Stack Lifecycle Deployment
v3.6.2
OpenSource解决方案定义和管理所用资源的完整生命周期,并提供为云!
探索文档»
SLD有助于加速部署,加权和使IAAC重复使用,生成动态形式并使用相同的代码在每个环境中维护不同的变量。使用SLD,您可以安排基础架构部署,例如破坏,通过角色管理用户,并通过小队和环境单独管理堆栈
主要功能:
SLD是使用Terrafrom代码的简便方法!
您需要Docker和Docker-Compse或ank(推荐)。
克隆SLD仓库
git clone https://github.com/D10S0VSkY-OSS/Stack-Lifecycle-Deployment.git在K8中部署SLD
cd Stack-Lifecycle-Deployment/play-with-sld/kubernetes
sh kplay.sh start结果:
Starting SLD for play
Creating cluster " kind " ...
✓ Ensuring node image (kindest/node:v1.20.2) ?
✓ Preparing nodes ? ?
✓ Writing configuration
✓ Starting control-plane ?️
✓ Installing CNI ?
✓ Installing StorageClass ?
✓ Joining worker nodes ?
Set kubectl context to " kind-kind "
You can now use your cluster with:
kubectl cluster-info --context kind-kind创建初始用户
sh kplay.sh init结果:
kind ok
docker ok
kubectl ok
jq ok
curl ok
init SLD
# ################################################
# Now, you can play with SLD ?️ #
# ################################################
API: http://localhost:5000/docs
DASHBOARD: http://localhost:5000/
---------------------------------------------
username: admin
password: Password08@
---------------------------------------------
列表内注
sh kplay.sh list结果:
kind ok
docker ok
kubectl ok
List endpoints
API: http://localhost:8000/docs
DASHBOARD: http://localhost:5000/登录仪表板:
单击仪表板链接:
添加云帐户
用所需的数据填写表格。在我们的示例中,我们将使用
默认情况下,工人以squad1和squad2的身份运行,但您可以在需要时更改它并扩展
当您将帐户添加到提供商(AWS,GCP,Azure)创建一个小队时,必须为创建的小队的名称创建一个工人,如果您不这样做
最后添加:
添加Terraform模块或堆栈
支持的前缀:aws_,gcp_,azure_
您可以将用户和密码作为https:// username:[email protected]/aws_vpc for ssh,您可以将其作为部署的秘密传递给用户SLD
'*'=给予所有人,您可以允许访问一个或多个由逗号分隔的小队:squead1,squead2
https://releases.hashicorp.com/terraform/
部署您的第一个堆栈!!!
列出用于部署的堆栈
选择部署
SLD将基于堆栈变量生成动态表单,填写表单,然后按部署按钮
重要的!分配我们在添加帐户时先前创建的相同的小队和环境(请参阅添加云帐户)
现在,随着部署的进行,任务的状态将发生变化。
您可以控制实施生命周期
您可以销毁,重新实现SLD会保留旧值,也可以随意编辑这些值。
最后,您可以通过编程方式管理生命周期,处理基础架构的破坏 /创建,这是储蓄计划的好实践!!! 
SLD使用自己的远程后端,因此您无需在Terraform中配置任何后端。以下示例显示了后端配置
terraform {
backend "http" {
address = "http://remote-state:8080/terraform_state/aws_vpc-squad1-develop-vpc_core"
lock_address = "http://remote-state:8080/terraform_lock/aws_vpc-squad1-develop-vpc_core"
lock_method = "PUT"
unlock_address = "http://remote-state:8080/terraform_lock/aws_vpc-squad1-develop-vpc_core"
unlock_method = "DELETE"
}
}
目前,SLD支持MongoDB,S3和本地后端(仅用于测试目的)将MongoDB配置为后端,您必须将以下变量作为参数传递给遥控状态服务:
# docker-compose.yaml
environment:
SLD_STORE: mongodb
SLD_MONGODB_URL: "mongodb:27017/"
MONGODB_USER: admin
MONGODB_PASSWD: admin
# k8s yaml
env:
- name: SLD_STORE
value: mongodb
- name: SLD_MONGODB_URL
value: "mongodb:27017/"
- name: MONGODB_USER
value: admin
- name: MONGODB_PASSWD
value: admin
要配置S3,您可以通过AWS的访问和秘密键,如果SLD在AWS中运行,建议使用角色
env:
- name: SLD_STORE
value: "S3"
- name: SLD_BUCKET
value: "s3-sld-backend-cloud-tf-state"
- name: AWS_ACCESS_KEY
value: ""
- name: AWS_SECRET_ACCESS_KEY
value: ""
对于Azure Env,您需要设置下一个Env
env:
- name: SLD_STORE
value: azure
- name: AZURE_STORAGE_CONNECTION_STRING
value: "DefaultEndpointsProtocol=https;AccountName=<YOUR ACCOUNT>;AccountKey=<YOUR ACCESS KEY>;EndpointSuffix=core.windows.net"
请参阅Azure-Storage-Configure-Connection-string
对于Google云存储集:
SLD_STORE=gcp
export GOOGLE_APPLICATION_CREDENTIALS="/app/sld-gcp-credentials.json"
导入Google服务帐户密钥到K8S Secret
kubectl create secret generic gcp-storage --from-file=~/Downloads/storage.json
修改sld-remote-state.yml设置GCP存储云后端和安装秘密:
apiVersion: apps/v1
kind: Deployment
metadata:
name: remote-state
labels:
name: remote-state
spec:
replicas: 1
selector:
matchLabels:
name: remote-state
template:
metadata:
labels:
name: remote-state
spec:
subdomain: primary
containers:
- name: remote-state
image: d10s0vsky/sld-remote-state:latest
volumeMounts:
- name: gcp
mountPath: "/app/gcp"
readOnly: true
env:
- name: SLD_STORE
value: gcp
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/app/gcp/storage.json"
resources:
limits:
memory: 600Mi
cpu: 1
requests:
memory: 300Mi
cpu: 500m
imagePullPolicy: Always
command: ["python3", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8080", "--workers", "1"]
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /
port: 8080
httpHeaders:
- name: status
value: healthy
initialDelaySeconds: 60
periodSeconds: 60
volumes:
- name: gcp
secret:
secretName: gcp-storage
为了能够使用其他堆栈的输出,您可以按照以下方式进行配置,如下所示,alwwys与“任务名称”相同
| 堆栈名称 | 小队帐户 | env | 部署名称 |
|---|---|---|---|
| AWS_VPC | squead1 | 发展 | VPC_CORE |
data "terraform_remote_state" "vpc_core" {
backend = "http"
config = {
address = "http://remote-state:8080/terraform_state/aws_vpc-squad1-develop-vpc_core"
}
}
测试示例:
echo "data.terraform_remote_state.vpc_core.outputs"|terraform console
SLD的工人负责执行基础架构部署。您可以同时为每个帐户或几个帐户使用一个或多个工人。这完全取决于您考虑的并行性和隔离程度
# Example k8s worker for account squad1, change this for each of your accounts
# Stack-Lifecycle-Deployment/play-with-sld/kubernetes/k8s/sld-worker-squad1.yml
# Add replicas for increment paralelism
# Add more squad accounts if you want to group accounts in the same worker:
# command: ["celery", "--app", "tasks.celery_worker", "worker", "--loglevel=info", "-c", "1", "-E", "-Q", "squad1,"another_squad_account"]
apiVersion: apps/v1
kind: Deployment
metadata:
name: stack-deploy-worker-squad1
labels:
name: stack-deploy-worker-squad1
spec:
replicas: 1
selector:
matchLabels:
name: stack-deploy-worker-squad1
template:
metadata:
labels:
name: stack-deploy-worker-squad1
spec:
subdomain: primary
containers:
- name: stack-deploy-worker-squad1
image: d10s0vsky/sld-api:latest
imagePullPolicy: Always
env:
- name: TF_WARN_OUTPUT_ERRORS
value: "1"
resources:
limits:
memory: 600Mi
cpu: 1
requests:
memory: 300Mi
cpu: 500m
command: ["celery", "--app", "tasks.celery_worker", "worker", "--loglevel=info", "-c", "1", "-E", "-Q", "squad1"]
# Example docker-compose worker for account squad1, change this for each of your accounts
# Stack-Lifecycle-Deployment/play-with-sld/docker/docker-compose.yml
worker:
image: d10s0vsky/sld-api:latest
entrypoint: ["celery", "--app", "tasks.celery_worker", "worker", "--loglevel=info", "-c", "1", "-E", "-Q", "squad1"]
environment:
BROKER_USER: admin
BROKER_PASSWD: admin
depends_on:
- rabbit
- redis
- db
- remote-state
SLD具有三个预先配置的角色,以便用户轻松管理它。
| 角色 | 范围 | 描述 |
|---|---|---|
| 尤达 | 全球的 | 全球范围,可以看到所有小队,并且是完整的管理员 |
| darth_vader | 一个或多个小队 | 限制小队的范围,可以看到分配的小队,而您是这些小队的完整经理 |
| 突击队员 | 一个或多个小队 | 极限小队范围,可以看到分配的小队,并且只能部署分配的部署 |
| R2-D2 | 全部,一个或多个小队 | 此角色仅用于识别,必须与以前的角色相关联,其用例是针对访问API的机器人用户 |
贡献使开源社区成为一个令人惊叹的学习,启发和创造的地方。您所做的任何贡献都非常感谢。
git checkout -b feature/AmazingFeature )git commit -m 'Add some AmazingFeature' )git push origin feature/AmazingFeature )根据MIT许可分发。有关更多信息,请参见LICENSE 。
堆栈生命周期部署
