Ṣiṣẹ Camunda BPM lori Kubernetes

Ṣe o nlo Kubernetes? Ṣetan lati gbe awọn iṣẹlẹ BPM Camunda rẹ kuro ninu awọn ẹrọ foju, tabi boya o kan gbiyanju ṣiṣe wọn lori Kubernetes? Jẹ ki a wo diẹ ninu awọn atunto ti o wọpọ ati awọn ohun kọọkan ti o le ṣe deede si awọn iwulo pato rẹ.

O dawọle pe o ti lo Kubernetes tẹlẹ. Ti kii ba ṣe bẹ, kilode ti o ko wo isakoso ati pe ko bẹrẹ iṣupọ akọkọ rẹ?

onkọwe

• Alastair Firth (Alastair Firth) - Onimọ-ẹrọ Igbẹkẹle Aye Agba lori ẹgbẹ awọsanma Camunda;
• Lars Lange (Lars Lange) - ẹlẹrọ DevOps ni Camunda.

Ni soki:

git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold


O dara, o jasi ko sise nitori ti o ko ba ni skaffold ati kustomize fi sori ẹrọ. Daradara lẹhinna ka lori!

Kini Camunda BPM

Camunda BPM jẹ iṣakoso ilana iṣowo orisun ṣiṣi ati ipilẹ adaṣe ipinnu ti o so awọn olumulo iṣowo ati awọn olupilẹṣẹ sọfitiwia pọ. O jẹ apẹrẹ fun iṣakojọpọ ati sisopọ eniyan, (micro) awọn iṣẹ tabi paapaa awọn bot! O le ka diẹ sii nipa awọn oriṣiriṣi awọn ọran lilo ni ọna asopọ.

Kini idi ti o lo Kubernetes

Kubernetes ti di boṣewa de facto fun ṣiṣe awọn ohun elo ode oni lori Lainos. Nipa lilo awọn ipe eto dipo imupese ohun elo ati agbara ekuro lati ṣakoso iranti ati iyipada iṣẹ-ṣiṣe, akoko bata ati akoko ibẹrẹ ni o kere ju. Sibẹsibẹ, anfani ti o tobi julọ le wa lati API boṣewa ti Kubernetes pese lati tunto awọn amayederun ti gbogbo awọn ohun elo nilo: ibi ipamọ, netiwọki, ati ibojuwo. O jẹ ọmọ ọdun 2020 ni Oṣu Karun ọdun 6 ati pe o jẹ boya iṣẹ orisun ṣiṣi keji ti o tobi julọ (lẹhin Linux). Laipẹ o ti n ṣe iduroṣinṣin iṣẹ ṣiṣe rẹ lẹhin aṣetunṣe iyara ni awọn ọdun diẹ sẹhin bi o ti di pataki si awọn iṣẹ iṣelọpọ ni ayika agbaye.

Camunda BPM Engine le ni irọrun sopọ si awọn ohun elo miiran ti n ṣiṣẹ lori iṣupọ kanna, ati Kubernetes pese iwọn ti o dara julọ, gbigba ọ laaye lati mu awọn idiyele amayederun pọ si nikan nigbati o nilo gaan (ati irọrun dinku wọn bi o ṣe nilo).

Didara ibojuwo tun jẹ ilọsiwaju pupọ pẹlu awọn irinṣẹ bii Prometheus, Grafana, Loki, Fluentd ati Elasticsearch, gbigba ọ laaye lati wo aarin gbogbo awọn ẹru iṣẹ ni iṣupọ kan. Loni a yoo wo bi a ṣe le ṣe imuse olutaja Prometheus sinu Ẹrọ Foju Java (JVM).

Awọn ifojusi

Jẹ ki a wo awọn agbegbe diẹ nibiti a ti le ṣe akanṣe aworan Camunda BPM Docker (github) ki o ṣe ibaraẹnisọrọ daradara pẹlu Kubernetes.

1. Awọn akọọlẹ ati awọn metiriki;
2. Data awọn isopọ;
3. Ijeri;
4. Isakoso igba.

A yoo wo awọn ọna pupọ lati ṣaṣeyọri awọn ibi-afẹde wọnyi ati ṣafihan gbogbo ilana ni kedere.

Daakọ: Ṣe o nlo ẹya Idawọlẹ? Wo nibi ati imudojuiwọn awọn ọna asopọ aworan bi o ṣe nilo.

Idagbasoke iṣan-iṣẹ

Ninu demo yii, a yoo lo Skaffold lati kọ awọn aworan Docker nipa lilo Google Cloud Build. O ni atilẹyin to dara fun ọpọlọpọ awọn irinṣẹ (bii Kustomize ati Helm), CI ati awọn irinṣẹ kọ, ati awọn olupese amayederun. Faili skaffold.yaml.tmpl pẹlu awọn eto fun Google Cloud Build ati GKE, n pese ọna ti o rọrun pupọ lati ṣiṣe awọn amayederun ipele iṣelọpọ.

make skaffold yoo gbe ipo Dockerfile sinu Awọsanma Kọ, kọ aworan naa ki o tọju rẹ ni GCR, ati lẹhinna lo awọn ifihan si iṣupọ rẹ. Eyi ni ohun ti o ṣe make skaffold, ṣugbọn Skaffold ni ọpọlọpọ awọn ẹya ara ẹrọ miiran.

Fun awọn awoṣe yaml ni Kubernetes, a lo kustomize lati ṣakoso awọn iṣagbesori yaml laisi titẹ gbogbo ifihan gbangba, gbigba ọ laaye lati lo. git pull --rebase fun siwaju awọn ilọsiwaju. Bayi o wa ni kubectl ati pe o ṣiṣẹ daradara fun iru awọn nkan bẹẹ.

A tun lo envsubst lati ṣe agbejade orukọ olupin ati ID iṣẹ akanṣe GCP ninu awọn faili * .yaml.tmpl. O le wo bi o ṣe n ṣiṣẹ ninu makefile tabi o kan tẹsiwaju siwaju.

Awọn ipo pataki

• Iṣupọ iṣẹ Kubernetes
• Ṣe akanṣe
• Skaffold - fun ṣiṣẹda awọn aworan docker tirẹ ati imuṣiṣẹ irọrun si GKE
• Ẹda koodu yii
• Envsubst

Ṣiṣẹ iṣẹ nipa lilo awọn ifihan

Ti o ko ba fẹ lati lo kustomize tabi skaffold, o le tọka si awọn farahan ninu generated-manifest.yaml ki o si mu wọn si awọn bisesenlo ti o fẹ.

Awọn akọọlẹ ati awọn metiriki

Prometheus ti di boṣewa fun gbigba awọn metiriki ni Kubernetes. O gba onakan kanna bi AWS Cloudwatch Metrics, Awọn titaniji Cloudwatch, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics ati awọn miiran. O jẹ orisun ṣiṣi ati pe o ni ede ibeere ti o lagbara. A yoo fi iworan le Grafana lọwọ - o wa pẹlu nọmba nla ti awọn dasibodu ti o wa lati inu apoti. Wọn ti sopọ si ara wọn ati pe o rọrun lati fi sori ẹrọ pẹlu prometheus-onišẹ.

Nipa aiyipada, Prometheus lo awoṣe isediwon <service>/metrics, ati fifi awọn apoti ẹgbẹ ẹgbẹ fun eyi jẹ wọpọ. Laanu, awọn metiriki JMX ti wa ni ibuwolu ti o dara julọ laarin JVM, nitorinaa awọn apoti ẹgbẹ ko ṣiṣẹ daradara. Jẹ ki a sopọ jmx_olutaja orisun ṣiṣi lati Prometheus si JVM nipa fifi kun si aworan eiyan eyiti yoo pese ọna naa /metrics lori yatọ si ibudo.

Fi Prometheus jmx_exporter si apoti

-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0

## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml


O dara, iyẹn rọrun. Olutaja naa yoo ṣe atẹle tomcat ati ṣafihan awọn metiriki rẹ ni ọna kika Prometheus ni <svc>:9404/metrics

Eto atajasita

Oluka ti o tẹtisi le ṣe iyalẹnu ibi ti o ti wa prometheus-jmx.yaml? Nibẹ ni o wa ọpọlọpọ awọn oriṣiriṣi ohun ti o le ṣiṣe ni JVM, ati tomcat jẹ o kan ọkan ninu wọn, ki awọn atajasita nilo diẹ ninu awọn afikun iṣeto ni. Awọn atunto boṣewa fun tomcat, wildfly, kafka ati bẹbẹ lọ wa nibi. A yoo fi tomcat bi ConfigMap ni Kubernetes ati lẹhinna gbe soke bi iwọn didun kan.

Ni akọkọ, a ṣafikun faili iṣeto atajasita si pẹpẹ wa / atunto / liana wa

platform/config
└── prometheus-jmx.yaml


Lẹhinna a fi kun ConfigMapGenerator в kustomization.yaml.tmpl:

-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...] configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml


Eleyi yoo fi kọọkan ano files[] bi a ConfigMap iṣeto ni ano. ConfigMapGenerators jẹ nla nitori wọn hash data iṣeto ni ati fi ipa mu adarọ-ese kan tun bẹrẹ ti o ba yipada. Wọn tun dinku iye iṣeto ni Imuṣiṣẹ niwọn igba ti o le gbe gbogbo “folda” ti awọn faili atunto sinu VolumeMount kan.

Ni ipari, a nilo lati gbe ConfigMap naa bi iwọn didun si adarọ ese:

-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...] spec:
template:
spec:
[...] volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]

Iyanu. Ti a ko ba tunto Prometheus lati ṣe afọmọ ni kikun, o le ni lati sọ fun u lati nu awọn adarọ-ese naa. Awọn olumulo oniṣẹ Prometheus le lo service-monitor.yaml lati bẹrẹ. Ye Service-monitor.yaml, onišẹ design и ServiceMonitorSpec ṣaaju ki o to bẹrẹ.

Itẹsiwaju ilana yii si awọn ọran lilo miiran

Gbogbo awọn faili ti a ṣafikun si ConfigMapGenerator yoo wa ninu itọsọna tuntun /etc/config. O le faagun awoṣe yii lati gbe awọn faili atunto eyikeyi miiran ti o nilo. O le paapaa gbe iwe afọwọkọ ibẹrẹ tuntun kan. O le lo subPath lati gbe awọn faili kọọkan. Lati ṣe imudojuiwọn awọn faili xml, ronu nipa lilo xmlstarlet dipo sed. O ti wa tẹlẹ ninu aworan.

Awọn iwe iroyin

Iroyin nla! Awọn iwe ohun elo ti wa tẹlẹ lori stdout, fun apẹẹrẹ pẹlu kubectl logs. Fluentd (ti a fi sori ẹrọ nipasẹ aiyipada ni GKE) yoo dari awọn akọọlẹ rẹ si Elasticsearch, Loki, tabi pẹpẹ iwọle ile-iṣẹ rẹ. Ti o ba fẹ lo jsonify fun awọn akọọlẹ lẹhinna o le tẹle awoṣe loke lati fi sori ẹrọ logback.

Aaye data

Nipa aiyipada, aworan naa yoo ni aaye data H2 kan. Eyi ko dara fun wa, ati pe a yoo lo Google Cloud SQL pẹlu Cloud SQL Proxy - eyi yoo nilo nigbamii lati yanju awọn iṣoro inu. Eyi jẹ aṣayan ti o rọrun ati igbẹkẹle ti o ko ba ni awọn ayanfẹ tirẹ ni siseto ibi ipamọ data. AWS RDS n pese iṣẹ ti o jọra.

Laibikita ibi ipamọ data ti o yan, ayafi ti o jẹ H2, iwọ yoo nilo lati ṣeto awọn oniyipada ayika ti o yẹ ninu platform/deploy.yaml. O dabi iru eyi:

-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...] spec:
template:
spec:
[...] containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]

Daakọ: O le lo Kustomize lati ran lọ si awọn agbegbe oriṣiriṣi nipa lilo agbekọja: apẹẹrẹ.

Daakọ: lilo valueFrom: secretKeyRef. Jọwọ, lo ẹya Kubernetes yii paapaa lakoko idagbasoke lati tọju awọn aṣiri rẹ lailewu.

O ṣee ṣe pe o ti ni eto ti o fẹ tẹlẹ fun ṣiṣakoso awọn aṣiri Kubernetes. Ti kii ba ṣe bẹ, eyi ni diẹ ninu awọn aṣayan: fifipamọ wọn pẹlu KMS olupese awọsanma rẹ ati lẹhinna itasi wọn sinu K8S bi awọn aṣiri nipasẹ opo gigun ti CD - Mozilla SOPS - yoo ṣiṣẹ daradara ni apapo pẹlu Kustomize awọn aṣiri. Awọn irinṣẹ miiran wa, gẹgẹbi dotGPG, ti o ṣe awọn iṣẹ kanna: HashiCorp ifinkan, Ṣe akanṣe Awọn afikun Iye Aṣiri.

Ingress

Ayafi ti o ba yan lati lo ifiranšẹ siwaju ibudo agbegbe, iwọ yoo nilo Alakoso Ingress ti a tunto. Ti o ko ba lo ingress-nginx (Helm aworan atọka) lẹhinna o ṣee ṣe pe o ti mọ tẹlẹ pe o nilo lati fi awọn asọye pataki sinu ingress-patch.yaml.tmpl tabi platform/ingress.yaml. Ti o ba nlo ingress-nginx ati ki o wo kilasi inginx kan pẹlu iwọntunwọnsi fifuye ti o tọka si ati DNS ita tabi titẹsi DNS wildcard, o dara lati lọ. Bibẹẹkọ, tunto Oluṣakoso Ingress ati DNS, tabi foju awọn igbesẹ wọnyi ki o tọju asopọ taara si adarọ ese naa.

TLS

Ti o ba nlo oluṣakoso cert tabi kube-lego ati letsencrypt - awọn iwe-ẹri fun wiwọle tuntun yoo gba laifọwọyi. Bibẹẹkọ, ṣii ingress-patch.yaml.tmpl ki o si ṣe rẹ lati ba awọn aini rẹ mu.

Ifilọlẹ!

Ti o ba tẹle ohun gbogbo ti a kọ loke, lẹhinna aṣẹ naa make skaffold HOSTNAME=<you.example.com> yẹ ki o lọlẹ ohun wa apeere ni <hostname>/camunda

Ti o ko ba ti ṣeto wiwọle rẹ si URL ti gbogbo eniyan, o le ṣe atunṣe pẹlu rẹ localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 on localhost:8080/camunda

Duro iṣẹju diẹ titi tomcat ti ṣetan patapata. Cert-faili yoo gba akoko diẹ lati mọ daju orukọ ìkápá naa. Lẹhinna o le ṣe atẹle awọn akọọlẹ nipa lilo awọn irinṣẹ to wa gẹgẹbi ọpa bi kubetail, tabi nirọrun lilo kubectl:

kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f


Next awọn igbesẹ

Aṣẹ

Eyi jẹ diẹ ti o ṣe pataki si tunto Camunda BPM ju Kubernetes lọ, ṣugbọn o ṣe pataki lati ṣe akiyesi pe nipasẹ aiyipada, ijẹrisi jẹ alaabo ni REST API. O le jeki ipilẹ ìfàṣẹsí tabi lo ọna miiran bi J.W.T.. O le lo awọn atunto ati awọn iwọn didun lati ṣajọpọ xml, tabi xmlstarlet (wo loke) lati ṣatunkọ awọn faili ti o wa ninu aworan, ati boya lo wget tabi gbe wọn ni lilo apo init ati iwọn didun ti o pin.

Isakoso igba

Bii ọpọlọpọ awọn ohun elo miiran, Camunda BPM n ṣe awọn akoko ni JVM, nitorinaa ti o ba fẹ ṣiṣe awọn ẹda pupọ, o le mu awọn akoko alalepo ṣiṣẹ (fun apẹẹrẹ fun ingress-nginx), eyi ti yoo wa titi ti ẹda ẹda yoo parẹ, tabi ṣeto ẹya Max-Age fun awọn kuki. Fun ojutu ti o lagbara diẹ sii, o le mu Oluṣakoso Ikoni ṣiṣẹ ni Tomcat. Lars ni lọtọ ifiweranṣẹ lori koko yii, ṣugbọn nkan bi:

wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&

sed -i '/^</Context>/i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://redis-proxy.db:22121"
sticky="false"
sessionBackupAsync="false"
storageKeyPrefix="context"
lockingMode="auto"
/>' conf/context.xml


Daakọ: o le lo xmlstarlet dipo sed

A lo twemproxy ni iwaju Google Cloud Memorystore, pẹlu memcached-igba-oluṣakoso (ṣe atilẹyin Redis) lati ṣiṣẹ.

Igbelosoke

Ti o ba loye awọn akoko tẹlẹ, lẹhinna akọkọ (ati nigbagbogbo ti o kẹhin) aropin si igbelosoke Camunda BPM le jẹ asopọ si ibi ipamọ data naa. Isọdi apa kan ti wa tẹlẹ"lati inu apoti" Jẹ ki a tun mu intialSize kuro ninu faili settings.xml. Fi kun Petele Pod Autoscaler (HPA) ati awọn ti o le awọn iṣọrọ laifọwọyi asekale awọn nọmba ti pods.

Awọn ibeere ati awọn ihamọ

В platform/deployment.yaml Iwọ yoo rii pe a ti ṣe koodu-lile aaye awọn orisun. Eyi ṣiṣẹ daradara pẹlu HPA, ṣugbọn o le nilo iṣeto ni afikun. Awọn kustomize alemo ni o dara fun yi. Cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl

ipari

Nitorinaa a fi Camunda BPM sori Kubernetes pẹlu awọn metiriki Prometheus, awọn akọọlẹ, data data H2, TLS ati Ingress. A ṣafikun awọn faili idẹ ati awọn faili iṣeto ni lilo ConfigMaps ati Dockerfile. A sọrọ nipa paarọ data si awọn iwọn didun ati taara si awọn oniyipada ayika lati awọn aṣiri. Ni afikun, a pese akopọ ti iṣeto Camunda fun awọn ẹda pupọ ati API ti o jẹri.

jo

github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives


05.08.2020/XNUMX/XNUMX, itumọ awọn nkan Alastair Firth, Lars Lange

orisun: www.habr.com