目标
这里假设,我们已经基本会使用k8s的kubectl命令进行部署了,也已经会自己打docker镜像推送到AWS ECR上面去了。而且,已经在云上准备好了AWS ECR镜像库和AWS EKS的k8s集群了。
这个前提上面,我们今天使用Helm Chart项目准备k8s的yaml配置文件来部署一个最简单的Springboot项目到AWS的k8s集群。
Helm项目结构
.
└── my-kubernetes-app├── configmaps├── crons├── deployments├── hpas├── pdbs├── podpriorities├── pvcs├── services├── statefulsets└── ...
上面这个是网上一位工友总结出来的Helm Chart目录结构。在这之前,还是先了解了解Helm是干什么的吧?Helm自身定位是给k8s的包管理器,但是,他的Helm Chart项目被我们现在这里用于管理生成k8s配置模板,来生成不同环境的k8s yaml配置文件。简单来说,Helm Chart就是一个根据模板生成配置文件的工具。
下面是我这次用的Helm目录结构:
./
├── Chart.yaml
├── templates
│ ├── configmaps
│ │ ├── demo.yaml
│ │ └── demo2.yaml
│ ├── ingress.yaml
│ ├── secrets
│ │ └── mysql.yaml
│ └── services
│ ├── demo.yaml
│ └── demo2.yaml
├── values-prod.yaml
├── values-uat.yaml
└── values.yaml这里只有简单的secrets和services的简单文件夹划分。我这里只做java层面的拆分,数据库共用一个,嗯,我这里是属于伪微服务了。如果要进一步拆分的话,就像上面那位道友那样,把deployments从services里面统统拆出来。我这里是最简形态,比较原始的项目状态,后期,可以在这个基础上面加hpa。算了,精力有限,就先演化到这样吧!
这里我是先使用helm create命令,创建出一个超简单的helm项目的,具体命令如下:
helm create mychart
然后,在这个基础上面逐渐演化到上面那个secrets和services,ingress样子。
Chart.yaml
apiVersion: v2
name: my-demo
description: my-demo# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"这里是Helm Chart基本信息。
values.yaml
ingress:security:groups: cloudfront-only
services:demo:name: demoport: 8080path: /api/demohealth:path: /actuator/healthport: 8081demo2:name: demo2port: 8080path: /api/demo2health:path: /actuator/healthport: 8081
这里设置了ingress的安全组,这个cloudfront-only安全组,主要设置alb主要接收来自cloudfront的流量。这里业务服务的名称,端口,前缀路径,以及健康检查的路径和端口。
values-uat.yaml
replicas: 1
spring:profiles:active: uat
mysql:config:name: mysqlHOST: xxxx-uat.xxxxx.us-east-1.rds.amazonaws.comDB_USERNAME: bXl1c2VybmFtZQ==DB_PASSWORD: bXlwYXNzd29yZA==
docker:services:demo:images: xxxxxxx.dkr.ecr.us-east-1.amazonaws.com/demo:latestname: demodemo2:images: xxxxxxx.dkr.ecr.us-east-1.amazonaws.com/demo2:latestname: demo2这里主要是针对uat环境的设置,主要就是副本数,spring,mysql和docker镜像的配置。
templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: {{ .Chart.Name }}-ingressnamespace: {{ .Release.Namespace }}annotations:alb.ingress.kubernetes.io/load-balancer-name: {{ .Chart.Name }}-ingressalb.ingress.kubernetes.io/security-groups: {{ .Values.ingress.security.groups }}alb.ingress.kubernetes.io/manage-backend-security-group-rules: "true"alb.ingress.kubernetes.io/scheme: internet-facingalb.ingress.kubernetes.io/target-type: ip
spec:ingressClassName: albrules:- http:paths:- backend:service:name: {{ .Values.services.demo.name }}port:number: {{ .Values.services.demo.port }}path: {{ .Values.services.demo.path }}pathType: Prefix这里主要就是k8s的ingress配置,主要就是alb配置和具体服务的网关配置。
templates/secrets/mysql.yaml
apiVersion: v1
data:DB_USERNAME: {{ .Values.mysql.DB_USERNAME }}DB_PASSWORD: {{ .Values.mysql.DB_PASSWORD }}
kind: Secret
metadata:name: {{ .Values.mysql.config.name }}-secretnamespace: {{ .Release.Namespace }}这里是mysql的secrets配置。
templates/services/demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: {{ .Values.services.demo.name }}name: {{ .Values.services.demo.name }}namespace: {{ .Release.Namespace }}
spec:replicas: {{ .Values.replicas }}selector:matchLabels:app: {{ .Values.services.demo.name }}template:metadata:labels:app: {{ .Values.services.demo.name }}spec:containers:- image: {{ .Values.docker.services.demo.images }}name: {{ .Values.docker.services.demo.name }}envFrom:- secretRef:name: {{ .Values.mysql.config.name }}-secret- configMapRef:name: {{ .Values.services.demo.name }}-configmap
# resources:
# requests:
# memory: "2Gi"
# cpu: "2"
# limits:
# memory: "2Gi"
# cpu: "2"# 准备检查,通过则接入流量readinessProbe:httpGet:path: {{ .Values.services.demo.health.path }}port: {{ .Values.services.demo.health.port }}# 活力检查,不通过时重启容器livenessProbe:httpGet:path: {{ .Values.services.demo.health.path }}port: {{ .Values.services.demo.health.port }}
---
apiVersion: v1
kind: Service
metadata:labels:app: demoname: {{ .Values.services.demo.name }}namespace: {{ .Release.Namespace }}annotations:alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.services.demo.health.path }}alb.ingress.kubernetes.io/healthcheck-port: '{{ .Values.services.demo.health.port }}'
spec:ports:- name: httpport: {{ .Values.services.demo.port }}targetPort: {{ .Values.services.demo.port }}selector:app: {{ .Values.services.demo.name }}type: ClusterIP这里主要配置了demo服务的Deployment和Service配置。
templates/services/demo2.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: {{ .Values.services.demo2.name }}name: {{ .Values.services.demo2.name }}namespace: {{ .Release.Namespace }}
spec:replicas: {{ .Values.replicas }}selector:matchLabels:app: {{ .Values.services.demo2.name }}template:metadata:labels:app: {{ .Values.services.demo2.name }}spec:containers:- image: {{ .Values.docker.services.demo2.images }}name: {{ .Values.docker.services.demo2.name }}envFrom:- secretRef:name: {{ .Values.mysql.config.name }}-secret- configMapRef:name: {{ .Values.services.demo2.name }}-configmap
# resources:
# requests:
# memory: "2Gi"
# cpu: "2"
# limits:
# memory: "2Gi"
# cpu: "2"# 准备检查,通过则接入流量readinessProbe:httpGet:path: {{ .Values.services.demo2.health.path }}port: {{ .Values.services.demo2.health.port }}# 活力检查,不通过时重启容器livenessProbe:httpGet:path: {{ .Values.services.demo2.health.path }}port: {{ .Values.services.demo2.health.port }}
---
apiVersion: v1
kind: Service
metadata:labels:app: {{ .Values.services.demo2.name }}name: {{ .Values.services.demo2.name }}namespace: {{ .Release.Namespace }}annotations:alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.services.demo2.health.path }}alb.ingress.kubernetes.io/healthcheck-port: '{{ .Values.services.demo2.health.port }}'
spec:ports:- name: httpport: {{ .Values.services.demo2.port }}targetPort: {{ .Values.services.demo2.port }}selector:app: {{ .Values.services.demo2.name }}type: ClusterIPconfigmaps/demo.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: {{ .Values.services.demo.name }}-configmapnamespace: {{ .Release.Namespace }}
data:SPRING_PROFILES_ACTIVE: {{ .Values.spring.profiles.active }}MYSQL_HOST: {{ .Values.mysql.HOST }}configmaps/demo2.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: {{ .Values.services.demo2.name }}-configmapnamespace: {{ .Release.Namespace }}
data:SPRING_PROFILES_ACTIVE: {{ .Values.spring.profiles.active }}MYSQL_HOST: {{ .Values.mysql.HOST }}Helm部署
helm install -f ./values-uat.yaml my-demo ./ -n my-demo --create-namespace
输出例子:
NAME: my-demo
LAST DEPLOYED: Thu Mar 14 15:19:53 2024
NAMESPACE: my-demo
STATUS: deployed
REVISION: 1
TEST SUITE: None
Helm检查部署
helm ls -n my-demo
结果如下:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
my-demo my-demo 1 2024-03-14 15:19:53.658731 +0800 CST deployed my-demo-0.1.0 1.16.0
kubectl检查
# 检查ingress网关
kubectl get ingress -n my-demo
# 检查svc
kubectl get svc -n my-demo
# 检查deploy
kubectl get deploy -n my-demo
# 检查pods
kubectl get pods -n my-demo
页面检查
这里不涉及cloudfront与alb的配置,这里我们直接通过cloudfront检查我们部署的效果,具体效果如下:
总结
这里主要介绍Helm Chart项目来编写k8s配置文件的项目。哎!现在运维都有要写这么多代码了。
源代码:https://github.com/fxtxz2/helm-chart-demo
参考
- Developer’s Guide to Writing a Good Helm Chart
