一、下載helm安裝腳本
1.1 介紹
- Helm是Kubernetes的包管理器。
- 其實就是管理了一推配置文件,ds,configmap,deployment......,一類規則。
就類似:
- yum是centos的包管理器。
- apt-get是ubuntu的包管理器。
- pip是python的包管理器。
- npm是nodejs的包管理器。
1.2 下載helm安裝腳本
# 這樣下載的都是master 最新版的。
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh
# 我這下載的是v2.17.0版本的
curl https://raw.githubusercontent.com/helm/helm/v2.17.0/scripts/get > get_helm.sh
1.3 安裝helm客戶端
# 正常是執行安裝腳本就行,腳本會幫你去下載安裝包,並且安裝。
bash get_helm.sh
注:由於國內網絡原因,下載helm安裝包時會失敗,所以我已經把安裝包下載到本地,並修改了安裝腳本。安裝包和安裝腳本都放同級目錄下。
安裝包:鏈接: https://pan.baidu.com/s/1fmhhSE3zAO2bNdlvV38KMA 密碼: acdv
安裝腳本:猛擊這里
查看代碼
#!/usr/bin/env bash
# Copyright The Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The install script is based off of the MIT-licensed script from glide,
# the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get
PROJECT_NAME="helm"
TILLER_NAME="tiller"
: ${USE_SUDO:="true"}
: ${HELM_INSTALL_DIR:="/usr/local/bin"}
# initArch discovers the architecture for this system.
initArch() {
ARCH=$(uname -m)
case $ARCH in
armv5*) ARCH="armv5";;
armv6*) ARCH="armv6";;
armv7*) ARCH="arm";;
aarch64) ARCH="arm64";;
x86) ARCH="386";;
x86_64) ARCH="amd64";;
i686) ARCH="386";;
i386) ARCH="386";;
esac
}
# initOS discovers the operating system for this system.
initOS() {
OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')
case "$OS" in
# Minimalist GNU for Windows
mingw*) OS='windows';;
esac
}
# runs the given command as root (detects if we are root already)
runAsRoot() {
if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
sudo "${@}"
else
"${@}"
fi
}
# verifySupported checks that the os/arch combination is supported for
# binary builds.
verifySupported() {
local supported="darwin-amd64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-ppc64le\nlinux-s390x\nwindows-amd64"
if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then
echo "No prebuilt binary for ${OS}-${ARCH}."
echo "To build from source, go to https://github.com/helm/helm"
exit 1
fi
if ! type "curl" > /dev/null && ! type "wget" > /dev/null; then
echo "Either curl or wget is required"
exit 1
fi
}
# checkDesiredVersion checks if the desired version is available.
checkDesiredVersion() {
if [ "x$DESIRED_VERSION" == "x" ]; then
# Pinning tag to v2.17.0 as per https://github.com/helm/helm/issues/9607
TAG=v2.17.0
else
TAG=$DESIRED_VERSION
fi
}
# checkHelmInstalledVersion checks which version of helm is installed and
# if it needs to be changed.
checkHelmInstalledVersion() {
if [[ -f "${HELM_INSTALL_DIR}/${PROJECT_NAME}" ]]; then
local version=$("${HELM_INSTALL_DIR}/${PROJECT_NAME}" version -c | grep '^Client' | cut -d'"' -f2)
if [[ "$version" == "$TAG" ]]; then
echo "Helm ${version} is already ${DESIRED_VERSION:-latest}"
return 0
else
echo "Helm ${TAG} is available. Changing from version ${version}."
return 1
fi
else
return 1
fi
}
# downloadFile downloads the latest binary package and also the checksum
# for that binary.
downloadFile() {
HELM_DIST="helm-$TAG-$OS-$ARCH.tar.gz"
DOWNLOAD_URL="https://get.helm.sh/$HELM_DIST"
CHECKSUM_URL="$DOWNLOAD_URL.sha256"
HELM_TMP_ROOT="$(mktemp -dt helm-installer-XXXXXX)"
HELM_TMP_FILE="$HELM_TMP_ROOT/$HELM_DIST"
HELM_SUM_FILE="$HELM_TMP_ROOT/$HELM_DIST.sha256"
echo "Downloading $DOWNLOAD_URL"
if type "curl" > /dev/null; then
curl -SsL "$CHECKSUM_URL" -o "$HELM_SUM_FILE"
elif type "wget" > /dev/null; then
wget -q -O "$HELM_SUM_FILE" "$CHECKSUM_URL"
fi
if type "curl" > /dev/null; then
#curl -SsL "$DOWNLOAD_URL" -o "$HELM_TMP_FILE"
cp -rf ./helm-v2.17.0-linux-amd64.tar.gz $HELM_TMP_FILE # 就修改了這個地方 讓腳本直接復制的本地包。
elif type "wget" > /dev/null; then
wget -q -O "$HELM_TMP_FILE" "$DOWNLOAD_URL"
fi
}
# installFile verifies the SHA256 for the file, then unpacks and
# installs it.
installFile() {
HELM_TMP="$HELM_TMP_ROOT/$PROJECT_NAME"
local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}')
local expected_sum=$(cat ${HELM_SUM_FILE})
if [ "$sum" != "$expected_sum" ]; then
echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting."
exit 1
fi
mkdir -p "$HELM_TMP"
tar xf "$HELM_TMP_FILE" -C "$HELM_TMP"
HELM_TMP_BIN="$HELM_TMP/$OS-$ARCH/$PROJECT_NAME"
TILLER_TMP_BIN="$HELM_TMP/$OS-$ARCH/$TILLER_NAME"
echo "Preparing to install $PROJECT_NAME and $TILLER_NAME into ${HELM_INSTALL_DIR}"
runAsRoot cp "$HELM_TMP_BIN" "$HELM_INSTALL_DIR"
echo "$PROJECT_NAME installed into $HELM_INSTALL_DIR/$PROJECT_NAME"
if [ -x "$TILLER_TMP_BIN" ]; then
runAsRoot cp "$TILLER_TMP_BIN" "$HELM_INSTALL_DIR"
echo "$TILLER_NAME installed into $HELM_INSTALL_DIR/$TILLER_NAME"
else
echo "info: $TILLER_NAME binary was not found in this release; skipping $TILLER_NAME installation"
fi
}
# fail_trap is executed if an error occurs.
fail_trap() {
result=$?
if [ "$result" != "0" ]; then
if [[ -n "$INPUT_ARGUMENTS" ]]; then
echo "Failed to install $PROJECT_NAME with the arguments provided: $INPUT_ARGUMENTS"
help
else
echo "Failed to install $PROJECT_NAME"
fi
echo -e "\tFor support, go to https://github.com/helm/helm."
fi
cleanup
exit $result
}
# testVersion tests the installed client to make sure it is working.
testVersion() {
set +e
HELM="$(command -v $PROJECT_NAME)"
if [ "$?" = "1" ]; then
echo "$PROJECT_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?'
exit 1
fi
set -e
echo "Run '$PROJECT_NAME init' to configure $PROJECT_NAME."
}
# help provides possible cli installation arguments
help () {
echo "Accepted cli arguments are:"
echo -e "\t[--help|-h ] ->> prints this help"
echo -e "\t[--version|-v <desired_version>]"
echo -e "\te.g. --version v2.4.0 or -v latest"
echo -e "\t[--no-sudo] ->> install without sudo"
}
# cleanup temporary files to avoid https://github.com/helm/helm/issues/2977
cleanup() {
if [[ -d "${HELM_TMP_ROOT:-}" ]]; then
rm -rf "$HELM_TMP_ROOT"
fi
}
# Execution
#Stop execution on any error
trap "fail_trap" EXIT
set -e
# Parsing input arguments (if any)
export INPUT_ARGUMENTS="${@}"
set -u
while [[ $# -gt 0 ]]; do
case $1 in
'--version'|-v)
shift
if [[ $# -ne 0 ]]; then
export DESIRED_VERSION="${1}"
else
echo -e "Please provide the desired version. e.g. --version v2.4.0 or -v latest"
exit 0
fi
;;
'--no-sudo')
USE_SUDO="false"
;;
'--help'|-h)
help
exit 0
;;
*) exit 1
;;
esac
shift
done
set +u
initArch
initOS
verifySupported
checkDesiredVersion
if ! checkHelmInstalledVersion; then
downloadFile
installFile
fi
testVersion
cleanup
二、安裝tiller
說白了就是接收到helm發送的請求,然后根據一系類 的配置文件生成k8s的部署文件(yaml文件),然后提交給k8s。
2.1 安裝socat
socat是解決helm連接不上tiller問題。一個通信的問題。
報錯如下:
[root@k8s-master hello-svc]# helm version
Client: &version.Version{SemVer:"v2.17.0", GitCommit:"6af75a8fd72e2aa18a2b278cfe5c7a1c5feca7f2", GitTreeState:"clean"}
E0224 14:13:16.077226 7416 portforward.go:331] an error occurred forwarding 37271 -> 44134: error forwarding port 44134 to pod 76a7312e49220a229e443546a4b32d3e0406f09fd9b3646b3d30f6833e121375, uid : unable to do port forwarding: socat not found.
Error: cannot connect to Tiller
解決:安裝一下這個包就行
yum -y install socat
###########
apt-get -y install socat
2.2 創建tiller rbac授權
首先tiller想要把配置文件提交給k8s,那么它肯定需要權限才行。
所以這一步就是給tiller權限。
# 一個sa,然后把sa綁定給admin角色。這樣這個sa就有集群的admin 所有權限。然后tiller使用這個sa就行。
kubectl create -f heml-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
傳送門:k8s rbac權限隨筆
2.3 初始化helm
其實就是在k8s起了一個tiller pod。
# 使用的鏡像要和helm版本一樣
# stable-repo-url 是倉庫地址,就是類似於yum倉庫的源。
# service-account 指定上面創建的sa
# --history-max 設置最大歷史記錄,大限制清除,如果沒有設置最大歷史記錄,則無限期地保留歷史記錄.
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.17.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts --service-account=tiller --history-max 50
2.4 驗證
# 這樣就是安裝成功了
[root@zm-qa-k8s40 v2.0]# helm version
Client: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
三、常用命令
# 查看版本
helm version
# 查看當前安裝的charts
helm list
# 查詢 charts
helm search [release_name]
# 安裝charts
helm install --name redis --namespaces prod bitnami/redis
# 查看charts狀態
helm status [release_name]
# 刪除charts
helm delete --purge [release_name]
# 增加repo
helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo add --username admin --password password myharbor https://xxx.ooo.com
# 更新repo倉庫資源
helm repo update
# 創建charts
helm create helm_charts
# 測試charts語法
helm lint
# 打包charts
cd helm_charts && helm package ./
#查看生成的yaml文件
helm template helm_charts-0.1.1.tgz
# 更新image
helm upgrade --set image.tag='v2021-12-22-10-48-40' study-api-en-oral myharbor/study-api-en-oral
# 回滾relase
helm hist study-api-en-oral
helm rollback study-api-en-oral 4
#升級版本
helm upgrade [release_name] .
helm upgrade -f values.yaml [release_name] .
helm upgrade [release_name] --set image.tag='latest'