无论是debian还是redhat,亦或者其他linux发行版,都有一个包管理用来解决依赖问题,而在kubernetes中,helm是用来管理kubernetes应用程序,其中charts是可以定义一个可以进行安装升级的应用程序,同时也容易创建起来,并且进行版本管理。而在越复杂的应用程序来讲,helm可以作为一个开箱即用的,单单从使用角度来看,类似于yum或者apt的,使用起来,会更加流行。
比如:我们创建一个应用程序,控制器使用deployment,同时需要一个service和关联其他的对象,并且还需配置一个ingress配置域名等作为入口,还可能需要部署一个有状态的,类似mysql的后端数据存储等等。这些如果需要一个个去安装维护将会麻烦很多,特别对于一个使用者来讲,更多时候,无需关注里面发生了什么,而更多的时候只想拿来即用的,helm就是用来打包这些程序。
一个流行kubernetes生态的组件库中,你会发现必然会提供一个helm的方式。这正是因为helm的特色,得益于这种的易用性使得helm愈发的普及。作为一个charts提供的参数,对其中的内容进行渲染,从而生成yaml文件,安装到kubernetes中。helm就是解决这些事情的
除此之外,我们还有一个kustomize也可以进行配置清单管理,kustomize解决的是另外一个问题,有机会在写这个kustomize。而helm2和helm3是有些不同的。
安装
helm是读取kubeconfig文件来访问集群的,因此,你至少能够使用kubectl访问集群才能使用helm
在使用版本上v3版本比v2更好用一些,简化了集群内的一个服务换城了kubernetes CRD, 在v2中需要大量的权限控制,这样也会带来一个安全问题,而在v3中变成了一个客户端, 因此,我们使用v3稳定版本即可
如果需要了解更多的概念,可以参考helm2的时候的一些文章
对于helm2,可以查看如下kubernetes helm概述(49)kubernetes helm简单使用(50)kubernetes 了解chart(51)kubernetes helm安装efk(52)
在helm的github下载对应系统的版本,比如:3.8.1的amd版本
wget https://get.helm.sh/helm-v3.8.1-linux-amd64.tar.gz
tar xf helm-v3.8.1-linux-amd64.tar.gz
cp helm /usr/local/sbin/查看版本信息
这里温馨的提示说我们的配置文件的权限太高
# helm version
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
version.BuildInfo{Version:"v3.8.1", GitCommit:"5cb9af4b1b271d11d7a97a71df3ac337dd94ad37", GitTreeState:"clean", GoVersion:"go1.17.5"}常用的命令
- helm search: 搜索以恶个 charts
- helm pull: 下载 chart
- helm install: 安装到 Kubernetes
- helm list: 查看 chartshelm install
helm install可以通过多个源进行安卓,大致如下
- chart仓库
- 本地chart压缩包
- 本地解开的压缩包的目录中的路径
- 在线url
总之要能够访问的到,首先通过在线安装
1.添加chart仓库源
我们需要安装一个chart源来使用,这类似于yum的源一样,我们使用azure的仓库
helm repo add stable http://mirror.azure.cn/kubernetes/charts/
helm repo list[root@linuxea.com ~]# helm repo add stable
"stable" has been added to your repositories
[root@linuxea.com ~]# helm repo list
NAME URL
stable http://mirror.azure.cn/kubernetes/charts/我们可以使用 helm search repo stable查看当前的包
于此同时,使用helm repo update更新到最新的状态
[root@linuxea.com ~]# helm repo update
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈Happy Helming!⎈
[root@linuxea.com ~]# helm search repo stable
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
NAME CHART VERSION APP VERSION DESCRIPTION
stable/acs-engine-autoscaler 2.2.2 2.1.1 DEPRECATED Scales worker nodes within agent pools
stable/aerospike 0.3.5 v4.5.0.5 DEPRECATED A Helm chart for Aerospike in Kubern...
stable/airflow 7.13.3 1.10.12 DEPRECATED - please use: https://github.com/air...
stable/ambassador 5.3.2 0.86.1 DEPRECATED A Helm chart for Datawire Ambassador
stable/anchore-engine 1.7.0 0.7.3 Anchore container analysis and policy evaluatio...
stable/apm-server 2.1.7 7.0.0 DEPRECATED The server receives data from the El...
stable/ark 4.2.2 0.10.2 DEPRECATED A Helm chart for ark
stable/artifactory 7.3.2 6.1.0 DEPRECATED Universal Repository Manager support...
stable/artifactory-ha 0.4.2 6.2.0 DEPRECATED Universal Repository Manager support...
stable/atlantis 3.12.4 v0.14.0 DEPRECATED A Helm chart for Atlantis https://ww...
......2.安装 chart
安装一个mysql,在安装之前我们可以show一下 helm show chart stable/mysql查看它的版本号等信息
更详细的信息可以通过
helm show all stable/mysql,all来查看
[root@linuxea.com ~]# helm show chart stable/mysql
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
apiVersion: v1
appVersion: 5.7.30
deprecated: true
description: DEPRECATED - Fast, reliable, scalable, and easy to use open-source relational
database system.
home: https://www.mysql.com/
icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png
keywords:
- mysql
- database
- sql
name: mysql
sources:
- https://github.com/kubernetes/charts
- https://github.com/docker-library/mysql
version: 1.6.9安装
--generate-name生成一个名称
# helm install stable/mysql --generate-name
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
WARNING: This chart is deprecated
NAME: mysql-1649580933
LAST DEPLOYED: Sun Apr 10 04:55:35 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
mysql-1649580933.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default mysql-1649580933 -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h mysql-1649580933 -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following command to route the connection:
kubectl port-forward svc/mysql-1649580933 3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}而后我们可以观察到pod的状态
[root@linuxea.com ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
...
mysql-1649580933-8466b76578-gphkp 0/1 Pending 0 106s <none> <none> <none> <none>
...和svc
[root@linuxea.com ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
...
mysql-1649580933 ClusterIP 10.68.106.229 <none> 3306/TCP 2m23s
...以及一个pvc
[root@linuxea.com ~]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
mysql-1649580933 Pending 4m33s一旦安装完成可以通过ls查看她的版本
[root@linuxea.com ~]# helm ls
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
mysql-1649580933 default 1 2022-04-10 04:55:35.427415297 -0400 EDT deployed mysql-1.6.9 5.7.30 当我们能看到这个name的时候,就可以使用uninstall删除
uninstalll 会删除这个包下的所有相关的这个包的资源。
同时,可以使用--keep-history参数保留release的记录
而使用了--keep-history的时候就可以使用helm ls -a查看被卸载掉的记录
[root@linuxea.com ~]# helm uninstall mysql-1649580933
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
release "mysql-1649580933" uninstalled参数配置
如果直接install是默认的配置,但是更多时候,我们需要调整一下配置的参数,比如类似于端口等其他的选项参数,当然,这些参数必须是可以配置的的,一旦配置后,就会覆盖掉默认的值,通过helm show values来查看这些参数
[root@linuxea.com ~]# helm show values stable/mysql比如配置密码,初始化,参数,调度,容忍,是否持久化等等。
既然,我们要修改这些参数,那就需要一个覆盖的文件来进行操作,于是,创建一个文件,比如mvalule.yaml,在文件中配置想要修改的值, 如下
指定用户和密码,并创建一个linuea的库,并且不进行数据持久化
mysqlUser: linuxea
mysqlPassword: linuxea.com
mysqlDatabase: linuxea
persistence:
enabled: false而后只需要指定这个配置文件即可
当你不使用 --generate-name的时候,只需要指定名称即可
helm install mysql -f mvalule.yaml stable/mysql
[root@linuxea.com /data/helm]# helm install -f mvalule.yaml stable/mysql --generate-name
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
WARNING: This chart is deprecated
NAME: mysql-1649582722
LAST DEPLOYED: Sun Apr 10 05:25:23 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
mysql-1649582722.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default mysql-1649582722 -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
.....此时,可以通过kubectl describe 来查看传入的变量
[root@linuxea.com ~]# kubectl describe pod mysql-1649582722-dbcdcb895-tjvsr
Name: mysql-1649582722-dbcdcb895-tjvsr
Namespace: default
....
Environment:
MYSQL_ROOT_PASSWORD: <set to the key 'mysql-root-password' in secret 'mysql-1649582722'> Optional: false
MYSQL_PASSWORD: <set to the key 'mysql-password' in secret 'mysql-1649582722'> Optional: false
MYSQL_USER: linuxea
MYSQL_DATABASE: linuxea
...pod启动完成,我们通过上面的提示进入到mysql
[root@linuxea.com /data/helm]# MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default mysql-1649582722 -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
[root@linuxea.com /data/helm]# echo $MYSQL_ROOT_PASSWORD
8FFSmw66je
[root@linuxea.com /data/helm]# kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
If you don't see a command prompt, try pressing enter.
root@ubuntu:/#
root@ubuntu:/# apt-get update && apt-get install mysql-client -y
...
Setting up mysql-client-5.7 (5.7.33-0ubuntu0.16.04.1) ...
Setting up mysql-client (5.7.33-0ubuntu0.16.04.1) ...
Processing triggers for libc-bin (2.23-0ubuntu11.3) ...
...
root@ubuntu:/# mysql -h mysql-1649582722 -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.7.30 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| linuxea |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.00 sec)
mysql> 环境变量
基本上使用两种方式来传递配置信息:
- value
那么除了使用value 或者-f指定yaml文件来覆盖values的值外,还可以指定多个值
- set
直接在命令行指定需要覆盖的配置,但是对于深度嵌套的不建议使用--set
通常--set优先于-f,-f将值持久化在configmap中
如果我们使用--value配置文件已经配置了enabled: false,同时有配置了--set persistence.enabled: true, 而此时的enabled是等于true的,--set优先于--value对于value可以通过get value查看
[root@linuxea.com /data/helm]# helm get values mysql-1649582722 WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config USER-SUPPLIED VALUES: mysqlDatabase: linuxea mysqlPassword: linuxea.com mysqlUser: linuxea persistence: enabled: false对于一个已经运行的chart而言,使用helm upgrade来更新,或者使用--reset来删除
--set
--set可以接受0个或者多个键值对,最直接的常用的修改镜像,就是--set image:11,而对于多个,使用逗号隔开即可--set name:linuxea,image:11,如果在yaml文件中就换行,如下
name: linuxea
image: 11如果参数配置中所示,假如我们要修改的是mysql的参数
[root@linuxea.com /data/helm]# cat mvalule.yaml
mysqlUser: linuxea
mysqlPassword: linuxea.com
mysqlDatabase: linuxea
persistence:
enabled: false两种方式
- set
helm install mysql -f mvalule.yaml stable/mysql --set mysqlUser:linuxea,mysqlPassword:linuxea.com,mysqlDatabase:linuxea,persistence.enabled:false对于有换行的空格,使用.来拼接, persistence.enabled:false对应如下
persistence:
enabled: false- 其他
1,如果有更多的参数,比如:--set args={run,/bin/start,--devel}
args:
- run
- /bin/start
- --devel2,除此之外,我们可以借用索引的方式,如下
metadata:
name: etcd-k8s
namespace: monitoring这样的话,就变成了metadata[0].name=etcd-k8s,metadata[0].namespace=monitoring
3,对于特殊字符可以使用反斜杠和双引号来做
name: "a,b"这样的set明天就变成了--set name=a\,b
4,其他包含反斜杠的
nodeSelector:
kubernetes.io/role: master这时候的--set就需要转义:--set nodeSelector."kubernetes\.io/role"=master
本地安装
通过fetch可以将chart放到本地
[root@linuxea.com /data/helm]# helm fetch stable/mysql
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
[root@linuxea.com /data/helm]# ls mysql-1.6.9.tgz -ll
-rw-r--r-- 1 root root 11589 Apr 10 06:14 mysql-1.6.9.tgz而后就可以直接使用helm安装
[root@linuxea.com /data/helm]# helm install mysql mysql-1.6.9.tgz 或者解压
[root@linuxea.com /data/helm]# tar xf mysql-1.6.9.tgz
[root@linuxea.com /data/helm]# ls mysql
Chart.yaml README.md templates values.yaml
[root@linuxea.com /data/helm]# tree mysql
mysql
├── Chart.yaml
├── README.md
├── templates
│ ├── configurationFiles-configmap.yaml
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── initializationFiles-configmap.yaml
│ ├── NOTES.txt
│ ├── pvc.yaml
│ ├── secrets.yaml
│ ├── serviceaccount.yaml
│ ├── servicemonitor.yaml
│ ├── svc.yaml
│ └── tests
│ ├── test-configmap.yaml
│ └── test.yaml
└── values.yaml
2 directories, 15 files安装
[root@linuxea.com /data/helm]# helm install mysql ./mysql升级与回滚
helm的upgrade命令会更新你提供的信息,并且只会更新上一个版本,这种较小的更新更快捷
每,进行一次upgrade都会生成新的配置版本,比如secret,默认似乎有15个版本,这将会是一个问题。
添加一个mysqlRootPassword: www.linuxea.com 进行upgrade
mysqlUser: linuxea
mysqlPassword: linuxea.com
mysqlDatabase: linuxea
mysqlRootPassword: www.linuxea.com
persistence:
enabled: false- upgrade
helm upgrade mysql-1649582722 stable/mysql -f mvalule.yaml如下
[root@linuxea.com /data/helm]# helm upgrade mysql-1649582722 stable/mysql -f mvalule.yaml
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
WARNING: This chart is deprecated
Release "mysql-1649582722" has been upgraded. Happy Helming!
NAME: mysql-1649582722
LAST DEPLOYED: Sun Apr 10 06:29:00 2022
NAMESPACE: default
STATUS: deployed
REVISION: 2
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
mysql-1649582722.default.svc.cluster.local
...更新完成后REVISION已经变成2了
通过helm ls查看
[root@linuxea.com /data/helm]# helm ls
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
mysql-1649582722 default 2 2022-04-10 06:29:00.717252842 -0400 EDT deployed mysql-1.6.9 5.7.30 而后可以通过helm get values mysql-1649582722 查看
[root@linuxea.com /data/helm]# helm get values mysql-1649582722
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
USER-SUPPLIED VALUES:
mysqlDatabase: linuxea
mysqlPassword: linuxea.com
mysqlRootPassword: www.linuxea.com
mysqlUser: linuxea
persistence:
enabled: false此时的mysql的新密码已经更新到secret,但是并没有在mysql生效的 ,我们就进行回滚下
[root@linuxea.com /data/helm]# kubectl get secret --namespace default mysql-1649582722 -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
www.linuxea.com- rollback
ls查看helm的名称
[root@linuxea.com /data/helm]# helm ls
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
mysql-1649582722 default 2 2022-04-10 06:29:00.717252842 -0400 EDT deployed mysql-1.6.9 5.7.30 查看mysql-1649582722历史版本
[root@linuxea.com /data/helm]# helm history mysql-1649582722
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Sun Apr 10 05:25:23 2022 superseded mysql-1.6.9 5.7.30 Install complete
2 Sun Apr 10 06:29:00 2022 deployed mysql-1.6.9 5.7.30 Upgrade complete进行rollback
[root@linuxea.com /data/helm]# helm rollback mysql-1649582722 1
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
Rollback was a success! Happy Helming!在来查看values
[root@linuxea.com /data/helm]# helm get values mysql-1649582722
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
USER-SUPPLIED VALUES:
mysqlDatabase: linuxea
mysqlPassword: linuxea.com
mysqlUser: linuxea
persistence:
enabled: false在查看密码
[root@linuxea.com /data/helm]# kubectl get secret --namespace default mysql-1649582722 -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
8FFSmw66je而现在的history就是三个版本了
[root@linuxea.com /data/helm]# helm history mysql-1649582722
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Sun Apr 10 05:25:23 2022 superseded mysql-1.6.9 5.7.30 Install complete
2 Sun Apr 10 06:29:00 2022 superseded mysql-1.6.9 5.7.30 Upgrade complete
3 Sun Apr 10 06:39:44 2022 deployed mysql-1.6.9 5.7.30 Rollback to 1 这是因为版本是一直在新增,而3的版本就是回滚到1了,Rollback to 1
其他参数
在整个helm中有一些非常有意思且重要的参数,比如常见的install和upgrade,当我们不确定一个程序是否被安装的时候,我们就需要安装,否则就是更新,于是可以使用upgrade --install,一般而言,我们可能还需要一个名称空间,那么就有了另外一个参数--create-namesapce,如果不存在就创建
helm upgrade --install --create-namespace --namespace linuxea hmysql ./mysql如果名称空间不存在就创建,如果mysql没有install就install,否则就upgrade
同时,当helm执行完成后, list列表中的状态已经为deployed,但是并不能说明pod已经装备好了,这两者之间并没有直接关系的,此时需要一些配置参数辅助
- --wait
等待所有pod就绪,包含共享存储的pvc,就绪状态准备情况,以及svc,如果超过五分钟,这个版本就会标记失败
- -- timeout
等待kubernetes命令完成,默认五分钟
- --no-hooks
跳过命令的运行的hooks
- --recreate-pods
仅适用于upgrade和rollback,在helm3中这个标志将导致重新创建所有的pod
参考
kubernetes helm概述(49)kubernetes helm简单使用(50)kubernetes 了解chart(51)kubernetes helm安装efk(52)
