一、Helm管理公司内微服务¶
1.1 环境准备¶
1.1.1 创建Helm工作目录¶
创建工作目录
[root@k8s-master01 ~]# mkdir helm
1.1.2 部署ingress-nginx¶
下面简单了解一下Ingress Controller安装:
1、打开https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters官网链接,下载配置文件
[root@k8s-master01 ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/baremetal/deploy.yaml
2、重新定义这个yaml文件
$ vim deploy-ingrss.yaml
# 391行修改为kind: DaemonSet
...
...
391 kind: DaemonSet
...
...
# 409行-412行修改为daemonSet相关内容
409 updateStrategy:
410 type: RollingUpdate
411 rollingUpdate:
412 maxUnavailable: 1
...
...
# 421行下面新增hostNetwork: true
...
...
422 hostNetwork: true
...
...
# 444行修改镜像为国内镜像registry.cn-hangzhou.aliyuncs.com/github_images1024/controller:v1.12.0
...
...
444 image: registry.cn-hangzhou.aliyuncs.com/github_images1024/controller:v1.12.0
...
...
# 503行修改为dnsPolicy: ClusterFirstWithHostNet
...
...
503 dnsPolicy: ClusterFirstWithHostNet
...
...
# 505行下面添加标签ingress: "true"
...
...
506 ingress: "true"
...
...
# 547行修改镜像为国内镜像registry.cn-hangzhou.aliyuncs.com/github_images1024/kube-webhook-certgen:v1.5.0
...
...
547 image: registry.cn-hangzhou.aliyuncs.com/github_images1024/kube-webhook-certgen:v1.5.0
...
...
# 601行修改镜像为国内镜像registry.cn-hangzhou.aliyuncs.com/github_images1024/kube-webhook-certgen:v1.5.0
...
...
601 image: registry.cn-hangzhou.aliyuncs.com/github_images1024/kube-webhook-certgen:v1.5.0
...
...
修改后的文件内容:
[root@k8s-master01 ~]# cat deploy-ingress.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
name: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: v1
data: null
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-controller
namespace: ingress-nginx
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
ports:
- appProtocol: https
name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: ClusterIP
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
spec:
hostNetwork: true
containers:
- args:
- /nginx-ingress-controller
- --election-id=ingress-nginx-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.cn-hangzhou.aliyuncs.com/github_images1024/controller:v1.12.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: 82
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
kubernetes.io/os: linux
ingress: "true"
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission-create
namespace: ingress-nginx
spec:
template:
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission-create
spec:
containers:
- args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.cn-hangzhou.aliyuncs.com/github_images1024/kube-webhook-certgen:v1.5.0
imagePullPolicy: IfNotPresent
name: create
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission-patch
namespace: ingress-nginx
spec:
template:
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission-patch
spec:
containers:
- args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.cn-hangzhou.aliyuncs.com/github_images1024/kube-webhook-certgen:v1.5.0
imagePullPolicy: IfNotPresent
name: patch
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: nginx
spec:
controller: k8s.io/ingress-nginx
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.12.0
name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: ingress-nginx-controller-admission
namespace: ingress-nginx
path: /networking/v1/ingresses
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: validate.nginx.ingress.kubernetes.io
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
sideEffects: None
3、给k8s-node02节点添加标签
[root@k8s-master01 ~]# kubectl label node k8s-node02 ingress=true
4、部署ingress-nginx
[root@k8s-master01 ~]# kaf deploy-ingress.yaml
5、验证
观察到pod启动成功
[root@k8s-master01 ~]# kg po -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-47bj5 0/1 Completed 0 3m44s
ingress-nginx-admission-patch-tch4x 0/1 Completed 1 3m44s
ingress-nginx-controller-lmln5 1/1 Running 0 3m44s
[root@k8s-master01 ~]# kg ingressclass
NAME CONTROLLER PARAMETERS AGE
nginx k8s.io/ingress-nginx <none> 29m
在k8s-node02节点观察到nginx进程
[root@k8s-node02 ~]# netstat -lntup | grep nginx
tcp 0 0 127.0.0.1:10246 0.0.0.0:* LISTEN 4893/nginx: master
tcp 0 0 127.0.0.1:10247 0.0.0.0:* LISTEN 4893/nginx: master
tcp 0 0 127.0.0.1:10245 0.0.0.0:* LISTEN 4873/nginx-ingress-
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4893/nginx: master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4893/nginx: master
tcp 0 0 0.0.0.0:8181 0.0.0.0:* LISTEN 4893/nginx: master
tcp6 0 0 :::80 :::* LISTEN 4893/nginx: master
tcp6 0 0 :::8443 :::* LISTEN 4873/nginx-ingress-
tcp6 0 0 :::443 :::* LISTEN 4893/nginx: master
tcp6 0 0 :::8181 :::* LISTEN 4893/nginx: master
tcp6 0 0 :::10254 :::* LISTEN 4873/nginx-ingress-
1.2 Helm管理微服务¶
1、创建chart模板
[root@k8s-master01 ~]# cd helm/
# 创建一个chart
[root@k8s-master01 ~]# cd helm/
[root@k8s-master01 helm]# helm create demo-ui
2、删除无用文件
[root@k8s-master01 helm]# cd demo-ui/templates/
[root@k8s-master01 templates]# rm -f hpa.yaml serviceaccount.yaml
3、修改deployment.yaml文件
[root@k8s-master01 ~]# vim helm/demo-ui/templates/deployment.yaml
# 修改第21行内容
21 {{- include "demo-ui.selectorLabels" . | nindent 8 }}
# 修改第37行内容
37 image: "{{ .Values.image.repository }}"
完整配置文件
[root@k8s-master01 ~]# egrep -v "#|^$" helm/demo-ui/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "demo-ui.fullname" . }}
labels:
{{- include "demo-ui.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "demo-ui.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "demo-ui.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "demo-ui.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
4、修改_helpers.tpl文件
[root@k8s-master01 ~]# vim helm/demo-ui/templates/_helpers.tpl
# 第48行下添加如下内容
49 app: {{ include "demo-ui.name" . }}
完整配置文件
[root@k8s-master01 ~]# egrep -v "#|^$" helm/demo-ui/templates/_helpers.tpl
{{/*
Expand the name of the chart.
*/}}
{{- define "demo-ui.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "demo-ui.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "demo-ui.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "demo-ui.labels" -}}
helm.sh/chart: {{ include "demo-ui.chart" . }}
{{ include "demo-ui.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "demo-ui.selectorLabels" -}}
app: {{ include "demo-ui.name" . }}
app.kubernetes.io/name: {{ include "demo-ui.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "demo-ui.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "demo-ui.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
5、修改values.yaml文件
[root@k8s-master01 ~]# cd helm/demo-ui/
[root@k8s-master01 demo-ui]# vim values.yaml
# 修改第10行内容
10 repository: registry.cn-hangzhou.aliyuncs.com/abroad_images/demo-ui:v0.0.1
# 修改第25行内容
25 create: false
# 修改第61和62行内容
61 enabled: true
62 className: "nginx"
# 修改第67行内容
67 - host: demo.test.nginx
# 在第89行内容添加以下内容
89 livenessProbe:
90 tcpSocket:
91 port: 80
# 注释掉92-94行内容
92 # httpGet:
93 # path: /
94 # port: http
# 在第95行内容添加以下内容
95 readinessProbe:
96 tcpSocket:
97 port: 80
# 注释掉98-100行内容
98 # httpGet:
99 # path: /
100 # port: http
检查values.yaml文件是否存在语法问题,观察到不存在语法问题
[root@k8s-master01 demo-ui]# helm lint
==> Linting .
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, 0 chart(s) failed
完整values.yaml配置文件
[root@k8s-master01 demo-ui]# egrep -v "#|^$" values.yaml
replicaCount: 1
image:
repository: registry.cn-hangzhou.aliyuncs.com/abroad_images/demo-ui:v0.0.1
pullPolicy: IfNotPresent
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
create: false
automount: true
annotations: {}
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
securityContext: {}
service:
type: ClusterIP
port: 80
ingress:
enabled: true
className: "nginx"
annotations: {}
hosts:
- host: demo.test.nginx
paths:
- path: /
pathType: ImplementationSpecific
tls: []
resources: {}
livenessProbe:
tcpSocket:
port: 80
readinessProbe:
tcpSocket:
port: 80
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
volumes: []
volumeMounts: []
nodeSelector: {}
tolerations: []
affinity: {}
模拟部署
[root@k8s-master01 demo-ui]# helm template demo-ui .
---
# Source: demo-ui/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: demo-ui
labels:
helm.sh/chart: demo-ui-0.1.0
app: demo-ui
app.kubernetes.io/name: demo-ui
app.kubernetes.io/instance: demo-ui
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app: demo-ui
app.kubernetes.io/name: demo-ui
app.kubernetes.io/instance: demo-ui
---
# Source: demo-ui/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-ui
labels:
helm.sh/chart: demo-ui-0.1.0
app: demo-ui
app.kubernetes.io/name: demo-ui
app.kubernetes.io/instance: demo-ui
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app: demo-ui
app.kubernetes.io/name: demo-ui
app.kubernetes.io/instance: demo-ui
template:
metadata:
labels:
app: demo-ui
app.kubernetes.io/name: demo-ui
app.kubernetes.io/instance: demo-ui
spec:
serviceAccountName: default
securityContext:
{}
containers:
- name: demo-ui
securityContext:
{}
image: "registry.cn-hangzhou.aliyuncs.com/abroad_images/demo-ui:v0.0.1"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
tcpSocket:
port: 80
readinessProbe:
tcpSocket:
port: 80
resources:
{}
---
# Source: demo-ui/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: demo-ui
labels:
helm.sh/chart: demo-ui-0.1.0
app: demo-ui
app.kubernetes.io/name: demo-ui
app.kubernetes.io/instance: demo-ui
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
ingressClassName: nginx
rules:
- host: "demo.test.nginx"
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: demo-ui
port:
number: 80
---
# Source: demo-ui/templates/tests/test-connection.yaml
apiVersion: v1
kind: Pod
metadata:
name: "demo-ui-test-connection"
labels:
helm.sh/chart: demo-ui-0.1.0
app: demo-ui
app.kubernetes.io/name: demo-ui
app.kubernetes.io/instance: demo-ui
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['demo-ui:80']
restartPolicy: Never
6、真实部署
[root@k8s-master01 demo-ui]# helm install demo-ui . -n demo --create-namespace
NAME: demo-ui
LAST DEPLOYED: Thu Mar 27 20:44:22 2025
NAMESPACE: demo
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
http://demo.test.nginx/
# 查看pod
[root@k8s-master01 demo-ui]# kgp -n demo
NAME READY STATUS RESTARTS AGE
demo-ui-5b99d8495b-5b7kj 1/1 Running 0 11s
# 查看svc
[root@k8s-master01 demo-ui]# kg svc -n demo
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
demo-ui ClusterIP 10.107.209.175 <none> 80/TCP 69s
# 查看ingress
[root@k8s-master01 demo-ui]# kg ingress -n demo
NAME CLASS HOSTS ADDRESS PORTS AGE
demo-ui nginx demo.test.nginx 10.0.0.22 80 102s
7、测试访问,观察到访问正常
[root@k8s-master01 demo-ui]# echo "10.0.0.22 demo.test.nginx" >> /etc/hosts
[root@k8s-master01 demo-ui]# curl demo.test.nginx
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Vite + Vue</title>
<script type="module" crossorigin src="/assets/index-c04d2758.js"></script>
<link rel="stylesheet" href="/assets/index-819d4460.css">
</head>
<body>
<div id="app"></div>
</body>
</html>
8、环境复原
[root@k8s-master01 demo-ui]# helm delete demo-ui -n demo