验证FluxCD在host cluster控制remote cluster #657
chengleqi
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
1. host cluster获得remote cluster的kubeconfig
2. 创建访问remote cluster用到的secret
kubectl -n devops-project create secret generic remote-cluster \ --from-file=value.yaml=/root/.kube/remote-kubeconfig如果HelmRelease或者Kustomization中的spec.kubeconfig字段被指定了,helm-controller和kustomize-controller将在host cluster对remote cluster中的helm或者kustomization应用进行调谐。
helm-controller使用secret对remote cluster进行访问,该secret和HelmRelease需要在同一个namespace下,spec.kubeConfig.secretRef默认的key是value和value.yaml
ref: https://fluxcd.io/docs/components/helm/helmreleases/#remote-clusters--cluster-api
3. 创建helm应用
manifest ref: https://fluxcd.io/docs/components/helm/helmreleases/#helmrelease-dependencies
kubectl apply -f pod-info-helmrepo.yaml,kubectl apply -f pod-info-helmrelease.yaml在host cluster中可以看到helmrepository和helmrelease
因为ArgoCD中的argoproj.io/Application只能被安装在argocd namespace中,所以kubesphere中有可能多个devops项目用了同一个argocd app的名称而导致的命名冲突问题。而flux中的helmrepository和helmrelease可以被创建在任意namespace内,所以可以将helmrelease安装在对应的kubesphere devops项目的名称空间下,就可以避免命名冲突问题。
在remote cluster中可以看到
HelmRelease如果设置了spec.storageNamespace(这里是remote-devops-project)字段,
helm ls命令会在这个被指定的namespace中看见该helm storage,spec.targetNamespace(这里是app)可以指定helm应用安装的namespace。将该svc改为NodePort,访问成功。
Beta Was this translation helpful? Give feedback.
All reactions