[英]Create namespace and secret, do patch only if not existing
In my CI I'm running a helm upgrade
command to release an app.在我的 CI 中,我正在运行helm upgrade
命令来发布应用程序。 But if it is a non existing app, I have to create the namespace, a secret and patch the serviceaccount.但如果它是一个不存在的应用程序,我必须创建命名空间、一个秘密并修补服务帐户。 So I come up with this:所以我想出了这个:
kubectl create namespace ${namespace} --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret docker-registry gitlab-registry --namespace ${namespace} --docker-server="\${CI_REGISTRY}" --docker-username="\${CI_DEPLOY_USER}" --docker-password="\${CI_DEPLOY_PASSWORD}" --docker-email="\${GITLAB_USER_EMAIL}" -o yaml --dry-run=client | kubectl apply -f -
kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"gitlab-registry"}]}' --namespace ${namespace}
This is working, but I think it is not the perfect way as these three steps should only be done once.这是可行的,但我认为这不是完美的方法,因为这三个步骤只能执行一次。 : Only if app/namespace/secret is not existing : 仅当 app/namespace/secret 不存在时
Helm provides the --create-namespace
switch that will create the namespace of the release if it does not already exist. Helm 提供了--create-namespace
开关,如果它不存在,它将创建发布的命名空间。
The secret can be added in your helm chart and you can pass the variables ( CI_REGISTRY
, CI_DEPLOY_USER
, etc.) in as helm chart values either as --set
values or via the values.yaml
file and using --values
秘密可以添加到您的 helm 图表中,您可以将变量( CI_REGISTRY
、 CI_DEPLOY_USER
等)作为 helm 图表值作为--set
值或通过values.yaml
文件并使用--values
The service account patching you can do as a post-install and/or a post-upgrade job ( https://helm.sh/docs/topics/charts_hooks/ )您可以作为安装后和/或升级后作业进行的服务帐户修补 ( https://helm.sh/docs/topics/charts_hooks/ )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.