jaminlu
commented
4 years ago helm chart
Open zryfish opened 4 years ago
jaminlu
commented
4 years ago helm chart
jaminlu
commented
4 years ago kubesphere项目ks-account、ks-console组件已经用helm charts实现了,结合CI/CD可以实现流水作业,
helm install --namespace=kubesphere-system --name=ks-console .
helm install --namespace=kubesphere-system --name=ks-account . helm部署脚本。
ks-account: ├── charts ├── Chart.yaml ├── templates │ ├── deployment.yaml │ └── service.yaml └── values.yaml
values.yaml:
# Default values for ks-account.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 3
version: v2.1.0
name: ks-account
image:
repository: kubesphere/ks-account
tag: v2.1.0
pullPolicy: Always
service:
type: ClusterIP
port: 80
resources:
limits:
cpu: "1"
memory: 500Mi
requests:
cpu: 20m
memory: 100Mi
nodeSelector: {}
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 60
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 60
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- ""
weight: 100
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- ks-account
namespaces:
- kubesphere-system
topologyKey: kubernetes.io/hostnamedeployment.yaml
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ .Chart.Name }}
namespace: kubesphere-system
labels:
app: ks-account
tier: backend
version: {{ .Values.version }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: ks-account
tier: backend
version: {{ .Values.version }}
template:
metadata:
creationTimestamp: null
labels:
app: ks-account
tier: backend
version: {{ .Values.version }}
spec:
containers:
- command:
- ks-iam
- --logtostderr=true
- --jwt-secret=$(JWT_SECRET)
- --admin-password=$(ADMIN_PASSWORD)
- --enable-multi-login=True
- --token-idle-timeout=40m
- --redis-url=redis://redis.kubesphere-system.svc:6379
env:
- name: KUBECTL_IMAGE
value: kubesphere/kubectl:v1.0.0
- name: JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: ks-account-secret
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: admin-password
name: ks-account-secret
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: {{ .Chart.Name }}
ports:
- containerPort: 9090
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/kubernetes/pki
name: ca-dir
- mountPath: /etc/ks-iam
name: user-init
- mountPath: /etc/kubesphere/rules
name: policy-rules
- mountPath: /etc/kubesphere
name: kubesphere-config
dnsPolicy: ClusterFirst
initContainers:
- command:
- sh
- -c
- until nc -z redis.kubesphere-system.svc 6379; do echo "waiting for redis";
sleep 2; done;
image: busybox:1.28.4
imagePullPolicy: IfNotPresent
name: wait-redis
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- command:
- sh
- -c
- until nc -z openldap.kubesphere-system.svc 389; do echo "waiting for ldap";
sleep 2; done;
image: busybox:1.28.4
imagePullPolicy: IfNotPresent
name: wait-ldap
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kubesphere
serviceAccountName: kubesphere
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: policy-rules
name: policy-rules
- name: ca-dir
secret:
defaultMode: 420
secretName: kubesphere-ca
- configMap:
defaultMode: 420
name: user-init
name: user-init
- configMap:
defaultMode: 420
name: kubesphere-config
name: kubesphere-config
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}service.yaml
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.name }}
namespace: kubesphere-system
labels:
app: ks-account
tier: backend
version: {{ .Values.version }}
spec:
type: {{ .Values.service.type }}
sessionAffinity: None
ports:
- name: {{ .Values.name }}
port: {{ .Values.service.port }}
protocol: TCP
targetPort: 9090
selector:
app: ks-account
tier: backend
version: {{ .Values.version }}
pixiake
commented
4 years ago ks-core这些组件可以放到一个chart里
jaminlu
commented
4 years ago ks-core这些组件可以放到一个chart里
有些组件做了定制,是单独更新某个组件服务,所以分开了
如果各功能组件完全分离,helm chart是最优雅的安装方法,目前看来全部chart化devops部分及logging部分需要调整优化