Kuna iya karanta game da helmfile kanta da misalan amfaninsa a ciki
Za mu saba da hanyoyin da ba a bayyane ba don bayyana abubuwan da aka saki a cikin helmfile
Bari mu ce muna da fakitin sigogin helm (misali, bari mu ce postgres da wasu aikace-aikacen baya) da mahalli da yawa (gungu na kubernetes da yawa, wuraren suna da yawa, ko da yawa duka biyun). Muna ɗaukar helmfile, karanta takaddun kuma mu fara bayyana mahallin mu da fitar da mu:
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
production:
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: 1.0.5
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yaml
Mun ƙare da mahalli guda 2: kayan ado, samar - kowanne yana ƙunshe da ƙimarsa don sigogin sakin hular. Za mu tura su kamar haka:
helmfile -n <namespace> -e <env> apply
Daban-daban na sigogin helm a wurare daban-daban
Mene ne idan muna buƙatar fitar da nau'i daban-daban na baya zuwa yanayi daban-daban? Yadda za a daidaita sigar saki? Ƙimar muhalli da ake samu ta hanyar {{ .Values }}
helmfile.yaml
environments:
devel:
+ values:
+ - charts:
+ versions:
+ backend: 1.1.0
production:
+ values:
+ - charts:
+ versions:
+ backend: 1.0.5
...
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
- version: 1.0.5
+ version: {{ .Values.charts.versions.backend }}
...
Saitin aikace-aikace daban-daban a wurare daban-daban
Great, amma idan ba mu bukatar production
mirgine postgres, saboda mun san cewa ba ma buƙatar tura bayanan cikin k8s kuma don siyarwa muna da gungu na postgres daban na ban mamaki? Don magance wannan matsalar muna da lakabi
helmfile -n <namespace> -e devel apply
helmfile -n <namespace> -e production -l app=backend apply
Wannan yana da kyau, amma da kaina na fi son bayyana waɗanne aikace-aikacen da za a tura a cikin yanayin ba ta amfani da muhawarar ƙaddamarwa ba, amma a cikin bayanin yanayin da kansu. Me za a yi? Kuna iya sanya kwatancen sakin a cikin babban fayil daban, ƙirƙirar jerin abubuwan da ake buƙata a cikin bayanin yanayi kuma “ɗauka” kawai abubuwan da suka dace, yin watsi da sauran.
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
+ ├── releases
+ │ ├── backend.yaml
+ │ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- releases:
- - name: postgres
- labels:
- app: postgres
- wait: true
- chart: stable/postgresql
- version: 8.4.0
- values:
- - envs/{{ .Environment.Name }}/values/postgres.yaml
- - name: backend
- labels:
- app: backend
- wait: true
- chart: private-helm-repo/backend
- version: {{ .Values.charts.versions.backend }}
- needs:
- - postgres
- values:
- - envs/{{ .Environment.Name }}/values/backend.yaml
+ ---
+ bases:
+ {{- range .Values.apps }}
+ - releases/{{ . }}.yaml
+ {{- end }}
releases/postgres.yaml
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
releases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yaml
Bayanin
Lokacin amfani bases:
wajibi ne a yi amfani da yaml separator ---
, ta yadda za ka iya samfuri sakewa (da sauran sassa, kamar helmDefaults) tare da dabi'u daga mahalli
A wannan yanayin, sakin postgres ba za a haɗa shi cikin bayanin don samarwa ba. Cikin kwanciyar hankali!
Ƙimar duniya mai wuce gona da iri don sakewa
Tabbas, yana da kyau cewa zaku iya saita dabi'u don taswirar helm ga kowane yanayi, amma menene idan muna da yanayin da aka bayyana, kuma muna so, alal misali, saita iri ɗaya ga kowa. affinity
, amma ba ma so mu daidaita shi ta tsohuwa a cikin ginshiƙai da kansu, waɗanda aka adana a cikin turnips.
A wannan yanayin, ga kowane saki za mu iya ƙayyade 2 fayiloli tare da dabi'u: na farko da tsoho dabi'u, wanda zai ƙayyade dabi'u na ginshiƙi da kanta, da kuma na biyu tare da dabi'u ga muhalli, wanda bi da bi zai soke. wadanda suka saba.
.
├── envs
+ │ ├── default
+ │ │ └── values
+ │ │ ├── backend.yaml
+ │ │ └── postgres.yaml
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
releases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
+ - envs/default/values/backend.yaml
- envs/{{ .Environment.Name }}/values/backend.yaml
envs/default/values/backend.yaml
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- backend
topologyKey: "kubernetes.io/hostname"
Ƙayyadaddun ƙima na duniya don jadawalin helm na duk abubuwan da aka saki a matakin muhalli
Bari mu ce mun ƙirƙiri shiga da yawa a cikin saki da yawa - za mu iya ayyana kowane ginshiƙi da hannu hosts:
, amma a cikin yanayin mu yanki ɗaya ne, don haka me zai hana a saka shi a cikin wasu maɓalli na duniya kuma kawai mu canza ƙimarsa a cikin ginshiƙi? Don yin wannan, waɗancan fayilolin tare da ƙimar da muke son daidaitawa za su sami tsawo .gotmpl
, don helmfile ya san cewa yana buƙatar sarrafa shi ta injin samfuri.
.
├── envs
│ ├── default
│ │ └── values
- │ │ ├── backend.yaml
- │ │ ├── postgres.yaml
+ │ │ ├── backend.yaml.gotmpl
+ │ │ └── postgres.yaml.gotmpl
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
+ - global:
+ ingressDomain: k8s.devel.domain
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
+ - global:
+ ingressDomain: production.domain
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}
envs/default/values/backend.yaml.gotmpl
ingress:
enabled: true
paths:
- /api
hosts:
- {{ .Values.global.ingressDomain }}
envs/default/values/postgres.yaml.gotmpl
ingress:
enabled: true
paths:
- /
hosts:
- postgres.{{ .Values.global.ingressDomain }}
Bayanin
Babu shakka, shiga cikin ginshiƙi na postgres wani abu ne mai ban sha'awa sosai, don haka an ba da wannan labarin a matsayin misali mai faɗi a cikin sarari kuma don kar a gabatar da sabon saki a cikin labarin don kawai bayanin shiga ciki.
Maye gurbin sirrin daga darajar muhalli
Ta hanyar kwatankwacin misalin da ke sama, zaku iya musanya rufaffiyar ta amfani da su
.
├── envs
│ ├── default
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ ├── devel
│ │ ├── values
│ │ │ ├── backend.yaml
│ │ │ └── postgres.yaml
+ │ │ └── secrets.yaml
│ └── production
│ ├── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
+ │ └── secrets.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
- global:
ingressDomain: k8s.devel.domain
+ secrets:
+ - envs/devel/secrets.yaml
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- global:
ingressDomain: production.domain
+ secrets:
+ - envs/production/secrets.yaml
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}
envs/devel/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:hjCB,iv:Z1P6/6xBJgJoKLJ0UUVfqZ80o4L84jvZfM+uH9gBelc=,tag:dGqQlCZnLdRAGoJSj63rBQ==,type:int]
...
envs/production/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:ZB/VpTFk8f0=,iv:EA//oT1Cb5wNFigTDOz3nA80qD9UwTjK5cpUwLnEXjs=,tag:hMdIUaqLRA8zuFBd82bz6A==,type:str]
...
envs/default/values/backend.yaml.gotmpl
elasticsearch:
host: elasticsearch
port: 9200
password: {{ .Values | getOrNil "secrets.elastic.password" | default "password" }}
envs/devel/values/backend.yaml
elasticsearch:
host: elastic-0.devel.domain
envs/production/values/backend.yaml
elasticsearch:
host: elastic-0.production.domain
Bayanin
Af, getOrNil
- aiki na musamman don samfuran tafi a cikin helmfile, wanda, koda kuwa .Values.secrets
ba zai wanzu ba, ba zai jefa kuskure ba, amma zai ba da damar sakamakon ta amfani da aikin default
maye gurbin tsoho darajar
ƙarshe
Abubuwan da aka bayyana suna da alama a bayyane, amma bayani kan ingantaccen bayanin turawa zuwa wurare da yawa ta amfani da helmfile yana da ƙarancin gaske, kuma ina son IaC (Infrastructure-as-Code) kuma ina son samun cikakken bayanin yanayin turawa.
A ƙarshe, Ina so in ƙara cewa masu canji don yanayin tsoho na iya, bi da bi, za a iya daidaita su tare da masu canjin yanayi na OS na wani mai gudu wanda daga ciki za a ƙaddamar da ƙaddamarwa, kuma ta haka ne za a sami yanayi mai ƙarfi.
helmfile.yaml
environments:
default:
values:
- global:
clusterDomain: {{ env "CLUSTER_DOMAIN" | default "cluster.local" }}
ingressDomain: {{ env "INGRESS_DOMAIN" }}
source: www.habr.com