Ukumaka okusekelwe kokuqukethwe kumqoqi we-werf: kungani futhi kusebenza kanjani?

i-werf iwumthombo wethu ovulekile we-GitOps CLI insiza yokwakha nokuletha izinhlelo zokusebenza ku-Kubernetes. IN ukukhululwa v1.1 isici esisha sethulwa kumqoqi wezithombe: ukumaka izithombe ngokuqukethwe noma ukumaka okusekelwe kokuqukethwe. Kuze kube manje, uhlelo lokumaka olujwayelekile ku-werf lubandakanya ukumaka izithombe ze-Docker ngethegi ye-Git, igatsha le-Git noma ukuzibophezela kwe-Git. Kodwa zonke lezi zinhlelo zineziphambeko ezixazululwa ngokuphelele yisu elisha lokumaka. Imininingwane ngayo nokuthi kungani inhle kangaka ingaphansi kokusikwa.

Ukukhipha isethi yama-microservices endaweni eyodwa ye-Git

Isimo sivame ukwenzeka lapho isicelo sihlukaniswa ngamasevisi amaningi azimele noma azimele. Ukukhishwa kwalezi zinsizakalo kungenzeka ngokuzimela: isevisi eyodwa noma ngaphezulu ingakhululwa ngesikhathi, kuyilapho abanye kufanele baqhubeke nokusebenza ngaphandle kwanoma yiziphi izinguquko. Kodwa ngokombono wokugcinwa kwekhodi nokuphathwa kwephrojekthi, kulula kakhulu ukugcina izinsiza ezinjalo zohlelo lokusebenza endaweni yokugcina eyodwa.

Kunezimo lapho izinsiza zizimele ngempela futhi zingahlotshaniswa nohlelo lokusebenza olulodwa. Kulokhu, zizotholakala kumaphrojekthi ahlukene futhi ukukhululwa kwazo kuzokwenziwa ngezinqubo ezihlukene ze-CI/CD kuphrojekthi ngayinye.

Kodwa-ke, empeleni, abathuthukisi bavame ukuhlukanisa uhlelo lokusebenza olulodwa lube ama-microservices amaningana, kodwa ukudala inqolobane ehlukile kanye nephrojekthi ngayinye ... kuwukudlula okucacile. Yilesi simo okuzoxoxwa ngaso ngokuqhubekayo: ama-microservices ambalwa anjalo atholakala endaweni yokugcina iphrojekthi eyodwa futhi ukukhishwa kwenzeka ngenqubo eyodwa ku-CI/CD.

Ukumaka ngegatsha le-Git kanye nomaka we-Git

Ake sithi kusetshenziswa isu lokumaka elivame kakhulu - umaka-noma-igatsha. Emagatsheni e-Git, izithombe zimakwe ngegama legatsha, egatsheni elilodwa ngesikhathi kunesithombe esisodwa esishicilelwe ngegama lalelo gatsha. Kumathegi e-Git, izithombe zimakwa ngokwegama lethegi.

Lapho kwakhiwa ithegi entsha ye-Git—ngokwesibonelo, lapho kukhululwa inguqulo entsha—kuzokwakhiwa ithegi entsha ye-Docker yazo zonke izithombe zephrojekthi ku-Docker Registry:

• myregistry.org/myproject/frontend:v1.1.10
• myregistry.org/myproject/myservice1:v1.1.10
• myregistry.org/myproject/myservice2:v1.1.10
• myregistry.org/myproject/myservice3:v1.1.10
• myregistry.org/myproject/myservice4:v1.1.10
• myregistry.org/myproject/myservice5:v1.1.10
• myregistry.org/myproject/database:v1.1.10

Lawa magama ezithombe amasha adluliswa ngezifanekiso ze-Helm ekucushweni kwe-Kubernetes. Lapho uqala ukuthunyelwa ngomyalo werf deploy inkambu iyabuyekezwa image kusisetshenziswa se-Kubernetes sibonisa futhi iqala kabusha izinsiza ezihambisanayo ngenxa yegama lesithombe elishintshile.

Inkinga: esimweni lapho, empeleni, okuqukethwe kwesithombe kungashintshile kusukela ekukhishweni kwangaphambilini (ithegi ye-Git), kodwa umaka waso we-Docker kuphela, lokhu kwenzeka. ngokweqile ukuqala kabusha lolu hlelo lokusebenza futhi, ngokufanelekile, ukuphumula okuthile kungenzeka. Nakuba besingekho isizathu sangempela sokwenza lokhu kuqalisa kabusha.

Ngenxa yalokho, ngohlelo lwamanje lokumaka kuyadingeka ukubiya amakhosombe amaningana e-Git ahlukene futhi kuvela inkinga yokuhlela ukukhishwa kwala makhosombe amaningana. Ngokuvamile, uhlelo olunjalo luvela lugcwele futhi luyinkimbinkimbi. Kungcono ukuhlanganisa izinsiza eziningi endaweni yokugcina eyodwa bese udala omaka be-Docker ukuze kungabikho ukuqalisa kabusha okungadingekile.

Ukumaka nge-Git commit

I-werf futhi inesu lokumaka elihlotshaniswa nokuzibophezela kwe-Git.

I-Git-commit iyinkomba yokuqukethwe kwendawo ye-Git futhi incike emlandweni wokuhlela wamafayela endaweni ye-Git, ngakho kubonakala kunengqondo ukuyisebenzisela ukumaka izithombe ku-Docker Registry.

Kodwa-ke, ukumaka ngokuzinikela kwe-Git kunobubi obufanayo nokumaka ngamagatsha e-Git noma omaka be-Git:

• Isibopho esingenalutho singadalwa esingashintshi noma yimaphi amafayela, kodwa umaka we-Docker wesithombe uzoshintshwa.
• Isibopho sokuhlanganisa singadalwa esingawashintshi amafayela, kodwa umaka we-Docker wesithombe uzoshintshwa.
• Kungenziwa isibophezelo esishintsha lawo mafayela ku-Git angangeniswanga esithombeni, futhi ithegi ye-Docker yesithombe izoshintshwa futhi.

Ukumaka igama legatsha le-Git akubonisi inguqulo yesithombe

Kukhona enye inkinga ehlobene nesu lokumaka lamagatsha e-Git.

Ukumaka ngegama legatsha kusebenza inqobo nje uma ukuzibophezela kulelo gatsha kuqoqwa ngokulandelana ngokulandelana kwesikhathi.

Uma esikimini samanje umsebenzisi eqala ukwakha kabusha isivumelwano esidala esihlotshaniswa negatsha elithile, i-werf izophinda ibhale isithombe isebenzisa umaka we-Docker ohambisanayo onenguqulo esanda kwakhiwa yesithombe sesibopho esidala. Ukuthunyelwa kusetshenziswa le thegi kusukela manje kuyingozi yokudonsa inguqulo ehlukile yesithombe lapho kuqaliswa kabusha ama-pod, ngenxa yalokho uhlelo lwethu lokusebenza luzolahlekelwa ukuxhumana nesistimu ye-CI futhi lungasavumelaniswa.

Ngaphezu kwalokho, ngokucindezela okulandelanayo egatsheni elilodwa okunesikhathi esifushane phakathi kwakho, isivumelwano esidala singase sihlanganiswe kamuva kunentsha entsha: uhlobo oludala lwesithombe luzovala elisha kusetshenziswa umaka wegatsha le-Git. Izinkinga ezinjalo zingaxazululwa ngohlelo lwe-CI/CD (isibonelo, ku-GitLab CI ipayipi lakamuva lethulwa uchungechunge lwezenzo). Nokho, akuzona zonke izinhlelo ezisekela lokhu futhi kufanele kube nendlela enokwethenjelwa yokuvimbela inkinga enjalo eyisisekelo.

Kuyini ukumaka okusekelwe kokuqukethwe?

Ngakho-ke, kuyini ukumaka okusekelwe kokuqukethwe - ukumaka izithombe ngokuqukethwe.

Ukwakha amathegi e-Docker, akuwona ama-primitives e-Git (igatsha le-Git, ithegi ye-Git...) asetshenziswayo, kodwa isheke elihlotshaniswa ne:

• okuqukethwe kwesithombe. Ithegi ye-ID yesithombe ibonisa okuqukethwe kwayo. Lapho wakha inguqulo entsha, lesi sihlonzi ngeke sishintshe uma amafayela asesithombeni engashintshile;
• umlando wokudala lesi sithombe ku-Git. Izithombe ezihlotshaniswa namagatsha e-Git ahlukene nomlando wokwakha ohlukile nge-werf zizoba nomaki be-ID abahlukile.

Isihlonzi esinjalo sibizwa ngokuthi isignesha yesiteji sesithombe.

Isithombe ngasinye siqukethe isethi yezigaba: from, before-install, git-archive, install, imports-after-install, before-setup... git-latest-patch njll. Isiteji ngasinye sinesikhombi esibonisa okuqukethwe kuso − isignesha yasesiteji (isiginesha yesiteji).

Isithombe sokugcina, esihlanganisa lezi zigaba, simakwe nalokho okubizwa ngokuthi isiginesha yesethi yalezi zigaba - izigaba isignesha, - okwenziwa ngokujwayelekile kuzo zonke izigaba zesithombe.

Ngesithombe ngasinye kusukela ekucushweni werf.yaml esimweni esijwayelekile, kuzoba nesignesha yayo futhi, ngokufanele, ithegi ye-Docker.

Isiginesha yesiteji ixazulula zonke lezi zinkinga:

• Imelana nezibopho ze-Git ezingenalutho.
• I-Resistant to Git ibophezela ukuthi iguqule amafayela angahambisani nesithombe.
• Akuholeli enkingeni yokulungisa kabusha inguqulo yamanje yesithombe lapho uqala kabusha ukwakhiwa kwezibopho ze-Git ezindala zegatsha.

Leli manje isu lokumaka elinconyiwe futhi liyi-werf ezenzakalelayo kuwo wonke amasistimu e-CI.

Ungavula kanjani futhi usebenzise ku-werf

Umyalo manje unenketho ehambisanayo werf publish: --tag-by-stages-signature=true|false

Kuhlelo lwe-CI, isu lokumaka licaciswa ngomyalo werf ci-env. Ngaphambilini, ipharamitha yayichazelwe yona werf ci-env --tagging-strategy=tag-or-branch. Manje, uma ucacise werf ci-env --tagging-strategy=stages-signature noma ungayicacisi le nketho, i-werf izosebenzisa isu lokumaka ngokuzenzakalelayo stages-signature. Ithimba werf ci-env izosetha ngokuzenzakalelayo amafulegi adingekayo omyalo werf build-and-publish (noma werf publish), ngakho-ke azikho izinketho ezengeziwe ezidinga ukucaciswa kule miyalo.

Isibonelo, umyalo:

werf publish --stages-storage :local --images-repo registry.hello.com/web/core/system --tag-by-stages-signature

...ingadala izithombe ezilandelayo:

• registry.hello.com/web/core/system/backend:4ef339f84ca22247f01fb335bb19f46c4434014d8daa3d5d6f0e386d
• registry.hello.com/web/core/system/frontend:f44206457e0a4c8a54655543f749799d10a9fe945896dab1c16996c6

kuyinto 4ef339f84ca22247f01fb335bb19f46c4434014d8daa3d5d6f0e386d isignesha yezigaba zesithombe backend, futhi f44206457e0a4c8a54655543f749799d10a9fe945896dab1c16996c6 - isignesha izigaba image frontend.

Uma usebenzisa imisebenzi ekhethekile werf_container_image и werf_container_env Asikho isidingo sokushintsha noma yini kuzifanekiso ze-Helm: le misebenzi izokhiqiza ngokuzenzakalelayo amagama alungile ezithombe.

Ukucushwa kwesibonelo kusistimu ye-CI:

type multiwerf && source <(multiwerf use 1.1 beta)
type werf && source <(werf ci-env gitlab)
werf build-and-publish|deploy

Ulwazi olwengeziwe mayelana nokumisa luyatholakala kumadokhumenti:

• Uhla lwemibhalo → Ukushicilelwa (shicilela);
• Ukusebenza nge-CI/CD → Ulwazi olujwayelekile → izigaba-isiginesha;
• Ukuhlanganiswa ne-GitLab CI/CD → .gitlab-ci.yml.

Inani

• Inketho entsha werf publish --tag-by-stages-signature=true|false.
• Inani lenketho entsha werf ci-env --tagging-strategy=stages-signature|tag-or-branch (uma kungashiwongo, okuzenzakalelayo kuzoba stages-signature).
• Uma ngaphambilini usebenzise izinketho zokumaka ze-Git commits (WERF_TAG_GIT_COMMIT noma inketho werf publish --tag-git-commit COMMIT), bese uqinisekisa ukuthi ushintshela kuqhinga lokumaka izigaba-isignesha.
• Kungcono ukushintsha ngokushesha amaphrojekthi amasha kusikimu esisha sokumaka.
• Uma udlulisela ku-werf 1.1, kuyatuseka ukuthi ushintshe amaphrojekthi amadala kusikimu esisha sokumaka, kodwa endala umaka-noma-igatsha isasekelwa.

Ukumaka okusekelwe kokuqukethwe kuxazulula zonke izinkinga ezivezwe esihlokweni:

• Ukuphikiswa kwegama lethegi ye-Docker emisebenzini ye-Git engenalutho.
• Ukuqina kwegama lethegi ye-Docker ku-Git kwenza lokho kushintsha amafayela angahambisani nesithombe.
• Akuholeli enkingeni yokulungisa kabusha inguqulo yamanje yesithombe lapho uqala kabusha ukwakha kwe-Git endala yamagatsha e-Git.

Yisebenzise! Futhi ungakhohlwa ukusivakashela ku GitHubukuze udale inkinga noma uthole ekhona, engeza ukuhlanganisa, dala i-PR noma umane ubukele ukuthuthukiswa kwephrojekthi.

PS

Funda futhi kubhulogi yethu:

• «ukukhishwa kwe-werf 1.1: ukuthuthukiswa komakhi namuhla nezinhlelo zesikhathi esizayo»
• «Sethula i-werf 1.0 stable: iGitOps ihlangene ngani nayo, isimo nezinhlelo»
• «i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)";
• Uchungechunge lwamanothi mayelana nezinto ezintsha ku-werf:
  • «Izindlela ezi-3 zokuhlanganisa i-werf: ukuthunyelwa e-Kubernetes nge-Helm "kuma-steroids"";
  • «Ukusebenzisa i-werf ukukhipha amashadi e-Helm ayinkimbinkimbi";
  • «Ukusekelwa kwe-monorepo kanye ne-multirepo ku-werf futhi i-Docker Registry ihlangene ngani nayo";
  • «Manje usungakwazi ukwakha izithombe ze-Docker ku-werf usebenzisa i-Dockerfile evamile".

Source: www.habr.com