Helm v3从入门到实战
在学习Helm之前,你需要先对k8s的deployment/pod/service/ingress/pv/pvc/statefulset/configmap/vxlan/flannel/daemonset等要能够比较熟练的使用。
什么是Helm
helm的官网https://helm.sh/ ,上面讲了
The package manager for Kubernetes.
Helm is the best way to find, share, and use software built for Kubernetes.
Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste.
Helm is a graduated project in the CNCF and is maintained by the Helm community.
包管理,helm是一个k8s包管理工具,好了,怎么理解?
举个例子,yum我们知道吧,它是rpm包管理工具,我们执行yum install mysql时,它会自动帮我们安装mysql和mysql需要的依赖,那helm的包管理了?
我再举个例子,我们在k8s部署一个mysql时,是不是要先编写deployment、services、ingress、pv、pvc、configmap等文件,当然我也可以把它们编写到一个文件,然后执行kubectl apply -f mysql.yml,而helm怎么安装mysql了? helm install mysql repo/mysql即可,如歌就这么理解了helm,其实还不对,因为你执行helm install时,helm怎么知道mysql的版本、要映射的端口、要配置的域名等,这些还是需要你去写helm格式的配置文件,这些文件的内容甚至比kubectl apply的文件还要多,所以那helm到底有哪些好处了?
我再举个例子,如果我们不同的项目也需要mysql时,我们是不是复制一下上面的mysql.yml然后修改一下里面的内容。比如service/ingress/pv/pvc等,如何有更新的项目,我们是不是继续复制修改复制修改,而helm了?helm只需编写一个helm模板的配置文件,然后多个项目应用部署时,只需要项目自己的参数即可。模板功能方便了我们部署k8s服务,这才是我们需要helm的地方,helm具体如何使用,我们继续看下面的内容。
安装Helm
下载链接,https://github.com/helm/helm/releases ,下载完后,解压即可
本文档是将helm安装在k8s主机
# tar -zxvf helm-v3.2.1-linux-amd64.tar.gz
# cp linux-amd64/helm /usr/local/bin/
# helm version
version.BuildInfo{Version:"v3.2.1", GitCommit:"fe51cd1e31e6a202cba7dead9552a6d418ded79a", GitTreeState:"clean", GoVersion:"go1.13.10"}
Helm基本架构
这里的kube-config就是连接kube-apiserver的配置信息。我的helm安装在k8s主机且是root账户,所以我不用再配置kube-config,下面是helm配置文件和连接kube-apiserver配置文件相关说明,helm --help可以看到
Environment variables:
| Name | Description |
|------------------------------------|-----------------------------------------------------------------------------------|
| $XDG_CACHE_HOME | set an alternative location for storing cached files. |
| $XDG_CONFIG_HOME | set an alternative location for storing Helm configuration. |
| $XDG_DATA_HOME | set an alternative location for storing Helm data. |
| $HELM_DRIVER | set the backend storage driver. Values are: configmap, secret, memory, postgres |
| $HELM_DRIVER_SQL_CONNECTION_STRING | set the connection string the SQL storage driver should use. |
| $HELM_NO_PLUGINS | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. |
| $KUBECONFIG | set an alternative Kubernetes configuration file (default "~/.kube/config") |
Helm stores configuration based on the XDG base directory specification, so
- cached files are stored in $XDG_CACHE_HOME/helm
- configuration is stored in $XDG_CONFIG_HOME/helm
- data is stored in $XDG_DATA_HOME/helm
By default, the default directories depend on the Operating System. The defaults are listed below:
| Operating System | Cache Path | Configuration Path | Data Path |
|------------------|---------------------------|--------------------------------|-------------------------|
| Linux | $HOME/.cache/helm | $HOME/.config/helm | $HOME/.local/share/helm |
| macOS | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm |
| Windows | %TEMP%\helm | %APPDATA%\helm | %APPDATA%\helm |
使用helm部署mysql
我们先使用外部仓库定义的Charts来安装一个mysql开始,逐步揭开helm的面纱。
添加仓库
# helm repo add stable http://mirror.azure.cn/kubernetes/charts
# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
# helm repo list
NAME URL
elastic https://helm.elastic.co
stable http://mirror.azure.cn/kubernetes/charts
aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
查找charts
# helm search repo mysql
NAME CHART VERSION APP VERSION DESCRIPTION
aliyun/mysql 0.3.5 Fast, reliable, scalable, and easy to use open-...
stable/mysql 1.6.3 5.7.28 Fast, reliable, scalable, and easy to use open-...
stable/mysqldump 2.6.0 2.4.1 A Helm chart to help backup MySQL databases usi...
...
安装mysql
# helm install aliyun aliyun/mysql
Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Deployment" in version "extensions/v1beta1"
居然报错了,deploument不支持的版本
把charts下载下来,看看里面的内容
# helm pull aliyun/mysql
# tar -zxvf mysql-0.3.5.tgz
# more mysql/templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
...(省略输出)
# kubectl api-resources
NAME SHORTNAMES APIGROUP NAMESPACED KIND
deployments deploy apps true Deployment
这个说明deployment只支持apps的版本(没找到官方说明论证),这也就是外部仓库的charts不一定会及时更新,我们拿来不一定能够直接使用,下面我改为安装stable/mysql。
# helm install db stable/mysql
NAME: db
LAST DEPLOYED: Sun May 17 17:03:59 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
db-mysql.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default db-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h db-mysql -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following command to route the connection:
kubectl port-forward svc/db-mysql 3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}
查看安装
# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
db default 1 2020-05-17 17:03:59.299616407 +0800 CST deployed mysql-1.6.3 5.7.28
# kubectl get pod
NAME READY STATUS RESTARTS AGE
db-mysql-8564f79ccb-gg9tw 0/1 Pending 0 100s
pending状态,我们再继续查看状态,下面省略部分输出
# kubectl describe pod db-mysql-8564f79ccb-gg9tw
Name: db-mysql-8564f79ccb-gg9tw
Namespace: default
Priority: 0
Node: <none>
Labels: app=db-mysql
pod-template-hash=8564f79ccb
release=db
Annotations: <none>
Status: Pending
Conditions:
Type Status
PodScheduled False
Volumes:
data:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: db-mysql
ReadOnly: false
default-token-plkbj:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-plkbj
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling <unknown> default-scheduler pod has unbound immediate PersistentVolumeClaims (repeated 2 times)
Warning FailedScheduling <unknown> default-scheduler pod has unbound immediate PersistentVolumeClaims (repeated 2 times)
创建pvc失败,查看pvc
# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db-mysql Pending 3m32s
# kubectl get pvc/db-mysql -o yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
meta.helm.sh/release-name: db
meta.helm.sh/release-namespace: default
creationTimestamp: "2020-05-17T09:03:59Z"
finalizers:
- kubernetes.io/pvc-protection
labels:
app: db-mysql
app.kubernetes.io/managed-by: Helm
chart: mysql-1.6.3
heritage: Helm
release: db
name: db-mysql
namespace: default
resourceVersion: "14924757"
selfLink: /api/v1/namespaces/default/persistentvolumeclaims/db-mysql
uid: a7b438a3-9513-410d-ae8c-6cbb083fcc1e
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
volumeMode: Filesystem
status:
phase: Pending
需要8G的PV,那我创建PV,
# cat pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
name: dbdata # 修改PV名称
spec:
capacity:
storage: 8Gi # 修改大小
accessModes:
- ReadWriteOnce
nfs:
path: /data/nfs/dbdata # 修改目录名
server: x.x.x.x
# kubectl apply -f pv.yml
再查看安装
# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db-mysql Bound dbdata 8Gi RWO 6m8s
# kubectl get pod (安装需要一定的时间,可以通过下面的命令查看状态)
# kubectl describe pod db-mysql-8564f79ccb-gg9tw
# kubectl logs db-mysql-8564f79ccb-gg9tw
# kubectl get pod
NAME READY STATUS RESTARTS AGE
db-mysql-8564f79ccb-gg9tw 1/1 Running 0 9m43s
直接进入容器,查看mysql可以使用
# 查看mysql密码
# kubectl get secret --namespace default db-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
# kubectl exec -it db-mysql-8564f79ccb-gg9tw bash
# mysql -uroot -p
几个概念
通过上面的安装,我们需要了解下面几个概念
名字 | 描述 |
---|---|
Charts | 应用部署配置模板集 |
Release | 将charts应用到本地的实例 |
Repo | Charts仓库 |
Helm命令解析
命令 | 描述 |
---|---|
create | 创建应用模板 |
install | 安装charts |
list | 列出本地release |
pull | 下载charts到本地目录 |
package | 将chart目录打包为chart归档包 |
show | 查看cahrts内容 |
uninstall | 卸载release |
upgrade | 更新releasr |
version | 查看helm版本号 |
Chart模板
可参考 https://helm.sh/docs/chart_template_guide/
# helm create nginx
# tree .
.
├── charts
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── hpa.yaml
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── serviceaccount.yaml
│ ├── service.yaml
│ └── tests
│ └── test-connection.yaml
└── values.yaml
3 directories, 10 files
编写中...
使用Harbor作为Helm Cahrts仓库
# helm package nginx/
Successfully packaged chart and saved it to: /root/nginx-0.1.0.tgz
# ll
total 8
drwxr-xr-x 4 root root 4096 May 17 19:10 nginx
-rw-r--r-- 1 root root 3572 May 17 21:38 nginx-0.1.0.tgz
# tar -tvf nginx-0.1.0.tgz
-rw-r--r-- 0/0 120 2020-05-17 21:38 nginx/Chart.yaml
-rw-r--r-- 0/0 1798 2020-05-17 21:38 nginx/values.yaml
-rw-r--r-- 0/0 1573 2020-05-17 21:38 nginx/templates/NOTES.txt
-rw-r--r-- 0/0 1800 2020-05-17 21:38 nginx/templates/_helpers.tpl
-rw-r--r-- 0/0 1818 2020-05-17 21:38 nginx/templates/deployment.yaml
-rw-r--r-- 0/0 902 2020-05-17 21:38 nginx/templates/hpa.yaml
-rw-r--r-- 0/0 1048 2020-05-17 21:38 nginx/templates/ingress.yaml
-rw-r--r-- 0/0 355 2020-05-17 21:38 nginx/templates/service.yaml
-rw-r--r-- 0/0 316 2020-05-17 21:38 nginx/templates/serviceaccount.yaml
-rw-r--r-- 0/0 381 2020-05-17 21:38 nginx/templates/tests/test-connection.yaml
-rw-r--r-- 0/0 349 2020-05-17 21:38 nginx/.helmignore
我们的Harbor需要在安装的时候指定安装Helm模块,helm也需要安装push插件。
编写中...