye alungelelanisiweyo e-OpenShift kwilifu likawonke-wonke nakwindawo.
Kule meko, zininzi iingxaki ekufuneka zisonjululwe, ngakumbi:
- Lawula ukuba amaqela akwimeko efanayo (uqwalaselo, ukubeka iliso, ugcino, njl.njl.)
- Yenza kwakhona (okanye ubuyisele) amaqela asekelwe kwimeko eyaziwayo.
- Yenza amaqela amatsha ngokusekelwe kwimeko eyaziwayo.
- Khupha utshintsho kumaqela amaninzi e-OpenShift.
- Ukubuyisela umva utshintsho kuwo wonke amaqela e-OpenShift amaninzi.
- Xhumanisa ubumbeko oluqingqiweyo kwiindawo ezahlukeneyo.
Ulungelelwaniso lwesicelo
Ngethuba lokuphila kwabo, izicelo zihlala zidlula kwikhonkco lamaqela (i-dev, isiteji, njl.) phambi kokuphela kwi-cluster yemveliso. Ukongeza, ngenxa yokufumaneka kunye neemfuno zokulinganisa, abathengi bahlala bethumela izicelo kuwo wonke amaqela akwindawo okanye imimandla emininzi yeqonga lelifu loluntu.
Kule meko, le misebenzi ilandelayo kufuneka isombululwe:
- Qinisekisa ukuhamba kwezicelo (ii-binaries, configs, njl.) phakathi kwamaqela (dev, stage, etc.).
- Khupha utshintsho kwizicelo (iibhinari, uqwalaselo, njl.njl.) kumaqela amaninzi e-OpenShift.
- Buyisela umva utshintsho kwizicelo kwimeko yangaphambili eyaziwayo.
OpenShift GitOps Sebenzisa Amatyala
1. Ukusebenzisa utshintsho olusuka kwindawo yokugcina iGit
Umlawuli weqela unokugcina ulungelelwaniso lweqela le-OpenShift kwindawo yogcino lweGit kwaye alusebenzise ngokuzenzekelayo ukwenza amaqela amatsha ngokungasebenziyo kwaye awazise kwimeko efanayo nelizwe elaziwayo eligcinwe kwindawo yokugcina iGit.
2. Ungqamaniso noMphathi oMfihlo
Umlawuli uya kuxhamla kwisakhono sokulungelelanisa izinto eziyimfihlo ze-OpenShift kunye nesoftware efanelekileyo njengeVault ukuze ulawule usebenzisa izixhobo ezenzelwe oku.
3. Ukulawulwa kolungelelwaniso lwe-drift
Umlawuli uya kuthandeka kuphela ukuba i-OpenShift GitOps ngokwayo ichonga kwaye ilumkisa malunga nokungangqinelani phakathi kolungelelwaniso lokwenyani kunye nezo zichazwe kwindawo yokugcina, ukuze baphendule ngokukhawuleza kwi-drift.
4. Izaziso malunga noqwalaselo drift
Ziyaluncedo kwimeko xa umlawuli efuna ukufunda ngokukhawuleza malunga neemeko zoqwalaselo loqwalaselo ukuze athathe amanyathelo afanelekileyo eyedwa.
5. Ungqamaniso lwezandla lolungelelwaniso xa ukhukuliseka
Ivumela umlawuli ukuba angqamanise iqela le-OpenShift nendawo yogcino lwe-Git kwimeko yokuqhutywa koqwalaselo, ukubuyisela ngokukhawuleza iqela kwindawo eyaziwayo yangaphambili.
6.Ungqamaniso oluzenzekelayo lolungelelwaniso xa ukhukuliseka
Umlawuli unokuqwalasela kwakhona iqela le-OpenShift ukuvumelanisa ngokuzenzekelayo kunye nogcino xa i-drift ifunyenwe, ukwenzela ukuba uqwalaselo lweqela luhlala luhambelana ne-configs kwi-Git.
7. Amaqela amaninzi - indawo yokugcina enye
Umlawuli unokugcina ulungelelwaniso lwamaqela ahlukeneyo e-OpenShift ahlukeneyo kwindawo yokugcina ye-Git kwaye ngokukhetha asebenzise njengoko kufuneka.
8. Uluhlu lolungelelwaniso lweqela (ilifa)
Umlawuli unokuseta uluhlu lwemigangatho yolungelelwaniso lweqela kwindawo yokugcina (inqanaba, iprod, ipotfoliyo yeapp, njl njl kunye nelifa). Ngamanye amazwi, inokugqiba ukuba ulungelelwaniso kufuneka lusetyenziswe kwiqela elinye okanye ngaphezulu.
Umzekelo, ukuba umlawuli useta uluhlu lwemigangatho “Amaqela oVeliso (imveliso) → Amaqela eNkqubo X → Amaqela oMveliso wenkqubo X” kwindawo yogcino lweGit, emva koko indibaniselwano yezi zicwangciso zilandelayo isetyenziswa kumaqela emveliso yenkqubo X:
- Uqwalaselo oluqhelekileyo kuwo onke amaqela emveliso.
- Uqwalaselo lweNkqubo X qela.
- Uqwalaselo lwenkqubo X yeqela lemveliso.
9. Iithempleyithi kunye noqwalaselo luyabalela
Umlawuli unokukhuphela ngaphezulu kwiseti yoqwalaselo oluzuzwe njengelifa kunye namaxabiso azo, umzekelo, ukulungisa kakuhle uqwalaselo lwamaqela athile aza kusetyenziswa kuwo.
10. Okukhethiweyo kubandakanya kunye nokungabandakanyi ulungelelwaniso, ulungelelwaniso lwesicelo
Umlawuli unokumisela iimeko zokusetyenziswa okanye ukungasebenzisi kolungelelwaniso oluthile kumaqela aneempawu ezithile.
11. Inkxaso yetemplate
Abaphuhlisi baya kuxhamla kwikhono lokukhetha indlela izixhobo zokusebenza eziza kuchazwa ngayo (i-Helm Chart, i-Kubernetes yaml ecocekileyo, njl.) ukwenzela ukuba kusetyenziswe ifomathi efanelekileyo kakhulu kwisicelo ngasinye.
Izixhobo zeGitOps kwiqonga le-OpenShift
ArgoCD
I-ArgoCD iphumeza imodeli yoQelelwaniso lweZibonelelo zaNgaphandle kwaye inikezela nge-UI esembindini ukulungiselela unxulumano omnye-kuninzi phakathi kwamaqela kunye noovimba beGit. Ukungalungi kwale nkqubo kubandakanya ukungakwazi ukulawula izicelo xa iArgoCD ingasebenzi.
flow
I-Flux isebenzisa imodeli ye-On-Cluster Reconcile kwaye, ngenxa yoko, akukho lawulo oluphakathi kwendawo yogcino lwenkcazo, eyona nto ibuthathaka. Kwelinye icala, ngokuchanekileyo ngenxa yokunqongophala kwe-centralization, amandla okulawula izicelo ahlala nokuba iqela elinye liyasilela.
Ukufaka iArgoCD kwi-OpenShift
I-ArgoCD ibonelela ngolungelelwaniso olubalaseleyo lomgca womyalelo kunye nekhonsoli yewebhu, ke asizukuyigubungela iFlux kunye nezinye iindlela apha.
Ukuhambisa iArgoCD kwiqonga le-OpenShift 4, landela la manyathelo njengomlawuli weqela:
Ukusasaza amacandelo e-ArgoCD kwiqonga le-OpenShift
# Create a new namespace for ArgoCD components
oc create namespace argocd
# Apply the ArgoCD Install Manifest
oc -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.2.2/manifests/install.yaml
# Get the ArgoCD Server password
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')Ukuphuculwa kwe-ArgoCD Server ukuze ibonwe yi-OpenShift Route
# Patch ArgoCD Server so no TLS is configured on the server (--insecure)
PATCH='{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"argocd-server"}],"containers":[{"command":["argocd-server","--insecure","--staticassets","/shared/app"],"name":"argocd-server"}]}}}}'
oc -n argocd patch deployment argocd-server -p $PATCH
# Expose the ArgoCD Server using an Edge OpenShift Route so TLS is used for incoming connections
oc -n argocd create route edge argocd-server --service=argocd-server --port=http --insecure-policy=RedirectUkusasaza iArgoCD Cli Tool
# Download the argocd binary, place it under /usr/local/bin and give it execution permissions
curl -L https://github.com/argoproj/argo-cd/releases/download/v1.2.2/argocd-linux-amd64 -o /usr/local/bin/argocd
chmod +x /usr/local/bin/argocdUkutshintsha i-password yomlawuli we-ArgoCD Server
# Get ArgoCD Server Route Hostname
ARGOCD_ROUTE=$(oc -n argocd get route argocd-server -o jsonpath='{.spec.host}')
# Login with the current admin password
argocd --insecure --grpc-web login ${ARGOCD_ROUTE}:443 --username admin --password ${ARGOCD_SERVER_PASSWORD}
# Update admin's password
argocd --insecure --grpc-web --server ${ARGOCD_ROUTE}:443 account update-password --current-password ${ARGOCD_SERVER_PASSWORD} --new-password
Emva kokugqiba la manyathelo, unokusebenza ngeArgoCD Server ngeArgoCD WebUI web console okanye isixhobo somyalelo weArgoCD Cli.
I-GitOps-Ayikaze ibe Kade kakhulu
"Uloliwe uhambile" - yiloo nto abayithethayo malunga nemeko xa ithuba lokwenza into lilahlekile. Kwimeko ye-OpenShift, umnqweno wokuqalisa ngokukhawuleza ukusebenzisa eli qonga litsha lipholileyo lihlala lidala kanye le meko ngolawulo kunye nokugcinwa kweendlela, ukuthunyelwa kunye nezinye izinto ze-OpenShift. Kodwa ngaba ithuba lihlala lilahlekile ngokupheleleyo?
Ukuqhubela phambili uchungechunge lwamanqaku malunga , namhlanje siza kukubonisa indlela yokuguqula isicelo esenziwe ngesandla kunye nezixhobo zayo zibe yinkqubo apho yonke into ilawulwa zixhobo zeGitOps. Ukwenza oku, siya kuqala sisebenzise isicelo se-httpd ngesandla. Umfanekiso wekhusi ongezantsi ubonisa indlela esenza ngayo isithuba segama, ukusetyenziswa kunye nenkonzo, kwaye siveze le nkonzo ukwenza indlela.
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/namespace.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/deployment.yaml
oc create -f https://raw.githubusercontent.com/openshift/federation-dev/master/labs/lab-4-assets/service.yaml
oc expose svc/httpd -n simple-appKe sinesicelo esenziwe ngesandla. Ngoku kufuneka idluliselwe phantsi kolawulo lweGitOps ngaphandle kokulahlekelwa kokufumaneka. Ngamafutshane, yenza oku:
- Yenza indawo yokugcina yeGit yekhowudi.
- Sithumela izinto zethu zangoku kwaye sizilayishe kwindawo yokugcina iGit.
- Ukukhetha kunye nokuthunyelwa kwezixhobo zeGitOps.
- Songeza uvimba wethu kule khithi yezixhobo.
- Sichaza usetyenziso kwizixhobo zethu zeGitOps.
- Senza uvavanyo lokuqhuba isicelo sisebenzisa izixhobo zeGitOps.
- Singqamanisa izinto sisebenzisa izixhobo zeGitOps.
- Nika amandla ukuthenwa kunye nolungelelwaniso oluzenzekelayo lwezinto.
Njengoko kukhankanyiwe ngaphambili , kwi-GitOps kukho enye kunye nomthombo omnye wolwazi malunga nazo zonke izinto kwi-Kubernetes cluster(s) - i-Git repository. Okulandelayo, siqhubela phambili kwisiseko sokuba umbutho wakho sele usebenzisa indawo yokugcina iGit. Inokuba yekawonke-wonke okanye yabucala, kodwa kufuneka ifikeleleke kumaqela e-Kubernetes. Oku kunokuba nguvimba ofanayo kunye nekhowudi yesicelo, okanye indawo yokugcina eyahlukileyo eyenzelwe ngokukodwa ukuthunyelwa. Kuyacetyiswa ukuba ube neemvume ezingqongqo kwindawo yokugcina kuba iimfihlo, iindlela, kunye nezinye izinto ezinobuzaza kukhuseleko ziya kugcinwa apho.
Kumzekelo wethu, siya kudala indawo entsha yoluntu kwi-GitHub. Ungayibiza nantoni na oyithandayo, sisebenzisa igama elithi blogpost.
Ukuba iifayile zento yeYAML azigcinwanga ekuhlaleni okanye kwiGit, ngoku kuya kufuneka usebenzise i oc okanye kubectl okubini. Kumfanekiso weskrini ongezantsi sicela i-YAML yendawo yethu yamagama, ukusasazwa, inkonzo kunye nendlela. Ngaphambi koku, siye sabumba indawo yokugcina entsha kunye ne-cd kuyo.
oc get namespace simple-app -o yaml --export > namespace.yaml
oc get deployment httpd -o yaml -n simple-app --export > deployment.yaml
oc get service httpd -o yaml -n simple-app --export > service.yaml
oc get route httpd -o yaml -n simple-app --export > route.yamlNgoku makhe sihlele ifayile ye deployment.yaml ukususa indawo iArgo CD ayinakho ukungqamanisa.
sed -i '/sgeneration: .*/d' deployment.yamlUkongeza, indlela kufuneka itshintshwe. Siza kuqala sisete i-multiline variable kwaye emva koko sibuyisele i-ingress: null kunye nemixholo yoko kuguquguquka.
export ROUTE=" ingress:
- conditions:
- status: 'True'
type: Admitted"
sed -i "s/ ingress: null/$ROUTE/g" route.yamlKe, siye sahlela iifayile, konke okuseleyo kukugcina kwindawo yokugcina iGit. Emva koko le ndawo yogcino iba ngowona mthombo wolwazi kuphela, kwaye naluphi na utshintsho olwenziwa ngesandla kwizinto kufuneka luthintelwe ngokungqongqo.
git commit -am ‘initial commit of objects’
git push origin masterUkuqhubela phambili siqhubeka kwinto yokuba sele uyisebenzisile i-ArgoCD (indlela yokwenza oku - bona kwangaphambili ). Ke ngoko, siyakongeza kwi-Argo CD indawo yokugcina esiyidalileyo, equlethe ikhowudi yesicelo kumzekelo wethu. Qiniseka nje ukuba ukhankanya eyona ndawo yogcino oyenzileyo ngaphambili.
argocd repo add https://github.com/cooktheryan/blogpostNgoku makhe senze isicelo. Isicelo siseta amaxabiso ukuze i-GitOps toolkit iqonde ukuba yeyiphi indawo yokugcina kunye neendlela ekufuneka zisetyenziswe, i-OpenShift efunekayo ukulawula izinto, leliphi isebe elithile logcino elifunekayo, kwaye nokuba izixhobo kufuneka zilungelelaniswe ngokuzenzekelayo.
argocd app create --project default
--name simple-app --repo https://github.com/cooktheryan/blogpost.git
--path . --dest-server https://kubernetes.default.svc
--dest-namespace simple-app --revision master --sync-policy none
Nje ukuba isicelo sichazwe kwi-CD ye-Argo, i-toolkit iqala ukujonga izinto esele zibekiwe ngokuchasene neenkcazelo kwindawo yokugcina. Kumzekelo wethu, i-auto-sync kunye nokucoca kuvaliwe, ngoko ke izinto azitshintshi okwangoku. Nceda uqaphele ukuba kwi-interface ye-Argo CD isicelo sethu siya kuba newonga elithi "Ngaphandle kwe-Sync" kuba akukho ileyibhile inikelwa yiArgoCD.
Yiyo loo nto xa siqala ungqamaniso emva kwexesha elincinci, izinto aziyi kuphinda zisetyenziswe.
Ngoku masenze uvavanyo lokuqhuba ukuqinisekisa ukuba akukho zimpazamo kwiifayile zethu.
argocd app sync simple-app --dry-runUkuba akukho ziphoso, ngoko ungaqhubeka nongqamaniso.
argocd app sync simple-appEmva kokuqhuba i-argoc fumana umyalelo kwisicelo sethu, kufuneka sibone ukuba isimo sesicelo sitshintshile kwi-Healthy okanye Synced. Oku kuya kuthetha ukuba zonke izixhobo ezikwindawo yokugcina iGit ngoku zihambelana nezo zixhobo esele zisetyenzisiwe.
argocd app get simple-app
Name: simple-app
Project: default
Server: https://kubernetes.default.svc
Namespace: simple-app
URL: https://argocd-server-route-argocd.apps.example.com/applications/simple-app
Repo: https://github.com/cooktheryan/blogpost.git
Target: master
Path: .
Sync Policy: <none>
Sync Status: Synced to master (60e1678)
Health Status: Healthy
... Ngoku unokwenza i-auto-sync kunye nokucoca ukuqinisekisa ukuba akukho nto yenziwe ngesandla kwaye rhoqo xa into yenziwe okanye ihlaziywa kwindawo yokugcina, ukuthunyelwa kuya kwenzeka.
argocd app set simple-app --sync-policy automated --auto-prune
Ke, sizise ngempumelelo isicelo phantsi kolawulo lweGitOps engazange isebenzise iGitOps nangayiphi na indlela.
umthombo: www.habr.com