use*_*394 2 kubernetes kubectl kubernetes-helm
我想kubectl从升级前运行命令helm hook,但我似乎看不到任何有关如何实现此目的的文档。
我是否必须创建一个包含以下内容的 docker 映像kubectl才能实现此目的?
或者有什么方法可以在不使用容器的情况下实现这一目标?
我有一个基本的helm hook,看起来像这样
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Chart.Name }}-change-pvc-hook
labels:
app: {{ .Chart.Name }}
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
spec:
template:
metadata:
name: "{{.Release.Name}}"
labels:
app: {{ .Chart.Name }}
spec:
restartPolicy: Never
containers:
- name: pre-upgrade-change-pvc
如果有人可以解释如何kubectl在没有容器的情况下运行或者我如何实现这一点,那就太好了
您可以像 Prometheus 操作员在其 helm 图表中进行清理(预删除挂钩)一样进行操作:prometheus 操作员 kubectl 用法
基本上,你可以使用 image =k8s.gcr.io/hyperkube:v1.12.1
类似这样的东西:
apiVersion: batch/v1
kind: Job
metadata:
name:somename-operator-cleanup
namespace: somenamespace
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "3"
"helm.sh/hook-delete-policy": hook-succeeded
labels:
app: someapp-operator
spec:
template:
metadata:
name: somename-operator-cleanup
labels:
app: someapp
spec:
{{- if .Values.global.rbac.create }}
serviceAccountName: {{ template "prometheus-operator.operator.serviceAccountName" . }}
{{- end }}
containers:
- name: kubectl
image: "k8s.gcr.io/hyperkube:v1.12.1"
imagePullPolicy: "IfNotPresent"
command:
- /bin/sh
- -c
- >
kubectl your command here.
kubectl delete alertmanager --all;
kubectl delete prometheus --all;
kubectl delete prometheusrule --all;
kubectl delete servicemonitor --all;
sleep 10;
kubectl delete crd alertmanagers.monitoring.coreos.com;
kubectl delete crd prometheuses.monitoring.coreos.com;
kubectl delete crd prometheusrules.monitoring.coreos.com;
kubectl delete crd servicemonitors.monitoring.coreos.com;
kubectl delete crd podmonitors.monitoring.coreos.com;
restartPolicy: OnFailure
其他选项是 CURL 到 Kubernetes API,如下所示
,注意您需要automountServiceAccountToken: true
,然后您可以使用 Barear 令牌/var/run/secrets/kubernetes.io/serviceaccount/token
你只需要一张带有卷曲的图像即可。您可以使用 zakkg3/opennebula-alpine-bootstrap 来实现此目的。
例如,我在这里使用curl而不是kubectl基于文件创建一个秘密:
url -s -X POST -k https://kubernetes.default.svc/api/v1/namespaces/${NAMESPACE}/secrets \
-H "Authorization: Bearer $( cat /var/run/secrets/kubernetes.io/serviceaccount/token )" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d "{ \"kind\": \"Secret\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"{{ include "opennebula.fullname" . }}-ssh-keys\", \"namespace\": \"${NAMESPACE}\" }, \"type\": \"Opaque\", \"data\": { \"authorized_keys\": \"$( cat opennebula-ssh-keys/authorized_keys | base64 | tr -d '\n' )\", \"config\": \"$( cat opennebula-ssh-keys/config | base64 | tr -d '\n' )\", \"id_rsa\": \"$( cat opennebula-ssh-keys/id_rsa | base64 | tr -d '\n' )\", \"id_rsa.pub\": \"$( cat opennebula-ssh-keys/id_rsa.pub | base64 | tr -d '\n' )\" } }" > /dev/null
请注意输出到 > /dev/null 的良好做法,否则您最终将在日志管理(ELK / LOKI)中得到此输出。
| 归档时间: |
|
| 查看次数: |
6020 次 |
| 最近记录: |