计算巢支持使用FluxCD在ACK部署Helm Chart,本文介绍如何使用FluxCD在计算巢中进行Helm Chart的部署。
背景信息
计算巢对FluxCD进行部署Helm Chart的过程进行了封装,封装成了ROS公共模块MODULE::ACS::ComputeNest::FluxOciHelmDeploy,MODULE::ACS::ComputeNest::FluxOciHelmDeploy模块支持如下参数。
使用方法
HelmChartUrl支持传入OCI格式的Chart仓库地址,具体在计算巢的使用中,可以选择使用计算巢Helm Chart部署物,也可以使用用户自己的Chart仓库,下面分别进行介绍。
使用Helm Chart部署物创建服务
使用Helm Chart部署物时,先要进行部署物上传。详细信息,请参见创建部署物。
登录计算巢控制台。
在左侧导航栏中选择我的服务,在我创建的服务区域下单击创建新服务。
在创建新服务界面,配置服务信息。
此处只列举使用Helm Chart部署物创建服务需要特别配置的内容。更多信息,请参见创建私有部署服务。
在模板内容中定义Helm Chart部署物关联的标识位,模板内容的详细信息,请参见服务模板示例。
计算巢提供了
{{ computenest::helmchart::xx }}和{{ computenest::helm::dockerconfigjson }}两个伪参数,分别用来在模板中关联Helm Chart部署物和拉取密钥,并在部署时进行替换。{{ computenest::helmchart::xx }}:Helm部署物占位符,替换成Helm Chart的完整地址。例如:oci://compute-nest-chart-registry.cn-hangzhou.cr.aliyuncs.com/15634578xxxxxxxx/wordpress:15.4.1。{{ computenest::helm::dockerconfigjson }}:拉取Helm Chart仓库的密钥。
服务模板伪参数信息如下:
Resources: FluxHelmDeploy: Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy Version: v1 Properties: ClusterId: Ref: ClusterId ReleaseName: wordpress Namespace: wordpress HelmChartUrl: '{{ computenest::helmchart::test }}' DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}' ChartValues: mariadb: primary: persistence: enabled: true storageClass: alicloud-disk-essd size: 20Gi persistence: enabled: false在部署物关联处,设置Helm关联信息。
单击创建服务。
使用用户提供的Chart仓库
登录计算巢控制台。
在左侧导航栏中,选择我的服务,在我创建的服务页签中,单击创建新服务。
在创建新服务界面,配置服务信息。
此处只列举使用用户提供的Helm仓库创建服务需要特别配置的内容。更多信息,请参见创建私有部署服务。
在模板内容处,填写使用用户提供的Chart仓库,编写模板内容。
对于本身就有Chart仓库的用户,可以直接使用自己的Chart仓库,可以是公开仓库,也可以是私有仓库。
使用用户提供的公开Chart仓库的示例如下:
WordpressComputenestHelmApplication: Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy Version: v1 Properties: ClusterId: ClusterId HelmChartUrl: oci://registry-1.docker.io/bitnamicharts/wordpress:15.4.1 ChartValues: mariadb: primary: persistence: enabled: true storageClass: alicloud-disk-essd size: 100Gi persistence: enabled: false wordpressUsername: Ref: WordpressUsername wordpressPassword: Ref: WordpressPassword Namespace: Ref: 'ALIYUN::StackName' ReleaseName: wordpress当提供的Chart仓库为私有仓库时,
DockerConfigJson需要填写Chart仓库的拉取密钥,生成Chart仓库拉取密钥的方式如下。kubectl create secret docker-registry SECRET_NAME \ --docker-server=SERVER_NAME \ --docker-username=USER_NAME \ --docker-password=Password kubectl get secret SECRET_NAME -o yaml
单击创建服务。
服务模板示例
本示例为WordPress服务以Helm Chart方式部署到ACK上的服务模板。
ROSTemplateFormatVersion: '2015-09-01'
Description:
en: 新建ack部署wordpress
zh-cn: new ack deploy wordpress
Parameters:
CreateAck:
Type: Boolean
Description:
en: An existing ack cluster can be deployed by entering the cluster id. If there is no current cluster, create a new ack cluster before deploying
zh-cn: 已有ack集群输入集群id即可部署,当前无集群先新建ack集群再进行部署
Label:
en: Wether create ack cluster
zh-cn: 是否新建ack集群
Default: true
ClusterId:
Type: String
Description:
en: The ID of Kubernetes ClusterId in which application deployed.
zh-cn: 部署应用程序的K8s集群ID
AllowedPattern: '[0-9a-z]+$'
Default: null
Required: true
Label:
en: Kubernetes ClusterId
zh-cn: K8s集群ID
AssociationProperty: 'ALIYUN::CS::Cluster::ClusterId'
AssociationPropertyMetadata:
RegionId: '${RegionId}'
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- false
PayType:
Type: String
Label:
en: ECS Instance Charge Type
zh-cn: 付费类型
Default: PostPaid
AllowedValues:
- PostPaid
- PrePaid
AssociationProperty: ChargeType
AssociationPropertyMetadata:
LocaleKey: InstanceChargeType
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
PayPeriodUnit:
Type: String
Label:
en: Pay Period Unit
zh-cn: 购买资源时长周期
Default: Month
AllowedValues:
- Month
- Year
AssociationProperty: PayPeriodUnit
AssociationPropertyMetadata:
Visible:
Condition:
Fn::And:
- Fn::Equals:
- ${CreateAck}
- true
- Fn::Not:
Fn::Equals:
- ${PayType}
- PostPaid
PayPeriod:
Type: Number
Description:
en: When the resource purchase duration is Month, the value of Period ranges from 1 to 9, 12, 24, 36, 48, or 60. <br><b><font color='red'> When ECS instance types are PrePaid valid </b></font>
zh-cn: 当购买资源时长为Month时,Period取值:1~9 <br><b><font color='red'>当ECS实例类型为PrePaid有效</b></font>
Label:
en: Period
zh-cn: 购买资源时长
Default: 1
AllowedValues:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
AssociationProperty: PayPeriod
AssociationPropertyMetadata:
Visible:
Condition:
Fn::And:
- Fn::Equals:
- ${CreateAck}
- true
- Fn::Not:
Fn::Equals:
- ${PayType}
- PostPaid
ZoneId:
Type: String
AssociationProperty: ALIYUN::ECS::Instance:ZoneId
Label:
en: Zone ID
zh-cn: 可用区
Default: cn-hangzhou-h
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
VpcId:
Type: String
Label:
en: VPC ID
zh-cn: 专有网络VPC实例ID
Description:
en: >-
Please search the ID starting with (vpc-xxx) from console-Virtual
Private Cloud
zh-cn: 现有虚拟专有网络的实例ID
Default: ''
AssociationProperty: 'ALIYUN::ECS::VPC::VPCId'
AssociationPropertyMetadata:
RegionId: '${RegionId}'
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
VSwitchId:
Type: String
Label:
en: VSwitch ID
zh-cn: 交换机实例ID
Description:
en: >-
Instance ID of existing business network switches, console-Virtual
Private Cloud-VSwitches under query
zh-cn: 现有业务网络交换机的实例ID
Default: ''
AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
AssociationPropertyMetadata:
VpcId: '${VpcId}'
ZoneId: '${ZoneId}'
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
LoginPassword:
NoEcho: true
Type: String
Description:
en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ Special symbol in)
zh-cn: 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ 中的特殊符号)
Label:
en: Instance Password
zh-cn: 实例密码
ConstraintDescription:
en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ Special symbol in)
zh-cn: 长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;<>,.?/ 中的特殊符号)
AssociationProperty: ALIYUN::ECS::Instance::Password
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
AllowedPattern: ^[a-zA-Z0-9-\(\)\`\~\!\@\#\$\%\^\&\*\_\-\+\=\|\{\}\[\]\:\;\<\>\,\.\?\/]*$
MinLength: 8
MaxLength: 30
Default: computenest*12345
WorkerInstanceType:
Type: String
Label:
en: Worker Nodes Types
zh-cn: Worker节点规格
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
AssociationPropertyMetadata:
ZoneId: ${ZoneId}
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
Default: ecs.g6.large
WorkerSystemDiskCategory:
Type: String
AllowedValues:
- cloud_efficiency
- cloud_ssd
- cloud_essd
AssociationPropertyMetadata:
LocaleKey: DiskCategory
InstanceType: ${WorkerInstanceType}
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
Label:
en: Worker System Disk Category
zh-cn: Worker 系统盘磁盘类型
Default: cloud_essd
WorkerSystemDiskSize:
Type: Number
Label:
en: Worker System Disk Size(GB)
zh-cn: Worker节点系统盘大小(GB)
MinValue: 1
Default: 120
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
AckNetworkPlugin:
Type: String
Label:
en: ack plugin network
zh-cn: ack网络插件
AllowedValues:
- Flannel
- Terway
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
Default: Flannel
PodCidr:
Type: String
Description:
zh-cn: 请填写有效的私有网段,即以下网段及其子网:10.0.0.0/8,172.16-31.0.0/12-16,192.168.0.0/16<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font>
en: 'Please fill in a valid private segment, i.e. the following segments and their subnets: 10.0.0.0/8, 172.16-31.0.0/12-16, 192.168.0.0/16<br> which cannot duplicate the network segments already used by clusters in VPC and VPC Kunetberes. <font color=''blue''><b>Cannot be modified after successful creation</b></font>'
Label:
zh-cn: Pod 网络 CIDR
en: Pod Network CIDR
AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::PodCidr
AssociationPropertyMetadata:
Visible:
Condition:
Fn::And:
- Fn::Equals:
- ${CreateAck}
- true
- Fn::Equals:
- ${AckNetworkPlugin}
- Flannel
Default: 10.0.0.0/16
PodVswitchId:
Type: String
Label:
en: VSwitch ID
zh-cn: pod交换机实例ID
Description:
en: >-
Instance ID of existing business network switches, console-Virtual
Private Cloud-VSwitches under query
zh-cn: 建议选择网段掩码不大于 19 的虚拟交换机
Default: ''
AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
AssociationPropertyMetadata:
VpcId: '${VpcId}'
ZoneId: '${ZoneId}'
Visible:
Condition:
Fn::And:
- Fn::Equals:
- ${CreateAck}
- true
- Fn::Equals:
- ${AckNetworkPlugin}
- Terway
ServiceCidr:
Type: String
Description:
zh-cn: 可选范围:10.0.0.0/16-24,172.16-31.0.0/16-24,192.168.0.0/16-24<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。<font color='blue'><b>创建成功后不能修改</b></font>
en: 'Optional range: 10.0.0.0/16-24, 172.16-31.0.0/16-24, 192.168.0.0/16-24<br> cannot duplicate segments already used by existing Kubernetes clusters in VPC and VPC.<font color=''blue''><b>Cannot be modified after successful creation</b></font>'
Label:
zh-cn: Service CIDR
en: Service CIDR
AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::ServiceCidr
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${CreateAck}
- true
Default: 172.16.0.0/16
WordpressUsername:
Type: String
Label:
zh-cn: wordpress用户名
en: wordpress username
Default: user
WordpressPassword:
NoEcho: true
Type: String
Label:
zh-cn: wordpress密码
en: wordpress password
Conditions:
CreateAck:
Fn::Equals:
- true
- Ref: CreateAck
FlannelPluginCondition:
Fn::Equals:
- Ref: AckNetworkPlugin
- Flannel
TerwayPluginCondition:
Fn::Equals:
- Ref: AckNetworkPlugin
- Terway
Resources:
VpcsDataSource:
Type: DATASOURCE::VPC::Vpcs
Properties:
VpcIds:
- Ref: VpcId
EcsSecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Condition: CreateAck
Properties:
SecurityGroupName:
Ref: ALIYUN::StackName
VpcId:
Ref: VpcId
SecurityGroupEgress:
- PortRange: '-1/-1'
Priority: 1
IpProtocol: all
DestCidrIp: 0.0.0.0/0
NicType: intranet
SecurityGroupIngress:
Fn::If:
- FlannelPluginCondition
- - PortRange: '-1/-1'
Priority: 1
IpProtocol: all
SourceCidrIp:
Ref: PodCidr
Description: pod网络访问开放
NicType: intranet
- PortRange: '-1/-1'
Priority: 1
IpProtocol: all
SourceCidrIp:
Fn::Jq:
- First
- .[].CidrBlock
- 'Fn::GetAtt':
- VpcsDataSource
- Vpcs
Description: vpc网络访问开放
NicType: intranet
- PortRange: '-1/-1'
Priority: 1
IpProtocol: icmp
SourceCidrIp: 0.0.0.0/0
Description: icmp协议端口放开
NicType: intranet
- - PortRange: '-1/-1'
Priority: 1
IpProtocol: all
SourceCidrIp:
Fn::Jq:
- First
- .[].CidrBlock
- 'Fn::GetAtt':
- VpcsDataSource
- Vpcs
Description: vpc网络访问开放
NicType: intranet
- PortRange: '-1/-1'
Priority: 1
IpProtocol: icmp
SourceCidrIp: 0.0.0.0/0
Description: icmp协议端口放开
NicType: intranet
ManagedKubernetesCluster:
Type: ALIYUN::CS::ManagedKubernetesCluster
Condition: CreateAck
Properties:
Name:
Ref: ALIYUN::StackName
ChargeType:
Ref: PayType
Period:
Ref: PayPeriod
PeriodUnit:
Ref: PayPeriodUnit
VSwitchIds:
- Ref: VSwitchId
VpcId:
Ref: VpcId
WorkerInstanceTypes:
- Ref: WorkerInstanceType
NumOfNodes: 3
ClusterSpec: ack.pro.small
ContainerCidr:
Fn::If:
- FlannelPluginCondition
- Ref: PodCidr
- Ref: ALIYUN::NoValue
ServiceCidr:
Ref: ServiceCidr
PodVswitchIds:
Fn::If:
- TerwayPluginCondition
- - Ref: PodVswitchId
- Ref: ALIYUN::NoValue
ZoneIds:
- Ref: ZoneId
SecurityGroupId:
Ref: EcsSecurityGroup
WorkerSystemDiskCategory:
Ref: WorkerSystemDiskCategory
WorkerSystemDiskSize:
Ref: WorkerSystemDiskSize
LoginPassword:
Ref: LoginPassword
SnatEntry: true
Addons:
Fn::If:
- FlannelPluginCondition
- - Name: flannel
Config: ''
- - Name: terway-eniip
Config: ''
WordpressComputenestHelmApplication:
Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
Version: v1
Properties:
WaitUntil:
- Kind: Service
Name: wordpress
JsonPath: $.status.loadBalancer.ingress[0].ip
Operator: NotEmpty
FirstMatch: true
Timeout: 300
ClusterId:
Fn::If:
- CreateAck
- Fn::GetAtt:
- ManagedKubernetesCluster
- ClusterId
- Ref: ClusterId
HelmChartUrl: '{{ computenest::helmchart::wordpress }}'
DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}'
ChartValues:
mariadb:
primary:
persistence:
enabled: true
storageClass: alicloud-disk-essd
size: 100Gi
persistence:
enabled: false
wordpressUsername:
Ref: WordpressUsername
wordpressPassword:
Ref: WordpressPassword
Namespace:
Ref: 'ALIYUN::StackName'
ReleaseName: wordpress
Outputs:
# 将公网ip做为http返回的地址显示在控制台
Endpoint:
Description:
zh-cn: 对外暴露的公网IP地址
en: Public IP Addresses
Value:
Fn::Sub:
- "http://${ServerAddress} \n http://${ServerAddress}/admin"
- ServerAddress:
Fn::Select:
- 0
- Fn::GetAtt:
- WordpressComputenestHelmApplication
- WaitUntilData
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- CreateAck
- ClusterId
Label:
en: Whether create ack
zh-cn: 是否新建ack集群
- Parameters:
- PayType
- PayPeriodUnit
- PayPeriod
Label:
en: PayType Configuration
zh-cn: 付费类型配置
- Parameters:
- ZoneId
- VpcId
- VSwitchId
- LoginPassword
Label:
en: Basic Configuration
zh-cn: 基础配置
- Parameters:
- WorkerInstanceType
- WorkerSystemDiskCategory
- WorkerSystemDiskSize
- AckNetworkPlugin
- PodCidr
- PodVswitchId
- ServiceCidr
Label:
en: Kubernetes
zh-cn: Kubernetes配置
- Parameters:
- WordpressUsername
- WordpressPassword
Label:
en: Wordpress Config
zh-cn: Wordpress配置文档内容是否对您有帮助?