Kubernetes 2组注释的头盔模板
我目前有一个头盔模板,用于定义为Kubernetes 2组注释的头盔模板,kubernetes,kubernetes-helm,hashicorp-vault,Kubernetes,Kubernetes Helm,Hashicorp Vault,我目前有一个头盔模板,用于定义为 apiVersion: apps/v1 kind: Deployment metadata: name: demo labels: {{- include "demo.labels" . | nindent 4 }} app.kubernetes.io/component: "server" spec: replicas: {{ .Values.replicaCount }} selecto
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo
labels:
{{- include "demo.labels" . | nindent 4 }}
app.kubernetes.io/component: "server"
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: demo
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: "server"
template:
metadata:
{{- with .Values.deployment.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
对于注释,它工作得很好,因为我们可以从values.yml传入注释。但是,现在我还想在模板中添加一组具有预定义值的vault注释:
{{- if .Values.vault.enabled -}}
vault.hashicorp.com/agent-inject: {{ .Values.vault.enabled | quote }}
vault.hashicorp.com/agent-cache-enable: "true"
vault.hashicorp.com/agent-cache-use-auto-auth-token: "force"
vault.hashicorp.com/role: {{ .Values.vault.role | quote }}
vault.hashicorp.com/ca-cert: "/run/secrets/kubernetes.io/serviceaccount/ca.crt"
vault.hashicorp.com/agent-init-first: "true"
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
{{- $systemcontext := .Values.vault.systemcontext -}}
{{- $releasename := .Release.Name -}}
{{- range .Values.vault.secretkeys}}
{{- $secretpath := printf "kv/%s/restricted/%s/%s" $systemcontext $releasename . }}
{{- $annotatefilename := printf "vault.hashicorp.com/agent-inject-secret-%s.yaml" . }}
{{ $annotatefilename }}: {{ $secretpath }}
{{ $annotatefilename }}: |
{{ printf "%s%s%s" `{{- with secret ` ($secretpath | quote) ` -}}{{ range $k, $v := .Data.data }}{{ $k }}: {{ $v }}
{{ end }}{{- end -}}`}}
{{- end -}}
如何定义模板,使其能够呈现两组批注,即使vault.enabled=false或deployment.annotations为空值
例如我们的values.yml:
deployment:
annotations:
test-annotation: "hello world"
test2-annotations: "foo"
vault:
enabled: true
role: myrole
systemcontext: "foo"
谢谢您可以将附加注释集定义为命名模板,该模板将发出
key:value
对,并在第一列对齐
{{-define“annotations.vault”}
{{-if.Values.vault.enabled-}
vault.hashicorp.com/agent-inject:{{.Values.vault.enabled | quote}
...
{{end-}}
{{end-}}
然后,当需要使用它时,可以使用Helminclude
扩展来调用它。这将返回一个字符串,因此您可以将其与indent
组合以适当地缩进
原始模板代码使用with
跳过注释:
如果没有任何内容,则完全阻止,因此您可以在顶层使用相同的技术。(如果控件被禁用,则需要注意模板不会发出任何信息,甚至不会发出新行。)
元数据:
标签:{as:over}
{{-with include“annotations.vault.}
{-.|缩进4}
{{-end}
在pod规范中,注释可能来自两个地方。创建语法有效的annotations:
块的最简单方法是包含一个人工key:value
对:
spec:
template:
metadata:
annotations:
_: '' # meaningless, but forces a YAML dictionary
{{- with .Values.deployment.annotations }}
{{- toYaml . | indent 8 }}
{{- end }}
{{- with include "annotations.vault" . }}
{{- indent 8 . }}
{{- end }}
或者,您可以将这两个注释集捕获到变量中,并在此基础上执行逻辑
spec:
template:
metadata:
{{- $a := .Values.deployment.annotations }}
{{/* if $a then (toYaml $a) else "" end */}}
{{- $manual := $a | ternary (toYaml $a) "" }}
{{- $vault := include "annotations.vault" . }}
{{- $annotations := printf "%s%s" $manual $vault }}
{{- with $annotations }}
annotations: {{- nindent 8 . }}
{{- end }}