Iyini i-GitOps?

Qaphela. transl.: Ngemva kwencwadi yakamuva impahla mayelana nezindlela zokudonsa nokuphusha ku-GitOps, sibone isithakazelo kule modeli ngokuvamile, kodwa bekumbalwa kakhulu ukushicilelwa kolimi lwesiRashiya ngalesi sihloko (azikho ku-Habré). Ngakho-ke, siyajabula ukukunikeza ukuhunyushwa kwesinye isihloko - nakuba cishe unyaka odlule! — evela ku-Weaveworks, inhloko yayo eyaqamba igama elithi “GitOps.” Itheksthi ichaza ingqikithi yendlela yokwenza kanye nomehluko obalulekile kulezi ezikhona.

Ngonyaka odlule sashicilela isingeniso ku-GitOps. Ngaleso sikhathi, sabelana ngokuthi ithimba le-Weaveworks lethule kanjani i-SaaS esekelwe ngokuphelele ku-Kubernetes futhi lathuthukisa isethi yemikhuba engcono kakhulu enqunyiwe yokukhipha, ukuphatha, nokuqapha endaweni yomdabu yamafu.

Lesi sihloko saduma. Abanye abantu baqala ukukhuluma nge-GitOps futhi baqala ukushicilela amathuluzi amasha we git ukusunduza, ukuthuthukiswa, izimfihlo, imisebenzi, ukuhlanganiswa okuqhubekayo njalo njalo. Ivele kuwebhusayithi yethu inani elikhulu le- ukushicilelwa kanye namacala okusebenzisa i-GitOps. Kodwa abanye abantu basenemibuzo. Imodeli yehluke kanjani kweyendabuko? ingqalasizinda njengekhodi kanye nokulethwa okuqhubekayo (ukulethwa okuqhubekayo)? Ingabe kuyadingeka ukusebenzisa i-Kubernetes?

Ngokushesha sabona ukuthi kwakudingeka incazelo entsha, enikeza:

1. Inani elikhulu lezibonelo nezindaba;
2. Incazelo eqondile ye-GitOps;
3. Ukuqhathanisa nokulethwa kwendabuko okuqhubekayo.

Kulesi sihloko sizame ukuhlanganisa zonke lezi zihloko. Inikeza isingeniso esibuyekeziwe ku-GitOps kanye nombono kanjiniyela kanye ne-CI/CD. Ngokuyinhloko sigxila ku-Kubernetes, nakuba imodeli ingenziwa jikelele.

Hlangana ne-GitOps

Cabanga ngo-Alice. Uphethe Umshwalense Womndeni, ohlinzeka ngomshwalense wezempilo, wezimoto, wekhaya, nowokuvakasha kubantu abamatasa kakhulu ukuthi bangakwazi ukuzitholela ngokwabo ukungena nokuphuma kwezinkontileka. Ibhizinisi lakhe laqala njengephrojekthi eseceleni lapho u-Alice esebenza ebhange njengososayensi wedatha. Ngolunye usuku wabona ukuthi angasebenzisa ama-algorithms ekhompuyutha athuthukile ukuze ahlaziye idatha ngempumelelo futhi enze amaphakheji omshwalense. Abatshalizimali baxhase lo msebenzi, futhi manje inkampani yakhe iletha imali engaphezu kwezigidi ezingu-20 zamaRandi ngonyaka futhi ikhula ngokushesha. Njengamanje, iqashe abantu abangu-180 ezikhundleni ezehlukene. Lokhu kufaka ithimba lezobuchwepheshe elithuthukisa, eligcina iwebhusayithi, isizindalwazi, futhi lihlaziye isisekelo samakhasimende. Ithimba labantu abangu-60 liholwa nguBob, umqondisi wezobuchwepheshe wenkampani.

Ithimba lika-Bob lisebenzisa amasistimu okukhiqiza emafini. Izinhlelo zabo zokusebenza eziyinhloko zisebenza ku-GKE, basebenzisa i-Kubernetes ku-Google Cloud. Ngaphezu kwalokho, basebenzisa idatha ehlukahlukene namathuluzi okuhlaziya emsebenzini wabo.

I-Family Insurance ayizange izimisele ukusebenzisa iziqukathi, kodwa yabanjwa wumdlandla we-Docker. Ngokushesha inkampani ithole ukuthi i-GKE yenze kwaba lula ukuphakela amaqoqo ukuhlola izici ezintsha. I-Jenkins ye-CI ne-Quay yengezwe ukuhlela ukubhaliswa kweziqukathi, imibhalo yabhalwa i-Jenkins ephusha iziqukathi ezintsha nokucushwa ku-GKE.

Isikhathi esithile sesidlulile. U-Alice no-Bob baphoxekile ngokusebenza kwendlela abayikhethile kanye nomthelela wayo ebhizinisini. Ukwethulwa kwamakhonteyna akuzange kuthuthukise izinga lokukhiqiza ngendlela iqembu ebelilindele ngayo. Ngezinye izikhathi ukuthunyelwa kwakuphuka, futhi kwakungacaci ukuthi izinguquko zekhodi yizona yini ezibangela. Kuphinde kwavela ukuthi kube nzima ukulandelela izinguquko zokucushwa. Ngokuvamile kwakudingeka ukuthi kwakhiwe iqoqo elisha futhi kuhanjiswe izicelo kulo, njengoba lena kwakuyindlela elula yokuqeda ukubhebhetheka kohlelo. U-Alice wayesaba ukuthi isimo sizoba sibi kakhulu njengoba uhlelo luthuthukiswa (ngaphezu kwalokho, iphrojekthi entsha esekelwe ekufundeni komshini yayiphindwa). U-Bob wenze umsebenzi omningi ngokuzenzakalelayo futhi wayengaqondi ukuthi kungani ipayipi lalingaqinile, lingalingani kahle, futhi lidinga ukungenelela mathupha ngezikhathi ezithile?

Bese befunda nge-GitOps. Lesi sinqumo sibe yiso kanye ababekudinga ukuze baye phambili ngokuzethemba.

U-Alice no-Bob bebelokhu bezwa nge-Git, i-DevOps, nengqalasizinda njengokugeleza komsebenzi wekhodi iminyaka. Okuhlukile nge-GitOps ukuthi iletha isethi yemikhuba ehamba phambili—kokubili ecacile nevamile—yokusebenzisa le mibono kumongo we-Kubernetes. Le timu wavuka ngokuphindaphindiwe, kufaka phakathi Weaveworks blog.

Umshwalense Womndeni unquma ukusebenzisa i-GitOps. Inkampani manje inemodeli yokusebenza ezenzakalelayo ehambisana ne-Kubernetes futhi ihlanganisa скорость nge ukuzinzangoba bona:

• uthole ukuthi ukukhiqiza kweqembu kuphindeke kabili ngaphandle kohlanya;
• iyeke ukunikeza imibhalo. Kunalokho, manje sebengagxila ezicini ezintsha futhi bathuthukise izindlela zobunjiniyela - isibonelo, ukwethula ukukhishwa kwe-canary nokuthuthukisa ukuhlola;
• senze ngcono uhlelo lokusatshalaliswa kwabantu ukuze lungabhidliki;
• uthole ithuba lokubuyisela ukuthunyelwa ngemuva kokwehluleka ingxenye ngaphandle kokungenelela okwenziwa ngesandla;
• ezithengiwe zisetshenzisiweоUkuzethemba okukhulu ezinhlelweni zokulethwa. U-Alice no-Bob bathola ukuthi bangahlukanisa iqembu libe ngamaqembu amancane asebenza ngokufana;
• angenza izinguquko ezingu-30-50 kuphrojekthi nsuku zonke ngemizamo yeqembu ngalinye futhi azame amasu amasha;
• kulula ukuheha abathuthukisi abasha kuphrojekthi, abanethuba lokukhipha izibuyekezo zokukhiqiza besebenzisa izicelo zokudonsa emahoreni ambalwa;
• kuphumelele kalula ukucwaningwa kwamabhuku ngaphakathi kohlaka lwe-SOC2 (ukuze kuthotshelwe abahlinzeki besevisi nezimfuneko zokuphathwa kwedatha okuvikelekile; funda kabanzi, isibonelo, lapha - cishe. transl.).

Kwenzenjani?

I-GitOps yizinto ezimbili:

1. Imodeli yokusebenza ye-Kubernetes ne-cloud native. Ihlinzeka ngesethi yezindlela ezingcono kakhulu zokusebenzisa, ukuphatha, nokuqapha amaqoqo aneziqukathi nezinhlelo zokusebenza. Incazelo enhle efomini isilayidi esisodwa kusukela Luis Faceira:
2. Indlela eya ekudaleni indawo yokuphatha uhlelo lokusebenza egxile kunjiniyela. Sisebenzisa ukuhamba komsebenzi kwe-Git kukho kokubili ukusebenza nokuthuthukiswa. Sicela uqaphele ukuthi lokhu akukhona nje nge-Git push, kodwa mayelana nokuhlela yonke isethi yamathuluzi e-CI/CD kanye ne-UI/UX.

Amagama ambalwa mayelana ne-Git

Uma ungajwayelene nezinhlelo zokulawula inguqulo kanye nokuhamba komsebenzi okusekelwe ku-Git, sincoma kakhulu ukufunda ngawo. Ukusebenza namagatsha nokudonsa izicelo kungase kubonakale njengomlingo omnyama ekuqaleni, kodwa izinzuzo ziwufanele umzamo. Lapha isihloko esihle ukuqala.

Isebenza kanjani i-Kubernetes

Endabeni yethu, u-Alice noBob baphendukela ku-GitOps ngemuva kokusebenza noKubernetes isikhashana. Ngempela, i-GitOps ihlobene eduze ne-Kubernetes - iyimodeli yokusebenza yengqalasizinda nezinhlelo zokusebenza ezisekelwe ku-Kubernetes.

I-Kubernetes ibanika ini abasebenzisi?

Nazi ezinye izici eziyinhloko:

1. Kumodeli ye-Kubernetes, konke kungachazwa ngendlela yokumemezela.
2. Iseva ye-Kubernetes API ithatha lesi simemezelo njengokufaka bese izama ngokuqhubekayo ukuletha iqoqo esimweni esichazwe kusimemezelo.
3. Izimemezelo zanele ukuchaza nokuphatha inqwaba yemithwalo yemisebenzi—“izinhlelo zokusebenza.”
4. Ngenxa yalokho, izinguquko kuhlelo lokusebenza neqoqo zenzeka ngenxa:
   • izinguquko ezithombeni zesitsha;
   • izinguquko ekucacisweni kwesimemezelo;
   • amaphutha endaweni - isibonelo, ukuphahlazeka kweziqukathi.

I-Kubernetes' Great Convergence Amakhono

Uma umlawuli enza izinguquko zokumisa, i-orchestrator ye-Kubernetes izozisebenzisa kuqoqo inqobo nje uma isimo sayo ngeke isondele ekucushweni okusha. Le modeli isebenza kunoma iyiphi insiza yakwa-Kubernetes futhi inwetshwa ngezincazelo zesisetshenziswa ngokwezifiso (ama-CRD). Ngakho-ke, ukuthunyelwa kwe-Kubernetes kunezakhiwo ezinhle ezilandelayo:

• Ukuzenzakalela: Izibuyekezo ze-Kubernetes zinikeza indlela yokwenza inqubo yokufaka izinguquko ngokuzenzakalelayo futhi ngesikhathi esifanele.
• Ukuhlangana: I-Kubernetes izoqhubeka nokuzama izibuyekezo ize iphumelele.
• Ukungabi namandla: Izicelo eziphindaphindiwe zokuhlanganisa ziholela kumphumela ofanayo.
• Ukunquma: Uma izinsiza zanele, isimo seqoqo elibuyekeziwe sincike kuphela kusimo esifiswayo.

Isebenza kanjani i-GitOps

Sifunde ngokwanele mayelana ne-Kubernetes ukuchaza ukuthi i-GitOps isebenza kanjani.

Masibuyele emaqenjini amancane omshuwalense womndeni. Ngokuvamile yini okufanele bayenze? Bheka uhlu olungezansi (uma kukhona izinto ezikulo ezibonakala ziyinqaba noma zingajwayelekile, sicela uyeke ukugxeka futhi uhlale nathi). Lezi yizibonelo nje zokugeleza komsebenzi okusekelwe ku-Jenkins. Ziningi ezinye izinqubo uma usebenza namanye amathuluzi.

Into esemqoka ukuthi sibona ukuthi isibuyekezo ngasinye siphetha ngezinguquko kumafayela okucushwa namakhosombe we-Git. Lezi zinguquko ku-Git zenza "i-opharetha ye-GitOps" ibuyekeze iqoqo:

1.Inqubo yokusebenza: "Jenkins ukwakha - master igatsha".
Uhlu lwemisebenzi:

• UJenkins uphusha izithombe ezimakiwe ku-Quay;
• UJenkins uphusha amashadi we-config kanye ne-Helm ebhakedeni elikhulu lokugcina;
• Umsebenzi wamafu ukopisha ukulungiselelwa namashadi ukusuka kubhakede elikhulu lokugcina kuya endaweni yokugcina ye-Git;
• Umsebenzisi we-GitOps ubuyekeza iqoqo.

2. I-Jenkins build - igatsha lokukhululwa noma le-hotfix:

• UJenkins uphusha izithombe ezingamakiwe ku-Quay;
• UJenkins uphusha amashadi we-config kanye ne-Helm ebhakedeni lokugcina lesiteji;
• Umsebenzi wamafu ukopisha ukulungiselelwa namashadi ukusuka kubhakede lokugcina lesiteji kuya endaweni yokugcina ye-Git;
• Umsebenzisi we-GitOps ubuyekeza iqoqo.

3. I-Jenkins build - thuthukisa noma faka igatsha:

• UJenkins uphusha izithombe ezingamakiwe ku-Quay;
• UJenkins uphusha amashadi we-config kanye ne-Helm kubhakede lokuthuthukisa;
• Umsebenzi wamafu ukopisha ukulungiselelwa namashadi kusuka kubhakede lokuthuthukisa ukulondoloza kuya endaweni yokuthuthukisa ye-Git;
• Umsebenzisi we-GitOps ubuyekeza iqoqo.

4. Ingeza iklayenti elisha:

• Umphathi noma umlawuli (LCM/ops) ubiza i-Gradle ukuthi iqale ikhiphe futhi ilungise izilinganisi zomthwalo wenethiwekhi (NLBs);
• I-LCM/ops yenza ukucushwa okusha ukuze kulungiselelwe ukuthunyelwa kwezibuyekezo;
• Umsebenzisi we-GitOps ubuyekeza iqoqo.

Incazelo emfushane ye-GitOps

1. Chaza isimo esifiswayo salo lonke uhlelo usebenzisa ukucaciswa kwesimemezelo sendawo ngayinye (endabeni yethu, ithimba lika-Bob lichaza lonke ukumiswa kwesistimu ku-Git).
   • Inqolobane ye-Git ingumthombo owodwa weqiniso mayelana nesimo esifiswayo salo lonke uhlelo.
   • Zonke izinguquko esimweni osifunayo zenziwa ngokuzibophezela ku-Git.
   • Wonke amapharamitha we-cluster afiselekayo nawo ayabonakala kuqoqo ngokwalo. Ngale ndlela singakwazi ukunquma ukuthi ziyahambisana yini ( ziyahlangana, hlangana) noma hlukana (hlukana, kwehluka) izimo ezifiselekayo nezibonwayo.
2. Uma izimo ezifunwayo nezibonwayo zihluka, khona-ke:
   • Kukhona indlela yokuhlangana okuthi ngokushesha noma kamuva ivumelanise ngokuzenzakalela okuqondiwe kanye nezimo ezibonwayo. Ngaphakathi kweqoqo, uKubernetes wenza lokhu.
   • Inqubo iqala ngokushesha ngesexwayiso "soshintsho oluzibophezele".
   • Ngemva kwesikhathi esithile esilungisekayo, isexwayiso esithi "diff" singathunyelwa uma izifunda zihlukile.
3. Ngale ndlela, konke ukuzibophezela ku-Git kubangela izibuyekezo eziqinisekisayo nezingenamandla kuqoqo.
   • I-Rollback iwukuhlangana esimweni esasifiswa ngaphambilini.
4. Ukuhlangana kungokugcina. Ukwenzeka kwayo kuboniswa ngu:
   • Azikho izexwayiso ezihlukile zesikhathi esithile.
   • "converged" isaziso (isb i-webhook, umcimbi wokubhala we-Git).

Kuyini ukwehlukana?

Masiphinde futhi: zonke izakhiwo zeqoqo ezifunwayo kufanele zibonakale kuqoqo ngokwalo.

Ezinye izibonelo zokuhlukana:

• Ushintsho kufayela lokumisa ngenxa yokuhlanganisa amagatsha ku-Git.
• Ushintsho kufayela lokumisa ngenxa yesibopho se-Git esenziwe iklayenti le-GUI.
• Izinguquko eziningi kusimo osifunayo ngenxa ye-PR ku-Git okulandelwa ukwakha isithombe sesitsha kanye nezinguquko zokumisa.
• Ushintsho esimweni seqoqo ngenxa yephutha, ukungqubuzana kwensiza okuholela "ekuziphatheni okubi", noma ukuchezuka nje okungahleliwe kusimo sokuqala.

Iyini indlela yokuhlangana?

Izibonelo ezimbalwa:

• Eziqukathi namaqoqo, indlela yokuhlanganisa ihlinzekwa ngabakwaKubernetes.
• Indlela efanayo ingasetshenziswa ukuphatha izinhlelo zokusebenza ezisekelwe ku-Kubernetes nemiklamo (efana ne-Istio ne-Kubeflow).
• Indlela yokuphatha ukusebenzisana kokusebenza phakathi kwe-Kubernetes, amaqoqo ezithombe kanye ne-Git inikeza I-GitOps opharetha Weave Flux, okuyingxenye Weave Cloud.
• Emishinini eyisisekelo, indlela yokuhlangana kufanele ibe isimemezelo futhi izimele. Ngokuhlangenwe nakho kwethu singakusho lokho I-Terraform eseduze nale ncazelo, kodwa isadinga ukulawulwa komuntu. Ngalo mqondo, i-GitOps inweba isiko Lengqalasizinda njengeKhodi.

I-GitOps ihlanganisa i-Git nenjini enhle kakhulu yokuhlangana ye-Kubernetes ukuze inikeze imodeli yokuxhashazwa.

I-GitOps isivumela ukuthi sithi: Yilawo masistimu kuphela angachazwa futhi abhekwe angakwazi ukuzenzela futhi alawulwe.

I-GitOps ihloselwe sonke isitaki somdabu samafu (isibonelo, i-Terraform, njll.)

I-GitOps akuyona nje i-Kubernetes. Sifuna lonke uhlelo luqhutshwe ngokumemezela futhi lusebenzise ukuhlangana. Ngalo lonke uhlelo sisho iqoqo lezindawo ezisebenza ne-Kubernetes - isibonelo, “dev cluster 1”, “production”, njll. Indawo ngayinye ihlanganisa imishini, amaqoqo, izinhlelo zokusebenza, kanye nezindawo zokusebenzelana zezinsizakalo zangaphandle ezihlinzeka ngedatha, ukuqapha. kanye nokunye.

Qaphela ukuthi i-Terraform ibaluleke kangakanani enkingeni ye-bootstrapping kuleli cala. I-Kubernetes kufanele isetshenziswe ndawana thize, futhi ngokusebenzisa i-Terraform kusho ukuthi singasebenzisa ukugeleza komsebenzi okufanayo kwe-GitOps ukuze sakhe isendlalelo sokulawula esisekela i-Kubernetes nezinhlelo zokusebenza. Lona umkhuba ongcono kakhulu owusizo.

Kukhona ukugxila okuqinile ekusebenziseni imiqondo ye-GitOps kuzendlalelo ezingaphezulu kwe-Kubernetes. Okwamanje, kunezixazululo zohlobo lwe-GitOps ze-Istio, i-Helm, i-Ksonnet, i-OpenFaaS ne-Kubeflow, kanye, isibonelo, i-Pulumi, eyenza isendlalelo sokuthuthukisa izinhlelo zokusebenza zomdabu wamafu.

I-Kubernetes CI/CD: ukuqhathanisa i-GitOps nezinye izindlela

Njengoba kushiwo, i-GitOps yizinto ezimbili:

1. Imodeli yokusebenza ye-Kubernetes nendabuko yamafu echazwe ngenhla.
2. Indlela eya endaweni yokuphatha uhlelo lokusebenza egxile kunjiniyela.

Kwabaningi, i-GitOps ngokuyinhloko iwukugeleza komsebenzi okusekelwe ku-Git push. Nathi siyamthanda. Kodwa akugcini lapho: manje ake sibheke amapayipi e-CI/CD.

I-GitOps inika amandla ukuthunyelwa okuqhubekayo (CD) kwe-Kubernetes

I-GitOps inikezela ngendlela eqhubekayo yokuthunyelwa eqeda isidingo “sezinhlelo zokuphatha ukuthunyelwa” ezihlukene. UKubernetes ukwenzela wonke umsebenzi.

• Ukubuyekeza uhlelo lokusebenza kudinga ukubuyekezwa ku-Git. Lesi isibuyekezo sokwenziwe sesimo esifiswayo. "Ukuthunyelwa" bese kwenziwa ngaphakathi kweqoqo yi-Kubernetes ngokwayo ngokusekelwe encazelweni ebuyekeziwe.
• Ngenxa yemvelo yendlela i-Kubernetes esebenza ngayo, lezi zibuyekezo ziyahlangana. Lokhu kunikeza indlela yokusetshenziswa okuqhubekayo lapho zonke izibuyekezo ziyi-athomu.
• Qaphela: Weave Cloud inikeza i-opharetha ye-GitOps ehlanganisa i-Git ne-Kubernetes futhi ivumela i-CD ukuthi yenziwe ngokuvumelanisa isimo esifiselekayo nesamanje seqoqo.

Ngaphandle kwe-kubectl nemibhalo

Kufanele ugweme ukusebenzisa i-Kubectl ukuze ubuyekeze iqoqo lakho, futhi ikakhulukazi ugweme ukusebenzisa imibhalo ukuze uqoqe imiyalo ye-kubectl. Esikhundleni salokho, ngepayipi le-GitOps, umsebenzisi angabuyekeza iqoqo labo le-Kubernetes nge-Git.

Izinzuzo zihlanganisa:

1. Kulungile. Iqembu lezibuyekezo lingasetshenziswa, lihlanganiswe futhi ekugcineni liqinisekiswe, lisisondeza emgomweni wokuthunyelwa kwe-athomu. Ngokuphambene, ukusebenzisa imibhalo akunikezeli nganoma yisiphi isiqinisekiso sokuhlangana (ngaphezulu kulokhu ngezansi).
2. Ukuphepha. Ukucaphuna I-Kelsey Hightower: "Khawulela ukufinyelela kuqoqo lakho le-Kubernetes kumathuluzi e-automation nabalawuli abanesibopho sokuyilungisa iphutha noma ukuyigcina." bhekafuthi ukushicilelwa kwami mayelana nokuphepha kanye nokuhambisana nemininingwane yobuchwepheshe, kanye isihloko mayelana nokugebenga i-Homebrew ngokweba imininingwane yombhalo we-Jenkins obhalwe ngokunganaki.
3. Umuzwa Womsebenzisi. I-Kubectl iveza oomakhenikha bemodeli yento ye-Kubernetes, eyinkimbinkimbi impela. Ngokufanelekile, abasebenzisi kufanele bahlanganyele nesistimu ezingeni eliphezulu lokungafinyeleli. Lapha ngizophinda ngibhekise ku-Kelsey futhi ngincome ukubukela i-resume enjalo.

Umehluko phakathi kwe-CI ne-CD

I-GitOps ithuthukisa amamodeli akhona e-CI/CD.

Iseva yesimanje ye-CI iyithuluzi le-orchestration. Ikakhulukazi, iyithuluzi lokuhlela amapayipi e-CI. Lokhu kufaka phakathi ukwakha, ukuhlola, ukuhlanganisa isiqu, njll. Amaseva e-CI enza ngokuzenzakalelayo ukuphathwa kwemigqa eyinkimbinkimbi yezinyathelo eziningi. Isilingo esivamile ukubhala isethi yezibuyekezo ze-Kubernetes bese uyiqhuba njengengxenye yepayipi ukuze usunduze izinguquko kuqoqo. Ngempela, yilokhu ochwepheshe abaningi abakwenzayo. Nokho, lokhu akulungile, futhi yingakho.

I-CI kufanele isetshenziselwe ukusunduza izibuyekezo ku-trunk, futhi iqoqo le-Kubernetes kufanele lizishintshe ngokwalo ngokusekelwe kulezo zibuyekezo zokuphatha i-CD ngaphakathi. Siyibiza donsa imodeli ye-CD, ngokungafani nemodeli ye-CI push. I-CD iyingxenye i-runtime orchestration.

Kungani Amaseva E-CI Kungafanele Enze Ama-CD Ngezibuyekezo Eziqondile ku-Kubernetes

Ungasebenzisi iseva ye-CI ukuze uhlele izibuyekezo eziqondile ku-Kubernetes njengesethi yemisebenzi ye-CI. Lena yi-anti-pattern esikhuluma ngayo sekushiwo kubhulogi yakho.

Ake sibuyele ku-Alice noBob.

Yiziphi izinkinga ababhekana nazo? Iseva ye-CI ka-Bob isebenzisa izinguquko kuqoqo, kodwa uma iphahlazeka enqubeni, u-Bob ngeke azi ukuthi iqoqo likusiphi isimo (noma okufanele libe) likusiphi noma ukuthi lilungiswa kanjani. Kungokufanayo nangempumelelo.

Ake sicabange ukuthi ithimba lika-Bob lakhe isithombe esisha labe selichibiyela ukuthunyelwa kwalo ukuze likhiphe isithombe (konke kusuka epayipini le-CI).

Uma isithombe sakha ngokujwayelekile, kodwa ipayipi lehluleka, ithimba kuzomele lithole:

• Ingabe isibuyekezo sikhishiwe?
• Ingabe sethula isakhiwo esisha? Ingabe lokhu kuzoholela emiphumeleni emibi engadingekile - nethuba lokuba nezakhiwo ezimbili zesithombe esifanayo esingaguquleki?
• Ingabe kufanele silinde isibuyekezo esilandelayo ngaphambi kokuqalisa isakhiwo?
• Yini ngempela eyonakele? Yiziphi izinyathelo okudingeka ziphindwe (futhi yiziphi eziphephile ukuthi zingaphinda)?

Ukusungula ukuhamba komsebenzi okusekelwe ku-Git akuqinisekisi ukuthi ithimba lika-Bob ngeke lihlangabezane nalezi zinkinga. Basengenza iphutha ngokuphusha kokuzibophezela, ithegi, noma enye ipharamitha; nokho-ke, le ndlela yokusebenza isasondele kakhulu endleleni ecacile-noma-lutho.

Ukufingqa, nakhu ukuthi kungani amaseva e-CI kungafanele abhekane ne-CD:

• Izikripthi zokuvuselela azihlali zinquma; Kulula ukwenza amaphutha kuzo.
• Amaseva e-CI awahlangani kumodeli yeqoqo elimemezelayo.
• Kunzima ukuqinisekisa ukuthi awunamandla. Abasebenzisi kufanele baqonde i-semantics ejulile yesistimu.
• Kunzima kakhulu ukululama ekuhlulekeni ngokwengxenye.

Qaphela mayelana ne-Helm: Uma ufuna ukusebenzisa i-Helm, sincoma ukuyihlanganisa no-opharetha we-GitOps njengokuthi I-Flux-Helm. Lokhu kuzosiza ukuqinisekisa ukuhlangana. I-Helm ngokwayo ayiyona i-deterministic noma i-athomu.

I-GitOps njengendlela engcono kakhulu yokusebenzisa ukulethwa Okuqhubekayo kwe-Kubernetes

Ithimba lika-Alice no-Bob lisebenzisa i-GitOps futhi lithola ukuthi sekulula kakhulu ukusebenza ngemikhiqizo yesofthiwe, ukugcina ukusebenza okuphezulu nokuzinza. Masiphethe lesi sihloko ngomfanekiso obonisa ukuthi indlela yabo entsha ibukeka kanjani. Khumbula ukuthi sikhuluma kakhulu ngezinhlelo zokusebenza namasevisi, kodwa i-GitOps ingasetshenziswa ukuphatha inkundla yonke.

Imodeli yokusebenza ye-Kubernetes

Bheka umdwebo olandelayo. Yethula i-Git kanye nenqolobane yesithombe sesiqukathi njengezinsiza ezabiwe zemijikelezo yokuphila emibili ehleliwe:

• Ipayipi lokuhlanganisa eliqhubekayo elifunda futhi libhale amafayela ku-Git futhi elingabuyekeza inqolobane yezithombe zeziqukathi.
• Ipayipi le-Runtime GitOps elihlanganisa ukusetshenziswa nokuphatha nokubonakala. Ifunda futhi ibhale amafayela ku-Git futhi ingalanda izithombe zesitsha.

Yimiphi imiphumela eyinhloko?

1. Ukwehlukana kokukhathazeka: Sicela uqaphele ukuthi womabili amapayipi angaxhumana kuphela ngokubuyekeza i-Git noma indawo yesithombe. Ngamanye amazwi, kukhona i-firewall phakathi kwe-CI nendawo yesikhathi sokusebenza. Siyibiza ngokuthi "i-immuttable firewall" (i-firewall engaguquki), njengoba zonke izibuyekezo zenqolobane zakha izinguqulo ezintsha. Ukuze uthole ulwazi olwengeziwe ngalesi sihloko, bheka kumaslayidi 72-87 lesi sethulo.
2. Ungasebenzisa noma iyiphi iseva ye-CI ne-Git: I-GitOps isebenza nanoma iyiphi ingxenye. Ungaqhubeka nokusebenzisa iziphakeli zakho eziyintandokazi ze-CI kanye ne-Git, amakhosombe wezithombe, namagumbi okuhlola. Cishe wonke amanye amathuluzi Okulethwa Okuqhubekayo emakethe adinga iseva yawo ye-CI/Git noma indawo yokugcina izithombe. Lokhu kungase kube isici esikhawulelayo ekuthuthukisweni komdabu wamafu. Nge-GitOps, ungasebenzisa amathuluzi ajwayelekile.
3. Imicimbi njengethuluzi lokuhlanganisa: Ngokushesha nje lapho idatha ku-Git ibuyekezwa, i-Weave Flux (noma i-opharetha ye-Weave Cloud) yazisa isikhathi sokusebenza. Noma nini lapho u-Kubernetes amukela isethi yoshintsho, i-Git iyabuyekezwa. Lokhu kunikeza imodeli yokuhlanganisa elula yokuhlela ukuhamba komsebenzi kwe-GitOps, njengoba kukhonjisiwe ngezansi.

isiphetho

I-GitOps inikeza iziqinisekiso zokuvuselela eziqinile ezidingwa yinoma yiliphi ithuluzi lesimanje le-CI/CD:

• okuzenzakalelayo;
• ukuhlangana;
• ukungabi namandla;
• ukuzimisela.

Lokhu kubalulekile ngoba kunikeza imodeli yokusebenza konjiniyela bomdabu abangamafu.

• Amathuluzi endabuko okuphatha nokuqapha amasistimu ahlotshaniswa namathimba okusebenza asebenza ngaphakathi kwe-runbook (iqoqo lezinqubo ezijwayelekile kanye nokusebenza - cishe. transl.), eboshelwe ekusetshenzisweni okuthile.
• Ekuphathweni komdabu kwamafu, amathuluzi okubuka ayindlela engcono kakhulu yokukala imiphumela yokuthunyelwa ukuze ithimba lokuthuthukisa likwazi ukuphendula ngokushesha.

Cabanga ngamaqoqo amaningi ahlakazeke phakathi kwamafu ahlukene kanye nezinsizakalo eziningi ezinamaqembu awo kanye nezinhlelo zokusatshalaliswa. I-GitOps inikezela ngemodeli engaguquki yesikali yokuphatha yonke le nala.

I-PS evela kumhumushi

Funda futhi kubhulogi yethu:

• «I-GitOps: Ukuqhathaniswa Kwezindlela Zokudonsa Nokucindezela";
• «Sethula umtapo we-kubedog wokuqapha izinsiza ze-Kubernetes";
• «Ukwandisa nokwengeza i-Kubernetes (uhlolojikelele kanye nombiko wevidiyo)".

Abasebenzisi ababhalisiwe kuphela abangabamba iqhaza kuhlolovo. Ngena ngemvume, wamukelekile.

Ubuwazi nge-GitOps ngaphambi kokuthi lezi zinguqulo ezimbili zivele ku-Habré?

• Yebo, ngangazi konke

• Ngokukha phezulu kuphela

• No

Bangu-35 abasebenzisi abavotile. Abasebenzisi abangu-10 bagobile.

Source: www.habr.com