winloong
3 years ago
8 changed files with 1143 additions and 0 deletions
@ -0,0 +1,223 @@ |
|||
|
|||
# 什么是灰度发布 |
|||
灰度发布又名金丝雀发布, |
|||
> 是指在黑与白之间,能够平滑过渡的一种发布方式。 在其上可以进行A/B testing,即让一部分用户继续用产品特性A,一部分用户开始用产品特性B,如果用户对B没有什么反对意见,那么逐步扩大范围,把所有用户都迁移到B上面来。–维基百科 |
|||
|
|||
假定线上版本为A, 需要发布的版本为B,通常是新版本。 |
|||
灰度发布可以让一定百分比的用户(比如10%)优先体验版本B,其余用户仍然使用版本A,并且慢慢扩大百分比,最终将所用用户迁移到版本B。 |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191023493.png) |
|||
|
|||
|
|||
# 为什么需要灰度发布 |
|||
随着微服务架构的普及,服务数量激增,版本更新频繁,如果缺少灰度的能力,容易对现有的生产运行业务造成影响,并且新上线的系统和功能也需要灰度的能力来验证可行性和效果,简而言之,无论是对于系统运行稳定安全还是对于验证业务效果,灰度发布/验证的能力都是现代软件架构所必须的。 |
|||
|
|||
灰度发布有一个隐藏的前提条件,线上资源远大于生产团队的规模; |
|||
以至于生产团队没有足够的资源来应付使用新版本后带来的问题,包括用户不习惯和数据量所带来的不适应和线上bug等等。 |
|||
|
|||
而灰度发布可以通过控制发布面积,让使用新版本的用户控制在生产团队可以应付的范围内;将可能出现问题的用户圈定在“部分”用户,这个部分的范围由生产团队评估得出。 |
|||
|
|||
我们通过灰度发布,将一部分经过筛选后的用户纳入测试范围,由生产团队和用户共同完成对新版本的验收;主要的目的是检验了用户对于新版本的接受度,规避了因为产品决策冒失、冒进所带来的风险。 |
|||
|
|||
# 问题 |
|||
## 用户标识 |
|||
用于区分用户,辅助数据统计,并且保证灰度发布过程中用户体验的连贯性(不要在新老版本中跳来跳去)。 |
|||
|
|||
## 目标用户的选取策略 |
|||
如何选取让哪些用户先行体验新版本,是让用户自己选择还是强制升级等。 |
|||
|
|||
## 数据 |
|||
如何能够获取新版本的指标数据 |
|||
|
|||
## 回滚策略 |
|||
新版本表现不佳,如何快速回滚到老版本。如果是app 回滚可能代价比较大。 |
|||
|
|||
|
|||
# 灰度策略 |
|||
## 按流量比例 |
|||
|
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191021433.png) |
|||
|
|||
基于流量就是设置流量权重,实现上最简单,但是流量不稳定,会使用户使用有割裂感。 |
|||
|
|||
## 按请求内容 |
|||
![[../Pasted image 20210604153710.png]] |
|||
这个分为两种:基于 cookie 和 请求 Header; |
|||
这种相对于前面一种就会相对复杂点,需要请求端设置 Header或cookie。这种用户体验会好很多,能够保证用户体验的连贯性。 |
|||
|
|||
|
|||
> 注意:金丝雀规则具有以下优先级: |
|||
|
|||
> `canary-by-header` - > `canary-by-cookie` - > `canary-weight` |
|||
|
|||
# 灰度发布实践 |
|||
我们商用环境k8s 管理是使用的 `KubeSphere` ,所以下面的实践都是利用 `KubeSphere` 来实现 |
|||
|
|||
简单自定义一个接口服务: |
|||
|
|||
```js |
|||
const main = async function(ctx) { |
|||
|
|||
ctx.body ="this is canary test";; |
|||
|
|||
}; |
|||
|
|||
|
|||
|
|||
const about = ctx => { |
|||
|
|||
ctx.body = "this is version 2"; |
|||
// ctx.body = "this is version 1"; |
|||
|
|||
}; |
|||
``` |
|||
|
|||
|
|||
分别构建了两个镜像: |
|||
``` |
|||
# Production 版本 |
|||
repository.anxinyun.cn/base-images/demo:0.1 |
|||
|
|||
# Canary 版本 |
|||
repository.anxinyun.cn/base-images/demo:0.3 |
|||
``` |
|||
|
|||
## 基于 `ingress-nginx` |
|||
### 1. 我们先部署一个 `Production` 版本的应用 |
|||
```yaml |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: gated-demo |
|||
namespace: fs-gtest |
|||
spec: |
|||
replicas: 1 |
|||
selector: |
|||
matchLabels: |
|||
app: gated-demo |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: gated-demo |
|||
spec: |
|||
containers: |
|||
- name: gated-demo |
|||
image: repository.anxinyun.cn/base-images/demo:0.1 |
|||
ports: |
|||
- containerPort: 5000 |
|||
name: http-port |
|||
|
|||
--- |
|||
|
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
name: gated-demo |
|||
namespace: fs-gtest |
|||
labels: |
|||
app: gated-demo |
|||
spec: |
|||
ports: |
|||
- port: 15001 |
|||
targetPort: 5000 |
|||
protocol: TCP |
|||
name: http-port |
|||
selector: |
|||
app: gated-demo |
|||
``` |
|||
|
|||
```shell |
|||
$ kubectl appy -f production.yaml |
|||
|
|||
deployment.apps/production created |
|||
service/production created |
|||
|
|||
``` |
|||
### 2. 创建 `Production` 版本的应用路由 (Ingress) |
|||
|
|||
```yaml |
|||
kind: Ingress |
|||
apiVersion: extensions/v1beta1 |
|||
metadata: |
|||
name: gated-demo |
|||
namespace: fs-gtest |
|||
annotations: |
|||
kubernetes.io/ingress.class: nginx |
|||
kubesphere.io/creator: admin |
|||
spec: |
|||
rules: |
|||
- host: gated-demo.fs-gtest.10.8.30.157.nip.io |
|||
http: |
|||
paths: |
|||
- path: / |
|||
pathType: ImplementationSpecific |
|||
backend: |
|||
serviceName: gated-demo |
|||
servicePort: 15001 |
|||
``` |
|||
|
|||
### 3. 访问`Production` 接口 |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191024380.png) |
|||
|
|||
### 4. 下面部署 `Canary` 版本 |
|||
yaml 文件 参考上面的版本,在 `gated-demo` 加上 `-canary` |
|||
|
|||
### 5. 设置 Ingress-Nginx Annotation 规则 |
|||
> 要开启灰度发布机制,需设置 `nginx.ingress.kubernetes.io/canary: "true"` 启用 Canary |
|||
#### 基于权重 |
|||
```yaml |
|||
kind: Ingress |
|||
apiVersion: extensions/v1beta1 |
|||
metadata: |
|||
name: gated-demo-canary |
|||
namespace: fs-gtest |
|||
annotations: |
|||
kubernetes.io/ingress.class: nginx |
|||
kubesphere.io/creator: admin |
|||
nginx.ingress.kubernetes.io/canary: 'true' |
|||
nginx.ingress.kubernetes.io/canary-weight: "30" |
|||
spec: |
|||
rules: |
|||
- host: gated-demo.fs-gtest.10.8.30.157.nip.io |
|||
http: |
|||
paths: |
|||
- path: / |
|||
pathType: ImplementationSpecific |
|||
backend: |
|||
serviceName: gated-demo-canary |
|||
servicePort: 15002 |
|||
``` |
|||
> 上面 Ingress 示例的 Canary 版本使用了**基于权重进行流量切分**的 annotation 规则,将分配 **30%** 的流量请求发送至 Canary 版本 |
|||
|
|||
#### Request Header |
|||
```yaml |
|||
kind: Ingress |
|||
apiVersion: extensions/v1beta1 |
|||
metadata: |
|||
name: gated-demo-canary |
|||
namespace: fs-gtest |
|||
annotations: |
|||
kubernetes.io/ingress.class: nginx |
|||
kubesphere.io/creator: admin |
|||
nginx.ingress.kubernetes.io/canary: 'true' |
|||
nginx.ingress.kubernetes.io/canary-by-header: version |
|||
nginx.ingress.kubernetes.io/canary-by-header-value: '2' |
|||
spec: |
|||
rules: |
|||
- host: gated-demo.fs-gtest.10.8.30.157.nip.io |
|||
http: |
|||
paths: |
|||
- path: / |
|||
pathType: ImplementationSpecific |
|||
backend: |
|||
serviceName: gated-demo-canary |
|||
servicePort: 15002 |
|||
``` |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191025017.png) |
|||
当 header 'version' 设置 为 '2' 时,所有请求被转到 Canary 版本 |
|||
|
|||
# 总结 |
|||
上面是简单的灰度测试,实际商用还是考虑灰度策略问题如何与用户结合起来控制,可以指定哪些用户参与灰度测试。 |
|||
|
Binary file not shown.
@ -0,0 +1,92 @@ |
|||
# 免密设置 |
|||
|
|||
## 第一步 生成密钥对 |
|||
查看你的用户目录下是否有 `.ssh` 目录,如果有再看下是否存在 `rsa` 密钥对文件。 |
|||
如果有跳过这一步,直接进入下一步。 |
|||
|
|||
```shell |
|||
ssh-keygen -t rsa -b 2048[/4096] -C "<comment>" |
|||
|
|||
``` |
|||
按回车 |
|||
``` |
|||
Generating public/private ed25519 key pair. |
|||
Enter file in which to save the key (/home/user/.ssh/id_rsa): |
|||
``` |
|||
设置口令: |
|||
``` |
|||
Enter passphrase (empty for no passphrase): |
|||
Enter same passphrase again: |
|||
``` |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191103642.png) |
|||
|
|||
## 第二步 添加 ssh 密钥 |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191103883.png) |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191103491.png) |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191104476.png) |
|||
|
|||
把上面生成的密钥对的公钥填入输入框 |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191104687.png) |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191104190.png) |
|||
添加标题后,点击添加密钥 |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191105424.png) |
|||
添加成功 |
|||
|
|||
|
|||
# 使用 |
|||
## 控制台操作 |
|||
|
|||
首先: 自己电脑上需要安装 `git` |
|||
[Git - Downloading Package (git-scm.com)](https://git-scm.com/download/win) |
|||
安装完成后,电脑会多出 `git` 控制台工具。 |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191105447.png) |
|||
另外,也可以在控制台输入 `git`,会输出下面信息 |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191105200.png) |
|||
|
|||
下面进入主题:如何管理自己的代码文档等 |
|||
选择你参与的项目 |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191105042.png) |
|||
|
|||
### 克隆项目 |
|||
点击 `克隆` |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191106580.png) |
|||
使用 SSH 克隆,点后面的复制链接: |
|||
然后到你的工作目录,打开控制台: |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191106644.png) |
|||
结果: |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191110364.png) |
|||
到你的工作目录查看: |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191110427.png) |
|||
|
|||
### 添加文件和提交 |
|||
下面我们添加一个文件 |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191110955.png) |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191110651.png) |
|||
|
|||
下面提交: |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191111236.png) |
|||
这时 文件提交到你的本地仓库,要想提交到远端仓库,还需要push |
|||
|
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191111331.png) |
|||
|
|||
现在看下效果: |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191111139.png) |
|||
|
|||
|
|||
以上就是常用的git 操作。 |
|||
|
|||
|
|||
|
|||
|
|||
## 使用 GUI 工具 |
|||
这里给大家推荐使用 `TortoiseGit` |
|||
![](https://cdn.jsdelivr.net/gh/vinloong/imgchr@latest/notes/img/202201191111961.png) |
|||
这个跟我们使用的 `svn` 工具很像,这里就不做介绍了。 |
Binary file not shown.
@ -0,0 +1,518 @@ |
|||
|
|||
|
|||
# 设置`storageClass` |
|||
|
|||
> 由于 部署 是使用的 microk8s 并且这个小集群只有一台服务器,所以存储就保存到本地 |
|||
|
|||
`storageClass.yaml` |
|||
|
|||
```yaml |
|||
apiVersion: storage.k8s.io/v1 |
|||
kind: StorageClass |
|||
metadata: |
|||
annotations: |
|||
storageclass.kubernetes.io/is-default-class: "false" |
|||
name: microk8s-localhost |
|||
provisioner: microk8s.io/hostpath |
|||
reclaimPolicy: Retain |
|||
volumeBindingMode: Immediate |
|||
``` |
|||
|
|||
```bash |
|||
$ kubectl apply -f storageClass.yaml |
|||
|
|||
|
|||
$ kubectl get sc |
|||
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE |
|||
microk8s-hostpath (default) microk8s.io/hostpath Delete Immediate false 4d4h |
|||
microk8s-localhost microk8s.io/hostpath Retain Immediate false 3d1h |
|||
``` |
|||
|
|||
|
|||
|
|||
# 部署数据库 |
|||
|
|||
|
|||
|
|||
## 设置 pvc |
|||
|
|||
`pg-pvc.yaml` |
|||
|
|||
```yaml |
|||
kind: PersistentVolume |
|||
apiVersion: v1 |
|||
metadata: |
|||
name: postgres-data-pv |
|||
labels: |
|||
type: local |
|||
app: postgres-data |
|||
spec: |
|||
storageClassName: microk8s-localhost |
|||
capacity: |
|||
storage: 15Gi |
|||
accessModes: |
|||
- ReadWriteMany |
|||
hostPath: |
|||
path: "/var/local/postgresql/data" |
|||
--- |
|||
kind: PersistentVolumeClaim |
|||
apiVersion: v1 |
|||
metadata: |
|||
name: postgres-data-pvc |
|||
namespace: devops |
|||
labels: |
|||
app: postgres-data |
|||
spec: |
|||
storageClassName: microk8s-localhost |
|||
accessModes: |
|||
- ReadWriteMany |
|||
resources: |
|||
requests: |
|||
storage: 10Gi |
|||
|
|||
``` |
|||
|
|||
```bash |
|||
$ kubectl apply -f pg-pvc.yaml |
|||
|
|||
$ kubectl get pv |
|||
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE |
|||
postgres-data-pv 15Gi RWX Retain Bound devops/postgres-data-pvc microk8s-localhost 3d |
|||
|
|||
$ kubectl get pvc -n devops |
|||
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE |
|||
postgres-data-pvc Bound postgres-data-pv 15Gi RWX microk8s-localhost 3d |
|||
|
|||
``` |
|||
|
|||
|
|||
|
|||
`configmap.yaml` |
|||
|
|||
```yaml |
|||
apiVersion: v1 |
|||
kind: ConfigMap |
|||
metadata: |
|||
name: cm-postgres |
|||
namespace: devops |
|||
labels: |
|||
app: postgres |
|||
data: |
|||
POSTGRES_PASSWORD: postgres |
|||
``` |
|||
|
|||
```shell |
|||
$ kubectl apply -f configmap.yaml |
|||
|
|||
$ kubectl get cm -n devops |
|||
NAME DATA AGE |
|||
kube-root-ca.crt 1 3d5h |
|||
cm-postgres 1 2d2h |
|||
|
|||
``` |
|||
|
|||
`deployment.yaml` |
|||
|
|||
```yaml |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: gitea-postgres |
|||
namespace: devops |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app: postgres |
|||
replicas: 1 |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: postgres |
|||
spec: |
|||
containers: |
|||
- name: gitea-postgres |
|||
image: postgres:12-alpine |
|||
ports: |
|||
- containerPort: 5432 |
|||
name: pg-port |
|||
envFrom: |
|||
- configMapRef: |
|||
name: cm-postgres |
|||
volumeMounts: |
|||
- mountPath: /var/lib/postgresql/data |
|||
name: postgres-data-volume |
|||
volumes: |
|||
- name: postgres-data-volume |
|||
persistentVolumeClaim: |
|||
claimName: postgres-data-pvc |
|||
``` |
|||
|
|||
```bash |
|||
$ kubectl apply -f deployment.yaml |
|||
|
|||
$ kubectl get po -n devops |
|||
NAME READY STATUS RESTARTS AGE |
|||
gitea-postgres-86d6b8c4c7-rbt45 1/1 Running 0 2d1h |
|||
|
|||
``` |
|||
|
|||
`service.yaml` |
|||
|
|||
```yaml |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
name: postgres-service |
|||
namespace: devops |
|||
labels: |
|||
app: postgres |
|||
spec: |
|||
type: NodePort |
|||
ports: |
|||
- port: 5432 |
|||
targetPort: 5432 |
|||
protocol: TCP |
|||
name: pg-port |
|||
nodePort: 30432 |
|||
selector: |
|||
app: postgres |
|||
``` |
|||
|
|||
```shell |
|||
$ kubectl apply -f service.yaml |
|||
|
|||
|
|||
$ kubectl get svc -n devops |
|||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE |
|||
postgres-service NodePort 10.152.183.142 <none> 5432:30432/TCP 2d1h |
|||
|
|||
``` |
|||
|
|||
|
|||
|
|||
### 配置 |
|||
|
|||
`postgresql.conf` |
|||
|
|||
```properties |
|||
|
|||
# 时区修改 |
|||
log_timezone = 'Asia/Shanghai' |
|||
timezone = 'Asia/Shanghai' |
|||
|
|||
|
|||
# 密码加密算法修改 |
|||
password_encryption = scram-sha-256 |
|||
``` |
|||
|
|||
|
|||
|
|||
`pg_hba.conf` |
|||
|
|||
```properties |
|||
# 本地访问 |
|||
local giteadb gitea scram-sha-256 |
|||
|
|||
# 远程访问 |
|||
host giteadb gitea 0.0.0.0/0 scram-sha-256 |
|||
``` |
|||
|
|||
|
|||
|
|||
重启数据库 |
|||
|
|||
|
|||
|
|||
```sql |
|||
# 创建用户和数据库 |
|||
|
|||
CREATE ROLE gitea WITH LOGIN PASSWORD 'gitea'; |
|||
|
|||
CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8'; |
|||
|
|||
``` |
|||
|
|||
|
|||
|
|||
# 部署 `Gitea` |
|||
|
|||
`gitea-pvc.yaml` |
|||
|
|||
```yaml |
|||
kind: PersistentVolume |
|||
apiVersion: v1 |
|||
metadata: |
|||
name: gitea-data-pv |
|||
labels: |
|||
type: local |
|||
app: gitea |
|||
spec: |
|||
storageClassName: microk8s-localhost |
|||
capacity: |
|||
storage: 500Gi |
|||
accessModes: |
|||
- ReadWriteMany |
|||
hostPath: |
|||
path: "/var/local/gitea/data" |
|||
--- |
|||
kind: PersistentVolumeClaim |
|||
apiVersion: v1 |
|||
metadata: |
|||
name: gitea-data-pvc |
|||
namespace: devops |
|||
labels: |
|||
app: gitea |
|||
spec: |
|||
storageClassName: microk8s-localhost |
|||
accessModes: |
|||
- ReadWriteMany |
|||
resources: |
|||
requests: |
|||
storage: 200Gi |
|||
``` |
|||
|
|||
|
|||
|
|||
```shell |
|||
$ kubectl apply -f gitea-pvc.yaml |
|||
|
|||
$ kubectl get pv |
|||
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE |
|||
postgres-data-pv 15Gi RWX Retain Bound devops/postgres-data-pvc microk8s-localhost 3d |
|||
gitea-data-pv 500Gi RWX Retain Bound devops/gitea-data-pvc microk8s-localhost 47h |
|||
$ kubectl get pvc -n devops |
|||
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE |
|||
postgres-data-pvc Bound postgres-data-pv 15Gi RWX microk8s-localhost 3d |
|||
gitea-data-pvc Bound gitea-data-pv 500Gi RWX microk8s-localhost 47h |
|||
|
|||
``` |
|||
|
|||
|
|||
|
|||
`configmap.yaml` |
|||
|
|||
```yaml |
|||
|
|||
apiVersion: v1 |
|||
kind: ConfigMap |
|||
metadata: |
|||
name: cm-gitea |
|||
namespace: devops |
|||
labels: |
|||
app: gitea |
|||
data: |
|||
DB_TYPE: "postgres" |
|||
DB_HOST: "postgres-service:5432" |
|||
DB_NAME: "giteadb" |
|||
DB_USER: "gitea" |
|||
DB_PASSWD: "gitea" |
|||
|
|||
``` |
|||
|
|||
```shell |
|||
$ kubectl apply -f configmap.yaml |
|||
|
|||
$ kubectl get cm -n devops |
|||
NAME DATA AGE |
|||
kube-root-ca.crt 1 3d5h |
|||
cm-postgres 1 2d2h |
|||
cm-gitea 6 29h |
|||
|
|||
``` |
|||
|
|||
`deployment.yaml` |
|||
|
|||
```yaml |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: gitea |
|||
namespace: devops |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app: gitea |
|||
replicas: 1 |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: gitea |
|||
spec: |
|||
containers: |
|||
- name: gitea |
|||
image: gitea/gitea:1.14.6 |
|||
ports: |
|||
- containerPort: 22 |
|||
name: ssh |
|||
- containerPort: 3000 |
|||
name: http-port |
|||
envFrom: |
|||
- configMapRef: |
|||
name: cm-gitea |
|||
volumeMounts: |
|||
- mountPath: /data |
|||
name: gitea-data-volume |
|||
volumes: |
|||
- name: gitea-data-volume |
|||
persistentVolumeClaim: |
|||
claimName: gitea-data-pvc |
|||
|
|||
``` |
|||
|
|||
```shell |
|||
$ kubectl apply -f deployment.yaml |
|||
|
|||
$ kubectl get po -n devops |
|||
NAME READY STATUS RESTARTS AGE |
|||
gitea-postgres-86d6b8c4c7-rbt45 1/1 Running 0 2d1h |
|||
gitea-c4b69d788-mdm7g 1/1 Running 0 6h10m |
|||
|
|||
``` |
|||
|
|||
`service.yaml` |
|||
|
|||
```yaml |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
name: gitea-service |
|||
namespace: devops |
|||
labels: |
|||
app: gitea |
|||
spec: |
|||
type: NodePort |
|||
ports: |
|||
- port: 22 |
|||
targetPort: 22 |
|||
protocol: TCP |
|||
name: ssh |
|||
nodePort: 30022 |
|||
- port: 3000 |
|||
targetPort: 3000 |
|||
protocol: TCP |
|||
name: http-port |
|||
nodePort: 30300 |
|||
selector: |
|||
app: gitea |
|||
``` |
|||
|
|||
```shell |
|||
$ kubectl apply -f service.yaml |
|||
|
|||
$ kubectl get svc -n devops |
|||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE |
|||
postgres-service NodePort 10.152.183.142 <none> 5432:30432/TCP 2d1h |
|||
gitea-service NodePort 10.152.183.62 <none> 22:30022/TCP,3000:30300/TCP 29h |
|||
``` |
|||
|
|||
|
|||
|
|||
配置 |
|||
|
|||
```ini |
|||
[server] |
|||
APP_DATA_PATH = /data/gitea |
|||
DOMAIN = gitea.free-sun.vip |
|||
SSH_DOMAIN = gitea.free-sun.vip |
|||
HTTP_PORT = 3000 |
|||
ROOT_URL = https://gitea.free-sun.vip/ |
|||
DISABLE_SSH = false |
|||
SSH_PORT = 2022 |
|||
SSH_LISTEN_PORT = 22 |
|||
LFS_START_SERVER = false |
|||
LFS_CONTENT_PATH = /data/git/lfs |
|||
LFS_JWT_SECRET = ET6zJ0fRBl93bJiHrUAzOXa7xeicpEmY9weiyqwWQqI |
|||
OFFLINE_MODE = false |
|||
LANDING_PAGE = explore |
|||
|
|||
|
|||
[mailer] |
|||
ENABLED = true |
|||
FROM = anxinyunwarning@free-sun.com.cn |
|||
MAILER_TYPE = smtp |
|||
HOST = smtp.exmail.qq.com:465 |
|||
IS_TLS_ENABLED = true |
|||
USER = anxinyunwarning@free-sun.com.cn |
|||
PASSWD = `SGVd7FU7vesjj9su` |
|||
|
|||
``` |
|||
|
|||
|
|||
|
|||
nginx 配置 |
|||
|
|||
```properties |
|||
# http 增加 server |
|||
|
|||
upstream gitea-http { |
|||
server 192.168.0.121:30300; |
|||
} |
|||
|
|||
|
|||
server { |
|||
listen 80; |
|||
server_name gitea.free-sun.vip; |
|||
rewrite ^(.*) https://$server_name$1 permanent; |
|||
} |
|||
|
|||
|
|||
server { |
|||
listen 443 ssl; |
|||
server_name gitea.free-sun.vip; |
|||
client_max_body_size 5m; |
|||
|
|||
ssl_certificate /etc/nginx/certs/gitea.free-sun.pem; |
|||
ssl_certificate_key /etc/nginx/certs/gitea.free-sun.key; |
|||
ssl_session_timeout 5m; |
|||
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; |
|||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
|||
ssl_prefer_server_ciphers on; |
|||
|
|||
location / { |
|||
client_max_body_size 20m; |
|||
proxy_redirect off; |
|||
proxy_set_header Host $host; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|||
proxy_pass http://gitea-http; |
|||
index index.html index.htm; |
|||
} |
|||
} |
|||
|
|||
``` |
|||
|
|||
|
|||
|
|||
```properties |
|||
# stream 增加 server 做 ssh 访问 |
|||
upstream gitea_backend { |
|||
hash $remote_addr consistent; |
|||
server 192.168.0.121:30022 max_fails=3 fail_timeout=30s; |
|||
} |
|||
|
|||
server { |
|||
listen 2022 so_keepalive=on; |
|||
tcp_nodelay on; |
|||
proxy_pass gitea_backend; |
|||
proxy_connect_timeout 20s; |
|||
proxy_timeout 30m; |
|||
proxy_buffer_size 32k; |
|||
} |
|||
``` |
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Binary file not shown.
@ -0,0 +1,310 @@ |
|||
# 启用 go mod 包管理工具 |
|||
|
|||
|
|||
|
|||
## 设置GO111MODULE |
|||
|
|||
|
|||
|
|||
在Go语言 1.12 版本之前,要启用 go module 工具首先要设置环境变量 GO111MODULE,不过在Go语言 1.13 及以后的版本则不再需要设置环境变量。通过 GO111MODULE 可以开启或关闭 go module 工具。 |
|||
|
|||
- GO111MODULE=off 禁用 go module,编译时会从 GOPATH 和 vendor 文件夹中查找包; |
|||
- GO111MODULE=on 启用 go module,编译时会忽略 GOPATH 和 vendor 文件夹,只根据 go.mod下载依赖; |
|||
- GO111MODULE=auto(默认值),当项目在 GOPATH/src 目录之外,并且项目根目录有 go.mod 文件时,开启 go module |
|||
|
|||
|
|||
|
|||
Windows 下开启 GO111MODULE 的命令为: |
|||
|
|||
```cmd |
|||
set GO111MODULE=on |
|||
# 或者 |
|||
set GO111MODULE=auto |
|||
``` |
|||
|
|||
MacOS 或者 Linux 下开启 GO111MODULE 的命令为: |
|||
|
|||
```bash |
|||
export GO111MODULE=on |
|||
# 或者 |
|||
export GO111MODULE=auto |
|||
``` |
|||
|
|||
在开启 GO111MODULE 之后就可以使用 go module 工具了,也就是说在以后的开发中就没有必要在 GOPATH 中创建项目了,并且还能够很好的管理项目依赖的第三方包信息。 |
|||
|
|||
常用的`go mod`命令如下表所示: |
|||
|
|||
|
|||
|
|||
| 命令 | 作用 | |
|||
| --------------- | ---------------------------------------------- | |
|||
| go mod init | 初始化当前文件夹,创建 go.mod 文件 | |
|||
| go mod tidy | 增加缺少的包,删除无用的包 | |
|||
| go mod download | 下载依赖包到本地(默认为 GOPATH/pkg/mod 目录) | |
|||
| go mod edit | 编辑 go.mod 文件 | |
|||
| go mod graph | 打印模块依赖图 | |
|||
| go mod vendor | 将依赖复制到 vendor 目录下 | |
|||
| go mod verify | 校验依赖 | |
|||
| go mod why | 解释为什么需要依赖 | |
|||
|
|||
|
|||
|
|||
## GOPROXY |
|||
|
|||
|
|||
|
|||
proxy 顾名思义就是代理服务器的意思。大家都知道,国内的网络有防火墙的存在,这导致有些Go语言的第三方包我们无法直接通过`go get`命令获取。GOPROXY 是Go语言官方提供的一种通过中间代理商来为用户提供包下载服务的方式。要使用 GOPROXY 只需要设置环境变量 GOPROXY 即可 |
|||
|
|||
目前公开的代理服务器的地址有: |
|||
|
|||
| goproxy | 提供商 | |
|||
| :------------------------- | -------- | |
|||
| goproxy.io | 微软 | |
|||
| goproxy.cn | 七牛云 | |
|||
| mirrors.aliyun.com/goproxy | 阿里云 | |
|||
| gocenter.io | GoCenter | |
|||
|
|||
|
|||
Windows 下设置 GOPROXY 的命令为: |
|||
|
|||
```cmd |
|||
go env -w GOPROXY=https://goproxy.cn,direct |
|||
``` |
|||
|
|||
|
|||
|
|||
MacOS 或 Linux 下设置 GOPROXY 的命令为: |
|||
|
|||
```bash |
|||
export GOPROXY=https://goproxy.cn |
|||
``` |
|||
|
|||
|
|||
|
|||
> Go语言在 1.13 版本之后 GOPROXY 默认值为 https://proxy.golang.org,在国内可能会存在下载慢或者无法访问的情况,所以十分建议大家将 GOPROXY 设置为国内的 goproxy.cn |
|||
|
|||
|
|||
|
|||
### 使用go get命令下载指定版本的依赖包 |
|||
|
|||
执行`go get `命令,在下载依赖包的同时还可以指定依赖包的版本。 |
|||
|
|||
- 运行`go get -u`命令会将项目中的包升级到最新的次要版本或者修订版本; |
|||
- 运行`go get -u=patch`命令会将项目中的包升级到最新的修订版本; |
|||
- 运行`go get [包名]@[版本号]`命令会下载对应包的指定版本或者将对应包升级到指定的版本。 |
|||
|
|||
提示:`go get [包名]@[版本号]`命令中版本号可以是 x.y.z 的形式,例如 go get foo@v1.2.3,也可以是 git 上的分支或 tag,例如 go get foo@master,还可以是 git 提交时的哈希值,例如 go get foo@e3702bed2。 |
|||
|
|||
|
|||
|
|||
## 在项目中应用 |
|||
|
|||
创建一个项目 “golang-examples” |
|||
|
|||
1) 在 GOPATH 目录之外新建一个目录,并使用`go mod init`初始化生成 go.mod 文件 |
|||
|
|||
```cmd |
|||
go mod init golang-examples |
|||
go: creating new go.mod: module golang-examples |
|||
``` |
|||
|
|||
初始化生成的 go.mod 文件如下所示: |
|||
|
|||
```go |
|||
module golang-examples |
|||
|
|||
go 1.15 |
|||
``` |
|||
|
|||
|
|||
|
|||
2) 新建一个 main.go 文件,写入以下代码: |
|||
|
|||
```go |
|||
package main |
|||
|
|||
import "time" |
|||
import log "github.com/sirupsen/logrus" |
|||
import http "github.com/valyala/fasthttp" |
|||
|
|||
const ( |
|||
imgList = "https://k8s.gcr.io/v2/tags/list" |
|||
DefaultHttpTimeout = 15 * time.Second |
|||
repo = "k8s.gcr.io/" |
|||
) |
|||
|
|||
func main() { |
|||
log.Info("get k8s.gcr.io public images...") |
|||
status, body, errs := http.Get(nil, imgList) |
|||
if errs != nil { |
|||
log.Error("request error", errs) |
|||
} |
|||
if status != http.StatusOK { |
|||
log.Warn("request faild") |
|||
} |
|||
log.Info(body) |
|||
} |
|||
``` |
|||
|
|||
执行`go run main.go`运行代码会发现 go mod 会自动查找依赖自动下载 |
|||
|
|||
现在查看 go.mod 内容: |
|||
|
|||
```go |
|||
module golang-examples |
|||
|
|||
go 1.15 |
|||
|
|||
require ( |
|||
github.com/sirupsen/logrus v1.8.1 |
|||
github.com/valyala/fasthttp v1.28.0 |
|||
) |
|||
|
|||
``` |
|||
|
|||
go 会自动生成一个 go.sum 文件来记录 dependency tree |
|||
可以使用命令`go list -m -u all`来检查可以升级的 package,使用`go get -u need-upgrade-package`升级后会将新的依赖版本更新到 go.mod * 也可以使用`go get -u`升级所有依赖。 |
|||
|
|||
### 使用 replace 替换无法直接获取的 package |
|||
|
|||
由于某些已知的原因,并不是所有的 package 都能成功下载,比如:golang.org 下的包。 |
|||
|
|||
modules 可以通过在 go.mod 文件中使用 replace 指令替换成 github 上对应的库,比如: |
|||
|
|||
```go |
|||
replace ( |
|||
golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a => github.com/golang/crypto v0.0.0-20190313024323-a1f597ede03a |
|||
) |
|||
``` |
|||
|
|||
或者 |
|||
|
|||
```go |
|||
replace golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a => github.com/golang/crypto v0.0.0-20190313024323-a1f597ede03a |
|||
``` |
|||
|
|||
|
|||
|
|||
# build |
|||
|
|||
```shell |
|||
go build [-o 输出名] [-i] [编译标记] [包名] |
|||
``` |
|||
|
|||
> 如果参数为 \*.go文件或文件列表,则编译为一个个单独的包。 |
|||
> 当编译单个main包(文件),则生成可执行文件。 |
|||
> 当编译单个或多个包非主包时,只构建编译包,**但丢弃生成的对象(.a)**,仅用作检查包可以构建。 |
|||
> 当编译包时,会自动忽略'_test.go'的测试文件。 |
|||
|
|||
## `-o` |
|||
|
|||
> output 指定编译输出的名称,代替默认的包名。 |
|||
|
|||
## `-i` |
|||
|
|||
> install 安装作为目标的依赖关系的包(用于增量编译提速)。 |
|||
|
|||
## 以下 build 参数可用在 build, clean, get, install, list, run, test |
|||
|
|||
``` |
|||
-a |
|||
完全编译,不理会-i产生的.a文件(文件会比不带-a的编译出来要大?) |
|||
-n |
|||
仅打印输出build需要的命令,不执行build动作(少用)。 |
|||
-p n |
|||
开多少核cpu来并行编译,默认为本机CPU核数(少用)。 |
|||
-race |
|||
同时检测数据竞争状态,只支持 linux/amd64, freebsd/amd64, darwin/amd64 和 windows/amd64. |
|||
-msan |
|||
启用与内存消毒器的互操作。仅支持linux / amd64,并且只用Clang / LLVM作为主机C编译器(少用)。 |
|||
-v |
|||
打印出被编译的包名(少用). |
|||
-work |
|||
打印临时工作目录的名称,并在退出时不删除它(少用)。 |
|||
-x |
|||
同时打印输出执行的命令名(-n)(少用). |
|||
-asmflags 'flag list' |
|||
传递每个go工具asm调用的参数(少用) |
|||
-buildmode mode |
|||
编译模式(少用) |
|||
'go help buildmode' |
|||
-compiler name |
|||
使用的编译器 == runtime.Compiler |
|||
(gccgo or gc)(少用). |
|||
-gccgoflags 'arg list' |
|||
gccgo 编译/链接器参数(少用) |
|||
-gcflags 'arg list' |
|||
垃圾回收参数(少用). |
|||
-installsuffix suffix |
|||
a suffix to use in the name of the package installation directory, |
|||
in order to keep output separate from default builds. |
|||
If using the -race flag, the install suffix is automatically set to race |
|||
or, if set explicitly, has _race appended to it. Likewise for the -msan |
|||
flag. Using a -buildmode option that requires non-default compile flags |
|||
has a similar effect. |
|||
-ldflags 'flag list' |
|||
'-s -w': 压缩编译后的体积 |
|||
-s: 去掉符号表 |
|||
-w: 去掉调试信息,不能gdb调试了 |
|||
-linkshared |
|||
链接到以前使用创建的共享库 |
|||
-buildmode=shared. |
|||
-pkgdir dir |
|||
从指定位置,而不是通常的位置安装和加载所有软件包。例如,当使用非标准配置构建时,使用-pkgdir将生成的包保留在单独的位置。 |
|||
-tags 'tag list' |
|||
构建出带tag的版本. |
|||
-toolexec 'cmd args' |
|||
a program to use to invoke toolchain programs like vet and asm. |
|||
For example, instead of running asm, the go command will run |
|||
'cmd args /path/to/asm <arguments for asm>'. |
|||
``` |
|||
|
|||
|
|||
|
|||
以上命令,单引号/双引号均可。 |
|||
|
|||
对包的操作`'go help packages'` |
|||
对路径的描述`'go help gopath'` |
|||
对 C/C++ 的互操作`'go help c'` |
|||
|
|||
|
|||
|
|||
构建遵守某些约定(`'go help gopath'`),但不是所有的项目都遵循这些约定,当使用自己的惯例或使用单独的软件构建系统时可以选择使用较低级别的调用`go tool compile`和`go tool link`来避免一些构建工具的开销和设计决策 |
|||
|
|||
|
|||
|
|||
|
|||
|
|||
## 配置 vs code |
|||
|
|||
|
|||
|
|||
安装扩展 (`Ctrl/Cmd + Shift + X`) ,搜索 `go` 并安装。 |
|||
|
|||
|
|||
|
|||
`Ctrl/Cmd + Shift + P` 运行 `Go: Install/Update Tools` 命令,安装列出的所有的go的扩展插件。 |
|||
|
|||
|
|||
|
|||
### 快捷键 |
|||
|
|||
`F12` |
|||
|
|||
`Alt+F12` |
|||
|
|||
`Shift+F12` |
|||
|
|||
`Shift+Alt+H` |
|||
|
|||
`Ctrl+Shift+P` |
|||
|
|||
`Ctrl+Shift+O` |
|||
|
|||
`Ctrl+T` |
|||
|
|||
`Shift+Alt+F`: 格式化代码 |
|||
|
|||
|
|||
|
|||
[Go more help](https://code.visualstudio.com/docs/languages/go) |
Binary file not shown.
Loading…
Reference in new issue