使用Kubernetes吗?准备从虚拟机中移动Camunda BPM实例,还是尝试在Kubernetes上运行它们?让我们看一些可以根据您的特定需求量身定制的常见配置和单个元素。
假设您以前使用过Kubernetes。如果没有,为什么不看一下手册并启动第一个集群?
作者
- Alastair Firth -Camunda Cloud团队的高级站点可靠性工程师;
- Lars Lange是Camunda的DevOps工程师。
简而言之:
git clone https://github.com/camunda-cloud/camunda-examples.git
cd camunda-examples/camunda-bpm-demo
make skaffold
好的,可能没有用,因为您没有安装skaffold和kustomize。好吧,继续阅读!
什么是Camunda BPM
Camunda BPM是一个开放源代码业务流程管理和决策自动化平台,它将业务用户和软件开发人员联系在一起。它是协调,连接人员,(微型)服务甚至机器人的理想选择!您可以在此处阅读有关不同用例的更多信息。
为什么使用Kubernetes
Kubernetes - Linux. , . API-, Kubernetes , : , . 2020 6 , , , ( Linux). , .
Camunda BPM Engine , , Kubernetes , , ( ).
, Prometheus, Grafana, Loki, Fluentd Elasticsearch, . , Prometheus Java (JVM).
, Docker- Camunda BPM (github), Kubernetes.
- ;
- ;
- ;
- .
.
Skaffold Docker Google Cloud Build. ( Kustomize Helm), CI , . skaffold.yaml.tmpl Google Cloud Build GKE, .
make skaffold Dockerfile Cloud Build, GCR, . , make skaffold, Skaffold .
yaml Kubernetes kustomize yaml , git pull --rebase . kubectl .
envsubst GCP * .yaml.tmpl. , makefile .
- Kubernetes
- Kustomize
- Skaffold — docker GKE
- Envsubst
kustomize skaffold, generated-manifest.yaml .
Prometheus Kubernetes. , AWS Cloudwatch Metrics, Cloudwatch Alerts, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics . . Grafana — , . prometheus-operator.
Prometheus <service>/metrics, sidecar- . , JMX JVM, sidecar- . jmx_exporter Prometheus JVM, , /metrics .
Prometheus jmx_exporter
-- images/camunda-bpm/Dockerfile
FROM camunda/camunda-bpm-platform:tomcat-7.11.0
## Add prometheus exporter
RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/
jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/
#9404 is the reserved prometheus-jmx port
ENV CATALINA_OPTS -javaagent:lib/
jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml
, . tomcat Prometheus <svc>:9404/metrics
, prometheus-jmx.yaml? , JVM, tomcat — , . tomcat, wildfly, kafka . tomcat ConfigMap Kubernetes, .
-, platform/config/
platform/config
└── prometheus-jmx.yaml
ConfigMapGenerator kustomization.yaml.tmpl:
-- platform/kustomization.yaml.tmpl
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
[...]
configMapGenerator:
- name: config
files:
- config/prometheus-jmx.yaml
files[] ConfigMap. ConfigMapGenerators , , . Deployment, «» VolumeMount.
, ConfigMap :
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
volumes:
- name: config
configMap:
name: config
defaultMode: 0744
containers:
- name: camunda-bpm
volumeMounts:
- mountPath: /etc/config/
name: config
[...]
. Prometheus , , , , . Prometheus Operator service-monitor.yaml . Service-monitor.yaml, operator design ServiceMonitorSpec .
, ConfigMapGenerator, /etc/config. . . subPath . xml- xmlstarlet sed. .
! stdout, , kubectl logs. Fluentd ( GKE) Elasticsearch, Loki . jsonify , logback.
H2. , Google Cloud SQL Cloud SQL Proxy — . , . AWS RDS .
, H2, platform/deploy.yaml. :
-- platform/deployment.yaml
apiVersion: apps/v1
kind: Deployment
[...]
spec:
template:
spec:
[...]
containers:
- name: camunda-bpm
env:
- name: DB_DRIVER
value: org.postgresql.Driver
- name: DB_URL
value: jdbc:postgresql://postgres-proxy.db:5432/process-engine
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cambpm-db-credentials
key: db_password
[...]
: valueFrom: secretKeyRef. , Kubernetes , .
, Kubernetes. , : KMS , K8S CD- — MozillaSOPS — Kustomize. , dotGPG — : HashiCorp Vault, Kustomize Secret Value Plugins.
Ingress
, Ingress Controller. ingress-nginx (Helm chart) , , , ingress-patch.yaml.tmpl platform/ingress.yaml. ingress-nginx nginx ingress class , DNS DNS, — . Ingress Controller DNS .
TLS
cert-manager kube-lego letsencrypt — . , ingress-patch.yaml.tmpl .
!
, make skaffold HOSTNAME=<you.example.com> <hostname>/camunda
URL-, localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 localhost:8080/camunda
, tomcat . Cert-manager . — , , kubetail, kubectl:
kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f
Camunda BPM, Kubernetes, , REST API . , JWT. configmaps xml, xmlstarlet (. ) , wget, init .
, Camunda BPM JVM, , , sticky sessions (, ingress-nginx), , , Max-Age cookie. Session Manager Tomcat. , - :
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/
2.3.2/memcached-session-manager-2.3.2.jar -P lib/ && \
wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/
2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ && \
sed -i '/^<\/Context>/i \
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" \
memcachedNodes="redis://redis-proxy.db:22121" \
sticky="false" \
sessionBackupAsync="false" \
storageKeyPrefix="context" \
lockingMode="auto" \
/>' conf/context.xml
: xmlstarlet sed
twemproxy Google Cloud Memorystore, memcached-session-manager ( Redis) .
, ( ) Camunda BPM . « ». intialSize settings.xml. HorizontalPodAutoscaler (HPA) .
platform/deployment.yaml , . HPA, . kustomize. . ingress-patch.yaml.tmpl ./kustomization.yaml.tmpl
因此我们在Kubernetes上安装了Proundeus指标,日志,H2数据库,TLS和Ingress的Camunda BPM。我们使用ConfigMaps和Dockerfile添加了jar和config文件。我们讨论了与卷进行通信,并直接从机密进入环境变量。此外,还概述了用于多个副本和已验证API的Camunda设置。
链接
github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes
│
├── generated-manifest.yaml <- manifest for use without kustomize
├── images
│ └── camunda-bpm
│ └── Dockerfile <- overlay docker image
├── ingress-patch.yaml.tmpl <- site-specific ingress configuration
├── kustomization.yaml.tmpl <- main Kustomization
├── Makefile <- make targets
├── namespace.yaml
├── platform
│ ├── config
│ │ └── prometheus-jmx.yaml <- prometheus exporter config file
│ ├── deployment.yaml <- main deployment
│ ├── ingress.yaml
│ ├── kustomization.yaml <- "base" kustomization
│ ├── service-monitor.yaml <- example prometheus-operator config
│ └── service.yaml
└── skaffold.yaml.tmpl <- skaffold directives
2020年8月5日,Alastair Firth撰写的文章翻译,拉斯·兰格