计算巢如何使用fluxcd在ack部署helm chart-阿里云开发者社区

为支持helm服务运维管理功能，现在改用fluxcd的方式进行helm chart部署，这里计算巢对fluxcd进行部署helm chart的过程进行了封装，封装成了ROS公共模块MODULE::ACS::ComputeNest::FluxOciHelmDeploy，下面将主要介绍下怎么使用这个模块在计算巢中进行Helm Chart的部署。

使用方式

MODULE::ACS::ComputeNest::FluxOciHelmDeploy模块支持的入参如下：

其中HelmChartUrl支持传入oci格式的chart仓库地址，具体在计算巢的使用中，可以选择使用计算巢Helm Chart部署物，也可以使用用户自己的chart仓库，下面分别进行介绍。

使用Helm Chart部署物

使用Helm Chart部署物时，先要进行部署物上传，具体流程见创建部署物文档。

计算巢提供了两个伪参数，分别用来在模版中关联helm chart部署物和拉取秘钥，在部署时进行替换：

{{ computenest::helmchart::xx }} helm部署物占位符，替换成helm chart的完整地址，如oci://compute-nest-chart-registry.cn-hangzhou.cr.aliyuncs.com/1563457855438522/wordpress:15.4.1
{{ computenest::helm::dockerconfigjson }} helm chart仓库拉取秘钥

示例模版如下：

Resources:
  FluxHelmDeploy:
    Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
    Version: v1
    Properties:
      ClusterId:
        Ref: ClusterId
      ReleaseName: wordpress
      Namespace: wordpress
      HelmChartUrl: '{{ computenest::helmchart::test }}'
      DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}'
      ChartValues:
        mariadb:
          primary:
            persistence:
              enabled: true
              storageClass: alicloud-disk-essd
              size: 20Gi
        persistence:
          enabled: false

创建服务时进行部署物关联：

使用用户提供的chart仓库

对于本身就有chart仓库的用户，可以直接使用自己的chart仓库，可以是公开仓库，也可以是私有仓库，私有仓库的情况下DockerConfigJson需要填写chart仓库的拉取秘钥，生成chart仓库拉取秘钥的方式如下：

kubectl create secret docker-registry SECRET_NAME \
 --docker-server=SERVER_NAME \
 --docker-username=USER_NAME \
 --docker-password=Password
kubectl get secret SECRET_NAME -o yaml

使用用户提供的公开chart仓库的示例如下：

WordpressComputenestHelmApplication:
  Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
  Version: v1
  Properties:
    ClusterId: ClusterId
    HelmChartUrl: oci://registry-1.docker.io/bitnamicharts/wordpress:15.4.1
    ChartValues:
      mariadb:
        primary:
          persistence:
            enabled: true
            storageClass: alicloud-disk-essd
            size: 100Gi
      persistence:
        enabled: false
      wordpressUsername:
        Ref: WordpressUsername
      wordpressPassword:
        Ref: WordpressPassword
    Namespace:
      Ref: 'ALIYUN::StackName'
    ReleaseName: wordpress

服务模版示例

下面是一个wordpress服务以helm chart方式部署到ack上的服务模版示例。

ROSTemplateFormatVersion: '2015-09-01'
Description:
  en: 新建ack部署wordpress
  zh-cn: new ack deploy wordpress
Parameters:
  CreateAck:
    Type: Boolean
    Description:
      en: An existing ack cluster can be deployed by entering the cluster id. If there is no current cluster, create a new ack cluster before deploying
      zh-cn: 已有ack集群输入集群id即可部署，当前无集群先新建ack集群再进行部署
    Label:
      en: Wether create ack cluster
      zh-cn: 是否新建ack集群
    Default: true
  ClusterId:
    Type: String
    Description:
      en: The ID of Kubernetes ClusterId in which application deployed.
      zh-cn: 部署应用程序的K8s集群ID
    AllowedPattern: '[0-9a-z]+$'
    Default: null
    Required: true
    Label:
      en: Kubernetes ClusterId
      zh-cn: K8s集群ID
    AssociationProperty: 'ALIYUN::CS::Cluster::ClusterId'
    AssociationPropertyMetadata:
      RegionId: '${RegionId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - false
  PayType:
    Type: String
    Label:
      en: ECS Instance Charge Type
      zh-cn: 付费类型
    Default: PostPaid
    AllowedValues:
      - PostPaid
      - PrePaid
    AssociationProperty: ChargeType
    AssociationPropertyMetadata:
      LocaleKey: InstanceChargeType
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  PayPeriodUnit:
    Type: String
    Label:
      en: Pay Period Unit
      zh-cn: 购买资源时长周期
    Default: Month
    AllowedValues:
      - Month
      - Year
    AssociationProperty: PayPeriodUnit
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Not:
                Fn::Equals:
                  - ${PayType}
                  - PostPaid
  PayPeriod:
    Type: Number
    Description:
      en: When the resource purchase duration is Month, the value of Period ranges from 1 to 9, 12, 24, 36, 48, or 60. <br><b><font color='red'> When ECS instance types are PrePaid valid </b></font>
      zh-cn: 当购买资源时长为Month时，Period取值：1~9 <br><b><font color='red'>当ECS实例类型为PrePaid有效</b></font>
    Label:
      en: Period
      zh-cn: 购买资源时长
    Default: 1
    AllowedValues:
      - 1
      - 2
      - 3
      - 4
      - 5
      - 6
      - 7
      - 8
      - 9
    AssociationProperty: PayPeriod
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Not:
                Fn::Equals:
                  - ${PayType}
                  - PostPaid
  ZoneId:
    Type: String
    AssociationProperty: ALIYUN::ECS::Instance:ZoneId
    Label:
      en: Zone ID
      zh-cn: 可用区
    Default: cn-hangzhou-h
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  VpcId:
    Type: String
    Label:
      en: VPC ID
      zh-cn: 专有网络VPC实例ID
    Description:
      en: >-
        Please search the ID starting with (vpc-xxx) from console-Virtual
        Private Cloud
      zh-cn: 现有虚拟专有网络的实例ID
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VPC::VPCId'
    AssociationPropertyMetadata:
      RegionId: '${RegionId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  VSwitchId:
    Type: String
    Label:
      en: VSwitch ID
      zh-cn: 交换机实例ID
    Description:
      en: >-
        Instance ID of existing business network switches, console-Virtual
        Private Cloud-VSwitches under query
      zh-cn: 现有业务网络交换机的实例ID
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
    AssociationPropertyMetadata:
      VpcId: '${VpcId}'
      ZoneId: '${ZoneId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  LoginPassword:
    NoEcho: true
    Type: String
    Description:
      en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ Special symbol in)
      zh-cn: 服务器登录密码,长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ 中的特殊符号）
    Label:
      en: Instance Password
      zh-cn: 实例密码
    ConstraintDescription:
      en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ Special symbol in)
      zh-cn: 长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ 中的特殊符号）
    AssociationProperty: ALIYUN::ECS::Instance::Password
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    AllowedPattern: ^[a-zA-Z0-9-\(\)\`\~\!\@\#\$\%\^\&\*\_\-\+\=\|\{\}\[\]\:\;\<\>\,\.\?\/]*$
    MinLength: 8
    MaxLength: 30
    Default: computenest*12345
  WorkerInstanceType:
    Type: String
    Label:
      en: Worker Nodes Types
      zh-cn: Worker节点规格
    AssociationProperty: ALIYUN::ECS::Instance::InstanceType
    AssociationPropertyMetadata:
      ZoneId: ${ZoneId}
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: ecs.g6.large
  WorkerSystemDiskCategory:
    Type: String
    AllowedValues:
      - cloud_efficiency
      - cloud_ssd
      - cloud_essd
    AssociationPropertyMetadata:
      LocaleKey: DiskCategory
      InstanceType: ${WorkerInstanceType}
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Label:
      en: Worker System Disk Category
      zh-cn: Worker 系统盘磁盘类型
    Default: cloud_essd
  WorkerSystemDiskSize:
    Type: Number
    Label:
      en: Worker System Disk Size(GB)
      zh-cn: Worker节点系统盘大小(GB)
    MinValue: 1
    Default: 120
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  AckNetworkPlugin:
    Type: String
    Label:
      en: ack plugin network
      zh-cn: ack网络插件
    AllowedValues:
      - Flannel
      - Terway
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: Flannel
  PodCidr:
    Type: String
    Description:
      zh-cn: 请填写有效的私有网段，即以下网段及其子网：10.0.0.0/8，172.16-31.0.0/12-16，192.168.0.0/16<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font>
      en: 'Please fill in a valid private segment, i.e. the following segments and their subnets: 10.0.0.0/8, 172.16-31.0.0/12-16, 192.168.0.0/16<br> which cannot duplicate the network segments already used by clusters in VPC and VPC Kunetberes. <font color=''blue''><b>Cannot be modified after successful creation</b></font>'
    Label:
      zh-cn: Pod 网络 CIDR
      en: Pod Network CIDR
    AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::PodCidr
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Equals:
                - ${AckNetworkPlugin}
                - Flannel
    Default: 10.0.0.0/16
  PodVswitchId:
    Type: String
    Label:
      en: VSwitch ID
      zh-cn: pod交换机实例ID
    Description:
      en: >-
        Instance ID of existing business network switches, console-Virtual
        Private Cloud-VSwitches under query
      zh-cn: 建议选择网段掩码不大于 19 的虚拟交换机
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
    AssociationPropertyMetadata:
      VpcId: '${VpcId}'
      ZoneId: '${ZoneId}'
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Equals:
                - ${AckNetworkPlugin}
                - Terway
  ServiceCidr:
    Type: String
    Description:
      zh-cn: 可选范围：10.0.0.0/16-24，172.16-31.0.0/16-24，192.168.0.0/16-24<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font>
      en: 'Optional range: 10.0.0.0/16-24, 172.16-31.0.0/16-24, 192.168.0.0/16-24<br> cannot duplicate segments already used by existing Kubernetes clusters in VPC and VPC.<font color=''blue''><b>Cannot be modified after successful creation</b></font>'
    Label:
      zh-cn: Service CIDR
      en: Service CIDR
    AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::ServiceCidr
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: 172.16.0.0/16
  WordpressUsername:
    Type: String
    Label:
      zh-cn: wordpress用户名
      en: wordpress username
    Default: user
  WordpressPassword:
    NoEcho: true
    Type: String
    Label:
      zh-cn: wordpress密码
      en: wordpress password
Conditions:
  CreateAck:
    Fn::Equals:
      - true
      - Ref: CreateAck
  FlannelPluginCondition:
    Fn::Equals:
      - Ref: AckNetworkPlugin
      - Flannel
  TerwayPluginCondition:
    Fn::Equals:
      - Ref: AckNetworkPlugin
      - Terway
Resources:
  VpcsDataSource:
    Type: DATASOURCE::VPC::Vpcs
    Properties:
      VpcIds:
        - Ref: VpcId
  EcsSecurityGroup:
    Type: ALIYUN::ECS::SecurityGroup
    Condition: CreateAck
    Properties:
      SecurityGroupName:
        Ref: ALIYUN::StackName
      VpcId:
        Ref: VpcId
      SecurityGroupEgress:
        - PortRange: '-1/-1'
          Priority: 1
          IpProtocol: all
          DestCidrIp: 0.0.0.0/0
          NicType: intranet
      SecurityGroupIngress:
        Fn::If:
          - FlannelPluginCondition
          - - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Ref: PodCidr
              Description: pod网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Fn::Jq:
                  - First
                  - .[].CidrBlock
                  - 'Fn::GetAtt':
                      - VpcsDataSource
                      - Vpcs
              Description: vpc网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: icmp
              SourceCidrIp: 0.0.0.0/0
              Description: icmp协议端口放开
              NicType: intranet
          - - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Fn::Jq:
                  - First
                  - .[].CidrBlock
                  - 'Fn::GetAtt':
                      - VpcsDataSource
                      - Vpcs
              Description: vpc网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: icmp
              SourceCidrIp: 0.0.0.0/0
              Description: icmp协议端口放开
              NicType: intranet
  ManagedKubernetesCluster:
    Type: ALIYUN::CS::ManagedKubernetesCluster
    Condition: CreateAck
    Properties:
      Name:
        Ref: ALIYUN::StackName
      ChargeType:
        Ref: PayType
      Period:
        Ref: PayPeriod
      PeriodUnit:
        Ref: PayPeriodUnit
      VSwitchIds:
        - Ref: VSwitchId
      VpcId:
        Ref: VpcId
      WorkerInstanceTypes:
        - Ref: WorkerInstanceType
      NumOfNodes: 3
      ClusterSpec: ack.pro.small
      ContainerCidr:
        Fn::If:
          - FlannelPluginCondition
          - Ref: PodCidr
          - Ref: ALIYUN::NoValue
      ServiceCidr:
        Ref: ServiceCidr
      PodVswitchIds:
        Fn::If:
          - TerwayPluginCondition
          - - Ref: PodVswitchId
          - Ref: ALIYUN::NoValue
      ZoneIds:
        - Ref: ZoneId
      SecurityGroupId:
        Ref: EcsSecurityGroup
      WorkerSystemDiskCategory:
        Ref: WorkerSystemDiskCategory
      WorkerSystemDiskSize:
        Ref: WorkerSystemDiskSize
      LoginPassword:
        Ref: LoginPassword
      SnatEntry: true
      Addons:
        Fn::If:
          - FlannelPluginCondition
          - - Name: flannel
              Config: ''
          - - Name: terway-eniip
              Config: ''
  WordpressComputenestHelmApplication:
    Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
    Version: v1
    Properties:
      WaitUntil:
        - Kind: Service
          Name: wordpress
          JsonPath: $.status.loadBalancer.ingress[0].ip
          Operator: NotEmpty
          FirstMatch: true
          Timeout: 300
      ClusterId:
        Fn::If:
          - CreateAck
          - Fn::GetAtt:
              - ManagedKubernetesCluster
              - ClusterId
          - Ref: ClusterId
      HelmChartUrl: '{{ computenest::helmchart::wordpress }}'
      DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}'
      ChartValues:
        mariadb:
          primary:
            persistence:
              enabled: true
              storageClass: alicloud-disk-essd
              size: 100Gi
        persistence:
          enabled: false
        wordpressUsername:
          Ref: WordpressUsername
        wordpressPassword:
          Ref: WordpressPassword
      Namespace:
        Ref: 'ALIYUN::StackName'
      ReleaseName: wordpress
Outputs:
  # 将公网ip做为http返回的地址显示在控制台
  Endpoint:
    Description:
      zh-cn: 对外暴露的公网IP地址
      en: Public IP Addresses
    Value:
      Fn::Sub:
        - "http://${ServerAddress} \n http://${ServerAddress}/admin"
        - ServerAddress:
            Fn::Select:
              - 0
              - Fn::GetAtt:
                - WordpressComputenestHelmApplication
                - WaitUntilData
Metadata:
  ALIYUN::ROS::Interface:
    ParameterGroups:
      - Parameters:
          - CreateAck
          - ClusterId
        Label:
          en: Whether create ack
          zh-cn: 是否新建ack集群
      - Parameters:
          - PayType
          - PayPeriodUnit
          - PayPeriod
        Label:
          en: PayType Configuration
          zh-cn: 付费类型配置
      - Parameters:
          - ZoneId
          - VpcId
          - VSwitchId
          - LoginPassword
        Label:
          en: Basic Configuration
          zh-cn: 基础配置
      - Parameters:
          - WorkerInstanceType
          - WorkerSystemDiskCategory
          - WorkerSystemDiskSize
          - AckNetworkPlugin
          - PodCidr
          - PodVswitchId
          - ServiceCidr
        Label:
          en: Kubernetes
          zh-cn: Kubernetes配置
      - Parameters:
          - WordpressUsername
          - WordpressPassword
        Label:
          en: Wordpress Config
          zh-cn: Wordpress配置

计算巢如何使用fluxcd在ack部署helm chart

使用方式

使用Helm Chart部署物

使用用户提供的chart仓库

服务模版示例

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像

热门

活动广场

任务中心

开发者评测

高校计划

乘风者计划

训练营

阿里云MVP

话题

直播

下载

镜像站

技术资料

插件

计算巢如何使用fluxcd在ack部署helm chart

使用方式

使用Helm Chart部署物

使用用户提供的chart仓库

服务模版示例

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像