i-werf - isixhobo sethu seCI / CD kwi-Kubernetes (umboniso kunye nengxelo yevidiyo)

NgoMeyi 27 kwiholo enkulu yenkomfa ye-DevOpsConf 2019, ebanjwe njengenxalenye yomthendeleko I-RIT++ 2019, njengenxalenye yecandelo elithi "Ukuhanjiswa ngokuqhubekayo", ingxelo inikwe "werf - isixhobo sethu seCI / CD eKubernetes". Ithetha ngezo iingxaki kunye nemingeni wonke umntu ajongana nayo xa ethunyelwa eKubernetes, kunye nee-nuances ezinokuthi zingabonakali ngokukhawuleza. Ukuhlalutya izisombululo ezinokwenzeka, sibonisa indlela oku kuphunyezwa ngayo kwisixhobo soMthombo oVulekileyo i-werf.

Ukusukela kumboniso, into eluncedo yethu (eyayisaziwa njenge-dapp) ifikelele kwinqanaba eliyimbali 1000 iinkwenkwezi kwi-GitHub -Sinethemba lokuba uluntu lwayo olukhulayo lwabasebenzisi luya kwenza ubomi bube lula kwiinjineli ezininzi zeDevOps.

Ngoko, makhe sazise ividiyo yengxelo (~ 47 imizuzu, ulwazi kakhulu kunenqaku) kunye nesicatshulwa esiphambili esivela kuyo kwifom yombhalo. Hamba!

Ukuhambisa ikhowudi kwi-Kubernetes

Intetho ayisayi kuba malunga ne-werf, kodwa malunga neCI / CD eKubernetes, oko kuthetha ukuba isoftware yethu ipakishwe kwizikhongozeli zeDocker. (Ndathetha ngale nto ku Ingxelo ye-2016), kwaye ii-K8s ziya kusetyenziselwa ukuyiqhuba kwimveliso (Ngakumbi malunga noku 2017 ngonyaka).

Ingaba ukuhanjiswa kujongeka njani eKubernetes?

• Kukho indawo yokugcina iGit enekhowudi kunye nemiyalelo yokuyakha. Isicelo sakhelwe kumfanekiso weDocker kwaye sipapashwe kwiRegistry yeDocker.
• Uvimba ofanayo ukwanayo nemiyalelo yendlela yokufaka nokusebenzisa isicelo. Kwinqanaba lokuthunyelwa, le miyalelo ithunyelwa ku-Kubernetes, efumana umfanekiso ofunekayo kwirejista kwaye iqalise.
• Ngaphezu koko, kukho iimvavanyo eziqhelekileyo. Ezinye zezi zinokwenziwa xa kupapashwa umfanekiso. Unako kwakhona (ulandela imiyalelo efanayo) ukusebenzisa ikopi yesicelo (kwisithuba segama se-K8s esahlukileyo okanye iqela elahlukileyo) kwaye uqhube iimvavanyo apho.
• Ekugqibeleni, udinga inkqubo yeCI efumana iziganeko kwi-Git (okanye iqhosha lokucofa) kwaye libiza zonke izigaba ezikhethiweyo: ukwakha, ukupapasha, ukuhambisa, uvavanyo.

Kukho amanqaku ambalwa abalulekileyo apha:

1. Kuba sineziseko ezingundoqo ezingenakuguqulwa (iziseko ezingundoqo ezingenakuguqulwa), umfanekiso wesicelo osetyenziswa kuwo onke amanqanaba (iqonga, imveliso, njl.), kufuneka kubekho enye. Ndathetha ngale nto ngokubanzi kunye nemizekelo. apha.
2. Ngenxa yokuba silandela iziseko zophuhliso njengendlela yekhowudi (IaC), ikhowudi yesicelo, imiyalelo yokudibanisa kunye nokuyisungula kufuneka ibe ngqo kwindawo yokugcina. Ukuze ufumane inkcazelo engakumbi malunga noku, bona ingxelo efanayo.
3. Ikhonkco lonikezelo (ukuhanjiswa) sihlala siyibona ngolu hlobo: isicelo sahlanganiswa, savavanywa, sakhululwa (inqanaba lokukhululwa) kwaye yiloo nto-ukuhanjiswa kwenzekile. Kodwa eneneni, umsebenzisi ufumana oko ukukhuphe, hayi emva koko xa uyisa kwimveliso, kwaye xa ekwazi ukuya apho kwaye le mveliso yasebenza. Ngoko ndiyakholelwa ukuba ikhonkco lokuhambisa liyaphela kuphela kwinqanaba lokusebenza (baleka), okanye ngokuchanekileyo, nangona ikhowudi isuswe kwimveliso (ithathe indawo entsha).

Masibuyele kwisikimu sonikezelo esingentla kwi-Kubernetes: ayisungulwanga sithi kuphela, kodwa ngokoqobo wonke umntu ojongene nale ngxaki. Ngapha koko, le pateni ngoku ibizwa ngokuba yiGitOps (unokufunda ngakumbi malunga nekota kunye nezimvo ezisemva kwayo apha). Makhe sijonge izigaba zesikimu.

Yakha iqonga

Kubonakala ngathi ungathetha ngokwakha imifanekiso yeDocker ngo-2019, xa wonke umntu ekwazi ukubhala iiDockerfiles kwaye aqhube. docker build?.. Nazi iinuances endingathanda ukuzithathela ingqalelo:

1. Ubunzima bomfanekiso izinto, ngoko sebenzisa izigaba ezininziukushiya kumfanekiso kuphela isicelo esiyimfuneko ngokwenene kumsebenzi.
2. Inani leeleya kufuneka incitshiswe ngokudibanisa amatyathanga e RUN-yalela ngokwentsingiselo.
3. Nangona kunjalo, oku kongeza iingxaki ukulungisa ingxaki, kuba xa udibaniso luphahlazeka, kufuneka ufumane umyalelo ochanekileyo kwikhonkco elibangele ingxaki.
4. Isantya seNdibano kubalulekile kuba sifuna ukukhawuleza sikhuphe utshintsho kwaye sibone iziphumo. Umzekelo, awufuni kuphinda wakhe ukuxhomekeka kwiilayibrari zolwimi ngalo lonke ixesha usakha usetyenziso.
5. Rhoqo ukusuka kwindawo yokugcina yeGit oyifunayo imifanekiso emininzi, enokusonjululwa ngoluhlu lweeDockerfiles (okanye izigaba ezithiweyo kwifayile enye) kunye neskripthi seBash kunye nendibano yazo elandelelanayo.

Le yayiyincam nje yentaba yomkhenkce ajongene nayo wonke umntu. Kodwa kukho ezinye iingxaki, ngakumbi:

1. Ngokufuthi kwinqanaba lendibano sidinga okuthile intaba (umzekelo, cache isiphumo somyalelo njenge-apt kulawulo lomntu wesithathu).
2. Sifuna Efanelekileyo endaweni yokubhala kwiqokobhe.
3. Sifuna ukwakha ngaphandle kweDocker (kutheni sifuna umatshini owongezelelweyo wenyani apho kufuneka siqwalasele yonke into kule nto, xa sele sineqela le-Kubernetes apho sinokuqhuba khona izitya?).
4. Indibano efanayo, enokuqondwa ngeendlela ezahlukeneyo: imiyalelo eyahlukileyo evela kwi-Dockerfile (ukuba inqanaba elininzi liyasetyenziswa), iziboniso ezininzi zogcino olufanayo, iiDockerfiles ezininzi.
5. Indibano esasaziweyo: Sifuna ukuqokelela izinto kwiipods ezi "ephemeral" kuba i-cache yabo iyanyamalala, oku kuthetha ukuba kufuneka igcinwe kwindawo ethile ngokwahlukileyo.
6. Ekugqibeleni, ndachaza eyona minqweno umlingo: Kuya kuba kuhle ukuya kwindawo yokugcina, chwetheza umyalelo othile kwaye ufumane umfanekiso osele ulungile, odityaniswe nokuqonda malunga nendlela kwaye wenze ntoni ngokuchanekileyo. Nangona kunjalo, mna ngokwam andiqinisekanga ukuba zonke ii-nuances zinokubonwa ngale ndlela.

Kwaye nazi iiprojekthi:

• moby/buildkit - umakhi ovela kwiDocker Inc (sele idityaniswe kwiinguqulelo zangoku zeDocker), ezama ukusombulula zonke ezi ngxaki;
• kaniko -umakhi ovela kuGoogle okuvumela ukuba wakhe ngaphandle kweDocker;
• Buildpacks.io - Umzamo we-CNCF wokwenza umlingo ozenzekelayo kwaye, ngokukodwa, isisombululo esinomdla kunye ne-rebase for layers;
• kunye neqela lezinye izinto eziluncedo, ezifana Yakha, genuinetools/img...

... kwaye ujonge ukuba zingaphi iinkwenkwezi abanazo kwi-GitHub. Oko kukuthi, kwelinye icala, docker build ikhona kwaye inokwenza into, kodwa eneneni umba awusonjululwanga ngokupheleleyo - ubungqina bolu luphuhliso oluhambelanayo lwabaqokeleli abangabanye, elowo nalowo usombulula inxalenye yeengxaki.

Indibano kwi-werf

Ngoko siye saya i-werf (ngaphambili odumileyo njenge dapp) -Isixhobo esivulelekileyo esivela kwinkampani yeFlant, ebesiyenza iminyaka emininzi. Yonke le nto yaqala kwiminyaka emi-5 eyadlulayo ngezikripthi ze-Bash eziphucule indibano ye-Dockerfiles, kwaye kule minyaka mi-3 idlulileyo uphuhliso olupheleleyo lwenziwe ngaphakathi kwesakhelo seprojekthi enye eneGit yokugcina. (okokuqala kuRuby, emva koko ibhalwe ngokutsha ukuya, kwaye kwangaxeshanye uthiywe ngokutsha). Yeyiphi imiba yendibano esonjululwa kwi-werf?

Iingxaki ezinombala ohlaza okwesibhakabhaka sele ziphunyeziwe, ukwakhiwa okufanayo kwenziwa ngaphakathi komkhosi omnye, kwaye imiba egxininiswe ngombala ophuzi icwangciswe ukuba igqitywe ekupheleni kwehlobo.

Inqanaba lopapasho kubhaliso (papasha)

Sacofa docker push... - yintoni enokuba nzima malunga nokulayisha umfanekiso kwirejista? Kwaye ke umbuzo uvela: "Yintoni ithegi endiya kuyibeka emfanekisweni?" Ivela ngenxa yesizathu esinayo Gitflow (okanye esinye isicwangciso seGit) kunye ne-Kubernetes, kwaye imboni izama ukuqinisekisa ukuba okwenzekayo kwi-Kubernetes kulandela okwenzeka kwi-Git. Emva kwayo yonke loo nto, iGit kuphela komthombo wethu wenyaniso.

Yintoni enzima ngale nto? Qinisekisa ukuveliswa kwakhona: ukusuka kwisibophelelo kwi-Git, engenakuguquguquka kwindalo (ayiguqukiyo), kumfanekiso weDocker, ekufuneka ugcinwe ufana.

Ikwabalulekile nakuthi misela imvelaphi, kuba sifuna ukuqonda ukuba isicelo esisebenza kwi-Kubernetes sakhiwe phi (emva koko sinokwenza izinto ezahlukeneyo kunye nezinto ezifanayo).

Tagging Strategies

Eyokuqala ilula git tag. Sinerejista enomfanekiso ophawulwe njenge 1.0. I-Kubernetes inesiteji kunye nemveliso, apho lo mfanekiso ulayishwe khona. Kwi-Git senza izibophelelo kwaye ngaxa lithile senza ithegi 2.0. Siyiqokelela ngokwemiyalelo evela kwindawo yokugcina kwaye siyibeke kwirejista kunye nethegi 2.0. Siyikhuphela eqongeni kwaye, ukuba konke kulungile, emva koko kwimveliso.

Ingxaki ngale ndlela kukuba siqale sibeke ithegi, kwaye emva koko sivavanye kwaye siyiqengqe. Ngoba? Okokuqala, akukho ngqiqweni: sikhupha inguqulelo yesoftware esingekayivavanyi okwangoku (asikwazi ukwenza ngenye indlela, kuba ukuze sijonge, kufuneka sibeke ithegi). Okwesibini, le ndlela ayihambelani neGitflow.

Inketho yesibini yile git commit + ithegi. Isebe eliyintloko linethegi 1.0; ngayo kwirejista - umfanekiso onikezelwe kwimveliso. Ukongeza, iqela leKubernetes linomboniso kunye neecontours. Okulandelayo silandela iGitflow: kwisebe eliphambili lophuhliso (develop) senza iimpawu ezintsha, ezikhokelela ekuzibopheleleni ngesichongi #c1. Siyiqokelela kwaye siyipapashe kubhaliso sisebenzisa esi sichongi (#c1). Ngesichongi esifanayo sikhuphela ukujonga kwangaphambili. Senza okufanayo ngokuzibophelela #c2 и #c3.

Xa siqaphela ukuba kukho iimpawu ezaneleyo, siqala ukuzinzisa yonke into. Yenza isebe kwiGit release_1.1 (kwisiseko #c3 из develop). Akukho mfuneko yokuqokelela oku kukhululwa, kuba... oku kwenziwe kwinyathelo langaphambili. Ke ngoko, sinokuyikhuphela ngokulula kwiqonga. Silungisa iibugs ngaphakathi #c4 kwaye ngokufanayo igqithiselwe kwiqonga. Kwangaxeshanye, uphuhliso luyaqhubeka develop, apho utshintsho luthathwa ngamaxesha athile release_1.1. Ngaxa lithile, sifumana isibophelelo esidityanisiweyo kwaye silayishwe kwisiteji, esonwabileyo (#c25).

Emva koko sidibanisa (ngokukhawuleza-phambili) isebe lokukhulula (release_1.1) enkosini. Sibeka ithegi ngoguqulelo olutsha kwesi sibophelelo (1.1). Kodwa lo mfanekiso sele uqokelelwe kubhaliso, ukuze ungawuqokeleli kwakhona, songeza nje ithegi yesibini kumfanekiso okhoyo (ngoku uneethegi kwirejista. #c25 и 1.1). Emva koko, siyikhuphela kwimveliso.

Kukho i-drawback yokuba umfanekiso omnye kuphela ulayishwe kwiqonga (#c25), kwaye kwimveliso luhlobo olwahlukileyo (1.1), kodwa siyazi ukuba "ngokomzimba" ezi zifana nomfanekiso ovela kwirejista.

Ububi bokwenyani kukuba akukho nkxaso yokudibanisa izibophelelo, kufuneka wenze ngokukhawuleza-phambili.

Singaya phambili kwaye senze iqhinga... Makhe sijonge kumzekelo weDockerfile elula:

FROM ruby:2.3 as assets
RUN mkdir -p /app
WORKDIR /app
COPY . ./
RUN gem install bundler && bundle install
RUN bundle exec rake assets:precompile
CMD bundle exec puma -C config/puma.rb

FROM nginx:alpine
COPY --from=assets /app/public /usr/share/nginx/www/public

Masenze ifayile kuyo ngokwalo mgaqo ulandelayo:

• SHA256 ukusuka kwizazisi zemifanekiso esetyenzisiweyo (ruby:2.3 и nginx:alpine), eziziitshekhisum zemixholo yazo;
• onke amaqela (RUN, CMD kwaye nangokunjalo.);
• SHA256 kwiifayile ezongeziweyo.

... kwaye uthathe itshekhi (kwakhona SHA256) kwifayile enjalo. Oku utyikityo yonke into echaza imixholo yomfanekiso weDocker.

Masibuyele kumzobo kwaye endaweni yezibophelelo siya kusebenzisa imisayino enjalo, okt. tag imifanekiso enesiginitsha.

Ngoku, xa kuyimfuneko, umzekelo, ukudibanisa utshintsho ukusuka ekukhululweni ukuya kwi-master, sinokwenza ukudibanisa kwangempela: kuya kuba nesazisi esahlukileyo, kodwa utyikityo olufanayo. Ngesazisi esifanayo siya kukhupha umfanekiso kwimveliso.

Ukungalungi kukuba ngoku akunakukwazi ukumisela ukuba luhlobo luni lwesibophelelo olutyhalwe kwimveliso - i-checksums isebenza kuphela kwicala elinye. Le ngxaki isonjululwe ngumaleko ongezelelweyo kunye nemetadata - ndiza kukuxelela ngakumbi kamva.

Ukumaka kwi-werf

Kwi-werf siye saya phambili kwaye silungiselela ukwenza isakhiwo esabiweyo kunye ne-cache engagcinwanga kumatshini omnye ... Ngoko, sakha iintlobo ezimbini zemifanekiso ye-Docker, sizibiza ngokuba uqeqesho и umfanekiso.

Indawo yokugcina ye-werf Git igcina imiyalelo yolwakhiwo-ethe ngqo echaza izigaba ezahlukeneyo zokwakha (phambi koFakelo, fakela, phambi kokuSeta, Misela). Siqokelela umfanekiso wenqanaba lokuqala kunye nesiginitsha echazwe njengetshekhi yamanyathelo okuqala. Emva koko songeza ikhowudi yomthombo, kumfanekiso omtsha wesiteji sibala i-checksum yayo ... Le misebenzi iphinda iphindwe kuzo zonke izigaba, ngenxa yoko sifumana isethi yemifanekiso yesiteji. Emva koko senza umfanekiso wokugqibela, oqulethe imethadatha malunga nemvelaphi yayo. Kwaye siphawula lo mfanekiso ngeendlela ezahlukeneyo (iinkcukacha kamva).

Masithi emva kwesi sibophelelo esitsha sivela apho ikhowudi yesicelo kuphela itshintshiwe. Kuya kwenzeka ntoni? Ukutshintsha ikhowudi, i-patch iya kwenziwa kwaye umfanekiso omtsha wesiteji uya kulungiswa. Utyikityo lwayo luya kumiselwa njengetshekhisum yomfanekiso weqonga elidala kunye nesiqwenga esitsha. Umfanekiso omtsha wokugqibela uya kwenziwa ngalo mfanekiso. Ukuziphatha okufanayo kuya kwenzeka kunye notshintsho kwamanye amanqanaba.

Ngaloo ndlela, imifanekiso yesiteji i-cache enokugcinwa ngokusasazwa, kwaye imifanekiso esele yenziwe kuyo ilayishwe kwi-Docker Registry.

Ukucoca irejista

Asithethi malunga nokucima iileya ezisele zijinga emva kweethegi ezicinyiweyo - eli linqanaba eliqhelekileyo leRegistry yeDocker ngokwayo. Sithetha ngemeko xa amaninzi amathegi e-Docker aqokelela kwaye siyaqonda ukuba asisadingi ezinye zazo, kodwa zithatha indawo (kunye / okanye siyayihlawula).

Ziziphi iindlela zokucoca?

1. Akukho nto unokuyenza musa ukucoca. Ngamanye amaxesha kulula kakhulu ukuhlawula kancinci indawo eyongezelelweyo kunokutyhila i-tangle enkulu yeethegi. Kodwa oku kusebenza kuphela kwinqanaba elithile.
2. Ukusetha kwakhona ngokupheleleyo. Ukuba ucima yonke imifanekiso kwaye uphinde wakhe kuphela ekhoyo ngoku kwinkqubo yeCI, ingxaki inokuvela. Ukuba isikhongozeli siqalwa ngokutsha kwimveliso, umfanekiso omtsha uya kulayishwa - ongekavavanywa nangubani na. Oku kubulala imbono yeziseko ezingundoqo ezingenakuguqulwa.
3. Luhlaza-luhlaza. Enye irejista yaqala ukuphuphuma - silayisha imifanekiso kwenye. Ingxaki efanayo naleyo kwindlela yangaphambili: ngeyiphi indawo onokuyisusa irejista esele iqalile ukuphuphuma?
4. Ngexesha. Cima yonke imifanekiso emidala kunenyanga enye? Kodwa ngokuqinisekileyo kuya kubakho inkonzo engakhange ihlaziywe kangangenyanga...
5. Ngendlela misela into esele icinyiwe.

Zimbini iinketho ezinokubakho: sucoca okanye indibaniselwano eluhlaza okwesibhakabhaka-luhlaza + ngesandla. Kwimeko yokugqibela, sithetha ngoku kulandelayo: xa uqonda ukuba lixesha lokucoca irejista, udala entsha kwaye ungeze yonke imifanekiso emitsha kuyo, umzekelo, inyanga. Kwaye emva kwenyanga, jonga ukuba yeyiphi i-pods e-Kubernetes esasebenzisa irejista endala, kwaye uyidlulisele kwirejista entsha.

Size ngantoni i-werf? Siqokelela:

1. Intloko yeGit: zonke iithegi, onke amasebe - sicinga ukuba sifuna yonke into ephawulwe kwiGit kwimifanekiso (kwaye ukuba akunjalo, kufuneka siyicime kwiGit ngokwayo);
2. zonke iipod ezimpontshelwa ngoku eKubernetes;
3. ezindala iiReplicaSets (into esandul' ukukhutshwa), kwaye siceba ukuskena ukukhutshwa kweHelm kwaye ukhethe imifanekiso yamva nje apho.

... kwaye wenze uluhlu olumhlophe kule seti - uluhlu lwemifanekiso esingayi kuyicima. Sicoca yonke enye into, emva koko sifumana imifanekiso yeqonga leenkedama kwaye siyicime.

Deploy stage

Isibhengezo esithembekileyo

Inqaku lokuqala endingathanda ukutsalela ingqalelo kulo kukusasazo kukuqaliswa kolungelelwaniso lwezibonelelo ezihlaziyiweyo, ezibhengezwe ngokubhengeza. Uxwebhu loqobo lwe-YAML oluchaza izixhobo ze-Kubernetes luhlala lwahluke kakhulu kwisiphumo esisebenza kwiqela. Kuba iKubernetes yongeza kuqwalaselo:

1. izifanisi;
2. ulwazi lwenkonzo;
3. amaxabiso angagqibekanga amaninzi;
4. icandelo elinesimo sangoku;
5. utshintsho olwenziwe njengenxalenye ye-webhook yokwamkelwa;
6. isiphumo somsebenzi wabalawuli abahlukeneyo (kunye nomcwangcisi).

Ngoko ke, xa uqwalaselo olutsha lwesixhobo lubonakala (entsha), asinakuthatha kwaye sibhale ngaphezulu okwangoku, "phila" uqwalaselo nayo (phila). Ukwenza oku kuya kufuneka sithelekise entsha ngoqwalaselo lokugqibela olusetyenzisiweyo (ifakwe okokugqibela) kwaye uqhubele phambili phila wafumana isiqwenga.

Le ndlela ibizwa ngokuba 2-indlela yokudibanisa. Isetyenziswa, umzekelo, kwi-Helm.

Kukho kwakhona 3-indlela yokudibanisa, eyahlukileyo kuloo nto:

• ukuthelekisa ifakwe okokugqibela и entsha, sijonga into ecinyiweyo;
• ukuthelekisa entsha и phila, sijonga oko kongeziweyo okanye okutshintshiweyo;
• isiqwenga esishwankathelweyo sisetyenziswa kuyo phila.

Sifaka izicelo ezili-1000+ kunye neHelm, ke siphila ngokudityaniswa kwendlela ezi-2. Nangona kunjalo, inenani leengxaki esizisombulule ngeepatches zethu, ezinceda iHelm ukuba isebenze ngokuqhelekileyo.

Imo yokukhutshwa yokwenyani

Emva kokuba inkqubo yethu ye-CI ivelise uqwalaselo olutsha lweKubernetes olusekwe kwisiganeko esilandelayo, iyaluhambisa ukuze lusetyenziswe. (sebenzisa) kwiqela - usebenzisa iHelm okanye kubectl apply. Emva koko, i-N-way esele ichaziwe idibanisa iyenzeka, apho i-Kubernetes API iphendula ngokuvumayo kwinkqubo ye-CI, kwaye oko kumsebenzisi wayo.

Nangona kunjalo, kukho ingxaki enkulu: emva kwayo yonke into usetyenziso oluphumeleleyo aluthethi ukukhutshwa ngempumelelo. Ukuba uKubernetes uyakuqonda ukuba loluphi utshintsho olufuna ukusetyenziswa kwaye alusebenzise, ​​okwangoku asazi ukuba isiphumo siya kuba yintoni. Ngokomzekelo, ukuhlaziya kunye nokuqalisa kwakhona iipods kwi-frontend kunokuphumelela, kodwa kungekhona kwi-backend, kwaye siya kufumana iinguqulelo ezahlukeneyo zemifanekiso yesicelo esisebenzayo.

Ukwenza yonke into ngokuchanekileyo, esi sikimu sidinga ikhonkco elongezelelweyo - i-tracker ekhethekileyo eya kufumana ulwazi lwesimo kwi-Kubernetes API kwaye idlulisele ukuhlalutya okuqhubekayo kwimeko yokwenyani yezinto. Senze ithala leencwadi loMthombo oVulekileyo kwiGo - cubedog (jonga isibhengezo sayo apha), esisombulula le ngxaki kwaye yakhelwe kwi-werf.

Indlela yokuziphatha yale tracker kwinqanaba le-werf iqwalaselwe kusetyenziswa amanqakwana abekwe kwi-Deployments okanye i-StatefulSets. Inkcazo engundoqo - fail-mode -uqonda ezi ntsingiselo zilandelayo:

• IgnoreAndContinueDeployProcess — asizihoyi iingxaki zokukhutshwa kweli candelo kwaye siqhubeke nokusasazwa;
• FailWholeDeployProcessImmediately - impazamo kweli candelo imisa inkqubo yokusasazwa;
• HopeUntilEndOfDeployProcess - sinethemba lokuba eli candelo liya kusebenza ekupheleni kokuthunyelwa.

Umzekelo, le ndibaniselwano yezibonelelo kunye namaxabiso enkcazo fail-mode:

Xa sisebenzisa okokuqala, i-database (i-MongoDB) isenokungalungeli okwangoku - Ukuthunyelwa kuya kusilela. Kodwa ungalinda ixesha lokuba iqale, kwaye ukuthunyelwa kuseza kwenzeka.

Kukho izichasiselo ezimbini ezingakumbi ze-kubedog kwi-werf:

• failures-allowed-per-replica - inani lokuwa okuvunyelweyo kwi-replica nganye;
• show-logs-until - ilawula umzuzu de ibonise i-werf (kwistdout) iilog kuzo zonke iipod eziqengqiwe. Ukungagqibeki ngu PodIsReady (ukungayihoyi imiyalezo ekusenokwenzeka ukuba asiyifuni xa itrafikhi iqala ukuza kwi-pod), kodwa amaxabiso ayasebenza: ControllerIsReady и EndOfDeploy.

Yintoni enye esiyifunayo ekuhanjisweni?

Ukongeza kwiingongoma ezimbini esele zichaziwe, singathanda:

• u kubona iinkuni - kwaye kuphela eziyimfuneko, kwaye kungekhona yonke into ngokulandelelana;
• umkhondo inkqubela phambili, kuba ukuba umsebenzi uxhoma "uthule" imizuzu emininzi, kubalulekile ukuqonda okwenzekayo apho;
• иметь ukubuyisela umva oluzenzekelayo ukuba kukho into engahambi kakuhle (kwaye ke kubalulekile ukwazi imeko yokwenyani yokuthunyelwa). Ukukhutshwa kufuneka kube yi-atomic: mhlawumbi idlulele esiphelweni, okanye yonke into ibuyele kwimeko yayo yangaphambili.

Iziphumo

Kithina njengenkampani, ukuphumeza zonke iinuances ezichaziweyo kumanqanaba ahlukeneyo okuhanjiswa (ukwakha, ukupapasha, ukuhambisa), inkqubo yeCI kunye nezinto eziluncedo zanele. i-werf.

Endaweni yesiphelo:

Ngoncedo lwe-werf, senze inkqubela entle ekusombululeni inani elikhulu leengxaki zeenjineli ze-DevOps kwaye singavuya ukuba uluntu olubanzi ubuncinci luzame olu ncedo lusebenza. Kuya kuba lula ukufezekisa umphumo omuhle kunye.

Iividiyo kunye nezilayidi

Ividiyo esuka kumdlalo (~47 imizuzu):

Ukunikezelwa kwengxelo:

PS

Ezinye iingxelo malunga neKubernetes kwibhlog yethu:

• «I-Autoscaling kunye nolawulo lwezibonelelo kwi-Kubernetes» (UDmitry Stolyarov; nge-27 ka-Epreli, ngo-2019 ngo “Strike”);
• «Ukwandisa kunye nokufezekisa i-Kubernetes» (Andrey Polovov; ngoAprili 8, 2019 eSaint HighLoad++);
• «Iidatabase kunye neKubernetes» (UDmitry Stolyarov; ngoNovemba 8, 2018 kwi-HighLoad ++);
• «Ukubeka iliso kunye neKubernetes» (UDmitry Stolyarov; ngoMeyi 28, 2018 kwi-RootConf);
• «I-CI/CD Yezona Ziqheliso zibalaseleyo kunye ne-Kubernetes kunye ne-GitLab» (UDmitry Stolyarov; ngoNovemba 7, 2017 kwi-HighLoad ++);
• «Amava ethu noKubernetes kwiiprojekthi ezincinci» (UDmitry Stolyarov; NgoJuni 6, 2017 kwi-RootConf).

umthombo: www.habr.com