Ou ka li sou helmfile tèt li ak egzanp sou itilizasyon li nan
Nou pral fè konesans ak fason ki pa evidan pou dekri lage nan helmfile
Ann di nou gen yon pake tablo helm (pa egzanp, ann di postgres ak kèk aplikasyon backend) ak plizyè anviwònman (plizyè gwoup kubernetes, plizyè namespaces, oswa plizyè nan toude). Nou pran helmfile a, li dokiman an epi kòmanse dekri anviwònman nou yo ak degaje yo:
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
production:
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: 1.0.5
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yaml
Nou te fini ak 2 anviwònman: Devel, pwodiksyon - chak gen valè pwòp pa yo pou tablo lage Helm yo. Nou pral deplwaye yo konsa:
helmfile -n <namespace> -e <env> apply
Diferan vèsyon nan tablo Helm nan diferan anviwònman
E si nou bezwen woule diferan vèsyon backend nan diferan anviwònman? Ki jan yo paramèt vèsyon an lage? Valè anviwònman yo disponib nan {{ .Values }}
helmfile.yaml
environments:
devel:
+ values:
+ - charts:
+ versions:
+ backend: 1.1.0
production:
+ values:
+ - charts:
+ versions:
+ backend: 1.0.5
...
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
- version: 1.0.5
+ version: {{ .Values.charts.versions.backend }}
...
Diferan seri aplikasyon nan diferan anviwònman
Gwo, men e si nou pa bezwen production
woule postgres, paske nou konnen ke nou pa bezwen pouse baz done a nan k8s ak pou vann nou gen yon bèl gwoup postgres separe? Pou rezoud pwoblèm sa a nou gen etikèt
helmfile -n <namespace> -e devel apply
helmfile -n <namespace> -e production -l app=backend apply
Sa a se gwo, men pèsonèlman mwen prefere dekri ki aplikasyon yo deplwaye nan anviwònman an pa itilize agiman lansman, men nan deskripsyon an nan anviwònman yo tèt yo. Kisa pou fe? Ou ka mete deskripsyon lage yo nan yon katab separe, kreye yon lis degaje ki nesesè yo nan deskripsyon anviwònman an epi "ranmase" sèlman degaje ki nesesè yo, inyore rès la.
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
+ ├── releases
+ │ ├── backend.yaml
+ │ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- releases:
- - name: postgres
- labels:
- app: postgres
- wait: true
- chart: stable/postgresql
- version: 8.4.0
- values:
- - envs/{{ .Environment.Name }}/values/postgres.yaml
- - name: backend
- labels:
- app: backend
- wait: true
- chart: private-helm-repo/backend
- version: {{ .Values.charts.versions.backend }}
- needs:
- - postgres
- values:
- - envs/{{ .Environment.Name }}/values/backend.yaml
+ ---
+ bases:
+ {{- range .Values.apps }}
+ - releases/{{ . }}.yaml
+ {{- end }}
releases/postgres.yaml
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
releases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yaml
Nòt la
Lè lè l sèvi avèk la bases:
li nesesè pou itilize yaml séparateur ---
, pou ou ka modèl degaje (ak lòt pati, tankou helmDefaults) ak valè ki soti nan anviwònman
Nan ka sa a, postgres lage a pa pral menm enkli nan deskripsyon an pou pwodiksyon an. Trè alèz!
Valè mondyal ki ka ranplase pou degaje yo
Natirèlman, li bon ke ou ka mete valè pou tablo Helm pou chak anviwònman, men e si nou gen plizyè anviwònman ki dekri, epi nou vle, pou egzanp, yo mete menm bagay la pou tout moun. affinity
, men nou pa vle konfigirasyon li pa default nan tablo yo tèt yo, ki estoke nan rav.
Nan ka sa a, pou chak lage nou ta ka presize 2 fichye ki gen valè: premye a ak valè default, ki pral detèmine valè yo nan tablo a li menm, ak dezyèm nan ak valè pou anviwònman an, ki an vire pral pase sou desizyon an. defo yo.
.
├── envs
+ │ ├── default
+ │ │ └── values
+ │ │ ├── backend.yaml
+ │ │ └── postgres.yaml
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
releases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
+ - envs/default/values/backend.yaml
- envs/{{ .Environment.Name }}/values/backend.yaml
envs/default/values/backend.yaml
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- backend
topologyKey: "kubernetes.io/hostname"
Defini valè mondyal pou tablo Helm nan tout degaje nan nivo anviwònman an
Ann di nou kreye plizyè antre nan plizyè degaje - nou ta ka defini manyèlman pou chak tablo hosts:
, men nan ka nou an domèn nan se menm bagay la, kidonk poukisa pa mete l nan kèk varyab mondyal epi tou senpleman ranplase valè li nan tablo yo? Pou fè sa, fichye sa yo ki gen valè ke nou vle parametrize ap gen ekstansyon an .gotmpl
, pou ke helmfile konnen ke li bezwen yo dwe kouri nan motè a modèl.
.
├── envs
│ ├── default
│ │ └── values
- │ │ ├── backend.yaml
- │ │ ├── postgres.yaml
+ │ │ ├── backend.yaml.gotmpl
+ │ │ └── postgres.yaml.gotmpl
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
+ - global:
+ ingressDomain: k8s.devel.domain
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
+ - global:
+ ingressDomain: production.domain
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}
envs/default/values/backend.yaml.gotmpl
ingress:
enabled: true
paths:
- /api
hosts:
- {{ .Values.global.ingressDomain }}
envs/default/values/postgres.yaml.gotmpl
ingress:
enabled: true
paths:
- /
hosts:
- postgres.{{ .Values.global.ingressDomain }}
Nòt la
Li evidan, antre nan tablo postgres la se yon bagay trè enzitan, kidonk yo bay atik sa a tou senpleman kòm yon egzanp esferik nan yon vakyòm epi yo nan lòd yo pa prezante kèk nouvo lage nan atik la jis pou dedomajman pou yo dekri antre.
Ranplase sekrè ki soti nan valè anviwònman an
Pa analoji ak egzanp ki anwo a, ou ka ranplase sa yo ki ankripte lè l sèvi avèk
.
├── envs
│ ├── default
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ ├── devel
│ │ ├── values
│ │ │ ├── backend.yaml
│ │ │ └── postgres.yaml
+ │ │ └── secrets.yaml
│ └── production
│ ├── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
+ │ └── secrets.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
- global:
ingressDomain: k8s.devel.domain
+ secrets:
+ - envs/devel/secrets.yaml
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- global:
ingressDomain: production.domain
+ secrets:
+ - envs/production/secrets.yaml
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}
envs/devel/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:hjCB,iv:Z1P6/6xBJgJoKLJ0UUVfqZ80o4L84jvZfM+uH9gBelc=,tag:dGqQlCZnLdRAGoJSj63rBQ==,type:int]
...
envs/production/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:ZB/VpTFk8f0=,iv:EA//oT1Cb5wNFigTDOz3nA80qD9UwTjK5cpUwLnEXjs=,tag:hMdIUaqLRA8zuFBd82bz6A==,type:str]
...
envs/default/values/backend.yaml.gotmpl
elasticsearch:
host: elasticsearch
port: 9200
password: {{ .Values | getOrNil "secrets.elastic.password" | default "password" }}
envs/devel/values/backend.yaml
elasticsearch:
host: elastic-0.devel.domain
envs/production/values/backend.yaml
elasticsearch:
host: elastic-0.production.domain
Nòt la
By wout la, getOrNil
- yon fonksyon espesyal pou ale modèl nan helmfile, ki, menm si .Values.secrets
pa pral egziste, pa pral voye yon erè, men yo pral pèmèt rezilta a lè l sèvi avèk fonksyon an default
ranplase valè default
Konklizyon
Bagay sa yo dekri yo sanble byen evidan, men enfòmasyon sou yon deskripsyon pratik nan deplwaman nan plizyè anviwònman lè l sèvi avèk helmfile trè ra, e mwen renmen IaC (enfrastrikti-kòm-kòd) epi mwen vle gen yon deskripsyon klè nan eta a deplwaman.
An konklizyon, mwen ta renmen ajoute ke varyab yo pou anviwònman an default ka, nan vire, dwe paramèt ak varyab anviwònman yo nan eksplwatasyon an nan yon kourè sèten ki soti nan ki deplwaman an pral lanse, epi konsa jwenn anviwònman dinamik.
helmfile.yaml
environments:
default:
values:
- global:
clusterDomain: {{ env "CLUSTER_DOMAIN" | default "cluster.local" }}
ingressDomain: {{ env "INGRESS_DOMAIN" }}
Sous: www.habr.com