Helm 基本概念
Helm 可以理解为 Kubernetes 的包管理工具,可以方便地发现、共享和使用为Kubernetes构建的应用,它包含几个基本概念
- Chart:一个 Helm 包,其中包含了运行一个应用所需要的镜像、依赖和资源定义等,还可能包含 Kubernetes 集群中的服务定义,类似 Homebrew 中的 formula,APT 的 dpkg 或者 Yum 的 rpm 文件,
- Release: 在 Kubernetes 集群上运行的 Chart 的一个实例。在同一个集群上,一个 Chart 可以安装很多次。每次安装都会创建一个新的 release。例如一个 MySQL Chart,如果想在服务器上运行两个数据库,就可以把这个 Chart 安装两次。每次安装都会生成自己的 Release,会有自己的 Release 名称。
- Repository:用于发布和存储 Chart 的仓库。
Helm 组件
Helm 采用客户端/服务器架构,有如下组件组成:
- Helm CLI 是 Helm 客户端,可以在本地执行
- Tiller 是服务器端组件,在 Kubernetes 群集上运行,并管理 Kubernetes 应用程序的生命周期
- Repository 是 Chart 仓库,Helm客户端通过HTTP协议来访问仓库中Chart的索引文件和压缩包。
安装步骤
1、 下载helm安装包
wget https://storage.googleapis.com/kubernetes-helm/helm-v2.10.0-rc.3-linux-amd64.tar.gz
2、创建tiller的serviceaccount和clusterrolebinding
kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
3. 安装helm服务端tiller
[root@master1 gateway]# helm init -i 192.168.200.10/source/kubernetes-helm/tiller:v2.10.0-rc.3 --service-account tiller --skip-refresh Creating /root/.helm Creating /root/.helm/repository Creating /root/.helm/repository/cache Creating /root/.helm/repository/local Creating /root/.helm/plugins Creating /root/.helm/starters Creating /root/.helm/cache/archive Creating /root/.helm/repository/repositories.yaml Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com Adding local repo with URL: http://127.0.0.1:8879/charts $HELM_HOME has been configured at /root/.helm. Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster. Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy. To prevent this, run `helm init` with the --tiller-tls-verify flag. For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation Happy Helming!
4、 查看是否安装
[root@master1 gateway]# kubectl -n kube-system get pods|grep tiller tiller-deploy-849c444cff-h9zw2 1/1 Running 0 46s
5. 替换helm 的repo源
[root@kubernetes-1 ~]# helm repo list NAME URL stable https://kubernetes-charts.storage.googleapis.com local http://127.0.0.1:8879/charts [root@kubernetes-1 ~]# helm repo remove stable "stable" has been removed from your repositories [root@kubernetes-1 ~]# helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts "stable" has been added to your repositories [root@kubernetes-1 ~]# helm repo update Hang tight while we grab the latest from your chart repositories... ...Skip local chart repository ...Successfully got an update from the "stable" chart repository Update Complete. ⎈ Happy Helming!⎈ [root@kubernetes-1 ~]# helm repo list NAME URL local http://127.0.0.1:8879/charts stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
6、创建chart
helm create gateway
7. 测试修改是否正确
[root@master1 helm]# ls gateway helm-v2.10.0-rc.3-linux-amd64.tar.gz linux-amd64 [root@master1 helm]# helm install --dry-run --debug ./gateway [debug] Created tunnel using local port: '46252' [debug] SERVER: "127.0.0.1:46252" [debug] Original chart version: "" [debug] CHART PATH: /root/helm/gateway NAME: imprecise-sabertooth REVISION: 1 RELEASED: Tue Aug 14 14:42:14 2018 CHART: gateway-0.1.0 USER-SUPPLIED VALUES: {} COMPUTED VALUES: affinity: {} image: pullPolicy: IfNotPresent repository: 192.168.200.10/source/nginx tag: latest ingress: {} nodeSelector: {} replicaCount: 1 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi service: port: 80 type: ClusterIP tolerations: [] HOOKS: MANIFEST: --- # Source: gateway/templates/service.yaml apiVersion: v1 kind: Service metadata: name: imprecise-sabertooth-gateway labels: app: gateway chart: gateway-0.1.0 release: imprecise-sabertooth heritage: Tiller spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http selector: app: gateway release: imprecise-sabertooth --- # Source: gateway/templates/deployment.yaml apiVersion: apps/v1beta2 kind: Deployment metadata: name: imprecise-sabertooth-gateway labels: app: gateway chart: gateway-0.1.0 release: imprecise-sabertooth heritage: Tiller spec: replicas: 1 selector: matchLabels: app: gateway release: imprecise-sabertooth template: metadata: labels: app: gateway release: imprecise-sabertooth spec: containers: - name: gateway image: "192.168.200.10/source/nginx:latest" imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 protocol: TCP livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi
部署到kubernetes
[root@master1 gateway]# helm install . NAME: riotous-crab LAST DEPLOYED: Tue Aug 14 14:43:21 2018 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE riotous-crab-gateway ClusterIP 10.254.26.20 <none> 80/TCP 0s ==> v1beta2/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE riotous-crab-gateway 1 1 1 0 0s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE riotous-crab-gateway-fd7465cc8-frcmd 0/1 ContainerCreating 0 0s NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app=gateway,release=riotous-crab" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80
查看部署的relaese
helm list
删除relaese
helm delete gateway
将应用打包
[root@master1 gateway]# helm package . Successfully packaged chart and saved it to: /root/helm/gateway/gateway-0.1.0.tgz
gateway目录会被打包为一个 gateway-0.1.0.tgz 格式的压缩包,该压缩包会被放到当前目录下,并同时被保存到了 Helm 的本地缺省仓库目录中。
如果你想看到更详细的输出,可以加上 --debug 参数来查看打包的输出,输出内容应该类似如下:
helm package gateway --debug Successfully packaged chart and saved it to: /root/gateway/gateway-0.1.0.tgz [debug] Successfully saved /root/gateway/mychart-0.1.0.tgz to /root/.helm/repository/local
将应用发布到 Repository
虽然我们已经打包了 Chart 并发布到了 Helm 的本地目录中,但通过 helm search 命令查找,并不能找不到刚才生成的 mychart包
helm search gateway
No results found
这是因为 Repository 目录中的 Chart 包还没有被 Helm 管理。通过 helm repo list命令可以看到目前 Helm 中已配置的 Repository 的信息。
helm repo list NAME URL stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
我们可以在本地启动一个 Repository Server,并将其加入到 Helm Repo 列表中。Helm Repository 必须以 Web 服务的方式提供,这里我们就使用 helm serve 命令启动一个 Repository Server,该 Server 缺省使用 $HOME/.helm/repository/local目录作为 Chart 存储,并在 8879 端口上提供服务。
chart通过HTTP server方式提供
helm serve #默认是 127.0.0.1:8879 可以添加参数 helm serve --address 192.168.20.171:80
如果你想使用指定目录来做为 Helm Repository 的存储目录,可以加上 --repo-path参数:
$ helm serve --address 192.168.20.171:8879 --repo-path /data/helm/repository/ --url http://192.168.20.171:8879/charts/
通过 helm repo index 命令将 Chart 的 Metadata 记录更新在 index.yaml 文件中:
# 更新 Helm Repository 的索引文件 cd /home/k8s/.helm/repository/local helm repo index --url=http://192.168.20.171:8879 .
完成启动本地 Helm Repository Server 后,就可以将本地 Repository 加入 Helm 的 Repo 列表。
helm repo add local http://127.0.0.1:8879 "local" has been added to your repositories
现在再次查找 mychart 包,就可以搜索到了。
helm repo update helm search gateway NAME CHART VERSION APP VERSION DESCRIPTION local/gateway 0.1.0 1.0 A Helm chart for Kubernetes
注:helm install 默认会用到 socat,需要在所有节点上安装 socat 软件包。
部署一个应用 通过 helm install 命令部署该 Chart
当使用 helm install 命令部署应用时,实际上就是将 templates 目录下的模板文件渲染成 Kubernetes 能够识别的 YAML 格式。
在部署前我们可以使用 helm install --dry-run --debug <chart_dir> --name <release_name>命令来验证 Chart 的配置。该输出中包含了模板的变量配置与最终渲染的 YAML 文件。
[root@master1 helm]# helm install istio --name istio --namespace istio-system Error: a release named istio already exists. Run: helm ls --all istio; to check the status of the release Or run: helm del --purge istio; to delete it [root@master1 helm]# helm ls --all istio NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE istio 1 Tue Aug 14 10:48:26 2018 DELETED istio-1.0.0 1.0.0 istio-system [root@master1 helm]# helm ls --all NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE garish-lion 1 Mon Aug 13 14:22:15 2018 DELETED gateway-0.1.2 1.2 default istio 1 Tue Aug 14 10:48:26 2018 DELETED istio-1.0.0 1.0.0 istio-system opining-kudu 1 Mon Aug 6 17:48:14 2018 DELETED fengjian-0.1.0 1.0 default riotous-crab 1 Tue Aug 14 14:43:21 2018 DELETED gateway-0.1.0 1.0 default undercooked-alpaca 1 Mon Aug 13 12:13:26 2018 DELETED gateway-0.1.0 1.0 default virtuous-hamster 1 Mon Aug 6 17:07:44 2018 DELETED hello-helm-0.1.0 1.0 default [root@master1 helm]# helm del --purge istio release "istio" deleted
升级和回退一个应用
从上面 helm list 输出的结果中我们可以看到有一个 Revision(更改历史)字段,该字段用于表示某一个 Release 被更新的次数,我们可以用该特性对已部署的 Release 进行回滚。
修改 Chart.yaml 文件
将版本号从 0.1.0 修改为 0.2.0, 然后使用 helm package 命令打包并发布到本地仓库。
cat gateay/Chart.yaml apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: mychart version: 0.2.0 $ helm package gateway Successfully packaged chart and saved it to: /root/gateway/gateway-0.2.0.tgz
查询本地仓库中的 Chart 信息
我们可以看到在本地仓库中 gateway 有两个版本。
helm search gateway -l NAME CHART VERSION APP VERSION DESCRIPTION local/gateway 0.2.0 1.0 A Helm chart for Kubernetes local/gateway 0.1.0 1.0 A Helm chart for Kubernetes
升级一个应用
现在用 helm upgrade 命令将已部署的 mike-test 升级到新版本。你可以通过 --version 参数指定需要升级的版本号,如果没有指定版本号,则缺省使用最新版本。
helm upgrade mike-test local/mychart Release "mike-test" has been upgraded. Happy Helming! LAST DEPLOYED: Mon Jul 23 10:50:25 2018 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE mike-test-gateway-6d56f8c8c9-d685v 1/1 Running 0 9m ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE mike-test-gateway ClusterIP 10.254.120.177 <none> 80/TCP 9m ==> v1beta2/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE mike-test-gateway 1 1 1 1 9m NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app=gateway,release=mike-test" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80
完成后,可以看到已部署的 mike-test 被升级到 0.2.0 版本。
helm list NAME REVISION UPDATED STATUS CHART NAMESPACE mike-test 2 Mon Jul 23 10:50:25 2018 DEPLOYED gateway-0.2.0 default
回退一个应用
如果更新后的程序由于某些原因运行有问题,需要回退到旧版本的应用。首先我们可以使用 helm history 命令查看一个 Release 的所有变更记录。
helm history mike-test REVISION UPDATED STATUS CHART DESCRIPTION 1 Mon Jul 23 10:41:20 2018 SUPERSEDED gateway-0.1.0 Install complete 2 Mon Jul 23 10:50:25 2018 DEPLOYED gateway-0.2.0 Upgrade complete
其次,我们可以使用下面的命令对指定的应用进行回退。
helm rollback mike-test 1 Rollback was a success! Happy Helming!
最后,我们使用 helm list 和 helm history 命令都可以看到 mychart 的版本已经回退到 0.1.0 版本。
helm list NAME REVISION UPDATED STATUS CHART NAMESPACE mike-test 3 Mon Jul 23 10:53:42 2018 DEPLOYED gateway-0.1.0 default $ helm history mike-test REVISION UPDATED STATUS CHART DESCRIPTION 1 Mon Jul 23 10:41:20 2018 SUPERSEDED gateway-0.1.0 Install complete 2 Mon Jul 23 10:50:25 2018 SUPERSEDED gateway-0.2.0 Upgrade complete 3 Mon Jul 23 10:53:42 2018 DEPLOYED gateway-0.1.0 Rollback to 1
删除一个应用
如果需要删除一个已部署的 Release,可以利用 helm delete 命令来完成删除。
helm delete mike-test release "mike-test" deleted
确认应用是否删除,该应用已被标记为 DELETED 状态。
helm ls -a mike-test NAME REVISION UPDATED STATUS CHART NAMESPACE mike-test 3 Mon Jul 23 10:53:42 2018 DELETED gateway-0.1.0 default
也可以使用 --deleted 参数来列出已经删除的 Release
helm ls --deleted NAME REVISION UPDATED STATUS CHART NAMESPACE mike-test 3 Mon Jul 23 10:53:42 2018 DELETED gateway-0.1.0 default
从上面的结果也可以看出,默认情况下已经删除的 Release 只是将状态标识为 DELETED 了 ,但该 Release 的历史信息还是继续被保存的。
helm hist mike-test REVISION UPDATED STATUS CHART DESCRIPTION 1 Mon Jul 23 10:41:20 2018 SUPERSEDED gateway-0.1.0 Install complete 2 Mon Jul 23 10:50:25 2018 SUPERSEDED gateway-0.2.0 Upgrade complete 3 Mon Jul 23 10:53:42 2018 DELETED gateway-0.1.0 Deletion complete
如果要移除指定 Release 所有相关的 Kubernetes 资源和 Release 的历史记录,可以用如下命令:
helm delete --purge mike-test release "mike-test" deleted