Ngaba usebenzisa iKubernetes? Ngaba ukulungele ukuhambisa iimeko zakho zeCamunda BPM ngaphandle koomatshini ababonakalayo, okanye mhlawumbi uzame ukubaqhuba kwiKubernetes? Makhe sijonge ulungelelwaniso oluqhelekileyo kunye nezinto ezizimeleyo ezinokuthi zilungelelaniswe neemfuno zakho ezithile.
Icinga ukuba ukhe wasebenzisa iKubernetes ngaphambili. Ukuba akunjalo, kutheni ungajongi kwaye ungaqalisi iqela lakho lokuqala?
Authors
- (I-Alastair Firth) - iNjineli eNgqongileyo yokuthembeka kweNdawo kwiqela leCamunda Cloud;
- (Lars Lange) - DevOps injineli eCamunda.
Kufuphi:
git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold
Okay, mhlawumbi khange isebenze ngoba awuna skaffold and kustomize installer. Kulungile ke funda!
Yintoni iCamunda BPM
I-Camunda BPM yinkqubo evulekileyo yolawulo lwenkqubo yeshishini kunye neqonga lesigqibo esizenzekelayo esidibanisa abasebenzisi beshishini kunye nabaphuhlisi besoftware. Ilungele ukulungelelanisa kunye nokudibanisa abantu, (micro) iinkonzo okanye ii-bots! Unokufunda ngakumbi malunga neemeko ezahlukeneyo zokusetyenziswa apha .
Kutheni usebenzisa iKubernetes
I-Kubernetes ibe ngumgangatho we-de facto wokuqhuba usetyenziso lwangoku kwiLinux. Ngokusebenzisa iifowuni zesistim endaweni yokulinganisa izixhobo kunye nokukwazi kwekernel ukulawula imemori kunye nokutshintsha umsebenzi, ixesha lokuqalisa kunye nexesha lokuqalisa ligcinwa lincinci. Nangona kunjalo, inzuzo enkulu inokuvela kwi-API eqhelekileyo enikezelwa nguKubernetes ukulungisa iziseko ezifunekayo kuzo zonke izicelo: ukugcinwa, ukunxibelelana kunye nokubeka iliso. Yajika iminyaka emi-2020 ngoJuni ka-6 kwaye mhlawumbi yiprojekthi yesibini enkulu evulekileyo yomthombo (emva kweLinux). Kutshanje ibizinzisa ukusebenza kwayo emva kokuphindaphindwa okukhawulezileyo kule minyaka imbalwa idlulileyo njengoko ibalulekile kumthwalo wemveliso kwihlabathi liphela.
I-Camunda BPM Injini inokunxibelelana ngokulula kwezinye izicelo ezisebenza kwiqela elinye, kwaye i-Kubernetes ibonelela nge-scalability egqwesileyo, ikuvumela ukuba unyuse iindleko zeziseko zophuhliso kuphela xa zifuneka ngokwenene (kwaye uzinciphise ngokulula njengoko kufuneka).
Umgangatho wokubeka iliso nawo uphuculwe kakhulu ngezixhobo ezinje ngePrometheus, Grafana, Loki, Fluentd kunye ne-Elasticsearch, ekuvumela ukuba ujonge esembindini yonke imithwalo yemisebenzi kwiqela. Namhlanje siza kujonga indlela yokuphumeza umthumeli wePrometheus kwiJava Virtual Machine (JVM).
Iinjongo
Makhe sijonge iindawo ezimbalwa apho sinokwenza ngokwezifiso umfanekiso weCamunda BPM Docker () ukuze inxibelelane kakuhle neKubernetes.
- Iilogi kunye neemetrics;
- imidibaniso yedatabase;
- Uqinisekiso;
- Ulawulo lweseshoni.
Siza kujonga iindlela ezininzi zokufezekisa ezi njongo kwaye sibonise ngokucacileyo yonke inkqubo.
Qaphela:: Ngaba usebenzisa inguqulelo yeShishini? Jonga kunye nokuhlaziya amakhonkco emifanekiso njengoko kufuneka.
Uphuhliso lokuhamba komsebenzi
Kule demo, siya kusebenzisa iSkaffold ukwakha imifanekiso yeDocker usebenzisa iGoogle Cloud Build. Inenkxaso efanelekileyo yezixhobo ezahlukeneyo (ezifana neKustomize kunye neHelm), i-CI kunye nezixhobo zokwakha, kunye nababoneleli bezakhiwo. Ifayile skaffold.yaml.tmpl ibandakanya izicwangciso zeGoogle Cloud Build kunye neGKE, ibonelela ngendlela elula kakhulu yokuqhuba isiseko somgangatho wemveliso.
make skaffold iya kulayisha umxholo weDockerfile kwiLifu Yakha, wakhe umfanekiso kwaye uwugcine kwi-GCR, kwaye emva koko usebenzise imiboniso kwiqela lakho. Yile nto iyenzayo make skaffold, kodwa iSkaffold inezinye izinto ezininzi.
Kwiitemplates ze-yaml kwi-Kubernetes, sisebenzisa kustomize ukulawula ukwaleka kwe-yaml ngaphandle kokunyanzela yonke i-manifest, ikuvumela ukuba usebenzise. git pull --rebase ukuze kuphuculwe ngakumbi. Ngoku ikukubectl kwaye isebenza kakuhle kwizinto ezinjalo.
Sikwasebenzisa i-envsubst ukugcwalisa igama lenginginya kunye ne-ID yeprojekthi ye-GCP kwiifayile ze-*.yaml.tmpl. Uyabona ukuba isebenza njani makefile okanye uqhubeke ngakumbi.
Iimeko eziyimfuneko
- Iqela lomsebenzi
- -ukwenza eyakho imifanekiso ye-docker kunye nokuhanjiswa ngokulula kwi-GKE
- Ikopi yale khowudi
- Envsubst
Ukuhamba komsebenzi kusetyenziswa imiboniso
Ukuba awufuni ukusebenzisa kustomize okanye skaffold, ungabhekisa kumboniso kwi generated-manifest.yaml kwaye ulungelelanise ukuhamba komsebenzi owukhethileyo.
Iilogi kunye neemetrics
I-Prometheus ibe ngumgangatho wokuqokelela i-metrics kwi-Kubernetes. Ihlala kwi-niche efanayo ne-AWS Cloudwatch Metrics, i-Cloudwatch Alerts, i-Stackdriver Metrics, i-StatsD, i-Datadog, i-Nagios, i-vSphere Metrics kunye nabanye. Ingumthombo ovulekileyo kwaye inolwimi olunamandla lombuzo. Siza kuphathisa umboniso kwiGrafana - iza nenani elikhulu leedeshibhodi ezikhoyo ngaphandle kwebhokisi. Ziqhagamshelwe omnye komnye kwaye kulula ukuzifaka nazo .
Ngokungagqibekanga, uPrometheus usebenzisa imodeli yotsalo <service>/metrics, kwaye ukongeza izikhongozeli ze-sidecar kule nto kuqhelekileyo. Ngelishwa, iimethrikhi ze-JMX zezona zingena ngaphakathi kwi-JVM, ngoko ke izikhongozeli zeemoto ezisecaleni azisebenzi kangako. Masidibanise umthombo ovulekileyo ovela kwi-Prometheus ukuya kwi-JVM ngokuyongeza kumfanekiso wesikhongozeli oza kubonelela ngendlela /metrics kwizibuko elahlukileyo.
Yongeza i-Prometheus jmx_exporter kwisikhongozeli
-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0
## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml
Ewe, oko kwakulula. Umthengisi uya kubeka iliso kwi-tomcat kwaye abonise iimetrikhi zayo kwifomathi ye-Prometheus kwi <svc>:9404/metrics
umiselo lwangaphandle
Umfundi onenkathalo usenokuzibuza ukuba ivela phi prometheus-jmx.yaml? Kukho izinto ezininzi ezahlukeneyo ezinokusebenza kwi-JVM, kwaye i-tomcat yenye yazo, ngoko ke umthengisi ufuna uqwalaselo olongezelelweyo. Ulungelelwaniso olusemgangathweni lwe-tomcat, i-wildfly, i-kafka njalo njalo luyafumaneka . Siza kongeza i-tomcat njenge kwi-Kubernetes kwaye emva koko uyinyuse njengevolumu.
Okokuqala, songeza ifayile yokumisela umrhwebi kwiqonga lethu/i-config/ directory
platform/config
└── prometheus-jmx.yaml
Emva koko songeza в kustomization.yaml.tmpl:
-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...]
configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml
Oku kuyakongeza into nganye files[] njengeConfigMap yoqwalaselo element. ConfigMapGenerators zilungile kuba zine-hash yoqwalaselo kwaye zinyanzelise i-pod restart ukuba iyatshintsha. Bakwanciphisa isixa soqwalaselo kwi-Deployment kuba unokunyuka yonke "ifolda" yeefayile zoqwalaselo kwiVolumeMount enye.
Okokugqibela, kufuneka sinyuse iConfigMap njengevolumu kwipod:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]
Iyamangalisa. Ukuba i-Prometheus ayilungiselelwanga ukwenza ucoceko olupheleleyo, kuya kufuneka uyixelele ukuba icoce iipods. Abasebenzisi bePrometheus Operator bangasebenzisa service-monitor.yaml ukuqalisa. Phonononga Service-monitor.yaml, и ngaphambi kokuba uqale.
Ukwandisa le pateni kwezinye iimeko zokusetyenziswa
Zonke iifayile esizongeza kwiConfigMapGenerator ziya kufumaneka kulawulo olutsha /etc/config. Ungayandisa le template ukunyusa naziphi na ezinye iifayile zoqwalaselo ozidingayo. Unganyusa neskripthi sokuqalisa esitsha. Ungasebenzisa ukunyusa iifayile ezizimeleyo. Ukuhlaziya iifayile ze-xml, cinga ukusebenzisa endaweni sed. Sele ifakiwe kumfanekiso.
Iimagazini
Iindaba ezimnandi! Iilog zesicelo sele zikhona kwi-stdout, umzekelo nge kubectl logs. I-Fluentd (ifakwe ngokungagqibekanga kwi-GKE) iya kuthumela iilogi zakho kwi-Elasticsearch, i-Loki, okanye iqonga lakho lokungena kwishishini. Ukuba ufuna ukusebenzisa i-jsonify kwizigodo emva koko unokulandela itemplate engentla ukuyifaka .
Indawo yedatha
Ngokungagqibekanga, umfanekiso uya kuba nesiseko sedatha se-H2. Oku akufanelekanga kuthi, kwaye siya kusebenzisa i-Google Cloud SQL kunye ne-Cloud SQL Proxy - oku kuya kufuneka kamva ukusombulula iingxaki zangaphakathi. Olu lukhetho olulula noluthembekileyo ukuba awunazo iinketho zakho ekusekweni kwesiseko sedatha. I-AWS RDS ibonelela ngenkonzo efanayo.
Nokuba yeyiphi idatabase oyikhethayo, ngaphandle kokuba yi-H2, kuya kufuneka usete iiguquguquko zemekobume ezifanelekileyo kwi. platform/deploy.yaml. Ijongeka ngolu hlobo:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]
Qaphela:: Ungasebenzisa i-Kustomize ukuhambisa kwiindawo ezahlukeneyo usebenzisa isigqubuthelo: .
Qaphela:: ukusetyenziswa valueFrom: secretKeyRef. Nceda, sebenzisa nangexesha lophuhliso ukugcina iimfihlo zakho zikhuselekile.
Kusenokwenzeka ukuba sele unenkqubo ekhethwayo yokulawula iimfihlo zeKubernetes. Ukuba akunjalo, nazi ezinye iinketho: Ukuziguqulela ngokuntsonkothileyo ngomboneleli wakho welifu we-KMS kwaye emva koko uzitofe kwi-K8S njengeemfihlo ngombhobho we-CD − -iya kusebenza kakuhle kakhulu ngokudibanisa neemfihlo zeKustomize. Kukho ezinye izixhobo, ezinje ngedotGPG, ezenza imisebenzi efanayo: , .
Ingress
Ngaphandle kokuba ukhetha ukusebenzisa ugqithiso lwezibuko lobulali, uzakufuna isiLawuli sokuNgena esiqwalaselweyo. Ukuba awusebenzisi () ngoko kusenokwenzeka ukuba sele uyazi ukuba kufuneka ufakele amanqakwana afunekayo ingress-patch.yaml.tmpl okanye platform/ingress.yaml. Ukuba usebenzisa i-ingress-nginx kwaye ubone iklasi yokungena ye-nginx ene-balancer yomthwalo ekhomba kuyo kunye ne-DNS yangaphandle okanye i-wildcard DNS yokungena, ulungile ukuhamba. Ngaphandle koko, qwalasela i-Ingress Controller kunye ne-DNS, okanye weqa la manyathelo kwaye ugcine uxhulumaniso oluthe ngqo kwi-pod.
TLS
Ukuba usebenzisa okanye kube-lego kunye ne-letencrypt - iziqinisekiso zokungena okutsha ziyakufunyanwa ngokuzenzekelayo. Ngaphandle koko, vula ingress-patch.yaml.tmpl kwaye uyilungise ukuze ihambelane neemfuno zakho.
Qalisa!
Ukuba ulandele yonke into ebhalwe ngasentla, ngoko umyalelo make skaffold HOSTNAME=<you.example.com> kufuneka iqalise umzekelo okhoyo kwi <hostname>/camunda
Ukuba awukaseta igama lakho lokungena kwi-URL kawonke-wonke, ungaphinda uyiqondise nge localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 phezu localhost:8080/camunda
Lindela imizuzu embalwa de i-tomcat ilungele ngokupheleleyo. Umphathi weSitifiketi uya kuthatha ixesha lokuqinisekisa igama lesizinda. Uyakwazi ukubeka esweni iilog usebenzisa izixhobo ezikhoyo njengesixhobo esifana ne-kubetail, okanye ngokulula ukusebenzisa kubectl:
kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f
Amanyathelo alandelayo
Ngena
Oku kubaluleke kakhulu ekuqwalaseleni i-Camunda BPM kune-Kubernetes, kodwa kubalulekile ukuqaphela ukuba ngokungagqibekanga, ukuqinisekiswa kuvaliwe kwi-REST API. Unga okanye usebenzise enye indlela efana . Ungasebenzisa i-configmaps kunye nemiqulu ukulayisha i-xml, okanye i-xmlstarlet (jonga ngasentla) ukuhlela iifayile ezikhoyo kumfanekiso, kwaye usebenzise i-wget okanye ulayishe usebenzisa i-init container kunye nevolumu ekwabelwana ngayo.
Ulawulo lweseshoni
Njengezinye izicelo ezininzi, iCamunda BPM iphatha iiseshini kwi-JVM, ke ukuba ufuna ukwenza iikopi ezininzi, ungenza iiseshoni ezincangathi (), eyakubakho ide ikopi inyamalale, okanye usete uphawu lophawu lobudala obuphezulu lwecookies. Ukufumana isisombululo esomeleleyo, ungathumela uMphathi weSeshini kwiTomcat. ULars uye ngalo mxholo, kodwa into efana nale:
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&
sed -i '/^</Context>/i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://redis-proxy.db:22121"
sticky="false"
sessionBackupAsync="false"
storageKeyPrefix="context"
lockingMode="auto"
/>' conf/context.xml
Qaphela:: ungasebenzisa i-xmlstarlet endaweni ye-sed
Sasebenzisa phambi kweGoogle Cloud Memorystore, nge (ixhasa iRedis) ukuyiqhuba.
Ukukala
Ukuba sele uziqonda iiseshini, ngoko eyokuqala (kwaye kaninzi eyokugqibela) umda wokulinganisa iCamunda BPM inokuba ludibaniso lwedatha. Ulungelelwaniso olungaphelelanga sele lukhona "" Masivale i-intialSize kwifayile yesethingi.xml. Yongeza kwaye unokukala ngokulula ngokuzenzekelayo inani leepods.
Izicelo nezithintelo
В platform/deployment.yaml Uya kubona ukuba si-hard-coded indawo yezixhobo. Oku kusebenza kakuhle nge-HPA, kodwa kunokufuna uqwalaselo olongezelelweyo. I-patch ye-kustomize ifanelekile oku. I-cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl
isiphelo
Ke sifake iCamunda BPM kwiKubernetes ngeemetrics zePrometheus, iilogi, idatabase ye-H2, iTLS kunye ne-Ingress. Songeze iifayile zejagi kunye neefayile zoqwalaselo sisebenzisa iConfigMaps kunye neDockerfile. Sathetha ngokutshintshiselana kwedatha kwimiqulu kwaye ngokuthe ngqo kwizinto eziguquguqukayo zokusingqongileyo ezivela kwiimfihlo. Ukongeza, sinikeze umboniso wokuseta iCamunda yeekopi ezininzi kunye ne-API eqinisekisiweyo.
iimbekiselo
github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives
05.08.2020/XNUMX/XNUMX, inguqulelo Alastair Firth, Lars Lange
umthombo: www.habr.com