Ithimba mayelana nokuthi uzenza kanjani ngokuzenzakalelayo izimfihlo ze-Helm lapho ubuyekeza. Okulandelayo umbhalo ovela kumbhali wendatshana - umqondisi wezobuchwepheshe we-Intoware, inkampani ethuthukisa izixazululo ze-SaaS.
Iziqukathi zipholile. Ekuqaleni ngangi-anti-container (nginamahloni ukukuvuma), kodwa manje ngisekela ngokugcwele ukusetshenziswa kwalobu buchwepheshe. Uma ufunda lokhu, ngethemba ukuthi usuzulazule ngempumelelo olwandle lwase-Docker, waqaphela izinzuzo ze-Kubernetes, futhi wenza impilo yakho yaba lula kakhulu nge-Helm.
Nokho, ezinye izinto ngokusobala zinzima kakhulu kunalokho okudingeka zibe yikho.
Uzenza kanjani izimfihlo ngokuzenzakalelayo lapho ubuyekeza?
Imfihlo ye-Kubernetes iyinsiza equkethe amapheya okhiye/inani ofuna ukuwasebenzisa kukhodi yakho. Lokhu kungaba izintambo zokuxhuma kusizindalwazi, amaphasiwedi e-imeyili, nokunye. Ngokusebenzisa izimfihlo, udala ukuhlukana okucacile phakathi kwekhodi nezilungiselelo, okukuvumela ukuthi wenze ngokwezifiso ukuthunyelwa okuhlukile ngaphandle kokushintsha i-codebase.
Isimo esijwayelekile yilapho amamojula amabili kufanele axhumane kusetshenziswa ukhiye ojwayelekile. Akekho ongaphandle kweqoqo okufanele azi lo khiye, njengoba uhloselwe ukuxhumana phakathi kweqoqo.
Ukwenza izimfihlo
Ngokuvamile, ukuze udale imfihlo ku-Helm udinga:
- chaza imfihlo efayeleni lamanani;
- ichaze kabusha ngesikhathi sokuthunyelwa;
- bhekisa kuyo ngaphakathi kokusatshalaliswa/pod;
- ... inzuzo!
Ngokuvamile kubukeka kanjena:
apiVersion: v1
kind: Secret
metadata:
name: my-super-awesome-api-key
type: Opaque
stringData:
apiKey: {{ .Values.MyApiKeySecret | quote }}
Imfihlo ye-Kubernetes elula esebenzisa amanani asuka ku-values.yml
Kodwa ake sithi awufuni ukucacisa imfihlo yakho efayeleni lamanani.
Kunezinketho eziningi lapho ukuthunyelwa kudinga ukhiye owabiwe, okufanele wenziwe ngesikhathi sokufakwa.
Esibonelweni sokuxhumana semojula kuya kumojula ngenhla, akufiseleki ukwabelana ngemfihlo ngaphandle kokuphakelwa. Ngakho-ke, kufiseleka kakhulu ukuthi i-Helm ibe nezinqubo zokwenza ngokuzenzakalela imfihlo ngaphandle kokuyicacisa ngokuqondile.
Izingwegwe
Izingwegwe zikuvumela ukuthi usebenzise ikhodi ezindaweni ezithile phakathi nenqubo yokufaka. Kungase kube nomsebenzi wokumisa odinga ukwenziwa ngemva kokufakwa kokuqala, noma mhlawumbe ukuhlanza okudingeka kwenziwe ngaphambi kokwenza noma yisiphi isibuyekezo.
Ukuze sixazulule inkinga yethu yokwengeza ukhiye okhiqizwe ngesikhathi sokufakwa, izingwegwe zokufakwa ngaphambilini zilungile. Kodwa kukhona okubambekayo: awukwazi ukukhiqiza ngokuzenzakalelayo imfihlo kanye ngesibuyekezo. Ama-Hooks azosebenza kuso sonke isibuyekezo.
Uma ukhiqize imfihlo yakho futhi ukufakwa kwakho kokuqala akukenzeki okwamanje misa ukufunda, ihuku yokufaka ngaphambilini izokusebenzela kahle.
Kodwa uma imfihlo iyingxenye yesibuyekezo (mhlawumbe isici esisha esasingekho ngesikhathi sokufakwa), khona-ke kuyihlazo ukuthi awukwazi ukudala i-hook yangaphambi kokufaka esebenza kanye kuphela.
Imisebenzi
Imisebenzi ye-Helm ikuvumela ukuthi ungeze izici zeskripthi ezahlukahlukene kumaskripthi wakho wokuthunyelwa.
apiVersion: v1
kind: Secret
metadata:
name: my-super-awesome-api-key
type: Opaque
stringData:
apiKey: {{ uuidv4 | quote }} #Generate a new UUID and quote it
Lesi sibonelo sibonisa ukuthi inani lemfihlo ye-apiKey kuzoba i-UUID entsha ekhiqizwa phakathi nokufakwa.
I-Helm ihlanganisa umtapo wezincwadi wesici obanzi ngempela osebenzisa izici ezimangalisayo zesifanekiso se-GO kanye nomtapo wezincwadi wesici we-Sprig ukuze udale ukusetshenziswa ngokwezifiso.
Umsebenzi wokubheka
Kwengezwe ku-Helm 3.1 , okukuvumela ukuthi ucele ukuthunyelwa okukhona futhi:
- hlola ubukhona bezinsiza;
- buyisela inani lensiza ekhona ukuze isetshenziswe kamuva.
Sisebenzisa womabili lawa makhono, singakha imfihlo yesikhathi esisodwa, ekhiqizwa ngamandla!
# 1. Запросить существование секрета и вернуть в переменной $secret
{{- $secret := (lookup "v1" "Secret" .Release.Namespace "some-awesome-secret" -}}
apiVersion: v1
kind: Secret
metadata:
name: some-awesome-secret
type: Opaque
# 2. Если секрет существует, взять его значение как apiKey (секрет использует кодирование Base64, так что используйте ключ "data")
{{ if $secret -}}
data:
apiKey: {{ $secret.data.apiKey }}
# 3. Если секрет не существует — создать его (в этот раз используйте "stringData", так как будет обычное значение)!
{{ else -}}
stringData:
apiKey: {{ uuidv4 | quote }}
{{ end }}
Noma kunini lapho kusetshenziswa isibuyekezo esisha kuseva, i-Helm izokhiqiza inani elisha eliyimfihlo (uma ingekho imfihlo okwamanje) noma iphinde isebenzise inani elikhona.
Good luck!
Yini enye ongayifunda esihlokweni:
- .
- .
- .
Source: www.habr.com