- i-wrapper ye , okukuvumela ukuthi uchaze ukukhishwa kwe-helm endaweni eyodwa, uhlukanise amashadi awo ezindaweni ezimbalwa, futhi usethe nokuhleleka kokuthunyelwa kwawo.
Ungafunda nge-helmfile ngokwayo kanye nezibonelo zokusetshenziswa kwayo ku и .
Sizojwayelana nezindlela ezingezona ezisobala zokuchaza ukukhishwa ku-helmfile
Ake sithi sinephekhi lamashadi e-helm (isibonelo, ake sithi ama-postgres nolunye uhlelo lokusebenza olungemuva) kanye nezindawo ezimbalwa (amaqoqo amaningana e-kubernetes, izikhala zamagama ezimbalwa, noma ezimbalwa zazo zombili). Sithatha i-helmfile, sifunde imibhalo bese siqala ukuchaza indawo yethu nokukhishwayo:
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yamlhelmfile.yaml
environments:
devel:
production:
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: 1.0.5
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yamlSigcine ngezindawo ezi-2: ukukhulisa, production - ngayinye iqukethe amanani ayo amashadi okukhishwa kwe-helm. Sizothumela kubo kanje:
helmfile -n <namespace> -e <env> applyIzinguqulo ezihlukene zamashadi e-helm ezindaweni ezahlukene
Kuthiwani uma sidinga ukukhipha izinguqulo ezihlukene ze-backend ezindaweni ezahlukene? Indlela yokwenza ipharamitha yenguqulo yokukhishwa? Amanani emvelo atholakala nge {{ .Values }}
helmfile.yaml
environments:
devel:
+ values:
+ - charts:
+ versions:
+ backend: 1.1.0
production:
+ values:
+ - charts:
+ versions:
+ backend: 1.0.5
...
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
- version: 1.0.5
+ version: {{ .Values.charts.versions.backend }}
...Isethi ehlukene yezinhlelo zokusebenza ezindaweni ezahlukene
Kuhle, kodwa kuthiwani uma singadingi production khipha ama-postgres, ngoba siyazi ukuthi akudingeki ukuthi siphushe i-database ibe ama-k8 futhi uma sithengiswa sineqoqo elihle le-postgres elihlukile? Ukuxazulula le nkinga sinamalebula
helmfile -n <namespace> -e devel apply
helmfile -n <namespace> -e production -l app=backend applyLokhu kuhle, kodwa ngokwami ngikhetha ukuchaza ukuthi yiziphi izinhlelo zokusebenza okufanele zisetshenziswe endaweni engasebenzisi izimpikiswano zokuqalisa, kodwa encazelweni yezindawo ngokwazo. Okufanele ngikwenze? Ungabeka izincazelo zokukhishwa kufolda ehlukile, udale uhlu lokukhishwa okudingekayo encazelweni yendawo futhi "uthathe" ukukhishwa okudingekayo kuphela, ungakunaki okunye.
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
+ ├── releases
+ │ ├── backend.yaml
+ │ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- releases:
- - name: postgres
- labels:
- app: postgres
- wait: true
- chart: stable/postgresql
- version: 8.4.0
- values:
- - envs/{{ .Environment.Name }}/values/postgres.yaml
- - name: backend
- labels:
- app: backend
- wait: true
- chart: private-helm-repo/backend
- version: {{ .Values.charts.versions.backend }}
- needs:
- - postgres
- values:
- - envs/{{ .Environment.Name }}/values/backend.yaml
+ ---
+ bases:
+ {{- range .Values.apps }}
+ - releases/{{ . }}.yaml
+ {{- end }}releases/postgres.yaml
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yamlreleases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yamlInothi
Lapho usebenzisa bases: kuyadingeka ukusebenzisa isihlukanisi se-yaml ---, ukuze ukwazi ukwenza isifanekiso ukukhishwa (nezinye izingxenye, njenge-helmDefaults) ngamanani avela ezindaweni
Kulesi simo, ukukhishwa kwe-postgres ngeke kuze kufakwe encazelweni yokukhiqiza. Ngokunethezeka kakhulu!
Amanani adlulele emhlabeni wonke okukhishwayo
Yiqiniso, kuhle ukuthi ungasetha amanani amashadi e-helm endaweni ngayinye, kodwa kuthiwani uma sinezindawo ezimbalwa ezichazwe, futhi sifuna, isibonelo, ukusetha okufanayo kubo bonke. affinity, kodwa asifuni ukuyilungisa ngokuzenzakalelayo kumashadi ngokwawo, agcinwe kutheniphu.
Kulokhu, ekukhishweni ngakunye singacacisa amafayela angu-2 anamanani: elokuqala elinamanani azenzakalelayo, azonquma amanani eshadi ngokwalo, bese elesibili libe namanani endawo, okuzophinde kunqume amanani eshadi ngokwalo. ezizenzakalelayo.
.
├── envs
+ │ ├── default
+ │ │ └── values
+ │ │ ├── backend.yaml
+ │ │ └── postgres.yaml
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yamlreleases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
+ - envs/default/values/backend.yaml
- envs/{{ .Environment.Name }}/values/backend.yamlenvs/default/values/backend.yaml
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- backend
topologyKey: "kubernetes.io/hostname"Ukuchaza amanani omhlaba wonke amashadi e-helm akho konke ukukhishwa kuleveli yemvelo
Ake sithi sakha ukungena okuningana ekukhishweni okuningana - singachaza mathupha eshadini ngalinye hosts:, kodwa esimweni sethu isizinda siyefana, ngakho kungani singasifaki kokuguquguqukayo kwembulunga yonke futhi umane sishintshe inani laso kumashadi? Ukwenza lokhu, lawo mafayela anamanani esifuna ukuwabeka ngepharamitha kuzodingeka abe nesandiso .gotmpl, ukuze i-helmfile yazi ukuthi idinga ukuqhutshwa ngenjini yesifanekiso.
.
├── envs
│ ├── default
│ │ └── values
- │ │ ├── backend.yaml
- │ │ ├── postgres.yaml
+ │ │ ├── backend.yaml.gotmpl
+ │ │ └── postgres.yaml.gotmpl
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yamlhelmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
+ - global:
+ ingressDomain: k8s.devel.domain
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
+ - global:
+ ingressDomain: production.domain
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}envs/default/values/backend.yaml.gotmpl
ingress:
enabled: true
paths:
- /api
hosts:
- {{ .Values.global.ingressDomain }}envs/default/values/postgres.yaml.gotmpl
ingress:
enabled: true
paths:
- /
hosts:
- postgres.{{ .Values.global.ingressDomain }}Inothi
Ngokusobala, ukungena eshadini le-postgres kuyinto engabazekayo kakhulu, ngakho-ke lesi sihloko sinikezwa kalula njengesibonelo esiyindilinga endaweni engenalutho futhi ukuze singangenisi ukukhishwa okusha esihlokweni ngenxa nje yokuchaza ukungena.
Ukushintsha izimfihlo ezivela kumanani emvelo
Ngokufanisa nesibonelo esingenhla, ungashintsha ezibethelwe usebenzisa izincazelo. Esikhundleni sokudala ifayela lethu lezimfihlo ekukhishweni ngakunye, lapho singachaza khona amanani abethelwe eshadi, singavele sichaze ku-default default.yaml.gotmpl amanani azothathwa kokuguquguqukayo okuchazwe ku-default.yaml.gotmpl izinga lemvelo. Futhi amanani esingadingi ukuwafihla kunoma ubani angachazwa kabusha kalula kumanani okukhishwa endaweni ethile.
.
├── envs
│ ├── default
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ ├── devel
│ │ ├── values
│ │ │ ├── backend.yaml
│ │ │ └── postgres.yaml
+ │ │ └── secrets.yaml
│ └── production
│ ├── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
+ │ └── secrets.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yamlhelmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
- global:
ingressDomain: k8s.devel.domain
+ secrets:
+ - envs/devel/secrets.yaml
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- global:
ingressDomain: production.domain
+ secrets:
+ - envs/production/secrets.yaml
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}envs/devel/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:hjCB,iv:Z1P6/6xBJgJoKLJ0UUVfqZ80o4L84jvZfM+uH9gBelc=,tag:dGqQlCZnLdRAGoJSj63rBQ==,type:int]
...envs/production/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:ZB/VpTFk8f0=,iv:EA//oT1Cb5wNFigTDOz3nA80qD9UwTjK5cpUwLnEXjs=,tag:hMdIUaqLRA8zuFBd82bz6A==,type:str]
...envs/default/values/backend.yaml.gotmpl
elasticsearch:
host: elasticsearch
port: 9200
password: {{ .Values | getOrNil "secrets.elastic.password" | default "password" }}envs/devel/values/backend.yaml
elasticsearch:
host: elastic-0.devel.domainenvs/production/values/backend.yaml
elasticsearch:
host: elastic-0.production.domainInothi
Ngendlela, getOrNil - umsebenzi okhethekile wokuhamba izifanekiso ku-helmfile, okuthi, noma ngabe .Values.secrets ngeke ibe khona, ngeke iphonse iphutha, kodwa izovumela umphumela usebenzisa umsebenzi default shintsha inani elizenzakalelayo
isiphetho
Izinto ezichazwe zibonakala zisobala, kodwa ulwazi lwencazelo elula yokuthunyelwa ezindaweni ezimbalwa usebenzisa i-helmfile luyivelakancane kakhulu, futhi ngiyayithanda i-IaC (Infrastructure-as-Code) futhi ngifuna ukuba nencazelo ecacile yesimo sokuphakelwa.
Sengiphetha, ngithanda ukungeza ukuthi okuguquguqukayo kwendawo ezenzakalelayo, nakho, kungahlelwa ngokuguquguquka kwemvelo ye-OS yomgijimi othile lapho ukuthunyelwa kuzoqaliswa khona, futhi ngaleyo ndlela zithole izindawo eziguquguqukayo.
helmfile.yaml
environments:
default:
values:
- global:
clusterDomain: {{ env "CLUSTER_DOMAIN" | default "cluster.local" }}
ingressDomain: {{ env "INGRESS_DOMAIN" }}Source: www.habr.com