206 lines
4.5 KiB
Markdown
206 lines
4.5 KiB
Markdown
# common
|
|
|
|
[Helm Chart 通用函数及工具库](https://helm.sh/docs/topics/library_charts/#helm),用于其他 Helm Chart 仓库引用。
|
|
|
|
## 快速开始
|
|
|
|
在 `Chart.yaml` 中添加依赖:
|
|
|
|
```yaml
|
|
dependencies:
|
|
- name: common
|
|
version: 1.x.x
|
|
repository: oci://registry.colovu.com/chart
|
|
```
|
|
|
|
```console
|
|
helm dependency update
|
|
```
|
|
|
|
之后,可以在应用的`Helm Chart`模板中引用`common`中的定义:
|
|
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ include "common.names.fullname" . }}
|
|
data:
|
|
myvalue: "Hello World"
|
|
```
|
|
|
|
## 环境依赖
|
|
|
|
- Kubernetes 1.23+
|
|
- Helm 3.8.0+
|
|
|
|
## 特殊输入模式
|
|
|
|
### ImageRoot
|
|
|
|
```yaml
|
|
registry:
|
|
type: string
|
|
description: Docker registry where the image is located
|
|
example: docker.io
|
|
|
|
repository:
|
|
type: string
|
|
description: Repository and image name
|
|
example: bitnami/nginx
|
|
|
|
tag:
|
|
type: string
|
|
description: image tag
|
|
example: 1.16.1-debian-10-r63
|
|
|
|
pullPolicy:
|
|
type: string
|
|
description: Specify a imagePullPolicy.'
|
|
|
|
pullSecrets:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: Optionally specify an array of imagePullSecrets (evaluated as templates).
|
|
|
|
debug:
|
|
type: boolean
|
|
description: Set to true if you would like to see extra information on logs
|
|
example: false
|
|
|
|
## An instance would be:
|
|
# registry: docker.io
|
|
# repository: bitnami/nginx
|
|
# tag: 1.16.1-debian-10-r63
|
|
# pullPolicy: IfNotPresent
|
|
# debug: false
|
|
```
|
|
|
|
### Persistence
|
|
|
|
```yaml
|
|
enabled:
|
|
type: boolean
|
|
description: Whether enable persistence.
|
|
example: true
|
|
|
|
storageClass:
|
|
type: string
|
|
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
|
|
example: "-"
|
|
|
|
accessMode:
|
|
type: string
|
|
description: Access mode for the Persistent Volume Storage.
|
|
example: ReadWriteOnce
|
|
|
|
size:
|
|
type: string
|
|
description: Size the Persistent Volume Storage.
|
|
example: 8Gi
|
|
|
|
path:
|
|
type: string
|
|
description: Path to be persisted.
|
|
example: /bitnami
|
|
|
|
## An instance would be:
|
|
# enabled: true
|
|
# storageClass: "-"
|
|
# accessMode: ReadWriteOnce
|
|
# size: 8Gi
|
|
# path: /bitnami
|
|
```
|
|
|
|
### ExistingSecret
|
|
|
|
```yaml
|
|
name:
|
|
type: string
|
|
description: Name of the existing secret.
|
|
example: mySecret
|
|
keyMapping:
|
|
description: Mapping between the expected key name and the name of the key in the existing secret.
|
|
type: object
|
|
|
|
## An instance would be:
|
|
# name: mySecret
|
|
# keyMapping:
|
|
# password: myPasswordKey
|
|
```
|
|
|
|
#### 使用举例
|
|
|
|
当我们将部署所需的敏感数据存储在一个密钥(Secret)中时,有时我们希望为用户提供使用他们现有密钥的可能性。
|
|
|
|
```yaml
|
|
# templates/secret.yaml 中包含以下内容
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "common.names.fullname" . }}
|
|
labels:
|
|
app: {{ include "common.names.fullname" . }}
|
|
type: Opaque
|
|
data:
|
|
password: {{ .Values.password | b64enc | quote }}
|
|
|
|
# templates/dpl.yaml 中包含以下内容
|
|
---
|
|
...
|
|
env:
|
|
- name: PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
|
|
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
|
|
...
|
|
|
|
# values.yaml 中包含以下内容
|
|
---
|
|
existingSecret: "my-other-secret"
|
|
name: mySecret
|
|
keyMapping:
|
|
password: myPasswordKey
|
|
```
|
|
|
|
### ValidateValue
|
|
|
|
#### NOTES.txt
|
|
|
|
```console
|
|
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
|
|
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
|
|
|
|
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
|
|
```
|
|
|
|
If we force those values to be empty we will see some alerts
|
|
|
|
```console
|
|
helm install test mychart --set path.to.value00="",path.to.value01=""
|
|
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
|
|
|
|
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
|
|
|
|
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
|
|
|
|
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d)
|
|
```
|
|
|
|
#### 参考文档
|
|
|
|
- <https://helm.sh/docs/topics/v2_v3_migration/>
|
|
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
|
|
|
|
## License
|
|
|
|
MIT
|
|
|
|
## 版本日志
|
|
|
|
### 1.0.0
|
|
|
|
初始版本
|