- wrapper rau , uas tso cai rau koj los piav txog ntau yam kev tso tawm hauv ib qho chaw, ntsuas lawv cov kab kos rau ntau qhov chaw, thiab tseem teeb tsa qhov kev txiav txim ntawm lawv cov kev xa tawm.
Koj tuaj yeem nyeem txog Helmfile nws tus kheej thiab cov piv txwv ntawm nws siv hauv и .
Peb yuav tau paub txog txoj hauv kev tsis pom tseeb los piav qhia txog kev tshaj tawm hauv helmfile
Cia peb hais tias peb muaj ib pob ntawm cov kab kos duab (piv txwv li, cia peb hais tias postgres thiab qee daim ntawv thov rov qab) thiab ntau qhov chaw (ntau lub kubernetes pawg, ob peb lub npe, lossis ob peb ntawm ob qho tib si). Peb coj lub helmfile, nyeem cov ntaub ntawv thiab pib piav qhia txog peb qhov chaw thiab tso tawm:
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yamlhelmfile.yaml
environments:
devel:
production:
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: 1.0.5
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yamlPeb xaus nrog 2 ib puag ncig: nqis, ntau lawm - txhua tus muaj nws tus kheej qhov tseem ceeb rau cov kab kos tso tawm. Peb yuav xa mus rau lawv li no:
helmfile -n <namespace> -e <env> applyTxawv versions ntawm cov kab kos kab kos nyob rau hauv ntau qhov chaw
Yuav ua li cas yog tias peb yuav tsum dov tawm txawv versions ntawm lub backend rau txawv ib puag ncig? Yuav ua li cas parameterize qhov tso tawm version? Cov txiaj ntsig ib puag ncig muaj los ntawm {{ .Values }}
helmfile.yaml
environments:
devel:
+ values:
+ - charts:
+ versions:
+ backend: 1.1.0
production:
+ values:
+ - charts:
+ versions:
+ backend: 1.0.5
...
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
- version: 1.0.5
+ version: {{ .Values.charts.versions.backend }}
...Cov txheej txheem sib txawv ntawm cov ntawv thov sib txawv
Zoo heev, tab sis yuav ua li cas yog tias peb tsis xav tau production dov tawm postgres, vim peb paub tias peb tsis tas yuav thawb lub database rau hauv k8s thiab kev muag khoom peb muaj ib tug zoo kawg nkaus cais postgres pawg? Txhawm rau daws qhov teeb meem no peb muaj cov ntawv sau
helmfile -n <namespace> -e devel apply
helmfile -n <namespace> -e production -l app=backend applyQhov no zoo heev, tab sis tus kheej kuv xav piav qhia txog cov ntawv thov twg los siv rau hauv ib puag ncig tsis siv cov lus sib cav, tab sis hauv kev piav qhia ntawm ib puag ncig lawv tus kheej. Yuav ua li cas? Koj tuaj yeem tso cov lus piav qhia tso rau hauv ib lub nplaub tshev cais, tsim cov npe ntawm qhov tsim nyog tso tawm nyob rau hauv ib puag ncig kev piav qhia thiab "siv" tsuas yog qhov tsim nyog tso tawm, tsis quav ntsej qhov seem.
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
+ ├── releases
+ │ ├── backend.yaml
+ │ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- releases:
- - name: postgres
- labels:
- app: postgres
- wait: true
- chart: stable/postgresql
- version: 8.4.0
- values:
- - envs/{{ .Environment.Name }}/values/postgres.yaml
- - name: backend
- labels:
- app: backend
- wait: true
- chart: private-helm-repo/backend
- version: {{ .Values.charts.versions.backend }}
- needs:
- - postgres
- values:
- - envs/{{ .Environment.Name }}/values/backend.yaml
+ ---
+ bases:
+ {{- range .Values.apps }}
+ - releases/{{ . }}.yaml
+ {{- end }}releases/postgres.yaml
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yamlreleases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yamlDaim ntawv
Thaum siv bases: Nws yog tsim nyog los siv yaml separator ---, kom koj tuaj yeem tsim cov qauv tso tawm (thiab lwm qhov chaw, xws li helmDefaults) nrog cov txiaj ntsig los ntawm ib puag ncig
Nyob rau hauv cov ntaub ntawv no, lub postgres tso tawm yuav tsis txawm muaj nyob rau hauv cov lus piav qhia rau ntau lawm. Yooj yim heev!
Overridable ntiaj teb no tus nqi rau kev tso tawm
Tau kawg, nws yog qhov zoo uas koj tuaj yeem tsim qhov tseem ceeb rau daim duab kos duab rau txhua qhov chaw, tab sis yuav ua li cas yog tias peb muaj ntau qhov chaw piav qhia, thiab peb xav tau, piv txwv li, teeb tsa tib yam rau txhua tus. affinity, tab sis peb tsis xav teeb tsa nws los ntawm lub neej ntawd hauv cov kab kos lawv tus kheej, uas tau khaws cia rau hauv turnips.
Nyob rau hauv rooj plaub no, rau txhua qhov kev tso tawm peb tuaj yeem qhia 2 cov ntaub ntawv nrog qhov tseem ceeb: thawj zaug nrog cov nqi pib, uas yuav txiav txim siab qhov tseem ceeb ntawm daim ntawv nws tus kheej, thiab qhov thib ob nrog qhov tseem ceeb rau ib puag ncig, uas nyob rau hauv lem yuav override lub cov default.
.
├── envs
+ │ ├── default
+ │ │ └── values
+ │ │ ├── backend.yaml
+ │ │ └── postgres.yaml
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yamlreleases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
+ - envs/default/values/backend.yaml
- envs/{{ .Environment.Name }}/values/backend.yamlenvs/default/values/backend.yaml
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- backend
topologyKey: "kubernetes.io/hostname"Kev txhais cov txiaj ntsig thoob ntiaj teb rau cov kab kos duab ntawm txhua qhov kev tshaj tawm ntawm ib puag ncig qib
Cia peb hais tias peb tsim ntau qhov ingress hauv ntau qhov kev tshaj tawm - peb tuaj yeem txhais tau tus kheej rau txhua daim ntawv hosts:, tab sis nyob rau hauv peb cov ntaub ntawv tus sau yog tib yam, yog li vim li cas ho tsis muab tso rau hauv ib co ntiaj teb no sib txawv thiab tsuas hloov nws tus nqi rau hauv cov kab kos? Ua li no, cov ntaub ntawv nrog qhov tseem ceeb uas peb xav kom parameterize yuav tsum muaj qhov txuas ntxiv .gotmpl, kom helmfile paub tias nws yuav tsum tau khiav los ntawm lub cav template.
.
├── envs
│ ├── default
│ │ └── values
- │ │ ├── backend.yaml
- │ │ ├── postgres.yaml
+ │ │ ├── backend.yaml.gotmpl
+ │ │ └── postgres.yaml.gotmpl
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yamlhelmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
+ - global:
+ ingressDomain: k8s.devel.domain
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
+ - global:
+ ingressDomain: production.domain
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}envs/default/values/backend.yaml.gotmpl
ingress:
enabled: true
paths:
- /api
hosts:
- {{ .Values.global.ingressDomain }}envs/default/values/postgres.yaml.gotmpl
ingress:
enabled: true
paths:
- /
hosts:
- postgres.{{ .Values.global.ingressDomain }}Daim ntawv
Obviously, ingress nyob rau hauv daim ntawv qhia postgres yog ib yam dab tsi tsis tshua muaj neeg dubious, yog li tsab xov xwm no tsuas yog muab raws li ib tug spherical piv txwv nyob rau hauv lub tshuab nqus tsev vacuum thiab thiaj li tsis mus qhia ib co tshiab tso rau hauv tsab xov xwm tsuas yog rau lub hom phiaj ntawm kev piav qhia txog ingress.
Hloov cov secrets los ntawm ib puag ncig muaj nuj nqis
Los ntawm kev sib piv nrog cov piv txwv saum toj no, koj tuaj yeem hloov cov encrypted siv lub ntsiab lus. Hloov chaw ntawm kev tsim peb tus kheej cov ntaub ntawv zais cia rau txhua qhov kev tso tawm, uas peb tuaj yeem txhais cov txiaj ntsig encrypted rau daim ntawv qhia, peb tuaj yeem txhais tau yooj yim hauv qhov tso tawm default.yaml.gotmpl cov txiaj ntsig uas yuav raug coj los ntawm cov kev hloov pauv uas tau teev tseg ntawm ib puag ncig qib. Thiab qhov tseem ceeb uas peb tsis tas yuav zais los ntawm leej twg tuaj yeem rov txhais tau yooj yim hauv qhov tso tawm qhov tseem ceeb hauv ib puag ncig tshwj xeeb.
.
├── envs
│ ├── default
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ ├── devel
│ │ ├── values
│ │ │ ├── backend.yaml
│ │ │ └── postgres.yaml
+ │ │ └── secrets.yaml
│ └── production
│ ├── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
+ │ └── secrets.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yamlhelmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
- global:
ingressDomain: k8s.devel.domain
+ secrets:
+ - envs/devel/secrets.yaml
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- global:
ingressDomain: production.domain
+ secrets:
+ - envs/production/secrets.yaml
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}envs/devel/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:hjCB,iv:Z1P6/6xBJgJoKLJ0UUVfqZ80o4L84jvZfM+uH9gBelc=,tag:dGqQlCZnLdRAGoJSj63rBQ==,type:int]
...envs/production/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:ZB/VpTFk8f0=,iv:EA//oT1Cb5wNFigTDOz3nA80qD9UwTjK5cpUwLnEXjs=,tag:hMdIUaqLRA8zuFBd82bz6A==,type:str]
...envs/default/values/backend.yaml.gotmpl
elasticsearch:
host: elasticsearch
port: 9200
password: {{ .Values | getOrNil "secrets.elastic.password" | default "password" }}envs/devel/values/backend.yaml
elasticsearch:
host: elastic-0.devel.domainenvs/production/values/backend.yaml
elasticsearch:
host: elastic-0.production.domainDaim ntawv
Los ntawm txoj kev, getOrNil - muaj nuj nqi tshwj xeeb rau cov qauv mus rau hauv helmfile, uas, txawm tias .Values.secrets yuav tsis muaj nyob, yuav tsis pov qhov yuam kev, tab sis yuav tso cai rau qhov tshwm sim uas siv cov haujlwm default hloov tus nqi pib
xaus
Cov khoom tau piav qhia zoo li pom tseeb, tab sis cov ntaub ntawv ntawm kev piav qhia yooj yim ntawm kev xa mus rau ntau qhov chaw siv helmfile yog qhov tsawg heev, thiab kuv nyiam IaC (Infrastructure-as-Code) thiab xav kom muaj cov lus piav qhia meej ntawm lub xeev xa mus.
Hauv kev xaus, kuv xav ntxiv tias qhov hloov pauv rau qhov chaw nyob ib puag ncig tuaj yeem, dhau los, ua rau muaj qhov sib txawv ntawm ib puag ncig ntawm OS ntawm qee tus neeg khiav dej num los ntawm qhov kev xa tawm yuav raug xa tawm, thiab yog li tau txais cov chaw nyob ib puag ncig.
helmfile.yaml
environments:
default:
values:
- global:
clusterDomain: {{ env "CLUSTER_DOMAIN" | default "cluster.local" }}
ingressDomain: {{ env "INGRESS_DOMAIN" }}Tau qhov twg los: www.hab.com