1、Helm概念
Helm是Kubernates的包管理器。比如Debian、Ubuntu的apt,Red Hat、CentOS的yum、Mac的brew
2、为什么需要Helm
Kubernates能够很好地组织和编排容器,但是它缺少一个更高层次的应用打包工具,而Helm就是为此而生
3、Helm架构
术语 :
- Chart : 是创建一个应用的信息集合,包括各种Kubernates对象的配置模版、参数定义、依赖关系、文档说明等。chart是应用部署的自包含逻辑单元。可以将chart想象成apt、yum中的软件安装包
- Release : 是chart的运行实例,代表了一个正在运行的应用。可以理解为一个类的实例,在同一个集群中是可以有多个实例的
- Repository : Charts仓库,用于集中存储和分发Charts
4、安装
1、下载
https://get.helm.sh/helm-v3.12.1-linux-amd64.tar.gz
2、解压
tar -zxvf https://get.helm.sh/helm-v3.12.1-linux-amd64.tar.gz
3、安装
mv linux-amd64/helm /usr/local/bin/helm5、helm使用
5.1、指定仓库
Helm3安装会后,默认没有存储仓库,需要手动添加,推荐仓库 https://charts.bitnami.com/bitnami,使用命令 helm repo add来添加仓库
因为已经添加,所以提示已经存在
[root@node1 ~]# helm repo add bitnami https://charts.bitnami.com/bitnami
"bitnami" already exists with the same configuration, skippin
[root@node1 ~]# helm repo list
NAME URL
bitnami https://charts.bitnami.com/bitnami5.2、搜索应用
Helm 自带一个强大的搜索命令,可以用来从两种来源中进行搜索 :
- helm search hub 从 Artifact Hub 中查找并列出 helm charts。Artifact Hub中存放了大量不同的仓库
- helm search repo 从你添加(使用helm repo add) 到本地 helm 客户端中的仓库进行查找。该命令基于本地数据进行搜索,无需链接互联网
[root@node1 ~]# helm search repo redis
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/redis 17.13.2 7.0.12 Redis(R) is an open source, advanced key-value ...
bitnami/redis-cluster 8.6.9 7.0.12 Redis(R) is an open source, scalable, distribut...5.3、查看应用版本
[root@node1 ~]# helm search repo bitnami/redis -l
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/redis 17.13.2 7.0.12 Redis(R) is an open source, advanced key-value ...
bitnami/redis 17.13.1 7.0.12 Redis(R) is an open source, advanced key-value ...
bitnami/redis 17.11.8 7.0.12 Redis(R) is an open source, advanced key-value ...
bitnami/redis 17.11.7 7.0.11 Redis(R) is an open source, advanced key-value ...
bitnami/redis 17.11.6 7.0.11 Redis(R) is an open source, advanced key-value ...
bitnami/redis 17.11.5 7.0.11 Redis(R) is an open source, advanced key-value ...
bitnami/redis 17.11.4 7.0.11 Redis(R) is an open source, advanced key-value ...
bitnami/redis 17.11.3 7.0.11 Redis(R) is an open source, advanced key-value ...
bitnami/redis 17.11.2 7.0.11 Redis(R) is an open source, advanced key-value ...
..................5.4、安装应用
通过命令 helm install releaseName chartName 来安装应用,releaseName指这次运行实例的名称,需要自定义,chartName是char对应的仓库名称,比如上面的bitnami/reids是redis的chartName
注意 : 需要首先创建PV,需要所有节点都创建/data/redis1、/data/redis2、/data/redis3、/data/redis4 这几个目录,同时授予权限,比如说chmod -R 777 目录
[root@node1 ~]# cat redis_pv1.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: redis-pv-1
labels:
type: local
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/redis1"
[root@node1 ~]# cat redis_pv2.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: redis-pv-2
labels:
type: local
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/redis2"
[root@node1 ~]# cat redis_pv3.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: redis-pv-3
labels:
type: local
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/redis3"
[root@node1 ~]# cat redis_pv4.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: redis-pv-4
labels:
type: local
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/redis4"
[root@node1 ~]# helm install redis-server bitnami/redis --version=16.13.1
NAME: redis-server # releaseName
LAST DEPLOYED: Tue Jul 18 10:41:42 2023
NAMESPACE: default # 部署在k8s中的命名空间
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 16.13.1 # chart版本
APP VERSION: 6.2.7 # reids应用版本
** Please be patient while the chart is being deployed **
Redis® can be accessed on the following DNS names from within your cluster:
redis-server-master.default.svc.cluster.local for read/write operations (port 6379)
redis-server-replicas.default.svc.cluster.local for read-only operations (port 6379)
# redis的密码
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace default redis-server -o jsonpath="{.data.redis-password}" | base64 -d)
# 以下是连接redis的方式
To connect to your Redis® server:
# 1、使用启动一个redis-client容器,通过这个reids-client来进行访问
1. Run a Redis® pod that you can use as a client:
kubectl run --namespace default redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image docker.io/bitnami/redis:6.2.7-debian-11-r9 --command -- sleep infinity
Use the following command to attach to the pod:
kubectl exec --tty -i redis-client \
--namespace default -- bash
# 直连redis
2. Connect using the Redis® CLI:
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-server-master
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-server-replicas
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace default svc/redis-server-master 6379:6379 &
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 63795.5、查看对应k8s信息
上面安装的命令,会自动将redis服务部署到k8s中,我们不需要单独写复杂的Service、Pod、PVC......
# 查看service,发现redis是主从模式
[root@node1 ~]# kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.1.0.1 443/TCP 27h
redis-server-headless ClusterIP None 6379/TCP 136m
redis-server-master ClusterIP 10.1.146.251 6379/TCP 136m
redis-server-replicas ClusterIP 10.1.15.85 6379/TCP 136m
# 查看 pod
[root@node1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
redis-server-master-0 1/1 Running 0 151m
redis-server-replicas-0 1/1 Running 0 151m
redis-server-replicas-1 1/1 Running 0 151m
redis-server-replicas-2 1/1 Running 0 150m 5.6、测试访问服务
1、创建redis-client容器
[root@node1 ~]# export REDIS_PASSWORD=$(kubectl get secret --namespace default redis-server -o jsonpath="{.data.redis-password}" | base64 -d)
[root@node1 ~]# kubectl run --namespace default redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image docker.io/bitnami/redis:6.2.7-debian-11-r9 --command -- sleep infinity
pod/redis-client created
2、登录redis-client容器,访问redis
[root@node1 ~]# echo $REDIS_PASSWORD
iv1hCMAoAS
[root@node1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
redis-client 1/1 Running 0 2m41s 10.244.1.25 node2
redis-server-master-0 1/1 Running 0 156m 10.244.1.21 node2
redis-server-replicas-0 1/1 Running 0 156m 10.244.1.22 node2
redis-server-replicas-1 1/1 Running 0 156m 10.244.1.23 node2
redis-server-replicas-2 1/1 Running 0 155m 10.244.1.24 node2
[root@node1 ~]# kubectl exec --tty -i redis-client --namespace default -- bash
I have no name!@redis-client:/$ redis-cli -h 10.244.1.21 -a iv1hCMAoAS
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
10.244.1.21:6379> set test 123
OK
10.244.1.21:6379> get test
"123"
3、登录redis服务端测试
[root@node1 ~]# kubectl exec -it redis-server-master-0 -- bash
I have no name!@redis-server-master-0:/$ redis-cli -a iv1hCMAoAS
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
127.0.0.1:6379> get test
"123"
127.0.0.1:6379> 6、应用升级
6.1、查看当前版本
[root@node1 ~]# kubectl exec -it redis-server-master-0 -- bash
I have no name!@redis-server-master-0:/$ redis-cli --version
redis-cli 6.2.76.2、升级
使用命令helm upgrade releaseName charName
[root@node1 ~]# helm upgrade redis-server bitnami/redis --version=17.0.1
Release "redis-server" has been upgraded. Happy Helming!
NAME: redis-server
LAST DEPLOYED: Tue Jul 18 14:27:09 2023
NAMESPACE: default
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 17.0.1
APP VERSION: 7.0.3
** Please be patient while the chart is being deployed **
Redis® can be accessed on the following DNS names from within your cluster:
redis-server-master.default.svc.cluster.local for read/write operations (port 6379)
redis-server-replicas.default.svc.cluster.local for read-only operations (port 6379)
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace default redis-server -o jsonpath="{.data.redis-password}" | base64 -d)
To connect to your Redis® server:
1. Run a Redis® pod that you can use as a client:
kubectl run --namespace default redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image docker.io/bitnami/redis:7.0.3-debian-11-r0 --command -- sleep infinity
Use the following command to attach to the pod:
kubectl exec --tty -i redis-client \
--namespace default -- bash
2. Connect using the Redis® CLI:
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-server-master
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-server-replicas
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace default svc/redis-server-master 6379:6379 &
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 6379# 进入pod查看redis版本
[root@node1 opt]# kubectl exec -it redis-server-master-0 -- bash
I have no name!@redis-server-master-0:/$ redis-cli --version
redis-cli 7.0.36.3、回滚
每次对应用的操作(安装、升级、回滚),都会被保存起来,可以通过命令 helm history releaseName 查看历史操作信息,然后通过命令 helm rollback releaseName 版本号
[root@node1 opt]# helm history redis-server
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Jul 18 16:57:34 2023 superseded redis-16.13.1 6.2.7 Install complete
2 Tue Jul 18 17:04:00 2023 deployed redis-17.0.1 7.0.3 Upgrade complete回滚到指定版本
[root@node1 opt]# helm rollback redis-server 1
Rollback was a success! Happy Helming!
可以看到回退到 6.2.7 了
[root@node1 opt]# kubectl exec -it redis-server-master-0 -- bash
I have no name!@redis-server-master-0:/$ redis-cli --version
redis-cli 6.2.7
[root@node1 opt]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
redis-server default 3 2023-07-18 17:23:37.847360872 +0800 CST deployed redis-16.13.1 6.2.76.4、卸载应用
通过命令helm uninstall releaseName来卸载应用,执行如下:
[root@node1 opt]# helm uninstall redis-server
release "redis-server" uninstalled注意 : 默认卸载应用后会删除与应用相关的所有发布记录,如果还想继续保留发布记录信息,可以通过
[root@node1 ~]# helm uninstall redis-server --keep-history保留后的记录,并且依然可以通过 helm rollback 来回滚到删除前的版本
7、构建Chart
chart 是 Helm 的核心。除了将它们安装到kubernates集群中或管理已安装的chart实例之外,还可以构建chart或更改现有chart
- chart的设计目标 : 把kubernates作为一个又自己独特风格的平台
- cahrt的核心是模版 : 该模版用于生成可以在集群中安装和管理kubernates清单
7.1、创建模版
helm create chartName 可以轻松创建一个 chart 模版,里面包含所有必须得 cahrt 格式和文件,创建命令如下 :
[root@node1 opt]# helm create nginx-demo
Creating nginx-demo
[root@node1 opt]# tree -L 2 nginx-demo
nginx-demo
├── charts
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── hpa.yaml
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── serviceaccount.yaml
│ ├── service.yaml
│ └── tests
└── values.yaml
3 directories, 9 files- Chart.yaml : 描述 chart 的概要信息
- charts : chart 可以依赖于其他cahrt,被依赖的 chart 可以放进这个目录,目录这是个空目录
- templates : 用于生成Kubernates清单的模版存储在 templates 目录中
- NOTES.txt : 安装 chart 时,NOTES.txt 文件模版是被渲染和显示列(而不是被安装到)集群中,比如安装成功后的使用提示等
- values.yaml : 当 Helm 渲染清单时传递给模版的默认值值位于 values.yaml 文件中。实例化 cahrt 时,可以覆盖这些值
7.2、修改values.yaml
默认生成的 values.yaml 里面有很多内容,这里只修改一些满足要求的配置信息 :
image:
repository: bjbfd/nginx # 设置镜像仓库地址
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v4" # 设置版本
.....
# 服务配置信息
service:
type: NodePort
port: 80 # ClusterIP监听的端口
targetPort: 80 # Pod监听的端口
nodePort: 30001 # 端口范围在 30000~32767.3、安装
[root@node1 nginx-demo]# helm install nginx-demo .
NAME: nginx-demo
LAST DEPLOYED: Tue Jul 18 17:52:27 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services nginx-demo)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT7.4、访问
[root@node1 ~]# curl 172.24.251.133:31179
这是一个本地构建的nginx镜像7.5、查看yaml文件
[root@node1 ~]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
dolphinscheduler default 1 2023-07-18 19:37:59.461425633 +0800 CST deployed dolphinscheduler-helm-3.1.7 3.1.7
[root@node1 ~]# helm get manifest dolphinscheduler | more
---
# Source: dolphinscheduler-helm/templates/rbac.yaml
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: dolphinscheduler
chart: dolphinscheduler-helm-3.1.7
release: dolphinscheduler
name: dolphinscheduler
---
# Source: dolphinscheduler-helm/charts/postgresql/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: dolphinscheduler-postgresql
labels:
app.kubernetes.io/name: postgresql
helm.sh/chart: postgresql-10.3.18
app.kubernetes.io/instance: dolphinscheduler
app.kubernetes.io/managed-by: Helm
namespace: default
type: Opaque
data:
postgresql-postgres-password: "TWJWSXVGa2Nnbg=="
postgresql-password: "cm9vdA=="
---
# Source: dolphinscheduler-helm/templates/configmap-dolphinscheduler-common.yaml
..........................