I-GitOps: Ukuqhathaniswa Kwezindlela Zokudonsa Nokucindezela

Qaphela. transl.: Emphakathini wakwaKubernetes, inkambiso ebizwa nge-GitOps ithola ukuduma okusobala, njengoba sizibonile mathupha, ukuvakasha I-KubeCon Europe 2019. Leli gama lalisanda kuqhathaniswa sunguliwe ngenhloko ye-Weaveworks - u-Alexis Richardson - futhi isho ukusetshenziswa kwamathuluzi ajwayelekile kubathuthukisi (ikakhulukazi i-Git, yingakho igama) ukuxazulula izinkinga zokusebenza. Ikakhulukazi, sikhuluma ngokusebenza kwe-Kubernetes ngokugcina ukulungiselelwa kwayo ku-Git futhi ikhiphe ngokuzenzakalelayo izinguquko kuqoqo. U-Matthias Jg ukhuluma ngezindlela ezimbili zokukhishwa kwalokhu kulesi sihloko.

Ngonyaka odlule (eqinisweni, lokhu kwenzeka ngokusemthethweni ngo-Agasti 2017 - cishe. transl.) Kukhona indlela entsha yokuthumela izinhlelo zokusebenza ku-Kubernetes. Ibizwa nge-GitOps, futhi isekelwe embonweni oyisisekelo wokuthi izinguqulo zokuthunyelwa zilandelelwa endaweni evikelekile yendawo yokugcina ye-Git.

Izinzuzo eziyinhloko zale ndlela yilezi ezilandelayo::

1. Ukusebenzisa inguqulo nokuguqula umlando. Isimo salo lonke iqoqo sigcinwa endaweni yokugcina ye-Git, futhi ukuthunyelwa kubuyekezwa kuphela ngokuzibophezela. Ngaphezu kwalokho, zonke izinguquko zingalandelelwa kusetshenziswa umlando wokuzibophezela.
2. Ukubuyisela emuva usebenzisa imiyalo ye-Git ejwayelekile. Kulula git reset ikuvumela ukuthi usethe kabusha izinguquko ekusetshenzisweni; izifundazwe ezedlule zihlala zikhona.
3. Ukulawula ukufinyelela okulungile. Ngokuvamile, isistimu ye-Git iqukethe idatha ebucayi, ngakho izinkampani eziningi zinaka ngokukhethekile ukuyivikela. Ngokufanelekile, lesi sivikelo sisebenza futhi ekusebenzeni okunokuthunyelwa.
4. Izinqubomgomo Zokuthunyelwa. Amasistimu amaningi e-Git ngokwemvelo asekela izinqubomgomo zegatsha negatsha—isibonelo, izicelo zokudonsa kuphela ezingabuyekeza okuyinhloko, futhi izinguquko kufanele zibuyekezwe futhi zamukelwe elinye ilungu leqembu. Njengokulawula ukufinyelela, izinqubomgomo ezifanayo ziyasebenza kuzibuyekezo zokusebenzisa.

Njengoba ubona, kunezinzuzo eziningi endleleni ye-GitOps. Ngonyaka odlule, izindlela ezimbili zithole ukuthandwa okukhethekile. Enye i-push based, enye i-pull based. Ngaphambi kokuthi sizibuke, ake siqale sibheke ukuthi ukuthunyelwa kwe-Kubernetes kubukeka kanjani.

Izindlela Zokutshala

Eminyakeni yamuva nje, kusungulwe izindlela namathuluzi ahlukahlukene okuthunyelwa eKubernetes:

1. Ngokusekelwe kuzifanekiso zomdabu ze-Kubernetes/Kustomize. Lena indlela elula yokuphakela izinhlelo zokusebenza ku-Kubernetes. Umthuthukisi udala amafayela e-YAML ayisisekelo futhi awasebenzisa. Ukuqeda ukubhala kabusha izifanekiso ezifanayo njalo, i-Kustomize yathuthukiswa (iguqula izifanekiso ze-Kubernetes zibe amamojula). Qaphela. transl.: I-Kustomize ihlanganiswe ku-kubectl nge Ukukhishwa kweKubernetes 1.14.
2. Amashadi e-Helm. Amashadi e-Helm akuvumela ukuthi udale amasethi ezifanekiso, iziqukathi ze-init, izimoto eziseceleni, njll., ezisetshenziselwa ukuphakela izinhlelo zokusebenza ezinezinketho zokwenza ngokwezifiso ezivumelana nezimo kakhulu kunendlela esekelwe kusifanekiso. Le ndlela isekelwe kumafayela e-YAML esifanekiso. I-Helm iwagcwalisa ngamapharamitha ahlukahlukene bese iwathumela ku-Tiller, ingxenye yeqoqo ewayisa kuqoqo futhi ivumela ukubuyekezwa nokuhlehliswa. Okubalulekile ukuthi i-Helm empeleni ifaka amanani afiselekayo kuzifanekiso bese iwasebenzisa ngendlela efanayo naleyo eyenziwa ngendlela yendabuko. (funda kabanzi mayelana nokuthi konke kusebenza kanjani nokuthi ungayisebenzisa kanjani esihlokweni sethu isihloko nguHelm - cishe. transl.). Kunezinhlobonhlobo eziningi zamashadi e-Helm enziwe ngomumo ahlanganisa imisebenzi eminingi.
3. Amathuluzi Ahlukile. Kunamathuluzi amaningi ahlukile. Abafana ngakho bonke ukuthi baguqule amanye amafayela ezifanekiso zibe amafayela e-YAML afundekayo ku-Kubernetes bese bewasebenzisa.

Emsebenzini wethu, sihlala sisebenzisa amashadi e-Helm kumathuluzi abalulekile (njengoba anezinto eziningi esezilungile, okwenza ukuphila kube lula) kanye namafayela “ahlanzekile” e-Kubernetes YAML ukuze sithumele ezethu izinhlelo zokusebenza.

Donsa & Phusha

Kokunye okuthunyelwe kwami ​​kwebhulogi kwakamuva, ngethule ithuluzi Faka i-Flux, okukuvumela ukuthi uhambise izifanekiso endaweni yokugcina ye-Git futhi ubuyekeze ukusetshenziswa ngemva kokuzibophezela ngakunye noma ukuphusha kwesiqukathi. Okuhlangenwe nakho kwami ​​kubonisa ukuthi leli thuluzi lingenye yezinto eziyinhloko ekukhuthazeni indlela yokudonsa, ngakho-ke ngizovame ukubhekisela kulo. Uma ufuna ukwazi okwengeziwe mayelana nendlela yokuyisebenzisa, lapha isixhumanisi esihlokweni.

NB! Zonke izinzuzo zokusebenzisa i-GitOps zihlala zifana kuzo zombili izindlela.

Donsela indlela esekelwe

Indlela yokudonsa isekelwe eqinisweni lokuthi zonke izinguquko zisetshenziswa ngaphakathi kweqoqo. Kuno-opharetha ngaphakathi kweqoqo ohlale ehlola amakhosombe ahlotshaniswa ne-Git ne-Docker Registry. Uma kukhona izinguquko ezenzeka kubo, isimo seqoqo sibuyekezwa ngaphakathi. Le nqubo ngokuvamile ibhekwa njengevikeleke kakhulu, njengoba lingekho iklayenti langaphandle elikwazi ukufinyelela amalungelo omlawuli weqoqo.

Izinzuzo:

1. Alikho iklayenti langaphandle elinamalungelo okwenza izinguquko kuqoqo; zonke izibuyekezo zikhishwa ngaphakathi.
2. Amanye amathuluzi futhi akuvumela ukuthi uvumelanise izibuyekezo zeshadi le-Helm futhi uzixhumanise neqoqo.
3. I-Docker Registry ingaskenwa ukuze kutholwe izinguqulo ezintsha. Uma isithombe esisha sitholakala, inqolobane ye-Git kanye nokusetshenziswa kubuyekezwa kunguqulo entsha.
4. Amathuluzi okudonsa angasatshalaliswa ezindaweni ezihlukene zamagama ngamakhosombe ahlukene we-Git nezimvume. Ngenxa yalokhu, imodeli ye-multitenant ingasetshenziswa. Isibonelo, ithimba A lingase lisebenzise indawo yegama A, ithimba B lingase lisebenzise indawo yegama B, futhi ithimba lengqalasizinda lingase lisebenzise indawo yomhlaba wonke.
5. Njengomthetho, amathuluzi alula kakhulu.
6. Kuhlanganiswe namathuluzi afana no-opharetha Izimfihlo Ezivaliwe ze-Bitnami, izimfihlo zingagcinwa zibethelwe endaweni ye-Git futhi zibuyiswe ngaphakathi kweqoqo.
7. Akukho ukuxhumana kumapayipi e-CD njengoba ukuthunyelwa kwenzeka ngaphakathi kweqoqo.

Минусы:

1. Ukuphatha izimfihlo zokuthunyelwa kusuka kumashadi e-Helm kunzima kakhulu kunawavamile, njengoba kuqala kufanele akhiqizwe ngendlela, njengokuthi, izimfihlo ezivaliwe, bese zisuswa ukubethelwa ngu-opharetha wangaphakathi, futhi ngemva kwalokho zitholakala ethuluzini lokudonsa. Ngemuva kwalokho ungaqalisa ukukhishwa ku-Helm ngamavelu asezimfihlo ezivele zisetshenzisiwe. Indlela elula ukudala imfihlo ngawo wonke amanani e-Helm asetshenziselwa ukuthunyelwa, ukuyisusa bese uyinikela ku-Git.
2. Uma uthatha indlela yokudonsa, uboshelwa amathuluzi okudonsa. Lokhu kukhawulela ikhono lokwenza ngendlela oyifisayo inqubo yokusebenzisa kuqoqo. Isibonelo, i-Kustomize ixakile ukuthi kufanele isebenze ngaphambi kokuthi izifanekiso zokugcina zizibophezele ku-Git. Angisho ukuthi awukwazi ukusebenzisa amathuluzi azimele, kodwa anzima kakhulu ukuwahlanganisa nenqubo yakho yokuthunyelwa.

I-Push based approach

Endleleni yokuphusha, uhlelo lwangaphandle (ikakhulukazi amapayipi e-CD) luqala ukuthunyelwa kuqoqo ngemva kokuzibophezela endaweni yokugcina ye-Git noma uma ipayipi le-CI langaphambilini liphumelele. Ngale ndlela, isistimu inokufinyelela ku-cluster.

Плюсы:

1. Ukuphepha kunqunywa inqolobane ye-Git kanye nepayipi lokwakha.
2. Ukukhipha amashadi e-Helm kulula futhi kusekela ama-plugin we-Helm.
3. Izimfihlo kulula ukuzilawula ngoba izimfihlo zingasetshenziswa kumapayipi futhi zingagcinwa zibethelwe ku-Git (kuye ngokuthi umsebenzisi akuthandayo).
4. Akukho ukuxhumana ethuluzini elithile, njengoba noma yiluphi uhlobo lungasetshenziswa.
5. Izibuyekezo zenguqulo yesiqukathi zingaqalwa yipayipi lokwakha.

Минусы:

1. Idatha yokufinyelela yeqoqo ingaphakathi kwesistimu yokwakha.
2. Ukubuyekeza iziqukathi zokuthunyelwa kuselula ngenqubo yokudonsa.
3. Ukuncika kakhulu ohlelweni lwe-CD, njengoba amapayipi esiwadingayo kungenzeka ukuthi ayebhalelwe i-Gitlab Runners, bese ithimba linquma ukuthuthela ku-Azure DevOps noma i-Jenkins... futhi kuzodingeka lithuthe inani elikhulu lamapayipi okwakha.

Imiphumela: Phusha noma Donsa?

Njengoba kuvamise ukuba njalo, indlela ngayinye inobuhle nebubi bayo. Eminye imisebenzi kulula ukuyifeza ngomunye futhi nzima kakhulu ngomunye. Ekuqaleni ngangenza ukuthunyelwa ngesandla, kodwa ngemva kokuthola izihloko ezimbalwa mayelana ne-Weave Flux, nginqume ukusebenzisa izinqubo ze-GitOps kuwo wonke amaphrojekthi. Ezifanekiso eziyisisekelo lokhu bekulula, kodwa ngabe sengiqala ukungena ebunzimeni ngamashadi e-Helm. Ngaleso sikhathi, i-Weave Flux yayinikeza kuphela inguqulo engavamile ye-Helm Chart Operator, kodwa ngisho namanje eminye imisebenzi inzima kakhulu ngenxa yesidingo sokudala izimfihlo futhi uzisebenzise. Ungase uphikise ngokuthi indlela yokudonsa ivikeleke kakhulu ngenxa yokuthi iziqinisekiso zeqoqo azifinyeleleki ngaphandle kweqoqo, okulenza livikeleke kakhulu kangangokuthi liwufanele umzamo owengeziwe.

Ngemva kokucabanga okuthile, ngafinyelela esiphethweni engangingasilindele sokuthi akunjalo. Uma sikhuluma ngezingxenye ezidinga ukuvikeleka okuphezulu, lolu hlu luzobandakanya ukugcinwa okuyimfihlo, amasistimu e-CI/CD, namakhosombe e-Git. Ulwazi olungaphakathi kuzo lusengozini kakhulu futhi ludinga ukuvikelwa okuphezulu. Ukwengeza, uma othile engena endaweni yakho yokugcina ye-Git futhi angaphusha ikhodi lapho, angathumela noma yini ayifunayo (noma ngabe ukudonsa noma ukusunduza) futhi angene ezinhlelweni zeqoqo. Ngakho-ke, izingxenye ezibaluleke kakhulu ezidinga ukuvikelwa inqolobane ye-Git kanye nezinhlelo ze-CI/CD, hhayi iziqinisekiso zeqoqo. Uma unezinqubomgomo ezilungiselelwe kahle nezilawuli zokuphepha zalezi zinhlobo zamasistimu, futhi iziqinisekiso zeqoqo zikhishwa kuphela kumapayipi njengezimfihlo, ukuphepha okungeziwe kwendlela yokudonsa kungase kungabi yigugu njengoba kwakucatshangwa ekuqaleni.

Ngakho-ke, uma indlela yokudonsa idinga abasebenzi abaningi futhi inganikezi inzuzo yezokuphepha, akukhona yini okunengqondo ukusebenzisa indlela yokuphusha kuphela? Kodwa omunye angase aphikise ngokuthi endleleni yokucindezela uboshwe kakhulu ohlelweni lwe-CD futhi, mhlawumbe, kungcono ukungenzi lokhu ukuze kube lula ukufeza ukufuduka esikhathini esizayo.

Ngokubona kwami ​​(njengokuvamile), kufanele usebenzise lokho okulungele kakhulu icala elithile noma ukuhlanganisa. Ngokwami, ngisebenzisa izindlela zombili: I-Weave Flux yokuthunyelwa okusekelwe ekudonseni okubandakanya ikakhulukazi izinsizakalo zethu, kanye nendlela yokucindezela nge-Helm nama-plugin, okwenza kube lula ukusebenzisa amashadi e-Helm kuqoqo futhi ikuvumela ukuthi udale izimfihlo ngaphandle komthungo. Ngicabanga ukuthi ngeke kube nesixazululo esisodwa esifanelekile kuwo wonke amacala, ngoba kuhlale kunama-nuances amaningi futhi ancike kuhlelo lokusebenza oluthile. Uma sekushiwo, ngincoma kakhulu i-GitOps - yenza impilo ibe lula kakhulu futhi ithuthukise ukuphepha.

Ngithemba ukuthi ulwazi lwami kulesi sihloko luzokusiza ukuthi unqume ukuthi iyiphi indlela efaneleka kakhulu kuhlobo lwakho lokuthunyelwa, futhi ngingajabula ukuzwa umbono wakho.

Inothi le-PS elivela kumhumushi

Ububi bemodeli yokudonsa ukuthi kunzima ukufaka i-rendered manifest ku-Git, kodwa akukho okubi ukuthi ipayipi le-CD kumodeli yokudonsa lihlala ngokuhlukana nokukhishwa futhi empeleni libe ipayipi lesigaba. Sebenzisa Ngokuqhubekayo. Ngakho-ke, kuzodingeka umzamo owengeziwe ukuze kuqoqwe isimo sazo kukho konke ukuthunyelwa futhi ngandlela thize unikeze ukufinyelela kulogi/isimo, okungcono uma kubhekiselwa ohlelweni lwe-CD.

Ngalo mqondo, imodeli yokuphusha isivumela ukuthi sinikeze okungenani iziqinisekiso ezithile zokukhishwa, ngoba impilo yonke yepayipi ingenziwa ilingane nempilo yonke yokukhishwa.

Sazama womabili amamodeli futhi safinyelela eziphethweni ezifanayo njengombhali wendatshana:

1. Imodeli yokudonsa ifaneleka ukuthi sihlele izibuyekezo zezingxenye zesistimu ngenani elikhulu lamaqoqo (bona. isihloko mayelana ne-addon-opharetha).
2. Imodeli yokuphusha esekelwe ku-GitLab CI ifaneleka kahle ukukhishwa kwezinhlelo zokusebenza kusetshenziswa amashadi e-Helm. Ngesikhathi esifanayo, ukukhishwa kokuthunyelwa ngaphakathi kwamapayipi kugadwa kusetshenziswa ithuluzi i-werf. Phela, kumongo wale phrojekthi yethu, sizwe i-“GitOps” engaguquki lapho sixoxa ngezinkinga ezicindezelayo zonjiniyela be-DevOps endaweni yethu e-KubeCon Europe'19.

I-PPS evela kumhumushi

Funda futhi kubhulogi yethu:

• «Amathiphu namasu akwa-Kubernetes: ukudlulisa izinsiza ezisebenza ngeqoqo kubaphathi be-Helm 2";
• «Sethula umtapo we-kubedog wokuqapha izinsiza ze-Kubernetes";
• «Ukwandisa nokwengeza i-Kubernetes (uhlolojikelele kanye nombiko wevidiyo)";
• «Amathiphu okudala ukuhamba komsebenzi ngokwezifiso ku-GitLab CI".

Abasebenzisi ababhalisiwe kuphela abangabamba iqhaza kuhlolovo. Ngena ngemvume, wamukelekile.

Ingabe usebenzisa i-GitOps?

• Yebo, donsa sondela

• Yebo, phusha

• Yebo, donsa + phusha

• Yebo, kukhona okunye

• No

Bangu-30 abasebenzisi abavotile. Abasebenzisi abangu-10 bagobile.

Source: www.habr.com