Izindlela ezi-3 zokuhlanganisa i-werf: ukuthunyelwa e-Kubernetes nge-Helm "kuma-steroids"

Esikulindile (hhayi thina kuphela) isikhathi eside kwenzekile: i-werf, insiza yethu yoMthombo Ovulekile yokwakha izinhlelo zokusebenza nokuziletha kwa-Kubernetes, manje isisekela ukusebenzisa izinguquko kusetshenziswa amapheshi wokuhlanganisa wezindlela ezi-3! Ngaphezu kwalokhu, kungenzeka ukusebenzisa izinsiza ezikhona ze-K8s ekukhishweni kwe-Helm ngaphandle kokwakha kabusha lezi zinsiza.

Uma kufushane kakhulu, bese sibeka WERF_THREE_WAY_MERGE=enabled - sithola ukuthunyelwa "njengoba ku kubectl apply", iyahambisana nokufakwa okukhona kwe-Helm 2 nokunye okwengeziwe.

Kodwa ake siqale ngethiyori: ayini ngempela amapheshana we-3-way-merge, abantu baqhamuke kanjani nendlela yokuwakhiqiza, futhi kungani ebalulekile ezinqubweni ze-CI/CD nengqalasizinda esekwe ku-Kubernetes? Futhi emva kwalokho, ake sibone ukuthi yini i-3-way-merge ku-werf, yiziphi izindlela ezisetshenziswa ngokuzenzakalelayo nokuthi ungayiphatha kanjani.

Iyini ipheshi ye-3-way-merge?

Ngakho-ke, ake siqale ngomsebenzi wokukhipha izinsiza ezichazwe ku-YAML zibonakalisa ku-Kubernetes.

Ukuze usebenze ngezinsiza, i-Kubernetes API inikeza imisebenzi elandelayo eyisisekelo: dala, hlanganisa, buyisela futhi susa. Kucatshangwa ukuthi ngosizo lwabo kuyadingeka ukwakha ukukhishwa okuqhubekayo okuqhubekayo kwezinsiza ku-cluster. Kanjani?

imiyalo ye-kubectl ebalulekile

Indlela yokuqala yokuphatha izinto ku-Kubernetes ukusebenzisa imiyalo ye-kubectl ukuze udale, ulungise, futhi ususe lezi zinto. Kalula nje:

• iqembu kubectl run ungaqalisa Ukuthunyelwa noma Umsebenzi:

  kubectl run --generator=deployment/apps.v1 DEPLOYMENT_NAME --image=IMAGE

• iqembu kubectl scale - shintsha inombolo ye-replicas:

  kubectl scale --replicas=3 deployment/mysql

• nokunye.

Le ndlela ingase ibonakale iwusizo ekuqaleni. Nokho zikhona izinkinga:

1. Kunzima shintsha.
2. Indlela bonisa ukumisa ku-Git? Uzibuyekeza kanjani izinguquko ezenzeka kuqoqo?
3. Indlela yokuhlinzeka ukukhiqiza kabusha izilungiselelo ekuqaliseni kabusha?
4. ...

Kuyacaca ukuthi le ndlela ayihambisani kahle nokugcinwa kwesicelo nengqalasizinda njengekhodi (IaC; noma ngisho I-GitOps njengendlela yesimanjemanje, ethola ukuthandwa ku-Kubernetes ecosystem). Ngakho-ke, le miyalo ayizange ithole ukuthuthukiswa okwengeziwe ku-kubectl.

Dala, thola, buyisela futhi ususe imisebenzi

Nge primary indalo kulula: thumela i-manifest emsebenzini create kube api futhi isisetshenziswa senziwe. Ukumelwa kwe-YAML kwe-manifest kungagcinwa ku-Git futhi kudalwe kusetshenziswa umyalo kubectl create -f manifest.yaml.

С ukususa futhi elula: esikhundleni esifanayo manifest.yaml kusuka ku-Git kuya eqenjini kubectl delete -f manifest.yaml.

Ukusebenza replace ikuvumela ukuthi umiselele ngokuphelele ukulungiselelwa kwensiza entsha, ngaphandle kokuphinda udale insiza. Lokhu kusho ukuthi ngaphambi kokwenza ushintsho kusisetshenziswa, kunengqondo ukubuza inguqulo yamanje nomsebenzi get, ishintshe futhi uyibuyekeze ngokusebenza replace. kube apiserver yakhelwe ngaphakathi ukukhiya okunethemba futhi, uma ngemva kokuhlinzwa get into isishintshile, bese kuba ukusebenza replace ngeke kusebenze.

Ukugcina ukucushwa ku-Git futhi ukubuyekeze usebenzisa esikhundleni, udinga ukwenza umsebenzi get, hlanganisa ukucushwa okuvela ku-Git nalokho esikutholile, futhi sikwenze replace. Ngokuzenzakalelayo, i-kubectl ikuvumela kuphela ukuthi usebenzise umyalo kubectl replace -f manifest.yamlkuphi manifest.yaml — i-manifest esivele ilungiselelwe ngokugcwele (kithi, ihlanganisiwe) edinga ukufakwa. Kuvele ukuthi umsebenzisi udinga ukusebenzisa ama-manifest wokuhlanganisa, futhi lokhu akuyona into encane...

Kuyafaneleka futhi ukuphawula ukuthi nakuba manifest.yaml futhi igcinwe ku-Git, ngeke sazi kusengaphambili ukuthi kuyadingeka yini ukudala into noma ukuyibuyekeza - lokhu kufanele kwenziwe isofthiwe yomsebenzisi.

Inani: singakwazi ukwakha ukukhishwa okuqhubekayo usebenzisa kuphela ukudala, ukufaka esikhundleni kanye nokususa, uqinisekisa ukuthi ukucushwa kwengqalasizinda kugcinwa ku-Git kanye nekhodi kanye ne-CI/CD elula?

Ngokomthetho, singakwazi... Ngenxa yalokhu uzodinga ukusebenzisa umsebenzi wokuhlanganisa i-manifesto kanye nohlobo oluthile lokubopha ukuthi:

• ihlola ubukhona bento kuqoqo,
• yenza ukwakhiwa kwezinsiza zokuqala,
• iyayibuyekeza noma iyayisusa.

Uma ubuyekeza, sicela uqaphele lokho insiza kungenzeka ishintshile kusukela ekugcineni get futhi uphathe ngokuzenzakalelayo icala lokukhiya okunethemba - yenza imizamo yokubuyekeza ephindaphindiwe.

Kodwa-ke, kungani usungula kabusha isondo lapho i-kube-apiserver inikeza enye indlela yokuvuselela izinsiza: ukusebenza patch, ekhulula umsebenzisi kwezinye zezinkinga ezichazwe?

patch

Manje sifika kuma-patches.

Amapeshi ayindlela eyinhloko yokusebenzisa izinguquko ezintweni ezikhona ku-Kubernetes. Ukusebenza patch isebenza kanje:

• umsebenzisi we-kube-apiserver udinga ukuthumela ipheshi ngefomu le-JSON futhi acacise into,
• futhi i-apiserver ngokwayo izobhekana nesimo samanje sento futhi ilethe efomini elidingekayo.

Ukukhiya okunethemba akudingeki kuleli cala. Lo msebenzi udalula kakhulu kunokushintsha, nakuba ekuqaleni kungase kubonakale ngenye indlela.

Ngale ndlela:

• ngokusebenzisa ukuhlinzwa create sakha into ngokusho kwe-manifest evela ku-Git,
• ngosizo lwe delete - susa uma into ingasadingeki,
• ngosizo lwe patch - sishintsha into, siyiletha efomini elichazwe ku-Git.

Nokho, ukwenza lokhu, udinga ukudala ipheshana elilungile!

Indlela amapheshana asebenza ngayo kuHelm 2: 2-way-merge

Uma uqala ukufaka ukukhishwa, i-Helm yenza umsebenzi create ngezinsiza zeshadi.

Lapho ubuyekeza ukukhishwa kwe-Helm kusisetshenziswa ngasinye:

• ibheka isiqeshana esiphakathi kwenguqulo yensiza evela eshadini langaphambili kanye nenguqulo yeshadi yamanje,
• sebenzisa lesi siqeshana.

Lesi siqeshana sizosibiza 2-indlela yokuhlanganisa ipheshi, ngoba ama-manifesto ama-2 ahilelekile ekudalweni kwawo:

• i-resource manifest kusukela ekukhishweni kwangaphambilini,
• i-resource manifest evela kusisetshenziswa samanje.

Lapho ususa ukusebenza delete ku-kube apiserver ibizwa ngezinsiza ezishiwo ekukhishweni kwangaphambilini, kodwa ezingashiwongo kulokhu kwamanje.

Indlela ye-2 yokuhlanganisa isichibi inenkinga: iholela ku iphelelwe ukuvumelanisa nesimo sangempela sensiza kuqoqo kanye ne-manifest ku-Git.

Umfanekiso wenkinga ngesibonelo

• Ku-Git, ishadi ligcina i-manifest lapho inkambu image Indaba yokusatshalaliswa ubuntu:18.04.
• Umsebenzisi nge kubectl edit ushintshe inani lale nkambu laba ubuntu:19.04.
• Lapho usebenzisa kabusha ishadi le-Helm ayikhiqizi isichibi, ngoba insimu image enguqulweni yangaphambilini yokukhishwa naseshadini lamanje kuyafana.
• Ngemva kokuthunyelwa kabusha image izinsalela ubuntu:19.04, nakuba ishadi lisho ubuntu:18.04.

Sithole i-desynchronization futhi salahlekelwa ukumemezela.

Iyini insiza evumelanisiwe?

Sengisho nje, qedela Akunakwenzeka ukuthola ukufana phakathi kwe-manifest yensiza kuqoqo elisebenzayo kanye ne-manifest evela ku-Git. Ngoba ku-manifest yangempela kungase kube nezichasiselo/amalebula wesevisi, iziqukathi ezengeziwe nenye idatha eyengezwe futhi isuswe kusisetshenziswa ngokushintshashintshayo ngabanye abalawuli. Asikwazi futhi asifuni ukugcina le datha ku-Git. Nokho, sifuna izinkambu esizicacisile ku-Git ukuthi zithathe amanani afanele lapho kukhishwa.

Kuvele jikelele umthetho wensiza ovumelanisiwe: lapho ukhipha insiza, ungashintsha noma ususe kuphela lezo nkambu ezicaciswe ngokusobala ku-manifest kusuka ku-Git (noma ezishiwo enguqulweni yangaphambilini futhi manje esezisusiwe).

3-indlela yokuhlanganisa ipheshi

Umbono oyinhloko 3-indlela yokuhlanganisa ipheshi: sakha isiqeshana phakathi kwenguqulo yokugcina esetshenzisiwe ye-manifest evela ku-Git kanye nenguqulo eqondiwe ye-manifest evela ku-Git, kucatshangelwa inguqulo yamanje ye-manifest kusukela kuqoqo elisebenzayo. Ipheshi eliwumphumela kufanele lihambisane nomthetho wensiza ovumelanisiwe:

• izinkambu ezintsha ezengezwe enguqulweni eqondiwe zengezwa kusetshenziswa isichibi;
• Izinkambu ezikhona ngaphambilini kunguqulo yokugcina esetshenzisiwe futhi ezingekho enguqulweni eqondiwe zisethwa kabusha kusetshenziswa isiqeshana;
• izinkambu zenguqulo yamanje yento ehlukile enguqulweni eqondiwe ye-manifest zibuyekezwa kusetshenziswa isiqeshana.

Kungalesi simiso lapho ikhiqiza ama-patches kubectl apply:

• inguqulo yokugcina esetshenzisiwe ye-manifest igcinwe esichasiselweni sento ngokwayo,
• okuhlosiwe - kuthathwe efayeleni elishiwo le-YAML,
• eyamanje isuka kuqoqo eligijimayo.

Manje njengoba sesiyilungisile ithiyori, sekuyisikhathi sokukutshela ukuthi senzeni ku-werf.

Isebenzisa izinguquko ku-werf

Ngaphambilini, i-werf, njenge-Helm 2, yayisebenzisa ama-patches we-2-way-merge.

Lungisa ipheshi

Ukuze ushintshele ohlotsheni olusha lwama-patches - 3-way-merge - isinyathelo sokuqala sethule lokho okubizwa ngokuthi lungisa iziqephu.

Lapho kuthunyelwa, isiqephu esijwayelekile se-2-way-merge siyasetshenziswa, kodwa i-werf iphinda ikhiqize isiqeshana esingavumelanisa isimo sangempela sensiza nalokho okubhalwe ku-Git (isiqephu esinjalo sidalwa kusetshenziswa umthetho wensiza ovumelanisiwe ofanayo ochazwe ngenhla) .

Uma kwenzeka ukususwa kokuvumelanisa, ekupheleni kokusetshenziswa umsebenzisi uthola ISEXWAYISO esinomlayezo ohambisanayo kanye nesiqeshana okufanele sisetshenziswe ukuletha insiza efomini elivumelanisiwe. Lesi siqeshana siphinde siqoshwe kusichasiselo esikhethekile werf.io/repair-patch. Kucatshangwa ukuthi izandla zomsebenzisi сам izosebenzisa lesi siqeshana: i-werf ngeke isisebenzise nhlobo.

Ukukhiqiza amapheshana okulungisa kuyisilinganiso sesikhashana esikuvumela ukuthi uhlole ngempela ukudalwa kwamapeshi ngokusekelwe kumgomo we-3-way-merge, kodwa ungawasebenzisi ngokuzenzakalelayo lawa mapeshi. Okwamanje, le modi yokusebenza inikwe amandla ngokuzenzakalela.

I-3-way-merge patch yokukhishwa okusha kuphela

Kusukela ngomhla ka-1 Disemba 2019, izinguqulo ze-beta ne-alpha ze-werf ziyaqala okuzenzakalelayo sebenzisa iziqephu ezigcwele ze-3-way-merge ukuze usebenzise izinguquko kuphela ekukhishweni okusha kwe-Helm okukhishwe nge-werf. Ukukhishwa okukhona kuzoqhubeka nokusebenzisa indlela ye-2-way-merge + ukulungisa amapeshi.

Le modi yokusebenza inganikwa amandla ngokusobala ngokusetha WERF_THREE_WAY_MERGE_MODE=onlyNewReleases manje.

Ukubhala: isici sivele ku-werf phezu kokukhishwa okuningana: esiteshini se-alpha silungele ngenguqulo v1.0.5-alpha.19, nasesiteshini se-beta - nge v1.0.4-beta.20.

I-3-way-merge patch yakho konke ukukhishwa

Kusukela ngomhla ka-15 Disemba 2019, izinguqulo ze-beta ne-alpha ze-werf ziqala ukusebenzisa amapeshi agcwele e-3-way-merge ngokuzenzakalelayo ukuze afake izinguquko kukho konke ukukhishwa.

Le modi yokusebenza inganikwa amandla ngokusobala ngokusetha WERF_THREE_WAY_MERGE_MODE=enabled manje.

Yini okufanele uyenze nge-autoscaling yensiza?

Kunezinhlobo ezi-2 zokulinganisa okuzenzakalelayo ku-Kubernetes: i-HPA (evundlile) ne-VPA (eqondile).

I-Horizontal ikhetha ngokuzenzakalelayo inani lama-replicas, mpo - inani lezinsiza. Kokubili inani lezifaniso nezimfuneko zensiza zicaciswe ku-manifest yesisetshenziswa (bona i-Resource Manifest). spec.replicas noma spec.containers[].resources.limits.cpu, spec.containers[].resources.limits.memory и другие).

Inkinga: uma umsebenzisi elungiselela insiza eshadini ukuze icacise amanani athile ezisetshenziswa noma ama-replicas futhi ama-autoscaler anikwe amandla kulesi sisetshenziswa, lapho-ke ngokuphakwa ngakunye i-werf izosetha kabusha lawa manani abe kulokho okubhalwe ku-manifest yeshadi. .

Kunezixazululo ezimbili zenkinga. Okokuqala, kuhle ukugwema ukucacisa ngokusobala amanani esikali esizenzakalelayo ku-manifest yeshadi. Uma le nketho ingafaneleki ngesizathu esithile (isibonelo, ngenxa yokuthi kulungele ukusetha imikhawulo yensiza yokuqala kanye nenani lezifaniso eshadini), i-werf inikezela ngezichasiselo ezilandelayo:

• werf.io/set-replicas-only-on-creation=true
• werf.io/set-resources-only-on-creation=true

Uma isichasiselo esinjalo sikhona, i-werf ngeke isethe kabusha amanani ahambisanayo ekusetshenzisweni ngakunye, kodwa izowasetha kuphela lapho isisetshenziswa sidalwa ekuqaleni.

Ukuze uthole imininingwane eyengeziwe, bheka imibhalo yephrojekthi HPA и VPA.

Vimbela ukusetshenziswa kwepheshi ye-3-way-merge

Umsebenzisi okwamanje angavimbela ukusetshenziswa kwamapeshi amasha ku-werf esebenzisa okuguquguqukayo kwemvelo WERF_THREE_WAY_MERGE_MODE=disabled. Nokho, ukuqala Kusukela ngomhla ka-1 Mashi 2020, lokhu kuvinjelwa ngeke kusasebenza. futhi kuzokwazi ukusebenzisa amapeshi we-3-way-merge.

Ukwamukelwa kwezinsiza ku-werf

Ukuba yinhloko kwendlela yokusebenzisa izinguquko ngamapeshi e-3-way-merge kusivumele ukuthi sisebenzise ngokushesha isici esifana nokwamukela izinsiza ezikhona kuqoqo ekukhishweni kwe-Helm.

I-Helm 2 inenkinga: awukwazi ukwengeza insiza ku-manifest yeshadi esevele ikhona kuqoqo ngaphandle kokuphinda udale le nsiza kusukela ekuqaleni (bona. #6031, #3275). Sifundise i-werf ukwamukela izinsiza ezikhona ukuze zikhishwe. Ukuze wenze lokhu, udinga ukufaka isichasiselo enguqulweni yamanje yensiza kusuka kuqoqo elisebenzayo (isibonelo, usebenzisa kubectl edit):

"werf.io/allow-adoption-by-release": RELEASE_NAME

Manje insiza idinga ukuchazwa eshadini futhi ngesikhathi esilandelayo lapho i-werf isebenzisa ukukhishwa okunegama elifanele, insiza ekhona izokwamukelwa kulokhu kukhishwa futhi ihlale ngaphansi kolawulo lwayo. Ngaphezu kwalokho, ohlelweni lokwamukela insiza ukuze ikhishwe, i-werf izoletha isimo samanje sensiza kusukela kuqoqo elisebenzayo iye esimweni esichazwe eshadini, isebenzisa amapeshi afanayo we-3-way-merge kanye nomthetho wensiza ovunyelanisiwe.

Ukubhala: isilungiselelo WERF_THREE_WAY_MERGE_MODE akuthinti ukwamukelwa kwezinsiza - esimweni sokutholwa, isiqephu se-3-way-merge sisetshenziswa njalo.

Imininingwane - ku imibhalo.

Iziphetho nezinhlelo zesikhathi esizayo

Ngiyethemba ukuthi ngemuva kwalesi sihloko sekucace kakhudlwana ukuthi ayini ama-patches we-3-way-merge nokuthi kungani eze kuwo. Ngokombono ongokoqobo wokuthuthukiswa kwephrojekthi ye-werf, ukuqaliswa kwabo kwaba esinye isinyathelo sokuthuthukisa ukuthunyelwa okufana ne-Helm. Manje ungakhohlwa ngezinkinga ngokuvumelanisa kokucushwa, okuvame ukuvela lapho usebenzisa i-Helm 2. Ngesikhathi esifanayo, isici esisha esiwusizo sokwamukela izinsiza ze-Kubernetes ezivele zilandiwe zengezwe ekukhululweni kwe-Helm.

Kusenezinkinga nezinselele ezithile ngokusetshenziswa okufana ne-Helm, njengokusebenzisa izifanekiso ze-Go, esizoqhubeka nokuzilungisa.

Ulwazi mayelana nezindlela zokuvuselela izisetshenziswa kanye nokutholwa kungatholakala futhi ku leli khasi lemibhalo.

I-Helm 3

Ifanele ukuqashelwa ngokukhethekile khululiwe ngolunye usuku nje inguqulo entsha enkulu ye-Helm - v3 - ephinde isebenzisa ama-patches we-3-way-merge futhi isuse i-Tiller. Inguqulo entsha ye-Helm idinga ukufuduka ukufakwa okukhona ukuze kuguqulelwe kufomethi yesitoreji esisha sokukhishwa.

U-Werf, ngakolunye uhlangothi, useyekile ukusebenzisa i-Tiller, washintshela ku-3-way-merge futhi wengeza. okuningi kakhulu, ngenkathi isasebenza nokufakwa okukhona kwe-Helm 2 (akukho mibhalo yokuthutha okudingeka isetshenziswe). Ngakho-ke, kuze kube yilapho i-werf ishintshela ku-Helm 3, abasebenzisi be-werf abalahlekelwa izinzuzo eziyinhloko ze-Helm 3 ngaphezu kwe-Helm 2 (i-werf nayo inazo).

Nokho, ukushintshwa kwe-werf ku-Helm 3 codebase akunakugwenywa futhi kuzokwenzeka maduze nje. Kucatshangwa ukuthi lokhu kuzoba i-werf 1.1 noma i-werf 1.2 (okwamanje, inguqulo enkulu ye-werf ithi 1.0; ukuze uthole ulwazi olwengeziwe mayelana nedivayisi yenguqulo ye-werf, bheka lapha). Ngalesi sikhathi, i-Helm 3 izoba nesikhathi sokuzinza.

PS

Funda futhi kubhulogi yethu:

• Uchungechunge lwamanothi mayelana nezinto ezintsha ku-werf:
  • «Ukusebenzisa i-werf ukukhipha amashadi e-Helm ayinkimbinkimbi";
  • «Ukusekelwa kwe-monorepo kanye ne-multirepo ku-werf futhi i-Docker Registry ihlangene ngani nayo";
  • «Manje usungakwazi ukwakha izithombe ze-Docker ku-werf usebenzisa i-Dockerfile evamile".
• «i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)";
• «Yakha futhi usebenzise ama-microservices ohlobo olufanayo nge-werf ne-GitLab CI";
• «Sethula i-Helm 3".

Source: www.habr.com