我们正在使用 Helm 将我们的应用程序部署到 K8s。在 4 个不同的部署文件(每个服务一个)和一个用于迁移的作业文件中,我们必须有一组相同的env变量。每当我们需要添加一个新文件时,我们都需要将它添加到所有 5 个文件中。有没有办法共享这些,所以新的环境变量只需要添加一次,所有 5 个文件都会选择它们(并且永远不会不同步)?
这是部署文件的示例(已编辑可能的敏感值)。
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "helm-chart.fullname" . }}-celery
labels:
app.kubernetes.io/name: {{ include "helm-chart.name" . }}-celery
helm.sh/chart: {{ include "helm-chart.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}-celery
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: worker-celery
spec:
replicas: {{ .Values.replicaCountCelery }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "helm-chart.fullname" . }}-celery
app.kubernetes.io/instance: {{ .Release.Name }}-celery
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "helm-chart.fullname" . }}-celery
app.kubernetes.io/instance: {{ .Release.Name }}-celery
spec:
imagePullSecrets:
- name: {{ .Values.imagePullSecretsName }}
containers:
- name: {{ .Chart.Name }}-celery
image: "{{ .Values.appImage.repository }}:{{ .Values.imageTag }}"
imagePullPolicy: {{ .Values.appImage.pullPolicy }}
command: ["celery"]
args: [REDACTED]
env:
- name: DJANGO_DEBUG
value: "{{ .Values.djangoDebug }}"
- name: DATABASE_NAME
value: "{{ .Values.databaseName }}"
- name: DATABASE_USER
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: DATABASE_HOST
value: "myapp-haproxy.{{ .Release.Namespace }}.svc.cluster.local"
- name: MEMCACHED_HOST
value: "myapp-memcached.{{ .Release.Namespace }}.svc.cluster.local"
- name: SENDGRID_USER
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: SENDGRID_PASSWORD
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: STRIPE_LIVE_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: STRIPE_LIVE_SECRET_KEY
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: OBJECT_STORE_ENDPOINT_URL
value: [REDACTED]
- name: OBJECT_STORE_REGION_NAME
value: [REDACTED]
- name: OBJECT_STORE_KEY_ID
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: OBJECT_STORE_ACCESS_KEY
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: OBJECT_STORE_CDN_URL
value: [REDACTED]
- name: QUICKBOOKS_CLIENT_ID
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: QUICKBOOKS_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: QUICKBOOKS_ENVIRONMENT
value: production
- name: XERO_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: XERO_CONSUMER_SECRET
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: SAGE_CLIENT_ID
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: SAGE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: ACCOUNTANCY_REDIRECT_URI_PREFIX
value: [REDACTED]
resources:
{{- toYaml .Values.celeryResources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
我不确定它是否会增加任何复杂性,但您可以看到有些使用来自values.yaml(例如{{ .Values.djangoDebug }})的变量,有些是指 Kubernetes 机密,有些使用该{{ .Release.Namespace }}变量。
deployment此外,这 4 个文件所需的缩进是相同的,但文件不同job。
我正在尝试共享一堆env值,但也可以选择向某些文件添加一些额外内容。
我希望这是有道理的?并提前感谢您的帮助。
如果我理解正确,您需要的是一个
ConfigMap.基本上你创建一个ConfigMap 并设置一个适当的
key:value. 之后,您使用 createdConfigMap将其值声明为Deployments.在这里您可以找到官方示例:
创建一个包含多个键值对的 ConfigMap。
用于
envFrom将所有ConfigMap’s数据定义为容器环境变量。中的键ConfigMap成为 Pod 中的环境变量名称。现在,Pod 的输出包括环境变量
SPECIAL_LEVEL=very和SPECIAL_TYPE=charm根据您的需求进行调整,如果有帮助,请告诉我。