首頁>技術>

OpenShift 4 之 GitOps(3)用Helm+ArgoCD部署應用

用Helm建立樣例Chart

1. 建立名為myapp的helm chart,然後可以檢視chart中的deployment.yaml。

$ mkdir helmstuff$ cd helmstuff/ $ helm create myappCreating myapp$ find myapp/myapp/myapp/Chart.yamlmyapp/values.yamlmyapp/.helmignoremyapp/templatesmyapp/templates/ingress.yamlmyapp/templates/deployment.yamlmyapp/templates/service.yamlmyapp/templates/serviceaccount.yamlmyapp/templates/NOTES.txtmyapp/templates/_helpers.tplmyapp/templates/testsmyapp/templates/tests/test-connection.yamlmyapp/charts

# 根據Helm Chart安裝OpenShift應用

1. 建立OpenShift的helmstuff專案,然後通過helm安裝應用。

$ oc new-project helmstuff$ helm install adventure1 myapp/ -n helmstuffNAME: adventure1LAST DEPLOYED: Wed Mar 4 10:37:09 2020NAMESPACE: helmstuffSTATUS: deployedREVISION: 1NOTES:(1). Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace helmstuff -l "app.kubernetes.io/name=myapp,app.kubernetes.io/instance=adventure1" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace helmstuff port-forward $POD_NAME 8080:80

2. 檢視Helm列表。

$ helm listNAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSIONadventure1 helmstuff 1 2020-03-04 10:37:09.669437379 +0000 UTC deployed myapp-0.1.0 1.16.0

3. 檢視pod狀態為CrashLoopBackOff,然後helm中的adventure1,確認結果報錯“Error: pod

adventure1-myapp-test-connection failed”。

```bash$ oc get podNAME READY STATUS RESTARTS AGEadventure1-myapp-5b64cf64cb-r65fk 0/1 CrashLoopBackOff 1 32s $ helm test adventure1Pod adventure1-myapp-test-connection pendingPod adventure1-myapp-test-connection pendingPod adventure1-myapp-test-connection pendingPod adventure1-myapp-test-connection pendingPod adventure1-myapp-test-connection runningNAME: adventure1LAST DEPLOYED: Wed Mar 4 10:37:09 2020NAMESPACE: helmstuffSTATUS: deployedREVISION: 1TEST SUITE: adventure1-myapp-test-connectionLast Started: Wed Mar 4 10:38:18 2020Last Completed: Wed Mar 4 10:38:29 2020Phase: FailedNOTES:(1). Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace helmstuff -l "app.kubernetes.io/name=myapp,app.kubernetes.io/instance=adventure1" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace helmstuff port-forward $POD_NAME 8080:80Error: pod adventure1-myapp-test-connection failed```

4. 上面錯誤是由於許可權問題。執行以下命令為容器中的操作使用者提權。

$ oc adm policy add-scc-to-user anyuid -z adventure1-myappsecuritycontextconstraints.security.openshift.io/anyuid added to: ["system:serviceaccount:helmstuff:adventure1-myapp"]

5. 先從helm中刪除adventure1,然後重新建立helm的adventure1,最後再用helm測試adventure1,確認這次可測通過。

$ helm uninstall adventure1release "adventure1" uninstalled $ helm install adventure1 myapp/NAME: adventure1LAST DEPLOYED: Wed Mar 4 10:45:21 2020NAMESPACE: helmstuffSTATUS: deployedREVISION: 1NOTES:(1). Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace helmstuff -l "app.kubernetes.io/name=myapp,app.kubernetes.io/instance=adventure1" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace helmstuff port-forward $POD_NAME 8080:80 $ helm test adventure1Pod adventure1-myapp-test-connection pendingPod adventure1-myapp-test-connection pendingPod adventure1-myapp-test-connection pendingPod adventure1-myapp-test-connection pendingPod adventure1-myapp-test-connection succeededNAME: adventure1LAST DEPLOYED: Wed Mar 4 10:45:21 2020NAMESPACE: helmstuffSTATUS: deployedREVISION: 1TEST SUITE: adventure1-myapp-test-connectionLast Started: Wed Mar 4 10:45:40 2020Last Completed: Wed Mar 4 10:45:50 2020Phase: SucceededNOTES:(1). Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace helmstuff -l "app.kubernetes.io/name=myapp,app.kubernetes.io/instance=adventure1" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace helmstuff port-forward $POD_NAME 8080:80從Helm Chat匯出要部署的應用物件

1. 建立manifest目錄,讓後將helm中名為adventure1的manifest匯出到manifest/adventure1.yaml。

$ mkdir manifest$ helm get manifest adventure1 > manifest/adventure1.yaml

2. 檢視匯出的manifest/adventure1.yaml檔案內容。

$ cat manifest/adventure1.yaml將應用資源配置檔案推送至Github的Repo

1. 依次執行以下命令,將myapp應用資源推送的自己的Github賬戶中。

$ git initInitialized empty Git repository in /home/xiaoyliu-redhat.com/helmstuff/.git/$ git add *$ git commit -m "initial commit of helm chart and working manifest"[master (root-commit) c03cd60] initial commit of helm chart and working manifest Committer: GTPE Student <[email protected]>Your name and email address were configured automatically basedon your username and hostname. Please check that they are accurate.You can suppress this message by setting them explicitly: git config --global user.name "Your Name" git config --global user.email [email protected] After doing this, you may fix the identity used for this commit with: git commit --amend --reset-author 11 files changed, 416 insertions(+) create mode 100644 manifest/adventure1.yaml create mode 100644 myapp/.helmignore create mode 100644 myapp/Chart.yaml create mode 100644 myapp/templates/NOTES.txt create mode 100644 myapp/templates/_helpers.tpl create mode 100644 myapp/templates/deployment.yaml create mode 100644 myapp/templates/ingress.yaml create mode 100644 myapp/templates/service.yaml create mode 100644 myapp/templates/serviceaccount.yaml create mode 100644 myapp/templates/tests/test-connection.yaml create mode 100644 myapp/values.yaml$ git remote add origin https://github.com/YOUR-GITHUB/gitops-helm-argocd.git$ git push -u origin masterUsername for 'https://github.com': liuxiaoyu-gitPassword for 'https://[email protected]':Counting objects: 17, done.Delta compression using up to 2 threads.Compressing objects: 100% (15/15), done.Writing objects: 100% (17/17), 5.30 KiB | 0 bytes/s, done.Total 17 (delta 0), reused 0 (delta 0)To https://github.com/liuxiaoyu-git/gitops-helm-argocd.git * [new branch] master -> masterBranch master set up to track remote branch master from origin.根據Github的配置建立OpenShift的應用資源

1. 將Github資源加到ArgoCD中的Repo。

$ argocd repo add https://github.com/YOUR-GITHUB/gitops-helm-argocd.gitrepository 'https://github.com/liuxiaoyu-git/gitops-helm-argocd.git' added$ argocd repo listTYPE NAME REPO INSECURE LFS CREDS STATUS MESSAGEgit https://github.com/liuxiaoyu-git/gitops-helm-argocd.git false false false Successful

2. 新建一個名為adventure1的ArgoCD應用,用它在github中的配置資源與OpenShift中的helmstuff專案建立關聯。

$ argocd app create --project default --name adventure1 --repo https://github.com/liuxiaoyu-git/gitops-helm-argocd.git --path manifest --dest-server https://kubernetes.default.svc --dest-namespace helmstuff --revision master --sync-policy noneapplication 'adventure1' created

3. 進入ArgoCD的控制檯,檢視adventure1應用。確認當前OpenShift的用資源和Github Repo中的資源是“Synced”的。

自動調整OpenShift的配置,以保持和Github中的配置同步

1. 根據名為adventure1-myapp的OpenShift Service物件市場一個新的物件:adventure1-mybad。

$ oc get svc adventure1-myapp -o json | jq 'del(.spec.clusterIP)' | sed "s/adventure1-myapp/adventure1-mybad/g" | oc create -f -service/adventure1-mybad created$ oc get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEadventure1-myapp ClusterIP 172.30.12.170 <none> 80/TCP 3h38madventure1-mybad ClusterIP 172.30.225.179 <none> 80/TCP 10s

2. 此時可在ArgoCD控制檯中的adventure1應用介面中看到已經是“OutOfSync”狀態,且在名為adventure1-mybad的Service下方顯示了黃色標記。

3. 修改ArgoCD中adventure1應用的配置,然後通過ArgoCD控制檯確認名為adventure1-mybad的Service已經被刪除。

$ argocd app set adventure1 --sync-policy automated --auto-prune --self-heal$ oc get svcNAME               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGEadventure1-myapp   ClusterIP   172.30.12.170   <none>        80/TCP    3h59m

4. 刪除本專案中OpenShift的Deployment物件,確認ArgoCD會自動根據Github的配置重新建立一個新的Deployment物件。

$ oc delete deployment adventure1-myapp && oc get pods -wdeployment.extensions "adventure1-myapp" deletedNAME                                READY   STATUS              RESTARTS   AGEadventure1-myapp-5b64cf64cb-l9p5g   1/1     Terminating         1          3h47madventure1-myapp-test-connection    0/1     Completed           0          3h47mNAME                                READY   STATUS              RESTARTS   AGEadventure1-myapp-5b64cf64cb-l9p5g   1/1     Terminating         1          3h47madventure1-myapp-5b64cf64cb-l9p5g   0/1     Terminating         1          3h47madventure1-myapp-5b64cf64cb-l9p5g   0/1     Terminating         1          3h47madventure1-myapp-5b64cf64cb-2kf2n   0/1     ContainerCreating   0          10sadventure1-myapp-5b64cf64cb-2kf2n   0/1     ContainerCreating   0          18sadventure1-myapp-5b64cf64cb-2kf2n   0/1     Running             0          18sadventure1-myapp-5b64cf64cb-2kf2n   1/1     Running             0          19s
將Github中的新版配置同步更新至OpenShift

1. 先設定ArogCD,關閉Github和OpenShift自動同步配置的功能。

$ argocd app set adventure1 --sync-policy none

2. 修改現有Helm Chart,將version從“0.1.0”改為“0.1.1”,將appVersion從“1.16.0”改為“1.16.1”.

$ sed -i 's/1.16.0/1.16.1/g' myapp/Chart.yaml$ sed -i 's/0.1.0/0.1.1/g' myapp/Chart.yaml$ cat myapp/Chart.yaml

3. 更新Helm中的adventure1配置,並檢視改配置修改前後的變化。

$ helm listNAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSIONadventure1      helmstuff       1               2020-03-04 10:45:21.981629148 +0000 UTC deployed        myapp-0.1.0     1.16.0 $ helm upgrade adventure1 myapp/Release "adventure1" has been upgraded. Happy Helming!NAME: adventure1LAST DEPLOYED: Wed Mar  4 14:49:11 2020NAMESPACE: helmstuffSTATUS: deployedREVISION: 2NOTES:(1). Get the application URL by running these commands:  export POD_NAME=$(kubectl get pods --namespace helmstuff -l "app.kubernetes.io/name=myapp,app.kubernetes.io/instance=adventure1" -o jsonpath="{.items[0].metadata.name}")  echo "Visit http://127.0.0.1:8080 to use your application"  kubectl --namespace helmstuff port-forward $POD_NAME 8080:80 $ helm listNAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSIONadventure1      helmstuff       2               2020-03-04 14:49:11.760250994 +0000 UTC deployed        myapp-0.1.1     1.16.1

4. 通過命令和控制檯檢視ArgoCD的adventure1應用的同步狀態,發現此時對於變化的配置,OpenShift和Github是沒有同步的。

5. 在ArdoCD控制檯中檢視Service的詳細配置,其中在DIFF中顯示了這個服務在OpenShift和Github的配置差異。

6. 用helm重新生成manifest/adventure1.yaml檔案

$ helm get manifest adventure1 > manifest/adventure1.yaml

7. 比較新舊版adventure1.yaml檔案後,將本地變化的配置檔案提交到Github。

$ git diff manifest/adventure1.yaml$ git add *$ git commit -m "updated app version and manifests"[master b844df1] updated app version and manifests Committer: GTPE Student <[email protected]>Your name and email address were configured automatically basedon your username and hostname. Please check that they are accurate.You can suppress this message by setting them explicitly:     git config --global user.name "Your Name"    git config --global user.email [email protected] After doing this, you may fix the identity used for this commit with:     git commit --amend --reset-author  2 files changed, 9 insertions(+), 9 deletions(-) $ git push origin masterUsername for 'https://github.com': liuxiaoyu-gitPassword for 'https://[email protected]':Counting objects: 11, done.Delta compression using up to 2 threads.Compressing objects: 100% (5/5), done.Writing objects: 100% (6/6), 534 bytes | 0 bytes/s, done.Total 6 (delta 3), reused 0 (delta 0)remote: Resolving deltas: 100% (3/3), completed with 3 local objects.To https://github.com/liuxiaoyu-git/gitops-helm-argocd.git   c03cd60..b844df1  master -> master

8. 再次開啟ArgoCD的同步選項,然後在ArgoCD控制檯中確認應用的狀態應為“Synced”狀態。

194

Bash

最新評論
  • BSA-TRITC(10mg/ml) TRITC-BSA 牛血清白蛋白改性標記羅丹明
  • 用node.js做一個測試api服務