摘要：前言一直在思考部署應(yīng)用到的姿勢(shì)，之前介紹過，個(gè)人感覺把記錄數(shù)據(jù)放到中不是特別好?？梢詭椭惆踩馗聭?yīng)用。部署到中注意事項(xiàng)由于需要從倉庫中拉取代碼，所以會(huì)有一個(gè)的問題。注意文件并沒有一項(xiàng)。

一直在思考部署應(yīng)用到k8s的姿勢(shì)，之前介紹過helm，個(gè)人感覺helm把記錄數(shù)據(jù)放到k8s中不是特別好。最近發(fā)現(xiàn)了weave的flux項(xiàng)目(A tool for deploying container images to Kubernetes services)。

先上圖，大致看一下flux的理念。

1：flux可以和任意你喜歡的CI工具搭配比如：Drone,CircleCI,gitlabCI等。實(shí)際上flux做了CD的環(huán)節(jié)。

2：flux可以幫助你安全地更新應(yīng)用。一般會(huì)遇到更新過程出錯(cuò)的問題，在flux實(shí)現(xiàn)中，每個(gè)部署的應(yīng)用的yaml文件存儲(chǔ)在git倉庫里，所以每次更改都可以追蹤，所以也能精確回滾到任何一個(gè)歷史版本。這點(diǎn)我是覺得非常好的。當(dāng)應(yīng)用需要更新鏡像的時(shí)候，有以下幾個(gè)步驟：

Clone the repository

Find the deployment files that use the image in question (there may be more than one, since we have e.g., sidecar containers that use the same image)

Update a few fields in each file, in slightly different ways (e.g., put the image name in the template, and the tag part of the image name in a version label)

Commit and push the change back to Git

如果只是更新鏡像，其實(shí)有更簡(jiǎn)單的操作：

$ fluxctl release --service=sock-shop/front-end --update-all-images
Submitting release job...
Release job submitted, ID cc08f78c-0e66-24a9-9215-82c80cc646c3
Status: Complete.
Here"s what happened:
1. Submitted job.
2. Calculating release actions.
3. Release latest images to sock-shop/front-end
4. Clone the config repo.
5. Clone OK.
6. Update 1 images(s) in the resource definition file for sock-shop/front-end: front-end (weaveworksdemos/front-end:0.2.0 -> weaveworksdemos/front-end:7f511af2d21fd601b86b3bed7baa6adfa9c8c669).
7. Update pod controller OK.
8. Commit and push the config repo.
9. Pushed commit: Release latest images to sock-shop/front-end
10. Regrade 1 service(s): sock-shop/front-end.
Took 55.810622454s

此處會(huì)引出和drone結(jié)合的想法。這一點(diǎn)在總結(jié)里會(huì)詳細(xì)闡述。

3： flux很好解決了可視化的問題，通過幾個(gè)指令就能清楚知道正在發(fā)生的。flux有controller的概念。

$ fluxctl list-services --namespace=sock-shop
SERVICE                 CONTAINER   IMAGE                           RELEASE  POLICY
sock-shop/cart          cart        weaveworksdemos/cart:0.3.0                   
sock-shop/cart-db       cart-db     mongo                                        
sock-shop/catalogue     catalogue   weaveworksdemos/catalogue:0.2.0              
sock-shop/catalogue-db  catalogue-db  weaveworksdemos/catalogue-db:0.2.0         
sock-shop/front-end     front-end   weaveworksdemos/front-end:0.2.0              
sock-shop/orders        orders      weaveworksdemos/orders:0.3.0                 
sock-shop/orders-db     orders-db   mongo                                        
sock-shop/payment       payment     weaveworksdemos/payment:0.3.0                
sock-shop/queue-master  queue-master  weaveworksdemos/queue-master:0.3.0         
sock-shop/rabbitmq      rabbitmq    rabbitmq:3                                   
sock-shop/shipping      shipping    weaveworksdemos/shipping:0.3.0               
sock-shop/user          user        weaveworksdemos/user:0.3.0                   
sock-shop/user-db       user-db     weaveworksdemos/user-db:0.3.0

$ fluxctl list-images --service=sock-shop/front-end
SERVICE             CONTAINER  IMAGE                                  CREATED
sock-shop/front-end  front-end  weaveworksdemos/front-end                    
                     |   7f511af2d21fd601b86b3bed7baa6adfa9c8c669  18 Nov 16 16:00 UTC
                     |   latest                                    18 Nov 16 16:00 UTC
                     |   snapshot                                  18 Nov 16 16:00 UTC
                     |   16007ffffdd86b2ebb41d8880c53b77580cab13f02  18 Nov 16 11:23 UTC
                     |   a0eaf8c8ffc0b81c2199adaf7d67466891bb3205  17 Nov 16 10:22 UTC
                     |   1b664cc81d9cf25b213000686a9e8d6477ae1b06  16 Nov 16 20:31 UTC
                     |   ce1efe59c32d3c53344defdda4d5b643272022b8  16 Nov 16 20:29 UTC
                     |   4c33b216ae902ad89b9c3ca30a99a44833d16d5b  10 Nov 16 21:34 UTC
                     |   7015587783bc8f7a9c3d5cfa51e5a257fe188c4b  10 Nov 16 11:34 UTC
                     |   4d3ea2896c81e40a630d36cdc29ce740e7617016  10 Nov 16 11:30 UTC
                     :                                           
                     "-> 0.2.0                                     09 Nov 16 10:26 UTC

4：flux實(shí)際上可以做到完全自動(dòng)檢測(cè)git倉庫中yaml文件的變化以及registry中鏡像的更新，進(jìn)而自動(dòng)部署。
It is most useful when used as a deployment tool at the end of a Continuous Delivery pipeline. Flux will make sure that your new container images and config changes are propagated to the cluster。
大意就是，利用flux作為cd pipeline中最后一個(gè)環(huán)節(jié)，可以很好地解決鏡像更新或是yaml文件更新。

由于fluxd需要從git倉庫中拉取代碼，所以會(huì)有一個(gè)ssh key的問題。
注意flux-secret.yaml文件：

---
apiVersion: v1
kind: Secret
metadata:
  name: flux-git-deploy
type: Opaque

并沒有data一項(xiàng)。實(shí)際上，flux默認(rèn)會(huì)給我們生成一個(gè)key。

然后可以執(zhí)行

$ fluxctl identity
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1fndADrb1fp6a+7QusXMU9qI2CNodLyMR82/6Li8rAstUCMRI9SjThAAbzyIfuCX61YCjWGj6qHyPusmfOssErbs7+rs6Q3y0RrACZT7w4HTgODX4aXGMigVY+IztpDv+XYztTqLCwMVfsrQWvo/WrtbltCdjzTP3gR7nWriPzCks3KbEFZkk4bCISJzV19RBCQzJBlE6afOAreCCdhooy80zmWOmHqc+OVDbAVTOC5Bcht/EaHNXGCwcHijiNd0MPah6OKI+gG/eDB2OLixdhoNTzeEYN6vB5Y/wwNuH/m29y46EM6mfXuq6KkD+/YT9J0XiTx

就可以獲得到public key。這個(gè)時(shí)候復(fù)制到github 倉庫的 deploy key即可。

1：如何與drone結(jié)合？
首先我是認(rèn)可將yaml存儲(chǔ)在git倉庫中，做版本控制。
實(shí)際上flux類似于helm，分為fluxd和一個(gè)命令行工具fluxctl，fluxd相當(dāng)于server部署在k8s集群中。那么將fluxctl做成一個(gè)drone的插件。放在drone pipeline中最后一步。類似于現(xiàn)在很多helm插件的玩法。
這個(gè)插件只需要完成更新鏡像的功能即可。畢竟整個(gè)pipeline中，更新代碼到倉庫中觸發(fā)編譯，構(gòu)建，推送新鏡像到harbor，最終對(duì)于k8s集群，只需要應(yīng)用替換新的鏡像即可。所以不需要去監(jiān)聽registry這個(gè)功能。也不需要關(guān)注git中yaml的變化，拉取最新的即可。
具體實(shí)現(xiàn)思路：

將新的鏡像name和要更新的目標(biāo)，以及yaml文件路徑等作為drone插件的輸入?yún)?shù)

然后執(zhí)行下面的類似命令

$ fluxctl release --controller=default:deployment/helloworld --update-image=quay.io/weaveworks/helloworld:master-a000001
Submitting release ...
Commit pushed: 33ce4e3
Applied 33ce4e38048f4b787c583e64505485a13c8a7836
CONTROLLER                     STATUS   UPDATES
default:deployment/helloworld  success  helloworld: quay.io/weaveworks/helloworld:master-9a16ff945b9e -> master-a000001

$ fluxctl list-images --controller default:deployment/helloworld
CONTROLLER                     CONTAINER   IMAGE                          CREATED
default:deployment/helloworld  helloworld  quay.io/weaveworks/helloworld
                                           |   master-9a16ff945b9e        20 Jul 16 13:19 UTC
                                           |   master-b31c617a0fe3        20 Jul 16 13:19 UTC
                                           |   master-a000002             12 Jul 16 17:17 UTC
                                           "-> master-a000001             12 Jul 16 17:16 UTC
                               sidecar     quay.io/weaveworks/sidecar
                                           "-> master-a000002             23 Aug 16 10:05 UTC
                                               master-a000001             23 Aug 16 09:53 UTC

2：拋開drone，對(duì)于整個(gè)paas平臺(tái)。flux提供的自動(dòng)監(jiān)控registry和yaml git 倉庫的功能，也能豐富用戶的各種玩法。

3：接下來就是drone-flux插件。該插件是我實(shí)現(xiàn)本想法而實(shí)現(xiàn)的的一個(gè)插件。