Skip to the content.

helm入门学习及应用文档

helm是kubernetes配置的包管理器,相当于centos的rpm,Debian的apk。可以使用网上已配置的模板或自己制作的模板构建服务,并做服务的版本管理,发布、回滚等。先决条件为kubernetes集群已建立,版本大于1.6。chart、helm和tiller关系可以理解如下:

                 helm(舵轮)客户端
chart(航海图)   ---------------→    tiller(舵杆)服务端
配置、模板的包                     接受helm请求,kubernetes集群上运行

配置helm

helm主机

wget https://storage.googleapis.com/kubernetes-helm/helm-v2.10.0-linux-amd64.tar.gz
tar -xf helm-v2.10.0-linux-amd64.tar.gz 
mv linux-amd64/helm /usr/bin/
# helm version
Client: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
 
# helm
The Kubernetes package manager
 
To begin working with Helm, run the 'helm init' command:
 
	$ helm init
 
This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.
 
Common actions from this point include:
 
- helm search:    search for charts
- helm fetch:     download a chart to your local directory to view
- helm install:   upload the chart to Kubernetes
- helm list:      list releases of charts
 
Environment:
  $HELM_HOME          set an alternative location for Helm files. By default, these are stored in ~/.helm
  $HELM_HOST          set an alternative Tiller host. The format is host:port
  $HELM_NO_PLUGINS    disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
  $TILLER_NAMESPACE   set an alternative Tiller namespace (default "kube-system")
  $KUBECONFIG         set an alternative Kubernetes configuration file (default "~/.kube/config")
 
Usage:
  helm [command]
 
Available Commands:
  completion  Generate autocompletions script for the specified shell (bash or zsh)
  create      create a new chart with the given name
  delete      given a release name, delete the release from Kubernetes
  dependency  manage a chart's dependencies
  fetch       download a chart from a repository and (optionally) unpack it in local directory
  get         download a named release
  history     fetch release history
  home        displays the location of HELM_HOME
  init        initialize Helm on both client and server
  inspect     inspect a chart
  install     install a chart archive
  lint        examines a chart for possible issues
  list        list releases
  package     package a chart directory into a chart archive
  plugin      add, list, or remove Helm plugins
  repo        add, list, remove, update, and index chart repositories
  reset       uninstalls Tiller from a cluster
  rollback    roll back a release to a previous revision
  search      search for a keyword in charts
  serve       start a local http web server
  status      displays the status of the named release
  template    locally render templates
  test        test a release
  upgrade     upgrade a release
  verify      verify that a chart at the given path has been signed and is valid
  version     print the client/server version information
 
Flags:
      --debug                           enable verbose output
  -h, --help                            help for helm
      --home string                     location of your Helm config. Overrides $HELM_HOME (default "/root/.helm")
      --host string                     address of Tiller. Overrides $HELM_HOST
      --kube-context string             name of the kubeconfig context to use
      --kubeconfig string               absolute path to the kubeconfig file to use
      --tiller-connection-timeout int   the duration (in seconds) Helm will wait to establish a connection to tiller (default 300)
      --tiller-namespace string         namespace of Tiller (default "kube-system")
 
# mkdir .kube

把kubernetes集群 master的.kube/config配置文件复制到helm主机的/root/.kube/目录,因为helm需要通过此配置和kubernetes通信

chown 600 .kube/config

初始化helm

# helm init --service-account tiller
Creating /root/.helm 
Creating /root/.helm/repository 
Creating /root/.helm/repository/cache 
Creating /root/.helm/repository/local 
Creating /root/.helm/plugins 
Creating /root/.helm/starters 
Creating /root/.helm/cache/archive 
Creating /root/.helm/repository/repositories.yaml 
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
Adding local repo with URL: http://127.0.0.1:8879/charts 
$HELM_HOME has been configured at /root/.helm.
 
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
 
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!

tiller配置

k8s master主机

# kubectl config current-context
kubernetes-admin@kubernetes
# cat helm-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system
 
# kubectl create -f helm-rbac.yaml
# kubectl create namespace tiller
namespace "tiller" created
# kubectl create serviceaccount tiller --namespace tiller
serviceaccount "tiller" created
# cat tiller-role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: tiller-manager
  namespace: tiller
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
  resources: ["*"]
  verbs: ["*"]
 
# kubectl create -f tiller-role.yaml
role "tiller-manager" created
# cat rolebinding-tiller.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: tiller-binding
  namespace: tiller
subjects:
- kind: ServiceAccount
  name: tiller
  namespace: tiller
roleRef:
  kind: Role
  name: tiller-manager
  apiGroup: rbac.authorization.k8s.io
 
# kubectl create -f rolebinding-tiller.yaml
rolebinding "tiller-binding" created
# kubectl get po -n tiller -o wide
NAME                             READY     STATUS             RESTARTS   AGE       IP             NODE
tiller-deploy-5d55598846-9rkpz   0/1       ImagePullBackOff   0          1m        10.244.6.161   k8snode03

node3节点导入helm的镜像,需要翻过去,gcr.io/kubernetes-helm/tiller:v2.10.0

tiller度娘网盘链接: https://pan.baidu.com/s/1Uyt099mUGD7QdNvjO-QBag 密码: uv98

# kubectl get po -n tiller -o wide
NAME                             READY     STATUS    RESTARTS   AGE       IP             NODE
tiller-deploy-5d55598846-9rkpz   0/1       Running   0          6m        10.244.6.161   k8snode03

使用helm创建服务

helm主机

# helm init --service-account tiller --tiller-namespace tiller
$HELM_HOME has been configured at /root/.helm.
 
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
 
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
 
# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
# helm install stable/nginx-ingress
NAME:   cloying-abalone
LAST DEPLOYED: Fri Sep  7 10:36:40 2018
NAMESPACE: default
STATUS: DEPLOYED
 
RESOURCES:
==> v1beta1/Role
NAME                           AGE
cloying-abalone-nginx-ingress  0s
 
==> v1/Pod(related)
NAME                                                            READY  STATUS             RESTARTS  AGE
cloying-abalone-nginx-ingress-controller-5cf799f7f4-lbngf       0/1    ContainerCreating  0         0s
cloying-abalone-nginx-ingress-default-backend-799c75f954-ss7wr  0/1    ContainerCreating  0         0s
 
==> v1/ConfigMap
NAME                                      DATA  AGE
cloying-abalone-nginx-ingress-controller  1     0s
 
==> v1/ServiceAccount
NAME                           SECRETS  AGE
cloying-abalone-nginx-ingress  1        0s
 
==> v1beta1/ClusterRole
NAME                           AGE
cloying-abalone-nginx-ingress  0s
 
==> v1beta1/ClusterRoleBinding
NAME                           AGE
cloying-abalone-nginx-ingress  0s
 
==> v1beta1/RoleBinding
NAME                           AGE
cloying-abalone-nginx-ingress  0s
 
==> v1/Service
NAME                                           TYPE          CLUSTER-IP      EXTERNAL-IP  PORT(S)                     AGE
cloying-abalone-nginx-ingress-controller       LoadBalancer  10.110.25.124   <pending>    80:30876/TCP,443:30543/TCP  0s
cloying-abalone-nginx-ingress-default-backend  ClusterIP     10.108.215.121  <none>       80/TCP                      0s
 
==> v1beta1/Deployment
NAME                                           DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
cloying-abalone-nginx-ingress-controller       1        1        1           0          0s
cloying-abalone-nginx-ingress-default-backend  1        1        1           0          0s
 
 
NOTES:
The nginx-ingress controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace default get services -o wide -w cloying-abalone-nginx-ingress-controller'
 
An example Ingress that makes use of the controller:
 
  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls
 
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
 
  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

因为拉取不到镜像会失败,需要翻过去的镜像: k8s.gcr.io/defaultbackend:1.4

defaultbackend度娘网盘链接: https://pan.baidu.com/s/1OKGAJdU-kktGPkHYE8LF_g 密码: tt7c nginx镜像,不用翻过去 quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0

kubernetes master节点查看状态

# kubectl get po -o wide
NAME                                                             READY     STATUS    RESTARTS   AGE       IP             NODE
cloying-abalone-nginx-ingress-controller-5cf799f7f4-lbngf        1/1       Running   0          8m        10.244.5.146   k8snode02
cloying-abalone-nginx-ingress-default-backend-799c75f954-ss7wr   1/1       Running   0          8m        10.244.5.149   k8snode02

helm主机查看,删除

# helm list
NAME           	REVISION	UPDATED                 	STATUS  	CHART               	APP VERSION	NAMESPACE
cloying-abalone	1       	Fri Sep  7 10:36:40 2018	DEPLOYED	nginx-ingress-0.28.2	0.19.0     	default  
# helm delete cloying-abalone
release "cloying-abalone" deleted

此nginx服务的仓库链接 https://hub.kubeapps.com/charts/stable/nginx-ingress github链接 https://github.com/kubernetes/ingress-nginx 主机上helm拉取的nginx服务配置

vim .helm/cache/archive/nginx-ingress-0.28.2.tgz

helm文档

创建项目

使用helm创建一个项目,名字为bbotte

# helm create bbotte
Creating bbotte
# tree bbotte/
bbotte/
├── charts
├── Chart.yaml
├── templates
│   ├── deployment.yaml
│   ├── _helpers.tpl
│   ├── ingress.yaml
│   ├── NOTES.txt
│   └── service.yaml
└── values.yaml

修改配置,镜像改为自己的

# vim bbotte/values.yaml
 
replicaCount: 1
 
image:
  repository: harbor.bbotte.com/devops/nginx
  tag: 0.6
  pullPolicy: IfNotPresent
 
nameOverride: ""
fullnameOverride: ""
 
service:
  type: ClusterIP
  port: 80
 
ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: traefik
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  path: /
  hosts:
    - chart-example.local
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

helm打包

# helm package bbotte/
Successfully packaged chart and saved it to: /root/bbotte-0.1.0.tgz
# helm search bbotte
NAME        	CHART VERSION	APP VERSION	DESCRIPTION                
local/bbotte	0.1.0        	1.0        	A Helm chart for Kubernetes

发布应用

# helm install --name bbotte local/bbotte
Error: failed to download "local/bbotte" (hint: running `helm repo update` may help)
[root@matuoyi ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈

本地启动helm服务,监听在8879端口,这样才可以创建

# nohup helm serve &
# helm install --name bbotte local/bbotte
NAME:   bbotte
LAST DEPLOYED: Fri Sep  7 16:36:29 2018
NAMESPACE: default
STATUS: DEPLOYED
 
RESOURCES:
==> v1/Service
NAME    TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)  AGE
bbotte  ClusterIP  10.96.14.194  <none>       80/TCP   0s
 
==> v1beta2/Deployment
NAME    DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
bbotte  1        0        0           0          0s
 
==> v1beta1/Ingress
NAME    HOSTS                ADDRESS  PORTS  AGE
bbotte  chart-example.local  80       0s
 
==> v1/Pod(related)
NAME                     READY  STATUS   RESTARTS  AGE
bbotte-7cc5864599-w6gr6  0/1    Pending  0         0s
 
 
NOTES:
1. Get the application URL by running these commands:
  http://chart-example.local/
 
# helm status bbotte
LAST DEPLOYED: Fri Sep  7 16:36:29 2018
NAMESPACE: default
STATUS: DEPLOYED
 
RESOURCES:
==> v1/Service
NAME    TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)  AGE
bbotte  ClusterIP  10.96.14.194  <none>       80/TCP   1m
 
==> v1beta2/Deployment
NAME    DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
bbotte  1        1        1           1          1m
 
==> v1beta1/Ingress
NAME    HOSTS                ADDRESS  PORTS  AGE
bbotte  chart-example.local  80       1m
 
==> v1/Pod(related)
NAME                     READY  STATUS   RESTARTS  AGE
bbotte-7cc5864599-w6gr6  1/1    Running  0         1m

彻底删除这个部署

# helm del --purge bbotte
release "bbotte" deleted

look一下自己的仓库

curl 127.0.0.1:8879

另:自己制作helm项目太麻烦,https://hub.kubeapps.com/ 这个网站里面这么多已制作好的helm项目,怎么直接使用呢,添加kubeapps的仓库即可,比如安装nginx-ingress,链接为:https://hub.kubeapps.com/charts/stable/nginx-ingress

helm repo add bitnami https://charts.bitnami.com/bitnami
 
helm install stable/nginx-ingress

2018年09月07日 于 linux工匠 发表