搭建私有 helm 仓库 chartmuseum

chartmuseum 是一个开源的 Helm Chart Repository，支持多种后端存储，包括 GCS，S3 等。

# 这里是直接使用宿主机的目录，因而有两个注意的地方：
# 1. 存放 chart 的目录需要额外授权
# 2. 在 K8S 中需要固定 pod 所在宿主机，我这里选择的是 k8s-node01 

# 在 k8s-node01 上执行
mkdir /data/charts && cd /data/ && chmod 777 charts

# 创建 deployment.yaml 文件
mkdir -p /data/chartmuseum/ && cd /data/chartmuseum/

vi deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: chartmuseum
  name: chartmuseum
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: chartmuseum
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: chartmuseum
    spec:
      containers:
      - image: chartmuseum/chartmuseum:latest
        name: chartmuseum
        ports:
        - containerPort: 8080
          protocol: TCP
        env:
        - name: DEBUG
          value: "1"
        - name: STORAGE
          value: local
        - name: STORAGE_LOCAL_ROOTDIR
          value: /charts
        resources:
          limits:
            cpu: 500m
            memory: 256Mi
          requests:
            cpu: 100m
            memory: 64Mi
        volumeMounts:
        - mountPath: /charts
          name: charts-volume
      nodeSelector:
        kubernetes.io/hostname: k8s-node01
      volumes:
      - name: charts-volume
        hostPath:
          path: /data/charts
          type: DirectoryOrCreate
      restartPolicy: Always

# 创建 service
vi service.yaml 

apiVersion: v1
kind: Service
metadata:
  name: chartmuseum
  namespace: kube-system
spec:
  ports:
    - port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app: chartmuseum

# 启动
kubectl apply -f .

# 检查
kubectl get pods -n kube-system
NAME                                   READY   STATUS    RESTARTS   AGE
chartmuseum-7c976bc4c9-m2cdc           1/1     Running   0          57m

kubectl get svc -n kube-system
NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
chartmuseum     ClusterIP   10.104.6.194    <none>        8080/TCP                 57m

# 成功显示欢迎信息
curl 10.104.6.194:8080

# 添加 helm repo
helm repo add chartmuseum http://10.104.6.194:8080
helm repo list

创建应用并上传到 chartmuseum

mkdir /root/helm && cd /root/helm

helm create myapp

# 留下有用的模板
cd /root/helm/myapp/templates

rm -rf ingress.yaml serviceaccount.yaml tests

# 修改 values.yaml
cd /root/helm/myapp

vi values.yaml

# serviceAccount 下的 create 改成 false 
serviceAccount:
  # Specifies whether a service account should be created
  create: false

# service 下的 type 改成 NodePort
service:
  type: NodePort

# 检查语法
cd /root/helm
helm lint myapp

# 打包 
helm package myapp

# 上传
curl --data-binary "@myapp-0.1.0.tgz" http://10.104.6.194:8080/api/charts

通过 chartmuseum 安装软件

# 查找版本
helm search myapp

# 安装
helm install --name myapp chartmuseum/myapp

# 查看
helm list
helm status myapp

# 删除
helm del --purge myapp 

更新 charts 并上传到 chartmuseum

cd /root/helm/myapp

vi values.yaml
# 调整 replicaCount 为 2
replicaCount: 2

vi Chart.yaml
# 把 version 改为 0.2.0
version: 0.2.0

# 测试，打包
cd /root/helm
helm lint myapp
helm package myapp

# 上传
curl --data-binary "@myapp-0.2.0.tgz" http://10.104.6.194:8080/api/charts

# 更新本地缓存然后可以查看已有的 charts：
helm repo update
helm search chartmuseum/

# 若之前没有删除，可以进行更新
helm upgrade myapp chartmuseum/myapp

# 回滚
helm rollback myapp 1

chartmuseum 通过 Ingress 对外提供服务

mkdir /data/ingress && cd /data/ingress
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
kubectl apply -f mandatory.yaml

# 检查
kubectl get pods -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx --watch

# 创建 chartmuseum ingress.yaml 文件
cd /data/chartmuseum/
vi ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: chartmuseum
  namespace: kube-system
spec:
  rules:
  - host: charts.test.klvchen.com
    http:
      paths:
      - path: /
        backend:
          serviceName: chartmuseum
          servicePort: 8080

kubectl apply -f ingress.yaml 

# 测试
kubectl get pod -n ingress-nginx -o wide
NAME                                        READY   STATUS    RESTARTS   AGE   IP            NODE           NOMINATED NODE   READINESS GATES
nginx-ingress-controller-7f74f657bd-wzhlr   1/1     Running   0          10m   10.244.0.10   k8s-master01   <none>           <none>

# 添加一条记录
vi /etc/hosts
10.244.0.10 charts.test.klvchen.com

curl charts.test.klvchen.com
# 看到 Welcome to ChartMuseum! 证明 ingress-nginx 已生效

# 创建一个 svc，给 ingress-controller 接入流量
cd /data/ingress

vi service-nodeport.yaml 
apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30080
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  externalTrafficPolicy: Cluster

kubectl apply -f service-nodeport.yaml 

# 测试, 获取私有 IP
ifconfig eth0
curl -H 'host:charts.test.klvchen.com' 172.18.89.61:30080

# 最后可以安装一个 nginx，监听域名把流量转发到 K8S worker 上的 30080 端口上

参考：https://github.com/helm/chartmuseum/blob/master/README.md