Kubernetes 基础设施即代码最佳实践
[英]Kubernetes infrastructure as code best practice
问题描述
Can anyone point me to the common strategy to setup a Kubernetes cluster according to the principles of infrastructure as code and automatic deployment for different developer teams with Git repos and an undefined CI/CD platform.
任何人都可以向我指出根据基础设施即代码和自动部署的原则,使用 Git 存储库和未定义的 CI/CD 平台为不同的开发团队设置 Kubernetes 集群的通用策略。
Let's say I am going to use Terraform to deploy a Kubernetes cluster on a hypothetical cloud service named QKS with a commonly used service, for example Apache Airflow, for which a public helm chart is available.假设我将使用 Terraform 在一个名为 QKS 的假设云服务上部署一个 Kubernetes 集群,其中包含一个常用服务,例如 Apache Airflow,有一个公共舵图可用。 There are two custom services (from two independent developer groups) to deploy named "apples" and "bananas".有两个自定义服务(来自两个独立的开发人员组)可以部署名为“apples”和“bananas”的服务。
I am struggling with the separation of responsibilities of different code bases.我正在努力分离不同代码库的职责。 Which steps in this process can best still be done manually.此过程中的哪些步骤仍然最好手动完成。 A lot is being written about this technology, but I cannot find any articles on this issue in particular.关于这项技术的文章很多,但我找不到任何关于这个问题的文章。
2 个解决方案
解决方案1
1 2020-03-04 07:07:41
This is my own proposal.这是我自己的提议。
Have three git repositories:拥有三个 git 存储库:
- my-infrastructure : includes the Terraform files, the Airflow Helm deployment and deployment of two namespaces included access roles to these namespaces. my-infrastructure :包括 Terraform 文件、Airflow Helm 部署和两个命名空间的部署,包括对这些命名空间的访问角色。 CICD tracks for changes and deploys them on QKS CICD 跟踪更改并将其部署在 QKS 上
- apples : code base and corresponding helm template. apples :代码库和相应的 helm 模板。 CICD can deploy on the apples namespace only. CICD 只能部署在 apples 命名空间上。
- bananas : code base and corresponding helm template.香蕉:代码库和相应的掌舵模板。 CICD can deploy on the bananas namespace only. CICD 只能部署在bananas 命名空间上。
Notes:笔记:
- subdivision of the cluster into namespacesis obvious ;将集群细分为命名空间是显而易见的;
all secrets and authorization tokens for the namespaces can be created via Terraform using Terraform kubernetes provider.
命名空间的所有机密和授权令牌都可以使用 Terraform kubernetes provider 通过 Terraform 创建。https://www.terraform.io/docs/providers/kubernetes/r/secret.html
https://www.terraform.io/docs/providers/kubernetes/r/secret.html
解决方案2
1 2020-03-04 09:17:57
There is an interesting kubernetes project for this called cluster-api that lets you create, configure & manage kubernetes clusters in a declarative fashion in a way similar to how we manage different resources in kubernetes itself.有一个有趣的 kubernetes 项目称为cluster-api ,它允许您以声明方式创建、配置和管理 kubernetes 集群,方式类似于我们在 kubernetes 本身中管理不同资源的方式。 It defines new resources of different kinds like Cluster , Machine它定义了不同类型的新资源,如Cluster 、 Machine
eg You could define a cluster like this:例如,您可以像这样定义一个集群:
apiVersion: cluster.x-k8s.io/v1alpha2
kind: Cluster
metadata:
name: capi-quickstart
spec:
clusterNetwork:
pods:
cidrBlocks: ["192.168.0.0/16"]
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
kind: AWSCluster
name: capi-quickstart
Of course you would need a starting / bootstrap kubernetes cluster where you will deploy this resource.当然,您需要一个启动/引导 kubernetes 集群,您将在其中部署此资源。 This project is still in prototype stage, so use caution.该项目仍处于原型阶段,因此请谨慎使用。
Check out the cluster-api repository on Github: https://github.com/kubernetes-sigs/cluster-api查看 Github 上的cluster-api存储库: https : //github.com/kubernetes-sigs/cluster-api
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.