chart包尽量把可配置项都提取到values中。
chart/templates/deployment.yaml 文件如下
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chart.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "chart.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "chart.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "chart.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.command }}
command:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.args }}
args:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: DEBUG
value: "{{ .Values.debug }}"
{{- with .Values.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.ports }}
ports:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- with $.Values.persistence }}
- mountPath: {{ .mountPath }}
name: {{ .name }}
{{- end }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- with $.Values.persistence }}
- name: {{ .name }}
persistentVolumeClaim:
claimName: {{ .claimName }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
chart/templates/serviceaccount.yaml 文件如下:
{{- if .Values.serviceAccount.create -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "chart.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "chart.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "chart.serviceAccountName" . }}
rules:
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "patch", "delete" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "chart.serviceAccountName" . }}
subjects:
- kind: ServiceAccount
name: {{ include "chart.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "chart.serviceAccountName" . }}
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "chart.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "watch", "list", "delete", "update", "create" ]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "chart.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: {{ include "chart.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "chart.serviceAccountName" . }}
apiGroup: rbac.authorization.k8s.io
chart/values.yaml 文件如下:
# Default values for chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: "xxx"
tag: "xxx"
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
imagePullSecrets:
- name: xxx
command: [ "manager" ]
args:
- "--metrics-addr=:8080"
- "--leader-elect=false"
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PVC_DIR
value: "/pv"
ports:
- containerPort: 8081
name: healthz
- containerPort: 8080
name: metrics
debug: ""
nameOverride: ""
fullnameOverride: ""
serviceAccount:
create: true
automount: true
annotations: { }
name: "xxx"
podAnnotations: { }
podLabels:
app: xxx
podSecurityContext: { }
securityContext: { }
resources:
requests:
memory: 512Mi
cpu: 500m
limits:
memory: 512Mi
cpu: 500m
livenessProbe:
httpGet:
path: /healthz
port: healthz
failureThreshold: 3
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 65
#readinessProbe:
# httpGet:
# path: /readyz
# port: healthz
volumes:
- name: config
configMap:
name: xxx-config
- name: log-dir
hostPath:
path: /var/log/xxx
type: DirectoryOrCreate
volumeMounts:
- name: config
mountPath: /etc/xxx/
- name: log-dir
mountPath: /var/log/xxx/
persistence:
name: xxx-pvc
claimName: xxx-pvc
mountPath: /pv
nodeSelector: { }
# kubernetes.io/hostname: master
tolerations: [ ]
affinity: { }
service:
type: ""
ingress:
enabled: false
