3.15 Helm功能
文章目录一、什么是Helm二、Helm的安装三、helm自定义模板四、helm基本操作一、什么是Helm在未使用helm之前,k8s部署deployment、service等资源需要分别定义资源清单文件,每一个单独进行部署,尤其是微服务多应用后,步骤繁多,helm通过使用一键打包方式,支持版本已经发布部署以及管理,简化了k8s的应用部署和管理。helm是官方提供的类似于linux中yum包管理,对
一、什么是Helm
在未使用helm之前,k8s部署deployment、service等资源需要分别定义资源清单文件,每一个单独进行部署,尤其是微服务多应用后,步骤繁多,helm通过使用一键打包方式,支持版本已经发布部署以及管理,简化了k8s的应用部署和管理。
helm是官方提供的类似于linux中yum包管理,对整个部署流程进行封装。helm包含两个重要概念:chart和release。chart即为把k8s部署步骤进行打包,release即为执行chart生成的版本。
其实,helm可以类比docker,docker是把应用打包成镜像,helm是把k8s的部署步骤打包成chart;docker运行镜像创建容器,helm执行chart,生成release。
Helm包含两个组件:Helm客户端和Tiller服务器
Helm客户端负责chart和release的创建和管理以及与Tiller的交互;
Tiller服务器运行在k8s的pod中,它会处理Helm客户端的请求,Tiller负责与API Server交互。
二、Helm的安装
1、下载helm安装包以及准备工作
安装Helm的客户端,下载helm安装包并解压赋可执行权限
tar -zxvf helm-v2.13.1-linux-amd64.tar.gz #解压helm安装包
cp -a linux-amd64/helm /usr/local/bin/ #把解压包中的helm目录copy到/usr/local/bin/目录下
chmod a+x /usr/local/bin/helm #为heml赋可执行权限
2、为Tiller赋RBAC权限
Helm的服务端Tiller是运行在pod中的,那么该pod要与API Server通信的权限就需要API Server授权,而pod与API通信是采用的ServiceAccount机制,所以API需要通过RBAC为Tiller所在的pod中绑定的ServiceAccount授予访问权限。
下面创建名字为tiller的ServiceAccount,名称空间为kube-system,然后创建名为tiller的ClusterRoleBinding,通过ClusterRoleBindind把集群管理员角色cluster-admin绑定到了名为tiller的ServiceAccount中。
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin #cluster-admin是k8s中默认的管理员集群角色
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
kubectl apply -f teller-rbac-config.yaml
3、安装tiller
安装Helm的服务器端Tiller,安装tiller,把tiller安装到pod中
helm init --service-account tiller --skip-refresh
执行上述命令后,tiller的pod已经创建完毕,在kube-system命名空间中,查看如下
[root@k8s-master01 teller]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
.......省略其它不相关pod
tiller-deploy-58565b5464-6hdjz 0/1 ImagePullBackOff 0 1h
发现tiller的pod为启动成功,状态为ImagePullBackOff,说明镜像下载不成功,无法访问谷歌网站,下面通过导入镜像处理。
4、下载Tiller镜像
下载Tiller镜像到master节点的/root/work/image目录下,并分别把master主节点中的/root/work/image下的tiller镜像下发至k8s-node01和k8s-node02(本案例只有一个master和两个node节点)
scp helm-tiller.tar root@k8s-node01:/root/work/image
scp helm-tiller.tar root@k8s-node02:/root/work/image
然后两个Node节点上分别执行docker导入tiller镜像
docker load -i helm-tiller.tar
执行上述命令后再次查询tiller的pod,发现已经运行成功
[root@k8s-master01 helm]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
.....省略不相关pod
tiller-deploy-58565b5464-6hdjz 1/1 Running 0 23h
三、helm自定义模板
1、自定义helm模板
创建nginx为例,以博主目录为例,首先在/root/work/helm/nginx目录下创建Chart.yaml模板文件:
name: nginx
version: v0.3
然后在nginx目录下创建templates目录,在templates目录下放定义的k8s资源清单模板文件
#部署deployment的资源文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: mydeployment
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: stabel
template:
metadata:
labels:
app: myapp
release: stabel
spec:
containers:
- name: myapp
image: mynginx:v0.3
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
apiVersion: v1
kind: Service
metadata:
name: myservice
namespace: default
spec:
type: ClusterIP
selector:
app: myapp
release: stabel
ports:
- name: http
port: 8080
targetPort: 80
然后使用helm命令执行上述定义的资源文件,创建当前目录下定义的deployment和service,在/root/work/helm/nginx目录下执行下述命令:
[root@k8s-master01 nginx]# helm install .
NAME: opulent-alligator
LAST DEPLOYED: Sun Nov 22 10:49:15 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mydeployment 0/3 0 0 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mydeployment-67667dddf9-5cfpf 0/1 ContainerCreating 0 0s
mydeployment-67667dddf9-hbx2z 0/1 Pending 0 0s
mydeployment-67667dddf9-lrz7j 0/1 Pending 0 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice ClusterIP 10.107.191.27 <none> 8080/TCP 0s
2、在模板中使用配置文件
可以把配置资源清单中经常需要变动的一些变量放在配置文件中,随chart一起进行发布。
例如经常需要改镜像和版本,首先在/root/work/helm/nginx目录下创建一个配置文件,比如values.yaml,在配置文件中进行修改变量,如下所示
image:
respository: mynginx
tag: v0.1
部署的deployment需要改成引用变量的形式,如下所示
apiVersion: apps/v1
kind: Deployment
metadata:
name: mydeployment
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: stabel
template:
metadata:
labels:
app: myapp
release: stabel
spec:
containers:
- name: myapp
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
然后再更新修改后的chart
[root@k8s-master01 nginx]# helm upgrade opulent-alligator .
Release "opulent-alligator" has been upgraded. Happy Helming!
LAST DEPLOYED: Sun Nov 22 21:58:50 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mydeployment 3/3 1 3 11h
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mydeployment-59648694bf-v78fd 0/1 ContainerCreating 0 0s
mydeployment-847f89d5cb-5s96g 1/1 Running 0 33m
mydeployment-847f89d5cb-8bkqk 1/1 Running 0 33m
mydeployment-847f89d5cb-bcxjv 1/1 Running 0 33m
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice ClusterIP 10.107.191.27 <none> 8080/TCP 11h
除了上述方式在在values配置文件中指定变量的值,还可以在执行chart时,通过参数进行指定,例如
[root@k8s-master01 nginx]# helm upgrade opulent-alligator --set image.repository=mynginx --set image.tag=v0.2 .
Release "opulent-alligator" has been upgraded. Happy Helming!
LAST DEPLOYED: Sun Nov 22 22:05:35 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mydeployment 3/3 0 3 11h
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mydeployment-59648694bf-gqxcw 1/1 Running 0 6m43s
mydeployment-59648694bf-v78fd 1/1 Running 0 6m45s
mydeployment-59648694bf-wmrlz 1/1 Running 0 6m41s
mydeployment-847f89d5cb-hgpvf 0/1 Pending 0 1s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice ClusterIP 10.107.191.27 <none> 8080/TCP 11h
四、helm基本操作
1、列举已部署的release
[root@k8s-master01 nginx]# helm ls
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
opulent-alligator 1 Sun Nov 22 10:49:15 2020 DEPLOYED nginx-v0.3 default
2、查询指定release的状态
[root@k8s-master01 nginx]# helm status opulent-alligator
LAST DEPLOYED: Sun Nov 22 10:49:15 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mydeployment 3/3 3 3 10h
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mydeployment-67667dddf9-5cfpf 1/1 Running 0 10h
mydeployment-67667dddf9-hbx2z 1/1 Running 0 10h
mydeployment-67667dddf9-lrz7j 1/1 Running 0 10h
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice ClusterIP 10.107.191.27 <none> 8080/TCP 10h
3、更新release
修改Chart后,需要更新,执行下述命令。比如镜像从mynginx:v0.3修改为mynginx:v0.2
[root@k8s-master01 nginx]# helm upgrade opulent-alligator .
Release "opulent-alligator" has been upgraded. Happy Helming!
LAST DEPLOYED: Sun Nov 22 21:25:09 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mydeployment 3/3 1 3 10h
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mydeployment-67667dddf9-5cfpf 1/1 Running 0 10h
mydeployment-67667dddf9-hbx2z 1/1 Running 0 10h
mydeployment-67667dddf9-lrz7j 1/1 Running 0 10h
mydeployment-847f89d5cb-5s96g 0/1 ContainerCreating 0 1s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice ClusterIP 10.107.191.27 <none> 8080/TCP 10h
4、查看release的历史
[root@k8s-master01 nginx]# helm history opulent-alligator
REVISION UPDATED STATUS CHART DESCRIPTION
1 Sun Nov 22 10:49:15 2020 SUPERSEDED nginx-v0.3 Install complete
2 Sun Nov 22 21:25:09 2020 DEPLOYED nginx-v0.3 Upgrade complete
5、删除release
[root@k8s-master01 nginx]# helm delete opulent-alligator
release "opulent-alligator" deleted
注意如果已经删除创建的release,再创建相同名字的release就会报错,比如删除后再次执行helm install --name opulent-alligator .,会报错名字已经存在。因为已经删除的release还存在
[root@k8s-master01 nginx]# helm list --deleted
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
opulent-alligator 4 Sun Nov 22 22:05:35 2020 DELETED nginx-v0.3 default
6、回退release
已经被删除的release,或者upgrrade后想回退到老版本,执行执行回退操作。例如回退上步骤删除的opulent-alligator,指定回退到3版本(第一次install,版本为1,以后每次upgrade都会增加一个版本号)
[root@k8s-master01 nginx]# helm rollback opulent-alligator 3
Rollback was a success! Happy Helming!
7、彻底删除release
第5步删除release后,通过–deleted还是可以查出被删除的release,然后回退被删除的release,但是如果确认确实不需要的release,可以进行彻底删除,彻底删除后的release不可再进行回滚。
[root@k8s-master01 nginx]# helm delete --purge opulent-alligator
release "opulent-alligator" deleted
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献11条内容
所有评论(0)