add helm template article

030be2f8 · 阳明的博客 · 1a78159c · 030be2f8 · 030be2f8 · 030be2f8
6 changed file
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -64,4 +64,5 @@
 * [Helm 的安装使用](docs/42.Helm安装.md)
 * [Helm 的基本使用](docs/43.Helm基本使用.md)
 * [Helm 模板之内置函数和Values](docs/44.Helm模板之内置函数和Values.md)
-* [Helm 模板之管道与控制结构](docs/45.Helm模板之管道与控制结构.md)
+* [Helm 模板之模板函数与管道](docs/45.Helm模板之模板函数与管道.md)
+* [Helm 模板之控制流程](docs/46.Helm模板之控制流程.md)
--- a/dashboard/dashboard.yaml
+++ b/dashboard/dashboard.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ------------------- Dashboard Secret ------------------- #
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-certs
+  namespace: kube-system
+type: Opaque
+
+---
+# ------------------- Dashboard Service Account ------------------- #
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+
+---
+# ------------------- Dashboard Role & Role Binding ------------------- #
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubernetes-dashboard-minimal
+  namespace: kube-system
+rules:
+  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create"]
+  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["create"]
+  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+- apiGroups: [""]
+  resources: ["secrets"]
+  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
+  verbs: ["get", "update", "delete"]
+  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+- apiGroups: [""]
+  resources: ["configmaps"]
+  resourceNames: ["kubernetes-dashboard-settings"]
+  verbs: ["get", "update"]
+  # Allow Dashboard to get metrics from heapster.
+- apiGroups: [""]
+  resources: ["services"]
+  resourceNames: ["heapster"]
+  verbs: ["proxy"]
+- apiGroups: [""]
+  resources: ["services/proxy"]
+  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
+  verbs: ["get"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubernetes-dashboard-minimal
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubernetes-dashboard-minimal
+subjects:
+- kind: ServiceAccount
+  name: kubernetes-dashboard
+  namespace: kube-system
+
+---
+# ------------------- Dashboard Deployment ------------------- #
+
+kind: Deployment
+apiVersion: apps/v1beta2
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: kubernetes-dashboard
+  template:
+    metadata:
+      labels:
+        k8s-app: kubernetes-dashboard
+    spec:
+      containers:
+      - name: kubernetes-dashboard
+        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+        args:
+          - --auto-generate-certificates
+          # Uncomment the following line to manually specify Kubernetes API server Host
+          # If not specified, Dashboard will attempt to auto discover the API server and connect
+          # to it. Uncomment only if the default does not work.
+          # - --apiserver-host=http://my-address:port
+        volumeMounts:
+        - name: kubernetes-dashboard-certs
+          mountPath: /certs
+          # Create on-disk volume to store exec logs
+        - mountPath: /tmp
+          name: tmp-volume
+        livenessProbe:
+          httpGet:
+            scheme: HTTPS
+            path: /
+            port: 8443
+          initialDelaySeconds: 30
+          timeoutSeconds: 30
+      volumes:
+      - name: kubernetes-dashboard-certs
+        secret:
+          secretName: kubernetes-dashboard-certs
+      - name: tmp-volume
+        emptyDir: {}
+      serviceAccountName: kubernetes-dashboard
+      # Comment the following tolerations if Dashboard must not be deployed on master
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+
+---
+# ------------------- Dashboard Service ------------------- #
+
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+spec:
+  ports:
+    - port: 443
+      targetPort: 8443
+  type: NodePort
+  selector:
+    k8s-app: kubernetes-dashboard
--- a/dashboard/mac.token
+++ b/dashboard/mac.token
+eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1wc3BtZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjczM2M4OTU1LWI4YmYtMTFlOC1iMzc4LTAyNTAwMDAwMDAwMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.J1Ii8-bSEe86_ORS97Xqe7yNz3ET2x7mfV9VW4bojbOM212Dv8jnpDbP7ZAQYaTXnr5_QkVAWv5Qqqng4OzeR3ykW1u51x6oyH2F_wFGPB2xwgow-2UTLy5dsRrPkiMv3lcPJ34BaVbjojzfLUI0Vvl8DPID_tvuZzlX1AVCgoQutOFAMQgmCnlezspisYjTJVgFD2vd7hVe5jN16r1oNRn9EYK3xAHyum3L9HcMg3cnOPFf8WlhVyAkMeFGG8qNjWtzW6gmXkyaM3NATh7-YdM9hKqkgm2DmvCkkB_NNtchhU_EdwD0xt4VcNQZQHFaYWYxmpmeJPBFPewdL-76mw
\ No newline at end of file
--- a/docs/45.Helm模板之管道与控制结构.md
+++ b/docs/45.Helm模板之管道与控制结构.md
--- a/docs/46.Helm模板之控制流程.md
+++ b/docs/46.Helm模板之控制流程.md
-46. Helm 模板之控制流程
+# 46. Helm 模板之控制流程

 `模板函数和管道`是通过转换信息并将其插入到`YAML`文件中的强大方法。但有时候需要添加一些比插入字符串更复杂一些的模板逻辑。这就需要使用到模板语言中提供的控制结构了。

@@ -278,4 +278,88 @@ data:
 我们可以看到`courselist`按照我们的要求循环出来了。除了 list 或者 tuple，range 还可以用于遍历具有键和值的集合（如map 或 dict），这个就需要用到变量的概念了。

 ## 变量
+前面我们已经学习了函数、管理以及控制流程的使用方法，我们知道编程语言中还有一个很重要的概念叫：**变量**，在 Helm 模板中，使用变量的场合不是特别多，但是在合适的时候使用变量可以很好的解决我们的问题。如下面的模板：
+```yaml
+{{- with .Values.course }}
+k8s: {{ .k8s | upper | quote }}
+python: {{ .python | repeat 3 | quote }}
+release: {{ .Release.Name }}
+{{- end }}
+```
+
+我们在`with`语句块内添加了一个`.Release.Name`对象，但这个模板是错误的，编译的时候会失败，这是因为`.Release.Name`不在该`with`语句块限制的作用范围之内，我们可以将该对象赋值给一个变量可以来解决这个问题：
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-configmap
+data:
+  {{- $releaseName := .Release.Name -}}
+  {{- with .Values.course }}
+  k8s: {{ .k8s | upper | quote }}
+  python: {{ .python | repeat 3 | quote }}
+  release: {{ $releaseName }}
+  {{- end }}
+```
+
+我们可以看到我们在`with`语句上面增加了一句`{{- $releaseName := .Release.Name -}}`，其中`$releaseName`就是后面的对象的一个引用变量，它的形式就是`$name`，赋值操作使用`:=`，这样`with`语句块内部的`$releaseName`变量仍然指向的是`.Release.Name`，同样，我们 DEBUG 下查看结果：
+```shell
+$ helm install --dry-run --debug .
+[debug] Created tunnel using local port: '45474'
+
+......
+
+---
+# Source: mychart/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nosy-seagull-configmap
+data:
+  k8s: "DEVOPS"
+  python: "djangodjangodjango"
+  release: nosy-seagull
+```
+
+可以看到已经正常了，另外变量在`range`循环中也非常有用，我们可以在循环中用变量来同时捕获索引的值：
+```yaml
+courselist:
+{{- range $index, $course := .Values.courselist }}
+- {{ $index }}: {{ $course | title | quote }}
+{{- end }}
+```
+
+例如上面的这个列表，我们在`range`循环中使用`$index`和`$course`两个变量来接收后面列表循环的索引和对应的值，最终可以得到如下结果：
+```yaml
+helm install --dry-run --debug .
+[debug] Created tunnel using local port: '38876'
+
+......
+
+---
+# Source: mychart/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vetoed-anaconda-configmap
+data:
+  courselist:
+  - 0: "K8s"
+  - 1: "Python"
+  - 2: "Search"
+  - 3: "Golang"
+```
+
+我们可以看到 courselist 下面将索引和对应的值都打印出来了，实际上具有键和值的数据结构我们都可以使用`range`来循环获得二者的值，比如我们可以对`.Values.course`这个字典来进行循环：
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-configmap
+data:
+  {{- range $key, $value := .Values.course }}
+  {{ $key }}: {{ $value | quote }}
+  {{- end }}
+```

+直接使用`range`循环，用变量`$key`、`$value`来接收字段`.Values.course`的键和值。这就是变量在 Helm 模板中的使用方法。
--- a/jenkins/rbac.yaml
+++ b/jenkins/rbac.yaml
@@ -27,7 +27,7 @@ rules:

 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
  name: jenkins
  namespace: kube-ops
@@ -38,4 +38,4 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: jenkins
-    namespace: kube-ops
+    namespace: kube-ops
\ No newline at end of file