Kubernetes K8S之Helm部署、使用、常見操作與示例
主機配置規劃
| 服務器名稱(hostname) | 系統版本 | 配置 | 內網IP | 外網IP(模擬) |
|---|---|---|---|---|
| k8s-master | CentOS7.7 | 2C/4G/20G | 172.16.1.110 | 10.0.0.110 |
| k8s-node01 | CentOS7.7 | 2C/4G/20G | 172.16.1.111 | 10.0.0.111 |
| k8s-node02 | CentOS7.7 | 2C/4G/20G | 172.16.1.112 | 10.0.0.112 |
Helm是什么
沒有使用Helm之前,在Kubernetes部署應用,我們要依次部署deployment、service等,步驟比較繁瑣,況且隨著很多專案微服務化,復雜的應用在容器中部署以及管理顯得較為復雜,
helm通過打包的方式,支持發布的版本管理和控制,很大程度上簡化了Kubernetes應用的部署和管理,
Helm本質就是讓k8s的應用管理(Deployment、Service等)可配置,能動態生成,通過動態生成K8S資源清單檔案(deployment.yaml、service.yaml),然后kubectl自動呼叫K8S資源部署,
Helm是官方提供類似于YUM的包管理,是部署環境的流程封裝,Helm有三個重要的概念:chart、release和Repository
- chart是創建一個應用的資訊集合,包括各種Kubernetes物件的配置模板、引數定義、依賴關系、檔案說明等,可以將chart想象成apt、yum中的軟體安裝包,
- release是chart的運行實體,代表一個正在運行的應用,當chart被安裝到Kubernetes集群,就生成一個release,chart能多次安裝到同一個集群,每次安裝都是一個release【根據chart賦值不同,完全可以部署出多個release出來】,
- Repository用于發布和存盤 Chart 的存盤庫,
Helm包含兩個組件:Helm客戶端和Tiller服務端,如下圖所示:
Helm 客戶端負責 chart 和 release 的創建和管理以及和 Tiller 的互動,Tiller 服務端運行在 Kubernetes 集群中,它會處理Helm客戶端的請求,與 Kubernetes API Server 互動,
Helm部署
現在越來越多的公司和團隊開始使用Helm這個Kubernetes的包管理器,我們也會使用Helm安裝Kubernetes的常用組件,Helm由客戶端命令helm工具和服務端tiller組成,
helm的GitHub地址
https://github.com/helm/helm
本次部署版本
Helm安裝部署
[root@k8s-master software]# pwd
/root/software
[root@k8s-master software]# wget https://get.helm.sh/helm-v2.16.9-linux-amd64.tar.gz
[root@k8s-master software]#
[root@k8s-master software]# tar xf helm-v2.16.9-linux-amd64.tar.gz
[root@k8s-master software]# ll
total 12624
-rw-r--r-- 1 root root 12926032 Jun 16 06:55 helm-v3.2.4-linux-amd64.tar.gz
drwxr-xr-x 2 3434 3434 50 Jun 16 06:55 linux-amd64
[root@k8s-master software]#
[root@k8s-master software]# cp -a linux-amd64/helm /usr/bin/helm
因為Kubernetes API Server開啟了RBAC訪問控制,所以需要創建tiller的service account:tiller并分配合適的角色給它,這里為了簡單起見我們直接分配cluster-admin這個集群內置的ClusterRole給它,
[root@k8s-master helm]# pwd
/root/k8s_practice/helm
[root@k8s-master helm]#
[root@k8s-master helm]# cat rbac-helm.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
[root@k8s-master helm]#
[root@k8s-master helm]# kubectl apply -f rbac-helm.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created
初始化Helm的client 和 server
[root@k8s-master helm]# helm init --service-account tiller
………………
[root@k8s-master helm]# kubectl get pod -n kube-system -o wide | grep 'tiller'
tiller-deploy-8488d98b4c-j8txs 0/1 Pending 0 38m <none> <none> <none> <none>
[root@k8s-master helm]#
##### 之所有沒有調度成功,就是因為拉取鏡像包失敗;查看需要拉取的鏡像包
[root@k8s-master helm]# kubectl describe pod tiller-deploy-8488d98b4c-j8txs -n kube-system
Name: tiller-deploy-8488d98b4c-j8txs
Namespace: kube-system
Priority: 0
Node: <none>
Labels: app=helm
name=tiller
pod-template-hash=8488d98b4c
Annotations: <none>
Status: Pending
IP:
IPs: <none>
Controlled By: ReplicaSet/tiller-deploy-8488d98b4c
Containers:
tiller:
Image: gcr.io/kubernetes-helm/tiller:v2.16.9
Ports: 44134/TCP, 44135/TCP
Host Ports: 0/TCP, 0/TCP
Liveness: http-get http://:44135/liveness delay=1s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:44135/readiness delay=1s timeout=1s period=10s #success=1 #failure=3
Environment:
TILLER_NAMESPACE: kube-system
TILLER_HISTORY_MAX: 0
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from tiller-token-kjqb7 (ro)
Conditions:
………………
由上可見,鏡像下載失敗,原因是鏡像在國外,因此這里需要修改鏡像地址
[root@k8s-master helm]# helm init --upgrade --tiller-image registry.cn-beijing.aliyuncs.com/google_registry/tiller:v2.16.9
[root@k8s-master helm]#
### 等待一會兒后
[root@k8s-master helm]# kubectl get pod -o wide -A | grep 'till'
kube-system tiller-deploy-7b7787d77-zln6t 1/1 Running 0 8m43s 10.244.4.123 k8s-node01 <none> <none>
由上可見,Helm服務端tiller部署成功
helm版本資訊查看
[root@k8s-master helm]# helm version
Client: &version.Version{SemVer:"v2.16.9", GitCommit:"8ad7037828e5a0fca1009dabe290130da6368e39", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.9", GitCommit:"8ad7037828e5a0fca1009dabe290130da6368e39", GitTreeState:"dirty"}
Helm使用
helm源地址
helm默認使用的charts源地址
[root@k8s-master helm]# helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
改變helm源【是否改變helm源,根據實際情況而定,一般不需要修改】
helm repo remove stable
helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo update
helm repo list
helm安裝包下載存放位置
/root/.helm/cache/archive
helm常見應用操作
# 列出charts倉庫中所有可用的應用
helm search
# 查詢指定應用
helm search memcached
# 查詢指定應用的具體資訊
helm inspect stable/memcached
# 用helm安裝軟體包,--name:指定release名字
helm install --name memcached1 stable/memcached
# 查看安裝的軟體包
helm list
# 洗掉指定參考
helm delete memcached1
helm常用命令
chart管理
create:根據給定的name創建一個新chart
fetch:從倉庫下載chart,并(可選項)將其解壓縮到本地目錄中
inspect:chart詳情
package:打包chart目錄到一個chart歸檔
lint:語法檢測
verify:驗證位于給定路徑的chart已被簽名且有效
release管理
get:下載一個release
delete:根據給定的release name,從Kubernetes中洗掉指定的release
install:安裝一個chart
list:顯示release串列
upgrade:升級release
rollback:回滾release到之前的一個版本
status:顯示release狀態資訊
history:Fetch release歷史資訊
helm常見操作
# 添加倉庫
helm repo add REPO_INFO # 如:helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
##### 示例
helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
helm repo add elastic https://helm.elastic.co
# 查看helm倉庫串列
helm repo list
# 創建chart【可供參考,一般都是自己手動創建chart】
helm create CHART_PATH
# 根據指定chart部署一個release
helm install --name RELEASE_NAME CHART_PATH
# 根據指定chart模擬安裝一個release,并列印處debug資訊
helm install --dry-run --debug --name RELEASE_NAME CHART_PATH
# 列出已經部署的release
helm list
# 列出所有的release
helm list --all
# 查詢指定release的狀態
helm status Release_NAME
# 回滾到指定版本的release,這里指定的helm release版本
helm rollback Release_NAME REVISION_NUM
# 查看指定release的歷史資訊
helm history Release_NAME
# 對指定chart打包
helm package CHART_PATH 如:helm package my-test-app/
# 對指定chart進行語法檢測
helm lint CHART_PATH
# 查看指定chart詳情
helm inspect CHART_PATH
# 從Kubernetes中洗掉指定release相關的資源【helm list --all 中仍然可見release記錄資訊】
helm delete RELEASE_NAME
# 從Kubernetes中洗掉指定release相關的資源,并洗掉release記錄
helm delete --purge RELEASE_NAME
上述操作可結合下文示例,這樣能看到更多細節,
helm示例
chart檔案資訊
[root@k8s-master helm]# pwd
/root/k8s_practice/helm
[root@k8s-master helm]#
[root@k8s-master helm]# mkdir my-test-app
[root@k8s-master helm]# cd my-test-app
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# ll
total 8
-rw-r--r-- 1 root root 158 Jul 16 17:53 Chart.yaml
drwxr-xr-x 2 root root 49 Jul 16 21:04 templates
-rw-r--r-- 1 root root 129 Jul 16 21:04 values.yaml
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# cat Chart.yaml
apiVersion: v1
appVersion: v2.2
description: my test app
keywords:
- myapp
maintainers:
- email: zhang@test.com
name: zhang
# 該name值與上級目錄名相同
name: my-test-app
version: v1.0.0
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# cat values.yaml
deployname: my-test-app02
replicaCount: 2
images:
repository: registry.cn-beijing.aliyuncs.com/google_registry/myapp
tag: v2
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# ll templates/
total 8
-rw-r--r-- 1 root root 544 Jul 16 21:04 deployment.yaml
-rw-r--r-- 1 root root 222 Jul 16 20:41 service.yaml
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# cat templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.deployname }}
labels:
app: mytestapp-deploy
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: mytestapp
env: test
template:
metadata:
labels:
app: mytestapp
env: test
description: mytest
spec:
containers:
- name: myapp-pod
image: {{ .Values.images.repository }}:{{ .Values.images.tag }}
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# cat templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: my-test-app
namespace: default
spec:
type: NodePort
selector:
app: mytestapp
env: test
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
生成release
[root@k8s-master my-test-app]# pwd
/root/k8s_practice/helm/my-test-app
[root@k8s-master my-test-app]# ll
total 8
-rw-r--r-- 1 root root 160 Jul 16 21:15 Chart.yaml
drwxr-xr-x 2 root root 49 Jul 16 21:04 templates
-rw-r--r-- 1 root root 129 Jul 16 21:04 values.yaml
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# helm install --name mytest-app01 . ### 如果在上級目錄則為 helm install --name mytest-app01 my-test-app/
NAME: mytest-app01
LAST DEPLOYED: Thu Jul 16 21:18:08 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
my-test-app02 0/2 2 0 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
my-test-app02-58cb6b67fc-4ss4v 0/1 ContainerCreating 0 0s
my-test-app02-58cb6b67fc-w2nhc 0/1 ContainerCreating 0 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-test-app NodePort 10.110.82.62 <none> 80:30965/TCP 0s
[root@k8s-master my-test-app]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
mytest-app01 1 Thu Jul 16 21:18:08 2020 DEPLOYED my-test-app-v1.0.0 v2.2 default
curl訪問
[root@k8s-master ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-test-app02-58cb6b67fc-4ss4v 1/1 Running 0 9m3s 10.244.2.187 k8s-node02 <none> <none>
my-test-app02-58cb6b67fc-w2nhc 1/1 Running 0 9m3s 10.244.4.134 k8s-node01 <none> <none>
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 65d <none>
my-test-app NodePort 10.110.82.62 <none> 80:30965/TCP 9m8s app=mytestapp,env=test
[root@k8s-master ~]#
##### 根據svc的IP訪問
[root@k8s-master ~]# curl 10.110.82.62
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
[root@k8s-master ~]#
[root@k8s-master ~]# curl 10.110.82.62/hostname.html
my-test-app02-58cb6b67fc-4ss4v
[root@k8s-master ~]#
[root@k8s-master ~]# curl 10.110.82.62/hostname.html
my-test-app02-58cb6b67fc-w2nhc
[root@k8s-master ~]#
##### 根據本機的IP訪問
[root@k8s-master ~]# curl 172.16.1.110:30965/hostname.html
my-test-app02-58cb6b67fc-w2nhc
[root@k8s-master ~]#
[root@k8s-master ~]# curl 172.16.1.110:30965/hostname.html
my-test-app02-58cb6b67fc-4ss4v
chart更新
values.yaml檔案修改
[root@k8s-master my-test-app]# pwd
/root/k8s_practice/helm/my-test-app
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# cat values.yaml
deployname: my-test-app02
replicaCount: 2
images:
repository: registry.cn-beijing.aliyuncs.com/google_registry/myapp
# 改了tag
tag: v3
重新release發布
[root@k8s-master my-test-app]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
mytest-app01 1 Thu Jul 16 21:18:08 2020 DEPLOYED my-test-app-v1.0.0 v2.2 default
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# helm upgrade mytest-app01 . ### 如果在上級目錄則為 helm upgrade mytest-app01 my-test-app/
Release "mytest-app01" has been upgraded.
LAST DEPLOYED: Thu Jul 16 21:32:25 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
my-test-app02 2/2 1 2 14m
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
my-test-app02-58cb6b67fc-4ss4v 1/1 Running 0 14m
my-test-app02-58cb6b67fc-w2nhc 1/1 Running 0 14m
my-test-app02-6b84df49bb-lpww7 0/1 ContainerCreating 0 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-test-app NodePort 10.110.82.62 <none> 80:30965/TCP 14m
[root@k8s-master my-test-app]#
[root@k8s-master my-test-app]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
mytest-app01 2 Thu Jul 16 21:32:25 2020 DEPLOYED my-test-app-v1.0.0 v2.2 default
curl訪問,可參見上面,可見app version已從v2改為了v3,
相關閱讀
1、Helm官網地址
2、Helm官網部署helm
3、Helm的GitHub地址
完畢!
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/236023.html
標籤:AI