kubernetes之4---Helm包管理器

Helm包管理器

目录

• Helm包管理器
  • 安装helm客户端
  • 部署helm服务端
    • 授予tiller容器权限
  • 部署应用
  • charts
  • 配置国内源
  • Helm3变化
    • 去除Tiller 和 helm serve
    • 移除预定义仓库被，增加helm hub
    • Values 支持 JSON Schema 校验器
    • helm2/3 命令差异

Helm：让部署应用变的更简单，高效。

Helm chart帮助我们定义，安装和升级kubernetes应用。

官方安装文档

安装helm客户端

wget https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz
tar xf helm-v2.17.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm

---

部署helm服务端

helm必须部署在k8s集群中，才能有权限调用apiserver。

1. helm初始化（准备镜像：ghcr.io/helm/tiller:v2.17.0）

helm init

2. 查看资源，验证

kubectl get pod -n kube-system
helm version

---

授予tiller容器权限

1. 创建RBAC的yaml文件

mkdir -p /root/k8s_yaml/helm/ && cd /root/k8s_yaml/helm/
cat <<EOF > /root/k8s_yaml/helm/tiller_rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system
EOF

2. 创建RBAC资源

kubectl create -f .

3. 查看tiller-deploy的yaml文件

kubectl get deploy tiller-deploy -n kube-system -o yaml

4. 给tiller-deploy打补丁：命令行修改yaml文件

kubectl patch -n kube-system deploy tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

5. 配置命令行补全

cd ~ && helm completion bash > .helmrc && echo "source ~/.helmrc" >> .bashrc
source ~/.helmrc

---

部署应用

1. 搜索应用

helm search phpmyadmin

2. 下载charts（模板），安装实例

helm install --name oldboy --namespace=oldboy stable/phpmyadmin

[root@k8s-adm-master ~]# helm install --name oldboy --namespace=oldboy stable/phpmyadmin
WARNING: This chart is deprecated
NAME:   oldboy
LAST DEPLOYED: Wed Dec 16 20:19:21 2020
NAMESPACE: oldboy
STATUS: DEPLOYED

RESOURCES:
==> v1/Deployment
NAME               READY  UP-TO-DATE  AVAILABLE  AGE
oldboy-phpmyadmin  0/1    1           0          0s

==> v1/Pod(related)
NAME                                READY  STATUS             RESTARTS  AGE
oldboy-phpmyadmin-7d65b585fb-r8cp2  0/1    ContainerCreating  0         0s

==> v1/Service
NAME               TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)  AGE
oldboy-phpmyadmin  ClusterIP  10.254.253.220  <none>       80/TCP   0s


NOTES:
This Helm chart is deprecated

Given the `stable` deprecation timeline (https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained Helm chart is now located at bitnami/charts (https://github.com/bitnami/charts/).

The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/<chart>` instead of `stable/<chart>`)

```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/<chart>           # Helm 3
$ helm install --name my-release bitnami/<chart>    # Helm 2
```

To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute

```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm upgrade my-release bitnami/<chart>
```

Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in this issue (https://github.com/helm/charts/issues/20969) created as a common place for discussion.

1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace oldboy -l "app=phpmyadmin,release=oldboy" -o jsonpath="{.items[0].metadata.name}")
  echo "phpMyAdmin URL: http://127.0.0.1:8080"
  kubectl port-forward --namespace oldboy svc/oldboy-phpmyadmin 8080:80

2. How to log in

phpMyAdmin has not been configure to point to a specific database. Please provide the db host,
username and password at log in or upgrade the release with a specific database:

$ helm upgrade oldboy stable/phpmyadmin --set db.host=mydb



** Please be patient while the chart is being deployed **

3. 查看资源

kubectl get all -n oldboy

4. 升级，命令行修改变量

helm upgrade oldboy stable/phpmyadmin --set db.host=10.0.0.13

5. 可以解压缓存的tgz包，查看charts

[root@k8s-adm-master charts]# ls /root/.helm/cache/archive/
phpmyadmin-4.3.5.tgz

---

charts

1. 创建charts

mkdir -p /root/k8s_yaml/helm/charts && cd /root/k8s_yaml/helm/charts
helm create hello-helm

[root@k8s-adm-master charts]# tree hello-helm
hello-helm
|-- charts                 # 子charts
|-- Chart.yaml             # charts版本
|-- templates              # 模板
|   |-- deployment.yaml
|   |-- _helpers.tpl
|   |-- ingress.yaml
|   |-- NOTES.txt           # 使用说明
|   |-- serviceaccount.yaml
|   |-- service.yaml
|   `-- tests
|       `-- test-connection.yaml
`-- values.yaml             # 变量

2. 自定义charts

rm -rf /root/k8s_yaml/helm/charts/hello-helm/templates/*
echo hello! > /root/k8s_yaml/helm/charts/hello-helm/templates/NOTES.txt
cat <<EOF > /root/k8s_yaml/helm/charts/hello-helm/templates/pod.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.13
        ports:
        - containerPort: 80
EOF

3. 安装charts

cd /root/k8s_yaml/helm/charts
helm install hello-helm

4. 查看charts

helm list

5. 查看pod

kubectl get pod

6. 调试：只渲染，不部署

helm install hello-helm --debug --dry-run

7. 卸载实例

helm delete oldboy

8. 打包charts

helm package hello-helm

---

配置国内源

1. 删除默认源

helm repo remove stable

2. 增加国内源（stable只能指定一个，可以指定不同名的源）官方

helm repo add stable https://burdenbear.github.io/kube-charts-mirror/
helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo add stable https://mirror.azure.cn/kubernetes/charts/

3. 查看源

helm repo list

4. 更新仓库信息

helm repo update

5. 搜索测试

helm search mysql

6. 自建仓库

搭建charts仓库需要：参考Github，官方推荐使用gitPage搭建charts仓库。

• 提供文件访问的站点：Nginx等。
• 索引文件：可以直接从官方源下载，http://mirror.azure.cn/kubernetes/charts/index.yaml
• 对应压缩包。

---

Helm3变化

去除Tiller 和 helm serve

helm服务端和init命令在helm3已弃用。

helm通过 kubeconfig 直接操作k8s集群，类似于kubectl。
helm使用与kubectl上下文相同的访问权限，无需再使用helm init来初始化Helm。

只需要安装helm即可：

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

实际上就是Github下载二进制文件并解压，移动到/usr/local/bin/下，添加执行权限。

---

移除预定义仓库被，增加helm hub

helm search 区分 repo 和 hub

• repo：自己手动添加的源

helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
helm repo add ibmstable https://raw.githubusercontent.com/IBM/charts/master/repo/stable

• hub：helm 的中心库，各软件商需要在 hub 把应用更新到最新，我们才能在上面查到最新的，等同dockerhub。hub 搜到的包需要进入hub页面查看下载地址。可以把 hub 和 google repo 配合使用：

helm search hub mysql

---

Values 支持 JSON Schema 校验器

运行 helm install 、 helm upgrade 、 helm lint 、 helm template 命令时，JSON Schema 的校验会自动运行，如果失败就会立即报错。等于先将yaml文件都校验一遍，再创建。

helm pull stable/mysql
tar -zxvf mysql-1.6.2.tgz 
cd mysql 
vim values.yaml 
# 把port: 3306 改成 port: 3306aaa
# 安装测试，会校验port的格式，而且确实是在安装之前，一旦有错任何资源都不会被创建
helm install mysqlll .
Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(Service.spec.ports[0].port): invalid type for io.k8s.api.core.v1.ServicePort.port: got "string", expected "integer"

helm2/3 命令差异

参考文档

---