рдирдорд╕реНрдХрд╛рд░, рд╣реЗрдмреНрд░!
рдпрд╣ рд▓реЗрдЦ "рд▓рд░реНрдирд┐рдВрдЧ рдЯреВ рдбрд┐рдкреНрд▓реЙрдп рдорд╛рдЗрдХреНрд░реЛрд╕рд░реНрд╡рд┐рд╕" рдХреА рд╢реНрд░реГрдВрдЦрд▓рд╛ рдХрд╛ рджреВрд╕рд░рд╛ рднрд╛рдЧ рд╣реИред рдореЗрдВ рдкрд┐рдЫрд▓реЗ рднрд╛рдЧ, рд╣рдо 2 рд╕рд░рд▓ microservices рд▓рд┐рдЦрд╛ рдерд╛ - рдПрдХ рдмреИрдХрдПрдВрдб рдФрд░ рдПрдХ рдкреНрд░рд╡реЗрд╢ рджреНрд╡рд╛рд░ рд╣реИ, рдФрд░ рдкрддрд╛ рд▓рдЧрд╛ рдХрд┐ рдХреИрд╕реЗ рдбреЛрдХрд░ рдЫрд╡рд┐рдпреЛрдВ рдореЗрдВ рдЙрдиреНрд╣реЗрдВ рдкреИрдХ рдХрд░рдиреЗ рдХреЗ рд▓рд┐рдПред рдЙрд╕реА рд▓реЗрдЦ рдореЗрдВ, рд╣рдо рдХреБрдмреЗрд░рдиреЗрдЯреНрд╕ рдХрд╛ рдЙрдкрдпреЛрдЧ рдХрд░рдХреЗ рдЕрдкрдиреЗ рдбреЙрдХ рдХрдВрдЯреЗрдирд░ рдХреЗ рдСрд░реНрдХреЗрд╕реНрдЯреНрд░реЗрд╢рди рдХрд╛ рдЖрдпреЛрдЬрди рдХрд░реЗрдВрдЧреЗред рд╣рдо рд╕рд┐рд╕реНрдЯрдо рдХреЛ рдорд┐рдирд┐рдХреНрдпреВрдм рдореЗрдВ рд▓реЙрдиреНрдЪ рдХрд░рдиреЗ рдХреЗ рд▓рд┐рдП рдХреНрд░рдорд┐рдХ рд░реВрдк рд╕реЗ рдХреЙрдиреНрдлрд╝рд┐рдЧрд░ рдХрд░реЗрдВрдЧреЗ, рдФрд░ рдлрд┐рд░ Google рдХреБрдмреЗрд░рдиреЗрдЯ рдЗрдВрдЬрди рдореЗрдВ рддреИрдирд╛рддреА рдХреЗ рд▓рд┐рдП рдЗрд╕реЗ рдЕрдиреБрдХреВрд▓рд┐рдд рдХрд░реЗрдВрдЧреЗред
рд╢реНрд░реГрдВрдЦрд▓рд╛ рдпреЛрдЬрдирд╛:
рд╕реНрдкреНрд░рд┐рдВрдЧ рдмреВрдЯ рдкрд░ рд╕реЗрд╡рд╛рдУрдВ рдХрд╛ рдирд┐рд░реНрдорд╛рдг, рдбреЙрдХрд░ рдХреЗ рд╕рд╛рде рдХрд╛рдо рдХрд░рддреЗ рд╣реИрдВ
рдХреАрд╡рд░реНрдб: рдЬрд╛рд╡рд╛ 11, рд╕реНрдкреНрд░рд┐рдВрдЧ рдмреВрдЯ, рдбреЙрдХрд░, рдЫрд╡рд┐ рдЕрдиреБрдХреВрд▓рди
Google рдХреБрдмреЗрд░рдиреЗрдЯ рдЗрдВрдЬрди рдореЗрдВ рдХреБрдмреЗрд░рдиреЗрдЯ рд╡рд┐рдиреНрдпрд╛рд╕ рдФрд░ рдкрд░рд┐рдирд┐рдпреЛрдЬрди рдкреНрд░рдгрд╛рд▓реА рдХрд╛ рд╡рд┐рдХрд╛рд╕
рдХреАрд╡рд░реНрдб: рдХреБрдмреЗрд░рдиреЗрдЯреНрд╕, рдЬреАрдХреЗрдИ, рд╕рдВрд╕рд╛рдзрди рдкреНрд░рдмрдВрдзрди, рдСрдЯреЛрд╕реНрдХреЛрд▓рд┐рдВрдЧ, рд░рд╣рд╕реНрдп
рдЕрдзрд┐рдХ рдХреБрд╢рд▓ рдХреНрд▓рд╕реНрдЯрд░ рдкреНрд░рдмрдВрдзрди рдХреЗ рд▓рд┐рдП рд╣реЗрд▓реНрдо 3 рдХреЗ рд╕рд╛рде рдПрдХ рдЪрд╛рд░реНрдЯ рдмрдирд╛рдирд╛
: Helm 3, chart deployment
Jenkins
: Jenkins configuration, plugins, separate configs repository
Kubernetes:
- . , . , .
- . , , .
- . . .
- . - , Docker-, Kubernetes , .
- . ().
Kubernetes тАФ , , . . Kubernetes- .
GitHub .
Kubernetes
Minikube тАФ Kubernetes . . , , GKE. Google Cloud Platform - 300$ . 2+ (n1-standard-1).
:
Kubernetes
Kubernetes . . , .
Kubernetes:
Namespace тАФ . , . .
Pod тАФ . . , , , , .
ReplicaSet тАФ , , . , . ReplicaSet тАФ Deployment.
Deployment тАФ , ReplicaSet'. .
Service тАФ . , IP-. , . - , Service .
"" Kubernetes, .
. , . . , . :
- ClusterIP тАФ . IP-, .
- NodePort тАФ IP- ( ClusterIP) , .
<NodeIP>:<NodePort>. - LoadBalancer тАФ NodePort , . IP- .
Kubernetes DNS , . .
ConfigMap тАФ , , , .
Secret тАФ . (тДЦ SSL-), , base64- , . .
HorizontalPodAutoscaler тАФ , .
Minikube configuration
Namespace:
:
kubectl create namespace msvc-ns
:
kubectl config set-context --current --namespace=msvc-ns
'msvc-ns'. , 'default'.
Kubernetes yaml- , CLI. yaml-.
ConfigMap
, . URL- . ConfigMap , ( ).
apiVersion: v1
kind: ConfigMap
metadata:
name: urls-config
data:
BACKEND_URL: "http://backend:8080/"
, Kubernetes . , 'backend' 8080 .
Secret
apiVersion: v1
kind: Secret
metadata:
name: msvc-secret
type: Opaque
stringData:
secret: secret
Opaque , -. , , Docker-, . stringData. base64, . :
data:
secret: c2VjcmV0
Deployments
тАФ .
:
apiVersion: apps/v1
kind: Deployment
metadata:
name: gateway
labels:
tier: gateway
app: microservices
spec:
replicas: 3
selector:
matchLabels:
tier: gateway
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
tier: gateway
spec:
containers:
- name: gateway
image: anshelen/microservices-gateway:latest
envFrom:
- configMapRef:
name: urls-config
env:
- name: SECRET
valueFrom:
secretKeyRef:
name: msvc-secret
key: secret
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: "256Mi"
cpu: "200m"
requests:
memory: "128Mi"
cpu: "50m"
metadata.labels
, . , 'microservices' 'gateway'.
metadata.annotations тАФ , .
spec.replicas
.
spec.selector.matchLabels
. , tier, 'backend'. spec.template , metadata.labels , .
spec.strategy
spec.strategy . 'rollingUpdate' , ReplicaSet, ReplicaSet', . ( / ) maxSurge maxUnavailable. , . spec.strategy , .
spec.templates
spec.templates .
spec.templates.metadata.labels
, spec.selector.matchLabels, "" .
spec.templates.spec.containers.image
. latest Docker-, , . , тАФ Kubernetes. , . . 'latest' 4 , Jenkins.
spec.templates.spec.containers.envFrom.configMapRef
ConfigMap .
spec.templates.spec.containers.env
'SECRET', - 'secret'.
spec.templates.spec.containers.readinessProbe
. , . Kubernetes , 3 200, .
initialDelaySeconds тАФ .
periodSeconds тАФ .
livenessProbe, ( ).
spec.templates.spec.containers.ports
ports . ( -p 8080:8080).
spec.templates.spec.containers.resources
. limits тАФ , requests тАФ , . 200m тАФ 200 ( ), Mi тАФ .
, , .
Services
:
apiVersion: v1
kind: Service
metadata:
labels:
tier: backend
name: backend
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
tier: backend
spec.ports.targetPort тАФ , spec.ports.port тАФ . spec.selector , , tier, 'backend'. , ClusterIP, http://backend:8080.
:
apiVersion: v1
kind: Service
metadata:
labels:
tier: gateway
name: gateway
spec:
ports:
- nodePort: 30500
port: 80
protocol: TCP
targetPort: 8080
selector:
tier: gateway
type: NodePort
Minikube, , NodePort. spec.ports.nodePort тАФ . , 30000-32767.
Minikube
deploy.yamlapiVersion: v1
kind: ConfigMap
metadata:
name: urls-config
data:
BACKEND_URL: "http://backend:8080/"
---
apiVersion: v1
kind: Secret
metadata:
name: msvc-secret
type: Opaque
stringData:
secret: secret
---
apiVersion: v1
kind: Service
metadata:
labels:
tier: backend
name: backend
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
tier: backend
---
apiVersion: v1
kind: Service
metadata:
labels:
tier: gateway
name: gateway
spec:
ports:
- nodePort: 30500
port: 80
protocol: TCP
targetPort: 8080
selector:
tier: gateway
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
labels:
tier: backend
app: microservices
spec:
replicas: 3
selector:
matchLabels:
tier: backend
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
tier: backend
spec:
containers:
- name: backend
image: anshelen/microservices-backend:latest
envFrom:
- configMapRef:
name: urls-config
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
resources:
limits:
memory: "256Mi"
cpu: "200m"
requests:
memory: "128Mi"
cpu: "50m"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gateway
labels:
tier: gateway
app: microservices
spec:
replicas: 3
selector:
matchLabels:
tier: gateway
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
tier: gateway
spec:
containers:
- name: gateway
image: anshelen/microservices-gateway:latest
envFrom:
- configMapRef:
name: urls-config
env:
- name: SECRET
valueFrom:
secretKeyRef:
name: msvc-secret
key: secret
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: "256Mi"
cpu: "200m"
requests:
memory: "128Mi"
cpu: "50m"
:
kubectl apply -f deploy.yaml
Kubernetes URL :
minikube service gateway --url -n msvc-ns
:
for i in `seq 50`; do curl $(minikube service gateway --url -n msvc-ns) && echo; done
( ):
Number of requests 1 (gateway 544429797, secret secret)
Number of requests 1 (gateway 1543772618, secret secret)
Number of requests 2 (gateway 544429797, secret secret)
Number of requests 3 (gateway 544429797, secret secret)
Number of requests 4 (gateway 544429797, secret secret)
Number of requests 1 (gateway -1940767433, secret secret)
Number of requests 2 (gateway -1940767433, secret secret)
Number of requests 2 (gateway 1543772618, secret secret)
Number of requests 5 (gateway 544429797, secret secret)
...
Number of requests 1 (gateway 544429797, secret secret)
Number of requests 1 (gateway 1543772618, secret secret)
Number of requests 2 (gateway 544429797, secret secret)
Number of requests 3 (gateway 544429797, secret secret)
Number of requests 4 (gateway 544429797, secret secret)
Number of requests 1 (gateway -1940767433, secret secret)
Number of requests 2 (gateway -1940767433, secret secret)
Number of requests 2 (gateway 1543772618, secret secret)
Number of requests 5 (gateway 544429797, secret secret)
Number of requests 3 (gateway 1543772618, secret secret)
Number of requests 6 (gateway 544429797, secret secret)
Number of requests 3 (gateway -1940767433, secret secret)
Number of requests 4 (gateway 1543772618, secret secret)
Number of requests 7 (gateway 544429797, secret secret)
Number of requests 4 (gateway -1940767433, secret secret)
Number of requests 8 (gateway 544429797, secret secret)
Number of requests 9 (gateway 544429797, secret secret)
Number of requests 10 (gateway 544429797, secret secret)
Number of requests 5 (gateway 1543772618, secret secret)
Number of requests 5 (gateway -1940767433, secret secret)
Number of requests 6 (gateway -1940767433, secret secret)
Number of requests 7 (gateway -1940767433, secret secret)
Number of requests 6 (gateway 1543772618, secret secret)
Number of requests 8 (gateway -1940767433, secret secret)
Number of requests 7 (gateway 1543772618, secret secret)
Number of requests 11 (gateway 544429797, secret secret)
Number of requests 12 (gateway 544429797, secret secret)
Number of requests 8 (gateway 1543772618, secret secret)
Number of requests 9 (gateway -1940767433, secret secret)
Number of requests 10 (gateway -1940767433, secret secret)
Number of requests 11 (gateway -1940767433, secret secret)
Number of requests 9 (gateway 1543772618, secret secret)
Number of requests 10 (gateway 1543772618, secret secret)
Number of requests 11 (gateway 1543772618, secret secret)
Number of requests 12 (gateway -1940767433, secret secret)
Number of requests 12 (gateway 1543772618, secret secret)
Number of requests 13 (gateway 544429797, secret secret)
Number of requests 13 (gateway 1543772618, secret secret)
Number of requests 13 (gateway -1940767433, secret secret)
Number of requests 14 (gateway 1543772618, secret secret)
Number of requests 14 (gateway -1940767433, secret secret)
Number of requests 15 (gateway -1940767433, secret secret)
Number of requests 14 (gateway 544429797, secret secret)
Number of requests 15 (gateway 544429797, secret secret)
Number of requests 16 (gateway 544429797, secret secret)
Number of requests 17 (gateway 544429797, secret secret)
Number of requests 15 (gateway 1543772618, secret secret)
Number of requests 16 (gateway 1543772618, secret secret)
Number of requests 16 (gateway -1940767433, secret secret)
Number of requests 17 (gateway 1543772618, secret secret)
, . , , . - , -, , . , , . , 1 , 1000, "" , 1000 . , , , . .
.
kubectl get <object-type> тАФ . 'pod', 'service', 'deployment' . 'all'.
kubectl get <object-type> <object-name> -o yaml тАФ yaml-.
kubectl describe <object-type> <object-name> тАФ .
kubectl cluster-info тАФ .
kubectl top pod/node тАФ /.
kubectl apply -f <file/directory> тАФ .
kubectl delete <object-type> <object-name> тАФ .
kubectl scale deployment <deployment-name> --replicas=n тАФ . : n = 0, n, .
kubectl edit <object-type> <object-name> тАФ .
kubectl rollout undo deployment <deployment-name> тАФ .
kubectl logs <pod-name> тАФ . -f .
kubectl port-forward <pod-name> <host-port>:<container-port> тАФ . .
kubectl exec -it <pod-name> -- /bin/sh тАФ .
kubectl run curl --image=radial/busyboxplus:curl -i --tty тАФ . curl, , , .
kubectl get events --sort-by='.metadata.creationTimestamp' тАФ Kubernetes. , , , .
GKE configuration
, , , Google Kubernetes Engine.
Services
GKE , IP-. , LoadBalancer:
apiVersion: v1
kind: Service
metadata:
labels:
tier: gateway
name: gateway
spec:
selector:
tier: gateway
ports:
- port: 80
protocol: TCP
targetPort: 8080
type: LoadBalancer
, , . , GCP ( VPC -> IP-) , , spec.loadBalancerIp.
HorizontalPodAutoscalers
HorizontalPodAutoscaler . Minikube (- ), GKE .
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: backend
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: backend
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 50
spec.scaleTargetRef , backend. , 1 3 50%. , ( ), requests.cpu .
HorizontalPodAutoscaler' .
Quotas
. , (multitenant environment). , :
apiVersion: v1
kind: ResourceQuota
metadata:
name: msvc-quota
spec:
hard:
limits.cpu: "2"
limits.memory: 4Gi
- , . , , CLI (. kubectl run), LimitRange:
apiVersion: v1
kind: LimitRange
metadata:
name: msvc-default-resources
spec:
limits:
- default:
memory: "512Mi"
cpu: "250m"
defaultRequest:
memory: "256Mi"
cpu: "50m"
type: Container
, .
GKE
scripts_gke/.
create_quotas.yamlapiVersion: v1
kind: ResourceQuota
metadata:
name: msvc-quota
spec:
hard:
limits.cpu: "2"
limits.memory: 4Gi
---
apiVersion: v1
kind: LimitRange
metadata:
name: msvc-default-resources
spec:
limits:
- default:
memory: "512Mi"
cpu: "250m"
defaultRequest:
memory: "256Mi"
cpu: "50m"
type: Container
deploy.yamlapiVersion: v1
kind: ConfigMap
metadata:
name: urls-config
data:
BACKEND_URL: "http://backend:8080/"
---
apiVersion: v1
kind: Secret
metadata:
name: msvc-secret
type: Opaque
stringData:
secret: secret
---
apiVersion: v1
kind: Service
metadata:
labels:
tier: backend
name: backend
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
tier: backend
---
apiVersion: v1
kind: Service
metadata:
labels:
tier: gateway
name: gateway
spec:
selector:
tier: gateway
ports:
- port: 80
protocol: TCP
targetPort: 8080
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
labels:
tier: backend
app: microservices
spec:
replicas: 2
selector:
matchLabels:
tier: backend
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
tier: backend
spec:
containers:
- name: backend
image: anshelen/microservices-backend:latest
envFrom:
- configMapRef:
name: urls-config
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
resources:
limits:
memory: "512Mi"
cpu: "250m"
requests:
memory: "256Mi"
cpu: "50m"
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: backend
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: backend
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 50
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gateway
labels:
tier: gateway
app: microservices
spec:
replicas: 2
selector:
matchLabels:
tier: gateway
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
tier: gateway
spec:
containers:
- name: gateway
image: anshelen/microservices-gateway:latest
envFrom:
- configMapRef:
name: urls-config
env:
- name: SECRET
valueFrom:
secretKeyRef:
name: msvc-secret
key: secret
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: "512Mi"
cpu: "250m"
requests:
memory: "256Mi"
cpu: "50m"
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: gateway
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: gateway
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 50
scripts_gke:
kubectl apply -f scripts_gke/
, . URL :
kubectl get svc gateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
HorizontalPodAutoscaler' .
Kubernetes- Google Kubernetes Engine.
, , , . , тАж - , Kubernetes. ( ) Helm.
рдореЗрдВ рдХреЗ рддреАрд╕рд░реЗ рднрд╛рдЧ рд▓реЗрдЦ рдХреА рдЗрд╕ рд╢реНрд░реГрдВрдЦрд▓рд╛ рдореЗрдВ, рд╣рдо, рдкрддрд╡рд╛рд░ 3 рдкрд░ рд╕реНрдкрд░реНрд╢ рд╣рдорд╛рд░реА рдкреНрд░рдгрд╛рд▓реА рдХреЗ рд▓рд┐рдП рдПрдХ рдкрддрд╡рд╛рд░ рдЪрд╛рд░реНрдЯ рдмрдирд╛ рд╕рдХрддреЗ рд╣реИрдВ рдФрд░ GitHub рдкреЗрдЬ рдХреЗ рдЖрдзрд╛рд░ рдкрд░ рдмрдирд╛рдИ рдЧрдИ рдПрдХ рднрдВрдбрд╛рд░ рдореЗрдВ рдбрд╛рд▓ рджрд┐рдпрд╛ред