Gitlab on k8s最佳实践

本文涉及的产品
Redis 开源版,标准版 2GB
推荐场景:
搭建游戏排行榜
云数据库 Tair(兼容Redis),内存型 2GB
云原生数据库 PolarDB MySQL 版,通用型 2核4GB 50GB
简介: Gitlab on k8s最佳实践

gitlab on k8s

GitLab部署

helm 安装 postgresql

helmchar: github

安装日志

[root@master2 ~]#helm install gitlib-db -n gitlab /opt/helm/postgresql/
NAME: gitlib-db
LAST DEPLOYED: Mon Apr 24 09:05:58 2023
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: postgresql
CHART VERSION: 12.1.9
APP VERSION: 15.1.0
** Please be patient while the chart is being deployed **
PostgreSQL can be accessed via port 5432 on the following DNS names from within your cluster:
    gitlib-db-postgresql.gitlab.svc.cluster.local - Read/Write connection
To get the password for "postgres" run:
    export POSTGRES_PASSWORD=$(kubectl get secret --namespace gitlab gitlib-db-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
To connect to your database run the following command:
    kubectl run gitlib-db-postgresql-client --rm --tty -i --restart='Never' --namespace gitlab --image 10.50.10.185/postgresql/bitnami/postgresql:15.1.0-debian-11-r20 --env="PGPASSWORD=$POSTGRES_PASSWORD" \
      --command -- psql --host gitlib-db-postgresql -U postgres -d postgres -p 5432
    > NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID 1001} does not exist"
To connect to your database from outside the cluster execute the following commands:
    kubectl port-forward --namespace gitlab svc/gitlib-db-postgresql 5432:5432 &
    PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U postgres -d postgres -p 5432
  • 创建gitlab初始化数据库

helm 安装 redis 集群

chart: github

  • 安装日志
[root@master2 ~]#helm install gitlib-redis -n gitlab /opt/helm/redis/
NAME: gitlib-redis
LAST DEPLOYED: Mon Apr 24 09:08:19 2023
NAMESPACE: gitlab
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 17.4.3
APP VERSION: 7.0.8
** Please be patient while the chart is being deployed **
Redis® can be accessed via port 6379 on the following DNS name from within your cluster:
    gitlib-redis.gitlab.svc.cluster.local for read only operations
For read/write operations, first access the Redis® Sentinel cluster, which is available in port 26379 using the same domain name above.
To connect to your Redis® server:
1. Run a Redis® pod that you can use as a client:
   kubectl run --namespace gitlab redis-client --restart='Never'  --image 10.50.10.185/redis/bitnami/redis:7.0.8-debian-11-r0 --command -- sleep infinity
   Use the following command to attach to the pod:
   kubectl exec --tty -i redis-client \
   --namespace gitlab -- bash
2. Connect using the Redis® CLI:
   redis-cli -h gitlib-redis -p 6379 # Read only operations
   redis-cli -h gitlib-redis -p 26379 # Sentinel access
To connect to your database from outside the cluster execute the following commands:
    kubectl port-forward --namespace gitlab svc/gitlib-redis 6379:6379 &
    redis-cli -h 127.0.0.1 -p 6379

gitlab manifest 部署

参考

官方的chart超级复杂,组件超级多。Gitlab 主要涉及到3个应用:Redis、Postgresql、Gitlab 核心程序,实际上我们只要将这3个应用分别启动起来,然后加上对应的配置就可以很方便的安装 Gitlab 了,我们这里选择使用的镜像不是官方的,而是 Gitlab 容器化中使用非常多的一个第三方镜像:sameersbn/gitlab

  • 登录
  • http://chot-gitlab.prod.com:32100/ 账密: root/xxx
  • 使用外部redis 和pg
  • 使用sameersbn的gitlab镜像
  • 使用nginx ingress 向外暴露服务 kubernetes.io/ingress.class: nginx
  • gitlab-prod.yaml
  •     注意需要将pg和redis分别开启30300和30302 nodePort
  •     这一步可优化为域名连接避免开太多的nodeport
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: gitlab-data-pvc
  namespace: gitlab
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 200Gi
  storageClassName: nfs-storage-179sc
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab
  namespace: gitlab
  labels:
    name: gitlab
spec:
  replicas: 1
  selector:
    matchLabels:
      name: gitlab
  template:
    metadata:
      name: gitlab
      labels:
        name: gitlab
    spec:
      #nodeName: 192.168.102.22  # *
      containers:
      - name: gitlab
        image: 10.50.10.185/gitlab/sameersbn/gitlab:15.8.0-1
        imagePullPolicy: IfNotPresent
        env:
        - name: TZ
          value: Asia/Shanghai
        - name: GITLAB_TIMEZONE
          value: Beijing
        - name: GITLAB_SECRETS_DB_KEY_BASE
          value: long-and-random-alpha-numeric-string  # *
        - name: GITLAB_SECRETS_SECRET_KEY_BASE
          value: long-and-random-alpha-numeric-string  # *
        - name: GITLAB_SECRETS_OTP_KEY_BASE
          value: long-and-random-alpha-numeric-string  # *
        - name: GITLAB_ROOT_PASSWORD
          value: admin123  # *
        - name: GITLAB_ROOT_EMAIL
          value: ninesun@126.com  # *
        - name: GITLAB_HOST
          value: chot-gitlab.prod.com  # *
        - name: GITLAB_PORT
          value: "30400"
        - name: GITLAB_SSH_HOST
          value: k8s-22.host.com  # *
        - name: GITLAB_SSH_PORT
          value: "30401"
        - name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
          value: "true"
        - name: GITLAB_NOTIFY_PUSHER
          value: "false"
        - name: GITLAB_BACKUP_SCHEDULE
          value: daily
        - name: GITLAB_BACKUP_TIME
          value: 01:00
        - name: DB_TYPE
          value: postgres
        - name: DB_HOST
          value: gitlib-db-postgresql-hl #headless svc name: gitlib-db-postgresql-hl
        - name: DB_PORT
          value: "5432"
        - name: DB_USER
          value: postgres
        - name: DB_PASS
          value: "postgres"  # *
        - name: DB_NAME
          value: gitlab_production # 这一步如果需要重新创建数据库,就需要单独建立。否则就把gitlab 的数据存储在默认数据库postgres
        - name: REDIS_HOST
          value: gitlib-redis-headless # headless svc name: gitlib-redis-headless
        - name: REDIS_PORT
          value: "6379" # 默认端口是6379
        ports:
        - name: http
          containerPort: 80
        - name: ssh
          containerPort: 22
        volumeMounts:
        - mountPath: /home/git/data
          name: data
        livenessProbe:
          httpGet:
            path: /
            port: 80
          initialDelaySeconds: 180
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: /
            port: 80
          initialDelaySeconds: 25
          timeoutSeconds: 1
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: gitlab-data-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: gitlab
  namespace: gitlab
  labels:
    name: gitlab
spec:
  ports:
    - name: http
      port: 80
      targetPort: http
      nodePort: 30400
    - name: ssh
      port: 22
      targetPort: ssh
      nodePort: 30401
  type: NodePort
  selector:
    name: gitlab
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gitlab
  namespace: gitlab
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
    - host: chot-gitlab.prod.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: gitlab
                port:
                  number: 80
  • gitlab需要启动多久?
    启动大约需要4mins,期间可能会导致readlines probe检查失败。可以将initialDelaySeconds 调大一些

4ecc6a79d7c54844a99708d319817a32.png

gitlab如何上传项目?

  • 第一步: 添加需要推送项目的服务器的公钥
    key的内容就是id_rsa.pub的内容
  • [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-NlPzyq3P-1683179705925)(https://s3-us-west-2.amazonaws.com/secure.notion-static.com/19224c7f-f2c7-4569-ace6-28b0a579233b/Untitled.png)]
  • 第二步: git 上传项目
# 添加remote url
git remote add origin1 http://chot-gitlab.prod.com:30400/gitlab-instance-f410c318/gitlab-ci-k8s-demo.git
# 查看remote url
git remote -v
origin  https://github.com/myysophia/gitlab-ci-k8s-demo.git (fetch)
origin  https://github.com/myysophia/gitlab-ci-k8s-demo.git (push)
origin1 http://chot-gitlab.prod.com:30400/gitlab-instance-f410c318/gitlab-ci-k8s-demo.git (fetch)
origin1 http://chot-gitlab.prod.com:30400/gitlab-instance-f410c318/gitlab-ci-k8s-demo.git (push)
# 推送代码
git push -u origin1 --all

gitlab监控metrics

这部分可以接入外部的grafana监控面板进行监控

http://chot-gitlab.prod.com:30400/-/metrics?token=zuqjYZFKMof22VkTRLek

gitlab runner helm 部署

  • helm 部署
    chart github:
  • 全局runner和项目runner
    官方建议自建的实例使用指定的runner,也就是每个项目一个单独的runner
  • 两者如何选择?
  • 全局runner token
  • 项目runner token

helm部署问题

域名解析问题

  • 参考链接

https://todoit.tech/k8s/gitlab-runner/

https://blog.csdn.net/boling_cavalry/article/details/106991576

报错处理: Incorrect Usage: flag provided but not defined: -template-config

版本问题

GitLab 社区版 15.8.0 需要使用对应的runner镜像(**https://docs.gitlab.com/runner/)****

docker push 10.50.10.185/gitlab/registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v15.8.0

如何查看gitlab版本: http://chot-gitlab.prod.com:32100/help

config.toml 配置 如何覆盖config.template.toml

非root用户→ 容器中~/.gitlab-runner/config.yaml

concurrent = 10
check_interval = 30
log_level = "info"
shutdown_timeout = 0
[session_server]
  session_timeout = 1800
[[runners]]
  name = "chot-gitlab-runner-minio-gitlab-runner-55564b6469-k2d6h"
  url = "http://chot-gitlab.prod.com:32100/"
  id = 8
  token = "vbR7MMTPKSL7dyPALsUN"
  token_obtained_at = 2023-02-17T03:24:19Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "kubernetes"
  [runners.custom_build_dir]
  [runners.cache]
    Type = "s3"
    Shared = true
    MaxUploadedArchiveSize = 0
    [runners.cache.s3]
      ServerAddress = "chot-minio-web.prod.com:32100"
      AccessKey = "IwA5ttRQsZlKkkQV"
      SecretKey = "C07BrPYktE997bMcWUdcHyXQPVPr3mSJ"
      BucketName = "gitlab"
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.kubernetes]
    host = ""
    bearer_token_overwrite_allowed = false
    image = "10.50.10.185/gitlab/ubuntu:16.04"
    namespace = "gitlab"
    namespace_overwrite_allowed = ""
    pull_policy = ["if-not-present"]
    node_selector_overwrite_allowed = ""
    helper_image = "10.50.10.185/gitlab/ubuntu:16.04"
    pod_labels_overwrite_allowed = ""
    service_account_overwrite_allowed = ""
    pod_annotations_overwrite_allowed = ""
    [runners.kubernetes.affinity]
    [runners.kubernetes.pod_security_context]
    [runners.kubernetes.init_permissions_container_security_context]
      [runners.kubernetes.init_permissions_container_security_context.capabilities]
    [runners.kubernetes.build_container_security_context]
      [runners.kubernetes.build_container_security_context.capabilities]
    [runners.kubernetes.helper_container_security_context]
      [runners.kubernetes.helper_container_security_context.capabilities]
    [runners.kubernetes.service_container_security_context]
      [runners.kubernetes.service_container_security_context.capabilities]
    [runners.kubernetes.volumes]
    [runners.kubernetes.dns_config]
    [runners.kubernetes.container_lifecycle]
  • 使用k8s exector 无法拉取镜像
Running with gitlab-runner 15.8.0 (12335144)
  on chot-gitlab-runner-minio-gitlab-runner-6fbf87f59b-j6bhq S7qPFnrs, system ID: r_vB5NUhtcRQ1R
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: gitlab
Using Kubernetes executor with image ubuntu:16.04 ...
Using attach strategy to execute scripts...
Preparing environment
00:03
Waiting for pod gitlab/runner-s7qpfnrs-project-1-concurrent-0bc7zl to be running, status is Pending
WARNING: Failed to pull image with policy "IfNotPresent": image pull failed: rpc error: code = Unknown desc = Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: no such host
ERROR: Job failed: prepare environment: waiting for pod running: pulling image "ubuntu:16.04": image pull failed: rpc error: code = Unknown desc = Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: no such host. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information

修改runner values的文件

image:
    registry: 10.50.10.185/gitlab
    image: ubuntu
    tag: 16.04
Waiting for pod gitlab/runner-gm-nhepv-project-1-concurrent-057xgd to be running, status is Pending
ERROR: Job failed: prepare environment: waiting for pod running: image pull failed: Failed to apply default image tag "map[image:ubuntu registry:10.50.10.185/gitlab tag:16.04]": couldn't parse image reference "map[image:ubuntu registry:10.50.10.185/gitlab tag:16.04]": invalid reference format. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information

exector不支持这种image的方式

修改为

image: 10.50.10.185/gitlab/ubuntu:16.04

镜像拉取成功后会启动两个容器一个helper 一个 build镜像

如果runner分配给exector的工作1小时没有完成,这些容器就退出了。

error log

  • helper 和 build镜像启动后,容器启动报错
/bin/bash: line 1: gitlab-runner-build: command not found

gitlab 流水线报错如下:

OCI runtime exec failed: exec failed: unable to start container process: exec: "gitlab-runner-helper": executable file not found in $PATH: unknown
# 从pod yaml文件中找出 其中helper 容器中执行这段脚本
if [ -x /usr/local/bin/bash ]; then
exec /usr/local/bin/bash 
elif [ -x /usr/bin/bash ]; then
exec /usr/bin/bash 
elif [ -x /bin/bash ]; then
exec /bin/bash 
elif [ -x /usr/local/bin/sh ]; then
exec /usr/local/bin/sh 
elif [ -x /usr/bin/sh ]; then
exec /usr/bin/sh 
elif [ -x /bin/sh ]; then
exec /bin/sh 
elif [ -x /busybox/sh ]; then
exec /busybox/sh 
else
echo shell not found
exit 1
fi

查阅官方文档后发现这个helper 镜像还是个专有镜像,下载gitlab runner对应版本的helper, 这个helper镜像就是那个具体干活的,gitlab 的 .gitlab-ci.yml据配置的时间间隔把活给gitlab runner。


gitlab runner则是让helper images 去处理。所以刚开始的时候helper的image 用ubuntu是不对的。


具体理解参考Override the helper image部分:


Advanced configuration | GitLab


bitnami/gitlab-runner-helper:15.8.0

Running with gitlab-runner 15.8.0 (12335144)
  on chot-gitlab-runner-minio-gitlab-runner-75f87cfdbf-d89z6 fhyNaFUz, system ID: r_MDgwGq2YmKGA
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: gitlab
Using Kubernetes executor with image 10.50.10.185/gitlab/ubuntu:16.04 ...
Using attach strategy to execute scripts...
Preparing environment
Waiting for pod gitlab/runner-fhynafuz-project-1-concurrent-0v9gq4 to be running, status is Pending
Waiting for pod gitlab/runner-fhynafuz-project-1-concurrent-0v9gq4 to be running, status is Pending
  ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
  ContainersNotReady: "containers with unready status: [build helper]"
  ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod gitlab/runner-fhynafuz-project-1-concurrent-0v9gq4 to be running, status is Pending
  ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
  ContainersNotReady: "containers with unready status: [build helper]"
  ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod gitlab/runner-fhynafuz-project-1-concurrent-0v9gq4 to be running, status is Pending
  ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
  ContainersNotReady: "containers with unready status: [build helper]"
  ContainersNotReady: "containers with unready status: [build helper]"
/bin/bash: line 1: gitlab-runner-build: command not found

实在没办法,提个issue吧

April 21, 2023

官方更新了gitlab-runner-helper镜像版本

k8s中gitlab exector架构图

一图胜千言。

The Kubernetes executor for GitLab Runner | GitLab

what is Gitlab Runner Helper?

helm部署gitlab runner的时候有一个help image。


Gitlab Runner Helper 是与 Gitlab Runner 一起使用的辅助容器。 Gitlab Runner 允许运行 CI/CD 作业并将结果发送回 Gitlab。

gitlab如何连接上k8s? KAS Kubernetes agent server

gitlab CI

gitlab CI template

lib/gitlab/ci/templates · master · GitLab.org / GitLab · GitLab

gitlab CI Demo

上来不应该直接尝试on k8s,为啥不从最简单的开始呢?

使用 docker部署 gitlab-runner ,注册一个exector 为shell的runner

先来个简单的.gitlab-ci.yaml

before_script:
  - echo "Before script section122333"
  - echo "For example you might run an update here or install a build dependency"
  - echo "Or perhaps you might print out some debugging details"
after_script:
  - echo "After script section"
  - echo "For example you might do some cleanup here"
build1:
  stage: build 
  script:
    - echo "Do your build heresd"
test1:
  stage: test
  script:
    - echo "Do a test here"
    - echo "For example run a test suite"
test2:
  stage: test
  script:
    - echo "Do another parallel test here"
    - echo "For example run a lint test"
deploy1:
  stage: deploy
  script:
    - echo "Do your deploy here"
  environment: production

第一步: 1. 建立 Docker Volume

目前runner部署在10.50.10.36 理论上哪台有docker环境的都可以的.

$ docker volume create gitlab-runner-config

第二步: 使用创建的卷启动GitLab Runner容器:

-env TZ=CST

docker run -d --name gitlab-runner --restart always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v gitlab-runner-config:/etc/gitlab-runner \
    --add-host=chot-gitlab.prod.com:10.50.10.33 \
    10.50.10.185/gitlab/gitlab/gitlab-runner:v15.8.0

第三步: register 一个runner,exector 选择shell

root@27172e22cf90:/# gitlab-runner register
Runtime platform                                    arch=amd64 os=linux pid=54 revision=12335144 version=15.8.0
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
http://chot-gitlab.prod.com:30400/
Enter the registration token:
GR1348941BbkUVr8B1UumMfNx4LrL
Enter a description for the runner:
[27172e22cf90]:
Enter tags for the runner (comma-separated):
Enter optional maintenance note for the runner:
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://gitlab.com/gitlab-org/gitlab/-/issues/380872
Registering runner... succeeded                     runner=GR1348941BbkUVr8B
Enter an executor: docker-ssh, virtualbox, docker-ssh+machine, instance, ssh, docker+machine, kubernetes, custom, docker, parallels, shell:
docker
Enter the default Docker image (for example, ruby:2.7):
10.50.10.185/gitlab/ubuntu:16.04
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"

或者一步到位:

gitlab-runner register --url http://chot-gitlab.prod.com:30400/ --registration-tokenGR1348941BbkUVr8B1UumMfNx4LrL --executor shell

第四步 查看CI结果

  • 不同exector的runner配置
    gitlab-runner register时可以指定不同的exector. 可以打不同的tag,让不同的项目或编译条件使用不同的exector.
gitlab-runner list
Runtime platform                                    arch=amd64 os=linux pid=27160 revision=12335144 version=15.8.0
Listing configured runners                          ConfigFile=/etc/gitlab-runner/config.toml
meta-162                                            Executor=docker Token=_mFCm2xiCnFd8rKaAKFg URL=http://chot-gitlab.prod.com:30400/
meta-162                                            Executor=shell Token=_yvc4o5ycSACmtyTvBVK URL=http://chot-gitlab.prod.com:30400/

CI使用minio作为cache

例如在java项目编译的时候会有很多依赖包需要下载,如果每次都从网络拉取不稳定,这时候如果把依赖包缓存起来,下次构建项目就很快.

[runners.cache]
        Type = "s3"
        Shared = true
        [runners.cache.s3]
          AccessKey = "IwA5ttRQsZlKkkQV"
          SecretKey = "C07BrPYktE997bMcWUdcHyXQPVPr3mSJ"
          BucketName = "gitlab"
          ServerAddress = "chot-minio-api.prod.com:32100"

gitlab 和gitlab-runner的关系

GitLab CI 之 Runner 的 Executor 該如何選擇?

runner和exector的关系

runner并不是实际干活的,runner 可以指定特定的exector干活,在gitlab中有不同的exector,目前有这几种exector:

  • docker-ssh
  • virtualbox
  • docker-ssh+machine
  • instance
  • ssh
  • docker+machine
  • kubernetes
  • custom
  • docker
  • parallels
  • shell

可以结合自己的技术栈进行选择,目前我们常使用的是shell 和 docker、k8s

gitlab环境变量

这块都是gitlab预设定的一些环境变量,更多请打开CI_DEBUG_TRACE mode。

例如下面三个环境变量分别是当前gitlab实例名、绝对路径和相对路径。

$ echo "${CI_PROJECT_NAMESPACE}"
gitlab-instance-f410c318
$ echo "${CI_PROJECT_DIR}"
/home/gitlab-runner/builds/hs9MHCAM/0/gitlab-instance-f410c318/gitlab-ci-k8s-demo
$ echo "${CI_PROJECT_PATH}"
gitlab-instance-f410c318/gitlab-ci-k8s-demo

参考

用 GitLab CI 进行持续集成

相关实践学习
通过Ingress进行灰度发布
本场景您将运行一个简单的应用,部署一个新的应用用于新的发布,并通过Ingress能力实现灰度发布。
容器应用与集群管理
欢迎来到《容器应用与集群管理》课程,本课程是“云原生容器Clouder认证“系列中的第二阶段。课程将向您介绍与容器集群相关的概念和技术,这些概念和技术可以帮助您了解阿里云容器服务ACK/ACK Serverless的使用。同时,本课程也会向您介绍可以采取的工具、方法和可操作步骤,以帮助您了解如何基于容器服务ACK Serverless构建和管理企业级应用。 学习完本课程后,您将能够: 掌握容器集群、容器编排的基本概念 掌握Kubernetes的基础概念及核心思想 掌握阿里云容器服务ACK/ACK Serverless概念及使用方法 基于容器服务ACK Serverless搭建和管理企业级网站应用
目录
相关文章
|
1月前
|
Kubernetes 监控 开发者
掌握容器化:Docker与Kubernetes的最佳实践
【10月更文挑战第26天】本文深入探讨了Docker和Kubernetes的最佳实践,涵盖Dockerfile优化、数据卷管理、网络配置、Pod设计、服务发现与负载均衡、声明式更新等内容。同时介绍了容器化现有应用、自动化部署、监控与日志等开发技巧,以及Docker Compose和Helm等实用工具。旨在帮助开发者提高开发效率和系统稳定性,构建现代、高效、可扩展的应用。
|
6天前
|
Kubernetes 算法 调度
阿里云 ACK FinOps成本优化最佳实践
本文源自2024云栖大会梁成昊演讲,讨论了成本优化策略的选择与实施。文章首先介绍了成本优化的基本思路,包括优化购买方式、调整资源配置等基础策略,以及使用弹性、资源混部等高级策略。接着,文章详细探讨了集群优化和应用优化的具体方法,如使用抢占式实例降低成本、通过资源画像识别并优化资源配置,以及利用智能应用弹性策略提高资源利用效率。
|
6天前
|
Kubernetes 容灾 调度
阿里云 ACK 高可用稳定性最佳实践
本文整理自2024云栖大会刘佳旭的演讲,主题为《ACK高可用稳定性最佳实践》。文章探讨了云原生高可用架构的重要性,通过Kubernetes的高可用案例分析,介绍了ACK在单集群高可用架构设计、产品能力和最佳实践方面的方法,包括控制面和数据面的高可用策略、工作负载高可用配置、企业版容器镜像服务高可用配置等内容,旨在帮助企业构建更加可靠和高效的应用运行环境。
|
28天前
|
存储 运维 Kubernetes
K8s业务迁移最佳实践: 灵活管理资源备份与调整策略,实现高效简便的应用恢复
在当今快速变化的云原生领域,Kubernetes(K8s)集群的运维面临着诸多挑战,其中灾备与业务迁移尤为关键。ACK备份中心支持丰富的资源调整策略,在数据恢复阶段即可自动适配目标集群环境,确保业务无缝重启。
|
27天前
|
Kubernetes 监控 API
深入解析Kubernetes及其在生产环境中的最佳实践
深入解析Kubernetes及其在生产环境中的最佳实践
41 1
|
2月前
|
NoSQL 关系型数据库 Redis
高可用和性能:基于ACK部署Dify的最佳实践
本文介绍了基于阿里云容器服务ACK,部署高可用、可伸缩且具备高SLA的生产可用的Dify服务的详细解决方案。
|
3月前
|
Kubernetes Docker 微服务
构建高效的微服务架构:基于Docker和Kubernetes的最佳实践
在现代软件开发中,微服务架构因其灵活性和可扩展性而受到广泛青睐。本文探讨了如何利用Docker和Kubernetes来构建高效的微服务架构。我们将深入分析Docker容器的优势、Kubernetes的编排能力,以及它们如何结合实现高可用性、自动扩展和持续部署。通过具体的最佳实践和实际案例,读者将能够理解如何优化微服务的管理和部署过程,从而提高开发效率和系统稳定性。
|
7月前
|
运维 Kubernetes Cloud Native
构建高效云原生运维体系:Kubernetes最佳实践
【5月更文挑战第9天】 在动态和快速演变的云计算环境中,高效的运维是确保应用稳定性与性能的关键。本文将深入探讨在Kubernetes环境下,如何通过一系列最佳实践来构建一个高效且响应灵敏的云原生运维体系。文章不仅涵盖了容器化技术的选择与优化、自动化部署、持续集成/持续交付(CI/CD)流程的整合,还讨论了监控、日志管理以及灾难恢复策略的重要性。这些实践旨在帮助运维团队有效应对微服务架构下的复杂性,确保系统可靠性及业务的连续性。
|
4月前
|
Kubernetes 安全 数据安全/隐私保护
Kubernetes 安全性最佳实践
【8月更文第29天】随着容器化和微服务架构的普及,Kubernetes 已成为管理容器化应用的标准平台。然而,随着 Kubernetes 的广泛采用,其安全性问题也日益受到关注。本文将深入探讨 Kubernetes 的安全最佳实践,并通过具体的代码示例来展示如何保护 Kubernetes 集群免受攻击。
216 2
|
4月前
|
Kubernetes jenkins 持续交付
Kubernetes CI/CD 集成:持续交付的最佳实践
【8月更文第29天】随着微服务架构和容器化的普及,Kubernetes 成为了运行容器化应用的事实标准。为了确保应用能够快速迭代并稳定发布,持续集成/持续部署(CI/CD)流程变得至关重要。本文将介绍如何将 Kubernetes 集成到 CI/CD 流程中,并提供一些最佳实践。
323 1