第十一章 Helm-kubernetes的包管理器(中)
11.5 chart詳解html
chart由一系列文件組成,這些文件描述了K8s部署應用時須要的資源,好比Servcie、Deployment、PersistentVolmeClaim、Secret、ConfigMap等。node
chart能夠很複雜,部署整個應用,好比包含HTTP servers、Database、消息中間件、Cache等。mysql
chart將這些文件放置在預約義的目錄結構中,一般被打包成tar包,並且標註上版本信息,便於Helm部署。git
11.5.1 chart目錄結構github
一旦安裝了某個chart,就能夠在 ~/.helm/cache/archive中找到chart的tar包。redis
kubeusr@GalaxyKubernetesMaster:~$ ls ~/.helm/cache/archive mysql-0.10.1.tgz redis-3.7.6.tgz
解壓mysql-0.10.1.tgzsql
tar zxvf mysql-0.10.1.tgz -C /homedocker
(1)Chart.yamljson
描述chart的概要信息。bootstrap
appVersion: 5.7.14 description: Fast, reliable, scalable, and easy to use open-source relational database system. engine: gotpl home: https://www.mysql.com/ icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png keywords: - mysql - database - sql maintainers: - email: o.with@sportradar.com name: olemarkus - email: viglesias@google.com name: viglesiasce name: mysql # 必填的 sources: - https://github.com/kubernetes/charts - https://github.com/docker-library/mysql version: 0.10.1 # 必填的
(2) README.md
# MySQL [MySQL](https://MySQL.org) is one of the most popular database servers in the world. Notable users include Wikipedia, Facebook and Google. ## Introduction This chart bootstraps a single node MySQL deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. ## Prerequisites - Kubernetes 1.6+ with Beta APIs enabled - PV provisioner support in the underlying infrastructure ## Installing the Chart To install the chart with the release name `my-release`: ```bash $ helm install --name my-release stable/mysql ``` The command deploys MySQL on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. By default a random password will be generated for the root user. If you'd like to set your own password change the mysqlRootPassword in the values.yaml. You can retrieve your root password by running the following command. Make sure to replace [YOUR_RELEASE_NAME]: printf $(printf '\%o' `kubectl get secret [YOUR_RELEASE_NAME]-mysql -o jsonpath="{.data.mysql-root-password[*]}"`) > **Tip**: List all releases using `helm list` ## Uninstalling the Chart To uninstall/delete the `my-release` deployment: ```bash $ helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. ## Configuration The following table lists the configurable parameters of the MySQL chart and their default values. | Parameter | Description | Default | | -------------------------------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------------- | | `image` | `mysql` image repository. | `mysql` | | `imageTag` | `mysql` image tag. | `5.7.14` | | `imagePullPolicy` | Image pull policy | `IfNotPresent` | | `existingSecret` | Use Existing secret for Password details | `nil` | | `extraVolumes` | Additional volumes as a string to be passed to the `tpl` function | | | `extraVolumeMounts` | Additional volumeMounts as a string to be passed to the `tpl` function | | | `extraInitContainers` | Additional init containers as a string to be passed to the `tpl` function | | | `mysqlRootPassword` | Password for the `root` user. Ignored if existing secret is provided | Random 10 characters | | `mysqlUser` | Username of new user to create. | `nil` | | `mysqlPassword` | Password for the new user. Ignored if existing secret is provided | Random 10 characters | | `mysqlDatabase` | Name for new database to create. | `nil` | | `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | | `livenessProbe.periodSeconds` | How often to perform the probe | 10 | | `livenessProbe.timeoutSeconds` | When the probe times out | 5 | | `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | | `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 | | `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | | `readinessProbe.periodSeconds` | How often to perform the probe | 10 | | `readinessProbe.timeoutSeconds` | When the probe times out | 1 | | `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | | `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 | | `persistence.enabled` | Create a volume to store data | true | | `persistence.size` | Size of persistent volume claim | 8Gi RW | | `persistence.storageClass` | Type of persistent volume claim | nil (uses alpha storage class annotation) | | `persistence.accessMode` | ReadWriteOnce or ReadOnly | ReadWriteOnce | | `persistence.existingClaim` | Name of existing persistent volume | `nil` | | `persistence.subPath` | Subdirectory of the volume to mount | `nil` | | `persistence.annotations` | Persistent Volume annotations | {} | | `nodeSelector` | Node labels for pod assignment | {} | | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image` | Exporter image | `prom/mysqld-exporter` | | `metrics.imageTag` | Exporter image | `v0.10.0` | | `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.resources` | Exporter resource requests/limit | `nil` | | `metrics.livenessProbe.initialDelaySeconds` | Delay before metrics liveness probe is initiated | 15 | | `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | | `metrics.readinessProbe.initialDelaySeconds` | Delay before metrics readiness probe is initiated | 5 | | `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 1 | | `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `100m` | | `configurationFiles` | List of mysql configuration files | `nil` | | `ssl.enabled` | Setup and use SSL for MySQL connections | `false` | | `ssl.secret` | Name of the secret containing the SSL certificates | mysql-ssl-certs | | `ssl.certificates[0].name` | Name of the secret containing the SSL certificates | `nil` | | `ssl.certificates[0].ca` | CA certificate | `nil` | | `ssl.certificates[0].cert` | Server certificate (public key) | `nil` | | `ssl.certificates[0].key` | Server key (private key) | `nil` | | `imagePullSecrets` | Name of Secret resource containing private registry credentials | `nil` | | `initializationFiles` | List of SQL files which are run after the container started | `nil` | | `timezone` | Container and mysqld timezone (TZ env) | `nil` (UTC depending on image) | | `podAnnotations` | Map of annotations to add to the pods | `{}` | Some of the parameters above map to the env variables defined in the [MySQL DockerHub image](https://hub.docker.com/_/mysql/). Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash $ helm install --name my-release \ --set mysqlRootPassword=secretpassword,mysqlUser=my-user,mysqlPassword=my-password,mysqlDatabase=my-database \ stable/mysql ``` The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash $ helm install --name my-release -f values.yaml stable/mysql ``` > **Tip**: You can use the default [values.yaml](values.yaml) ## Persistence The [MySQL](https://hub.docker.com/_/mysql/) image stores the MySQL data and configurations at the `/var/lib/mysql` path of the container. By default a PersistentVolumeClaim is created and mounted into that directory. In order to disable this functionality you can change the values.yaml to disable persistence and use an emptyDir instead. > *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* ## Custom MySQL configuration files The [MySQL](https://hub.docker.com/_/mysql/) image accepts custom configuration files at the path `/etc/mysql/conf.d`. If you want to use a customized MySQL configuration, you can create your alternative configuration files by passing the file contents on the `configurationFiles` attribute. Note that according to the MySQL documentation only files ending with `.cnf` are loaded. ```yaml configurationFiles: mysql.cnf: |- [mysqld] skip-host-cache skip-name-resolve sql-mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION mysql_custom.cnf: |- [mysqld] ``` ## MySQL initialization files The [MySQL](https://hub.docker.com/_/mysql/) image accepts *.sh, *.sql and *.sql.gz files at the path `/docker-entrypoint-initdb.d`. These files are being run exactly once for container initialization and ignored on following container restarts. If you want to use initialization scripts, you can create initialization files by passing the file contents on the `initializationFiles` attribute. ```yaml initializationFiles: first-db.sql: |- CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; second-db.sql: |- CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; ``` ## SSL This chart supports configuring MySQL to use [encrypted connections](https://dev.mysql.com/doc/refman/5.7/en/encrypted-connections.html) with TLS/SSL certificates provided by the user. This is accomplished by storing the required Certificate Authority file, the server public key certificate, and the server private key as a Kubernetes secret. The SSL options for this chart support the following use cases: * Manage certificate secrets with helm * Manage certificate secrets outside of helm ## Manage certificate secrets with helm Include your certificate data in the `ssl.certificates` section. For example: ``` ssl: enabled: false secret: mysql-ssl-certs certificates: - name: mysql-ssl-certs ca: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- cert: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- key: |- -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- ``` > **Note**: Make sure your certificate data has the correct formatting in the values file. ## Manage certificate secrets outside of helm 1. Ensure the certificate secret exist before installation of this chart. 2. Set the name of the certificate secret in `ssl.secret`. 3. Make sure there are no entries underneath `ssl.certificates`. To manually create the certificate secret from local files you can execute: ``` kubectl create secret generic mysql-ssl-certs \ --from-file=ca.pem=./ssl/certificate-authority.pem \ --from-file=server-cert.pem=./ssl/server-public-key.pem \ --from-file=server-key.pem=./ssl/server-private-key.pem ``` > **Note**: `ca.pem`, `server-cert.pem`, and `server-key.pem` **must** be used as the key names in this generic secret. If you are using a certificate your configurationFiles must include the three ssl lines under [mysqld] ``` [mysqld] ssl-ca=/ssl/ca.pem ssl-cert=/ssl/server-cert.pem ssl-key=/ssl/server-key.pem ```
(3) LICENSE
描述chart的許可信息,此文件爲可選。
(4) requirements.yaml
指定chart的依賴關係,安裝過程當中,依賴的chart也會被安裝。
(5) values.yaml
chart支持在安裝時根據參數進行定製化配置,而values.xml則提供了這些配置參數的默認值。
## mysql image version ## ref: https://hub.docker.com/r/library/mysql/tags/ ## image: "mysql" imageTag: "5.7.14" ## Specify password for root user ## ## Default: random 10 character string # mysqlRootPassword: testing ## Create a database user ## # mysqlUser: ## Default: random 10 character string # mysqlPassword: ## Allow unauthenticated access, uncomment to enable ## # mysqlAllowEmptyPassword: true ## Create a database ## # mysqlDatabase: ## Specify an imagePullPolicy (Required) ## It's recommended to change this to 'Always' if the image tag is 'latest' ## ref: http://kubernetes.io/docs/user-guide/images/#updating-images ## imagePullPolicy: IfNotPresent extraVolumes: | # - name: extras # emptyDir: {} extraVolumeMounts: | # - name: extras # mountPath: /usr/share/extras # readOnly: true extraInitContainers: | # - name: do-something # image: busybox # command: ['do', 'something'] # Optionally specify an array of imagePullSecrets. # Secrets must be manually created in the namespace. # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod # imagePullSecrets: # - name: myRegistryKeySecretName ## Node selector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 ## Persist data to a persistent volume persistence: enabled: true ## database data Persistent Volume Storage Class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" accessMode: ReadWriteOnce size: 8Gi annotations: {} ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 256Mi cpu: 100m # Custom mysql configuration files used to override default mysql settings configurationFiles: {} # mysql.cnf: |- # [mysqld] # skip-name-resolve # ssl-ca=/ssl/ca.pem # ssl-cert=/ssl/server-cert.pem # ssl-key=/ssl/server-key.pem # Custom mysql init SQL files used to initialize the database initializationFiles: {} # first-db.sql: |- # CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; # second-db.sql: |- # CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; metrics: enabled: false image: prom/mysqld-exporter imageTag: v0.10.0 imagePullPolicy: IfNotPresent resources: {} annotations: {} # prometheus.io/scrape: "true" # prometheus.io/port: "9104" livenessProbe: initialDelaySeconds: 15 timeoutSeconds: 5 readinessProbe: initialDelaySeconds: 5 timeoutSeconds: 1 ## Configure the service ## ref: http://kubernetes.io/docs/user-guide/services/ service: ## Specify a service type ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types type: ClusterIP port: 3306 # nodePort: 32000 ssl: enabled: false secret: mysql-ssl-certs certificates: # - name: mysql-ssl-certs # ca: |- # -----BEGIN CERTIFICATE----- # ... # -----END CERTIFICATE----- # cert: |- # -----BEGIN CERTIFICATE----- # ... # -----END CERTIFICATE----- # key: |- # -----BEGIN RSA PRIVATE KEY----- # ... # -----END RSA PRIVATE KEY----- ## Populates the 'TZ' system timezone environment variable ## ref: https://dev.mysql.com/doc/refman/5.7/en/time-zone-support.html ## ## Default: nil (mysql will use image's default timezone, normally UTC) ## Example: 'Australia/Sydney' # timezone: # To be added to the database server pod(s) podAnnotations: {}
(6) templates:
k8s各類資源的配置模板都在這。Helm會將values.yaml中的參數值注入模板中,生成標準的YAML配置文件。
模板是chart的最重要的部分,也是Helm最強大的地方。模板增長了應用部署的靈活性,可以適用不一樣的環境。
(7)templates/NOTES.txt
chart的簡易適用文檔。
11.5.2 chart模板
大部分屬性變成了 {{XXX}}。 這些其實是模板語法。 Helm採用GO語言的模板編寫chart。Go模板很是強大,支持變量、對象、函數、流控制等功能。
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "mysql.fullname" . }} # 定義secret的name。關鍵字template的做用是引用一個模板mysql.fullname
labels:
app: {{ template "mysql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
{{ if .Values.mysqlRootPassword }}
mysql-root-password: {{ .Values.mysqlRootPassword | b64enc | quote }}
{{ else }}
mysql-root-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }}
{{ if .Values.mysqlPassword }}
mysql-password: {{ .Values.mysqlPassword | b64enc | quote }}
{{ else }}
mysql-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }}
{{- if .Values.ssl.enabled }}
{{ if .Values.ssl.certificates }}
{{- range .Values.ssl.certificates }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
labels:
app: {{ template "mysql.fullname" $ }}
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
release: "{{ $.Release.Name }}"
heritage: "{{ $.Release.Service }}"
type: Opaque
data:
ca.pem: {{ .ca | b64enc }}
server-cert.pem: {{ .cert | b64enc }}
server-key.pem: {{ .key | b64enc }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
11.5.3 再次實踐MySQL chartt
安裝以前須要清楚chart的使用方法。這些信息保存在values.yaml和README.MD,可使用以下命令查看:
閱讀註釋能夠知道MySQL chart支持哪些參數,安裝前須要哪些準備。
kubeusr@GalaxyKubernetesMaster:~$ helm inspect values stable/mysql #輸出的是Values.yaml的內容 ## mysql image version ## ref: https://hub.docker.com/r/library/mysql/tags/ ## image: "mysql" imageTag: "5.7.14" ## Specify password for root user ## ## Default: random 10 character string # mysqlRootPassword: testing ## Create a database user ## # mysqlUser: ## Default: random 10 character string # mysqlPassword: ## Allow unauthenticated access, uncomment to enable ## # mysqlAllowEmptyPassword: true ## Create a database ## # mysqlDatabase: ## Specify an imagePullPolicy (Required) ## It's recommended to change this to 'Always' if the image tag is 'latest' ## ref: http://kubernetes.io/docs/user-guide/images/#updating-images ## imagePullPolicy: IfNotPresent extraVolumes: | # - name: extras # emptyDir: {} extraVolumeMounts: | # - name: extras # mountPath: /usr/share/extras # readOnly: true extraInitContainers: | # - name: do-something # image: busybox # command: ['do', 'something'] # Optionally specify an array of imagePullSecrets. # Secrets must be manually created in the namespace. # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod # imagePullSecrets: # - name: myRegistryKeySecretName ## Node selector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 ## Persist data to a persistent volume persistence: enabled: true ## database data Persistent Volume Storage Class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" accessMode: ReadWriteOnce size: 8Gi annotations: {} ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 256Mi cpu: 100m # Custom mysql configuration files used to override default mysql settings configurationFiles: {} # mysql.cnf: |- # [mysqld] # skip-name-resolve # ssl-ca=/ssl/ca.pem # ssl-cert=/ssl/server-cert.pem # ssl-key=/ssl/server-key.pem # Custom mysql init SQL files used to initialize the database initializationFiles: {} # first-db.sql: |- # CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; # second-db.sql: |- # CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; metrics: enabled: false image: prom/mysqld-exporter imageTag: v0.10.0 imagePullPolicy: IfNotPresent resources: {} annotations: {} # prometheus.io/scrape: "true" # prometheus.io/port: "9104" livenessProbe: initialDelaySeconds: 15 timeoutSeconds: 5 readinessProbe: initialDelaySeconds: 5 timeoutSeconds: 1 ## Configure the service ## ref: http://kubernetes.io/docs/user-guide/services/ service: ## Specify a service type ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types type: ClusterIP port: 3306 # nodePort: 32000 ssl: enabled: false secret: mysql-ssl-certs certificates: # - name: mysql-ssl-certs # ca: |- # -----BEGIN CERTIFICATE----- # ... # -----END CERTIFICATE----- # cert: |- # -----BEGIN CERTIFICATE----- # ... # -----END CERTIFICATE----- # key: |- # -----BEGIN RSA PRIVATE KEY----- # ... # -----END RSA PRIVATE KEY----- ## Populates the 'TZ' system timezone environment variable ## ref: https://dev.mysql.com/doc/refman/5.7/en/time-zone-support.html ## ## Default: nil (mysql will use image's default timezone, normally UTC) ## Example: 'Australia/Sydney' # timezone: # To be added to the database server pod(s) podAnnotations: {}
chart定義了一個PVC, 申請存儲空間。 由於實驗環境不支持動態供給,因此要先申請:
kubectl apply -f mysql-pv.ymal # 這個文件是自定義的。
接下來就能夠安裝chart了:
2 定製化安裝chart
能夠接受values.yml的默認值,也可定製化,好比設置mysqlRootPassword。Helm支持兩種方法傳遞參數:
(1) 指定本身的values文件, 一般作法是 helm inspect values mysql > myvalues.yaml生成values文件,而後設置mysqlRootPassword,最後執行
helm install --values=myvalues.yaml mysql
(2) 使用--set 直接傳入參數值
helm install stable/mysql --set mysqlRootPassword=abc123-n myNAME: my
經過helm list 和 helm status XXX 能夠查看chart的最新狀態。
11.5.4 升級和回滾release
helm upgrade # 能夠對已經發布的release進行升級 經過--values 或 --set應用新的配置。
helm history my # 能夠查看全部版本
helm rollback my 1 # 能夠回滾到任何版本
相關文章
- 1. (第十章)Web容器安全管理
- 2. 第十一章 故障管理
- 3. 第十一章,日誌管理
- 4. [項目管理]-第十一章:評審
- 5. 第十一章
- 6. 第十章項目質量管理、第十二章人力資源管理
- 7. PMBOK(第六版) PMP筆記——《十一》第十一章(項目風險管理) PMBOK(第六版) PMP筆記——《十一》第十一章(項目風險管理)
- 8. 項目管理筆記-第十一章 項目風險管理
- 9. 第四章 存儲器管理(一)
- 10. 第一章 Spring4 管理Bean
- 更多相關文章...
- • 第一個Spring程序 - Spring教程
- • Rust 組織管理 - RUST 教程
- • Docker容器實戰(六) - 容器的隔離與限制
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
