Helm Deploy to K8s

# Helm Deploy to K8s ## Pre Requirements 1. Manual create Namespace 2. Manual create TLS Secrets (for ingress https) ## Step ### 1. Create Helm Template 建立 helm 的設定檔 ``` bash helm create {template name} ex. helm create customer ``` **Template Name:** 會影響 Charts.yaml 裡面的名稱，從 Charts 出發的名稱都會被這個影響到 [目錄結構](https://helm.sh/zh/docs/helm/helm_create/) ### 2. Update Values.yaml 基本上就是把之後需要被取代掉或可重複使用的值在這邊定義，後續 helm 會自動把值填入到 templates 資料夾裡面的各個 yaml ``` yaml # Default values for schedulev2. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 environment: "" image: repository: "" pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" labels: role: "" app: "customer" imagePullSecrets: [] nameOverride: "customer" fullnameOverride: "customer" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP port: 80 ingress: enabled: true className: "" annotations: kubernetes.io/ingress.class: addon-http-application-routing # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: test.domain.com paths: - path: / pathType: ImplementationSpecific tls: - secretName: tls-secrets # 需預先建立在 k8s，且 name 需跟這裡一樣 hosts: - test.domain.com resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 200m memory: 128Mi requests: cpu: 100m memory: 64Mi livenessProbe: enabled: false setting: httpGet: path: / port: 80 initialDelaySeconds: 15 timeoutSeconds: 2 readinessProbe: enabled: false setting: httpGet: path: / port: 80 initialDelaySeconds: 15 timeoutSeconds: 2 # if not set auto scaling, pod will use "replicaCount" set at deployment autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} ``` ### 3. Update _helpers.tpl _helpers.tpl 是一個客製 template 的檔案，可以把一些常用的參數放在這裡，就不用每個檔案都重寫一份，而且也可以寫一些條件式之類的 ``` gotpl {{/* Create the name of the service to use Example: {environment}-{fullName} => dev-customer 如果要使用的話，可以在別的檔案內寫成這樣: {{ include "customer.namespace" . }} */}} {{- define "customer.namespace" -}} {{- default "" (printf "%s-%s" .Values.environment (include "customer.fullname" .)) | lower }} {{- end }} ``` ### 4. Create Deployment.yaml 基本上就是把現有的 deployment.yaml 複製過來，然後把參數用 values.yaml 的值替換掉 ``` yaml apiVersion: "apps/v1" kind: "Deployment" metadata: # 把 template 裡面定義的 customer.appFullName 注入到這裡，後面也可以用參數接起來再利用 name: {{ include "customer.appFullName" . }} namespace: {{ include "customer.namespace" . }} labels: # 把 template 裡面定義的 customer.labels 注入到這裡，並且會從第一個字開始空4格 {{- include "customer.labels" . | nindent 4 }} # 把 values.yaml 裡面定義的 labels.role 注入到這邊 role: {{ .Values.labels.role }} app: {{ .Values.labels.app }} env: {{ .Values.environment }} spec: # 如果 values.yaml 裡面的 autoscaling.enabled 是 false 則會 render 出 if-end 中間的區塊 {{- if not .Values.autoscaling.enabled }} # replicas: {{ .Values.replicaCount }} {{- end }} progressDeadlineSeconds: 300 minReadySeconds: 5 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 revisionHistoryLimit: 20 selector: matchLabels: role: {{ .Values.labels.role }} app: {{ .Values.labels.app }} env: {{ .Values.environment }} template: metadata: labels: role: {{ .Values.labels.role }} app: {{ .Values.labels.app }} env: {{ .Values.environment }} spec: restartPolicy: "Always" containers: - name: "app" imagePullPolicy: {{ .Values.image.pullPolicy }} # 組合字串並加上額外文字 image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" env: - name: ASPNETCORE_ENVIRONMENT # 將 | 前面的文字轉換為小寫 value: {{ .Values.environment | lower }} ports: - name: http protocol: TCP containerPort: {{ .Values.service.port }} resources: # 把 values.yaml 裡面定義的 resources 注入到這邊，並且轉換成 yaml 格式，且每行都會空12格 {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.livenessProbe.enabled }} livenessProbe: {{- toYaml .Values.livenessProbe.setting | nindent 12 }} {{- end}} {{- if .Values.readinessProbe.enabled }} readinessProbe: {{- toYaml .Values.readinessProbe.setting | nindent 12 }} {{- end}} ``` ### 5. Create Service.yaml 基本上就是把現有的 Service.yaml 複製過來，然後把參數用 values.yaml 的值替換掉 ``` yaml apiVersion: v1 kind: Service metadata: name: {{ include "customer.appFullName" . }} namespace: {{ include "customer.namespace" . }} labels: {{- include "customer.labels" . | nindent 4 }} role: {{ .Values.labels.role }} app: {{ .Values.labels.app }} env: {{ .Values.environment }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} targetPort: http protocol: TCP name: http selector: role: {{ .Values.labels.role }} app: {{ .Values.labels.app }} env: {{ .Values.environment }} ``` ### 6. Create Ingress.yaml 直接用檔案預設產生的來改比較快，因為 Ingress 比較容易踩到 SemVer 版本的問題 ### 7. Deploy to K8s 先透過 command 建立好不會透過 CICD 每次都異動的資源 ``` # Create namespace in K8s # Create tls secrets in k8s ``` 透過 helm 佈署到 k8s 上 ``` bash helm upgrade --install --namespace {Helm Namespace} {Release Name} {Chart File Path} ``` [Helm Upgrade](https://helm.sh/docs/helm/helm_upgrade/) ###### tags: `Helm`