计算巢如何使用fluxcd在ack部署helm chart

本文涉及的产品
云服务器 ECS,每月免费额度280元 3个月
云服务器ECS,u1 2核4GB 1个月
简介: 为支持helm服务运维管理功能,现在改用fluxcd的方式进行helm chart部署,这里计算巢对fluxcd进行部署helm chart的过程进行了封装,封装成了ROS公共模块MODULE::ACS::ComputeNest::FluxOciHelmDeploy,下面将主要介绍下怎么使用这个模块在计算巢中进行Helm Chart的部署。

为支持helm服务运维管理功能,现在改用fluxcd的方式进行helm chart部署,这里计算巢对fluxcd进行部署helm chart的过程进行了封装,封装成了ROS公共模块MODULE::ACS::ComputeNest::FluxOciHelmDeploy,下面将主要介绍下怎么使用这个模块在计算巢中进行Helm Chart的部署。

使用方式

MODULE::ACS::ComputeNest::FluxOciHelmDeploy模块支持的入参如下:

image.png

其中HelmChartUrl支持传入oci格式的chart仓库地址,具体在计算巢的使用中,可以选择使用计算巢Helm Chart部署物,也可以使用用户自己的chart仓库,下面分别进行介绍。

使用Helm Chart部署物

使用Helm Chart部署物时,先要进行部署物上传,具体流程见创建部署物文档。

计算巢提供了两个伪参数,分别用来在模版中关联helm chart部署物和拉取秘钥,在部署时进行替换:

  • {{ computenest::helmchart::xx }}  helm部署物占位符,替换成helm chart的完整地址,如oci://compute-nest-chart-registry.cn-hangzhou.cr.aliyuncs.com/1563457855438522/wordpress:15.4.1
  • {{ computenest::helm::dockerconfigjson }}  helm chart仓库拉取秘钥

示例模版如下:

Resources:
  FluxHelmDeploy:
    Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
    Version: v1
    Properties:
      ClusterId:
        Ref: ClusterId
      ReleaseName: wordpress
      Namespace: wordpress
      HelmChartUrl: '{{ computenest::helmchart::test }}'
      DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}'
      ChartValues:
        mariadb:
          primary:
            persistence:
              enabled: true
              storageClass: alicloud-disk-essd
              size: 20Gi
        persistence:
          enabled: false

创建服务时进行部署物关联:

image.png

使用用户提供的chart仓库

对于本身就有chart仓库的用户,可以直接使用自己的chart仓库,可以是公开仓库,也可以是私有仓库,私有仓库的情况下DockerConfigJson需要填写chart仓库的拉取秘钥,生成chart仓库拉取秘钥的方式如下:

kubectl create secret docker-registry SECRET_NAME \
 --docker-server=SERVER_NAME \
 --docker-username=USER_NAME \
 --docker-password=Password
kubectl get secret SECRET_NAME -o yaml


使用用户提供的公开chart仓库的示例如下:

WordpressComputenestHelmApplication:
  Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
  Version: v1
  Properties:
    ClusterId: ClusterId
    HelmChartUrl: oci://registry-1.docker.io/bitnamicharts/wordpress:15.4.1
    ChartValues:
      mariadb:
        primary:
          persistence:
            enabled: true
            storageClass: alicloud-disk-essd
            size: 100Gi
      persistence:
        enabled: false
      wordpressUsername:
        Ref: WordpressUsername
      wordpressPassword:
        Ref: WordpressPassword
    Namespace:
      Ref: 'ALIYUN::StackName'
    ReleaseName: wordpress

服务模版示例

下面是一个wordpress服务以helm chart方式部署到ack上的服务模版示例。

ROSTemplateFormatVersion: '2015-09-01'
Description:
  en: 新建ack部署wordpress
  zh-cn: new ack deploy wordpress
Parameters:
  CreateAck:
    Type: Boolean
    Description:
      en: An existing ack cluster can be deployed by entering the cluster id. If there is no current cluster, create a new ack cluster before deploying
      zh-cn: 已有ack集群输入集群id即可部署,当前无集群先新建ack集群再进行部署
    Label:
      en: Wether create ack cluster
      zh-cn: 是否新建ack集群
    Default: true
  ClusterId:
    Type: String
    Description:
      en: The ID of Kubernetes ClusterId in which application deployed.
      zh-cn: 部署应用程序的K8s集群ID
    AllowedPattern: '[0-9a-z]+$'
    Default: null
    Required: true
    Label:
      en: Kubernetes ClusterId
      zh-cn: K8s集群ID
    AssociationProperty: 'ALIYUN::CS::Cluster::ClusterId'
    AssociationPropertyMetadata:
      RegionId: '${RegionId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - false
  PayType:
    Type: String
    Label:
      en: ECS Instance Charge Type
      zh-cn: 付费类型
    Default: PostPaid
    AllowedValues:
      - PostPaid
      - PrePaid
    AssociationProperty: ChargeType
    AssociationPropertyMetadata:
      LocaleKey: InstanceChargeType
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  PayPeriodUnit:
    Type: String
    Label:
      en: Pay Period Unit
      zh-cn: 购买资源时长周期
    Default: Month
    AllowedValues:
      - Month
      - Year
    AssociationProperty: PayPeriodUnit
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Not:
                Fn::Equals:
                  - ${PayType}
                  - PostPaid
  PayPeriod:
    Type: Number
    Description:
      en: When the resource purchase duration is Month, the value of Period ranges from 1 to 9, 12, 24, 36, 48, or 60. <br><b><font color='red'> When ECS instance types are PrePaid valid </b></font>
      zh-cn: 当购买资源时长为Month时,Period取值:1~9 <br><b><font color='red'>当ECS实例类型为PrePaid有效</b></font>
    Label:
      en: Period
      zh-cn: 购买资源时长
    Default: 1
    AllowedValues:
      - 1
      - 2
      - 3
      - 4
      - 5
      - 6
      - 7
      - 8
      - 9
    AssociationProperty: PayPeriod
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Not:
                Fn::Equals:
                  - ${PayType}
                  - PostPaid
  ZoneId:
    Type: String
    AssociationProperty: ALIYUN::ECS::Instance:ZoneId
    Label:
      en: Zone ID
      zh-cn: 可用区
    Default: cn-hangzhou-h
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  VpcId:
    Type: String
    Label:
      en: VPC ID
      zh-cn: 专有网络VPC实例ID
    Description:
      en: >-
        Please search the ID starting with (vpc-xxx) from console-Virtual
        Private Cloud
      zh-cn: 现有虚拟专有网络的实例ID
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VPC::VPCId'
    AssociationPropertyMetadata:
      RegionId: '${RegionId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  VSwitchId:
    Type: String
    Label:
      en: VSwitch ID
      zh-cn: 交换机实例ID
    Description:
      en: >-
        Instance ID of existing business network switches, console-Virtual
        Private Cloud-VSwitches under query
      zh-cn: 现有业务网络交换机的实例ID
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
    AssociationPropertyMetadata:
      VpcId: '${VpcId}'
      ZoneId: '${ZoneId}'
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  LoginPassword:
    NoEcho: true
    Type: String
    Description:
      en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ Special symbol in)
      zh-cn: 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ 中的特殊符号)
    Label:
      en: Instance Password
      zh-cn: 实例密码
    ConstraintDescription:
      en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ Special symbol in)
      zh-cn: 长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ 中的特殊符号)
    AssociationProperty: ALIYUN::ECS::Instance::Password
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    AllowedPattern: ^[a-zA-Z0-9-\(\)\`\~\!\@\#\$\%\^\&\*\_\-\+\=\|\{\}\[\]\:\;\<\>\,\.\?\/]*$
    MinLength: 8
    MaxLength: 30
    Default: computenest*12345
  WorkerInstanceType:
    Type: String
    Label:
      en: Worker Nodes Types
      zh-cn: Worker节点规格
    AssociationProperty: ALIYUN::ECS::Instance::InstanceType
    AssociationPropertyMetadata:
      ZoneId: ${ZoneId}
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: ecs.g6.large
  WorkerSystemDiskCategory:
    Type: String
    AllowedValues:
      - cloud_efficiency
      - cloud_ssd
      - cloud_essd
    AssociationPropertyMetadata:
      LocaleKey: DiskCategory
      InstanceType: ${WorkerInstanceType}
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Label:
      en: Worker System Disk Category
      zh-cn: Worker 系统盘磁盘类型
    Default: cloud_essd
  WorkerSystemDiskSize:
    Type: Number
    Label:
      en: Worker System Disk Size(GB)
      zh-cn: Worker节点系统盘大小(GB)
    MinValue: 1
    Default: 120
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
  AckNetworkPlugin:
    Type: String
    Label:
      en: ack plugin network
      zh-cn: ack网络插件
    AllowedValues:
      - Flannel
      - Terway
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: Flannel
  PodCidr:
    Type: String
    Description:
      zh-cn: 请填写有效的私有网段,即以下网段及其子网:10.0.0.0/8,172.16-31.0.0/12-16,192.168.0.0/16<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font>
      en: 'Please fill in a valid private segment, i.e. the following segments and their subnets: 10.0.0.0/8, 172.16-31.0.0/12-16, 192.168.0.0/16<br> which cannot duplicate the network segments already used by clusters in VPC and VPC Kunetberes. <font color=''blue''><b>Cannot be modified after successful creation</b></font>'
    Label:
      zh-cn: Pod 网络 CIDR
      en: Pod Network CIDR
    AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::PodCidr
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Equals:
                - ${AckNetworkPlugin}
                - Flannel
    Default: 10.0.0.0/16
  PodVswitchId:
    Type: String
    Label:
      en: VSwitch ID
      zh-cn: pod交换机实例ID
    Description:
      en: >-
        Instance ID of existing business network switches, console-Virtual
        Private Cloud-VSwitches under query
      zh-cn: 建议选择网段掩码不大于 19 的虚拟交换机
    Default: ''
    AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
    AssociationPropertyMetadata:
      VpcId: '${VpcId}'
      ZoneId: '${ZoneId}'
      Visible:
        Condition:
          Fn::And:
            - Fn::Equals:
                - ${CreateAck}
                - true
            - Fn::Equals:
                - ${AckNetworkPlugin}
                - Terway
  ServiceCidr:
    Type: String
    Description:
      zh-cn: 可选范围:10.0.0.0/16-24,172.16-31.0.0/16-24,192.168.0.0/16-24<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font>
      en: 'Optional range: 10.0.0.0/16-24, 172.16-31.0.0/16-24, 192.168.0.0/16-24<br> cannot duplicate segments already used by existing Kubernetes clusters in VPC and VPC.<font color=''blue''><b>Cannot be modified after successful creation</b></font>'
    Label:
      zh-cn: Service CIDR
      en: Service CIDR
    AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::ServiceCidr
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Equals:
            - ${CreateAck}
            - true
    Default: 172.16.0.0/16
  WordpressUsername:
    Type: String
    Label:
      zh-cn: wordpress用户名
      en: wordpress username
    Default: user
  WordpressPassword:
    NoEcho: true
    Type: String
    Label:
      zh-cn: wordpress密码
      en: wordpress password
Conditions:
  CreateAck:
    Fn::Equals:
      - true
      - Ref: CreateAck
  FlannelPluginCondition:
    Fn::Equals:
      - Ref: AckNetworkPlugin
      - Flannel
  TerwayPluginCondition:
    Fn::Equals:
      - Ref: AckNetworkPlugin
      - Terway
Resources:
  VpcsDataSource:
    Type: DATASOURCE::VPC::Vpcs
    Properties:
      VpcIds:
        - Ref: VpcId
  EcsSecurityGroup:
    Type: ALIYUN::ECS::SecurityGroup
    Condition: CreateAck
    Properties:
      SecurityGroupName:
        Ref: ALIYUN::StackName
      VpcId:
        Ref: VpcId
      SecurityGroupEgress:
        - PortRange: '-1/-1'
          Priority: 1
          IpProtocol: all
          DestCidrIp: 0.0.0.0/0
          NicType: intranet
      SecurityGroupIngress:
        Fn::If:
          - FlannelPluginCondition
          - - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Ref: PodCidr
              Description: pod网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Fn::Jq:
                  - First
                  - .[].CidrBlock
                  - 'Fn::GetAtt':
                      - VpcsDataSource
                      - Vpcs
              Description: vpc网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: icmp
              SourceCidrIp: 0.0.0.0/0
              Description: icmp协议端口放开
              NicType: intranet
          - - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: all
              SourceCidrIp:
                Fn::Jq:
                  - First
                  - .[].CidrBlock
                  - 'Fn::GetAtt':
                      - VpcsDataSource
                      - Vpcs
              Description: vpc网络访问开放
              NicType: intranet
            - PortRange: '-1/-1'
              Priority: 1
              IpProtocol: icmp
              SourceCidrIp: 0.0.0.0/0
              Description: icmp协议端口放开
              NicType: intranet
  ManagedKubernetesCluster:
    Type: ALIYUN::CS::ManagedKubernetesCluster
    Condition: CreateAck
    Properties:
      Name:
        Ref: ALIYUN::StackName
      ChargeType:
        Ref: PayType
      Period:
        Ref: PayPeriod
      PeriodUnit:
        Ref: PayPeriodUnit
      VSwitchIds:
        - Ref: VSwitchId
      VpcId:
        Ref: VpcId
      WorkerInstanceTypes:
        - Ref: WorkerInstanceType
      NumOfNodes: 3
      ClusterSpec: ack.pro.small
      ContainerCidr:
        Fn::If:
          - FlannelPluginCondition
          - Ref: PodCidr
          - Ref: ALIYUN::NoValue
      ServiceCidr:
        Ref: ServiceCidr
      PodVswitchIds:
        Fn::If:
          - TerwayPluginCondition
          - - Ref: PodVswitchId
          - Ref: ALIYUN::NoValue
      ZoneIds:
        - Ref: ZoneId
      SecurityGroupId:
        Ref: EcsSecurityGroup
      WorkerSystemDiskCategory:
        Ref: WorkerSystemDiskCategory
      WorkerSystemDiskSize:
        Ref: WorkerSystemDiskSize
      LoginPassword:
        Ref: LoginPassword
      SnatEntry: true
      Addons:
        Fn::If:
          - FlannelPluginCondition
          - - Name: flannel
              Config: ''
          - - Name: terway-eniip
              Config: ''
  WordpressComputenestHelmApplication:
    Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
    Version: v1
    Properties:
      WaitUntil:
        - Kind: Service
          Name: wordpress
          JsonPath: $.status.loadBalancer.ingress[0].ip
          Operator: NotEmpty
          FirstMatch: true
          Timeout: 300
      ClusterId:
        Fn::If:
          - CreateAck
          - Fn::GetAtt:
              - ManagedKubernetesCluster
              - ClusterId
          - Ref: ClusterId
      HelmChartUrl: '{{ computenest::helmchart::wordpress }}'
      DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}'
      ChartValues:
        mariadb:
          primary:
            persistence:
              enabled: true
              storageClass: alicloud-disk-essd
              size: 100Gi
        persistence:
          enabled: false
        wordpressUsername:
          Ref: WordpressUsername
        wordpressPassword:
          Ref: WordpressPassword
      Namespace:
        Ref: 'ALIYUN::StackName'
      ReleaseName: wordpress
Outputs:
  # 将公网ip做为http返回的地址显示在控制台
  Endpoint:
    Description:
      zh-cn: 对外暴露的公网IP地址
      en: Public IP Addresses
    Value:
      Fn::Sub:
        - "http://${ServerAddress} \n http://${ServerAddress}/admin"
        - ServerAddress:
            Fn::Select:
              - 0
              - Fn::GetAtt:
                - WordpressComputenestHelmApplication
                - WaitUntilData
Metadata:
  ALIYUN::ROS::Interface:
    ParameterGroups:
      - Parameters:
          - CreateAck
          - ClusterId
        Label:
          en: Whether create ack
          zh-cn: 是否新建ack集群
      - Parameters:
          - PayType
          - PayPeriodUnit
          - PayPeriod
        Label:
          en: PayType Configuration
          zh-cn: 付费类型配置
      - Parameters:
          - ZoneId
          - VpcId
          - VSwitchId
          - LoginPassword
        Label:
          en: Basic Configuration
          zh-cn: 基础配置
      - Parameters:
          - WorkerInstanceType
          - WorkerSystemDiskCategory
          - WorkerSystemDiskSize
          - AckNetworkPlugin
          - PodCidr
          - PodVswitchId
          - ServiceCidr
        Label:
          en: Kubernetes
          zh-cn: Kubernetes配置
      - Parameters:
          - WordpressUsername
          - WordpressPassword
        Label:
          en: Wordpress Config
          zh-cn: Wordpress配置
相关实践学习
容器服务Serverless版ACK Serverless 快速入门:在线魔方应用部署和监控
通过本实验,您将了解到容器服务Serverless版ACK Serverless 的基本产品能力,即可以实现快速部署一个在线魔方应用,并借助阿里云容器服务成熟的产品生态,实现在线应用的企业级监控,提升应用稳定性。
云原生实践公开课
课程大纲 开篇:如何学习并实践云原生技术 基础篇: 5 步上手 Kubernetes 进阶篇:生产环境下的 K8s 实践 相关的阿里云产品:容器服务&nbsp;ACK 容器服务&nbsp;Kubernetes&nbsp;版(简称&nbsp;ACK)提供高性能可伸缩的容器应用管理能力,支持企业级容器化应用的全生命周期管理。整合阿里云虚拟化、存储、网络和安全能力,打造云端最佳容器化应用运行环境。 了解产品详情:&nbsp;https://www.aliyun.com/product/kubernetes
相关文章
|
17天前
|
Kubernetes 网络协议 应用服务中间件
K8S二进制部署实践-1.15.5
K8S二进制部署实践-1.15.5
31 0
|
19天前
|
Kubernetes 流计算 Perl
在Rancher K8s上部署Flink时,TaskManager连接不上并不断重启可能是由多种原因导致的
在Rancher K8s上部署Flink时,TaskManager连接不上并不断重启可能是由多种原因导致的
29 7
|
2天前
|
Kubernetes 搜索推荐 Docker
使用 kubeadm 部署 Kubernetes 集群(二)k8s环境安装
使用 kubeadm 部署 Kubernetes 集群(二)k8s环境安装
34 17
|
14天前
|
Kubernetes Ubuntu 应用服务中间件
Ubuntu 22.04 利用kubeadm方式部署Kubernetes(v1.28.2版本)
Ubuntu 22.04 利用kubeadm方式部署Kubernetes(v1.28.2版本)
68 0
|
22天前
|
Kubernetes Java Nacos
nacos常见问题之k8s上部署需要自动扩缩容如何解决
Nacos是阿里云开源的服务发现和配置管理平台,用于构建动态微服务应用架构;本汇总针对Nacos在实际应用中用户常遇到的问题进行了归纳和解答,旨在帮助开发者和运维人员高效解决使用Nacos时的各类疑难杂症。
24 0
|
27天前
|
存储 Kubernetes 分布式数据库
利用Helm在K8S上部署 PolarDB-X 集群(详细步骤--亲测!!!)
利用Helm在K8S上部署 PolarDB-X 集群(详细步骤--亲测!!!)
74 0
|
1月前
|
负载均衡 安全 网络协议
如何通过计算巢在ACK集群上使用Istio服务网格
本文主要介绍怎么通过计算巢部署Isito服务网格,并介绍了使用示例。
29 0
|
2月前
|
Prometheus Kubernetes 监控
|
2月前
|
Kubernetes 关系型数据库 MySQL
K8S客户端二 使用Rancher部署服务
使用rancher服务操作步骤
|
2月前
|
云计算
电子书阅读分享《阿里云计算巢加速器:让优秀的软件生于云、长于云》
电子书阅读分享《阿里云计算巢加速器:让优秀的软件生于云、长于云》
46 1

推荐镜像

更多