为支持helm服务运维管理功能,现在改用fluxcd的方式进行helm chart部署,这里计算巢对fluxcd进行部署helm chart的过程进行了封装,封装成了ROS公共模块MODULE::ACS::ComputeNest::FluxOciHelmDeploy,下面将主要介绍下怎么使用这个模块在计算巢中进行Helm Chart的部署。
使用方式
MODULE::ACS::ComputeNest::FluxOciHelmDeploy模块支持的入参如下:
其中HelmChartUrl支持传入oci格式的chart仓库地址,具体在计算巢的使用中,可以选择使用计算巢Helm Chart部署物,也可以使用用户自己的chart仓库,下面分别进行介绍。
使用Helm Chart部署物
使用Helm Chart部署物时,先要进行部署物上传,具体流程见创建部署物文档。
计算巢提供了两个伪参数,分别用来在模版中关联helm chart部署物和拉取秘钥,在部署时进行替换:
- {{ computenest::helmchart::xx }} helm部署物占位符,替换成helm chart的完整地址,如oci://compute-nest-chart-registry.cn-hangzhou.cr.aliyuncs.com/1563457855438522/wordpress:15.4.1
- {{ computenest::helm::dockerconfigjson }} helm chart仓库拉取秘钥
示例模版如下:
Resources FluxHelmDeploy TypeMODULEACSComputeNestFluxOciHelmDeploy Versionv1 Properties ClusterId RefClusterId ReleaseNamewordpress Namespacewordpress HelmChartUrl'{{ computenest::helmchart::test }}' DockerConfigJson'{{ computenest::helm::dockerconfigjson }}' ChartValues mariadb primary persistence enabledtrue storageClassalicloud-disk-essd size20Gi persistence enabledfalse
创建服务时进行部署物关联:
使用用户提供的chart仓库
对于本身就有chart仓库的用户,可以直接使用自己的chart仓库,可以是公开仓库,也可以是私有仓库,私有仓库的情况下DockerConfigJson需要填写chart仓库的拉取秘钥,生成chart仓库拉取秘钥的方式如下:
kubectl create secret docker-registry SECRET_NAME \ --docker-server=SERVER_NAME \ --docker-username=USER_NAME \ --docker-password=Password kubectl get secret SECRET_NAME -o yaml
使用用户提供的公开chart仓库的示例如下:
WordpressComputenestHelmApplication TypeMODULEACSComputeNestFluxOciHelmDeploy Versionv1 Properties ClusterIdClusterId HelmChartUrloci//registry-1.docker.io/bitnamicharts/wordpress15.4.1 ChartValues mariadb primary persistence enabledtrue storageClassalicloud-disk-essd size100Gi persistence enabledfalse wordpressUsername RefWordpressUsername wordpressPassword RefWordpressPassword Namespace Ref'ALIYUN::StackName' ReleaseNamewordpress
服务模版示例
下面是一个wordpress服务以helm chart方式部署到ack上的服务模版示例。
ROSTemplateFormatVersion'2015-09-01' Description en新建ack部署wordpress zh-cnnew ack deploy wordpress Parameters CreateAck TypeBoolean Description enAn existing ack cluster can be deployed by entering the cluster id. If there is no current cluster, create a new ack cluster before deploying zh-cn已有ack集群输入集群id即可部署,当前无集群先新建ack集群再进行部署 Label enWether create ack cluster zh-cn是否新建ack集群 Defaulttrue ClusterId TypeString Description enThe ID of Kubernetes ClusterId in which application deployed. zh-cn部署应用程序的K8s集群ID AllowedPattern'[0-9a-z]+$' Defaultnull Requiredtrue Label enKubernetes ClusterId zh-cnK8s集群ID AssociationProperty'ALIYUN::CS::Cluster::ClusterId' AssociationPropertyMetadata RegionId'${RegionId}' Visible Condition Fn::Equals $CreateAck false PayType TypeString Label enECS Instance Charge Type zh-cn付费类型 DefaultPostPaid AllowedValues PostPaid PrePaid AssociationPropertyChargeType AssociationPropertyMetadata LocaleKeyInstanceChargeType Visible Condition Fn::Equals $CreateAck true PayPeriodUnit TypeString Label enPay Period Unit zh-cn购买资源时长周期 DefaultMonth AllowedValues Month Year AssociationPropertyPayPeriodUnit AssociationPropertyMetadata Visible Condition Fn::And Fn::Equals $CreateAck true Fn::Not Fn::Equals $PayType PostPaid PayPeriod TypeNumber Description enWhen the resource purchase duration is Month, the value of Period ranges from 1 to 9, 12, 24, 36, 48, or 60. <br><b><font color='red'> When ECS instance types are PrePaid valid </b></font> zh-cn当购买资源时长为Month时,Period取值:1~9 <br><b><font color='red'>当ECS实例类型为PrePaid有效</b></font> Label enPeriod zh-cn购买资源时长 Default1 AllowedValues 1 2 3 4 5 6 7 8 9 AssociationPropertyPayPeriod AssociationPropertyMetadata Visible Condition Fn::And Fn::Equals $CreateAck true Fn::Not Fn::Equals $PayType PostPaid ZoneId TypeString AssociationPropertyALIYUNECSInstanceZoneId Label enZone ID zh-cn可用区 Defaultcn-hangzhou-h AssociationPropertyMetadata Visible Condition Fn::Equals $CreateAck true VpcId TypeString Label enVPC ID zh-cn专有网络VPC实例ID Description en- Please search the ID starting with (vpc-xxx) from console-Virtual Private Cloud zh-cn现有虚拟专有网络的实例ID Default'' AssociationProperty'ALIYUN::ECS::VPC::VPCId' AssociationPropertyMetadata RegionId'${RegionId}' Visible Condition Fn::Equals $CreateAck true VSwitchId TypeString Label enVSwitch ID zh-cn交换机实例ID Description en- Instance ID of existing business network switches, console-Virtual Private Cloud-VSwitches under query zh-cn现有业务网络交换机的实例ID Default'' AssociationProperty'ALIYUN::ECS::VSwitch::VSwitchId' AssociationPropertyMetadata VpcId'${VpcId}' ZoneId'${ZoneId}' Visible Condition Fn::Equals $CreateAck true LoginPassword NoEchotrue TypeString Description enServer login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|;<>,.?/ Special symbol in) zh-cn服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|;<>,.?/ 中的特殊符号) Label enInstance Password zh-cn实例密码 ConstraintDescription enLength 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|;<>,.?/ Special symbol in) zh-cn长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|;<>,.?/ 中的特殊符号) AssociationPropertyALIYUNECSInstancePassword AssociationPropertyMetadata Visible Condition Fn::Equals $CreateAck true AllowedPattern^a-zA-Z0-9-\(\)\`\~\!\@\#\$\%\^\&\*\_\-\+\=\|\\\\\\;\<\>\,\.\?\/*$ MinLength8 MaxLength30 Defaultcomputenest*12345 WorkerInstanceType TypeString Label enWorker Nodes Types zh-cnWorker节点规格 AssociationPropertyALIYUNECSInstanceInstanceType AssociationPropertyMetadata ZoneId$ZoneId Visible Condition Fn::Equals $CreateAck true Defaultecs.g6.large WorkerSystemDiskCategory TypeString AllowedValues cloud_efficiency cloud_ssd cloud_essd AssociationPropertyMetadata LocaleKeyDiskCategory InstanceType$WorkerInstanceType Visible Condition Fn::Equals $CreateAck true Label enWorker System Disk Category zh-cnWorker 系统盘磁盘类型 Defaultcloud_essd WorkerSystemDiskSize TypeNumber Label enWorker System Disk Size(GB) zh-cnWorker节点系统盘大小(GB) MinValue1 Default120 AssociationPropertyMetadata Visible Condition Fn::Equals $CreateAck true AckNetworkPlugin TypeString Label enack plugin network zh-cnack网络插件 AllowedValues Flannel Terway AssociationPropertyMetadata Visible Condition Fn::Equals $CreateAck true DefaultFlannel PodCidr TypeString Description zh-cn请填写有效的私有网段,即以下网段及其子网:10.0.0.0/8,172.16-31.0.0/12-16,192.168.0.0/16<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font> en'Please fill in a valid private segment, i.e. the following segments and their subnets: 10.0.0.0/8, 172.16-31.0.0/12-16, 192.168.0.0/16<br> which cannot duplicate the network segments already used by clusters in VPC and VPC Kunetberes. <font color=''blue''><b>Cannot be modified after successful creation</b></font>' Label zh-cnPod 网络 CIDR enPod Network CIDR AssociationPropertyALIYUNCSManagedKubernetesClusterPodCidr AssociationPropertyMetadata Visible Condition Fn::And Fn::Equals $CreateAck true Fn::Equals $AckNetworkPlugin Flannel Default10.0.0.0/16 PodVswitchId TypeString Label enVSwitch ID zh-cnpod交换机实例ID Description en- Instance ID of existing business network switches, console-Virtual Private Cloud-VSwitches under query zh-cn建议选择网段掩码不大于 19 的虚拟交换机 Default'' AssociationProperty'ALIYUN::ECS::VSwitch::VSwitchId' AssociationPropertyMetadata VpcId'${VpcId}' ZoneId'${ZoneId}' Visible Condition Fn::And Fn::Equals $CreateAck true Fn::Equals $AckNetworkPlugin Terway ServiceCidr TypeString Description zh-cn可选范围:10.0.0.0/16-24,172.16-31.0.0/16-24,192.168.0.0/16-24<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font> en'Optional range: 10.0.0.0/16-24, 172.16-31.0.0/16-24, 192.168.0.0/16-24<br> cannot duplicate segments already used by existing Kubernetes clusters in VPC and VPC.<font color=''blue''><b>Cannot be modified after successful creation</b></font>' Label zh-cnService CIDR enService CIDR AssociationPropertyALIYUNCSManagedKubernetesClusterServiceCidr AssociationPropertyMetadata Visible Condition Fn::Equals $CreateAck true Default172.16.0.0/16 WordpressUsername TypeString Label zh-cnwordpress用户名 enwordpress username Defaultuser WordpressPassword NoEchotrue TypeString Label zh-cnwordpress密码 enwordpress password Conditions CreateAck Fn::Equals true RefCreateAck FlannelPluginCondition Fn::Equals RefAckNetworkPlugin Flannel TerwayPluginCondition Fn::Equals RefAckNetworkPlugin Terway Resources VpcsDataSource TypeDATASOURCEVPCVpcs Properties VpcIds RefVpcId EcsSecurityGroup TypeALIYUNECSSecurityGroup ConditionCreateAck Properties SecurityGroupName RefALIYUNStackName VpcId RefVpcId SecurityGroupEgress PortRange'-1/-1' Priority1 IpProtocolall DestCidrIp0.0.0.0/0 NicTypeintranet SecurityGroupIngress Fn::If FlannelPluginCondition - PortRange'-1/-1' Priority1 IpProtocolall SourceCidrIp RefPodCidr Descriptionpod网络访问开放 NicTypeintranet PortRange'-1/-1' Priority1 IpProtocolall SourceCidrIp Fn::Jq First ..CidrBlock 'Fn::GetAtt': VpcsDataSource Vpcs Descriptionvpc网络访问开放 NicTypeintranet PortRange'-1/-1' Priority1 IpProtocolicmp SourceCidrIp0.0.0.0/0 Descriptionicmp协议端口放开 NicTypeintranet - PortRange'-1/-1' Priority1 IpProtocolall SourceCidrIp Fn::Jq First ..CidrBlock 'Fn::GetAtt': VpcsDataSource Vpcs Descriptionvpc网络访问开放 NicTypeintranet PortRange'-1/-1' Priority1 IpProtocolicmp SourceCidrIp0.0.0.0/0 Descriptionicmp协议端口放开 NicTypeintranet ManagedKubernetesCluster TypeALIYUNCSManagedKubernetesCluster ConditionCreateAck Properties Name RefALIYUNStackName ChargeType RefPayType Period RefPayPeriod PeriodUnit RefPayPeriodUnit VSwitchIds RefVSwitchId VpcId RefVpcId WorkerInstanceTypes RefWorkerInstanceType NumOfNodes3 ClusterSpecack.pro.small ContainerCidr Fn::If FlannelPluginCondition RefPodCidr RefALIYUNNoValue ServiceCidr RefServiceCidr PodVswitchIds Fn::If TerwayPluginCondition - RefPodVswitchId RefALIYUNNoValue ZoneIds RefZoneId SecurityGroupId RefEcsSecurityGroup WorkerSystemDiskCategory RefWorkerSystemDiskCategory WorkerSystemDiskSize RefWorkerSystemDiskSize LoginPassword RefLoginPassword SnatEntrytrue Addons Fn::If FlannelPluginCondition - Nameflannel Config'' - Nameterway-eniip Config'' WordpressComputenestHelmApplication TypeMODULEACSComputeNestFluxOciHelmDeploy Versionv1 Properties WaitUntil KindService Namewordpress JsonPath$.status.loadBalancer.ingress0.ip OperatorNotEmpty FirstMatchtrue Timeout300 ClusterId Fn::If CreateAck Fn::GetAtt ManagedKubernetesCluster ClusterId RefClusterId HelmChartUrl'{{ computenest::helmchart::wordpress }}' DockerConfigJson'{{ computenest::helm::dockerconfigjson }}' ChartValues mariadb primary persistence enabledtrue storageClassalicloud-disk-essd size100Gi persistence enabledfalse wordpressUsername RefWordpressUsername wordpressPassword RefWordpressPassword Namespace Ref'ALIYUN::StackName' ReleaseNamewordpress Outputs # 将公网ip做为http返回的地址显示在控制台 Endpoint Description zh-cn对外暴露的公网IP地址 enPublic IP Addresses Value Fn::Sub "http://${ServerAddress} \n http://${ServerAddress}/admin" ServerAddress Fn::Select 0 Fn::GetAtt WordpressComputenestHelmApplication WaitUntilData Metadata ALIYUN::ROS::Interface ParameterGroups Parameters CreateAck ClusterId Label enWhether create ack zh-cn是否新建ack集群 Parameters PayType PayPeriodUnit PayPeriod Label enPayType Configuration zh-cn付费类型配置 Parameters ZoneId VpcId VSwitchId LoginPassword Label enBasic Configuration zh-cn基础配置 Parameters WorkerInstanceType WorkerSystemDiskCategory WorkerSystemDiskSize AckNetworkPlugin PodCidr PodVswitchId ServiceCidr Label enKubernetes zh-cnKubernetes配置 Parameters WordpressUsername WordpressPassword Label enWordpress Config zh-cnWordpress配置
