Siya ngokuya sibuzwa mayelana nokuthuthukisa ama-microservices e-Kubernetes. Onjiniyela, ikakhulukazi izilimi ezihunyushiwe, bafuna ukulungisa ngokushesha ikhodi ku-IDE abayithandayo futhi babone umphumela ngaphandle kokulinda ukwakha/ukuthunyelwa - ngokucindezela u-F5. Futhi lapho kufika isicelo se-monolithic, kwakwanele ukufaka endaweni yokugcina idatha kanye neseva yewebhu (ku-Docker, i-VirtualBox ...), bese ujabulela ngokushesha ukuthuthukiswa. Ngokusikwa kwe-monoliths ku-microservices kanye nokufika kwe-Kubernetes, ngokubonakala kokuncika komunye nomunye, yonke into. . Uma kuningi kwalezi zinsiza ezincane, kuba nezinkinga eziningi. Ukuze ujabulele ukuthuthukiswa futhi, udinga ukuphakamisa iziqukathi ze-Docker ezingaphezu kwesisodwa noma ezimbili, futhi ngezinye izikhathi ngisho nangaphezulu kweshumi nambili... Ngokuvamile, konke lokhu kungathatha isikhathi esiningi, njengoba kudinga ukugcinwa kusesikhathini samanje. .
Ngezikhathi ezihlukene sizame izixazululo ezihlukene zenkinga. Futhi ngizoqala ngama-workaround anqwabelene noma nje "izinduku".
1. Izinduku
Ama-IDE amaningi anekhono lokuhlela ikhodi ngqo kuseva esebenzisa i-FTP/SFTP. Le ndlela isobala kakhulu futhi ngokushesha sanquma ukuyisebenzisa. Ingqikithi yayo incike kulokhu okulandelayo:
- Ku-pod yezindawo zokuthuthukiswa (i-dev/ukubuyekeza), isiqukathi esengeziwe siqaliswa ngokufinyelela kwe-SSH futhi sidlulisela phambili ukhiye womphakathi we-SSH wonjiniyela ozobophezela/asebenzise uhlelo lokusebenza.
- Esigabeni sokuqala (ngaphakathi kwesitsha
prepare-app) dlulisela ikhodi kuemptyDirukufinyelela ikhodi kusuka ezitsheni zohlelo lokusebenza kanye neseva ye-SSH.
Ukuze uqonde kangcono ukusetshenziswa kobuchwepheshe kohlelo olunjalo, ngizohlinzeka ngezingcezu zokulungiselelwa kwe-YAML okuhilelekile ku-Kubernetes.
Ukucushwa
1.1. amanani.yaml
ssh_pub_key:
vasya.pupkin: <ssh public key in base64>
kuyinto vasya.pupkin inani lokuguquguquka ${GITLAB_USER_LOGIN}.
1.2. ukuthunyelwa.yaml
...
{{ if eq .Values.global.debug "yes" }}
volumes:
- name: ssh-pub-key
secret:
defaultMode: 0600
secretName: {{ .Chart.Name }}-ssh-pub-key
- name: app-data
emptyDir: {}
initContainers:
- name: prepare-app
{{ tuple "backend" . | include "werf_container_image" | indent 8 }}
volumeMounts:
- name: app-data
mountPath: /app-data
command: ["bash", "-c", "cp -ar /app/* /app-data/" ]
{{ end }}
containers:
{{ if eq .Values.global.debug "yes" }}
- name: ssh
image: corbinu/ssh-server
volumeMounts:
- name: ssh-pub-key
readOnly: true
mountPath: /root/.ssh/authorized_keys
subPath: authorized_keys
- name: app-data
mountPath: /app
ports:
- name: ssh
containerPort: 22
protocol: TCP
{{ end }}
- name: backend
volumeMounts:
{{ if eq .Values.global.debug "yes" }}
- name: app-data
mountPath: /app
{{ end }}
command: ["/usr/sbin/php-fpm7.2", "--fpm-config", "/etc/php/7.2/php-fpm.conf", "-F"]
...
1.3. imfihlo.yaml
{{ if eq .Values.global.debug "yes" }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Chart.Name }}-ssh-pub-key
type: Opaque
data:
authorized_keys: "{{ first (pluck .Values.global.username .Values.ssh_pub_key) }}"
{{ end }}
ukuthinta kokugcina
Emva kwalokho osekusele wukudlulisa :
dev:
stage: deploy
script:
- type multiwerf && source <(multiwerf use 1.0 beta)
- type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
- werf deploy
--namespace ${CI_PROJECT_NAME}-stage
--set "global.env=stage"
--set "global.git_rev=${CI_COMMIT_SHA}"
--set "global.debug=yes"
--set "global.username=${GITLAB_USER_LOGIN}"
tags:
- build
I-Voila: unjiniyela oqalise ukusetshenziswa angaxhuma ngegama lesevisi (indlela yokunikeza ngokuphephile ukufinyelela kuqoqo, ) kusuka kudeskithophu yakho nge-SFTP bese uhlela ikhodi ngaphandle kokulinda ukuthi ilethwe kuqoqo.
Lesi yisixazululo esisebenza ngokuphelele, kepha ngokombono wokuqalisa sinezinkinga ezisobala:
- isidingo sokucwenga ishadi le-Helm, okwenza kube nzima ukulifunda esikhathini esizayo;
- ingasetshenziswa kuphela umuntu okhiphe isevisi;
- udinga ukukhumbula ukuyivumelanisa nohla lwemibhalo lwendawo ngekhodi bese uyinikela ku-Git.
2. Ukuba khona ngocingo
Le phrojekthi sekunesikhathi eside saziwa, kodwa thina, njengoba besho, “asizange sikuzame ngokungathí sina ngokwenza lokho.” Nokho, isidingo siwenzile umsebenzi wakho futhi manje siyajabula ukwabelana ngolwazi lwethu, okungase kube usizo kubafundi bebhulogi yethu - ikakhulukazi njengoba bekungakaze kube khona ezinye izinto eziphathelene ne-Telepresence kuhabhu okwamanje.
Ngamafuphi, yonke into yabonakala ingethusanga kangako. Sibeke zonke izenzo ezidinga ukwenziwa ngasohlangothini lukanjiniyela kufayela lombhalo leshadi le-Helm elibizwa NOTES.txt. Ngakho-ke, ngemuva kokuthumela insizakalo ku-Kubernetes, umthuthukisi ubona imiyalo yokwethula indawo yendawo ye-dev kulogi lomsebenzi we-GitLab:
!!! Разработка сервиса локально, в составе Kubernetes !!!
* Настройка окружения
* * Должен быть доступ до кластера через VPN
* * На локальном ПК установлен kubectl ( https://kubernetes.io/docs/tasks/tools/install-kubectl/ )
* * Получить config-файл для kubectl (скопировать в ~/.kube/config)
* * На локальном ПК установлен telepresence ( https://www.telepresence.io/reference/install )
* * Должен быть установлен Docker
* * Необходим доступ уровня reporter или выше к репозиторию https://gitlab.site.com/group/app
* * Необходимо залогинится в registry с логином/паролем от GitLab (делается один раз):
#########################################################################
docker login registry.site.com
#########################################################################
* Запуск окружения
#########################################################################
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name }}:backend --mount=/tmp/app --docker-run -v `pwd`:/app -v /tmp/app/var/run/secrets:/var/run/secrets -ti registry.site.com/group/app/backend:v8
#########################################################################Ngeke sihlale ngokuningiliziwe ezinyathelweni ezichazwe kulo myalelo... ngaphandle kweyokugcina. Kwenzekani ngesikhathi sokwethulwa kwe-Telepresence?
Ukusebenza nge-Telepresence
Ekuqaleni (sisebenzisa umyalo wokugcina oshiwo emiyalweni engenhla), sibeka:
- indawo yegama lapho i-microservice isebenza khona;
- amagama okuthunyelwa kanye nesitsha esifuna ukungena.
Ama-agumenti asele angokuzithandela. Uma insizakalo yethu isebenzisana kanye ne-Kubernetes API , sidinga ukukhweza izitifiketi/amathokheni kudeskithophu yethu. Ukuze wenze lokhu, sebenzisa inketho --mount=true (noma --mount=/dst_path), ezokhweza impande (/) isuka kusiqukathi se-Kubernetes iye kudeskithophu yethu. Ngemuva kwalokhu, singakwazi (kuye ngokuthi i-OS nokuthi uhlelo lwethulwe kanjani) sisebenzise "izihluthulelo" ezivela kuqoqo.
Okokuqala, ake sibheke inketho yendawo yonke yokusebenzisa uhlelo lokusebenza - esitsheni se-Docker. Ukwenza lokhu sizosebenzisa ukhiye --docker-run bese ufaka uhla lwemibhalo ngekhodi esitsheni: -v `pwd`:/app
Sicela uqaphele ukuthi lokhu kuthatha ukusebenza kusuka kuhla lwemibhalo yephrojekthi. Ikhodi yohlelo lokusebenza izofakwa kuhla lwemibhalo /app esitsheni.
Okulandelayo: -v /tmp/app/var/run/secrets:/var/run/secrets — ukufaka uhla lwemibhalo nesitifiketi/ithokheni esitsheni.
Le nketho ekugcineni ilandelwa isithombe lapho uhlelo lokusebenza luzosebenza khona. NB: Uma wakha isithombe, kufanele ucacise CMD noma ENTRYPOINT!
Yini ngempela ezokwenzeka ngokulandelayo?
- Ku-Kubernetes, ekusetshenzisweni okucacisiwe, inani lezifaniso lizoshintshwa libe ngu-0. Esikhundleni salokho, kuzokwethulwa Ukuthunyelwa okusha - okunesiqukathi esingena esikhundleni.
backend. - Iziqukathi ezi-2 zizokwethulwa kudeskithophu: eyokuqala nge-Telepresence (izofaka izicelo zommeleli kusuka/ku-Kubernetes), eyesibili ngohlelo lokusebenza oluthuthukiswayo.
- Uma sifaka esitsheni nesicelo, khona-ke zonke izinto eziguquguqukayo ze-ENV ezidluliswe yi-Helm ngesikhathi sokuthunyelwa zizotholakala kithi, futhi zonke izinsizakalo zizotholakala. Okusele nje ukuhlela ikhodi ku-IDE oyikhonzile futhi ujabulele umphumela.
- Ekupheleni komsebenzi, udinga nje ukuvala i-terminal lapho i-Telepresence isebenza khona (qeda iseshini nge-Ctrl+C) - Iziqukathi ze-Docker zizoma kudeskithophu, futhi ku-Kubernetes yonke into izobuyela esimweni sayo sokuqala. Okusele nje ukuzibophezela, ukukhipha i-MR bese uyidlulisela ekubuyekezeni/ukuhlanganisa/... (kuye ngokugeleza komsebenzi wakho).
Uma singafuni ukusebenzisa uhlelo lokusebenza esitsheni se-Docker - ngokwesibonelo, asithuthuki nge-PHP, kodwa ku-Go, futhi sisaqhubeka siyakha endaweni - ukwethula i-Telepresence kuzoba lula nakakhulu:
telepresence --namespace {{ .Values.global.env }} --swap-deployment {{ .Chart.Name }}:backend --mount=trueUma uhlelo lokusebenza lufinyelela i-Kubernetes API, uzodinga ukukhweza uhla lwemibhalo (https://www.telepresence.io/howto/volumes). Kukhona insiza ye-Linux :
proot -b $TELEPRESENCE_ROOT/var/run/secrets/:/var/run/secrets bash
Ngemuva kokwethula i-Telepresence ngaphandle kwenketho --docker-run zonke izinto eziguquguqukayo zemvelo zizotholakala kutheminali yamanje, ngakho-ke uhlelo lokusebenza kufanele lwethulwe kuyo.
NB: Uma usebenzisa, isibonelo, i-PHP, kufanele ukhumbule ukukhubaza i-op_cache ehlukahlukene, i-apc nezinye izisheshisi ukuze zithuthukiswe - ngaphandle kwalokho ukuhlela ikhodi ngeke kuholele kumphumela oyifunayo.
Imiphumela
Ukuthuthukiswa kwendawo nge-Kubernetes kuyinkinga isisombululo sayo esikhula ngokulingana nokusabalala kwale nkundla. Ukwamukela izicelo ezifanele ezivela kubathuthukisi (kumakhasimende ethu), saqala ukuzixazulula ngezindlela zokuqala ezitholakalayo, nokho, ezingazange zizibonakalise ngokuhamba kwesikhathi. Ngenhlanhla, lokhu kuye kwaba sobala hhayi manje kuphela hhayi kithi kuphela, ngakho-ke izindlela ezifanele kakhulu sezivele emhlabeni, futhi i-Telepresence idume kakhulu kubo (ngendlela, kukhona futhi. kusuka ku-Google). Okuhlangenwe nakho kwethu kokuyisebenzisa akukabi kuhle kangako, kodwa kakade kusinikeza isizathu sokuyincoma “kozakwethu esitolo” - izame!
PS
Okunye okuvela ochungechungeni lwamathiphu namaqhinga we-K8s:
- «";
- «";
- «";
- «";
- «".
Source: www.habr.com