Helm神器，Kubernetes中的yum

目录

• 一、什么是Helm
• 二、安装
  • 1.安装helm客户端
  • 2.安装Tiller
  • 3.关于helm报错不兼容问题
• 三、Helm使用
  • 1.更换仓库
  • 2.查看存储库中可用的所有Helm chats：
  • 3.更新charts列表
  • 4.查看已经安装的chats
• 四、创建自己的chart
  • 1.建一个cqh的包
  • 2.检查配置和模板是否有效
  • 3.部署到K8S
  • 4.测试访问
  • 5.查看部署的release
  • 6.打包分享
  • 7.helm升级和回退一个应用
• 五、其他
  • 1.自动补全
  • 2.安装包如何指定命名空间
  • 3.获取应用的详细信息
  • 4.如何解决服务依赖
  • 5.如何添加第三方库

本文实践和引用自这篇博文：https://blog.csdn.net/daydayup_668819/article/details/90601967

一、什么是Helm

Helm是K8S下的包管理器，相当于apt-get、yum、brew这样的软件工具，重点概念

1. Helm。命令行客户端工具。主要用于K8S应用程序Chart的创建、打包、发布及管理仓库
2. Tiller。Helm的服务端，用于接收Heml的请求，并根据Chart生成K8S的部署文件（称为Release），然后提交给K8S创建应用。Tiller还提供了Release的升级、回滚等一系列功能
3. Chart。Helm的软件包，采用TAR格式，类似APT的deb或者yum的fpm包，包含了一组定义了K8S资源相关的YAML文件
4. Repostory。Helm的软件仓库，本质上是一个Web服务器，保存了一系列Char软件包以供用户下载
5. Release。使用hel install命令在K8S集群中部署的Chart称为Release

二、安装

1.安装helm客户端

基本就是brew install之类的，或者使用统一安装脚本，这里我用的是brew安装

brew install kubernetes-helm

2.安装Tiller

安装就是helm init

helm init

Helm默认会去storage.googleapis.com拉取镜像，如果你当前执行的机器不能访问访域名的话可以使用以下命令安装

helm init --client-only --stable-repo-url https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts/
helm repo add incubator https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/
helm repo update

创建服务端

helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
# 创建TLS认证服务端，参考地址：https://github.com/gjmzj/kubeasz/blob/master/docs/guide/helm.md
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.1 --tiller-tls-cert /etc/kubernetes/ssl/tiller001.pem --tiller-tls-key /etc/kubernetes/ssl/tiller001-key.pem --tls-ca-cert /etc/kubernetes/ssl/ca.pem --tiller-namespace kube-system --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

在K8S中安装Tiller服务，因数官方镜像无法拉取，可以使用-i指定自己的镜像，可选镜像：registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.1（阿里云），该镜像的版本与helm客户端的版本相同，使用helm version可查看helm客户端版本。

给Tiller授权
因为Helm的服务端的Tiller是一个部署在kube-system命令空间下的Deployment，它会去连接Kube-Api在K8S里创建和删除应用
创建 Kubernetes 的服务帐号和绑定角色

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

为 Tiller 设置帐号，使用 kubectl patch 更新 API 对象

$ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
deployment.extensions "tiller-deploy" patched

查看是否授权成功

kubectl get deploy --namespace kube-system tiller-deploy --output yaml|grep serviceAccount
      serviceAccount: tiller
      serviceAccountName: tille

验证是否安装成功

kubectl -n kube-system get pods|grep tiller
tiller-deploy-6dcc74c957-m7brr 1/1 Running 0 3m39s
➜ helm-test helm version
Client: &version.Version{SemVer:"v2.15.1", GitCommit:"cf1de4f8ba70eded310918a8af3a96bfe8e7683b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}

3.关于helm报错不兼容问题

Helm Error: incompatible versions client[v2.15.0] server[v2.9.1]

解决

brew unlink kubernetes-helm
brew install https://raw.githubusercontent.com/Homebrew/homebrew-core/78d64252f30a12b6f4b3ce29686ab5e262eea812/Formula/kubernetes-helm.rb
brew switch kubernetes-helm 2.9.1

参考链接：https://stackoverflow.com/questions/50701224/helm-incompatible-versions-between-client-and-server

三、Helm使用

1.更换仓库

若遇到Unable to get an update from the “stable” chart repository (https://kubernetes-charts.storage.googleapis.com) 错误，手动更换stable 存储库为阿里云的存储库

# 先移除原先的仓库
helm repo remove stable
# 添加新的仓库地址
helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
# 更新仓库
helm repo update

2.查看存储库中可用的所有Helm chats：

helm search

3.更新charts列表

helm repo update

4.查看已经安装的chats

helm list

四、创建自己的chart

1.建一个cqh的包

➜ helm-test helm create cqh
Creating cqh
➜ helm-test ls
cqh examples get_helm.sh mongodb tiller.yaml
➜ helm-test cd cqh
➜ cqh tree
.
├── Chart.yaml
├── charts
├── templates
│ ├── NOTES.txt
│ ├── _helpers.tpl
│ ├── deployment.yaml
│ ├── ingress.yaml
│ └── service.yaml
└── values.yaml

将values.yaml的镜像改成nginx:alpine

2.检查配置和模板是否有效

helm install --dry-run --debug

会输出包含了模板的变量配置和最终渲染的yaml文件

➜ cqh helm install --dry-run --debug .
[debug] Created tunnel using local port: '62307'

[debug] SERVER: "127.0.0.1:62307"

[debug] Original chart version: ""
[debug] CHART PATH: /Users/chenqionghe/Downloads/helm-test/cqh

NAME: agile-parrot
REVISION: 1
RELEASED: Wed Oct 30 11:09:47 2019
CHART: cqh-0.1.0
USER-SUPPLIED VALUES:
{}

COMPUTED VALUES:
affinity: {}
image:
  pullPolicy: IfNotPresent
  repository: nginx
  tag: alpine
ingress:
  annotations: {}
  enabled: false
  hosts:
  - chart-example.local
  path: /
  tls: []
nodeSelector: {}
replicaCount: 1
resources: {}
service:
  port: 80
  type: ClusterIP
tolerations: []

HOOKS:
MANIFEST:

---
# Source: cqh/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: agile-parrot-cqh
  labels:
    app: cqh
    chart: cqh-0.1.0
    release: agile-parrot
    heritage: Tiller
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app: cqh
    release: agile-parrot
---
# Source: cqh/templates/deployment.yaml
apiVersion: apps/v1beta2
kind: Deployment
metadata:
  name: agile-parrot-cqh
  labels:
    app: cqh
    chart: cqh-0.1.0
    release: agile-parrot
    heritage: Tiller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cqh
      release: agile-parrot
  template:
    metadata:
      labels:
        app: cqh
        release: agile-parrot
    spec:
      containers:
        - name: cqh
          image: "nginx:alpine"
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {}

3.部署到K8S

➜ cqh helm install .
NAME: wintering-jellyfish
LAST DEPLOYED: Wed Oct 30 11:13:30 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
wintering-jellyfish-cqh-849b9f698c-p6tkz 0/1 ContainerCreating 0 0s

==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wintering-jellyfish-cqh ClusterIP 10.43.219.155 <none> 80/TCP 0s

==> v1beta2/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
wintering-jellyfish-cqh 1 1 1 0 0s


NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace default -l "app=cqh,release=wintering-jellyfish" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:80

4.测试访问

使用安装后NOTES的提示命令

➜ ~ export POD_NAME=$(kubectl get pods --namespace default -l "app=cqh,release=wintering-jellyfish" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:80
Visit http://127.0.0.1:8080 to use your application
Forwarding from 127.0.0.1:8080 -> 80
Forwarding from [::1]:8080 -> 80
Handling connection for 8080
Handling connection for 8080
Handling connection for 8080

拉下来就可以使用127.0.0.1:8080访问这个应用了,safari访问如下

5.查看部署的release

➜ cqh helm list
NAME REVISION	UPDATED STATUS CHART NAMESPACE
wintering-jellyfish	1 Wed Oct 30 11:13:30 2019	DEPLOYED	cqh-0.1.0	default

6.打包分享

➜ cqh helm package .
Successfully packaged chart and saved it to: /Users/chenqionghe/Downloads/helm-test/cqh/cqh-0.1.0.tgz
➜ ~ ls ~/.helm/repository/local
cqh-0.1.0.tgz index.yaml

这时候还不能用helm search命令查找到，因为Respository目录中的Chart包还没有被Helm管理，可以通过helm repo list看到已经配置的Repository的信息

➜ cqh helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
incubator	https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/

可以在本地启动一个Repository Server，并将其加入到Helm Repo列表中。
这里我们就使用 helm serve 命令启动一个 Repository Server，该 Server 缺省使用 $HOME/.helm/repository/local 目录作为 Chart 存储，并在 8879 端口上提供服务。

➜ cqh helm serve
Regenerating index. This may take a moment.
Now serving you on 127.0.0.1:8879

访问如下

启动了本地的helm Rpository Server后，就可以将本地Repository加入Helm的Repo列表

➜ ~ helm repo add local http://127.0.0.1:8879
"local" has been added to your repositories
➜ ~ helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879
incubator	https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/

现在可以搜索到了

➜ ~ helm repo update
➜ ~ helm search cqh
NAME CHART VERSION	APP VERSION	DESCRIPTION
local/cqh	0.1.0 1.0 A Helm chart for Kubernetes

7.helm升级和回退一个应用

修改Chart.yaml的0.1.0版本为0.2.0,再使用helm打包发布到本地人防国

➜ helm-test vim cqh/Chart.yaml
➜ helm-test helm package cqh
Successfully packaged chart and saved it to: /Users/chenqionghe/Downloads/helm-test/cqh-0.2.0.tgz
➜ helm-test helm search cqh -l
NAME CHART VERSION	APP VERSION	DESCRIPTION
local/cqh	0.2.0 1.0 A Helm chart for Kubernetes
local/cqh	0.1.0 1.0 A Helm chart for Kubernetes

可以看到已经有两个版本了

升级一个应用使用 helm upgrade将已部署的mike-test升级到最新版本，可以使用--version指定版本号

➜ helm-test helm list

NAME REVISION	UPDATED STATUS CHART NAMESPACE
looping-robin	1 Wed Oct 30 13:40:47 2019	DEPLOYED	cqh-0.2.0	default
➜ helm-test
➜ helm-test
➜ helm-test helm upgrade looping-robin local/cqh
Release "looping-robin" has been upgraded. Happy Helming!
LAST DEPLOYED: Wed Oct 30 13:42:08 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
looping-robin-cqh ClusterIP 10.43.204.74 <none> 80/TCP 1m

==> v1beta2/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
looping-robin-cqh 1 1 1 1 1m

==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
looping-robin-cqh-5bd4c75c64-8qc2k 1/1 Running 0 1m

NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace default -l "app=cqh,release=looping-robin" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:80

查看历史升级

➜ helm-test helm history looping-robin
REVISION	UPDATED STATUS CHART DESCRIPTION
1 Wed Oct 30 13:40:47 2019	SUPERSEDED	cqh-0.2.0	Install complete
2 Wed Oct 30 13:42:08 2019	DEPLOYED cqh-0.3.0	Upgrade complete

回退一个应用，根据REVISION的值

helm-test helm rollback looping-robin 1
Rollback was a success! Happy Helming!

删除应用

➜ helm-test helm delete looping-robin
release "looping-robin" deleted

➜ helm-test helm ls -a looping-robin
NAME REVISION	UPDATED STATUS CHART NAMESPACE
looping-robin	3 Wed Oct 30 13:49:37 2019	DELETED	cqh-0.2.0	default

移除指定 Release 所有相关 Release 的历史记录

➜ helm-test helm delete --purge looping-robin
release "looping-robin" deleted

五、其他

1.自动补全

zsh

$ source <(helm completion zsh)

bash

$ source <(helm completion bash)

2.安装包如何指定命名空间

helm-test helm install --name=cqh --namespace=web cqh

3.获取应用的详细信息

helm get cqh

查看指定版本

helm get --revision 1  cqh

4.如何解决服务依赖

以下声明表明 Chart 依赖 Apache 和 MySQL 这两个第三方 Chart

dependencies:
- name: mariadb
version: 2.1.1
repository: https://kubernetes-charts.storage.googleapis.com/
condition: mariadb.enabled
tags:
- wordpress-database
- name: apache
version: 1.4.0
repository: https://kubernetes-charts.storage.googleapis.com/

5.如何添加第三方库

helm repo add 存储库名 存储库URL
helm repo update