• 0

  • 471

王炸!Helm管理Kubernetes应用服务

None

关注Linux

1星期前

Helm 是一个 Kubernetes 应用的包管理工具,用来管理 chart——预先配置好的安装包资源,有点类似于 Ubuntu 的 APT 和 CentOS 中的 YUM。

1 Helm

1.1 安装

## 配置go环境
wget https://golang.org/dl/go1.15.5.linux-amd64.tar.gz
tar zxvf go1.15.5.linux-amd64.tar.gz
cd go
mv bin/go /usr/bin/

## 安装helm
git clone https://github.com/helm/helm.git
cd helm
make 
mv bin/helm /usr/bin
复制代码

1.2 helm 创建Chart

base) [root@node46 zhangjx]# helm create mycharts
(base) [root@node46 zhangjx]# cd mycharts
(base) [root@node46 mycharts]# ls 
charts  Chart.yaml  templates  values.yaml
复制代码

1.2.1 Charts.yaml,这个应该的配置文件

(base) [root@node46 mycharts]# cat Chart.yaml  | grep -v '#'
apiVersion: v2
name: mycharts
description: A Helm chart for Kubernetes

type: application

version: 0.1.1

appVersion: 1.16.0
复制代码

1.2.2 values.yaml,对应不同的k8s资源的相关配置

(base) [root@node46 mycharts]# cat values.yaml | grep -v "#"

replicaCount: 1

image:
  repository: nginx
  pullPolicy: IfNotPresent
  tag: latest 

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  create: true
  annotations: {}
  name: ""

podAnnotations: {}

podSecurityContext: {}

securityContext: {}

service:
  type: ClusterIP
  port: 80

ingress:
  enabled: false
  annotations: {}
  hosts:
    - host: chart-example.local
      paths: []
  tls: []

resources: {}

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80

nodeSelector: {}

tolerations: []

affinity: {}
复制代码

1.2.3 templates下面对应的k8s相关资源的yaml文件,以deployment为例

(base) [root@node46 mycharts]# ls templates/
deployment.yaml  _helpers.tpl  hpa.yaml  ingress.yaml  NOTES.txt  serviceaccount.yaml  service.yaml  tests
(base) [root@node46 mycharts]# cd templates/
(base) [root@node46 templates]# cat deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "mycharts.fullname" . }}
  labels:
    {{- include "mycharts.labels" . | nindent 4 }}
spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "mycharts.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "mycharts.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "mycharts.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
复制代码
  • mycharts对应Chart.yaml下的配置信息
  • Values 对应values下的配置信息

1.3 安装chart

(base) [root@node46 mycharts]# kubectl create ns nginx 
namespace/nginx created
(base) [root@node46 mycharts]# helm lint   ## 检查chart配置的正确性
==> Linting .
[INFO] Chart.yaml: icon is recommended

1 chart(s) linted, 0 chart(s) failed

(base) [root@node46 mycharts]# helm install helm-nginx .
NAME: helm-nginx
LAST DEPLOYED: Tue Nov 17 11:16:53 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mycharts,app.kubernetes.io/instance=helm-nginx" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT

(base) [root@node46 mycharts]# kubectl get all -n nginx 
NAME                                      READY   STATUS    RESTARTS   AGE
pod/helm-nginx-mycharts-c94774b66-rbp8p   1/1     Running   0          18s

NAME                          TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
service/helm-nginx-mycharts   ClusterIP   10.1.209.186   <none>        80/TCP    18s

NAME                                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/helm-nginx-mycharts   1/1     1            1           18s

NAME                                            DESIRED   CURRENT   READY   AGE
replicaset.apps/helm-nginx-mycharts-c94774b66   1         1         1       18s
(base) [root@node46 mycharts]# 
复制代码

1.4 查看并打包

(base) [root@node46 zhangjx]# helm list 
NAME       	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART         	APP VERSION
helm-nginx 	default  	1       	2020-11-17 11:16:53.983298944 +0800 CST	deployed	mycharts-0.1.1	1.16.0     

## 打包
(base) [root@node46 zhangjx]# helm package ./mycharts/
Successfully packaged chart and saved it to: /home/zhangjx/mycharts-0.1.1.tgz

## 卸载
(base) [root@node46 zhangjx]# helm uninstall helm-nginx 
release "helm-nginx" uninstalled

## 使用打包好的helm进行install
(base) [root@node46 zhangjx]# helm install helm-nginx  ./mycharts-0.1.1.tgz 
NAME: helm-nginx
LAST DEPLOYED: Tue Nov 17 13:37:31 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mycharts,app.kubernetes.io/instance=helm-nginx" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
 
 (base) [root@node46 zhangjx]# helm list 
NAME       	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART         	APP VERSION
helm-nginx 	default  	1       	2020-11-17 13:37:31.328734126 +0800 CST	deployed	mycharts-0.1.1	1.16.0 

(base) [root@node46 zhangjx]# kubectl  create ns nginx-1
namespace/nginx-1 created

## 设置namespace为nginx-1
(base) [root@node46 zhangjx]# helm install helm-nginx-1 --set namespace=nginx-1 ./mycharts-0.1.1.tgz 
NAME: helm-nginx-1
LAST DEPLOYED: Tue Nov 17 13:40:43 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mycharts,app.kubernetes.io/instance=helm-nginx-1" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
 
(base) [root@node46 zhangjx]# kubectl  get pod -n nginx-1
NAME                                     READY   STATUS    RESTARTS   AGE
helm-nginx-1-mycharts-67748f87b7-skfjs   1/1     Running   0          10s
复制代码

打包好的应用文件,该如何管理?Helm 3.0之前使用tillerhelm init)对打包文件进行管理,但是3.0之后helm init 命令取消,下面介绍chartmuseum对helm打包应用进行管理,便于Kubernetes应用信息的持久化

1.5 Helm常用命令

  • helm create:在本地创建新的 chart;
  • helm dependency:管理 chart 依赖;
  • helm install:安装 chart;
  • helm lint:检查 chart 配置是否有误;
  • helm list:列出所有 release;
  • helm package:打包本地 chart;
  • helm repo:列出、增加、更新、删除 chart 仓库;
  • helm rollback:回滚 release 到历史版本;
  • helm pull:拉取远程 chart 到本地;
  • helm search:使用关键词搜索 chart;
  • helm uninstall:卸载 release;
  • helm upgrade:升级 release;
  • helm show: 查看charts的配置信息。

2 Chartmuseum

2.1 安装

curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum
chmod +x chartmuseum
cp chartmuseum /usr/local/bin
复制代码

2.2 配置并启动Chartmuseum

2.2.1 service 文件配置

# cat /etc/systemd/system/chartmuseum.service
[Unit]
Description=chartmuseum
Requires=network-online.target
After=network-online.target

[Service]
EnvironmentFile=/etc/chartmuseum/chartmuseum.config
User=root
Restart=allways
ExecStart=/usr/local/bin/chartmuseum $ARGS
ExecStop=/usr/local/bin/chartmuseum step-down

[Install]
WantedBy=multi-user.target
复制代码

2.2.2 /etc/chartmuseum/chartmuseum.config配置

# mkdir -p /etc/chartmuseum/
# cat /etc/chartmuseum/chartmuseum.config
ARGS=\
--port=9090 \
--storage="local" \
--storage-local-rootdir="/var/lib/chartmuseum/chartstorage" \
--log-json \
--basic-auth-user=admin \
--basic-auth-pass=admin
复制代码
  • --port: chartmuseum服务监听端口
  • --storage: local表示使用本地存储
  • --storage-local-rootdir: 本地存储点路径,helm push chart的存储路径
  • --log-json: 日志显示为json格式
  • --basic-auth-user: 用户名(使用基本的认证方式,用户名+密码,使用证书方式参照点我)
  • --basic-auth-pass: 密码 (chartmuseum服务起来后,后续给helm添加repo时需要加上--username xxx --password

2.2.3 启动服务

systemctl start chartmuseum
systemctl status chaetmuseum
复制代码

3 Chartmuseum与Helm 配合使用

3.1 增加repo

helm repo add chartmuseum http://192.168.5.46:9090 --username  admin --password  admin

(base) [root@node46 bak]# helm repo list 
NAME       	URL                     
chartmuseum	http://192.168.5.46:9090
复制代码

3.2 使用

3.2.1 上传

# curl -u admin:admin  --data-binary "@my" http://192.168.4.32:9090/api/charts
复制代码

3.2.2 查看

  • GET /index.yaml 得到chartmuseum的全部charts
# curl http://192.168.5.46:9090/index.yaml -u admin:admin
apiVersion: v1
entries:
  mycharts:
  - apiVersion: v2
    appVersion: 1.16.0
    created: "2020-11-17T14:04:28.005906+08:00"
    description: A Helm chart for Kubernetes
    digest: d0363f6588e36345f05656cbae5a6e4639c1e1bd606ad8761a46600d1e11bd07
    name: mycharts
    type: application
    urls:
    - charts/mycharts-0.1.1.tgz
    version: 0.1.1
generated: "2020-11-17T14:05:19+08:00"
serverInfo: {}
复制代码

3.2.3 下载

  • 使用curl
(base) [root@node46 bak]# curl -O http://192.168.5.46:9090/charts/mycharts-0.1.1.tgz -u admin:admin
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3600    0  3600    0     0   612k      0 --:--:-- --:--:-- --:--:--  703k
(base) [root@node46 bak]# ls 
mycharts-0.1.1.tgz
复制代码
  • helm pull
(base) [root@node46 zhangjx]# helm repo  list 
NAME       	URL                     
chartmuseum	http://192.168.5.46:9090
(base) [root@node46 bak]# helm pull --username admin --password admin --repo http://192.168.5.46:9090  mycharts  --version 0.1.6
(base) [root@node46 bak]# ls
mycharts-0.1.6.tgz
复制代码

3.2.4 列出所有的charts(json格式)

(base) [root@node46 zhangjx]# curl  -s http://192.168.5.46:9090/api/charts -u admin:admin | jq
{
  "mycharts": [
    {
      "name": "mycharts",
      "version": "0.1.6",
      "description": "A Helm chart for Kubernetes",
      "apiVersion": "v2",
      "appVersion": "1.16.0",
      "type": "application",
      "urls": [
        "charts/mycharts-0.1.6.tgz"
      ],
      "created": "2020-11-17T14:11:33.068906+08:00",
      "digest": "c0081239734e0592cdf5b98da8ff25a12ed5ce847de29ea52ddce7c0fe70a34f"
    },
    {
      "name": "mycharts",
      "version": "0.1.1",
      "description": "A Helm chart for Kubernetes",
      "apiVersion": "v2",
      "appVersion": "1.16.0",
      "type": "application",
      "urls": [
        "charts/mycharts-0.1.1.tgz"
      ],
      "created": "2020-11-17T14:04:28.005906+08:00",
      "digest": "d0363f6588e36345f05656cbae5a6e4639c1e1bd606ad8761a46600d1e11bd07"
    }
  ]
}
复制代码

3.2.5 删除一个charts

(base) [root@node46 zhangjx]#  curl -X  DELETE http://192.168.5.46:9090/api/charts/mycharts/0.1.1 -u admin:admin
{"deleted":true}
复制代码

3.2.6 安装charts

# helm install  helm-nginx-2 --username admin --password admin --repo http://192.168.5.46:9090 mycharts --version 0.1.6
复制代码

4 总结

使用Helm管理Kubernetes应用其实就是管理创建Kubernetes资源的yaml文件,将同一应用所需要的资源打包到同一个目录下,对于经常变化的变量有Helm管理,这样便于部署和迁移。

免责声明:文章版权归原作者所有,其内容与观点不代表Unitimes立场,亦不构成任何投资意见或建议。

Linux中文社区

471

相关文章推荐

未登录头像

暂无评论