一、Helm概述
1.Helm簡介
helm類似於Linxu系統下的包管理工具,如yum、apt等,主要用於Kubernetes應用程序 Chart的創建、打包、發佈以及創建和管理本地和遠程的Chart倉庫。
2.Helm組件
- helm:本地客戶端工具,主要用於kubernetes應用chart的創建/打包/發佈以及創建和管理和遠程Chart倉庫。
- Tiller:helm的服務端,部署於kubernetes內,Tiller接受helm的請求,並根據chart生成kubernetes部署文件(helm稱爲release),然後提交給 Kubernetes創建應用。Tiller還提供了Release的升級、刪除、回滾等一系列功能。
- Chart:helm的軟件包,採用tar格式,其中包含運行一個應用所需的所有鏡像/依賴/資源定義等,還可能包含kubernetes集羣中服務定義,類似於yum的rpm文件
- Release:在kubernetes中集羣中運行的一個Chart實例,在同一個集羣上,一個Chart可以安裝多次,每次安裝均會生成一個新的release。
- Repository:用於發佈和存儲Chart的倉庫
二、Helm部署
1.安裝Helm
# wget https://get.helm.sh/helm-v2.14.3-linux-amd64.tar.gz
# tar -zxvf helm-v2.14.3-linux-amd64.tar.gz
# cp linux-amd64/helm /usr/bin/
# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Error: could not find tiller
2.安裝Tiller
tiller所在的節點需要安裝socat
- helm默認使用 “https://kubernetes-charts.storage.googleapis.com” 作爲缺省的 stable repository 的地址,由於國內無法訪問需要替換爲阿里的
# helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.14.3 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
# kubectl get pod -n kube-system | grep tiller
tiller-deploy-6867df9fc6-f575p 1/1 Running 0 3m50s
# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
3.Tiller配置rbac
# cat tiller-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
爲tiller設置賬號
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
# kubectl get deploy -n kube-system tiller-deploy -o yaml | grep serviceAccount
serviceAccount: tiller
serviceAccountName: tiller
4.卸載Tiller
如果需要卸載已部署的Tiller,可使用以下命令完成卸載。
helm reset或helm reset --force
三、helm的使用
1.helm命令補全
# source <(helm completion bash)
# echo "source <(helm completion bash)" >> ~/.bashrc
2.添加倉庫
# helm repo list
NAME URL
stable https://mirror.azure.cn/kubernetes/charts
local http://127.0.0.1:8879/charts
# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"aliyun" has been added to your repositories
# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "aliyun" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
3.Helm常用命令
helm常用命令:
- helm search: 搜索charts
- helm fetch: 下載charts到本地目錄
- helm install: 安裝charts
- helm list: 列出charts的所有版本
命令選項:
completion 爲指定的shell生成自動補全腳本(bash或zsh)
create 創建一個新的charts
delete 刪除指定版本的release
dependency 管理charts的依賴
fetch 下載charts並解壓到本地目錄
get 下載一個release
history release歷史信息
home 顯示helm的家目錄
init 在客戶端和服務端初始化helm
inspect 查看charts的詳細信息
install 安裝charts
lint 檢測包的存在問題
list 列出release
package 將chart目錄進行打包
plugin 增刪Helm 插件
repo 增刪chart倉庫
reset 卸載tiller
rollback release版本回滾
search 搜索chart
serve 啓動一個本地的http server
status 查看release狀態信息
template 本地模板
test release測試
upgrade release更新
verify 驗證chart的簽名和有效期
version 打印客戶端和服務端的版本信息
4.使用helm安裝Monocular
Monocular是一個開源軟件,用於管理kubernetes上以Helm Charts形式創建的服務,可以通過它的web頁面來安裝helm Charts
①安裝Nginx Ingress
# cat ingress-values.yaml
controller:
service:
type: NodePort
targetPorts:
http: 80
https: 443
nodePorts:
http: 32080
https: 32443
hostNetwork: true
rbac:
create: true
# helm install --name nginx-ingress aliyun/nginx-ingress -f ingress-values.yaml
# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-658f4878bf-rvx29 1/1 Running 0 6m54s
nginx-ingress-default-backend-878d64884-z7qw9 1/1 Running 0 6m54s
# kubectl get svc -l app=nginx-ingress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller NodePort 10.108.114.19 <none> 80:32080/TCP,443:32443/TCP 7m34s
nginx-ingress-default-backend ClusterIP 10.102.104.170 <none> 80/TCP 7m34s
②安裝Monocular
# helm repo add monocular https://helm.github.io/monocular
# helm install monocular/monocular --name monocular
# kubectl get pod | grep monocular
monocular-mongodb-64df9c7fb6-tp55x 1/1 Running 0 3m24s
monocular-monocular-chartsvc-58cf779c5b-422bj 1/1 Running 2 3m23s
monocular-monocular-chartsvc-58cf779c5b-8wrvr 1/1 Running 2 3m24s
monocular-monocular-chartsvc-58cf779c5b-czppl 1/1 Running 1 3m23s
monocular-monocular-prerender-565885d9dd-sql5k 1/1 Running 0 3m24s
monocular-monocular-sync-initial-incubator-uuk6q-h7nhv 0/1 Completed 2 3m23s
monocular-monocular-sync-initial-stable-4dsb2-qc5pn 1/1 Running 1 3m23s
monocular-monocular-ui-6f8bbd67b-n55vb 1/1 Running 0 3m23s
monocular-monocular-ui-6f8bbd67b-xdql4 1/1 Running 0 3m23s
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8d
monocular-mongodb ClusterIP 10.98.190.128 <none> 27017/TCP 4m15s
monocular-monocular-chartsvc ClusterIP 10.108.54.177 <none> 8080/TCP 4m15s
monocular-monocular-prerender NodePort 10.107.66.9 <none> 80:31915/TCP 4m15s
monocular-monocular-ui NodePort 10.101.12.118 <none> 80:31939/TCP 4m15s
nginx-ingress-controller NodePort 10.108.114.19 <none> 80:32080/TCP,443:32443/TCP 48m
nginx-ingress-default-backend ClusterIP 10.102.104.170 <none> 80/TCP 48m
# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
monocular-monocular * 80 4m8s
③訪問測試
(未解決)訪問ingress映射的端口32080時,出現無法訪問
5.刪除安裝的chart
# helm delete --purge monocular
release "monocular" deleted