Kubernetes-Helm基本介绍
董永宁
Helm 介绍
Helm可帮助您管理Kubernetes应用程序 - Helm Charts可帮助您定义,安装和升级最复杂的Kubernetes应用程序。与ubuntu下的apt, centos下的yum类似的管理工具。kubernetes在创建资源时使用yaml形式存储,随着资源复杂度增加,yaml中的内容也越来越多,helm chart通过管理包的形式将资源数据分散在不同文件中。
helm chart提供的功能包括:
- 创建与安装chart 应用
- 管理chart安装版本,跟踪安装历史
- chart轻松升级
- chart版本回退,删除恢复
Helm安装
在安装前,确认环境中已经完成安装kubernetes,kubernetes能够正常使用。
Helm安装分为客户端安装helm 工具,server端title安装。这里安装使用helm v2.7.2版本
Helm 客户端安装
手动下载helm-v2.7.2-linux-amd64.tar.gz软件包,在kubernetes环境中解压helm-v2.7.2-linux-amd64.tar.gz,并将其拷贝到可执行命令path目录
# tar -xvf helm-v2.7.2-linux-amd64.tar.gz
linux-amd64/
linux-amd64/README.md
linux-amd64/LICENSE
linux-amd64/helm
# cp linux-amd64/helm /usr/local/bin/
# helm -h (显示帮助信息,客户端安装完成)Helm server安装
server 安装会在kubernetes kube-system空间中启动一个tiller-deploy pod, 该pod依赖helm tiller镜像(镜像名称为gcr.io/kubernetes-helm/tiller:v2.7.2),在创建pod时,国内无法正常下载,因此在安装前需要手动下载镜像到docker镜像库中。
// 从官方镜像库获取并上传镜像后:
# docker images
gcr.io/kubernetes-helm/tiller v2.7.2 1c5314e713c2 5 months ago 71.6 MB
// 从本地镜像库pull:
# docker pull 192.168.8.56/gcr.io/kubernetes-helm/tiller:v2.9.1
# docker images
192.168.8.56/gcr.io/kubernetes-helm/tiller v2.9.1 6253045f26c6 6 months ago 36.1 MBserver 通过helm init方式来进行server安装,在k8s环境中启动tiller-deploy pod,但在helm init时默认会用gcr镜像,因此这里需要在helm init时添加其它选项
# kubectl create serviceaccount --namespace kube-system tiller (创建tiller serviceaccount)
# kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller (绑定角色)
# helm init --service-account tiller --upgrade --skip-refresh --tiller-image 192.168.8.56/gcr.io/kubernetes-helm/tiller (进行server安装,跳过拉取cache,同时直接指定使用的镜像,--tiller-image仅在tiller镜像从本地库获取时时用)
下面这两步仅v2.7.2的版本需要,其它版本没有验证(v2.9.1版本不需要执行)
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
(这一步非常重要,不然后面在使用 Helm 的过程中可能出现Error: no available release name found的错误信息。)
如果上一步patch没有成功,那么执行下面命令:
# kubectl edit deploy --namespace kube-system tiller-deploy (#and add the line serviceAccount: tiller to spec/template/spec)验证helm server pod安装完成
# kubectl get pods -n kube-system -o wide |grep tiller (通过kubectl工具查看pod已经正常启动)
tiller-deploy-65b7f7d54f-fwhj5 1/1 Running 0 54m 10.244.0.39 openstack-helm
# helm version (查看helm 版本)
Client: &version.Version{SemVer:"v2.7.2", GitCommit:"8478fb4fc723885b155c924d1c8c410b7a9444e6", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.7.2", GitCommit:"8478fb4fc723885b155c924d1c8c410b7a9444e6", GitTreeState:"clean"}
到此helm server与client安装全部完成,安装完成在家目录下会生成helm的目录与文件
# tree .helm
.helm
|-- cache
| `-- archive (这个目录用来存储chart归档,通过helm package chart的方式完成)
| |-- ingress-0.1.0.tgz
| |-- mysql-0.8.2.tgz
| `-- nginx-ingress-0.24.0.tgz
|-- plugins (helm 安装plugin存储)
|-- repository (记录repo仓库)
| |-- cache
| | `-- local-index.yaml -> /root/.helm/repository/local/index.yaml
| |-- local
| | |-- calico-0.1.0.tgz
| | |-- elasticsearch-0.1.0.tgz
| | |-- registry-0.1.0.tgz
| | `-- tiller-0.1.0.tgz
| `-- repositories.yaml
`-- starters
Helm基本使用
Helm 添加repo镜像库
Helm镜像库添加后,通过helm install 方式可以安装镜像库下的镜像,同时chart使用镜像也能够从镜像库提供的下载中下载
# helm repo list (查看镜像库)
NAME URL
local http://localhost:8879/charts
# helm repo add stable https://burdenbear.github.io/kube-charts-mirror/ (添加名称未stable镜像库,镜像库地址为https://burdenbear.github.io/kube-charts-mirror/)
"stable" has been added to your repositories
# helm repo list
NAME URL
local http://localhost:8879/charts
stable https://burdenbear.github.io/kube-charts-mirror/ (stable镜像库已添加)
# helm search (通过search能够看到stable下的镜像库)
NAME VERSION DESCRIPTION
local/calico 0.1.0 OpenStack-Helm BootStrap Calico
local/elasticsearch 0.1.0 OpenStack-Helm ElasticSearch
local/flannel 0.1.0 OpenStack-Helm BootStrap Flannel
local/fluent-logging 0.1.0 OpenStack-Helm Fluentd
local/grafana 0.1.0 OpenStack-Helm Grafana
stable/acs-engine-autoscaler 2.2.0 Scales worker nodes within agent ools
stable/aerospike 0.1.7 A Helm chart for Aerospike in Kubernetes
stable/anchore-engine 0.2.0 Anchore container analysis and policy evaluatio...
stable/apm-server 0.1.0 The server receives data from the Elastic APM a...
stable/ark 1.2.0 A Helm chart for ark
stable/artifactory 7.2.2 Universal Repository Manager supporting all maj...
stable/artifactory-ha 0.2.2 Universal Repository Manager supporting all maj...
stable/auditbeat 0.1.0 A lightweight shipper to audit the activities o...
stable/aws-cluster-autoscaler 0.3.3 Scales worker nodes within autoscaling groups.
stable/bitcoind 0.1.3 Bitcoin is an innovative payment networkHelm 创建chart
使用helm create 方式创建一个chart
举例创建chart:
# helm create nginx (创建nginx chart)
# tree nginx/ (查看创建nginx chart的目录结构)
nginx/
|-- charts (该目录默认为空)
|-- Chart.yaml (定义名称,版本信息)
|-- templates (k8s中资源模板定义)
| |-- deployment.yaml
| |-- _helpers.tpl
| |-- ingress.yaml
| |-- NOTES.txt
| `-- service.yaml
`-- values.yaml (定义变量信息,各个创建资源变量定义)创建好的nginx chart默认是一个模板形式,根据需要进行修改。这里我们根据需要进行修改,这里举例修改values.yaml中的service下的type,默认为ClusterIP,创建的chart镜像为nginx,为方便访问,我们将type修改为NodePort
# vim values.yaml
# Default values for nginx.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
tag: stable
pullPolicy: IfNotPresent
service:
name: nginx
type: NodePort
externalPort: 80
internalPort: 80
ingress:
enabled: false
# Used to create an Ingress record.
hosts:
- chart-example.local
annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
tls:
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128MiHelm chart安装
在安装之前可以对创建的chart进行验证,如果语法存在问题,验证不能通过
# helm install --dry-run --debug dir (chart 目录)
举例验证neutron
# helm install --dry-run --debug neutron在创建chart nginx目录内执行 helm install . 或者使用nginx路径形式安装 helm install root/nginx
# helm install /root/nginx/
NAME: lolling-molly
LAST DEPLOYED: Fri Aug 10 03:30:54 2018
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
lolling-molly-nginx NodePort 10.99.197.200 <none> 80:30496/TCP 0s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
lolling-molly-nginx 1 1 1 0 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
lolling-molly-nginx-86844cc88c-jv4vr 0/1 ContainerCreating 0 0s
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services lolling-molly-nginx)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT- 查看安装结果
# helm list (使用helm 工具查看)
NAME REVISION UPDATED STATUS CHART NAMESPACE
lolling-molly 1 Fri Aug 10 03:30:54 2018 DEPLOYED nginx-0.1.0 default
# kubectl get pods -o wide|grep nginx (通过kubeclt查看pod安装状态)
lolling-molly-nginx-86844cc88c-jv4vr 1/1 Running 0 5m 10.244.0.44 openstack-helm
# kubectl get svc |grep nginx (查看svc)
lolling-molly-nginx NodePort 10.99.197.200 <none> 80:30496/TCP 6- 通过kubectl get svc查询到对外访问端口,通过http://物理节点ip:30496(这里是刚刚修改的service type为NodePort实现) 能够访问到nginx默认提供页面
helm 查看安装chart状态
# helm status lolling-molly
LAST DEPLOYED: Fri Aug 10 03:30:54 2018
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
lolling-molly-nginx-86844cc88c-jv4vr 1/1 Running 0 15m
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
lolling-molly-nginx NodePort 10.99.197.200 <none> 80:30496/TCP 15m
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
lolling-molly-nginx 1 1 1 1 15m
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services lolling-molly-nginx)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT通过上面的helm status能够看到chart安装时的资源信息,从上面可以看到,创建了pod,创建了service, 创建了Deployment。chart的状态是DEPLOYED部署阶段
查看chart历史信息
# helm history lolling-molly
REVISION UPDATED STATUS CHART DESCRIPTION
1 Fri Aug 10 03:30:54 2018 DEPLOYED nginx-0.1.0 Install complete更新chart
这里举例,通过修改chart版本信息,进行升级更新
手动修改nginx下的Chart.yaml version为0.1.1默认为(0.1.0), 修改完成通过helm upgrade方式来进行升级
# helm list (升级前)
NAME REVISION UPDATED STATUS CHART NAMESPACE
lolling-molly 1 Fri Aug 10 03:30:54 2018 DEPLOYED nginx-0.1.0 default
# helm upgrade lolling-molly nginx (升级,lolling-molly 为helm list出的name, nginx为chart的目录名称)
# helm list (升级后,CHART nginx-0.1.0变为了nginx-0.1.1)
NAME REVISION UPDATED STATUS CHART NAMESPACE
lolling-molly 2 Fri Aug 10 03:53:53 2018 DEPLOYED nginx-0.1.1 defaulthelm upgrade会将之前创建的删除,重新创建,helm中会记录chart历史过程
回滚chart
当升级完成chart后,出现问题,可以通过rollback方式回滚。同样当执行helm delete后的chart可以通过rollback方式回滚。注意:已经物理清除的chart不能在恢复(helm delete --purge xxx)
- 升级回滚举例
# helm history lolling-molly (查看历史版本)
REVISION UPDATED STATUS CHART DESCRIPTION
1 Fri Aug 10 03:30:54 2018 SUPERSEDED nginx-0.1.0 Install complete
2 Fri Aug 10 03:53:53 2018 DEPLOYED nginx-0.1.1 Upgrade complete
# helm rollback lolling-molly 1 (版本回滚)
Rollback was a success! Happy Helming!
# helm list (这里nginx-0.1.1回退至nginx-0.1.0版本)
NAME REVISION UPDATED STATUS CHART NAMESPACE
lolling-molly 3 Fri Aug 10 04:02:56 2018 DEPLOYED nginx-0.1.0 default- 删除回滚举例
# helm list (删除前)
NAME REVISION UPDATED STATUS CHART NAMESPACE
lolling-molly 3 Fri Aug 10 04:02:56 2018 DEPLOYED nginx-0.1.0 default
# helm delete lolling-molly (删除名称为lolling-molly chart)
release "lolling-molly" deleted
# helm list (列出为空)
# kubectl get pods -o wide |grep nginx (返回为空)
# helm list --all (通过--all参数看到,已被删除,状态为DELETED)
NAME REVISION UPDATED STATUS CHART NAMESPACE
lolling-molly 3 Fri Aug 10 04:02:56 2018 DELETED nginx-0.1.0 defaul开始回滚
# helm history lolling-molly (查看历史记录,REVISION可以看到是DELETED chart)
REVISION UPDATED STATUS CHART DESCRIPTION
1 Fri Aug 10 03:30:54 2018 SUPERSEDED nginx-0.1.0 Install complete
2 Fri Aug 10 03:53:53 2018 SUPERSEDED nginx-0.1.1 Upgrade complete
3 Fri Aug 10 04:02:56 2018 DELETED nginx-0.1.0 Deletion complete
# helm rollback lolling-molly 2 (这里回滚到REVISON 2为nginx-0.1.1版本)
Rollback was a success! Happy Helming!验证回滚成功
# helm list
NAME REVISION UPDATED STATUS CHART NAMESPACE
lolling-molly 4 Fri Aug 10 04:11:12 2018 DEPLOYED nginx-0.1.1 default
# kubectl get pods -o wide|grep nginx
lolling-molly-nginx-86844cc88c-cccpf 1/1 Running 0 1m 10.244.0.45 openstack-helm这里可以看到在回滚后,ip地址变化了,由原来的10.244.0.44 变成了10.244.0.45
chart 打包归档
# helm package nginx
Successfully packaged chart and saved it to: /root/helm/nginx-0.1.0.tgz在/root/helm目录下生成了nginx-0.1.0.tgz的归档
chart 检测
通过helm lint对创建的chart进行验证,chart是否存在问题
# helm lint nginx
==> Linting nginx
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, no failures
OpenStack中的服务chart包
OpenStack支持通过helm工具来将各个组件部署在K8S环境中,k8s部署需要各个资源定义,在openstack中存在两个项目来完成各个组件资源定义,openstack-helm与openstack-infra项目,项目中定义了各个组件的配置chart包。
举例senlin
# tree senlin
senlin
|-- charts
| `-- helm-toolkit-0.1.0.tgz
|-- Chart.yaml
|-- requirements.lock
|-- requirements.yaml
|-- templates
| |-- bin
| | |-- _bootstrap.sh.tpl
| | |-- _db-sync.sh.tpl
| | |-- _senlin-api.sh.tpl
| | |-- _senlin-engine-cleaner.sh.tpl
| | |-- _senlin-engine.sh.tpl
| | `-- _senlin-test.sh.tpl
| |-- configmap-bin.yaml
| |-- configmap-etc.yaml
| |-- cron-job-engine-cleaner.yaml
| |-- deployment-api.yaml
| |-- deployment-engine.yaml
| |-- ingress-api.yaml
| |-- job-bootstrap.yaml
| |-- job-db-drop.yaml
| |-- job-db-init.yaml
| |-- job-db-sync.yaml
| |-- job-image-repo-sync.yaml
| |-- job-ks-endpoints.yaml
| |-- job-ks-service.yaml
| |-- job-ks-user.yaml
| |-- job-rabbit-init.yaml
| |-- pdb-api.yaml
| |-- pod-test.yaml
| |-- secret-db.yaml
| |-- secret-keystone.yaml
| |-- secret-rabbitmq.yaml
| |-- service-api.yaml
| `-- service-ingress-api.yaml
`-- values.yaml通过文件目录结构,可以看到与上面使用helm create创建的chart包一样,包含相同的层级目录,只是在senlin中定义了更多的资源。研究k8s部署openstack的可以对每个文件打开查看,与helm create创建不同的是,在templates/bin 中多了服务命令执行的sh模板。其它都是k8s中资源定义模板,资源相对多,复杂一些,其它都是一样。
Helm 软件升级
helm 软件升级包含helm 的tiller升级与helm 客户端升级,这里举例将helm升级为2.10.0版本。
升级前helm的软件版本:
# helm version
Client: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}
> Helm 客户端升级
helm 客户端升级方式很简单,到http://192.168.8.167/deploy-package/helm/helm-client/2.10.0/ 下载helm后,拷贝到/usr/local/bin/ 目录下即可
> Helm tiller升级
kubectl set image deployment/tiller-deploy tiller=kubernetes-helm.tiller:v2.10.0 -n kube-system升级后helm的软件版本:
# helm version
Client: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
升级通过helm已安装的chart信息不会丢失。
类似资料: