Kubernets包管理工具—>Helm
什麼是Helm?
我們都知道,Linux系統各發行版都有自己的包管理工具,比如Centos的YUM,再如Ubuntu的APT。
Kubernetes也有自己的叢集包管理工具,那就是Helm。
Helm本質就是讓K8S的應用管理(Deployment,Service等)可配置,能動態生成。通過動態生成K8S資源清單檔案(deployment.yaml,service.yaml),然後呼叫kubectl自動執行K8S部署。
Helm有兩個重要的概念,chart 和 release
- chart 是建立一個應用的資訊集合,包括各種Kubernetes物件的配置模板、引數定義、依賴關係和文件說明等,chart是應用部署的自包含邏輯單元。可以將 chart 想象成apt、yum中的軟體安裝包。
- release 是chart的執行例項,代表了一個正在執行的應用,當chart被安裝到kubernetes叢集,就生成一個release,chart能夠多次安裝到同一個叢集,每次安裝都是一個release。
Helm包含兩個元件,Helm 客戶端和 Tiller 伺服器
- Helm客戶端負責chart和release的建立和管理,以及和Tiller的互動。
- Tiller服務執行在 Kubernetes 叢集中,它會處理Helm客戶端的請求,與 Kubernetes API Server 互動
Helm 部署
越來越多的公司開始使用Helm這個Kubernetes包管理工具,Helm的安裝也十分簡單,下載 helm 命令列工具到Master節點即可,以下示例安裝為 Helm v2.16.10 版本,包下載地址: https://github.com/helm/helm/releases
[root@Centos8 heml]# wget https://get.helm.sh/helm-v2.16.10-linux-amd64.tar.gz [root@Centos8 heml]# tar zxvf helm-v2.16.10-linux-amd64.tar.gz -C /usr/local/ [root@Centos8 heml]# cd /usr/local/linux-amd64/ [root@Centos8 linux-amd64]# ln -s `pwd`/helm /usr/local/bin/
以上Helm命令安裝完成,官方文件: https://helm.sh/docs/intro/install/#helm
為了安裝tiller,還需要在這臺機器上配置好kubectl工具和kubeconfig檔案,確保kubectl工具可以在這臺機器訪問apiserver且正常使用。
因為Kubernetes ApiServer開啟了RBAC訪問控制,所以需要建立tiller使用的 service account:tiller並分配合適的角色給它。這裡簡單起見直接分配cluster-admin這個叢集內建的CluserRole給它。建立rbac-config.yaml檔案:
vim rbac-config.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tiller subjects: - kind: ServiceAccount name: tiller namespace: kube-system roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io
[root@Centos8 rbac]# kubectl create -f rbac-config.yaml serviceaccount/tiller created clusterrolebinding.rbac.authorization.k8s.io/tiller created
在K8S叢集中初始化helm
[root@Centos8 rbac]# helm init --service-account tiller --skip-refresh Creating /root/.helm Creating /root/.helm/repository Creating /root/.helm/repository/cache Creating /root/.helm/repository/local Creating /root/.helm/plugins Creating /root/.helm/starters Creating /root/.helm/cache/archive Creating /root/.helm/repository/repositories.yaml Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com Adding local repo with URL: http://127.0.0.1:8879/charts $HELM_HOME has been configured at /root/.helm. Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster. Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy. To prevent this, run `helm init` with the --tiller-tls-verify flag. For more information on securing your installation see: https://v2.helm.sh/docs/securing_installation/
[root@Centos8 rbac]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE tiller-deploy-8487d94bcf-nfc74 0/1 ContainerCreating 0 98s [root@Centos8 ~]# kubectl describe pod tiller-deploy-8487d94bcf-nfc74 -n kube-system Back-off pulling image "gcr.io/kubernetes-helm/tiller:v2.16.10"
會發現tiller的Pod Running不起來,是因為匯入映象失敗,因為網路的原因訪問gcr.io訪問不到,於是到docker hub中查詢此image,發現確實有相同的image,pull過來改個名即可。
[root@Centos8 ~]# docker pull jessestuart/tiller:v2.16.10 Status: Downloaded newer image for jessestuart/tiller:v2.16.10 docker.io/jessestuart/tiller:v2.16.10 docker tag jessestuart/tiller:v2.16.10 gcr.io/kubernetes-helm/tiller:v2.16.10
然後傳輸到每一個node節點上:
[root@Centos8 ~]# docker save gcr.io/kubernetes-helm/tiller -o /usr/local/install-k8s/heml/tiller.tgz [root@Centos8 ~]# scp /usr/local/install-k8s/heml/tiller.tgz 192.168.152.253:/usr/local/install-k8s/
node節點接收到後,再匯入成image即可:
[root@TestCentos7 install-k8s]# docker load < tiller.tgz Loaded image: gcr.io/kubernetes-helm/tiller:v2.16.10
再次檢視tiller Pod的狀態,已經變為Running:
[root@Centos8 ~]# kubectl get pod -n kube-system tiller-deploy-8487d94bcf-nfc74 1/1 Running 0 1h
Helm的使用
Helm的使用與yum、apt等工具如出一轍,可以事先去helm hub中尋找想要安裝的工具或應用:https://hub.helm.sh/,其頁面會有具體的安裝方法及步驟。
以安裝redis為例:https://hub.helm.sh/charts/choerodon/redis
1、先新增redis的repo源
helm repo add choerodon https://openchart.choerodon.com.cn/choerodon/c7n "choerodon" has been added to your repositories
2、更新一下helm repo
[root@Centos8 ~]# helm repo update Hang tight while we grab the latest from your chart repositories... ...Skip local chart repository ...Successfully got an update from the "choerodon" chart repository ...Successfully got an update from the "stable" chart repository Update Complete.
3、開始安裝
[root@Centos8 ~]# helm install choerodon/redis --version 0.2.5 NAME: exhaling-yak LAST DEPLOYED: Sun Sep 6 22:57:51 2020 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/ConfigMap NAME DATA AGE exhaling-yak-cm 1 0s ==> v1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE exhaling-yak 0/1 0 0 0s ==> v1/Pod(related)
4、可以看到,在default名稱空間生成了ConfigMap、Deployment和Pod
[root@Centos8 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE exhaling-yak-cdc8cf8f9-xqtk9 0/1 ImagePullBackOff 0 40s [root@Centos8 ~]# kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE exhaling-yak 0/1 1 0 85s [root@Centos8 ~]# kubectl get cm NAME DATA AGE exhaling-yak-cm 1 109s
Pod ImagePullBackOff 的原因是redis映象沒匯入成功,再自行pull即可
3、Helm常用命令,大家可以通過 helm --help 進行了解
Helm自定義模板
以上拉取的都是別人自定義好的模板,自己也可以做一些模板上傳或者收藏起來。在此測試建立hello-world模板
1.建立好模板所有檔案所放置的目錄
mkdir charts cd charts/ mkdir templates # 必須建立一個名字為 templates 的目錄
2.編輯Chart.yaml
vim Chart.yaml # 必須建立一個名為 Chart.yaml 的檔案,並指定 name 和 version 兩個key的值
name: hello-world version: 1.0.0
3.在 templates 目錄下建立 deployment 及 service
vim templates/deployments.yaml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: hello-world spec: replicas: 1 template: metadata: labels: app: hello-world spec: containers: - name: hello-world image: nginx:1.2.1 imagePullPolicy: IfNotPresent ports: - containerPort: 80
vim services.yaml
apiVersion: v1 kind: Service metadata: name: hello-world spec: type: NodePort ports: - port: 80 containerPort: 80 nodePort: 30001 selector: app: hello-world
此時整體目錄結構為:
[root@Centos8 charts]# tree
.
├── Chart.yaml
└── templates
├── deployments.yaml
└── services.yaml
4.安裝此自定義chart
[root@Centos8 charts]# helm install . NAME: wishing-badger LAST DEPLOYED: Mon Sep 7 20:55:42 2020 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE hello-world-767c98894d-7lrzt 0/1 ContainerCreating 0 1s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-world NodePort 10.100.108.217 <none> 80:30001/TCP 0s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE hello-world 0/1 1 0 0s
檢視Pod、Deployment、Service
[root@Centos8 charts]# kubectl get pod NAME READY STATUS RESTARTS AGE hello-world-767c98894d-7lrzt 1/1 Running 0 67s [root@Centos8 charts]# kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE hello-world 1/1 1 1 78s [root@Centos8 charts]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-world NodePort 10.100.108.217 <none> 80:30001/TCP 81s
Helm常用命令及用法
1.更新映象
第一種:手動更新
進入 deployments.yaml 修改 image 行,然後helm upgrade
vim templates/deployments.yaml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: hello-world spec: replicas: 1 template: metadata: labels: app: hello-world spec: containers: - name: hello-world image: hub.vfancloud.com/test/myapp imagePullPolicy: IfNotPresent ports: - containerPort: 80
[root@Centos8 charts]# helm upgrade wishing-badger . Release "wishing-badger" has been upgraded. LAST DEPLOYED: Mon Sep 7 21:07:04 2020 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE hello-world-7466c45989-cxnps 0/1 Terminating 0 69s hello-world-864f865db8-zjt79 0/1 ContainerCreating 0 0s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-world NodePort 10.100.108.217 <none> 80:30001/TCP 11m ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE hello-world 0/1 1 0 11m
檢視index.html,版本為v1
[root@Centos8 charts]# curl http://10.100.108.217 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
第二種:變數更新
建立一個變數檔案 values.yaml,儲存 image 及 tag
vim values.yaml
image: repository: hub.vfancloud.com/test/myapp tag: 'v2'
vim templates/deployments.yaml # 將 image 欄位更改為以上檔案的變數
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: hello-world spec: replicas: 1 template: metadata: labels: app: hello-world spec: containers: - name: hello-world image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: IfNotPresent ports: - containerPort: 80
開始更新
[root@Centos8 charts]# helm upgrade wishing-badger . Release "wishing-badger" has been upgraded. LAST DEPLOYED: Mon Sep 7 21:17:31 2020 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE hello-world-5759c969fc-w9s88 0/1 ContainerCreating 0 0s hello-world-864f865db8-zjt79 1/1 Terminating 0 10m ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-world NodePort 10.100.108.217 <none> 80:30001/TCP 21m ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE hello-world 1/1 1 1 21m
檢視index.html,版本為v2
[root@Centos8 charts]# curl http://10.100.108.217 Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
或者通過命令列直接修改 image 的 tag 標籤,來更新映象版本
[root@Centos8 charts]# helm upgrade wishing-badger --set image.tag='v3' . Release "wishing-badger" has been upgraded. LAST DEPLOYED: Mon Sep 7 21:27:04 2020 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE hello-world-5759c969fc-w9s88 1/1 Terminating 0 9m33s hello-world-6454b8dcc8-pjgk9 0/1 ContainerCreating 0 0s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-world NodePort 10.100.108.217 <none> 80:30001/TCP 31m ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE hello-world 0/1 1 0 31m
檢視index.html,已經更新為v3
[root@Centos8 charts]# curl http://10.100.108.217 Hello MyApp | Version: v3 | <a href="hostname.html">Pod Name</a>
2.檢視release歷史版本
[root@Centos8 charts]# helm history wishing-badger REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Mon Sep 7 20:55:42 2020 SUPERSEDED hello-world-1.0.0 Install complete 2 Mon Sep 7 21:07:04 2020 DEPLOYED hello-world-1.0.0 Upgrade complete
3.刪除release
[root@Centos8 charts]# helm delete wishing-badger release "wishing-badger" deleted
以上命令提示此 release 刪除,但其實並沒有完全“刪除”,而是將它放回了“回收站”
原因是怕你將來有一天想要回滾,“回收站”檢視方法:
[root@Centos8 charts]# helm list --deleted NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE wishing-badger 5 Mon Sep 7 21:27:04 2020 DELETED hello-world-1.0.0 default
如果想要徹徹底底的刪除,在執行 delete 時加上 --purge 即可
4.回滾release
helm rollback [name] [版本]
[root@Centos8 charts]# helm rollback wishing-badger 2 Rollback was a success.
將 wishing-badger 回滾到第二個版本
檢視index.html,已回退到第二個版本,version 為 v1
[root@Centos8 charts]# curl http://10.109.145.22 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>