Kubernetes进阶实战读书笔记：Helm基础

一、Helm基础

1、Charts管理程序包使用优势

简单来说Helm就是Kubernetes的应用程序包管理器、它将一个应用的相关资源组织成为Charts，并通过Charts管理程序包其使用优势可简单总结为如下几个方面：

?

1 2 3 4

管理复杂应用：Charts能够描述哪怕是最复杂的程序结构、其提供了可重复使用的应用安装的定义 易于升级：使用就地升级和自定义钩子来解决更新的难题 简单分享：Charts易于通过公共或私有服务完成版本化、分享及主机构建 回滚：可使用"helm rollback" 命令轻松实现快速回滚

2、Helm的核心术语

• Charts：即一个Helm程序包、包含了运行一个Kubernetes应用所需的镜像、依赖关系和资源定义等、必要时还会包含Service的定义；它类似于APT的dpkg文件或者yum的rpm文件
• Repository：Charts仓库、用于集群中存储和分发Charts、类似于Perl的CPAN、或者Python的PyPI
• Config:应用程序实例化安装运行时使用的配置信息
• Release：应用程序实例化配置后运行于Kubernetes集群中的一个Charts实例；在同一个集群上、一个Charts可以使用不同的Config重复安装多次、每次安装都会创建一个新的Release

事实上、Charts更像是存储于Kubernetes集群之外的程序、它的每次安装是指在集群中使用专用配置运行一个示例、执行活成有点类似于在操作系统上基于程序启动一个进程

 二、Helm架构

Helm主要由Helm客户端、Tiller服务器和Charts仓库组成

1、Helm客户端

Helm客户端是命令行客户端工具、采用go语言编写、基于gRPC协议与 Tiller server交互、它主要完成如下任务

1、本地Charts开发
2、管理Charts仓库
3、与Tiller服务器交互：发送Charts以安装、查询Release的相关信息以及升级或卸载已有的Release

2、Tiller server

Tiller server运是托管运行于集群之中的容器化服务应用、它接受来自Helm客户端的请求、并在必要时与Kubernetes api server进行交互、它主要完成以下任务

1、监听来自于Helm客户端的请求
2、合并Charts和配置以构建一个Release
3、向Kubernetes集群安装Charts并对相应的Release进行跟踪
4、升级和卸载Charts

通常、用于helm客户端本地遵循其格式编写Charts文件、而后即可部署于Kubernetes集群之上运行为一个特定的Release仅在有分发需求时、才应该将同一应用的Charts文件
打包成归档压缩格式提交到特定的Charts仓库、仓库既可以运行为公共托管平台也可以是用户自建的服务器、仅供特定的组织或个人使用

三、 安装Helm Client

1、下载

 

 

 

 

 

 

2、安装

?

1 2 3 4

wget https://get.helm.sh/helm-v2.16.9-linux-amd64.tar.gz tar xf helm-v2.16.9-linux-amd64.tar.gz mv linux-amd64/helm  /usr/local/bin/ helm help

3、查看帮助

+ View Code?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75

[root@master src]# helm help The Kubernetes package manager   To begin working with Helm, run the 'helm init' command:       $ helm init   This will install Tiller to your running Kubernetes cluster. It will also set up any necessary local configuration.   Common actions from this point include:   - helm search:    Search for charts - helm fetch:     Download a chart to your local directory to view - helm install:   Upload the chart to Kubernetes - helm list:      List releases of charts   Environment:   - $HELM_HOME:           Set an alternative location for Helm files. By default, these are stored in ~/.helm - $HELM_HOST:           Set an alternative Tiller host. The format is host:port - $HELM_NO_PLUGINS:     Disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. - $TILLER_NAMESPACE:    Set an alternative Tiller namespace (default "kube-system") - $KUBECONFIG:          Set an alternative Kubernetes configuration file (default "~/.kube/config") - $HELM_TLS_CA_CERT:    Path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem") - $HELM_TLS_CERT:       Path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem") - $HELM_TLS_KEY:        Path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem") - $HELM_TLS_ENABLE:     Enable TLS connection between Helm and Tiller (default "false") - $HELM_TLS_VERIFY:     Enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false") - $HELM_TLS_HOSTNAME:   The hostname or IP address used to verify the Tiller server certificate (default "127.0.0.1") - $HELM_KEY_PASSPHRASE: Set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for the passphrase while signing helm charts   Usage:   helm [command]   Available Commands:   completion  Generate autocompletions script for the specified shell (bash or zsh)   create      Create a new chart with the given name   delete      Given a release name, delete the release from Kubernetes   dependency  Manage a chart's dependencies   fetch       Download a chart from a repository and (optionally) unpack it in local directory   get         Download a named release   help        Help about any command   history     Fetch release history   home        Displays the location of HELM_HOME   init        Initialize Helm on both client and server   inspect     Inspect a chart   install     Install a chart archive   lint        Examines a chart for possible issues   list        List releases   package     Package a chart directory into a chart archive   plugin      Add, list, or remove Helm plugins   repo        Add, list, remove, update, and index chart repositories   reset       Uninstalls Tiller from a cluster   rollback    Rollback a release to a previous revision   search      Search for a keyword in charts   serve       Start a local http web server   status      Displays the status of the named release   template    Locally render templates   test        Test a release   upgrade     Upgrade a release   verify      Verify that a chart at the given path has been signed and is valid   version     Print the client/server version information   Flags:       --debug                           Enable verbose output   -h, --help                            help for helm       --home string                     Location of your Helm config. Overrides $HELM_HOME (default "/root/.helm")       --host string                     Address of Tiller. Overrides $HELM_HOST       --kube-context string             Name of the kubeconfig context to use       --kubeconfig string               Absolute path of the kubeconfig file to be used       --tiller-connection-timeout int   The duration (in seconds) Helm will wait to establish a connection to Tiller (default 300)       --tiller-namespace string         Namespace of Tiller (default "kube-system")   Use "helm [command] --help" for more information about a command.

四、安装Tiller server

1、创建相关ServiceAccount

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

[root@master chapter15]# cat tiller-rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: tiller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: tiller namespace: kube-system   /opt/pod/Kubernetes_Advanced_Practical/chapter15     [root@master chapter15]# kubectl apply -f tiller-rbac.yaml serviceaccount/tiller created clusterrolebinding.rbac.authorization.k8s.io/tiller created

2、初始化

而后使用如下命令进行Tiller server环境的初始化、完成Tiller server安装

?

1 2 3 4

[root@master chapter15]# helm init --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.6 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts $HELM_HOME has been configured at /root/.helm. Warning: Tiller is already installed in the cluster. (Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)

helm init命令进行初始化时、Kubernetes集群会到gcr.io/kubernetes-helm/上获取需要的镜像，镜像标签同HELM的版本号、请确保Kubernetes集群能够访问此镜像仓库

3、查看pod

?

1 2 3

[root@master chapter15]# kubectl get pods -n kube-system -l app=helm NAME READY STATUS RESTARTS AGE tiller-deploy-57d54b6d77-pqffr 1/1 Running 0 100s

4、查看helm客户端和服务版本

?

1 2 3

[root@master chapter15]# helm version Client: &version.Version{SemVer:"v2.16.9", GitCommit:"8ad7037828e5a0fca1009dabe290130da6368e39", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.16.6", GitCommit:"dd2e5695da88625b190e6b22e9542550ab503a47", GitTreeState:"clean"}

如果希望在安装时自定义一些参数以设定其运行机制、例如Tiller的版本或者在kubernetes集群上的目标名称空间、则可以以类似如下方式使用命令

?

1 2 3 4

--canary-image #安装canary分治、即项目Master的分支 --tiller-image #安装指定版本的镜像、默认同HELM 版本 --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.6 --kube-context string Name of the kubeconfig context to use

安装至指定的kubernetes集群

?

1	--tiller-namespace string Namespace of Tiller (default "kube-system")

安装至指定的名称空间、默认为kube-system此外、tiller将数据存储与ConfigMap资源中、因此卸载后重新安装并不会导致数据丢失、必要时、管理员可以放心重新安装或升级

5、卸载tiller的方法常用的有两种方式

方法一：

?

1 2	[root@master chapter15]# kubectl delete deployment tiller-deploy -n kube-system deployment.apps "tiller-deploy" deleted

方法二：

?

1	helm reset

五、helm快速入门

1、删除默认的源

?

1 2	[root@master chapter15]# helm repo remove stable "stable" has been removed from your repositories

2、增加新的国内镜像源

?

1 2	[root@master chapter15]# helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts "stable" has been added to your repositories

3、查看helm源添加情况

?

1 2 3 4

[root@master chapter15]# helm repo list NAME URL local http://127.0.0.1:8879/charts stable  https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

4、更新helm源仓库

?

1 2 3 4 5

[root@master chapter15]# helm repo update Hang tight while we grab the latest from your chart repositories... ...Skip local chart repository ...Successfully got an update from the "stable" chart repository Update Complete.

5、查找

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

[root@master chapter15]# helm search NAME CHART VERSION  APP VERSION DESCRIPTION stable/acs-engine-autoscaler 2.1.3 2.1.1 Scales worker nodes within agent pools ...... stable/kubed 0.3.0 0.4.0 Kubed by AppsCode - Kubernetes daemon   stable/zetcd 0.1.6 0.0.3 CoreOS zetcd Helm chart for Kubernetes   [root@master chapter15]# helm search redis NAME CHART VERSION  APP VERSION DESCRIPTION stable/redis 1.1.15 4.0.8 Open source, advanced key-value store. It is often referr... stable/redis-ha 2.0.1 Highly available Redis cluster with multiple sentinels an... stable/sensu 0.2.0 Sensu monitoring framework backed by the Redis transport   [root@master chapter15]# helm search stable/redis NAME CHART VERSION  APP VERSION DESCRIPTION stable/redis 1.1.15 4.0.8 Open source, advanced key-value store. It is often referr... stable/redis-ha 2.0.1 Highly available Redis cluster with multiple sentinels an...

官方可用的Chart列表：https://hub.kubeapps.com/

 

 

6、安装测试

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

[root@master chapter15]# helm install stable/redis -n redis --dry-run   #先执行安装测试 [root@master chapter15]# helm install stable/redis -n redis [root@master charts]# helm status redis LAST DEPLOYED: Mon Jul 13 11:59:50 2020 NAMESPACE: default STATUS: DEPLOYED   RESOURCES: ==> v1/ConfigMap NAME DATA AGE redis 3 3h11m redis-health 6 3h11m   ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE redis-master-0 0/1 Pending 0 3h11m redis-master-0 0/1 Pending 0 3h11m   ==> v1/Secret NAME TYPE DATA AGE redis Opaque 1 3h11m   ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE redis-headless ClusterIP None <none> 6379/TCP 3h11m redis-master ClusterIP 10.108.50.254 <none> 6379/TCP 3h11m redis-slave ClusterIP 10.103.111.23 <none> 6379/TCP 3h11m   ==> v1/StatefulSet NAME READY AGE redis-master 0/1 3h11m redis-slave 0/2 3h11m

7、状态注释提示：

+ View Code?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

NOTES: This Helm chart is deprecated   Given the `stable` deprecation timeline (https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained Redis Helm chart is now located at bitnami/charts (https://github.com/bitnami/charts/).   The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/<chart>` instead of `stable/<chart>`)   ```bash $ helm repo add bitnami https://charts.bitnami.com/bitnami $ helm install my-release bitnami/<chart> # Helm 3 $ helm install --name my-release bitnami/<chart> # Helm 2 ```   To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute ```bash $ helm repo add bitnami https://charts.bitnami.com/bitnami $ helm upgrade my-release bitnami/<chart> ```   Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in this issue (https://github.com/helm/charts/issues/20969) created as a common place for discussion.   ** Please be patient while the chart is being deployed ** Redis can be accessed via port 6379 on the following DNS names from within your cluster:   redis-master.default.svc.cluster.local for read/write operations redis-slave.default.svc.cluster.local for read-only operations     To get your password run:   export REDIS_PASSWORD=$(kubectl get secret --namespace default redis -o jsonpath="{.data.redis-password}" | base64 --decode)   To connect to your Redis server:   1. Run a Redis pod that you can use as a client:   kubectl run --namespace default redis-client --rm --tty -i --restart='Never' \ --env REDIS_PASSWORD=$REDIS_PASSWORD \ --image docker.io/bitnami/redis:5.0.7-debian-10-r32 -- bash   2. Connect using the Redis CLI: redis-cli -h redis-master -a $REDIS_PASSWORD redis-cli -h redis-slave -a $REDIS_PASSWORD   To connect to your database from outside the cluster execute the following commands:   kubectl port-forward --namespace default svc/redis-master 6379:6379 & redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_PASSWORD

8、列出已经安装生成的Release

?

1 2 3

[root@master charts]# helm list NAME REVISION   UPDATED STATUS CHART APP VERSION    NAMESPACE redis   1 Mon Jul 13 11:59:50 2020  DEPLOYED    redis-10.5.7    5.0.7 default

9、删除Release

?

1 2 3

[root@master chapter15]# helm delete redis [root@master charts]# helm delete redis #删除 release "redis" deleted

10、升级回滚

?

1 2 3

[root@master charts]# helm upgrade #升级应用 [root@master charts]# helm rollback #回滚应用 [root@master charts]# helm history #获取指定的release变更历史