Helm神器,让管理Kubernetes像yum安装包一样简单
- 2019 年 10 月 30 日
- 笔记
一、什么是Helm
Helm是K8S下的包管理器,相当于apt-get、yum、brew这样的软件工具,重点概念
- Helm。命令行客户端工具。主要用于K8S应用程序Chart的创建、打包、发布及管理仓库
- Tiller。Helm的服务端,用于接收Heml的请求,并根据Chart生成K8S的部署文件(称为Release),然后提交给K8S创建应用。Tiller还提供了Release的升级、回滚等一系列功能
- Chart。Helm的软件包,采用TAR格式,类似APT的deb或者yum的fpm包,包含了一组定义了K8S资源相关的YAML文件
- Repostory。Helm的软件仓库,本质上是一个Web服务器,保存了一系列Char软件包以供用户下载
- Release。使用hel install命令在K8S集群中部署的Chart称为Release
二、安装
1.安装helm客户端
基本就是brew install之类的,或者使用统一安装脚本,这里我用的是brew安装
brew install kubernetes-helm2.安装Tiller
先在每个节点安装socat软件,不然会报错
E0522 22:22:15.492436 24409 portforward.go:331] an error occurred forwarding 38398 -> 44134: error forwarding port 44134 to pod dc6da4ab99ad9c497c0cef1776b9dd18e0a612d507e2746ed63d36ef40f30174, uid : unable to do port forwarding: socat not found. Error: cannot connect to TillerTiller是以Deployment方式部署到K8S中,只需要使用以下命令安装
helm initHelm默认会去storage.googleapis.com拉取镜像,如果你当前执行的机器不能访问访域名的话可以使用以下命令安装
helm init --client-only --stable-repo-url https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts/ helm repo add incubator https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/ helm repo update3.创建服务端
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts # 创建TLS认证服务端,参考地址:https://github.com/gjmzj/kubeasz/blob/master/docs/guide/helm.md helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.1 --tiller-tls-cert /etc/kubernetes/ssl/tiller001.pem --tiller-tls-key /etc/kubernetes/ssl/tiller001-key.pem --tls-ca-cert /etc/kubernetes/ssl/ca.pem --tiller-namespace kube-system --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts在K8S中安装Tiller服务,因数官方镜像无法拉取,可以使用-i指定自己的镜像,可选镜像:registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.1(阿里云),该镜像的版本与helm客户端的版本相同,使用helm version可查看helm客户端版本。
4.给Tiller授权
因为Helm的服务端的Tiller是一个部署在kube-system命令空间下的Deployment,它会去连接Kube-Api在K8S里创建和删除应用
创建 Kubernetes 的服务帐号和绑定角色
kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller5.为 Tiller 设置帐号
# 使用 kubectl patch 更新 API 对象 $ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' deployment.extensions "tiller-deploy" patched查看是否授权成功
kubectl get deploy --namespace kube-system tiller-deploy --output yaml|grep serviceAccount serviceAccount: tiller serviceAccountName: tille6.验证Tiller是否安装成功
kubectl -n kube-system get pods|grep tiller tiller-deploy-6dcc74c957-m7brr 1/1 Running 0 3m39s ➜ helm-test helm version Client: &version.Version{SemVer:"v2.15.1", GitCommit:"cf1de4f8ba70eded310918a8af3a96bfe8e7683b", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}卸载Helm服务端Tiller命令
helm reset或 helm reset --force三、Helm使用
1.更换仓库
若遇到Unable to get an update from the “stable” chart repository (https://kubernetes-charts.storage.googleapis.com) 错误,手动更换stable 存储库为阿里云的存储库
# 先移除原先的仓库 helm repo remove stable # 添加新的仓库地址 helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts # 更新仓库 helm repo update2.查看存储库中可用的所有Helm chats:
helm search3.更新charts列表
helm repo update4.查看已经安装的chats
helm list5.关于helm报错不兼容问题
Helm Error: incompatible versions client[v2.15.0] server[v2.9.1]解决
brew unlink kubernetes-helm brew install https://raw.githubusercontent.com/Homebrew/homebrew-core/78d64252f30a12b6f4b3ce29686ab5e262eea812/Formula/kubernetes-helm.rb brew switch kubernetes-helm 2.9.1参考链接:https://stackoverflow.com/questions/50701224/helm-incompatible-versions-between-client-and-server
四、创建自己的chart
1.建一个cqh的包
➜ helm-test helm create cqh Creating cqh ➜ helm-test ls cqh examples get_helm.sh mongodb tiller.yaml ➜ helm-test cd cqh ➜ cqh tree . ├── Chart.yaml ├── charts ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── ingress.yaml │ └── service.yaml └── values.yaml将values.yaml的镜像改成nginx:alpine
2.检查配置和模板是否有效
helm install --dry-run --debug会输出包含了模板的变量配置和最终渲染的yaml文件
➜ cqh helm install --dry-run --debug . [debug] Created tunnel using local port: '62307' [debug] SERVER: "127.0.0.1:62307" [debug] Original chart version: "" [debug] CHART PATH: /Users/chenqionghe/Downloads/helm-test/cqh NAME: agile-parrot REVISION: 1 RELEASED: Wed Oct 30 11:09:47 2019 CHART: cqh-0.1.0 USER-SUPPLIED VALUES: {} COMPUTED VALUES: affinity: {} image: pullPolicy: IfNotPresent repository: nginx tag: alpine ingress: annotations: {} enabled: false hosts: - chart-example.local path: / tls: [] nodeSelector: {} replicaCount: 1 resources: {} service: port: 80 type: ClusterIP tolerations: [] HOOKS: MANIFEST: --- # Source: cqh/templates/service.yaml apiVersion: v1 kind: Service metadata: name: agile-parrot-cqh labels: app: cqh chart: cqh-0.1.0 release: agile-parrot heritage: Tiller spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http selector: app: cqh release: agile-parrot --- # Source: cqh/templates/deployment.yaml apiVersion: apps/v1beta2 kind: Deployment metadata: name: agile-parrot-cqh labels: app: cqh chart: cqh-0.1.0 release: agile-parrot heritage: Tiller spec: replicas: 1 selector: matchLabels: app: cqh release: agile-parrot template: metadata: labels: app: cqh release: agile-parrot spec: containers: - name: cqh image: "nginx:alpine" imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 protocol: TCP livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http resources: {}3.部署到K8S
➜ cqh helm install . NAME: wintering-jellyfish LAST DEPLOYED: Wed Oct 30 11:13:30 2019 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE wintering-jellyfish-cqh-849b9f698c-p6tkz 0/1 ContainerCreating 0 0s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE wintering-jellyfish-cqh ClusterIP 10.43.219.155 <none> 80/TCP 0s ==> v1beta2/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE wintering-jellyfish-cqh 1 1 1 0 0s NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app=cqh,release=wintering-jellyfish" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:804.测试访问
使用安装后NOTES的提示命令
➜ ~ export POD_NAME=$(kubectl get pods --namespace default -l "app=cqh,release=wintering-jellyfish" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 Visit http://127.0.0.1:8080 to use your application Forwarding from 127.0.0.1:8080 -> 80 Forwarding from [::1]:8080 -> 80 Handling connection for 8080 Handling connection for 8080 Handling connection for 8080拉下来就可以使用127.0.0.1:8080访问这个应用了,safari访问如下
5.查看部署的release
➜ cqh helm list NAME REVISION UPDATED STATUS CHART NAMESPACE wintering-jellyfish 1 Wed Oct 30 11:13:30 2019 DEPLOYED cqh-0.1.0 default6.打包分享
➜ cqh helm package . Successfully packaged chart and saved it to: /Users/chenqionghe/Downloads/helm-test/cqh/cqh-0.1.0.tgz ➜ ~ ls ~/.helm/repository/local cqh-0.1.0.tgz index.yaml这时候还不能用helm search命令查找到,因为Respository目录中的Chart包还没有被Helm管理,可以通过helm repo list看到已经配置的Repository的信息
➜ cqh helm repo list NAME URL stable https://kubernetes-charts.storage.googleapis.com local http://127.0.0.1:8879/charts incubator https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/可以在本地启动一个Repository Server,并将其加入到Helm Repo列表中。
这里我们就使用 helm serve 命令启动一个 Repository Server,该 Server 缺省使用 $HOME/.helm/repository/local 目录作为 Chart 存储,并在 8879 端口上提供服务。
➜ cqh helm serve Regenerating index. This may take a moment. Now serving you on 127.0.0.1:8879访问如下
默认情况下该服务只监听 127.0.0.1,如果你要绑定到其它网络接口,可使用以下命令:
helm serve --address 192.168.100.211:8879 &如果想使用指定目录存储,可以加上–repo-path
$ helm serve --address 192.168.100.211:8879 --repo-path /data/helm/repository/ --url http://192.168.100.211:8879/charts/启动了本地的helm Rpository Server后,就可以将本地Repository加入Helm的Repo列表
➜ ~ helm repo add local http://127.0.0.1:8879 "local" has been added to your repositories ➜ ~ helm repo list NAME URL stable https://kubernetes-charts.storage.googleapis.com local http://127.0.0.1:8879 incubator https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/现在可以搜索到了
➜ ~ helm repo update ➜ ~ helm search cqh NAME CHART VERSION APP VERSION DESCRIPTION local/cqh 0.1.0 1.0 A Helm chart for Kubernetes7.helm升级和回退一个应用
修改Chart.yaml的0.1.0版本为0.2.0,再使用helm打包发布到本地人防国
➜ helm-test vim cqh/Chart.yaml ➜ helm-test helm package cqh Successfully packaged chart and saved it to: /Users/chenqionghe/Downloads/helm-test/cqh-0.2.0.tgz ➜ helm-test helm search cqh -l NAME CHART VERSION APP VERSION DESCRIPTION local/cqh 0.2.0 1.0 A Helm chart for Kubernetes local/cqh 0.1.0 1.0 A Helm chart for Kubernetes可以看到已经有两个版本了
升级一个应用使用helm upgrade将已部署的mike-test升级到最新版本,可以使用–version指定版本号
➜ helm-test helm list NAME REVISION UPDATED STATUS CHART NAMESPACE looping-robin 1 Wed Oct 30 13:40:47 2019 DEPLOYED cqh-0.2.0 default ➜ helm-test ➜ helm-test ➜ helm-test helm upgrade looping-robin local/cqh Release "looping-robin" has been upgraded. Happy Helming! LAST DEPLOYED: Wed Oct 30 13:42:08 2019 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE looping-robin-cqh ClusterIP 10.43.204.74 <none> 80/TCP 1m ==> v1beta2/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE looping-robin-cqh 1 1 1 1 1m ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE looping-robin-cqh-5bd4c75c64-8qc2k 1/1 Running 0 1m NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app=cqh,release=looping-robin" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80查看历史升级
➜ helm-test helm history looping-robin REVISION UPDATED STATUS CHART DESCRIPTION 1 Wed Oct 30 13:40:47 2019 SUPERSEDED cqh-0.2.0 Install complete 2 Wed Oct 30 13:42:08 2019 DEPLOYED cqh-0.3.0 Upgrade complete回退一个应用,根据REVISION的值
helm-test helm rollback looping-robin 1 Rollback was a success! Happy Helming!8.删除一个应用
➜ helm-test helm delete looping-robin release "looping-robin" deleted ➜ helm-test helm ls -a looping-robin NAME REVISION UPDATED STATUS CHART NAMESPACE looping-robin 3 Wed Oct 30 13:49:37 2019 DELETED cqh-0.2.0 default如果要移除指定 Release 所有相关 Release 的历史记录,可以用如下命令:
➜ helm-test helm delete --purge looping-robin release "looping-robin" deleted五、其他
1.自动补全
zsh
$ source <(helm completion zsh)bash
$ source <(helm completion bash)2.安装包如何指定命名空间
helm-test helm install --name=cqh --namespace=web cqh3.获取应用的详细信息
helm get cqh查看指定版本
helm get --revision 1 cqh4.如何解决服务依赖
以下声明表明 Chart 依赖 Apache 和 MySQL 这两个第三方 Chart
dependencies: - name: mariadb version: 2.1.1 repository: https://kubernetes-charts.storage.googleapis.com/ condition: mariadb.enabled tags: - wordpress-database - name: apache version: 1.4.0 repository: https://kubernetes-charts.storage.googleapis.com/5.如何添加第三方库
helm repo add 存储库名 存储库URL helm repo update参考链接:
https://blog.csdn.net/daydayup_668819/article/details/90601967
https://docs.helm.sh/using_helm/#installing-helm
https://mp.weixin.qq.com/s?__biz=MzI3MTI2NzkxMA==&mid=2247486154&idx=1&sn=becd5dd0fadfe0b6072f5dfdc6fdf786&chksm=eac52be3ddb2a2f555b8b1028db97aa3e92d0a4880b56f361e4b11cd252771147c44c08c8913&mpshare=1&scene=24&srcid=0927K11i8Vke44AuSuNdFclU#rd
https://jimmysong.io/kubernetes-handbook/practice/helm.htmlttps://imkira.com/a14.html
https://zhaohuabing.com/2018/04/16/using-helm-to-deploy-to-kubernetes/#undefined
https://help.aliyun.com/document_detail/58587.html?spm=a2c4e.11153940.blogcont159601.20.6703174aRHyZc9
