kubernetes 部署自定义chart

服务器

浏览数:159

2019-11-2

创建一个nginx的chart

  1. 创建文件夹
# mkdir -p /data/k8s/yaml/helm/nginx-first
# cd  /data/k8s/yaml/helm/nginx-first
  1. 创建自描述文件 Chart.yaml
# cat <<'EOF' > ./Chart.yaml
name: helm-nginx-first
version: 1.0.0
EOF
  1. 创建模板文件, 用于生成 Kubernetes资源清单(manifests)

创建deployment

# mkdir ./templates
# cat <<'EOF' > ./templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: helm-nginx-first
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: helm-nginx-first
    spec:
      containers:
      - name: helm-nginx-first
        image: nginx:1.10
        imagePullPolicy: IfNotPresent
EOF

创建service

cat <<'EOF' > ./templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: helm-nginx-first
spec:
  selector:
    app: helm-nginx-first
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
EOF

创建不可配置的Release

学习Release, Inspection, Removal, Rollback和Purge管理Helm Release的生命周期

使用chart安装应用

# helm install /data/k8s/yaml/helm/hello-world/
NAME:   terrifying-alpaca
LAST DEPLOYED: Wed Aug  7 13:56:34 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                               READY  STATUS             RESTARTS  AGE
helm-nginx-first-69fcff5b64-ll6jh  0/1    ContainerCreating  0         0s

==> v1/Service
NAME              TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)  AGE
helm-nginx-first  ClusterIP  10.104.99.228  <none>       80/TCP   0s

==> v1beta1/Deployment
NAME              READY  UP-TO-DATE  AVAILABLE  AGE
helm-nginx-first  0/1    1           0          0s

查看当前pod和service

# kubectl get pod,services
NAME                                    READY   STATUS    RESTARTS   AGE
pod/helm-nginx-first-69fcff5b64-ll6jh   1/1     Running   0          64s

NAME                       TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/helm-nginx-first   ClusterIP   10.104.99.228   <none>        80/TCP    64s
service/kubernetes         ClusterIP   10.96.0.1       <none>        443/TCP   40d

# 访问Nginx测试
# curl -I 10.104.99.228 
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Wed, 07 Aug 2019 05:58:15 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 31 Jan 2017 15:01:11 GMT
Connection: keep-alive
ETag: "5890a6b7-264"
Accept-Ranges: bytes

查询一个特定的Release的状态

# helm ls
NAME                    REVISION        UPDATED                         STATUS          CHART                   APP VERSION     NAMESPACE
terrifying-alpaca       1               Wed Aug  7 13:56:34 2019        DEPLOYED        nginx-first-1.0.0                       default  


# helm status terrifying-alpaca
LAST DEPLOYED: Wed Aug  7 13:56:34 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                               READY  STATUS   RESTARTS  AGE
helm-nginx-first-69fcff5b64-ll6jh  1/1    Running  0         2m47s

==> v1/Service
NAME              TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)  AGE
helm-nginx-first  ClusterIP  10.104.99.228  <none>       80/TCP   2m47s

==> v1beta1/Deployment
NAME              READY  UP-TO-DATE  AVAILABLE  AGE
helm-nginx-first  1/1    1           1          2m47s

删除release后再恢复release

# 删除release
# helm delete terrifying-alpaca
release "terrifying-alpaca" deleted

# 查看删除掉的release
# helm ls --deleted            
NAME                    REVISION        UPDATED                         STATUS  CHART                   APP VERSION     NAMESPACE

terrifying-alpaca       1               Wed Aug  7 13:56:34 2019        DELETED nginx-first-1.0.0                       default 

# 恢复release
# helm rollback terrifying-alpaca 1
Rollback was a success.

# 查看恢复后的release,恢复后版本自行+1
# helm ls
NAME                    REVISION        UPDATED                         STATUS          CHART                   APP VERSION     NAMESPACE
terrifying-alpaca       2               Wed Aug  7 14:03:18 2019        DEPLOYED        nginx-first-1.0.0                       default  

彻底删除release

# helm delete --purge terrifying-alpaca
release "terrifying-alpaca" deleted

# helm ls --deleted 

常用命令总结

helm install RELATIVE_PATH_TO_CHART 创建一次Release
helm ls 列出已经部署的Release
helm status RELEASE_NAME 查询一个特定的Release的状态
helm delete RELEASE_NAME 移除所有与这个Release相关的Kubernetes资源
helm ls --deleted 列出已经删除的Release
helm rollback RELEASE_NAME REVISION_NUMBER 回滚已经删除的Release到指定版本
helm delete --purge RELEASE_NAME 移除所有与指定Release相关的资源并删除Release记录

创建可配置的Release

官方的预定义变量

  • Release.Name:发布的名称(不是chart)
  • Release.Time:chart发布上次更新的时间。这将匹配Last ReleasedRelease对象上的时间。
  • Release.Namespace:chart发布到的名称空间。
  • Release.Service:进行发布的服务。通常这是Tiller。
  • Release.IsUpgrade:如果当前操作是升级或回滚,则设置为true。
  • Release.IsInstall:如果当前操作是安装,则设置为true。
  • Release.Revision:修订号。它从1开始,每个都递增helm upgrade。
  • Chart:内容Chart.yaml。因此,chart版本可以Chart.Version和维护者一样获得 Chart.Maintainers。
  • Files:类似于chart的对象,包含chart中的所有非特殊文件。这不会授予您访问模板的权限,但可以访问存在的其他文件(除非使用它们除外.helmignore)。可以使用{{index .Files “file.name”}}或使用{{.Files.Get name}}或 {{.Files.GetStringname}}函数访问文件。您也可以访问该文件的内容,[]byte使用{{.Files.GetBytes}}
  • Capabilities:类似于地图的对象,包含有关Kubernetes({{.Capabilities.KubeVersion}},Tiller({{.Capabilities.TillerVersion}}和支持的Kubernetes API)版本({{.Capabilities.APIVersions.Has “batch/v1″)的版本的信息

新增values.yaml文件

配置体现在配置文件 values.yaml

# cat <<'EOF' > ./values.yaml
image:
  repository: nginx
  tag: '1.10'
replicas: 2
EOF

配置deployment,引用values的值

# cat <<'EOF' > ./templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: helm-nginx-first
spec:
  replicas: {{ .Values.replicas }}
  template:
    metadata:
      labels:
        app: helm-nginx-first
    spec:
      containers:
      - name: helm-nginx-first
        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
        imagePullPolicy: IfNotPresent
EOF

使用debug查看生成后的资源文件

使用–dry-run –debug选项来打印出生成的清单文件内容,而不执行部署

# helm install --set replicas='3' /data/k8s/yaml/helm/hello-world/ --dry-run  --debug 
[debug] Created tunnel using local port: '45205'

[debug] SERVER: "127.0.0.1:45205"

[debug] Original chart version: ""
[debug] CHART PATH: /data/k8s/yaml/helm/hello-world

NAME:   virtuous-quoll
REVISION: 1
RELEASED: Wed Aug  7 14:35:44 2019
CHART: nginx-first-1.0.0
USER-SUPPLIED VALUES:
replicas: 3

COMPUTED VALUES:
image:
  repository: nginx
  tag: "1.10"
replicas: 3

HOOKS:
MANIFEST:

---
# Source: nginx-first/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: helm-nginx-first
spec:
  selector:
    app: helm-nginx-first
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
---
# Source: nginx-first/templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: helm-nginx-first
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app: helm-nginx-first
    spec:
      containers:
      - name: helm-nginx-first
        image: nginx:1.10
        imagePullPolicy: IfNotPresent

部署release时覆盖默认参数

# helm install --set replicas='3' /data/k8s/yaml/helm/hello-world/
# helm install --set replicas='3' /data/k8s/yaml/helm/hello-world/
NAME:   ringed-peahen
LAST DEPLOYED: Wed Aug  7 14:52:59 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                               READY  STATUS   RESTARTS  AGE
helm-nginx-first-69fcff5b64-bcv5b  0/1    Pending  0         0s
helm-nginx-first-69fcff5b64-nxv4k  0/1    Pending  0         0s
helm-nginx-first-69fcff5b64-vnwqd  0/1    Pending  0         0s

==> v1/Service
NAME              TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)  AGE
helm-nginx-first  ClusterIP  10.107.3.216  <none>       80/TCP   0s

==> v1beta1/Deployment
NAME              READY  UP-TO-DATE  AVAILABLE  AGE
helm-nginx-first  0/3    0           0          0s

查看部署结果

# helm  status ringed-peahen
LAST DEPLOYED: Wed Aug  7 14:52:59 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                               READY  STATUS   RESTARTS  AGE
helm-nginx-first-69fcff5b64-bcv5b  1/1    Running  0         39s
helm-nginx-first-69fcff5b64-nxv4k  1/1    Running  0         39s
helm-nginx-first-69fcff5b64-vnwqd  1/1    Running  0         39s

==> v1/Service
NAME              TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)  AGE
helm-nginx-first  ClusterIP  10.107.3.216  <none>       80/TCP   39s

==> v1beta1/Deployment
NAME              READY  UP-TO-DATE  AVAILABLE  AGE
helm-nginx-first  3/3    3           3          39s


# kubectl get po,svc
NAME                                    READY   STATUS    RESTARTS   AGE
pod/helm-nginx-first-69fcff5b64-bcv5b   1/1     Running   0          60s
pod/helm-nginx-first-69fcff5b64-nxv4k   1/1     Running   0          60s
pod/helm-nginx-first-69fcff5b64-vnwqd   1/1     Running   0          60s

NAME                       TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
service/helm-nginx-first   ClusterIP   10.107.3.216   <none>        80/TCP    60s
service/kubernetes         ClusterIP   10.96.0.1      <none>        443/TCP   40d

使用harbor做helm仓库

安装docker和docker-compose

yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7

mkdir /etc/docker
cat > /etc/docker/daemon.json <<-'EOF'
{
  "data-root": "/data/docker",
  "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/", "https://registry.docker-cn.com"]
}
EOF

systemctl start docker


wget https://github.com/docker/compose/releases/download/1.24.0/docker-compose-Linux-x86_64
chmod +x docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose

# docker-compose -v
docker-compose version 1.24.0, build 0aa59064

部署harbor

wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz
tar -xf harbor-offline-installer-v1.8.1.tgz -C /usr/local/
cd /usr/local/harbor/

# vim harbor.yml 
hostname: 192.168.1.155

# ./install.sh --with-chartmuseum
...
✔ ----Harbor has been installed and started successfully.----
...

安装以后创建helm-repo仓库

添加harbor仓库为helm repo仓库

// http仓库
# helm repo add harbor --username=admin --password=baiyongjie  http://192.168.1.155/chartrepo/helm-repo
"harbor" has been added to your repositories

// https仓库
# helm repo add harborssl --username=admin --password=baiyongjie2019  https://harbor.baiyongjie.net/chartrepo/charts --ca-file /etc/docker/certs.d/harbor.baiyongjie.net/harbor.baiyongjie.net.crt
"harbor" has been added to your repositories

将chart打包, 并上传到harbor上的helm仓库

# 上传需要安装插件
# helm plugin install https://github.com/chartmuseum/helm-push
Downloading and installing helm-push v0.7.1 ...
https://github.com/chartmuseum/helm-push/releases/download/v0.7.1/helm-push_0.7.1_linux_amd64.tar.gz
Installed plugin: push

# 将chart打包
# cd /data/k8s/yaml/helm/
# helm package nginx-first
Successfully packaged chart and saved it to: /data/k8s/yaml/helm/nginx-first-1.0.0.tgz

# 上传
# helm push  --username=admin --password=baiyongjie nginx-first-1.0.0.tgz harbor
Pushing nginx-first-1.0.0.tgz to harbor...
Done.

安装helm可视化管理工具kubeapps

github地址: https://github.com/kubeapps/kubeapps

安装部署

# 部署kubeapps
helm repo add bitnami https://charts.bitnami.com/bitnami
helm fetch bitnami/kubeapps #修改value.yaml
helm install -f values.yaml --name=kubeapps --namespace=kubeapps kubeapps

创建kubeapps的sa,并创建token用于登录部署kubeapps

kubectl create serviceaccount kubeapps-operator
kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator
kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{.secrets[].name}') -o jsonpath='{.data.token}' | base64 --decode

作者:baiyongjie