如何使用 ytt 将 sidecar 容器添加到现有的 Kubernetes Deployment 中?
How to use ytt to add a sidecar container to an existing Kubernetes Deployment?
我想将一个流利的代理作为边车容器添加到现有的 Istio Ingress Gateway Deployment that is generated via external tooling (istioctl). I figured using ytt and its overlays 将是实现此目的的好方法,因为它应该让我附加一个额外的 container Deployment 和一些额外的 volumes,同时完整保留生成的 YAML 的其余部分。
这是一个近似于 istio-ingressgateay 的占位符 Deployment 以帮助可视化结构:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-ingressgateway
namespace: istio-system
spec:
selector:
matchLabels:
app: istio-ingressgateway
template:
metadata:
labels:
app: istio-ingressgateway
spec:
containers:
- args:
- example-args
command: ["example-command"]
image: gcr.io/istio/proxyv2
imagePullPolicy: Always
name: istio-proxy
volumes:
- name: example-volume-secret
secret:
secretName: example-secret
- name: example-volume-configmap
configMap:
name: example-configmap
我想为此添加一个容器,如下所示:
- name: fluent-bit
image: fluent/fluent-bit
resources:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 10Mi
volumeMounts:
- name: fluent-bit-config
mountPath: /fluent-bit/etc
- name: varlog
mountPath: /var/log
- name: dockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
和 volumes 看起来像:
- name: fluent-bit-config
configMap:
name: ingressgateway-fluent-bit-forwarder-config
- name: varlog
hostPath:
path: /var/log
- name: dockercontainers
hostPath:
path: /var/lib/docker/containers
我通过修改 ytt playground 中的 overylay files example 设法破解了一些东西,看起来像这样:
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata":{"name":"istio-ingressgateway"}}),expects=1
---
spec:
template:
spec:
containers:
#@overlay/append
- name: fluent-bit
image: fluent/fluent-bit
resources:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 10Mi
volumeMounts:
- name: fluent-bit-config
mountPath: /fluent-bit/etc
- name: varlog
mountPath: /var/log
- name: dockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata":{"name":"istio-ingressgateway"}}),expects=1
---
spec:
template:
spec:
volumes:
#@overlay/append
- name: fluent-bit-config
configMap:
name: ingressgateway-fluent-bit-forwarder-config
#@overlay/append
- name: varlog
hostPath:
path: /var/log
#@overlay/append
- name: dockercontainers
hostPath:
path: /var/lib/docker/containers
不过,我想知道的是,使用 ytt 执行此操作的最佳、最惯用的方法是什么?
谢谢!
你现在有的就是好!我要提出的一个建议是,如果卷和容器总是 需要 加在一起,则将它们组合到同一个覆盖层中,如下所示:
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata":{"name":"istio-ingressgateway"}}),expects=1
---
spec:
template:
spec:
containers:
#@overlay/append
- name: fluent-bit
image: fluent/fluent-bit
resources:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 10Mi
volumeMounts:
- name: fluent-bit-config
mountPath: /fluent-bit/etc
- name: varlog
mountPath: /var/log
- name: dockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
#@overlay/append
- name: fluent-bit-config
configMap:
name: ingressgateway-fluent-bit-forwarder-config
#@overlay/append
- name: varlog
hostPath:
path: /var/log
#@overlay/append
- name: dockercontainers
hostPath:
path: /var/lib/docker/containers
这将保证在任何时候添加容器时,也将包括适当的卷。
我想将一个流利的代理作为边车容器添加到现有的 Istio Ingress Gateway Deployment that is generated via external tooling (istioctl). I figured using ytt and its overlays 将是实现此目的的好方法,因为它应该让我附加一个额外的 container Deployment 和一些额外的 volumes,同时完整保留生成的 YAML 的其余部分。
这是一个近似于 istio-ingressgateay 的占位符 Deployment 以帮助可视化结构:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-ingressgateway
namespace: istio-system
spec:
selector:
matchLabels:
app: istio-ingressgateway
template:
metadata:
labels:
app: istio-ingressgateway
spec:
containers:
- args:
- example-args
command: ["example-command"]
image: gcr.io/istio/proxyv2
imagePullPolicy: Always
name: istio-proxy
volumes:
- name: example-volume-secret
secret:
secretName: example-secret
- name: example-volume-configmap
configMap:
name: example-configmap
我想为此添加一个容器,如下所示:
- name: fluent-bit
image: fluent/fluent-bit
resources:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 10Mi
volumeMounts:
- name: fluent-bit-config
mountPath: /fluent-bit/etc
- name: varlog
mountPath: /var/log
- name: dockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
和 volumes 看起来像:
- name: fluent-bit-config
configMap:
name: ingressgateway-fluent-bit-forwarder-config
- name: varlog
hostPath:
path: /var/log
- name: dockercontainers
hostPath:
path: /var/lib/docker/containers
我通过修改 ytt playground 中的 overylay files example 设法破解了一些东西,看起来像这样:
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata":{"name":"istio-ingressgateway"}}),expects=1
---
spec:
template:
spec:
containers:
#@overlay/append
- name: fluent-bit
image: fluent/fluent-bit
resources:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 10Mi
volumeMounts:
- name: fluent-bit-config
mountPath: /fluent-bit/etc
- name: varlog
mountPath: /var/log
- name: dockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata":{"name":"istio-ingressgateway"}}),expects=1
---
spec:
template:
spec:
volumes:
#@overlay/append
- name: fluent-bit-config
configMap:
name: ingressgateway-fluent-bit-forwarder-config
#@overlay/append
- name: varlog
hostPath:
path: /var/log
#@overlay/append
- name: dockercontainers
hostPath:
path: /var/lib/docker/containers
不过,我想知道的是,使用 ytt 执行此操作的最佳、最惯用的方法是什么?
谢谢!
你现在有的就是好!我要提出的一个建议是,如果卷和容器总是 需要 加在一起,则将它们组合到同一个覆盖层中,如下所示:
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata":{"name":"istio-ingressgateway"}}),expects=1
---
spec:
template:
spec:
containers:
#@overlay/append
- name: fluent-bit
image: fluent/fluent-bit
resources:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 10Mi
volumeMounts:
- name: fluent-bit-config
mountPath: /fluent-bit/etc
- name: varlog
mountPath: /var/log
- name: dockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
#@overlay/append
- name: fluent-bit-config
configMap:
name: ingressgateway-fluent-bit-forwarder-config
#@overlay/append
- name: varlog
hostPath:
path: /var/log
#@overlay/append
- name: dockercontainers
hostPath:
path: /var/lib/docker/containers
这将保证在任何时候添加容器时,也将包括适当的卷。