Helm v3從入門到實戰

目錄

• 什麼是Helm
• 安裝Helm
• Helm基本架構
• 使用helm部署mysql
• 幾個概念
• Helm命令解析
• Chart模板
• 使用Harbor做爲Helm Cahrts倉庫

在學習Helm以前，你須要先對k8s的deployment/pod/service/ingress/pv/pvc/statefulset/configmap/vxlan/flannel/daemonset等要可以比較熟練的使用。

什麼是Helm

helm的官網https://helm.sh/ ，上面講了

The package manager for Kubernetes.
Helm is the best way to find, share, and use software built for Kubernetes.
Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste.
Helm is a graduated project in the CNCF and is maintained by the Helm community.

包管理，helm是一個k8s包管理工具，好了，怎麼理解？
舉個例子，yum咱們知道吧，它是rpm包管理工具，咱們執行yum install mysql時，它會自動幫咱們安裝mysql和mysql須要的依賴，那helm的包管理了？
我再舉個例子，咱們在k8s部署一個mysql時，是否是要先編寫deployment、services、ingress、pv、pvc、configmap等文件，固然我也能夠把它們編寫到一個文件，而後執行kubectl apply -f mysql.yml，而helm怎麼安裝mysql了？ helm install mysql repo/mysql便可，如歌就這麼理解了helm，其實還不對，由於你執行helm install時，helm怎麼知道mysql的版本、要映射的端口、要配置的域名等，這些仍是須要你去寫helm格式的配置文件，這些文件的內容甚至比kubectl apply的文件還要多，因此那helm到底有哪些好處了？
我再舉個例子，若是咱們不一樣的項目也須要mysql時，咱們是否是複製一下上面的mysql.yml而後修改一下里面的內容。好比service/ingress/pv/pvc等，如何有更新的項目，咱們是否是繼續複製修改複製修改，而helm了？helm只需編寫一個helm模板的配置文件，而後多個項目應用部署時，只須要項目本身的參數便可。模板功能方便了咱們部署k8s服務，這纔是咱們須要helm的地方，helm具體如何使用，咱們繼續看下面的內容。

安裝Helm

下載連接，https://github.com/helm/helm/releases ，下載完後，解壓便可

本文檔是將helm安裝在k8s主機
# tar -zxvf helm-v3.2.1-linux-amd64.tar.gz
# cp linux-amd64/helm /usr/local/bin/
# helm version
version.BuildInfo{Version:"v3.2.1", GitCommit:"fe51cd1e31e6a202cba7dead9552a6d418ded79a", GitTreeState:"clean", GoVersion:"go1.13.10"}

Helm基本架構

這裏的kube-config就是鏈接kube-apiserver的配置信息。個人helm安裝在k8s主機且是root帳戶，因此我不用再配置kube-config，下面是helm配置文件和鏈接kube-apiserver配置文件相關說明，helm --help能夠看到

Environment variables:

| Name                               | Description                                                                       |
|------------------------------------|-----------------------------------------------------------------------------------|
| $XDG_CACHE_HOME                    | set an alternative location for storing cached files.                             |
| $XDG_CONFIG_HOME                   | set an alternative location for storing Helm configuration.                       |
| $XDG_DATA_HOME                     | set an alternative location for storing Helm data.                                |
| $HELM_DRIVER                       | set the backend storage driver. Values are: configmap, secret, memory, postgres   |
| $HELM_DRIVER_SQL_CONNECTION_STRING | set the connection string the SQL storage driver should use.                      |
| $HELM_NO_PLUGINS                   | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.                        |
| $KUBECONFIG                        | set an alternative Kubernetes configuration file (default "~/.kube/config")       |

Helm stores configuration based on the XDG base directory specification, so

- cached files are stored in $XDG_CACHE_HOME/helm
- configuration is stored in $XDG_CONFIG_HOME/helm
- data is stored in $XDG_DATA_HOME/helm

By default, the default directories depend on the Operating System. The defaults are listed below:

| Operating System | Cache Path                | Configuration Path             | Data Path               |
|------------------|---------------------------|--------------------------------|-------------------------|
| Linux            | $HOME/.cache/helm         | $HOME/.config/helm             | $HOME/.local/share/helm |
| macOS            | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm      |
| Windows          | %TEMP%\helm               | %APPDATA%\helm                 | %APPDATA%\helm          |

使用helm部署mysql

咱們先使用外部倉庫定義的Charts來安裝一個mysql開始，逐步揭開helm的面紗。

添加倉庫

# helm repo add stable http://mirror.azure.cn/kubernetes/charts
# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts 
# helm repo list
NAME   	URL                                                   
elastic	https://helm.elastic.co                               
stable 	http://mirror.azure.cn/kubernetes/charts              
aliyun 	https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

查找charts

# helm search repo mysql
NAME                            	CHART VERSION	APP VERSION	DESCRIPTION                                       
aliyun/mysql                    	0.3.5        	           	Fast, reliable, scalable, and easy to use open-...
stable/mysql                    	1.6.3        	5.7.28     	Fast, reliable, scalable, and easy to use open-...
stable/mysqldump                	2.6.0        	2.4.1      	A Helm chart to help backup MySQL databases usi...
...

安裝mysql

# helm install aliyun aliyun/mysql
Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Deployment" in version "extensions/v1beta1"

竟然報錯了，deploument不支持的版本
把charts下載下來，看看裏面的內容

# helm pull aliyun/mysql
# tar -zxvf mysql-0.3.5.tgz
# more mysql/templates/deployment.yaml 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
...（省略輸出）
# kubectl api-resources
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND
deployments                       deploy       apps                           true         Deployment

這個說明deployment只支持apps的版本（沒找到官方說明論證），這也就是外部倉庫的charts不必定會及時更新，咱們拿來不必定可以直接使用，下面我改成安裝stable/mysql。

# helm install db stable/mysql
NAME: db
LAST DEPLOYED: Sun May 17 17:03:59 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
db-mysql.default.svc.cluster.local

To get your root password run:

    MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default db-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)

To connect to your database:

1. Run an Ubuntu pod that you can use as a client:

    kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il

2. Install the mysql client:

    $ apt-get update && apt-get install mysql-client -y

3. Connect using the mysql cli, then provide your password:
    $ mysql -h db-mysql -p

To connect to your database directly from outside the K8s cluster:
    MYSQL_HOST=127.0.0.1
    MYSQL_PORT=3306

    # Execute the following command to route the connection:
    kubectl port-forward svc/db-mysql 3306

    mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}

查看安裝

# helm list
NAME	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART      	APP VERSION
db  	default  	1       	2020-05-17 17:03:59.299616407 +0800 CST	deployed	mysql-1.6.3	5.7.28
# kubectl get pod
NAME                          READY   STATUS             RESTARTS   AGE
db-mysql-8564f79ccb-gg9tw     0/1     Pending            0          100s

pending狀態，咱們再繼續查看狀態，下面省略部分輸出

# kubectl describe pod db-mysql-8564f79ccb-gg9tw
Name:           db-mysql-8564f79ccb-gg9tw
Namespace:      default
Priority:       0
Node:           <none>
Labels:         app=db-mysql
                pod-template-hash=8564f79ccb
                release=db
Annotations:    <none>
Status:         Pending

Conditions:
  Type           Status
  PodScheduled   False 
Volumes:
  data:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  db-mysql
    ReadOnly:   false
  default-token-plkbj:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-plkbj
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason            Age        From               Message
  ----     ------            ----       ----               -------
  Warning  FailedScheduling  <unknown>  default-scheduler  pod has unbound immediate PersistentVolumeClaims (repeated 2 times)
  Warning  FailedScheduling  <unknown>  default-scheduler  pod has unbound immediate PersistentVolumeClaims (repeated 2 times)

建立pvc失敗，查看pvc

# kubectl get pvc
NAME                       STATUS    VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
db-mysql                   Pending                                                     3m32s
# kubectl get pvc/db-mysql -o yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    meta.helm.sh/release-name: db
    meta.helm.sh/release-namespace: default
  creationTimestamp: "2020-05-17T09:03:59Z"
  finalizers:
  - kubernetes.io/pvc-protection
  labels:
    app: db-mysql
    app.kubernetes.io/managed-by: Helm
    chart: mysql-1.6.3
    heritage: Helm
    release: db
  name: db-mysql
  namespace: default
  resourceVersion: "14924757"
  selfLink: /api/v1/namespaces/default/persistentvolumeclaims/db-mysql
  uid: a7b438a3-9513-410d-ae8c-6cbb083fcc1e
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi
  volumeMode: Filesystem
status:
  phase: Pending

須要8G的PV，那我建立PV，

# cat pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: dbdata       # 修改PV名稱
spec:
  capacity:
    storage: 8Gi   # 修改大小
  accessModes:
    - ReadWriteOnce
  nfs:
    path: /data/nfs/dbdata   # 修改目錄名
    server: x.x.x.x

# kubectl apply -f pv.yml

再查看安裝

# kubectl get pvc
NAME                       STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
db-mysql                   Bound    dbdata   8Gi        RWO                           6m8s
# kubectl get pod (安裝須要必定的時間，能夠經過下面的命令查看狀態)
# kubectl describe pod db-mysql-8564f79ccb-gg9tw
# kubectl logs db-mysql-8564f79ccb-gg9tw

# kubectl get pod
NAME                          READY   STATUS             RESTARTS   AGE
db-mysql-8564f79ccb-gg9tw     1/1     Running            0          9m43s

直接進入容器，查看mysql可使用

# 查看mysql密碼
# kubectl get secret --namespace default db-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
# kubectl exec -it db-mysql-8564f79ccb-gg9tw bash
# mysql -uroot -p

幾個概念

經過上面的安裝，咱們須要瞭解下面幾個概念

名字	描述
Charts	應用部署配置模板集
Release	將charts應用到本地的實例
Repo	Charts倉庫

Helm命令解析

命令	描述
create	建立應用模板
install	安裝charts
list	列出本地release
pull	下載charts到本地目錄
package	將chart目錄打包爲chart歸檔包
show	查看cahrts內容
uninstall	卸載release
upgrade	更新releasr
version	查看helm版本號

Chart模板

可參考 https://helm.sh/docs/chart_template_guide/

# helm create nginx
# tree .
.
├── charts
├── Chart.yaml
├── templates
│   ├── deployment.yaml
│   ├── _helpers.tpl
│   ├── hpa.yaml
│   ├── ingress.yaml
│   ├── NOTES.txt
│   ├── serviceaccount.yaml
│   ├── service.yaml
│   └── tests
│       └── test-connection.yaml
└── values.yaml

3 directories, 10 files

編寫中...

使用Harbor做爲Helm Cahrts倉庫

# helm package nginx/
Successfully packaged chart and saved it to: /root/nginx-0.1.0.tgz

# ll
total 8
drwxr-xr-x 4 root root 4096 May 17 19:10 nginx
-rw-r--r-- 1 root root 3572 May 17 21:38 nginx-0.1.0.tgz

# tar -tvf nginx-0.1.0.tgz 
-rw-r--r-- 0/0             120 2020-05-17 21:38 nginx/Chart.yaml
-rw-r--r-- 0/0            1798 2020-05-17 21:38 nginx/values.yaml
-rw-r--r-- 0/0            1573 2020-05-17 21:38 nginx/templates/NOTES.txt
-rw-r--r-- 0/0            1800 2020-05-17 21:38 nginx/templates/_helpers.tpl
-rw-r--r-- 0/0            1818 2020-05-17 21:38 nginx/templates/deployment.yaml
-rw-r--r-- 0/0             902 2020-05-17 21:38 nginx/templates/hpa.yaml
-rw-r--r-- 0/0            1048 2020-05-17 21:38 nginx/templates/ingress.yaml
-rw-r--r-- 0/0             355 2020-05-17 21:38 nginx/templates/service.yaml
-rw-r--r-- 0/0             316 2020-05-17 21:38 nginx/templates/serviceaccount.yaml
-rw-r--r-- 0/0             381 2020-05-17 21:38 nginx/templates/tests/test-connection.yaml
-rw-r--r-- 0/0             349 2020-05-17 21:38 nginx/.helmignore

咱們的Harbor須要在安裝的時候指定安裝Helm模塊，helm也須要安裝push插件。 編寫中...