创建一个nginx的chart
- 创建文件夹
# mkdir -p /data/k8s/yaml/helm/nginx-first # cd /data/k8s/yaml/helm/nginx-first
- 创建自描述文件 Chart.yaml
# cat <<'EOF' > ./Chart.yaml name: helm-nginx-first version: 1.0.0 EOF
- 创建模板文件, 用于生成 Kubernetes资源清单(manifests)
创建deployment
# mkdir ./templates
# cat <<'EOF' > ./templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: helm-nginx-first
spec:
replicas: 1
template:
metadata:
labels:
app: helm-nginx-first
spec:
containers:
- name: helm-nginx-first
image: nginx:1.10
imagePullPolicy: IfNotPresent
EOF
创建service
cat <<'EOF' > ./templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-nginx-first
spec:
selector:
app: helm-nginx-first
ports:
- port: 80
targetPort: 80
protocol: TCP
EOF
创建不可配置的Release
学习Release, Inspection, Removal, Rollback和Purge管理Helm Release的生命周期
使用chart安装应用
# helm install /data/k8s/yaml/helm/hello-world/ NAME: terrifying-alpaca LAST DEPLOYED: Wed Aug 7 13:56:34 2019 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE helm-nginx-first-69fcff5b64-ll6jh 0/1 ContainerCreating 0 0s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE helm-nginx-first ClusterIP 10.104.99.228 <none> 80/TCP 0s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE helm-nginx-first 0/1 1 0 0s
查看当前pod和service
# kubectl get pod,services NAME READY STATUS RESTARTS AGE pod/helm-nginx-first-69fcff5b64-ll6jh 1/1 Running 0 64s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/helm-nginx-first ClusterIP 10.104.99.228 <none> 80/TCP 64s service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 40d # 访问Nginx测试 # curl -I 10.104.99.228 HTTP/1.1 200 OK Server: nginx/1.10.3 Date: Wed, 07 Aug 2019 05:58:15 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 31 Jan 2017 15:01:11 GMT Connection: keep-alive ETag: "5890a6b7-264" Accept-Ranges: bytes
查询一个特定的Release的状态
# helm ls NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE terrifying-alpaca 1 Wed Aug 7 13:56:34 2019 DEPLOYED nginx-first-1.0.0 default # helm status terrifying-alpaca LAST DEPLOYED: Wed Aug 7 13:56:34 2019 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE helm-nginx-first-69fcff5b64-ll6jh 1/1 Running 0 2m47s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE helm-nginx-first ClusterIP 10.104.99.228 <none> 80/TCP 2m47s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE helm-nginx-first 1/1 1 1 2m47s
删除release后再恢复release
# 删除release # helm delete terrifying-alpaca release "terrifying-alpaca" deleted # 查看删除掉的release # helm ls --deleted NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE terrifying-alpaca 1 Wed Aug 7 13:56:34 2019 DELETED nginx-first-1.0.0 default # 恢复release # helm rollback terrifying-alpaca 1 Rollback was a success. # 查看恢复后的release,恢复后版本自行+1 # helm ls NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE terrifying-alpaca 2 Wed Aug 7 14:03:18 2019 DEPLOYED nginx-first-1.0.0 default
彻底删除release
# helm delete --purge terrifying-alpaca release "terrifying-alpaca" deleted # helm ls --deleted
常用命令总结
helm install RELATIVE_PATH_TO_CHART 创建一次Release helm ls 列出已经部署的Release helm status RELEASE_NAME 查询一个特定的Release的状态 helm delete RELEASE_NAME 移除所有与这个Release相关的Kubernetes资源 helm ls --deleted 列出已经删除的Release helm rollback RELEASE_NAME REVISION_NUMBER 回滚已经删除的Release到指定版本 helm delete --purge RELEASE_NAME 移除所有与指定Release相关的资源并删除Release记录
创建可配置的Release
官方的预定义变量
- Release.Name:发布的名称(不是chart)
- Release.Time:chart发布上次更新的时间。这将匹配Last ReleasedRelease对象上的时间。
- Release.Namespace:chart发布到的名称空间。
- Release.Service:进行发布的服务。通常这是Tiller。
- Release.IsUpgrade:如果当前操作是升级或回滚,则设置为true。
- Release.IsInstall:如果当前操作是安装,则设置为true。
- Release.Revision:修订号。它从1开始,每个都递增helm upgrade。
- Chart:内容Chart.yaml。因此,chart版本可以Chart.Version和维护者一样获得 Chart.Maintainers。
- Files:类似于chart的对象,包含chart中的所有非特殊文件。这不会授予您访问模板的权限,但可以访问存在的其他文件(除非使用它们除外.helmignore)。可以使用{{index .Files “file.name”}}或使用{{.Files.Get name}}或 {{.Files.GetStringname}}函数访问文件。您也可以访问该文件的内容,[]byte使用{{.Files.GetBytes}}
- Capabilities:类似于地图的对象,包含有关Kubernetes({{.Capabilities.KubeVersion}},Tiller({{.Capabilities.TillerVersion}}和支持的Kubernetes API)版本({{.Capabilities.APIVersions.Has “batch/v1″)的版本的信息
新增values.yaml文件
配置体现在配置文件 values.yaml
# cat <<'EOF' > ./values.yaml image: repository: nginx tag: '1.10' replicas: 2 EOF
配置deployment,引用values的值
# cat <<'EOF' > ./templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: helm-nginx-first
spec:
replicas: {{ .Values.replicas }}
template:
metadata:
labels:
app: helm-nginx-first
spec:
containers:
- name: helm-nginx-first
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: IfNotPresent
EOF
使用debug查看生成后的资源文件
使用–dry-run –debug选项来打印出生成的清单文件内容,而不执行部署
# helm install --set replicas='3' /data/k8s/yaml/helm/hello-world/ --dry-run --debug
[debug] Created tunnel using local port: '45205'
[debug] SERVER: "127.0.0.1:45205"
[debug] Original chart version: ""
[debug] CHART PATH: /data/k8s/yaml/helm/hello-world
NAME: virtuous-quoll
REVISION: 1
RELEASED: Wed Aug 7 14:35:44 2019
CHART: nginx-first-1.0.0
USER-SUPPLIED VALUES:
replicas: 3
COMPUTED VALUES:
image:
repository: nginx
tag: "1.10"
replicas: 3
HOOKS:
MANIFEST:
---
# Source: nginx-first/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-nginx-first
spec:
selector:
app: helm-nginx-first
ports:
- port: 80
targetPort: 80
protocol: TCP
---
# Source: nginx-first/templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: helm-nginx-first
spec:
replicas: 3
template:
metadata:
labels:
app: helm-nginx-first
spec:
containers:
- name: helm-nginx-first
image: nginx:1.10
imagePullPolicy: IfNotPresent
部署release时覆盖默认参数
# helm install --set replicas='3' /data/k8s/yaml/helm/hello-world/ # helm install --set replicas='3' /data/k8s/yaml/helm/hello-world/ NAME: ringed-peahen LAST DEPLOYED: Wed Aug 7 14:52:59 2019 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE helm-nginx-first-69fcff5b64-bcv5b 0/1 Pending 0 0s helm-nginx-first-69fcff5b64-nxv4k 0/1 Pending 0 0s helm-nginx-first-69fcff5b64-vnwqd 0/1 Pending 0 0s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE helm-nginx-first ClusterIP 10.107.3.216 <none> 80/TCP 0s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE helm-nginx-first 0/3 0 0 0s
查看部署结果
# helm status ringed-peahen LAST DEPLOYED: Wed Aug 7 14:52:59 2019 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE helm-nginx-first-69fcff5b64-bcv5b 1/1 Running 0 39s helm-nginx-first-69fcff5b64-nxv4k 1/1 Running 0 39s helm-nginx-first-69fcff5b64-vnwqd 1/1 Running 0 39s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE helm-nginx-first ClusterIP 10.107.3.216 <none> 80/TCP 39s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE helm-nginx-first 3/3 3 3 39s # kubectl get po,svc NAME READY STATUS RESTARTS AGE pod/helm-nginx-first-69fcff5b64-bcv5b 1/1 Running 0 60s pod/helm-nginx-first-69fcff5b64-nxv4k 1/1 Running 0 60s pod/helm-nginx-first-69fcff5b64-vnwqd 1/1 Running 0 60s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/helm-nginx-first ClusterIP 10.107.3.216 <none> 80/TCP 60s service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 40d
使用harbor做helm仓库
安装docker和docker-compose
yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7
mkdir /etc/docker
cat > /etc/docker/daemon.json <<-'EOF'
{
"data-root": "/data/docker",
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/", "https://registry.docker-cn.com"]
}
EOF
systemctl start docker
wget https://github.com/docker/compose/releases/download/1.24.0/docker-compose-Linux-x86_64
chmod +x docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
# docker-compose -v
docker-compose version 1.24.0, build 0aa59064
部署harbor
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz tar -xf harbor-offline-installer-v1.8.1.tgz -C /usr/local/ cd /usr/local/harbor/ # vim harbor.yml hostname: 192.168.1.155 # ./install.sh --with-chartmuseum ... ✔ ----Harbor has been installed and started successfully.---- ...
安装以后创建helm-repo仓库
添加harbor仓库为helm repo仓库
// http仓库 # helm repo add harbor --username=admin --password=baiyongjie http://192.168.1.155/chartrepo/helm-repo "harbor" has been added to your repositories // https仓库 # helm repo add harborssl --username=admin --password=baiyongjie2019 https://harbor.baiyongjie.net/chartrepo/charts --ca-file /etc/docker/certs.d/harbor.baiyongjie.net/harbor.baiyongjie.net.crt "harbor" has been added to your repositories
将chart打包, 并上传到harbor上的helm仓库
# 上传需要安装插件 # helm plugin install https://github.com/chartmuseum/helm-push Downloading and installing helm-push v0.7.1 ... https://github.com/chartmuseum/helm-push/releases/download/v0.7.1/helm-push_0.7.1_linux_amd64.tar.gz Installed plugin: push # 将chart打包 # cd /data/k8s/yaml/helm/ # helm package nginx-first Successfully packaged chart and saved it to: /data/k8s/yaml/helm/nginx-first-1.0.0.tgz # 上传 # helm push --username=admin --password=baiyongjie nginx-first-1.0.0.tgz harbor Pushing nginx-first-1.0.0.tgz to harbor... Done.
安装helm可视化管理工具kubeapps
github地址: https://github.com/kubeapps/kubeapps
安装部署
# 部署kubeapps helm repo add bitnami https://charts.bitnami.com/bitnami helm fetch bitnami/kubeapps #修改value.yaml helm install -f values.yaml --name=kubeapps --namespace=kubeapps kubeapps
创建kubeapps的sa,并创建token用于登录部署kubeapps
kubectl create serviceaccount kubeapps-operator
kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator
kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{.secrets[].name}') -o jsonpath='{.data.token}' | base64 --decode
原文地址:https://www.jianshu.com/p/d6788a353ed8
