1. 程式人生 > >Kubernetes-17:Kubernets包管理工具—>Helm介紹與使用

Kubernetes-17:Kubernets包管理工具—>Helm介紹與使用

Kubernets包管理工具—>Helm

什麼是Helm?

我們都知道,Linux系統各發行版都有自己的包管理工具,比如Centos的YUM,再如Ubuntu的APT。

Kubernetes也有自己的叢集包管理工具,那就是Helm。

Helm本質就是讓K8S的應用管理(Deployment,Service等)可配置,能動態生成。通過動態生成K8S資源清單檔案(deployment.yaml,service.yaml),然後呼叫kubectl自動執行K8S部署。

 
Helm有兩個重要的概念,chart 和 release
  • chart 是建立一個應用的資訊集合,包括各種Kubernetes物件的配置模板、引數定義、依賴關係和文件說明等,chart是應用部署的自包含邏輯單元。可以將 chart 想象成apt、yum中的軟體安裝包。
  • release 是chart的執行例項,代表了一個正在執行的應用,當chart被安裝到kubernetes叢集,就生成一個release,chart能夠多次安裝到同一個叢集,每次安裝都是一個release。
 
Helm包含兩個元件,Helm 客戶端和 Tiller 伺服器
  • Helm客戶端負責chart和release的建立和管理,以及和Tiller的互動。
  • Tiller服務執行在 Kubernetes 叢集中,它會處理Helm客戶端的請求,與 Kubernetes API Server 互動

 

Helm 部署

越來越多的公司開始使用Helm這個Kubernetes包管理工具,Helm的安裝也十分簡單,下載 helm 命令列工具到Master節點即可,以下示例安裝為 Helm v2.16.10 版本,包下載地址: https://github.com/helm/helm/releases

[root@Centos8 heml]# wget https://get.helm.sh/helm-v2.16.10-linux-amd64.tar.gz
[root@Centos8 heml]# tar zxvf helm-v2.16.10-linux-amd64.tar.gz -C /usr/local/
[root@Centos8 heml]# cd /usr/local/linux-amd64/
[root@Centos8 linux-amd64]# ln -s `pwd`/helm /usr/local/bin/

以上Helm命令安裝完成,官方文件: https://helm.sh/docs/intro/install/#helm

 

為了安裝tiller,還需要在這臺機器上配置好kubectl工具和kubeconfig檔案,確保kubectl工具可以在這臺機器訪問apiserver且正常使用。

因為Kubernetes ApiServer開啟了RBAC訪問控制,所以需要建立tiller使用的 service account:tiller並分配合適的角色給它。這裡簡單起見直接分配cluster-admin這個叢集內建的CluserRole給它。建立rbac-config.yaml檔案:

vim rbac-config.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
subjects:
- kind: ServiceAccount
  name: tiller
  namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
[root@Centos8 rbac]# kubectl create -f rbac-config.yaml 
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created

 

在K8S叢集中初始化helm

[root@Centos8 rbac]# helm init --service-account tiller --skip-refresh
Creating /root/.helm 
Creating /root/.helm/repository 
Creating /root/.helm/repository/cache 
Creating /root/.helm/repository/local 
Creating /root/.helm/plugins 
Creating /root/.helm/starters 
Creating /root/.helm/cache/archive 
Creating /root/.helm/repository/repositories.yaml 
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
Adding local repo with URL: http://127.0.0.1:8879/charts 
$HELM_HOME has been configured at /root/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://v2.helm.sh/docs/securing_installation/
[root@Centos8 rbac]# kubectl get pod -n kube-system
NAME                              READY   STATUS              RESTARTS   AGE
tiller-deploy-8487d94bcf-nfc74    0/1     ContainerCreating   0          98s

[root@Centos8 ~]# kubectl describe pod tiller-deploy-8487d94bcf-nfc74 -n kube-system
    Back-off pulling image "gcr.io/kubernetes-helm/tiller:v2.16.10"

會發現tiller的Pod Running不起來,是因為匯入映象失敗,因為網路的原因訪問gcr.io訪問不到,於是到docker hub中查詢此image,發現確實有相同的image,pull過來改個名即可。

[root@Centos8 ~]# docker pull jessestuart/tiller:v2.16.10
Status: Downloaded newer image for jessestuart/tiller:v2.16.10
docker.io/jessestuart/tiller:v2.16.10

docker tag jessestuart/tiller:v2.16.10 gcr.io/kubernetes-helm/tiller:v2.16.10

 

然後傳輸到每一個node節點上:

[root@Centos8 ~]# docker save gcr.io/kubernetes-helm/tiller -o /usr/local/install-k8s/heml/tiller.tgz
[root@Centos8 ~]# scp /usr/local/install-k8s/heml/tiller.tgz 192.168.152.253:/usr/local/install-k8s/

 

node節點接收到後,再匯入成image即可:

[root@TestCentos7 install-k8s]# docker load < tiller.tgz 
Loaded image: gcr.io/kubernetes-helm/tiller:v2.16.10

 

再次檢視tiller Pod的狀態,已經變為Running:

[root@Centos8 ~]# kubectl get pod -n kube-system 
tiller-deploy-8487d94bcf-nfc74    1/1     Running   0     1h

 

Helm的使用

Helm的使用與yum、apt等工具如出一轍,可以事先去helm hub中尋找想要安裝的工具或應用:https://hub.helm.sh/,其頁面會有具體的安裝方法及步驟。

以安裝redis為例:https://hub.helm.sh/charts/choerodon/redis

1、先新增redis的repo源

helm repo add choerodon https://openchart.choerodon.com.cn/choerodon/c7n
"choerodon" has been added to your repositories

 

2、更新一下helm repo

[root@Centos8 ~]# helm repo update 
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "choerodon" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.

 

3、開始安裝

[root@Centos8 ~]# helm install choerodon/redis --version 0.2.5
NAME:   exhaling-yak
LAST DEPLOYED: Sun Sep  6 22:57:51 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME             DATA  AGE
exhaling-yak-cm  1     0s

==> v1/Deployment
NAME          READY  UP-TO-DATE  AVAILABLE  AGE
exhaling-yak  0/1    0           0          0s

==> v1/Pod(related)

 

4、可以看到,在default名稱空間生成了ConfigMap、Deployment和Pod

[root@Centos8 ~]# kubectl get pod 
NAME                           READY   STATUS             RESTARTS   AGE
exhaling-yak-cdc8cf8f9-xqtk9   0/1     ImagePullBackOff   0          40s

[root@Centos8 ~]# kubectl get deployment 
NAME           READY   UP-TO-DATE   AVAILABLE   AGE
exhaling-yak   0/1     1            0           85s

[root@Centos8 ~]# kubectl get cm 
NAME              DATA   AGE
exhaling-yak-cm   1      109s

Pod ImagePullBackOff 的原因是redis映象沒匯入成功,再自行pull即可

 

3、Helm常用命令,大家可以通過 helm --help 進行了解

 

Helm自定義模板

以上拉取的都是別人自定義好的模板,自己也可以做一些模板上傳或者收藏起來。在此測試建立hello-world模板

1.建立好模板所有檔案所放置的目錄
mkdir charts
cd charts/
mkdir templates     # 必須建立一個名字為 templates 的目錄
 
2.編輯Chart.yaml

vim Chart.yaml  # 必須建立一個名為 Chart.yaml 的檔案,並指定 name 和 version 兩個key的值

name: hello-world
version: 1.0.0

 

3.在 templates 目錄下建立 deployment 及 service

vim templates/deployments.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: hello-world
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
      - name: hello-world
        image: nginx:1.2.1
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80

 

vim services.yaml

apiVersion: v1
kind: Service
metadata:
  name: hello-world
spec:
  type: NodePort
  ports:
  - port: 80
    containerPort: 80
    nodePort: 30001
  selector:
    app: hello-world

 

此時整體目錄結構為:

[root@Centos8 charts]# tree 
.
├── Chart.yaml
└── templates
    ├── deployments.yaml
    └── services.yaml

 

4.安裝此自定義chart
[root@Centos8 charts]# helm install .
NAME:   wishing-badger
LAST DEPLOYED: Mon Sep  7 20:55:42 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                          READY  STATUS             RESTARTS  AGE
hello-world-767c98894d-7lrzt  0/1    ContainerCreating  0         1s

==> v1/Service
NAME         TYPE      CLUSTER-IP      EXTERNAL-IP  PORT(S)       AGE
hello-world  NodePort  10.100.108.217  <none>       80:30001/TCP  0s

==> v1beta1/Deployment
NAME         READY  UP-TO-DATE  AVAILABLE  AGE
hello-world  0/1    1           0          0s

 

檢視Pod、Deployment、Service

[root@Centos8 charts]# kubectl get pod 
NAME                           READY   STATUS    RESTARTS   AGE
hello-world-767c98894d-7lrzt   1/1     Running   0          67s

[root@Centos8 charts]# kubectl get deployment 
NAME          READY   UP-TO-DATE   AVAILABLE   AGE
hello-world   1/1     1            1           78s

[root@Centos8 charts]# kubectl get svc 
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
hello-world   NodePort    10.100.108.217   <none>        80:30001/TCP   81s

 

Helm常用命令及用法

1.更新映象

第一種:手動更新

進入 deployments.yaml 修改 image 行,然後helm upgrade

vim templates/deployments.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: hello-world
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
      - name: hello-world
        image: hub.vfancloud.com/test/myapp
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
[root@Centos8 charts]# helm upgrade wishing-badger .
Release "wishing-badger" has been upgraded.
LAST DEPLOYED: Mon Sep  7 21:07:04 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                          READY  STATUS             RESTARTS  AGE
hello-world-7466c45989-cxnps  0/1    Terminating        0         69s
hello-world-864f865db8-zjt79  0/1    ContainerCreating  0         0s

==> v1/Service
NAME         TYPE      CLUSTER-IP      EXTERNAL-IP  PORT(S)       AGE
hello-world  NodePort  10.100.108.217  <none>       80:30001/TCP  11m

==> v1beta1/Deployment
NAME         READY  UP-TO-DATE  AVAILABLE  AGE
hello-world  0/1    1           0          11m

 

檢視index.html,版本為v1

[root@Centos8 charts]# curl http://10.100.108.217 
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

 

第二種:變數更新

建立一個變數檔案 values.yaml,儲存 image 及 tag

vim values.yaml

image:
  repository: hub.vfancloud.com/test/myapp
  tag: 'v2'

 

vim templates/deployments.yaml # 將 image 欄位更改為以上檔案的變數

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: hello-world
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
      - name: hello-world
        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80

 

開始更新

[root@Centos8 charts]# helm upgrade wishing-badger .
Release "wishing-badger" has been upgraded.
LAST DEPLOYED: Mon Sep  7 21:17:31 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                          READY  STATUS             RESTARTS  AGE
hello-world-5759c969fc-w9s88  0/1    ContainerCreating  0         0s
hello-world-864f865db8-zjt79  1/1    Terminating        0         10m

==> v1/Service
NAME         TYPE      CLUSTER-IP      EXTERNAL-IP  PORT(S)       AGE
hello-world  NodePort  10.100.108.217  <none>       80:30001/TCP  21m

==> v1beta1/Deployment
NAME         READY  UP-TO-DATE  AVAILABLE  AGE
hello-world  1/1    1           1          21m

 

檢視index.html,版本為v2

[root@Centos8 charts]# curl http://10.100.108.217 
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

 

或者通過命令列直接修改 image 的 tag 標籤,來更新映象版本

[root@Centos8 charts]# helm upgrade wishing-badger --set image.tag='v3' .
Release "wishing-badger" has been upgraded.
LAST DEPLOYED: Mon Sep  7 21:27:04 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                          READY  STATUS             RESTARTS  AGE
hello-world-5759c969fc-w9s88  1/1    Terminating        0         9m33s
hello-world-6454b8dcc8-pjgk9  0/1    ContainerCreating  0         0s

==> v1/Service
NAME         TYPE      CLUSTER-IP      EXTERNAL-IP  PORT(S)       AGE
hello-world  NodePort  10.100.108.217  <none>       80:30001/TCP  31m

==> v1beta1/Deployment
NAME         READY  UP-TO-DATE  AVAILABLE  AGE
hello-world  0/1    1           0          31m

 

檢視index.html,已經更新為v3

[root@Centos8 charts]# curl http://10.100.108.217 
Hello MyApp | Version: v3 | <a href="hostname.html">Pod Name</a>

 

2.檢視release歷史版本
[root@Centos8 charts]# helm history wishing-badger 
REVISION    UPDATED                     STATUS        CHART                APP VERSION    DESCRIPTION     
1           Mon Sep  7 20:55:42 2020    SUPERSEDED    hello-world-1.0.0    Install complete
2           Mon Sep  7 21:07:04 2020    DEPLOYED      hello-world-1.0.0    Upgrade complete

 

3.刪除release
[root@Centos8 charts]# helm delete wishing-badger 
release "wishing-badger" deleted

 

以上命令提示此 release 刪除,但其實並沒有完全“刪除”,而是將它放回了“回收站”

原因是怕你將來有一天想要回滾,“回收站”檢視方法:

[root@Centos8 charts]# helm list --deleted
NAME              REVISION    UPDATED             STATUS     CHART      APP VERSION    NAMESPACE
wishing-badger    5      Mon Sep  7 21:27:04 2020  DELETED    hello-world-1.0.0     default 

如果想要徹徹底底的刪除,在執行 delete 時加上 --purge 即可

 
4.回滾release

helm rollback [name] [版本]

[root@Centos8 charts]# helm rollback wishing-badger 2
Rollback was a success.

將 wishing-badger 回滾到第二個版本

檢視index.html,已回退到第二個版本,version 為 v1

[root@Centos8 charts]# curl http://10.109.145.22
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>