通过Terraform安装 Kustomize资源,请参考 my repo
如:
module "example_custom_manifests" {source= "kbst.xyz/catalog/custom-manifests/kustomization"version = "0.3.0"configuration_base_key = "default"configuration = {default = {resources = ["${path.root}/../../infra/emissary-ingress-init/sre-mgmt-dev"]common_labels = {"env" = "dev"}}}}Test建一个nginx service 测试下
helm install my-nginx bitnami/nginx --set service.type="ClusterIP" -n nginx --create-namespacecurl
% curl https://dev.wadexu.cloud<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style>html { color-scheme: light dark; }body { width: 35em; margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>Welcome to nginx!</h1><p>If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.</p><p>For online documentation and support please refer to<a href="http://nginx.org/">nginx.org</a>.<br/>Commercial support is available at<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p></body></html>FAQ1. 这个error 代表 tls-secret 有问题,确保正确创建
error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version2. Connection refused, 最大的可能是 Listeners 没有配置好 。
curl: (7) Failed to connect to dev.wadexu.cloud port 443 after 255 ms: Connection refused3. CRDs 没创建 。
│ Error: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "my-resolver" namespace: "emissary-system" from "": no matches for kind "KubernetesEndpointResolver" in version "getambassador.io/v2"│ ensure CRDs are installed first, resource mapping not found for name: "ambassador" namespace: "emissary-system" from "": no matches for kind "Module" in version "getambassador.io/v2"│ ensure CRDs are installed first]注意: If helm provider > 2.7.0, plan will prompt this error. Workaround is apply CRDs first. `terraform apply -target helm_release.emissary_crds` 然后 apply 剩下的资源 。所以用helm provider <= 2.6.0一次性创建比较好 。这个问题已经有人在github 提过issue了 。 另外,TLSContext 里面的 secret_namespacing 不work,issue, 但不影响,我的例子把tls-secret放在kind: Host下面 。 感谢阅读,如果您觉得本文的内容对您的学习有所帮助,您可以打赏和推荐,您的鼓励是我创作的动力 。
经验总结扩展阅读
- 华为云 MRS 基于 Apache Hudi 极致查询优化的探索实践
- 栖云异梦金属星球怎么摆放顺序
- 云原生之旅 - 8)云原生时代的网关 Ingress Nginx
- 云原生之旅 - 7)部署Terrform基础设施代码的自动化利器 Atlantis
- 飞云防盗门质量怎么样?
- 云顶之弈玉龙半神狗熊阵容怎么玩
- 云吞是馄饨吗
- 云南最出名的8道名菜 云南旅游必吃美食
- 云南什么水果最出名 盘点云南最著名的10种水果
- 京东云开发者|经典同态加密算法Paillier解读 - 原理、实现和应用