kubernetes之4---Helm包管理器

Helm包管理器

目錄

• Helm包管理器
  • 安裝helm客戶端
  • 部署helm服務端
    • 授予tiller容器權限
  • 部署應用
  • charts
  • 配置國內源
  • Helm3變化
    • 去除Tiller 和 helm serve
    • 移除預定義倉庫被，增加helm hub
    • Values 支持 JSON Schema 校驗器
    • helm2/3 命令差異

Helm：讓部署應用變的更簡單，高效。

Helm chart幫助我們定義，安裝和升級kubernetes應用。

官方安裝文檔

安裝helm客戶端

wget https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz
tar xf helm-v2.17.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm

---

部署helm服務端

helm必須部署在k8s集群中，才能有權限調用apiserver。

1. helm初始化（准備鏡像：ghcr.io/helm/tiller:v2.17.0）

helm init

2. 查看資源，驗證

kubectl get pod -n kube-system
helm version

---

授予tiller容器權限

1. 創建RBAC的yaml文件

mkdir -p /root/k8s_yaml/helm/ && cd /root/k8s_yaml/helm/
cat <<EOF > /root/k8s_yaml/helm/tiller_rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system
EOF

2. 創建RBAC資源

kubectl create -f .

3. 查看tiller-deploy的yaml文件

kubectl get deploy tiller-deploy -n kube-system -o yaml

4. 給tiller-deploy打補丁：命令行修改yaml文件

kubectl patch -n kube-system deploy tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

5. 配置命令行補全

cd ~ && helm completion bash > .helmrc && echo "source ~/.helmrc" >> .bashrc
source ~/.helmrc

---

部署應用

1. 搜索應用

helm search phpmyadmin

2. 下載charts（模板），安裝實例

helm install --name oldboy --namespace=oldboy stable/phpmyadmin

[root@k8s-adm-master ~]# helm install --name oldboy --namespace=oldboy stable/phpmyadmin
WARNING: This chart is deprecated
NAME:   oldboy
LAST DEPLOYED: Wed Dec 16 20:19:21 2020
NAMESPACE: oldboy
STATUS: DEPLOYED

RESOURCES:
==> v1/Deployment
NAME               READY  UP-TO-DATE  AVAILABLE  AGE
oldboy-phpmyadmin  0/1    1           0          0s

==> v1/Pod(related)
NAME                                READY  STATUS             RESTARTS  AGE
oldboy-phpmyadmin-7d65b585fb-r8cp2  0/1    ContainerCreating  0         0s

==> v1/Service
NAME               TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)  AGE
oldboy-phpmyadmin  ClusterIP  10.254.253.220  <none>       80/TCP   0s


NOTES:
This Helm chart is deprecated

Given the `stable` deprecation timeline (https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained Helm chart is now located at bitnami/charts (https://github.com/bitnami/charts/).

The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/<chart>` instead of `stable/<chart>`)

```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/<chart>           # Helm 3
$ helm install --name my-release bitnami/<chart>    # Helm 2
```

To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute

```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm upgrade my-release bitnami/<chart>
```

Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in this issue (https://github.com/helm/charts/issues/20969) created as a common place for discussion.

1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace oldboy -l "app=phpmyadmin,release=oldboy" -o jsonpath="{.items[0].metadata.name}")
  echo "phpMyAdmin URL: http://127.0.0.1:8080"
  kubectl port-forward --namespace oldboy svc/oldboy-phpmyadmin 8080:80

2. How to log in

phpMyAdmin has not been configure to point to a specific database. Please provide the db host,
username and password at log in or upgrade the release with a specific database:

$ helm upgrade oldboy stable/phpmyadmin --set db.host=mydb



** Please be patient while the chart is being deployed **

3. 查看資源

kubectl get all -n oldboy

4. 升級，命令行修改變量

helm upgrade oldboy stable/phpmyadmin --set db.host=10.0.0.13

5. 可以解壓緩存的tgz包，查看charts

[root@k8s-adm-master charts]# ls /root/.helm/cache/archive/
phpmyadmin-4.3.5.tgz

---

charts

1. 創建charts

mkdir -p /root/k8s_yaml/helm/charts && cd /root/k8s_yaml/helm/charts
helm create hello-helm

[root@k8s-adm-master charts]# tree hello-helm
hello-helm
|-- charts                 # 子charts
|-- Chart.yaml             # charts版本
|-- templates              # 模板
|   |-- deployment.yaml
|   |-- _helpers.tpl
|   |-- ingress.yaml
|   |-- NOTES.txt           # 使用說明
|   |-- serviceaccount.yaml
|   |-- service.yaml
|   `-- tests
|       `-- test-connection.yaml
`-- values.yaml             # 變量

2. 自定義charts

rm -rf /root/k8s_yaml/helm/charts/hello-helm/templates/*
echo hello! > /root/k8s_yaml/helm/charts/hello-helm/templates/NOTES.txt
cat <<EOF > /root/k8s_yaml/helm/charts/hello-helm/templates/pod.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.13
        ports:
        - containerPort: 80
EOF

3. 安裝charts

cd /root/k8s_yaml/helm/charts
helm install hello-helm

4. 查看charts

helm list

5. 查看pod

kubectl get pod

6. 調試：只渲染，不部署

helm install hello-helm --debug --dry-run

7. 卸載實例

helm delete oldboy

8. 打包charts

helm package hello-helm

---

配置國內源

1. 刪除默認源

helm repo remove stable

2. 增加國內源（stable只能指定一個，可以指定不同名的源）官方

helm repo add stable https://burdenbear.github.io/kube-charts-mirror/
helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo add stable https://mirror.azure.cn/kubernetes/charts/

3. 查看源

helm repo list

4. 更新倉庫信息

helm repo update

5. 搜索測試

helm search mysql

6. 自建倉庫

搭建charts倉庫需要：參考Github，官方推薦使用gitPage搭建charts倉庫。

• 提供文件訪問的站點：Nginx等。
• 索引文件：可以直接從官方源下載，http://mirror.azure.cn/kubernetes/charts/index.yaml
• 對應壓縮包。

---

Helm3變化

去除Tiller 和 helm serve

helm服務端和init命令在helm3已棄用。

helm通過 kubeconfig 直接操作k8s集群，類似於kubectl。
helm使用與kubectl上下文相同的訪問權限，無需再使用helm init來初始化Helm。

只需要安裝helm即可：

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

實際上就是Github下載二進制文件並解壓，移動到/usr/local/bin/下，添加執行權限。

---

移除預定義倉庫被，增加helm hub

helm search 區分 repo 和 hub

• repo：自己手動添加的源

helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
helm repo add ibmstable https://raw.githubusercontent.com/IBM/charts/master/repo/stable

• hub：helm 的中心庫，各軟件商需要在 hub 把應用更新到最新，我們才能在上面查到最新的，等同dockerhub。hub 搜到的包需要進入hub頁面查看下載地址。可以把 hub 和 google repo 配合使用：

helm search hub mysql

---

Values 支持 JSON Schema 校驗器

運行 helm install 、 helm upgrade 、 helm lint 、 helm template 命令時，JSON Schema 的校驗會自動運行，如果失敗就會立即報錯。等於先將yaml文件都校驗一遍，再創建。

helm pull stable/mysql
tar -zxvf mysql-1.6.2.tgz 
cd mysql 
vim values.yaml 
# 把port: 3306 改成 port: 3306aaa
# 安裝測試，會校驗port的格式，而且確實是在安裝之前，一旦有錯任何資源都不會被創建
helm install mysqlll .
Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(Service.spec.ports[0].port): invalid type for io.k8s.api.core.v1.ServicePort.port: got "string", expected "integer"

helm2/3 命令差異

參考文檔

---