文章目錄
Helm簡介
Helm是Kubernetes 應用的包管理工具,主要用來管理 Charts,類似Linux系統的yum。
Helm Chart 是用來封裝 Kubernetes 原生應用程序的一系列 YAML 文件。可以在你部署應用的時候自定義應用程序的一些 Metadata,以便於應用程序的分發。
對於應用發佈者而言,可以通過 Helm 打包應用、管理應用依賴關係、管理應用版本併發布應用到軟件倉庫。
對於使用者而言,使用 Helm 後不用需要編寫複雜的應用部署文件,可以以簡單的方式在 Kubernetes 上查找、安裝、升級、回滾、卸載應用程序。
Helm V3 與 V2 最大的區別在於去掉了tiller:
Helm的部署
Helm當前最新版本 v3.1.0 官網:https://helm.sh/docs/intro/
Helm安裝:
下載軟件包:helm-v3.1.1-linux-amd64.tar.gz
$ tar zxf helm-v3.1.1-linux-amd64.tar.gz
$ cd linux-amd64/
$ cp helm /usr/local/bin/
設置helm命令補齊:
echo "source <(helm completion bash)" >> ~/.bashrc
搜索官方helm hub chart庫:
$ helm search hub wordpress
Helm 添加第三方 Chart 庫:
$ helm repo add stable http://mirror.azure.cn/kubernetes/charts/
$ helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
$ helm search repo redis
重新登錄使之生效
Helm 部署應用(拉取倉庫的redis並部署)
$ $ helm search repo redis //查詢
NAME CHART VERSION APP VERSION
stable/redis 10.5.6 5.0.7
stable/redis-ha 4.4.0 5.0.6
...
支持多種安裝方式:(helm默認讀取~/.kube/config信息連接k8s集羣)
$ helm install redis-ha stable/redis-ha
$ helm install redis-ha redis-ha-4.4.0.tgz
$ helm install redis-ha path/redis-ha
$ helm install redis-ha https://example.com/charts/redis-ha-4.4.0.tgz
$ helm pull stable/redis-ha //拉取應用到本地
$ helm status redis-ha //查看狀態
$ helm uninstall redis-ha //卸載
1,
查看目錄結構
部署redis:
將鏡像拉取到本地harbor之後
構建一個 Helm Chart
$ helm create mychart
$ tree mychart/
mychart/
├── charts
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── serviceaccount.yaml
│ ├── service.yaml
│ └── tests
│ └── test-connection.yaml
└── values.yaml
3 directories, 9 files
1.
2.編寫mychart的應用描述信息:
$ vim Chart.yaml
apiVersion: v2
name: mychart
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: latest
3.編寫應用部署信息:
$ vim values.yaml
replicaCount: 1
image:
repository: game2048
pullPolicy: IfNotPresent
4.檢查依賴和模板配置是否正確:
$ helm lint mychart/
==> Linting mychart/
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, 0 chart(s) failed
5.將應用打包
$ helm package mychart/
Successfully packaged chart and saved it to: /home/kubeadm/helm/mychart-0.1.0.tgz
6.建立本地chart倉庫:
helm v3 需要外部倉庫軟件的支持:https://github.com/goharbor/harbor-helm
$ helm repo add harbor https://helm.goharbor.io
$ helm pull harbor/harbor
發現證書的報錯
7.修改harbor倉庫的配置:
把values.yaml文件指定的鏡像提前push到本地的私有鏡像倉庫中,並修改values.conf文件中的鏡像名稱,如下格式:
nginx:
image:
repository: nginx-photon //確保可以從私有倉庫下載
tag: v1.10.1
$ vim values.yaml
expose:
type: nodePort
tls:
enabled: false
harbor倉庫默認會動態創建PV持久卷,如果集羣中不支持,可以禁用相應的配置:
persistence:
enabled: false
$ ls
cert Chart.yaml conf LICENSE README.md templates values.yaml
$ helm install harbor .
NAME: harbor
LAST DEPLOYED: Fri Feb 28 22:16:09 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://core.harbor.domain.
For more details, please visit https://github.com/goharbor/harbor.
添加本地倉庫:
$ helm repo add mychart http://172.25.0.11:30002/chartrepo/charts
"mychart" has been added to your repositories
TLS倉庫
# cp westos.org.crt /etc/pki/ca-trust/source/anchors/
# update-ca-trust
$ helm repo add mychart https://reg.westos.org/chartrepo/charts
安裝helm-push插件:
$ helm plugin install https://github.com/chartmuseum/helm-push //在線安裝
離線安裝
$ helm env //獲取插件目錄
$ mkdir ~/.local/share/helm/plugins/push
$ tar zxf helm-push_0.8.1_linux_amd64.tar.gz -C ~/.local/share/helm/plugins/push
$ helm push --help
$ helm repo list
mychart http://172.25.0.11:30002/chartrepo/charts
$ helm push mychart-0.1.0.tgz mychart -u admin -p Harbor12345
Pushing mychart-0.1.0.tgz to mychart...
Done.
9.將本地的上傳至倉庫
在線下載插件
10 當push時發現報錯,原因是缺少認證。
11.上傳之後必須更新否則出不來。
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "mychart" chart repository
...Successfully got an update from the "aliyun" chart repository
...Successfully got an update from the "harbor" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
$ helm search repo mychart
NAME CHART VERSION APP VERSION DESCRIPTION
mychart/mychart 0.1.0 latest A Helm chart for Kubernetes
部署mychart應用到k8s集羣
$ helm show values mychart/mychart //查看部署參數
affinity: {}
fullnameOverride: ""
image:
pullPolicy: IfNotPresent
repository: game2048
...
$ helm install mygame mychart/mychart --dry-run --debug //測試
install.go:158: [debug] Original chart version: ""
install.go:175: [debug] CHART PATH: /home/kubeadm/.cache/helm/repository/mychart-0.1.0.tgz
NAME: mygame
LAST DEPLOYED: Sat Feb 29 01:15:41 2020
NAMESPACE: default
STATUS: pending-install
REVISION: 1
USER-SUPPLIED VALUES:
...
1.
2.不確定時可以先debug一下
$ helm install mygame mychart/mychart --debug //正式部署
...
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mychart,app.kubernetes.io/instance=mygame" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace default port-forward $POD_NAME 8080:80
$ kubectl get pod |grep mygame
mygame-mychart-5ff7d4b5cf-lbptg 1/1 Running 0 7m46s
3.
升級和回滾
1.升級和回滾:
修改應用並打包:
$ vim Chart.yaml
version: 0.2.0 //修改版本
$ helm package mychart //打包
Successfully packaged chart and saved it to: /home/kubeadm/helm/mychart-0.2.0.tgz
$ helm push mychart-0.2.0.tgz mychart -u admin -p Harbor12345
Pushing mychart-0.2.0.tgz to mychart...
Done.
$ helm repo update
$ helm search repo mychart -l
NAME CHART VERSION APP VERSION DESCRIPTION
mychart/mychart 0.2.0 latest A Helm chart for Kubernetes
mychart/mychart 0.1.0 latest A Helm chart for Kubernetes
升級:
$ helm upgrade mygame mychart/mychart //升級
Release "mygame" has been upgraded. Happy Helming!
$ kubectl get pod |grep mygame
NAME READY STATUS
mygame-mychart-5d6ff6985f-lhgt5 1/1 Terminating
mygame-mychart-5ff7d4b5cf-lbptg 1/1 Running
$ helm list
NAME NAMESPACE REVISION UPDATED STATUS
mygame default 2 2020-02-29 01:29:41.103196217 +0800 CST deployed mychart-0.2.0 latest
$ helm history mygame
REVISION UPDATED STATUS CHART APP VERSION
1 Sat Feb 29 01:16:53 2020 superseded mychart-0.1.0 latest Install complete
2 Sat Feb 29 01:29:41 2020 deployed mychart-0.2.0 latest Upgrade complete
回滾
$ helm rollback mygame 1
Rollback was a success! Happy Helming!
$ kubectl get pod |grep mygame
mygame-mychart-5d6ff6985f-2d8sp 1/1 Running 0 9s
mygame-mychart-5ff7d4b5cf-lbptg 0/1 Terminating 0 18m
$ helm history mygame
REVISION UPDATED STATUS CHART APP VERSION
1 Sat Feb 29 01:16:53 2020 superseded mychart-0.1.0 latest Install complete
2 Sat Feb 29 01:29:41 2020 superseded mychart-0.2.0 latest Upgrade complete
3 Sat Feb 29 01:47:53 2020 deployed mychart-0.1.0 latest Rollback to 1
$ helm uninstall mygame //刪除應用
release "mygame" uninstalled
1.
2.
3.
4.
5.
升級應用:
測試回滾
Helm部署nfs-client-provisioner
預先配置好外部的NFS服務器。
$ helm pull stable/nfs-client-provisioner
$ vim values.yaml
image:
repository: nfs-client-provisioner
tag: latest
nfs:
server: 172.25.0.4
path: /nfsdata
storageClass:
create: true
provisionerName: nfs-client-provisioner
defaultClass: true
name: managed-nfs-storage
$ kubectl create namespace nfs-client-provisioner
$ helm install nfs-client-provisioner nfs-client-provisioner/ -n nfs-client-provisioner
先刪除原來的
1.
2.
3.
4.
5.
6.
7.
8.
9.
部署完成,進行測試
Helm部署nginx-ingress應用
$ helm pull stable/nginx-ingress
$ vim values.yaml
controller:
name: controller
image:
repository: nginx-ingress-controller
tag: "0.30.0"
hostNetwork: true
kind: DaemonSet
nodeSelector:
nginx-ingress: "true"
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10254"
metrics:
port: 10254
enabled: true
service:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10254"
defaultBackend:
enabled: true
name: default-backend
image:
repository: defaultbackend-amd64
tag: "1.5"
...
其他參數可根據需求自行定製
$ kubectl label nodes server3 nginx-ingress=true
$ kubectl create namespace nginx-ingress
$ helm -n nginx-ingress install nginx-ingress .
部署kubeapps應用,爲Helm提供web UI界面管理
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm pull bitnami/kubeapps
$ vim values.yaml
global:
imageRegistry: reg.westos.org
useHelm3: true
ingress:
enabled: true
hostname: kubeapps.westos.org
$ kubectl create namespace kubeapps
$ helm install kubeapps -n kubeapps .
$ kubectl create serviceaccount kubeapps-operator -n kubeapps
$ kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=kubeapps:kubeapps-operator
訪問kubeapps的dashboard:
http://kubeapps.westos.org
使用kubeapps-operator的token訪問
