Helm 基本概念
Helm 能够理解为 Kubernetes 的包管理工具,能够方便地发现、共享和使用为Kubernetes构建的应用,它包含几个基本概念node
- Chart:一个 Helm 包,其中包含了运行一个应用所须要的镜像、依赖和资源定义等,还可能包含 Kubernetes 集群中的服务定义,相似 Homebrew 中的 formula,APT 的 dpkg 或者 Yum 的 rpm 文件,
- Release: 在 Kubernetes 集群上运行的 Chart 的一个实例。在同一个集群上,一个 Chart 能够安装不少次。每次安装都会建立一个新的 release。例如一个 MySQL Chart,若是想在服务器上运行两个数据库,就能够把这个 Chart 安装两次。每次安装都会生成本身的 Release,会有本身的 Release 名称。
- Repository:用于发布和存储 Chart 的仓库。
Helm 组件
Helm 采用客户端/服务器架构,有以下组件组成:linux
- Helm CLI 是 Helm 客户端,能够在本地执行
- Tiller 是服务器端组件,在 Kubernetes 群集上运行,并管理 Kubernetes 应用程序的生命周期
- Repository 是 Chart 仓库,Helm客户端经过HTTP协议来访问仓库中Chart的索引文件和压缩包。
安装步骤nginx
一、 下载helm安装包数据库
wget https://storage.googleapis.com/kubernetes-helm/helm-v2.10.0-rc.3-linux-amd64.tar.gz
二、建立tiller的serviceaccount和clusterrolebindingjson
kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
3. 安装helm服务端tillerapi
[root@master1 gateway]# helm init -i 192.168.200.10/source/kubernetes-helm/tiller:v2.10.0-rc.3 --service-account tiller --skip-refresh Creating /root/.helm Creating /root/.helm/repository Creating /root/.helm/repository/cache Creating /root/.helm/repository/local Creating /root/.helm/plugins Creating /root/.helm/starters Creating /root/.helm/cache/archive Creating /root/.helm/repository/repositories.yaml Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com Adding local repo with URL: http://127.0.0.1:8879/charts $HELM_HOME has been configured at /root/.helm. Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster. Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy. To prevent this, run `helm init` with the --tiller-tls-verify flag. For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation Happy Helming!
四、 查看是否安装服务器
[root@master1 gateway]# kubectl -n kube-system get pods|grep tiller tiller-deploy-849c444cff-h9zw2 1/1 Running 0 46s
5. 替换helm 的repo源架构
[root@kubernetes-1 ~]# helm repo list NAME URL stable https://kubernetes-charts.storage.googleapis.com local http://127.0.0.1:8879/charts [root@kubernetes-1 ~]# helm repo remove stable "stable" has been removed from your repositories [root@kubernetes-1 ~]# helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts "stable" has been added to your repositories [root@kubernetes-1 ~]# helm repo update Hang tight while we grab the latest from your chart repositories... ...Skip local chart repository ...Successfully got an update from the "stable" chart repository Update Complete. ⎈ Happy Helming!⎈ [root@kubernetes-1 ~]# helm repo list NAME URL local http://127.0.0.1:8879/charts stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
六、建立chart并发
helm create gateway
7. 测试修改是否正确app
[root@master1 helm]# ls gateway helm-v2.10.0-rc.3-linux-amd64.tar.gz linux-amd64 [root@master1 helm]# helm install --dry-run --debug ./gateway [debug] Created tunnel using local port: '46252' [debug] SERVER: "127.0.0.1:46252" [debug] Original chart version: "" [debug] CHART PATH: /root/helm/gateway NAME: imprecise-sabertooth REVISION: 1 RELEASED: Tue Aug 14 14:42:14 2018 CHART: gateway-0.1.0 USER-SUPPLIED VALUES: {} COMPUTED VALUES: affinity: {} image: pullPolicy: IfNotPresent repository: 192.168.200.10/source/nginx tag: latest ingress: {} nodeSelector: {} replicaCount: 1 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi service: port: 80 type: ClusterIP tolerations: [] HOOKS: MANIFEST: --- # Source: gateway/templates/service.yaml apiVersion: v1 kind: Service metadata: name: imprecise-sabertooth-gateway labels: app: gateway chart: gateway-0.1.0 release: imprecise-sabertooth heritage: Tiller spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http selector: app: gateway release: imprecise-sabertooth --- # Source: gateway/templates/deployment.yaml apiVersion: apps/v1beta2 kind: Deployment metadata: name: imprecise-sabertooth-gateway labels: app: gateway chart: gateway-0.1.0 release: imprecise-sabertooth heritage: Tiller spec: replicas: 1 selector: matchLabels: app: gateway release: imprecise-sabertooth template: metadata: labels: app: gateway release: imprecise-sabertooth spec: containers: - name: gateway image: "192.168.200.10/source/nginx:latest" imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 protocol: TCP livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi
部署到kubernetes
[root@master1 gateway]# helm install . NAME: riotous-crab LAST DEPLOYED: Tue Aug 14 14:43:21 2018 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE riotous-crab-gateway ClusterIP 10.254.26.20 <none> 80/TCP 0s ==> v1beta2/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE riotous-crab-gateway 1 1 1 0 0s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE riotous-crab-gateway-fd7465cc8-frcmd 0/1 ContainerCreating 0 0s NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app=gateway,release=riotous-crab" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80
查看部署的relaese
helm list
删除relaese
helm delete gateway
将应用打包
[root@master1 gateway]# helm package . Successfully packaged chart and saved it to: /root/helm/gateway/gateway-0.1.0.tgz
gateway目录会被打包为一个 gateway-0.1.0.tgz 格式的压缩包,该压缩包会被放到当前目录下,并同时被保存到了 Helm 的本地缺省仓库目录中。
若是你想看到更详细的输出,能够加上 --debug 参数来查看打包的输出,输出内容应该相似以下:
helm package gateway --debug Successfully packaged chart and saved it to: /root/gateway/gateway-0.1.0.tgz [debug] Successfully saved /root/gateway/mychart-0.1.0.tgz to /root/.helm/repository/local
将应用发布到 Repository
虽然咱们已经打包了 Chart 并发布到了 Helm 的本地目录中,但经过 helm search 命令查找,并不能找不到刚才生成的 mychart包
helm search gateway No results found
这是由于 Repository 目录中的 Chart 包尚未被 Helm 管理。经过 helm repo list命令能够看到目前 Helm 中已配置的 Repository 的信息。
helm repo list NAME URL stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
咱们能够在本地启动一个 Repository Server,并将其加入到 Helm Repo 列表中。Helm Repository 必须以 Web 服务的方式提供,这里咱们就使用 helm serve 命令启动一个 Repository Server,该 Server 缺省使用 $HOME/.helm/repository/local目录做为 Chart 存储,并在 8879 端口上提供服务。
chart经过HTTP server方式提供
helm serve #默认是 127.0.0.1:8879 能够添加参数 helm serve --address 192.168.20.171:80
若是你想使用指定目录来作为 Helm Repository 的存储目录,能够加上 --repo-path参数:
$ helm serve --address 192.168.20.171:8879 --repo-path /data/helm/repository/ --url http://192.168.20.171:8879/charts/
经过 helm repo index 命令将 Chart 的 Metadata 记录更新在 index.yaml 文件中:
# 更新 Helm Repository 的索引文件 cd /home/k8s/.helm/repository/local helm repo index --url=http://192.168.20.171:8879 .
完成启动本地 Helm Repository Server 后,就能够将本地 Repository 加入 Helm 的 Repo 列表。
helm repo add local http://127.0.0.1:8879 "local" has been added to your repositories
如今再次查找 mychart 包,就能够搜索到了。
helm repo update helm search gateway NAME CHART VERSION APP VERSION DESCRIPTION local/gateway 0.1.0 1.0 A Helm chart for Kubernetes
注:helm install 默认会用到 socat,须要在全部节点上安装 socat 软件包。
部署一个应用 经过 helm install 命令部署该 Chart
当使用 helm install 命令部署应用时,实际上就是将 templates 目录下的模板文件渲染成 Kubernetes 可以识别的 YAML 格式。
在部署前咱们可使用 helm install --dry-run --debug <chart_dir> --name <release_name>命令来验证 Chart 的配置。该输出中包含了模板的变量配置与最终渲染的 YAML 文件。
[root@master1 helm]# helm install istio --name istio --namespace istio-system Error: a release named istio already exists. Run: helm ls --all istio; to check the status of the release Or run: helm del --purge istio; to delete it [root@master1 helm]# helm ls --all istio NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE istio 1 Tue Aug 14 10:48:26 2018 DELETED istio-1.0.0 1.0.0 istio-system [root@master1 helm]# helm ls --all NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE garish-lion 1 Mon Aug 13 14:22:15 2018 DELETED gateway-0.1.2 1.2 default istio 1 Tue Aug 14 10:48:26 2018 DELETED istio-1.0.0 1.0.0 istio-system opining-kudu 1 Mon Aug 6 17:48:14 2018 DELETED fengjian-0.1.0 1.0 default riotous-crab 1 Tue Aug 14 14:43:21 2018 DELETED gateway-0.1.0 1.0 default undercooked-alpaca 1 Mon Aug 13 12:13:26 2018 DELETED gateway-0.1.0 1.0 default virtuous-hamster 1 Mon Aug 6 17:07:44 2018 DELETED hello-helm-0.1.0 1.0 default [root@master1 helm]# helm del --purge istio release "istio" deleted
升级和回退一个应用
从上面 helm list 输出的结果中咱们能够看到有一个 Revision(更改历史)字段,该字段用于表示某一个 Release 被更新的次数,咱们能够用该特性对已部署的 Release 进行回滚。
修改 Chart.yaml 文件
将版本号从 0.1.0 修改成 0.2.0, 而后使用 helm package 命令打包并发布到本地仓库。
cat gateay/Chart.yaml apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: mychart version: 0.2.0 $ helm package gateway Successfully packaged chart and saved it to: /root/gateway/gateway-0.2.0.tgz
查询本地仓库中的 Chart 信息
咱们能够看到在本地仓库中 gateway 有两个版本。
helm search gateway -l NAME CHART VERSION APP VERSION DESCRIPTION local/gateway 0.2.0 1.0 A Helm chart for Kubernetes local/gateway 0.1.0 1.0 A Helm chart for Kubernetes
升级一个应用
如今用 helm upgrade 命令将已部署的 mike-test 升级到新版本。你能够经过 --version 参数指定须要升级的版本号,若是没有指定版本号,则缺省使用最新版本。
helm upgrade mike-test local/mychart Release "mike-test" has been upgraded. Happy Helming! LAST DEPLOYED: Mon Jul 23 10:50:25 2018 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE mike-test-gateway-6d56f8c8c9-d685v 1/1 Running 0 9m ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE mike-test-gateway ClusterIP 10.254.120.177 <none> 80/TCP 9m ==> v1beta2/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE mike-test-gateway 1 1 1 1 9m NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app=gateway,release=mike-test" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80
完成后,能够看到已部署的 mike-test 被升级到 0.2.0 版本。
helm list NAME REVISION UPDATED STATUS CHART NAMESPACE mike-test 2 Mon Jul 23 10:50:25 2018 DEPLOYED gateway-0.2.0 default
回退一个应用
若是更新后的程序因为某些缘由运行有问题,须要回退到旧版本的应用。首先咱们可使用 helm history 命令查看一个 Release 的全部变动记录。
helm history mike-test REVISION UPDATED STATUS CHART DESCRIPTION 1 Mon Jul 23 10:41:20 2018 SUPERSEDED gateway-0.1.0 Install complete 2 Mon Jul 23 10:50:25 2018 DEPLOYED gateway-0.2.0 Upgrade complete
其次,咱们可使用下面的命令对指定的应用进行回退。
helm rollback mike-test 1 Rollback was a success! Happy Helming!
最后,咱们使用 helm list 和 helm history 命令均可以看到 mychart 的版本已经回退到 0.1.0 版本。
helm list NAME REVISION UPDATED STATUS CHART NAMESPACE mike-test 3 Mon Jul 23 10:53:42 2018 DEPLOYED gateway-0.1.0 default $ helm history mike-test REVISION UPDATED STATUS CHART DESCRIPTION 1 Mon Jul 23 10:41:20 2018 SUPERSEDED gateway-0.1.0 Install complete 2 Mon Jul 23 10:50:25 2018 SUPERSEDED gateway-0.2.0 Upgrade complete 3 Mon Jul 23 10:53:42 2018 DEPLOYED gateway-0.1.0 Rollback to 1
删除一个应用
若是须要删除一个已部署的 Release,能够利用 helm delete 命令来完成删除。
helm delete mike-test release "mike-test" deleted
确认应用是否删除,该应用已被标记为 DELETED 状态。
helm ls -a mike-test NAME REVISION UPDATED STATUS CHART NAMESPACE mike-test 3 Mon Jul 23 10:53:42 2018 DELETED gateway-0.1.0 default
也可使用 --deleted 参数来列出已经删除的 Release
helm ls --deleted NAME REVISION UPDATED STATUS CHART NAMESPACE mike-test 3 Mon Jul 23 10:53:42 2018 DELETED gateway-0.1.0 default
从上面的结果也能够看出,默认状况下已经删除的 Release 只是将状态标识为 DELETED 了 ,但该 Release 的历史信息仍是继续被保存的。
helm hist mike-test REVISION UPDATED STATUS CHART DESCRIPTION 1 Mon Jul 23 10:41:20 2018 SUPERSEDED gateway-0.1.0 Install complete 2 Mon Jul 23 10:50:25 2018 SUPERSEDED gateway-0.2.0 Upgrade complete 3 Mon Jul 23 10:53:42 2018 DELETED gateway-0.1.0 Deletion complete
若是要移除指定 Release 全部相关的 Kubernetes 资源和 Release 的历史记录,能够用以下命令:
helm delete --purge mike-test release "mike-test" deleted