diff --git a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-05-Harbor.md b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-05-Harbor.md index 2dc6f662ad..024884d037 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-05-Harbor.md +++ b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-05-Harbor.md @@ -1,29 +1,23 @@ --- title: Use Harbor as Rainbond's default container image repository to expand Rainbond's image management capabilities -description: Use Harbor as Rainbond's default container image repository to expand Rainbond's image management capabilities +description: Harbor is an enterprise-level registration server for storing and distributing Docker mirrors slug: Harbor +image: https://static.goodrain.com/wechat/harbor/harbor.png --- -:::info Rainbond is an integrated cloud-native application management platform. It provides an "application-centric" abstraction. Users do not need to learn K8s and containers. The platform encapsulates K8s and containers inside. It greatly improves the ease of use and the convenience of installation, but how to replace the internal components of the package is a problem. This article will explain how to use Harbor to replace the original default mirror warehouse of Rainbond. -::: ## Introduction to Harbor +[**Harbor**](https://goharbor.io/) is an enterprise-level Registry server for storing and distributing Docker images, and it is also the first open-source enterprise-level DockerRegistry project of the China-originated Cloud Native Foundation (CNCF). Security, identity and management, and more, extend the open source Docker Distribution.As an enterprise-grade private registry server, Harbor provides better performance and security.Improve the efficiency of transferring images for users to build and run the environment using the Registry.作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。 -[**Harbor**](https://goharbor.io/) is an enterprise-level Registry server for storing and distributing Docker images, and it is also the first open-source enterprise-level DockerRegistry project of the China-originated Cloud Native Foundation (CNCF). Security, identity and management, and more, extend the open source Docker Distribution.As an enterprise-grade private registry server, Harbor provides better performance and security.Improve the efficiency of transferring images for users to build and run the environment using the Registry. - - -## Solve the Rainbond image management problem through Harbor - +## 通Harbor解决Rainbond镜像管理问题 ​Rainbond used the basic Registry provided by Docker by default before. There were many problems in the process of use, such as image security, complicated and troublesome image cleaning, etc. After continuous research, Harbor can not only solve these problems, but also expand Many image management capabilities, Harbor's functions mainly include four categories of multi-user control:role-based access control and project isolation), image management policies (storage quota, artifact retention, vulnerability scanning, source signature, immutable artifacts, garbage collection) etc.), security and compliance (authentication, scanning and CVE exception rules, etc.) and interoperability (webhooks, remote copying of content, pluggable scanners, REST APIs, bot accounts, etc.). - - -## Docking Harbor +## 对接Harbor ​At present, harbor supports two forms of docking with Rainbond, one is as an internal basic storage warehouse of rainbond, and the other is as an external custom mirror warehouse. @@ -33,9 +27,9 @@ Rainbond is an integrated cloud-native application management platform. It provi ​The format of the yaml file is very strict to avoid problems when you configure it. The correct yaml file has been placed below, and you can use it after copying. -**Note:**Be sure to modify the name of the warehouse, the project name of the warehouse, the user name, and the password, otherwise the problem of image upload failure will occur. +\*\*Note:\*\*Be sure to modify the name of the warehouse, the project name of the warehouse, the user name, and the password, otherwise the problem of image upload failure will occur. -```` +``` Example: apiVersion: rainbond.io/v1alpha1 kind: RainbondCluster @@ -47,23 +41,18 @@ spec: domain: www.est.com/test password: Harbor12345 username: admin -```` - - +``` - Harbor provides services as an external warehouse of rainbond. It is based on the webhook function of harbor and rainbond. The configuration is as follows. - Make sure that the component has enabled the webhook function of the mirror warehouse, and the application status is not closed, and you need to configure the webhooks url of the application to the webhooks of the target mirror warehouse. ![](https://pic.imgdb.cn/item/61a5951e2ab3f51d919ea0df.png) - - -- In the target mirror warehouse, create a new webhook, then fill in the webhooks url of the application in the Endpoint address, and configure the trigger event type that meets the requirements. +- In the target mirror warehouse, create a new webhook, then fill in the webhooks url of the application in the Endpoint address, and configure the trigger event type that meets the requirements. ![](https://pic.imgdb.cn/item/61a5951e2ab3f51d919ea0ea.png) - -- The image storage management is realized through Harbor, which improves the convenience of work. +- 通过Harbor实现镜像可视化存储管理,提高了工作的便利性。 ![](https://pic.imgdb.cn/item/61a6cabf2ab3f51d9172ca88.png) @@ -73,13 +62,12 @@ spec: - Through the strategy of automatic mirror cleaning, the storage is reasonably utilized and the storage cost is reduced. - - It is recommended to use strategy:to apply to warehouse matching**, keep the 3 most recently pushed artifacts based on conditional tags matching** based on conditions without tags - - Recommended regular cleaning:custom cron : 0 0 0 1 */1 * (seconds, minutes, hours, days, months, weeks) -- Whether the image is signed and the vulnerability level can also be set as one of the image security policies, so that only signed images or images with low vulnerability levels can be pulled. + - It is recommended to use strategy:to apply to warehouse matching\*\*, keep the 3 most recently pushed artifacts based on conditional tags matching\*\* based on conditions without tags + - Recommended regular cleaning:custom cron : 0 0 0 1 \*/1 \* (seconds, minutes, hours, days, months, weeks) +- 镜像是否被签名,漏洞的等级,也可以设置成为镜像安全策略之一,这样可以保证签名过的镜像或者漏洞等级低的镜像才可以被拉取。 ## The overall process after integration ![](https://pic.imgdb.cn/item/61a439b22ab3f51d910d5d1c.png) As can be seen from the above flowchart, in the whole process of loading configuration, users can customize the image source to pull the image, and automatically push it to the Harbor image warehouse through the Rainbond platform, and then automatically pull after the image scanning is completed. Build a container instance. - diff --git a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-15-istio.md b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-15-istio.md index c5c118d0c1..3ca1569be4 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-15-istio.md +++ b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-15-istio.md @@ -1,49 +1,44 @@ --- title: Implementation of Istio under the Rainbond Service Mesh system -description: Implementation of Istio under the Rainbond Service Mesh system +description: The service grid is the final form of the microservice architecture, but it is not easy to use because the structure is coupled, but deployment has not been decoupled. slug: istio +image: https://static.goodrain.com/wechat/istio/istio.jpeg --- :::info Two years ago, Service Mesh (Service Mesh) became popular as soon as it came out. Many people think it is the final form of microservice architecture, because it can decouple business code from microservice architecture, that is, business The code does not need to be modified to implement the microservice architecture, but the decoupling is not thorough enough, and it is still inconvenient to use. Although the architecture is decoupled, the deployment has not been decoupled. -* It is impossible to choose a suitable Service Mesh framework according to different environments or customer needs. -* It is impossible to learn and use Service Mesh in the development environment, and enable the production environment on demand. ::: + +- It is impossible to choose a suitable Service Mesh framework according to different environments or customer needs. +- It is impossible to learn and use Service Mesh in the development environment, and enable the production environment on demand. ::: ## Plug-in Service Mesh Architecture Implementation Ideas -There are also many mature ServiceMesh frameworks, but for users.There is no omnipotent ServiceMesh framework that can solve problems in various scenarios.Therefore, we hope that for the user, he only needs to care about his business code.The application governance capabilities can be expanded through different ServiceMesh frameworks.The user's business code is completely decoupled from the ServiceMesh framework.As shown below.Users can replace the ServiceMesh architecture used by an application at any time.Choose the solution that best matches your business. - +目前成熟的ServiceMesh框架也有许多,但是对于用户而言。并不存在万能的ServiceMesh框架,可以解决各种场景的问题。因此我们希望对于用户而言,他只需要关心自己的业务代码。而应用的治理能力,则可以通过不同的ServiceMesh框架进行拓展。There are also many mature ServiceMesh frameworks, but for users.There is no omnipotent ServiceMesh framework that can solve problems in various scenarios.Therefore, we hope that for the user, he only needs to care about his business code.The application governance capabilities can be expanded through different ServiceMesh frameworks.The user's business code is completely decoupled from the ServiceMesh framework.As shown below.Users can replace the ServiceMesh architecture used by an application at any time.Choose the solution that best matches your business.如下图所示。用户可以随时替换某个应用所使用的ServiceMesh架构。选择与业务最匹配的解决方案。 ![image-20211211180131913](https://cdn.jsdelivr.net/gh/yangkaa/images@main/works/image-20211211180131913.png) -Based on the above ideas, we can make istio, linkerd, dapr and other microservice architectures into plug-ins. During the development process, we do not need to know the existence of the Service Mesh framework. We only need to deal with the dependencies of the business. When delivering to the production environment or customer environment , some require high performance, some require full functions, and some customers have specified various requirements. You can open different types of plug-ins as needed according to the environment and customer needs. When there is a problem with the Service Mesh framework, you can switch it at any time.In this way, the Service Mesh framework becomes an enabling tool, and the redeployment of the old business system can immediately open the service governance capability. +Based on the above ideas, we can make istio, linkerd, dapr and other microservice architectures into plug-ins. During the development process, we do not need to know the existence of the Service Mesh framework. We only need to deal with the dependencies of the business. When delivering to the production environment or customer environment , some require high performance, some require full functions, and some customers have specified various requirements. You can open different types of plug-ins as needed according to the environment and customer needs. When there is a problem with the Service Mesh framework, you can switch it at any time.In this way, the Service Mesh framework becomes an enabling tool, and the redeployment of the old business system can immediately open the service governance capability.这样Service Mesh框架就变成赋能的工具,老的业务系统重新部署马上就能开启服务治理能力。 Rainbond is implemented based on the above ideas. The current version has implemented three service governance plug-ins. -* kubernetes native service mode -* Envoy-based Service Mesh Mode -* Istio service governance model +- kubernetes native service mode +- Envoy-based Service Mesh Mode +- Istio service governance model Later, we will explain in detail the process of using the Istio service governance model. - - ## Practice using the Istio governance model -With the above concepts, we can take a look at how Rainbond integrates with Istio.In Rainbond, users can set different governance modes for different applications, that is, users can manage applications on demand by switching the governance mode of the application.The advantage of this is that users can not be bound by a certain ServiceMesh framework, and can quickly trial and error, and can quickly find the most suitable ServiceMesh framework for the current business. - - +有了以上概念,我们可以来看看Rainbond如何与Istio结合。在Rainbond中,用户可以对不同的应用设置不同的治理模式,即用户可以通过切换应用的治理模式,来按需治理应用。这样带来的好处便是用户可以不被某一个ServiceMesh框架所绑定,且可以快速试错,能快速找到最适合当前业务的ServiceMesh框架。 ### Install the Istio control plane -First, when switching to the Istio governance mode, if the Istio control plane is not installed, you will be prompted to install the corresponding control plane.Therefore, we need to install the Istio control plane. The control plane only needs to be installed once in a cluster. It provides a unified management entry to manage services that work in the Istio governance model.Complete functions such as configuration and delivery.Combined with Rainbond's existing helm installation method, we can easily install the corresponding components. - - +首先在切换到Istio治理模式时,如果未安装Istio的控制面,则会提示需要安装对应的控制面。因此我们需要安装Istio的控制面,控制面在一个集群中只需安装一次,它提供了统一的管理入口,用来管理工作在Istio治理模式下的服务。完成配置下发等功能。结合Rainbond现有的helm安装方式,我们可以便捷的安装好对应的组件。 #### 1. Create a team -In version 5.5.0, we supported users to specify namespaces when creating teams.Since the default helm installation namespace is istio-system, in order to reduce user configuration.We first need to create the corresponding team.As shown below.The English name of the team corresponds to the namespace of the team in the cluster.Fill in istio-system here. +在5.5.0版本中,我们支持了用户在创建团队时指定命名空间。由于默认helm安装的命名空间为 istio-system ,所以为了减少用户配置。我们首先需要创建出对应的团队。如下图所示。团队英文名对应的则是该团队在集群中的命名空间。此处填写 istio-system 。 ![image-20211212203716453](https://ghproxy.com/https://raw.githubusercontent.com/yangkaa/images/main/works/image-20211212203716453.png) @@ -55,23 +50,19 @@ Store Address:https://openchart.goodrain.com/goodrain/rainbond ![image-20211212203208140](https://ghproxy.com/https://raw.githubusercontent.com/yangkaa/images/main/works/image-20211212203208140.png) - - #### 3. Install the Istio control plane After the store is created, you can see the corresponding helm application. Currently, Rainbond provides the helm package of version 1.11.4 of [. According to the official](https://istio.io/latest/docs/releases/supported-releases/)document1, this version supports Kubernetes cluster versions 1.19, 1.20, 1.21, 1.22 . -* Install the base app - - Select the base application in the helm store to deploy, and the team selects the previously created team whose namespace is istio-system.This application package mainly deploys Istio-related cluster resources and CRD resources. - - ![image-20211212204419466](https://ghproxy.com/https://raw.githubusercontent.com/yangkaa/images/main/works/image-20211212204419466.png) +- Install the base app -* Install the istio-discovery app** + Select the base application in the helm store to deploy, and the team selects the previously created team whose namespace is istio-system.This application package mainly deploys Istio-related cluster resources and CRD resources.该应用包主要部署了Istio相关的集群资源和 CRD 资源。 - As with the base app above, select the correct team.Install the istio-discovery app.With these two applications, you can have the governance capabilities of Istio. + ![image-20211212204419466](https://ghproxy.com/https://raw.githubusercontent.com/yangkaa/images/main/works/image-20211212204419466.png) +- Install the istio-discovery app\*\* + 同上述base应用一样,选择正确的团队。安装 istio-discovery 应用。As with the base app above, select the correct team.Install the istio-discovery app.With these two applications, you can have the governance capabilities of Istio. ### The sample application enables Istio governance mode @@ -79,41 +70,39 @@ After the store is created, you can see the corresponding helm application. Curr Let's take the SpringBoot background management system [Ruoyi](https://gitee.com/y_project/RuoYi) as an example, as shown in the figure below, users can first install a `Ruoyi SpringBoot` application from the open source application store, select the version 3.6.0, click the governance mode switch, and select the Istio governance mode. -![image-20211212205811460](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/network.jpg) +![image-20211212205811460](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/network.jpg) -After clicking to switch to the Istio governance mode, the user needs to manually set the internal domain name. The internal domain name here will be the service name of the component in the Kubernetes cluster, which is unique under the same team.Here we modify it to a more readable internal domain name. +After clicking to switch to the Istio governance mode, the user needs to manually set the internal domain name. The internal domain name here will be the service name of the component in the Kubernetes cluster, which is unique under the same team.Here we modify it to a more readable internal domain name.这里我们修改为可读性较高的内部域名。 -![image-20211212210008895](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/model.png) +![image-20211212210008895](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/model.png) #### 2. Modify the configuration file -After this step is completed, we also need to go to `ruoyi-ui` to mount a new configuration file.This is mainly because by default, the back-end service address in the configuration file `web.conf` of`ruoyi-ui` is 127.0.0.1. When using Rainbond's built-in ServiceMesh mode, Rainbond will obtain the address of the back-end service. , inject it into `ruoyi-ui` , and give `ruoyi-ui` a local access address (127.0.0.1) to access the backend service.So it can be used without modification. +在这一步完成后,我们还需要进入 `ruoyi-ui` 挂载一个新的配置文件。After this step is completed, we also need to go to `ruoyi-ui` to mount a new configuration file.This is mainly because by default, the back-end service address in the configuration file `web.conf` of`ruoyi-ui` is 127.0.0.1. When using Rainbond's built-in ServiceMesh mode, Rainbond will obtain the address of the back-end service. , inject it into `ruoyi-ui` , and give `ruoyi-ui` a local access address (127.0.0.1) to access the backend service.So it can be used without modification.所以无需修改就能使用。 -However, when the Istio governance mode is used, the components communicate through the internal domain name, so the corresponding proxy address needs to be modified by mounting the configuration file. The configuration file of`ruoyi-ui` can be accessed through the `Web terminal` on the upper right to access the container , copy the contents of the file `/app/nginx/conf.d/web.conf`.After modifying the proxy address, save it, as shown in the following figure.Earlier we set the internal domain name of the console to `ruoyi-admin`, so replace it with `ruoyi-admin`here. +However, when the Istio governance mode is used, the components communicate through the internal domain name, so the corresponding proxy address needs to be modified by mounting the configuration file. The configuration file of`ruoyi-ui` can be accessed through the `Web terminal` on the upper right to access the container , copy the contents of the file `/app/nginx/conf.d/web.conf`.After modifying the proxy address, save it, as shown in the following figure.Earlier we set the internal domain name of the console to `ruoyi-admin`, so replace it with `ruoyi-admin`here.修改代理地址后保存,如下图所示。之前我们设置了控制台的内部域名为 `ruoyi-admin`,所以这里替换为 `ruoyi-admin`。 -![image-20211212211158509](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/conf.jpg) +![image-20211212211158509](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/conf.jpg) #### 3. Restart the app -After completing the above two steps, we need to restart the entire application.After starting the application, go to the component page to view, you should see that each component has a similar Sidecar container, which is the data plane of Istio. After the application is switched to the Istio governance mode, all the Components will be automatically injected into the corresponding sidecar container, no additional user settings are required. - -So far, the application has been included in the scope of Istio governance.If users need more configuration of the application, they can refer to [Istio official document](https://istio.io/latest/docs/setup/getting-started/#dashboard) for expansion. - -![image](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/dataplane.png) +在完成以上两步后,我们需要重启整个应用。After completing the above two steps, we need to restart the entire application.After starting the application, go to the component page to view, you should see that each component has a similar Sidecar container, which is the data plane of Istio. After the application is switched to the Istio governance mode, all the Components will be automatically injected into the corresponding sidecar container, no additional user settings are required. +至此,该应用已纳入Istio治理范围。So far, the application has been included in the scope of Istio governance.If users need more configuration of the application, they can refer to [Istio official document](https://istio.io/latest/docs/setup/getting-started/#dashboard) for expansion. +![image](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/dataplane.png) ### Monitor and manage Istio with Kiali -In the previous steps, we hosted [or](https://gitee.com/y_project/RuoYi) using the Istio governance model.Next, let's take a look at how to use Kiali to observe the communication link between applications.In this step, the user needs to have [kubectl commands](https://www.rainbond.com/docs/user-operations/tools/kubectl?channel=toutiao). +在之前的步骤中,我们使用 Istio 治理模式纳管了 [若依](https://gitee.com/y_project/RuoYi) 。接下来则带大家一起看看如何使用 Kiali 观测应用间的通信链路。在这一步中,用户需要有 [kubectl 命令](https://www.rainbond.com/docs/user-operations/tools/kubectl?channel=toutiao)。 #### 1. Install prometheus -In Istio, each component allows Prometheus to periodically capture data by exposing the HTTP interface (using the way of Exporters).Therefore, after the Istio control plane is installed, Prometheus needs to be deployed in the istio-system namespace, and the data source of each relevant indicator of the Istio component is configured in Prometheus by default. +在Istio中,各个组件通过暴露HTTP接口的方式让Prometheus定时抓取数据(采用了Exporters的方式)。In Istio, each component allows Prometheus to periodically capture data by exposing the HTTP interface (using the way of Exporters).Therefore, after the Istio control plane is installed, Prometheus needs to be deployed in the istio-system namespace, and the data source of each relevant indicator of the Istio component is configured in Prometheus by default. As with the base app above, select the correct team and install the `Prometheus`app. -![image-20211214112547510](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/deploy-prometheus.png) +![image-20211214112547510](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/deploy-prometheus.png) #### 2. Install kiali @@ -121,13 +110,13 @@ As with the base app above, select the correct team and install the `Prometheus` Install the kiali-operator app, same as the base app above, select the correct team. -The installation process will automatically create a Service, and the access port of kiali can be exposed in the form of a third-party component of the Rainbond platform.as shown below: +The installation process will automatically create a Service, and the access port of kiali can be exposed in the form of a third-party component of the Rainbond platform.as shown below:如下图所示: -![image-20211212212924071](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/create-kiali-third-party.png) +![image-20211212212924071](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/create-kiali-third-party.png) Add an access port in the port interface, and after adding, open**external service**and use the generated gateway policy to access. -![image](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/port.jpg) +![image](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/port.jpg) kiali requires an authentication token when logging in, use the following command to get token: @@ -135,13 +124,12 @@ kiali requires an authentication token when logging in, use the following comman kubectl describe secret $(kubectl get secret -n istio-system | grep istiod-token |awk '{print $1}') -n istio-system ``` -After accessing kiali, in the Applications column, select the namespace where the application is located, and you can see the application we just created.Click to enter, you can see the flow route as follows. - -![image-20211212213849724](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/overview.png) +After accessing kiali, in the Applications column, select the namespace where the application is located, and you can see the application we just created.Click to enter, you can see the flow route as follows.点击进入,可以看到如下的流量路线。 -In the Graph column, you can also see the corresponding in-app traffic requests.For more configuration and related functions, please refer to [Kiali Official Documents](https://kiali.io/docs/installation/quick-start/)![image-20211212214035677](https://grstatic.oss-cn-shanghai.aliyuncs.com/docs/5.5/user-manual/app-manage/deploy-istio/display.png) +![image-20211212213849724](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/overview.png) +在 Graph 一栏,也可以看到对应的应用内的流量请求。In the Graph column, you can also see the corresponding in-app traffic requests.For more configuration and related functions, please refer to [Kiali Official Documents](https://kiali.io/docs/installation/quick-start/)![image-20211212214035677](https://static.goodrain.com/docs/5.5/user-manual/app-manage/deploy-istio/display.png) ## Summarize -This article briefly introduces the operation of using the Istio governance model in Rainbond.And the combination of Rainbond and the Istio governance model.Rainbond provides users with an optional plug-in system, allowing users to choose different Service Mesh frameworks according to their needs.In combination with Istio, we mainly complete the injection of the specified application data plane for users.Users can also extend the ServiceMesh framework they need through this mechanism.In the follow-up article, we will explain in detail how to make a plug-in, so please pay attention. \ No newline at end of file +本文简单介绍了在Rainbond中使用Istio治理模式的操作。以及Rainbond与Istio治理模式的结合。Rainbond为用户提供了一个可选的插件体系,使用户可以根据自己的需求选择不同的Service Mesh框架。在与Istio的结合上,我们主要为用户完成了指定应用数据平面的注入。用户也可以通过该机制扩展自己所需的ServiceMesh框架。后续文章我们将详细讲解如何制作插件,尽请关注。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-22-ingress.md b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-22-ingress.md index 084d58e80a..c509995cc4 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-22-ingress.md +++ b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-22-ingress.md @@ -1,18 +1,17 @@ --- title: Detailed explanation of Rainbond Ingress pan-resolution domain name mechanism -description: Detailed explanation of Rainbond Ingress pan-resolution domain name mechanism +description: Rainbond itself with a distributed gateway leading North-South network traffic slug: ingress +image: https://static.goodrain.com/wechat/rainbond-gateway/rainbond-gateway.png --- -:::info [Rainbond](https://www.rainbond.com/?channel=cnblog) , as a cloud native application management platform, is born with a distributed gateway rbd-gateway that guides north-south network traffic.Different from the general Ingress configuration, users need to define their own domain name experience. Rainbond's gateway policy can automatically generate a domain name access policy with one click, and users can immediately access the business system deployed on Rainbond through this domain name.This user experience is very friendly in development and testing scenarios. This article explains in detail how this mechanism is implemented. ::: +[Rainbond](https://www.rainbond.com/?channel=cnblog) as a cloud native application management platform with a distribution gateway rbd-gateway to channel North-South network flows.:::info [Rainbond](https://www.rainbond.com/?channel=cnblog) , as a cloud native application management platform, is born with a distributed gateway rbd-gateway that guides north-south network traffic.Different from the general Ingress configuration, users need to define their own domain name experience. Rainbond's gateway policy can automatically generate a domain name access policy with one click, and users can immediately access the business system deployed on Rainbond through this domain name.This user experience is very friendly in development and testing scenarios. This article explains in detail how this mechanism is implemented. :::This experience is very friendly under the development test scenario, and the article gives an idea of how this mechanism is being implemented. - - ## Gateway and Ingress -The Rainbond team developed a high-performance distributed gateway component rbd-gateway, which acts as an Ingress Controller inside the cluster to handle the north-south traffic of the cluster.It supports both L4 and L7 layer protocols, as well as advanced functions such as one-click opening of WebSocket.When using it, a detail function point is very useful, that is, a domain name address that can be accessed can be generated with one click. +The Rainbond team developed a high-performance distributed gateway component rbd-gateway, which acts as an Ingress Controller inside the cluster to handle the north-south traffic of the cluster.It supports both L4 and L7 layer protocols, as well as advanced functions such as one-click opening of WebSocket.When using it, a detail function point is very useful, that is, a domain name address that can be accessed can be generated with one click.它同时支持 L4 和 L7 层协议,以及一键开启 WebSocket 等高级功能。在使用它的时候,一个细节功能点非常好用,就是可以一键生成一个可以被访问的域名地址。 ![image-20211202142555295](https://tva1.sinaimg.cn/large/008i3skNly1gwzgzq8siij325i0dedhf.jpg) @@ -27,14 +26,10 @@ http://0.1.2.17a4cc.grapps.cn/ : the alias of the current.cn: PAN domain name of the current cluster ``` - - -In fact, this routing rule is defined by the corresponding ingress and service in Kubernetes.The entire access link can be summarized as the following figure: +In fact, this routing rule is defined by the corresponding ingress and service in Kubernetes.The entire access link can be summarized as the following figure:整个访问链路可以归纳为下图: ![](https://tva1.sinaimg.cn/large/008i3skNly1gwzkbrhzv2j31ie0u0q6w.jpg) - - Turning on the **external service** switch is equivalent to automatically generating the following resources: ```yaml @@ -95,23 +90,21 @@ status: loadBalancer: {} ``` - - ## Automatically generate domain names -For most developers, domain names are a scarce resource. How to allocate domain names for their vast Ingress rules is a very troublesome thing.After all, only when you have your own domain name can you completely control the rules of its resolution and avoid endless modifications to the `/etc/hosts` file. +For most developers, domain names are a scarce resource. How to allocate domain names for their vast Ingress rules is a very troublesome thing.After all, only when you have your own domain name can you completely control the rules of its resolution and avoid endless modifications to the `/etc/hosts` file.毕竟只有拥有了自己的域名时,才能够彻底掌控其解析的规则,避免无止境的修改 `/etc/hosts` 文件。 -Most Kubernetes management tools on the market can generate Service and Ingress resources in a semi-automatic way.This semi-automatic method specifically allows the user to input the necessary information on the graphical UI interface, and then the management tool generates the corresponding yaml configuration file and loads it into Kubernetes.But for the configured domain name, few tools can achieve the same experience as Rainbond. +Most Kubernetes management tools on the market can generate Service and Ingress resources in a semi-automatic way.This semi-automatic method specifically allows the user to input the necessary information on the graphical UI interface, and then the management tool generates the corresponding yaml configuration file and loads it into Kubernetes.But for the configured domain name, few tools can achieve the same experience as Rainbond.这种半自动的方式特指让用户在图形化 UI 界面上,输入必要的信息后,由管理工具自行生成对应的 yaml 配置文件,并加载到 Kubernetes 中去。但是对于所配置的域名,鲜有工具可以做到如 Rainbond 一样的使用体验。 The key to achieving this excellent experience lies in the use of analytic domain names. -The simplest and clearest explanation of the PAN domain name is that any domain name whose:matches the rule `*.mydomain.com` can be resolved to the same IP address.In the current usage scenario, we only need to resolve the ubiquitous domain name `*.17a4cc.grapps.cn` to the IP address of the server where the rbd-gateway is located, and then we can configure a domain name that conforms to the rules for `Ingress rule` at will. +对泛解析域名最简单明了的解释就是:符合 `*.mydomain.com` 这一规则的任意域名,都可以解析到同一个 IP 地址上去。The simplest and clearest explanation of the PAN domain name is that any domain name whose:matches the rule `*.mydomain.com` can be resolved to the same IP address.In the current usage scenario, we only need to resolve the ubiquitous domain name `*.17a4cc.grapps.cn` to the IP address of the server where the rbd-gateway is located, and then we can configure a domain name that conforms to the rules for `Ingress rule` at will. ![](https://tva1.sinaimg.cn/large/008i3skNly1gwzmi07jcnj30b60cat91.jpg) -Rainbond combines the `Ingress rule` with the pan-analytic domain name at the product design level, and automatically generates a globally unique domain name for each service port.When the cluster is installed, the resolution record is automatically registered with the public network DNS server. After the cluster is installed, all the generated domain names can be resolved by the public network. As long as the PC client can use the public network DNS service, it can be Parse the domain name and access the specified service port. +Rainbond combines the `Ingress rule` with the pan-analytic domain name at the product design level, and automatically generates a globally unique domain name for each service port.When the cluster is installed, the resolution record is automatically registered with the public network DNS server. After the cluster is installed, all the generated domain names can be resolved by the public network. As long as the PC client can use the public network DNS service, it can be Parse the domain name and access the specified service port.并在集群安装时,自动向公网 DNS 服务器注册了解析记录,集群安装完毕之后,所生成的所有域名,都是可以被公网解析的,只要 PC 客户端可以使用公网 DNS 服务,就可以解析域名,并访问到指定的服务端口。 -Rainbond distinguishes different clusters through different third-level domain names (such as `17a4cc`in the current scenario).This involves a feature of the pan-analytics domain name. The resolution record of the sub-level domain name has a higher priority than the resolution record of the parent domain name. +Rainbond distinguishes different clusters through different third-level domain names (such as `17a4cc`in the current scenario).This involves a feature of the pan-analytics domain name. The resolution record of the sub-level domain name has a higher priority than the resolution record of the parent domain name.这里涉及到关于泛解析域名的一个特点,子级域名的解析记录,优先级高于父级域名的解析记录。 ```golang ============================================== diff --git a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-27-elk.md b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-27-elk.md index 9f60646cc6..e80da0e982 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-27-elk.md +++ b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-27-elk.md @@ -1,25 +1,23 @@ --- title: Rainbond integrates ELK/EFK through plug-ins to realize log collection -description: Rainbond integrates ELK/EFK through plug-ins to realize log collection +description: This paper will introduce EFK:Elasticsearch, Filebeat and Kibana slug: elk +image: https://static.goodrain.com/wechat/EFK/ELK.png --- -:::info ELK is:acronym for three open source projects1 Elasticsearch, Logstash and Kibana.However, FileBeat, which appeared later, can completely replace the data collection function of Logstash, and it is also relatively lightweight.This article will cover **EFK:** Elasticsearch, Filebeat and Kibana ::: +ELK is the initial, abbreviated:Elasticsearch, Logstash and Kibana for three open source projects.But later FileBeat can completely replace Logstah's data collection function and be lightweight as well.This paper will introduce **EFK:** Elasticsearch, Filebeat and Kibana - ## foreword -ELK is an acronym for three open source projects:Elasticsearch, Logstash, and Kibana.However, FileBeat, which appeared later, can completely replace the data collection function of Logstash, and it is also relatively lightweight.This article will cover **EFK:** Elasticsearch, Filebeat and Kibana - -Elasticsearch:is a distributed search and analysis engine with high scalability, high reliability and easy management.Built on Apache Lucene, it can perform near real-time storage, search and analysis operations on large volumes of data.Often used as a basic search engine for some applications, giving it complex search capabilities; +ELK is an acronym for three open source projects:Elasticsearch, Logstash, and Kibana.However, FileBeat, which appeared later, can completely replace the data collection function of Logstash, and it is also relatively lightweight.This article will cover **EFK:** Elasticsearch, Filebeat and Kibana但后来出现的 FileBeat 可以完全替代 Logstash的数据收集功能,也比较轻量级。本文将介绍 **EFK:** Elasticsearch、Filebeat 和 Kibana -Kibana:data analysis and visualization platform.Use with Elasticsearch to search, analyze and display data in statistical charts; - -Filebeat:Filebeat is a lightweight transporter for forwarding and centralizing log data.Filebeat is installed on your server as an agent that monitors log files or locations you specify, collects log events, and forwards them to Elasticsearch or Logstash for indexing. +Elasticsearch:分布式搜索和分析引擎,具有高可伸缩、高可靠和易管理等特点。Elasticsearch:is a distributed search and analysis engine with high scalability, high reliability and easy management.Built on Apache Lucene, it can perform near real-time storage, search and analysis operations on large volumes of data.Often used as a basic search engine for some applications, giving it complex search capabilities;通常被用作某些应用的基础搜索引擎,使其具有复杂的搜索功能; +Kibana:数据分析和可视化平台。Kibana:data analysis and visualization platform.Use with Elasticsearch to search, analyze and display data in statistical charts; +Filebeat:Filebeat 是一个轻量级的传送器,用于转发和集中日志数据。Filebeat:Filebeat is a lightweight transporter for forwarding and centralizing log data.Filebeat is installed on your server as an agent that monitors log files or locations you specify, collects log events, and forwards them to Elasticsearch or Logstash for indexing. Through this article, learn how to collect application logs and send them to Elasticsearch by enabling the FileBeat plugin for applications running on Rainbond. @@ -33,26 +31,24 @@ When collecting logs, you need to enable the FileBeat plugin in the application This article uses the specified log path for collection. In this way, we can customize the rules for collecting logs, etc. -We made FileBeat as Rainbond's [general type plug-in](https://www.rainbond.com/docs/get-start/concept/plugin?channel=itpub) After the application is started, the plug-in also starts and automatically collects logs and sends them to Elasticsearch. The whole process is non-intrusive to the application container and has strong scalability.Similar methods can be used to connect to other log collection tools. Users can connect to different log collection tools by replacing plug-ins. +We made FileBeat as Rainbond's [general type plug-in](https://www.rainbond.com/docs/get-start/concept/plugin?channel=itpub) After the application is started, the plug-in also starts and automatically collects logs and sends them to Elasticsearch. The whole process is non-intrusive to the application container and has strong scalability.Similar methods can be used to connect to other log collection tools. Users can connect to different log collection tools by replacing plug-ins.对接其他日志收集也可以用类似方式,用户通过替换插件实现对接不同的日志收集工具。 The figure below shows the structure of using the FileBeat plugin to collect application logs in Rainbond and send them to Elasticsearch. -![image-20211223162213573](https://grstatic.oss-cn-shanghai.aliyuncs.com/wechat/EFK/es_architecture.png) +![image-20211223162213573](https://static.goodrain.com/wechat/EFK/es_architecture.png) ## Analysis of the principle of plug-in implementation -The Rainbond plug-in system is a part of the Rainbond application model. The plug-in is mainly used to realize the extended operation and maintenance capabilities of the application container.Because the implementation of operation and maintenance tools has a large commonality, the plug-in itself can be reused.Plugins have runtime status only when they are bound to the application container to implement an operation and maintenance capability, such as performance analysis plugins, network governance plugins, and initialization type plugins. +The Rainbond plug-in system is a part of the Rainbond application model. The plug-in is mainly used to realize the extended operation and maintenance capabilities of the application container.Because the implementation of operation and maintenance tools has a large commonality, the plug-in itself can be reused.Plugins have runtime status only when they are bound to the application container to implement an operation and maintenance capability, such as performance analysis plugins, network governance plugins, and initialization type plugins.由于运维工具的实现有较大的共性,因此插件本身可以被复用。插件必须绑定到应用容器时才具有运行时状态,用以实现一种运维能力,比如性能分析插件、网络治理插件、初始化类型插件。 The runtime environment of a plug-in with runtime is consistent with the bound components in the following aspects: -* **Cyberspace** is a crucial feature. Consistent cyberspace enables plug-ins to bypass monitoring and interception of component network traffic, set component local domain name resolution, and so on. -* **Storage Persistence Space** This feature enables file exchange between plugins and components through the persistence directory. -* **environment variables** This feature enables plugins to read the component's environment variables. +- **Cyberspace** is a crucial feature. Consistent cyberspace enables plug-ins to bypass monitoring and interception of component network traffic, set component local domain name resolution, and so on. +- **Storage Persistence Space** This feature enables file exchange between plugins and components through the persistence directory. +- **environment variables** This feature enables plugins to read the component's environment variables. In the process of making the FileBeat plug-in, the **general type plug-in**is used, which can be understood as one POD starts two Containers. Kubernetes natively supports starting multiple Containers in one POD, but the configuration is relatively complicated. User operation is simple. - - ## One-click installation of EK via the Rainbond app store We have made elasticsearch + Kibana as an application and released it to the application market, users can install it with one click based on the open source application store. @@ -60,11 +56,11 @@ We have made elasticsearch + Kibana as an application and released it to the app 1. Install Rainbond 2. Search for elasticsearch in the open source application store, click install to install it with one click; -![image-20211223163856435](https://grstatic.oss-cn-shanghai.aliyuncs.com/wechat/EFK/es_store.png) +![image-20211223163856435](https://static.goodrain.com/wechat/EFK/es_store.png) -![image-20211223164246240](https://grstatic.oss-cn-shanghai.aliyuncs.com/wechat/EFK/es_topology.png) +![image-20211223164246240](https://static.goodrain.com/wechat/EFK/es_topology.png) -3. `elasticsearch` has the xpack security module enabled by default to secure our cluster, so we need an initial password.We enter the `elasticsearch` web terminal and execute the command as shown below, run the `bin/elasticsearch-setup-passwords` command in the web terminal to generate the default username and password: +3. `elasticsearch` has the xpack security module enabled by default to secure our cluster, so we need an initial password.We enter the `elasticsearch` web terminal and execute the command as shown below, run the `bin/elasticsearch-setup-passwords` command in the web terminal to generate the default username and password:我们进入 `elasticsearch` Web终端执行如下所示的命令,Web终端内运行 `bin/elasticsearch-setup-passwords` 命令来生成默认的用户名和密码: ```shell bin/elasticsearch-setup-passwords parameter @@ -74,32 +70,28 @@ interactive fill in manually 4. Enter the environment variables of the `Kibana` component and modify the default connection `elasticsearch`environment variable `ELASTICSEARCH_PASSWORD`. - - ## Collect application logs Use Nginx as the demo application of this article, and use the mirror to create components on Rainbond, -* Mirror address:`nginx:latest` -* Mount the storage:`/var/log/nginx`to persist the Nginx log, and the Filebeat plugin can read the log file. - - +- Mirror address:`nginx:latest` +- Mount the storage:`/var/log/nginx`to persist the Nginx log, and the Filebeat plugin can read the log file. **Make a FileBeat plugin** -On the Rainbond team interface, click Plug-in to enter the Plug-in interface, click New Plug-in, and create a general type of plug-in. +在Rainbond团队界面点击插件后进入插件界面,点击新建插件,创建一般类型插件。 -* Image address:docker.elastic.co/beats/filebeat:7.15.2 -* Other customizations are available. +- Image address:docker.elastic.co/beats/filebeat:7.15.2 +- Other customizations are available. -![image-20211223165325136](https://grstatic.oss-cn-shanghai.aliyuncs.com/wechat/EFK/create_plugin.png) +![image-20211223165325136](https://static.goodrain.com/wechat/EFK/create_plugin.png) Create the plug-in and build it. After the build is successful, we enable the FileBeat plug-in in the plug-in of the Nginx component. In the environment configuration of the Nginx component, add the FileBeat configuration file as follows. For more configuration, please refer to [official document](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html) -* Configuration file mount path:/usr/share/filebeat/filebeat.yml -* Profile permissions:644 +- Configuration file mount path:/usr/share/filebeat/filebeat.yml +- Profile permissions:644 ```yaml filebeat.inputs: @@ -112,14 +104,10 @@ output.elasticsearch: password: "elastic " ``` - - **build dependencies** Establish a dependency between Nginx and elasticsearch, so that it can communicate with `elasticsearch` through the `127.0.0.1`address, and update the Nginx component to make the dependency take effect. - - **Visit Kibana** > Kibana has been localized by default @@ -130,9 +118,7 @@ Establish a dependency between Nginx and elasticsearch, so that it can communica 3. `Discover` page to see log information. -![image-20211223180227267](https://grstatic.oss-cn-shanghai.aliyuncs.com/wechat/EFK/discover.png) - - +![image-20211223180227267](https://static.goodrain.com/wechat/EFK/discover.png) ## Summarize diff --git a/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-27-maxkey.md b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-27-maxkey.md new file mode 100644 index 0000000000..935e82fdf1 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2021/2021-12-27-maxkey.md @@ -0,0 +1,65 @@ +--- +title: Deploy MaxKey on Rainbond +description: MaxKey is an industry-led IAM identity management and authentication product, domestic open source IAM first brand +slug: maxkey +image: /img/partners/maxkey.png +--- + + + +### 1.MaxKey简介 + +业界领先的身份管理和认证产品 + +MaxKey单点登录认证系统谐音为马克思的钥匙,寓意是最大钥匙,业界领先的企业级IAM身份管理和认证产品,国内开源IAM第一品牌 + +- 统一认证和单点登录,简化账号登录过程,保护账号和密码安全,对账号进行统一管理。 +- 提供简单、标准、安全和开放的用户身份管理(IDM)、身份认证(AM)、单点登录(SSO)、资源管理和权限管理(RBAC)等. +- 标准安全策略包括密码策略,访问策略;事后安全审计,对用户全生命周期审计、访问行为记录追溯审计、安全合规审计、安全风险预警。 + +### 2.通过Rainbond应用商店快速安装MaxKey + +- 在开源应用商店中搜索 `MaxKey`,点击安装 + +![](https://static.goodrain.com/docs/5.4/opensource-app/maxkey/maxkey-install.png) + +- 部署完成后的拓扑图。 + +- `maxkey-web-maxkey` 是认证服务,`maxkey-web-mgt` 是管理服务。 + > 账号密码均是:admin maxkey + +![](https://static.goodrain.com/docs/5.4/opensource-app/maxkey/tuoputu.png) + +### 3.MaxKey能做什么 + +- MaxKey是认证平台,可将公司内部的服务平台对接至MaxKey,进行统一登录。比如可以将公司内部的 `GitLab` `禅道` `Jenkins` 等支持单点登录协议的服务平台。 +- 本文将通过对接 `禅道` 实现统一登录。 + +**通过Rainbond应用商店快速安装禅道** + +- 在开源应用商店中搜索 `禅道`,点击进行安装。 + +![](https://static.goodrain.com/docs/5.4/opensource-app/maxkey/zentao.png) + +- 安装完成后,访问 [禅道 ](https://www.zentao.net/book)进行初始化设置。 + + > Mysql密码在组件的依赖中获取。 + +- 进入禅道后,点击 后台 > 二次开发 > 应用 > 添加应用。 + - 名称:自定义 + - 代号:maxkey + - 免密登录:开启 + - IP:无限制 + +**配置MaxKey实现统一登录** + +- 进入MaxKey管理服务中,进入应用管理页,编辑 `禅道项目管理`,进入编辑页面。 +- 需修改: + - 登录地址:禅道登录地址 + - 秘钥:填写上一步在禅道中添加应用时的秘钥 + +![](https://static.goodrain.com/docs/5.4/opensource-app/maxkey/maxkey-config.png) + +- 进入 MaxKey认证服务中,点击`禅道项目管理`,即可跳转至禅道页面并自动登录。 + +![](https://static.goodrain.com/images/maxkey-zentao.gif) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-01-06-istioSource.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-01-06-istioSource.md index bb034ea9e1..9d1c0eb0c4 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-01-06-istioSource.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-01-06-istioSource.md @@ -1,35 +1,40 @@ --- title: Rainbond docking Istio principle explanation and code implementation analysis -description: Rainbond docking Istio principle explanation and code implementation analysis +description: For users, the results to be achieved in a test environment are fast and boxed.However, in production environments there may be another demand for melting, delayed infusion slug: istioSource +image: https://static.goodrain.com/wechat/istio/istio.jpeg --- -:::info There are many existing ServiceMesh frameworks, such as Istio, linkerd, etc.For users, in the test environment, the effect that needs to be achieved is fast and out-of-the-box.However, in the production environment, there may be requirements such as fusing and delay injection.Then a single ServiceMesh framework cannot meet the different needs of users at the same time. - -In previous Rainbond versions, Rainbond supported a variety of different application governance modes. As an application-level plug-in, it implemented the switching of Istio governance modes. + -This article will analyze the principle of Rainbond's implementation of the Istio governance model. ::: +现有的 ServiceMesh 框架有很多,如 Istio、linkerd等。对于用户而言,在测试环境下,需要达到的效果是快、开箱即用。但在生产环境下,可能又有熔断、延时注入等需求。那么单一的 ServiceMesh 框架无法同时满足用户不同的需求。 - +In previous Rainbond versions, Rainbond supported a variety of different application governance modes. As an application-level plug-in, it implemented the switching of Istio governance modes. +本文将对Rainbond 实现Istio治理模式进行原理解析。 ## Fundamental + ### Dynamic Admission Control -First of all, we need to understand a knowledge, how Istio achieves automatic injection.In fact, different ServiceMesh frameworks such as Istio and linkerd use a very important function in Kubernetes called Dynamic Admission Control, also called:Initializer. -This function will be called immediately after the API object is created.Before the API object is formally processed, some initialization preparations are done.So after deploying the Istio control plane, when you submit the Yaml file of the API object, it will be captured by the Istio admission controller and complete some PATCH operations, such as adding the corresponding Sidecar container field.Finally, the API object after the PATCH is handed over to Kubernetes for processing.Next, we will introduce the injection mechanism of the ServiceMesh framework in detail. +首先我们需要了解一个知识,Istio 是如何实现自动注入的。First of all, we need to understand a knowledge, how Istio achieves automatic injection.In fact, different ServiceMesh frameworks such as Istio and linkerd use a very important function in Kubernetes called Dynamic Admission Control, also called:Initializer. + +这个功能会在 API 对象创建之后会被立刻调用到。在 API 对象被正式处理前,完成一些初始化的准备工作。This function will be called immediately after the API object is created.Before the API object is formally processed, some initialization preparations are done.So after deploying the Istio control plane, when you submit the Yaml file of the API object, it will be captured by the Istio admission controller and complete some PATCH operations, such as adding the corresponding Sidecar container field.Finally, the API object after the PATCH is handed over to Kubernetes for processing.Next, we will introduce the injection mechanism of the ServiceMesh framework in detail.最终将这个 PATCH 过后的 API 对象交给 Kubernetes 处理。接下来就详细介绍下 ServiceMesh 框架的注入机制。 ### How to inject automatically -Users need to deploy the Istio control plane in the cluster first.It will contain an Initializer to automatically inject Envoy containers for Pods. First, Istio will save the definition of the Envoy container itself in Kubernetes as a ConfigMap.When the controller of the Initializer monitors the creation of an API object that conforms to the rules [here refers to the corresponding Annoations] through Admission-Webhooks, it reads the corresponding ConfigMap to obtain the configuration of the Envoy container.And the related fields are automatically added to the API object of the Pod submitted by the user.See the diagram and description below for details. + +用户需要先在集群中部署 Istio 的控制平面。它会包含一个用来为 Pod 自动注入 Envoy 容器的 Initializer。 +首先, Istio 会将 Envoy 容器本身的定义,以 ConfigMap 的方式保存在 Kubernetes 当中。当 Initializer 的控制器,通过 Admission-Webhooks 监听到符合规则【此处指对应的 Annoations】的 API 对象被创建后,读取对应的 ConfigMap 获取到 Envoy 容器的配置。并将相关的字段,自动添加到用户提交的 Pod 的 API 对象里。详见下图和说明。 ![](https://static.goodrain.com/wechat/initializer-istio/Process.png) The above picture shows the processing done by the cluster after submitting the yaml file to the Kubernetes cluster, which is roughly divided into the following steps: + 1. The Yaml file is submitted to the APIServer, and the APIServer will filter the request and complete some preliminary work, such as authorization, timeout processing, and auditing. 2. APIServer will find the type definition corresponding to the Pod, and if it exists, it will convert the Pod to an object. -3. Next, the Admission operation is performed. The Admission operation is a set of codes that will be called immediately after creation. It can complete some initialization operations, such as adding some Labels before the object is created, but since it is compiled into APIServer , so users need to recompile and restart APIServer after modification.Fortunately,:provides a "hot-plug" type of Admission mechanism, the Initializer. +3. Next, the Admission operation is performed. The Admission operation is a set of codes that will be called immediately after creation. It can complete some initialization operations, such as adding some Labels before the object is created, but since it is compiled into APIServer , so users need to recompile and restart APIServer after modification.Fortunately,:provides a "hot-plug" type of Admission mechanism, the Initializer.幸运的是:Kubernetes 提供了一种“热插拔”式的 Admission 机制,即 Initializer。 4. At present, projects such as istio and linkerd have implemented the Initializer mechanism, that is to say, when the submitted Yaml file contains its specified Annoations field, the admission controller they deploy will capture the corresponding API object. The Pod performs the initialization operation, that is, adds the relevant configuration of the Sidecar container. @@ -38,37 +43,38 @@ The above picture shows the processing done by the cluster after submitting the 6. After the verification is completed, the corresponding information will be saved in etcd, and the creation of an API object is completed. ## Extended Application Governance Model - After understanding the injection mechanism of the existing ServiceMesh framework, we can develop Rainbond's application-level plug-ins based on this to extend the application's governance capabilities.We know that most of the existing ServiceMesh frameworks use the standard Initializer implementation.So we only need to complete the following two steps. + +After understanding the injection mechanism of the existing ServiceMesh framework, we can develop Rainbond's application-level plug-ins based on this to extend the application's governance capabilities.We know that most of the existing ServiceMesh frameworks use the standard Initializer implementation.So we only need to complete the following two steps.我们知道由于现有的 ServiceMesh 框架大多采用了标准的 Initializer 实现。所以我们只需要完成以下两步即可。 1. Deploying the Initializer controllers corresponding to the ServiceMesh framework usually means deploying their control planes. Here, based on Rainbond's existing function of docking with the helm store, it can be easily deployed. 2. Implement application-based data plane injection. ### Development of the Istio governance model - Next, take the development of the Istio governance model as an example to introduce in detail how to expand the governance capabilities of the application. + +Next, take the development of the Istio governance model as an example to introduce in detail how to expand the governance capabilities of the application. ### Front-end display supports Istio application governance mode: + Rainbond is mainly divided into two layers, namely the business layer and the data center layer. For details, please refer to the Rainbond technical architecture. rainbond-ui is the front-end project of the business layer. First, it needs to support the Istio governance model. Since Rainbond is an application-centric application management platform, the Istio governance model is also for applications. -As shown in the figure below:On the application page, you can switch the governance mode.We need to add the Istio governance model here. +如下图所示:在应用页面,可以切换治理模式。我们需要在这里增加 Istio 治理模式。 ![](https://static.goodrain.com/wechat/initializer-istio/istio-ui.png) - - ### Governance Model Validity Verification -The mechanism of Initializer determines that there needs to be an admission controller to process eligible API objects.Usually the admission controller is included in the control plane of the corresponding ServiceMesh framework. +Initializer 的机制决定了,需要有一个准入控制器,去处理符合条件的 API 对象。通常情况下准入控制器包含在对应 ServiceMesh 框架的控制平面中。 -Therefore, when we switch the governance mode, we need to verify whether the control plane corresponding to the ServiceMesh framework has been deployed in the cluster. This step should be verified during the switch.If the corresponding control plane is not deployed, it does not have the corresponding governance capability.It cannot be switched. +Therefore, when we switch the governance mode, we need to verify whether the control plane corresponding to the ServiceMesh framework has been deployed in the cluster. This step should be verified during the switch.If the corresponding control plane is not deployed, it does not have the corresponding governance capability.It cannot be switched.如果未部署对应的控制平面,则不具有对应的治理能力。也就不能切换。 -According to the Rainbond technical architecture, we can know that the rainbond-console belongs to the backend of the business layer.It needs to communicate with the data center side to get the status of the cluster.Therefore, in both rainbond-console and rainbond projects, the validity of the governance model needs to be verified. +According to the Rainbond technical architecture, we can know that the rainbond-console belongs to the backend of the business layer.It needs to communicate with the data center side to get the status of the cluster.Therefore, in both rainbond-console and rainbond projects, the validity of the governance model needs to be verified.它需要与数据中心端进行通信,才能获取集群的状态。因此在 rainbond-console 和 rainbond 这两个项目中,都需要对治理模式的有效性进行校验。 #### rainbond-console checks the validity of the governance mode -Referring to the following code, class `GovernanceModeEnum` defines the supported governance modes.First, we need to add `ISTIO_SERVICE_MESH`to the governance model to judge whether the governance model is valid at the business layer.When the verification here is passed, we need to request the interface of the data center to check whether the corresponding control plane has been installed in this governance mode. +参考如下代码,类 `GovernanceModeEnum` 定义了支持的治理模式。首先我们需要在治理模式这里增加 `ISTIO_SERVICE_MESH`,用于在业务层判断治理模式是否有效。当此处校验通过后,我们需要请求数据中心端的接口,检测此种治理模式是否已安装了对应的控制平面。 `/console/enum/app.py` @@ -86,9 +92,11 @@ class GovernanceModeEnum(AutoNumber): def names(cls): return [key.name for key in cls] ``` + #### Rainbond checks the validity of the governance mode -When receiving the verification request from the business side, we need to check whether the control plane of the corresponding ServiceMesh framework has been deployed in the cluster.Referring to the following code, after deploying the Istio control plane, the ConfigMap `istio-ca-root-cert`can be viewed in each namespace, so we use this ConfigMap as the basis for judging the deployment of the Istio control plane. After confirming that the Istio control plane is installed, we return the result to the business side.Finally complete the switch. +When receiving the verification request from the business side, we need to check whether the control plane of the corresponding ServiceMesh framework has been deployed in the cluster.Referring to the following code, after deploying the Istio control plane, the ConfigMap `istio-ca-root-cert`can be viewed in each namespace, so we use this ConfigMap as the basis for judging the deployment of the Istio control plane. After confirming that the Istio control plane is installed, we return the result to the business side.Finally complete the switch.参考如下代码,由于部署 Istio 控制平面后,在每个命名空间下都可以查看到 `istio-ca-root-cert`这个 ConfigMap,所以我们这里使用该 ConfigMap 作为判断 Istio 控制平面部署的依据。 +当确认 Istio 控制平面已安装后,我们返回给业务端结果。最终完成切换。 `/api/handler/app_governance_mode/adaptor/istio.go` @@ -108,14 +116,13 @@ func (i *istioServiceMeshMode) IsInstalledControlPlane() bool { } ``` - #### Implement application-based data plane injection -It is not enough to just switch the governance mode, we need to let the Istio control plane inject the sidecar, the data plane, for the specified application.Rainbond itself instantiates the Rainbond-Application Model into a Kubernetes resource model through the Worker component.Control the life cycle of the application. +仅仅完成治理模式的切换还不够,我们需要让 Istio 的控制平面为指定的应用注入 Sidecar,即数据平面。It is not enough to just switch the governance mode, we need to let the Istio control plane inject the sidecar, the data plane, for the specified application.Rainbond itself instantiates the Rainbond-Application Model into a Kubernetes resource model through the Worker component.Control the life cycle of the application.控制应用的生命周期。 -Therefore, we need to automatically complete the injection of the application for the user when the Worker component converts resources.See Istio injection strategy.We can find that Istio relies on Label `"sidecar.istio.io/inject": "true"` to complete the injection.In Rainbond's code, we can see the following code.This is part of the code that converts Rainbond's application model into a Deployment.Here, we add corresponding injectLabels for Deployment. +因此,我们需要在 Worker 组件转化资源时,自动为用户完成对应用的注入。参考 Istio 注入策略。我们可以发现 Istio 依赖于 Label `"sidecar.istio.io/inject": "true"` 完成注入。而在 Rainbond的代码中,我们可以看到如下代码。这是将 Rainbond 的应用模型转化为 Deployment 的部分代码。在这里,我们为 Deployment 添加了对应的 injectLabels。 -With these initialization operations.When the API object is created, it will be processed by Istio's admission controller to complete the data plane injection. +有了这些初始化操作。With these initialization operations.When the API object is created, it will be processed by Istio's admission controller to complete the data plane injection. `/worker/appm/conversion/service.go` @@ -145,9 +152,10 @@ func getInjectLabels(as *v1.AppService) map[string]string { return injectLabels } ``` -For different application governance modes, we can refer to the code extended by the application governance mode.By implementing the following interface, you can complete the switching and injection of the governance mode under the application. -Among them, the implementation of the interface`IsInstalledControlPlane`has been reflected in the front.It is mainly used to judge whether the control plane has been installed and can be used normally.`GetInjectLabels`is mainly used to add the specified Labels when the Worker component converts the application model into a Kubernetes resource so that it can be processed by the deployed admission controller. +For different application governance modes, we can refer to the code extended by the application governance mode.By implementing the following interface, you can complete the switching and injection of the governance mode under the application.实现如下接口,便可以完成应用下治理模式的切换和注入。 + +其中`IsInstalledControlPlane`这个接口的实现在前面已经体现。它主要用于判断控制平面是否已完成安装,可以正常使用。Among them, the implementation of the interface`IsInstalledControlPlane`has been reflected in the front.It is mainly used to judge whether the control plane has been installed and can be used normally.`GetInjectLabels`is mainly used to add the specified Labels when the Worker component converts the application model into a Kubernetes resource so that it can be processed by the deployed admission controller. `/api/handler/app_governance_mode/adaptor/app_governance_mode.go` @@ -157,25 +165,24 @@ type AppGoveranceModeHandler interface { GetInjectLabels() map[string]string } ``` -## Summarize -In this article, we mainly introduce the injection mechanism and development of the application governance mode. Users can complete the switching of the governance mode under the application through the above two steps by referring to the official documentation of the ServiceMesh plug-in that needs to be injected.Enables applications to gain different governance capabilities. +## Summarize +In this article, we mainly introduce the injection mechanism and development of the application governance mode. Users can complete the switching of the governance mode under the application through the above two steps by referring to the official documentation of the ServiceMesh plug-in that needs to be injected.Enables applications to gain different governance capabilities.使应用获得不同的治理能力。 ## Reference Link -* [Dynamic Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#initializers) - -* [Rainbond-UI implements Istio Commit](https://github.com/goodrain/rainbond-ui/commit/2830fc585df12f1cc4443f7e73a63daf8254742e) +- [Dynamic Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#initializers) -* [Rainbond-Console implements Istio Commit](https://github.com/goodrain/rainbond-console/commit/dd09c1f05519fa08f013a889260180f05c22f58a) +- [Rainbond-UI implements Istio Commit](https://github.com/goodrain/rainbond-ui/commit/2830fc585df12f1cc4443f7e73a63daf8254742e) -* Rainbond implements Istio Commit: - * [Istio.go](https://github.com/goodrain/rainbond/blob/4f62d79a5858d1161e6ad719848bfddeb33aeb83/api/handler/app_governance_mode/adaptor/istio.go#L23) - * [service.go](https://github.com/goodrain/rainbond/blob/cf00c0d5ebe0f455ab8f5d49139616df0f7c1f9f/worker/appm/conversion/service.go#L207) - * [app_governance_mode.go](https://github.com/goodrain/rainbond/blob/4f62d79a5858d1161e6ad719848bfddeb33aeb83/api/handler/app_governance_mode/adaptor/app_governance_mode.go#L10) +- [Rainbond-Console implements Istio Commit](https://github.com/goodrain/rainbond-console/commit/dd09c1f05519fa08f013a889260180f05c22f58a) -* [Rainbond Technical Architecture](https://www.rainbond.com/docs/architecture/architecture?channel=cnblog) +- Rainbond implements Istio Commit: + - [Istio.go](https://github.com/goodrain/rainbond/blob/4f62d79a5858d1161e6ad719848bfddeb33aeb83/api/handler/app_governance_mode/adaptor/istio.go#L23) + - [service.go](https://github.com/goodrain/rainbond/blob/cf00c0d5ebe0f455ab8f5d49139616df0f7c1f9f/worker/appm/conversion/service.go#L207) + - [app_governance_mode.go](https://github.com/goodrain/rainbond/blob/4f62d79a5858d1161e6ad719848bfddeb33aeb83/api/handler/app_governance_mode/adaptor/app_governance_mode.go#L10) -* [Istio injection strategy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) +- [Rainbond Technical Architecture](https://www.rainbond.com/docs/architecture/architecture?channel=cnblog) +- [Istio injection strategy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-01-18-Locust.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-01-18-Locust.md index a5af2e997d..46d0d54bc9 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-01-18-Locust.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-01-18-Locust.md @@ -1,12 +1,13 @@ --- title: Stress testing with Locust on Rainbond -description: Stress testing with Locust on Rainbond +description: :::info [Locust](https://locust.io) is an easy-to-use, scriptable and extensible performance testing tool.And there is a user-friendly web interface that displays test progress in real time.The load can even be changed while the test is running.It can also run without UI, making it easy to use for CI/CD testing. slug: Locust +image: https://static.goodrain.com/wechat/locus/loct-logo.jpeg --- -:::info [Locust](https://locust.io) is an easy-to-use, scriptable and extensible performance testing tool.And there is a user-friendly web interface that displays test progress in real time.The load can even be changed while the test is running.It can also run without UI, making it easy to use for CI/CD testing. +[Locust](https://locust.io) is an easy-to-use, writable and extensible performance test tool.And there is a user-friendly, web interface that shows test progress in real time.You can even change load when testing is running.It can also run without a UI to make it easy to use for CI/CD tests. -Locust makes it easy to run load tests that are distributed across multiple machines.Locust is based on events (gevent), so it can support thousands of concurrent users on a single computer.In contrast to many other event-based applications, it does not use callbacks.Instead, it uses lightweight processes via gevent.Each Locust (locust) concurrently accessing the site is actually running in its own process (Greenlet).This allows users to write very expressive scenarios in Python without having to use callbacks or other mechanisms. ::: +Locust makes it easy to run load tests that are distributed across multiple machines.Locust is based on events (gevent), so it can support thousands of concurrent users on a single computer.In contrast to many other event-based applications, it does not use callbacks.Instead, it uses lightweight processes via gevent.Each Locust (locust) concurrently accessing the site is actually running in its own process (Greenlet).This allows users to write very expressive scenarios in Python without having to use callbacks or other mechanisms. :::Locust is based on events and can therefore support thousands of parallel users on a computer.Compared to many other event-based applications, it does not use callbacks.Instead, it uses a lightweight process through gevent.Every Locust (locusts) that has concurrent access to the site actually runs in its own process (Greenlet).This allows users to write a very performing scenario in Python, without using a callback or other mechanism. @@ -16,8 +17,6 @@ Locust makes it easy to run load tests that are distributed across multiple mach ![](https://static.goodrain.com/wechat/locust/install-locust.png) - - After the installation is complete, you will get a Locust master-slave cluster, in which the master component is responsible for providing the UI interface and scheduling concurrent tasks; the slave component is responsible for executing concurrent tasks, and the slave component also supports horizontal scaling. When the generated test concurrency reaches a certain level When the limit is reached, you only need to expand the instance of the slave component, such as: ![](https://static.goodrain.com/wechat/locust/tp.png) @@ -36,15 +35,13 @@ After the installation is complete, you will get a Locust master-slave cluster, **Host** Fill in the site address you want to stress test. - - After the Host and the user, the concurrency is defined, it is necessary to define the test case, that is, the behavior of the user after accessing the Host. Locust defines the user behavior through a Python script named`/locustfile.py` On the Rainbond platform `Locust_Master` components within `environment configuration` -> `configuration file settings` for editing modification. ![](https://static.goodrain.com/wechat/locust/locustfile.png) The code example is as: -``` python +```python from locust import HttpUser, task, between class MyUser(HttpUser): @@ -61,15 +58,13 @@ class MyUser(HttpUser): This script will mimic the following behavior in order: -1. Host's `path twice +1. Host's \`path twice 2. Request Host's `/docs/` path once 3. Between each execution of the task, the interval is 5-15 seconds -The reason for this design is that the designers of Locust believe that the real user behavior will not execute all the requests one after another like a script and then exit.In more cases, after the user has done one thing, he will pause for a while, such as reading the instructions and thinking about what to do next.So a blank period of random duration is left between each step.This assumption is actually more in line with the actual user behavior. - -This file will be mounted on the `locust_master` component as a configuration file, and shared with all`locust_slave`components.This means that if you want to change the content of this file, you only need to edit the configuration file mounted under the environment configuration in the `locust_master` component.Then update the entire Locust cluster to take effect. - +The reason for this design is that the designers of Locust believe that the real user behavior will not execute all the requests one after another like a script and then exit.In more cases, after the user has done one thing, he will pause for a while, such as reading the instructions and thinking about what to do next.So a blank period of random duration is left between each step.This assumption is actually more in line with the actual user behavior.更多的情况是,用户做完一件事后,会停顿一会,比如读读说明,思考下一步要干嘛。所以会在每个步骤之间留下一个随机时长的空白期。这种假设实际上更符合用户实际行为。 +This file will be mounted on the `locust_master` component as a configuration file, and shared with all`locust_slave`components.This means that if you want to change the content of this file, you only need to edit the configuration file mounted under the environment configuration in the `locust_master` component.Then update the entire Locust cluster to take effect.这意味着,如果你想要更改这个文件的内容,只需要去编辑 `locust_master` 组件中,环境配置下所挂载的配置文件即可。然后更新整个 Locust 集群即可生效。 ## Result analysis @@ -77,32 +72,32 @@ With the help of the WEB-UI interface provided by Locust, we can easily analyze ![](https://static.goodrain.com/wechat/locust/locust-result.png) -The Statistics page will show us a summary report of all the interfaces under pressure.Results include: - -**Type** Request Type; -**Name** Request Path; -**Requests** Total Requests; -**Fails** Fails; -**Median** Median Response Time; -**90%ile** 90% Request response time; -**Average** Average response time; -**Min** Minimum response time; -**Max** Maximum response time; -**Average size** Average size of requests; -**Current PRS** Current throughput rate; +The Statistics page will show us a summary report of all the interfaces under pressure.Results include:结果包括: + +**Type** Request Type;\ +**Name** Request Path;\ +**Requests** Total Requests;\ +**Fails** Fails;\ +**Median** Median Response Time;\ +**90%ile** 90% Request response time;\ +**Average** Average response time;\ +**Min** Minimum response time;\ +**Max** Maximum response time;\ +**Average size** Average size of requests;\ +**Current PRS** Current throughput rate;\ **Current Failures** Current error rate; ![](https://static.goodrain.com/wechat/locust/locust-charts.png) The Charts page plots key results as time-varying charts that guide users on trends. -In addition to these, there are several notable values that will be displayed globally in the top row, including the host domain name of the current request, the number of concurrent users currently generated, the number of slave nodes, the total throughput rate of all currently requested interfaces, errors Rate.and a button to stop the test. +In addition to these, there are several notable values that will be displayed globally in the top row, including the host domain name of the current request, the number of concurrent users currently generated, the number of slave nodes, the total throughput rate of all currently requested interfaces, errors Rate.and a button to stop the test.以及停止测试的按钮。 Several other pages will provide: -**Failures** Request failed interface and failure reason; -**Expections** Unexpected error in test and error reason -**Download Data** Download address of test data in csv format +**Failures** Request failed interface and failure reason;\ +**Expections** Unexpected error in test and error reason\ +**Download Data** Download address of test data in csv format\ **Workers** Information of all slave instances For more tutorials, please refer to[Locust official documentation](http://docs.locust.io/en/stable/what-is-locust.html) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-08-JmxExporter.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-08-JmxExporter.md index abee9c09a9..f4e16130fb 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-08-JmxExporter.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-08-JmxExporter.md @@ -1,10 +1,11 @@ --- title: Monitoring Java applications on Rainbond with JMX Exporter -description: Monitoring Java applications on Rainbond with JMX Exporter +description: :::info The Prometheus community developed JMX Exporter to export JVM monitoring metrics so that Prometheus can be used to collect monitoring data.When your Java application is deployed on Rainbond slug: JmxExporter +image: https://static.goodrain.com/wechat/jmx-exporter/jmx-exporter.png --- -:::info The Prometheus community developed JMX Exporter to export JVM monitoring metrics so that Prometheus can be used to collect monitoring data.When your Java application is deployed on Rainbond +The Prometheus community has developed JMX Exporter for the export of JVM monitoring indicators in order to use Prometheus to collect monitoring data.When your Java app is deployed on Rainbond Learn how Java applications deployed on Rainbond can use the JMX Exporter to expose JVM monitoring metrics. ::: @@ -12,28 +13,24 @@ Learn how Java applications deployed on Rainbond can use the JMX Exporter to exp ## Introduction to JMX Exporter -Java Management Extensions, JMX is an extension framework for managing Java, JMX Exporter reads the runtime state of the JVM based on this framework.JMX Exporter uses Java's JMX mechanism to read the monitoring data of the JVM runtime, and then converts it into a metrics format that can be recognized by Prometheus, so that Prometheus can monitor and collect it. +Java Management Extensions,JMX 是管理 Java 的一种扩展框架,JMX Exporter 基于此框架读取 JVM 的运行时状态。Java Management Extensions, JMX is an extension framework for managing Java, JMX Exporter reads the runtime state of the JVM based on this framework.JMX Exporter uses Java's JMX mechanism to read the monitoring data of the JVM runtime, and then converts it into a metrics format that can be recognized by Prometheus, so that Prometheus can monitor and collect it. JMX Exporter provides `start independent process` and `JVM in-process start (in:process)`two ways to expose JVM monitoring indicators4 **Start independent process** -The parameters are specified when the JVM starts, and the RMI interface of JMX is exposed.JMX Exporter calls RMI to obtain JVM runtime status data, converts it to Prometheus metrics format, and exposes ports for Prometheus to collect. +JVM 启动时指定参数,暴露 JMX 的 RMI 接口。The parameters are specified when the JVM starts, and the RMI interface of JMX is exposed.JMX Exporter calls RMI to obtain JVM runtime status data, converts it to Prometheus metrics format, and exposes ports for Prometheus to collect. **JVM in-process start (in-process)** Specify parameters when the JVM starts, run the JMX Exporter jar package in the form of javaagent, read the JVM runtime status data in the process, convert it to the Prometheus metrics format, and expose the port for Prometheus to collect. -> Officially, it is not recommended to use `to start an independent process` This method is complicated to configure and requires a separate process, and the monitoring of the process itself has caused new problems.This article takes the `JVM in-process (in-process)`method as an example, and uses the JMX Exporter in Rainbond to expose the JVM monitoring indicators. - - +> 官方不建议使用 `启动独立进程` 方式,该方式配置复杂且需单独的进程,进程本身的监控又引发了新的问题。Officially, it is not recommended to use `to start an independent process` This method is complicated to configure and requires a separate process, and the monitoring of the process itself has caused new problems.This article takes the `JVM in-process (in-process)`method as an example, and uses the JMX Exporter in Rainbond to expose the JVM monitoring indicators. ## Using the JMX Exporter on Rainbond On[Rainbond](https://www.rainbond.com?channel=k8s), components with different build types are handled differently, as follows - - **Java applications built from source** JAVA applications built from Rainbond source code since V5.3 will be packaged with `JMX Exporter` by default, and users only need to add environment variables to enable them. @@ -42,15 +39,13 @@ JAVA applications built from Rainbond source code since V5.3 will be packaged wi 2. Add a port `5556` to the port management of the JAVA service component, which is the default port that jmx_exporter listens on. - - **Java applications built from images** For mirrored or market-built apps, you can inject `jmx_agent`using an initialization type of plugin. -The implementation principle has been explained in detail in previous articles. You can refer to:[Rainbond integrates SkyWalking through plug-ins to realize APM plug-and-play](https://mp.weixin.qq.com/s/cqZsy2TEYStoRaDDOdSbcQ) *Agent plug-in implementation principle part*. +The implementation principle has been explained in detail in previous articles. You can refer to:[Rainbond integrates SkyWalking through plug-ins to realize APM plug-and-play](https://mp.weixin.qq.com/s/cqZsy2TEYStoRaDDOdSbcQ) _Agent plug-in implementation principle part_. -* Build the jmx_exporter plugin +- Build the jmx_exporter plugin Enter the team -> plugins -> create a new plugin, create an initialization type plugin, source address:https://github.com/goodrain-apps/jmx_exporter.git @@ -58,62 +53,54 @@ Enter the team -> plugins -> create a new plugin, create an initialization type After the plug-in is successfully constructed, it can be used, and this plug-in can be activated for the JAVA service component. -* mount storage +- mount storage Mount storage `/tmp/agent`for the JAVA service component so that it can share storage with plugins. Through the shared storage, the initialization plug-in puts the required configuration files and `Agent` in the shared storage for the main service to use, so as to realize the service without intrusion. -* add environment variable +- add environment variable Add environment variable `for JAVA service component JAVA_OPTS = -javaagent:/tmp/agent/jmx_prometheus_javaagent-0.16.1.jar=5556:/tmp/agent/prometheus-jmx-config.yaml` The mountable configuration file `/tmp/agent/prometheus-jmx-config.yaml` replaces the existing configuration file. -* add port +- add port In the port management of the component, add a new port `5556` The last update component will take effect. - - ## Add application monitoring point Application monitoring is based on `rbd-monitor` When we add monitoring points, it is equivalent to creating a `servicemonitor`. - - Enter the component -> monitoring -> business monitoring -> management monitoring point, add monitoring point, fill in the following information: -* Configuration name:custom +- Configuration name:custom -* Collect task name:custom +- Collect task name:custom -* Collection interval:10 seconds +- Collection interval:10 seconds -* Metrics path:/metrics +- Metrics path:/metrics -* Port number:select `jmx_exporter` port +- Port number:select `jmx_exporter` port After adding, update the component to make it take effect. - - ## Add monitoring chart Next, you can add a monitoring chart to display the JVM indicator line:in the JAVA service component Click **above the business monitoring panel to add chart** -After entering a new title and the corresponding query condition `jvm_memory_bytes_used` , click **to query**.If the chart is returned normally, the query conditions are correct.The definition of the title should be as clear and concise as possible, and the unit should be specified where necessary. +After entering a new title and the corresponding query condition `jvm_memory_bytes_used` , click **to query**.If the chart is returned normally, the query conditions are correct.The definition of the title should be as clear and concise as possible, and the unit should be specified where necessary.如果正常返回图表,则说明查询条件是正确的。标题的定义尽量清晰明了,并在有必要的情况下明确单位。 For more indicators, please refer to [official document](https://github.com/prometheus/jmx_exporter) ![](https://static.goodrain.com/docs/5.3/practices/app-dev/java-exporter/java-exporter-2.png) - - ## Extending Grafana It can be displayed through`grafana` , the following briefly describes the operation steps: @@ -129,12 +116,10 @@ rbd-monitor ClusterIP 10.43.112.131 9999/TCP 13d 2. Add third-party services on the platform, fill in `rbd-monitor` service `CLUSTER IP`. 3. Install `Grafana`from the open source app store and add dependencies. -4. Enter Grafana, Configuration -> Add Data Source -> URL is `http://127.0.0.1:9999` , import *JVM dashboard ID 8878* , and display application monitoring information through the Grafana panel. +4. Enter Grafana, Configuration -> Add Data Source -> URL is `http://127.0.0.1:9999` , import _JVM dashboard ID 8878_ , and display application monitoring information through the Grafana panel. ![](https://static.goodrain.com/wechat/app-monitor/grafana-dashboard.png) - - ## References Link **jmx_export plugin Github** https://github.com/goodrain-apps/jmx_exporter.git @@ -142,4 +127,3 @@ rbd-monitor ClusterIP 10.43.112.131 9999/TCP 13d **jmx_export official** https://github.com/prometheus/jmx_exporter.git **jvm dashboard** https://grafana.com/grafana/dashboards/8878 - diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-10-MysqlSchema.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-10-MysqlSchema.md index 6b55db426c..f445f0986a 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-10-MysqlSchema.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-10-MysqlSchema.md @@ -1,61 +1,53 @@ --- title: Automatic upgrade of database structure in Rainbond -description: Automatic upgrade of database structure in Rainbond +description: Rainbond of this product has been committed to interfacing the entire process of enterprise delivery, an indispensable part of which is the continuous upgrading and iterating of the enterprise's applications slug: MysqlSchema +image: https://static.goodrain.com/wechat/schema/schema.png --- -:::info [Rainbond](https://www.rainbond.com) is a product that has been committed to opening up the entire process of enterprise application delivery. An indispensable part of this process is the continuous upgrading and iteration of enterprise applications.The unique ability of Rainbond is to package enterprise application systems including multiple service components, and perform one-click installation, upgrade and rollback operations.The above only solves the versioning problem of the application itself.To fully automate the upgrade iteration process of enterprise applications, it is also necessary to automatically handle the version control of the database table structure (Schema).After continuous exploration, Rainbond first integrated the ability of database schema version management in the cloud native era with the industry-leading [Liquibase](https://www.liquibase.com/) in the field of source code construction. ::: +:::info [Rainbond](https://www.rainbond.com) is a product that has been committed to opening up the entire process of enterprise application delivery. An indispensable part of this process is the continuous upgrading and iteration of enterprise applications.The unique ability of Rainbond is to package enterprise application systems including multiple service components, and perform one-click installation, upgrade and rollback operations.The above only solves the versioning problem of the application itself.To fully automate the upgrade iteration process of enterprise applications, it is also necessary to automatically handle the version control of the database table structure (Schema).After continuous exploration, Rainbond first integrated the ability of database schema version management in the cloud native era with the industry-leading [Liquibase](https://www.liquibase.com/) in the field of source code construction. :::Rainbond unique ability is to package enterprise applications that include multiple service components, and perform one-click installation, upgrade, and roller operations.The above content only solves version control problems of the application itself.The upgrade iterations process for enterprise applications needs to be able to process version control automatically from the database table structure (Schema) in order to be fully automated.As a result of ongoing exploration, Rainbond first integrated the capability of cloud era database schema version management with industry leading [Liquibase](https://www.liquibase.com/) in the source construction field. - ## Schema version management challenges -The database table structure (Schema) defines the name of the data table (Table), as well as the names, attributes and other information of the data column (Column) contained in each data table.It describes the framework owned by a database, and the data recorded in the database needs to follow the definition in the Schema. +The database table structure (Schema) defines the name of the data table (Table), as well as the names, attributes and other information of the data column (Column) contained in each data table.It describes the framework owned by a database, and the data recorded in the database needs to follow the definition in the Schema.它描述了一个数据库所拥有的框架,记录在数据库中的数据都需要遵循 Schema 里的定义。 Different from the upgrade of the application itself, the problem of schema version management is essentially an upgrade of persistent data. This feature is accompanied by two questions: -- How to upgrade persistent data delivery in the cloud-native era can:longer escape the characteristics of containerization and platformization.In the process of software delivery, major cloud native platforms will not easily incorporate persistent data into the version control system.The reason is simple, the data in each delivery environment is different, and it is difficult to choose a unified version management solution for persistent data during the upgrade process. -- Which persistent data needs to be upgraded:Since it is difficult to choose a unified version management solution for persistent data, the next best thing is to choose the necessary persistent data for version management.After narrowing the scope, the special persistent data type of the database table structure is highlighted.The necessity of its version management is obvious. The application itself has been upgraded from the V1 version to the V2 version, so the corresponding database table structure also needs to add necessary new tables and new columns. +- 持久化数据如何升级:云原生时代的交付,已经无法跳脱出容器化、平台化的特征。各大云原生平台在进行软件交付过程中,都不会轻易将持久化数据纳入版本控制体系中去。原因很简单,每个交付环境中的数据都是不同的,升级过程中很难抉择持久化数据的统一版本管理方案。 +- 哪些持久化数据需要升级:既然难以抉择持久化数据的统一版本管理方案,那么退而求其次,是否可以优先选择必要的持久化数据进行版本管理。缩小范围之后,就突出了数据库表结构这一特殊持久化数据类型。Which persistent data needs to be upgraded:Since it is difficult to choose a unified version management solution for persistent data, the next best thing is to choose the necessary persistent data for version management.After narrowing the scope, the special persistent data type of the database table structure is highlighted.The necessity of its version management is obvious. The application itself has been upgraded from the V1 version to the V2 version, so the corresponding database table structure also needs to add necessary new tables and new columns. -These two questions lead to the main theme of this article:1. In the field of enterprise software delivery,**How to reasonably handle the version control of the database table structure (Schema) in the process of each upgrade?** +These two questions lead to the main theme of this article:1. In the field of enterprise software delivery,**How to reasonably handle the version control of the database table structure (Schema) in the process of each upgrade?**\*\* In the traditional software delivery field, there are two mainstream solutions for:version management0 -- Manual processing:This is the most basic Schema version management method.On-site delivery personnel not only need to handle the application upgrade process, but also directly operate the database to complete the schema upgrade.This method is the most direct, but processes that cannot be automated have some common problems:inefficiency and error-prone. -- The code handles:which is an advanced way.Schema version management is carried out by introducing third-party libraries into the application.This operation has already eliminated the manual processing process on the delivery site. The delivery personnel only need to update the application, and the program itself will connect to the database to make automated changes to the schema.The degree of automation of this method can already meet the requirements, but it also has the common problems of introducing third-party libraries::technical cost increase, intrusiveness, and language or framework binding. - - +- 人工处理:这是最基础的 Schema 版本管理方式。Manual processing:This is the most basic Schema version management method.On-site delivery personnel not only need to handle the application upgrade process, but also directly operate the database to complete the schema upgrade.This method is the most direct, but processes that cannot be automated have some common problems:inefficiency and error-prone.这种方法最直接,但是无法自动化处理的流程都具有一些通病:低效、易错。 +- 代码处理:这是一种进阶的方式。通过在应用程序内部引入第三方库,来进行 Schema 的版本管理。这一操作已经可以免除交付现场的人工处理流程,交付人员只需要将应用程序进行更新,程序本身会连接到数据库,对 Schema 作出自动化的变更。这种方式的自动化程度已经可以满足要求,但是也具有引入第三方库的通病:技术成本提升、侵入性、与语言或框架绑定。 ## Solutions in the cloud-native era -In the cloud-native era, both application users and deliverers hope to empower their applications through the platform they choose.In the field discussed in this article, this expectation can be specifically described as:With the help of platform capabilities, the Schema version management capability is given to the application in a non-intrusive way, so that when the application performs a one-key upgrade, the Schema is also automatically upgraded. - -As a cloud-native application management platform, Rainbond is also constantly exploring ways to empower applications.In the field of schema version management, the ability to integrate schema version management in the source code construction process is realized.The application itself does not need to change any code, just put the two types of files into the specified directory under the code root directory.These two files are the configuration file that:the connection address of the database instance, and the Sql script file used to upgrade the schema. - +云原生时代,应用程序的使用者、交付者都希望通过所选用的平台来赋能自己的应用程序。In the cloud-native era, both application users and deliverers hope to empower their applications through the platform they choose.In the field discussed in this article, this expectation can be specifically described as:With the help of platform capabilities, the Schema version management capability is given to the application in a non-intrusive way, so that when the application performs a one-key upgrade, the Schema is also automatically upgraded. +Rainbond 作为一款云原生应用管理平台,也在不断探索为应用赋能之道。在 Schema 版本管理领域,实现了在源码构建过程中集成 Schema 版本管理的能力。应用本身不需要改动任何代码,仅仅需要将两种类型的文件放进代码根目录下的指定目录下即可。这两种文件分别是:定义了数据库实例连接地址的配置文件,升级 Schema 所使用的 Sql 脚本文件。 ## About source code building -The source code building function itself is a kind of enabling of Rainbond to the application.In the cloud-native era, applications are moving towards containerization.In the process of containerization, it seems that the writing of Dockerfile cannot be avoided, but it is not.The source code building function can directly connect the source code and compile it into a runnable container image.The whole process does not require the intervention of developers, just provide the code warehouse address, which greatly reduces the technical burden of developers. - -In the source code construction process, many capabilities are integrated in a non-invasive way.For example, integrating APM capabilities by incorporating Pinpoint-agent.Another example is the integration of custom business monitoring capabilities by incorporating jmx-exporter.Today's focus is on integrating Schema version control capabilities by incorporating Liquibase. - +源码构建功能,本身就是一种 Rainbond 对应用的赋能。云原生时代,应用都在向容器化的方向迈进。容器化的过程中看似无法免除 Dockerfile 的编写,实则不然。源码构建功能可以直接对接源代码,将其编译成为可运行的容器镜像。整个过程不需要开发人员的介入,提供代码仓库地址即可,极大的降低了开发人员的技术负担。 +在源码构建的流程中,以无侵入的方式集成了很多能力。比如通过纳入 Pinpoint-agent 的方式集成 APM 能力。再比如通过纳入 jmx-exporter 的方式集成自定义业务监控能力。今天重点描述的,是通过纳入 Liquibase 的方式,集成 Schema 版本控制能力。 ## About Liquibase -Liquibase is a CI/CD tool dedicated to version control of database table structures.Since 2006, the Liquibase team has been working on making database change management easier, especially in the field of agile software development.This tool is open sourced under the Apache 2.0 protocol. +Liquibase is a CI/CD tool dedicated to version control of database table structures.Since 2006, the Liquibase team has been working on making database change management easier, especially in the field of agile software development.This tool is open sourced under the Apache 2.0 protocol.从 2006 年开始,Liquibase 团队一直致力于让数据库变更管理更简单,尤其是在敏捷软件开发领域。这一工具基于 Apache 2.0 协议开源。 -After a long period of iteration, Liquibase has become very mature and reliable. Through various file formats including sql, yaml, xml, and json, developers can quickly define a database table structure change file that conforms to the Liquibase style. This kind of file is called for changelog.Based on the definitions in the changelog, Liquibase can easily upgrade and rollback between multiple change operation versions. +After a long period of iteration, Liquibase has become very mature and reliable. Through various file formats including sql, yaml, xml, and json, developers can quickly define a database table structure change file that conforms to the Liquibase style. This kind of file is called for changelog.Based on the definitions in the changelog, Liquibase can easily upgrade and rollback between multiple change operation versions.基于 changelog 中的定义,Liquibase 可以非常方便的在多个变更操作版本之间升级与回滚。 Liquibase provides a variety of ways for developers to interact, including a common command line operation mode, and source code construction integrates Liquibase's Schema version management capabilities through the command line. - - ## Schema versioning capability for code definitions -Rainbond source code builds honor code to define various capabilities.For the Schema version control capability, it is also defined by the specified files in the code repository, which we can briefly call Schema As Code. The practice of this code definition capability requires that each CI work be assigned a code repository address. Start, like Git.For each database instance, the database table structure version is defined by specifying the configuration file and changelog in the directory.By default, it refers to the `Schema`directory under the code root. +Rainbond 源码构建推崇代码定义各种能力。Rainbond source code builds honor code to define various capabilities.For the Schema version control capability, it is also defined by the specified files in the code repository, which we can briefly call Schema As Code. The practice of this code definition capability requires that each CI work be assigned a code repository address. Start, like Git.For each database instance, the database table structure version is defined by specifying the configuration file and changelog in the directory.By default, it refers to the `Schema`directory under the code root.对于每一个数据库实例来说,通过指定目录下的配置文件和 changelog 来定义数据库表结构版本。默认情况下,是指代码根目录下的 `Schema`目录。 The following is an example of the code structure, and Rainbond officially provides a complete code example **[java-maven-demo](https://gitee.com/rainbond/java-maven-demo)**: @@ -89,18 +81,16 @@ The minimal definition term includes: - username&password:defines the login credentials for the database instance. - changeLogFile:defines the path to the table structure change file for this database instance. -During the source code construction process, all `properties` files in the `Schema` directory will be traversed and identified, and the Schema version control process of each database instance will be processed at startup.Through the combination of configuration files, it can work well in the following common scenarios. +During the source code construction process, all `properties` files in the `Schema` directory will be traversed and identified, and the Schema version control process of each database instance will be processed at startup.Through the combination of configuration files, it can work well in the following common scenarios.通过配置文件的组合,在以下各种常见场景中都可以很好的工作。 - single database instance - Multiple database instances of the same type, such as applications connecting multiple mysql at the same time - Multiple database instances of different types, such as applications connected to mysql and mongo at the same time - Multiple database instances in the same database, such as applications using multiple database instances in the same mysql at the same time - - ## Best practices for changlog -`changelog` file is the key to managing Schema.Here is an example: +`changelog` file is the key to managing Schema.Here is an example:以下是一个示例: ```sql -- liquibase formatted sql @@ -126,7 +116,7 @@ city varchar(30) It is recommended to use a `changelog` file of type sql to define the schema version, as this is the best developer's habit. -`The changlog` file defines some behavior through comments.Common as follows: +`The changlog` file defines some behavior through comments.Common as follows:常见如下: ``` # Define the format of the changelog file, this is the beginning of each changelog file @@ -145,8 +135,6 @@ Liquibase officially proposes a series of best practices, some of which should b For the writing of `mysql.properties` and `changlog.sql` files, please refer to [liquibase document](https://docs.liquibase.com/) for more features, these features can be inherited by source code builds. - - ## Schema life cycle process ### 1. Build Process @@ -165,21 +153,21 @@ During processing, the related record:will be printed at the header position i ![](https://static.goodrain.com/wechat/database-Schema/two.png) -The above figure demonstrates the upgrade operation of the table structure for multiple database instances in the same mysql database.This is also equivalent to an initialization operation for an empty library instance. +The above figure demonstrates the upgrade operation of the table structure for multiple database instances in the same mysql database.This is also equivalent to an initialization operation for an empty library instance.对于空的库实例而言,这也相当于一次初始化的操作。 -In the example, Rainbond initializes the table structure to two database instances (named `Initialize` `anotherdb`respectively) in the same mysql database to which the application is connected, and creates tables`company` ,`person` respectively and `another_company` ,`another_person`.After logging in to the web terminal of the database component, you can verify: +In the example, Rainbond initializes the table structure to two database instances (named `Initialize` `anotherdb`respectively) in the same mysql database to which the application is connected, and creates tables`company` ,`person` respectively and `another_company` ,`another_person`.After logging in to the web terminal of the database component, you can verify:在数据库组件的 Web终端登录后,可以验证: ![](https://static.goodrain.com/wechat/database-Schema/there.png) ### 3. Publish to Component Repository -Rainbond's unique publishing mechanism can unify the publishing of business components and database components as an application template.Convenient one-click installation and delivery in different environments.Applications delivered through application templates still have the capability of schema version control.For a freshly installed application template, its database will also be initialized to the above state.Here, we call the published application the source application, and the application installed from the application template the delivered application. +Rainbond's unique publishing mechanism can unify the publishing of business components and database components as an application template.Convenient one-click installation and delivery in different environments.Applications delivered through application templates still have the capability of schema version control.For a freshly installed application template, its database will also be initialized to the above state.Here, we call the published application the source application, and the application installed from the application template the delivered application.方便在不同的环境中一键安装交付。通过应用模版交付的应用,依然具有 Schema 版本控制的能力。全新安装的应用模版,其数据库也会被初始化为上述状态。在这里,我们称发布的应用为源应用,由应用模版安装而来的应用为已交付应用。 ![](https://static.goodrain.com/wechat/database-Schema/four.png) ### 4. Code update -When developers continue to iterate the business system, the Schema is also changed. Assume that the new version of the business system requires `Initialize` to add a new table `staff`, and add a new column `country to the existing person` table.Then the developer should add the following content to the corresponding `changelog.sql` file, and submit it together with the new business code to ensure that the business code and Schema are consistent. +When developers continue to iterate the business system, the Schema is also changed. Assume that the new version of the business system requires `Initialize` to add a new table `staff`, and add a new column `country to the existing person` table.Then the developer should add the following content to the corresponding `changelog.sql` file, and submit it together with the new business code to ensure that the business code and Schema are consistent.那么开发人员应该为对应的 `changelog.sql` 文件新增以下内容,并和新的业务代码一并提交,保证业务代码和 Schema 保持一致。 ```sql -- changeset other.goodrain:3 @@ -203,7 +191,7 @@ Nothing has changed during the build process, but during startup Rainbond gives ### 5. Upgrading based on application templates -With a new version of the source application, the delivered application should change accordingly.First, the application template needs to have an updated version, repeat the release process, and define a higher version number.The delivered application can be upgraded to the updated version with one click according to Rainbond's prompt. +源应用有了新的版本,已交付应用也应随之有变更。首先,应用模版需要有一个更新的版本,重复发布流程,定义更高的版本号即可。已交付应用可以根据 Rainbond 的提示,一键升级到更新后的版本。 ![](https://static.goodrain.com/wechat/database-Schema/six.png) @@ -215,9 +203,9 @@ Log in to the database component of the delivered application to view the corres ### 7. Rollback -The rollback operation of database table structure is a very serious problem.Based on the principle that the database table structure only increases and does not decrease, the schema that has already taken effect will not be changed with the one-click rollback of the delivered application.If the rollback must be performed, the operation and maintenance personnel need to log in to the Web terminal of the business component to perform manual operations. +The rollback operation of database table structure is a very serious problem.Based on the principle that the database table structure only increases and does not decrease, the schema that has already taken effect will not be changed with the one-click rollback of the delivered application.If the rollback must be performed, the operation and maintenance personnel need to log in to the Web terminal of the business component to perform manual operations.本着数据库表结构只增不减的原则,已经生效的 Schema 不会随着已交付应用的一键回滚而有任何变动。如果一定要进行回滚,则需要运维人员登录业务组件的 Web终端手动操作。 -It should be noted that the order of rollback:database table structure should be rolled back before the application.This is because once the application rollback is completed, the changlog file itself is also rolled back to the previous version, and the database table structure cannot be rolled back. +需要注意的是回滚的顺序:数据库表结构应该先于应用程序回滚。It should be noted that the order of rollback:database table structure should be rolled back before the application.This is because once the application rollback is completed, the changlog file itself is also rolled back to the previous version, and the database table structure cannot be rolled back. Execute the following command to roll back the database table structure according to the specified configuration file. The rollback range is one changeset. @@ -228,26 +216,24 @@ liquibase rollbackCount 1 --defaults-file=mysql.properties In view of the fact that once the rolled-back business component is restarted or updated, the schema will be re-upgraded after comparing the changelog file, so after performing the rollback operation, be sure to add the environment variable `ALLOW_SCHEMA_UPDATE=false` to disable the schema version management control function until the new Version application template upgrade. - - ## common problem 1. How to reasonably define the connection address and credentials of all database instances in the `*.properties` configuration file? -> Use environment variables to replace the data road instance connection address and credential information in the `*.properties` configuration file. For the definition method, see the example in the article.During the construction of Rainbond source code, all environment variables in the running environment will be picked up and the target configuration file will be rendered, so the naming of the environment variables is not important, just make sure that the defined environment variables will be generated in the final delivery environment.Whether environment variables come from custom environment configuration or Rainbond's unique connection information mechanism. +> Use environment variables to replace the data road instance connection address and credential information in the `*.properties` configuration file. For the definition method, see the example in the article.During the construction of Rainbond source code, all environment variables in the running environment will be picked up and the target configuration file will be rendered, so the naming of the environment variables is not important, just make sure that the defined environment variables will be generated in the final delivery environment.Whether environment variables come from custom environment configuration or Rainbond's unique connection information mechanism.Rainbond 源码构建过程中,会拾取运行环境中的所有环境变量,对目标配置文件进行渲染,所以对于环境变量的命名并不重要,只需要保证定义的环境变量会在最终交付环境中生成即可。无论环境变量来自于自定义的环境配置还是 Rainbond 独有的连接信息机制。 2. Failed to perform rollback operation? -> How to rollback is defined in the changlog file.Be sure to ensure that each changeset has a corresponding rollback strategy to ensure that each rollback will get the correct result. +> 回滚如何操作,定义在 changlog 文件中。How to rollback is defined in the changlog file.Be sure to ensure that each changeset has a corresponding rollback strategy to ensure that each rollback will get the correct result. 3. Error:`!! Failed to check the database status. Check /app/Schema/xxx.properties.log` -> Every time a schema change is executed, it will be checked first, including the connectivity of the database instance address and the executable of the changelog file.If the check fails, no operation will be performed on the database, but the result of the check will be recorded in the log file. You can log in to the Web terminal to view the contents of the log file in the prompt. +> Every time a schema change is executed, it will be checked first, including the connectivity of the database instance address and the executable of the changelog file.If the check fails, no operation will be performed on the database, but the result of the check will be recorded in the log file. You can log in to the Web terminal to view the contents of the log file in the prompt.如果检查不通过,则不会对数据库作出任何操作,但是检查的结果会记录在日志文件中,可以登录 Web 终端,查看提示中的日志文件内容。 4. How can old users get the Schema version control function? -> This function is separated from the Rainbond version, so old users can get this ability by updating the source code to build related components.Execute the following set of commands to: -> +> This function is separated from the Rainbond version, so old users can get this ability by updating the source code to build related components.Execute the following set of commands to:执行以下一组命令即可: +> > ```bash > # The following commands are executed on any node in the Rainbond cluster; if you use the dind-allinone version, you should execute > in the rainbond-allinone container hubpassword=$(kubectl get rainbondcluster -o yaml -n rbd-system | grep password | awk '{print $2}') @@ -261,8 +247,6 @@ In view of the fact that once the rolled-back business component is restarted or > done > ``` - - ## References Link **Liquibase** https://www.liquibase.com diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-15-knowstreaming.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-15-knowstreaming.md new file mode 100644 index 0000000000..b654d1a1dd --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-02-15-knowstreaming.md @@ -0,0 +1,50 @@ +--- +title: Deployment of KnowStreaming on Rainbond +description: KnowStreaming is a cloud-born Kafka control platform, born of many years of experience in running Kafka within the internet. +slug: Known +image: /img/partners/knowstreaming.png +keywords: + - Kafka Admin Platform + - Knowledge Streaming +--- + +[KnowStreaming](https://github.com/didi/KnowStreaming) is a cloud control platform that is born of many years of experience in the operation of Kafka within the internet, focusing on the core scenarios of Kafka traffic control, warning monitoring, resource management and disaster preparedness.The platform, visualization and intelligent construction of user experience, monitoring, and control of transport provide a range of features that greatly facilitate the daily use of users and those who transport them, making them specialists in Kafka. + + + +## Rapid deployment KnowStreaming + +Search for `KnowStreaming` and install it on the **Platform Manager -> Marketplace -> Open Source Store**. + +![](https://static.goodrain.com/wechat/KnowStreaming/KnowStreaming-install.png) + +Once the installation is complete, access `KnowStreaming-UI` via the domain name provided by Rainbond, default password:**admin/admin**. + +![](https://static.goodrain.com/wechat/KnowStreaming/Topology.png) + +## Install the Kafka cluster and manage it via KnowStreaming + +### Install Kafka cluster + +Search for `kafka` and install it on the \*\*Platform Manager -> Marketplace -> Open Source Store \*\*.Install for the same app as `KnowStreaming`. + +![](https://static.goodrain.com/wechat/KnowStreaming/kafka.png) + +### Create Dependencies + +Go to the `KnowStreaming` application view, switch to the `layout mode`, connecting the `Manager-KnowStreaming` component to `kafka` and `zookeper`. + +![](https://static.goodrain.com/wechat/KnowStreaming/ks-kafka.png) + +### Manage Kafka clusters + +Visit `KnowStreaming-UI` and use Kafka cluster: + +- Bootstrap Servers: Enter -> Port inside Kafka component, copy access address. +- Zookeper: Enter the --> port in the zookeeper component, copy access address. + +![](https://static.goodrain.com/wechat/KnowStreaming/docking-cluster.png) + +The following effects after hitting complete: + +![](https://static.goodrain.com/wechat/KnowStreaming/ks-overview.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-03-16-OpenVscode.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-03-16-OpenVscode.md index 9b300f6358..15d5b616a0 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-03-16-OpenVscode.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-03-16-OpenVscode.md @@ -1,16 +1,16 @@ --- title: OpenVSCode cloud IDE joins Rainbond integrated development system -description: OpenVSCode cloud IDE joins Rainbond integrated development system +description: :::info OpenVSCode is an online IDE code editor based on a web interface. It only needs a browser on the PC side to use. It is lighter, efficient and concise. Its basic functions completely inherit the [VS Code produced by Microsoft.](https://code.visualstudio.com/) You can continue to strengthen code editing capabilities by installing extensions.The OpenVSCode launched by the Rainbond open source application store is pre-installed with the gitlab-workflow extension to connect to the private code repository Gitlab, and pre-installed with common language runtime environments (the current version integrates Golang , Node.js , python , java ), which can be found in Terminal Quickly debug business code in the terminal. slug: OpenVscode +image: https://static.goodrain.com/wechat/openvscode/vscode.png --- -:::info OpenVSCode is an online IDE code editor based on a web interface. It only needs a browser on the PC side to use. It is lighter, efficient and concise. Its basic functions completely inherit the [VS Code produced by Microsoft.](https://code.visualstudio.com/) You can continue to strengthen code editing capabilities by installing extensions.The OpenVSCode launched by the Rainbond open source application store is pre-installed with the gitlab-workflow extension to connect to the private code repository Gitlab, and pre-installed with common language runtime environments (the current version integrates Golang , Node.js , python , java ), which can be found in Terminal Quickly debug business code in the terminal. +OpenVSCode is an online IDE code editor based on the web interface. It can be used, lighter, more efficient, simple. Its basic functionality is completely inherited from Microsoft's [VS Code](https://code.visualstudio.com/). It can continue to be enhanced by installing extensions.The OpenVSCode launched by Rainbond Open Source Store pre-installs the gitlab-workflow extension to access the privatization repository Gitlab, and preload the common language operating environment (current version has been integrated in Golang, Node.js, python, jav) to quickly debug business code in the Terminal Terminal. -Rainbond has the ability to quickly build an integrated development environment, and complete the whole process from the start of the code to the final launch of the business through the docking of the code warehouse webhook mechanism.By incorporating the OpenVSCode cloud IDE, the Rainbond integrated development system can be hosted on the cloud, and developers only need a browser to complete the entire process from editing to online. ::: +Rainbond has the capacity to quickly build an integrated development environment that will complete the business from the code to the final online full process by connecting to the repository webhook mechanism.Rainbond has the ability to quickly build an integrated development environment, and complete the whole process from the start of the code to the final launch of the business through the docking of the code warehouse webhook mechanism.By incorporating the OpenVSCode cloud IDE, the Rainbond integrated development system can be hosted on the cloud, and developers only need a browser to complete the entire process from editing to online. ::: - ![](https://static.goodrain.com/wechat/openvscode/1.png) In order to achieve the above goals, this article will explain:in the order of operations. @@ -73,7 +73,7 @@ The OpenVSCode provided by Rainbond integrates the Gitlab-workflow extension by - Gitlab Get Token - - In GitLab, click on the top right corner and select "Preferences" in the left sidebar.Select Access Token, then select "Add Personal Access Token" + - 在GitLab中,单击右上角并选择“首选项”在左侧边栏中。选择访问令牌,然后选择“添加个人访问令牌” - permission:api , read_user --- @@ -108,7 +108,7 @@ After the debugged project is started, it listens to port 5000. The developer on ### Gitlab docking with Rainbond -After coding and debugging, the developer's business enters the deployment phase.To make the whole process more automated, developers can connect Gitlab and Rainbond. +完成编码与调试后,开发人员的业务进入了部署阶段。After coding and debugging, the developer's business enters the deployment phase.To make the whole process more automated, developers can connect Gitlab and Rainbond. The Oauth2 protocol can be used between Gitlab and Rainbond to open up the single sign-on process, which is convenient for users to directly select the repository in gitlab to deploy the code in the Rainbond interface, and automatically configure the webhook to complete the automatic construction after the code commit. @@ -130,8 +130,8 @@ Turning on the automatic build switch can automatically configure Gitlab's Webho Add the keyword @deploy to the Commit information when the project file is modified and submitted. After the submission is successful, rainbond will automatically trigger an automatic build. - ![](https://static.goodrain.com/wechat/openvscode/openvscode-10.png) +![](https://static.goodrain.com/wechat/openvscode/openvscode-10.png) Automatic update effect display - ![](https://static.goodrain.com/wechat/openvscode/3.png) +![](https://static.goodrain.com/wechat/openvscode/3.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-03-23-nacos.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-03-23-nacos.md index 975307507f..b4b1751df4 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-03-23-nacos.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-03-23-nacos.md @@ -1,41 +1,45 @@ --- title: Deploy Nacos cluster on Rainbond -description: Deploy Nacos cluster on Rainbond +keywords: + - nacos + - kubernetes + - rainbond + - Cloud Native +description: Nacos is the Dynamic Service Discovery, Configure Management and Service Management Platform for Cloud Native Apps slug: nacos +image: https://static.goodrain.com/wechat/nacos/nacos.png --- -:::info The current document describes how to install a highly available [Nacos](https://nacos.io) cluster with one click through the cloud native application management platform [Rainbond](https://www.rainbond.com/?channel=nacos).This method is suitable for users who are not familiar with complex technologies such as Kubernetes and containerization, and lowers the threshold for deploying Nacos in Kubernetes. -::: +:::info The current document describes how to install a highly available [Nacos](https://nacos.io) cluster with one click through the cloud native application management platform [Rainbond](https://www.rainbond.com/?channel=nacos).This method is suitable for users who are not familiar with complex technologies such as Kubernetes and containerization, and lowers the threshold for deploying Nacos in Kubernetes. +:::这种方式适合不太了解 Kubernetes、容器化等复杂技术的用户使用,降低了在 Kubernetes 中部署 Nacos 的门槛。 - ## The combination of Rainbond and Nacos -[Rainbond](https://www.rainbond.com/?channel=nacos) is an easy-to-use open source cloud-native application management platform.With it, users can complete the deployment and operation and maintenance of microservices in a graphical interface.With the help of the capabilities of Kubernetes and containerization technology, automatic operation and maintenance capabilities such as fault self-healing and elastic scaling can be empowered to users' businesses. - -Rainbond has a built-in native Service Mesh microservice framework, and also has a good integration experience with other microservice frameworks such as Spring Cloud and Dubbo.Therefore, a large number of Rainbond users may also be users of the Nacos microservice registry.Such users no longer need to care about how to deploy Nacos clusters. The Rainbond team made Nacos into an application template that can be deployed with one click, which can be downloaded and installed by open source users for free.This installation method greatly reduces the deployment burden of users using Nacos cluster, and currently supports versions 1.4.2 and 2.0.4. +[Rainbond](https://www.rainbond.com/?channel=nacos) is an easy-to-use open source cloud-native application management platform.With it, users can complete the deployment and operation and maintenance of microservices in a graphical interface.With the help of the capabilities of Kubernetes and containerization technology, automatic operation and maintenance capabilities such as fault self-healing and elastic scaling can be empowered to users' businesses.借助于它,用户可以在图形化界面中完成微服务的部署与运维。借助 Kubernetes 和容器化技术的能力,将故障自愈、弹性伸缩等自动化运维能力赋能给用户的业务。 +Rainbond 内置原生 Service Mesh 微服务框架,同时与 Spring Cloud、Dubbo 等其他微服务框架也有很好的整合体验。故而大量的 Rainbond 用户也可能是 Nacos 微服务注册中心的用户。这类用户不必再关心如何部署 Nacos 集群,Rainbond 团队将 Nacos 制作成为可以一键部署的应用模版,供开源用户免费下载安装。这种安装方式极大的降低了用户使用 Nacos 集群的部署负担,目前支持 1.4.2 与 2.0.4 版本。 ## About Application Templates -The application template is an installation package for the Rainbond cloud-native application management platform. Based on it, users can install business systems into their own Rainbond with one click.No matter how complex the business system is, the application template will abstract it into an application, and install it together with the images, configuration information of all components in the application, and the relationship between all components. +The application template is an installation package for the Rainbond cloud-native application management platform. Based on it, users can install business systems into their own Rainbond with one click.No matter how complex the business system is, the application template will abstract it into an application, and install it together with the images, configuration information of all components in the application, and the relationship between all components.无论这个业务系统多么复杂,应用模版都会将其抽象成为一个应用,裹挟着应用内所有组件的镜像、配置信息以及所有组件之间的关联关系一并安装起来。 -# Preconditions +## Preconditions - The deployed Rainbond cloud-native application management platform,[Quick Experience Version](https://www.rainbond.com/docs/quick-start/quick-install/?channel=nacos) can run in a personal PC environment at the cost of starting a container. - Internet connection. -# quick start +## quick start -* **Access to the built-in open source app store** +- **Access to the built-in open source app store** > Select the **application market** tab on the left, switch to the **open source application store** tab on the page, and search for the keyword **nacos** to find the Nacos-cluster application. ![nacos-1](https://static.goodrain.com/wechat/nacos-cluster/nacos-cluster-1.png) -* **A key installation** +- **A key installation** > Click **to install** on the right side of Nacos-cluster to enter the installation page. After filling in the simple information, click **to confirm** to start the installation. The page automatically jumps to the topology view. @@ -43,52 +47,52 @@ The application template is an installation package for the Rainbond cloud-nativ parameter description: -| options | illustrate | -| --------------------- | -------------------------------------------------------------------------------------------------- | -| Team Name | User-created workspace, isolated by namespace | -| cluster name | Select which K8s cluster Nacos is deployed to | -| Choose an application | Select which application Nacos is deployed to, the application contains several related components | -| App version | Select the version of Nacos, currently available versions are 1.4.2, 2.0.4 | +| options | illustrate | +| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | +| Team Name | User-created workspace, isolated by namespace | +| cluster name | Select which K8s cluster Nacos is deployed to | +| Choose an application | Select which application Nacos is deployed to, the application contains several related components | +| App version | Select the version of Nacos, currently available versions are 1.4.2, 2.0.4 | After a few minutes, the Nacos cluster will be installed and running. ![nacos-3](https://static.goodrain.com/wechat/nacos-cluster/nacos-cluster-3.png) -* **test** +- **test** Other microservice components that need to perform service registration can use `${NACOS_HOST}:${NACOS_PORT}` to connect to the Nacos cluster after establishing[dependencies](https://www.rainbond.com/docs/use-manual/user-manual/component-connection/regist_and_discover)for Nacos. -* **service registration** +- **service registration** ```bash curl -X PUT "http://${NACOS_HOST}:${NACOS_PORT}/nacos/v1/ns/instance?serviceName=nacos.naming.serviceName&ip=20.18.7.10&port=8080" ``` -* **service discovery** +- **service discovery** ```bash curl -X GET "http://${NACOS_HOST}:${NACOS_PORT}/nacos/v1/ns/instance/list?serviceName=nacos.naming.serviceName" ``` -* **publish configuration** +- **publish configuration** ```bash curl -X POST "http://${NACOS_HOST}:${NACOS_PORT}/nacos/v1/cs/configs?dataId=nacos.cfg.dataId&group=test&content=helloWorld" ``` -* **get configuration** +- **get configuration** ```bash curl -X GET "http://${NACOS_HOST}:${NACOS_PORT}/nacos/v1/cs/configs?dataId=nacos.cfg.dataId&group=test" ``` -# Advanced Features +## Advanced Features - The Nacos cluster installed with one click contains 3 instances, and the operation of self-organization and election is automatically completed by initializing the plug-in. ![nacos-4](https://static.goodrain.com/wechat/nacos-cluster/nacos-cluster-4.png) -- By default, Mysql is integrated as a data source.Configure the following environment variables in the environment configuration of the **Nacos-server-2.0.4** component to switch to other external data sources. +- 默认集成了 Mysql 作为数据源。By default, Mysql is integrated as a data source.Configure the following environment variables in the environment configuration of the **Nacos-server-2.0.4** component to switch to other external data sources. | name | necessary | describe | | ------------------------ | --------- | ----------------- | @@ -105,5 +109,3 @@ Other microservice components that need to perform service registration can use - By default, the health check mechanism of **Nacos-server-2.0.4** is configured to ensure that the instance goes offline automatically when it fails, and goes online automatically after recovery. ![nacos-6](https://static.goodrain.com/wechat/nacos-cluster/nacos-cluster-6.png) - - diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-06-cilium1.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-06-cilium1.md index 6804097445..f96003caeb 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-06-cilium1.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-06-cilium1.md @@ -1,14 +1,14 @@ --- title: eBPF Cilium combat (1) - team-based network isolation -description: eBPF Cilium combat (1) - team-based network isolation +description: Cilium is based on a new Linux nuclear technology called BPF, which can insert strong security, visibility, and network control logic inside Linux dynamically slug: CiliumOne +image: https://static.goodrain.com/wechat/cilium/cilium.png --- -:::info In the [Rainbond](https://www.rainbond.com/) cluster, each team corresponds to a Namespace of the underlying Kubernetes. Because the underlying network used before cannot perform network management at the Namespace level, so between different teams under the same Rainbond cluster, so the components Mutual access can be freely performed, and users cannot make any restrictions on this, which also leads to the existence of hidden security risks in the underlying network.Now the Kubernetes cluster provided by cilium for network services can solve this problem very well. Users can formulate network policies for each team and each component according to their own needs, strengthen the underlying network management, and realize the security control of the network layer. . ::: +:::info In the [Rainbond](https://www.rainbond.com/) cluster, each team corresponds to a Namespace of the underlying Kubernetes. Because the underlying network used before cannot perform network management at the Namespace level, so between different teams under the same Rainbond cluster, so the components Mutual access can be freely performed, and users cannot make any restrictions on this, which also leads to the existence of hidden security risks in the underlying network.Now the Kubernetes cluster provided by cilium for network services can solve this problem very well. Users can formulate network policies for each team and each component according to their own needs, strengthen the underlying network management, and realize the security control of the network layer. . :::The Kubernetes cluster, which is now serviced by the cell, can solve this problem well, and users can develop a network strategy for each team and each component according to their own needs and strengthen bottom network management to secure the network layer. - ## Using cilium as a Kubernetes network service - When using the installation from the host, modify the network.plugin value to none @@ -98,8 +98,6 @@ Cilium's network isolation policy follows the whitelist mechanism. Without creat In actual production, multiple teams such as development, testing, and production may be deployed in a cluster at the same time. Based on security considerations, it is necessary to isolate each team from the network and prohibit other teams from accessing it. The development team is used as an example to illustrate how to restrict access to it from other teams. - - ![](https://static.goodrain.com/wechat/cilium/4.png) - Cilium network policy file (dev-ingress.yaml) @@ -226,7 +224,3 @@ dev nginx-dev-ingress1 12s ![](https://static.goodrain.com/wechat/cilium/11.png) ![](https://static.goodrain.com/wechat/cilium/12.png) - - - - diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-08-cilium2.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-08-cilium2.md index bbe26ea325..fb02dc11a4 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-08-cilium2.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-08-cilium2.md @@ -1,12 +1,11 @@ --- title: eBPF Cilium combat (2) - underlying network observability -description: eBPF Cilium combat (2) - underlying network observability +description: Cilium is based on a new Linux nuclear technology called BPF, which can insert strong security, visibility, and network control logic inside Linux dynamically slug: CiliumTwo +image: https://static.goodrain.com/wechat/cilium/cilium.png --- -:::info In the previous platform, the network flow between components did not have direct observability. If there is a problem in the communication between user components, you can only manually check through traditional command line tools, while cilium's Hubble service can Provides a UI interface to display real-time traffic status to users, and exposes these indicators to Prometheus for aggregation and sorting, allowing users to observe and monitor the underlying network status more intuitively. -::: @@ -162,4 +161,4 @@ Cilium Operator Hubble -![](https://static.goodrain.com/wechat/cilium/2/17.png) \ No newline at end of file +![](https://static.goodrain.com/wechat/cilium/2/17.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-11-apollo.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-11-apollo.md index f2c9f21b21..4d1d181b09 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-11-apollo.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-11-apollo.md @@ -1,15 +1,17 @@ --- title: Deploy a highly available Apollo cluster on Rainbond -description: Deploy a highly available Apollo cluster on Rainbond +description: The current document describes how to install the Apollo cluster high with the Rainbond, on the cloud native application management platform.This approach is suitable for users who do not understand the complex technologies of Kubernetes, packaging, etc. and reduces the threshold for deploying Apollo in Kubernetes. slug: apollo +image: https://static.goodrain.com/wechat/apollo/apollo.png --- -:::info current document describes how to install a high-availability Apollo cluster with one click through the cloud-native application management platform [Rainbond](https://www.rainbond.com).This method is suitable for users who are not familiar with complex technologies such as Kubernetes and containerization, and lowers the threshold for deploying Apollo in Kubernetes. -::: +:::info current document describes how to install a high-availability Apollo cluster with one click through the cloud-native application management platform [Rainbond](https://www.rainbond.com).This method is suitable for users who are not familiar with complex technologies such as Kubernetes and containerization, and lowers the threshold for deploying Apollo in Kubernetes. +:::This approach is suitable for users who do not understand the complex technologies of Kubernetes, packaging, etc. and reduces the threshold for deploying Apollo in Kubernetes. ## 1. Background information + ### 1.1 The combination of Rainbond and Apollo [Rainbond](https://www.rainbond.com) is an easy-to-use open source cloud-native application management platform. @@ -30,7 +32,7 @@ In the current installation method, a set of `PRO` environment is integrated by ### 1.2 About application templates -The application template is an installation package for the Rainbond cloud-native application management platform. Based on it, users can install business systems into their own Rainbond with one click.No matter how complex the business system is, the application template will abstract it into an application, and install it together with the images, configuration information of all components in the application, and the relationship between all components. +The application template is an installation package for the Rainbond cloud-native application management platform. Based on it, users can install business systems into their own Rainbond with one click.No matter how complex the business system is, the application template will abstract it into an application, and install it together with the images, configuration information of all components in the application, and the relationship between all components.无论这个业务系统多么复杂,应用模版都会将其抽象成为一个应用,裹挟着应用内所有组件的镜像、配置信息以及所有组件之间的关联关系一并安装起来。 ## 2. Preconditions @@ -59,7 +61,7 @@ parameter description: | Team Name | User-created workspace, isolated by namespace | | cluster name | Choose which K8s cluster Apollo is deployed to | | Choose an application | Choose which application Apollo is deployed to, the application contains several related components | -| App version | Select the version of Apollo, the current optional version is 1.9.2 | +| App version | Select the version of Apollo, the current optional version is 1.9.2 | After a few minutes, the Apollo cluster will be installed and running. @@ -73,9 +75,9 @@ Access the default domain name provided by component `Apollo-portal-1.9.2` , you ### 3.4 Configuration -In Rainbond, Apollo clusters can be configured based on a graphical interface.It mainly includes three aspects: environment variables, configuration file mounting, and plug-in configuration. +Deploy a highly available Apollo cluster on Rainbond主要包括环境变量、配置文件挂载、插件配置三个方面。 -- Environment variables:Through the environment configuration in different component pages, environment variables can be customized.For example, for `Apollo-portal-1.9.2` , `APOLLO_PORTAL_ENVS=pro` is added by default to define the current portal managed environment. +- 环境变量:通过在不同的组件页面中的环境配置中,可以自定义环境变量。Environment variables:Through the environment configuration in different component pages, environment variables can be customized.For example, for `Apollo-portal-1.9.2` , `APOLLO_PORTAL_ENVS=pro` is added by default to define the current portal managed environment. - Profile:Configuration files can be set for components by setting the environment configuration in different component pages. @@ -83,13 +85,13 @@ In Rainbond, Apollo clusters can be configured based on a graphical interface.It - `Apollo-config-1.9.2` Mount `/apollo-configservice/config/application-github.properties` Used to declare the service address of the current environment config and admin. -- Plug-in configuration:defines the downstream call address in Rainbond by installing the export network governance plug-in for `Apollo-portal-1.9.2` `Apollo-config-1.9.2` , which is an implementation of Service Mesh microservice governance.Access the specified port of the downstream service by defining the domain name of the downstream service.For example, in the plug-in of `Apollo-portal-1.9.2` , the domain name for accessing `Apollo-config-1.9.2` 8080 port is `apollo-config-pro` , which is only the domain name defined in the configuration, and does not need to be defined the reason for the port. +- Plug-in configuration:defines the downstream call address in Rainbond by installing the export network governance plug-in for `Apollo-portal-1.9.2` `Apollo-config-1.9.2` , which is an implementation of Service Mesh microservice governance.Access the specified port of the downstream service by defining the domain name of the downstream service.For example, in the plug-in of `Apollo-portal-1.9.2` , the domain name for accessing `Apollo-config-1.9.2` 8080 port is `apollo-config-pro` , which is only the domain name defined in the configuration, and does not need to be defined the reason for the port.通过定义下游服务的域名,来访问下游服务的指定端口。如在 `Apollo-portal-1.9.2` 的插件中,访问 `Apollo-config-1.9.2` 8080 端口的域名为 `apollo-config-pro` ,这也是配置中只定义域名,而不需要定义端口的原因。 ## 4. Advanced Features ### 4.1 Scaling the number of instances -`Apollo-portal-1.9.2` `Apollo-config-1.9.2` `Apollo-admin-1.9.2` components included in the Apollo Configuration Center are deployed using the Deployment controller, through the Rainbond built-in Service Mesh microservice framework Implement service discovery and communication.Therefore, these three components can expand multiple instances with one click to realize cluster deployment. +`Apollo-portal-1.9.2` `Apollo-config-1.9.2` `Apollo-admin-1.9.2` components included in the Apollo Configuration Center are deployed using the Deployment controller, through the Rainbond built-in Service Mesh microservice framework Implement service discovery and communication.Therefore, these three components can expand multiple instances with one click to realize cluster deployment.故而这三个组件均可以一键扩展多个实例,实现集群化部署。 Take `Apollo-portal-1.9.2` as an example, click **to scale** , after modifying the number of **instances to** , click **to set**. @@ -97,9 +99,9 @@ Take `Apollo-portal-1.9.2` as an example, click **to scale** , after modifying t ### 4.2 Additional environment -Apollo Configuration Center supports docking with multiple environments and uses a unified Portal page for management.The Apollo cluster based on Rainbond one-click installation comes with `PRO` environment by default.Next, I will explain how to add a set of `DEV` environment in the Rainbond scenario, assuming that in the `DEV` environment, access `Apollo-config-Dev through apollo-config-dev`and`apollo-admin-dev`respectively `Apollo-admin-Dev` components. +Apollo Configuration Center supports docking with multiple environments and uses a unified Portal page for management.The Apollo cluster based on Rainbond one-click installation comes with `PRO` environment by default.Next, I will explain how to add a set of `DEV` environment in the Rainbond scenario, assuming that in the `DEV` environment, access `Apollo-config-Dev through apollo-config-dev`and`apollo-admin-dev`respectively `Apollo-admin-Dev` components.基于 Rainbond 一键安装而来的 Apollo 集群默认附带了 `PRO` 环境。接下来讲解在 Rainbond 场景中,如何追加一套 `DEV` 环境,假设在 `DEV` 环境中,通过 `apollo-config-dev`、`apollo-admin-dev`来分别访问 `Apollo-config-Dev` `Apollo-admin-Dev` 组件。 -1. Deploy another set of Apollo clusters and remove `Apollo-portal-1.9.2` `ApolloPortalDB`components in the new cluster.To facilitate management, modify the name of the `Apollo-config-1.9.2` `Apollo-admin-1.9.2` component.Add `Apollo-portal-1.9.2` to `Apollo-config-Dev` `Apollo-admin-Dev` dependencies.The topology is shown as follows: +1. Deploy another set of Apollo clusters and remove `Apollo-portal-1.9.2` `ApolloPortalDB`components in the new cluster.To facilitate management, modify the name of the `Apollo-config-1.9.2` `Apollo-admin-1.9.2` component.Add `Apollo-portal-1.9.2` to `Apollo-config-Dev` `Apollo-admin-Dev` dependencies.The topology is shown as follows:为了便于管理,修改 `Apollo-config-1.9.2` `Apollo-admin-1.9.2` 组件的名称。添加 `Apollo-portal-1.9.2` 到 `Apollo-config-Dev` `Apollo-admin-Dev` 的依赖。拓扑展示如下: > Note that this step will trigger the conflict of connection information environment variables, remember to redefine the name you like for the internal port of the `Apollo-config-Dev` `Apollo-admin-Dev` component. @@ -109,13 +111,13 @@ Apollo Configuration Center supports docking with multiple environments and uses ![apollo-10](https://static.goodrain.com/wechat/apollo/apollo-10.png) -3. Enter the plug-in pages of`Apollo-config-Dev` `Apollo-portal-1.9.2` respectively, modify the configuration for its export network governance plug-in, Rainbond's built-in microservice framework, and define downstream services through the set domain names (Domains) access address.Take `Apollo-portal-1.9.2` as an example, you need to configure the access domain names to `Apollo-config-Dev` `Apollo-admin-Dev`. +3. 分别进入`Apollo-config-Dev` `Apollo-portal-1.9.2` 的插件页面,为其出口网络治理插件修改配置,Rainbond 内置的微服务框架,通过设定的域名(Domains)来定义下游服务的访问地址。Enter the plug-in pages of`Apollo-config-Dev` `Apollo-portal-1.9.2` respectively, modify the configuration for its export network governance plug-in, Rainbond's built-in microservice framework, and define downstream services through the set domain names (Domains) access address.Take `Apollo-portal-1.9.2` as an example, you need to configure the access domain names to `Apollo-config-Dev` `Apollo-admin-Dev`. ![apollo-7](https://static.goodrain.com/wechat/apollo/apollo-7.png) After the configuration is complete, click **to update the configuration**, `Apollo-portal-1.9.2` to access `Apollo-config-Dev`through the domain name apollo-config-dev. -Similarly,`Apollo-config-Dev` needs to be configured to the access domain name of `Apollo-admin-Dev`.Update the configuration after the configuration is complete. +Similarly,`Apollo-config-Dev` needs to be configured to the access domain name of `Apollo-admin-Dev`.Update the configuration after the configuration is complete.配置完成后更新配置。 4. Modify the configuration of `Apollo-portal-1.9.2` to add the new `DEV` environment. @@ -127,7 +129,6 @@ Modify the configuration file `/apollo-portal/config/apollo-env.properties` and ![apollo-9](https://static.goodrain.com/wechat/apollo/apollo-9.png) -Update `Apollo-portal-1.9.2` component to make all configurations take effect.Check the system information and verify that the environment is added. +Update `Apollo-portal-1.9.2` component to make all configurations take effect.Check the system information and verify that the environment is added.查看系统信息,验证环境加入完成。 ![apollo-11](https://static.goodrain.com/wechat/apollo/apollo-11.png) - diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-19-enovy1.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-19-enovy1.md index 500ddc3c7f..f50f7dc2c1 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-19-enovy1.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-19-enovy1.md @@ -1,28 +1,27 @@ --- title: Envoy Fusing and Current Limiting Practice (1) Implementing Fusing Based on the Rainbond Plug-in -description: Envoy Fusing and Current Limiting Practice (1) Implementing Fusing Based on the Rainbond Plug-in +description: Envoy can act as an agent in the Sevice Mesh Microservice Framework and Rainbond is also based on Envoy.The smelting practices described here are based on the implementation of Rainbond unique plugins mechanisms slug: enovy1 +image: https://static.goodrain.com/wechat/envoy-ratelimit/envoy.png --- -:::info -Envoy can be used as a proxy implementation in the Service Mesh microservice framework. The built-in microservice framework of Rainbond is also implemented based on Envoy.The circuit breaker practice described in this article is implemented based on Rainbond's unique plug-in mechanism. -::: +Envoy can be used as a proxy implementation in the Service Mesh microservice framework. The built-in microservice framework of Rainbond is also implemented based on Envoy.The circuit breaker practice described in this article is implemented based on Rainbond's unique plug-in mechanism.The smelting practices described here are based on the implementation of Rainbond unique plugins mechanisms. # Introduction to Envoy's circuit breaker mechanism -Circuit breakers are an important part of distributed systems.Failing fast and putting pressure on the downstream as soon as possible can prevent the entire microservice system from entering a bad cascading avalanche state.This is one of the main advantages of the Envoy mesh, Envoy implements enforced circuit breaking restrictions at the network level without having to configure and write each application independently.Envoy supports various types of fully distributed (uncoordinated) circuit: +熔断是分布式系统的重要组成部分。快速失败并尽快给下游施加压力,可以防止整个微服务系统进入糟糕的级联雪崩状态。这是Envoy 网格的主要优点之一,Envoy 在网络级别实现强制断路限制,而不必独立配置和编写每个应用程序。Envoy 支持各种类型的完全分布(不协调)的熔断: -- **Cluster Maximum Connections (MaxConnections)**:The maximum number of connections that Envoy will establish for all hosts in the upstream cluster.In practice, this only works with HTTP/1.1 clusters, since HTTP/2 uses a single connection to each host. +- **Cluster Maximum Connections (MaxConnections)**:The maximum number of connections that Envoy will establish for all hosts in the upstream cluster.In practice, this only works with HTTP/1.1 clusters, since HTTP/2 uses a single connection to each host.实际上,这仅适用于HTTP/1.1群集,因为HTTP/2使用到每个主机的单个连接。 -- **Cluster maximum pending requests (MaxPendingRequests)**:The maximum number of requests that will be queued while waiting for a ready connection pool connection.In practice, this only works with HTTP/1.1 clusters, as HTTP/2 connection pools do not queue requests.HTTP/2 requests are reused immediately.If this circuit breaker overflows, the cluster's`upstream_rq_pending_overflow`counter will be incremented. +- **Cluster maximum pending requests (MaxPendingRequests)**:The maximum number of requests that will be queued while waiting for a ready connection pool connection.In practice, this only works with HTTP/1.1 clusters, as HTTP/2 connection pools do not queue requests.HTTP/2 requests are reused immediately.If this circuit breaker overflows, the cluster's`upstream_rq_pending_overflow`counter will be incremented.实际上,这仅适用于HTTP/1.1群集,因为HTTP/2连接池不会排队请求。HTTP/2请求立即复用。如果这个断路器溢出,集群的`upstream_rq_pending_overflow`计数器将增加。 -- **Cluster Maximum Requests (MaxRequests)**:The maximum number of requests that all hosts in the cluster can handle at any given time.In practice, this works for HTTP/2 clusters, since HTTP/1.1 clusters are governed by the max connection circuit breaker.If this circuit breaker overflows, the cluster's`upstream_rq_pending_overflow`counter will be incremented. +- **集群最大请求数(MaxRequests)**:在任何给定时间,群集中所有主机可以处理的最大请求数。实际上,这适用于HTTP/2群集,因为HTTP/1.1群集由最大连接断路器控制。如果这个断路器溢出,集群的`upstream_rq_pending_overflow`计数器将增加。 -- **Cluster maximum active retries (MaxRetries)**:The maximum number of retries that all hosts in the cluster can perform at any given time.In general, we recommend aggressive circuit break retries so that sporadic failure retries are allowed, but the overall retry volume cannot explode and cause massive cascading failures.If this circuit breaker overflows, the cluster's`upstream_rq_retry_overflow`counter will be incremented. +- **集群最大活动重试次数(MaxRetries)**:在任何给定时间,集群中所有主机可以执行的最大重试次数。一般来说,我们建议积极进行断路重试,以便允许零星故障重试,但整体重试量不能爆炸并导致大规模级联故障。如果这个断路器溢出,集群的`upstream_rq_retry_overflow`计数器将递增。 -Each circuit breaker threshold can be configured and tracked per upstream cluster and per priority.This allows different components of the distributed system to be independently tuned and have different fusing configurations. +每个熔断阈值可以按照每个上游集群和每个优先级进行配置和跟踪。这允许分布式系统的不同组件被独立地调整并且具有不同的熔断配置。 ![circuit-breaker-1](https://static.goodrain.com/wechat/envoy-circuitbreak/circuit-breaker-1.png) @@ -32,11 +31,11 @@ Each circuit breaker threshold can be configured and tracked per upstream cluste The Rainbond cloud-native application management platform uses its own plug-in mechanism to realize the fuse of specified microservices for downstream components. -The default installed Rainbond has integrated `export network management plug-in` and `integrated network management plug-in` , both of which are implemented based on `Envoy` , which can perform more comprehensive network management on the network export direction of the microservices installed with the plug-in.This includes the implementation of the circuit breaker mechanism. +The default installed Rainbond has integrated `export network management plug-in` and `integrated network management plug-in` , both of which are implemented based on `Envoy` , which can perform more comprehensive network management on the network export direction of the microservices installed with the plug-in.This includes the implementation of the circuit breaker mechanism.其中就包括对熔断机制的实现。 To better describe this process, an example is specially prepared. -The pressure generator based on [Locust](https://locust.io) is used as the client, the `integrated network management plug-in`is installed, and the Java-maven component is used as the server.The stress generator can set the number of concurrent users according to the graphical interface, and perform stress testing on the service address of Java-maven. During this period, we can collect various phenomena when the circuit breaker mechanism is triggered. +The pressure generator based on [Locust](https://locust.io) is used as the client, the `integrated network management plug-in`is installed, and the Java-maven component is used as the server.The stress generator can set the number of concurrent users according to the graphical interface, and perform stress testing on the service address of Java-maven. During this period, we can collect various phenomena when the circuit breaker mechanism is triggered.压力生成器可以根据图形化界面设置并发用户数量,对 Java-maven 的服务地址进行压力测试,在此期间,我们可以收集到触发熔断机制时的各种现象。 ![circuit-breaker-9](https://static.goodrain.com/wechat/envoy-circuitbreak/circuit-breaker-9.png) @@ -56,7 +55,7 @@ To highlight the effect of the experiment, I set both `MaxConnections` and `MaxP ![circuit-breaker-2](https://static.goodrain.com/wechat/envoy-circuitbreak/circuit-breaker-2.png) -The configuration in the figure means that the maximum number of connections to the cluster is 6, and the maximum number of requests waiting is 1 (the default value for both is 1024).This configuration is equivalent to generating the following configuration:for Envoy +The configuration in the figure means that the maximum number of connections to the cluster is 6, and the maximum number of requests waiting is 1 (the default value for both is 1024).This configuration is equivalent to generating the following configuration:for Envoy这一配置,相当于为 Envoy 生成了以下配置: ```json "circuit_breakers": { @@ -73,7 +72,7 @@ The `Domains` set for the 5000 port of the downstream application Java-maven is ## trigger fuse -Web pages based on Locust can set concurrency conditions. In this experiment, I set up 97 concurrent requests for domain name `http://java-maven`. The Locust page will show the total number of requests made, as well as the number of requests in a failed state. +Web pages based on Locust can set concurrency conditions. In this experiment, I set up 97 concurrent requests for domain name `http://java-maven`. The Locust page will show the total number of requests made, as well as the number of requests in a failed state. Locust 的页面中会体现出发起请求的总数,以及处于失败状态的请求数。 ![circuit-breaker-4](https://static.goodrain.com/wechat/envoy-circuitbreak/circuit-breaker-4.png) @@ -109,13 +108,12 @@ Re-query the number of tcp connections established in the Java-maven environment ![circuit-breaker-8](https://static.goodrain.com/wechat/envoy-circuitbreak/circuit-breaker-8.png) -If the number of concurrent users is continuously increased, the circuit breaker can be triggered again. +持续提升并发用户数量,则可以再次触发熔断。 --- ## Summarize -Circuit breaker is a very important part of the microservice network governance system.In the ServiceMesh microservice framework implemented by Rainbond combined with Envoy, the fuse mechanism implemented by plug-ins is easy to use and supports dynamic entry, which is very friendly to operators. +熔断是微服务网络治理体系中非常重要的一环。Circuit breaker is a very important part of the microservice network governance system.In the ServiceMesh microservice framework implemented by Rainbond combined with Envoy, the fuse mechanism implemented by plug-ins is easy to use and supports dynamic entry, which is very friendly to operators. In the next article, we will introduce the implementation of full streaming, so stay tuned. - diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-20-enovy2.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-20-enovy2.md index f44bb9227d..a484d593aa 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-20-enovy2.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-04-20-enovy2.md @@ -1,18 +1,17 @@ --- title: Envoy fuse current limiting practice (2) Rainbond based on RLS service full current limiting -description: Envoy fuse current limiting practice (2) Rainbond based on RLS service for full current limiting +description: Envoy can act as an agent in the Sevice Mesh Microservice Framework and Rainbond is also based on Envoy.The smelting practices described here are based on the implementation of Rainbond unique plugins mechanisms slug: enovy2 +image: https://static.goodrain.com/wechat/envoy-ratelimit/envoy.png --- -:::info -Envoy can be used as a proxy implementation in the Service Mesh microservice framework. The built-in microservice framework of Rainbond is also implemented based on Envoy.The circuit breaker practice described in this article is implemented based on Rainbond's unique plug-in mechanism. -::: +Envoy can be used as a proxy implementation in the Service Mesh microservice framework. The built-in microservice framework of Rainbond is also implemented based on Envoy.The circuit breaker practice described in this article is implemented based on Rainbond's unique plug-in mechanism.The smelting practices described here are based on the implementation of Rainbond unique plugins mechanisms. ## Envoy speed limit -While distributed circuit breakers are very effective in controlling throughput in a distributed system in most cases, sometimes it doesn't work very well and full throttle is required.The most common case is when a large number of hosts are forwarding to a small number of hosts and the average request latency is low (eg connections/requests to a database server).If the target host becomes the standby host, the downstream host will overwhelm the upstream cluster.In this case, it is difficult to configure each downstream host with sufficiently strict fuses so that the system can operate smoothly, while still preventing cascading failures when the system starts to fail.For this situation, a full throttle is a good solution. +尽管分布式熔断器在大多数情况下控制分布式系统中的吞吐量非常有效,但有时它的效果并不是很好,这时候便需要全局限速。最常见的情况是当大量主机转发到少量主机并且平均请求延迟很短时(例如,发送给数据库服务器的连接/请求)。若目标主机成为备机,则下游主机将压垮上游集群。在这种情况下,很难对每个下游主机配置足够严格的熔断器,使得系统可以平稳运行,同时,当系统开始出现故障时,仍然可以防止级联故障。对于这种情况,全局限速是一个很好的解决方案。 The Envoy global rate limit solution needs to be implemented based on a global RLS (rate limit service) service. RLS is designed as a Go/gRPC service that provides different rate limit scenarios for different types of applications. @@ -24,13 +23,13 @@ The Envoy global rate limit solution needs to be implemented based on a global R An out-of-the-box full rate limiting service has been incorporated into Rainbond's built-in open source app store, and users can install rate limiting services with one click based on the following operations. -* **Access to the built-in open source app store** +- **Access to the built-in open source app store** -> Select the **app market** tab on the left, switch to the **open source app store** tab on the page, and search for the keyword **rate limit**** to find the rate limiting service. +> Select the **app market** tab on the left, switch to the **open source app store** tab on the page, and search for the keyword **rate limit**\*\* to find the rate limiting service. ![ratelimit-2](https://static.goodrain.com/wechat/envoy-ratelimit/envoy-ratelimit-2.png) -* **A key installation** +- **A key installation** > Click **to install** on the right side of the rate limiting service to enter the installation page. After filling in the simple information, click **to confirm** to start the installation, and the page automatically jumps to the topology view. @@ -38,12 +37,12 @@ An out-of-the-box full rate limiting service has been incorporated into Rainbond parameter description: -| options | illustrate | -| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | -| Team Name | User-created workspace, isolated by namespace | -| cluster name | Choose which K8s cluster the rate limiting service is deployed to | +| options | illustrate | +| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | +| Team Name | User-created workspace, isolated by namespace | +| cluster name | Choose which K8s cluster the rate limiting service is deployed to | | Choose an application | Choose which application the rate limiting service will be deployed to. The application contains several related components | -| App version | Select the version of the rate limiting service, the current version is 1.4.0 | +| App version | Select the version of the rate limiting service, the current version is 1.4.0 | After a few minutes, the rate limiting service will be installed and running. @@ -89,11 +88,11 @@ The service components that need to be speed-limited need to meet the following - Dependency `Rate-limit-service` -Rainbond expands the operation and maintenance capabilities of the business through the plug-in mechanism. By installing the **-service integrated network management plug-in** , the management capabilities can be expanded at the network entrance of the speed-limited business.**Service integrated network management plug-in** essentially expands the capabilities of Envoy, and realizes the full speed limit function by calling `Rate-limit-service`. +Rainbond expands the operation and maintenance capabilities of the business through the plug-in mechanism. By installing the **-service integrated network management plug-in** , the management capabilities can be expanded at the network entrance of the speed-limited business.**Service integrated network management plug-in** essentially expands the capabilities of Envoy, and realizes the full speed limit function by calling `Rate-limit-service`.**服务综合网络治理插件** 本质上扩展了 Envoy 能力,通过调用 `Rate-limit-service` ,实现全局限速功能。 ![ratelimit-5](https://static.goodrain.com/wechat/envoy-ratelimit/envoy-ratelimit-5.png) -Make sure that `OPEN_LIMIT (whether to enable current limiting)` option is `YES`, `LIMIT_DOMAIN (domain name corresponding to the current limiting rule)` is consistent with `domian` in the full current limiting configuration above.So far, the configuration on the side of the speed-limited service is completed. +Make sure that `OPEN_LIMIT (whether to enable current limiting)` option is `YES`, `LIMIT_DOMAIN (domain name corresponding to the current limiting rule)` is consistent with `domian` in the full current limiting configuration above.So far, the configuration on the side of the speed-limited service is completed.至此,完成了被限速服务一侧的配置。 ![ratelimit-6](https://static.goodrain.com/wechat/envoy-ratelimit/envoy-ratelimit-6.png) @@ -113,7 +112,7 @@ Access denied, get a 429 return code, and prompt `Too Many Requests`, which is t ![ratelimit-8](https://static.goodrain.com/wechat/envoy-ratelimit/envoy-ratelimit-8.png) -The **-service integrated network management plug-in** installed by the speed-limited service supports dynamic configuration.This means that without stopping the service, you only need to set the `OPEN_LIMIT (whether to turn on the current limit)` option to `NO` and update the configuration, the service speed limit can be turned off, and the number of access errors will drop to 0. +被限速业务所安装的 **服务综合网络治理插件** 支持动态配置。The **-service integrated network management plug-in** installed by the speed-limited service supports dynamic configuration.This means that without stopping the service, you only need to set the `OPEN_LIMIT (whether to turn on the current limit)` option to `NO` and update the configuration, the service speed limit can be turned off, and the number of access errors will drop to 0. ![ratelimit-9](https://static.goodrain.com/wechat/envoy-ratelimit/envoy-ratelimit-9.png) @@ -123,5 +122,4 @@ The full speed limit takes effect on the network entry of the speed-limited busi ## Summarize -The full speed limit is an effective way to protect microservices in sudden traffic surge scenarios. The built-in microservice framework of Rainbond supports the Envoy service speed limit scheme that complies with the RLS specification.The configuration is very simple and supports dynamic changes. The examples in this article strive to show you the configuration practice of the full speed limit in the Rainbond system in an intuitive way. - +The full speed limit is an effective way to protect microservices in sudden traffic surge scenarios. The built-in microservice framework of Rainbond supports the Envoy service speed limit scheme that complies with the RLS specification.The configuration is very simple and supports dynamic changes. The examples in this article strive to show you the configuration practice of the full speed limit in the Rainbond system in an intuitive way.配置起来很简单,并且支持动态变更,本文中的示例力争以直观的方式为大家展现了全局限速在 Rainbond 体系中的配置实践。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-05-09-emqx.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-05-09-emqx.md index 5170419b6e..d2c5e26b3d 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-05-09-emqx.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-05-09-emqx.md @@ -1,23 +1,25 @@ --- title: One-click deployment of a highly available EMQX cluster in Rainbond -description: One-click deployment of a highly available EMQX cluster in Rainbond +description: EMQX is an open source distribution MQTT message server slug: emqx +image: https://static.goodrain.com/wechat/emqx/emqx.png --- -:::info article describes how to install a highly available [EMQX](https://www.emqx.com) cluster with one click through the cloud native application management platform [Rainbond](https://www.rainbond.com/?channel=emqx).This method is suitable for users who are not familiar with complex technologies such as Kubernetes and containerization, and lowers the threshold for deploying EMQX in Kubernetes. ::: +:::info article describes how to install a highly available [EMQX](https://www.emqx.com) cluster with one click through the cloud native application management platform [Rainbond](https://www.rainbond.com/?channel=emqx).This method is suitable for users who are not familiar with complex technologies such as Kubernetes and containerization, and lowers the threshold for deploying EMQX in Kubernetes. :::This approach is suitable for users who do not understand the complex technologies of Kubernetes, packaging, etc. and reduces the threshold for deployment of EMQX in Kubernetes. ## 1. Background information ### 1.1 The combination of Rainbond and EMQX -[Rainbond](https://www.rainbond.com/?channel=emqx) is an easy-to-use open source cloud-native application management platform.With it, users can complete the deployment and operation and maintenance of microservices in a graphical interface.With the help of the capabilities of Kubernetes and containerization technology, automatic operation and maintenance capabilities such as fault self-healing and elastic scaling can be empowered to users' businesses. + +[Rainbond](https://www.rainbond.com/?channel=emqx) is an easy-to-use open source cloud-native application management platform.With it, users can complete the deployment and operation and maintenance of microservices in a graphical interface.With the help of the capabilities of Kubernetes and containerization technology, automatic operation and maintenance capabilities such as fault self-healing and elastic scaling can be empowered to users' businesses.借助于它,用户可以在图形化界面中完成微服务的部署与运维。借助 Kubernetes 和容器化技术的能力,将故障自愈、弹性伸缩等自动化运维能力赋能给用户的业务。 Such users no longer need to care about how to deploy EMQX clusters. One-click installation of EMQX high-availability clusters through the open source application store greatly reduces the deployment burden of users using EMQX clusters. Currently, the latest version `4.4.3`is supported. ### 1.2 About application templates -The application template is an installation package for the Rainbond cloud-native application management platform. Based on it, users can install business systems into their own Rainbond with one click.No matter how complex the business system is, the application template will abstract it into an application, and install it together with the images, configuration information of all components in the application, and the relationship between all components. +The application template is an installation package for the Rainbond cloud-native application management platform. Based on it, users can install business systems into their own Rainbond with one click.No matter how complex the business system is, the application template will abstract it into an application, and install it together with the images, configuration information of all components in the application, and the relationship between all components.无论这个业务系统多么复杂,应用模版都会将其抽象成为一个应用,裹挟着应用内所有组件的镜像、配置信息以及所有组件之间的关联关系一并安装起来。 ## 2. Preconditions @@ -36,8 +38,6 @@ Select the **application market** tab on the left, switch to the **open source a Click **to install** on the right side of EMQX to enter the installation page. After filling in the simple information, click **to confirm** to start the installation, and the page automatically jumps to the topology view. - - ![](https://static.goodrain.com/wechat/emqx/2.png) parameter description: @@ -47,7 +47,7 @@ parameter description: | Team Name | User-created workspace, isolated by namespace | | cluster name | Choose which K8s cluster EMQX is deployed to | | Choose an application | Select which application EMQX is deployed to, the application contains several related components | -| App version | Select the version of EMQX, the current optional version is 4.4.3 | +| App version | Select the version of EMQX, the current optional version is 4.4.3 | After a few minutes, the EMQX cluster will be installed and running. @@ -55,16 +55,16 @@ After a few minutes, the EMQX cluster will be installed and running. ### 3.3 Verify the EMQX cluster -* View cluster nodes through Dashboard verification.Access the external service domain name of port `18083` of component `EMQX_Cluster-4.4.3` , you can log in to the EMQX Dashboard, and on the home page Nodes shows that all nodes are in the state of `Running`. +- 通过 Dashboard 验证查看集群节点。View cluster nodes through Dashboard verification.Access the external service domain name of port `18083` of component `EMQX_Cluster-4.4.3` , you can log in to the EMQX Dashboard, and on the home page Nodes shows that all nodes are in the state of `Running`. > Default account password: admin/public , which can be modified through environment variables `EMQX_DASHBOARD__DEFAULT_USERNAME` `EMQX_DASHBOARD__DEFAULT_PASSWORD` ![](https://static.goodrain.com/wechat/emqx/4.png) -* View the cluster nodes through the command line, enter the web terminal of component `EMQX_Cluster-4.4.3` , select any instance, and execute the following command: +- View the cluster nodes through the command line, enter the web terminal of component `EMQX_Cluster-4.4.3` , select any instance, and execute the following command: ```shell emqx_ctl cluster status ``` -![](https://static.goodrain.com/wechat/emqx/5.png) \ No newline at end of file +![](https://static.goodrain.com/wechat/emqx/5.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-05-10-neuvector.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-05-10-neuvector.md index cb56347ba2..b08e951a96 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-05-10-neuvector.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-05-10-neuvector.md @@ -1,22 +1,23 @@ --- title: Rainbond combines NeuVector to practice container security management -description: Rainbond combines NeuVector to practice container security management -slug: neuvector +description: NeuVector is the industry's first open-source container security platform +slug: newector +image: https://static.goodrain.com/wechat/neuvector/neuvector.png --- :::info -This article mainly describes the steps of installing and deploying the NeuVector container security platform based on Rainbond, as well as the best practices in the production environment with Rainbond. +This article mainly describes the steps to install and deploy the NeuVector container security platform based on Rainbond, as well as the best practices for implementing the production environment with Rainbond. ::: ## foreword -Rainbond is a cloud-native application management platform that is easy to use and does not require knowledge of containers, Kubernetes and the underlying complex technologies. It supports managing multiple Kubernetes clusters and managing the entire lifecycle of enterprise applications.However, with the little progress of the cloud-native era and the emergence of endless network container security incidents, everyone has a further idea of the importance of container security and network security. Similar container security incidents occur, and NeuVector is specially adapted to integrate. +Rainbond is a cloud-native application management platform that is easy to use and does not require knowledge of containers, Kubernetes and the underlying complex technologies. It supports managing multiple Kubernetes clusters and managing the entire lifecycle of enterprise applications.However, with the little progress of the cloud-native era and the emergence of endless network container security incidents, everyone has a further idea of the importance of container security and network security. Similar container security incidents occur, and NeuVector is specially adapted to integrate.But with little progress in the days of the births, the proliferation of security incidents in cyber containers has also given rise to further ideas about the safety and importance of the containers, and Rainbond has been particularly suited to the NeuVector in order to ensure that no similar container security incidents occur in the course of use by users. -NeuVector is the industry's first end-to-end open source container security platform, providing an enterprise-grade zero-trust security solution for containerized workloads.NeuVector can provide real-time in-depth container network visualization, east-west container network monitoring, active isolation and protection, container host security, and container internal security. The container management platform seamlessly integrates and automates application-level container security, suitable for various cloud environments. , container production environments such as cross-cloud or on-premises deployments. +Rainbond combines NeuVector to practice container security managementNeuVector is the industry's first end-to-end open source container security platform, providing an enterprise-grade zero-trust security solution for containerized workloads.NeuVector can provide real-time in-depth container network visualization, east-west container network monitoring, active isolation and protection, container host security, and container internal security. The container management platform seamlessly integrates and automates application-level container security, suitable for various cloud environments. , container production environments such as cross-cloud or on-premises deployments. -This article mainly describes the steps to install and deploy the NeuVector container security platform based on Rainbond, as well as the best practices for implementing the production environment with Rainbond. +This article mainly describes the steps of installing and deploying the NeuVector container security platform based on Rainbond, as well as the best practices in the production environment with Rainbond. ## Deploy NeuVector @@ -30,8 +31,6 @@ NeuVector is usually installed in the neuvector namespace, and in Rainbond, the - - **Docking helm store** Rainbond supports direct deployment of applications based on helm, so the next step is to connect to the official helm warehouse of neuvector, and then to deploy neuvector based on the Helm store. On the application market page, click Add store, select the helm store, and enter the relevant information to complete the connection. @@ -52,16 +51,16 @@ Modify the default key and value values configuration item: -| key | value | -| ---------------------------- | ---------------------------- | -| registry | docker.io | -| tag | 5.0.0-preview.1 | -| controller.image.repository | neuvector/controller.preview | -| enforcer.image.repository | neuvector/enforcer.preview | -| manager.image.repository | neuvector/manager.preview | -| cve.scanner.image.repository | neuvector/scanner.preview | -| cve.updater.image.repository | neuvector/updater.preview | -| manager.svc.type | ClusterIP | +| key | value | +| ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | +| Registration | docker.io | +| tag | 5.0.0- preview.1 | +| controller.image.repository | neuvector/controller.preview | +| enforceer.image.repository | neuvector/enforcer.preview | +| manager.image.repository | neuvector/manager.preview | +| cve.scanner.image.repository | neuvector/scanner.preview | +| cve.updater.image.repository | neuvector/updater.preview | +| manager.svc.type | ClusterIP | After the installation is complete, confirm that the status of the pod is Running @@ -73,12 +72,12 @@ neuvector provides a visual operation interface, the installation process will a The following are the options that need to be configured -| component name | neuvector-web | +| component name | newector-web | | ----------------------------- | ----------------------- | -| Component English name | neuvector | +| Component English name | newector | | Component registration method | kubernetes | -| Namespace | neuvector | -| Service | neuvector-service-webui | +| Namespace | newector | +| Service | newvector-service-webui | After the addition is complete, you need to add and open the port (8443) for external access. The default username and password are both `admin/admin` @@ -88,13 +87,11 @@ Note that when accessing:, you need to access it in the form of https, so far - - ## NeuVector Best Practices ### Network Traffic Monitoring Governance -The network activity provided by NeuVector can clearly view the network traffic trend between each pod.As well as the corresponding ports and rules, you can view the direction more clearly. +The network activity provided by NeuVector can clearly view the network traffic trend between each pod.As well as the corresponding ports and rules, you can view the direction more clearly.As well as the corresponding ports, rules, a clearer view trajectory. The blue line represents the normal flow recorded in the learning mode. @@ -104,8 +101,6 @@ Red means that it is recorded in the protected mode, and the trend is rejected, ![](https://static.goodrain.com/wechat/neuvector/9.png) - - ### Use of learning mode, monitoring mode, protected mode NeuVector's group supports 3 modes:learning mode, monitoring mode and protection mode; the functions of each mode are as follows: @@ -128,8 +123,6 @@ NeuVector monitors the network and process operation of containers and hosts, an For the above three modes, the best practices suitable for the production environment can be summarized. When a new business is ready to go online, it can be defaulted to the learning mode. After a period of learning, the rules of the container and the host are recorded, and then Convert to monitoring mode, run for a period of time, monitor whether there are special network traffic and host processes, help us record special network trends, and alarm to confirm whether to release, and finally switch to monitoring mode to avoid some malicious operations against us the environment poses unnecessary danger. - - ### Cluster-based image repository for vulnerability checking The smallest unit of the kubernetes cluster deployment business is the pod, but the most important part of the pod is the image. NeuVector can also perform vulnerability checks based on the image to avoid injecting special vulnerability mechanisms into the image. @@ -141,7 +134,7 @@ If you use an external mirror repository when connecting to Rainbond, and the do edit coredns ```shell -kubectl edit cm coredns -n kube-system +kubtl edit cm coredns - n kube-system ``` @@ -149,13 +142,13 @@ kubectl edit cm coredns -n kube-system Get the IP resolved by goodrain.me ```shell -kubectl get rainbondcluster -n rbd-system -oyaml | egrep -v [A-Za-z{}] +kubtl get rainbondcluster -n rbd-system -oyaml | egrep -v [A-Za-z{}] ``` Add the following content in the specified location, pay attention to modify the IP ```shell -hosts { +hosts LO 192.168.0.1 goodrain.me fallthrough } @@ -168,7 +161,7 @@ On the left side of the NeuVector web interface, select the asset > image repos The default user of goodrain.me is admin, and the password is obtained by the following command ```shell - kubectl get rainbondcluster -n rbd-system -oyaml | grep password | sed "1d" + kubectl get rainbondcluster -n rbd-system -yaml | grep password | sed "1d" ``` After the mirror scan is completed, the mirror information will be displayed below. Click the name of the mirror you want to view to view the detailed information. The following is for reference. @@ -178,4 +171,3 @@ After the mirror scan is completed, the mirror information will be displayed bel ## write at the end Through this article, I hope that you can successfully deploy the NeuVector container security platform based on Rainbond, and you can do the corresponding operations according to the best practices. Of course, the functions of NeuVector are far more than that, and you still need to continue to explore, constantly practice. - diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-06-nocalhost.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-06-nocalhost.md index b904f87a9c..008d248bd8 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-06-nocalhost.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-06-nocalhost.md @@ -1,17 +1,16 @@ --- title: Use Nocalhost to develop microservice applications on Rainbond -description: Use Nocalhost to develop microservice applications on Rainbond +description: Nocalhost is an open-source IDE-based cloud app development tool slug: nocalhost +image: https://static.goodrain.com/wechat/noocalhost/nocalhost.png --- -:::info This article will introduce how to use Nocalhost to quickly develop the development process and practical steps of microservice applications on Rainbond. -::: - - Nocalhost can directly develop applications in Kubernetes, and Rainbond can quickly deploy microservice projects without writing Yaml. Nocalhost combined with Rainbond accelerates our microservice development efficiency. + + ## 1. Introduction **[Nocalhost](https://nocalhost.dev "Nocalhost") is an open source IDE-based cloud native application development tool:** @@ -22,7 +21,7 @@ Nocalhost can directly develop applications in Kubernetes, and Rainbond can quic **[Rainbond](https://www.rainbond.com/docs "Rainbond") is a cloud-native application management platform:** -* It is easy to use, does not need to understand containers, Kubernetes and the underlying complex technologies, supports the management of multiple Kubernetes clusters, and manages the entire life cycle of enterprise applications.The main functions include application development environment, application market, microservice architecture, application delivery, application operation and maintenance, application-level multi-cloud management, etc. +- It is easy to use, does not need to understand containers, Kubernetes and the underlying complex technologies, supports the management of multiple Kubernetes clusters, and manages the entire life cycle of enterprise applications.The main functions include application development environment, application market, microservice architecture, application delivery, application operation and maintenance, application-level multi-cloud management, etc.主要功能包括应用开发环境、应用市场、微服务架构、应用交付、应用运维、应用级多云管理等。 ## 2. Local + Rainbond development of microservices @@ -32,44 +31,45 @@ In the past, when we developed microservices locally + Rainbond, we ran the modu This will encounter some problems: -* Difficulty in multi-person collaborative development and joint debugging -* local environment differentiation -* Cannot call other microservices through the registry (Nacos) -* Remote debugging is difficult -* Limited to local resources +- Difficulty in multi-person collaborative development and joint debugging +- local environment differentiation +- Cannot call other microservices through the registry (Nacos) +- Remote debugging is difficult +- Limited to local resources ## 3. Use Nocalhost + Rainbond to develop microservices -Now when we develop microservices through Nocalhost + Rainbond, all services run on Rainbond. When developing, the local Vscode is directly connected to the Rainbond component, and is synchronized with the local code to the Rainbond component in real time.When multiple people develop joint debugging, they can conduct joint debugging between services through the built-in Service Mesh of Rainbond. +Now when we develop microservices through Nocalhost + Rainbond, all services run on Rainbond. When developing, the local Vscode is directly connected to the Rainbond component, and is synchronized with the local code to the Rainbond component in real time.When multiple people develop joint debugging, they can conduct joint debugging between services through the built-in Service Mesh of Rainbond.多人开发联调时,可通过 Rainbond 内置的 Service Mesh 进行服务之间联调。 ![](https://static.goodrain.com/wechat/nocalhost/18.png) -**Using:to develop, you can solve the problems encountered in local development0** +**使用 Nocalhost 开发,可以解决本地开发时遇到的问题:** -* Multi-person joint debugging and development are more convenient -* Services all run on Rainbond, no longer limited to local -* closer to production -* Remote Debug -* Call other microservice components through the registry (Nacos) +- Multi-person joint debugging and development are more convenient +- Services all run on Rainbond, no longer limited to local +- closer to production +- Remote Debug +- Call other microservice components through the registry (Nacos) ## 4. Practical steps Nocalhost currently supports two development: -* Repliace DevMode -* Duplicate DevMode +- Repliace DevMode +- Duplicate DevMode This article will mainly introduce Replace DevMode. When entering Replace DevMode, Nocalhost will perform the following operations on the component: 1. Reduce the number of copies to 1 - 2. Replace the container's image with a development image -3. Add a sidecar container. +3. Add a sidecar container. 4. Forward a local port to the file sync server. + 5. Start the local file sync client. + 6. Open a remote terminal. ### 4.1 Install Nocalhost plugin @@ -92,6 +92,7 @@ We choose [to install Rainbond](https://www.rainbond.com/docs/installation/insta ![](https://static.goodrain.com/wechat/nocalhost/4.png) 2. We copy `kubeconfig` files to local and save as `yaml` files. + 3. Open Vscode, click button , open the Nocalhost plugin, select Connect to Cluster, select the path of our `kubeconfig` file, and click Add Cluster to add a cluster. 4. After the addition is complete, as shown in Figure: @@ -140,15 +141,15 @@ We click 🔨 next to it to enter the development mode, 1. Install project dependencies, execute - ```shell - npm install + ```shell + npm install ``` 2. run the project - ```shell - npm run dev - ``` + ```shell + npm run dev + ``` After startup, the effect is as follows, the port in the container is 80 @@ -166,7 +167,7 @@ After startup, the effect is as follows, the port in the container is 80 The above has demonstrated that if the service in the remote container is accessed locally, let's modify the code to see the effect. -Modify `src/page/wel.vue`, add a piece of code, save it.It can be found that when we save, the terminal is automatically restarted, which is consistent with the local development effect. +修改 `src/page/wel.vue`,新增一段代码,保存。Modify `src/page/wel.vue`, add a piece of code, save it.It can be found that when we save, the terminal is automatically restarted, which is consistent with the local development effect. Modifications to files are synced to the container in real time. @@ -176,12 +177,8 @@ Refresh page`http://localhost:38000`, you can see that the modified content has ![](https://static.goodrain.com/wechat/nocalhost/17.png) - - ## write at the end Through the above practical steps, we have been able to develop microservice applications on Rainbond through Nocalhost, get rid of local development, and enter cloud-native rapid development to improve our development efficiency. This article only introduces the basic development, you can also configure [Nocalhost development configuration](https://nocalhost.dev/docs/config/config-overview-en "Nocalhost开发配置") for the project, etc. Friends can explore by themselves. - - diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-14-ceph.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-14-ceph.md index 4827217f8d..516b73c2f4 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-14-ceph.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-14-ceph.md @@ -1,32 +1,31 @@ --- title: The practice of combining cloud native storage solution Rook-Ceph with Rainbond -description: The practice of combining cloud native storage solution Rook-Ceph with Rainbond +description: The foundations are shaken by the mountains.Regardless of the architecture of the system, the choice of bottom storage is a topic worth exploring. slug: ceph +image: https://static.goodrain.com/wechat/rook-ceph/ceph.png --- -:::info -The foundation is not firm, and the ground is shaking.Regardless of the architecture, the choice of underlying storage is a topic worth exploring.Storage carries the data of the business, and its performance directly affects the actual performance of the business application.It is precisely because the data of storage and business are closely related, and its reliability must also be paid attention to. Once the failure of storage leads to the loss of business data, it will be a disaster-level accident. -::: +The foundations are shaken by the mountains.Regardless of the architecture of the system, the choice of bottom storage is a topic worth exploring.The data contained in the business is stored and its performance directly affects the actual performance of the business application.It is precisely because of the close connection between the stored and the business data and their reliability that must be addressed, which will be a disaster level accident once the storage lapses result in the loss of business data. ## 1. The path of storage choices in the cloud-native era -In recent years, my work has always revolved around the construction of customer Kubernetes clusters.How to choose a stable and reliable storage solution with excellent performance for the customer's Kubernetes cluster has always troubled me. +最近几年,我的工作内容始终围绕着客户 Kubernetes 集群的建设。In recent years, my work has always revolved around the construction of customer Kubernetes clusters.How to choose a stable and reliable storage solution with excellent performance for the customer's Kubernetes cluster has always troubled me. -The most basic functional requirement that the storage volume can be remounted after the Pod is drifted to another node made me focus on the storage type of the shared file system from the beginning.I chose Nfs at the beginning, and then put it into the embrace of Glusterfs. Until recently, I started to explore other better cloud-native storage solutions. Along the way, I also have a certain understanding of various storages.They each have their own characteristics: +存储卷可以在 Pod 漂移到其他节点后重新挂载这一最基础的功能性要求,让我一开始就把目光放在了共享文件系统这一存储类型上。最开始选择了 Nfs,到后来又投入了 Glusterfs 的怀抱,直到最近开始努力探索其他更好的云原生存储解决方案,这一路走来也让我对各种存储有了一定的了解。它们各自有着自己的特点: -- Nfs:Nfs is an old-fashioned storage solution based on network sharing files.Its advantage is simplicity and efficiency.Its shortcomings are also more obvious, the server has a single point of failure, and there is no replication mechanism for data.In some scenarios that do not require high reliability, Nfs is still the best choice. +- Nfs:Nfs is an old-fashioned storage solution based on network sharing files.Its advantage is simplicity and efficiency.Its shortcomings are also more obvious, the server has a single point of failure, and there is no replication mechanism for data.In some scenarios that do not require high reliability, Nfs is still the best choice.它的优点是简单高效。它的缺点也比较明显,服务端单点故障,数据没有复制机制。在某些对可靠性要求不高的场景下,Nfs依然是不二之选。 -- Glusterfs:is an open source distributed shared storage solution.Compared with Nfs, Gfs improves the reliability of data through multi-copy replica sets, and the mechanism of adding Brick also makes the expansion of the storage cluster no longer limited to one server.Gfs was once the first choice of our department in the production environment. By setting the replication factor to 3, the reliability of the data can be ensured, and the problem of data split-brain in the distributed system can be avoided.After going forward with Gfs for a long time, we also found its performance shortcomings in the scenario of intensive small file reading and writing.Moreover, the storage of a single shared file system type gradually no longer meets the needs of our usage scenarios. +- Glusterfs:这是一种开源的分布式共享存储解决方案。相对于 Nfs 而言,Gfs 通过多副本复制集提升了数据的可靠性,添加 Brick 的机制也让存储集群的扩展不再受限于一台服务器。Gfs 一度是我部在生产环境下的首选,通过将复制因子设置为 3 ,保障了数据的可靠性的同时,又能够避免分布式系统下的数据脑裂的问题。伴随 Gfs 一起前进了很久之后,我们也发现了它在密集小文件读写场景下的性能短板。而且单一的共享文件系统类型的存储,也渐渐不再满足我们的使用场景需要。 -Our search for more suitable storage has not stopped.In the past two years, the concept of cloud native has become very popular, and various cloud native projects have emerged in the community, including storage-related projects.At first, we focused on Ceph, which attracted us most because of its high-performance block device type storage.However, it was once persuaded by its complex deployment method and high operation and maintenance threshold.The emergence of Rook, the CNCF graduation project, finally leveled the last threshold for contacting Ceph. +我们在寻找更合适的存储这一道路上一直没有停止探索。这两年云原生概念炙手可热,社区中不断涌现出来各种云原生领域项目,其中也不乏存储相关的项目。最开始,我们将目光放在 Ceph 身上,它最吸引我们的是可以提供高性能的块设备类型存储。然而被其复杂的部署方式、较高的运维门槛一度劝退。而 CNCF 毕业项目 Rook 的出现,终于铲平了接触 Ceph 的最后一道门槛。 -The Rook project provides a cloud-native storage orchestration tool, provides platform-level and framework-level support for various types of storage, and manages the installation, operation and maintenance of storage software.Rook officially included Ceph Operator as a stable supported feature in version 0.9 released in 2018, and it has been several years so far.Using Rook to deploy and manage a production-level Ceph cluster is quite robust. +The Rook project provides a cloud-native storage orchestration tool, provides platform-level and framework-level support for various types of storage, and manages the installation, operation and maintenance of storage software.Rook officially included Ceph Operator as a stable supported feature in version 0.9 released in 2018, and it has been several years so far.Using Rook to deploy and manage a production-level Ceph cluster is quite robust.Rook 在 2018 年发布的 0.9 版本中,正式将 Ceph Operator 作为稳定支持的特性,迄今已经数年。使用 Rook 部署和管理生产级别的 Ceph 集群还是非常稳健的。 -Compared with Gfs, Rook-Ceph provides block device type storage with extremely high performance, which is equivalent to mounting a hard disk for Pod, and it is not difficult to deal with the scenario of intensive small file reading and writing.In addition to providing block device type storage, Rook-Ceph can also provide distributed shared storage based on Cephfs, and object storage based on the S3 protocol.Unified management of multiple storage types, and a visual management interface is provided, which is very friendly to operation and maintenance personnel. +相对于 Gfs ,Rook-Ceph 提供了性能极高的块设备类型存储,这相当于为 Pod 挂载了一块硬盘,应对密集小文件读写场景并非难事。Compared with Gfs, Rook-Ceph provides block device type storage with extremely high performance, which is equivalent to mounting a hard disk for Pod, and it is not difficult to deal with the scenario of intensive small file reading and writing.In addition to providing block device type storage, Rook-Ceph can also provide distributed shared storage based on Cephfs, and object storage based on the S3 protocol.Unified management of multiple storage types, and a visual management interface is provided, which is very friendly to operation and maintenance personnel.多种存储类型统一管理,并提供了可视化管理界面,对于运维人员非常友好。 -As a CNCF graduate project, Rook-Ceph's support for cloud-native scenarios is beyond doubt.The deployed Rook-Ceph cluster provides a CSI plug-in, which provides data volumes to Kubernetes in the form of StorageClass, and is also very friendly to various cloud-native PaaS platforms that are compatible with the CSI specification. +作为 CNCF 毕业项目,Rook-Ceph 对云原生场景的支持毋庸置疑。As a CNCF graduate project, Rook-Ceph's support for cloud-native scenarios is beyond doubt.The deployed Rook-Ceph cluster provides a CSI plug-in, which provides data volumes to Kubernetes in the form of StorageClass, and is also very friendly to various cloud-native PaaS platforms that are compatible with the CSI specification. ## 2. The connection between Rainbond and Rook @@ -34,7 +33,7 @@ In Rainbond V5.7.0-release, support for the Kubernetes CSI container storage int ![](https://static.goodrain.com/wechat/rook-ceph/rook-ceph-1.png) -During the installation and deployment phase of Rainbond, Cephfs will be referenced to deploy the shared storage provided by default for all service components.For stateful service components, when adding persistent storage, you can select all available StorageClasses in the current cluster, and you can apply for a block device to mount by selecting `rook-ceph-block` , and the whole process is graphically interfaced. Very convenient. +During the installation and deployment phase of Rainbond, Cephfs will be referenced to deploy the shared storage provided by default for all service components.For stateful service components, when adding persistent storage, you can select all available StorageClasses in the current cluster, and you can apply for a block device to mount by selecting `rook-ceph-block` , and the whole process is graphically interfaced. Very convenient.而对于有状态的服务组件而言,添加持久化存储时,可以选择当前集群中所有可用的 StorageClass,通过选择 `rook-ceph-block` 即可申请块设备进行挂载,全程图形化界面操作,十分方便。 How to deploy Rook-Ceph and connect it to Rainbond, please refer to document [Rook-Ceph connection solution](https://www.rainbond.com/docs/ops-guide/storage/ceph-rbd "Rook-Ceph 对接方案"). @@ -44,7 +43,7 @@ In this chapter, I will describe the various usage experiences after Rainbond is ### 3.1 Using shared storage -Rainbond connects to Cephfs as a cluster shared storage by specifying parameters during the installation phase.In the process of using Helm to install Rainbond, the key docking parameters are as follows: +Rainbond connects to Cephfs as a cluster shared storage by specifying parameters during the installation phase.In the process of using Helm to install Rainbond, the key docking parameters are as follows:在使用 Helm 安装 Rainbond 的过程中,关键的对接参数如下: ```bash --set Cluster.RWX.enable=true \ @@ -66,7 +65,7 @@ pvc-faa3e796-44cd-4aa0-b9c9-62fa0fbc8417 500Gi RWX Retain Bound guox-system/manu ### 3.2 Mounting a block device -Except for the default shared storage, all StorageClasses in the cluster are exposed to stateful services.Manually select `rook-ceph-block` to create block device type storage and mount it for Pod use.When the service component has multiple instances, each Pod will generate a block device mount to use. +除了默认的共享存储之外,其他所有集群中的 StorageClass 都面向有状态服务开放。手动选择 `rook-ceph-block` 即可创建块设备类型存储,并挂载给 Pod 使用。Except for the default shared storage, all StorageClasses in the cluster are exposed to stateful services.Manually select `rook-ceph-block` to create block device type storage and mount it for Pod use.When the service component has multiple instances, each Pod will generate a block device mount to use. ![](https://static.goodrain.com/wechat/rook-ceph/rook-ceph-3.png) @@ -79,7 +78,7 @@ pvc-5172cb7a-cf5b-4770-afff-153c981ab09b 50Gi RWO Delete Bound guox-system/manua ### 3.3 Open the dashboard -The visual operation interface Ceph-dashboard is installed by default when Rook-Ceph is deployed.Here, you can monitor the entire storage cluster, and you can also change the configuration of various storage types based on graphical interface operations. +Rook-Ceph 默认部署时安装了可视化操作界面 Ceph-dashboard。The visual operation interface Ceph-dashboard is installed by default when Rook-Ceph is deployed.Here, you can monitor the entire storage cluster, and you can also change the configuration of various storage types based on graphical interface operations. Modify Ceph cluster configuration to disable dashboard built-in ssl: @@ -115,7 +114,7 @@ kubectl -n rook-ceph get secret rook-ceph-dashboard-password -o jsonpath="{['dat ### 3.4 Using Object Storage -Please refer to document [Rook-Ceph deployment interface](https://www.rainbond.com/docs/ops-guide/storage/ceph-rbd "Rook-Ceph 对接方案") , you can deploy object storage in Rook-Ceph.By simply passing the service ClusterIP of the object storage through a third-party service proxy, we can obtain an object storage address that can be accessed by multiple clusters managed by the same console at the same time.Rainbond can implement cloud backup and migration based on this feature. +Please refer to document [Rook-Ceph deployment interface](https://www.rainbond.com/docs/ops-guide/storage/ceph-rbd "Rook-Ceph 对接方案") , you can deploy object storage in Rook-Ceph.By simply passing the service ClusterIP of the object storage through a third-party service proxy, we can obtain an object storage address that can be accessed by multiple clusters managed by the same console at the same time.Rainbond can implement cloud backup and migration based on this feature.只需要将对象存储的 service ClusterIP 通过第三方服务代理,我们就可以得到一个可以被同个控制台纳管的多个集群同时访问的对象存储地址。Rainbond 可以基于这一特性,实现云端备份迁移功能。 Get the svc address:of the object store @@ -133,22 +132,18 @@ By filling in the object storage bucket, access-key, and secret-key created in C ## 4. Performance comparison test -We use the sysbench tool to test the performance of Mysql using different types of storage. Except that the data directory is mounted with different types of storage, other experimental conditions are the same.The storage types participating in the test include Glusterfs, Cephfs, and Ceph-RBD. +We use the sysbench tool to test the performance of Mysql using different types of storage. Except that the data directory is mounted with different types of storage, other experimental conditions are the same.The storage types participating in the test include Glusterfs, Cephfs, and Ceph-RBD.参与测试的存储类型包括 Glusterfs、Cephfs、Ceph-RBD 三种。 The data collected are transactions per second (TPS) and requests per second (QPS) returned by the sysbench test: -| storage type | Mysql memory | QPS | TPS | -| ------------ | ------------ | -------- | ------- | +| storage type | Mysql memory | QPS | TPS | +| ------------ | ------------ | ------------------------ | ----------------------- | | Glusterfs | 1G | 4600.22 | 230.01 | | Cephfs | 1G | 18095.08 | 904.74 | | Ceph-RBD | 1G | 24852.58 | 1242.62 | The test results are obvious, the Ceph block device has the highest performance, and Cephfs also has obvious performance advantages over Glusterfs. - - ## 5. Write at the end -Adapting to the Kubernetes CSI container storage interface is a major feature of Rainbond v5.7.0-release. This feature allows us to easily interface with Rook-Ceph, an excellent storage solution.Through the description of the use experience of Rook-Ceph and the final performance test comparison, it has to be said that Rook-Ceph will soon become a main direction of our exploration in the field of cloud native storage. - - +Adapting to the Kubernetes CSI container storage interface is a major feature of Rainbond v5.7.0-release. This feature allows us to easily interface with Rook-Ceph, an excellent storage solution.Through the description of the use experience of Rook-Ceph and the final performance test comparison, it has to be said that Rook-Ceph will soon become a main direction of our exploration in the field of cloud native storage.通过对 Rook-Ceph 的使用体验的描述以及最后的性能测试对比,不得不说,Rook-Ceph 即将成为我们在云原生存储领域探索的一个主攻方向。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-23-fluentd.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-23-fluentd.md index ed217944e1..a39ef38ce5 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-23-fluentd.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-23-fluentd.md @@ -2,20 +2,18 @@ title: Easy to use Fluentd, combined with Rainbond plugin market, log collection is faster description: Easy to use Fluentd, combined with Rainbond plugin market, log collection is faster slug: fluentd +image: https://static.goodrain.com/wechat/flunetd/fluentd.png --- -:::info This article introduces the use of the Fluentd plugin in Rainbond to collect business logs and output to multiple different services. -::: - +There was an article in the past that introduced [EFK (Kibana + ElasticSearch + Filebeat)](https://mp.weixin.qq.com/s/XCTja56IibLDlASQkdonMA)plug-in log collection.The Filebeat plugin is used to forward and centralize log data and forward them to Elasticsearch or Logstash for indexing, but Filebeat, as a member of Elastic, can only be used across the entire Elastic stack.The Filebeat plugin is used to forward and centralize log data and forward them to Elasticsearch or Logstash for indexing, but Filebe used as a member of the Elastic system only. -There was an article in the past that introduced [EFK (Kibana + ElasticSearch + Filebeat)](https://mp.weixin.qq.com/s/XCTja56IibLDlASQkdonMA)plug-in log collection.The Filebeat plugin is used to forward and centralize log data and forward them to Elasticsearch or Logstash for indexing, but Filebeat, as a member of Elastic, can only be used across the entire Elastic stack. + ## Fluentd -Fluentd is an open source, distributed log collection system, which can collect logs from different services and data sources, filter and process the logs, and distribute them to various storage and processing systems.It supports various plug-ins and data caching mechanisms, and requires very few resources. It has built-in reliability, and combined with other services, it can form an efficient and intuitive log collection platform. - +Fluentd is an open source, distributed log collection system, which can collect logs from different services and data sources, filter and process the logs, and distribute them to various storage and processing systems.It supports various plug-ins and data caching mechanisms, and requires very few resources. It has built-in reliability, and combined with other services, it can form an efficient and intuitive log collection platform.支持各种插件,数据缓存机制,且本身所需的资源很少,内置可靠性,结合其他服务,可以形成高效直观的日志收集平台。 ## 1. Integrated Architecture @@ -32,13 +30,13 @@ We made Fluentd as Rainbond's `general type plug-in` After the application is st Rainbond V5.7.0 has added:**Install plugins from open source app stores**The plugins in this article have been released to open source app stores. When we use them, we can install them with one click, and modify the configuration files as needed. -The Rainbond plug-in system is a part of the Rainbond application model. The plug-ins are mainly used to realize the extended operation and maintenance capabilities of the application container.Because the implementation of operation and maintenance tools has a large commonality, the plug-in itself can be reused.Plugins have runtime status only when they are bound to the application container to implement an operation and maintenance capability, such as performance analysis plugins, network governance plugins, and initialization type plugins. +The Rainbond plug-in system is a part of the Rainbond application model. The plug-ins are mainly used to realize the extended operation and maintenance capabilities of the application container.Because the implementation of operation and maintenance tools has a large commonality, the plug-in itself can be reused.Plugins have runtime status only when they are bound to the application container to implement an operation and maintenance capability, such as performance analysis plugins, network governance plugins, and initialization type plugins.由于运维工具的实现有较大的共性,因此插件本身可以被复用。插件必须绑定到应用容器时才具有运行时状态,用以实现一种运维能力,比如性能分析插件、网络治理插件、初始化类型插件。 In the process of making Fluentd plug-ins, **general type plug-ins**are used, which can be understood as one POD starts two Containers. Kubernetes natively supports starting multiple Containers in one POD, but the configuration is relatively complicated. User operation is simpler. ## 3. EFK log collection practice -The Fluentd-ElasticSearch7 output plugin writes log records to Elasticsearch.By default, it creates records using the bulk API, which performs multiple indexing operations in a single API call.This reduces overhead and can greatly improve indexing speed. +The Fluentd-ElasticSearch7 output plugin writes log records to Elasticsearch.By default, it creates records using the bulk API, which performs multiple indexing operations in a single API call.This reduces overhead and can greatly improve indexing speed.默认情况下,它使用批量 API创建记录,该 API 在单个 API 调用中执行多个索引操作。这减少了开销并可以大大提高索引速度。 ### 3.1 Operation steps @@ -47,8 +45,8 @@ Both applications (Kibana + ElasticSearch) and plugins (Fluentd) can be deployed 1. Docking with open source app stores 2. Search `elasticsearch` in app store and install `7.15.2` version. 3. Team View -> plugins -> install from app store `Fluentd-ElasticSearch7` plugins -4. Create a component based on an image, the image uses `nginx:latest`, and the mount storage is`var/log/nginx`.Here use `Nginx:latest` as demo - * After the storage is mounted in the component, the plugin will also mount the storage and access the log files generated by Nginx. +4. Create a component based on an image, the image uses `nginx:latest`, and the mount storage is`var/log/nginx`.Here use `Nginx:latest` as demo这里使用 `Nginx:latest` 作为演示 + - After the storage is mounted in the component, the plugin will also mount the storage and access the log files generated by Nginx. 5. Open the plug-in in the Nginx component, you can modify the `Fluentd` configuration file as needed, please refer to the introduction to the configuration file below. ![](https://static.goodrain.com/wechat/flunetd/2.png) @@ -99,31 +97,29 @@ Configuration file reference Fluentd documentation [output_elasticsearch](https: Configuration item explanation: -| configuration item | explain | -| ------------------ | ----------------------------------------------------------------------------------------------- | -| @type | Collection log type, tail indicates incremental read log content | -| path | Log path, multiple paths can be separated by commas | -| pos_file | Used to mark the path where the position file has been read | -| \parse \parse | For log format parsing, write the corresponding parsing rules according to your own log format. | - -| configuration item | explain | -| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | -| @type | Type of service output to | -| log_level | Set the output log level to info; the supported log levels are:`fatal`, `error`, `warn`, `info`, `debug`, `trace`. | -| hosts hosts | address of elasticsearch | -| port | port of elasticsearch | -| user/password | Username/password used by elasticsearch | -| index_name | index defined name | -| \buffer\buffer | The log buffer is used to cache log events and improve system performance.Memory is used by default, and file files can also be used | +| configuration item | explain | +| ----------------------------- | --------------------------------------------------------------------------------------------------------------- | +| @type | Collection log type, tail indicates incremental read log content | +| path | Log path, multiple paths can be separated by commas | +| pos_file | Used to mark the path where the position file has been read | +| \parse \parse | For log format parsing, write the corresponding parsing rules according to your own log format. | + +| configuration item | explain | +| ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| @type | Type of service output to | +| log_level | Set the output log level to info; the supported log levels are:`fatal`, `error`, `warn`, `info`, `debug`, `trace`. | +| hosts hosts | address of elasticsearch | +| port | port of elasticsearch | +| user/password | Username/password used by elasticsearch | +| index_name | index defined name | +| \buffer\buffer | The log buffer is used to cache log events and improve system performance.Memory is used by default, and file files can also be used默认使用内存,也可以使用file文件 | | chunk_limit_size | Maximum size of each block: events will be written in blocks until the size of the block becomes this size, the memory defaults to 8M, and the file is 256M | -| queue_limit_length | The queue length limit for this buffer plugin instance | -| flush_interval | Buffer log flush event, the default is to flush the output once every 60s | -| retry_max_times | Maximum number of times to retry failed block output | +| queue_limit_length | The queue length limit for this buffer plugin instance | +| flush_interval | Buffer log flush event, the default is to flush the output once every 60s | +| retry_max_times | Maximum number of times to retry failed block output | The above are only some of the configuration parameters, other configurations can be customized with the official website documentation. - - ## Fourth, Fluentd + Minio log collection practice The Fluentd S3 output plugin writes log records to standard S3 object storage services such as Amazon, Minio. @@ -132,20 +128,20 @@ The Fluentd S3 output plugin writes log records to standard S3 object storage se Both applications (Minio) and plugins (Fluentd S3) can be deployed with one click through the open source app store. -1. Docking with open source app stores.Search for `minio`in the open source app store, and install `22.06.17` version. +1. 对接开源应用商店。Docking with open source app stores.Search for `minio`in the open source app store, and install `22.06.17` version. 2. Team View -> Plugins -> Install `Fluentd-S3` Plugins from the app store. 3. Access the Minio 9090 port, the user password is obtained in the Minio component-> dependency. - * Create Bucket with custom name. + - Create Bucket with custom name. - * Go to Configurations -> Region and set Service Location - * In the configuration file of the Fluentd plugin, `s3_region` defaults to `en-west-test2`. + - Go to Configurations -> Region and set Service Location + - In the configuration file of the Fluentd plugin, `s3_region` defaults to `en-west-test2`. -4. Create a component based on an image, the image uses `nginx:latest`, and the mount storage is`var/log/nginx`.Here use `Nginx:latest` as demo +4. Create a component based on an image, the image uses `nginx:latest`, and the mount storage is`var/log/nginx`.Here use `Nginx:latest` as demo这里使用 `Nginx:latest` 作为演示 - * After the storage is mounted in the component, the plugin will also mount the storage and access the log files generated by Nginx. + - After the storage is mounted in the component, the plugin will also mount the storage and access the log files generated by Nginx. 5. Enter the Nginx component, activate the Fluentd S3 plugin, and modify `s3_bucket` `s3_region`in the configuration file @@ -196,31 +192,29 @@ The configuration file refers to Fluentd document [Apache to Minio](https://docs Configuration item explanation: - -| configuration item | explain | -| ------------------ | ----------------------------------------------------------------------------------------------- | -| @type | Collection log type, tail indicates incremental read log content | -| path | Log path, multiple paths can be separated by commas | -| pos_file | Used to mark the path where the position file has been read | -| \parse\parse | For log format parsing, write the corresponding parsing rules according to your own log format. | - - -| configuration item | explain | -| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -| @type | Type of service output to | -| aws_key_id | Minio Username | -| aws_sec_key | Minio password | -| s3_endpoint | Minio access address | -| s3_bucket | Minio bucket name | -| force_path_style | Prevent AWS SDK from breaking endpoint URLs | -| time_slice_format | Add this timestamp to every filename | -| \buffer\buffer | The log buffer is used to cache log events and improve system performance.Memory is used by default, and file files can also be used | -| timekey | Accumulated chunks are refreshed every 60 seconds | -| timekey_wait | Wait 10 seconds to refresh | -| chunk_limit_size | Maximum size of each block | +| configuration item | explain | +| ----------------------------- | --------------------------------------------------------------------------------------------------------------- | +| @type | Collection log type, tail indicates incremental read log content | +| path | Log path, multiple paths can be separated by commas | +| pos_file | Used to mark the path where the position file has been read | +| \parse\parse | For log format parsing, write the corresponding parsing rules according to your own log format. | + +| configuration item | explain | +| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| @type | Type of service output to | +| aws_key_id | Minio Username | +| aws_sec_key | Minio password | +| s3_endpoint | Minio access address | +| s3_bucket | Minio bucket name | +| force_path_style | Prevent AWS SDK from breaking endpoint URLs | +| time_slice_format | Add this timestamp to every filename | +| \buffer\buffer | The log buffer is used to cache log events and improve system performance.Memory is used by default, and file files can also be used默认使用内存,也可以使用file文件 | +| timekey | Accumulated chunks are refreshed every 60 seconds | +| timekey_wait | Wait 10 seconds to refresh | +| chunk_limit_size | Maximum size of each block | ## at last The Fluentd plugin can flexibly collect business logs and output to multiple services, and combined with the one-click installation of the Rainbond plugin market, it makes our use easier and faster. -At present, there are only `Flunetd-S3` `Flunetd-ElasticSearch7`in the Rainbond open source plug-in application market, and you are welcome to contribute plug-ins! \ No newline at end of file +At present, there are only `Flunetd-S3` `Flunetd-ElasticSearch7`in the Rainbond open source plug-in application market, and you are welcome to contribute plug-ins! diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-28-pluginShare.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-28-pluginShare.md index b021957aa2..b5c8839f84 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-28-pluginShare.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-06-28-pluginShare.md @@ -1,18 +1,13 @@ --- title: Participate in community contribution:share your plugin -description: Participate in community contribution:share your plugin +description: The plugin itself contains only the description and implementation, making it reusable.Must be bound to a component to have runtime state.In the V5.7.0-release version, Rainbond supports users to share their own plug-ins to the open source application store, and other users can use the plug-ins. slug: pluginshare +image: "![](https://static.goodrain.com/wechat/plugin-share/plugin-share.png)" --- -:::info article introduces how to share your plugins to the Rainbond open source app store, sharing the extension capabilities of plugins and enriching the plugin market with the Rainbond community. -::: - - -![](https://static.goodrain.com/wechat/plugin-share/plugin-share.png) - -Since the implementation of application operation and maintenance features has great commonality, in order to decouple the business container from its operation and maintenance capabilities, Rainbond implements a plug-in mechanism under components based on the SideCar mode.The Rainbond plug-in can be used as an extension of component operation and maintenance capabilities. The plug-in itself is a sidecar container, which can be used to solve the following problems: +Because of the greater commonality of the application dimensions and in order to decouple business containers and their viability, Rainbond implemented a plugin mechanism under a component based on SideCar mode.Since the implementation of application operation and maintenance features has great commonality, in order to decouple the business container from its operation and maintenance capabilities, Rainbond implements a plug-in mechanism under components based on the SideCar mode.The Rainbond plug-in can be used as an extension of component operation and maintenance capabilities. The plug-in itself is a sidecar container, which can be used to solve the following problems: - Extend the functionality of components without changing existing business code - Complete some data initialization operations before the business runs @@ -20,7 +15,9 @@ Since the implementation of application operation and maintenance features has g - Intercept the traffic of cleaning business and use it as a firewall - Monitor business performance indicators, etc. -The plugin itself contains only the description and implementation, making it reusable.Must be bound to a component to have runtime state.In the V5.7.0-release version, Rainbond supports users to share their own plug-ins to the open source application store, and other users can use the plug-ins. +The plugin itself only contains descriptions and implementations, so that it can be reused.A component must be bound to be running when it is not operational.In V5.7.0-release version, Rainbond supports users to share their plugins in the Open Source Store and can be used by other users. + + ## Plug-in principle @@ -41,7 +38,7 @@ Next, we will take the `Fluentd-ElasticSearch6` plug-in as an example to introdu ### Make Fluentd ElasticSearch 6 plugin 1. Go to Rainbond Team View -> Plugins -> New Plugin, create a general type of plugin. - * Mirror address:qlucky/fluentd-elasticsearch6:v1.14 + - Mirror address:qlucky/fluentd-elasticsearch6:v1.14 ![](https://static.goodrain.com/wechat/plugin-share/2.png) @@ -78,11 +75,10 @@ Next, we will take the `Fluentd-ElasticSearch6` plug-in as an example to introdu ![](https://static.goodrain.com/wechat/plugin-share/3.png) - ### Use Fluentd plugin 1. Create a component based on an image, the image uses `nginx:latest`, and the mount storage is`var/log/nginx`. - * After the storage is mounted in the component, the plugin will also mount the storage by itself, and can collect the logs generated by Nginx. + - After the storage is mounted in the component, the plugin will also mount the storage by itself, and can collect the logs generated by Nginx. 2. In the Nginx component -> plug-in -> is not activated, open the Fluentd plug-in, and update/restart the component to take effect. 3. Based on open source app store installation `Elasticsearch 6.2.4` 4. Add dependencies, Nginx (plug-in has been activated) depends on Elasticsearch, update/restart Nginx components to make the dependencies take effect. @@ -95,7 +91,7 @@ For detailed tutorials, please refer to:point_down: ## Plugin sharing -> At present, plugins can only be published with components. Therefore, when the plugin is published, the business components under the application will also be released, but when the plugin is installed from the store, the application will not be installed.Therefore, it is recommended that when publishing, choose a basic component with a smaller image to bind the plug-in for publishing.Such as:Nginx.We will continue to optimize this release process in the future.Reduce unnecessary image pushes. +> 目前插件只能配合组件进行发布,因此在发布插件时,应用下的业务组件也会发布,但从商店安装插件时,应用不会被安装。所以建议在发布时,选择镜像较小的基础组件绑定该插件进行发布。如:Nginx。我们后续也会持续优化此发布流程。减少不必要的镜像推送。 Application View -> Publish -> Create a new application template -> Check to publish as a plug-in -> Select the component with the plug-in enabled to publish, and confirm the publish. @@ -107,4 +103,4 @@ After the release is complete, please refer to [App Store App Listing](https://w Through the above steps, we have learned how to share plugins. If you are interested in contributing your plugins, you can publish them in the app store at any time. -If you need help contributing, please contact a community member!Please refer to [Contribution Guide](https://www.rainbond.com/community/contribution/ "贡献指南")to participate in the contribution. \ No newline at end of file +如果你需要贡献帮助,请联系社区成员哦!If you need help contributing, please contact a community member!Please refer to [Contribution Guide](https://www.rainbond.com/community/contribution/ "贡献指南")to participate in the contribution. diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-06-nocalhostDebug.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-06-nocalhostDebug.md index 04a16ebd11..c2287fe8e8 100644 --- a/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-06-nocalhostDebug.md +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-06-nocalhostDebug.md @@ -1,29 +1,26 @@ --- title: Microservice remote debugging, Nocalhost + Rainbond microservice development second bullet description: Microservice remote debugging, Nocalhost + Rainbond microservice development second bullet -slug: nocalhostdebug +slug: noocalhostdebug +image: "![](https://static.goodrain.com/wechat/nocalhost2/nocalhost.png)" --- -:::info describes how to use Nocalhost Debug to deploy microservices on Rainbond -::: - - -![](https://static.goodrain.com/wechat/nocalhost2/nocalhost.png) - -In the previous article, we introduced how to quickly develop microservices on Rainbond through [](https://mp.weixin.qq.com/s/kC9P7fvMtJvKK7_TM2LbTw), and introduced the basic development process. +In the previous article, we introduced how to quickly develop microservices on Rainbond through , and introduced the basic development process. This article will continue the above introduction, using [Nocalhost development configuration file](https://nocalhost.dev/docs/config/config-overview-en/) to achieve the following: -* One-click Run and Remote Debug -* persistent configuration -* Development Container Resource Limits -* port forwarding +- One-click Run and Remote Debug +- persistent configuration +- Development Container Resource Limits +- port forwarding -**What is a development configuration?** +**What is a development configuration?**\*\* -The development configuration is carried out around `development mode` , such as what image to use to enter `development mode`, whether to enable persistence to save the content of the development container, which files to synchronize to the development container, how to debug with one click, key to run services inside the container, etc. With the correct and appropriate development configuration configured, you can be more comfortable when using Nocalhost `development mode`. +The development configuration is carried out around `development mode` , such as what image to use to enter `development mode`, whether to enable persistence to save the content of the development container, which files to synchronize to the development container, how to debug with one click, key to run services inside the container, etc. With the correct and appropriate development configuration configured, you can be more comfortable when using Nocalhost `development mode`. Having configured the correct and appropriate development configuration, you can use Nocalhost `Development Mode`. + + ## Deploy Rainbond + SpringCloud @@ -43,11 +40,10 @@ The English name of the installed application component from the application sto ![](https://static.goodrain.com/wechat/nocalhost2/1.png) - - ## Nocalhost docks Rainbond 1. To install Nocalhost JetBrains Plugin, please refer to document [Install Nocalhost JetBrains Plugin](https://nocalhost.dev/docs/installation/). + 2. To get K8s Kubeconfig, please refer to document [to get Kubeconfig file](https://www.rainbond.com/docs/ops-guide/tools/kubectl). 3. Under the `pig` namespace, find the workload `pig-auth` right click and select `Dev Config` (development configuration) @@ -130,8 +126,6 @@ containers: ![](https://static.goodrain.com/wechat/nocalhost2/3-1.gif) - - ### One-click Debug 1. Right click on workload `pig-auth`. @@ -186,4 +180,3 @@ Of course, Nocalhost can debug multiple microservices at the same time. In the s Nocalhost also has some things that are not mentioned in the development configuration text, such as:development environment variables, two modes of file synchronization `pattern` `gitignore` , etc., and Nocalhost supports multiple languages, Java is only one of them, friends can Explore on your own. Nocalhost + Rainbond makes development and deployment more efficient and convenient. - diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-14-dolphinscheduler.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-14-dolphinscheduler.md new file mode 100644 index 0000000000..afb2f7ee8a --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-14-dolphinscheduler.md @@ -0,0 +1,82 @@ +--- +title: Deployment of DolphinScheduler High Available Cluster in Rainbond +description: Apache DolphinScheduler is a distributable and scalable visualization DAG workflow task movement open source system that addresses data development ETL intricate dependencies and does not allow visual monitoring of mission health +slug: dolphinscheduler +image: https://static.goodrain.com/wechat/dolphinscheduler/dolp.png +--- + +This paper describes the deployment of a high available DolphinScheduler cluster through [Rainbond](https://www.rainbond.com/) cloud application management platform, which is suitable for users who do not understand the complex technologies of Kubernetes, containers, etc. and reduces the threshold for DolphinScheduler to be deployed in Kubernetes. + +Apache DolphinScheduler is a scalable visualization DAG workflow task scheduling open source system.Resolve data development ETL complex dependencies and cannot visualize the health status of the mission.DolphinScheduler assembles Task as DAG stream, allows real-time monitoring of the operation status of the task while supporting retrying, recovery from the specified node, pause and Kill tasks + +**Easy to use**:DAG monitoring interface, all processes defined as visualizable, using drag and drop tasks customizing DAG, interfacing with third party systems via API, one-click deployment + +**High reliability**:Decentralized multiple Master and multi-Worker, own HA features and use task queue to avoid overloading, do not cause machine card death + +**Rich usage scenario**:supports pausing recovery operations. More tenants and better response to big data usage scenarios. Support more task types, such as spark, hive, mr, python, sub_process, shell + +**High extension**:supports custom task types, dispatcher use distribution,movement capacity increases with cluster linearity, Master and Worker support dynamic offline + + + +## 前提条件 + +- 可用的 Rainbond 云原生应用管理平台,请参阅文档 [Rainbond 快速安装](https://www.rainbond.com/docs/quick-start/quick-install) + +## DolphinScheduler 集群一键部署 + +- 对接并访问内置的开源应用商店,搜索关键词 `dolp` 即可找到 DolphinScheduler 应用。 + +![](https://static.goodrain.com/wechat/dolphinscheduler/1.png) + +- 点击 DolphinScheduler 右侧的 `安装` 进入安装页面,填写对应的信息,点击确定即可开始安装,自动跳转至应用视图。 + +| 选择项 | 说明 | +| ---- | --------------------------------------------------------------------------- | +| 团队名称 | 用户自建的工作空间,以命名空间隔离 | +| 集群名称 | 选择 DolphinScheduler 被部署到哪一个 K8s 集群 | +| 选择应用 | 选择 DolphinScheduler 被部署到哪一个应用,应用中包含有若干有关联的组件 | +| 应用版本 | 选择 DolphinScheduler 的版本,目前可选版本为 3.0.0-beta2 | + +![](https://static.goodrain.com/wechat/dolphinscheduler/2.png) + +- 等待几分钟后,DolphinScheduler 集群就会安装完成,并运行起来。 + +![](https://static.goodrain.com/wechat/dolphinscheduler/3.png) + +- 点击访问,将访问 DolphinScheduler-API 组件,需要添加访问后缀 `/dolphinscheduler/ui`,默认的用户密码是`admin` / `dolphinscheduler123` + +![](https://static.goodrain.com/wechat/dolphinscheduler/4.png) + +## API Master Worker 节点伸缩 + +DolphinScheduler API、Master、Worker 都支持伸缩多个实例,多个实例可以保证整个集群的高可用性。 + +以 Worker 为例,进入组件内 -> 伸缩,设置实例数量。 + +![](https://static.goodrain.com/wechat/dolphinscheduler/5.png) + +验证 Worker 节点,进入 DolphinScheduler UI -> 监控中心 -> Worker 查看节点信息。 + +![](https://static.goodrain.com/wechat/dolphinscheduler/6.png) + +## 配置文件 + +API 和 Worker 服务共用 `/opt/dolphinscheduler/conf/common.properties` ,修改配置时只需修改 API 服务的配置文件。 + +## 如何支持 Python 3? + +Worker 服务默认安装了 Python3,使用时可以添加环境变量 `PYTHON_HOME=/usr/bin/python3` + +## 如何支持 Hadoop, Spark, DataX 等? + +以 Datax 为例: + +1. 安装插件。Rainbond 团队视图 -> 插件 -> 从应用商店安装插件 -> 搜索 `通用数据初始化插件` 并安装。 +2. 开通插件。进入 Worker 组件内 -> 插件 -> 开通 `通用数据初始化插件` ,并修改配置 + - FILE_URL:http://datax-opensource.oss-cn-hangzhou.aliyuncs.com/datax.tar.gz + - FILE_PATH:/opt/soft + - LOCK_PATH:/opt/soft +3. 更新组件,初始化插件会自动下载 `Datax` 并解压到 `/opt/soft`目录下。 + +![](https://static.goodrain.com/wechat/dolphinscheduler/7.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-25-mysqlExporter.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-25-mysqlExporter.md new file mode 100644 index 0000000000..8e7ea61ac1 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-07-25-mysqlExporter.md @@ -0,0 +1,83 @@ +--- +title: Rainbod plugin extension:Mysql based on Mysql-Export +description: The MySQLD Exporter plugin is based on standard MySQLD Exporter.Rainbond Prometheus Monitor rbd-monitor will collect data in Exporter and show them through the dashboard +slug: mysql-exporter +image: https://static.goodrain.com/wechat/mysql-exporter/mysql-exporter.png +--- + +The MySQLD Exporter plugin is based on standard MySQLD Exporter.Rainbond self-bound Prometheus Monitor rbd-monitor will collect data in Exporter and display it through the dashboard.Users can customize which indicators to display which key performance data will be selected to monitor the Mysql database service. + + + +## 安装 Mysql-Exporter 插件 + +在团队视图点击左侧的 **插件** 选项卡,进入我的插件页面。选择从应用商店安装/新建插件。 + +![](https://static.goodrain.com/docs/5.3/component-op/custom-monitor/MySQLDExportor-2.png) + +在开源应用商店中搜索 Mysql-exportor ,点击安装即可将插件安装到当前团队中。 + +![](https://static.goodrain.com/docs/5.3/component-op/custom-monitor/MySQLDExportor-3.png) + +在已有的 Mysql 服务组件的插件页面可以 **开通** MySQLD Exporter 插件。 + +![](https://static.goodrain.com/docs/5.3/component-op/custom-monitor/custom-monitor-1.png) + +开通该插件后,**查看配置** ,确认 DATA_SOURCE_NAME (MySQL 连接信息)是否正确。同时,也要确认时区的设置和被监控的 Mysql 服务组件是否一致。图中的配置代表使用 `Asia/Shanghai` 时区,Mysql 服务组件可以使用同样的环境变量配置来声明时区。 + +![](https://static.goodrain.com/docs/5.3/component-op/custom-monitor/MySQLDExportor-1.png) + +确认无误后,根据提示 **更新** Mysql 服务组件,即可开始收集 MySQLD Exporter 提供的指标。 + +## 管理监控点 + +通过点击业务监控面板右上方的 **管理监控点** ,可以定义监控点信息,这些信息定义了监控指标的来源。 + +MySQLD Exporter 插件已经定义好了一组监控点的配置,这组配置包含以下几个元素,这些元素都是必填项: + +- 配置名称:自定义这组配置的名字 +- 收集任务名称:自定义 +- 路径:指标的来源路径,根据 Exporter 设计的不同,需要填写合适的路径 +- 端口:Exporter 监听的端口,默认监听 9104,用户需要为 Mysql 主服务开启 9104 端口的对内服务。 +- 收集时间间隔: 多久收集一次指标 + +![](https://static.goodrain.com/docs/5.3/component-op/custom-monitor/MySQLDExportor-4.png) + +## 查看监控 + +这一插件已经默认配置好了常用的监控图表,点击一键导入,使用 `mysqld-exportor` 方案即可生成图表。 + +依次点击 **监控** —— **业务监控** 便可以看到相应的监控图表: + +![](https://static.goodrain.com/docs/5.3/component-op/custom-monitor/custom-monitor-3.png) + +默认的监控图表展示的 MySQLD 业务监控数据项包括: + +| 监控项 | +| :------------------: | +| 慢查询 | +| OPS | +| 磁盘读速率 | +| 磁盘写速率 | +| 字节接收速率 | +| 字节发送速率 | +| InnoDB缓存池大小 | +| 连接线程峰值 | +| 运行线程峰值 | +| 平均运行线程 | +| Table Lock lmmediate | +| Table Lock Waited | + +## 添加自定义监控图表 + +如果我们希望添加一个监控图表,来展示数据库当前连接数,那么请按照以下操作进行: + +点击业务监控面板上方的 **添加图表** + +输入新的标题,以及对应的查询条件 `mysql_global_status_threads_connected` 后,点击 **查询**。如果正常返回图表,则说明查询条件是正确的。标题的定义尽量清晰明了,并在有必要的情况下明确单位。 + +![](https://static.goodrain.com/docs/5.3/component-op/custom-monitor/custom-monitor-4.png) + +点击 **添加** 后,即可将新的监控图表加入业务监控面板。新添加的监控图表将会置于最后。 + +访问 Mysql 服务组件的 9104 端口,可以在 /metrics 路径下,查看所有可供成图的监控项。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-04-Jaeger.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-04-Jaeger.md new file mode 100644 index 0000000000..e9b02d5436 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-04-Jaeger.md @@ -0,0 +1,156 @@ +--- +title: Distributed link tracks Jaeger + Microservice Pig's practice sharing on Rainbond +description: As the microservice architecture is popular, a request from a client may need to involve multiple or N services, making our monitoring and scheduling between services more complex +slug: jaeger +image: https://static.goodrain.com/wechat/jaeger/jaeger-cover.png +--- + +As the microservice structure is popular, a request by a client may need to involve multiple or N services, making our monitoring and scheduling between services more complicated. + +**Take an example:** + +A particular interface of a business line calls services at a fast and slow pace, which will require a log analysis of the services and the mobilization of developers of each service that is time-consuming and expensive.Logs are sometimes not available for ToB's business, it's hard to do! + +Therefore, there is a need to help understand system behaviour and tools used to analyse performance issues so that problems can be quickly positioned and resolved in case of failure, namely APM (Application Performance Monitor).There are many popular APM open source tools such as:Zipkin, Skywalking, Pinpoint, Jaeger et al. + +Jaeger is an open source distribution tracking system issued by the Uber Technical Team for monitoring and troubleshooting microservices-based distribution system: + +- Distributed Context Transmission and Transaction Monitor +- Analysis of root causes, service dependency +- Performance / Delay Optimization +- Data-inspired model [OpenTracing](http://opentring.io/) +- Multiple storage backend:Cassandra, Elasticsearch, memori. +- System topography +- Service Performance Monitor (SPM) +- Adaptive sample + + + +## Jaeger 架构 + +![](https://static.goodrain.com/wechat/jaeger/1.png) + +| Component | Description | +| --------------------------------------------- | -------------------------------------------------------------- | +| Jaeger Client | Jaeger Client SDK | +| Jaeger Agent | 收集 Client 数据 | +| Jaeger Collector | 收集 Jaeger Agent 数据,有 pull/push 两种方式 | +| DB Storage | Collector 需要存储后端,Collector 拿到的数据将存在 Elasticsearch 或 Cassandra。 | +| Spark jobs | 用于生成拓扑图 UI 数据 | +| Jaeger Query Service & UI | 负责从 Storage 查询数据并提供 API 和 UI | + +## 如何在Rainbond上集成? + +![](https://static.goodrain.com/wechat/jaeger/2.png) + +**1.集成 OpenTelemetry Client:** + +v1.36 版本以前 Jaeger Client 是基于 `OpenTracing API` 实现的客户端库,Jaeger Client 结合 Jaeger Agent 一起使用,发送 span 到 Jaeger Collector。 + +v1.36 版本以后被弃用。使用 [OpenTelemetry](https://opentelemetry.io/) 替代 Jaeger Client and Jaeger Agent,详情见 [Jaeger and OpenTelemetry](https://medium.com/jaegertracing/jaeger-and-opentelemetry-1846f701d9f2)。 + +`OpenTelemetry` 是无侵入的,只需在 Java 进程启动时添加 `javaagent`,例:`java -javaagent:path/to/opentelemetry-javaagent.jar -jar myapp.jar` 。 + +那么在 Rainbond 上就可以通过插件将 `OpenTelemetry javaagent` 下载到组件中并修改启动命令。 + +**2.连接到 Jaeger-Collector:** + +将所有安装了 `OpenTelemetry javaagent` 插件的微服务组件都通过依赖连接到 `Jaeger Collector`。 + +## 实践步骤 + +实践中将使用 Spring Cloud Pig 进行演示,Gitee:https://gitee.com/zhangbigqi/pig + +Rainbond 部署请参阅文档 [快速安装](https://www.rainbond.com/docs/quick-start/quick-install) 。 + +### 1. Spring Cloud Pig 源码部署 + +通过源码部署 `Spring Cloud Pig` 微服务框架就不详细介绍部署了,请参阅: + +- [Spring Cloud Pig 部署教程](https://t.goodrain.com/d/3-springcloud-pig-rainbond) +- [Spring Cloud Pig 视频教程](https://www.bilibili.com/video/BV1MZ4y1b7wW) + +### 2. OpenTelemetry 插件安装 + +从应用商店安装 `opentelemetry-java-agent` 初始化插件,该插件的作用是下载 `opentelemetry-javaagent.jar` 到微服务组件内,可以在 Java 启动项中指定。 + +- 团队视图 -> 插件 -> 从应用商店安装插件 -> 搜索 `opentelemetry-java-agent` 并安装。 + +![](https://static.goodrain.com/wechat/jaeger/3.png) + +### 3. 部署 Jaeger + +在开源应用商店中搜索 `Jaeger` 并安装到指定应用中。 + +![](https://static.goodrain.com/wechat/jaeger/4.png) + +### 4. OpenTelemetry Agent 插件配置 + +**1.开通 OpenTelemetry Agent 插件** + +以 `pig-gateway` 为例,在组件 -> 插件中开通 `opentelemetry-java-agent` 插件并更新组件生效,微服务内的其他组件均需要开通插件并更新或重启组件生效。 + +![](https://static.goodrain.com/wechat/jaeger/5.png) + +**2.配置环境变量** + +为所有微服务组件配置环境变量。 + +| 变量名 | 变量值 | 说明 | +| -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------------ | +| OTEL_TRACES_EXPORTER | jaeger | 选择 Jaeger exporter | +| OTEL_EXPORTER_JAEGER_ENDPOINT | http://127.0.0.1:14250 | Jaeger Collector gRPC endpoint | +| OTEL_EXPORTER_JAEGER_TIMEOUT | 10000 | 超时时间(毫秒) | +| OTEL_METRICS_EXPORTER | none | Metrics 导出器 | +| JAVA_OPTS | -javaagent:/agent/opentelemetry-javaagent.jar | Java 启动参数 | + +可使用 `应用配置组` 统一配置并应用到所有组件中。 + +![](https://static.goodrain.com/wechat/jaeger/6.png) + +**3.配置组件服务名称** + +为所有微服务组件配置环境变量 `OTEL_SERVICE_NAME ` ,配置组件的 Jaeger 服务名称,如:`OTEL_SERVICE_NAME=pig-gateway ` `OTEL_SERVICE_NAME=pig-auth ` + +### 5.建立依赖关系 + +将所有微服务组件添加依赖连接到 `Jaeger Collector` 。 + +因 `Jaeger` 部署在另外一个应用,需要进入 组件 -> 依赖 -> 添加 `Jaeger Collector` 依赖,就可以在当前应用的拓扑图看到 `Jaeger Collector` 组件,剩下的组件都可通过拓扑图编辑模式进行依赖连接。更新或重启所有微服务组件使依赖关系生效。 + +![](https://static.goodrain.com/wechat/jaeger/7.png) + +### 6. Jaeger 快速使用 + +1. 访问 Spring Cloud Pig UI 进行登录,使其产生数据。 + +2. 访问 ` Jaeger-Query` 的 `16686` 端口,打开对外服务即可访问 `Jaeger UI` 。 + +3. 在 Jaeger Search 页面中搜索微服务 Pig-gateway 的 Traces + + - Service:选择微服务的组件 + - Operation:选择操作类型,例:GET POST、接口、类..... + - Tags:根据响应头筛选,例:http.status_code=200 error=true + - Lookback:选择时间 + - Max Duration:最大持续时间;Min Duration:最小持续时间。 + - Limit Results:限制返回结果数量。 + +![](https://static.goodrain.com/wechat/jaeger/10.png) + +4. 找到 Pig-gateway HTTP POST 的 Traces 并包含了 pig-auth Span并进入,可看到很清晰的展示了服务之间一层一层的调用以及接口的响应时间,这样我们就可以排查到底是哪个服务调用的慢或者调用有问题。 + +![](https://static.goodrain.com/wechat/jaeger/11.png) + +**Jaeger 拓扑图生成** + +拓扑图默认不会生成,使用 `spark-dependencies` 组件生成拓扑图数据,这是一个 Spark 作业,它从存储中收集 span,分析服务之间的链接,并将它们存储起来以供以后在 UI 中展示。请参阅 [Jaeger Spark dependencies](https://github.com/jaegertracing/spark-dependencies)。 + +`spark-dependencies` 组件占用资源较大,不使用时可关闭,需要生成拓扑图数据时将其启动即可。 + +![](https://static.goodrain.com/wechat/jaeger/9.png) + +## 最后 + +有了 APM 系统后,使我们可以更好的分析业务性能、排查故障等。 + +结合 Rainbond 作为基座不管是 `Spring Cloud`还是 `Jaeger` 或其他 `APM` 都可以很方便、快捷的部署使用,从繁琐的部署、配置中解放出来,让我们更多的关注于业务层。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-08-SonarQube.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-08-SonarQube.md new file mode 100644 index 0000000000..11fc69bd61 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-08-SonarQube.md @@ -0,0 +1,174 @@ +--- +title: Scan Maven on Rainbond using SonarScanner static +description: Static scanning of codes is a very common code quality assurance tool that not only can detect defects in the code, apply best practices from a variety of industries, but also identify safety gaps, give project code upgrades across the board +slug: sonarqube +image: https://static.goodrain.com/wechat/sonarqube/images.png +--- + +Static scanning of codes is a very common method of code quality assurance that not only does it detect defects in the code, apply best practices from a wide range of industries, but also identify safety gaps and give project code upgrades.Of the various code scanning programmes, SonarQube is the most familiar and the most widely applied.Various ongoing integration schemes have their own way of integrating SonarQube into static scanning of code. + +A method based on the static scanning of Java Maven project by SonarScanner in the Rainbond source building process is presented today. + + + +## SonarScanner For Maven 简介 + +使用 SonarScanner for Maven 对 Maven 项目进行代码静态扫描,是 SonarQube 官方推荐的默认扫描器。只需要在 mvn 命令中加入指定的参数,就可以集成该扫描器,并在构建的过程中分析代码漏洞。 + +示例命令: + +```bash +mvn clean verify sonar:sonar -Dsonar.login=myAuthenticationToken +``` + +在实际执行过程中, `myAuthenticationToken` 会被替代成为 SonarQube 中,某个实际用户自己生成的令牌。 + +## 融入持续集成链条 + +了解 SonarScanner for Maven 的工作方式之后,我们就可以尝试将代码扫描这个过程,融入到 Rainbond 的自动化持续集成链条之中。**我们希望最终达成的效果,是在代码提交后自动触发项目的构建,在构建过程中进行代码的扫描分析,并生成相应的报告。** + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-1.png) + +整个流程可以概括为如下几个阶段: + +1. 开发人员向代码仓库提交代码,触发整个持续集成链条。 +2. 代码仓库利用 Webhook 调用 Rainbond 的 Openapi 接口,触发对应的服务组件构建自身。 +3. Rainbond 自动构建对应服务组件的同时,触发 SonarScanner 扫描工作,并将扫描结果发送给 SonarQube 服务。 +4. SonarQube 服务分析扫描结果,生成代码检测报告。 +5. 开发人员读取代码检测报告,获悉改进点。 +6. 开发人员根据报告完善代码,并再次提交,回到步骤1,形成持续集成的闭环。 + +接下来,将会从实际操作的角度出发,基于 Rainbond 一点点实现上述持续集成链条。 + +### 前提条件 + +本文中介绍的包括了代码扫描的持续集成链条,都是基于 Rainbond 云原生管理平台实现的。所以需要用户自行准备可用的 Rainbond 环境,该环境需要连接公网,为使用开源应用商店做准备。 + +### 搭建 SonarQube + +除了 Rainbond 云原生应用管理平台,还需要准备代码仓库和 SonarQube 服务。前者我们选择使用 Gitlab ,而 SonarQube 服务则可以直接基于开源应用商店安装。目前开源应用商店提供了 8.9.9 (lts)版本的 SonarQube ,供用户一键安装。 + +用户只需要在 Rainbond 的应用市场界面选择开源应用商店,搜索 `sonarqube` 即可找到对应的安装入口: + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-2.png) + +点击安装,选择好安装位置,即可将 SonarQube 服务以及 Postgresql 数据库一键安装到指定的位置。 + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-3.png) + +访问 SonarQube 的对外服务端口,即可进入它的登录页面 ,默认的用户名和密码为: `admin / admin` 。 + +> 如果用户还没有自己的代码仓库,也可以遵循相似的流程,基于开源应用商店安装 Gitlab。 + +### 生成 AuthenticationToken + +在 SonarQube 中,每个用户都可以生成 `AuthenticationToken` 来作为通信令牌,SonarScanner 就是通过这个令牌和 SonarQube 服务通信,验证自己的身份。 + +在这里,我们为 `Administrator` 用户生成专门用于扫描 Java Maven 项目的 `AuthenticationToken` 。 + +以 admin 用户登录后,在 **我的账户** 页面切换到 **安全** 选项卡,即可生成 Token。 + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-4.png) + +复制记录下创建出来的 `AuthenticationToken` ,它只会出现一次! + +### 从 Gitlab 构建 Maven 项目 + +Rainbond 可以基于 Oauth2.0 与 Gitlab 代码仓库对接,可以非常方便的选择构建 Gitlab 中的项目,并自动配置代码自动构建。 + +参阅文档:[Rainbond 与 Gitlab 的对接](https://www.rainbond.com/docs/use-manual/enterprise-manage/enterprise-settings/base/oauth2.0/) + +我所使用的 Gitlab 中已经存在一份标准的 Java Maven 项目代码。点击基于源码构建组件,选择对接好的 Gitlab,就可以搜索想要部署的项目了。 + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-5.png) + +创建组件的过程中,可以开启自动构建的开关,相当于配置好了代码推送触发自动构建的开关。 + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-6.png) + +点击确认创建之后,会完成代码语言的检测,此时进入高级设置,点击左侧的部署属性,我们需要做些高级设置来适配 SonarScanner 。 + +需要进行的设定包括:声明 SonarQube 服务的地址,对应账户的 `AuthenticationToken` ,以及添加了代码扫描步骤的构建命令。 + +### 配置 Settings.xml + +SonarScanner 的一般性配置,包括 SonarQube 服务地址,以及 `AuthenticationToken` 都可以配置进 Settings.xml 全局配置,供 Java Maven 项目构建时使用。 + +Rainbond 在针对 Java Maven 类型的项目进行构建时,提供入口配置全局生效的 Settings.xml 。在高级设置——部署属性中,可以点击 **管理Maven配置** 来编辑默认的 Settings.xml。此处我们已经提供了一份默认的配置,我们需要在 xml 格式下添加以下配置来定义 SonarQube 服务地址,以及 `AuthenticationToken` 。 + +```xml + + + org.sonarsource.scanner.maven + + + + sonar + + true + + + + http://9000.grba63fe.duaqtz0k.17f4cc.grapps.cn + + + c1041c2b4ac2e89d1fe3f5fa5bb5971bc8dc85b7 + + + + + +``` + +当然,用户也可以新建一份专用的 Settings.xml 配置,在我的环境中,我将这份配置命名为 `sonar-scanner`。全局配置只需要定义一次就可以了。 + +### 修改构建命令 + +SonarScanner For Maven 通过在 mvn 命令中加入特定的参数来进行代码扫描。 + +在 Maven 构建命令 输入框中,修改命令如下: + +```bash +clean verify sonar:sonar -Dsonar.projectName=Maven-demo -Dsonar.projectKey=Maven-demo install +``` + +对于每一个不同的项目,需要自定义 ` -Dsonar.projectName` `-Dsonar.projectKey` 的值。前者定义了在 SonarQube 服务中,这个项目的名字,后者则定义了项目的唯一 ID。 + +### 开始首次构建 + +当前使用的 SonarScanner 要求 JDK 版本高于 1.8 。这里我们选择 OpenJDK 11,因为这个版本是 1.8 之后的另一个长期支持版本。 + +到现在,部署属性中,构建源信息页面应该体现如下: + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-7.png) + +点击确认创建,即可跳转页面,进入第一次构建流程之中。稍等一会,首次构建就会完成,代码会自动被打包并上线,查看构建日志,可以了解构建过程中的分析步骤: + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-8.png) + +访问日志中提及的地址,可以在 SonarQube 服务中查看新增的报告。 + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-9.png) + +### 代码分析报告 + +开发人员参考 SonarQube 服务提供的报告,可以了解目前代码的问题。SonarQube 报告中会给出业界最佳实践来修复漏洞。以我使用的项目为例,扫描到了 2 个 Bug,和 4 个安全问题。以其中一个 Bug 为例, SonarQube 给出了很详尽的提示,包括合理的代码提示。 + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-10.png) + +### 更新迭代代码 + +开发人员根据分析报告,修复代码后,再次提交代码,在代码提交信息中包含关键字,即可自动触发项目的构建以及新一轮的代码扫描。 + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-11.png) + +Commit Message 中包含的 `@deploy` 是触发自动构建的关键字。有关 Rainbond 自动构建的详细信息,请参考文档 [Rainbond自动构建](https://www.rainbond.com/docs/use-manual/component-manage/build-source/auto_build) + +等待项目自动构建完成,再次审查分析报告,来确定 Bug 是否得到了解决。 + +回顾 Rainbond 中组件的操作记录,会发现手动构建与自动构建之间的区别。 + +![](https://static.goodrain.com/wechat/sonarqube/sonarqube-workflow-12.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-16-Pyroscope.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-16-Pyroscope.md new file mode 100644 index 0000000000..ff8a678872 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-08-16-Pyroscope.md @@ -0,0 +1,119 @@ +--- +title: Microservice Performance Analysis|Pyroscope Practice Sharing on Rainbond +description: As micro-service systems fall into productive environments, problems arise such as excessive flows that cause performance bottlenecks for a micro-service application, high CPU utilization, or leakage from memory. +slug: pyroscope +image: https://static.goodrain.com/wechat/pyroscope/Pyroscope.png +--- + +As micro-service systems fall into productive environments, problems arise such as excessive flows that cause performance bottlenecks for a micro-service application, high CPU utilization, or leakage from memory.To find out the root causes of the problem, we usually judge the root causes by logs, processes, and codes.This is bound to be time-consuming and difficult to identify key problem points in a timely manner for operations with large microservices. + +This will introduce a **Continuous Performance Analysis Platform Pyroscope** that will help us quickly find code for memory leaks and high CPU utilization. + + + +## 什么是 Pyroscope? + +[Pyroscope](https://pyroscope.io/) 是一个开源的持续性能分析平台。它能够帮你: + +- 查找代码中的性能问题 +- 解决 CPU 利用率高的问题 +- 定位并修复内存泄漏 +- 了解应用程序的调用树 +- 跟踪随时间的变化 + +Pyroscope 可以存储来自多个应用程序长期的分析数据;可以一次查看多年的数据或单独查看特定的事件;较低的 CPU 使用;数据压缩效率高,磁盘空间要求低;快捷的 UI 界面; + +## Pyroscope 架构 + +Pyroscope 由两个主要组件支撑运行:**Pyroscope Server** 和 **Pyroscope Agent**。 + +**Pyroscope Agent**:记录并汇总您的应用程序一直在执行的操作,然后将该数据发送到 Pyroscope Server。支持多种语言,GO、Python、Ruby、eBPF、JAVA、Rust、PHP、NodeJS、.NET + +**Pyroscope Server**: 处理、聚合和存储来自代理的数据,以便在任何时间范围内快速查询。片刻后可以查看分析数据,并在任何时间范围内进行查询。 + +![](https://static.goodrain.com/wechat/pyroscope/1.png) + +## 与 Rainbond 集成架构 + +![](https://static.goodrain.com/wechat/pyroscope/2.png) + +**1.集成 Pyroscope Agent:** + +使用 Rainbond 插件的机制在微服务组件内安装 Pyroscope Agent 插件,该插件会将 `pyroscope.jar` 通过 javaagent 方式启动 `java -javaagent:pyroscope.jar -jar app.jar` + +**2.依赖 Pyroscope Server:** + +将安装了 Pyroscope Agent 插件微服务组件都依赖至 Pyroscope Server。 + +## 实践步骤 + +本文将基于微服务框架 Pig 进行实践,步骤为: + +1. 部署微服务 Spring Cloud Pig,Gitee:https://gitee.com/log4j/pig +2. 部署 Pyroscope Server +3. 安装 Pyroscope Java Agent 插件并配置 +4. 建立微服务与 Pyroscope 之间的依赖关系 +5. Pyroscope 基本使用 + +Rainbond 部署请参阅文档 [快速安装](https://www.rainbond.com/docs/quick-start/quick-install/) + +### 1. 部署微服务 Spring Cloud Pig + +通过开源应用商店一键安装 Spring Cloud Pig,新增 -> 基于应用商店创建组件 -> 在开源应用商店中搜索 `SpringCloud-Pig` 并安装到指定应用中。 + +![](https://static.goodrain.com/wechat/pyroscope/3.png) + +### 2. 部署 Pyroscope Server + +通过开源应用商店一键安装Pyroscope Server,新增 -> 基于应用商店创建组件 -> 在开源应用商店中搜索 `Pyroscope` 并安装到指定应用中。 + +![](https://static.goodrain.com/wechat/pyroscope/4.png) + +### 3. 安装 Pyroscope Java Agent 插件并配置 + +1. 插件 -> 从应用商店安装插件,搜索 `Pyroscope-Java-Agent` 进行安装。 + +![](https://static.goodrain.com/wechat/pyroscope/5.png) + +2. 为每个微服务组件都开通插件,进入微服务组件 -> 插件 -> 开通插件 `Pyroscope-Java-Agent` 并更新组件。 + +![](https://static.goodrain.com/wechat/pyroscope/6.png) + +3. 为每个微服务组件都设置以下环境变量,可在组件内 -> 环境变量 -> 添加变量。也可以通过应用配置组为所有组件统一配置 `JAVA_OPTS` 环境变量,而 `PYROSCOPE_APPLICATION_NAME` 环境变量是唯一的,不可统一配置。 + +| 变量名 | 变量值 | 说明 | +| -------------------------------------------------------------------- | --------------------------------------------------------------- | --------------- | +| JAVA_OPTS | -javaagent:/agent/pyroscope.jar | Java agent 启动参数 | +| PYROSCOPE_APPLICATION_NAME | pig.auth | 微服务模块名称 | + +![](https://static.goodrain.com/wechat/pyroscope/7.png) + +### 4. 建立微服务与Pyroscope之间的依赖关系 + +将所有微服务组件添加依赖连接到 Pyroscope,切换到编排模式进行依赖关系建立,并更新或重启所有微服务组件使依赖关系生效。 + +![](https://static.goodrain.com/wechat/pyroscope/8.png) + +### 5. Pyroscope 基本使用 + +访问 Pyroscope 的 4040 对外服务端口,即可访问 Pyroscope UI。 + +在 Single View 视图中,可以通过 Application 选择服务。它可以显示某一段时间内的火焰图,也可以使用表格展示或者同时展示,火焰图可以看到微服务方法调用的性能指标。 + +![](https://static.goodrain.com/wechat/pyroscope/9.png) + +在 Comparison View 视图中,可以选择不同的时间段进行比较,通过时间线拖拽即可。 + +![](https://static.goodrain.com/wechat/pyroscope/10.png) + +在 Diff View 视图中,可以进行两个时间段的差异比对,这通常在排查微服务的CPU、内存泄漏时很有效。 + +![](https://static.goodrain.com/wechat/pyroscope/11.png) + +## 最后 + +Pyroscope 还可以结合 Jaeger 一起使用,可以集成在 Jaeger UI 中,可参阅 [Jaeger UI 集成](https://github.com/pyroscope-io/jaeger-ui) + +--- + +[Rainbond](https://www.rainbond.com/) 是一个云原生应用管理平台,核心100%开源、使用简单、不需要懂容器和Kubernetes,支持管理多种Kubernetes集群,提供企业级应用的全生命周期管理。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-01-gitlabCI.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-01-gitlabCI.md new file mode 100644 index 0000000000..dbc0ed5199 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-01-gitlabCI.md @@ -0,0 +1,175 @@ +--- +title: Practice sharing!GitLab CI/CD Quick Start +description: A class with GitLab is certainly not new to GitLab CI/CD and GitLab CI/CD is an built-in GitLab tool that helps us run a series of scripts to build, test and validate code changes and deploy each time the code is pushed +slug: gitlabci +image: https://static.goodrain.com/wechat/gitlabci/gitlab.png +--- + +Students with GitLab are certainly not new to GitLab CI/CD and GitLab CI/CD is an internalized tool in GitLab that helps us to build, test and validate code changes and deploy every time the code is pushed up. + +Rainbond itself integrates CI/CD processes by default. Users only need to provide source code, then build and run completely to Rainbond handling. The process is defined by Rainbond without user intervention.This has both the advantage and the disadvantage of simplifying users' actions and not learning about CI/CD related knowledge; the disadvantage is that users cannot customize their CI/CD process, such as if they want to integrate codes to detect or run a script, which cannot be customized in Rainbond source building processes. + +This paper tells you how to build, test, deploy Spring Boot app using GitLab CI/CD to run the product on Rainbon. + + + +## GitLab CI 介绍 + +使用 GitLab CI 需要在仓库根目录下创建 `.gitlab-ci.yml` 文件。在这个文件中,你可以定义需要运行的编译、测试、部署脚本。 + +在添加了 `.gitlab-ci.yml` 文件后,当推送代码时,GitLab Runner 自动执行你定义的 Pipeline,并在 GitLab CI 页面上展示 CI 过程以及结果。 + +GitLab CI 的基本流程如下: + +1. 开发人员推送代码 +2. 触发 GitLab CI 启动 +3. runner 执行预定义脚本 + +![](https://static.goodrain.com/wechat/gitlabci/1.png) + +## GitLab CI/CD 快速开始 + +### 部署 GitLab 和 Runner + +通过开源应用商店一键部署 GitLab 和 Runner ,新增 -> 基于应用商店创建组件 -> 在开源应用商店中搜索 `GitLab` 依次安装 GitLab 和 Runner 到指定应用中。 + +![](https://static.goodrain.com/wechat/gitlabci/2.png) + +### 在 Rainbond 上配置 Runner + +在 Rainbond v5.8 版本之前,Rainbond 对 Runner 类型的组件支持的并不是很好。因为 Runner 若以容器的形式去运行的话,本身它需要去挂载宿主机的docker.sock 文件,使它可以调度宿主机的 docker 环境,创建容器执行任务。在 Rainbond v5.8 版本中,支持修改组件的 YAML,就可以自定义 Volumes 并挂载本地的 docker.sock。 + +在通过应用商店安装了 Runner 之后,可以在 Runner 组件内 -> 其他设置中看到 Kubernetes 属性,Rainbond 的应用模型已兼容了 Kubernetes 属性。 + +**注册 Runner 到 GitLab :** + +1. 进入编排模式,将 runner 连接到 GitLab 并更新 runner 组件。(如提示 GitLab 未开启对内端口,则选择 80 端口) + +2. 首先访问 GitLab,Menu -> Admin -> Overview -> Runners -> Register an instance runner -> 复制 Registration token。 + +3. 进入 runner 组件内,点击右上角 web 终端进入,执行以下命令进行注册,`` 换成上一步复制的 Registration token。 + +```shell +gitlab-runner register \ + --non-interactive \ + --executor "docker" \ + --docker-image alpine:latest \ + --url "http://127.0.0.1" \ + --registration-token "NxNuoRXuzYy3GnFbkhtK" \ + --description "docker-runner" \ + --tag-list "newdocker" \ + --run-untagged="true" \ + --locked="false" \ + --docker-volumes /var/run/docker.sock:/var/run/docker.sock \ + --docker-privileged="true" \ + --access-level="not_protected" +``` + +**参数说明** + +| Parameter | Value | Describe | +| -------------------- | -------------------------------------------------------------------------------- | --------------- | +| --executor | docker | 执行器类型为docker。 | +| --url | http://127.0.0.1 | GitLab addr | +| --registration-token | `` | GitLab token | +| --tag-list | newdocker | 定义runner的标签/名字 | +| --locked | false | runner为启用状态 | +| --run-untagged | true | 运行没有指定标签的Job | +| --docker-volumes | file_path | 挂载文件到runner中 | +| --docker-privileged | true | runner运行模式:特权模式 | + +4. 注册完成后就可以在 GitLab 页面中看到 online 的 runner + +![](https://static.goodrain.com/wechat/gitlabci/3.png) + +### GitLab CI/CD To Rainbond + +![](https://static.goodrain.com/wechat/gitlabci/4.png) + +整个流程可以分为: + +1. 开发人员提交代码到GitLab仓库。 +2. 触发GitLab 流水线创建,Runner 执行 `.gitlab-ci.yml` 定义的 stages。 +3. 将制作好的镜像推送到已有的镜像仓库,供后续的Deploy流程使用。 +4. 通过Rainbond自定义API的方法,触发平台组件的自动构建,进入Deploy阶段。 + +### 实践步骤 + +**前提:** + +- 已有 Rainbond 环境 +- 准备镜像仓库,本文使用的DockerHub +- 本文所使用到代码项目为 [Java-Maven-Demo](https://gitee.com/rainbond/java-maven-demo) + +**1.在Rainbond上有已经基于镜像部署好的组件** + +**2.将示例代码导入到 GitLab中。** + +**3.编写 .gitlab-ci.yml 文件:** + +在项目根目录下创建 `.gitlab-ci.yml` 内容如下: + +```yaml +# 定义 job 的执行顺序 +stages: + - test + - package + - push +# 定义基础镜像 +image: maven:3.6.3-jdk-8 +job-test: + stage: test + tags: + - newdocker + script: + - echo "===============开始执行代码测试任务===============" + - mvn test +job-package: + stage: package + tags: + - newdocker + script: + - echo "===============开始执行打包任务===============" + - ls + - mvn clean package + - cp Dockerfile target/Dockerfile + cache: + key: devops + paths: + - target/ +job-push: + stage: push + image: docker:dind + cache: + key: devops + paths: + - target/ + tags: + - newdocker + script: + - docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} + - docker build -t ${IMAGE_DOMAIN}/java-maven:latest . + - docker push ${IMAGE_DOMAIN}/java-maven:latest + after_script: + - curl -d '{"secret_key":"${RAINBOND_SECRET}"}' -H "Content-type:application/json" -X POST http://${RAINBOND_IP}:7070/console/custom/deploy/3321861bcadf0789af71898f23e8e740 +``` + +`after_script` 是在推送镜像完成后执行,通过 Rainbond API 构建组件,Rainbond 会获取最新镜像构建运行。\ 可在组件 -> 构建源 -> 自动构建中看到。详情可参阅文档 [配置组件自动构建部署](https://www.rainbond.com/docs/use-manual/component-manage/build-source/auto_build/) + +**4.提交代码测试自动构建**, + +修改代码并提交,提交后可在项目的 CI/CD -> Jobs 可以看到正在执行的以及执行完成的任务详情。 + +![](https://static.goodrain.com/wechat/gitlabci/5.png) + +**5.查看 Rainbond 组件构建** + +可以在组件的操作记录中看到自动构建信息。 + +![](https://static.goodrain.com/wechat/gitlabci/6.png) + +### 写在最后 + +GitLab CI 扩展性很好,可以集成很多第三方工具,结合 Rainbond 作为 CD,将产物运行到 Rainbond 上,即可形成适用于自身代码项目的 Pipeline。 + +Rainbond 会在未来的 v5.9.x 版本中实现 Pipeline,对 Rainbond 实现 Pipeline 有想法的同学可以在 issue 上提出 Proposal https://github.com/goodrain/rainbond/issues diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-02-noYAML.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-02-noYAML.md new file mode 100644 index 0000000000..d6d6f6c4b8 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-02-noYAML.md @@ -0,0 +1,97 @@ +--- +title: How do I don't write YAML to manage Kubernetes apps? +description: Kubernetes abstracts everything within its borders as a resource.The main part of this is the workload controller, represented by Deemployment, StatefulSet, around which all other resources revolve around these major resources +slug: noyaml +image: https://static.goodrain.com/wechat/import-exist-resource-to-rainbond/import-exist-resource-to-rainbond-1.png +--- + +Kubernetes abstracts everything within its borders as a resource.The main part of this is the workload controller, represented by Deemployment, StatefulSet, around which all other resources rest.These resources are combined, and IT technicians can display a workload-centred model.All resources in Kubernetes edit descriptions through a declaratory configuration file, a section of the Yaml field definition that gives IT technicians maximum freedom and places a very high demand on their capabilities. + + + +## 通过应用模型简化Kubernetes管理 + +当你的团队已经使用原生的 Kubernetes 一段时间,你多半会发现,并非每个 IT 技术人员都擅长编写复杂的 Kubernetes 声明式配置文件(YAML)。特别是对于开发人员他们的主要职责是业务开发,学习和编写YAML会增加他们的负担,甚至会抵触使用。 + +开源项目Rainbond 是一个 云原生应用管理平台,它使用 **以应用为中心** 的设计模式。基于这一设计模式重新抽象出了比 workload 更高层次的应用模型。从使用的体验上不需要学习和编写YAML,实现业务应用的全生命周期管理。应用对应一个完整的业务系统,由若干个可以单独管理的服务组件组成,部署业务组件可以从源代码和容器镜像,通过“拖拉拽”的方式编辑服务调用关系。每一个服务组件,可以基于图形化界面定义使用常见的一些运维特征。在此基础之上,用户还可以利用应用模型这一核心概念,做出更多高级操作,如将整个业务系统以应用模板的形式发布出来,业务系统可以基于该模板一键安装/升级。在软件交付这个领域,这种能力十分有用,无论最终交付环境在线或离线,都可以基于应用模板进行快速交付,甚至个性化交付。 + +![](https://static.goodrain.com/wechat/import-exist-resource-to-rainbond/import-exist-resource-to-rainbond-1.png) + +Rainbond 使用的应用模型,让开发人员关注应用和业务本身,更易于被人所接受。对裁剪后保留下来的运维特征通过图形界面展示和交互,极大的降低了使用的难度,通过应用模版绝大多数开发者不必编辑复杂声明式配置文件就可以顺畅使用 Kubernetes 了。 + +## 将Kubernetes的YAML转换成应用模型 + +整个转化的过程,可以概括为三个步骤: + +1. 对于开发人员最常用Workload,可以从源码和容器镜像向导式的自动生成,或导入已有YAML和运行应用,导入过程自动识别所有可转化的 Workload 类型资源,包括 Deployment、StatefulSet, Job、CronJob 类型。这些资源会被转化成应用模型,转化后会以服务组件的形式运行。 +2. 导入生成的服务组件后,基本的Workload属性通过界面就可以查看和编辑,如环境变量、镜像地址等。转化过程中会将识别到的高级Workload 属性添加给服务组件,以Key/Value 或 Yaml 形式查看和管理。 +3. 非 Workload 的资源类型,如 Secret、ServiceAccount、Role 等资源,会被分类识别和加载到应用界面的 `k8s资源` 页面中,供操作人员以交互体验方式进行编辑。 + +可被纳管和转化的 高级Workload 属性包括: + +| 属性名称 | 作用 | +| :----------------: | :------------------------------------ | +| nodeSelector | 节点选择器:指定某种类型节点调度时使用。 | +| labels | 标签:用于为服务组件自定义标签以被选择器使用。 | +| volumes | 存储卷:用于定义不被 Rainbond 管理的卷类型的挂载。 | +| volumeMounts | 挂载卷:与 volumes 搭配使用,将卷挂载给容器。 | +| affinity | 亲和性:更高级的调度方式,包括节点亲和性和Pod亲和性。 | +| tolerations | 容忍度:与节点污点搭配使用,具备指定容忍度的Pod才可以调度到指定节点上。 | +| serviceAccountName | 服务账户名:为服务组件指定某个已存在的SA,使对应的Pod具备某些权限。 | +| privileged | 特权模式:名副其实的配置,非必要不开启。 | +| env | 环境变量:用于定义不被 Rainbond 管理的环境变量,支持引用操作。 | + +值得注意的是,扩展后的 RAM 模型,依然能够发布为应用模板,供后续一键安装/升级/交付整套业务系统之用。 + +## 导入已有Kubernetes应用的测试和实践 + +以下测试是基于Rainbond v5.8进行的,为了测试 Kubernetes 已有应用导入,我计划使用已经在 `wp` 命名空间中部署完成的 `Wordpress` 建站系统来进行一次导入测试。这套系统由以下资源组成: + +```bash +[root@localhost ~]# kubectl get secret,service,deployment,statefulset,pod -n wp +NAME TYPE DATA AGE +secret/default-token-nq5rs kubernetes.io/service-account-token 3 27m +secret/mysql-secret Opaque 2 27m +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/wordpress NodePort 10.43.157.40 8080:30001/TCP 5m19s +service/wp-mysql ClusterIP 10.43.132.223 3306/TCP 27m +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/wordpress 1/1 1 1 5m19s +NAME READY AGE +statefulset.apps/wp-mysql 1/1 27m +NAME READY STATUS RESTARTS AGE +pod/wordpress-66bc999449-qv97v 1/1 Running 0 5m19s +pod/wp-mysql-0 1/1 Running 0 27m +``` + +访问 Rainbond ,在集群处选择导入,在这个页面中,可以选择要导入资源的命名空间 `wp`。平台会根据 label 来对资源进行分组: + +![](https://static.goodrain.com/wechat/import-exist-resource-to-rainbond/import-exist-resource-to-rainbond-3.png) + +Rainbond 根据资源定义的 `label` 来划分应用,如符合 `app.kubernetes.io/name:wp-mysql ` 或 `app:wordpress` 的资源,会分布到图中两个不同的应用中去,而不具备上述 `label` 的资源,则会统一划分到一个未分组的应用中去。应用的划分非常关键,因为应用模型的高级应用是针对一个应用整体而言的,所以导入之前一定要仔细规划,添加合理的 `label`。 + +导入过程中,Rainbond 将不同的属性,交由扩展后的模型管理,大部分运维操作已经变得很易用了,而另一部分,则交由 Kubernetes 属性页面进行管理。 + +![](https://static.goodrain.com/wechat/import-exist-resource-to-rainbond/import-exist-resource-to-rainbond-2.png) + +一旦完成导入,`wordpress` 和 `wp-mysql` 两个应用就可以使用 Rainbond 进行管理了。 + +- 端口管理 + +`wordpress` 在导入之前依靠 `NodePort` 类型的 `Service` 对外暴露,但导入 Rainbond 管理之后,就可以借助网关对外暴露自己的 80 端口了。需要注意的是,你必须重启一次 `wordpress` 服务组件,来让访问策略生效。 + +![](https://static.goodrain.com/wechat/import-exist-resource-to-rainbond/import-exist-resource-to-rainbond-4.png) + +对于某些业务而言,访问的入口不支持动态指定,这就需要业务侧也做出一些改动,来适应新的访问入口。对于 `Wordpress` 而言,需要重新定义常规选项中的站点地址。 + +![](https://static.goodrain.com/wechat/import-exist-resource-to-rainbond/import-exist-resource-to-rainbond-5.png) + +- 存储管理 + +我部署的这套 `wordpress` 系统,所有组件的存储都使用的 `hostpath` 模式,这种配置虽说简单,但是并不适用于 `Pod` 可能发生漂移的大规模 Kubernetes 环境。Rainbond 部署后,会提供易用的共享存储,这种存储支持多个 Pod 间共享数据,以及 Pod 跨主机的迁移。原有的 hostpath 存储,可以重新进行定义。重新定义后的存储路径会变为空,所以记得找到新旧不同的路径,进行一次数据迁移。 + +![](https://static.goodrain.com/wechat/import-exist-resource-to-rainbond/import-exist-resource-to-rainbond-6.png) + +## 实际意义 + +通过应用模型,让IT 技术人员可以更多的关心业务本身,而不是底层复杂工具的使用问题。最终的效果是简化操作成本和理解难度,让Kubernetes更加容易落地。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-08-Arthas.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-08-Arthas.md new file mode 100644 index 0000000000..27e4b03d84 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-08-Arthas.md @@ -0,0 +1,214 @@ +--- +title: Dry sharing!JAVA Diagnostic Tool Arthas in Rainbond +description: Arthas (Alsas) is an online monitoring of diagnostic products that can use a global perspective in real time to view the state of the app load, memory, gc and thread, and can diagnose business issues without changing the application code +slug: arthas +image: https://static.goodrain.com/wechat/arthas/9.png +--- + +Don't worry about what to do with Java business online, `Arthas` helps you solve the following FAQ: + +- The class is loaded from which jar package?Why report various related Exceptions? +- Why did I change the code not be executed to?Is it not my commit?Something went wrong? +- Problems cannot be debugged online. Can you only republish by adding logs? +- There was a problem with the data processing of a user on the line, but it is also impossible to debug! It cannot be repeated underline! +- Is there a global perspective to see how the system works? +- What can be done to monitor the current status of JVM? +- How quickly to locate the app's hotspot and generate the flames? +- How do I find a class directly from JVM? + +[Arthas](https://arthas.aliyun.com/) (Alsas) is an online diagnostic product that provides real-time access through a global view to the status of the application, load, memory, gc and thread, and can diagnose business issues without modifying the application code, including access to and access to the method, anomalies, monitoring methods time-consuming, class loading information, etc. to significantly increase the efficiency of online problem profiling. + +Arthas uses command-line interactive mode while providing a rich range of `Tab` auto-completion, further facilitating the location and diagnosis of the problem. + +And Arthas also supports entering command line interaction via Web Console which works for the Arthas Web Console Diagnostic Business when developers do not have server permissions. + + + +## Arthas 在 Rainbond 上集成 + +**1. 插件集成** + +通过 Rainbond 插件的机制,从 Rainbond 开源应用商店一键安装 Arthas 插件并在组件中开通,组件启动时会自动下载 `arthas-agent.jar` 结合环境变量配置使用 `javaagent` 方式启动。 + +**2. Arthas Tunnel 集成** + +当我们的微服务业务有 10+,这时通过 Arthas 去诊断就会比较麻烦,开发人员没有服务器的权限并且通过 Web Console 访问的话也会由于访问地址太多导致特别混乱。这时就需要通过 Arthas Tunnel Server/Client 来远程管理/连接多个 Agent。 + +Arthas Agent 会通过 WS 注册到 Arthas Tunnel 中,实现统一管理。 + +Arthas Tunnel 可通过 Rainbond 开源应用商店一键安装。 + +**3. Arthas Web Console** + +对于 Spring Boot 应用则无需通过 Arthas Tunnel 访问 Web Console,在组件内添加8563端口即可访问 Web Console。(注意:域名访问需开启 Websocket 支持 + +![](https://static.goodrain.com/wechat/arthas/10.png) + +## 使用Arthas诊断Rainbond上的Spring Boot应用 + +本小节使用若依SpringBoot作为示例。 + +首先需要安装 Rainbond云原生应用管理平台,可参阅文档 [安装 Rainbond Allinone](https://www.rainbond.com/docs/installation/install-with-dind) + +### 1. 部署 Spring Boot 应用 + +团队 -> 新增 -> 基于应用商店创建组件 -> 在应用商店中搜索 `若依SpringBoot` 进行一键部署。 + +![](https://static.goodrain.com/wechat/arthas/11.png) + +### 2. 安装 Arthas Java Agent 插件并配置 + +**2.1 安装插件** + +团队 -> 插件 -> 从应用商店安装插件 -> 在应用商店中搜索 `Arthas-Agent` 进行一键部署。 + +![](https://static.goodrain.com/wechat/arthas/4.png) + +**2.2 开通插件** + +为`ruoyi-admin` 开通 Arthas Agent 插件,在组件内 -> 插件 -> 未开通 -> 开通插件。 + +![](https://static.goodrain.com/wechat/arthas/12.png) + +**2.3 环境变量配置** + +为 `ruoyi-admin` 组件配置环境变量,在组件内 -> 环境变量 -> 添加变量。 + +| 变量名 | 变量值 | +| --------------------------------------------------------- | ------------------------------------------------------------------- | +| JAVA_OPTS | -javaagent:/arthas/arthas-agent.jar | +| ARTHAS_APP_NAME | ruoyi-admin | +| ARTHAS_AGENT_ID | ruoyi-admin | + +**2.4 添加端口并更新** + +为 `ruoyi-admin` 组件添加 8563 端口并打开对外服务,更新组件完成后可通过默认域名访问 Web Console。 + +![](https://static.goodrain.com/wechat/arthas/13.png) + +![](https://static.goodrain.com/wechat/arthas/14.png) + +## 使用Arthas诊断Rainbond上的SpringCloud应用 + +使用 Arthas 诊断部署在 Rainbond 上的微服务 Spring Cloud Pig,并通过 Arthas Tunnel 统一管理 Arthas agent。本小节将使用 Spring Cloud Pig 作为示例。 + +首先需要安装 Rainbond云原生应用管理平台,可参阅文档 [安装 Rainbond Allinone](https://www.rainbond.com/docs/installation/install-with-dind) + +### 1. 部署 Spring Cloud Pig + +团队 -> 新增 -> 基于应用商店创建组件 -> 在应用商店中搜索 `SpringCloud-Pig` 进行一键部署。 + +![](https://static.goodrain.com/wechat/arthas/3.png) + +### 2. 部署 Arthas Tunnel + +团队 -> 新增 -> 基于应用商店创建组件 -> 在应用商店中搜索 `Arthas-Tunnel` 进行一键部署。 + +![](https://static.goodrain.com/wechat/arthas/5.png) + +### 3. 安装 Arthas Agent 插件并配置 + +**1. 安装插件** + +团队 -> 插件 -> 从应用商店安装插件 -> 在应用商店中搜索 `Arthas-Agent` 进行一键部署。 + +![](https://static.goodrain.com/wechat/arthas/4.png) + +**2. 开通插件** + +为每个微服务组件都开通插件,进入微服务组件 -> 插件 -> 开通插件 `Arthas-Agent` 。 + +![](https://static.goodrain.com/wechat/arthas/6.png) + +**3. 配置环境变量** + +为每个微服务组件配置环境变量,在组件内 -> 环境变量 -> 添加变量。 + +| 变量名 | 变量值 | 说明 | +| --------------------------------------------------------- | ------------------------------------------------------------------- | ------------------------------- | +| JAVA_OPTS | -javaagent:/arthas/arthas-agent.jar | JAVA 启动参数 | +| ARTHAS_APP_NAME | register | arthas app name,根据实际情况修改 | +| ARTHAS_AGENT_ID | register | arthas agent ID 不可与其他 ID相同,是唯一的 | + +**4. 配置依赖关系** + +将所有微服务组件依赖至 `arthas tunnel`,应用视图切换到编排模式进行拖拉拽。 + +![](https://static.goodrain.com/wechat/arthas/arthasgif.gif) + +**5. 批量更新** + +更新/重启所有微服务相关组件。可在 `列表` 中批量操作。 + +### 4. 通过 Arthas Tunnel 连接到其他 Agent 进行诊断 + +1.可通过 Arthas Tunnel 8080 端口默认生成的域名访问 Web Console。 + +2.在 Web Console 中的 IP:PORT 填写 Arthas Tunnel 7777 的对外服务端口,7777 端口是 Agent 连接到 Tunnel 的。所以在通过 Web 远程连接到其他服务时修改 AgentId 即可连接 + +![](https://static.goodrain.com/wechat/arthas/7.png) + +![](https://static.goodrain.com/wechat/arthas/8.png) + +## Arthas 使用入门 + +### 1. Arthas 命令使用 + +Arthas 采用命令行交互模式,同时提供丰富的 `Tab` 自动补全功能,进一步方便进行问题的定位和诊断,以下是部分命令,详细请参阅文档 [Arthas命令列表](https://arthas.aliyun.com/doc/commands.html) + +- dashboard - 当前系统的实时数据面板 +- getstatic - 查看类的静态属性 +- heapdump - dump java heap, 类似 jmap 命令的 heap dump 功能 +- jvm - 查看当前 JVM 的信息 +- logger - 查看和修改 logger +- mbean - 查看 Mbean 的信息 +- memory - 查看 JVM 的内存信息 +- ognl - 执行 ognl 表达式 +- perfcounter - 查看当前 JVM 的 Perf Counter 信息 +- sysenv - 查看 JVM 的环境变量 +- sysprop - 查看和修改 JVM 的系统属性 +- thread - 查看当前 JVM 的线程堆栈信息 +- vmoption - 查看和修改 JVM 里诊断相关的 option +- vmtool - 从 jvm 里查询对象,执行 forceGc + +以下是部分命令的使用截图: + +![](https://static.goodrain.com/wechat/arthas/15.png) + +![](https://static.goodrain.com/wechat/arthas/16.png) + +![](https://static.goodrain.com/wechat/arthas/17.png) + +### 2. 生成火焰图 + +`profiler` 命令支持生成应用热点的火焰图。本质上是通过不断的采样,然后把收集到的采样结果生成火焰图。\ +以下命令均在Arthas Tunnel Web Console 中执行。 + +**1.启动 profiler** + +```shell +$ profiler start +Started [cpu] profiling +``` + +**2.停止 profiler 并生成火焰图** + +默认情况下,结果文件是`html`格式,也可以用`--format`参数指定: + +```shell +$ profiler stop --format html +OK +profiler output file: /app/arthas-output/20220907-214802.html +``` + +**3.通过浏览器查看火焰图** + +上一步生成的 html 文件在指定的微服务组件中,所以需要在该微服务组件中查看火焰图。 + +进入到该微服务组件中,例如:pig-auth,在组件端口中添加 `3658` 端口并打开对外服务并访问 `http://domain/arthas-output` + +![](https://static.goodrain.com/wechat/arthas/9.png) + +## 最后 + +Arthas 是款非常好的 Java 诊断工具,而在 Kubernetes 中使用较为复杂。Rainbond 底层基于 Kubernetes,在此之上抽象了应用模型,使用户更方便的在 Kubernets 中部署管理应用,并且通过 Rainbond 的插件机制让用户更便捷的使用 Arthas 诊断业务,降低了在 Kubernetes 中使用 Arthas 的门槛,用户只需关注业务。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-15-nounderstandk8s.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-15-nounderstandk8s.md new file mode 100644 index 0000000000..4eebc256c1 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-15-nounderstandk8s.md @@ -0,0 +1,131 @@ +--- +title: What do Kubernetes experience do you have in your cloud? +description: In order to understand what is a cloud, it is necessary to understand what is wrong with cloud calculations, which will calculate the integrated management of resources, networks, storage, etc. infrastructure to achieve reduced resource costs and improved management of resources through resource scaling-up and automated management +slug: nounderstandk8s +image: https://static.goodrain.com/case/2022/09/13/16623088574185.jpg +--- + +## The nature and final effect of cloud origin + +In order to understand what is a cloud, it is necessary to understand what the cloud calculation is problematic; it will calculate the integrated management of the infrastructure, such as resources, networks, storage, etc. through resource scaling-up and automation, reduce the cost of resources and improve the efficiency of their management. The cloud calculation will essentially solve the problem of resource automation, but the key applications of digitization and informatization, cloud computing will not solve the problem of the management of applications, the management and mobility of applications will be difficult to solve the problem of dependence on people,**The birth of clouds is to solve the problem of managing applications, which is much more complex than resource management and involves the management of applications, such as the development of applications, the application architecture, the delivery of applications and the application of shipment, and, in conjunction with the application of automation, the management of resources, which is inherently a solution to the management of applications.** +![](https://static.goodrain.com/case/2022/09/13/16623088574185.jpg) + +**In terms of effectiveness, the ultimate objective of the cloud is to focus the developers on their own business, out of business (infrastructure, application architecture, application dimension), and to create the kind of application they want and deliver their clients on demand.** + + + +## 使用 Kubernetes 落地云原生困难重重 + +当前云原生相关的技术很多,其中最关键是容器、微服务架构、Kubernetes ,他们颠覆式的解决了应用管理自动化问题。 + +- **容器技术解决了应用打包和部署自动化问题,通过容器打包保证了应用基础环境的一致性,实现了一次打包,处处运行。同时容器可以定义应用运行资源,部署时按需占用资源,实现从应用角度解决资源管理自动化。** + +- **微服务架构解决了复杂应用的解耦和治理问题,当业务越大越复杂,微服务架构将业务拆分和解耦成多个模块,并通过服务治理实现微服务运行和管理的自动化。** + +- **Kubernetes解决了应用编排和调度自动化问题,它是应用自动化管理最关键的拼图,底层基于容器、SDN、SDS,能实现各类型应用和微服务部署和运维过程自动化。** + +为了实现应用管理自动化,还有很多云原生相关的技术,像SDN(网络自动化管理)、SDS(存储自动化管理)、Helm(复杂应用交付自动化)、Service Mesh(无侵入扩展服务治理能力)、Monitoring(监控自动化)、Logging(日志自动化)、Tracing(性能分析自动化)、Chaos engineering(容错自动化)、Gateway(网关自动化)、SPIFFE (应用访问安全自动化)等等,这些技术可以跟Kubernetes结合起来使用,解决应用各个运维特征的管理自动化问题。 + +上面这些技术主要围绕着Kubernetes,所以落地过程主要是Kubernetes落地,Kubernetes落地过程一般分为两部分,Kubernetes的搭建和Kubernetes的使用。对于Kubernetes搭建,基于以上技术自主搭建完整的Kubernetes集群非常复杂,既要学习这些技术还要了解他们的原理,最困难的是要把他们有机的组装起来。不过大多公司有专职的维护工程师,可以抽出大把时间来学习和尝试。或者,选择公有云厂商提供的Kubernetes商业服务,所以,搭建Kubernetes是有路径落地的。 + +相比搭建Kubernetes,Kubernetes的使用一般是开发人员,开发人员人数众多,使用习惯和学习门槛决定了开发人员的接受度,而云原生平台的使用不仅要改变开发习惯,还要学习很多新技术,落地过程困难重重。 + +1. **需要学习很多新概念和技术。** 云原生相关的技术和概念有很多,光 Kubernetes就有很多新的概念和抽象,像Workload、Pod、Service、Ingress、ConfigMap、PV等,如果要用好还需要学习Kubernetes周边的很多概念和技术。 + +2. **已有应用需要改造,开发习惯需要改变。** 已有的应用要运行在 Kubernetes上,需要会写 Dockerfile 和 YAML,如果要改造成微服务架构,还需要按照框架的SDK改造代码,跟之前的开发习惯会有很大变化。 + +3. **如何将应用高效交付给客户,Kubernetes及上面这些技术并没有解决。** 应用只有交付给客户才能产出价值,当前交付客户的自动化程度不高,Kubernetes并没有解决交付过程自动化的问题。在 To C的场景,业务频繁迭代,交付的频率很高,需要保质保量。在To B场景,交付更加复杂,不同的客户有不同的要求,需要针对不同客户有不同的交付模式,比如SaaS、私有交付、离线交付、个性化交付等,交付也是成本里的大头。 + +## 应用抽象模型是云原生可落地的关键(实现思路) + +云原生落地的难点在使用,如果能将云原生底层复杂的技术包装成开发者熟悉的应用层属性和动作,开发者就不用学习新的概念和技术;如果能将业务跟运维能力解耦,跟微服务框架解耦,就能实现开发者按需扩展运维能力和切换微服务框架,实现对业务按需赋能;如果能实现根据不同客户类型,自定义交付流程和自动化交付,就能大大降低交付成本,提升客户满意度;当以上三点都能解决,就可以让开发者聚焦在业务本身,业务之外的事情不用关心,有更多精力关注客户价值输出。 + +**基于以上思考,通过应用抽象模型是个解决思路,对应用整体进行包装和抽象,包含应用运行所需的全部运行定义,与底层技术和概念隔离。向上用户不需要再学习和了解系统级概念和技术,应用内部把业务和扩展能力解耦,使用应用级概念开发和管理,需要扩展服务治理、运维、安全等能力时按需开启插件。向下则包装Kubernetes的概念和抽象,屏蔽掉底层基础设施的差异,实现应用抽象模型可以运行在各类基础设施上。** + +![](https://static.goodrain.com/case/2022/09/13/16626159240760.jpg) + +应用抽象模版核心设计在三方面: + +1. 应用级抽象 +2. 架构充分解耦 +3. 使用应用模版交付 + +### 应用级抽象能简化理解和使用 + +**应用级抽象是“以应用为核心”的抽象模型,对用户暴露应用级的概念、属性和动作,底层Kubernetes和系统级的概念和技术,要么完全实现自动化,要么包装成应用级的属性和动作。** 为了实现灵活的应用编排和自动化调度,Kubernetes 定义了很多概念,提供丰富的扩展机制,并以YAML的方式跟它交互,Kubernetes的这些可编程的体验,对管理和扩展Kubernetes的人来说,是非常好的特性,但对于普通开发者,门槛太高,并且很多概念和技术跟自己开发的业务并没有直接关系,所以对于普通开发者来说需要更加友好的操作体验,不需要学习就能使用。 + +![](https://static.goodrain.com/case/2022/09/13/16625298435470.jpg) + +应用级抽象和Kubernetes概念 粗粒度的对应关系: + +| 应用级属性 | Kubernetes概念 | +| -------- | ------------ | +| 应用运行环境 | Containers | +| 应用运行属性 | Workload | +| 应用网络属性 | SDN | +| 应用存储属性 | SDS | +| 应用对外服务属性 | Ingress | +| 应用对内服务属性 | Service | +| 应用插件 | Pod | +| 应用配置 | ConfigMap | + +**应用级抽象并不是要将Kubernetes概念全部隐藏起来,而是对于不同的使用者,职责不同展现不同的交互界面。** 对普通开发者职责是开发业务,只需要关心应用级的概念,提供应用级的操作界面。但对于云原生平台的管理人员,除了关心应用级的概念,还要关心Kubernetes的管理和维护,有能力的话还可以扩展平台的能力,所以对于平台管理人员,提供高级的暴露Kubernetes概念的操作界面,或者直接操作Kubernetes也可以管理平台上的应用,通过这种方式也规避了,由于包装概念产生的“黑箱”导致对平台的可观测性和可掌控性不足。 + +### 架构充分解耦,根据使用场景按需组合 + +基于应用级的抽象,应用模型通过标准的Kubernetes API实现跟基础设施的解耦,所有符合标准Kubernetes API 的基础设施都可以实现对接和部署,比如各公有云厂商的Kubernetes实现、K3s、KubeEdge等,通过这样的解耦,开发者只需要关心业务和能力扩展,不用在关心基础设施的差异,对接应用模型的应用不需要改动就能透明部署到公有云、私有云和边缘设备上,实现了应用级多云。 + +通常在应用里,还会包括一些跟业务无关的功能,他们的作用是为了让应用更好的运行,比如:服务治理、微服务框架、运维工具、安全工具等,这些能力跟应用有强耦合关系的,需要改代码扩展能力,将这部分能力解耦,应用就只需要关注在业务了,而且扩展的能力有很强的复用性,其他应用也需要。 + +应用中扩展能力的解耦使用 Kubernetes 的 Pod,Pod中包含一个或多个容器,所有容器共享网络、存储,应用运行在一个容器,扩展的能力通过扩展容器的方式运行,通过共享的网络和存储实现了应用和扩展能力的解耦,这种解耦方式对业务完全无侵入,扩展的能力用插件的形式包装,就可以实现应用按需安装和启动插件,根据网络流向和容器启动顺序可以定义几种类型插件: + +| 插件类型 | 说明 | +| ------ | ----------------------------------------------- | +| 入口网络插件 | 网络流量先到入口网络插件,然后到业务容器。例如:网关、WAF、安全工具、限流 | +| 出口网络插件 | 网络流量先到业务容器,然后到插件容器。例如:负载均衡、断路器、加密访问 | +| 出入网络插件 | 网络流量先到插件容器,再到业务容器,再回到插件容器。例如:Service Mesh proxy | +| 旁路插件 | 网络上旁路运行。例如:性能分析、监控 、调用链分析、日志管理 | +| 初始化 插件 | Pod的Init容器,Pod启动先启动Init容器。例如:数据库初始化 | + +![](https://static.goodrain.com/case/2022/09/13/16629874136151.jpg) + +按照Pod机制实现的插件只能扩展单个业务容器的能力,而要对应用扩展微服务架构能力,需要对每一个业务容器扩展服务治理的插件,这跟Service Mesh的实现机制一致,Service Mesh的Data Plane需要对每个业务容器注入Proxy,对于完整应用就是扩展Service Mesh能力,对完整应用扩展的能力是应用级插件,根据注入Proxy的差异可以支持多种类型的Service Mesh 实现,比如:Istio、Linkerd、Dapr,应用可以按需开启Service Mesh 能力,或更换实现框架。当应用跟微服务架构解耦,每一个业务容器不再受微服务框架和开发语言限制,每个业务容器只需要专注业务本身,业务容器之间也同步实现了解耦。 + +**通过将架构充分的解耦,解耦后的业务、插件、对接多云的能力都能实现随意组合,开发者选择喜欢的开发语言开发业务组件,根据业务契约编排依赖关系,根据服务治理和运行稳定性要求,按需开启Service Mesh插件和其他运维插件,运行的基础设施环境,也根据实际需要自动对接。** + +### 应用模版成为能力复用和应用交付的载体 + +应用模型以应用模版的形式具象化展现和存储,应用由源码、容器镜像和插件拼装而成,然后一键导出成应用模版,应用模版设计主要围绕使用者,让使用者能用起来,让应用交付并产出价值,从而拉动应用的迭代和开发。从使用体验上,应用模版可以一键安装和一键升级,通过“拖拉拽”的方式实现业务拼装。应用模版有很强灵活性,应用模版支持不同颗粒度大小,模版和模版能拼装出新的模版,新的模版还可以持续拼装,颗粒的大小由使用者决定,由使用者赋予它意义。应用模版可以交付到兼容Kubernetes API的分支版本,实现一键安装和升级,或将应用模版存放到应用市场,实现即点即用的效果。 + +![](https://static.goodrain.com/case/2022/09/13/16629938514408.jpg) + +**应用模版需要具备四个特点:** + +- **模块化,可以形成可复用的能力单元,按需拼装使用场景。** +- **自治,自给自足,可以独立安装、升级和管理,确保组合的灵活性。** +- **可编排,模版和模版可以拼装出新模版,具备无限拼装能力。** +- **可发现,通过内部服务和外部服务两种方式体现,可供业务和技术、开发者和其他应用访问。** + +**通过应用模版实现可复用模块和能力的打包。** 应用的架构充分解耦后,业务组件和扩展插件理论上可以复制到其他应用中,但直接复制代码或镜像非常低效,而且还有很多运行环境相关的配置需要考虑,将业务组件和扩展插件打包成应用模版,并将应用模版发布到应用市场供其他人使用,可以最大程度实现模块和能力的复用,减少重复造轮子。 + +**通过应用模版实现SaaS、私有化和离线环境的自动化交付,和个性化场景模块拼装。** 应用模板中包含应用运行态所需的全部资源,对接到客户运行环境,就可以实现一键安装和运行,屏蔽了客户环境差异,一套产品模版可以交付所有类型客户,对于离线环境,应用模版以文件的形式导出,到客户离线环境再导入运行即可。对于功能需要个性化的场景,利用应用模版对业务模版打包的能力,先拼装已经模块化的能力,然后再定制化开发,新开发的功能,如果可复用还可以继续发布成应用模版,供后续复用。 + +## 不懂 Kubernetes 实现云原生的体验 + +基于以上的设计思路,让开发者专注于业务本身,回到用户效果和价值体现的原点上,不用关心底层复杂的技术和不相关的概念,全面实现应用自动化。 + +开发应用的体验: + +1. **代码无需改动,就能变成云原生应用。** 对于新业务或已有业务,代码不需要改动就能将其容器化。不需要懂 docker 、Kubernetes 等技术,就能将应用部署起来,具备云原生应用的全部特性。 +2. **业务积木式拼装编排。** 可复用的业务模块积累到应用市场,当由新业务需要开发,基于应用市场已经业务模块,通过“拖拉拽”的方式拼装,然后再开发没有的业务能力,当积累的业务模块越多,开发新业务的速度越快。 +3. **开箱即用的Service Mesh微服务架构,并可一键更换Service Mesh框架。** 不用学习微服务框架的SDK,通过无侵入的方式实现Service Mesh微服务架构,主流的Service Mesh框架以插件的形式存在,需要时开启,如果觉得不好还可以随时更换。 + +使用应用的体验: + +1. **像安装手机 App 一样安装云原生应用。** 云原生应用以应用模版的形式存放到应用市场,当对接各种基础设施或云资源,实现应用即点即用或一键安装/升级。 +2. **普通开发者不需要学习就能实现应用运维。** 通过应用级抽象,普通开发者了解应用级属性就能实现应用运维,并通过插件扩展监控、性能分析、日志、安全等运维能力,应用运维不再需要专用的SRE。 +3. **复杂应用一键交付客户环境。** 复杂应用发布成应用模版,当客户环境可以联网,对接客户环境一键安装运行,当客户环境不能联网,导出离线应用模版,到客户环境导入并一键安装运行。 + +## 实现方案 + +基于上面的设计思路,我们在Kubernetes基础上实现了[Rainbond](https://www.rainbond.com/),并将它[开源](https://github.com/goodrain/rainbond)。Rainbond提供开箱即用的体验,使用简单,不需要懂容器和Kubernetes,支持管理多种Kubernetes集群,提供企业级应用的全生命周期管理。主要功能包括应用开发环境、应用市场、微服务架构、应用交付、应用运维、应用级多云管理等。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-20-istioGrayscale.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-20-istioGrayscale.md new file mode 100644 index 0000000000..5d033743cf --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-09-20-istioGrayscale.md @@ -0,0 +1,135 @@ +--- +title: Dry Freight sharing|Use Istio to achieve gray release +description: As the base platform, Kubernetes provides a strong capacity to organize containers.However, there are still some complexities and constraints to its deployment over operations and governance of services, where many mature ServiceMesh frameworks have been used to expand its capacity +slug: istiograyscale +image: https://static.goodrain.com/wechat/istio/istio.jpeg +--- + +As the base platform, Kubernetes provides a strong capacity to organize containers.However, there are still some complexities and constraints to its deployment over operations and governance of services.In the area of service governance, there are already many mature ServiceMesh frameworks for expanding their capacity, such as Istio, Linkerd, Dapr, etc.This paper will focus on how to use the ability of Istio to extend the Kubernetes grayscales. + +On deployment, the Open Source Project [Rainbond](https://github.com/goodrain/rainbond) will be used as a base platform.Rainbond is a cloud native application management platform that uses **Application**.Standardized application models are abstract based on this design mode.The full life cycle management of business applications can be achieved without learning and writing YAML from the experience used.It is therefore used to simplify the deployment and management of operations.While Rainbond supports the replacement of ServiceMesh framework, we can choose the best matching ServiceMesh framework for service governance as needed. + + + +## Kubernetes 中如何实现灰度发布 + +当你在 Kubernetes 集群中部署业务时,可以利用 Kubernetes 原生提供的[灰度发布](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#canary-deployments)的方式去上线业务。这种方式是通过在旧版本和新版本的服务之间,定义一个差异化的 Label,根据不同版本之间的公共 Label 负载流量到后端 Pod,最终实现根据 Pod 的副本数控制流量的百分比。 + +如下图所示:用户定义了两个 Deployment 对象,其中旧版本名为 frontend-stable,有3个副本。新版本为 frontend-canary,有1个副本。此时定义了一个 Service 对象,使用它们之间公共的 Label 进行选择。这就使得用户访问 frontend 这个 Service 时,能以 3:1 的比例同时访问到两个版本。并且还可以通过调整副本数持续控制流量比例,最终达到完整上线。 + +![k8s-canary.png](https://static.goodrain.com/wechat/istio-canary-publish/k8s-canary.png) + +Kubernetes 默认的实现方式在简单的部署场景下很有效,但是在一些复杂场景中,仍然会有较大的局限,如: + +1. 业务配置自动伸缩后,会直接影响灰度发布的流量比例 + +2. 低百分比的流量控制占用资源高,如 1 % 的流量到达新版本,则至少需要 100 个副本 + +3. 精确的流量分发控制,使访问到新版本中的用户一直是同一批,而不是某个用户访问时随机切换 + +## Istio 灰度发布简述 + +由于 Kubernetes 提供的灰度发布方式的局限性,在一些复杂场景下,我们就需要使用 Istio 来实现更精细的灰度发布策略。在使用 Istio 进行灰度发布时,我们需要了解两个重要概念: + +1. [Virtual services](https://istio.io/latest/docs/concepts/traffic-management/#virtual-services): 虚拟服务定义了请求到服务的路径。可以包含一组路由规则,使匹配到对应规则的请求能到达指定目标。 + +2. [Destination rules](https://istio.io/latest/docs/concepts/traffic-management/#destination-rules): 目标规则可以管理到达该目标的流量,如对服务后端所对应的实例池进行分组,再结合 Virtual services 定义的路由规则,最终将流量转发到正确的实例上。 + +如下图所示,以 istio 官网提供的 Bookinfo 示例程序为例,给出了 virtual services 和 destination rules 的主要定义。其中 virtual services 主要分为两块,主机名和路由规则。主机名是客户端向服务发送请求时使用的一个或多个地址。当请求到达 virtual services 时,则会根据其定义的路由规则匹配。图中就定义了邮箱以 gmail.com 结尾的用户流量只会到达 v3 版本的实例上。而其他用户则以 1:9 的比例分别访问到 v1 和 v2 版本的服务。这种方式实现了精确的流量分发控制。 + +当用户流量来到 reviews.demo.svc.cluster.local 这个 Service 上时,可以看到 destination rules 的规则定义中根据 version 这个 label 定义了不同的实例集,实现了流量比例与副本数的解耦。不管 reviews-v1 有多少实例。始终只有 10% 的流量到达 destination rules 的 v1 子集中。这就解决了业务副本数与流量比例的冲突问题,也使得资源使用更加合理。 + +![istio-canary.png](https://static.goodrain.com/wechat/istio-canary-publish/istio-canary.png) + +## Istio 灰度发布在 Rainbond 上的实践 + +基于以上理解,我们接下来以 BookInfo 为例来体验 Istio 的灰度发布。 + +### 1. 准备工作: + +在开始之前,我们需要提前安装好所需要的环境。 + +1. 安装 Rainbond + +参考 [Rainbond 官方文档](https://www.rainbond.com/docs/quick-start/quick-install/) 快速安装,安装完成后可以通过对接 Helm 商店一键安装 Istio 以及相应组件。 + +2. 安装 Istio 以及 Kiali + +登录到 Rainbond 控制台后,先创建一个团队,团队英文名对应 Kubernetes 中的命名空间,Istio 默认安装的命名空间为 `istio-system` ,因此团队英文名填写`istio-system`,名称可以填写为 `istio项目`。接下来对接 Helm 商店,通过 `应用市场 -> 点击➕号 -> Helm 商店` 对接。商店名称随意填写,地址填写 `https://openchart.goodrain.com/goodrain/rainbond`。商店对接完成后,我们即可点击安装 istio、kiali 等应用。详细可参考 [Istio 安装](https://www.rainbond.com/docs/use-manual/app-manage/overview/model/deploy-istio/)。 + +### 2. 部署 BookInfo 应用 + +在部署 BookInfo 之前,我们需要在 Rainbond 中创建一个团队和应用,并将应用的治理模式切换为 `Istio 治理模式`。在 Rainbond 中应用治理模式切换是指可以无侵入地变更应用下组件间通信治理模式。 + +如下图所示,一个完整应用会包含多个微服务模块,而 ServiceMesh 框架则是对所有业务容器注入 Proxy,根据注入Proxy的差异可以支持多种类型的 ServiceMesh 实现,比如:Istio、Linkerd、Dapr,应用可以按需开启 ServiceMesh 能力,或更换实现框架。为了让 BookInfo 这个应用使用到 Istio 的治理能力,所以需要切换到 `Istio 治理模式`。 + +![service-mesh.png](https://static.goodrain.com/wechat/istio-canary-publish/service-mesh.png) + +1. 准备镜像 + +[BookInfo](https://istio.io/latest/docs/examples/bookinfo/) 这个应用程序由 6 个微服务组成,它们之间的依赖如下图所示。其中 Productpage 这个服务提供了访问页面,从 Details 这个服务中获得书籍详细信息。从 Reviews 服务中获得书籍评价。其中 Reviews-v2 和 Reviews-v3 会从 Ratings 这个服务中获得书籍的评级信息。这六个微服务的镜像如下: + +```bash +docker.io/istio/examples-bookinfo-productpage-v1:1.17.0 +docker.io/istio/examples-bookinfo-details-v1:1.17.0 +docker.io/istio/examples-bookinfo-reviews-v1:1.17.0 +docker.io/istio/examples-bookinfo-reviews-v2:1.17.0 +docker.io/istio/examples-bookinfo-reviews-v3:1.17.0 +docker.io/istio/examples-bookinfo-ratings-v1:1.17.0 +``` + +![bookinfo.png](https://static.goodrain.com/wechat/istio-canary-publish/bookinfo.png) + +2. 部署组件 + +我们在应用下,选择`添加组件 -> 指定镜像 -> 填写镜像地址 -> 新建组件 -> 确认创建`,即可依次创建出这 5 个微服务对应的组件。 + +3. 生成可用的 Service + +刚刚我们仅完成了所有服务的部署,还未定义这些微服务的访问策略。以 Productpage 为例,我们通过点击拓扑图中 Productpage 这个组件,即可进入这个服务的管理页面。找到 `端口 -> 添加端口 -> 端口号填写9080 -> 打开对外服务 -> 点击生成的路由`,即可访问成功。 此时会发现 Productpage 这个组件的页面还无法拉取到书籍评价信息。这是由于它默认使用 details 和 reviews 这两个 Service 名称连接到它依赖的组件。此时我们部署的 Reviews-v1 等组件还没有正确的 Service 名称。因此还是进入组件管理页面,`组件端口 -> 添加端口 -> 端口号填写9080 -> 修改使用别名 -> 内部域名填写为 reviews-v1 -> 打开对内服务`。details、reviews-v2、ratings 等组件都是如此,填写其对应的 Service 名称后,打开对内服务即可。 + +最后在应用的 K8s 资源下,我们还需要创建一个如下的 Service,用来在 Reviews 的三个版本之间负载流量。 + +```bash +apiVersion: v1 +kind: Service +metadata: + labels: + app: reviews + service: reviews + name: reviews +spec: + ports: + - name: http + port: 9080 + protocol: TCP + targetPort: 9080 + selector: + component: reviews # 需要在 Reviews 三个版本中,均添加 Kubernetes 属性,设置上该 Label,才能正确生效 + sessionAffinity: None + type: ClusterIP +``` + +4. 编排依赖关系 + +完成以上操作后,访问 Productpage 应用,可以看到书籍评论能正确在三个版本中切换了。此时,可以在应用视图下,切换到编排模式,根据上述 BookInfo 应用的架构图进行连线,实现拓扑图的编排。如下图所示,这样编排的好处是后期可以将这个应用整体发布出去,其他用户直接安装下来即可得到一样的拓扑关系,再也不用担心找不到各个服务依赖的组件。 + +![topological.png](https://static.goodrain.com/wechat/istio-canary-publish/topological.png) + +### 3. 灰度发布 + +在完成以上部署操作后,我们得到了一个完整的 BookInfo 程序,但此时还未定义 Istio 相关配置,所以还需要通过 Kiali 去定义流量规则。实现灰度发布。 + +1. 配置路由规则 + +访问 Kiali 管理页面,即可看到该应用。在左侧边栏选择 Services,找到 reviews 这个 Service,点击进入,右上角 Actions 选择 Traffic Shifting,即可看到如下配置:拖动滑块选择流量比例。下图中 30% 的流量将会访问到 reviews-v1 上,70% 的流量访问到 reviews-v2上。点击创建后,即可看见页面左下角,Kiali 自动为你生成了 virtual services 和 destination rules 资源。你可以点击进去根据自己需求再次编辑。 + +![kiali.png](https://static.goodrain.com/wechat/istio-canary-publish/kiali.png) + +2. 验证路由规则是否生效 + +找到最开始部署的组件 Productpage,进入组件管理页面,点击右上角访问入口,可以看到书籍详情和评级,反复刷新页面,可以看到不带星级的评价信息(reviews-v1)与黑色星级评价信息(reviews-v2)出现的比例大概是 3:7。红色星级评价信息(reviews-v3)从未出现。 + +3. 验证组件扩容对流量的影响 + +找到部署的组件 reviews-v1 ,进入`组件管理页面 -> 伸缩 -> 实例数量设置为4`,此时再次访问 Productpage 页面,反复刷新页面,可以看到 reviews-v1 扩容后,访问到 reviews-v1 与 reviews-v2 的比例仍为 3:7,组件实例数的多少对流量分发策略没有影响。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-10-08-devops.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-10-08-devops.md new file mode 100644 index 0000000000..53c01fdc13 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-10-08-devops.md @@ -0,0 +1,188 @@ +--- +title: How to design the DevOps platform of cloud origin +description: The developers and drivers are two major groups in the IT sector, all of which are involved in the construction of various business systems.So how should the experience of DevOs be reached in the cloud of births?It is my view that the platform works to connect these two groups and do their respective domains. +slug: Devices +image: https://static.goodrain.com/wechat/cloud-nation-for-dev-ops/cloud-native-for-dev-ops-1.png +--- + +The developers and drivers are two major groups in the IT sector, all of which are involved in the construction of various business systems.DevOps is a new concept that has erupted in recent years and has been misinterpreted by many as “learning a host of new skills by developers (Dev) and thereby mastering what the operator (Ops) should do”.However, the greater the capacity and the greater the responsibility, and when the responsibility for maintaining the stability of the production environment falls on the shoulders of the developers, most programmers have issued a cry [for low DevOps, we developers simply do not want to do it!](https://mp.weixin.q.com/s/ZLIdcZOAAKHl2KvRsxkGA).So how should the experience of DevOs be reached in the cloud of births?It is my view that the platform works to connect these two groups and do their respective domains. + + + +## 令人“厌恶”的DevOps + +首先,我非常希望你能先看一看引言中提到的 [扯淡的DevOps,我们开发者根本不想做运维!](https://mp.weixin.qq.com/s/ZLIdcZOAAKHRl2KvRsxkGA) 这篇文章。这篇文章从亚马逊云科技社区参与负责人 Emily Freeman 的一条推特入手,观察了很多留言后,得出了文章标题这种类似咆哮一般的结论。从绝大多数回复这条推特的 IT 从业者的口中,我听到了对于将运维职责强加给开发人员这种 DevOps 体验深恶痛绝。 + +开发人员对于 “谁构建,谁运行” 这种大义凛然的话表示无感,对于学习运维领域的新技能,亦或是将自己加入轮班支持人员的行列都感觉力不从心;运维人员的本职工作被剥离之后,则对本专业的前景惶惶不安,会害怕运维团队的重新洗牌。 + +**开发与运维,的的确确是两个不同的工种,有着类似“车床工与管道工”的区别。** + +| | 开发人员 | 运维人员 | +| :--: | :---------------: | :----------------: | +| 专业技能 | 开发语言、开发框架、中间件、数据库 | 硬件、操作系统、网络、存储、虚拟化 | +| 日常工作 | 理解需求、开发文档写作、开发代码 | 安装部署、监控、日志、问题排查、变更 | +| 文化标签 | 自由、创造 | 保守、责任 | + +一些公司认为从表格中把大量的运维人员管辖的工作,一股脑的“左移”给开发人员就是 DevOps。在专业技能和日常工作领域带来的缺口,可以通过开发人员的勤劳学习加以补足,然而在文化标签领域的冲突,将会是导致开发人员厌恶这种 DevOps 体验的根本原因。 + +## DevOps 的真意与平台工程 + +在我看来,DevOps 的真意是利用软件工程思维,解决复杂且繁重的运维问题。真正适合做 DevOps 工作的人,是具备一定软件工程能力的运维专家,在这里,对运维能力的要求更重要。 + +**DevOps 工程师,可以通过设计或选择一款平台产品,来将复杂的运维工作抽象为产品化的运维特征。从这个角度上讲,开发人员将会是这个平台产品的用户,他们能够在不了解复杂基础设施的情况下,操作并维护应用程序。DevOps 工程师,应该是更懂开发人员需求的运维工程师**。 + +在追根溯源,找到了这条推特之后,我了解到了更多 IT 业内人士对 DevOps 的看法,从中找到了很多和我有共鸣的声音。 + +> To me that's a sign we haven't made ops intuitive/easy enough for most devs to be able to handle it. +> +> 对我来说,这表明我们还没有让运维变得足够直观/简单,以至于大多数开发人员都无法处理它。 +> +> ​ —— @Liz Fong-Jones (方禮真) + +> The "platform" should do the heavy lifting ops, lacking a real platform the ops team (DevOps/are/platform team) is the platform. Devs can then focus on the application level operations of their apps using the knobs and levers provided by the platform. +> +> “平台”应该做繁重的运维,缺乏真正的平台时运维团队就是平台(DevOps/are/platform team)。然后,开发人员可以使用平台提供的旋钮和杠杆专注于其应用程序的应用程序级操作。 +> +> ​ —— @pczarkowski + +IT 行业近年来的发展趋势,一直是不断以平台能力的提升,来解决复杂基础设施的使用问题的。最开始,程序开发人员需要面对的是一台物理服务器,在缺乏运维能力的情况下,会由运维人员处理有关服务器的一切,包括操作系统、网络配置等等。而到现在,程序开发人员已经很少需要跟服务器打交道,甚至我见过的很多程序员并不掌握任何有关命令行的知识,就可以面向服务器开发应用系统。这种转变让程序开发人员更加专注于业务代码本身,不必分神去做一些繁重且琐碎的运维事务。带来这种转变的,是处于发展过程中的平台工程,在让基础设施不断变得简单易用。 + +![1](https://static.goodrain.com/wechat/cloud-native-for-dev-ops/cloud-native-for-dev-ops-1.png) + +最原始的裸机时代,并没有开发运维之分。从底层基础设施,一直到最顶层的业务系统都是同一批人在处理,这一批老程序员可以被称为真正的全栈工程师。但毫无疑问,每一个开发人员,都希望能够抛却运维工作,更专注于自己开发的代码。 + +云计算时代的兴起以虚拟化技术为基础,软件定义基础设施变得炙手可热起来。运维人员通过建设并维护一套 IaaS 云平台,将计算资源进行池化。开发人员按需申请自己需要的虚拟机,从而得到一个操作系统界面来进行交互。与操作系统打交道,对开发人员依然是个巨大的挑战,在 IT 领域,操作系统就像一座漂浮在海上的冰山,看似只露出冰山一角,然而其庞大的知识领域“身躯”都隐藏在海平面以下。和裸机时代相比较,开发人员和运维人员已经是两个完全不同的群体,开发人员已经可以将自己的大部分精力放在业务系统上了。值得一提的是,对操作系统的掌控是不折不扣的运维领域技能。 + +容器技术以及 Kuberentes 的横空出世,成为了云计算时代的分水岭。软件定义基础设施的技术手段已经被发挥到了极致,并且成为了现阶段运维人员的标配技能。运维人员通过建设并维护一套 PaaS 云平台,终于将操作系统这一座最后的“大山”从开发人员的身上搬开。开发人员可以将更多的精力放在业务系统上了,除了他们依然需要学习容器技术和 Kubernetes ,至少他们要学会如何面向 Kubernetes 编写业务系统所需的声明式配置文件。运维人员也通过 PaaS 云平台得到了自己想要的能力,容器技术和 Kubernetes 为他们带来了弹性、便捷性的巨大提升。 + +跟随时代的变迁,我得出了一个结论:**从开发人员与运维人员的关系上来看,IT 领域的演变,就是运维人员通过不断向上接手开发人员眼中“跟开发无关的杂活”,来不断为开发人员减负。开发人员在得到了解放后,可以将视角更多的聚焦在自己开发的业务系统上,释放出自己的创造力。** + +那么跟随结论中的趋势,解放开发人员负担的脚步绝对不会停止。DevOps 的工作,就是以开发人员为用户群体,打造一套可以让开发人员毫无障碍的使用基础设施的“云原生平台“。 + +云原生是一种面向云设计应用的思想理念,充分发挥云效能,组织内 IT 人员相互协作构建弹性可靠、松耦合、易管理、可观测的云应用系统,最终目标是提升软件交付效率,降低运维复杂度。相比上文中提到的 PaaS 平台,起码要能够避免开发人员去编写复杂的 Kubernetes 声明式配置文件。 + +## 现有开源产品情况 + +在云原生平台领域,已经有不少项目在深耕。在这里我列举了三个各具特色的云原生领域的平台级产品:[Rancher](https://rancher.com/)、[KubeSphere](https://kubesphere.io/)、[Rainbond](https://www.rainbond.com/) ,后续的具体设计思路中,也会关注已有产品的实现。 + +这三款开源产品中,Rancher 是元祖级容器管理平台,加入 SUSE 后,能够明显感觉在云原生生态领域不断发力,Rancher 在各个层次可以集成的云原生领域工具集已经非常丰富。Rancher 专注于帮助 DevOps 团队面对多集群情况下的运维和安全挑战,从这一点来说,Rancher 更偏向于运维人员的使用体验,而非面向开发人员提供更高的易用性。 + +KubeSphere 是来自青云的 “面向云原生应用的 容器混合云”。除了对 Kubernetes 集群内的各种资源的管理能力之外,Kubesphere 主打即插即用的插件式生态扩展能力。 + +Rainbond 由北京好雨科技出品,从其介绍来看,它是一款主打易用性的云原生多云管理平台。 + +## 降低业务部署难度 + +诚实地讲,为现代开发语言开发而来的业务系统制作容器镜像并不是什么难以掌握的技能。但是不可否认的是,绝大多数 IT 从业人员依然会将制作镜像这件事情归为运维人员管理,而不是开发人员要关心的事情。 + +那么 DevOps 工程师就有必要考虑,如何在开发人员对容器技术一无所知的情况下,使之可以直接从代码开始部署业务系统。 + +在这个方面,Heroku 是无可争议的先行者。Heroku 是一个支持多种编程语言的云平台即服务产品。在2010年被 Salesforce.com 收购。 Heroku 作为最元祖的云平台之一,从2007年6月起开发,当时它仅支持 Ruby,但后来增加了对 Java、Node.js、Scala、Clojure、Python 以及 PHP 和 Perl 的支持。 + +开发人员在使用云原生平台时,只需要在界面中填写代码仓库的地址,对应的用户名密码等基础信息,就可以等待代码构建成为镜像,并自由的运行在 Kubernetes 云环境中去。 + +现有开源产品也在这方面给予了一定的支持: + +| | Rancher | KubeSphere | Rainbond | +| :----: | :-----------------------------------------------------------------: | :--------------------------: | ------------------------------------------------------------- | +| 实现方式 | 通过集成 Epinio 项目,继而深入集成了Paketo Buildpacks 来实现源码构建 | 提供定制化的基础镜像来结合用户代码构建项目 | 基于 Heroku buildpack 定制的源码构建能力 | +| 支持语言类型 | Java、GraalVM、Golang、.NetCore、Nodejs、PHP、Ruby、Python | Java、Nodejs、Python | Java、Golang、.NetCore、Nodejs、PHP、Python、Html静态 | +| 使用体验 | 全部命令行操作,使用复杂 | 图形化操作,直接提供代码地址,构建产出镜像,进而部署业务 | 图形化操作,提供代码地址即可完成构建与部署,构建参数可配置,自由度高 | + +更进一步的设计,是将代码的提交、检测、部署等流程都集成到 CI/CD 流水线中去,开发人员只需要进行代码的提交,后续的流程会自动触发完成,生成检测报告,并完成代码的上线部署。而与之相关的第三方工具集,由 DevOps 团队负责进行维护,开发人员可以充分的发扬拿来主义——拿来用就好。 + +在这方面 KubeSphere 做的更加全面,通过集成 Jenkins 实现了基于图形化的流水线配置,这种方式对于以前就在使用 Jenkins 的团队很友好。并且这种实现继承了 Jenkins 生态原有的高自由度,可以更好的将其他第三方CI工具纳入流程之中。 + +Rainbond 通过在构建流程中加入自制的自动触发能力,也可以完成部分流水线工作。这种配置相对编写 Jenkinsfile 来说更简单一些,能够满足一些基本场景。然而其扩展性和自由度不足,能够接纳的第三方CI工具不够丰富。 + +Rancher 并没有在产品中集成 CI 方面的能力,在 CD 方面通过集成 fleet 项目来实现 GitOps ,使用的门槛较高。 + +![2](https://static.goodrain.com/wechat/cloud-native-for-dev-ops/cloud-native-for-dev-ops-2.png) + +这样的使用体验还有一个优点,从始至终都不需要开发人员去编写格式严苛的 Kubernetes 声明式配置文件。这对开发人员而言无疑是一个极大的利好,Kubernetes 虽好,但学习曲线非常陡峭。Kubernetes 默认通过 yaml 格式的声明式配置文件来部署业务系统,其中绝大多数的字段定义都是运维特征的体现,换句话说,绝大多数的字段定义,都不应该是开发人员关注的事情。 + +DevOps 工程师应该抓住开发人员使用 Kubernetes 的痛点,避免其接触复杂运维事务。云原生平台理应提供这种使用体验,让开发人员对 Kubernetes 完全无感知的情况下,完成业务系统的部署工作。换句话说,让 Kubernetes 变得对开发人员“透明”。 + +从这个方面来说,通过对三款开源云原生平台的体验,发现 Rancher 和 KubeSphere 虽说均可以基于图形化界面来部署自己的业务组件,然而这些图形化配置只是 yaml 声明式配置文件的 “翻译”,对于 Kubernetes 不够熟悉的用户想要顺利使用,还是有一定的门槛。Rainbond 这一点则做的非常不错,部署业务时完全感受不到 Kubernetes 的存在,对于不熟悉 Kubernetes 的用户而言非常友好。然而产品化定制的程度越高,跟随 Kubernetes 前进的脚步就越难,上游 Kubernetes 不断在推出新的功能特性,如何将新特性抽象成为用户易于理解的功能将会是个挑战。最新版本的 Rainbond 推出了 Kubernetes 属性这一功能特性,允许用户以 yaml 形式编辑 workload ,也是为打破自设的“天花板”。 + +## 降低操作基础设施的难度 + +既然要设计一款平台级的软件产品,那么就需要将复杂且不易被掌握的技术,抽象成为用户易于理解的功能。DevOps 工程师设计的云原生平台产品,首要任务之一,是能够降低开发人员使用基础设施的门槛。这个章节主要讨论的,是开发人员自行管理自己业务系统的运维特征。 + +就拿存储这件事来说,开发人员到底关注什么呢? + +围绕存储这个概念,我们可以说出一堆名词,块设备、文件系统、对象存储、本地磁盘、磁盘阵列、NFS、Ceph等等。这些名词毋庸置疑都与存储相关,也的确会被各种业务系统所使用,但我相信,绝大多数的开发人员对这些名词并不关心。 + +作为用户,开发人员只关心一件事情,我所负责的业务系统,指定目录中的数据需要被持久化的保存下来。 + +大多数情况下,业务系统涉及到的存储场景都应该是简单的。在云原生时代,我们甚至呼吁开发人员在开发业务系统的时候,应该尽量做到“无状态化”,即在业务系统中,不存在限制实例横向扩容的状态数据,至少做到不同实例之间,数据可以共享。根据这一点,DevOps 工程师们完全可以为开发人员提供一个能够适应大多数场景的默认存储类型,各个云厂商提供的 NAS 类型存储是个很好的选择。 + +使用复杂存储的场景更多见于业务系统所调用的各种中间件中,比如数据库需要高速稳定的块设备类型存储,再比如大数据领域的“存算分离”场景下对接对象存储等等。然而在大多数场景下,这些复杂中间件的维护并不是开发人员应该关心的事情。它们由专门的运维人员进行维护,开发人员只需要得到访问它们的地址即可。 + +所以在这种简单存储场景下,开发人员最好可以仅仅填写一下自己需要被持久化的目录地址,由云原生平台来实现底层存储的配置。对存储基础设施的操作,开发人员并不需要关心。 + +![3](https://static.goodrain.com/wechat/cloud-native-for-dev-ops/cloud-native-for-dev-ops-3.png) + +从使用体验上来说,Rancher 和 KubeSphere 可选择的存储类型很多,这是因为它们的产品生态优于 Rainbond ,比如 Rancher Lab 直接推出了轻量级的存储解决方案 Longhorn,对于各大公有云厂商提供的存储产品驱动也都有集成。 Rainbond 依然在易用性方面做的够好,实现了上文中仅关注业务系统持久化目录的使用体验。然而仅对 NFS 类型的存储支持比较完善,对于其他类型的存储支持,需要在底层基础设施中自建驱动,安装起来不如前二者方便。 + +## 易于理解的应用模型 + +从工作负载层面上讲,Kubernetes 只通过 Deployment、Statefulset 等抽象描述单个组件的特征,然而多数情况下,开发人员开发出的业务系统会包含若干微服务组件。那么如何对整个业务系统进行统一的管理就变成了一个问题。解决方案之一,就是通过云原生应用平台,在单个组件之上,抽象出应用这个概念。应用应该是由人为规定的一组服务组件(workload)组成,服务组件之间具有显式或隐式的关联调用关系,彼此之间有机组合成为一个整体,作为一套完整的业务系统对外提供服务。 + +开发人员可以将所有的服务组件视作一个整体来进行管理,而非机械的单独管理每一个服务组件,这种操作体验无疑会更简单,也便于开发人员理解。对应用的管理可以包括统一的生命周期管理、统一的安装升级卸载,灵活拼装服务组件之间的调用关系,更合理的处理业务系统的交付流程。 + +目前 Kubernetes 领域内较为成熟的交付工具 Helm ,其设计也暗合此类模型,一条简单的 `helm install xxx ` 命令,即可安装起一大堆组件以及围绕这些组件的配置。 + +![4](https://static.goodrain.com/wechat/cloud-native-for-dev-ops/cloud-native-for-dev-ops-4.png) + +Rancher 并没有实现自己的应用模型,其应用的安装方式集成了 Helm ,并没有体现出应用管理能力。 + +KubeSphere 则更进一步,在项目下的应用负载中提出了应用的概念。在应用中可以通过 Helm 或自建的形式部署服务,集成了微服务治理、单个组件的版本控制、路由管理、灰度发布等能力。其对 Helm 模板的支持,使得其从理论上可以支持任何市面上已有的 Helm Chart 包的安装部署。 + +Rainbond 的应用概念是最完善的,除了常规的生命周期操作、整个应用级的版本控制这样的常规能力之外,还有些非常易用的自研功能,能够简化开发人员对自己应用的管理。比如基于泛解析域名机制实现的对外服务域名,点击开启对外服务,就会生成一个公网可用的域名访问自己的应用,这比一层一层的配置 Ingress 规则容易太多。又比如应用复制能力,可以批量的将整套应用复制到另一个工作空间,而不必重新手动搭一套。 + +应用模板是 KubeSphere 和 Rainbond 均提出的一个概念,应用模板存在的意义是可以将开发好的应用复制到不同的环境中去,是一种制备新一代制品并交付分发的技术。应用模板的基础使用体验,是可以快速方便的安装整套应用系统,最好是一键化的体验,KubeSphere 和 Rainbond 都提供了应用商店,供用户快速安装一些已经制作好的应用模板。应用模板更高层次的使用体验,则是开发人员可以无任何技术负担的开发出自己的应用模板,而不仅仅是从应用商店拉取别人制作好的应用模板。 + +## 易于掌控的微服务架构 + +微服务架构也是云原生平台不可缺少的一个元素。微服务架构旨在帮助开发人员建设高类聚、低耦合的现代应用系统,将以往烟囱式的业务系统架构,拆散成为一大堆彼此间更为独立,包含自身功能特点的微服务模块。容器与相关编排技术的成熟,为微服务架构的落地打下了基础。云原生应用平台,则为开发人员更简单的入手微服务框架提供了可能。 + +云原生平台首选的微服务框架,应该是以 Istio、Linkerd 为代表的 Service Mesh 微服务框架, 也被称为“服务网格”。相对于 Spring Cloud 、 Dubbo ,这种微服务框架提供了更高的自由度和适应性,开发人员不需要被某种开发语言或产品绑定,只需要回归网络编程即可将自己的业务系统连接成为一个整体。这里要重点提出的是微服务架构对业务代码无侵入,只有无侵入的实现,才能最大限度降低开发人员花费精力学习其他领域知识的可能性。 + +DevOps 工程师可以通过设计云原生平台功能来进一步优化配置微服务的使用体验,大胆设想一下,开发人员只需要在两个服务组件之间拖动一条表征微服务调用关系的线,就可以生成对应的微服务配置。这样的操作体验完全可以使注册中心、控制平面这种微服务领域中复杂的概念对开发人员屏蔽。本质上讲,维护注册中心或者控制平面也是运维人员需要关心的工作。 + +![5](https://static.goodrain.com/wechat/cloud-native-for-dev-ops/cloud-native-for-dev-ops-5.png) + +Rancher 由于其自身的定位,产品中没有集成任何微服务相关的能力,用户需要手动安装 Istio 等微服务框架, 通过复杂的 yaml 配置,来引用微服务能力。 + +KubeSphere 和 Rainbond 都在应用层面默认集成了 Service Mesh 微服务框架,不同之处是前者集成了 Istio 方案,而后者的 Service Mesh 微服务框架是自研的。从使用体验上来说, KubeSphere 产品化的包装了 Istio,大幅度降低了 Istio 的使用体验,但这不意味着用户可以完全抛却 Istio 这一层的概念,应用内部的拓扑依靠事先的配置来体现。Rainbond 自研的微服务框架易用性更高一些,已经实现了拖拉拽式的微服务拼装模式,这一点还是很惊艳的。然而自己造的轮子过多,外部的其他方案有好的特性时想要快速集成接纳,就需要在微服务规范的对接层次更上层楼,毕竟 Istio、Linkerd 这些 Service Mesh 微服务框架一统江湖的情况下,其他生态的结合都会以它们为标准,而非自研框架。目前 Rainbond 也提供集成方式接纳了 Istio 治理模式,但还没有得到大量用户的使用验证。 + +## 对运维人员友好 + +之前的探讨,都是以开发人员为受众去考量的,但我们不应该忘记维护着底层基础设施正常工作的运维人员。任何软件的稳定运行都只是暂时的,出问题只是一个时间问题。云原生平台本身作为开发人员的基础设施,也需要被持续的维护。如何优化运维人员的管理体验,也是在云原生平台设计过程中的重点。 + +当今时代,Kubernetes 的使用与维护、容器化技术都已经成为了运维人员的标志性技能,对操作系统的掌控以及命令行工具的使用则是运维人员的看家本领。所以云原生平台在面向运维人员的设计中,不必要在易用性或图形化上考虑过多,更多要考虑的是可靠性、安全性、底层基础设施生态的兼容性。 + +![6](https://static.goodrain.com/wechat/cloud-native-for-dev-ops/cloud-native-for-dev-ops-6.png) + +Rancher 在运维层面的表现非常出众。得益于其丰富的周边生态,Rancher 在各个领域都得到了自家其他产品的原生支持。首当其冲的就是 RKE/RKE2/K3S 这几个 kubernetes 发行版,降低了不同场景下 Kubernetes 的安装难度。容器安全方面有 NeuVector 容器安全平台负责全生命周期的管理。基础设施方面有轻量级分布式块设备存储系统 Longhorn。除了丰富的生态之外,Rancher 产品界面的设计尤其符合运维人员的喜好。个人体验过程中认为 Kubectl Shell 非常惊艳,这是一个分屏式的命令行操作界面,运维人员可以一边在下半分屏 Shell 交互分页中敲命令,上半分屏中实时观察操作结果。 + +KubeSphere 也比较适合运维人员维护和管理。尤其是在监控报警层面,KubeSphere 制作了大量符合自身产品理念的可观测性图表,体验很不错。对于集群或节点的控制也做了图形化的设计,便于运维人员掌控。生态方面,KubeSphere 背靠青云,也在不断发展围绕自身的云原生项目,可以利用自家的驱动对接青云的云平台、云存储,以及负载均衡等基础设施。其内置的可插拔式的组件管理系统,可以快速扩展出平台级的其他能力。 + +Rainbond 对运维人员不太友好,甚至是一种“遗忘”了运维人员的设计理念。体验之后发现所有的运维操作依然离不开登录服务器这个前提。没有提供图形化亦或者命令行交互界面来操作集群和节点。对接多集群时,提供了图形化安装 Kubernetes 集群继而安装 Rainbond 的能力,体验还算不错。产品生态相较 Rancher 不够丰富,好在官方提供了很多文档支撑,来对接很多其他的云原生生态产品。比如提供文档对接阿里云ACK、华为云CCE、腾讯云TKE等云基础设施的安装方式。 + +在用户权限管理方面,Rancher 、KubeSphere 沿用了 Kubernetes RBAC 这一套体系,Rainbond 依然有些特立独行,权限管理体系并没有完全对照原生 Kubernetes RBAC 设计,甚至在使用 Rainbond 的时候,完全没有感觉到有 RBAC 体系的存在。对接外部的身份管理系统时,KubeSphere 主推 LDAP 协议,而 Rainbond 使用了 Oauth2.0 协议的实现。 + +其他方面,诸如稳定性、行为审计、监控报警方面三款产品各自有实现,没什么太大的区别。 + +## 写在最后 + +相对于招聘文武全才的“全栈式”开发人员搞定所有的 IT 事务,我更倾向于找到不同领域的专家来搞定各自领域的问题。在运维事务的领域里,构建并维护一套功能齐备的云原生平台,能够更好的解决 IT 业务系统从底层基础设施到开发过程,最终到达生产上线的运维支持问题。这是对 DevOps 理念比较合理的一种落地方式。 + +文中重点提到了 Rancher 、KubeSphere、Rainbond 这三款云原生平台级产品各自不同的实现。 + +归纳起来,Rancher 更偏向运维人员使用,来管理企业内部的各类 Kubernetes 基础设施。开发人员想要很好的使用 Rancher ,必须具备 Kubernetes 操作能力以及容器化技术。从这个角度来说,Rancher 的定位应该位于 PaaS 与云原生平台之间。 + +KubeSphere 和 Rainbond 都属于以应用为中心的云原生平台产品,二者的设计思路不同之处见仁见智。 KubeSphere 以可插拔式框架纳入了云原生领域的其他项目为己所用,将这些项目的能力串联起来为最终用户提供一站式的使用体验,然而这样的使用体验必然是有门槛的,每纳入一个项目,最终用户难免需要同时学习该项目和 KubeSphere 自身。Rainbond 的设计思路则更加的内聚,多数功能都自研。这样做的好处是功能体系高度自我契合,最终用户的使用体验非常好,功能之间衔接关联更符合人类思维,却容易自我限定,提高了纳入其他云原生生态的门槛。 + +DevOps 团队可以直接选择既有的云原生平台级产品使用,也可以基于开源项目二次开发。更落地的方式是选择其中多款进行混合部署,各取所长,以提到的三款产品为例,DevOps 团队完全可以选择 Rancher + KubeSphere 或 Rancher + Rainbond 的组合,它们之间并没有冲突,向下对接基础设施,管理集群的安全性与合规性是 Rancher 最擅长的事情,向上为最终开发人员提高易用的云原生平台的使用体验则交给 KubeSphere 或 Rainbond,最终的目标,是开发人员通过云原生平台的支持,从以往的运维工作之中解放出来,将精力更多的放在所开发的业务之上。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-23-toBdelivery.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-23-toBdelivery.md new file mode 100644 index 0000000000..317be73983 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-23-toBdelivery.md @@ -0,0 +1,129 @@ +--- +title: toB Apply Privatization Delivery Development History and Comparison +description: Because of data privacy and network security concerns, most of the customers in the toB scenario need to be delivered with privatization applications, that is to be delivered to their customers. Such customers include government, finance, military labour, public security, large enterprises, specialised industries, etc. These privatization scenarios have many limitations, and improving the efficiency of privatization applications is a challenge. +slug: toBdelivery +image: https://static.goodrain.com/case/2022/11/21/16690209369248.jpg +--- + +Because of data privacy and network security concerns, most of the clients of the toB scenario require privatization application delivery, that is, delivery to their clients, such as government, finance, military labour, public security, large enterprises, niche industries, etc. These privatization scenes are very restrictive, and how to improve the efficiency of privatization application delivery is a challenge. What technologies are available for privatization applications to delivery?What features do they all have?Privatization application development process. + + + +## ToB应用私有化交付的困难点 + +**环境网络限制,影响交付效率** + +- 交付实施过程中不能方便查找资料; +- 在交付过程中,交付人员需要跟公司的开发进行沟通,网络限制会影响协作工具的使用,有些客户环境甚至不能带手机,会影响解决问题的效率,环境越复杂影响越大; +- 在离线环境内,安装软件包也没办法直接下载,我们需要将安装文件或配置文件打包成离线包,在客户环境导入。由于业务的复杂性会导致镜像很多且很大,只能有交付人员带移动硬盘到客户现场导入,导致在导入离线包就会花费较多时间。甚至有些环境只能刻录光盘在客户环境导入,光盘本身存不了太大的包,只能分多个光盘刻录; + +**客户基础设施差异,需要适配过程** + +- 在私有化场景,不同客户的安装环境也不一样,有些使用物理服务器,有些使用虚拟机,不同的虚拟机厂商也有差异。操作系统也各有不同,例如常见的操作系统有CentOS/Debian/Ubuntu/Redhat,当前还有很多国产化操作系统。CPU架构也可能不同,有X86、ARM等; +- 资源准备周期长,需要审批流程; +- 交付的应用需要很重的适配过程,要么在公司适配,要么在客户现场适配; +- 由于环境差异很大,应用交付完需要完整测试和验证,需要大量的人力和时间投入; + +**交付人员的技术门槛高** + +- 交付人员需要懂底层硬件和网络; +- 交付人员需要懂操作系统和系统运维,需要懂服务治理、高可用、安全、性能分析、备份恢复、交付开发等等; +- 交付人员要能独立排查交付应用的问题,需要很强的技术基础; + +**定制化交付迭代效率低** + +- 在定制化交付场景,客户会参与到开发过程中,客户需要看到效果后反馈问题,再持续迭代,直到客户满意,过程中需要频繁升级产品; +- 如果开发人员在公司定制开发,升级过程复杂,沟通低效; +- 如果开发人员在客户现场,没有好的开发工具和环境,开发效率低,人力投入大; + +**后期维护难度大** + +- 应用交付完成后,后期需要保障应用运行的稳定性,离线环境远程没办法运维,报警没办法发出来,运维的难度大; +- 产品有bug、一些预期内的变更或产品升级都需要出差客户现场,支持的成本比较高; + +## 传统应用交付 + +传统的应用交付是直接交付二进制的可执行文件或软件包: + +- **二进制的可执行文件:** java 的Jar,Linux 的可执行文件,windows的exe等。 +- **软件包:** CentOS 使用 RPM 包,Debian 使用 DEB 包,Java Web 使用 WAR 包。 + +安装他们都需要先安装依赖的环境和基础软件,YUM 和DEB 有自己的管理依赖的软件源,但离线环境用不了,如果客户的操作系统不同,还需要另外想办法解决,运行这类服务为了解决启动和自动重启的问题,还需要通过 systemd 或 supervisor 的方式来管理。如果交付单体架构的应用传统应用交付方式还能胜任,但如果是复杂的微服务架构,传统应用交付方式将难以胜任。 + +![](https://static.goodrain.com/case/2022/11/21/16690197774014.jpg) + +在传统应用交付过程中,管理这些运行环境和操作系统差异是一个痛点,容器的出现解决了这个问题。 + +## 当前云原生技术应用交付 + +云原生应用交付主要使用的容器 和 kubernetes相关技术。 + +### Docker 镜像交付 + +Docker 将业务和依赖的库一起打包成 Docker 镜像,在这个镜像中包含所有环境和应用,这样就可以达成一处打包、到处使用,我们可以将该镜像在任何支持 Docker 的操作系统上运行。Docker 的特性的确解决了很多开发、交付以及其他许多问题,因此 Docker 容器概念迅速的被普及。 + +![](https://static.goodrain.com/case/2022/11/21/16690198147760.jpg) + +在微服务架构场景,需要多个服务或应用一起交付,服务之间有依赖,还有复杂的配置,Docker-Compose解决了这个问题。 + +### Docker-Compose应用交付 + +docker-compose 将多个服务或应用使用 YAML 的方式管理,可以利用docker-compose命令安装部署和管理,对于一个微服务架构的应用,利用docker-compose命令就可以在任何操作系统实现一键安装和运行,当然前提是需要安装好Docker 和 docker-compose。 + +![](https://static.goodrain.com/case/2022/11/21/16690198426949.jpg) + +对于单机场景docker-compose可以适用,当应用需要高可用或多节点分布式部署,docker-compose就不能胜任,Kubernetes的出现解决了容器的高可用和分布式调度问题。 + +### Kubernetes YAML应用交付 + +在 Kubernetes 中部署业务我们需要定义 Deployment Statefulset Service 等资源类型,通过调整副本的方式 Kubernetes 会自动调度到多个节点实现业务高可用,在交付时我们只需要将这些 YAML 资源和 Image 导出,在客户的 Kubernetes 环境中部署并交付给客户。这种交付方式需要客户环境有Kubernetes或在客户环境安装Kubernetes。 + +![](https://static.goodrain.com/case/2022/11/21/16690198756043.jpg) + +当我们将Kubernetes YAML交付很多客户的时候,就需要参数配置、版本管理和简单的安装和升级,Helm在Kubernetes YAML的基础上解决了上述问题。 + +### Helm 应用交付 + +Helm 是 Kubernetes 资源的包管理器,它可以将一组资源定义成 Helm Chart 模版,提供了基于 Helm Chart 模块的安装和升级,安装时可以配置不同的参数。Helm 同样也是在 Kubernetes 交付中大多数人选择的工具。 + +![](https://static.goodrain.com/case/2022/11/21/16690209027203.jpg) + +Helm最大的问题是需要开发者学习容器和Kubernetes整个技术栈,而且客户环境必须要有Kubernetes,学习和使用的门槛太高。抽象的应用模型是一个解决方案。 + +## 面向未来的云原生应用模型交付 + +应用模型强调以应用为中心的理念,让开发者专注在业务本身,在应用级抽象和包装底层复杂的技术,应用模型跟底层基础设施完全解耦,根据对接和交付的基础设施不同,自动转换和适配,真正实现一次开发,处处自动化部署。 + +![](https://static.goodrain.com/case/2022/11/21/16690209369248.jpg) + +### 基于OAM的KubeVela应用交付 + +OAM(Open Application Model) 是一个描述应用的标准规范。有了这个规范,应用描述就可以彻底与基础设施部署和管理应用的细节分开。通过将应用定义与集群的运维能力分离,可以让应用开发者更专注于应用本身,而不是”应用部署在哪“这样的运维细节。KubeVela基于OAM实现了应用跨云、跨环境持续交付。当前KubeVela对离线场景的应用交付支持较弱。 + +### 基于RAM的Rainbond应用交付 + +Rainbond 是一个云原生应用多云管理平台,Rainbond 遵循以应用为中心的核心理念,统一封装容器、Kubernetes 等复杂技术,将 Kubernetes 资源统一抽象成 RAM(Rainbond Application Model)应用模型,使用户能非常简单的使用 Kubernetes,降低用户使用的门槛,使用户专注于应用开发、应用交付和应用运维。 + +在对于离线交付场景,Rainbond基于RAM可以导出三种离线交付包: + +- **Rainbond应用模版包**,其中包含了复杂微服务架构交付的所有要素,支持升级和回滚,但要求客户环境安装Kubernetes和Rainbond; +- **非容器的软件包**,非容器包按照传统应用交付方式打包,但易用性更好,包中包含了环境依赖,并采用静态编译,适合大多数操作系统,使用 Systemd 管理; +- **Docker-Compose离线包**,支持在标准Docker Compose 环境一键启动和管理; + +## 综合对比 + +| | 交付门槛 | 微服务支持 | 多节点调度 自动化运维 | 离线迭代效率 | 客户环境支持 | +| -------------- | ---- | :---- | :---------- | :----- | :--------- | +| 传统交付 | 高 | 不支持 | 不支持 | 低 | 服务器 | +| Docker镜像 | 中 | 不支持 | 不支持 | 高 | 容器/K8s | +| Docker Compose | 中 | 支持 | 不支持 | 中 | 容器 | +| K8s Yaml | 中 | 支持 | 支持 | 中 | K8s | +| Helm Chart | 中 | 支持 | 支持 | 中 | K8s | +| KubeVela | 中 | 支持 | 支持 | 中 | K8s | +| Rainbond | 低 | 支持 | 支持 | 高 | K8s/容器/服务器 | + +- **应用交付门槛**,传统方式交付门槛最高;Docker、Docker-Compose、Kubernetes Yaml、Helm 和 KubeVela交付的门槛中等,因为需要学习会容器和Kubernetes相关技术;Rainbond使用最简单,不需要学习容器和Kubernetes。 +- **微服务支持**,除传统应用交付和Docker镜像,其他方式都支持微服务编排和打包交付。 +- **多节点调度和自动化运维**,Kubernetes Yaml、Helm、KubeVela和Rainbond支持Kubernetes的多节点调度。 +- **离线迭代效率**,传统方式交付效率最低;Docker镜像有版本,而且一个命令就可以导出一个离线包,所以迭代效率高;Docker-Compose、Kubernetes Yaml、Helm 和 KubeVela需要手工逐个打出镜像离线包,复杂架构效率不高,而且手工容易出错;Rainbond支持自动化导出一个离线包,导入离线环境,可以一键升级和回滚,迭代效率很高。 +- **客户环境支持**,不同客户有不同的运行环境,交付的包需要根据客户环境选择,传统应用交付方式适合老的一些基础设施,操作系统版本老,没办法安装运行容器;客户环境没有Kubernetes,也不允许安装Kubernetes,可以选择Docker镜像和Docker-Compose;Kubernetes Yaml、Helm、KubeVela和Rainbond支持有Kubernetes的环境。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-24-bytebase.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-24-bytebase.md new file mode 100644 index 0000000000..fa5d2a77f7 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-24-bytebase.md @@ -0,0 +1,59 @@ +--- +title: Manage application databases on Rainbond using Bytebase +description: Bytebase is an open-source database CI/CD tool that makes up for database change management capabilities that GitLab lacks.It provides a Web-based collaborative platform for DBA and developers to manage database changes safely and efficiently. +slug: bytebase +image: https://static.goodrain.com/wechat/bytebase/rainbondxbytebase.png +--- + +Structural changes in the database have always been the most complex and risky link in the release process, which Bytebase can manage throughout the life cycle.Install Bytebase in Rainbond and easily manage all databases deployed on Rainbond + + + +## Bytebase 是什么? + +[Bytebase](https://www.bytebase.com/) 是一个开源的数据库 CI/CD 工具,弥补了 GitLab 所缺乏的数据库变更管理能力。它为 DBA 和开发人员提供了一个基于 Web 的协作平台,以安全高效地管理数据库变更。 + +## Rainbond 是什么? + +[Rainbond](https://www.rainbond.com) 是一个云原生应用管理平台,使用简单,遵循 **以应用为中心** 的设计理念,统一封装容器、Kubernetes和底层基础设施相关技术,让使用者专注于业务本身, 避免在业务以外技术上花费大量学习和管理精力。 + +## 快速部署 Bytebase + +Bytebase 已发布到 Rainbond 开源应用商店,你可以在开源应用商店中搜索 `Bytebase` 一键安装。 + +![](https://static.goodrain.com/wechat/bytebase/1.png) + +安装后,可以通过 Rainbond 默认提供的域名访问 Bytebase。 + +> Rainbond 使用 [--external-url](https://bytebase.com/docs/get-started/install/external-url) 提供 Bytebase 的外部访问。如需自定义外部URL,可以到Bytebase组件 -> 环境配置,修改 `EXTERNAL_URL` 环境变量。 + +![](https://static.goodrain.com/wechat/bytebase/2.png) + +## Bytebase 快速体验 + +### 支持主流开源数据库 + +Bytebase 支持对接多种数据库,例如 Mysql、PostgreSQL、TiDB、Snowflake、ClickHouse等。 + +![](https://static.goodrain.com/wechat/bytebase/3.png) + +### 工单驱动的变更管理 + +Bytebase 支持以工单的形式对变更请求进行管理,提供多环境流水发布、批量发布等能力应对复杂的变更场景,同时实现了与代码仓库集成,允许通过提交 PR/MR 自动生成工单 + +![](https://static.goodrain.com/wechat/bytebase/4.png) + +### SQL 自动审核 + +Bytebase 支持数据变更的自动审核,目前已覆盖业界常见规范,同时可以将审核能力与代码仓库进行集成,在 PR/MR 中自动审核 SQL 脚本。 + +![](https://static.goodrain.com/wechat/bytebase/5.png) + +### 在线 SQL 编辑器 + +Bytebase 支持在线的 SQL 编辑器,你可以查看数据、表结构,共享 SQL 脚本等等。 + +![](https://static.goodrain.com/wechat/bytebase/6.png) + +还有许多功能小伙伴们可以自行探索,比如自动备份、GitOps 数据变更自动触发、多租户等等。 + diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-29-localDev.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-29-localDev.md new file mode 100644 index 0000000000..57a27de950 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-11-29-localDev.md @@ -0,0 +1,84 @@ +--- +title: Build a local development environment using Rainbond +description: We all know that the installation of these services on personal computers is quite cumbersome and can encounter many problems, environmental problems, dependency problems and so on.When teamwork is required, there may also be problems with system dependence, character sets, etc. due to a lack of uniformity in the operating systems of colleagues. +slug: localdev +image: https://static.goodrain.com/wechat/local-dev/local-dev.png +--- + +Before you develop, you need to install development tools and services locally such as:Mysql, Redis, Nacos and so on. We all know that installing these services on your personal computer is quite onerous and can encounter many problems, environmental problems, dependency problems, etc. + +When team collaborative business interfaces are required, Mac, Win, Linux may also encounter operating system dependence, charset etc. due to a lack of uniformity among colleagues' operating systems. + +Until you are online, you have no problem developing debugging locally. Deploy to the server will not work.The classic:is good locally. Now you cannot deploy anymore. + + + +## 使用 Rainbond 本地开发的好处 + +**部署方便** + +在对于新的项目或者新的团队时,都需要搭建新的开发环境,这个过程需要进行几个小时,而且还会遇到奇奇怪怪的问题。在团队协作时,来了新人后,同样还是需要花费几个小时去搭建环境。使用 Rainbond 将基础环境打好包,新项目、新人来了安装即用,让我们尽量避免在搭建环境上浪费时间。 + +**统一环境** + +对于中小企业来说,没有太多的成本支持搭建公用的开发环境。那么就使用 Rainbond 统一开发环境,不管是 Windows、Mac 都可以安装 Rainbond,同时如果测试、生产环境也使用 Rainbond,可以直接导出应用包在测试、生产环境运行。 + +## 在本地部署 Rainbond + +无论是 Windows、Mac 都可以很轻松快速的部署 Rainbond,只需要你的环境有 Docker Desktop 即可。 + +**Mac** + +> 支持在 Mac x86、M1 上部署 + +```bash +curl -o install.sh https://get.rainbond.com && bash ./install.sh +``` + +**Windows** + +```bash +docker run --privileged -d -p 7070:7070 -p 80:80 -p 443:443 -p 6060:6060 -p 8443:8443 ^ +--name=rainbond-allinone --restart=on-failure ^ +-v rainbond-data:/app/data ^ +-v rainbond-opt:/opt/rainbond ^ +-e EIP=<你的IP地址> ^ +registry.cn-hangzhou.aliyuncs.com/goodrain/rainbond:v5.10.0-dind-allinone +``` + +### 资源占用 + +在本地搭建这样一个云原生平台,最关心的当然是资源占用。因为本地的配置通常都不是很高,我的配置是 M1Pro 16G,部署 Rainbond 后在 Docker Desktop 中查看资源占用情况如下图,整体占用不大,CPU占用 ≈ 10%、内存占用 1.1GB。 + +![](https://static.goodrain.com/wechat/local-dev/1.png) + +### 基础环境搭建 + +你可以通过 Rainbond 开源应用商店快速的安装基础环境所需要的服务,比如:Mysql、Redis、ZK、Kafka、ES、Nacos 等等。都可以一键安装,非常简单便利。 + +![](https://static.goodrain.com/wechat/local-dev/store.gif) + +### 业务部署、统一环境 + +通过 Rainbond 部署业务,让我们不再关心底层的 Docker 镜像用的是什么,Dockerfile 怎么写等等,由 Rainbond 统一开发环境、测试环境、生产环境,你本地能在 Rainbond 上成功部署,那么在测试、生产中同样也可以。再也不用经典再现了:“本地可以,线上咋不行”。 + +使用 Rainbond 在本地搭建业务,可以通过多种方式部署,Jar War包部署、源码部署都可以。 + +![](https://static.goodrain.com/wechat/local-dev/source.gif) + +### 开发模块共用 + +在一个项目内有许多模块是公用的,比如说基础环境 Mysql、Redis,还有些用户模块、权限模块等等,我们在本地的 Rainbond 上搭建好后,将其发布到应用市场,其他同事需要直接安装,然后再开发自己的模块。 + +应用商店应用发布分为两种方式: + +1. 发布到内部组件库:这种方式需要导出应用包给其他同事再自己环境再导入 +2. 发布到开源应用商店:这种方式是存放到 Rainbond 的开源应用商店,其他同事直接在线拉下来,不过别的开源用户也能安装,对于项目私密的不推荐。 + +将我们已经部署好的应用发布到内部组件库,应用视图 -> 发布 -> 发布到组件库,进入平台管理 -> 应用市场 -> 导出应用。将下载的包给其他同事在自己的本地环境中安装即可。 + +![](https://static.goodrain.com/wechat/local-dev/share.gif) + +## 最后 + +通过 Rainbond 在本地开发非常便捷,对于资源也占用不大,同时也能统一开发测试环境,借助 Rainbond 的应用市场功能能实现许多场景,比如上面提到的模块共用,也可以实现本地开发完就交付到演示环境、测试环境、生产环境。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2022/2022-12-16-HertzBeat.md b/i18n/en/docusaurus-plugin-content-blog/2022/2022-12-16-HertzBeat.md new file mode 100644 index 0000000000..80abbfa60e --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2022/2022-12-16-HertzBeat.md @@ -0,0 +1,72 @@ +--- +title: Easy to use alarm system | HertzBeat shared on Rainbond +description: HertzBeat is a powerful custom surveillance system that does not require Agent’s real-time control.Website monitoring,PING connection,port availability,database,operating systems,intermediate,API monitoring,threshold warning +slug: hertzbeat +image: https://static.goodrain.com/wechat/HertzBeat/3.png +--- + +Prometheus + AlertManger + Grafana has been a mainstream in the existing surveillance and warning system, but it is more complex for small and medium-sized teams or individuals.HertzBeat enables small and medium-sized teams or individuals to set up surveillance and warning systems quickly and to use simple configurations for apps, databases, operating systems, and so on. + + + +## HertzBeat + +[HertzBeat赫兹跳动](https://hertzbeat.com/) 是一个拥有强大自定义监控能力,无需Agent的实时监控系统。网站监测,PING连通性,端口可用性,数据库,操作系统,中间件,API监控,阈值告警,告警通知(邮件微信钉钉飞书)。 + +## Rainbond + +[Rainbond](https://www.rainbond.com) 是一个云原生应用管理平台,使用简单,遵循 **以应用为中心** 的设计理念,统一封装容器、Kubernetes和底层基础设施相关技术,让使用者专注于业务本身, 避免在业务以外技术上花费大量学习和管理精力。 + +## 快速部署 HertzBeat + +HertzBeat 已发布到 Rainbond 开源应用商店,你可以在开源应用商店中搜索 `HertzBeat` 一键安装。 + +![](https://static.goodrain.com/wechat/HertzBeat/1.png) + +安装后,可以通过 Rainbond 默认提供的域名访问 HertzBeat,默认用户密码 `admin/hertzbeat`。 + +![](https://static.goodrain.com/wechat/HertzBeat/2.png) + +## HertzBeat 快速使用 + +### 仪表盘 + +![](https://static.goodrain.com/wechat/HertzBeat/3.png) + +### 应用服务监控 + +应用服务监控支持多种方式,如: + +| 应用服务监控 | 说明 | +| ----------------------------- | --------------------------------------------------- | +| PING连通性 | 检测域名或 IP 的连通性 | +| HTTP API | 调用HTTP API接口,查看接口是否可用,对其响应时间等指标进行监测,可自定义请求头 | +| JVM 虚拟机 | 监控 JVM虚拟机的通用性能指标 | +| SpringBoot2.0 | 监控 SpringBoot2.0 actuator 暴露的通用性能指标 | +| 全站监控 | 监控网站的全部页面 | +| 端口可用性 | 监控服务暴露的端口 | +| SSL 证书 | 监控网站 SSL 证书过期时间以及响应时间 | + +![](https://static.goodrain.com/wechat/HertzBeat/4.png) + +### 数据库监控 + +支持监控多种类型数据库,如:MySQL、Redis、PostgreSQL、SqlServer、ElasticSearch、Oracle、MariaDB、OpenGauss、达梦数据库。 + +![](https://static.goodrain.com/wechat/HertzBeat/5.png) + +### 操作系统监控 + +支持对主流的 Linux 和 Windows 系统进行监控,例如:Centos、Ubuntu、Windows等。 + +![](https://static.goodrain.com/wechat/HertzBeat/6.png) + +### 告警配置 + +支持自定义告警阀值,告警通知支持 邮箱、WebHook、企业微信机器人、钉钉机器人、飞书机器人。 + +![](https://static.goodrain.com/wechat/HertzBeat/7.png) + +## 最后 + +HertzBeat 还支持中间件的监控、对容器的监控以及自定义 Prometheus 监控等,小伙伴们可以自行探索。 通过 HertzBeat 让我们用简单的配置即可监控、告警我们的业务,让我们在监控告警这块节省更多时间、成本。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-03-offlineDelivery.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-03-offlineDelivery.md new file mode 100644 index 0000000000..c42db49426 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-03-offlineDelivery.md @@ -0,0 +1,116 @@ +--- +title: Practice | Practice of cloud native technologies in offline delivery scenes +description: Software products can be valuable only if they are delivered to the user, and I have several years of experience in the area of software delivery for the ToG scene, for example the Government.With this article today, share these pain points and my solution +slug: offlinedelivery +image: https://static.goodrain.com/wechat/cn-offline/2.jpeg +--- + +Software products can be valuable only if they are delivered to the user, and I have several years of experience in the area of software delivery for the ToG scene, for example the Government.This article is used to share these pain points and my solutions today. + + + +## 提出问题 + +本人供职的公司,其主要客户群体是省内的政府部门,所开发的业务系统是服务于政府内网之中的移动APP。作为交付负责人,我一直苦恼于如何将一套基于 Spring Cloud 框架开发而来的服务端业务系统交付给我的客户。完成软件系统的交付只是万里长征第一步,如何处理后期的运维工作也是必须面对的问题。政府场景的特殊性,为我的工作平添了许多不利因素,这些 ToG 场景交付的痛点,且听我娓娓道来。 + +**离线环境交付** + +与公网环境隔离,与公司网络隔离,完全的离线场景是政府交付工作中的标配特征,也是 ToG 交付最大的痛点。相信离线环境交付是所有的交付工程师都不想面对的场景,这意味着所有的交付物必须在事先准备好,交付过程中一旦出现任何遗漏和错误,都意味着明天必须再来现场一次。 + +**交付环境不统一** + +如果你从事过面向政府的交付工作,那多半会遭遇过交付环境不统一的情况。由于各级政府部门的 IT 建设脚步不一样,同样一套业务系统,在交付到市级部门时,得到的硬件设施可能是一台物理服务器,而到了省级部门时,则可能得到了私有云提供的数台虚拟机。值得庆幸,物理机与虚拟机的差异并不大。然而近年来政府的 IT 建设一直在向国产自主可控的方向前进,当省级部门要求使用鲲鹏Arm架构CPU,亦或是使用国产麒麟操作系统进行交付时,和市级部门交付环境的差异就已经非常大了。我甚至不得不将同一套业务系统在两级部门的交付当作完全不同的两个项目来对待。这体现出不同交付环境之间的差异,而当我转身看向公司开发环境时,开发环境与交付环境的差异,已经开始让我听到自己头发落到地面的声音了。我很难确定事先准备好的交付资源,在甲方环境部署时会否遭遇操作系统以及硬件设施差异所导致的依赖性冲突问题。这种问题在离线环境下又被放大,我甚至不具备连接公网安装软件包来调试解决依赖性冲突问题的能力。 + +**缺乏自动化运维能力** + +将软件交付到客户环境中,只是最初级的目标,在合同期内维护软件系统稳定运行是对交付质量更高层次的考验。依照个人经验,在一个软件交付项目中,交付部署的工作量,不及后期运维工作量的一半。我们是不希望所有的软件问题都需要工程师亲自抵达现场解决的,一来无法保障 SLA 服务协议中的时间承诺,其次也会消磨工程师的工作热情。在离线环境下如何构建起一套具备自动化运维能力的软件运行环境,变得尤为重要。依靠自动化运维能力,让一些软件故障得以自愈,在一定程度上降低了政府交付场景中的运维难度。但选择任何一种技术实现自动化运维的目标都是需要付出代价的,这意味着我需要在软件系统交付之前,先行在交付环境中组装一套稳定可靠的自动化运维平台。 + +**过度依赖核心人员** + +在离线化的政府交付场景中,常常面临如下问题:一是交付环境难以统一时,其中特殊之处只被少数全程参与项目交付的工程师所了解,而实际经验告诉我们,这些特殊之处往往是一些异常情况的根源;二是离线的工作环境使得工程师通过查询资料来解决问题变成一种奢望,反向提高了对于工程师的经验和技能的技术要求,因此,“合格”的驻场运维工程师很难招到。以上问题造成了一些运维工作过分地依赖某些核心技术人员的局面,一旦核心技术人员离职或者调岗,对当前的业务连续性将会造成较大影响。所有的这些对人的依赖,都在某个靠谱的驻场工程师希望另谋高就,向我提出辞职申请时痛击我的脑神经。 + +**持续交付困难** + +软件交付并非一次性工作。从项目管理的角度来说,用户很难在一开始就提出具体且可落实的需求,具体的项目范围会随着项目的推进逐渐确定,这是一个渐进明细的过程。而在软件产品交付的过程中,这种渐进明细体现在交付的产品会经过多次迭代,每次升级后的产品,都距离用户的最终需求更近一步。而这个持续交付的过程,在离线环境中,所遭遇的难处并不亚于首次交付,甚至会在某些需要回滚的场景中更加复杂。在微服务时代,一套完整的业务系统往往包含了几十个独立的组件,组件数量也为持续交付添加了复杂性。 + +**驻场开发难** + +驻场开发是一种在政府交付场景中常见的需求。标准的软件产品往往是不能直接满足甲方需求的,这就需要我们的开发人员可以在甲方办公室直接定制开发指定的几个组件,并快速更新到线上环境中去,供甲方验证。在实际场景中,多数微服务功能是固定的,只有一两个 jar 包需要频繁更替。 + +## 以往的经历 + +我经历了公司软件产品交付的完整变革流程。从最开始的 jar 包交付,继而引入容器化技术交付镜像,到后来采用 Kubernetes 容器编排技术,我们始终围绕着复杂的离线环境进行软件产品的交付工作。每个阶段或多或少的解决了上述各种痛点,所付出的代价也不尽相同。最终我们拥抱了云原生技术,将业务系统整体作为新的对象实践了较为简单可靠的离线环境交付,同时兼顾了以往各种痛点。 + +### Jar 包交付 + +得益于 Java 开发语言,我们可以将代码打包成为仅依赖 JDK 运行环境的二进制交付产物——Jar 包。彼时我们的软件产品还处于初级阶段,业务系统由10个 Jar 包、Mysql数据库、Redis 缓存、前端Nginx组成。 + +一次交付工作中,首先要搭建起基础运行环境,完成 JDK 的安装。Mysql、Redis 等中间件依靠很原始的 rpm 包进行安装,这个过程经常会遭遇包依赖冲突问题。最后将所有的 Jar 包运行起来,启动之前免不得进行一系列的人工配置工作。 + +这种交付方式比较原始,我们会写一些脚本来达成一定程度上的自动化,然而这只在一定程度上提升部署效率,自动化运维能力基本为零。中间件的安装部署对操作系统的绑定程度很高,一旦服务器的操作系统和我们预先了解的稍有偏差,都可能导致依赖冲突,导致安装失败。而配置过程对人工依赖过重,这在高可用部署的环境中表现的尤为突出,配置各种 IP 很容易出错。 + +做一个总结,这个阶段我们实现了简单业务系统的离线交付,然而没有解决其他任何一个 ToG 场景交付痛点。 + +### 引入容器化技术 + +为了抹平交付环境不统一所带来的复杂度,我们开始引入容器化技术,通过将所有组件容器化,我们只需要确保客户的服务器能够运行 Docker 容器,就不需要再担心底层操作系统的问题了。官方提供静态编译版本的 docker 二进制文件,我们再也不用和软件依赖打交道了。这个阶段,我们的业务系统也开始扩展,组件的数量上涨到了几十个,这导致我们不得不同时引入 docker-compose 以及 docker-swarm 技术来解决单机或高可用场景下的组件编排问题。这些技术同时提供了较低程度的故障自愈能力,距离真正的生产可用还有距离。 + +容器化技术解决了交付环境不统一的问题,但是其他方面的痛点提升有限。随着业务功能的扩展,一个新的痛点逐渐展现出来,我们需要携带数十个容器镜像进行交付,交付复杂度被交付物数量裹挟着不断上升。 + +### 转向 Kubernetes 技术 + +在交付团队掌握了容器化技术之后,为了解决自动化运维问题,我们开始向 Kubernetes 转型。Kubernetes 技术是可以为业务系统的交付和运维赋能的,借助于它,我们的业务系统实现了较高程度的自动化运维能力。 + +Kubernetes 技术在故障自愈、弹性伸缩等方面的能力提升使我们非常受用,业务系统真正做到了生产可用。但是同时也带来了新的痛点,那就是它本身过于复杂,无论是开发人员还是现场运维交付人员,都必须对它有足够的了解才可以驾驭。换句话说,这种技术的引入大幅度提高了对核心技术人员的依赖程度,甚至提高了对技术团队全员的入门门槛。离线化的交付场景下,对交付环境的前期一次性建设的成本大幅度提高,我们必须事先在离线环境中准备好可靠的 Kubernetes 集群,光这一项工作,就大幅度阻碍了 Kubernetes 技术在交付团队中的推广。 + +### 新的痛点 + +经过了前面的几个阶段,我认为面对离线化的复杂交付场景,继续在容器技术以及 Kubernetes 容器编排技术方向上前进是没有问题的,每一次技术选型,都在一定程度上解决了很多痛点,我们在交付的过程中已经不惧怕离线环境、交付环境不统一、缺乏自动化运维能力等痛点,但也引入了一些新的问题,是待解决的。 + +- 业务功能扩展会同步提升交付复杂度。这一新痛点从本质上来说,是由于我们将每一个组件独立看待,而非将整个业务系统作为整体看待。这样做的结果就是交付物的数量和交付复杂程度直接挂钩,如果能将业务系统作为整体交付,而非每个组件单独交付,那将极大的降低交付复杂度。 +- 每一次新的选型,都引入了新的复杂度,这一点在转向 Kubernetes 技术时尤为突出。这项技术对业务系统的赋能能力是毋庸置疑的,但无论是一个新环境的首次部署,还是后期的运维难度,对交付团队成员技术能力的要求是直线上升的。为了降低交付团队新成员的入门难度,我们开始选型一些能够降低 Kubernetes 使用难度的图形化工具,易用性是选型的首要影响因素。 +- 持续交付困难以及驻场开发难这两大痛点,依然没有被很好的解决。这二者都需要我们提供机制,解决业务系统在交付环境中持续变更的问题,前者注重业务系统整体框架的迭代升级,后者注重某个组件的个性化快速迭代。 + +我们开始将目光放在了逐渐火热起来的云原生技术领域。首先,云原生技术是基于容器化技术和 Kubernetes 技术的,我们已经具备了一定的技术基础。其次,云原生技术也注重软件交付领域的各种最佳实践,其中一些实践非常契合前文中的痛点。经过一段时间的内部测试选型,我们最终使用了 Rainbond 云原生应用管理平台作为交付工具,实现了全新的复杂场景离线交付模式。 + +## 云原生离线交付实践 + +最开始,交付团队内部的一名成员从开源渠道偶然了解到了 Rainbond 这款产品,并推荐给开发团队人员使用。当时仅仅作为图形化的 Kubernetes 管理工具来使用,以此降低新手开发人员学习 Kubernetes 的门槛。但随着对产品的了解,我们逐渐发觉,Rainbond 真正的用途在于能够解决软件产品的交付问题。 + +### 将业务系统抽象为应用 + +以往的交付过程中,我们总是将业务系统中的每一个组件单独看待,但是在 Rainbond 体系中,管理的单元可以放大到业务系统级别,这种管理单元被称之为应用。应用内部的组件部署和编排都是基于图形化操作的,使用起来不难理解。组件间的调用关系基于拓扑图展现,一目了然。最重要的是,基于应用这种抽象,我们实现了将组件数量和交付复杂度脱钩,无论应用中有多少组件,我们始终视之为一个应用。这么做的好处在交付过程中体现的非常明显。 + +![](https://static.goodrain.com/wechat/cn-offline/1.jpeg) + +### 应用模板的离线导出导入 + +应用一旦部署编排完成,就可以发布成一个应用模板并导出,导出的产物是单独管理的一个包。离线的模板包在导入时完全不依赖于外部网络,导入完成就可以在离线环境中一键安装,复原为发布时的样子。组件之间的相互依赖关系、配置信息都得以保存,不需要在交付现场重新配置。这一能力完全改变了交付的逻辑,从单独交付数十个容器镜像,变成了交付一个涵盖整个业务系统的包,其中难度的下降可想而知。 + +### 简单易用 + +Rainbond 底层基于 Kubernetes 技术实现容器的调度,提供全面的自动化运维能力。并且将常见的配置从 Yaml 声明式配置转化成为图形化界面操作,极大的降低了入门门槛。引入 Rainbond 体系之后,新入职的工程师可以在简单的培训后,一日之内掌握 Rainbond 的使用方式并可以独立交付业务系统。 + +### 原生多云管理 + +Rainbond 原生支持面向 Kubernetes 的多云管理能力。政府交付场景虽说与公网隔离,然而其实同个系统内往往具有想通的内部网络。借助 Rainbond 的多云管理能力,我们将省内多个城市政府部门的交付场景统一管理了起来,在省会建立了统一的管理控制台。这样的部署模式为业务系统快速在多个数据中心的交付提供了机制,极大的降低了业务系统在全省范围内交付的成本。 + +![](https://static.goodrain.com/wechat/cn-offline/2.jpeg) + +### 持续交付机制 + +Rainbond 应用模板支持版本管理,当业务系统有较大改动时,只需要将应用整体重新发布一次,重新导入到交付环境中去后即可一键升级或回滚,极大提升了业务系统升级效率。在以往处理数十个容器镜像的升降级和配置工作,需要的时间成本是按天计算的,引入Rainbond 应用模板的版本控制机制之后,升降级的时间成本降低为分钟级,操作成本则可以忽略不计。 + +![](https://static.goodrain.com/wechat/cn-offline/3.jpeg) + +### 驻场开发快 + +当甲方要求某个组件做出些许改动时,使用整个应用级别的模板离线导入显然得不偿失。此时,只需要现场开发人员在个人开发笔记本上打包出 Jar 包,通过上传 Jar 包构建组件的能力快速构建指定的组件,简单的拼装后即可替换对应的组件。这个过程中开发人员只需要提供 Jar 包,甚至不需要学习容器化技术了解镜像打包的机制,Rainbond 会自动处理后续的工作。 + +![](https://static.goodrain.com/wechat/cn-offline/4.jpeg) + +## 总结 + +我司交付团队借助云原生技术, 极大的降低了面向政府的复杂离线场景交付工作成本。这种成本节约体现在交付时间缩短、人员技术要求降低、人员操作成本降低、交付物数量减少、配置工作量减少等多个方面。降低成本的同时,也成功为业务系统赋能,能够自动处理很多异常场景,实现了自动化运维。方便驻场开发,能够快速的响应甲方客户的需求,提升客户满意度。 + +然而 IT 工程领域的发展过程就是在不断面向新的痛点解决问题。目前使用云原生技术也并非能够解决所有的问题,在政府交付场景中,也曾经遭遇这一类场景,甲方提出了比较严苛的要求,禁止使用容器技术进行交付。这种要求从根源上阻绝了云原生交付技术的落地,然而如何优雅的回退到 Jar 包交付的路线中去就成了一个问题,期待社区提供支持,将应用模板转化成为裸机环境可用的交付物,这是后话。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-09-acns.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-09-acns.md new file mode 100644 index 0000000000..39f64b65df --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-09-acns.md @@ -0,0 +1,171 @@ +--- +title: One-Stop Cloud Survival Experiment|Dragon Cloudy ACNS + Rainbond +description: The Dragon Dragon Native SuiteCRM OpenAnolis Cloud Native Suite (ACNS) is a Kubernetes version based on the Native SIG of the Dragon Community Native SIG and can be deployed with a single key. +slug: acns +image: https://static.goodrain.com/wechat/acns/acns%2Brainbond.png +--- + +## About ACNS + +Dragon Dragon Native SuiteCRM [OpenAnolis Cloud Native Suite](https://openanolis.cn/sig/cloud-native) (ACNS) is an integrated Kubernetes version based on Kubernetes released by SIG of the Dragon Community Native SIG and can provide a one-key, open box deployment, and a rich cloud origin base, consisting mainly of: + +![](https://oss.openanolis.cn/sig/opwbwqsjojsqmukskjhm) + +- Kubernetes are based on ACK-D as an open source distribution and as a downstream of ACK; ACK-D is validated on a large scale of production to ensure the stability and reliability of components; and also support Calico, Hybirdnet on network plugins, and overlay and Underlay, which can be deployed to Underlay mode to allow POD IP to be directly externally accessed while providing better performance; storage plugins support local storage OpenLocal, using LVM to provide flexible local disk capability, and shared storage Minio. +- Runtime supports runC, runD and Kata, as well as runE (future version) for use in a variety of shared, segregated and secure scenarios. +- Mirror management provides open boxes for Nydus + Dragonfly. Using Nydus to load images within clusters can significantly increase the ability of clusters to dynamic resilience; Dragonfly is the ability to provide mirrors in clusters of P2P that are mainly geared to the Kubernetes cluster providing Serverless services, and dynamic elasticity scenarios, the AI data mirror images distribution scenes etc. + + + +## 关于 Rainbond + +[Rainbond](https://www.rainbond.com/docs/) 是一个云原生应用管理平台,使用简单,不需要懂容器、Kubernetes和底层复杂技术,支持管理多个Kubernetes集群,和管理企业应用全生命周期。 + +![](https://static.goodrain.com/case/2022/03/17/16474283190784.jpg) + +## ACNS 与 Rainbond 结合 + +龙蜥云原生套件 ACNS提供一键部署集群的能力,Rainbond 提供一键部署应用的能力,Rainbond 与龙蜥云原生套件 ACNS 结合提供一站式的云原生体验: + +- 基础设施:Anolis OS 是 OpenAnolis 社区推出的完全开源、中立、开放的发行版,它支持多计算架构,也面向云端场景优化,兼容 CentOS 软件生态。 +- 容器层:龙蜥 ACNS 提供了经过大规模生产验证的 ACK-D 集群,同时也提供了 Kata 安全运行时、Dragonfly 文件分发、Nydus 镜像加速。 +- 应用层:Rainbond 提供了应用开发、应用市场、微服务架构、应用交付、应用运维等开箱即用的能力。 + +![](https://static.goodrain.com/wechat/acns/rainbond-and-acns.png) + +## 部署 ACNS 与 Rainbond + +服务器信息: + +| 操作系统 | IP | +| ----------------------------------- | ------------------------------------------------------------- | +| Anolis OS 8.6 ANCK | 172.31.98.243 | +| Anolis OS 8.6 ANCK | 172.31.98.242 | + +### 部署龙蜥 ACNS + +在任意节点上下载 `sealer` 可执行文件 + +```bash +wget -c https://cloud-native.oss-cn-shanghai.aliyuncs.com/bin/amd64/sealer-latest-linux-amd64.tar.gz && tar -xvf sealer-latest-linux-amd64.tar.gz -C /usr/bin +``` + +使用 `sealer` 下载集群镜像 + +```bash +sealer pull cloud-native-registry.cn-shanghai.cr.aliyuncs.com/kubernetes/anoliscluster:v1.0 +``` + +定义 `Clusterfile` 文件,`Clusterfile` 用于定义集群相关信息,例如:节点IP、参数等,通过 `Clusterfile` 一键式部署集群。 + +```yaml +$ vim Clusterfile + +apiVersion: sealer.cloud/v2 +kind: Cluster +metadata: + name: my-cluster # 自定义集群名称 +spec: + image: cloud-native-registry.cn-shanghai.cr.aliyuncs.com/kubernetes/anoliscluster:v1.0 + env: + - ContainerRuntime=containerd # 使用 containerd 运行时 + - SkipPreflight=true + - SupportKata=true # 使用 Kata 容器 + - SupportNydus=true # 使用 Nydus + - SupportDragonfly=true # 使用 Dragonfly + - YodaDevice=/dev/vdb # Node 节点未使用的磁盘,用于 Dragonfly 存储数据 + ssh: + passwd: xxxx # 节点 root ssh 密码 + hosts: + - ips: [ 172.31.98.243 ] # master IPS + roles: [ master ] + - ips: [ 172.31.98.242 ] # node IPS + roles: [ node ] +``` + +开始部署 ACNS + +```bash +sealer apply -f Clusterfile +``` + +#### 配置 Dragonfly + +等待部署完成后,在 Node 节点上配置 Containerd 使用 Dragonfly,在 Containerd 中配置镜像的 Mirror,如下: + +```toml +$ vim /etc/containerd/config.toml + +[plugins."io.containerd.grpc.v1.cri".registry] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] + endpoint = ["http://127.0.0.1:65001","https://registry-1.docker.io"] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."sea.hub:5000"] + endpoint = ["http://127.0.0.1:65001","https://sea.hub:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."sea.hub:5000".tls] + insecure_skip_verify = true +``` + +配置完成后重启 Containerd 生效。 + +```bash +systemctl restart containerd +``` + +### 在 ACNS 上部署 Rainbond + +修改集群的 Coredns 配置,让 `sea.hub` 私有镜像仓库可在集群中使用 + +```yaml +$ kubectl edit cm coredns -n kube-system + +apiVersion: v1 +data: + Corefile: | + .:53 { + hosts { + 172.31.98.243 sea.hub + fallthrough + } + } + +# 重启 Coredns POD +$ kubectl delete pod -l k8s-app=kube-dns -n kube-system +``` + +#### 使用 Helm 部署 Rainbond + +创建 `rbd-system` 命名空间 + +```bash +kubectl create namespace rbd-system +``` + +添加 Rainbond Helm 仓库 + +```bash +helm repo add rainbond https://openchart.goodrain.com/goodrain/rainbond +``` + +执行 Helm 命令安装 Rainbond 并指定镜像仓库信息,复用 sealer 的 registry + +```bash +helm install rainbond rainbond/rainbond-cluster -n rbd-system \ +--set Cluster.imageHub.enable=true \ +--set Cluster.imageHub.domain=sea.hub:5000 \ +--set Cluster.imageHub.namespace=rainbond \ +--set Cluster.imageHub.username=sealer \ +--set Cluster.imageHub.password=sealer +``` + +当名称包含 `rbd-app-ui` 的 POD 为 Running 状态时即安装成功。POD `rbd-app-ui-xxxx-xx` 为 Running 状态时,表示 Rainbond 安装成功。 + +复制如下命令,在集群中执行,可以获取到平台访问地址。如果有多个网关节点,则任意一个地址均可访问到控制台。 + +```bash +kubectl get rainbondcluster rainbondcluster -n rbd-system -o go-template --template='{{range.spec.gatewayIngressIPs}}{{.}}:7070{{printf "\n"}}{{end}}' +``` + +## 最后 + +在未来,Rainbond 会与龙蜥云原生 ACNS 更加紧密的合作,提供给用户最佳的一站式云原生体验。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-12-mall.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-12-mall.md new file mode 100644 index 0000000000..331740f9ab --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-01-12-mall.md @@ -0,0 +1,246 @@ +--- +title: 10 minutes deploy all electric merchants on Rainbond +description: Many small partners will be deployed long while learning from all electric merchants. Although many modes of deployment have been offered, they are more complex for all of us who are learning and need to understand and learn about these container technologies +slug: mall +image: https://static.goodrain.com/wechat/mall/banner.png +--- + +Many small partners will spend long on deployment while learning all electric merchants. Although many deployment methods are available, such as `deployment mall` on Linux, `using Docker or DockerCompose deployment mall`, we are all learning more complex and need to understand and learn about these container technologies.This paper will use Rainbond to deploy all electric and commercial projects and will allow us to focus on code through Rainbond of deploying Mall Mall, a cloud native application management platform that is simple and does not need to understand containers, Kubernetes and substrate complex technologies, easily deploy applications on Kubernetes and experience the capabilities offered by Kubernetes. + +This paper describes two ways of deploying mall e-commerce projects on Rainbond: + +1. Rapid deployment of all via Rainbond Open Source Store +2. Start deploying all services for all projects from 0 + + + +## 前提 + +安装可用的 Rainbond 环境,Linux、Mac、Win上均可安装,参阅 [Rainbond 快速安装](https://www.rainbond.com/docs/quick-start/quick-install) + +## 通过应用商店快速部署 mall + +mall 电商项目已发布到 Rainbond 开源应用商店,可以通过开源应用商店一键部署,在 **平台管理 -> 应用市场 -> 开源应用商店** 中搜索 `mall` 并安装。 + +![](https://static.goodrain.com/wechat/mall/1.png) + +此时 Rainbond 会自动构建、启动 mall 所有服务,只需等待即可,部署完成后拓扑图如下: + +![](https://static.goodrain.com/wechat/mall/2.png) + +访问 `mall-admin-web` 前端项目验证部署,默认用户密码:`admin / macro123` + +![](https://static.goodrain.com/wechat/mall/3.png) + +`mall-portal` 和 `mall-search` 暂时没有前端,可以访问后端 swagger 验证部署 `http://xxx/swagger-ui/`,如下: + +![](https://static.goodrain.com/wechat/mall/4.png) + +## 从零开始部署 mall + +### 中间件部署 + +mall 需要用到的中间件有:`Mysql` `Redis` `RabbitMQ` `MongoDB` `ElasticSearch`,这些中间件都可以通过 Rainbond 开源应用商店部署。 + +#### 安装 Redis + +在开源应用商店中搜索 Redis 并安装 5.x 版本 + +#### 安装 MongoDB + +在开源应用商店中搜索 MongoDB 并安装 4.x 版本 + +#### 安装 RabbitMQ + +在开源应用商店中搜索 RabbitMQ 并安装 + +#### 安装 MySQL + +在开源应用商店中搜索 MySQL 并安装 5.7 版本 + +1. 在 Mysql **组件 -> 端口** 打开对外端口服务,通过 IP:PORT 连接,默认用户密码 `root / root` +2. 通过工具连接并导入 mall sql 数据。 + +#### 安装 ElasticSearch + +在开源应用商店中搜索 ElasticSearch 并安装 7.15.2 版本 + +- ElasticSearch 应用包含了 Kinbana,如不需要可删除 Kinbana 组件 +- ElasticSearch 默认开启了密码验证,在 **组件 -> 环境配置 -> 配置文件设置** 编辑配置文件将 `xpack.security.enabled` 设置为 `false` 并更新组件生效。 + +**安装中文分词器 IK Analyzer** + +1. 首先在 **团队视图 -> 插件 -> 新增插件 -> 通过应用商店安装插件** 搜索 `ES-IK-Analysis` 并安装插件 +2. 为 ElasticSearch 组件添加存储,**组件 -> 存储 -> 添加存储** + - 名称:自定义 + - 挂载路径:`/usr/share/elasticsearch/plugins` + - 类型:共享存储 +3. 进入 **组件 -> 插件 -> 未开通**,开通 `ES-IK-Analysis` 插件 +4. 更新或重启 ElasticSearch 组件即可生效。 + +### 部署 mall 后端服务 + +#### 修改项目代码配置 + +注释主 `pom.xml` 文件中的 `execution` 部分,不需要在项目中配置 Docker 打包项目,打包工作交给 Rainbond 处理,`pom.xml` 配置如下: + +```xml + +``` + +修改 mall-admin 服务的 `application-dev.yml` 文件,内容如下: + +```yaml +spring: + datasource: + url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT}/${MYSQL_DATABASE}?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai&useSSL=false #MySQL连接地址 + username: ${MYSQL_USERNAME} #MySQL用户 + password: ${MYSQL_PWD} #MySQL密码 + ...... + redis: + host: ${REDIS_HOST} #Redis连接地址 + ...... +``` + +修改 mall-portal 服务的 `application-dev.yml` 文件,内容如下: + +```yaml +spring: + datasource: + url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT}/${MYSQL_DATABASE}?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai&useSSL=false #MySQL连接地址 + username: ${MYSQL_USERNAME} #MySQL用户 + password: ${MYSQL_PWD} #MySQL密码 + ...... + data: + mongodb: + host: ${MONGODB_HOST} #MySQL连接地址为环境变量 + port: 27017 + database: mall-port + redis: + host: ${REDIS_HOST} #Redis服务器地址 + ...... + rabbitmq: + host: ${AMQP_HOST} #RabbitMQ 连接地址 + virtual-host: ${RABBITMQ_DEFAULT_VHOST} #RabbitMQ virtual host + username: ${RABBITMQ_DEFAULT_USER} #RabbitMQ 用户 + password: ${RABBITMQ_DEFAULT_PASS} #RabbitMQ 密码 + ...... +``` + +修改 mall-search 服务的 `application-dev.yml` 文件,内容如下: + +```yaml +spring: + datasource: + url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT}/${MYSQL_DATABASE}?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai&useSSL=false #MySQL连接地址 + username: ${MYSQL_USERNAME} #MySQL用户 + password: ${MYSQL_PWD} #MySQL密码 + ...... + elasticsearch: + uris: ${ES_HOST}:${ES_PORT} #ElasticSearch连接地址 + ...... +``` + +为什么都要改成环境变量的方式呢,因为这样更灵活,只需修改简单的变量配置可以让 mall 项目在任何环境中运行。而在 Rainbond 中,组件之间建立了依赖关系之后,会自动注入被依赖组件的环境变量,这样我们连环境变量都不用配置,更加方便,原理可参阅 [Rainbond 组件之间的环境变量注入](https://www.rainbond.com/docs/micro-service/service-mesh/connection_env)。 + +#### 部署后端组件 + +在团队视图或应用视图 **新增从源码创建组件:** + +- 组件名称:自定义 +- 组件英文名称:自定义 +- 仓库地址:`https://github.com/zzzhangqi/mall.git` +- 代码版本:master + +> 以上仓库已经修改了上述的代码配置 + +此时 Rainbond 会检测到项目为多模块项目,进入多模块项目构建:勾选 `mall-admin、mall-portal、mall-search` 并构建。 + +进入每个组件内 -> 端口,删除默认的 5000 端口,添加新的组件对应端口: + +- mall-admin:8080 +- mall-portal:8085 +- mall-search:8081 + +![](https://static.goodrain.com/wechat/mall/build.gif) + +#### 建立组件间的依赖关系 + +在应用内,切换到编辑模式,按照以下依赖关系并建立连接: + +![](https://static.goodrain.com/wechat/mall/5.png) + +给组件之间添加依赖 + +![](https://static.goodrain.com/wechat/mall/dep.gif) + +### 部署 mall 前端服务 + +很多时候我们的后端服务一般是不对外提供访问的,如果采用现在的配置那么在部署的时候,`config/prod.env.js` 中后端的地址就必须与前端的访问地址一样,如果不一样则会产生跨域,如下: + +```js +module.exports = { + NODE_ENV: '"production"', + BASE_API: '"https://admin-api.xxx.com"' +} +``` + +如何不暴露后端服务的同时又能解决跨域,可以使用 Nginx 反向代理后端服务。 + +在 `config/prod.env.js` 定义一个不存在的接口,比如 `/api` + +```js +module.exports = { + NODE_ENV: '"production"', + BASE_API: '"/api"' +} +``` + +比如现在前端访问登陆接口的 URL 是 `/api/admin/login` ,显然 `/api` 不是我们的接口,`/admin/login` 才是,那么通过 Nginx URL 重写,把 `/api` 重写,访问到后端的接口就是 `/admin/login` 此时接口正确就可以正常返回数据,也能解决跨域问题同时后端服务也不用对外暴露。 + +``` +server { + listen 80; + + location / { + root /app/www; + index index.html index.htm; + } + + location /api { + rewrite ^/api/(.*)$ /$1 break; + proxy_pass http://127.0.0.1:8080; + } +} +``` + +#### 部署前端组件 + +在团队视图或应用视图 **新增从源码创建组件:** + +- 组件名称:自定义 +- 组件英文名称:自定义 +- 仓库地址:`https://github.com/zzzhangqi/mall-admin-web.git` +- 代码版本:master + +> 以上仓库已经添加了上述配置 + +添加 `mall-admin-web` 依赖于 `mall-admin` + +### 验证部署 + +访问 `mall-admin-web` 前端项目验证部署,默认用户密码:admin / macro123。`mall-portal` 和 `mall-search` 暂时没有前端,可以访问后端 swagger 验证部署 `http://xxx/swagger-ui/` + +![](https://static.goodrain.com/wechat/mall/access.gif) + +## 最后 + +下一期出在 Rainbond 上部署 mall-swarm 微服务项目实践。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-02-07-telepresence.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-02-07-telepresence.md new file mode 100644 index 0000000000..d6051d41d8 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-02-07-telepresence.md @@ -0,0 +1,174 @@ +--- +title: Make remote a gospel for local, microservice backend development +description: Telepresence is an open source tool for simulating microservices in the Kubernetes cluster in a local development environment that allows developers to run and debug microservices in a local development environment without fear of the complexity of the environment and difficult configuration +slug: teleport +image: https://static.goodrain.com/wechat/television/television.inline.png +--- + +One of the greatest pain points in microservice backends development is the difficulty of debugging that very affects our development effectiveness. + +If we want to connect with other microservices, we need to start the corresponding microservice module in the local environment, which may take a lot of configuration and construction time, while also taking up much of our local resources and possibly \`immobile'. + +While we can debug on the test server, the entire process is also lengthy. **Submit code -> Trigger CI/CD -> Wait for a successful building**. Possible simple BUG submissions with a code can solve the problem. Debugging on the server in this way is very difficult when you encounter complex BUGs, too time-wasted,\*\*Submit -> Wait for a long time \*\*, counter-repetition, and there is no easy local development tool to debug directly. + +The tools described below integrate remote and local and allow local development to flourish. + + + +## Telepresence + +Telepresence 是一个开源工具,用于在本地开发环境中模拟 Kubernetes 集群中的微服务,它允许开发人员在本地开发环境中运行和调试微服务,而不必担心环境的复杂性和配置困难。 + +![](https://static.goodrain.com/wechat/telepresence/telepresence-architecture.inline.png) + +简单来说 Telepresence 将 Kubernetes 集群中服务的流量代理到本地,Telepresence 主要有四个服务: + +**Telepresence Daemon:** 本地的守护进程,用于集群通信和拦截流量。 + +**Telepresence Traffic Manager:** 集群中安装的流量管理器,代理所有相关的入站和出站流量,并跟踪主动拦截。 + +**Telepresence Traffic Agent:** 拦截流量的 sidecar 容器,会注入到工作负载的 POD 中。 + +**Ambassador Cloud:** SaaS 服务,结合 Telepresence 一起使用,主要是生成预览 URL 和一些增值服务。 + +### 全局流量拦截 + +全局流量拦截是将 Orders 的所有流量都拦截到我们本地开发机上,如下图。 + +![](https://static.goodrain.com/wechat/telepresence/global.png) + +### 个人流量拦截 + +**个人流量拦截**允许选择性地拦截服务的部分流量,而不会干扰其余流量。这使我们可以与团队中的其他人共享一个集群,而不会干扰他们的工作。每个开发人员都可以只针对他们的请求拦截 Orders 服务,同时共享开发环境的其余部分。 + +个人拦截需要配合 `Ambassador Cloud` 使用,这是一项收费服务,免费用户可以最多拦截 3 个服务。 + +![](https://static.goodrain.com/wechat/telepresence/ind.png) + +## 结合 Telepresence 开发调试 Rainbond 上的微服务 + +- 基于[主机安装 Rainbond ](https://www.rainbond.com/docs/installation/install-with-ui/)或基于 [Helm 安装 Rainbond](https://www.rainbond.com/docs/installation/install-with-helm/)。 + +### 安装 Telepresence + +MacOS: + +```bash +# Intel +brew install datawire/blackbird/telepresence + +# M1 +brew install datawire/blackbird/telepresence-arm64 +``` + +Windows: + +```bash +# 使用管理员身份打开 Powershell + +# 下载压缩包 +Invoke-WebRequest https://app.getambassador.io/download/tel2/windows/amd64/latest/telepresence.zip -OutFile telepresence.zip + +# 解压缩包 +Expand-Archive -Path telepresence.zip -DestinationPath telepresenceInstaller/telepresence +Remove-Item 'telepresence.zip' +cd telepresenceInstaller/telepresence + +# 安装 +powershell.exe -ExecutionPolicy bypass -c " . '.\install-telepresence.ps1';" +``` + +### 安装 Telepresence 流量管理器到集群中 + +可以使用 Telepresence 快速安装 Traffic Manager,本地需要有 kubeconfig 文件 `~/.kube/config`。 + +```bash +$ telepresence helm install +... +Traffic Manager installed successfully +``` + +或者在 Kubernetes 集群中使用 [Helm 安装 Traffic Manager](https://www.getambassador.io/docs/telepresence/latest/install/helm)。 + +### 本地连接远程服务 + +本地使用 `telepresence connect` 连接远程 Kubernetes API Server,本地需要有 kubeconfig 文件 `~/.kube/config` + +```bash +$ telepresence connect +connected to context +``` + +### 在 Rainbond 上快速部署 Pig 微服务应用 + +通过 Rainbond 开源应用商店快速部署 Pig 微服务应用,部署后如下图 + +![](https://static.goodrain.com/wechat/telepresence/rainbond-pig.png) + +后面会以 pig-auth 这个服务为例,演示本地开发调试的流程,这里需要做一些小改动: + +1. 从应用商店安装的应用默认 Workload 是字符串,需要修改 Workload 为易于查看的,这里以 pig-auth 为例,进入组件中编辑组件名称,修改组件英文名称为 `auth` + +2. 简单来说 telepresence 的工作原理就是代理 k8s service,默认 gateway 到 auth 是使用的 nacos 做的负载均衡,这样的话 telepresence 是无法拦截到流量的,我们需要修改 gateway 配置使用 k8s service 做负载均衡。 + + - 打开 pig-register 组件的 8848 对外端口,访问 nacos,修改 `pig-gateway-dev.yml` 的 `spring.cloud.gateway.routes.uri: http://gr795b69:3000` ,`gr795b69:3000` 通过 pig-auth 组件内的端口访问地址获取。 + +3. 如果本地只启动一个 pig-auth 服务,pig-auth 需要连接 pig-register 和 redis,那么就需要将这俩服务的对外端口打开,并修改配置文件让本地的 pig-auth 服务可以连接远程到 pig-register 和 redis。 + +### 在本地调试 auth 服务 + +使用 IDEA 或 VScode 在本地启动 pig-auth 服务。 + +在本地使用 telepresence 拦截 pig-auth 流量,命令如下: + +```bash +$ telepresence intercept --port : -n +``` + +命令拆解: + +```bash +# +# 需要拦截流量的服务 workload +$ kubectl get deploy -n zq +NAME READY UP-TO-DATE AVAILABLE AGE +pig-auth 1/1 1 1 146m + +# 本地端口 + +# +# 需要拦截流量的服务的 service port name +$ kubectl get svc gr795b69 -n zq -o yaml +... + ports: + - name: http-3000 + port: 3000 + protocol: TCP + targetPort: 3000 +... + +# 命名空间 +``` + +最终命令: + +```bash +$ telepresence intercept pig-auth --port 3000:http-3000 -n zq +Using Deployment pig-auth +intercepted + Intercept name : pig-auth-zq + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:3000 + Service Port Identifier: http-3000 + Volume Mount Error : sshfs is not installed on your local machine + Intercepting : all TCP requests +``` + +我们在本地给退出登陆这块逻辑打上断点,然后通过线上的前端退出登陆,打到我们本地 IDEA上,整体效果如下: + +![](https://static.goodrain.com/wechat/telepresence/telepresence-debug.gif) + +## 最后 + +Telepresence 可以帮助我们简化本地开发流程,同时保证代码的正确性和可靠性。还能使我们在集群中轻松调试和测试代码,提高开发效率。结合 Rainbond 的部署简化,从开发到部署都非常的简单,让我们专注于代码编写。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-02-22-loki.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-02-22-loki.md new file mode 100644 index 0000000000..4ee5bb2248 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-02-22-loki.md @@ -0,0 +1,132 @@ +--- +title: 10 minutes learn to use the Looki log aggregation system +description: Loki is an open source log aggregation system developed by Grafana Labs to provide efficient log processing solutions for cloud native structures.Looki stores and queries log data using a Prometheus label indexing mechanism, which enables it to quickly distribute queries and aggregates +slug: loki +image: https://static.goodrain.com/wechat/loki/5.png +--- + +Loki is an open source log aggregation system developed by Grafana Labs to provide efficient log processing solutions for cloud native structures. + +Looki stores and queries log data through the use of Prometheus label indexing mechanisms, which enables it to quickly carry out distributed queries and aggregates without loading all data from storage to memory.Loki also uses compression and cutting of log data to reduce the use of storage space and thus better adapts to the high growth of log data in cloud-origin environments. + +Loki的架构由以下几个主要组件组成: + +**Promptail:** Collect application and system log data and send them to the Loki cluster. + +**Loki:** stores log data, provides log queries for HTTP API, and data filtering and filtering. + +**Grafana:** Responsible UI to display log data. + + + +## Loki vs ELK + +Loki 和 ELK(Elasticsearch, Logstash, Kibana)都是常用的日志处理系统,它们各自具有一些优点。下面是 Loki 相对于 ELK 的几个优点: + +- 存储效率更高:Loki 使用了压缩和切割日志数据的方法来减少存储空间的占用,相比之下,ELK 需要维护一个大的索引,需要更多的存储空间。 + +- 查询速度更快:Loki 使用类似 Prometheus 的标签索引机制存储和查询日志数据,这使得它能够快速地进行分布式查询和聚合,而不需要将所有数据都从存储中加载到内存中。而ELK需要将数据从存储中加载到内存中进行查询,查询速度相对较慢。 + +- 部署和管理更容易:Loki 是一个轻量级的日志聚合系统,相比之下,ELK 需要部署和管理多个组件,需要更多的资源和人力成本。 + +## 安装和配置 Loki + +### 前提 + +参阅 [Rainbond 快速安装](https://www.rainbond.com/docs/quick-start/quick-install) 文档进行安装。 + +### 安装 Loki + +`Loki` 应用已发布到开源应用商店,可通过开源应用商店一键安装。 + +在 **平台管理 -> 应用市场 -> 开源应用商店** 中搜索 `Loki` 并安装。 + +![](https://static.goodrain.com/wechat/loki/1.png) + +安装完成后,该应用内包含 `Loki` `Grafana` 组件: + +![](https://static.goodrain.com/wechat/loki/2.png) + +同时还有 `k8s资源`,其中包括 `promtail` 的 `Daemonset` 以及 `SA` 等资源。 + +![](https://static.goodrain.com/wechat/loki/3.png) + +### 配置 Loki + +进入**应用内 -> k8s资源**,修改 ConfigMap `promtail-config` 的 `url` 部分,URL 通过 Loki 的 **组件内 -> 端口 -> 访问地址** 获取,如下: + +```yaml +apiVersion: v1 +data: + promtail.yaml: | + clients: + - url: http://gre4f2a2:3100/loki/api/v1/push # Changed +...... +``` + +进入**应用内 -> k8s资源**,修改 ClusterRoleBinding `promtail-clusterrolebinding` 的 `namespace` 部分为当前应用的命名空间。 + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: promtail-clusterrolebinding +...... +subjects: +- kind: ServiceAccount + name: promtail-serviceaccount + namespace: dev # Changed +``` + +如果使用的容器运行时是 Containerd 需要修改 `promtail-daemonset` 资源,如果容器运行时是 Docker 则不用修改。 + +```yaml +...... +volumeMounts: +- mountPath: /var/lib/containers # Changed + name: varlibdockercontainers + readOnly: true +...... +volumes: +- hostPath: + path: /var/lib/containers # Changed + type: "" + name: varlibdockercontainers +``` + +修改后更新 `Loki` `Grafana` 组件,应用内 -> 更新即可。 + +## 使用 Loki + +访问 `Grafana`,应用内点击访问按钮即可通过 Rainbond 默认提供的域名访问 `Grafana`。 + +进入 `Explore` 内通过 Labels 筛选 POD 日志,选择 `namespace` `pod` Labels,会自动生成查询表达式,点击 Show logs 即可查看日志。 + +![](https://static.goodrain.com/wechat/loki/4.png) + +![](https://static.goodrain.com/wechat/loki/5.png) + +### 查询表达式 + +除了通过 Grafana 界面选择 Labels 之外,还可以手动写查询表达式,比如: + +```bash +{container="rbd-api",namespace="rbd-system",pod="rbd-api-5fdd795546-j5679"} +``` + +目前支持以下标签匹配运算符: + +- `=` 等于 +- `!= `不等于 +- `=~` 正则匹配 +- `!~` 正则不匹配 + +例如: + +```bash +{namespace=~"dev|rbd-system"} +``` + +## 最后 + +总之,Loki是一个轻量级、高效的日志聚合系统,它在处理云原生环境下大规模日志数据方面表现出色。Loki 相比于 ELK具有存储效率更高、查询速度更快、部署和管理更容易。结合 Rainbond 一起使用,使我们的应用和日志管理都非常简单。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-03-pipeline.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-03-pipeline.md new file mode 100644 index 0000000000..0b03840418 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-03-pipeline.md @@ -0,0 +1,78 @@ +--- +title: Pipeline (waterlines) plugin based on Rainbond +description: In order to help developers test code more effectively, compile caches, even code quality analyses, when combined with Rainbond plugins systems, outreach information is made more flexible and diversified in terms of GitLab CI capacity +slug: pipeline +image: https://static.foodrain.com/wechat/5.12/4.png +--- + +Rainbond itself has the ability to build components based on the source code that can be compiled into a Docker image in multiple programming languages, but in the process of continuous integration it is often necessary to perform static checks, build packages, and test units.Previously, because Rainbond did not have an organized mechanism such as Piperine, users were often able to only integrate external CI such as Jenkins, Gitlab CI etc.This increases the threshold for developer use. + +So to help developers test code better, compile caches, and even code quality analysis, in combination with Rainbond plugin systems, outreach information is made more flexible and diversified based on GitLab CI capabilities. + + + +![](https://static.goodrain.com/wechat/5.12/pipeline1.png) + +## Waterline Plugin + +### Function + +Based on Rainbond plugin system, the main plug plugin to extend information contributions includes the following five parts: + +1. Waterline Administration: Developers use the Waterline Module to customize the flow line required for the application service and the stages of the line + +![](https://static.goodrain.com/wechat/5.12/1.png) + +2. Application Service: Application service is a repository for a project on Gitlab that is applied to development, managing the repository.Normally corresponded to components in Rainbond, which may correspond to more than one Rainbond component if multiple miniservices are included in a warehouse. + +![](https://static.goodrain.com/wechat/5.12/2.png) + +3. Code: Manage the continuous integration process between branches and CI in the repository to see historical information about recent submissions and continuous integration of branches in the repository branch. + +![](https://static.goodrain.com/wechat/5.12/3.png) + +![](https://static.goodrain.com/wechat/5.12/4.png) + +4. Mirror Repository: Continuous integration of image products and versions are displayed here, and the generated mirrors can be deployed manually to the specified environment. + +![](https://static.goodrain.com/wechat/5.12/5.png) + +5. Deploy History: Mirror repository version deployed to history records under Rainbond app, can jump from deployment details to the corresponding component manager. + +![](https://static.goodrain.com/wechat/5.12/6.png) + +### Install + +The streaming plugin has been posted to the Marketplace and can be installed by one click in the Open Source App Store.Current plugin needs to meet the following prerequisites: + +- Rainbond v5.12.0 +- Available Gitlab and Gitlab Runner + +Gitlab and Gitlab runner can also be installed via the Open Source Store at one key.The installation process below: + +1. Search for `Gitlab` and `Gitlab runner` in the `Platform Manager - Marketplace - Open Source Store`; +2. Search for the `Pipeline` installation in the `Platform Admin - Marketplace - Open Source Store`; + +Specific configuration and usage reference:[Pipeline Use Document](https://www.rainbond.com/docs/devops/pipeline/) + +### Use + +Once the plugin is running, come back to the team view to refresh it. You can see the `Rainbond Stream Line` option in the left sidebar. Tap to enter.The flow line plugin uses the process mainly as shown in the graph below and is divided into four moves:`Create a streaming line template, >Create an application service -> Build->Deploy to Platform`. + +![](https://static.goodrain.com/wechat/5.12/pipeline2.png) + +#### Create Waterline Template + +Users can define the stages of the water line in the template. By default, they provide a hydrological template for NodeJS, Java, Go, Python, which can customize each stage of the water line internally. + +#### Create App Service + +We need to create an application service after having a plug template.The application service actually connects the code repository and the plug template and eventually implements the code of the repository to be built through the streaming line template. + +#### Build Code + +Manually triggers stream line construction in `Code Management -> Branch `. Build processes that can be seen in `Code Management -> Continuous Integration`.Once constructed, the mirror will be pushed to the mirror repository address defined in the Waterline Template.Imaging products can be viewed in the mirror repository. + +#### Deployment operations + +Once the first build has been completed, the mirror information can be viewed in the mirror repository, at which time the deployment is chosen, the app can be selected from the team. The name of the component will be defined by the name of the application service.Once deployed, the deployment details can be seen in the deployment history. Click for details to jump to the corresponding component management, and then automatically build and deploy with the next submission. diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-13-serverless.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-13-serverless.md new file mode 100644 index 0000000000..e2216ce610 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-13-serverless.md @@ -0,0 +1,95 @@ +--- +title: How to build private cloud native Serverless Platform +description: With the spread of cloud calculations, a growing number of businesses are moving their business applications to clouds.However, the question of how to construct a full set of cloudy Serverless platforms remains to be considered.This paper will describe how to build a private Serverless platform on Rainbond +slug: Serverless +image: https://static.goodrain.com/wechat/serverless/serverless.png +--- + +With the spread of cloud calculations, a growing number of businesses are moving their business applications to clouds.However, the question of how to construct a full set of cloudy Serverless platforms remains to be considered. + + + +## Serverless的发展趋势 + +云计算行业从 IaaS(基础设施即服务)到 PaaS(平台即服务),再到 Serverless(无服务器)的发展,经历了一个逐渐从底层到上层,从IT基础设施提供商到应用开发者的转移的过程。 + +IaaS 时代,云计算提供商主要提供基础设施服务,包括计算、存储、网络等,用户需要自己搭建运维应用。这个阶段主要面向IT运维人员和企业内部的应用开发团队。 + +随着 PaaS 的出现,云计算提供商开始提供更高层次的服务,包括开发框架、数据库、消息队列等,用户只需要关注应用开发,无需关心底层设施。这个阶段主要面向应用开发者和创业公司,可以大大提高开发效率和降低成本。 + +而 Serverless 的出现,则更进一步解放了应用开发者的手脚,将服务器管理交给云计算提供商,应用开发者只需关注业务逻辑的实现,无需关心服务器的管理和维护。Serverless的出现使得应用开发更加灵活和高效,也降低了开发和运维成本,因此受到了越来越多的关注。 + +总体来看,从IaaS到PaaS再到Serverless的发展,是云计算服务不断向上层抽象和自动化的过程,提高了IT基础设施和应用开发的效率,降低了成本,推动了数字化转型的进程。随着技术和市场的不断变化,未来云计算服务还将不断地向更高层次的抽象和自动化发展。 + +## 自建 Serverless 的意义与困境 + +建设私有化的云原生 Serverless 平台具有重要的意义和必要性。首先,相比于公共云平台,私有化的云原生 Serverless 平台可以更好地满足企业的特定需求,保障数据的安全性和隐私性,同时也能够更好地管理和控制计算资源的分配和利用。其次,随着数字化转型和云原生技术的普及,企业对于 Serverless 架构的需求也越来越大,建设私有化的 Serverless 平台可以更好地满足企业的需求,提高企业的业务效率和运营效果。 + +然而,建设私有化的云原生 Serverless 平台也具有一定的难点。首先,需要企业拥有一定的技术实力和人才储备,包括云计算、容器、微服务等多种技术的掌握和运用。其次,需要进行系统的架构设计和资源规划,包括容器集群的搭建、网络的配置、存储的规划等。此外,私有化的Serverless平台需要满足高可用、高性能、高安全的要求,需要进行多方面的测试和优化。最后,建设私有化的Serverless平台需要考虑成本的控制和效益的提升,需要综合考虑多种因素,包括硬件设备、软件开发和维护等成本。因此,建设私有化的云原生Serverless平台需要企业在技术、资源、人才和经济等多方面进行全面的规划和考虑,确保平台的稳定性和可持续性。 + +## ServerLess 的特点 + +目前,Serverless 并没有一个业界统一的标准规范,因为 Serverless 并不是一种具体的技术或架构,而是一种基于云计算的应用运行和部署方式,这种部署方式凸显出开发人员不必关心服务器等基础设施。一般情况下,我们认为一个云原生的 Serverless 平台应该提供以下能力: + +1. 弹性伸缩:平台应该支持应用自动扩缩容,以便应对变化的负载和流量。 +2. 容器编排:平台应该支持容器编排,以方便管理应用的生命周期和资源分配。 +3. 无服务器计算:平台应该支持无服务器计算模式,以提高开发者的效率和降低成本。 +4. 自动化运维:平台应该支持自动化运维,包括自动部署、自动扩容、自动恢复等功能。 +5. 服务发现与负载均衡:平台应该支持服务发现和负载均衡,以确保应用的高可用性和稳定性。 +6. 日志监控和告警:平台应该支持日志监控和告警,以便及时发现和解决应用问题。 +7. 安全管理:平台应该支持安全管理,包括身份认证、访问控制、审计服务等功能,以确保应用的安全性和隐私性。 +8. 自动化CI/CD:平台应该支持自动化CI/CD,以便实现快速迭代和部署。 +9. 多云支持:平台应该支持多云环境,以便应用可以跨多个云平台部署和运行。 + +如此多的能力要求,为自建云原生 Serverless 平添了不少难度。那么是否可以选择一个开源的方案来完成这个目标呢? + +## 基于 Rainbond 自建 + +Rainbond 是一款开源的云原生应用管理平台,它可以帮助用户快速构建和管理云原生应用,其很多功能特性都与 Serverless 的无服务器理念不谋而合。Rainbond 提供了一系列的工具和服务,包括应用编排、容器编排、自动化部署、监控告警、应用管理等功能,可以帮助用户实现应用的快速迭代和部署。此外,Rainbond 还支持多语言、多框架、多云环境的部署,用户可以根据自己的需要选择不同的部署方式。 + +![server-1](https://static.goodrain.com/wechat/serverless/rainbond-serverless-1.png) + +### 原生支持多云管理 + +Rainbond 可以架设在多种不同的云之上,原生支持多云管理。这种多云管理能力可以帮助用户抹平多种不同云计算供应商之间的差异,提供一致的应用部署、应用管理体验。无论是公有云、私有云或混合云,对用户而言都变成透明层,用户的应用可以借助Rainbond提供的能力完成跨云的快速迁移。 +![server-2](https://static.goodrain.com/wechat/serverless/rainbond-serverless-2.png) + +### 简化应用部署 + +Rainbond 支持用户部署由不同开发语言开发而来的应用,这个过程不需要用户编写 Dockerfile,不需要了解容器镜像如何打包。被支持的语言类型包括:Java、Python、Golang、PHP、NodeJS、.NetCore以及静态Html语言。用户在操作时仅需要提供代码仓库地址,或者直接上传 Jar、War 包即可将构建任务交给 Rainbond ,后者会自动识别语言类型,并自动配置语言的构建环境与最终运行环境。构建任务完成后,应用会自动运行起来,整个过程不需要用户过多参与。 + +部署过程中,用户可以自己选择以哪种 Workload 类型来部署应用,Rainbond 除了支持常见的 Deployment、StatefulSet 之外,也支持部署 Job、CronJob 类型的 Workload。 + +### 弹性伸缩能力 + +弹性伸缩能力是 Serverless 场景中最受关注的能力之一,自动化的弹性伸缩能够提升对计算资源的利用率。用户可以借助这种能力,自动化应对业务的峰谷流量。Rainbond 能够根据 CPU/MEM 资源利用情况进行实例数量上的 1-N 自动伸缩,用户仅需要做非常简单的一次设置即可。在更高阶的场景中,Rainbond 能够旁路感知Http业务的平均响应时间、吞吐率等性能指标,并据此实现自动伸缩能力。 + +### 微服务能力 + +Serverless架构与传统的微服务架构类似,都是基于分布式系统的思想,将一个应用拆分成多个小的、相对独立的服务单元来进行开发、部署和管理。而微服务框架可以帮助开发人员更好地设计和开发这些服务单元,提高系统的可维护性、可扩展性和可靠性。Rainbond内置灵活高效的ServiceMesh微服务框架,能够完成跨语言、跨协议、跨架构的微服务编排,并且提供全面的微服务治理、容错机制等能力。 + +### 自动化运维 + +Rainbond提供完善的自动化运维能力,能够极大的解放开发人员。许多应用运维工作都将由平台来接管,包括定时数据备份、健康检测、故障自愈等。 + +### 可观测性中心 + +可扩展的全方位可观测性能力,提供上至应用组件,下至平台的监控视图。全局日志功能与链路追踪能力,能够帮助开发者快速定位问题。实时告警能力,则保证了每一次异常都会得到开发者的关注。 + +### 自动CI/CD + +Rainbond 能够对接 Git 或 Svn 类型的代码仓库,简化用户创建应用以及配置自动化 Webhook 的流程。开发者仅需要提交一次代码,就可以触动整个CI/CD链条,自动化完成代码更新后的上线。 + +### 一键配置网络入口 + +用户不需要学习复杂的负载均衡配置,仅仅需要一键,就可以开启 L4/L7 的网关策略,将应用的端口对外暴露,平台将会根据要求自动生成 IP:Port 或域名形式的访问地址。 + +### 安全管理 + +平台中采用双因素认证方式保证登录安全,并提供基于 RBAC 的设计方案来确保对应用的权限控制。除此之外,Rainbond 提供全局的操作日志审计功能,保留用户对应用的每一次操作记录。 + +Rainbond 作为一个开源的云原生应用管理平台,能够帮助企业应对建设私有化的云原生 Serverless 平台的难点。首先,Rainbond 提供了丰富的组件和工具,使得企业可以轻松构建容器集群、微服务架构、CI/CD流水线等,极大地降低了技术门槛。其次,Rainbond 提供了完善的应用管理和监控机制,包括应用部署、服务编排、负载均衡等功能,大大简化了应用开发和运维的工作量,实现了应用管理的自动化和免运维。此外,Rainbond 提供了网关组件,可通过一键即可对外暴露L4/L7层服务,提高了应用的安全性和可访问性。Rainbond 还支持 Job 任务类型或 CrontabJob 定时任务类型,使得企业能够方便地进行定时任务调度。最重要的是,Rainbond 提供了 ServerMesh 微服务框架和内置的应用编排模型,帮助企业轻松实现应用拓扑的编排和管理,实现应用的快速迭代和更新。此外,Rainbond 还能够对接 Git 类型代码仓库,实现自动化 CI/CD 流程,进一步提高了开发效率和运营效果。 + +## 写在最后 + +通过借助 Rainbond 建设私有化的云原生 Serverless 平台,企业能够更好地应对技术难点,提高平台的稳定性和可持续性。同时,Rainbond 还提供了完善的文档和社区支持,帮助企业更好地了解和掌握相关的技术和应用。因此,借助 Rainbond 建设私有化的云原生 Serverless 平台不仅能够解决技术难点,也能够提高企业的开发效率、降低运维成本,是建设私有化 Serverless 平台的理想选择。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-21-pipelineSpringBoot.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-21-pipelineSpringBoot.md new file mode 100644 index 0000000000..bc80c069b2 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-21-pipelineSpringBoot.md @@ -0,0 +1,203 @@ +--- +title: Continuous integration and continuous deployment using the Waterline plugin +description: The streaming plugin is based on the Rainbond plugin extension and extends to the existing building system of Rainbond, which will describe the deployment of RuoYi SpringBoot project using the plug plugin and achieve auto-build, auto-deploy after submitting code +slug: pipelinespringboot +image: https://static.goodrain.com/wechat/pipeline-springboot/ci-cd.png +--- + +[流水线插件](https://www.rainbond.com/docs/devops/pipeine/) is based on the Rainbond **plugin system** extension that enables the extension of the Rainbow build system by plugin.This plugin is developed and contributed by a community partner **outreach information** based on GitLab CI/CD implementation. + +The difference between pipeline construction and Rainbond source construction is: + +- Rainbond source builds:in simple, fixed build mode and user needs to provide source code only, but not very flexible. +- Waterline builds:custom build steps, using more flexibility. + +This paper will describe the deployment of the RuoYi SpringBoot project using a plug plugin and implement automatic construction and deployment after submission of the code. + + + +## 安装 GitLab 和 Runner + +流水线插件是基于 GitLab 实现,所以需要依赖 GitLab 和 GitLab Runner,如果已有则可跳过此步。 + +通过 Rainbond 开源应用商店部署 GitLab 和 Runner,进入到 **平台管理 -> 应用市场 -> 开源应用商店** 中分别搜索 `GitLab` 和 `GitLab-runner`,选择版本进行安装,分别安装到同一个应用内。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/1.png) + +部署完成后,访问 GitLab 默认的域名进行用户注册。然后关闭 GitLab 默认的 AutoDevOps:`Admin -> Settings -> CI/CD -> Continuous Integration and Deployment` 取消勾选 `Default to Auto DevOps pipeline for all projects`。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/2.png) + +### 注册 Runner + +GitLab 和 Runner 都部署完成后,需要将 Runner 注册到 GitLab 中。 + +进组 Runner **组件内 -> Web 终端**,执行以下命令进行注册: + +- `` 为 GitLab 访问地址 +- `` 在 GitLab 的 `Admin -> Runners` 获取 `Registration token` +- `` 自定义 Runner 的标签。 + +```bash +gitlab-runner register \ + --non-interactive \ + --executor "docker" \ + --docker-image alpine:latest \ + --url "" \ + --registration-token "" \ + --description "docker-runner" \ + --tag-list "" \ + --run-untagged="true" \ + --locked="false" \ + --docker-volumes /var/run/docker.sock:/var/run/docker.sock \ + --docker-volumes /root/.m2/repository \ + --docker-privileged="true" \ + --access-level="not_protected" \ + --docker-pull-policy="if-not-present" +``` + +注册完成后,可以在`Admin -> Runners` 页面中看到如下图,`Status` 为 `online` 则正常。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/3.png) + +## 安装流水线插件 + +通过 Rainbond 开源应用商店部署 Pipeline 应用插件,进入到 **平台管理 -> 应用市场 -> 开源应用商店** 中搜索 `Pipeline`,选择对应的版本进行部署。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/4.png) + +安装完成后,需要修改 Pipeline-Backend 服务的配置,进入到 **Pipeline 应用内 -> Pipeline-Backend组件内**,修改以下环境变量: + +- RAINBOND_URL:Rainbond 控制台访问地址,例如:`http://192.168.3.33:7070`。 + +* RAINBOND_TOKEN:Rainbond 控制台的 Token,可以在 **右上角用户 -> 个人中心 -> 访问令牌** 中获取。 + +修改完成后,更新或重启 Backend 组件生效。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/5.png) + +进入到 **Pipeline 应用内 -> k8s 资源 -> 编辑 rainbond-pipeline**,修改 `pipeline` 资源中的 `access_urls` 配置,修改为 `Pipeline-UI` 组件的对外访问地址,如下: + +```yaml +apiVersion: rainbond.io/v1alpha1 +kind: RBDPlugin +metadata: + labels: + plugin.rainbond.io/name: pipeline + name: pipeline +spec: + access_urls: + - https://custom.com + alias: Pipeline + author: Talkweb + description: 该应用插件是基于 GitLab CI/CD 实现,扩展 Rainbond 已有的构建体系。 + icon: https://static.goodrain.com/icon/pipeline.png + version: 1.0.0 +``` + +修改完成后,就可以在每个团队视图中看到 `流水线` 按钮选项了。 + +## 部署 RuoYi 项目 + +将 Gitee 中的 [RuoYi](https://gitee.com/y_project/RuoYi.git) 项目 Fork 到私有的 GitLab 中。 + +修改项目配置文件中的 `mysql` 连接地址: + +```yaml +# ruoyi-admin/src/main/resources/application-druid.yml +...... +spring: + datasource: + type: com.alibaba.druid.pool.DruidDataSource + driverClassName: com.mysql.cj.jdbc.Driver + druid: + # 主库数据源 + master: + url: jdbc:mysql://${MYSQL_HOST}:3306/ry?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8 + username: root + password: root +``` + +### 部署 MySQL + +通过 Rainbond 开源应用商店部署 MySQL 即可。部署之后打开 MySQL 对外服务端口,通过本地工具连接到数据库并创建 `ry` 数据库和初始化 sql 目录下的 `quartz.sql` 和 `ry_20230223.sql`。 + +### 部署 RuoYi SpringBoot + +进入到 **团队视图 -> 流水线**。 + +#### 1.创建流水线 + +进入流水线管理,选择 Java Maven 单模块的模版创建。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/6.png) + +如果没有 SonarQube 代码扫描步骤可以删除,修改 **编译构建物** 步骤: + +- 制品目录:ruoyi-admin/target/\*.jar + +修改 **构建镜像** 步骤: + +- 脚本命令: + +```bash +cp ruoyi-admin/target/*.jar app.jar +docker login -u ${REPOSITORY_USERNAME} -p ${REPOSITORY_PASSWORD} ${REPOSITORY_URL} +docker build -t ${REPOSITORY_URL}/${ORG}/${MODULE}:${DEVOPS_VERSION} . +docker push ${REPOSITORY_URL}/${ORG}/${MODULE}:${DEVOPS_VERSION} +``` + +在流水线的变量内,指定 Docker 相关的环境变量用于打包镜像和推送镜像: + +- REPOSITORY_URL:镜像仓库地址,如:registry.cn-hangzhou.aliyuncs.com +- ORG:镜像仓库组织,例如:goodrain +- REPOSITORY_USERNAME:镜像仓库用户名 +- REPOSITORY_PASSWORD:镜像仓库密码 + +#### 2.创建应用服务 + +- 服务编码:唯一的 +- 服务名称:自定义 +- 流水线:选择流水线模版 +- 仓库配置:填写仓库地址,如:http://gitlab.test.com/root/ruoyi.git +- 认证配置:可选用户密码或Token + +![](https://static.goodrain.com/wechat/pipeline-springboot/7.png) + +创建应用服务后,可在 GitLab 仓库内看到多了两个文件 `Dockerfile` 和 `.gitlab-ci.yml` ,这是由流水线插件服务自动生成并提交到仓库内。 + +#### 3.构建服务 + +进入 **代码管理**,应用服务选择 `ruoyi`,点击 `构建` 按钮开始构建。可以在持续集成页面看到构建状态以及步骤,点击步骤可跳转至 GitLab 详情页。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/8.png) + +#### 4. 部署后端服务 + +等待构建完成后,即可在镜像仓库中看到构建的镜像版本,接下来就可以通过该版本进行部署,可选择部署到当前团队下的哪个应用内。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/9.png) + +部署完成后,可在部署历史页面看到部署历史,点击部署详情跳转到 Rainbond 组件内。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/10.png) + +### 编辑依赖关系 + +接下来进入到应用内,切换到编排模式将 `ruoyi` 服务依赖至 MySQL 服务,并更新 ruoyi 组件。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/11.png) + +进入到 ruoyi 组件内 -> 端口,添加 80 端口并打开对外服务,即可通过默认的域名访问到 ruoyi UI。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/12.png) + +### 配置自动构建和自动部署 + +编辑已经创建的应用服务,打开自动构建和自动部署按钮,下次提交代码时将会自动触发整个流程。 + +![](https://static.goodrain.com/wechat/pipeline-springboot/13.png) + +## 最后 + +通过流水线插件可以更灵活的扩展构建过程,比如增加代码扫描、构建成功后的消息通知等等。流水线插件也会持续迭代,欢迎大家安装使用! diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-28-gatewayAPI.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-28-gatewayAPI.md new file mode 100644 index 0000000000..d023de7d30 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-28-gatewayAPI.md @@ -0,0 +1,130 @@ +--- +title: Gateway API plugin production practice in Rainbod +description: As a new generation of flow management standards, the Gateway API has improved issues such as the irregularities in the extension of the original Progress and the poor transplantation nature.This article will use Envoy Gateway as an example of how to make and publish Gateway API plugins +slug: gatewayapi +image: https://static.goodrain.com/wechat/gateway-plugin/gatewayapi.png +--- + +As a new generation of flow management standards, the Gateway API has improved issues such as the irregularities in the extension of the original Progress and the poor transplantation nature.From a gateway experience compatible with K8 ecology and optimization, Rainbond supports the extension of platform gateway capabilities in the form of plugins, several communities now provide Gateway API implementation and make it available as platform plugins to use the outreach gateway capacity in the platform.We can create different gateway implementations to respond to different scenarios and needs, while we can post our own plugins to the App Store for use. + +This article will detail how to make and publish your Kubernetes Gateway API plugin with Envoy Gateway.The Gateway API plugin that will be released to the Open Source Store will be used by other users while actively participating in the contribution will also have the opportunity to get a small gift from us. + + + +## 前提条件 + +- Rainbond 版本大于 v5.13 + +- Rainbond 已经对接过开源应用商店并拥有推送权限 + +## Rainbond 与 Gateway API 集成机制 + +在 Rainbond 中,之前仅支持内置网关,应用定义好路由规则后,外部流量即可直接访问到对应应用。而 Gateway API 是以插件和能力扩展的形式与平台进行结合的。在平台中,只有安装了 Gateway API 自定义资源以及至少有一个网关实现后,才可以扩展平台网关能力。 + +如下图所示,如果 `App 4`、`App 5`等应用想要使用支持 Gateway API 的网关实现,那么首先需要定义 Gateway API 的相关资源,而这类资源是由 `Gateway API 基础资源插件`提供的,它主要包含了 Gateway API 资源类型的定义以及相关的 WebHook 资源。同时它在平台上暴露了 GatewayClass 和 Gateway 类型的资源,在平台能力扩展中可以看到。这样用户可以自定义网关行为和配置。 + +因此我们只需要制作一个网关插件,即可读取 Gateway 类型的资源并生成对应的配置,向外提供网关能力。目前 Gateway API 已有多种实现,如 Envoy、Nginx、Istio 等。这里我们选择 Envoy 作为网关,这样外部流量进入 Envoy后,即可根据对应的路由策略到达 `App 4` 等应用上。 + +![](https://static.goodrain.com/wechat/gateway-plugin/3.png) + +## 制作自定义网关插件的步骤 + +![](https://static.goodrain.com/wechat/gateway-plugin/4.png) + +实现 Gateway API 插件的完整流程如上图所示,主要分为以下五步: + +1. 部署 Gateway API 基础资源:目前 Gateway API 主要由一系列自定义资源(CRD)组成,在集群中使用其能力时,需要先部署这些基础资源,才能使集群识别该类型的资源。 +2. 选择 Gateway API 网关实现:目前 Gateway API 已有多家 [下游实现](https://gateway-api.sigs.k8s.io/implementations/),这些网关实现都可以自由选择,提供对外服务的能力。 +3. 平台部署网关并测试:需要将网关实现转化为平台资源进行部署测试。只有这样最后才可以一键发布到开源应用商店供他人使用。 +4. 制作和发布插件:定义插件相关元数据,并发布到开源应用商店。 +5. 完善插件信息并上架:完善插件的介绍后,可以让用户更好的使用该插件。 + +下面将会针对这几个步骤详细说明。 + +### 部署 Gateway API 基础资源 + +在制作下游网关实现插件之前,我们需要安装 Gateway API 基础的 CRD 和控制器等资源,平台已经将这些资源打包成插件应用上架到开源应用商店。我们只需要在 **平台管理->应⽤市场->开源应⽤商店->搜索 GatewayAPI-Base** 并进行安装即可,由于 Gateway API 中 RBAC 相关资源对命名空间有依赖,所以我们需要在安装时,新建一个团队,团队英文名设置为 `gateway-system`,这样将会将其安装至 `gateway-system` 命名空间下,最好单独创建⼀个应⽤,应⽤的名称⻅名知意,便于后期管理。 + +### 选择 Gateway API 网关实现 + +k8s [Gateway API 实现列表](https://gateway-api.sigs.k8s.io/implementations/)中有多个实现,制作的话可以去这里挑选,由于目前 k8s Gateway API 目前 HttpRoute 已支持到 Beta 版本,所以我们需要挑选 HTTPRoute 资源支持到 beta 版本的下游实现,如 [Istio](https://gateway-api.sigs.k8s.io/implementations/#istio) 、[Cilium](https://gateway-api.sigs.k8s.io/implementations/#cilium) 、[Kong](https://gateway-api.sigs.k8s.io/implementations/#kong) 等。由于 [Envoy Gateway](https://gateway.envoyproxy.io/v0.3.0/) 已支持到 Beta 版本,所以我们本次使用其作为网关插件的扩展。 + +### 在Rainbond上部署并测试 + +挑选好实现后,你可以在实现的官网中看到如何安装实现,拿 envoy 为例,envoy 官网给出了两组 Yaml 如下: + +```YAML +kubectl apply -f https://github.com/envoyproxy/gateway/releases/download/v0.3.0/install.yaml +kubectl apply -f https://raw.githubusercontent.com/envoyproxy/gateway/v0.3.0/examples/kubernetes/http-routing.yaml +``` + +- **install.yaml** 此 YAML 文件中存放的便是我们插件所需的基础资源。 +- **http-routing.yaml** 这个 YAML 文件我们需要进行处理,只保留我们插件所需的 GatewayClass 资源和 Gateway 资源,HttpRoute 资源不需要保留,在平台定义网关策略后将会自动生成。 + +将整理好的资源 YAML 后,在应用视图的 k8s 资源管理处创建,功能位置:**应用视图 ---> k8s 资源 ---> 添加**。 + +![](https://static.goodrain.com/wechat/gateway-plugin/1.png) + +⚠️注意:如果有RoleBinding 等需要标识命名空间的资源,则需要确保标识的命名空间和当前上传的团队所对应的命名空间是否一致,以免造成权限不足等问题,示例如下: + +```YAML +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +... +subjects: +- kind: ServiceAccount + name: certgen + namespace: envoy-gateway-system +``` + +上传创建完成后,我们还需要在 **平台管理视图->扩展->能力** 中处理一下 Gateway 资源,将网关的 Service 名称或前缀标记出来,后续在创建 HTTP 策略的时候便可获取并展示你的域名解析地址。 + +```YAML +labels: + service-name: envoy-envoy-gateway-system-envoy +``` + +NodePort 是从节点上获取的 IP ,默认为 NodeInternalIP ,如果存在 NodeExternalIP 则优先使用 NodeExternalIP 。 + +LoadBalancerIP 是从 Service 资源上的 ExternalIPs 获取IP,如果不存在则不展示。 + +完成以上操作后,我们需要进行测试,主要检查以下几项。 + +1. 检查组件是否都运行正常,状态是否都为运行中。 +2. 检查应用下的 k8s 资源是否都创建成功。 +3. 当所有资源的状态都正常后,参考 Gateway API 网关使用文档进行使用测试,查看是否可以正常使用。 + +### 制作和发布插件 + +如果想将该网关实现作为平台网关插件进行发布,那么还需要准备标志应用为插件的 RBDPlugin 资源,定义好该资源后,才可以在`平台管理->插件`中查看到该插件并进行管理。示例如下: + +```YAML +apiVersion: rainbond.io/v1alpha1 +kind: RBDPlugin +metadata: + name: RBDPlugin 资源名称 +spec: + alias: 插件别名 + author: 插件制作人 + description: 插件简介 + icon: 插件图标 + version: 插件版本 +``` + +定义好该资源后,我们可以进行发布了,在应用拓扑图页面,点击左侧`发布`按钮,选择`发布到云应用商店`,即可将其发布到开源应用商店。 + +### 完善插件信息并上架 + +发布到开源应用商店的插件或应用,我们需要[登录开源应用商店](https://hub.grapps.cn/marketplace)编辑其信息并上架后,该应用才可被其他用户查看和使用。可以参考[如何分享插件或应用到 Rainbond 应用商店](https://mp.weixin.qq.com/s/CIpIBFLYSEQUUKMzO8dVtg)。 + +登录完成后点击右上角控制台,选择[管理应用](https://hub.grapps.cn/manage/general/myapp)。这时候应该可以看到刚刚发布的 Envoy 插件。点击应用名称进入详情页面,此时需要编辑应用的名称、Logo、详细信息。 + +当应用基础信息补充完成后,我们需要为其添加一个套餐,才可以上架。套餐在这里的作用主要是将应用的版本管理起来。用户使用不同的套餐安装的版本也不同。 + +在补充完应用的基本信息和套餐后,就可以准备上架了。只有上架的应用才可以被其他用户浏览和使用。回到管理应用的页面,选择上架即可。 + +## 最终效果 + +我们可以在开源应用商店查看到我们制作的网关插件,如下图所示,其余用户也可以在 Rainbond 中一键部署使用,具体使用可以参考 Gateway API 使用文档。 + +![](https://static.goodrain.com/wechat/gateway-plugin/2.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-29-curve.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-29-curve.md new file mode 100644 index 0000000000..a6bbe34b0b --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-03-29-curve.md @@ -0,0 +1,319 @@ +--- +title: Use Curve cloud survival practice on Rainbond +description: Curve is a modern storage system that is easy to navigate through the web and currently supports file storage (CurveFS) and block storage (CurveBS). This paper will describe how to deploy and use Curve cloud native storage +slug: curve +image: https://static.goodrain.com/wechat/curve/rainbondxcurve.png +--- + +Curve is a modern storage system that is easily accessible by the web and currently supports file storage (CurveFS) and block storage (CurveBS). + +CurveBS Core App Scenarios include primarily: + +- performance type, mix, capacity cloud or persistent volume of the virtual machine/container, as well as remote disk of the physical machine +- High performance separation architecture:is based on the RDMA+SPDK high-performance extension architecture that supports various databases such as MySQL, kafka and other types of inventory separation of deployments, and increases case delivery efficiency and resource utilization + +CurveFS Core App Scenes include primarily: + +- High Price Storage in AI Training (including Machine Learning) +- Cold thermal data automation stratification storage in large data scenes +- Shared files with high value in public cloud storage:can be used for business scenes like AI, Big Data, File Sharing etc. +- Mixed cloud storage:thermal data stored in local IDC, cold data stored in public cloud + +![](https://static.goodrain.com/wechat/curve/1.png) + + + +## 使用 CurveAdm 部署 CurveFS + +CurveAdm 是 Curve 团队为提高系统易用性而设计的工具,其主要用于快速部署和运维 CurveBS/CurveFS 集群。主要特性: + +- 快速部署 CurveBS/CurveFS 集群 +- 容器化服务 +- 运维 CurveBS/CurveFS 集群 +- 同时管理多个集群 +- 一键升级 +- 错误精确定位 + +### 安装 CurveAdm + +```bash +bash -c "$(curl -fsSL https://curveadm.nos-eastchina1.126.net/script/install.sh)" +``` + +### 主机列表 + +主机模块用来统一管理用户主机,以减少用户在各配置文件中重复填写主机 `SSH` 连接相关配置。我们需导入部署集群和客户端所需的机器列表,以便在之后的各类配置文件中填写部署服务的主机名。 + +这里采用一台服务器,做单节点集群。 + +#### 配置免密登陆 + +生成密钥并配置服务器免密登陆 + +```bash +# 一直回车即可 +ssh-keygen + +# 使用 ssh-copy-id 配置 +ssh-copy-id root@172.31.98.243 + +# 验证免密 +ssh root@172.31.98.243 + +# 无需输入密码登陆成功即可 +``` + +#### 导入主机列表 + +准备主机列表文件 `hosts.yaml` + +```yaml +$ vim hosts.yaml + +global: + user: root # ssh 免密登陆用户名 + ssh_port: 22 # ssh 端口 + private_key_file: /root/.ssh/id_rsa # 密钥路径 + +hosts: + - host: curve + hostname: 172.31.98.243 +``` + +导入主机列表 + +```bash +$ curveadm hosts commit hosts.yaml +``` + +查看主机列表 + +```bash +$ curveadm hosts ls +``` + +### 准备集群拓扑文件 + +CurveFS 支持单机部署和高可用部署,这里我们采用单机部署验证。 + +创建 `topology.yaml` 文件,只需修改 `target: curve`,其他都默认即可。 + +```yaml +$ vim topology.yaml + +kind: curvefs +global: + report_usage: true + data_dir: ${home}/curvefs/data/${service_role}${service_host_sequence} + log_dir: ${home}/curvefs/logs/${service_role}${service_host_sequence} + container_image: opencurvedocker/curvefs:v2.4 + variable: + home: /tmp + target: curve + +etcd_services: + config: + listen.ip: ${service_host} + listen.port: 2380${service_host_sequence} # 23800,23801,23802 + listen.client_port: 2379${service_host_sequence} # 23790,23791,23792 + deploy: + - host: ${target} + - host: ${target} + - host: ${target} + +mds_services: + config: + listen.ip: ${service_host} + listen.port: 670${service_host_sequence} # 6700,6701,6702 + listen.dummy_port: 770${service_host_sequence} # 7700,7701,7702 + deploy: + - host: ${target} + - host: ${target} + - host: ${target} + +metaserver_services: + config: + listen.ip: ${service_host} + listen.port: 680${service_host_sequence} # 6800,6801,6802 + listen.external_port: 780${service_host_sequence} # 7800,7801,7802 + global.enable_external_server: true + metaserver.loglevel: 0 + braft.raft_sync: false + deploy: + - host: ${target} + - host: ${target} + - host: ${target} + config: + metaserver.loglevel: 0 +``` + +### 部署集群 + +添加 `my-cluster` 集群,并指定集群拓扑文件 + +```bash +curveadm cluster add my-cluster -f topology.yaml +``` + +切换 `my-cluster` 集群为当前管理集群 + +```bash +curveadm cluster checkout my-cluster +``` + +开始部署集群 + +```bash +$ curveadm deploy +...... +Cluster 'my-cluster' successfully deployed ^_^. +``` + +终端出现 `Cluster 'my-cluster' successfully deployed ^_^.` 即部署成功。 + +查看集群运行情况 + +```bash +$ curveadm status +Get Service Status: [OK] + +cluster name : my-cluster +cluster kind : curvefs +cluster mds addr : 192.168.3.81:6700,192.168.3.81:6701,192.168.3.81:6702 +cluster mds leader: 192.168.3.81:6702 / 7f5b7443c563 + +Id Role Host Replicas Container Id Status +-- ---- ---- -------- ------------ ------ +6ae9ac1ae448 etcd curve 1/1 d3ecb4e81318 Up 17 minutes +c45e2f0b9266 etcd curve 1/1 8ce9befa54b8 Up 17 minutes +6c6bde442a04 etcd curve 1/1 cbf093c6605f Up 17 minutes +9516d8f5d9ae mds curve 1/1 f338ec63c493 Up 17 minutes +fe2bf5d8a072 mds curve 1/1 b423c3351256 Up 17 minutes +7f5b7443c563 mds curve 1/1 7ad99cee6b61 Up 17 minutes +e6fe68d23220 metaserver curve 1/1 d4a8662d4ed2 Up 17 minutes +b2b4dbabd7bf metaserver curve 1/1 65d7475e0bc4 Up 17 minutes +426ac76e28f9 metaserver curve 1/1 f413efeeb5c9 Up 17 minutes +``` + +## 部署 Rainbond + +`Rainbond` 是一个云原生应用管理平台,使用简单,不需要懂容器、Kubernetes和底层复杂技术,支持管理多个Kubernetes集群,和管理企业应用全生命周期。 + +可以通过一条命令快速安装 Rainbond 单机版。 + +```bash +curl -o install.sh https://get.rainbond.com && bash ./install.sh +``` + +执行完上述脚本后,耐心等待 3-5 分钟,可以看到如下日志输出,表示 Rainbond 已启动完成。 + +```bash +INFO: Rainbond started successfully, Please pass http://$EIP:7070 Access Rainbond +``` + +## 部署 MinIO + +由于目前 CurveFS 只支持 S3 作为后端存储,CurveBS 后端即将支持。 所以我们需要部署一个 MinIO 对象存储。 + +通过 Rainbond 开源应用商店一键部署单机版 MinIO 或者集群版 MinIO。进入到 Rainbond 的 **平台管理 -> 应用市场**,在开源应用商店中搜索 `minio` 进行一键安装。 + +![](https://static.goodrain.com/wechat/curve/2.png) + +部署完成后,通过 Rainbond 提供的域名访问 MinIO 控制台,默认用户密码 `minio/minio123456`。然后需要创建一个 Bucket 供 CurveFS 使用。 + +## 部署 CurveFS-CSI + +- 前提:Rainbond 版本要在 v5.13+ + +通过 Rainbond 开源应用商店一键部署,进入到 Rainbond 的 **平台管理 -> 应用市场**,在开源应用商店中搜索 `curve-csi` 进行一键安装。 + +![](https://static.goodrain.com/wechat/curve/3.png) + +由于 CurveFS-CSI 没有 Rainbond 应用模型类的组件,都属于 k8s 资源类型,可在 **应用视图内 -> k8s资源** 下看到。 + +![](https://static.goodrain.com/wechat/curve/4.png) + +安装完成后,需要修改 `curvefs-csi-cluster-role-binding` 和 `curvefs-csi-role-binding` 的 namespace 为当前团队的 namespace,如当前团队 namespace 为 `dev`,如下: + +```yaml +# curvefs-csi-role-binding +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: curvefs-csi-role-binding +...... +subjects: +- kind: ServiceAccount + name: curvefs-csi-service-account + namespace: dev # changed + +# curvefs-csi-cluster-role-binding +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: curvefs-csi-cluster-role-binding +...... +subjects: +- kind: ServiceAccount + name: curvefs-csi-service-account + namespace: dev # changed +``` + +创建 `storageclass` 资源,同样在 **应用视图内 -> k8s资源 -> 添加**: + +```bash +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: curvefs-sc +provisioner: csi.curvefs.com +allowVolumeExpansion: false +reclaimPolicy: Delete +parameters: + mdsAddr: "172.31.98.243:6700,172.31.98.243:6701,172.31.98.243:6702" + fsType: "s3" + s3Endpoint: "http://9000.grda6567.1frt0lmq.b836cf.grapps.cn" + s3AccessKey: "minio" + s3SecretKey: "minio123456" + s3Bucket: "curve" +``` + +- mdsAddr:通过 `curveadm status` 命令获取。 + + ```bash + $ curveadm status + ...... + cluster mds addr : 172.31.98.243:6700,172.31.98.243:6701,172.31.98.243:6702 + ``` + +- s3Endpoint:填写 MinIO 组件的 9000 端口对外服务域名。 + +- s3AccessKey:MinIO 访问 Key,填 root 用户或生成 AccessKey。 + +- s3SecretKey:MinIO 密钥 Key,填 root 密码或生成 SecretKey。 + +- s3Bucket:MinIO 桶名称。 + +![](https://static.goodrain.com/wechat/curve/5.png) + +## 在 Rainbond 上使用 CurveFS + +通过镜像创建一个 Nginx 组件,在 **组件 -> 其他设置** 修改组件部署类型为 `有状态服务`。在 Rainbond 上只有 有状态服务 可以使用自定义存储,无状态服务使用默认的共享存储。 + +![](https://static.goodrain.com/wechat/curve/6.png) + +进入到 **组件 -> 存储** 添加存储,选择类型为 `curvefs-sc`,保存并重启组件。 + +![](https://static.goodrain.com/wechat/curve/7.png) + +等待组件启动完成后,进入组件的 Web 终端内,测试写入数据。 + +![](https://static.goodrain.com/wechat/curve/8.png) + +然后进入到 MinIO 桶内查看,数据已写入。 + +![](https://static.goodrain.com/wechat/curve/9.png) + +## 未来规划 + +Rainbond 社区未来会使用 Curve 云原生存储作为 Rainbond 底层的共享存储,为用户提供更好、更简单的云原生应用管理平台和云原生存储,共同推进开源社区生态以及给用户提供一体化的解决方案。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-06-jianmu.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-06-jianmu.md new file mode 100644 index 0000000000..c793ad4c26 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-06-jianmu.md @@ -0,0 +1,98 @@ +--- +title: Building a strong alliance with Rainbond to build firm-level clouds to apply the life-cycle management system +description: Wood is an open source (graphicalized)/low code (GitOps) tool that is easily extended to the DevOps domain. It can help users easily organize various DevOps processes and distribute them to different platforms for implementation. +slug: jianmu +image: https://static.goodrain.com/wechat/jianmu/jianmu-banner.png +--- + +[建木](https://gitee.com/jianmu-dev/jianmu) is an open source (graphicalization)/low code (GitOps) tool for easy extension of DevOps to help users organize various DevOps processes and distribute them to different platforms. + +The graphical layout of the wood provides multiple nodes, which can define the action to be performed by the step, and the user can freely combine the water line through multiple nodes.Rainbond community participated in the development of the Wood node and contributed **Rainbod component creation and continuous deployment** node.Users can use this node to automatically create components and continuously deploy components in Rainbond + +Wood apps can be deployed by one click on the open source store through Rainbond to make the deployment easier and extend the Rainbond build system as an application plugin. + +The figure below is the final result and the graphical hydrological line configuration of the wood. The flow chart below is presented as an example in: + +1. Clone Item Source +2. Build a project using Maven +3. Build Docker Image +4. Automatically create components and deploy them on Rainbond + + + +![](https://static.goodrain.com/wechat/jianmu/1.png) + +## 部署 Rainbond 与建木 + +### Rainbond 部署 + +[Rainbond](https://www.rainbond.com/) 是一个云原生应用管理平台,使用简单,不需要懂容器、Kubernetes和底层复杂技术,支持管理多个Kubernetes集群,和管理企业应用全生命周期。 + +可参阅 [基于主机安装Rainbond](https://www.rainbond.com/docs/installation/install-with-ui/) 文档进行安装。 + +### 建木部署 + +通过 Rainbond 开源应用商店一键安装建木应用,在 **平台管理 -> 应用市场 -> 开源应用商店** 中搜索 `建木`,进行安装。 + +![](https://static.goodrain.com/wechat/jianmu/2.png) + +安装完成后,建木应用拓扑图如下,可通过 Rainbond 默认提供的域名访问建木 UI,默认用户密码 admin/123456 + +![](https://static.goodrain.com/wechat/jianmu/3.png) + +同时也可以在 **平台管理 -> 扩展 -> 插件** 中看到建木应用插件的定义。 + +![](https://static.goodrain.com/wechat/jianmu/4.png) + +## 建木使用 + +将通过一个 Java SpringBoot Demo 项目进行演示,项目地址:https://gitee.com/zhangbigqi/java-maven-demo + +### 配置图形化流水线 + +访问建木UI,进入图形项目。 + +1.添加 `git clone` 节点并配置 git 地址。 + +![](https://static.goodrain.com/wechat/jianmu/5.png) + +2.添加 `maven构建` 节点并配置 workspace,其他都默认。 + +![](https://static.goodrain.com/wechat/jianmu/6.png) + +3.搜索 `rainbond`,添加 `构建docker镜像-rainbond` 节点,并配置。 + +- 配置 docker 用户和密码,用于推送镜像。需要在建木 **首页 -> 密钥管理** 中添加。 +- 配置镜像名称。 +- 指定 registry 地址,用于推送镜像。 +- 配置执行构建命令的目录,选择 `git clone目录`。 + +![](https://static.goodrain.com/wechat/jianmu/7.png) + +4.搜索 `rainbond`,添加 `rainbond组件创建与部署` 节点,并配置。 + +- **Rainbond URL:** Rainbond 的访问地址,例如:http://192.168.1.1:7070 +- **Rainbond Token:** 在 `Rainbond 控制台 -> 个人中心 -> 访问令牌` 中生成 Token。 +- **Rainbond 团队ID:** 例如进入到开发团队下,此时的 URL 为 http://192.168.1.1:7070/#/team/e2h5j3d8/region/rainbond/index,\`e2h5j3d8\` 就是团队ID。 +- **Rainbond 集群ID:** 例如进入到开发团队下,此时的 URL 为 http://192.168.1.1:7070/#/team/e2h5j3d8/region/rainbond/index,\`rainbond\` 就是集群ID。 +- **Rainbond 应用ID:** 例如进入到开发团队的测试应用下,此时的 URL 为 http://192.168.1.1:7070/#/team/e2h5j3d8/region/rainbond/apps/5,\`5\` 就是应用ID。 +- **镜像地址:** 选择上一步的 `镜像名称:镜像Tag`。 +- **组件名称:** 部署在 Rainbond 上的组件名称,例如:`java-test`。 + +![](https://static.goodrain.com/wechat/jianmu/8.png) + +### 运行图形化流水线 + +保存流水线配置并触发流水线执行,等待流水线执行完毕。 + +![](https://static.goodrain.com/wechat/jianmu/9.png) + +流水线执行完毕后,进入 Rainbond 的测试应用内,可看到组件成功创建。然后进入组件内添加 `5000` 端口并打开对外服务进行访问,验证服务是否正常。 + +![](https://static.goodrain.com/wechat/jianmu/10.png) + +## 最后 + +当然还有更高级的玩法,建木支持定义 [Workflow](https://docs.jianmu.dev/guide/flow-dsl.html#workflow),Workflow 支持节点并行、串行等等,但只能通过代码项目编辑 DSL 定义 Workflow。 + +![](https://static.goodrain.com/wechat/jianmu/11.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-11-zyplayer-doc.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-11-zyplayer-doc.md new file mode 100644 index 0000000000..a165247f35 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-11-zyplayer-doc.md @@ -0,0 +1,91 @@ +--- +title: Use online knowledge base system zyplayer-doc on Rainbond +description: zyplayer-doc is a knowledge base management tool for businesses and individuals, providing online knowledge base management functionality, designed specifically for privatization deployment, and ensuring data security for businesses or individuals +slug: zyplayer-doc +image: https://static.goodrain.com/wechat/zyplayer-doc/zyplayer-doc.png +--- + +[zyplayer-doc](http://doc.zyplayer.com/doc-wiki#/integrate/zyplayer-doc) is a business-and personal-friendly WIKI knowledge base management tool that provides online knowledge base management functionality, designed specifically for privatization-deployed, to the greatest extent possible to ensure data security for businesses or individuals and can be deployed in a fully Intranet way. + +It can also be used as a descriptive file for business products, supporting a single click to open the entire space content to the Internet, and providing options for open document style in different styles to save you from customizing the development of a system for product description. + +This paper will describe two ways in which the zyplayer-doc online knowledge base system is deployed, using Rainbond open source stores and using source code. + + + +## 部署 zyplayer-doc + +### 安装 Rainbond + +[Rainbond](https://www.rainbond.com/) 是一个云原生应用管理平台,使用简单,不需要懂容器、Kubernetes和底层复杂技术,支持管理多个Kubernetes集群,和管理企业应用全生命周期。主要功能包括应用开发环境、应用市场、微服务架构、应用交付、应用运维、应用级多云管理等。 + +可通过一条命令快速安装 Rainbond。 + +```bash +curl -o install.sh https://get.rainbond.com && bash ./install.sh +``` + +### 通过应用商店部署 zyplayer-doc + +`zyplayer-doc` 已经发布到 Rainbond 开源应用商店,用户可通过开源应用商店一键安装 `zyplayer-doc`。 + +在 Rainbond 的 **平台管理 -> 应用市场 -> 开源应用商店** 中搜索 `zyplayer-doc` 并安装。 + +![](https://static.goodrain.com/wechat/zyplayer-doc/1.png) + +部署完成后拓扑图如下。 + +![](https://static.goodrain.com/wechat/zyplayer-doc/2.png) + +可通过 Rainbond 默认提供的域名访问 `zyplayer-doc`,访问需要加后缀 `/zyplayer-doc/`,如:`http://xxx.cn/zyplayer-doc/`,默认用户密码 **zyplayer/123456**。 + +![](https://static.goodrain.com/wechat/zyplayer-doc/3.png) + +### 通过源码部署 zyplayer-doc + +zyplayer-doc 是由 Java 编写的 SpringBoot 项目,Rainbond 对于 Java 项目可以通过识别项目的 pom.xml 文件来进行模块的打包以及构建和部署,实现一键式体验。 + +#### 部署 MySQL + +zyplayer-doc 需要使用 MySQL 服务,可以通过 Rainbond 开源应用商店快速部署 MySQL。 + +在 Rainbond 的 **平台管理 -> 应用市场 -> 开源应用商店** 中搜索 `mysql` 并安装,可选择安装 `5.7` 或 `8.0` 版本。 + +![](https://static.goodrain.com/wechat/zyplayer-doc/4.png) + +#### 源码部署 zyplayer-doc + +修改 `zyplayer-doc-manage/src/main/resources/application.yml`配置文件,连接信息可在 MySQL 组件中的依赖信息查看。 + +```yaml +zyplayer: + doc: + manage: + datasource: + driverClassName: com.mysql.cj.jdbc.Driver + url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT}/${MYSQL_DATABASE}?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&autoReconnect=true&useSSL=false + username: ${MYSQL_USER} + password: ${MYSQL_PASSWORD} +``` + +进入到团队/应用内,选择通过源码创建组件。 + +- 组件名称、组件英文名称均自定义即可。 +- 仓库地址:https://gitee.com/dromara/zyplayer-doc +- 代码分支:master + +![](https://static.goodrain.com/wechat/zyplayer-doc/5.png) + +然后 Rainbond 会检测出来为多模块项目,选择 `zyplayer-doc-manage` 并进行构建,其他模块都是依赖项,是不可运行的。 + +![](https://static.goodrain.com/wechat/zyplayer-doc/6.png) + +#### 编排服务 + +在应用内 -> 切换到编排模式,将 zyplayer 组件依赖至 MySQL 组件,这样 MySQL 组件会将自身的环境变量注入到 zyplayer 中,zyplayer 组件就可以通过配置文件中的环境变量连接到 MySQL 数据库。 + +![](https://static.goodrain.com/wechat/zyplayer-doc/7.png) + +然后更新 zyplayer 组件即可。 + +最后通过 Rainbond 默认提供的域名访问 `zyplayer-doc`,访问需要加后缀 `/zyplayer-doc/`,如:`http://xxx.cn/zyplayer-doc/`,默认用户密码 **zyplayer/123456**。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-19-jpom.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-19-jpom.md new file mode 100644 index 0000000000..77e59e663f --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-19-jpom.md @@ -0,0 +1,141 @@ +--- +title: Rainbond combined Jpom for project management of cloud native & local integration +description: Jpom is a simple and lightweight low-intrusive online build, auto-deployed, daily workflow, and project wire-monitoring software.Rainbond combined with Jpom to achieve unified management of cloud origin and local projects +slug: jpom +image: https://static.goodrain.com/wechat/jpom/jpom-banner.png +--- + +Jpom is a simple and lightweight low-intrusive online build, auto-deployed, daily workflow, and project wire-monitoring software.Provided: + +- Manage:cluster nodes, manage multiple nodes uniformly, achieve quick distribution of project files +- Project management:Creates, Starts, Stops, Real-Time View Project Console Logs, Manage Project Files +- SSH Terminal:executes SSH terminals in your browser, facilitates daily traffic, record execution command records +- Built:online for GIT, SVN repository for quick project packages, without manual uploading of project packs +- Online scripts:Manage scripts, scheduled scripts, webhook executions, execution logs, etc. +- Docker manages:online management of mirrors, containers, SWARM clusters.Interface Management DOCKER +- User management:for multiple user administrations. Permissions different permissions for different users, user actions and management logs +- Project monitor:live monitor the current status of the project, automatically triggering emails, nailing alerts if an exception is not made +- NGINX configuration, SSL certificate:Easy online modification of NGINX configuration, SSL certificate unified management + + + +## Rainbond 与 Jpom 结合 + +![](https://static.goodrain.com/wechat/jpom/1.png) + +Rainbond 与 Jpom 结合可以实现云原生项目和本地项目的统一管理,例如: + +- 使用 Rainbond 部署和管理 Jpom +- 可通过 Jpom 构建可容器化的云原生项目并部署在 Rainbond 上管理和运维 +- 通过 Jpom 管理一些无法容器化的传统项目以及部署 +- 通过 Jpom 管理 Rainbond 集群的服务器,可作为堡垒机使用 +- 使用 Jpom 管理脚本、执行脚本和定时脚本等。 + +## 部署 Jpom + +### 前提 + +安装 Rainbond,可通过一条命令快速安装 Rainbond。 + +```bash +curl -o install.sh https://get.rainbond.com && bash ./install.sh +``` + +### 对接开源应用商店并部署 Jpom + +Jpom 已发布到 Rainbond 开源应用商店,可通过 Rainbond 开源应用商店一键部署 Jpom。 + +进入 Rainbond 控制台的 `平台管理 -> 应用市场 -> 开源应用商店` 中搜索 `Jpom` 并安装。 + +![](https://static.goodrain.com/wechat/jpom/2.png) + +安装完成后,可通过 Rainbond 提供的默认域名访问 Jpom并登陆进行用户注册。 + +![](https://static.goodrain.com/wechat/jpom/3.png) + +## Jpom 快速入门 + +### 本地构建 + SSH 发布 Java Jar 项目 + +简述使用 Jpom 构建 Java 项目然后通过 SSH 发布到服务器上并运行。 + +#### 1.添加 SSH 节点 + +进到 `系统管理 -> 资产管理 -> SSH管理` 添加 SSH 节点,如下图。 + +![](https://static.goodrain.com/wechat/jpom/4.png) + +添加 SSH 节点后,点击 `关联`,配置文件目录,发布的项目将在这个目录下操作。 + +![](https://static.goodrain.com/wechat/jpom/5.png) + +#### 2.添加 Git 仓库信息 + +进入 `功能管理 -> 在线构建 -> 仓库信息` 新增仓库,Git 仓库地址:https://gitee.com/rainbond/java-maven-demo + +![](https://static.goodrain.com/wechat/jpom/6.png) + +#### 3.添加构建任务 + +进入 `功能管理 -> 在线构建 -> 构建列表` 添加构建: + +- 名称:自定义 + +- 源仓库:选择上一步创建的仓库信息 + +- 分支:master + +- 方式:本地构建 + +- 构建命令: + + ```bash + mvn clean package + ``` + +- 产物目录:`target/java-maven-demo-0.0.1.jar` + +- 发布操作:选择 SSH + +- 发布的SSH:选择第一步配置的 SSH 节点 + +- 发布目录:选择配置的目录 `/home/zq`,`java` 目录是项目运行目录 + +- 发布前命令:一般用于停止就的进程。 + +```bash +Tag="java-maven-demo" + +pid=$(ps -ef | grep -v 'grep' | egrep $Tag| awk '{printf $2 " "}') +if [ "$pid" != "" ]; then + echo -n "boot ( pid $pid) is running" + echo + echo -n $"Shutting down boot: " + pid=$(ps -ef | grep -v 'grep' | egrep $Tag| awk '{printf $2 " "}') + if [ "$pid" != "" ]; then + echo "kill boot process" + # kill "$pid" + kill -9 "$pid" + fi +else + echo "boot is stopped" +fi +``` + +- 发布后命令:一般用于启动项目。 + +```bash +nohup java -Dappliction=java-maven-demo -jar /home/zq/java/java-maven-demo-0.0.1.jar > /dev/null 2>&1 & +``` + +其他都默认即可,保存并构建。 + +![](https://static.goodrain.com/wechat/jpom/7.png) + +等待构建完成后,就可以在服务器上看到进程,并且也能访问。 + +![](https://static.goodrain.com/wechat/jpom/8.png) + +## 最后 + +Jpom 还有很多优秀的功能和场景,比如:**节点管理、脚本管理、文件管理、监控管理** 以及一些实践场景等等,有兴趣的小伙伴可以自行探索。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-21-datacap.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-21-datacap.md new file mode 100644 index 0000000000..c3a16087eb --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-04-21-datacap.md @@ -0,0 +1,72 @@ +--- +title: Platform data (database management tool) DataCap manages all databases on Rainbond +description: DataCap is an integrated software for data conversion, integration and visualization. It supports multiple data sources, file types, large data-related databases, relationship databases, NoSQL databases, etc. +slug: datamap +image: https://static.goodrain.com/wechat/datacap/datacap-banner.png +--- + +DataCaps are integrated software for data conversion, integration and visualization that supports multiple data sources, file types, large data-related databases, relational databases, NoSQL databases, etc.The DataCap enables the management of multiple data sources, the conversion of data under data sources, the production of data graphs, the monitoring of data sources, etc. + + + +## 在 Rainbond 上部署 DataCap + +### 前提 + +安装 Rainbond,可通过一条命令快速安装 Rainbond。 + +```bash +curl -o install.sh https://get.rainbond.com && bash ./install.sh +``` + +### 对接 Rainbond 开源应用商店并部署 DataCap + +DataCap 已发布到 Rainbond 开源应用商店,可通过 Rainbond 开源应用商店一键部署 DataCap。 + +进入 Rainbond 控制台的 `平台管理 -> 应用市场 -> 开源应用商店` 中搜索 `DataCap` 并安装。 + +![](https://static.goodrain.com/wechat/datacap/1.png) + +安装完成后,可通过 Rainbond 提供的默认域名访问 DataCap,默认用户密码 admin/12345678 + +![](https://static.goodrain.com/wechat/datacap/topology.png) + +## DataCap 快速入门 + +### 添加数据源 + +进入到 `管理 -> 数据源` 添加 Mysql 数据源 + +![](https://static.goodrain.com/wechat/datacap/2.png) + +在 `配置` 中配置 MySQL 访问地址,这里可以配置 DataCap 使用的 MySQL,访问地址可在 `MySQL 组件 -> 端口` 中获取访问地址,MySQL 默认用户密码 root/root + +![](https://static.goodrain.com/wechat/datacap/3.png) + +### SQL 编辑器 + +进入到 `查询` 中选择数据源,就可以在编辑器中编写SQL进行数据源的查询等相关操作。 + +![](https://static.goodrain.com/wechat/datacap/4.png) + +### SQL 绘表 + +通过 SQL 查询出数据后,可以进行数据绘表。 + +![](https://static.goodrain.com/wechat/datacap/5.png) + +### SQL 片段 + +片段可以将当前的 SQL 语句保存,方便后续引用。可在 `管理 -> 片段` 中查询片段列表。 + +![](https://static.goodrain.com/wechat/datacap/6.png) + +### 监控进程 + +在 `管理 -> 进程` 中可看到当前数据库的进程。 + +![](https://static.goodrain.com/wechat/datacap/7.png) + +## 最后 + +DataCap 还有更多好用的功能,比如 **执行历史、函数、SQL模板**,还集成了 ChatGPT 用于 SQL 优化,不过我的 ChatGPT Key 过期了,就不多描述了,有兴趣的小伙伴可以安装体验下。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-04-hybridcloud.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-04-hybridcloud.md new file mode 100644 index 0000000000..3a8bd8086b --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-04-hybridcloud.md @@ -0,0 +1,95 @@ +--- +title: A mixed cloud management solution based on Rainbond +description: The article explores the difficulties, key points in the mixed cloud scene, as well as solutions for the Rainbod platform in terms of mixed cloud management of the cross-cloud platform.Consistency management for applications in mixed clouds, including through the organization and management of containers in multiple clusters, has been achieved. +slug: hybrid-cloud +image: https://static.goodrain.com/wechat/hyper-cloud/hypercloud-1.png +--- + +The executive summary:explores the dilemma of the mixed cloud scenario, key points, and solutions for the Rainbod platform to blend cloud management across cloud platforms.Consistency management for applications in mixed clouds, including through the organization and management of containers in multiple clusters, has been achieved.The article also describes applications template delivery and cross-cloud team management for the Rainbod platform in a mixed cloud environment to help users simplify application delivery and delivery operations for the cross-cloud platform. + + + +## 混合云的应用场景 + +随着云原生技术的逐渐成熟,混合云成为了企业在云原生领域中的热门话题之一。混合云的场景特点是企业应用和数据在多个云环境中进行部署和运行,包括私有云和公有云,以及不同的云服务提供商。这样的场景带来了许多挑战和机遇。 + +混合云的价值点主要在于: + +- 灵活性和可扩展性:混合云能够让企业在不同云环境中选择最适合的部署方案,使得应用和服务的部署更加灵活和可扩展。 + +- 高可用性和容灾能力:混合云能够通过在多个云环境中部署应用和数据,提高系统的可用性和容灾能力,从而减少系统停机时间和数据损失。 + +- 降低成本:混合云能够让企业根据应用和数据的需求,在不同的云环境中选择最优惠的价格和性能比例,从而降低总体成本。 + +## 混合云管理要点 + +混合云场景相较于单一的私有云或公用云场景而言复杂很多,建设混合云的难点往往来自于不同供应商提供的云平台之间有很多差异,很难做到统一的管理体验。而且,多个供应商提供的云平台之间不互通,跨云进行数据同步时,需要考虑一致性与安全性。 + +- 跨云平台标准化:不同的云平台之间存在着各种差异,使得跨云平台的操作和管理变得复杂。标准化能够让不同平台之间的操作和管理更加一致,减少管理难度。 + +- 数据一致性:不同云平台之间的数据交换和同步需要确保数据一致性,以避免数据冲突和丢失。 + +- 安全性:在混合云场景下,不同云平台之间的数据和应用需要得到适当的安全保护,以保障数据的机密性和完整性。 + +- 用户管理:在混合云场景下,不同的云平台之间的用户体系并不相通。统一的混合云管理平台能够利用一套用户体系纳管多个集群中的计算资源,极大的降低了管理成本。 + +## 混合云场景功能需求 + +在混合云场景中,以下跨云功能通常具有很强的需求: + +1. 一致性操作体验:以一致性的管理体验,抹平用户使用不同云资源的操作差异。使得用户可以通过一套操作,完成应用从发布到上线到多个云环境的核心过程。一致性操作体验可以极大的弱化用户在面对多个不同云环境的不适感,使底层计算资源对用户透明。 + +2. 用户管理:通过在统一控制台层面抽象用户体系,完成一套用户管理所有集群的效果。可以极大的降低企业管理成本。 + +3. 跨云迁移和部署:随着企业在多个云平台上部署应用程序,跨云迁移和部署变得非常重要。能够将应用程序从一个云平台迁移到另一个云平台,无缝部署并在多云环境中进行管理,将大大提高企业的灵活性和敏捷性。 + +4. 多云容灾:由于云服务提供商可能会遇到可用性问题,因此在混合云场景中,多云容灾变得非常重要。通过在多个云平台上部署应用程序,企业可以在一个云平台遇到问题时,快速切换到另一个云平台上运行,以保持业务的连续性。 + +5. 跨云数据管理:在混合云场景中,跨云数据管理也是一个重要的需求。能够在多个云平台上进行数据备份和恢复,以及在不同云平台之间共享数据,将为企业提供更强的灵活性和可扩展性。 + +## 基于Rainbond 的混合云建设 + +Rainbond云原生应用管理平台在设计之初就考虑了如何适应混合云管理场景。在产品设计中,Rainbond可以从逻辑上划分为控制台和集群端组件两大部分,其中控制台的多云管理模块可以使其对接并管理多个集群。而集群端组件可以部署在各类 Kubernetes 集群之中,通过与 Kube-apiserver 的通信来管理 Kubernetes 集群之中的各类资源。Rainbond 集群端组件可以部署到各类 Kubernetes 集群之中,包括标准 Kubernetes 集群、 K3s 集群,也可以部署到阿里云ACK托管服务、腾讯云 TKE 服务等托管集群之中。并能够适配公有云服务商所提供的多种云服务,比如通过CSI为业务Pod分配阿里云硬盘存储。 + +Rainbond控制台则提供了多集群管理的唯一入口,用户不需要过多学习,就可以掌握面向不同云环境发布应用的操作步骤。而这些操作步骤是统一且易用的,不受低层不同云环境的掣肘。 + + + +### 团队工作空间隔离 + +Rainbond云原生应用管理平台在控制台层建设用户体系,这意味着用户体系与低层云环境无关,Rainbond 通过自身RBAC权限体系来决定用户可以访问哪些云环境所对应的工作空间中的资源。Rainbond 通过团队这一抽象概念来划分用户的工作空间。团队与低层云环境的对应关系可以是共享的,也可以是独享的。用户一旦加入指定的团队,即可使用团队所开通的集群。 + +- 共享模式:即一个团队在多个不同的集群中开通,团队一旦在多个集群中开通,就会在其中同时创建同名的命名空间。在这个团队中的用户,自然可以在不同的集群中部署自己的业务系统。不同集群的操作入口由控制台提供,非常容易理解。 +- 独享模式:独享模式更好理解,即在指定的集群中开通命名空间与之对应,用户仅可以使用这个集群中的计算资源。 + +基于团队这一工作空间的抽象,用户可以在其中完成应用的发布与管理操作。Rainbond 提供更多能力丰富其管理能力,包括操作审计、资源限额、权限管理等能力。 + + + +### 多云容灾 + +混合云多云容灾是在混合云场景中,为了确保应用的高可用性和容灾能力而采取的一种策略。在混合云环境中,由于应用可能部署在不同的云平台上,因此需要确保即使某一云平台出现故障或不可用,应用仍能够在其他云平台上继续运行。这就需要实现混合云多云容灾,使得应用可以在不同云平台之间实现无缝切换,确保应用的高可用性和容灾能力。 + +Rainbond 的多云管理机制为多云容灾打造了坚实的低层框架,纵使 Rainbond 在自身高可用能力上投入甚多,但我们依然不能假定集群级别的宕机崩溃不会发生。生产环境中常借助云服务商提供的其他能力一起建设健壮的多云容灾场景。额外要引用的能力包括: + +- 智能化的网络入口切换能力:Rainbond 依靠 CDN 和智能 DNS 的协作,完成网络入口智能切换的能力。在平时,外部流量可以根据地域自动切换到就近的网关进行访问。在集群级别的宕机发生时,则将有故障的集群入口下线。 +- 数据同步能力:无论用户访问到哪一个集群中的服务,都会得到同样的反馈,保障这个效果的前提是多个集群中的业务数据实时同步。Rainbond 不提供数据同步能力,这一部分我们需要依靠公有云供应商提供的数据同步服务来保障。阿里云提供的 DTS 服务是其中的代表。 +- 专线网络能力:多个集群之间的数据同步往往不会轻易从公共网络中穿梭。从安全性和可靠性的角度出发,我们更倾向于使用专线网络进行多个集群之间的通信,尤其是在数据跨云同步场景里。 + +从整体架构上考虑多云容灾是我们的首要任务。但面对数据灾难,我们能做的不仅仅是防患未然,如何进行灾难后的恢复也是非常重要的一环。Rainbond云原生管理平台提供两个层次的备份恢复能力,首先是为Rainbond平台本身进行备份,确保平台自身可以恢复;其次是针对应用的备份能力,能够将包括持久化数据在内的应用进行整体备份。机房可以被战争、火灾或者自然灾祸摧毁,但只要运维人员手里拥有备份数据,整个Rainbond混合云平台及运行其上的应用就可以被重建。 + + + +### 跨云应用部署 + +在混合云场景中,业务应用是一等公民,应用如何能够在不同的云环境中自由部署实际上是对混合云管理场景最基础的要求。在这个方面,Rainbond云原生应用管理平台以应用模板的交付流程来打通应用跨云部署的屏障。 + +应用交付一直是 Rainbond 致力解决的痛点问题。现代微服务动辄会将业务系统拆分成为几十个相互关联的微服务,利用传统方式将其部署到 Kubernetes 容器云环境中,不免要为数十份复杂的 Yaml 文件和容器镜像头痛不已。加之不同的云供应商所提供的云环境也不相同,更加灾难化了应用交付的体验。 + +前文中已经说到,Rainbond云原生应用管理平台已经在混合云场景下抹平了不同云环境的使用体验。在应用跨云交付场景中也是如此,复杂的微服务系统在 Rainbond 中被抽象成为了一个可以统一管理、统一交付的应用。通过将应用发布成为应用模板,即可在不同的集群之间完成一键安装和升级。极大的降低了软件交付成本。 + + + +## 写在最后 + +混合云管理场景是眼下云计算领域最炙手可热的话题,利用 Rainbond 云原生应用管理平台打造的混合云可以解决大多数难点与痛点。面向未来展望,Rainbond 会在混合云管理领域继续发力,围绕更复杂的场景,纳管更多种不同的云资源。比如通过与 Kubedge 的集成,将混合云解决方案扩展到边缘计算场景。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-06-GatewayAPIIntro.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-06-GatewayAPIIntro.md new file mode 100644 index 0000000000..66e847d8b9 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-06-GatewayAPIIntro.md @@ -0,0 +1,352 @@ +--- +title: Kubernetes Gateway API in-depth reading and landing guides +description: The Kubernetes Gateway API is a new API norm introduced in Kubernetes version 1.18. It is a new API that Kubernetes official is being developed, and Progress is an existing API for Kubernetes. +slug: gateway-api-intro +image: https://static.goodrain.com/wechat/gateway-api-indexpth/1.png +--- + +The Kubernetes Gateway API is a new API norm introduced in Kubernetes version 1.18. It is a new API that Kubernetes official is being developed, and Progress is an existing API for Kubernetes.The Gateway API will become a next generation alternative to progress.The Gateway API provides more functionality, supports TCP , UDP, TLS etc. and not just HTTP.Progress is mainly for HTTP traffic. The Gateway API is more extensive, with CRD you can easily add specific Gateway types, such as AWS Gateway etc.Expansion of Progress is relatively difficult.The Gateway API supports more meticulous traffic routing rules that can be accurate to service level.The minimum route cell for Progress is the path. + +Meaning and value of the Gateway API: + +- As an official Kubernetes project, the Gateway API is better integrated with Kubernetes itself, with greater reliability and stability. + +- Support for more abundant traffic protocols for more complex scenarios such as service grids, and not only HTTP.Can be unified as the traffic entry API for Kubernetes. + +- Better extension, using CRD to easily support various types of custom types of Gateway's and more flexible. + +- Flow control of fine particles, precision to service level routing and provide a stronger flow management capability. + +On the whole, the Gateway API is a new generation of Kubernetes entry API, with wider application scenes, stronger features, and better reliability and extension.The Gateway API is a better option for the production level Kubernetes environment.This article will deepen the interpretation of the Kubernetes Gateway API concepts, features, and usages to help readers understand and actually apply Kubernetes Gateway API, taking advantage of Kubernetes network traffic management. + + + +## 发展现状 + +### 版本现状 + +Gateway API 目前还处于开发阶段,尚未发布正式版本。其版本发展现状如下: + +- v1beta1: 当前的主要迭代版本,Gateway API 进入了beta 版本,这意味着我们可以在生产中使用 Gateway API 能力了,目前 beta 版本仅支持 HTTP 协议, TCP 协议、UDP 协议、gRPC 协议、TLS 协议均为 alpha 版本。 + +- v1.0: 首个正式GA版本,API稳定,可以用于生产环境。但功能还会持续完善。 + +### 可用场景 + +下面简单整理了一下 HTTPRoute 的一些可用场景: + +- 多版本部署:如果您的应用程序有多个版本,您可以使用 HTTPRoute 来将流量路由到不同的版本,以便测试和逐步升级。例如,您可以将一部分流量路由到新版本进行测试,同时保持旧版本的运行。 + +- A/B 测试:HTTPRoute 可以通过权重分配来实现 A/B 测试。您可以将流量路由到不同的后端服务,并为每个服务指定一个权重,以便测试不同版本的功能和性能。 + +- 动态路由:HTTPRoute 支持基于路径、请求头、请求参数和请求体等条件的动态路由。这使得您可以根据请求的不同属性将流量路由到不同的后端服务,以满足不同的需求。 + +- 重定向:HTTPRoute 支持重定向,您可以将某些请求重定向到另一个 URL 上,例如将旧的 URL 重定向到新的 URL。 + +### 周边生态 + +目前,尽管 Gateway API 还处于开发阶段,但已经有部分项目表示支持或计划支持Gateway API。主要包括: + +- Istio 是最流行的服务网格项目之一,Istio 1.9 版本计划引入实验性的 Gateway API 支持。用户可以通过 Gateway 和 HTTPRoute 资源来配置 Istio 的 Envoy 代理。 + +- Linkerd 是另一个流行的服务网格项目,Linkerd 2.10 版本添加了 Gateway API 支持。用户可以使用 Gateway API 资源来配置 Linkerd 的代理。 + +- Contour 是一个Kubernetes Ingress Controller,Contour 1.14.0 版本添加 Gateway API 支持,可以使用 Gateway 和 HTTPRoute 来配置 Contour。 + +- Flagger 是一款 Kubernetes 的蓝绿部署和 A/B 测试工具,Flagger 0.25版本添加了对Gateway API的支持,可以使用Gateway和HTTPRoute构建Flagger的流量路由。 + +- HAProxy Ingress Controller支持Gateway API,可以使用Gateway和HTTPRoute构建HAProxy的配置。 + +- Traefik是著名的开源边缘路由器,Traefik 2.5版本开始支持Gateway API并逐步淘汰Ingress支持。 + +除此之外,Apisix、Envoy gateway、Higress等开源项目也支持或打算支持Gateway API,各大云服务商都在积极跟进Gateway API进展,预计未来会在相应的服务中提供Gateway API支持。可以看出,尽管Gateway API还不算成熟和稳定,但由于其强大的功能和作为Kubernetes官方项目的影响力,已经获得大量项目的支持和兼容。服务网格、API网关以及各大云服务商都将是Gateway API的重点生态。 + +### 未来规划 + +- 完善功能和稳定性:继续完善 Gateway API 的功能和稳定性,以确保其能够应对不同场景的需求。 + +- 管理规模:针对大规模 Kubernetes 集群的需求,优化 Gateway API 的性能和扩展性,使其能够管理更多的网关和路由规则。 + +- 增强安全性:加强 Gateway API 的安全性,包括在传输过程中的加密、身份验证等方面,以确保网络流量的安全性。 + +- 完善文档和社区支持:完善 Gateway API 的文档和社区支持,以帮助用户更好地使用和了解该项目。 + +## Gateway API 规范解读 + +### 基础概念 + +Kubernetes Gateway API 定义了三种基本资源类型:GatewayClass、Gateway、Route 。 + +- **Gatewayclass:** 一组共享通用配置和行为的 Gateway 集合,与 IngressClass、StorageClass 类似,需要知道 Gateway API 并不会创建真正的网关,真正的网关是由一些支持 Gateway API 的社区(基础设备提供商)所提供的 Controller 所创建,如 Envoy 、Istio、Nginx。GatewayClass, Gatewayclass 的作用就是绑定一个 Controller 定义一种网关类型。 +- **Gateway:** 可以说成 GatewayClass 的具体实现,声明后由 GatewayClass 的基础设备提供商提供一个具体存在的 Pod,充当了进入 Kubernetes 集群的流量的入口,负责流量接入以及往后转发,同时还可以起到一个初步过滤的效果。 +- **Route:** 真实的路由,定义了特定协议的规则,用于将请求从 Gateway 映射到 Kubernetes 服务。目前只有 HTTPRoute 进入了v1beta 版本,是比较稳定的版本,后续 TCPRoute、UDPRoute、GRPCRoute、TLSRoute 等也会陆续进入 beta 版本达到生产可用,这里将只对 HTTPRoute 进行介绍。 + +关于他们三者之间的关系,官方文档也给了一幅非常清晰的结构图,如下图所示,在我看来,图片主要强调了面向角色的特点,官方想表达意思是 GatewayClass 由基础设施供应商提供,Gateway 资源由集群工程师创建,基本环境搭建完成后,开发者便可以轻松创建 HTTPRoute 将自己的业务代理出来。 + +![](https://static.goodrain.com/wechat/gateway-api-indepth/1.png) + +### 工作原理 + +#### 结构图 + +![](https://static.goodrain.com/wechat/gateway-api-indepth/2.png) + +#### GatewayClass + +通过部署 GatewayClass 绑定下游实现提供的 Controller,为集群提供一种网关能力,这里可以看作是一种注册声明吧,将你的下游实现注册到集群中供 Gateway 绑定使用。Controller 可以看作监听 Gateway 资源的 Operator。 + +```Bash +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller #绑定的 Controller 名称 +``` + +#### Gateway + +Gateway 资源是一个中间层,需要定义所要监听的端口、协议、TLS 配置等信息,可以将网络流量的管理和控制集中到一个中心化的位置,提高集群的可用性和安全性。配置完成后,由 GatewayClass 绑定的 Controller 为我们提供一个具体存在 Pod 作为流量入口,需要注意的是,各家实现在此处还是略有不同,比如说 Envoy 当你创建 Gateway 资源后,Envoy Controller 会创建一个 Deployment 资源为你提供入口流量 Pod ,然而 Nginx 则是自己本身就是流量入口 Pod 不会创建新的。 + +```YAML +spec: + gatewayClassName: envoy #绑定的 GatewayClass 名称。 + listeners: # 定义了一些监听项,供 Route 进行绑定 + - allowedRoutes: #定义流量转发范围 + namespaces: + from: All #允许 Gateway 往所有的 Namespace 的 Pod 转发流量。 + name: http #监听项名称。 + port: 8088 #监听项所占用的端口 + hostname: www.gateway.*.com #定义一个域名,一般为泛域名、匹配来自该域名的流量。 + protocol: HTTP #定义协议,HTTP或者HTTPS + - allowedRoutes: + namespaces: + from: All + name: https + port: 8443 + protocol: HTTPS + tls: #为 HTTPS 配置加密协议 + mode: Terminate #加密协议类型,Terminate 或 Passthrough + certificateRefs: + - kind: Secret + name: cafe-secret + namespace: default +``` + +**协议类型:** + +- **Terminate**:将加密的流量解密并将明文流量转发到后端服务。这种模式需要在网关处配置证书和密钥,以便对客户端和服务器之间的流量进行加密和解密,确保数据安全性。 +- \*\*Passthrough:\*\*将加密的流量原样转发到后端服务。这种模式不需要在网关处配置证书和密钥,因为 TLS 连接只在后端服务处终止。这种模式适用于需要将 TLS 流量直接传递到后端服务的场景,如需要对后端服务进行更细粒度的访问控制或流量监控的情况。 + +#### HTTPRoute + +HTTPRoute 便跟你的业务密切相关了,在这里定义详细的规则,将流量代理到对应的业务服务上。 + +```YAML +#HTTPRoute A +spec: + parentRefs: #绑定 Gateway 监听项 + - name: gateway #Gateway 资源名称 + namespace: envoy #Gateway所在命名空间 + sectionName: http #监听项名称 + hostnames: #为路由配置域名 + - "www.gateway.example.com" #可配置泛域名,可配置多个 + rules: #配置详细的路由规则,可配置多个,下面有对各种规则类型的详细解析 + - matches: #匹配条件 + - path: #路径匹配 + type: PathPrefix #路径类型:Exact 完全匹配/PathPrefix 前缀匹配/RegularExpression 正则匹配 + value: /gateway + filters: #高级设置 + - type: requestHeaderModifier #加工请求头 + requestHeaderModifier: #支持 set 覆盖/add 添加/remove 删除 + set: + - name: service + value: goodrain + - type: RequestRedirect #请求重定向 + requestRedirect: + scheme: https # 重定向所使用的协议,http/https + hostname: www.baidu.com #重定向的域名 + port: 8443 #重定向所使用的端口 + statusCode: 301 #重定向状态码:301 永久的重定向/302 临时重定向 +----------------- +#HTTPRoute B +spec: + parentRefs: + - name: gateway + namespace: envoy + sectionName: https + hostnames: + - "www.gateway.example.com" + rules: + - matches: + - headers: #请求头匹配 + - name: service + value: goodrain + backendRefs: #后端路由 + - name: goodrain-v1 # service 名称 + port: 80 #service 端口 + weight: 80 #权重 + - name: goodrain-v2 + port: 80 + weight: 20 +``` + +**规则类型:** + +- **matches:** 由一个或多个匹配条件组成,这些匹配条件可以基于HTTP请求的各种属性(如请求方法、路径、头部、查询参数等)进行匹配,从而确定哪些请求应该被路由到该规则对应的后端服务。 +- **filters:** 对传入请求进行更细粒度的控制,例如修改请求的头部、转发请求到其他服务、将请求重定向到不同的URL等。它们由一组规则组成,每个规则都包含一个或多个过滤器。这些过滤器可以在请求被路由到后端服务之前或之后进行处理,以实现各种不同的功能。 +- **backendRefs:** 用来指定后端服务的引用,它包含一个后端服务的列表,每个服务由名称和端口号组成,可以使用不同的负载均衡算法,将请求路由到后端服务的其中一个实例中,实现负载均衡。 + +深入了解以后,我们可以看出来 HTTPRoute 的用法非常的灵活,可以通过将不同的规则组合搭配,来创建一条适合我们业务的路由,就拿上面的 yaml 为例,整体流量走向如下图所示,当 http 协议的请求流量进入后,按照规则匹配,流量会向下转发到 HTTPRoute A 的路由上,HTTPRoute A 按照规则顺序,先对请求进行加工处理添加请求头,之后将请求重定向到 HTTPRoute B上,再由 HTTPRoute 将流量按照权重比例路由到对应的后端服务。 + +需要注意的是,规则集有优先级,当同时存在多个规则(rule)的时候,流量会从上往下进行匹配,只要有匹配上流量会直接代理到其对应的后端或重定向到对应的路由。 + +## Gateway API 快速上手 + +整理一下部署思路,如果在业务中使用 Gateway API 我们都需要做什么。 + +- Kubernetes Gateway API 基础 CRD。[安装网关 API CRD地址](https://gateway-api.sigs.k8s.io/guides/#installing-gateway-api)。 +- Gateway API 下游实现,即基础设备供应商。(包含 GatewayClass 资源)[下游实现地址](https://gateway-api.sigs.k8s.io/implementations/)。 +- 创建 Gateway ,定义基础的路由方式供 HTTPRoute 选择。根据上面的字段解释自行编写。 +- 创建 HTTPRoute 设置规则绑定自己的业务。根据上面的字段解释自行编写。 + +下面以 Envoy 提供的 demo 为例,串一下整体流程 + +### 安装Gateway API CRD 和 Envoy Controller + +```Bash +kubectl apply -f https://github.com/envoyproxy/gateway/releases/download/v0.3.0/install.yaml +``` + +**查看安装效果** + +```Bash +# 查看安装的 CRD 资源 +kubectl get crd |grep networking.k8s.io + +# 查看安装的 envoy controller +kubectl get pod -n envoy-gateway-system +``` + +### 安装 Gateway、HTTPRoute 及示例应用 + +```Bash +kubectl apply -f https://github.com/envoyproxy/gateway/releases/download/v0.3.0/quickstart.yaml +``` + +#### 内部 GatewayClass 资源 + +资源的 controllerName 属性字段配置绑定了 envoy 的 controller + +```Bash +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: GatewayClass +metadata: + name: eg +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +``` + +#### 内部 Gateway 资源 + +资源的 gatewayClassName 属性字段配置绑定了 gatewayclass 资源名称 eg,同时提供了一个 对内监听端口为 80,协议类型为 http 的监听项。 + +```Bash +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: Gateway +metadata: + name: eg +spec: + gatewayClassName: eg + listeners: + - name: http + protocol: HTTP + port: 80 +``` + +#### 内部的 HTTPRoute 资源 + +资源的 parentRefs 属性字段配置绑定了 gateway 资源名称 eg。域名为 www.example.com ,代理的后端服务类型选择了 service,名称为 backend ,服务端口为 3000。 + +```SQL +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: backend +spec: + parentRefs: + - name: eg + hostnames: + - "www.example.com" + rules: + - backendRefs: + - group: "" + kind: Service + name: backend + port: 3000 + weight: 1 + matches: + - path: + type: PathPrefix + value: / +``` + +**查看安装效果** + +```Bash +# 查看安装的 gatewayclass 资源 +kubectl get gatewayclass + +# 查看安装的 gateway 资源 +kubectl get gateway + +# 查看安装的 httproute 资源 +kubectl get httproute + +#查看由 Controller 提供的流量入口 Pod。 +kubectl get pod -n envoy-gateway-system + +#查看路由解析地址,其中 nodeport 类型的 svc 便是你的解析地址。 +kubectl get svc -n envoy-gateway-system|grep LoadBalancer + +#访问 +curl --resolve www.example.com:31830:xx.xxx.xx.xxx --header "Host: www.example.com" http://www.example.com:31830/get +``` + +## Gateway API 生产指南 + +Gateway API使用到生产需要考虑易用性、可管理性和稳定性因素: + +- **易用性**:Gateway API扩展了很多配置内容,如果直接写yaml上手难度较大,而且容易出错,所以需要有一个基于UI的管理工具。 +- **可管理性**:Gateway API支持分角色管理和使用,跟平台工程的思路一致,但要用到生产需要有一个分权限和角色的平台。 +- **稳定性**:Gateway API当前的实现中,Envoy 和 Nginx可以用到生产环境。 + +基于以上因素,在生产环境需要Gateway API的管理工具,当前相对成熟的工具可以选择Rainbond,它运行Kubernetes基础上,它也是平台工程的设计思路,提供web界面管理Kubernetes的资源,包括Gateway API,对使用者不需要写Yaml文件,能区分管理员角色和普通开发者角色,管理员可以通过管理界面安装兼容的Gateway API的实现,比如Envoy和Nginx,安装好的网关,普通开发者只需要配置业务的路由就可以使用,不用关心是哪一种实现。 + +**具体落地过程:** + +### 在Kubernetes上安装Rainbond + +参考安装文档: [基于 Kubernetes 安装 Rainbond ](https://www.rainbond.com/docs/installation/install-with-helm/) + +### 管理员安装Gateway API的网关实现 + +通过Rainbond提供的应用市场,搜索 GatewayAPI会出来三个应用,先安装GatewayAPI-Base,再安装GatewayAPI-Envoy或Gateway-Nginx,当然也可以两个都装。 + +![](https://static.goodrain.com/wechat/gateway-api-indepth/3.png) + +### 管理员配置 Gateway API的资源 + +在`平台管理 / 扩展 / 能力` 点击对应资源的编辑,配置Gateway 和 GatewayClass资源。 + +![](https://static.goodrain.com/wechat/gateway-api-indepth/4.png) + +### 开发者配置业务路由 + +开发者在自己开发的应用中配置网关,如果同时安装多个网关实现,可以先选择网关类型,然后通过界面配置 HTTPRoute 字段。 + +![](https://static.goodrain.com/wechat/gateway-api-indepth/5.png) + +**补充说明:** + +- Rainbond当前版本只支持HTTPRoute,其他类型的Route暂时不支持; + +- 从Rainbond应用市场只能安装 Envoy和Nginx两种网关实现,要支持更多网关实现需要Rainbond先支持或自己制作插件; + +- 资料参考:[Rainbond 的 Gateway API 插件制作实践](https://www.rainbond.com/blog/gatewayapi)。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-09-postgresql-ha.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-09-postgresql-ha.md new file mode 100644 index 0000000000..f4423c9bd4 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-05-09-postgresql-ha.md @@ -0,0 +1,240 @@ +--- +title: PostgreSQL-HA High Available Cluster Deployment Scheme on Rainbond +description: PostgreSQL is an open-source relationship database management system that will describe the deployment and management of high-available clusters using Postgresql-repmgr + Pgpool on Rainbond to achieve Postprogresql implementation. +slug: postcongresql-ha +image: https://static.goodrain.com/wechat/pg-ha/pg-ha-banner.png +--- + +PostgreSQL is a popular open-source relationship database management system.It provides a standard SQL language interface to operate the database. + +repmgr is an open source tool for PostgreSQL database copy management.It provides automated copy management, including: + +- Incident detection and automatic failure switching:repmgr can detect primary server failure and automatically switch to backup server. +- Auto-failure recovery:repmgr can detect failures from the server and automatically rejoin the copying top. +- Multiple alternate servers:repmgr support multiple alternate servers that can be automatically switched to the most suitable alternate servers when the main server fails. +- Flexible copy extension of VBVBV:repmgr supports various copying panels, including single master and multi-master servers. +- Manage and monitor:repmgr provides tools and commands to manage and monitor PostgreSQL copies. + +It can be said that repmgr is an extension module that simplifies the management and maintenance of PostgreSQL copies, improving the reliability and availability of the system.It is a very useful tool, especially for a production environment that requires high availability.And repmgr was also developed and maintained by the Postgresql community. + +Pgpool is a high-performance connection pool and load balancer for PostgreSQL database.Pgpot can be used as an intermediate layer between clients and PostgreSQL servers to manage connection requests and be assigned to different PostgreSQL servers for processing to improve overall system performance and availability.Some of the main features of Pgpool include: + +- The connection pool:Pgpool establishes a connection pool between the application and the database, allowing multiple applications to share a set of database connections, avoiding duplicated connections and disconnects. +- Load balance:Pgpool can evenly assign client requests to multiple PostgreSQL servers to achieve load balance and better performance. +- High availability of:Pgpool can detect failures in the PostgreSQL server and automatically re-route client requests to other available servers, thus improving system availability and stability. +- Parallel querying:Pgpool can split large queries into several subqueries, and then send these queries to multiple PostgreSQL servers in parallel to improve query performance. + +**This paper will describe the deployment and management of high-available clusters using Postgresql-repmgr + Pgpool to achieve Postgresql on Rainbond** + + + +## 架构 + +![](https://static.goodrain.com/wechat/pg-ha/postgresql-repmgr-pgpool.png) + +当使用 Postgresql HA 集群时,应用只需连接 `pgpool` 即可。 + +- 通过 pgpool 实现读写分离,写入操作由 Master 执行,读取操作由 Slave 执行。 +- 由 repmgr 实现流复制,Master 数据自动复制到 Slave。 +- 当 Master 遇故障下线时,由 repmgr 自定选择 Slave 为 Master,并继续执行写入操作。 +- 当某个节点遇故障下线时,由 pgpool 自动断开故障节点的连接,并切换到可用的节点上。 + +## 部署 Rainbond + +安装 Rainbond,可通过一条命令快速安装 Rainbond,或选择 [基于主机安装](https://www.rainbond.com/docs/installation/install-with-ui/) 和 [基于 Kubernetes 安装](https://www.rainbond.com/docs/installation/install-with-helm/) Rainbond。 + +```bash +curl -o install.sh https://get.rainbond.com && bash ./install.sh +``` + +## 通过 Rainbond 开源应用商店部署 PostgreSQL 集群 + +Postgresql HA 集群已发布到 Rainbond 开源应用商店,可一键部署 Postgresql HA 集群。 + +登陆 Rainbond 控制台,进入 **平台管理 -> 应用市场 -> 开源应用商店** 中搜索 `postgresql-ha` 并安装。 + +![](https://static.goodrain.com/wechat/pg-ha/postgresql-ha-store.png) + +安装完成后的拓扑图如下。 + +![](https://static.goodrain.com/wechat/pg-ha/pg-store-topology.png) + +### 配置 Pgpool 组件 + +1. 获取 PostgreSQL-repmgr 连接地址,进入 PostgreSQL-repmgr 组件的 Web 终端内。 + +```bash +env | grep REPMGR_PARTNER_NODES +``` + +![](https://static.goodrain.com/wechat/pg-ha/store-pgpool-env.png) + +2. 将上述的内容复制出并修改成以下格式,然后进入 Pgpool 组件内,修改`PGPOOL_BACKEND_NODES` 环境变量,并更新组件。 + +```bash +0:pg-grde8ebc-0.pg-grde8ebc.dev.svc.cluster.local:5432,1:pg-grde8ebc-1.pg-grde8ebc.dev.svc.cluster.local:5432,2:pg-grde8ebc-2.pg-grde8ebc.dev.svc.cluster.local:5432 +``` + +![](https://static.goodrain.com/wechat/pg-ha/store-pgpool-env2.png) + +3. 验证集群,进入 Pgpool 组件的 Web 终端中。 + +```bash +# 连接 postgresql +PGPASSWORD=$PGPOOL_POSTGRES_PASSWORD psql -U $PGPOOL_POSTGRES_USERNAME -h localhost + +# 查询集群节点 +show pool_nodes; +``` + +status 字段均为 UP 即可。 + +![](https://static.goodrain.com/wechat/pg-ha/store-pgpool-webcli.png) + +## 从零开始部署 PostgreSQL 集群 + +从零开始在 Rainbond 上部署 Postgresql HA 集群也是非常简单的,大致分为以下几个步骤: + +- 基于镜像部署 PostgreSQL-repmgr 组件,并修改组件配置。 +- 基于镜像部署 pgpool 组件,并修改组件配置。 +- 建立组件之间的依赖关系。 + +镜像均采用 bitnami 制作的 [postgresql-repmgr](https://github.com/bitnami/containers/tree/main/bitnami/postgresql-repmgr) 和 [pgpool](https://github.com/bitnami/containers/tree/main/bitnami/pgpool),因 bitnami 制作的镜像将很多配置文件都抽离成了环境变量,配置比较方便。 + +### 部署 PostgreSQL-repmgr 组件 + +#### 1. 创建组件 + +进入团队内 -> 新建组件 -> 基于镜像创建组件,应用、组件、英文名称等自定义即可,镜像填写 `bitnami/postgresql-repmgr:14.7.0`。 + +![](https://static.goodrain.com/wechat/pg-ha/repmgr-create.png) + +#### 2. 修改组件类型 + +进入组件内 -> 其他设置,将组件部署类型修改为 `有状态服务`。 + +![](https://static.goodrain.com/wechat/pg-ha/repmgr-deploy-type.png) + +#### 3. 添加环境变量 + +进入组件内 -> 环境变量,新增以下环境变量: + +```bash +# 默认初始化的数据库 +POSTGRESQL_DATABASE=initialize + +# 创建普通用户和密码 +POSTGRESQL_USERNAME=admin +POSTGRESQL_PASSWORD=admin@123 + +# 管理员 postgres 密码 +POSTGRESQL_POSTGRES_PASSWORD=postgres@123 + +# repmgr 用户密码 +REPMGR_PASSWORD=repmgrpass + +# 初始化主节点的 HOST。Rainbond 控制台自动渲染 SERVICE_NAME 变量,获取当前 Statefulset 的控制器名称。 +REPMGR_PRIMARY_HOST=${SERVICE_NAME}-0.${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local + +# 集群中的所有节点,以逗号分隔 +REPMGR_PARTNER_NODES=${SERVICE_NAME}-0.${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local,${SERVICE_NAME}-1.${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local,${SERVICE_NAME}-2.${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local +``` + +![](https://static.goodrain.com/wechat/pg-ha/repmgr-env.png) + +进入组件内 -> 其他设置,添加 Kubernetes 属性,选择 env,添加以下内容: + +```yaml +# repmgr 节点名称 +- name: REPMGR_NODE_NAME + value: "$(POD_NAME)" +# repmgr 节点网络名称 +- name: REPMGR_NODE_NETWORK_NAME + value: "$(POD_NAME).$(SERVICE_NAME).$(NAMESPACE).svc.cluster.local" + +### "$(POD_NAME)" 用于定义 env 之间的相互依赖 +``` + +![](https://static.goodrain.com/wechat/pg-ha/repmgr-env2.png) + +#### 4. 添加组件存储 + +进入组件内 -> 存储,添加新的存储,存储路径为 `/bitnami/postgresql`,其他自定义即可。 + +#### 5. 启动组件 + +在组件视图内构建组件等待构建完成并启动。 + +#### 6. 修改组件实例数量 + +进入组件内 -> 伸缩,将组件实例数量设置为 `3`,等待所有实例启动即可。 + +### 部署 pgpool 组件 + +#### 1. 创建组件 + +进入团队内 -> 新建组件 -> 基于镜像创建组件,应用、组件、英文名称等自定义即可,镜像填写 `bitnami/pgpool:4.4.2`。 + +![](https://static.goodrain.com/wechat/pg-ha/pgpool-create.png) + +#### 2. 添加环境变量 + +进入组件内 -> 环境变量,新增以下环境变量: + +```bash +# pgpool admin 用户与密码 +PGPOOL_ADMIN_USERNAME=admin +PGPOOL_ADMIN_PASSWORD=admin@123 + +# postgres 用户与密码 +PGPOOL_POSTGRES_USERNAME=postgres +PGPOOL_POSTGRES_PASSWORD=postgres@123 + +# 用于执行流检查的用户和密码 +PGPOOL_SR_CHECK_USER=admin +PGPOOL_SR_CHECK_PASSWORD=admin@123 + +# postgresql 后端节点。节点列表获取进入到 PostgreSQL-repmgr 组件的 Web 终端内,使用 env | grep REPMGR_PARTNER_NODES 命令获取,然后修改为以下格式 +PGPOOL_BACKEND_NODES=0:postgresql-ha-repmgr-0.postgresql-ha-repmgr.dev.svc.cluster.local:5432,1:postgresql-ha-repmgr-1.postgresql-ha-repmgr.dev.svc.cluster.local:5432,2:postgresql-ha-repmgr-2.postgresql-ha-repmgr.dev.svc.cluster.local:5432 +``` + +![](https://static.goodrain.com/wechat/pg-ha/pgpool-env.png) + +#### 3. 添加依赖 + +在应用视图,将 pgpool 组件依赖至 PostgreSQL-repmgr 组件。 + +![](https://static.goodrain.com/wechat/pg-ha/pgpool-topology.png) + +#### 4. 启动组件 + +在 pgpool 组件视图内构建组件等待构建完成并启动。 + +#### 5. 验证集群 + +进入 Pgpool 组件的 Web 终端中,输入以下命令验证集群: + +```bash +# 连接 postgresql +PGPASSWORD=$PGPOOL_POSTGRES_PASSWORD psql -U $PGPOOL_POSTGRES_USERNAME -h localhost + +# 查询集群节点 +show pool_nodes; +``` + +status 字段均为 UP 即可。 + +![](https://static.goodrain.com/wechat/pg-ha/pgpool-checkcluster.png) + +## 最后 + +### 外部连接 + +如想使用本地工具连接到 postgresql,可在 pgpool 组件的端口内打开对外服务端口,通过该端口连接到 postgresql,默认用户密码为 `postgres/postgres@123`。 + +### 验证高可用集群 + +为了保障高可用集群,Kubernetes 集群至少有 3 个节点,且底层存储使用分布式存储,如没有分布式存储,需将 Postgresql 存储切换为本地存储也可保障高可用集群的数据。可通过以下方式进行高可用集群验证: + +- 通过 Pgpool 连接后,创建数据库并写入数据,再进入 PostgreSQL-repmgr 组件的 Web 终端内查询每个实例是否都有数据。 +- 挂掉主节点,验证是否主节点自动切换并可正常连接并写入。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-06-30-xinchuang-cloud.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-06-30-xinchuang-cloud.md new file mode 100644 index 0000000000..e3fcfadcc5 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-06-30-xinchuang-cloud.md @@ -0,0 +1,90 @@ +--- +title: Rainbod help "Creative Apple" migrated to cloud +description: The ICT applications innovation industry is an important component of the country's digital transformation and an important backbone of critical infrastructure.Its core is to address the problem of the neck of the core technology critical chain, thereby providing a solid digital basis for China’s development, through industrial applications that drive the construction of a nationally-produced IT software and hardware base and a full-cycle ecosystem. +slug: localization-guide +image: https://static.goodrain.com/wechat/localization-guide/%E4%BF%A1%E5%88%9B.png +--- + +Release of Rainbond v5.14.2, also known as the **fumigation**.Beginning with this version, open source users can also use Rainbond to manage hardware computing resources that meet the requirements of confidence creation.In this version, \*\*The product team separates what previously existed only in an enterprise version of products and integrates into open source product lines.**This paper focuses on the theme of how to migrate to the clouds in a trust-generating environment** and provides a viable solution to the problem by combining the capacity of Rainbond Creation. + + + +## 向信创环境迁移应用的必要性 + +信创产业即信息技术应用创新产业,是我国数字化转型的重要组成部分,也是关键基础设施的重要支撑。其核心在于通过行业应用拉动构建国产化信息技术软硬件底层架构体系和全周期生态体系,解决核心技术关键环节**卡脖子**的问题,为中国发展奠定坚实的数字基础。 + +对一般的软件供应商而言,在面向党政军企售卖软件时,符合国产化信创要求已经逐渐成为无法绕过的硬性标准。即使是已经交付完成的软件,在后期的建设计划中,处于信创转型时期的党政军企也会提出向国产化信创环境中迁移的硬性要求。需求的背后总是隐藏着商机,掌握国产化信创背景下的应用迁移能力,将软件产品转化为**信创应用**是当下所有 ToB/ToG 信创应用供应商必须掌握的能力。Rainbond 信创版本在这样的场景中可以发挥极大的作用。 + +## 信创硬件生态 + +信创应用必须运行在国产化硬件和操作系统之上。国产化硬件生态中最重要的是 CPU 芯片,CPU 芯片的架构直接影响信创应用是否可以在国产化硬件上运行。目前主流的国产化 CPU 厂商包括飞腾、华为、龙芯、海光、兆芯等,其指令集集中在 `X86` 、`Arm` 以及自主性极高的 `LoongArch` (MIPS 指令集的后继者) 之中。而指令集的不同,直接影响到信创应用是否需要重新编译来进行适配。 + +![](https://static.goodrain.com/localization-guide/%E5%9B%BD%E4%BA%A7CPU%E7%94%9F%E6%80%81.png) + +不难看出,国产化 CPU 芯片的生态有这么几个特点: + +- `LoongArch`自主程度最强,但是其生态受限严重,短时间内无法很好的面向市场推广。 +- 海光、兆芯手持生态最为繁茂的 `X86` 指令集授权,然而自主化程度最弱。`X86` 过于成熟稳定,前人大厦已成,很难在此基础上做出创新。 +- 华为、飞腾拥有 `Arm` 指令集授权,自主化程度适中,而且 `Arm` 生态正处于蓬勃发展中,可以和 `X86` 生态掰一掰手腕。 + +市场的反馈非常理性,在当前国内的 CPU 芯片市场中,飞腾在党政领域PC市占率领先,海光与鲲鹏占据运营商服务器主要份额。回到信创应用供应商的视角,**如何打好 Arm 这张牌,将会是闯入国产化信创赛道的关键点**。Rainbond 信创版本通过**一云多芯**能力,方便的纳管包括 Arm 在内的多架构集群。 + +## “一云多芯”统管Arm & x86集群 + +顾名思义,[一云多芯](https://www.rainbond.com/docs/localization-guide/multi-arch-installation)的异构集群,指的是在同一个集群中的计算节点中,其 CPU 芯片架构不唯一。 + +一般情况下,CPU 芯片的架构都是基于 Intel 公司推出的 `X86` 指令集,作为后起之秀的 AMD 也推出完全兼容 `X86` 的 `amd64` 指令集,二者可以视为等同。而在国产化信创场景中,很多国产 CPU 架构都是基于 `Arm` 指令集开发,常见的鲲鹏920、飞腾芯片等都属于该架构类型。为了能够融入国产化信创 IT 生态,Rainbond 自信创版本开始,全面兼容了 `Arm` 架构。 + +国产化信创绝非一朝一夕之事,大量在传统 `X86` 架构下开发的应用都需要很长时间的调整甚至重构才能完全在国产化芯片上运行,**一云多芯**主打同时能够运行多种架构应用的能力,在国产化替代的过渡阶段中将发挥重大作用。 + +Rainbond 信创版本可以在同个集群中统一管理和调度多种不同 CPU 架构计算节点,同时也可以借助多集群管理能力纳管多个单架构集群。超高的灵活性,可以让决策者自行决定异构计算资源的部署策略。 + +![](https://static.goodrain.com/localization-guide/%E5%BC%82%E6%9E%84%E9%9B%86%E7%BE%A4%E7%AE%A1%E7%90%86.png) + +除 Arm 架构之外,Rainbond 信创版本也兼容主流国产化软硬件,全面支持信创场景,并且获得了国内各大 CPU 厂商、操作系统厂商的认证。一体化管理信创应用的开发、运维、交付全流程,极大降低国产化信创场景下的应用管理成本。 + +![](https://static.goodrain.com/localization-guide/%E5%9B%BD%E4%BA%A7%E8%AE%A4%E8%AF%81%E9%9B%86%E5%90%88.png) + +## 信创应用迁移难点 + +对于信创应用供应商而言,从头开发一套信创应用并不是难事。我国信创生态已经日趋完整,无论是操作系统、开发工具还是数据库,都不存在空白区域,它们为全新信创应用的开发提供了全面的支持。**真正的难点在于如何将已经运行在传统服务器中的遗留业务系统迁移到国产化信创环境中去**。从传统的 `X86` 跨越到 `Arm` 架构基本意味着业务系统中所有服务组件的重新编译,甚至重构。在保障业务连续性的前提下,完成传统应用向信创应用的转化是我们无法回避的课题。 + +首先,让我们按照服务的开发语言、运行方式做个分类: + +### 解释型语言 + +以 Python、PHP、Shell 为代表的解释型语言,也称脚本语言,是完全与 CPU 架构无关的。我们只需要提供能在信创环境中可用的语言解释器,即可在不改动一行代码的前提下将这种服务运行起来。 + +### 字节码型的编译文件 + +这种类型以 Java 语言编译出的 Jar、War 包为代表。Jar 、War 包是非常常见的软件交付物。由于其打包的是与 CPU 架构无关的字节码,最终运行由跨平台的 JVM 虚拟机负责,故而我们只需要提供能在信创环境中可用的 JDK 、JRE工具,即可在不改动一行代码的前提下将这种服务运行起来。 + +### 编译型语言 + +这里的描述是不严格的,因为字节码型的编译文件也产自编译型语言。在这里,我们特指的是以 C、C++、Golang 为代表的编译型语言,它们在编译时与 CPU 架构强相关,编译出的二进制产物只能在指定的 CPU 架构下运行。这一特性也意味着迁移过程必须经过重新编译,才可以在信创环境中运行起来。 + +遗留业务系统向国产化信创环境迁移绝非易事,需要甲方与供应商的密切合作。然而由于遗留业务系统的特性,导致供应商能够提供的支持是不一样的。支持力度的不同,直接影响迁移的效果。 + +### 提供支持 + +当甲方决意对某个遗留业务系统进行信创迁移时,恰好供应商承诺的支持期限还没有到期,供应商可以对业务系统的迁移提供全面的支持时,问题会简单很多。即使是面对编译型语言,只要能够提供源代码进行重新编译,则可以完成信创迁移,只是耗时费力罢了。 + +### 不提供支持 + +当甲方决意对某个遗留业务系统进行信创迁移时,恰好供应商承诺的支持期限已经到期,甚至已经无法联系到供应商时,事情就难办许多。甲方对遗留业务系统的了解不会太深,只能找到软件交付物进行分析,重新基于信创环境搭建编译、运行环境。然而对有些经年日久的业务系统而言,很难找到当年的源代码,如果这个服务恰好是编译型语言编译出的二进制文件,基本意味着信创迁移走入了死路。此时,甲方不得不考虑重新招标另一家供应商来重构这个系统,新的替代系统落地绝非一朝一夕之事,期间不能因为这一个服务阻碍国产化信创的整体落地进程。 + +**Rainbond "信创" 版本的核心功能是支持传统应用在信创环境中的云迁移**。它紧密关注用户所使用的不同语言类型,并自动化完成信创迁移的工作。一旦所有组件成功部署,通过内置的 ServiceMesh 微服务架构,可以实现跨架构的微服务编排,将服务组件连接起来形成完整的业务系统。 + +## 传统应用迁移上云 + +Rainbond 信创版本自动屏蔽架构差异,以最低成本将应用迁移到国产化信创环境之中。仅需要提供源代码,即可在指定架构环境中编译运行。开源应用商店提供不同架构的应用模板,上百种开源软件一键部署。信创应用供应商可以以最小的技术成本和时间成本,即可将不同类型的服务重新编译,并部署到信创环境中去。 + +![](https://static.goodrain.com/localization-guide/%E5%BC%82%E6%9E%84%E5%BE%AE%E6%9C%8D%E5%8A%A1%E8%BF%81%E7%A7%BB.png) + +## 异构微服务编排能力 + +Rainbond 信创版本凭借**一云多芯**管理能力, 可以在同个集群中统一调度管理不同 CPU 架构的计算节点。应用中的服务组件也可以按照要求部署到指定的架构中去。但是只有不同架构的微服务组件之间可以相互编排、相互通信,那么它们才能够成为一个有机的整体,形成完整的业务系统。同时也满足信创应用从传统的 `X86` 向 `Arm` 国产化迁移的过渡期的特殊要求。 + +借助于 Service Mesh 亦或是 Kubernetes Service 的能力,Rainbond 天生支持跨架构微服务之间的编排与通信。使用方法与 Rainbond 一直以来的拖拉拽拼积木式的微服务编排方法无异。 + +![](https://static.goodrain.com/localization-guide/%E5%BC%82%E6%9E%84%E5%BE%AE%E6%9C%8D%E5%8A%A1%E7%BC%96%E6%8E%92.png) diff --git a/i18n/en/docusaurus-plugin-content-blog/2023/2023-10-26-nfs-migration.md b/i18n/en/docusaurus-plugin-content-blog/2023/2023-10-26-nfs-migration.md new file mode 100644 index 0000000000..5e542f5446 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2023/2023-10-26-nfs-migration.md @@ -0,0 +1,276 @@ +--- +title: Kubernetes migrate across StorageClasss, toggle Rainbond, default SC +description: This paper will describe how to migrate Rainbond default NFS storage to external NFS storage, Kubernetes across StorageClass Migration. +slug: nfs-migration +image: https://static.goodrain.com/wechat/nfs-migration/banner.png +--- + +[基于主机安装](https://www.rainbond.com/docs/installation/installation-with-ui/host-install-with-ui) or[基于Kubernetes安装](https://www.rainbond.com/docs/installation/installation-with-helm/), where shared files are stored as NFS, run in Pod in Kubernetes, but there are also some unavoidable problems such as unserviceability of the cluster when:NFS SVC cannot communicate without stowing, `dumunt` when server shutdown`s are not allowed to use and `umount\` when the server is closed and so on. + +There is, of course, also a need to switch between shared file storage, most of the default installation used during the first installation of Rainbond and want to switch to external NFS after a certain period of time, or NASS on the cloud, etc. + +In the original Kubernetes cluster, PVC created through StorageClass cannot modify the store backend, needs to delete PV, PVC and create new PVC through the new StorageClass before migrating data and re-mount PVC.Repeated actions are required when there are many PVC. + +Rainbond was also created through StorageClasss, but saved steps to create PV, PVC and remount and repeating actions compared to the native Kubernetes group.Only replace the bottom store class in Rainbond and then migrate the entire directory created by Rainbond and reload it to complete the migration by changing the mount on the page. + +This paper will describe how to migrate Rainbond default NFS storage to external NFS storage, roughly in the following steps: + +1. Deploy external NFS storage and pair it over K8s. +2. Backup NFS stored data. +3. Restore backup data and switch between Rainbond default storage to external storage. + +**Note:** + +- Shutdown the running app to avoid data inconsistencies due to incremental data. +- Component mount storage must be shared storage, while others need to be migrated individually. + + + +## 部署 NFS 并对接到 K8s 上 + +外部 NFS 存储可以选择部署 NFS 双机热备或其他方案,这里就不演示了,以单节点 NFS 为例。 + +### 在 Centos 上部署 NFS + +1. 安装 `nfs-utils` + +```shell +yum install -y nfs-utils +``` + +2. 创建共享目录 + +```shell +mkdir -p /data +``` + +3. 编辑 `/etc/exports` 文件,添加如下内容: + +```shell +$ vim /etc/exports + +/data *(rw,sync,insecure,no_subtree_check,no_root_squash) +``` + +4. 配置完成后,执行以下命令启动 NFS 服务: + +```shell +systemctl enable nfs-server +systemctl start nfs-server +``` + +5. 验证 NFS 是否可用 + +```bash +showmount -e 172.20.251.94 +``` + +### 在 K8s 中部署 NFS Client + +下面将外部的 NFS 存储对接到 Kubernetes 上,在 Kubernetes 中部署 NFS Client Provisioner + +1. 安装 [Helm](https://www.rainbond.com/docs/ops-guide/tools/#helm-cli) 命令 + +2. 添加 Helm Chart 仓库 + +```shell +helm repo add rainbond https://openchart.goodrain.com/goodrain/rainbond +``` + +3. 安装 NFS-Client-Provisioner + +```shell +helm install nfs-client-provisioner rainbond/nfs-client-provisioner \ +--set nfs.server=172.20.251.94 \ +--set nfs.path=/data \ +--version 1.2.8 +``` + +4. 验证 NFS Client 是否可用,创建 PVC 验证。 + +```yaml +$ vim test-pvc.yaml + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: test-claim +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi + storageClassName: nfs-client + +$ kubectl apply -f test-pvc.yaml +``` + +查询 PVC 状态为 Bound 则正常。 + +![](https://static.goodrain.com/wechat/nfs-migration/1.png) + +## 备份默认 NFS 的数据 + +查看 `rbd-system` 下所有的 PVC。 + +```bash +kubectl get pvc -n rbd-system +``` + +![](https://static.goodrain.com/wechat/nfs-migration/2.png) + +| PVC名称 | 解释 | +| ---------------------- | -------------------------------------------------- | +| data | 测试存储是否正常默认创建的PVC(无用) | +| data-nfs-provisioner-0 | NFS Pod所使用的PVC,默认路径在宿主机的`/opt/rainbond/data/nfs`下。 | +| data-rbd-monitor-0 | 存储监控数据。(可不要) | +| rbd-api | 存储 api request 请求日志。(可不要) | +| rbd-chaos-cache | 存储构建组件的缓存(可不要) | +| rbd-cpt-grdata | 存储平台上所有组件挂载共享存储数据,以及组件的日志。(必须) | +| rbd-db-rbd-db-0 | 存储 MySQL 数据,默认是存在本地的,没存储在 NFS 中。 | +| rbd-etcd-rbd-etcd-0 | 存储 Etcd 数据,默认是存在本地的,没存储在 NFS 中。 | +| rbd-hub | 存储镜像数据(必须) | + +以上数据中对于我们要迁移的重要数据有 `rbd-cpt-grdata` 和 `rbd-hub`,根据 `VOLUME` 名称在默认的存储目录 `/opt/rainbond/data/nfs` 下查找,例如 `pvc-9ec619e3-1e20-4d7a-b744-aa04088fb6c3`。 + +![](https://static.goodrain.com/wechat/nfs-migration/3.png) + +使用 rsync 同步工具,将数据同步到新的 NFS 存储服务器上,根据以下命令开始同步,根据实际情况修改命令。 + +```shell +rsync -avP /opt/rainbond/data/nfs/pvc-9ec619e3-1e20-4d7a-b744-aa04088fb6c3 root@172.20.251.94:/data +rsync -avP /opt/rainbond/data/nfs/pvc-d0bf09ca-5543-4050-bd08-b02ebb593b4e root@172.20.251.94:/data +``` + +**注意:数据同步完成后切记要校验数据的完整性。** + +## 切换 Rainbond 存储 + +### 更改 Rainbond 默认存储 + +1. 修改 `rainbondcluster` CRD资源,添加 `storageClassName` + +```yaml +$ kubectl edit rainbondcluster -n rbd-system + +spec: + rainbondVolumeSpecRWX: + storageClassName: nfs-client #由 NFS-Client-Provisioner 创建的 sc +``` + +2. 修改 `rainbondvolumes `CRD资源,修改 `storageClassName` 为 `nfs-client` + +```yaml +$ kubectl edit rainbondvolumes -n rbd-system + +spec: + storageClassName: nfs-client +``` + +3. 删除 Rainbond 基于默认 NFS 创建的 StorageClass `rainbondsssc` `rainbondslsc` + +```bash +kubectl delete sc rainbondsssc rainbondslsc +``` + +4. 删除 `rbd-system` 命名空间下旧的 PVC。这时候会删除不掉,因为还有 POD 在使用该 PVC,先 `ctrl c` 结束。 + +```bash +kubectl delete pvc data data-rbd-monitor-0 rbd-api rbd-chaos-cache rbd-cpt-grdata rbd-hub -n rbd-system +``` + +5. 删除 Rainbond 组件的控制器让 `rainbond-operator` 控制 PVC 重新创建。 + +```shell +kubectl delete deploy rbd-api -n rbd-system +kubectl delete ds rbd-chaos -n rbd-system +kubectl delete sts rbd-monitor -n rbd-system +kubectl delete deploy rbd-worker -n rbd-system +kubectl delete deploy rbd-hub -n rbd-system +kubectl delete deploy rbd-resource-proxy -n rbd-system +kubectl delete sts rbd-eventlog -n rbd-system +kubectl delete ds rbd-node -n rbd-system +``` + +```bash +kubectl delete pod -l release=rainbond-operator -n rbd-system +``` + +等待所有 POD 重新创建,创建完成后 Rainbond 平台可正常访问,正常工作。 + +### 恢复数据 + +下面将前面备份的数据恢复到新创建的 PVC 中。 + +![](https://static.goodrain.com/wechat/nfs-migration/4.png) + +此时 `rbd-cpt-grdata` 和 `rbd-hub` 新创建的目录下的数据都是自动创建,先将其删除。 + +```bash +rm -rf /data/rbd-system-rbd-cpt-grdata-pvc-44167209-1006-4de5-9801-afcce996449c/* +rm -rf /data/rbd-system-rbd-hub-pvc-c326b89f-7c0e-4990-a8e2-31472799ccc8/* +``` + +再将备份的 `rbd-cpt-grdata` 和 `rbd-hub` 数据分别同步到新的目录中,例如以下命令。 + +```bash +rsync -avP /data/pvc-9ec619e3-1e20-4d7a-b744-aa04088fb6c3/* /data/rbd-system-rbd-cpt-grdata-pvc-44167209-1006-4de5-9801-afcce996449c +rsync -avP /data/pvc-d0bf09ca-5543-4050-bd08-b02ebb593b4e /data/rbd-system-rbd-hub-pvc-c326b89f-7c0e-4990-a8e2-31472799ccc8 +``` + +**注意:数据同步完成后切记要校验数据的完整性。** + +重新 Rainbond 部分组件的 POD 生效。 + +```bash +kubectl delete pod -l name=rbd-api -n rbd-system +kubectl delete pod -l name=rbd-chaos -n rbd-system +kubectl delete pod -l name=rbd-monitor -n rbd-system +kubectl delete pod -l name=rbd-worker -n rbd-system +kubectl delete pod -l name=rbd-hub -n rbd-system +kubectl delete pod -l name=rbd-resource-proxy -n rbd-system +kubectl delete pod -l name=rbd-eventlog -n rbd-system +kubectl delete pod -l name=rbd-node -n rbd-system +``` + +### 更改 Rainbond 上的组件存储 + +替换底层存储后,此时 Rainbond 上组件的存储还未修改,此时需要进入 Rainbond 的组件中将当前存储删除重新添加。 + +![](https://static.goodrain.com/wechat/nfs-migration/5.png) + +挂载路径、存储类型保持不变,删除当前的配置添加新的同样配置即可。 + +至此存储切换完成,后续请验证应用的数据是否都完整。 + +### 删除默认 NFS 存储资源(可选) + +修改 CRD 资源,将 `nfs-provisioner` replicas 设置为 0 + +```yaml +$ kubectl edit rbdcomponent nfs-provisioner -n rbd-system + +spec: + replicas: 0 +``` + +删除 `nfs-provisioner` 控制器 + +```shell +kubectl delete sts nfs-provisioner -n rbd-system +``` + +删除 nfs-provisioner 的 PV、PVC + +```bash +kubectl delete pvc data-nfs-provisioner-0 -n rbd-system +kubectl delete pv nfs-provisioner +``` + +删除宿主机上的 NFS 数据存储目录 + +```bash +rm -rf /opt/rainbond/data/nfs +``` diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-05-30-topiam.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-05-30-topiam.md new file mode 100644 index 0000000000..9c5975f1b5 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-05-30-topiam.md @@ -0,0 +1,77 @@ +--- +title: Rainbond Crude TOPIAM creates a new experience of business-class cloud identity control +description: The TOPIAM Enterprise Digital Identification Control Platform is an open-source IDaas/IAM platform, used to manage accounts, permissions, authentication, application access, and helps to integrate all identities of internal office systems, business systems and strategic SaaS systems deployed locally or in the cloud to achieve one account for all applications. +slug: topiam +--- + +The TOPIAM Enterprise Digital Identification Control Platform is an open-source IDaas/IAM platform, used to manage accounts, permissions, authentication, application access, and helps to integrate all identities of internal office systems, business systems and strategic SaaS systems deployed locally or in the cloud to achieve one account for all applications. + +Traditional enterprise IT construction using chimneys can easily lead to the following challenge: + +- The application of the authorization to manage chaos is prone to security problems and results in data leaks. +- Identification security is questioned, and the sensitive system lacks a rigorous identification mechanism. +- These management operations are inefficient, duplicative and low-value and decentralized in the systems that independently build an account number system, a system of competencies, an account allocation of authority and an uncontrollable account.Staff members need to write multiple passwords to their accounts. + +The TOPIAM Digital Identity Control Platform provides a centralized set of accounts, competencies, certification, audit tools to help untie identity data, achieve the effect of “one account, one certification, multiple passage” and strengthen the enterprise security system while enhancing organizational management efficiency and facilitating digital upgrading of enterprises. + + + +## 使用 Rainbond 部署 TOPIAM + +Rainbond 是一个云原生应用管理平台,核心100%开源,Serverless体验,不需要懂K8s也能轻松管理容器化应用,平滑无缝过渡到K8s,是国内首个支持国产化信创、适合私有部署的一体化应用管理平台。 + +首先[安装 Rainbond](https://www.rainbond.com/docs/quick-start/quick-install) 或使用以下命令安装 Rainbond + +```bash +curl -o install.sh https://get.rainbond.com && bash ./install.sh +``` + +登录 Rainbond 后,选择从`应用市场`安装应用,在搜索框中搜索 `topiam`,点击安装按钮。 + +![](https://static.goodrain.com/wechat/topiam/9.png) + +点击安装后,等待 TOPIAM 所有组件自动启动,部署后拓扑图如下: + +- 管理端(eiam-console) +- 门户端(eiam-portal) +- OpenAPI(eiam-openapi) + +![](https://static.goodrain.com/wechat/topiam/10.png) + +点击访问按钮,访问`管理端`组件的对外服务地址,默认账号密码 `admin/topiam.cn`。用户端登录需要在管理端中创建账号再登录,更多请参阅[TOPIAM文档](https://topiam.cn/docs/introduction/)。 + +## TOPIAM能做什么? + +提供统一组织信息管理,多维度建立对应关系,实现在一个平台对企业人员、组织架构、应用信息的高效统一管理。 + +![](https://static.goodrain.com/wechat/topiam/1.png) + +支持钉钉、飞书等身份源集成能力,实现系统和企业 OA 平台数据联动,以用户为管理基点,结合入职、离职、调岗、兼职等人事事件,关联其相关应用权限变化而变化,保证应用访问权限的安全控制。 + +![](https://static.goodrain.com/wechat/topiam/2.png) + +支持微信、微博、QQ 等社交认证集成,使企业具有快速纳入互联网化认证能力。 + +![](https://static.goodrain.com/wechat/topiam/3.png) + +支持 OIDC、OAuth2、SAML2、CAS、JWT、表单代填等认证协议及机制,实现单点登录功能。 + +![](https://static.goodrain.com/wechat/topiam/4.png) + +完善的安全审计,详尽记录每一次用户行为,使每一步操作有据可循,实时记录企业信息安全状况,精准识别企业异常访问和潜在威胁的源头。 + +![](https://static.goodrain.com/wechat/topiam/5.png) + +防暴力破解机制,在一定次数的失败尝试后,系统会自动锁定账户,有效防止恶意用户使用暴力破解技术尝试多次登录,使得进一步尝试登录变得无效。 + +![](https://static.goodrain.com/wechat/topiam/6.png) + +完备的密码策略机制,可以设置相应的密码复杂度、相应的锁定解锁策略,还可以设置是否允许与历史密码重复等高级策略。同时,可以通过开启弱密码字典库来检查密码的安全强度。 + +![](https://static.goodrain.com/wechat/topiam/7.png) + +提供标准 openapi 接口轻松完成机构用户同步,实现企业对于账号生命周期的精细化管理。 + +## 最后 + +TOPIAM 与 Rainbond 以及 Rainbond 上部署的应用还有很多场景可以结合,后续会持续输出相关的系列文章,例如:TOPIAM 对接 Rainbond 用户登录体系、SpringBoot OIDC 对接等系列文章,敬请期待! diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-06-20-dockermirror.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-06-20-dockermirror.md new file mode 100644 index 0000000000..000bda2c50 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-06-20-dockermirror.md @@ -0,0 +1,148 @@ +--- +title: Images from Docker Hub are blocked?These solutions make you easy to deal with +description: For the most recent time, the Docker mirror has been a state of Pull and feels almost impossible to connect to Docker Hub, except for hit🪜.Worse still, many previously reliable domestic mirror stations, such as factories and higher schools, have been shut down, which is hard for our personal developers and small and medium-sized enterprises.Previously, with these mirrors, we had quick and easy access to the required Docker mirror, which is no longer possible.It is not possible to have a direct access to Docker Hub.So we have to find a way to build our own private mirror warehouse. +slug: dockermirror +--- + +For the most recent time, the Docker mirror has been a state of Pull and feels almost impossible to connect to Docker Hub, except for hit🪜.Worse still, many previously reliable domestic mirror stations, such as factories and higher schools, have been shut down, which is hard for our personal developers and small and medium-sized enterprises.Previously, with these mirrors, we had quick and easy access to the required Docker mirror, which is no longer possible.It is not possible to have a direct access to Docker Hub.So we have to find a way to build our own private mirror warehouse. + +There have been many recent articles on the Internet to solve the Docker Hub mirror, and I may summarize the following options: + + + +### Github Action + +利用 Github Action Job 将 Docker Hub 镜像重新打 Tag 推送到阿里云等其他公有云镜像仓库里,这对于需要单个镜像很方便,批量就稍微麻烦一些,如果没🪜Github 访问也是个问题。 + +### CloudFlare Worker + +使用 CloudFlare Worker 对 Docker Hub 的访问请求做中转,这种也是最近使用比较多的,因为个人用户的免费计划每天有10万次免费请求,足够个人和中小企业使用了,实在不够可以花 5$ 购买不限制的。Worker 脚本在网上有很多,随便搜索都有示例。 + +因为 CloudFlare Worker 默认分配的`workers.dev`结尾的域名国内根本解析不了,所以要把域名托管在 CloudFlare 上才能正常使用,可以购买 `.xyz` 等其他费用合适的域名专门用来做代理访问。 + +但 CloudFlare Worker CDN 经常抽风,有时很快有时很慢,可以借助[自选优选IP工具](https://github.com/XIU2/CloudflareSpeedTest)帮助获取访问 CloudFlare 延迟最低的IP,将其写入到你的本地 Hosts 文件中。 + +### 自建镜像仓库 + +说到自建首先我想到的就是买个配置比较低国外的服务器,搭建个 Nginx 做代理,分享下我配置成功的 Nginx 配置文件: + +```bash +server { + listen 443 ssl; + server_name 域名; + ssl_certificate 证书地址; + ssl_certificate_key 密钥地址; + + ssl_session_timeout 24h; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256'; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + + location / { + proxy_pass https://registry-1.docker.io; # Docker Hub 的官方镜像仓库 + proxy_set_header Host registry-1.docker.io; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + proxy_intercept_errors on; + recursive_error_pages on; + error_page 301 302 307 = @handle_redirect; + } + location @handle_redirect { + resolver 1.1.1.1; + set $saved_redirect_location '$upstream_http_location'; + proxy_pass $saved_redirect_location; + } +} +``` + +然后就可以直接用 `docker pull 域名/library/nginx:latest` 获取镜像了或者配置到 Docker 的`daemon.json`中。 + +Nginx 代理的方案你需要能购买到合适的国外服务器,不然网络会很慢。 + +又或者在国外服务器上搭建 Registry、Nexus、Harbor等镜像仓库,它们具备镜像缓存功能,如果私有镜像仓库中不存在则会去代理服务中获取最新镜像。 + +## 建议方案 + +所以对于个人用户、中小企业来说可以将上述的 `CloudFlare Worker` + `自建镜像仓库` 融合起来,本地搭建 Registry、Nexus、Harbor等镜像仓库,在镜像仓库中配置上自己的 `CloudFlare Worker` `Nginx反代` 等代理地址或者当前一些可用的其他代理,当本地不存在则会通过这些代理去获取镜像,代理不可用时本地依然能用。 + +### 搭建 Docker Registry + +搭建 Docker Registry 可以参考下述命令: + +```bash +docker run -d --restart=always --name registry \ +-p 443:443 +-e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \ #代理的镜像仓库URL +-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ #监听地址 +-e REGISTRY_HTTP_HOST=https://xxx.cn \ #访问域名 +-e REGISTRY_HTTP_TLS_CERTIFICATE=/opt/cert/cert.pem \ #域名证书 +-e REGISTRY_HTTP_TLS_KEY=/opt/cert/cert.key \ #域名证书 +-v /opt/cert:/opt/cert \ #挂载本地证书到容器中 +-v /data:/var/lib/registry \ #持久化数据目录 +registry:2 +``` + +### 搭建 Nexus + +可选择使用 Docker 命令搭建 [Nexus](https://github.com/sonatype/docker-nexus3)。 + +``` +docker run -d -p 8081:8081 --name nexus sonatype/nexus3 +``` + +或者使用 [Rainbond](https://www.rainbond.com/docs/quick-start/quick-install) 应用商店一键安装。 + +![](https://static.goodrain.com/wechat/docker-proxy/1.png) + +搭建完成后正常登录 Nexus 页面,根据页面引导配置 Docker 相关的存储 Repository 及代理 Repository 即可。 + +### 搭建 Harbor + +可参考 [Harbor文档 ](https://goharbor.io/docs/2.11.0/install-config/)搭建或者使用 [Rainbond](https://www.rainbond.com/docs/quick-start/quick-install) 应用商店一键安装。 + +![](https://static.goodrain.com/wechat/docker-proxy/2.png) + +## 可用的镜像代理 + +最近十来天我尝试了很多镜像加速站,整理了以下镜像站目前是可用状态,但可能随时会遇到不可用、关停、访问比较慢的状态,建议同时配置多个镜像源。 + +| 提供商 | 地址 | | +| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| DaoCloud | https://docker.m.daocloud.io | | +| 阿里云 | https://\.mirror.aliyuncs.com | 登录阿里云分配 | +| Docker镜像代理 | https://dockerproxy.com | 看运气 | +| 百度云 | https://mirror.baidubce.com | | +| 南京大学 | https://docker.nju.edu.cn | | +| 中科院 | https://mirror.iscas.ac.cn | | + +## 福利 + +近期 Rainbond 社区也接受到许多用户反馈 Docker 镜像拉不下来,不能构建、打包了,因此 Rainbond 也搭建了个镜像加速服务,采用 `CloudFlare + 国外服务器 Nginx 反代`的方案为 Rainbond 社区的用户们提供镜像加速服务。 + +![](https://static.goodrain.com/wechat/docker-proxy/3.png) + +目前速度挺快的(未来不好说 + +### 使用方法 + +1.直接获取 Docker Hub 镜像 + +```bash +docker pull docker.rainbond.cc/library/node:20 +docker pull docker.rainbond.cc/rainbond/rainbond:v5.17.2-release-allinone +``` + +2.配置镜像加速器 + +```bash +tee /etc/docker/daemon.json <<-'EOF' +{ + "registry-mirrors": ["https://docker.rainbond.cc"] +} +EOF +systemctl daemon-reload +systemctl restart docker +``` diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-07-19-centosmigration.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-07-19-centosmigration.md new file mode 100644 index 0000000000..39d67e9f42 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-07-19-centosmigration.md @@ -0,0 +1,99 @@ +--- +title: CentOS 7 service terminated, where do I go from?I understand that there is no room for migration +description: On December 08, 2020, CentS officially announced the cessation of the Maintenance CentS Project and launched the CentS Stream Project, and indicated that follow-up would be made to the CentS Stream project.For more information, see [CencoS official announcement] (https://blog.centos.org/2020/12/future-is-centos-stream/). +slug: centosmigration +--- + +## Background + +On December 08, 2020, CentS officially announced the cessation of the Maintenance CentS Project and launched the CentS Stream Project, and indicated that follow-up would be made to the CentS Stream project.For more information, see [CencoS official announcement] (https://blog.centos.org/2020/12/future-is-centos-stream/). + +- CentOS 6 ceased maintenance on 30 November 2020, and CentOS 8 stopped maintenance on 31 December 2021. +- CentOS 7 stopped maintenance on 30 June 2024. + + + +## 影响 + +CentOS 停止服务主要的影响是以下两个方面: + +- \*\*安全漏洞:\*\*无法获取安全补丁来修复高风险的CVE漏洞。 + +* \*\*软件功能:\*\*不再发布新版本软件包,缺乏新功能、新架构支持; + +总的来说停止维护意味着无法获取安全补丁修复高风险的 CVE 漏洞,也无法获取到新版本软件包带来的新功能和架构支持。这直接导致了操作系统出现的任何安全漏洞或其他问题都无法得到官方的处理,同时许多基础软件包也不再更新。 + +## 如何应对 + +面对这种情况,我们不得不考虑迁移到其他长期支持(LTS)的 Linux 发行版,以确保系统的安全和持续更新。可选的迁移目标包括: + +- **Ubuntu LTS**:提供至少五年的安全更新和维护,适合需要长期稳定支持的企业环境。 +- **Debian Stable**:同样提供长期安全支持,稳定性良好,适合生产环境。 +- **Fedora Server 或 Fedora Workstation**:虽然支持周期较短,但提供最新的软件和特性,适合需要最新技术的环境。 +- **Rocky Linux**:为了填补 CentOS 停止维护留下的空白而创建的,与 Red Hat Enterprise Linux(RHEL)高度兼容,迁移过程相对简单。 +- **Anolis OS、openEuler、OpenCloudOS**:这些由国内厂商主导并开源的 Linux 发行版,同样与 RHEL 高度兼容,为企业用户提供了很好的本地化支持和服务。 + +在选择迁移目标时,如果选择迁移到 **Ubuntu、Debian 或 Fedora**,可能需要使用一些外部工具帮助迁移,因为这些系统与 CentOS 有较大的包管理差异,迁移过程可能涉及较高的风险。 + +而选择 **Rocky Linux、Anolis OS、openEuler 或 OpenCloudOS** 则会简化迁移过程,因为这些系统与 CentOS 的高度兼容性降低了迁移难度,让过程更为顺畅。 + +### Centos 7 迁移到 Anolis OS 7 + +这里以 Centos 7 迁移到 Anolis OS 7 举例。 + +1. 下载 Anolis OS 迁移工具 yum 源 + +```bash +wget https://mirrors.openanolis.cn/anolis/migration/anolis-migration.repo -O /etc/yum.repos.d/anolis-migration.repo +``` + +2. 安装迁移工具 centos2anolis + +```bash +yum -y install centos2anolis +``` + +> 若出现下述的报错,则需要安装epel源,迁移工具需要依赖 epel 源中的 python36-psutil 包 +> +> ```bash +> Error: Package: centos2anolis-0.2-20.an7.noarch (migration) +> Requires: python36-psutil +> +> $ yum install -y epel-release +> ``` + +3. 执行迁移命令 + +```bash +# 不加参数默认迁移到 ANCK 内核的 Anolis OS +centos2anolis.py +# 迁移到 RHCK 内核的 Anolis OS +centos2anolis.py --rhck +``` + +迁移完成后如下图所示: + +![](https://static.goodrain.com/wechat/centos-migration/1.png) + +4. 重启并验证 OS 版本 + +![](https://static.goodrain.com/wechat/centos-migration/2.png) + +5. 迁移完成,在 Rainbond 集群管理的节点详情中也可查看到操作系统版本。 + +![](https://static.goodrain.com/wechat/centos-migration/3.png) + +### 迁移到其他 Linux 发行版 + +自 Centos 系列项目宣布停止维护以后,大部分 Linux 发行版都提供了迁移指南,例如: + +- [Centos 迁移到 Rocky Linux](https://docs.rockylinux.org/zh/guides/migrate2rocky/) +- [Centos 迁移到 Anolis OS](https://openanolis.cn/sig/migration/doc/451732372594279514) +- [Centos 迁移到 openEuler](https://www.openeuler.org/zh/migration/guidance/) +- [Centos 迁移到 OpenCloudOS](https://docs.opencloudos.org/centos_migrate/migrate_CentOS7_to_OC7/) + +以上四种方式都是相当容易、简单的,因为它们都与 Centos 高度兼容。 + +## 最后 + +迁移操作系统是一个比较重要的事情,需要完整的计划和执行。建议在大家实施之前,充分测试所有关键的业务应用以确保兼容性,准备好详细的回滚方案以应对可能出现的问题。祝大家都能完美迁移成功~ diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-13-gchopensource.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-13-gchopensource.md new file mode 100644 index 0000000000..c9bf17e39c --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-13-gchopensource.md @@ -0,0 +1,84 @@ +--- +title: The first open source cloud native platform to support the creation of national confidence +description: Nationalized credit creation refers to the development and diffusion of Chinese indigenous information technology and innovation industries.With the complex changes in various situations, the promotion of nationalization and confidence-building have become important directions for the development of the information industry.Against this backdrop, domestic technology enterprises and developers have been involved in the wave of open country production and autonomous innovation, seeking to escape dependence on foreign technology and services.From hardware to software, and to cloud origin. +slug: gchopensource +--- + +Nationalized credit creation refers to the development and diffusion of Chinese indigenous information technology and innovation industries.With the complex changes in various situations, the promotion of nationalization and confidence-building have become important directions for the development of the information industry.Against this backdrop, domestic technology enterprises and developers have been involved in the wave of open country production and autonomous innovation, seeking to escape dependence on foreign technology and services.From hardware to software, and to cloud origin. + +It is well known that there are domestically produced confidence-building products in various technical areas, such as CPU, NPOS, NPDs, etc., that are being done by manufacturers, and that have open source versions.But there are currently fewer open sources of home-grown creatures.I understand that at the domestic level, Rainbond is the first open-source cloud-origin platform to support the creation of national futures. + + + +## 国产化信创环境支持 + +目前主流的国产化 CPU 厂商包括飞腾、华为、龙芯、海光、兆芯等,其指令集集中在 `X86` 、`Arm` 以及自主性极高的 `LoongArch` (MIPS 指令集的后继者) 。 + +![](https://static.goodrain.com/localization-guide/%E5%9B%BD%E4%BA%A7CPU%E7%94%9F%E6%80%81.png) + +Rainbond 开源版本对国产 CPU 和国产操作系统提供全面支持,确保应用能够在国产硬件和软件环境下稳定运行。这包括对多种国产 CPU 架构的优化和适配,如鲲鹏、飞腾、龙芯等,以及对国产操作系统的兼容性,例如统信、银河麒麟、中标麒麟、龙蜥、欧拉操作系统等。这种支持不仅涵盖了基础的运行环境,还包括了对特定硬件和软件特性的优化,以提高性能和安全性。 + +## 信创应用迁移支持 + +Rainbond 开源版本自动屏蔽架构差异,以最低成本将应用迁移到国产化信创环境之中。仅需要提供源代码,即可在指定架构环境中编译运行。开源应用商店提供不同架构的应用模板,上百种开源软件一键部署。信创应用供应商可以以最小的技术成本和时间成本,即可将不同类型的服务重新编译,并部署到信创环境中去。 + +![](https://static.goodrain.com/localization-guide/%E5%BC%82%E6%9E%84%E5%BE%AE%E6%9C%8D%E5%8A%A1%E8%BF%81%E7%A7%BB.png) + +## 国产化信创环境部署实践 + +Rainbond 的有三种安装方式,这三种安装方式都支持国产化信创环境: + +- [快速安装](https://www.rainbond.com/docs/quick-start/quick-install):这是一个快速体验版本,使用一条命令安装 Rainbond。 +- [基于主机安装](https://www.rainbond.com/docs/installation/install-with-ui/):支持通过裸操作系统开始部署 K8s + Rainbond。 +- [基于K8s安装](https://www.rainbond.com/docs/installation/install-with-helm/):这种方式需要用户自行部署K8s,再部署 Rainbond。 + +下面将简述如何使用基于主机安装方式在麒麟V10 + 鲲鹏上部署 Rainbond。我这里是在华为云上开个演示服务器。 + +![](https://static.goodrain.com/wechat/xinchuang/1.png) + +### 安装 Docker + +Rainbond 提供了 Arm 版的 Docker 安装脚本,如下: + +```bash +curl -sfL https://get.rainbond.com/install_docker | bash +``` + +### 安装 Rainbond 控制台 + +Rainbond 镜像支持多架构,不同的架构自动拉取不同的镜像。使用 Docker 启动 Rainbond 控制台,启动后使用 `http://IP:7070`进行访问。 + +```bash +docker run -d -p 7070:7070 \ +--name=rainbond-allinone --restart=always \ +-v ~/.ssh:/root/.ssh \ +-v ~/rainbonddata:/app/data \ +registry.cn-hangzhou.aliyuncs.com/goodrain/rainbond:v5.17.3-release-allinone +``` + +### 安装 K8s + +1. 登录 Rainbond 后,进入 **平台管理 > 集群 -> 添加集群 -> 从主机开始安装** 进入图形化安装页面。 +2. 按照页面引导填写信息,如下: + +![](https://static.goodrain.com/wechat/xinchuang/2.png) + +3. 等待完成安装即可。 + +## 安装 Rainbond 集群 + +在安装完成 K8s 集群后,下一步将进入 Rainbond 集群安装页面,这部分将引导您完成 Rainbond 集群的安装。 + +根据页面引导填写配置,配置详情可参考 [Rainbond 集群安装配置说明](https://www.rainbond.com/docs/installation/install-with-ui/#%E5%AE%89%E8%A3%85-rainbond-%E9%9B%86%E7%BE%A4)。 + +![](https://static.goodrain.com/wechat/xinchuang/4.png) + +配置信息填写完成后进入 Rainbond 集群安装页面,在该页面可看到安装的进度信息,并且每个组件都可点击查看状态以及事件信息。 + +![](https://static.goodrain.com/wechat/xinchuang/5.png) + +等待 Rainbond 所有组件都启动后,会自动跳转到集群对接页面,填写集群 ID,完成对接。 + +## 最后 + +在完成以上步骤后,您已经成功在国产化信创环境中部署了 Rainbond 云原生平台,并且可以开始管理和部署您的信创应用。随着国产化信创的不断推进,Rainbond 作为首个全面支持国产化信创的开源云原生平台,将在未来发挥越来越重要的作用。国产化信创的道路虽充满挑战,但 Rainbond 会致力做好开源、做好国产化信创,我们相信未来国产化信创云原生平台的生态将会更加完善。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-16-deployRainbondToArm.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-16-deployRainbondToArm.md new file mode 100644 index 0000000000..b22d7415af --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-16-deployRainbondToArm.md @@ -0,0 +1,486 @@ +--- +title: Creativity Environments:Super ARM+Licorne for the offline deployment of K8s and Rainbond Creative Platforms +description: In our last paper on the Ninational Platform of Creative Creative Creative Origin of Nationality, we described Rainbond as a potentially first domestic open-source national confidence-building platform to support national production and confidence creation, and also outlined how to deploy Kubernetes and Rainbond online in the context of national productive confidence-creation. +slug: employee RainbondToArm +--- + +In the previous article [Nippon Foundation for the Creative Origin of Nationality] (https://mp.weixin.qq.com/s/0ywRmYrNBrsDtPYDYDrfw), we described the capabilities of Rainbond as a potentially first domestic open-source national information generation platform to support nationalization and confidence-building, and outlined how to deploy Kubernetes and Rainbond online in the national productive confidence-building environment. + +However, the demand for offline deployment is more common for most national credit-producing environments, such as banks and governments.It is noteworthy that the Rainbond official web file currently provides only guidelines for the offline deployment of Rainbond in an existing Kubernetes environment.Why, then, do we not provide documentation for the offline deployment of Kubernetes?Unlike other open source communities, Rainbond has always been responsible for the issues raised by each open-source user and has been active in helping to resolve them.However, this would undoubtedly place an additional burden on community support teams, especially when dealing with issues that would not otherwise fall within the framework of Rainbod. + +This article will therefore provide detailed information on how Kubernetes and Rainbond are deployed in the context of national production of trust and will, hopefully, provide practical guidance to users to reduce difficulties in the deployment process. + + + +![](https://static.goodrain.com/wechat/xinchuang/server.png) + +## 准备离线镜像和安装包 + +在有网的 Arm 环境中准备以下镜像和安装包。 + +### Docker 离线包 + +下载 Docker 离线安装包和离线安装脚本。 + +```bash +wget https://pkg.rainbond.com/offline/docker/docker-arm-20.10.9.tgz +wget https://get.rainbond.com/install_docker_offline.sh +``` + +### Kubernetes 离线包 + +本次部署 K8s 版本为 `v1.23.10`,采用 Rancher Kubernetes Engine 简称 RKE,是一个经过 CNCF 认证的 Kubernetes 安装程序。 + +在 Arm 环境中获取以下离线包。 + +```bash +# Kubectl和 Helm 二进制文件 +wget https://pkg.goodrain.com/pkg/kubectl/v1.23.10/kubectl-arm -O kubectl +wget https://pkg.goodrain.com/pkg/helm/v3.10.1/helm-arm64 -O helm +# RKE安装二进制文件 +wget https://pkg.goodrain.com/pkg/rke/v1.3.15/rke-arm -O rke +``` + +```bash +#!/bin/bash +# RKE Docker镜像 +image_list="registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coreos-etcd:v3.5.3 +registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87 +registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87 +registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87 +registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87 +registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-kube-dns:1.21.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-dnsmasq-nanny:1.21.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-sidecar:1.21.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/cluster-proportional-autoscaler:1.8.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coredns-coredns:1.10.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/cluster-proportional-autoscaler:1.8.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-node-cache:1.21.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/hyperkube:v1.23.10-rancher1 +registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coreos-flannel:v0.15.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/flannel-cni:v0.3.0-rancher6 +registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-pause:3.6 +registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-metrics-server:v0.6.1" + +for image in ${image_list}; do + docker pull "${image}" +done + +docker save -o rke-images.tar ${image_list} +``` + +### Rainbond 离线包 + +在有网络的环境下提前准备好 Rainbond 所需的镜像。 + +```bash +#!/bin/bash +VERSION=${VERSION:-'v5.17.3-release'} + +image_list="registry.cn-hangzhou.aliyuncs.com/goodrain/kubernetes-dashboard:v2.6.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/registry:2.6.2 +registry.cn-hangzhou.aliyuncs.com/goodrain/metrics-server:v0.4.1 +registry.cn-hangzhou.aliyuncs.com/goodrain/etcd:v3.3.18 +registry.cn-hangzhou.aliyuncs.com/goodrain/metrics-scraper:v1.0.4 +registry.cn-hangzhou.aliyuncs.com/goodrain/rainbond:${VERSION}-allinone +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-mesh-data-panel:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-webcli:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-eventlog:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-init-probe:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-chaos:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-mq:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rainbond-operator:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-worker:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-node:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-monitor:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-gateway:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-api:${VERSION} +registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-db:8.0.19 +registry.cn-hangzhou.aliyuncs.com/goodrain/mysqld-exporter:latest +registry.cn-hangzhou.aliyuncs.com/goodrain/nfs-provisioner:latest" + +for image in ${image_list}; do + docker pull "${image}" +done + +docker save -o rainbond-"${VERSION}".tar ${image_list} +``` + +获取 Rainbond Helm Chart 安装包 + +```bash +git clone --depth=1 https://github.com/goodrain/rainbond-chart +``` + +## 开始部署 Kubernetes + +### 前提要求 + +在开始安装 K8s 之前请阅读 [RKE 安装要求](https://docs.rancher.cn/docs/rke/os/_index),该文档讲述了 RKE 对操作系统、软件、端口和 SSH 配置的要求,安装前,请检查您的节点是否满足这些要求。 + +### 部署 Docker + +导入 Docker 离线包到所有节点,执行脚本安装 Docker。 + +```bash +$ ls +docker-arm-20.10.9.tgz install_docker_offline.sh +$ bash ./install_docker_offline.sh +``` + +导入 K8s 相关的离线包和 Docker 镜像到所有节点。 + +### 配置Docker用户 + +RKE 要求使用一个免密的用户用于后续的集群安装,该用户需有执行 Docker 的权限。 + +```bash +# 创建用户并加入 root 组 +adduser -g root docker && echo "docker:password" | chpasswd +# 生成 ssh 密钥,一直回车全默认即可 +ssh-keygen +# 配置免密登录 +ssh-copy-id docker@xxxx +``` + +使用 Docker 用户登录检查是否有 Docker 执行权限。 + +```bash +$ ssh docker@xxxx +$ docker ps +``` + +### 编辑cluster.yml文件 + +使用 RKE 安装 K8s 集群需要使用 RKE 生成的配置文件,以下是我的示例,更多请参阅[RKE配置文件说明](https://docs.rancher.cn/docs/rke/example-yamls/_index)。 + +需要我们修改的只有 `nodes` 字段,如果导入镜像的镜像仓库地址不变则 yml 也无需修改,如有改动需修改 `system_images` 字段下所有镜像地址。 + +```yaml +nodes: +- address: 192.168.0.138 + port: "22" + internal_address: 192.168.0.138 + role: + - etcd + - controlplane + - worker + hostname_override: "" + user: docker + docker_socket: "" + ssh_key: "" + ssh_key_path: ~/.ssh/id_rsa + ssh_cert: "" + ssh_cert_path: "" + labels: {} + taints: [] +services: + etcd: + image: "" + extra_args: {} + extra_args_array: {} + extra_binds: [] + extra_env: + - ETCD_AUTO_COMPACTION_RETENTION=1 + win_extra_args: {} + win_extra_args_array: {} + win_extra_binds: [] + win_extra_env: [] + external_urls: [] + ca_cert: "" + cert: "" + key: "" + path: "" + uid: 0 + gid: 0 + snapshot: null + retention: "" + creation: "" + backup_config: null + kube-api: + image: "" + extra_args: {} + extra_args_array: {} + extra_binds: [] + extra_env: [] + win_extra_args: {} + win_extra_args_array: {} + win_extra_binds: [] + win_extra_env: [] + service_cluster_ip_range: 10.43.0.0/16 + service_node_port_range: "" + pod_security_policy: false + always_pull_images: false + secrets_encryption_config: null + audit_log: null + admission_configuration: null + event_rate_limit: null + kube-controller: + image: "" + extra_args: {} + extra_args_array: {} + extra_binds: [] + extra_env: [] + win_extra_args: {} + win_extra_args_array: {} + win_extra_binds: [] + win_extra_env: [] + cluster_cidr: 10.42.0.0/16 + service_cluster_ip_range: 10.43.0.0/16 + scheduler: + image: "" + extra_args: {} + extra_args_array: {} + extra_binds: [] + extra_env: [] + win_extra_args: {} + win_extra_args_array: {} + win_extra_binds: [] + win_extra_env: [] + kubelet: + image: "" + extra_args: {} + extra_args_array: {} + extra_binds: + - /grlocaldata:/grlocaldata:rw,z + - /cache:/cache:rw,z + extra_env: [] + win_extra_args: {} + win_extra_args_array: {} + win_extra_binds: [] + win_extra_env: [] + cluster_domain: cluster.local + infra_container_image: "" + cluster_dns_server: 10.43.0.10 + fail_swap_on: false + generate_serving_certificate: false + kubeproxy: + image: "" + extra_args: {} + extra_args_array: {} + extra_binds: [] + extra_env: [] + win_extra_args: {} + win_extra_args_array: {} + win_extra_binds: [] + win_extra_env: [] +network: + plugin: flannel # calico + options: {} + mtu: 0 + node_selector: {} + update_strategy: null + tolerations: [] +authentication: + strategy: x509 + sans: [] + webhook: null +addons: "" +addons_include: [] +system_images: + etcd: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coreos-etcd:v3.5.3 + alpine: registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87 + nginx_proxy: registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87 + cert_downloader: registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87 + kubernetes_services_sidecar: registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87 + kubedns: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-kube-dns:1.21.1 + dnsmasq: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-dnsmasq-nanny:1.21.1 + kubedns_sidecar: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-sidecar:1.21.1 + kubedns_autoscaler: registry.cn-hangzhou.aliyuncs.com/goodrain/cluster-proportional-autoscaler:1.8.1 + coredns: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coredns-coredns:1.10.1 + coredns_autoscaler: registry.cn-hangzhou.aliyuncs.com/goodrain/cluster-proportional-autoscaler:1.8.1 + nodelocal: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-node-cache:1.21.1 + kubernetes: registry.cn-hangzhou.aliyuncs.com/goodrain/hyperkube:v1.23.10-rancher1 + flannel: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coreos-flannel:v0.15.1 + flannel_cni: registry.cn-hangzhou.aliyuncs.com/goodrain/flannel-cni:v0.3.0-rancher6 + calico_node: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-node:v3.22.0 + calico_cni: registry.cn-hangzhou.aliyuncs.com/goodrain/calico-cni:v3.22.0-rancher1 + calico_controllers: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-kube-controllers:v3.22.0 + calico_ctl: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-ctl:v3.22.0 + calico_flexvol: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-pod2daemon-flexvol:v3.22.0 + canal_node: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-node:v3.22.0 + canal_cni: "" + canal_controllers: "" + canal_flannel: "" + canal_flexvol: "" + weave_node: "" + weave_cni: "" + pod_infra_container: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-pause:3.6 + ingress: "" + ingress_backend: "" + ingress_webhook: "" + metrics_server: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-metrics-server:v0.6.1 + windows_pod_infra_container: "" + aci_cni_deploy_container: "" + aci_host_container: "" + aci_opflex_container: "" + aci_mcast_container: "" + aci_ovs_container: "" + aci_controller_container: "" + aci_gbp_server_container: "" + aci_opflex_server_container: "" +ssh_key_path: "" +ssh_cert_path: "" +ssh_agent_auth: false +authorization: + mode: rbac + options: {} +ignore_docker_version: null +enable_cri_dockerd: null +kubernetes_version: "" +private_registries: [] +ingress: + provider: none + options: {} + node_selector: {} + extra_args: {} + dns_policy: "" + extra_envs: [] + extra_volumes: [] + extra_volume_mounts: [] + update_strategy: null + http_port: 0 + https_port: 0 + network_mode: "" + tolerations: [] + default_backend: null + default_http_backend_priority_class_name: "" + nginx_ingress_controller_priority_class_name: "" + default_ingress_class: null +cluster_name: "" +cloud_provider: + name: "" +prefix_path: "" +win_prefix_path: "" +addon_job_timeout: 300 +bastion_host: + address: "" + port: "" + user: "" + ssh_key: "" + ssh_key_path: "" + ssh_cert: "" + ssh_cert_path: "" + ignore_proxy_env_vars: false +monitoring: + provider: none + options: {} + node_selector: {} + update_strategy: null + replicas: null + tolerations: [] + metrics_server_priority_class_name: "" +restore: + restore: false + snapshot_name: "" +rotate_encryption_key: false +dns: null +``` + +### 执行安装 + +执行以下命令开始安装 K8s。经验证麒麟V10必须 SSH 配置 `AllowTcpForwarding yes`,不然就会报错,参阅 [RKE SSH配置](https://docs.rancher.cn/docs/rke/os/_index#ssh-server-%E9%85%8D%E7%BD%AE)。 + +```bash +./rke up +``` + +如果安装过程中遇到错误需要清理集群可使用以下脚本进行清理。 + +```bash +curl -sfL https://get.rainbond.com/clean-rke | bash +``` + +集群安装成功后需要将 kubeconfig 文件拷贝到默认路径下。 + +```bash +mkdir /root/.kube && cp kube_config_cluster.yml /root/.kube/config +``` + +执行以下命令确认安装结果 + +```bash +kubectl get node +``` + +## 开始部署 Rainbond + +### 前提要求 + +每个节点都需要安装 `nfs-utils` 包,这里就不详细说明了,网上教程很多,大概就是挂载 DVD 镜像,然后做个本地镜像源,直接 yum install 就可以。 + +### 导入镜像包 + +```bash +docker load -i rainbond-v5.17.3-release.tar +``` + +### 安装 Rainbond + +复制准备节点 Git 克隆的 Helm Chart。 + +使用 Helm Chart 安装 Rainbond。 + +1. 创建命名空间 + +```bash +kubectl create namespace rbd-system +``` + +2. 编写 Helm values.yml,更多 Chart 参数请参阅 [Chart 安装选项](https://www.rainbond.com/docs/installation/install-with-helm/vaules-config)。 + +```bash +operator: + image: + name: registry.cn-hangzhou.aliyuncs.com/goodrain/rainbond-operator + tag: v5.17.3-release + +Cluster: + enableEnvCheck: false + gatewayIngressIPs: 192.168.0.138 + nodesForChaos: + - name: 192.168.0.138 + nodesForGateway: + - externalIP: 192.168.0.138 + internalIP: 192.168.0.138 + name: 192.168.0.138 + rainbondImageRepository: registry.cn-hangzhou.aliyuncs.com/goodrain + installVersion: v5.17.3-release +Component: + rbd_app_ui: + enable: true + env: + DISABLE_DEFAULT_APP_MARKET: true +``` + +3. 执行 Helm 安装命令 + +```bash +helm install rainbond ./rainbond-chart -n rbd-system -f value.yml +``` + +### 安装进度查询 + +执行完安装命令后,在集群中执行以下命令查看安装状态。 + +```bash +watch kubectl get po -n rbd-system +``` + +当名称包含 `rbd-app-ui` 的 Pod 为 Running 状态时即安装成功。 + +### 访问平台 + +复制如下命令,在集群中执行,可以获取到平台访问地址。如果有多个网关节点,则任意一个地址均可访问到控制台。 + +```bash +kubectl get rainbondcluster rainbondcluster -n rbd-system -o go-template --template='{{range.spec.gatewayIngressIPs}}{{.}}:7070{{printf "\n"}}{{end}}' +``` + +### 离线环境源码构建(可选) + +如果你需要在离线环境下进行源码构建,请参阅[Rainbond离线源码构建文档](https://www.rainbond.com/docs/installation/offline/#%E7%A6%BB%E7%BA%BF%E7%8E%AF%E5%A2%83%E4%B8%8B%E4%BD%BF%E7%94%A8%E6%BA%90%E7%A0%81%E6%9E%84%E5%BB%BA%E5%8F%AF%E9%80%89)进行配置。 + +## 最后 + +通过本文的指导,希望您能顺利完成在鲲鹏ARM和麒麟V10环境下的 Kubernetes 和 Rainbond 的离线部署。在国产化信创环境中,离线部署的需求越来越普遍,我们提供的详细步骤和示例,帮助您减少部署过程中的不确定性和挑战。未来,我们还将继续更新更多相关教程和文档,以更好地服务于国产化信创领域的需求。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-30-platformengineering.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-30-platformengineering.md new file mode 100644 index 0000000000..574e3bc5ff --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-08-30-platformengineering.md @@ -0,0 +1,89 @@ +--- +title: What is the platform project:?Who will do it?What to do? +description: Platform engineering is the design, construction and maintenance of workflows and tools for software development teams and the harmonization of team work and faster processing of daily permanent duties.Many platform engineers will also maintain a software called the **Internal Developer Platform** that brings together information and knowledge from different clouds, tools, and teams so that all engineers can find in one place the information they need about their applications, services, and infrastructure.This area arises from the growing complexity of software development, the increasing number of tools and processes involved and the growing number of things that developers need to address. +slug: platformeningering +--- + +The platform project, which may have been heard, is a new term that adds new elements to the already crowded constellation of roles in the fields of development and DevOs. + +In this article, we will describe the platform project, its differences from DevOs, and why you may consider using platform projects and who needs the ability to do them. + + + +## 什么是平台工程? + +平台工程就是为软件开发团队设计、搭建和维护工作流程和工具,让团队的工作更加统一,日常任务处理得更快。 + +很多平台工程师还会维护一个叫做**内部开发者平台**的软件,这个平台把分散在不同云服务、工具和团队中的信息和知识汇集起来,让所有工程师都能在一个地方找到他们需要的关于应用、服务和基础设施的信息。 + +这个领域之所以出现,是因为现在软件开发越来越复杂,涉及到的工具和流程越来越多,开发者需要处理的事情也越来越多。 + +## 为啥需要平台工程? + +平台工程的出现是为了帮助软件开发者应对开发应用的复杂性。虽然DevOps的目标是自动化应用的部署和运行,但实际上只有一些大的团队或能力较强的团队才能做到。 + +现实中,当一些团队去掉运维人员并实施DevOps时,会出现一些问题。比如,一项研究显示,顶尖的组织能够成功实施**谁开发,谁运维**的模式,但其他团队尝试这种模式却失败了。 + +高级开发者常常不得不扮演幕后运维团队的角色,这导致最宝贵的开发资源——也就是成本最高、本应该用来提升开发团队速度和质量的资源——无法专注于他们本职的开发工作,因为他们得花时间处理运维任务。 + +这就导致运维工作在组织中分散,质量参差不齐,取决于高级开发者能投入多少时间来搭建和维护。 + +成功的组织和不成功的组织的区别在于,成功的组织有一个专门的团队负责维护内部开发者平台,支持开发团队。这些专门的团队让开发团队能够专注于创建软件功能,而不是管理依赖、流水线和工具。 + +## 平台工程的挑战 + +虽然平台工程为开发团队带来了很多好处,但在实施过程中也会面临一些挑战。 + +- **跨团队协作的复杂性**:平台工程需要跨越多个团队的边界,涉及开发、运维、安全、质量保证等多个职能部门。如何协调这些团队的需求,并确保平台的变更能够满足所有团队的期望,是一项艰巨的任务。缺乏有效的沟通和协作机制可能导致误解、延误,甚至项目失败。 +- **用户需求的多样性**:平台工程师通常需要支持多个团队,这些团队可能有不同的需求和优先级。有时这些需求可能是相互冲突的,或者资源有限,无法同时满足所有需求。这就要求平台工程师具备敏锐的判断力和灵活的优先级管理能力,平衡各方利益。 +- **技术债务的积累**:随着时间的推移,平台可能会变得越来越复杂,特别是当引入新的工具和技术时。如果平台工程师没有足够的时间和资源来维护和升级平台,技术债务就会逐渐积累,最终可能导致平台变得难以管理和维护。这不仅会降低平台的效能,还可能影响开发团队的工作效率。 +- **文化和习惯的改变**:平台工程的成功依赖于整个组织的文化变革,这意味着团队成员必须接受新的工具、流程和工作方式。改变现有的习惯和思维方式往往是困难的,特别是当团队已经习惯于使用传统的工具和方法时。推动这种变革需要时间、耐心和强有力的领导支持。 + +## 平台工程师做什么? + +平台工程师负责部署和维护内部开发者平台,他们通常对软件工程实践和软件开发人员的工作方式有深入的理解。此外,他们了解团队中交付什么以及完成这些目标所需的工具和工作流程。他们还有使用各种DevOps工具和实践的经验。 + +简单来说,平台工程师就像是软件开发团队的后勤支持,他们确保开发者有一个强大、易于使用的工具和环境,以便开发者可以专注于编写高质量的代码,而不必担心其他事情。 + +## 平台工程与DevOps的关系是什么? + +平台工程与DevOps密切相关。许多平台工程师来自DevOps背景。DevOps是一套帮助企业更快、更有效地交付软件的实践,它强调开发和运维团队之间的协作。 + +平台工程借鉴了DevOps的许多相同原则,包括自动化、持续交付和持续集成。 + +平台工程与DevOps的不同之处在于,平台工程是构建工具来帮助工程师和DevOps执行他们的任务。工具创建通常不是DevOps的重点,或者如果工具是创建的,那是临时性的。 + +## 谁需要平台工程技能? + +如果你的团队正在开发软件,那么你很可能需要平台工程技能来帮助你的软件开发团队加速。集成开发平台越来越普遍,它们被用来帮助世界上一些最具破坏性和适应性的软件开发团队加快工作。 + +平台工程是所有考虑实施DevOps的组织都要考虑的事情。随着企业努力更快地交付软件,他们需要流程和工程师,这些工程师能够使他们的软件开发团队,而不是阻碍他们。 + +在做出决策时,要记住DevOps反模式。首先,问问自己是否能够成功执行DevOps。如果不行,那么一个内部开发者平台和平台工程可能是你正确的选择。 + +## 基于Rainbond实现平台工程 + +在理解了平台工程的核心要点之后,接下来简述说一下如何使用 Rainbond 这样的工具来实现平台工程? + +Rainbond 是一个以应用为中心、不用学习 Kubernetes 的云原生应用管理平台,Rainbond 提供了一系列的功能来支持平台工程的实践。以下是 Rainbond 如何帮助实现平台工程的几个关键点: + +- **简化应用管理**:Rainbond 通过其应用中心和应用商店,为开发者提供了一个集中化的管理平台。开发者可以在一个统一的界面中管理他们的应用,从部署到监控,从环境配置到扩展应用的能力。这种集中化管理减少了开发者在不同工具之间切换的需求,从而提升了工作效率。 + +- **自动化工作流程**:开发者能够轻松地部署他们的应用,从源代码到运行,开发者无需创建、管理 CI/CD 的过程,帮助团队自动化构建、测试和部署流程。通过自动化,开发团队可以专注于编写代码,而平台工程师则可以通过Rainbond配置和维护这些自动化流程,确保整个流程的可靠性和一致性。 + +- **统一的环境管理**:Rainbond 提供了灵活的环境管理功能,开发者可以轻松创建和管理不同的环境(如开发、测试、生产环境)。这种灵活性使得团队可以快速迭代和测试应用,而不必担心环境之间的不一致性。 + +- **简化的Kubernetes集成**:Rainbond 抽象了Kubernetes的复杂性,使得开发者可以在不深入了解Kubernetes的情况下,轻松管理云原生应用。平台工程师可以利用Rainbond提供的工具,为开发团队构建一个稳定、高效的开发平台,而开发者则可以专注于应用逻辑的实现。 + +* **多云和混合云支持**:Rainbond 支持跨多个云平台和混合云环境的部署,这对于需要在不同云服务提供商之间切换或者同时使用多个云服务的企业尤为重要。平台工程师可以通过Rainbond统一管理不同云环境中的资源,降低管理复杂性。 +* **集成开发工具**:Rainbond 提供了与多种开发工具和服务的无缝集成,使得开发者可以直接在平台上使用他们熟悉的工具。无论是代码管理、持续集成、还是监控工具,Rainbond 都提供了广泛的支持,进一步简化了开发者的工作流程。 +* **支持微服务架构**:Rainbond 针对微服务架构提供了全面的支持,开发者可以轻松管理和扩展他们的微服务应用。平台工程师可以通过Rainbond的微服务治理功能,确保服务间的通信稳定、高效,同时提供故障诊断和自动恢复的能力。 +* ...... + +通过这些功能,Rainbond 为平台工程的实施提供了一个强大且灵活的工具集。平台工程师可以利用这些工具创建一个集成、高效、安全的内部开发者平台,从而帮助企业加速软件开发的流程。 + +## 最后 + +总而言之,平台工程为企业软件开发注入了新的活力,帮助开发团队在日益复杂的技术环境中保持敏捷和高效。如果你的团队正在寻求更好的开发流程和工具支持,平台工程无疑是值得考虑的解决方案。通过正确的工具和方法,平台工程可以成为推动企业成功的关键因素。 + +这样一来,无论是开发团队还是企业,都能从平台工程中获得巨大收益,将精力集中在创新和业务增长上,而不是陷入工具和流程的管理困境中。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-09-13-whatrainbond.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-09-13-whatrainbond.md new file mode 100644 index 0000000000..45149c1382 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-09-13-whatrainbond.md @@ -0,0 +1,124 @@ +--- +title: What is Rainbond?Complexity to break Kubernetes +description: In recent years, Kubernetes have become the standard for packaging with the rapid development of endogenous technologies.However, the complexity of Kubernetes has also become a major challenge for many developers and operators.Learning and managing Kubernetes may be a high learning cost for those teams that wish to focus on application development, especially in SMEs, who do not have sufficient resources and time to gain insight into all the details of Kubernetes. +slug: Whatrainbond +--- + +In recent years, Kubernetes have become the standard for packaging with the rapid development of endogenous technologies.However, the complexity of Kubernetes has also become a major challenge for many developers and operators.Learning and managing Kubernetes may be a high learning cost for those teams that wish to focus on application development, especially in SMEs, who do not have sufficient resources and time to gain insight into all the details of Kubernetes. + +This is the time for **Rainbond**.As an open source of cloud native application management platform, Rainbond provides an abstraction that allows users to focus on the construction, deployment and management of the application without having to understand the bottom Kubernetes and packaging techniques.This “application-centred” concept has made Rainbond a very friendly platform for those who want to enjoy the cloudy technological advantage but do not want to fall into a complex operation at the bottom. + + + +## Kubernetes 的复杂性:开发者的隐忧 + +在现代的云原生环境中,Kubernetes 被誉为解决容器编排的**黄金标准**,它的功能包括自动扩展、服务发现、负载均衡、滚动更新等。然而,这些强大的功能背后,也隐藏着一个陡峭的学习曲线。 + +对于那些并非专职运维的开发者,学习如何创建和管理 Pod、Service、Ingress、ConfigMap、PersistentVolume 等资源,往往会分散开发的注意力。更不用提在多集群环境下的复杂性,或者在大规模应用场景下如何确保高可用性、容错性和扩展性。这些问题都需要专门的运维知识,并不是每个团队都有能力处理。 + +例如,Kubernetes 的 YAML 配置文件是其应用管理的核心,虽然灵活,但它的语法复杂且冗长,对于不熟悉 Kubernetes 语法的开发者来说,编写和调试这些配置文件不仅费时费力,还容易出错。Kubernetes 核心 API 中有大约**50-60**种对象(包括不同版本和扩展对象,如 CRD),属性数量因对象而异,通常每个对象拥有**5-40**个属性不等。 + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app-deployment + namespace: default +spec: + replicas: 3 + selector: + matchLabels: + app: my-app + template: + metadata: + labels: + app: my-app + spec: + containers: + - name: app-container + image: nginx:latest + ports: + - containerPort: 80 + envFrom: + - configMapRef: + name: app-config + - secretRef: + name: app-secret + volumeMounts: + - name: app-storage + mountPath: /usr/share/nginx/html + volumes: + - name: app-storage + persistentVolumeClaim: + claimName: app-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: app-service + namespace: default +spec: + selector: + app: my-app + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: app-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: myapp.example.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: app-service + port: + number: 80 +``` + +_上面的代码展示了 Kubernetes 配置文件的复杂性,对于许多开发者来说,这是一个门槛。_ + +## Rainbond:以应用为中心的简化管理 + +Rainbond 的设计理念从一开始就着眼于解决这些问题。它通过**应用级抽象**,将 Kubernetes 的复杂性隐藏起来,让用户专注于他们最关心的部分——应用本身。 + +### 1. 应用级抽象 + +应用级抽象是 Rainbond 的核心特性之一。所谓应用级抽象,指的是用户不再需要关注 Kubernetes 中的底层资源(如 Pod、Service、Ingress 等),而是通过一个更高层次的视角来看待应用。在 Rainbond 中,应用被视为一个整体,用户只需关注应用的状态、依赖和版本,而底层的网络配置、存储管理等复杂操作由平台自动处理。 + +通过这种方式,Rainbond 大大降低了用户的学习成本,特别适合那些没有精通 Kubernetes 的开发者或团队。 + +### 2. 以应用为中心 + +Rainbond 强调“以应用为中心”,这意味着平台的所有功能和设计都是围绕着应用展开的。无论是应用的创建、部署、扩展还是监控,用户看到的都是应用的整体表现,而不是底层的集群或节点细节。 + +用户可以通过 Rainbond 的图形界面,轻松查看和管理所有应用的状态、日志、依赖关系等信息,所有操作都直观易懂。Rainbond 提供了一个“一键部署”的功能,开发者可以从代码库中直接部署应用,自动生成相应的容器和资源配置,并完成应用的上线工作。 + +![](https://static.goodrain.com/wechat/what-is-rainbond/1.png) + +_上图展示了 Rainbond 的应用管理界面,用户可以通过直观的界面管理和监控应用的运行状态。_ + +## 应用级抽象和以应用为中心是技术趋势 + +云原生应用的发展正逐渐走向“以应用为中心”的技术趋势。在传统的基础设施管理中,开发者和运维人员需要分别关注底层基础设施和应用,这不仅导致了责任的分离,还增加了沟通和协作的成本。而应用级抽象则将基础设施管理与应用管理融合在一起,让开发者和运维团队能够在同一平台上协作,统一管理应用的生命周期。 + +随着微服务、DevOps 和容器化技术的普及,应用的复杂性日益增加。而通过应用级抽象,平台可以自动处理底层资源和服务的协调工作,开发者可以更专注于应用的业务逻辑,这种趋势已经成为各大云原生平台的共识。 + +以应用为中心的设计理念,不仅能减少开发人员的运维负担,还能提升应用的开发和部署效率。这种趋势在 Kubernetes 社区也有体现,例如 Open Application Model (OAM) 这样的项目,都是围绕应用级抽象展开的。而 Rainbond 通过进一步简化 Kubernetes 的复杂性,成为了这一趋势的领先者之一。 + +## 总结 + +Rainbond 的出现,为希望享受云原生技术优势但不愿深陷 Kubernetes 复杂性的用户提供了一条捷径。通过应用级抽象和以应用为中心的设计,Rainbond 不仅降低了 Kubernetes 的门槛,还提供了强大的自动化运维和低代码/无代码开发能力。 + +在未来,随着更多企业和开发团队采用云原生技术,Rainbond 这种简化操作、提升效率的云原生应用管理平台,必将在市场中占据重要地位。Rainbond 让开发者专注于应用,让复杂的技术背景成为过去,从而推动整个行业向着更高效、更智能的方向发展。 diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-09-25-whatrainbond-2.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-09-25-whatrainbond-2.md new file mode 100644 index 0000000000..99a92db3bb --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-09-25-whatrainbond-2.md @@ -0,0 +1,57 @@ +--- +title: Developer's professor:Rainbond empowers your product innovation +description: In today's rapidly changing technological environment, the challenges for ordinary developers are growing.Both in small start-ups and in large enterprises, developers are forced to face complex transport tasks, complex environmental configurations, and rapid iterations of technology.These problems not only consume the time and energy of developers, but also limit their focus on the business itself.In order to address these pain, Rainbond was born and provided a friendly and efficient solution for ordinary developers. +slug: whatrainbond-2 +--- + +In today's rapidly changing technological environment, the challenges for ordinary developers are growing.Both in small start-ups and in large enterprises, developers are forced to face complex transport tasks, complex environmental configurations, and rapid iterations of technology.These problems not only consume the time and energy of developers, but also limit their focus on the business itself.In order to address these pain, Rainbond was born and provided a friendly and efficient solution for ordinary developers. + + + +## 面对的挑战:开发者的困境 + +普通开发者往往需要处理多个角色,既要编写代码,又要管理环境配置,甚至涉及到运维工作。这种情况常常导致以下几个问题: + +### 高依赖性 + +开发者需要依赖运维团队来搭建和维护开发环境,这种依赖关系往往造成沟通上的低效。在项目进度中,开发者常常因为一些小问题而被迫等待运维团队的支持,导致项目拖延。这种情况不仅影响了开发者的士气,还可能导致业务机会的流失。 + +### 学习负担 + +为了能够独立完成开发任务,开发者不得不花费大量时间学习 Linux、容器、K8s 等底层技术。这不仅降低了他们的工作效率,也让他们对核心业务的关注度降低。大量的时间被用来学习运维技能,而不是进行产品创新和用户体验的提升。 + +### 成本问题 + +小型团队常常缺乏足够的资源来雇佣专业的运维工程师。面对复杂的运维需求,团队成员不得不分散精力,投入更多时间在运维工作上,这增加了开发成本和时间风险,甚至影响了团队的核心竞争力。 + +## Rainbond 的价值:赋能开发者 + +Rainbond 的设计理念是简化开发和运维的过程,让普通开发者能够更专注于业务本身。以下是 Rainbond 如何解决这些问题的几个关键点: + +### 一站式解决方案 + +Rainbond 将底层技术进行了有效的封装,开发者只需简单的安装步骤,即可快速搭建开发环境。无论是数据库、缓存还是服务部署,Rainbond 提供了清晰的界面和友好的向导,让开发者能够在几分钟内完成配置,显著提高工作效率。 + +### 自动化运维 + +通过 Rainbond,运维工作实现了高度自动化。开发者在进行产品上线和环境配置时,系统会自动处理资源分配、负载均衡、故障恢复等任务。这种自动化不仅减少了人为错误的发生,也大大节省了开发者的时间,使他们能将精力集中在产品的核心功能和用户体验上。 + +### 降低学习成本 + +Rainbond 提供了直观的用户界面和简化的操作流程,使即便是没有运维背景的开发者也能快速上手。通过详细的文档和社区支持,开发者可以在短时间内掌握必要的技能,专注于业务需求,迅速提升工作效率。 + +### 支持快速迭代 + +在产品开发过程中,快速迭代是至关重要的。Rainbond 支持多版本管理和快速部署,开发者可以轻松进行版本切换和功能测试,及时响应市场需求。通过这种灵活性,团队能够更快地推出新功能,提高产品的竞争力。 + +## 实践案例:如何用 Rainbond 实现成功 + +许多团队已经通过 Rainbond 取得了显著的成果。例如,一家初创公司使用 Rainbond,在没有专门的运维工程师的情况下,开发团队的工作效率提升了1倍多,项目上线时间缩短了50%。他们能够更快地响应用户反馈,持续改进产品,而不再被繁琐的运维任务所困扰。 + +此外,还有一家中型企业在 Rainbond 的帮助下,实现了从传统部署到云原生架构的转型。团队成员表示,使用 Rainbond 后,他们的工作满意度明显提高,团队的创新能力得到了提升。 + +## 结语:拥抱自主开发的未来 + +在一个日益复杂的技术世界中,普通开发者不应再被繁杂的运维任务所束缚。Rainbond 的出现,为他们提供了一个实现自主开发的可能。通过简化流程、自动化管理和降低学习成本,Rainbond 不仅让开发者能够专注于核心业务,还为小型团队节省了成本,提高了效率。 + +无论你是初学者还是有经验的开发者,现在正是拥抱 Rainbond 的最佳时机。释放你的创造力,专注于构建更好的产品,真正实现产品开发的自主驾驭。选择 Rainbond,让我们一起迎接更加高效、灵活的开发未来! diff --git a/i18n/en/docusaurus-plugin-content-blog/2024/2024-10-18-industryecology.md b/i18n/en/docusaurus-plugin-content-blog/2024/2024-10-18-industryecology.md new file mode 100644 index 0000000000..a8ad1b4535 --- /dev/null +++ b/i18n/en/docusaurus-plugin-content-blog/2024/2024-10-18-industryecology.md @@ -0,0 +1,96 @@ +--- +title: 构建行业应用生态:云原生应用市场简化企业软件安装 +description: 在移动互联网时代,手机应用市场(App Store)为大众带来了极大的便利:通过简单的点击,用户便能轻松安装、升级并管理各种应用。然而,企业级软件的安装和管理却远没有那么轻松。复杂的架构、高度的定制化需求以及多种环境的兼容性问题,意味着企业在软件安装和维护上投入了大量的人力和资源。为了解决这些问题,一个基于云原生技术的企业级应用市场应运而生,旨在为行业集成商和大型企业提供一个像手机App Store一样高效便捷的平台,用以建设行业应用生态。 +slug: industryecology +--- + +在移动互联网时代,手机应用市场(App Store)为大众带来了极大的便利:通过简单的点击,用户便能轻松安装、升级并管理各种应用。然而,企业级软件的安装和管理却远没有那么轻松。复杂的架构、高度的定制化需求以及多种环境的兼容性问题,意味着企业在软件安装和维护上投入了大量的人力和资源。为了解决这些问题,一个基于云原生技术的企业级应用市场应运而生,旨在为行业集成商和大型企业提供一个像手机App Store一样高效便捷的平台,用以建设行业应用生态。 + + + +## 企业应用现状与挑战 + +对于企业级软件而言,传统的交付与管理方式存在诸多挑战: + +1. **安装复杂**:企业级软件的架构复杂,配置过程繁琐,且对可用性要求极高。一般情况下,企业内部需要一支专业的运维团队来保证这些软件的正常运行。这不仅增加了企业的运维成本,还降低了效率。 +2. **交付效率低**:传统的企业级软件交付模式通常涉及大量人工操作,交付周期长且复杂,尤其是在不同客户环境存在差异的情况下,部署、升级和维护都非常困难。 +3. **应用兼容性差**:由于缺乏统一的标准和规范,不同供应商开发的应用难以无缝集成,应用之间的互操作性较差,导致系统维护成本高,扩展性差。 +4. **技术资源分散**:企业在业务发展中需要整合多种技术组件、业务流程、算法和运维能力。然而,这些资源往往分散在不同的供应商中,缺乏一个集中的平台来进行整合和复用。 +5. **缺乏远程管理和个性化支持**:企业客户在软件使用过程中,常常需要灵活的远程管理和定制支持,传统的系统升级和功能调整大多依赖现场操作,效率低下。 +6. **生态缺乏协作性**:在传统的企业应用市场中,参与者之间的协作较少,资源整合效率低,供应商难以通过统一的平台推广、销售和更新应用。 + +## Rainstore如何改变现状? + +[Rainstore](https://rainbond.com/marketplace)作为一个高效的企业级应用市场,专为解决这些挑战而设计。它不仅简化了企业软件的安装和管理,还通过构建一个开放、协作的行业生态系统,帮助行业集成商和大型企业更好地服务他们的客户。 + +##### 1. 简化企业级软件的安装和管理 + +Rainstore通过标准化安装流程,大幅减少了企业软件安装的复杂度。借助云原生技术,企业可以像安装手机应用一样,便捷地完成企业软件的安装、配置、升级和管理。这大幅减少了对专业运维团队的依赖,让软件的管理更加高效和灵活。 + +##### 2. 提升应用交付效率 + +传统企业软件的交付过程通常冗长且复杂,Rainstore通过云原生技术支持应用的一键交付和远程定制,显著缩短了交付周期。供应商可以在Rainstore平台上发布、销售和更新他们的应用,而集成商则可以便捷地管理这些应用,快速交付到最终客户手中。 + +##### 3. 提高应用的兼容性与扩展性 + +通过制定统一的云原生应用规范,Rainstore确保不同供应商开发的应用能够无缝集成和互操作,降低了开发和维护成本。这为企业提供了更高的灵活性,使其能够根据自身需求灵活扩展应用功能。 + +##### 4. 支持远程管理和个性化定制 + +Rainstore平台支持远程管理,客户能够通过远程方式统一管理、运维和定制应用,减少现场操作,提高运维效率。这种灵活的管理方式帮助企业在维护和故障处理上显著提高了效率。 + +##### 5. 构建开放的行业应用生态 + +Rainstore不仅是一个应用市场,更是一个开放的行业应用生态。它通过集成上游供应商和能力提供商,帮助企业构建多方协作的生态系统。供应商可以通过平台自助上架和销售应用,而集成商则可以高效整合资源,服务最终客户。最终,这些参与者通过Rainstore形成一个良性循环的生态体系,共同推动行业的数字化转型。 + +## Rainstore的行业应用生态建设 + +![](https://static.goodrain.com/marketplace/%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88/%E8%A1%8C%E4%B8%9A%E7%94%9F%E6%80%81/AvFCZsGn32oaQMqApy7sB0slLUVSaTvXLKSoy5ybJlA%3D.png) + +Rainstore的行业应用生态建设可以分为以下几个关键步骤: + +##### 1. 定义行业生态规则 + +行业应用生态与消费级应用生态(如手机App Store)有着本质区别。Rainstore强调全开放和自助式的服务,集成上游各种能力供应商,通过市场化运营,满足最终用户的多样化需求。这意味着生态中的每个参与者都能通过平台获得所需资源,并自由进行交易和合作。 + +##### 2. 云原生应用规范的制定 + +云原生应用规范是构建行业应用生态的核心。通过统一的应用、服务、API等技术规范,Rainstore平台整合了行业应用资源,实现平台化运营。这不仅提高了应用的兼容性和可扩展性,还降低了开发和维护成本。 + +##### 3. 提高交付效率与一体化平台建设 + +Rainstore通过一体化的平台,贯穿应用开发、测试、销售、交付、运维的全流程。平台不仅支持应用的一键交付,还提供远程定制和持续运维,使客户能够远程统一管理应用,大大简化了应用的生命周期管理。 + +##### 4. 应用市场的运营与展示 + +Rainstore中的应用市场为供应商提供了一个展示和推广其应用的平台。供应商可以将开发的应用发布到市场中,并根据用户的需求不断更新迭代。同时,Rainstore平台集成商可以对上架应用进行审核,评判是否满足应用上架规范,确保最终用户获得高质量的应用体验。 + +##### 5. 面向最终客户的高效交付 + +Rainstore为最终客户提供了多种应用交付方式,支持用户自助购买并自动部署应用,也支持线下采购合同签订后由管理员通过后台进行交付。这种灵活的交付方式不仅提升了效率,还显著降低了企业的运维成本。 + +## Rainstore产品截图展示 + +为了更好地展示Rainstore的功能与用户界面,以下是一些关键功能的截图: + +##### 1. 应用市场首页 + +聚合展示应用列表,并支持分类、排序、搜索等功能 + +![](https://static.goodrain.com/marketplace/%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88/%E8%A1%8C%E4%B8%9A%E7%94%9F%E6%80%81/8v6UUVEKkDx_ucgAcq3UeSSZ_4Wz0SvvgQt0_Pxczfs%3D.webp) + +##### 2. 应用上架和管理 + +展示应用上架和下架功能,同时管理应用分类和应用详情。 + +![](https://static.goodrain.com/marketplace/%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88/%E8%A1%8C%E4%B8%9A%E7%94%9F%E6%80%81/c1tmTg43g9-g2G4J2DZZIPXcAhNd-6chF_BJBC18fus%3D.webp) + +##### 3. 应用交付管理 + +监控和管理已经交付的应用,还能实时监测应用运行情况。 + +![](https://static.goodrain.com/marketplace/%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88/%E8%A1%8C%E4%B8%9A%E7%94%9F%E6%80%81/6MpMBVgiA2oJoiPZD7gY_seFo-vLyjnd-ZisiO8ptJM%3D.png) + +## 结语 + +[Rainstore](https://rainbond.com/marketplace) 通过整合上游资源、高效交付最终客户,并持续优化反馈,构建了一个良性循环的行业应用生态系统。通过Rainstore,行业集成商和大型企业能够极大简化企业级软件的安装和管理过程,提升交付效率,降低运营成本。同时,Rainstore通过构建开放的行业应用生态,帮助企业更好地整合资源,满足最终用户的多样化需求,为企业数字化转型提供了强有力的支持。 diff --git a/i18n/en/docusaurus-plugin-content-blog/authors.yml b/i18n/en/docusaurus-plugin-content-blog/authors.yml index 4ea029a8bf..cad7608707 100644 --- a/i18n/en/docusaurus-plugin-content-blog/authors.yml +++ b/i18n/en/docusaurus-plugin-content-blog/authors.yml @@ -2,5 +2,5 @@ QiZhang: name: Qi Zhang title: Goodrain Engineer url: https://github.com/zzzhangqi - image_url: https://avatars.githubusercontent.com/u/39754275?s=400&u=9ad589fad455dbb311b9429e86bc5c707913ff21&v=4 + image_url: https://avatars.githubusercontent.com/u/39754275?s=400&u=9ad589fad45dbb311b9429e86bc5c707913ff21&v=4 email: zhangqi@smallq.cn diff --git a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/app-share/index.md b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/app-share/index.md index 8c8342029f..298d9a2119 100644 --- a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/app-share/index.md +++ b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/app-share/index.md @@ -1,5 +1,5 @@ --- -title: 'Application Contribution' +title: Application Contribution description: Contribute open source apps to the Rainbond open source app store --- @@ -11,5 +11,5 @@ If you don't know how to share open source apps to the Rainbond open source app ## Application Requirements -* The application can be used after one-click installation. -* The application should have a description, introducing the application introduction, how to use it, etc., and you can also cite the article. \ No newline at end of file +- App can be used to meet one click installation. +- The application should have a description, introducing the application introduction, how to use it, etc., and you can also cite the article. diff --git a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/console.md b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/console.md index db60e81df9..6e626eef21 100644 --- a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/console.md +++ b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/console.md @@ -35,7 +35,7 @@ git clone https://github.com/goodrain/rainbond-console.git (2) Compile the project -`VERSION` specifies the tag of the built image. Since the image of the front-end code is the base image, this place should be consistent with the tag of the front-end project.Please use the following commands to compile the front-end and back-end code together to form the final allinone image that can be run directly. +`VERSION` specifies the tag of the built image. Since the image of the front-end code is the base image, this place should be consistent with the tag of the front-end project.Please use the following commands to compile the front-end and back-end code together to form the final allinone image that can be run directly.Use the command below to compile the pre- and back-end code together to form an allinone mirror that can eventually be directly running. ``` VERSION=v5.5.0-release ./release.sh allinone @@ -43,7 +43,7 @@ VERSION=v5.5.0-release ./release.sh allinone ### Run the business layer image -After compiling the allinone image, you can refer to the following command, replace the image name in the last line with the image name you packaged, and run the image. +When compiling the allinone mirror, you can use the command below to replace the last line of mirror name with the one you packed. ```bash docker run -d -p 7070:7070 \ diff --git a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/index.md b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/index.md index 702f6691de..893cfdfc47 100644 --- a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/index.md +++ b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/index.md @@ -5,18 +5,18 @@ description: Rainbond Project Introduction ## Introduction to Rainbond related projects -Rainbond mainly consists of the following three projects.Click to view[](/docs/quick-start/architecture) +Rainbond mainly consists of the following three projects.Click to viewClick to view[技术架构](/docs/quick-start/archive) - + -[Rainbond-UI](https://github.com/goodrain/rainbond-ui) -[Rainbond-Console](https://github.com/goodrain/rainbond-console) +[Rainbond-UI](https://github.com/goodrain/rainbond-ui)\ +[Rainbond-Console](https://github.com/foodrain/rainbond-console) -* Rainbond-UI and Rainbond-Console together form the business layer.The business layer is a front-end and back-end separation model.UI is the front-end code of the business layer, and Console is the back-end code of the business layer. +- Rainbond-UI and Rainbond-Console together form the business layer.The business layer is a front-end and back-end separation model.UI is the front-end code of the business layer, and Console is the back-end code of the business layer.The business layer is a separation mode before and after the end.UI is the front end code of the business layer. Console is the backend code of the business layer. [Rainbond](https://github.com/goodrain/rainbond-console) -* Rainbond is the implementation of the data center side of the platform, which mainly interacts with the Kubernetes cluster. +- Rainbond is the implementation of the data center side of the platform, which mainly interacts with the Kubernetes cluster. ## Learn about source code compilation for the Rainbond project @@ -25,4 +25,4 @@ import DocCardList from '@theme/DocCardList'; import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; -``` \ No newline at end of file +``` diff --git a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/region.md b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/region.md index 19b5e8ffbb..27c9c42c89 100644 --- a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/region.md +++ b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/compile/region.md @@ -13,20 +13,19 @@ Single-component compilation is very important in the actual development process Single component compilation supports the following components: -| components | illustrate | -| --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| chaos | The chaos component corresponds to the Rainbond application construction service, which mainly deals with the CI process. The input source includes `source code` or `Docker image` or `application market application` for parsing, compiling, packaging, and finally generating the version medium of the application (component). | -| api | The api component corresponds to the Rainbond data center API service. As the abstract core control service at the data center level, the API service provides Restful-style API services to the outside world, and is the only entry for data center control requests. | -| gateway | The gateway component corresponds to the Rainbond application gateway service. The application gateway is the only entry for external traffic to enter the internal components of the Rainbond tenant, providing HTTP, HTTPs routing, TCP/UDP services, load balancer, advanced routing (A/B testing, grayscale publishing), Features such as virtual IP support. | -| monitor | The monitor component corresponds to the Rainbond monitoring service. Rainbond encapsulates the Monitor component based on Prometheus. By automatically discovering various monitoring objects of applications, clusters, and cluster node services from etcd and Kubernetes clusters, and completing the configuration of Prometheus monitoring targets, the monitoring targets are included in the scope of Prometheus monitoring. . | -| mq | The mq component corresponds to the Rainbond message middleware service. The MQ component is a lightweight distributed message middleware with message persistence and global consistency based on Etcd.This component maintains asynchronous task messages and provides multi-topic message publishing and subscription capabilities. | -| webcli | The webcli component corresponds to the Rainbond application web terminal control service, which implements the function of connecting to the container console through the web.This component communicates with the UI through WebSocket. Users can send various shell commands by simulating the web terminal. The webcli executes commands in the container through the exec method provided by kube-apiserver and returns the results to the web terminal. | -| worker | The worker component corresponds to the Rainbond application runtime control service. The application runtime control service instantiates the Rainbond-Application Model and converts it into a Kubernetes resource model. It is associated with various resources required for application running, and completes the running state part of the application life cycle. It is understandable For the CD control service, the design of the service is to support the life cycle supervision of a large number of applications. | -| eventlog | The eventlog component corresponds to the Rainbond event and log processing service, and mainly handles user asynchronous operation logs, application construction logs and application running logs. | -| mesh-data-panel | The mesh-data-panel component handles dependencies between components. | -| grctl | The grctl component provides command-line tools for querying information about components in the cluster. | -| node | The node component corresponds to the Rainbond cluster and node management service. The node component is the basic service of the Rainbond cluster. All nodes in the cluster need to run this component.Provides key capabilities such as node information collection, cluster service maintenance, application log collection, and application runtime support. | - +| components | illustrate | +| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| chaos | The chaos component corresponds to the Rainbond application construction service, which mainly deals with the CI process. The input source includes `source code` or `Docker image` or `application market application` for parsing, compiling, packaging, and finally generating the version medium of the application (component). | +| api | The api component corresponds to the Rainbond data center API service. As the abstract core control service at the data center level, the API service provides Restful-style API services to the outside world, and is the only entry for data center control requests. | +| gateway | The gateway component corresponds to the Rainbond application gateway service. The application gateway is the only entry for external traffic to enter the internal components of the Rainbond tenant, providing HTTP, HTTPs routing, TCP/UDP services, load balancer, advanced routing (A/B testing, grayscale publishing), Features such as virtual IP support. | +| Monitor | The monitor component corresponds to the Rainbond monitoring service. Rainbond encapsulates the Monitor component based on Prometheus. By automatically discovering various monitoring objects of applications, clusters, and cluster node services from etcd and Kubernetes clusters, and completing the configuration of Prometheus monitoring targets, the monitoring targets are included in the scope of Prometheus monitoring. . | +| mq | The mq component corresponds to the Rainbond message middleware service. The MQ component is a lightweight distributed message middleware with message persistence and global consistency based on Etcd.This component maintains asynchronous task messages and provides multi-topic message publishing and subscription capabilities.This component maintains asynchronous task messages, provides multi-topic message posting and subscription capabilities. | +| webcli | The webcli component corresponds to the Rainbond application web terminal control service, which implements the function of connecting to the container console through the web.This component communicates with the UI through WebSocket. Users can send various shell commands by simulating the web terminal. The webcli executes commands in the container through the exec method provided by kube-apiserver and returns the results to the web terminal.This component communicates WebSocket with UI. Users can use the simulation of Web Terminals to send shell commands and webcli to execute commands in the container using exec provided by kube-apisert. | +| walker | The worker component corresponds to the Rainbond application runtime control service. The application runtime control service instantiates the Rainbond-Application Model and converts it into a Kubernetes resource model. It is associated with various resources required for application running, and completes the running state part of the application life cycle. It is understandable For the CD control service, the design of the service is to support the life cycle supervision of a large number of applications. | +| eventlog | The eventlog component corresponds to the Rainbond event and log processing service, and mainly handles user asynchronous operation logs, application construction logs and application running logs. | +| mesh-data-panel | The mesh-data-panel component handles dependencies between components. | +| grctl | The grctl component provides command-line tools for querying information about components in the cluster. | +| node | The node component corresponds to the Rainbond cluster and node management service. The node component is the basic service of the Rainbond cluster. All nodes in the cluster need to run this component.Provides key capabilities such as node information collection, cluster service maintenance, application log collection, and application runtime support.Provides key capabilities for nodal information gathering, cluster service maintenance, application log gathering, app running support, etc. | ## The compilation method is as follows: @@ -44,7 +43,7 @@ git clone https://github.com/goodrain/rainbond.git ## The complete installation package is packaged and compiled -Compiling the complete installation package is suitable for regenerating the installation package after changing a lot of source code.Execute in the main directory of the rainbond code +Compiling the complete installation package is suitable for regenerating the installation package after changing a lot of source code.Execute in the main directory of the rainbond codeExecute in rainbond code home directory ``` ./release.sh all @@ -61,9 +60,9 @@ Since the data center is deployed on the Kubernetes cluster, you need to meet th ### run image -The components on the data center side of Rainbond are all defined by the CRD resource rbdcomponent.Therefore, when you compile the image of a component and need to run it, you need to modify the rbdcomponent resource. +The components on the data center side of Rainbond are all defined by the CRD resource rbdcomponent.Therefore, when you compile the image of a component and need to run it, you need to modify the rbdcomponent resource.So when you compile a mirror of a component that needs to be running, you need to modify the rbdcomponent resource. -Still take the chaos component as an example.Suppose your compiled chaos image is named +Still take the chaos component as an example.Suppose your compiled chaos image is namedAssume your compiled chaos mirror is named ```Bash rainbond/rbd-chaos:v5.5.0-release @@ -74,18 +73,18 @@ Then you need to do the following in order to replace the component images in yo (1) Edit the corresponding rbdcomponent file ```Bash -kubectl edit rbdcomponent rbd-chaos -n rbd-system +kubtl edit rbdcomponent rbd-chaos -n rbd-system ``` (2) Find the mirror address column and modify it to your mirror, such as ```Bash image: rainbond/rbd-chaos:v5.5.0-release -imagePolicy: IfNotPresent +imagPolicy: IfNotPresent ``` -(3) Save and exit, execute the following command at this time, you should see that the corresponding component is being updated.Just wait for the pod to update. +(3) Save and exit, execute the following command at this time, you should see that the corresponding component is being updated.Just wait for the pod to update.Wait until the pod update is complete. ```Bash -kubectl get po -n rbd-system +kubtl get po -n rbd-system ``` diff --git a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/document/index.md b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/document/index.md index 0c10aaf4d3..571251bdda 100644 --- a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/document/index.md +++ b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/document/index.md @@ -38,7 +38,7 @@ $ yarn install ### local start ```bash -$ yarn start +$yarn start ``` will automatically open http://localhost:3000/ in your browser @@ -48,47 +48,41 @@ will automatically open http://localhost:3000/ in your browser Use the following command to simulate a production test launch locally ```bash -$ yarn serve --build . +$yarn serve --build ``` - - ## Participate and contribute The old version of the documentation is no longer maintained, only the Current version is maintained. Fork the [Rainbond-docs](https://github.com/goodrain/rainbond-docs.git) repository to your own repository, modify the document and submit it to your own repository, submit a Pull Request to [Rainbond-docs](https://github.com/goodrain/rainbond-docs.git) - - ### Content requirements -The documents in Rainbond are divided into **conceptual documents** **operational guidance documents** and **best practice documents** different document types.When writing a document, please specify the type of document, and determine the content of the article according to the effect that different types need to achieve. - - +Rainbond Chinese documents are divided into **Conceptual Documents**\*\* **Operate Guidance Documents** and **Best Practice Documents** different document types.The documents in Rainbond are divided into **conceptual documents** **operational guidance documents** and **best practice documents** different document types.When writing a document, please specify the type of document, and determine the content of the article according to the effect that different types need to achieve. ### Typesetting requirements -* Chinese and English must be separated by spaces, and they can also be wrapped in backticks `` +- Chinese and English must be separated by spaces, and they can also be wrapped in backticks \`\` For example:I deploy xxx on Rainbond, I deploy xxx on `Rainbond` -* The word Rainbond appears in the document, and the R must be uppercase. +- The word Rainbond appears in the document, and the R must be uppercase. -* The title is preferably 1 2 3 4, and the fifth or sixth title should be avoided as much as possible. If there is too much content, it can be added. +- The title is preferably 1 2 3 4, and the fifth or sixth title should be avoided as much as possible. If there is too much content, it can be added. -* The name of the title should be clear at a glance +- The name of the title should be clear at a glance -* The imported image format is as follows +- The imported image format is as follows ```html - ![API架构](https://grstatic.oss-cn-shanghai.aliyuncs.com/images/5.1/images/api.png) + ![API架构](https://static.goodrain.com/images/5.1/images/api.png) - + ``` -* The citation format for the link is as follows +- The citation format for the link is as follows 1. Refer to other documents in the document to use relative paths, refer to [docusaurus document](https://docusaurus.io/zh-CN/docs/markdown-features/assets) 2. Referring to external links must include http or https @@ -100,18 +94,17 @@ The documents in Rainbond are divided into **conceptual documents** **operationa ``` -* The imported video formats are as follows +- The imported video formats are as follows ```html - import Bvideo from "@site/src/components/Bvideo"; + import Bvideo from @site/src/components/Bvideo"; ``` -* Use of Code Blocks Reference [Docusaurus Code Block](https://docusaurus.io/zh-CN/docs/markdown-features/code-blocks) +- Use of Code Blocks Reference [Docusaurus Code Block](https://docusaurus.io/zh-CN/docs/markdown-features/code-blocks) -* Documents contain "Instructions to users" to use [Docusaurus Notice](https://docusaurus.io/zh-CN/docs/markdown-features/admonitions) +- Documents contain "Instructions to users" to use [Docusaurus Notice](https://docusaurus.io/zh-CN/docs/markdown-features/admonitions) ### Add MD file If you need to add new files, add them to the corresponding directory in the `docs/` directory, and fill in the new file names in `sidebars.js` in order, please refer to [Docusaurus Sidebar](https://docusaurus.io/zh-CN/docs/sidebar). - diff --git a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/index.md b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/index.md index 0c40225232..99943f83ad 100644 --- a/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/index.md +++ b/i18n/en/docusaurus-plugin-content-docs-community/current/contribution/index.md @@ -1,17 +1,16 @@ --- -title: 'Contribution Guidelines' -description: 'Guide you to contribute to Rainbond' +title: Contribution Guidelines +description: Guide you to contribute to Rainbond --- ## Contribute to Rainbond -Rainbond is a cloud-native application management platform that is easy to use and does not require knowledge of containers, Kubernetes and the underlying complex technologies. It supports managing multiple Kubernetes clusters and managing the entire lifecycle of enterprise applications.The main functions include application development environment, application market, microservice architecture, application delivery, application operation and maintenance, application-level multi-cloud management, etc. +Rainbond is a cloud-native application management platform that is easy to use and does not require knowledge of containers, Kubernetes and the underlying complex technologies. It supports managing multiple Kubernetes clusters and managing the entire lifecycle of enterprise applications.The main functions include application development environment, application market, microservice architecture, application delivery, application operation and maintenance, application-level multi-cloud management, etc.The main functions include the application development environment, the application market, the micro-service architecture, the application delivery, the application workload, and the application of cloud management. If you're interested in contributing to Rainbond, hopefully this documentation will make your contribution process easier, faster, and more efficient. If you're new to open source contributing, check out the [Open Source Guides](https://opensource.guide/) website, which provides some open source contributing guides, a collection of resources for people, communities, and companies who want to learn how to contribute to open source projects. - ## CODE_OF_CONDUCT Rainbond expects project participants to abide by the Code of Conduct, please read [CODE_OF_CONDUCT](https://github.com/goodrain/rainbond/blob/main/CODE_OF_CONDUCT.md). @@ -20,19 +19,19 @@ Rainbond expects project participants to abide by the Code of Conduct, please re There are many ways to contribute to:, not just code contributions0 -* Deal with unresolved [issues](https://github.com/goodrain/rainbond/issues)and put forward your solution ideas. -* Feedback bugs.When you find a bug, please use [issues](https://github.com/goodrain/rainbond/issues) to report and discuss. -* Propose new features.When you want to propose a new feature, please use [issues](https://github.com/goodrain/rainbond/issues) to report and discuss. -* [code contribution](/community/contribution/compile/) -* [Documentation Contribution](/community/contribution/document/) -* [Contribute open source applications](/community/contribution/app-share/)to Rainbond App Store -* [Contribute open source plugins](/community/contribution/plugin/)to the Rainbond app store +- Deal with unresolved [issues](https://github.com/goodrain/rainbond/issues)and put forward your solution ideas. +- Feedback Bug.Feedback bugs.When you find a bug, please use [issues](https://github.com/goodrain/rainbond/issues) to report and discuss. +- New feature.Propose new features.When you want to propose a new feature, please use [issues](https://github.com/goodrain/rainbond/issues) to report and discuss. +- [code contribution](/community/contribution/compile/) +- [Documentation Contribution](/community/contribution/document/) +- [Contribute open source applications](/community/contribution/app-share/)to Rainbond App Store +- [Contribute open source plugins](/community/contribution/plugin/)to the Rainbond app store Contributions are very welcome. If you think your contribution needs help, please add[small assistants to WeChat](/community/support)to contact us, and Rainbond TOC members will help you continue to contribute. ## Git Commit Specification -We refer to [Angular Specification](https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#commits), and try to provide clearer historical information to facilitate the judgment of the purpose of submission and browsing.Each commit message contains a header, body and footer.The header has a special format with type, scope and subject: +We refer to [Angular Specification](https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#commits), and try to provide clearer historical information to facilitate the judgment of the purpose of submission and browsing.Each commit message contains a header, body and footer.The header has a special format with type, scope and subject:There should be a blank line between header, body, and footer. The header is required, and the scope is optional.The text of each line of the commit message cannot exceed 72 characters.This makes it easier to read on github and git tools.header has a special format package containing type, scope and subject: ``` (): @@ -42,7 +41,7 @@ We refer to [Angular Specification](https://github.com/angular/angular.js/blob/m