前言
一直在思考部署應用到k8s的姿勢,之前介紹過helm,個人感覺helm把記 錄資料放到k8s中不是特别好。最近發現了weave的
flux項目(A tool for deploying container images to Kubernetes services)。
flux簡介和注意事項
flux簡介
先上圖,大緻看一下flux的理念。
1:flux可以和任意你喜歡的CI工具搭配比如:Drone,CircleCI,gitlabCI等。實際上flux做了CD的環節。
2:flux可以幫助你安全地更新應用。一般會遇到更新過程出錯的問題,在flux實作中,每個部署的應用的yaml檔案存儲在git倉庫裡,是以每次更改都可以追蹤,是以也能精确復原到任何一個曆史版本。這點我是覺得非常好的。當應用需要更新鏡像的時候,有以下幾個步驟:
- Clone the repository
- Find the deployment files that use the image in question (there may be more than one, since we have e.g., sidecar containers that use the same image)
- Update a few fields in each file, in slightly different ways (e.g., put the image name in the template, and the tag part of the image name in a version label)
- Commit and push the change back to Git
如果隻是更新鏡像,其實有更簡單的操作:
$ fluxctl release --service=sock-shop/front-end --update-all-images
Submitting release job...
Release job submitted, ID cc08f78c-0e66-24a9-9215-82c80cc646c3
Status: Complete.
Here's what happened:
1. Submitted job.
2. Calculating release actions.
3. Release latest images to sock-shop/front-end 4. Clone the config repo.
5. Clone OK.
6. Update 1 images(s) in the resource definition file for sock-shop/front-end: front-end (weaveworksdemos/front-end:0.2.0 -> weaveworksdemos/front-end:7f511af2d21fd601b86b3bed7baa6adfa9c8c669).
7. Update pod controller OK.
8. Commit and push the config repo.
9. Pushed commit: Release latest images to sock-shop/front-end 10. Regrade 1 service(s): sock-shop/front-end.
Took 55.810622454s 此處會引出和drone結合的想法。這一點在總結裡會詳細闡述。
3: flux很好解決了可視化的問題,通過幾個指令就能清楚知道正在發生的。flux有controller的概念。
$ fluxctl list-services --namespace=sock-shop
SERVICE CONTAINER IMAGE RELEASE POLICY
sock-shop/cart cart weaveworksdemos/cart:0.3.0
sock-shop/cart-db cart-db mongo
sock-shop/catalogue catalogue weaveworksdemos/catalogue:0.2.0
sock-shop/catalogue-db catalogue-db weaveworksdemos/catalogue-db:0.2.0
sock-shop/front-end front-end weaveworksdemos/front-end:0.2.0
sock-shop/orders orders weaveworksdemos/orders:0.3.0
sock-shop/orders-db orders-db mongo
sock-shop/payment payment weaveworksdemos/payment:0.3.0
sock-shop/queue-master queue-master weaveworksdemos/queue-master:0.3.0
sock-shop/rabbitmq rabbitmq rabbitmq:3
sock-shop/shipping shipping weaveworksdemos/shipping:0.3.0
sock-shop/user user weaveworksdemos/user:0.3.0
sock-shop/user-db user-db weaveworksdemos/user-db:0.3.0 $ fluxctl list-images --service=sock-shop/front-end
SERVICE CONTAINER IMAGE CREATED
sock-shop/front-end front-end weaveworksdemos/front-end | 7f511af2d21fd601b86b3bed7baa6adfa9c8c669 18 Nov 16 16:00 UTC
| latest 18 Nov 16 16:00 UTC
| snapshot 18 Nov 16 16:00 UTC
| 16007dddd86b2ebb41d8880c53b77580cab13f02 18 Nov 16 11:23 UTC
| a0eaf8c8ffc0b81c2199adaf7d67466891bb3205 17 Nov 16 10:22 UTC
| 1b664cc81d9cf25b213000686a9e8d6477ae1b06 16 Nov 16 20:31 UTC
| ce1efe59c32d3c53344defdda4d5b643272022b8 16 Nov 16 20:29 UTC
| 4c33b216ae902ad89b9c3ca30a99a44833d16d5b 10 Nov 16 21:34 UTC
| 7015587783bc8f7a9c3d5cfa51e5a257fe188c4b 10 Nov 16 11:34 UTC
| 4d3ea2896c81e40a630d36cdc29ce740e7617016 10 Nov 16 11:30 UTC
:
'-> 0.2.0 09 Nov 16 10:26 UTC 4:flux實際上可以做到完全自動檢測git倉庫中yaml檔案的變化以及registry中鏡像的更新,進而自動部署。
It is most useful when used as a deployment tool at the end of a Continuous Delivery pipeline. Flux will make sure that your new container images and config changes are propagated to the cluster。
大意就是,利用flux作為cd pipeline中最後一個環節,可以很好地解決鏡像更新或是yaml檔案更新。
flux部署到k8s中注意事項
由于fluxd需要從git倉庫中拉取代碼,是以會有一個ssh key的問題。
注意flux-secret.yaml檔案:
--- apiVersion: v1 kind: Secret metadata: name: flux-git-deploy type: Opaque 并沒有data一項。實際上,flux預設會給我們生成一個key。
然後可以執行
$ fluxctl identity
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1fndADrb1fp6a+7QusXMU9qI2CNodLyMR82/6Li8rAstUCMRI9SjThAAbzyIfuCX61YCjWGj6qHyPusmfOssErbs7+rs6Q3y0RrACZT7w4HTgODX4aXGMigVY+IztpDv+XYztTqLCwMVfsrQWvo/WrtbltCdjzTP3gR7nWriPzCks3KbEFZkk4bCISJzV19RBCQzJBlE6afOAreCCdhooy80zmWOmHqc+OVDbAVTOC5Bcht/EaHNXGCwcHijiNd0MPah6OKI+gG/eDB2OLixdhoNTzeEYN6vB5Y/wwNuH/m29y46EM6mfXuq6KkD+/YT9J0XiTx 就可以獲得到public key。這個時候複制到github 倉庫的 deploy key即可。
總結
1:如何與drone結合?
首先我是認可将yaml存儲在git倉庫中,做版本控制。
實際上flux類似于helm,分為fluxd和一個指令行工具fluxctl,fluxd相當于server部署在k8s叢集中。那麼将fluxctl做成一個drone的插件。放在drone pipeline中最後一步。類似于現在很多helm插件的玩法。
這個插件隻需要完成更新鏡像的功能即可。畢竟整個pipeline中,更新代碼到倉庫中觸發編譯,建構,推送新鏡像到harbor,最終對于k8s叢集,隻需要應用替換新的鏡像即可。是以不需要去監聽registry這個功能。也不需要關注git中yaml的變化,拉取最新的即可。
具體實作思路:
- 将新的鏡像name和要更新的目标,以及yaml檔案路徑等作為drone插件的輸入參數
- 然後執行下面的類似指令
$ fluxctl release --controller=default:deployment/helloworld --update-image=quay.io/weaveworks/helloworld:master-a000001
Submitting release ...
Commit pushed: 33ce4e3
Applied 33ce4e38048f4b787c583e64505485a13c8a7836
CONTROLLER STATUS UPDATES
default:deployment/helloworld success helloworld: quay.io/weaveworks/helloworld:master-9a16ff945b9e -> master-a000001
$ fluxctl list-images --controller default:deployment/helloworld
CONTROLLER CONTAINER IMAGE CREATED
default:deployment/helloworld helloworld quay.io/weaveworks/helloworld
| master-9a16ff945b9e 20 Jul 16 13:19 UTC
| master-b31c617a0fe3 20 Jul 16 13:19 UTC
| master-a000002 12 Jul 16 17:17 UTC
'-> master-a000001 12 Jul 16 17:16 UTC
sidecar quay.io/weaveworks/sidecar
'-> master-a000002 23 Aug 16 10:05 UTC
master-a000001 23 Aug 16 09:53 UTC
2:抛開drone,對于整個paas平台。flux提供的自動監控registry和yaml git 倉庫的功能,也能豐富使用者的各種玩法。
3:接下來就是
drone-flux插件。該插件是我實作本想法而實作的的一個插件。
本文轉自中文社群-k
8s與CICD--利用flux部署應用到kubernetes