Helm v3从入门到实战

目录

• 什么是Helm
• 安装Helm
• Helm基本架构
• 使用helm部署mysql
• 几个概念
• Helm命令解析
• Chart模板
• 使用Harbor做为Helm Cahrts仓库

在学习Helm以前，你须要先对k8s的deployment/pod/service/ingress/pv/pvc/statefulset/configmap/vxlan/flannel/daemonset等要可以比较熟练的使用。

什么是Helm

helm的官网https://helm.sh/ ，上面讲了

The package manager for Kubernetes.
Helm is the best way to find, share, and use software built for Kubernetes.
Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste.
Helm is a graduated project in the CNCF and is maintained by the Helm community.

包管理，helm是一个k8s包管理工具，好了，怎么理解？
举个例子，yum咱们知道吧，它是rpm包管理工具，咱们执行yum install mysql时，它会自动帮咱们安装mysql和mysql须要的依赖，那helm的包管理了？
我再举个例子，咱们在k8s部署一个mysql时，是否是要先编写deployment、services、ingress、pv、pvc、configmap等文件，固然我也能够把它们编写到一个文件，而后执行kubectl apply -f mysql.yml，而helm怎么安装mysql了？ helm install mysql repo/mysql便可，如歌就这么理解了helm，其实还不对，由于你执行helm install时，helm怎么知道mysql的版本、要映射的端口、要配置的域名等，这些仍是须要你去写helm格式的配置文件，这些文件的内容甚至比kubectl apply的文件还要多，因此那helm到底有哪些好处了？
我再举个例子，若是咱们不一样的项目也须要mysql时，咱们是否是复制一下上面的mysql.yml而后修改一下里面的内容。好比service/ingress/pv/pvc等，如何有更新的项目，咱们是否是继续复制修改复制修改，而helm了？helm只需编写一个helm模板的配置文件，而后多个项目应用部署时，只须要项目本身的参数便可。模板功能方便了咱们部署k8s服务，这才是咱们须要helm的地方，helm具体如何使用，咱们继续看下面的内容。

安装Helm

下载连接，https://github.com/helm/helm/releases ，下载完后，解压便可

本文档是将helm安装在k8s主机
# tar -zxvf helm-v3.2.1-linux-amd64.tar.gz
# cp linux-amd64/helm /usr/local/bin/
# helm version
version.BuildInfo{Version:"v3.2.1", GitCommit:"fe51cd1e31e6a202cba7dead9552a6d418ded79a", GitTreeState:"clean", GoVersion:"go1.13.10"}

Helm基本架构

这里的kube-config就是链接kube-apiserver的配置信息。个人helm安装在k8s主机且是root帐户，因此我不用再配置kube-config，下面是helm配置文件和链接kube-apiserver配置文件相关说明，helm --help能够看到

Environment variables:

| Name                               | Description                                                                       |
|------------------------------------|-----------------------------------------------------------------------------------|
| $XDG_CACHE_HOME                    | set an alternative location for storing cached files.                             |
| $XDG_CONFIG_HOME                   | set an alternative location for storing Helm configuration.                       |
| $XDG_DATA_HOME                     | set an alternative location for storing Helm data.                                |
| $HELM_DRIVER                       | set the backend storage driver. Values are: configmap, secret, memory, postgres   |
| $HELM_DRIVER_SQL_CONNECTION_STRING | set the connection string the SQL storage driver should use.                      |
| $HELM_NO_PLUGINS                   | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.                        |
| $KUBECONFIG                        | set an alternative Kubernetes configuration file (default "~/.kube/config")       |

Helm stores configuration based on the XDG base directory specification, so

- cached files are stored in $XDG_CACHE_HOME/helm
- configuration is stored in $XDG_CONFIG_HOME/helm
- data is stored in $XDG_DATA_HOME/helm

By default, the default directories depend on the Operating System. The defaults are listed below:

| Operating System | Cache Path                | Configuration Path             | Data Path               |
|------------------|---------------------------|--------------------------------|-------------------------|
| Linux            | $HOME/.cache/helm         | $HOME/.config/helm             | $HOME/.local/share/helm |
| macOS            | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm      |
| Windows          | %TEMP%\helm               | %APPDATA%\helm                 | %APPDATA%\helm          |

使用helm部署mysql

咱们先使用外部仓库定义的Charts来安装一个mysql开始，逐步揭开helm的面纱。

添加仓库

# helm repo add stable http://mirror.azure.cn/kubernetes/charts
# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts 
# helm repo list
NAME   	URL                                                   
elastic	https://helm.elastic.co                               
stable 	http://mirror.azure.cn/kubernetes/charts              
aliyun 	https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

查找charts

# helm search repo mysql
NAME                            	CHART VERSION	APP VERSION	DESCRIPTION                                       
aliyun/mysql                    	0.3.5        	           	Fast, reliable, scalable, and easy to use open-...
stable/mysql                    	1.6.3        	5.7.28     	Fast, reliable, scalable, and easy to use open-...
stable/mysqldump                	2.6.0        	2.4.1      	A Helm chart to help backup MySQL databases usi...
...

安装mysql

# helm install aliyun aliyun/mysql
Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Deployment" in version "extensions/v1beta1"

竟然报错了，deploument不支持的版本
把charts下载下来，看看里面的内容

# helm pull aliyun/mysql
# tar -zxvf mysql-0.3.5.tgz
# more mysql/templates/deployment.yaml 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
...（省略输出）
# kubectl api-resources
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND
deployments                       deploy       apps                           true         Deployment

这个说明deployment只支持apps的版本（没找到官方说明论证），这也就是外部仓库的charts不必定会及时更新，咱们拿来不必定可以直接使用，下面我改成安装stable/mysql。

# helm install db stable/mysql
NAME: db
LAST DEPLOYED: Sun May 17 17:03:59 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
db-mysql.default.svc.cluster.local

To get your root password run:

    MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default db-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)

To connect to your database:

1. Run an Ubuntu pod that you can use as a client:

    kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il

2. Install the mysql client:

    $ apt-get update && apt-get install mysql-client -y

3. Connect using the mysql cli, then provide your password:
    $ mysql -h db-mysql -p

To connect to your database directly from outside the K8s cluster:
    MYSQL_HOST=127.0.0.1
    MYSQL_PORT=3306

    # Execute the following command to route the connection:
    kubectl port-forward svc/db-mysql 3306

    mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}

查看安装

# helm list
NAME	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART      	APP VERSION
db  	default  	1       	2020-05-17 17:03:59.299616407 +0800 CST	deployed	mysql-1.6.3	5.7.28
# kubectl get pod
NAME                          READY   STATUS             RESTARTS   AGE
db-mysql-8564f79ccb-gg9tw     0/1     Pending            0          100s

pending状态，咱们再继续查看状态，下面省略部分输出

# kubectl describe pod db-mysql-8564f79ccb-gg9tw
Name:           db-mysql-8564f79ccb-gg9tw
Namespace:      default
Priority:       0
Node:           <none>
Labels:         app=db-mysql
                pod-template-hash=8564f79ccb
                release=db
Annotations:    <none>
Status:         Pending

Conditions:
  Type           Status
  PodScheduled   False 
Volumes:
  data:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  db-mysql
    ReadOnly:   false
  default-token-plkbj:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-plkbj
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason            Age        From               Message
  ----     ------            ----       ----               -------
  Warning  FailedScheduling  <unknown>  default-scheduler  pod has unbound immediate PersistentVolumeClaims (repeated 2 times)
  Warning  FailedScheduling  <unknown>  default-scheduler  pod has unbound immediate PersistentVolumeClaims (repeated 2 times)

建立pvc失败，查看pvc

# kubectl get pvc
NAME                       STATUS    VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
db-mysql                   Pending                                                     3m32s
# kubectl get pvc/db-mysql -o yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    meta.helm.sh/release-name: db
    meta.helm.sh/release-namespace: default
  creationTimestamp: "2020-05-17T09:03:59Z"
  finalizers:
  - kubernetes.io/pvc-protection
  labels:
    app: db-mysql
    app.kubernetes.io/managed-by: Helm
    chart: mysql-1.6.3
    heritage: Helm
    release: db
  name: db-mysql
  namespace: default
  resourceVersion: "14924757"
  selfLink: /api/v1/namespaces/default/persistentvolumeclaims/db-mysql
  uid: a7b438a3-9513-410d-ae8c-6cbb083fcc1e
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi
  volumeMode: Filesystem
status:
  phase: Pending

须要8G的PV，那我建立PV，

# cat pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: dbdata       # 修改PV名称
spec:
  capacity:
    storage: 8Gi   # 修改大小
  accessModes:
    - ReadWriteOnce
  nfs:
    path: /data/nfs/dbdata   # 修改目录名
    server: x.x.x.x

# kubectl apply -f pv.yml

再查看安装

# kubectl get pvc
NAME                       STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
db-mysql                   Bound    dbdata   8Gi        RWO                           6m8s
# kubectl get pod (安装须要必定的时间，能够经过下面的命令查看状态)
# kubectl describe pod db-mysql-8564f79ccb-gg9tw
# kubectl logs db-mysql-8564f79ccb-gg9tw

# kubectl get pod
NAME                          READY   STATUS             RESTARTS   AGE
db-mysql-8564f79ccb-gg9tw     1/1     Running            0          9m43s

直接进入容器，查看mysql可使用

# 查看mysql密码
# kubectl get secret --namespace default db-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
# kubectl exec -it db-mysql-8564f79ccb-gg9tw bash
# mysql -uroot -p

几个概念

经过上面的安装，咱们须要了解下面几个概念

名字	描述
Charts	应用部署配置模板集
Release	将charts应用到本地的实例
Repo	Charts仓库

Helm命令解析

命令	描述
create	建立应用模板
install	安装charts
list	列出本地release
pull	下载charts到本地目录
package	将chart目录打包为chart归档包
show	查看cahrts内容
uninstall	卸载release
upgrade	更新releasr
version	查看helm版本号

Chart模板

可参考 https://helm.sh/docs/chart_template_guide/

# helm create nginx
# tree .
.
├── charts
├── Chart.yaml
├── templates
│   ├── deployment.yaml
│   ├── _helpers.tpl
│   ├── hpa.yaml
│   ├── ingress.yaml
│   ├── NOTES.txt
│   ├── serviceaccount.yaml
│   ├── service.yaml
│   └── tests
│       └── test-connection.yaml
└── values.yaml

3 directories, 10 files

编写中...

使用Harbor做为Helm Cahrts仓库

# helm package nginx/
Successfully packaged chart and saved it to: /root/nginx-0.1.0.tgz

# ll
total 8
drwxr-xr-x 4 root root 4096 May 17 19:10 nginx
-rw-r--r-- 1 root root 3572 May 17 21:38 nginx-0.1.0.tgz

# tar -tvf nginx-0.1.0.tgz 
-rw-r--r-- 0/0             120 2020-05-17 21:38 nginx/Chart.yaml
-rw-r--r-- 0/0            1798 2020-05-17 21:38 nginx/values.yaml
-rw-r--r-- 0/0            1573 2020-05-17 21:38 nginx/templates/NOTES.txt
-rw-r--r-- 0/0            1800 2020-05-17 21:38 nginx/templates/_helpers.tpl
-rw-r--r-- 0/0            1818 2020-05-17 21:38 nginx/templates/deployment.yaml
-rw-r--r-- 0/0             902 2020-05-17 21:38 nginx/templates/hpa.yaml
-rw-r--r-- 0/0            1048 2020-05-17 21:38 nginx/templates/ingress.yaml
-rw-r--r-- 0/0             355 2020-05-17 21:38 nginx/templates/service.yaml
-rw-r--r-- 0/0             316 2020-05-17 21:38 nginx/templates/serviceaccount.yaml
-rw-r--r-- 0/0             381 2020-05-17 21:38 nginx/templates/tests/test-connection.yaml
-rw-r--r-- 0/0             349 2020-05-17 21:38 nginx/.helmignore

咱们的Harbor须要在安装的时候指定安装Helm模块，helm也须要安装push插件。 编写中...