计算巢如何使用fluxcd在ack部署helm chart

本文涉及的产品
容器服务 Serverless 版 ACK Serverless,952元额度 多规格
容器服务 Serverless 版 ACK Serverless,317元额度 多规格
简介: 为支持helm服务运维管理功能,现在改用fluxcd的方式进行helm chart部署,这里计算巢对fluxcd进行部署helm chart的过程进行了封装,封装成了ROS公共模块MODULE::ACS::ComputeNest::FluxOciHelmDeploy,下面将主要介绍下怎么使用这个模块在计算巢中进行Helm Chart的部署。

为支持helm服务运维管理功能,现在改用fluxcd的方式进行helm chart部署,这里计算巢对fluxcd进行部署helm chart的过程进行了封装,封装成了ROS公共模块MODULE::ACS::ComputeNest::FluxOciHelmDeploy,下面将主要介绍下怎么使用这个模块在计算巢中进行Helm Chart的部署。

使用方式

MODULE::ACS::ComputeNest::FluxOciHelmDeploy模块支持的入参如下:

image.png

其中HelmChartUrl支持传入oci格式的chart仓库地址,具体在计算巢的使用中,可以选择使用计算巢Helm Chart部署物,也可以使用用户自己的chart仓库,下面分别进行介绍。

使用Helm Chart部署物

使用Helm Chart部署物时,先要进行部署物上传,具体流程见创建部署物文档。

计算巢提供了两个伪参数,分别用来在模版中关联helm chart部署物和拉取秘钥,在部署时进行替换:

  • {{ computenest::helmchart::xx }}  helm部署物占位符,替换成helm chart的完整地址,如oci://compute-nest-chart-registry.cn-hangzhou.cr.aliyuncs.com/1563457855438522/wordpress:15.4.1
  • {{ computenest::helm::dockerconfigjson }}  helm chart仓库拉取秘钥

示例模版如下:

Resources:
  FluxHelmDeploy:
    Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
    Version: v1
    Properties:
      ClusterId:
        Ref: ClusterId
      ReleaseName: wordpress
      Namespace: wordpress
      HelmChartUrl: '{{ computenest::helmchart::test }}'
      DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}'
      ChartValues:
        mariadb:
          primary:
            persistence:
              enabled: true
              storageClass: alicloud-disk-essd
              size: 20Gi
        persistence:
          enabled: false

创建服务时进行部署物关联:

image.png

使用用户提供的chart仓库

对于本身就有chart仓库的用户,可以直接使用自己的chart仓库,可以是公开仓库,也可以是私有仓库,私有仓库的情况下DockerConfigJson需要填写chart仓库的拉取秘钥,生成chart仓库拉取秘钥的方式如下:

kubectl create secret docker-registry SECRET_NAME \
 --docker-server=SERVER_NAME \
 --docker-username=USER_NAME \
 --docker-password=Password
kubectl get secret SECRET_NAME -o yaml


使用用户提供的公开chart仓库的示例如下:

WordpressComputenestHelmApplication:
  Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
  Version: v1
  Properties:
    ClusterId: ClusterId
    HelmChartUrl: oci://registry-1.docker.io/bitnamicharts/wordpress:15.4.1
    ChartValues:
      mariadb:
        primary:
          persistence:
            enabled: true
            storageClass: alicloud-disk-essd
            size: 100Gi
      persistence:
        enabled: false
      wordpressUsername:
        Ref: WordpressUsername
      wordpressPassword:
        Ref: WordpressPassword
    Namespace:
      Ref: 'ALIYUN::StackName'
    ReleaseName: wordpress

服务模版示例

下面是一个wordpress服务以helm chart方式部署到ack上的服务模版示例。

ROSTemplateFormatVersion: '2015-09-01'
Description:
  en: 新建ack部署wordpress
  zh-cn: new ack deploy wordpress
Parameters:
  CreateAck:
    Type: Boolean
    Description:
      en: An existing ack cluster can be deployed by entering the cluster id. If there is no current cluster, create a new ack cluster before deploying
      zh-cn: 已有ack集群输入集群id即可部署,当前无集群先新建ack集群再进行部署
    Label:
      en: Wether create ack cluster
      zh-cn: 是否新建ack集群
    Default: true
  ClusterId:
    Type: String
    Description:
      en: The ID of Kubernetes ClusterId in which application deployed.
      zh-cn: 部署应用程序的K8s集群ID
    AllowedPattern: '[0-9a-z]+$'
    Default: null
    Required: true
    Label:
      en: Kubernetes ClusterId
      zh-cn: K8s集群ID
    AssociationProperty: 'ALIYUN::CS::Cluster::ClusterId'
    AssociationPropertyMetadata:
      RegionId: '${RegionId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - false
  PayType:
    Type: String
    Label:
      en: ECS Instance Charge Type
      zh-cn: 付费类型
    Default: PostPaid
    AllowedValues:
      - PostPaid
      - PrePaid
    AssociationProperty: ChargeType
    AssociationPropertyMetadata:
      LocaleKey: InstanceChargeType
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  PayPeriodUnit:
    Type: String
    Label:
      en: Pay Period Unit
      zh-cn: 购买资源时长周期
    Default: Month
    AllowedValues:
      - Month
      - Year
    AssociationProperty: PayPeriodUnit
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Not:
                Fn::Equals:
                  - ${PayType}
                  - PostPaid
  PayPeriod:
    Type: Number
    Description:
      en: When the resource purchase duration is Month, the value of Period ranges from 1 to 9, 12, 24, 36, 48, or 60. <br><b><font color='red'> When ECS instance types are PrePaid valid </b></font>
      zh-cn: 当购买资源时长为Month时,Period取值:1~9 <br><b><font color='red'>当ECS实例类型为PrePaid有效</b></font>
    Label:
      en: Period
      zh-cn: 购买资源时长
    Default: 1
    AllowedValues:
      - 1
      - 2
      - 3
      - 4
      - 5
      - 6
      - 7
      - 8
      - 9
    AssociationProperty: PayPeriod
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Not:
                Fn::Equals:
                  - ${PayType}
                  - PostPaid
  ZoneId:
    Type: String
    AssociationProperty: ALIYUN::ECS::Instance:ZoneId
    Label:
      en: Zone ID
      zh-cn: 可用区
    Default: cn-hangzhou-h
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  VpcId:
    Type: String
    Label:
      en: VPC ID
      zh-cn: 专有网络VPC实例ID
    Description:
      en: >-
        Please search the ID starting with (vpc-xxx) from console-Virtual
        Private Cloud
      zh-cn: 现有虚拟专有网络的实例ID
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VPC::VPCId'
    AssociationPropertyMetadata:
      RegionId: '${RegionId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  VSwitchId:
    Type: String
    Label:
      en: VSwitch ID
      zh-cn: 交换机实例ID
    Description:
      en: >-
        Instance ID of existing business network switches, console-Virtual
        Private Cloud-VSwitches under query
      zh-cn: 现有业务网络交换机的实例ID
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
    AssociationPropertyMetadata:
      VpcId: '${VpcId}'
      ZoneId: '${ZoneId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  LoginPassword:
    NoEcho: true
    Type: String
    Description:
      en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ Special symbol in)
      zh-cn: 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ 中的特殊符号)
    Label:
      en: Instance Password
      zh-cn: 实例密码
    ConstraintDescription:
      en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ Special symbol in)
      zh-cn: 长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ 中的特殊符号)
    AssociationProperty: ALIYUN::ECS::Instance::Password
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    AllowedPattern: ^[a-zA-Z0-9-\(\)\`\~\!\@\#\$\%\^\&\*\_\-\+\=\|\{\}\[\]\:\;\<\>\,\.\?\/]*$
    MinLength: 8
    MaxLength: 30
    Default: computenest*12345
  WorkerInstanceType:
    Type: String
    Label:
      en: Worker Nodes Types
      zh-cn: Worker节点规格
    AssociationProperty: ALIYUN::ECS::Instance::InstanceType
    AssociationPropertyMetadata:
      ZoneId: ${ZoneId}
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: ecs.g6.large
  WorkerSystemDiskCategory:
    Type: String
    AllowedValues:
      - cloud_efficiency
      - cloud_ssd
      - cloud_essd
    AssociationPropertyMetadata:
      LocaleKey: DiskCategory
      InstanceType: ${WorkerInstanceType}
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Label:
      en: Worker System Disk Category
      zh-cn: Worker 系统盘磁盘类型
    Default: cloud_essd
  WorkerSystemDiskSize:
    Type: Number
    Label:
      en: Worker System Disk Size(GB)
      zh-cn: Worker节点系统盘大小(GB)
    MinValue: 1
    Default: 120
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  AckNetworkPlugin:
    Type: String
    Label:
      en: ack plugin network
      zh-cn: ack网络插件
    AllowedValues:
      - Flannel
      - Terway
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: Flannel
  PodCidr:
    Type: String
    Description:
      zh-cn: 请填写有效的私有网段,即以下网段及其子网:10.0.0.0/8,172.16-31.0.0/12-16,192.168.0.0/16<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font>
      en: 'Please fill in a valid private segment, i.e. the following segments and their subnets: 10.0.0.0/8, 172.16-31.0.0/12-16, 192.168.0.0/16<br> which cannot duplicate the network segments already used by clusters in VPC and VPC Kunetberes. <font color=''blue''><b>Cannot be modified after successful creation</b></font>'
    Label:
      zh-cn: Pod 网络 CIDR
      en: Pod Network CIDR
    AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::PodCidr
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Equals:
                - ${AckNetworkPlugin}
                - Flannel
    Default: 10.0.0.0/16
  PodVswitchId:
    Type: String
    Label:
      en: VSwitch ID
      zh-cn: pod交换机实例ID
    Description:
      en: >-
        Instance ID of existing business network switches, console-Virtual
        Private Cloud-VSwitches under query
      zh-cn: 建议选择网段掩码不大于 19 的虚拟交换机
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
    AssociationPropertyMetadata:
      VpcId: '${VpcId}'
      ZoneId: '${ZoneId}'
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Equals:
                - ${AckNetworkPlugin}
                - Terway
  ServiceCidr:
    Type: String
    Description:
      zh-cn: 可选范围:10.0.0.0/16-24,172.16-31.0.0/16-24,192.168.0.0/16-24<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font>
      en: 'Optional range: 10.0.0.0/16-24, 172.16-31.0.0/16-24, 192.168.0.0/16-24<br> cannot duplicate segments already used by existing Kubernetes clusters in VPC and VPC.<font color=''blue''><b>Cannot be modified after successful creation</b></font>'
    Label:
      zh-cn: Service CIDR
      en: Service CIDR
    AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::ServiceCidr
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: 172.16.0.0/16
  WordpressUsername:
    Type: String
    Label:
      zh-cn: wordpress用户名
      en: wordpress username
    Default: user
  WordpressPassword:
    NoEcho: true
    Type: String
    Label:
      zh-cn: wordpress密码
      en: wordpress password
Conditions:
  CreateAck:
    Fn::Equals:
      - true
      - Ref: CreateAck
  FlannelPluginCondition:
    Fn::Equals:
      - Ref: AckNetworkPlugin
      - Flannel
  TerwayPluginCondition:
    Fn::Equals:
      - Ref: AckNetworkPlugin
      - Terway
Resources:
  VpcsDataSource:
    Type: DATASOURCE::VPC::Vpcs
    Properties:
      VpcIds:
        - Ref: VpcId
  EcsSecurityGroup:
    Type: ALIYUN::ECS::SecurityGroup
    Condition: CreateAck
    Properties:
      SecurityGroupName:
        Ref: ALIYUN::StackName
      VpcId:
        Ref: VpcId
      SecurityGroupEgress:
        - PortRange: '-1/-1'
          Priority: 1
          IpProtocol: all
          DestCidrIp: 0.0.0.0/0
          NicType: intranet
      SecurityGroupIngress:
        Fn::If:
          - FlannelPluginCondition
          - - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Ref: PodCidr
              Description: pod网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Fn::Jq:
                  - First
                  - .[].CidrBlock
                  - 'Fn::GetAtt':
                      - VpcsDataSource
                      - Vpcs
              Description: vpc网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: icmp
              SourceCidrIp: 0.0.0.0/0
              Description: icmp协议端口放开
              NicType: intranet
          - - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Fn::Jq:
                  - First
                  - .[].CidrBlock
                  - 'Fn::GetAtt':
                      - VpcsDataSource
                      - Vpcs
              Description: vpc网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: icmp
              SourceCidrIp: 0.0.0.0/0
              Description: icmp协议端口放开
              NicType: intranet
  ManagedKubernetesCluster:
    Type: ALIYUN::CS::ManagedKubernetesCluster
    Condition: CreateAck
    Properties:
      Name:
        Ref: ALIYUN::StackName
      ChargeType:
        Ref: PayType
      Period:
        Ref: PayPeriod
      PeriodUnit:
        Ref: PayPeriodUnit
      VSwitchIds:
        - Ref: VSwitchId
      VpcId:
        Ref: VpcId
      WorkerInstanceTypes:
        - Ref: WorkerInstanceType
      NumOfNodes: 3
      ClusterSpec: ack.pro.small
      ContainerCidr:
        Fn::If:
          - FlannelPluginCondition
          - Ref: PodCidr
          - Ref: ALIYUN::NoValue
      ServiceCidr:
        Ref: ServiceCidr
      PodVswitchIds:
        Fn::If:
          - TerwayPluginCondition
          - - Ref: PodVswitchId
          - Ref: ALIYUN::NoValue
      ZoneIds:
        - Ref: ZoneId
      SecurityGroupId:
        Ref: EcsSecurityGroup
      WorkerSystemDiskCategory:
        Ref: WorkerSystemDiskCategory
      WorkerSystemDiskSize:
        Ref: WorkerSystemDiskSize
      LoginPassword:
        Ref: LoginPassword
      SnatEntry: true
      Addons:
        Fn::If:
          - FlannelPluginCondition
          - - Name: flannel
              Config: ''
          - - Name: terway-eniip
              Config: ''
  WordpressComputenestHelmApplication:
    Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
    Version: v1
    Properties:
      WaitUntil:
        - Kind: Service
          Name: wordpress
          JsonPath: $.status.loadBalancer.ingress[0].ip
          Operator: NotEmpty
          FirstMatch: true
          Timeout: 300
      ClusterId:
        Fn::If:
          - CreateAck
          - Fn::GetAtt:
              - ManagedKubernetesCluster
              - ClusterId
          - Ref: ClusterId
      HelmChartUrl: '{{ computenest::helmchart::wordpress }}'
      DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}'
      ChartValues:
        mariadb:
          primary:
            persistence:
              enabled: true
              storageClass: alicloud-disk-essd
              size: 100Gi
        persistence:
          enabled: false
        wordpressUsername:
          Ref: WordpressUsername
        wordpressPassword:
          Ref: WordpressPassword
      Namespace:
        Ref: 'ALIYUN::StackName'
      ReleaseName: wordpress
Outputs:
  # 将公网ip做为http返回的地址显示在控制台
  Endpoint:
    Description:
      zh-cn: 对外暴露的公网IP地址
      en: Public IP Addresses
    Value:
      Fn::Sub:
        - "http://${ServerAddress} \n http://${ServerAddress}/admin"
        - ServerAddress:
            Fn::Select:
              - 0
              - Fn::GetAtt:
                - WordpressComputenestHelmApplication
                - WaitUntilData
Metadata:
  ALIYUN::ROS::Interface:
    ParameterGroups:
      - Parameters:
          - CreateAck
          - ClusterId
        Label:
          en: Whether create ack
          zh-cn: 是否新建ack集群
      - Parameters:
          - PayType
          - PayPeriodUnit
          - PayPeriod
        Label:
          en: PayType Configuration
          zh-cn: 付费类型配置
      - Parameters:
          - ZoneId
          - VpcId
          - VSwitchId
          - LoginPassword
        Label:
          en: Basic Configuration
          zh-cn: 基础配置
      - Parameters:
          - WorkerInstanceType
          - WorkerSystemDiskCategory
          - WorkerSystemDiskSize
          - AckNetworkPlugin
          - PodCidr
          - PodVswitchId
          - ServiceCidr
        Label:
          en: Kubernetes
          zh-cn: Kubernetes配置
      - Parameters:
          - WordpressUsername
          - WordpressPassword
        Label:
          en: Wordpress Config
          zh-cn: Wordpress配置
相关实践学习
2048小游戏
基于计算巢&ECS云服务器快速部署,带您畅玩2048小游戏。
相关文章
|
1月前
|
Kubernetes 持续交付 Docker
利用 Docker 和 Kubernetes 实现微服务部署
【10月更文挑战第2天】利用 Docker 和 Kubernetes 实现微服务部署
|
1月前
|
Prometheus Kubernetes 监控
k8s部署针对外部服务器的prometheus服务
通过上述步骤,您不仅成功地在Kubernetes集群内部署了Prometheus,还实现了对集群外服务器的有效监控。理解并实施网络配置是关键,确保监控数据的准确无误传输。随着监控需求的增长,您还可以进一步探索Prometheus生态中的其他组件,如Alertmanager、Grafana等,以构建完整的监控与报警体系。
121 60
|
1月前
|
Prometheus Kubernetes 监控
k8s部署针对外部服务器的prometheus服务
通过上述步骤,您不仅成功地在Kubernetes集群内部署了Prometheus,还实现了对集群外服务器的有效监控。理解并实施网络配置是关键,确保监控数据的准确无误传输。随着监控需求的增长,您还可以进一步探索Prometheus生态中的其他组件,如Alertmanager、Grafana等,以构建完整的监控与报警体系。
209 62
|
1月前
|
Kubernetes Docker 微服务
微服务实践k8s&dapr开发部署实验(1)服务调用(一)
微服务实践k8s&dapr开发部署实验(1)服务调用(一)
49 2
|
1月前
|
Kubernetes 网络安全 容器
基于Ubuntu-22.04安装K8s-v1.28.2实验(一)部署K8s
基于Ubuntu-22.04安装K8s-v1.28.2实验(一)部署K8s
205 2
|
1月前
|
NoSQL 关系型数据库 Redis
高可用和性能:基于ACK部署Dify的最佳实践
本文介绍了基于阿里云容器服务ACK,部署高可用、可伸缩且具备高SLA的生产可用的Dify服务的详细解决方案。
|
1月前
|
Kubernetes Cloud Native 流计算
Flink-12 Flink Java 3分钟上手 Kubernetes云原生下的Flink集群 Rancher Stateful Set yaml详细 扩容缩容部署 Docker容器编排
Flink-12 Flink Java 3分钟上手 Kubernetes云原生下的Flink集群 Rancher Stateful Set yaml详细 扩容缩容部署 Docker容器编排
73 0
|
1月前
|
Kubernetes 网络协议 安全
[kubernetes]二进制方式部署单机k8s-v1.30.5
[kubernetes]二进制方式部署单机k8s-v1.30.5
|
1月前
|
Kubernetes Docker 微服务
微服务实践k8s&dapr开发部署实验(1)服务调用(二)
微服务实践k8s&dapr开发部署实验(1)服务调用(二)
50 0
|
1月前
|
Kubernetes 关系型数据库 MySQL
k8s学习--利用helm部署应用mysql,加深helm的理解
k8s学习--利用helm部署应用mysql,加深helm的理解
177 0