ProHoster > Блог > Isakoso > Awọn imọran Kubernetes & ẹtan: nipa idagbasoke agbegbe ati Telepresence

Awọn imọran Kubernetes & ẹtan: nipa idagbasoke agbegbe ati Telepresence

Awọn imọran Kubernetes & ẹtan: nipa idagbasoke agbegbe ati Telepresence

A ti wa ni increasingly beere nipa sese microservices ni Kubernetes. Awọn olupilẹṣẹ, paapaa ti awọn ede ti a tumọ, fẹ lati ṣe atunṣe koodu ni kiakia ni IDE ayanfẹ wọn ki o wo abajade laisi iduro fun kikọ / imuṣiṣẹ - nipa titẹ F5 nirọrun. Ati nigbati o ba de si ohun elo monolithic kan, o to lati fi ibi ipamọ data sori agbegbe ati olupin wẹẹbu kan (ni Docker, VirtualBox…), ati lẹhinna gbadun idagbasoke lẹsẹkẹsẹ. Pẹlu gige awọn monoliths sinu awọn iṣẹ microservices ati dide ti Kubernetes, pẹlu irisi awọn igbẹkẹle lori ara wọn, ohun gbogbo. o ni kekere kan diẹ soro. Diẹ sii ti awọn iṣẹ microservice wọnyi, awọn iṣoro diẹ sii. Lati gbadun idagbasoke lẹẹkansi, o nilo lati gbe diẹ sii ju ọkan tabi meji awọn apoti Docker, ati nigbakan paapaa diẹ sii ju mejila kan… Ni gbogbogbo, gbogbo eyi le gba akoko pupọ, nitori o tun nilo lati tọju titi di oni. .

Ni awọn akoko oriṣiriṣi a gbiyanju awọn ọna oriṣiriṣi si iṣoro naa. Ati pe emi yoo bẹrẹ pẹlu awọn iṣẹ-ṣiṣe ti o ṣajọpọ tabi nirọrun "awọn crutches".

1. Crutches

Pupọ julọ IDE ni agbara lati ṣatunkọ koodu taara lori olupin nipa lilo FTP/SFTP. Ọna yii han gbangba ati pe a pinnu lẹsẹkẹsẹ lati lo. Koko-ọrọ rẹ ṣubu si awọn atẹle:

  1. Ninu apo ti awọn agbegbe idagbasoke (dev/atunyẹwo), afikun eiyan ti ṣe ifilọlẹ pẹlu iraye si SSH ati didari bọtini SSH ti gbogbo eniyan ti idagbasoke ti yoo ṣe/fi ohun elo naa ṣiṣẹ.
  2. Ni ipele init (laarin eiyan naa prepare-app) gbe koodu si emptyDirlati ni iwọle si koodu lati awọn apoti ohun elo ati olupin SSH.

Awọn imọran Kubernetes & ẹtan: nipa idagbasoke agbegbe ati Telepresence

Lati ni oye imuse imọ-ẹrọ daradara ti iru ero kan, Emi yoo pese awọn ajẹkù ti awọn atunto YAML ti o kan ni Kubernetes.

Awọn atunto

1.1. iye.yaml

ssh_pub_key:
  vasya.pupkin: <ssh public key in base64>

o ti wa ni vasya.pupkin ni iye ti oniyipada ${GITLAB_USER_LOGIN}.

1.2. imuṣiṣẹ.yaml

...
{{ if eq .Values.global.debug "yes" }}
      volumes:
      - name: ssh-pub-key
        secret:
          defaultMode: 0600
          secretName: {{ .Chart.Name }}-ssh-pub-key
      - name: app-data
        emptyDir: {}
      initContainers:
      - name: prepare-app
{{ tuple "backend" . | include "werf_container_image" | indent 8 }}
        volumeMounts:
        - name: app-data
          mountPath: /app-data
        command: ["bash", "-c", "cp -ar /app/* /app-data/" ]
{{ end }}
      containers:
{{ if eq .Values.global.debug "yes" }}
      - name: ssh
        image: corbinu/ssh-server
        volumeMounts:
        - name: ssh-pub-key
          readOnly: true
          mountPath: /root/.ssh/authorized_keys
          subPath: authorized_keys
        - name: app-data
          mountPath: /app
        ports:
        - name: ssh
          containerPort: 22
          protocol: TCP
{{ end }}
      - name: backend
        volumeMounts:
{{ if eq .Values.global.debug "yes" }}
        - name: app-data
          mountPath: /app
{{ end }}
        command: ["/usr/sbin/php-fpm7.2", "--fpm-config", "/etc/php/7.2/php-fpm.conf", "-F"]
...

1.3. asiri.yaml

{{ if eq .Values.global.debug "yes" }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ .Chart.Name }}-ssh-pub-key
type: Opaque
data:
  authorized_keys: "{{ first (pluck .Values.global.username .Values.ssh_pub_key) }}"
{{ end }}

Ifọwọkan ipari

Lẹhin iyẹn gbogbo ohun ti o ku ni gbigbe beere gitlab-ci.yml oniyipada:

dev:
  stage: deploy
  script:
   - type multiwerf && source <(multiwerf use 1.0 beta)
   - type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
   - werf deploy
     --namespace ${CI_PROJECT_NAME}-stage
     --set "global.env=stage"
     --set "global.git_rev=${CI_COMMIT_SHA}"
     --set "global.debug=yes"
     --set "global.username=${GITLAB_USER_LOGIN}"
 tags:
   - build

Voila: Olùgbéejáde ti o ṣe ifilọlẹ imuṣiṣẹ le sopọ nipasẹ orukọ iṣẹ (bii o ṣe le funni ni iwọle ni aabo si iṣupọ naa, a ti sọ tẹlẹ) lati tabili tabili rẹ nipasẹ SFTP ati ṣatunkọ koodu laisi iduro fun jiṣẹ si iṣupọ.

Eyi jẹ ojutu ti n ṣiṣẹ patapata, ṣugbọn lati oju wiwo imuse o ni awọn aila-nfani ti o han gbangba:

  • ye lati liti awọn Helm chart, eyi ti o mu ki o soro lati ka ni ojo iwaju;
  • nikan le ṣee lo nipasẹ eniyan ti o fi iṣẹ naa ranṣẹ;
  • o nilo lati ranti lẹhinna muuṣiṣẹpọ pẹlu ilana agbegbe pẹlu koodu ki o fi si Git.

2. Telepresence

Ise agbese na Wiwa foonu ti mọ fun igba pipẹ, ṣugbọn awa, gẹgẹ bi wọn ti sọ, “ko wa ni ayika lati gbiyanju rẹ ni iṣe.” Bibẹẹkọ, ibeere ti ṣe iṣẹ rẹ ati ni bayi a ni idunnu lati pin iriri wa, eyiti o le wulo fun awọn oluka bulọọgi wa - ni pataki nitori pe ko si awọn ohun elo miiran nipa Telepresence lori ibudo sibẹsibẹ.

Ni kukuru, ohun gbogbo wa ni jade lati wa ni ko bẹ idẹruba. A gbe gbogbo awọn iṣe ti o nilo ipaniyan ni apakan ti olupilẹṣẹ ni faili ọrọ chart Helm ti a pe NOTES.txt. Nitorinaa, lẹhin gbigbe iṣẹ naa lọ si Kubernetes, olupilẹṣẹ rii awọn ilana fun ifilọlẹ agbegbe dev agbegbe ni akọọlẹ iṣẹ GitLab:

!!! Разработка сервиса локально, в составе Kubernetes !!!

* Настройка окружения
* * Должен быть доступ до кластера через VPN
* * На локальном ПК установлен kubectl ( https://kubernetes.io/docs/tasks/tools/install-kubectl/ )
* * Получить config-файл для kubectl (скопировать в ~/.kube/config)
* * На локальном ПК установлен telepresence ( https://www.telepresence.io/reference/install )
* * Должен быть установлен Docker
* * Необходим доступ уровня reporter или выше к репозиторию https://gitlab.site.com/group/app
* * Необходимо залогинится в registry с логином/паролем от GitLab (делается один раз):

#########################################################################
docker login registry.site.com
#########################################################################

* Запуск окружения

#########################################################################
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name  }}:backend --mount=/tmp/app --docker-run -v `pwd`:/app -v /tmp/app/var/run/secrets:/var/run/secrets -ti registry.site.com/group/app/backend:v8
#########################################################################

A kii yoo gbe ni alaye lori awọn igbesẹ ti a ṣalaye ninu itọnisọna yii… pẹlu ayafi ti o kẹhin. Kini yoo ṣẹlẹ lakoko ifilọlẹ ti Telepresence?

Nṣiṣẹ pẹlu Telepresence

Ni ibẹrẹ (lilo aṣẹ ti o kẹhin ti pato ninu awọn itọnisọna loke), a ṣeto:

  • aaye orukọ ninu eyiti microservice nṣiṣẹ;
  • awọn orukọ ti imuṣiṣẹ ati eiyan ti a fẹ lati penetrate.

Awọn ariyanjiyan ti o ku jẹ iyan. Ti iṣẹ wa ba ṣe ajọṣepọ pẹlu ati fun Kubernetes API Account Service ṣẹda, a nilo lati gbe awọn iwe-ẹri / awọn ami-ẹri sori tabili tabili wa. Lati ṣe eyi, lo aṣayan --mount=true (tabi --mount=/dst_path), eyiti yoo gbe gbongbo (/) lati inu eiyan Kubernetes si tabili tabili wa. Lẹhin eyi, a le (da lori OS ati bii ohun elo ṣe ṣe ifilọlẹ) lo “awọn bọtini” lati inu iṣupọ naa.

Ni akọkọ, jẹ ki a wo aṣayan gbogbo agbaye julọ fun ṣiṣe ohun elo kan - ninu apo eiyan Docker kan. Lati ṣe eyi a yoo lo bọtini naa --docker-run ki o si gbe liana pẹlu koodu sinu eiyan: -v `pwd`:/app

Jọwọ ṣakiyesi pe eyi dawọle lati ṣiṣe lati itọsọna iṣẹ akanṣe. Awọn koodu ohun elo yoo wa ni agesin ninu awọn liana /app ni a eiyan.

Nigbamii ti: -v /tmp/app/var/run/secrets:/var/run/secrets - lati gbe iwe-itọsọna pẹlu iwe-ẹri / ami-ami sinu eiyan kan.

Aṣayan yii ni ipari atẹle nipasẹ aworan ninu eyiti ohun elo naa yoo ṣiṣẹ. NB: Nigbati o ba kọ aworan kan, o gbọdọ pato CMD tabi ENTRYPOINT!

Kini gangan yoo ṣẹlẹ nigbamii?

  • Ni Kubernetes, fun Iṣipopada ti a ti sọ tẹlẹ, nọmba awọn ẹda yoo yipada si 0. Dipo, Ifilọlẹ tuntun yoo ṣe ifilọlẹ - pẹlu apoti aropo kan backend.
  • Awọn apoti 2 yoo ṣe ifilọlẹ lori deskitọpu: akọkọ pẹlu Telepresence (yoo jẹ awọn ibeere aṣoju lati / si Kubernetes), keji pẹlu ohun elo ti o dagbasoke.
  • Ti a ba ṣiṣẹ sinu apo eiyan pẹlu ohun elo naa, lẹhinna gbogbo awọn oniyipada ENV ti o gbe nipasẹ Helm lakoko imuṣiṣẹ yoo wa fun wa, ati pe gbogbo awọn iṣẹ yoo tun wa. Gbogbo ohun ti o ku ni lati ṣatunkọ koodu ni IDE ayanfẹ rẹ ati gbadun abajade.
  • Ni ipari iṣẹ naa, o kan nilo lati pa ebute naa nibiti Telepresence nṣiṣẹ (fi opin si igba pẹlu Ctrl + C) - Awọn apoti Docker yoo da duro lori deskitọpu, ati ni Kubernetes ohun gbogbo yoo pada si ipo ibẹrẹ rẹ. Gbogbo ohun ti o ku ni lati ṣe, gbejade MR ki o gbe lọ si atunyẹwo/dapọ/… (da lori awọn ṣiṣan iṣẹ rẹ).

Ti a ko ba fẹ lati ṣiṣẹ ohun elo naa ninu apoti Docker kan - fun apẹẹrẹ, a dagbasoke kii ṣe ni PHP, ṣugbọn ni Go, ati tun kọ ni agbegbe - ifilọlẹ Telepresence yoo rọrun paapaa:

telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name  }}:backend --mount=true

Ti ohun elo naa ba wọle si Kubernetes API, iwọ yoo nilo lati gbe itọsọna awọn bọtini (https://www.telepresence.io/howto/volumes). IwUlO kan wa fun Linux gbongbo:

proot -b $TELEPRESENCE_ROOT/var/run/secrets/:/var/run/secrets bash

Lẹhin ifilọlẹ Telepresence laisi aṣayan --docker-run gbogbo awọn oniyipada ayika yoo wa ni ebute lọwọlọwọ, nitorinaa ohun elo naa gbọdọ ṣe ifilọlẹ ninu rẹ.

NB: Nigba lilo, fun apẹẹrẹ, PHP, o gbọdọ ranti lati mu orisirisi op_cache, apc ati awọn miiran accelerators fun idagbasoke - bibẹkọ ti ṣiṣatunkọ koodu yoo ko ja si awọn ti o fẹ esi.

Awọn esi

Idagbasoke agbegbe pẹlu Kubernetes jẹ iṣoro ti ojutu rẹ n dagba ni ibamu si itankale iru ẹrọ yii. Gbigba awọn ibeere ti o yẹ lati ọdọ awọn olupilẹṣẹ (lati ọdọ awọn alabara wa), a bẹrẹ lati yanju wọn pẹlu awọn ọna akọkọ ti o wa, eyiti, sibẹsibẹ, ko fi ara wọn han ni igba pipẹ. O da, eyi ti han gbangba kii ṣe ni bayi kii ṣe si wa nikan, nitorinaa awọn ọna ti o dara julọ ti han tẹlẹ ni agbaye, ati Telepresence jẹ olokiki julọ ninu wọn (nipasẹ ọna, tun wa tun wa. skaffold lati Google). Iriri wa ti lilo rẹ ko tii tobi pupọ, ṣugbọn o ti fun wa ni idi tẹlẹ lati ṣeduro rẹ si “awọn ẹlẹgbẹ wa ni ile itaja” - gbiyanju!

PS

Miiran lati awọn imọran ati ẹtan K8s jara:

orisun: www.habr.com

Fi ọrọìwòye kun