一、Helm概述
1.Helm简介
helm类似于Linxu系统下的包管理工具,如yum、apt等,主要用于Kubernetes应用程序 Chart的创建、打包、发布以及创建和管理本地和远程的Chart仓库。
2.Helm组件
- helm:本地客户端工具,主要用于kubernetes应用chart的创建/打包/发布以及创建和管理和远程Chart仓库。
- Tiller:helm的服务端,部署于kubernetes内,Tiller接受helm的请求,并根据chart生成kubernetes部署文件(helm称为release),然后提交给 Kubernetes创建应用。Tiller还提供了Release的升级、删除、回滚等一系列功能。
- Chart:helm的软件包,采用tar格式,其中包含运行一个应用所需的所有镜像/依赖/资源定义等,还可能包含kubernetes集群中服务定义,类似于yum的rpm文件
- Release:在kubernetes中集群中运行的一个Chart实例,在同一个集群上,一个Chart可以安装多次,每次安装均会生成一个新的release。
- Repository:用于发布和存储Chart的仓库
二、Helm部署
1.安装Helm
# wget https://get.helm.sh/helm-v2.14.3-linux-amd64.tar.gz
# tar -zxvf helm-v2.14.3-linux-amd64.tar.gz
# cp linux-amd64/helm /usr/bin/
# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Error: could not find tiller
2.安装Tiller
tiller所在的节点需要安装socat
- helm默认使用 “https://kubernetes-charts.storage.googleapis.com” 作为缺省的 stable repository 的地址,由于国内无法访问需要替换为阿里的
# helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.14.3 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
# kubectl get pod -n kube-system | grep tiller
tiller-deploy-6867df9fc6-f575p 1/1 Running 0 3m50s
# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
3.Tiller配置rbac
Role-based Access Control
# cat tiller-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
为tiller设置账号
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
# kubectl get deploy -n kube-system tiller-deploy -o yaml | grep serviceAccount
serviceAccount: tiller
serviceAccountName: tiller
4.卸载Tiller
如果需要卸载已部署的Tiller,可使用以下命令完成卸载。
helm reset或helm reset --force
三、helm的使用
1.helm命令补全
# source <(helm completion bash)
# echo "source <(helm completion bash)" >> ~/.bashrc
2.添加仓库
# helm repo list
NAME URL
stable https://mirror.azure.cn/kubernetes/charts
local http://127.0.0.1:8879/charts
# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"aliyun" has been added to your repositories
# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "aliyun" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
3.Helm常用命令
helm常用命令:
- helm search: 搜索charts
- helm fetch: 下载charts到本地目录
- helm install: 安装charts
- helm list: 列出charts的所有版本
命令选项:
completion 为指定的shell生成自动补全脚本(bash或zsh)
create 创建一个新的charts
delete 删除指定版本的release
dependency 管理charts的依赖
fetch 下载charts并解压到本地目录
get 下载一个release
history release历史信息
home 显示helm的家目录
init 在客户端和服务端初始化helm
inspect 查看charts的详细信息
install 安装charts
lint 检测包的存在问题
list 列出release
package 将chart目录进行打包
plugin 增删Helm 插件
repo 增删chart仓库
reset 卸载tiller
rollback release版本回滚
search 搜索chart
serve 启动一个本地的http server
status 查看release状态信息
template 本地模板
test release测试
upgrade release更新
verify 验证chart的签名和有效期
version 打印客户端和服务端的版本信息
4.使用helm安装Monocular
Monocular是一个开源软件,用于管理kubernetes上以Helm Charts形式创建的服务,可以通过它的web页面来安装helm Charts
①安装Nginx Ingress
# cat ingress-values.yaml
controller:
service:
type: NodePort
targetPorts:
http: 80
https: 443
nodePorts:
http: 32080
https: 32443
hostNetwork: true
rbac:
create: true
# helm install --name nginx-ingress aliyun/nginx-ingress -f ingress-values.yaml
# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-658f4878bf-rvx29 1/1 Running 0 6m54s
nginx-ingress-default-backend-878d64884-z7qw9 1/1 Running 0 6m54s
# kubectl get svc -l app=nginx-ingress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller NodePort 10.108.114.19 80:32080/TCP,443:32443/TCP 7m34s
nginx-ingress-default-backend ClusterIP 10.102.104.170 80/TCP 7m34s
②安装Monocular
# helm repo add monocular https://helm.github.io/monocular
# helm install monocular/monocular --name monocular
# kubectl get pod | grep monocular
monocular-mongodb-64df9c7fb6-tp55x 1/1 Running 0 3m24s
monocular-monocular-chartsvc-58cf779c5b-422bj 1/1 Running 2 3m23s
monocular-monocular-chartsvc-58cf779c5b-8wrvr 1/1 Running 2 3m24s
monocular-monocular-chartsvc-58cf779c5b-czppl 1/1 Running 1 3m23s
monocular-monocular-prerender-565885d9dd-sql5k 1/1 Running 0 3m24s
monocular-monocular-sync-initial-incubator-uuk6q-h7nhv 0/1 Completed 2 3m23s
monocular-monocular-sync-initial-stable-4dsb2-qc5pn 1/1 Running 1 3m23s
monocular-monocular-ui-6f8bbd67b-n55vb 1/1 Running 0 3m23s
monocular-monocular-ui-6f8bbd67b-xdql4 1/1 Running 0 3m23s
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 443/TCP 8d
monocular-mongodb ClusterIP 10.98.190.128 27017/TCP 4m15s
monocular-monocular-chartsvc ClusterIP 10.108.54.177 8080/TCP 4m15s
monocular-monocular-prerender NodePort 10.107.66.9 80:31915/TCP 4m15s
monocular-monocular-ui NodePort 10.101.12.118 80:31939/TCP 4m15s
nginx-ingress-controller NodePort 10.108.114.19 80:32080/TCP,443:32443/TCP 48m
nginx-ingress-default-backend ClusterIP 10.102.104.170 80/TCP 48m
# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
monocular-monocular * 80 4m8s
(未解决)访问ingress映射的端口32080时,出现无法访问
5.删除安装的chart
# helm delete --purge monocular
release "monocular" deleted