Plain Manifests¶
Der Plain Manifest-Helper ermöglicht das Erstellen beliebiger Kubernetes-Ressourcen, die nicht durch andere Helper abgedeckt werden.
Übersicht¶
Mit dem Manifest-Helper können Sie jede Kubernetes-Ressource erstellen:
- Custom Resource Definitions (CRDs)
- Custom Resources
- Network Policies
- Pod Disruption Budgets
- Resource Quotas
- Limit Ranges
- Beliebige andere Ressourcen
Basis-Konfiguration¶
manifest:
- apiVersion: v1
kind: ConfigMap
content:
metadata:
name: my-config
namespace: production
data:
key: value
Struktur¶
Jedes Manifest besteht aus:
| Feld | Beschreibung |
|---|---|
apiVersion | Kubernetes API Version (z.B. v1, apps/v1) |
kind | Ressourcen-Typ (z.B. ConfigMap, Service) |
content | Der vollständige Manifest-Inhalt (ohne apiVersion/kind) |
Beispiele¶
Network Policy¶
manifest:
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
content:
metadata:
name: deny-all
namespace: production
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
Pod Disruption Budget¶
manifest:
- apiVersion: policy/v1
kind: PodDisruptionBudget
content:
metadata:
name: api-pdb
namespace: production
spec:
minAvailable: 2
selector:
matchLabels:
app: api
Resource Quota¶
manifest:
- apiVersion: v1
kind: ResourceQuota
content:
metadata:
name: compute-quota
namespace: production
spec:
hard:
requests.cpu: "10"
requests.memory: 20Gi
limits.cpu: "20"
limits.memory: 40Gi
pods: "50"
Limit Range¶
manifest:
- apiVersion: v1
kind: LimitRange
content:
metadata:
name: default-limits
namespace: production
spec:
limits:
- default:
cpu: 500m
memory: 512Mi
defaultRequest:
cpu: 100m
memory: 128Mi
type: Container
Custom Resource¶
manifest:
- apiVersion: cert-manager.io/v1
kind: Certificate
content:
metadata:
name: myapp-tls
namespace: production
spec:
secretName: myapp-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- myapp.example.com
- www.myapp.example.com
Priority Class¶
manifest:
- apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
content:
metadata:
name: high-priority
value: 1000000
globalDefault: false
description: "High priority for critical workloads"
Mehrere Manifests¶
manifest:
# Network Policy
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
content:
metadata:
name: api-network-policy
namespace: production
spec:
podSelector:
matchLabels:
app: api
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress-nginx
ports:
- port: 8080
# Pod Disruption Budget
- apiVersion: policy/v1
kind: PodDisruptionBudget
content:
metadata:
name: api-pdb
namespace: production
spec:
minAvailable: 2
selector:
matchLabels:
app: api
# Horizontal Pod Autoscaler
- apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
content:
metadata:
name: api-hpa
namespace: production
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: api
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
Vollständiges Beispiel¶
# Chart.yaml
apiVersion: v2
name: production-setup
version: 1.0.0
dependencies:
- name: ohmyhelm
alias: infra
repository: https://gitlab.com/ayedocloudsolutions/ohmyhelm
version: 1.13.0
# values.yaml
infra:
# Namespace erstellen
namespaces:
setPreInstallHook: true
spaces:
- name: production
labels:
environment: production
# Infrastruktur-Ressourcen
manifest:
# Resource Quota
- apiVersion: v1
kind: ResourceQuota
content:
metadata:
name: production-quota
namespace: production
spec:
hard:
requests.cpu: "20"
requests.memory: 40Gi
limits.cpu: "40"
limits.memory: 80Gi
pods: "100"
services: "20"
secrets: "50"
configmaps: "50"
# Limit Range
- apiVersion: v1
kind: LimitRange
content:
metadata:
name: default-limits
namespace: production
spec:
limits:
- default:
cpu: 500m
memory: 512Mi
defaultRequest:
cpu: 100m
memory: 128Mi
max:
cpu: 4
memory: 8Gi
min:
cpu: 50m
memory: 64Mi
type: Container
# Default Network Policy
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
content:
metadata:
name: default-deny-ingress
namespace: production
spec:
podSelector: {}
policyTypes:
- Ingress
# Allow Ingress from nginx
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
content:
metadata:
name: allow-ingress-nginx
namespace: production
spec:
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
policyTypes:
- Ingress
Helm Templating¶
Sie können Helm-Templating in Plain Manifests verwenden:
manifest:
- apiVersion: v1
kind: ConfigMap
content:
metadata:
name: dynamic-config
namespace: {{ .Values.namespace }}
data:
environment: {{ .Values.environment }}
replicas: "{{ .Values.replicaCount }}"
Best Practices¶
- Andere Helper bevorzugen - Verwenden Sie Plain Manifests nur wenn kein passender Helper existiert
- Validierung - Testen Sie Manifests mit
kubectl apply --dry-run - API-Versionen prüfen - Verwenden Sie aktuelle, nicht-deprecated API-Versionen
- Dokumentation - Kommentieren Sie komplexe Manifests
- Namespaces explizit setzen - Vermeiden Sie Namespace-Konflikte
Troubleshooting¶
Manifest prüfen¶
# Generierte Manifests anzeigen
helm template my-release ./my-chart -f values.yaml
# Dry-Run
helm install my-release ./my-chart -f values.yaml --dry-run
# Validierung
helm template my-release ./my-chart -f values.yaml | kubectl apply --dry-run=client -f -
Häufige Fehler¶
| Fehler | Ursache | Lösung |
|---|---|---|
unknown field | Falsches API-Schema | API-Dokumentation prüfen |
invalid apiVersion | API-Version nicht verfügbar | Kubernetes-Version prüfen |
already exists | Ressource existiert bereits | Namen ändern oder überschreiben |