Sampeyan bisa maca babagan helmfile dhewe lan conto panggunaane ing
Kita bakal kenal karo cara sing ora jelas kanggo nggambarake rilis ing helmfile
Kita duwe paket grafik helm (contone, postgres lan sawetara aplikasi backend) lan sawetara lingkungan (sawetara klompok kubernetes, sawetara spasi jeneng, utawa sawetara saka loro). Kita njupuk helmfile, maca dokumentasi lan miwiti njlèntrèhaké lingkungan lan rilis kita:
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
production:
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: 1.0.5
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yaml
Kita rampung karo 2 lingkungan: ngembangaken, produksi - saben ngemot nilai dhewe kanggo grafik rilis helm. Kita bakal nyebarake menyang dheweke kaya iki:
helmfile -n <namespace> -e <env> apply
Beda versi grafik helm ing lingkungan sing beda
Apa yen kita kudu nggulung versi backend sing beda menyang lingkungan sing beda? Kepiye cara parameterisasi versi rilis? Nilai lingkungan sing kasedhiya liwat {{ .Values }}
helmfile.yaml
environments:
devel:
+ values:
+ - charts:
+ versions:
+ backend: 1.1.0
production:
+ values:
+ - charts:
+ versions:
+ backend: 1.0.5
...
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
- version: 1.0.5
+ version: {{ .Values.charts.versions.backend }}
...
Set aplikasi sing beda ing lingkungan sing beda
Apik, nanging yen ora perlu production
muter metu postgres, amarga kita ngerti sing kita ora perlu push database menyang k8s lan for sale kita duwe kluster postgres kapisah apik? Kanggo ngatasi masalah iki, kita duwe label
helmfile -n <namespace> -e devel apply
helmfile -n <namespace> -e production -l app=backend apply
Iki apik banget, nanging kanthi pribadi aku luwih seneng njlèntrèhaké aplikasi sing bakal disebar ing lingkungan sing ora nggunakake argumen peluncuran, nanging ing deskripsi lingkungan kasebut. Apa sing kudu ditindakake? Sampeyan bisa nyelehake deskripsi rilis ing folder sing kapisah, nggawe dhaptar rilis sing dibutuhake ing deskripsi lingkungan lan "njupuk" mung rilis sing dibutuhake, ora nggatekake liyane.
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
+ ├── releases
+ │ ├── backend.yaml
+ │ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- releases:
- - name: postgres
- labels:
- app: postgres
- wait: true
- chart: stable/postgresql
- version: 8.4.0
- values:
- - envs/{{ .Environment.Name }}/values/postgres.yaml
- - name: backend
- labels:
- app: backend
- wait: true
- chart: private-helm-repo/backend
- version: {{ .Values.charts.versions.backend }}
- needs:
- - postgres
- values:
- - envs/{{ .Environment.Name }}/values/backend.yaml
+ ---
+ bases:
+ {{- range .Values.apps }}
+ - releases/{{ . }}.yaml
+ {{- end }}
releases/postgres.yaml
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
releases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yaml
Cathetan kasebut
Nalika nggunakake bases:
iku perlu kanggo nggunakake pemisah yaml ---
, supaya sampeyan bisa rilis template (lan bagean liyane, kayata helmDefaults) kanthi nilai saka lingkungan
Ing kasus iki, release postgres malah ora bakal kalebu ing gambaran kanggo produksi. Nyaman banget!
Nilai global sing bisa dikalahake kanggo rilis
Mesthi, apik banget yen sampeyan bisa nyetel nilai kanggo grafik helm kanggo saben lingkungan, nanging apa yen kita duwe sawetara lingkungan sing diterangake, lan kita pengin, contone, nyetel padha kanggo kabeh. affinity
, nanging kita ora pengin ngatur kanthi gawan ing grafik dhewe, sing disimpen ing turnips.
Ing kasus iki, kanggo saben release, kita bisa nemtokake 2 file kanthi nilai: sing pisanan kanthi nilai standar, sing bakal nemtokake nilai grafik kasebut, lan nomer loro kanthi nilai kanggo lingkungan, sing bakal ngilangi sing gawan.
.
├── envs
+ │ ├── default
+ │ │ └── values
+ │ │ ├── backend.yaml
+ │ │ └── postgres.yaml
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
releases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
+ - envs/default/values/backend.yaml
- envs/{{ .Environment.Name }}/values/backend.yaml
envs/default/values/backend.yaml
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- backend
topologyKey: "kubernetes.io/hostname"
Netepake nilai global kanggo grafik helm kabeh rilis ing tingkat lingkungan
Contone, kita nggawe sawetara ingress ing sawetara rilis - kita bisa nemtokake kanthi manual kanggo saben grafik hosts:
, nanging ing kasus kita domain kasebut padha, mula kenapa ora dilebokake ing sawetara variabel global lan mung ngganti nilai kasebut menyang grafik? Kanggo nindakake iki, file kasebut kanthi nilai sing pengin kita parameterisasi kudu duwe ekstensi .gotmpl
, supaya helmfile ngerti sing kudu mbukak liwat mesin Cithakan.
.
├── envs
│ ├── default
│ │ └── values
- │ │ ├── backend.yaml
- │ │ ├── postgres.yaml
+ │ │ ├── backend.yaml.gotmpl
+ │ │ └── postgres.yaml.gotmpl
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
+ - global:
+ ingressDomain: k8s.devel.domain
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
+ - global:
+ ingressDomain: production.domain
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}
envs/default/values/backend.yaml.gotmpl
ingress:
enabled: true
paths:
- /api
hosts:
- {{ .Values.global.ingressDomain }}
envs/default/values/postgres.yaml.gotmpl
ingress:
enabled: true
paths:
- /
hosts:
- postgres.{{ .Values.global.ingressDomain }}
Cathetan kasebut
Temenan, ingress ing grafik postgres iku arang banget diragukan, mula artikel iki diwenehake mung minangka conto bunder ing vakum lan supaya ora ngenalake sawetara rilis anyar menyang artikel kasebut mung kanggo njlèntrèhaké ingress.
Ngganti rahasia saka nilai lingkungan
Kanthi analogi karo conto ing ndhuwur, sampeyan bisa ngganti sing dienkripsi nggunakake
.
├── envs
│ ├── default
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ ├── devel
│ │ ├── values
│ │ │ ├── backend.yaml
│ │ │ └── postgres.yaml
+ │ │ └── secrets.yaml
│ └── production
│ ├── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
+ │ └── secrets.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
- global:
ingressDomain: k8s.devel.domain
+ secrets:
+ - envs/devel/secrets.yaml
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- global:
ingressDomain: production.domain
+ secrets:
+ - envs/production/secrets.yaml
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}
envs/devel/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:hjCB,iv:Z1P6/6xBJgJoKLJ0UUVfqZ80o4L84jvZfM+uH9gBelc=,tag:dGqQlCZnLdRAGoJSj63rBQ==,type:int]
...
envs/production/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:ZB/VpTFk8f0=,iv:EA//oT1Cb5wNFigTDOz3nA80qD9UwTjK5cpUwLnEXjs=,tag:hMdIUaqLRA8zuFBd82bz6A==,type:str]
...
envs/default/values/backend.yaml.gotmpl
elasticsearch:
host: elasticsearch
port: 9200
password: {{ .Values | getOrNil "secrets.elastic.password" | default "password" }}
envs/devel/values/backend.yaml
elasticsearch:
host: elastic-0.devel.domain
envs/production/values/backend.yaml
elasticsearch:
host: elastic-0.production.domain
Cathetan kasebut
Miturut cara, getOrNil
- fungsi khusus kanggo pindhah Cithakan ing helmfile, kang, malah yen .Values.secrets
ora bakal ana, ora bakal uncalan kesalahan, nanging bakal ngidini asil nggunakake fungsi default
ngganti nilai standar
kesimpulan
Bab-bab sing diterangake katon cukup jelas, nanging informasi babagan deskripsi sing trep babagan penyebaran menyang sawetara lingkungan nggunakake helmfile arang banget, lan aku seneng karo IaC (Infrastruktur-minangka-Kode) lan pengin duwe katrangan sing jelas babagan negara penyebaran.
Ing kesimpulan, aku pengin nambahake manawa variabel kanggo lingkungan gawan bisa uga parameterisasi karo variabel lingkungan OS saka pelari tartamtu saka ngendi penyebaran bakal diluncurake, lan kanthi mangkono entuk lingkungan dinamis.
helmfile.yaml
environments:
default:
values:
- global:
clusterDomain: {{ env "CLUSTER_DOMAIN" | default "cluster.local" }}
ingressDomain: {{ env "INGRESS_DOMAIN" }}
Source: www.habr.com