Ingabe usebenzisa i-Kubernetes? Ulungele ukususa izimo zakho ze-Camunda BPM emishinini ebonakalayo, noma vele uzame ukuzisebenzisa ku-Kubernetes? Ake sibheke ukucushwa okuvamile nezinto ezingazodwana ezingalungiselelwa izidingo zakho ezithile.
Kucabanga ukuthi uke wasebenzisa i-Kubernetes ngaphambilini. Uma kungenjalo, kungani ungabheki futhi ungaqali iqoqo lakho lokuqala?
Ababhali
- (Alastair Firth) - Unjiniyela Omkhulu Wokwethenjwa Kwesayithi eqenjini leCamunda Cloud;
- (Lars Lange) - Unjiniyela we-DevOps eCamunda.
Kafushane:
git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold
Kulungile, cishe ayisebenzanga ngoba awunayo i-skaffold ne-kustomize efakiwe. Kulungile-ke qhubeka ufunda!
Yini i-Camunda BPM
I-Camunda BPM iyinkundla yokuphathwa kwenqubo yebhizinisi yomthombo ovulekile kanye nenkundla yokuzenzakalela yesinqumo exhumanisa abasebenzisi bebhizinisi nabathuthukisi besoftware. Ilungele ukuxhumanisa nokuxhuma abantu, izinsizakalo (ezincane) noma i-bots! Ungafunda kabanzi mayelana nezimo ezihlukene zokusebenzisa ku .
Kungani usebenzise i-Kubernetes
I-Kubernetes isiphenduke indinganiso ye-de facto yokusebenzisa izinhlelo zokusebenza zesimanje ku-Linux. Ngokusebenzisa izingcingo zesistimu esikhundleni sokulingisa ihadiwe kanye nekhono le-kernel lokuphatha inkumbulo nokushintshwa komsebenzi, isikhathi sokuqalisa kanye nesikhathi sokuqalisa sigcinwa sisincane. Nokho, inzuzo enkulu ingase iqhamuke ku-API evamile ehlinzekwa yi-Kubernetes ukuze kulungiswe ingqalasizinda edingwa yizo zonke izinhlelo zokusebenza: ukugcinwa, ukunethiwekha, nokuqapha. Yashintsha iminyaka engu-2020 ngoJuni 6 futhi mhlawumbe iphrojekthi yesibili ngobukhulu yomthombo ovulekile (ngemuva kweLinux). Muva nje ibilokhu izinzisa ukusebenza kwayo ngemuva kokuphindaphinda ngokushesha eminyakeni embalwa edlule njengoba iba semqoka ekukhiqizeni okuningi emhlabeni jikelele.
I-Camunda BPM Engine ingaxhumeka kalula kwezinye izinhlelo zokusebenza ezisebenza kuqoqo elifanayo, futhi i-Kubernetes inikeza ukulinganisa okuhle kakhulu, okukuvumela ukuthi ukhuphule izindleko zengqalasizinda kuphela lapho zidingeka ngempela (futhi uzinciphise kalula njengoba kudingeka).
Izinga lokuqapha liphinde libe ngcono kakhulu ngamathuluzi afana ne-Prometheus, i-Grafana, i-Loki, i-Fluentd ne-Elasticsearch, okukuvumela ukuthi ubuke phakathi nendawo yonke imithwalo yemisebenzi kuqoqo. Namuhla sizobheka ukuthi sisetshenziswa kanjani isithekelisi se-Prometheus ku-Java Virtual Machine (JVM).
Izinhloso
Ake sibheke izindawo ezimbalwa lapho singenza ngokwezifiso isithombe se-Camunda BPM Docker () ukuze ihlanganyele kahle ne-Kubernetes.
- Izingodo namamethrikhi;
- Ukuxhumana kwesizindalwazi;
- Ukuqinisekisa;
- Ukuphathwa kweseshini.
Sizobheka izindlela ezimbalwa zokufeza lezi zinhloso futhi sibonise ngokucacile yonke inqubo.
Ukubhala: Ingabe usebenzisa inguqulo ye-Enterprise? Bheka futhi ubuyekeze izixhumanisi zesithombe njengoba kudingeka.
Ukuthuthukiswa kokuhamba komsebenzi
Kule demo, sizosebenzisa i-Skaffold ukwakha izithombe ze-Docker sisebenzisa i-Google Cloud Build. Inokusekelwa okuhle kwamathuluzi ahlukahlukene (afana ne-Kustomize ne-Helm), i-CI namathuluzi okwakha, nabahlinzeki bengqalasizinda. Ifayela skaffold.yaml.tmpl ihlanganisa izilungiselelo ze-Google Cloud Build ne-GKE, ehlinzeka ngendlela elula kakhulu yokusebenzisa ingqalasizinda yezinga lokukhiqiza.
make skaffold izolayisha okuqukethwe kwe-Dockerfile ku-Cloud Build, yakhe isithombe futhi isigcine ku-GCR, bese ifaka i-manifest kuqoqo lakho. Yilokhu elikwenzayo make skaffold, kodwa i-Skaffold inezinye izici eziningi.
Ezifanekiso ze-yaml ku-Kubernetes, sisebenzisa i-kustomize ukuphatha ukunqwabelanisa kwe-yaml ngaphandle kokufokha yonke i-manifest, okukuvumela ukuthi usebenzise git pull --rebase ukuze kuthuthukiswe okwengeziwe. Manje iku-kubectl futhi isebenza kahle ezintweni ezinjalo.
Futhi sisebenzisa i-envsubst ukuze sigcwalise igama lomethuleli kanye ne-ID yephrojekthi ye-GCP kumafayela e-*.yaml.tmpl. Ungabona ukuthi isebenza kanjani ku makefile noma uqhubeke ngokuqhubekayo.
Izimfuneko
- Iqoqo lomsebenzi
- - ngokudala izithombe zakho ze-docker kanye nokuthunyelwa kalula ku-GKE
- Ikhophi yale khodi
- I-Envsubst
Ukuhamba komsebenzi usebenzisa i-manifest
Uma ungafuni ukusebenzisa i-kustomize noma i-skaffold, ungabhekisela kuma-manifest ku generated-manifest.yaml futhi uzivumelanise nokuhamba komsebenzi okukhethile.
Amalogi namamethrikhi
I-Prometheus isiyindinganiso yokuqoqa amamethrikhi ku-Kubernetes. Isebenzisa i-niche efanayo ne-AWS Cloudwatch Metrics, Cloudwatch Alerts, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics nezinye. Iwumthombo ovulekile futhi inolimi lwemibuzo olunamandla. Sizobeka umbono ku-Grafana - iza nenani elikhulu lamadeshibhodi atholakalayo ngaphandle kwebhokisi. Axhumene nezinye futhi kulula ukuzifaka .
Ngokuzenzakalelayo, u-Prometheus usebenzisa imodeli yokukhipha <service>/metrics, futhi ukwengeza iziqukathi ze-sidecar zalokhu kuvamile. Ngeshwa, amamethrikhi e-JMX angena kahle kakhulu ngaphakathi kwe-JVM, ngakho-ke iziqukathi ze-sidecar azisebenzi ngendlela efanele. Asixhume umthombo ovulekile osuka ku-Prometheus uye ku-JVM ngokuwungeza esithombeni sesitsha esizonikeza indlela /metrics kwelinye itheku.
Engeza i-Prometheus jmx_exporter esitsheni
-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0
## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml
Kwakulula lokho. Umthumeli uzoqapha i-tomcat futhi abonise amamethrikhi ayo ngefomethi ye-Prometheus kokuthi <svc>:9404/metrics
Ukusethwa kwangaphandle
Umfundi olalelisisayo angase azibuze ukuthi ivelaphi prometheus-jmx.yaml? Kunezinto eziningi ezahlukene ezingasebenza ku-JVM, futhi i-tomcat ingenye yazo, ngakho-ke umthumeli udinga ukucushwa okwengeziwe. Ukucushwa okujwayelekile kwe-tomcat, i-wildfly, i-kafka nokunye kuyatholakala . Sizongeza i-tomcat njenge ku-Kubernetes bese uyinyusa njengevolumu.
Okokuqala, sengeza ifayela lokucushwa lomthengisi endaweni yethu yesikhulumi/config/ lwemibhalo
platform/config
└── prometheus-jmx.yaml
Bese sengeza в kustomization.yaml.tmpl:
-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...]
configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml
Lokhu kuzongeza isici ngasinye files[] njengento yokumisa i-ConfigMap. I-ConfigMapGenerator mihle ngoba inemininingwane yokucushwa futhi iphoqa ukuqalisa kabusha kwe-pod uma ishintsha. Ziphinde zehlise inani lokucushwa kokuthi Ukuthunyelwa njengoba ungakwazi ukukhweza yonke "ifolda" yamafayela okusetha ku-VolumeMount eyodwa.
Ekugcineni, sidinga ukukhweza i-ConfigMap njengevolumu ku-pod:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]
Kuyamangalisa. Uma i-Prometheus ingalungiselelwe ukwenza ukuhlanza okuphelele, kungase kudingeke uyitshele ukuthi ihlanze ama-pods. Abasebenzisi be-Prometheus Operator bangasebenzisa service-monitor.yaml ukuze uqalise. Hlola Service-monitor.yaml, и ngaphambi kokuthi uqale.
Ukunweba le phethini kwezinye izimo zokusetshenziswa
Wonke amafayela esiwangeza ku-ConfigMapGenerator azotholakala ohlwini lwemibhalo olusha /etc/config. Ungakwazi ukunweba lesi sifanekiso ukuze ukhweze noma imaphi amanye amafayela okulungiselela owadingayo. Ungakwazi ngisho nokukhweza iskripthi sokuqalisa esisha. Ungasebenzisa ukukhweza amafayela ngamanye. Ukuze ubuyekeze amafayela e-xml, cabanga ukusebenzisa esikhundleni sed. Isivele ifakiwe esithombeni.
Omagazini
Izindaba ezimnandi! Amalogi ohlelo lokusebenza aseyatholakala ku-stdout, isibonelo nge kubectl logs. I-Fluentd (efakwe ngokuzenzakalelayo ku-GKE) izodlulisela izingodo zakho ku-Elasticsearch, Loki, noma iplathifomu yakho yokugawulwa kwemithi yebhizinisi. Uma ufuna ukusebenzisa i-jsonify kumalogi ungalandela isifanekiso esingenhla ukuze usifake .
Isizindalwazi
Ngokuzenzakalelayo, isithombe sizoba nesizindalwazi se-H2. Lokhu akusifanele, futhi sizosebenzisa i-Google Cloud SQL nge-Cloud SQL Proxy - lokhu kuzodingeka kamuva ukuxazulula izinkinga zangaphakathi. Lena inketho elula nethembekile uma ungenakho okuncamelayo ekusetheni isizindalwazi. I-AWS RDS inikeza isevisi efanayo.
Kungakhathalekile ukuthi iyiphi i-database oyikhethayo, ngaphandle uma kuyi-H2, uzodinga ukumisa okuguquguqukayo kwendawo efanele platform/deploy.yaml. Kubukeka kanjena:
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]
Ukubhala: Ungasebenzisa i-Kustomize ukuphakela ezindaweni ezahlukahlukene usebenzisa imbondela: .
Ukubhala: ukusetshenziswa valueFrom: secretKeyRef. Sicela, sebenzisa ngisho nangesikhathi sokuthuthuka ukuze ugcine izimfihlo zakho ziphephile.
Kungenzeka ukuthi usuvele unesistimu oyikhethayo yokuphatha izimfihlo ze-Kubernetes. Uma kungenjalo, nazi ezinye izinketho: Ukuzibhala ngemfihlo nge-KMS yomhlinzeki wakho wamafu bese uzijova ku-K8S njengezimfihlo ngepayipi le-CD − - izosebenza kahle kakhulu ngokuhambisana nezimfihlo ze-Kustomize. Kunamanye amathuluzi, njenge-dotGPG, enza imisebenzi efanayo: , .
Ingress
Ngaphandle uma ukhetha ukusebenzisa ukudlulisela ngembobo kwasendaweni, uzodinga Isilawuli Se-Ingress esimisiwe. Uma ungasebenzisi () lapho-ke cishe usuvele wazi ukuthi udinga ukufaka izichasiselo ezidingekayo ku ingress-patch.yaml.tmpl noma platform/ingress.yaml. Uma usebenzisa i-ingress-nginx futhi ubona i-nginx ingress class ene-balancer yomthwalo ekhomba kuyo kanye ne-DNS yangaphandle noma i-wildcard DNS entry, ulungele ukuhamba. Uma kungenjalo, lungiselela i-Ingress Controller ne-DNS, noma weqe lezi zinyathelo futhi ugcine uxhumano oluqondile ku-pod.
TLS
Uma usebenzisa noma kube-lego kanye ne-letsencrypt - izitifiketi zokungena okusha zizotholakala ngokuzenzakalelayo. Uma kungenjalo, vula ingress-patch.yaml.tmpl futhi wenze ngendlela oyifisayo ukuze ihambisane nezidingo zakho.
Yethula!
Uma ulandele konke okubhalwe ngenhla, khona-ke umyalo make skaffold HOSTNAME=<you.example.com> kufanele iqalise isenzakalo esitholakalayo ku <hostname>/camunda
Uma ungakasethi ukungena kwakho ku-URL yomphakathi, ungakuqondisa kabusha nge localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 on localhost:8080/camunda
Linda imizuzu embalwa kuze kube yilapho i-tomcat isilungile ngokuphelele. Umphathi we-Cert uzothatha isikhathi esithile ukuze aqinisekise igama lesizinda. Ungakwazi-ke ukuqapha izingodo usebenzisa amathuluzi atholakalayo njengethuluzi elifana ne-kubetail, noma usebenzise i-kubectl:
kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f
Izinyathelo ezilandelayo
Ngena
Lokhu kubaluleke kakhulu ekulungiseleleni i-Camunda BPM kune-Kubernetes, kodwa kubalulekile ukuqaphela ukuthi ngokuzenzakalelayo, ukufakazela ubuqiniso kukhutshaziwe ku-REST API. Ungakwazi noma usebenzise enye indlela efana . Ungasebenzisa i-configmaps namavolumu ukuze ulayishe i-xml, noma i-xmlstarlet (bona ngenhla) ukuze uhlele amafayela akhona esithombeni, futhi usebenzise i-wget noma uwalayishe usebenzisa isiqukathi se-init nevolumu okwabelwana ngayo.
Ukuphathwa kweseshini
Njengezinye izinhlelo zokusebenza eziningi, i-Camunda BPM iphatha izikhathi ku-JVM, ngakho-ke uma ufuna ukusebenzisa izifaniso eziningi, ungavumela izikhathi ezinamathelayo (), ezoba khona kuze kube yilapho isifaniso siyanyamalala, noma setha isibaluli se-Max-Age samakhukhi. Ukuze uthole isixazululo esiqine ngokwengeziwe, ungaphakela Isiphathi Sesikhathi ku-Tomcat. ULars uye kulesi sihloko, kodwa into efana nale:
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ &&
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ &&
sed -i '/^</Context>/i
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://redis-proxy.db:22121"
sticky="false"
sessionBackupAsync="false"
storageKeyPrefix="context"
lockingMode="auto"
/>' conf/context.xml
Ukubhala: ungasebenzisa i-xmlstarlet esikhundleni se-sed
Sasebenzisa phambi kwe-Google Cloud Memorystore, nge (isekela i-Redis) ukuyiqhuba.
Ukukala
Uma usuwaqonda kakade amaseshini, khona-ke umkhawulo wokuqala (futhi ngokuvamile owokugcina) wokukala i-Camunda BPM kungase kube ukuxhumana kusizindalwazi. Ukwenza ngokwezifiso ingxenye sekuvele kuyatholakala "" Masiphinde sikhubaze i-intialSize kufayela lezilungiselelo.xml. Engeza futhi ungakwazi ukukala ngokuzenzakalelayo inani lama-pods.
Izicelo nemikhawulo
В platform/deployment.yaml Uzobona ukuthi siyifake kanzima inkambu yezinsiza. Lokhu kusebenza kahle nge-HPA, kodwa kungase kudinge ukucushwa okwengeziwe. I-patch ye-kustomize ifanele lokhu. Cm. ingress-patch.yaml.tmpl и ./kustomization.yaml.tmpl
isiphetho
Ngakho-ke sifake i-Camunda BPM ku-Kubernetes ngamamethrikhi e-Prometheus, izingodo, i-H2 database, i-TLS kanye ne-Ingress. Sengeze amafayela ezigaxa namafayela okumisa sisebenzisa i-ConfigMaps ne-Dockerfile. Sikhulume ngokushintshanisa idatha ibe ngamavolumu futhi ngqo eziguquguqukayo zemvelo kusuka ezimfihlo. Ngaphezu kwalokho, sinikeze uhlaka lokusetha i-Camunda yamakhophi amaningi kanye ne-API eqinisekisiwe.
izithenjwa
github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives
05.08.2020/XNUMX/XNUMX, ukuhumusha U-Alastair Firth, uLars Lange
Source: www.habr.com