I-ProHoster > Блог > Ukuphatha > i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Meyi 27 ehholo elikhulu lenkomfa ye-DevOpsConf 2019, ebanjwe njengengxenye yomkhosi RIT++ 2019, njengengxenye yesigaba "Ukulethwa Okuqhubekayo", umbiko unikezwe "werf - ithuluzi lethu le-CI/CD ku-Kubernetes". Ikhuluma ngalabo izinkinga nezinselelo wonke umuntu abhekana nazo lapho ethutha e-Kubernetes, kanye nama-nuances angase angabonakali ngokushesha. Ukuhlaziya izixazululo ezingaba khona, sibonisa ukuthi lokhu kusetshenziswa kanjani kuthuluzi lomthombo ovulekile i-werf.

Kusukela kuphrezentheshini, insiza yethu (eyayaziwa ngokuthi i-dapp) ifinyelele ingqophamlando yoku 1000 izinkanyezi ku-GitHub - sithemba ukuthi umphakathi wayo okhulayo wabasebenzisi uzokwenza impilo ibe lula konjiniyela abaningi be-DevOps.

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Ngakho-ke, ake sethule ividiyo yombiko (~Imizuzu engama-47, ifundisa kakhulu kune-athikili) kanye nesiqephu esikhulu esivela kuso ngendlela yombhalo. Hamba!

Iletha ikhodi ku-Kubernetes

Inkulumo ngeke isakhuluma nge-werf, kodwa mayelana ne-CI/CD ku-Kubernetes, okusho ukuthi isofthiwe yethu ifakwe ezitsheni ze-Docker. (Ngikhulume ngalokhu ku 2016 umbiko), futhi ama-K8 azosetshenziselwa ukuyiqhuba ekukhiqizeni (okuningi mayelana nalokhu ku Unyaka we-2017).

Kubukeka kanjani ukulethwa e-Kubernetes?

  • Kukhona inqolobane ye-Git enekhodi nemiyalo yokuyakha. Isicelo sakhelwe esithombeni se-Docker futhi sashicilelwa ku-Docker Registry.
  • Ikhosombe elifanayo liqukethe imiyalelo yokuthi ungalusebenzisa kanjani futhi ulusebenzise kanjani uhlelo lokusebenza. Esigabeni sokuthunyelwa, le miyalo ithunyelwa ku-Kubernetes, ethola isithombe esifiselekayo kurejista bese isivula.
  • Ngaphezu kwalokho, ngokuvamile kuvame ukuhlolwa. Okunye kwalokhu kungenziwa lapho kushicilela isithombe. Ungakwazi futhi (ngokulandela imiyalelo efanayo) ukusebenzisa ikhophi yohlelo lokusebenza (endaweni ehlukile yegama le-K8s noma iqoqo elihlukile) futhi wenze izivivinyo lapho.
  • Ekugcineni, udinga isistimu ye-CI ethola imicimbi evela ku-Git (noma ukuchofoza izinkinobho) futhi ibize zonke izigaba ezikhethiwe: ukwakha, ukushicilela, ukukhipha, ukuhlola.

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Kunamanothi ambalwa abalulekile lapha:

  1. Ngoba sinengqalasizinda engaguquki (ingqalasizinda engashintshi), isithombe sohlelo lokusebenza esisetshenziswa kuzo zonke izigaba (isiteji, ukukhiqizwa, njll.), kumele kube khona oyedwa. Ngikhulume ngalokhu ngokuningiliziwe nangezibonelo. lapha.
  2. Ngoba silandela ingqalasizinda njengoba kusondela ikhodi (IaC), ikhodi yohlelo lokusebenza, imiyalelo yokuyihlanganisa nokuyethula kufanele ibe ncamashi endaweni eyodwa. Ukuze uthole ukwaziswa okwengeziwe ngalokhu, bheka umbiko ofanayo.
  3. Uchungechunge lokulethwa (ukulethwa) sivame ukukubona kanje: isicelo sahlanganiswa, sahlolwa, sakhululwa (isiteji sokukhipha) futhi yilokho - ukulethwa kwenzekile. Kepha empeleni, umsebenzisi uthola lokho okukhiphile, hhayi bese kuthi uma uyiletha ekukhiqizeni, nalapho esekwazile ukuya khona futhi lokhu kukhiqizwa kwasebenza. Ngakho ngikholelwa ukuthi uchungechunge lokulethwa luyaphela kuphela esigabeni sokusebenza (gijima), noma ngokuqondile, ngisho nangaleso sikhathi lapho ikhodi isusiwe ekukhiqizeni (ifake entsha).

Ake sibuyele ohlelweni lokulethwa olungenhla ku-Kubernetes: alusungulwanga yithi kuphela, kodwa ngokoqobo yiwo wonke umuntu obhekane nale nkinga. Eqinisweni, leli phethini manje selibizwa nge-GitOps (ungafunda kabanzi mayelana nethemu kanye nemibono engemuva kwalo lapha). Ake sibheke izigaba zesikimu.

Yakha isiteji

Kubukeka sengathi ungakhuluma ngokwakha izithombe ze-Docker ngo-2019, lapho wonke umuntu ekwazi ukubhala ama-Dockerfiles futhi asebenze. docker build?.. Nanka ama-nuances engingathanda ukuwanaka:

  1. Isisindo sesithombe izinto, ngakho sebenzisa izigaba eziningiukushiya esithombeni kuphela isicelo esidingeka ngempela ekusebenzeni.
  2. Inombolo yezendlalelo kufanele kuncishiswe ngokuhlanganisa amaketango we RUN-ziyala ngokwencazelo.
  3. Nokho, lokhu kunezela izinkinga ukulungisa iphutha, ngoba lapho umhlangano uphahlazeka, kufanele uthole umyalo ofanele ochungechungeni olubangele inkinga.
  4. Isivinini somhlangano kubalulekile ngoba sifuna ukukhipha izinguquko ngokushesha futhi sibone imiphumela. Isibonelo, awufuni ukwakha kabusha ukuncika kumalabhulali wolimi njalo wakha uhlelo lokusebenza.
  5. Imvamisa kusuka endaweni eyodwa ye-Git oyidingayo izithombe eziningi, engaxazululwa ngeqoqo le-Dockerfiles (noma izigaba eziqanjwe efayeleni elilodwa) kanye neskripthi se-Bash esinomhlangano wazo olandelanayo.

Lokhu kwakumane kuyisihloko sentaba yeqhwa wonke umuntu abhekene nayo. Kodwa kunezinye izinkinga, ikakhulukazi:

  1. Ngokuvamile lapho sihlangana sidinga okuthile intaba (ngokwesibonelo, gcina umphumela womyalo ofana ne-apt ohlwini lwemibhalo lomuntu wesithathu).
  2. Sifuna Ansible esikhundleni sokubhala ngegobolondo.
  3. Sifuna ukwakha ngaphandle kwe-Docker (kungani sidinga umshini we-virtual owengeziwe lapho sidinga ukulungisa yonke into yalokhu, kuyilapho sesivele sineqoqo le-Kubernetes lapho singasebenzisa khona iziqukathi?).
  4. Umhlangano ohambisanayo, engaqondwa ngezindlela ezihlukene: imiyalo ehlukene evela ku-Dockerfile (uma kusetshenziswa izigaba eziningi), imisebenzi eminingana yendawo yokugcina efanayo, ama-Dockerfiles amaningana.
  5. Umhlangano osabalalisiwe: Sifuna ukuqoqa izinto kuma-pods "ayi-ephemeral" ngoba i-cache yabo iyanyamalala, okusho ukuthi idinga ukugcinwa endaweni ethile ngokwehlukana.
  6. Ekugcineni, ngaqamba isiqongo sezifiso okuzenzakalelayo: Kungaba kuhle ukuya endaweni yokugcina, uthayiphe umyalo othile bese uthola isithombe esenziwe ngomumo, esihlanganiswe nokuqonda ukuthi kufanele kwenziwe kanjani futhi kanjani ngendlela efanele. Kodwa-ke, mina ngokwami ​​angiqiniseki ukuthi wonke ama-nuances angabonwa ngale ndlela.

Nawa amaphrojekthi:

  • moby/buildkit - umakhi ovela ku-Docker Inc (osevele ehlanganiswe ezinguqulweni zamanje ze-Docker), ozama ukuxazulula zonke lezi zinkinga;
  • kaniko - umakhi ovela kwa-Google okuvumela ukuthi wakhe ngaphandle kwe-Docker;
  • Buildpacks.io - Umzamo we-CNCF wokwenza umlingo ozenzakalelayo futhi, ikakhulukazi, isisombululo esithakazelisayo esine-rebase yezendlalelo;
  • kanye nenqwaba yezinye izinsiza, njenge Yakha, genuinetools/img...

... bese ubheka ukuthi zingaki izinkanyezi abanazo ku-GitHub. Okusho ukuthi, ngakolunye uhlangothi, docker build ikhona futhi ingenza okuthile, kodwa empeleni udaba aluxazululeki ngokuphelele - ubufakazi balokhu ukuthuthukiswa okufanayo kwabanye abaqoqi, ngamunye wabo oxazulula ingxenye ethile yezinkinga.

Umhlangano ku-werf

Ngakho safika i-werf (phambilini odumile njenge-dapp) - Uhlelo lokusebenza lomthombo ovulekile oluvela enkampanini yeFlant, esesineminyaka eminingi siyenza. Konke kwaqala eminyakeni emi-5 edlule ngemibhalo ye-Bash eyathuthukisa ukuhlanganiswa kwe-Dockerfiles, futhi eminyakeni engu-3 edlule intuthuko egcwele yenziwe ngaphakathi kohlaka lwephrojekthi eyodwa enenqolobane yayo ye-Git. (kuqale ngoRuby, bese kuba ibhalwe kabusha ukuya, futhi ngesikhathi esifanayo iqanjwe kabusha). Yiziphi izinkinga zomhlangano ezixazululwa ku-werf?

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Izinkinga ezifakwe umbala oluhlaza okwesibhakabhaka seziqalile ukusetshenziswa, ukwakhiwa okufanayo kwenziwa ngaphakathi komsingathi ofanayo, futhi izindaba ezigqanyiswe ngombala ophuzi zihlelelwe ukuthi ziqedwe ekupheleni kwehlobo.

Isiteji sokushicilelwa kurejista (shicilela)

Sishayele ucingo docker push... - yini engaba nzima mayelana nokulayisha isithombe kurejista? Bese kuphakama umbuzo: "Yimuphi ithegi okufanele ngiyibeke esithombeni?" Kuvela ngesizathu esinaso I-Gitflow (noma elinye isu le-Git) kanye ne-Kubernetes, futhi imboni izama ukuqinisekisa ukuthi okwenzeka ku-Kubernetes kulandela okwenzeka ku-Git. Ngemuva kwakho konke, i-Git ukuphela komthombo wethu weqiniso.

Yini enzima ngalokhu? Qinisekisa ukukhiqiza kabusha: kusukela ekuzinikeleni ku-Git, okungaguquki ngokwemvelo (okungaguquleki), esithombeni se-Docker, okufanele sigcinwe sinjalo.

Kubalulekile nakithi thola umsuka, ngoba sifuna ukuqonda ukuthi isicelo esisebenza e-Kubernetes sakhiwe kusiphi isibopho (bese singenza okuhlukile nokunye okufanayo).

Amasu okumaka

Esokuqala silula git tag. Sinerejista enesithombe esimakwe ngokuthi 1.0. I-Kubernetes inesiteji nokukhiqiza, lapho lesi sithombe silayishwa khona. Ku-Git senza izibophezelo futhi ngesinye isikhathi siyamaka 2.0. Siyiqoqa ngokuvumelana nemiyalelo evela endaweni yokugcina futhi siyibeke ebhukwini ngomaka 2.0. Siyidlulisela esiteji futhi, uma konke kuhamba kahle, bese siya ekukhiqizeni.

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Inkinga ngale ndlela ukuthi siqale sibeke ithegi, bese siyivivinya futhi siyikhiphe. Kungani? Okokuqala, akunangqondo: sikhipha inguqulo yesofthiwe esingakayihloli (ngeke sakwazi ukwenza ngenye indlela, ngoba ukuze sihlole, sidinga ukubeka umaka). Okwesibili, le ndlela ayihambisani ne-Gitflow.

Inketho yesibili i-git commit + ithegi. Igatsha eliyinhloko linethegi 1.0; ngayo ekubhaliseni - isithombe esithunyelwe ekukhiqizweni. Ngaphezu kwalokho, iqoqo le-Kubernetes linokubuka kuqala kanye nesiteji. Okulandelayo silandela i-Gitflow: egatsheni eliyinhloko ukuze kuthuthukiswe (develop) senza izici ezintsha, okuholela ekuzinikeleni ngesihlonzi #c1. Siyayiqoqa futhi siyishicilele kurejista sisebenzisa lesi sihlonzi (#c1). Ngesikhombi esifanayo sikhipha ukuze sihlole kuqala. Senza okufanayo ngezibophezelo #c2 и #c3.

Lapho siqaphela ukuthi kunezici ezanele, siqala ukuzinzisa yonke into. Dala igatsha ku-Git release_1.1 (kwisisekelo #c3 kusuka ku develop). Asikho isidingo sokuqoqa lokhu kukhululwa, ngoba... lokhu kwenziwe esinyathelweni esedlule. Ngakho-ke, singamane siyikhiphele esiteji. Silungisa iziphazamisi #c4 futhi ngokufanayo idluliselwa esiteji. Ngesikhathi esifanayo, intuthuko iyaqhubeka develop, lapho izinguquko zithathwa khona ngezikhathi ezithile release_1.1. Ngesinye isikhathi, sithola isibopho esihlanganisiwe futhi salayishwa esiteji, esijabula ngaso (#c25).

Bese sihlanganisa (ngokusheshisa phambili) igatsha lokukhululwa (release_1.1) enkosini. Sibeka ithegi enenguqulo entsha kulokhu kuzibophezela (1.1). Kodwa lesi sithombe sesivele siqoqwe ebhukwini, ngakho-ke ukuze singaphinde siqoqwe, simane sengeze umaki wesibili esithombeni esikhona (manje sinamathegi ebhukwini. #c25 и 1.1). Ngemuva kwalokho, siyikhiphela ekukhiqizeni.

Kunokushiyeka emuva kokuthi isithombe esisodwa kuphela esilayishwa esiteji (#c25), futhi ekukhiqizeni kuhlukile (1.1), kodwa siyazi ukuthi "ngokomzimba" lezi ziyisithombe esifanayo esivela kurejista.

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Ububi bangempela ukuthi akukho ukusekelwa kokuhlanganisa ukwenza, kufanele wenze phambili ngokushesha.

Singaqhubekela phambili futhi senze iqhinga... Ake sibheke isibonelo se-Dockerfile elula:

FROM ruby:2.3 as assets
RUN mkdir -p /app
WORKDIR /app
COPY . ./
RUN gem install bundler && bundle install
RUN bundle exec rake assets:precompile
CMD bundle exec puma -C config/puma.rb

FROM nginx:alpine
COPY --from=assets /app/public /usr/share/nginx/www/public

Ake sakhe ifayela kulo ngokuvumelana nesimiso esilandelayo:

  • I-SHA256 evela kuzihlonzi zezithombe ezisetshenzisiwe (ruby:2.3 и nginx:alpine), okungamasheke okuqukethwe kwawo;
  • wonke amaqembu (RUN, CMD njalo njalo.);
  • SHA256 kusuka kumafayela engeziwe.

... bese uthatha i-checksum (futhi i-SHA256) kufayela elinjalo. Lokhu isiginesha yonke into echaza okuqukethwe kwesithombe se-Docker.

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Ake sibuyele kumdwebo futhi esikhundleni sokuzibophezela sizosebenzisa amasignesha anjalo, i.e. tag izithombe ngamasignesha.

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Manje, uma kudingekile, ngokwesibonelo, ukuhlanganisa izinguquko kusukela ekukhululweni kuya kokuyinhloko, singenza isivumelwano sangempela sokuhlanganisa: sizoba nesihlonzi esihlukile, kodwa isiginesha efanayo. Ngesikhombi esifanayo sizokhipha isithombe emkhiqizweni.

Okubi ukuthi manje ngeke kwenzeke ukucacisa ukuthi hlobo luni lokuzibophezela oluphushelwe ekukhiqizeni - ama-checksum asebenza ohlangothini olulodwa kuphela. Le nkinga ixazululwa isendlalelo esengeziwe esinemethadatha - ngizokutshela okwengeziwe ngokuhamba kwesikhathi.

Ukumaka ku-werf

Ku-werf siqhubekele phambili futhi silungiselela ukwenza isakhiwo esisabalalisiwe nge-cache engagciniwe emshinini owodwa ... Ngakho-ke, sakha izinhlobo ezimbili zezithombe ze-Docker, sizibiza ngokuthi isigaba и isithombe.

I-werf Git repository igcina imiyalelo eqondile yokwakha echaza izigaba ezahlukene zokwakha (ngaphambi kokufaka, Faka, ngaphambi kokusetha, isethaphu). Siqoqa isithombe sesiteji sokuqala esinesiginesha echazwe njengesheke lezinyathelo zokuqala. Bese sengeza ikhodi yomthombo, esithombeni esisha sesiteji sibala i-checksum yayo ... Le misebenzi iphindaphindiwe kuzo zonke izigaba, ngenxa yalokho sithola isethi yezithombe zesiteji. Bese senza isithombe sokugcina, esiqukethe imethadatha mayelana nomsuka waso. Futhi simaka lesi sithombe ngezindlela ezahlukene (imininingwane kamuva).

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Ake sithi ngemva kwalokhu isivumelwano esisha sivela lapho kuphela ikhodi yesicelo eshintshiwe. Kuzokwenzekani? Ukuze kushintshwe amakhodi, kuzokwenziwa ipheshi futhi kuzolungiswa isithombe esisha sesiteji. Isiginesha yayo izonqunywa njengesheke lesithombe sesiteji esidala nesichibi esisha. Isithombe esisha sokugcina sizokwakhiwa kusukela kulesi sithombe. Ukuziphatha okufanayo kuzokwenzeka ngezinguquko kwezinye izigaba.

Ngakho-ke, izithombe zesiteji ziyinqolobane engagcinwa ngokusatshalaliswa, futhi izithombe esezivele zidalwe kuyo zilayishwa ku-Docker Registry.

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Ukuhlanza ebhukwini

Asikhulumi ngokususa izendlalelo ezisale zilenga ngemuva kokususwa kwamathegi - lesi isici esijwayelekile se-Docker Registry uqobo. Sikhuluma ngesimo lapho amathegi amaningi e-Docker enqwabelana futhi siyaqonda ukuthi asisawadingi amanye awo, kodwa athatha indawo (kanye/noma siyayikhokhela).

Ayini amasu okuhlanza?

  1. Ungenzi lutho nje ungahlanzi. Kwesinye isikhathi kulula kakhulu ukukhokhela isikhala esengeziwe kunokuvula inqwaba yamathegi. Kodwa lokhu kusebenza kuphela kuze kufike iphuzu elithile.
  2. Ukusetha kabusha okugcwele. Uma ususa zonke izithombe futhi wakhe kabusha kuphela ezamanje ohlelweni lwe-CI, kungase kuphakame inkinga. Uma isiqukathi siqalwa kabusha ekukhiqizweni, kuzolayishwa isithombe esisha - esingakahlolwa inoma ubani. Lokhu kubulala umqondo wengqalasizinda engaguquki.
  3. Okuluhlaza okotshani. Irejista eyodwa iqale ukuchichima - silayisha izithombe kwenye. Inkinga efanayo nasendleleni yangaphambilini: kunini lapho ungasula khona ukubhalisa osekuqalile ukuchichima?
  4. Ngokuhamba kwesikhathi. Susa zonke izithombe ezindala kunenyanga engu-1? Kodwa kuzoba khona isevisi engakabuyekezwa inyanga yonke...
  5. Ngesandla thola ukuthi yini engase isuswe kakade.

Kunezinketho ezimbili ezisebenzayo ngempela: ungahlanzi noma inhlanganisela yohlaza okwesibhakabhaka-oluhlaza + ngesandla. Esimweni sokugcina, sikhuluma ngalokhu okulandelayo: uma uqonda ukuthi sekuyisikhathi sokuhlanza irejista, udala entsha bese wengeza zonke izithombe ezintsha kuyo ngokuhamba kwesikhathi, isibonelo, inyanga. Futhi ngemva kwenyanga, bona ukuthi yimaphi ama-pods ku-Kubernetes asasebenzisa ukubhalisa okudala, futhi uwadlulisele kurejista entsha.

Size ngani i-werf? Siqoqa:

  1. Ikhanda le-Git: wonke amathegi, wonke amagatsha - sicabanga ukuthi sidinga yonke into efakwe ku-Git ezithombeni (futhi uma kungenjalo, khona-ke sidinga ukuyisusa ku-Git ngokwayo);
  2. wonke ama-pods okwamanje ampontshelwa ku-Kubernetes;
  3. Old ReplicaSets (lokho okusanda kukhishwa), futhi sihlela ukuskena ukukhishwa kwe-Helm bese sikhetha izithombe zakamuva lapho.

... futhi wenze uhlu olugunyaziwe kusuka kule sethi - uhlu lwezithombe esingeke sizisuse. Sihlanza konke okunye, ngemuva kwalokho sithola izithombe zesiteji sezintandane futhi sizisuse.

Isiteji sokuphaka

Isimemezelo esinokwethenjelwa

Iphuzu lokuqala engithanda ukunakwa kulo ekusetshenzisweni ukukhishwa kokucushwa kwensiza ebuyekeziwe, okumenyezelwe ngokumemezela. Idokhumenti yokuqala ye-YAML echaza izinsiza ze-Kubernetes ihlale ihluke kakhulu kumphumela osebenza kuqoqo. Ngoba uKubernetes wengeza ekucushweni:

  1. izihlonzi;
  2. ulwazi lwesevisi;
  3. amanani amaningi azenzakalelayo;
  4. isigaba esinesimo samanje;
  5. izinguquko ezenziwe njengengxenye ye-webhook yokungena;
  6. umphumela womsebenzi wabalawuli abahlukahlukene (kanye nomhleli).

Ngakho-ke, lapho ukucushwa kwensiza entsha kuvela (new), asikwazi ukuvele sithathe futhi sibhale phezu kwamanje, ukucushwa "bukhoma" ngakho (siphile). Ukwenza lokhu kuzodingeka siqhathanise new ngokulungiselelwa kokugcina okusetshenzisiwe (okokugcina ukusetshenziswa) bese ugoqa siphile wamukele isichibi.

Le ndlela ibizwa ngokuthi 2-indlela yokuhlanganisa. Isetshenziswa, isibonelo, ku-Helm.

Kukhona futhi 3-indlela yokuhlanganisa, okuhlukile kulokho:

  • ukuqhathanisa okokugcina ukusetshenziswa и new, sibheka ukuthi yini esusiwe;
  • ukuqhathanisa new и siphile, sibheka lokho okungeziwe noma okushintshiwe;
  • isiqeshana esifingqiwe sisetshenziswa kuso siphile.

Sisebenzisa izinhlelo zokusebenza eziyi-1000+ nge-Helm, ngakho-ke siphila nokuhlanganisa izindlela ezimbili. Nokho, inenani lezinkinga esizixazulule ngeziqephu zethu, ezisiza i-Helm ukuthi isebenze ngokujwayelekile.

Isimo sokukhishwa sangempela

Ngemuva kokuthi uhlelo lwethu lwe-CI lukhiqize ukucushwa okusha kwe-Kubernetes ngokusekelwe kumcimbi olandelayo, luyaludlulisela ukuze lusetshenziswe. (sebenzisa) kwiqoqo - usebenzisa iHelm noma kubectl apply. Okulandelayo, ukuhlanganisa okuchazwe kakade kwe-N-way kwenzeka, lapho i-Kubernetes API iphendula ngokugunyaza ohlelweni lwe-CI, nalokho kumsebenzisi wayo.

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Nokho, kunenkinga enkulu: ngemva kwakho konke isicelo esiyimpumelelo akusho ukukhishwa okuyimpumelelo. Uma u-Kubernetes eqonda ukuthi yiziphi izinguquko okudingeka zisetshenziswe futhi zisetshenziswe, asazi namanje ukuthi umphumela uzoba yini. Isibonelo, ukuvuselela nokuqalisa kabusha ama-pods ngaphambili kungase kuphumelele, kodwa hhayi ngemuva, futhi sizothola izinguqulo ezihlukene zezithombe zohlelo lokusebenza olusebenzayo.

Ukuze wenze konke ngendlela efanele, lolu hlelo ludinga isixhumanisi esengeziwe - i-tracker ekhethekile ezothola ulwazi lwesimo ku-Kubernetes API futhi iludlulisele ukuze luhlaziywe okwengeziwe isimo sangempela sezinto. Sakhe ilabhulali yomthombo ovulekile ku-Go - i-cubedog (bheka isimemezelo sayo lapha), exazulula le nkinga futhi yakhelwe ku-werf.

Ukuziphatha kwalesi silandeleli ezingeni le-werf kulungiselelwa kusetshenziswa izichasiselo ezibekwe kokuthi I-Deployments noma i-StatefulSets. Isichasiselo esikhulu - fail-mode - Uqonda lezi zincazelo ezilandelayo:

  • IgnoreAndContinueDeployProcess - asizinaki izinkinga zokukhishwa kwalolu phiko futhi siqhubeke nokuthumela;
  • FailWholeDeployProcessImmediately - iphutha kule ngxenye limisa inqubo yokuthumela;
  • HopeUntilEndOfDeployProcess - sithemba ukuthi le ngxenye izosebenza ekupheleni kokuthunyelwa.

Isibonelo, le nhlanganisela yezinsiza namanani esichasiselo fail-mode:

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Uma sisebenzisa okokuqala ngqa, isizindalwazi (i-MongoDB) kungenzeka ayikalungi - Ukuthunyelwa kuzohluleka. Kodwa ungalinda isikhathi ukuze iqale, futhi ukuthunyelwa kusazokwenzeka.

Kukhona ezinye izichasiselo ezimbili ze-kubedog ku-werf:

  • failures-allowed-per-replica - inani lokuwa okuvunyelwe kwesithombe ngasinye;
  • show-logs-until - ilawula isikhathi kuze kube yilapho i-werf ikhombisa (ku-stdout) izingodo ezivela kuwo wonke ama-pods akhishiwe. Okuzenzakalelayo ngu PodIsReady (ukuziba imilayezo okungenzeka asiyifuni uma ithrafikhi iqala ukuza ku-pod), kodwa amanani nawo avumelekile: ControllerIsReady и EndOfDeploy.

Yini enye esiyifunayo ekusetshenzisweni?

Ngaphezu kwamaphuzu amabili asechaziwe, singathanda:

  • ukubona izingodo - futhi kuphela okudingekayo, hhayi yonke into ngokulandelana;
  • ithrekhi inqubekela phambili, ngoba uma umsebenzi ulenga "buthule" imizuzu embalwa, kubalulekile ukuqonda ukuthi kwenzekani lapho;
  • иметь ukubuyisela emuva okuzenzakalelayo uma kwenzeka ukuthi kukhona okungahambanga kahle (ngakho-ke kubalulekile ukwazi isimo sangempela sokuthunyelwa). Ukukhishwa kufanele kube yi-athomu: kungenzeka kudlulele ekupheleni, noma yonke into ibuyele esimweni sayo sangaphambilini.

Imiphumela

Kithina njengenkampani, ukusebenzisa wonke ama-nuances achaziwe ezigabeni ezihlukene zokulethwa (ukwakha, ukushicilela, ukuphakela), uhlelo lwe-CI kanye nokusetshenziswa kwanele. i-werf.

Esikhundleni sesiphetho:

i-werf - ithuluzi lethu le-CI / CD ku-Kubernetes (uhlolojikelele nombiko wevidiyo)

Ngosizo lwe-werf, senze inqubekelaphambili enhle ekuxazululeni inombolo enkulu yezinkinga zonjiniyela be-DevOps futhi singajabula uma umphakathi obanzi okungenani uzama lolu hlelo lokusebenza. Kuyoba lula ukufeza umphumela omuhle ndawonye.

Amavidiyo namaslayidi

Ividiyo evela ekusebenzeni (~ imizuzu engama-47):

Ukwethulwa kombiko:

PS

Eminye imibiko mayelana ne-Kubernetes kubhulogi yethu:

Source: www.habr.com

Engeza amazwana