Iqela malunga nendlela yokwenza ngokuzenzekelayo iimfihlo zeHelm xa uhlaziya. Oku kulandelayo kumbhalo ovela kumbhali wenqaku - umlawuli wezobugcisa we-Intoware, inkampani ephuhlisa izisombululo ze-SaaS.
Izikhongozeli zipholile. Ekuqaleni ndandiyi-anti-container (ndineentloni ukuyivuma), kodwa ngoku ndixhasa ngokupheleleyo ukusetyenziswa kobu buchwepheshe. Ukuba ufunda oku, ngethemba uhambe ngempumelelo kwiilwandle zaseDocker, wazibona izibonelelo zeKubernetes, kwaye wenze ubomi bakho balula kakhulu ngeHelm.
Nangona kunjalo, ezinye izinto ngokucacileyo zinzima ngakumbi kunokuba kufuneka zibe njalo.
Indlela yokuvelisa ngokuzenzekelayo iimfihlo xa uhlaziywa?
Imfihlo ye-Kubernetes sisixhobo esiqulethe isitshixo / izibini zexabiso ofuna ukuzisebenzisa kwikhowudi yakho. Ezi zinokuba yimitya yoqhagamshelwano lwesiseko sedatha, amagama ayimfihlo e-imeyile, njalo njalo. Ngokusebenzisa iimfihlo, udala ukwahlula okucacileyo phakathi kwekhowudi kunye noseto, okwenza kube lula ukwenza ngokwezifiso ukuhanjiswa okuhlukeneyo ngaphandle kokutshintsha ikhowudi yekhowudi.
Imeko eqhelekileyo kuxa iimodyuli ezimbini kufuneka zinxibelelane zisebenzisa isitshixo esiqhelekileyo. Akukho mntu ngaphandle kweqela kufuneka asazi esi sitshixo, kuba senzelwe unxibelelwano lomntu nomntu ngaphakathi kweqela.
Ukwenza iimfihlo
Ngokwesiqhelo, ukwenza imfihlo kwiHelm kufuneka:
- chaza imfihlo kwifayile yexabiso;
- yichaze kwakhona ngexesha lokuthunyelwa;
- bhekisa kuyo ngaphakathi kwi-deployment/pod;
- ... inzuzo!
Ngokuqhelekileyo ikhangeleka ngolu hlobo:
apiVersion: v1
kind: Secret
metadata:
name: my-super-awesome-api-key
type: Opaque
stringData:
apiKey: {{ .Values.MyApiKeySecret | quote }}
Imfihlo yeKubernetes elula usebenzisa amaxabiso asuka kumaxabiso.yml
Kodwa masithi awufuni ukukhankanya imfihlo yakho kwifayile yexabiso.
Kukho iinketho ezininzi xa ukuthunyelwa kufuna isitshixo ekwabelwana ngaso, ekufuneka senziwa ngexesha lofakelo.
Kumzekelo wonxibelelwano wemodyuli ukuya kwimodyuli apha ngasentla, ayinqweneleki ukwabelana ngemfihlo ngaphandle kokuthunyelwa. Ke ngoko, kunqweneleka kakhulu ukuba iHelm ineendlela zokuvelisa ngokuzenzekelayo imfihlo ngaphandle kokuyichaza ngokuthe ngqo.
Iihuka
Iihuku zikuvumela ukuba usebenzise ikhowudi kwiindawo ezithile ngexesha lokufakela. Kusenokubakho umsebenzi woqwalaselo ekufuneka uqhutywe emva kofakelo lokuqala, okanye mhlawumbi ucoco kufuneka lwenziwe phambi kokuba kwenziwe naluphi na uhlaziyo.
Ukusombulula ingxaki yethu yokongeza isitshixo esiveliswe ngexesha lofakelo, iihokhi zokufakela kwangaphambili zifanelekile. Kodwa kukho ukubamba: awukwazi ukwenza ngokuzenzekelayo imfihlo kube kanye kuhlaziyo. Iihuka ziya kusebenza kulo lonke uhlaziyo.
Ukuba uvelise imfihlo yakho kwaye ukufakela kwakho kokuqala akukenzeki ke uyeke ukufunda, ikhonkco lokufakela kwangaphambili liya kusebenza kakuhle kuwe.
Kodwa ukuba imfihlelo yinxalenye yohlaziyo (mhlawumbi into entsha eyayingekho ngexesha lofakelo), ngoko kuyihlazo ukuba awukwazi ukudala i-hook yangaphambili esebenza kanye kuphela.
Imisebenzi
Imisebenzi yeHelm ikuvumela ukuba wongeze izinto ezahlukeneyo zokubhala kwizikripthi zakho zokusasazwa.
apiVersion: v1
kind: Secret
metadata:
name: my-super-awesome-api-key
type: Opaque
stringData:
apiKey: {{ uuidv4 | quote }} #Generate a new UUID and quote it
Lo mzekelo ubonisa ukuba ixabiso lemfihlo ye-apiKey iya kuba yi-UUID entsha eyenziwe ngexesha lofakelo.
I-Helm ibandakanya ithala leencwadi elibanzi lokwenyani elisebenzisa izinto ezimangalisayo zetemplate ye-GO kunye nethala leencwadi le-Sprig ukwenza ukuthunyelwa ngokwesiko.
Umsebenzi wokukhangela
Ifakwe kwiHelm 3.1 , ekuvumela ukuba ucele usasazo olukhoyo kwaye:
- jonga ubukho bezibonelelo;
- buyisela ixabiso lomthombo okhoyo ukuze usetyenziswe kamva.
Sisebenzisa zombini ezi zakhono, sinokwenza ixesha elinye, imfihlo eyenziwe ngamandla!
# 1. Запросить существование секрета и вернуть в переменной $secret
{{- $secret := (lookup "v1" "Secret" .Release.Namespace "some-awesome-secret" -}}
apiVersion: v1
kind: Secret
metadata:
name: some-awesome-secret
type: Opaque
# 2. Если секрет существует, взять его значение как apiKey (секрет использует кодирование Base64, так что используйте ключ "data")
{{ if $secret -}}
data:
apiKey: {{ $secret.data.apiKey }}
# 3. Если секрет не существует — создать его (в этот раз используйте "stringData", так как будет обычное значение)!
{{ else -}}
stringData:
apiKey: {{ uuidv4 | quote }}
{{ end }}
Nanini na xa uhlaziyo olutsha lusetyenziswa kumncedisi, iHelm iyakuvelisa ixabiso elitsha lemfihlo (ukuba akukho mfihlo okwangoku) okanye iphinde isebenzise ixabiso elikhoyo.
Impumelelo!
Yintoni enye ekufuneka uyifunde ngesihloko:
- .
- .
- .
umthombo: www.habr.com