一、Helm基礎
1、Charts管理程序包使用優勢
簡單來說Helm就是Kubernetes的應用程序包管理器、它將一個應用的相關資源組織成為Charts,並通過Charts管理程序包其使用優勢可簡單總結為如下幾個方面:
管理復雜應用:Charts能夠描述哪怕是最復雜的程序結構、其提供了可重復使用的應用安裝的定義 易於升級:使用就地升級和自定義鈎子來解決更新的難題 簡單分享:Charts易於通過公共或私有服務完成版本化、分享及主機構建 回滾:可使用"helm rollback" 命令輕松實現快速回滾
2、Helm的核心術語
- Charts:即一個Helm程序包、包含了運行一個Kubernetes應用所需的鏡像、依賴關系和資源定義等、必要時還會包含Service的定義;它類似於APT的dpkg文件或者yum的rpm文件
- Repository:Charts倉庫、用於集群中存儲和分發Charts、類似於Perl的CPAN、或者Python的PyPI
- Config:應用程序實例化安裝運行時使用的配置信息
- Release:應用程序實例化配置后運行於Kubernetes集群中的一個Charts實例;在同一個集群上、一個Charts可以使用不同的Config重復安裝多次、每次安裝都會創建一個新的Release
事實上、Charts更像是存儲於Kubernetes集群之外的程序、它的每次安裝是指在集群中使用專用配置運行一個示例、執行活成有點類似於在操作系統上基於程序啟動一個進程
二、Helm架構
Helm主要由Helm客戶端、Tiller服務器和Charts倉庫組成
1、Helm客戶端
Helm客戶端是命令行客戶端工具、采用go語言編寫、基於gRPC協議與 Tiller server交互、它主要完成如下任務
1、本地Charts開發
2、管理Charts倉庫
3、與Tiller服務器交互:發送Charts以安裝、查詢Release的相關信息以及升級或卸載已有的Release
2、Tiller server
Tiller server運是托管運行於集群之中的容器化服務應用、它接受來自Helm客戶端的請求、並在必要時與Kubernetes api server進行交互、它主要完成以下任務
1、監聽來自於Helm客戶端的請求
2、合並Charts和配置以構建一個Release
3、向Kubernetes集群安裝Charts並對相應的Release進行跟蹤
4、升級和卸載Charts
通常、用於helm客戶端本地遵循其格式編寫Charts文件、而后即可部署於Kubernetes集群之上運行為一個特定的Release僅在有分發需求時、才應該將同一應用的Charts文件
打包成歸檔壓縮格式提交到特定的Charts倉庫、倉庫既可以運行為公共托管平台也可以是用戶自建的服務器、僅供特定的組織或個人使用
三、 安裝Helm Client
1、下載
2、安裝
wget https://get.helm.sh/helm-v2.16.9-linux-amd64.tar.gz tar xf helm-v2.16.9-linux-amd64.tar.gz mv linux-amd64/helm /usr/local/bin/ helm help
3、查看幫助
[root@master src]# helm help
The Kubernetes package manager
To begin working with Helm, run the 'helm init' command:
$ helm init
This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.
Common actions from this point include:
- helm search: Search for charts
- helm fetch: Download a chart to your local directory to view
- helm install: Upload the chart to Kubernetes
- helm list: List releases of charts
Environment:
- $HELM_HOME: Set an alternative location for Helm files. By default, these are stored in ~/.helm
- $HELM_HOST: Set an alternative Tiller host. The format is host:port
- $HELM_NO_PLUGINS: Disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
- $TILLER_NAMESPACE: Set an alternative Tiller namespace (default "kube-system")
- $KUBECONFIG: Set an alternative Kubernetes configuration file (default "~/.kube/config")
- $HELM_TLS_CA_CERT: Path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
- $HELM_TLS_CERT: Path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
- $HELM_TLS_KEY: Path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
- $HELM_TLS_ENABLE: Enable TLS connection between Helm and Tiller (default "false")
- $HELM_TLS_VERIFY: Enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
- $HELM_TLS_HOSTNAME: The hostname or IP address used to verify the Tiller server certificate (default "127.0.0.1")
- $HELM_KEY_PASSPHRASE: Set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for the passphrase while signing helm charts
Usage:
helm [command]
Available Commands:
completion Generate autocompletions script for the specified shell (bash or zsh)
create Create a new chart with the given name
delete Given a release name, delete the release from Kubernetes
dependency Manage a chart's dependencies
fetch Download a chart from a repository and (optionally) unpack it in local directory
get Download a named release
help Help about any command
history Fetch release history
home Displays the location of HELM_HOME
init Initialize Helm on both client and server
inspect Inspect a chart
install Install a chart archive
lint Examines a chart for possible issues
list List releases
package Package a chart directory into a chart archive
plugin Add, list, or remove Helm plugins
repo Add, list, remove, update, and index chart repositories
reset Uninstalls Tiller from a cluster
rollback Rollback a release to a previous revision
search Search for a keyword in charts
serve Start a local http web server
status Displays the status of the named release
template Locally render templates
test Test a release
upgrade Upgrade a release
verify Verify that a chart at the given path has been signed and is valid
version Print the client/server version information
Flags:
--debug Enable verbose output
-h, --help help for helm
--home string Location of your Helm config. Overrides $HELM_HOME (default "/root/.helm")
--host string Address of Tiller. Overrides $HELM_HOST
--kube-context string Name of the kubeconfig context to use
--kubeconfig string Absolute path of the kubeconfig file to be used
--tiller-connection-timeout int The duration (in seconds) Helm will wait to establish a connection to Tiller (default 300)
--tiller-namespace string Namespace of Tiller (default "kube-system")
Use "helm [command] --help" for more information about a command.
四、安裝Tiller server
1、創建相關ServiceAccount
[root@master chapter15]# cat tiller-rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: tiller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: tiller namespace: kube-system /opt/pod/Kubernetes_Advanced_Practical/chapter15 [root@master chapter15]# kubectl apply -f tiller-rbac.yaml serviceaccount/tiller created clusterrolebinding.rbac.authorization.k8s.io/tiller created
2、初始化
而后使用如下命令進行Tiller server環境的初始化、完成Tiller server安裝
[root@master chapter15]# helm init --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.6 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts $HELM_HOME has been configured at /root/.helm. Warning: Tiller is already installed in the cluster. (Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
helm init命令進行初始化時、Kubernetes集群會到gcr.io/kubernetes-helm/上獲取需要的鏡像,鏡像標簽同HELM的版本號、請確保Kubernetes集群能夠訪問此鏡像倉庫
3、查看pod
[root@master chapter15]# kubectl get pods -n kube-system -l app=helm NAME READY STATUS RESTARTS AGE tiller-deploy-57d54b6d77-pqffr 1/1 Running 0 100s
4、查看helm客戶端和服務版本
[root@master chapter15]# helm version
Client: &version.Version{SemVer:"v2.16.9", GitCommit:"8ad7037828e5a0fca1009dabe290130da6368e39", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.6", GitCommit:"dd2e5695da88625b190e6b22e9542550ab503a47", GitTreeState:"clean"}
如果希望在安裝時自定義一些參數以設定其運行機制、例如Tiller的版本或者在kubernetes集群上的目標名稱空間、則可以以類似如下方式使用命令
--canary-image #安裝canary分治、即項目Master的分支 --tiller-image #安裝指定版本的鏡像、默認同HELM 版本 --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.6 --kube-context string Name of the kubeconfig context to use
安裝至指定的kubernetes集群
--tiller-namespace string Namespace of Tiller (default "kube-system")
安裝至指定的名稱空間、默認為kube-system此外、tiller將數據存儲與ConfigMap資源中、因此卸載后重新安裝並不會導致數據丟失、必要時、管理員可以放心重新安裝或升級
5、卸載tiller的方法常用的有兩種方式
方法一:
[root@master chapter15]# kubectl delete deployment tiller-deploy -n kube-system deployment.apps "tiller-deploy" deleted
方法二:
helm reset
五、helm快速入門
1、刪除默認的源
[root@master chapter15]# helm repo remove stable "stable" has been removed from your repositories
2、增加新的國內鏡像源
[root@master chapter15]# helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts "stable" has been added to your repositories
3、查看helm源添加情況
[root@master chapter15]# helm repo list NAME URL local http://127.0.0.1:8879/charts stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
4、更新helm源倉庫
[root@master chapter15]# helm repo update Hang tight while we grab the latest from your chart repositories... ...Skip local chart repository ...Successfully got an update from the "stable" chart repository Update Complete.
5、查找
[root@master chapter15]# helm search NAME CHART VERSION APP VERSION DESCRIPTION stable/acs-engine-autoscaler 2.1.3 2.1.1 Scales worker nodes within agent pools ...... stable/kubed 0.3.0 0.4.0 Kubed by AppsCode - Kubernetes daemon stable/zetcd 0.1.6 0.0.3 CoreOS zetcd Helm chart for Kubernetes [root@master chapter15]# helm search redis NAME CHART VERSION APP VERSION DESCRIPTION stable/redis 1.1.15 4.0.8 Open source, advanced key-value store. It is often referr... stable/redis-ha 2.0.1 Highly available Redis cluster with multiple sentinels an... stable/sensu 0.2.0 Sensu monitoring framework backed by the Redis transport [root@master chapter15]# helm search stable/redis NAME CHART VERSION APP VERSION DESCRIPTION stable/redis 1.1.15 4.0.8 Open source, advanced key-value store. It is often referr... stable/redis-ha 2.0.1 Highly available Redis cluster with multiple sentinels an...
官方可用的Chart列表:https://hub.kubeapps.com/
6、安裝測試
[root@master chapter15]# helm install stable/redis -n redis --dry-run #先執行安裝測試 [root@master chapter15]# helm install stable/redis -n redis [root@master charts]# helm status redis LAST DEPLOYED: Mon Jul 13 11:59:50 2020 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/ConfigMap NAME DATA AGE redis 3 3h11m redis-health 6 3h11m ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE redis-master-0 0/1 Pending 0 3h11m redis-master-0 0/1 Pending 0 3h11m ==> v1/Secret NAME TYPE DATA AGE redis Opaque 1 3h11m ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE redis-headless ClusterIP None <none> 6379/TCP 3h11m redis-master ClusterIP 10.108.50.254 <none> 6379/TCP 3h11m redis-slave ClusterIP 10.103.111.23 <none> 6379/TCP 3h11m ==> v1/StatefulSet NAME READY AGE redis-master 0/1 3h11m redis-slave 0/2 3h11m
7、狀態注釋提示:
NOTES:
This Helm chart is deprecated
Given the `stable` deprecation timeline (https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained Redis Helm chart is now located at bitnami/charts (https://github.com/bitnami/charts/).
The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/<chart>` instead of `stable/<chart>`)
```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/<chart> # Helm 3
$ helm install --name my-release bitnami/<chart> # Helm 2
```
To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute
```bash $ helm
repo add bitnami https://charts.bitnami.com/bitnami
$ helm upgrade my-release bitnami/<chart>
```
Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in this issue (https://github.com/helm/charts/issues/20969) created as a common place for discussion.
** Please be patient while the chart is being deployed **
Redis can be accessed via port 6379 on the following DNS names from within your cluster:
redis-master.default.svc.cluster.local for read/write operations
redis-slave.default.svc.cluster.local for read-only operations
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace default redis -o jsonpath="{.data.redis-password}" | base64 --decode)
To connect to your Redis server:
1. Run a Redis pod that you can use as a client:
kubectl run --namespace default redis-client --rm --tty -i --restart='Never' \
--env REDIS_PASSWORD=$REDIS_PASSWORD \
--image docker.io/bitnami/redis:5.0.7-debian-10-r32 -- bash
2. Connect using the Redis CLI:
redis-cli -h redis-master -a $REDIS_PASSWORD
redis-cli -h redis-slave -a $REDIS_PASSWORD
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace default svc/redis-master 6379:6379 &
redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_PASSWORD
8、列出已經安裝生成的Release
[root@master charts]# helm list NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE redis 1 Mon Jul 13 11:59:50 2020 DEPLOYED redis-10.5.7 5.0.7 default
9、刪除Release
[root@master chapter15]# helm delete redis [root@master charts]# helm delete redis #刪除 release "redis" deleted
10、升級回滾
[root@master charts]# helm upgrade #升級應用 [root@master charts]# helm rollback #回滾應用 [root@master charts]# helm history #獲取指定的release變更歷史