k8s实战helm3
前言
kubectl虽然提供了全局的通用服务操作能力,但并没有真正做到服务的编排管理
而helm能对k8s服务进行编排管理,还对服务的部署提供发布版本管理、发布历史管理、指定版本回滚、服务发布仓库、参数化模板(多环境差异化部署)等丰富而使用的功能
helm v2 & v3的选择
Helm V2 到 V3 经历了较大的变革,其中最大的改动就是移除了 Tiller 组件,所有功能都通过 Helm CLI 与 ApiServer 直接交互。Tiller 在 V2 的架构中扮演着重要的角色,但是它与 K8S 的设计理念是冲突的
- helm v2存在的缺陷
1. 围绕 Tiller 管理应用的生命周期不利于扩展
2. 增加用户的使用壁垒,服务端需要部署 Tiller 组件才可以使用,侵入性强
3. K8S 的 RBAC 变得毫无用处,Tiller 拥有过大的 RBAC 权限存在安全风险
4. 造成多租户场景下架构设计与实现复杂
- 如下图为v2 & v3的架构设计
helm概述
helm是基于kubernetes的包管理器。它之于kubernetes,就如yum之于centos,pip之于python,npm之于javascript,可以协调应用的下载、安装和部署,Helm Chart可以将应用程序定义为Kubernetes资源的整合
helm通过模板化的方式让kubernetes内部的应用部署管理变得更加简单,所有的helm chart都遵循相同的结构,同时又十分灵活,可以代表你在Kubernetes上运行的任何类型的应用;支持版本化;亦可使用多个配置文件,将它们手动应用到各自的kubernetes集群中,把一个应用程序带起来;helm chart极大程序避免手动操作,也减少了错误发生的概率
Chart
一系列 k8s 资源集合的命名,它包含一系列 k8s 资源配置文件的模板与参数,可供灵活配置
Helm采用Chart的格式来标准化描述一个应用(k8s资源文件集合),Chart有自身标准的目录结构,可以将目录打包成版本化的压缩包进行部署,就像我们下载一个软件包之后,可以直接在电脑安装一样,同理所言,Chart包可以通过Helm部署到任意的K8S集群中
Config
Config指应用配置参数,在Chart中由values.yaml和命令行参数组成,Chart次啊用Go Template的特性+values.yaml对部署的模板文件进行参数渲染,也可以通过Helm Client的命令 --set key=value的方式进行参数赋值
Repository
类似于Docker Hub,Helm官方、阿里云等社区都提供了Helm Repository,我们可以通过helm repo add导入仓库地址,便可以检索仓库并选择别人已经制作好的Chart包,实现开箱即用
Release
Release代表Chart在集群中的运行实例,同一个集群的同一个Namespace下Release名称是唯一的,Helm围绕Release对应用提供了强大的生命周期管理能力,包括Release的查询、安装、更新、删除、回滚等
Chart目录结构
# tree mychart
mychart
├── Chart.yaml # Chart元数据信息,包含名称、版本等
├── charts # 依赖Chart集合: 一些应用的Helm chart有多达四个额外的chart,需要与主要的应用程序一起部署;当这种情况发生时,value文件将用每个chart的value进行更新,这样应用程序将会同时配置和部署
├── templates # K8S资源模板集合[运维人员写的配置文件模板]
│ ├── NOTES.txt # 息在安装Chart时自动显示的用户帮助文档,通常会包含该Chart的使用和配置方法
│ ├── _helpers.tpl # 定义一些可以在Chart里引用的Yaml内容片段
│ ├── deployment.yaml # 用来创建Deployment的资源描述示例
│ ├── hpa.yaml # 用来创建hpa的资源描述示例
│ ├── ingress.yaml # 用来创建ingress的资源描述示例
│ ├── service.yaml # 用来创建service的资源描述示例
│ ├── serviceaccount.yaml # 用来创建serviceaccount的资源描述示例
│ └── tests # 测试目录
│ └── test-connection.yaml # 连接到应用程序的测试
└── values.yaml # 参数配置模板[开发人员写的可选配置参数]
3 directories, 10 files
每个Chart固定由charts、template目录、Chart.yaml、value.yaml等必要的内容组成,Chart的描述形式是非常灵活的,是可以嵌套多层Chart的,但不推荐这么写
理解values.yaml文件
模板文件的设置格式可以从values.yaml文件中收集部署信息,故当自定义helm chart时,需要配置values.yaml文件
cat values.yaml
# Default values for buildachart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
replicaCount=1
意味着只有一个pod会出现,数值可以修改,当为3时,表示会有3个pod
image:
repository: nginx # 拉取的镜像仓库
pullPolicy: IfNotPresent # 拉取规则(IfNotPresent:表示如果集群中不存在新版本镜像,则将下载一个新版本的镜像;Always:表示将在每次部署或重启时拉取镜像,建议在镜像失败的情况下这样做;Latest:它将始终拉取可用的最新版本的镜像,如果你的镜像仓库与你的部署环境兼容,最新版本可能会很有用,但情况并非总是如此])
imagePullSecrets: []
拉取secret的设置,比如密码或你生成的API密钥作为私有镜像仓库的凭证
nameOverride: ""
运行helm create的那一刻起,它的名字(buildachart)就被添加到了一些配置文件中——从上面的YAML文件到templates/helper.tpl文件
fullnameOverride: ""
serviceAccount: # 提供了一个用户身份,以便在集群内部的 pod 中运行;如果保留为空白,则将使用helpers.tpl文件根据全名生成名称,建议设置一个service account,以便应用程序将直接与chart中控制的用户相关联
create: true
annotations: {}
name:
# 可以配置pod安全,以设置限制使用什么类型的文件系统组或哪个用户可以使用,这些选项对于保障Kubernetes pod的安全非常重要
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP # ClusterIP:本地服务网络,将服务暴露在集群内部IP上,选择这个值会使与你的应用程序相关联的服务只能从集群内部到达(并且通过ingress,默认设置为false);NodePort:将服务暴露在每个Kubernetes节点的IP地址上的静态分配端口上
port: 80
resources: {} # 配置Helm chart可以请求的最大资源量和它可以接收的最高限制
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {} # 将部分应用分配给Kubernetes集群中的特定节点
tolerations: [] # 容忍、污点和亲和性一起工作,以确保pod运行在不同的节点上
affinity: {} # 节点亲和性在概念上与nodeSelector类似:它允许你根据节点上的标签来限制pod可以调度哪些节点,节点亲和性是pod的一个属性,它将pod吸引到一组节点上(可以是偏好或硬性要求),污点是相反的——它们允许一个节点排斥一组pod
helm常用命令
- 模板管理命令
1.创建Chart骨架
1.1 语法
helm create mychart
1.2 示例
# helm create mychart
Creating mychart
2.Chart打包
2.1 语法
helm package mychart
2.2 示例
# helm package mychart
Successfully packaged chart and saved it to: C:\Users\devops\k8s\kubeoperator\helm\mychart-0.1.0.tgz
3.获取Chart包元数据信息
3.1 语法
helm inspect chart mychart
3.2 示例
# helm inspect chart mychart
apiVersion: v2
appVersion: 1.16.0
description: A Helm chart for Kubernetes
name: mychart
type: application
version: 0.1.0
4.查询Chart依赖信息
4.1 语法
helm dependency list mychart
4.2 示例
# helm dependency list mychart
WARNING: no dependencies at mychart\charts
- 模板部署命令
1.查询Release列表
1.1 语法
helm list --namespace ${namespace}
1.2 示例
# helm list --namespace default
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web default 3 2021-05-24 17:15:07.3727207 +0800 CST deployed mychart-0.1.0 1.16.0
2.Chart安装
2.1 语法
helm install ${mychart-release-name} mychart --namespace ${namespace}
2.2 示例
# helm install web mychart --namespace default
NAME: web
LAST DEPLOYED: Mon May 24 16:09:05 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mychart,app.kubernetes.io/instance=web" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
3.Chart 版本升级
3.1 语法
helm upgrade ${mychart-release-name} mychart-new-version --namespace ${namespace}
4.Chart版本回滚
4.1 语法
helm rollback ${mychart-release-name} ${revision} --namespace ${namespace}
4.2 示例
# helm rollback web 1 --namespace default
Rollback was a success! Happy Helming!
root@DESKTOP-L3UEDOC:/mnt/c/Users/devops/k8s/kubeoperator/helm# helm.exe list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web default 3 2021-05-24 17:15:07.3727207 +0800 CST deployed mychart-0.1.0 1.16.0
5.查看Release历史版本
5.1 语法
helm history ${mychart-release-name} --namespace ${namespace}
5.2 示例
# helm history web --namespace default
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Mon May 24 17:07:25 2021 superseded mychart-0.1.0 1.16.0 Install complete
2 Mon May 24 17:12:59 2021 superseded mychart-0.1.0 1.16.0 Upgrade complete
3 Mon May 24 17:15:07 2021 deployed mychart-0.1.0 1.16.0 Rollback to 1
helm的作用
体现在基础运维建设及业务应用两方面
- 1.基础运维建设
更方便地部署与升级基础设施,如gitlab,prometheus,grafana,ES等
- 2.业务应用
更方便地部署,管理与升级公司内部应用,为公司内部的项目配置Chart,使用helm结合 CI,在k8s中部署应用如一行命令般简单
k8s与helm
k8s部署一个应用的流程如下
- 1.0 创建deployment模板
kubectl create deployment nginx --image=nginx --dry-run -o yaml > deployment.yaml
- 1.1 启动pod
kubectl apply -f deployment.yaml
- 1.2 检查pod服务
$ kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-f89759699-5mrxb 1/1 Running 0 5m7s
- 2.0 创建service资源
kubectl expose deployment nginx --port=80 --target-port=80 --type=NodePort --dry-run -o yaml > service.yaml
- 2.1 启动service服务
kubectl apply -f service.yaml
- 2.2 检查service服务
$ kubectl.exe get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx NodePort 10.244.119.39 80:30452/TCP 3s
- 3.0 访问nginx服务
浏览器访问: node节点ip:30452(eg: 10.0.0.103:30452),,即可访问到nginx服务应用
helm的作用
解决了如下管理应用的问题
1.如何将这些yaml作为一个整体管理
2.这些yuam文件如何高效复用
3.不支持应用级别的版本管理
- 配置helm微软源地址
# helm repo add stable http://mirror.azure.cn/kubernetes/charts
"stable" has been added to your repositories
- 检查配置源地址
# helm.exe repo list
NAME URL
stable http://mirror.azure.cn/kubernetes/charts
通过helm安装一个k8s-ui
- 去仓库中查找weave的程序包
# helm.exe search repo weave
NAME CHART VERSION APP VERSION DESCRIPTION
stable/weave-cloud 0.3.9 1.4.0 DEPRECATED - Weave Cloud is a add-on to Kuberne...
stable/weave-scope 1.1.12 1.12.0 DEPRECATED - A Helm chart for the Weave Scope c...
- 安装
# helm.exe install ui stable/weave-scope
WARNING: This chart is deprecated
NAME: ui
LAST DEPLOYED: Mon May 24 15:29:35 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
You should now be able to access the Scope frontend in your web browser, by
using kubectl port-forward:
kubectl -n default port-forward $(kubectl -n default get endpoints \
ui-weave-scope -o jsonpath='{.subsets[0].addresses[0].targetRef.name}') 8080:4040
then browsing to http://localhost:8080/.
For more details on using Weave Scope, see the Weave Scope documentation:
https://www.weave.works/docs/scope/latest/introducing/
- 检查weave的pod、svc资源
# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/weave-scope-agent-ui-bgpxt 1/1 Running 0 2m20s
pod/weave-scope-agent-ui-dq2sj 1/1 Running 0 2m20s
pod/weave-scope-agent-ui-htr6f 1/1 Running 0 2m20s
pod/weave-scope-cluster-agent-ui-7498b8d4f4-p8jzm 1/1 Running 0 2m20s
pod/weave-scope-frontend-ui-649c7dcd5d-gg5g2 1/1 Running 0 2m20s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ui-weave-scope ClusterIP 10.244.125.138 80/TCP 2m20s
- 修改svc配置文件,把clusterip改为nodeport,并访问其服务
# kubectl edit svc ui-weave-scope
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
cloud.weave.works/launcher-info: |-
{
"server-version": "master-4fe8efe",
"original-request": {
"url": "/k8s/v1.7/scope.yaml"
},
"email-address": "[email protected]",
"source-app": "weave-scope",
"weave-cloud-component": "scope"
}
meta.helm.sh/release-name: ui
meta.helm.sh/release-namespace: default
creationTimestamp: "2021-05-24T07:28:56Z"
labels:
app: weave-scope
app.kubernetes.io/managed-by: Helm
chart: weave-scope-frontend-1.1.10
component: frontend
heritage: Helm
release: ui
name: ui-weave-scope
namespace: default
resourceVersion: "21113585"
selfLink: /api/v1/namespaces/default/services/ui-weave-scope
uid: 423e4312-7153-4c3d-87ed-07eca633602c
spec:
clusterIP: 10.244.125.138
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: weave-scope
component: frontend
release: ui
sessionAffinity: None
type: ClusterIP # 改为NodePort,并保存
status:
loadBalancer: {}
service/ui-weave-scope edited # 保存后输出的行内容
# kubectl get svc # 查看svc服务,可看到暴露了nodeport端口
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ui-weave-scope NodePort 10.244.125.138 80:32670/TCP 10m
浏览器访问: node节点ip:32670(eg: 10.0.0.103:32670),即可访问到weave服务应用
使用helm部署应用服务
- 创建一个mychart包管理模板
# helm create mychart
Creating mychart
# ls mychart/
Chart.yaml charts templates values.yaml
- 删除之前部署nginx应用服务的deployment与service服务,并把deployment.yaml、service.yaml文件放置在mychart/templates目录下
$ kubectl.exe delete -f deployment.yaml
deployment.apps "nginx" deleted
devops@DESKTOP-L3UEDOC MINGW64 ~/k8s/kubeoperator/helm (master)
$ kubectl.exe delete -f service.yaml
service "nginx" deleted
$ mv -f deployment.yaml mychart/templates
$ mv -f service.yaml mychart/templates
- helm部署mychart
# helm install web mychart
NAME: web
LAST DEPLOYED: Mon May 24 16:09:05 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mychart,app.kubernetes.io/instance=web" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
- helm查看部署的mychart
# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web default 1 2021-05-24 16:09:05.3224408 +0800 CST deployed mychart-0.1.0 1.16.0
- kubectl查看helm部署nginx的pod、svc服务
# kubectl get pod,svc | grep nginx
pod/nginx-f89759699-r9qgm 1/1 Running 0 4m19s
service/nginx NodePort 10.244.75.112 80:31669/TCP 4m19s
- 访问nginx服务
浏览器访问: node节点ip:31669(eg: 10.0.0.103:31669),,即可访问到nginx服务应用
- 补充
修改配置后,helm命令更新服务
helm upgrade web mychart
自定义helm部署mychart
- 自定义mychart/values.yaml的全局变量
replicaCount: 1
name: nginx
image:
repository: nginx
pullPolicy: IfNotPresent
service:
type: NodePort
port: 30360
serviceAccount:
create: true
annotations: {}
name: ""
ingress:
enabled: false
annotations: {}
hosts:
- host: chart-nginx.local
paths: []
tls: []
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
- 修改mychart/templates/deployment.yaml文件,使其使用变量
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {
{ .Values.name }}
name: {
{ .Values.name }}
spec:
replicas: {
{ .Values.replicaCount }}
selector:
matchLabels:
app: {
{ .Values.name }}
template:
metadata:
labels:
app: {
{ .Values.name }}
spec:
containers:
- image: {
{ .Values.image.repository }}
imagePullPolicy: {
{ .Values.image.pullPolicy }}
name: {
{ .Values.name }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
- 修改mychart/templates/service.yaml文件,使其使用变量
apiVersion: v1
kind: Service
metadata:
labels:
app: {
{ .Values.name }}
name: {
{ .Values.name }}
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
nodePort: {
{ .Values.service.port }}
selector:
app: {
{ .Values.name }}
type: {
{ .Values.service.type }}
- 检测配置变量是否正确生效
# helm.exe install --dry-run web mychart
NAME: web
LAST DEPLOYED: Mon May 24 16:55:55 2021
NAMESPACE: default
STATUS: pending-install
REVISION: 1
HOOKS:
---
# Source: mychart/templates/tests/test-connection.yaml
apiVersion: v1
kind: Pod
metadata:
name: "web-mychart-test-connection"
labels:
helm.sh/chart: mychart-0.1.0
app.kubernetes.io/name: mychart
app.kubernetes.io/instance: web
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['web-mychart:30360']
restartPolicy: Never
MANIFEST:
---
# Source: mychart/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: web-mychart
labels:
helm.sh/chart: mychart-0.1.0
app.kubernetes.io/name: mychart
app.kubernetes.io/instance: web
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
---
# Source: mychart/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
nodePort: 30360
selector:
app: nginx
type: NodePort
---
# Source: mychart/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services web-mychart)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
- 创建应用
# helm.exe install web mychart
NAME: web
LAST DEPLOYED: Mon May 24 17:07:25 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services web-mychart)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
- helm查看创建的应用
# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web default 1 2021-05-24 17:07:25.2824516 +0800 CST deployed mychart-0.1.0 1.16.0
- kubectl查看helm部署nginx的pod、svc服务
# kubectl get pod,svc | grep nginx
pod/nginx-5b5489f9cb-hm9hr 1/1 Running 0 2m12s
service/nginx NodePort 10.244.123.181 80:30360/TCP 2m12s
- 访问nginx服务
浏览器访问: node节点ip:30360(eg: 10.0.0.103:30360),,即可访问到nginx服务应用
- 补充
扩容
helm upgrade web --set replicas=3 mychart
示例
# helm upgrade web --set replicas=3 mychart
Release "web" has been upgraded. Happy Helming!
NAME: web
LAST DEPLOYED: Mon May 24 17:12:59 2021
NAMESPACE: default
STATUS: deployed
REVISION: 2
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services web-mychart)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web default 2 2021-05-24 17:12:59.753125 +0800 CST deployed mychart-0.1.0 1.16.0
回滚
helm rollback web 1 # 将web回滚到第一个版本
示例
# helm rollback web 1
Rollback was a success! Happy Helming!
root@DESKTOP-L3UEDOC:/mnt/c/Users/devops/k8s/kubeoperator/helm# helm.exe list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web default 3 2021-05-24 17:15:07.3727207 +0800 CST deployed mychart-0.1.0 1.16.0
高级自定义values.yaml,并用helm部署mychart
使deployment.yaml、service.yaml等使用变量,减少修改的操作,引用values.yaml的全局变量,易于操作,方便配置,相关配置如下
- 自定义mychart/values.yaml的全局变量
replicaCount: 1
name: nginx
image:
repository: nginx
pullPolicy: IfNotPresent
# 此三行内容暂未引用
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
create: true
annotations: {}
name: nginx
podSecurityContext:
fsGroup: 2000
# 此securityContext的相关内容暂未引用,留待后续考究验证
securityContext:
# capabilities:
# drop:
# - ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
service:
name: http
type: NodePort
protocol: TCP
port: 80
targetPort: 8080
nodePort: 30360
ingress:
enabled: false
annotations: {}
# 此二行内容暂未引用
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-nginx.local
paths: []
tls: []
# 此三行内容暂未引用
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
- 修改mychart/templates/deployment.yaml文件,使其使用变量
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {
{ .Values.name }}
name: {
{ .Values.name }}
spec:
replicas: {
{ .Values.replicaCount }}
selector:
matchLabels:
app: {
{ .Values.name }}
template:
metadata:
labels:
app: {
{ .Values.name }}
spec:
serviceAccountName: {
{ .Values.serviceAccount.name }}
# 此securityContext的相关内容暂未引用,留待后续考究验证
# securityContext:
# fsGroup: {
{ .Values.podSecurityContext.fsGroup }}
# readOnlyRootFilesystem: {
{ .Values.securityContext.readOnlyRootFilesystem }}
# runAsNonRoot: {
{ .Values.securityContext.runAsNonRoot }}
# runAsUser: {
{ .Values.securityContext.runAsUser }}
containers:
- image: {
{ .Values.image.repository }}
imagePullPolicy: {
{ .Values.image.pullPolicy }}
name: {
{ .Values.name }}
ports:
- name: {
{ .Values.service.name }}
containerPort: {
{ .Values.service.port }}
protocol: {
{ .Values.service.protocol }}
livenessProbe:
httpGet:
path: /
port: {
{ .Values.service.name }}
readinessProbe:
httpGet:
path: /
port: {
{ .Values.service.name }}
resources:
{
{- toYaml .Values.resources | nindent 12 }}
{
{- with .Values.nodeSelector }}
nodeSelector:
{
{- toYaml . | nindent 8 }}
{
{- end }}
{
{- with .Values.affinity }}
affinity:
{
{- toYaml . | nindent 8 }}
{
{- end }}
{
{- with .Values.tolerations }}
tolerations:
{
{- toYaml . | nindent 8 }}
{
{- end }}
- 修改mychart/templates/service.yaml文件,使其使用变量
apiVersion: v1
kind: Service
metadata:
labels:
app: {
{ .Values.name }}
name: {
{ .Values.name }}
spec:
ports:
- port: {
{ .Values.service.port }}
protocol: {
{ .Values.service.protocol }}
targetPort: {
{ .Values.service.targetPort }}
nodePort: {
{ .Values.service.nodePort }}
selector:
app: {
{ .Values.name }}
type: {
{ .Values.service.type }}
相关的部署等操作详见上述的" 自定义helm部署mychart"
结语
k8s实战之理解helm
Helm V3使用指南
生产环境中helm v2升级v3版本遇到的疑难杂症
k8s 部署利器 helm v3 安装及使用指南
十分钟,创建一个Helm chart
如何选出适合自己的管理Helm Chart的最佳方式
你不得不了解Helm 3中的5个关键新特性