容器編排系統K8s之包管理器Helm基礎使用

1874發表於2021-01-21

  前文我們瞭解了k8s上的hpa資源的使用,回顧請參考:https://www.cnblogs.com/qiuhom-1874/p/14293237.html;今天我們來聊一下k8s包管理器helm的相關話題;

  helm是什麼?

  如果我們把k8s的資源清單類比成centos上的rpm包,那麼helm的作用就如同yum;簡單講helm就是類似yum這樣的包管理器,它能夠讓我們在k8s上部署應用變得簡單,我們需要部署某些應用到k8s上,我們直接使用helm就可以完成一鍵部署;有了helm工具,我們甚至都不需要再寫什麼資源清單了;對於helm來說,它只是把對應應用需要的資源清單通過模板引擎,將對應資模板源清單賦值以後,傳送給k8s進行應用,從而實現把應用部署到k8s上;我們把部署到k8s上的應用稱為release;即把模板資源清單通過模板引擎渲染以後,部署到k8s上的就稱為一個release;模板檔案是從哪裡來呢?如同rpm倉庫,這裡的模板檔案也是從倉庫來,簡單講helm倉庫就是用來存放各種應用的模板清單打包檔案,我們把這個打包檔案稱為chart,即helm倉庫也叫chart倉庫,主要用來存放各種應用的打包檔案;一個打包檔案最主要的有chart.yaml,README.md,templates目錄,values.yaml;其中chart.yaml檔案主要用來對應應用的後設資料資訊;README.md主要是用來自述該chart怎麼使用,部署等等說明;templates目錄使用來存放各種資源模板檔案;templates目錄中有一個比較重要的檔案NOTES.txt,該檔案也是一個模板檔案,主要作用是把對應chart安裝成功的資訊通過模板引擎渲染以後輸出給使用者,告訴使用者如何使用對應chart;vlues.yaml檔案主要用來存放該chart的模板的預設值,使用者不指定,其內部模板中的值就是對應values.yaml的值;正是因為chart中存放的都是模板資源清單,使得使用者可以自定義value.yaml檔案,通過指定自定義value.yaml來實現自定義chart的目的;

  helm的工具安裝

  helm 2的部署稍微有點麻煩,早期helm2是由兩個元件組成,第一個是命令列工具helm,第二個是k8s上的tiller Pod;tiller是服務端,主要接受helm傳送到chart,然後由tiller聯絡apiserver進行對應chart的部署;現在helm的版本是3.0+,對於之前helm2的方式,helm3進行了簡化,即helm不再依賴tiller這個元件,它可以直接同apiserver進行互動,將對應chart部署到k8s上;使用helm3的前提是對應主機能夠正常連線k8s的apiserver,並且對應主機上有kubectl命令,即對應主機必須能使用kubectl命令來管理對應k8s叢集;這其中的原因是helm它會使用kubectl工具的認證資訊到apiserver進行互動;

  一、helm3的安裝

  下載二進位制包

[root@master01 ~]# mkdir helm
[root@master01 ~]# cd helm/
[root@master01 helm]# wget https://get.helm.sh/helm-v3.5.0-linux-amd64.tar.gz
--2021-01-20 21:10:33--  https://get.helm.sh/helm-v3.5.0-linux-amd64.tar.gz
Resolving get.helm.sh (get.helm.sh)... 152.195.19.97, 2606:2800:11f:1cb7:261b:1f9c:2074:3c
Connecting to get.helm.sh (get.helm.sh)|152.195.19.97|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12327633 (12M) [application/x-tar]
Saving to: ‘helm-v3.5.0-linux-amd64.tar.gz’

100%[==================================================================================================================================>] 12,327,633  9.17MB/s   in 1.3s   

2021-01-20 21:10:35 (9.17 MB/s) - ‘helm-v3.5.0-linux-amd64.tar.gz’ saved [12327633/12327633]
[root@master01 helm]#ls
helm-v3.5.0-linux-amd64.tar.gz
[root@master01 helm]

  解壓包

[root@master01 helm]# tar xf helm-v3.5.0-linux-amd64.tar.gz 
[root@master01 helm]# ls
helm-v3.5.0-linux-amd64.tar.gz  linux-amd64
[root@master01 helm]# cd linux-amd64/
[root@master01 linux-amd64]# ls
helm  LICENSE  README.md
[root@master01 linux-amd64]# 

  複製helm二進位制檔案到path環境變數目錄下

[root@master01 linux-amd64]# cp helm /usr/bin/
[root@master01 linux-amd64]# hel
helm  help  
[root@master01 linux-amd64]# hel

  二、helm的使用

  檢視helm版本

[root@master01 ~]# helm version
version.BuildInfo{Version:"v3.5.0", GitCommit:"32c22239423b3b4ba6706d450bd044baffdcf9e6", GitTreeState:"clean", GoVersion:"go1.15.6"}
[root@master01 ~]# 

  檢視helm幫助

[root@master01 ~]# helm -h
The Kubernetes package manager

Common actions for Helm:

- helm search:    search for charts
- helm pull:      download a chart to your local directory to view
- helm install:   upload the chart to Kubernetes
- helm list:      list releases of charts

Environment variables:

| Name                               | Description                                                                       |
|------------------------------------|-----------------------------------------------------------------------------------|
| $HELM_CACHE_HOME                   | set an alternative location for storing cached files.                             |
| $HELM_CONFIG_HOME                  | set an alternative location for storing Helm configuration.                       |
| $HELM_DATA_HOME                    | set an alternative location for storing Helm data.                                |
| $HELM_DEBUG                        | indicate whether or not Helm is running in Debug mode                             |
| $HELM_DRIVER                       | set the backend storage driver. Values are: configmap, secret, memory, postgres   |
| $HELM_DRIVER_SQL_CONNECTION_STRING | set the connection string the SQL storage driver should use.                      |
| $HELM_MAX_HISTORY                  | set the maximum number of helm release history.                                   |
| $HELM_NAMESPACE                    | set the namespace used for the helm operations.                                   |
| $HELM_NO_PLUGINS                   | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.                        |
| $HELM_PLUGINS                      | set the path to the plugins directory                                             |
| $HELM_REGISTRY_CONFIG              | set the path to the registry config file.                                         |
| $HELM_REPOSITORY_CACHE             | set the path to the repository cache directory                                    |
| $HELM_REPOSITORY_CONFIG            | set the path to the repositories file.                                            |
| $KUBECONFIG                        | set an alternative Kubernetes configuration file (default "~/.kube/config")       |
| $HELM_KUBEAPISERVER                | set the Kubernetes API Server Endpoint for authentication                         |
| $HELM_KUBECAFILE                   | set the Kubernetes certificate authority file.                                    |
| $HELM_KUBEASGROUPS                 | set the Groups to use for impersonation using a comma-separated list.             |
| $HELM_KUBEASUSER                   | set the Username to impersonate for the operation.                                |
| $HELM_KUBECONTEXT                  | set the name of the kubeconfig context.                                           |
| $HELM_KUBETOKEN                    | set the Bearer KubeToken used for authentication.                                 |

Helm stores cache, configuration, and data based on the following configuration order:

- If a HELM_*_HOME environment variable is set, it will be used
- Otherwise, on systems supporting the XDG base directory specification, the XDG variables will be used
- When no other location is set a default location will be used based on the operating system

By default, the default directories depend on the Operating System. The defaults are listed below:

| Operating System | Cache Path                | Configuration Path             | Data Path               |
|------------------|---------------------------|--------------------------------|-------------------------|
| Linux            | $HOME/.cache/helm         | $HOME/.config/helm             | $HOME/.local/share/helm |
| macOS            | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm      |
| Windows          | %TEMP%\helm               | %APPDATA%\helm                 | %APPDATA%\helm          |

Usage:
  helm [command]

Available Commands:
  completion  generate autocompletion scripts for the specified shell
  create      create a new chart with the given name
  dependency  manage a chart's dependencies
  env         helm client environment information
  get         download extended information of a named release
  help        Help about any command
  history     fetch release history
  install     install a chart
  lint        examine a chart for possible issues
  list        list releases
  package     package a chart directory into a chart archive
  plugin      install, list, or uninstall Helm plugins
  pull        download a chart from a repository and (optionally) unpack it in local directory
  repo        add, list, remove, update, and index chart repositories
  rollback    roll back a release to a previous revision
  search      search for a keyword in charts
  show        show information of a chart
  status      display the status of the named release
  template    locally render templates
  test        run tests for a release
  uninstall   uninstall a release
  upgrade     upgrade a release
  verify      verify that a chart at the given path has been signed and is valid
  version     print the client version information

Flags:
      --debug                       enable verbose output
  -h, --help                        help for helm
      --kube-apiserver string       the address and the port for the Kubernetes API server
      --kube-as-group stringArray   group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --kube-as-user string         username to impersonate for the operation
      --kube-ca-file string         the certificate authority file for the Kubernetes API server connection
      --kube-context string         name of the kubeconfig context to use
      --kube-token string           bearer token used for authentication
      --kubeconfig string           path to the kubeconfig file
  -n, --namespace string            namespace scope for this request
      --registry-config string      path to the registry config file (default "/root/.config/helm/registry.json")
      --repository-cache string     path to the file containing cached repository indexes (default "/root/.cache/helm/repository")
      --repository-config string    path to the file containing repository names and URLs (default "/root/.config/helm/repositories.yaml")

Use "helm [command] --help" for more information about a command.
[root@master01 ~]# 

  檢視倉庫列表

[root@master01 ~]# helm repo -h

This command consists of multiple subcommands to interact with chart repositories.

It can be used to add, remove, list, and index chart repositories.

Usage:
  helm repo [command]

Available Commands:
  add         add a chart repository
  index       generate an index file given a directory containing packaged charts
  list        list chart repositories
  remove      remove one or more chart repositories
  update      update information of available charts locally from chart repositories

Flags:
  -h, --help   help for repo

Global Flags:
      --debug                       enable verbose output
      --kube-apiserver string       the address and the port for the Kubernetes API server
      --kube-as-group stringArray   group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --kube-as-user string         username to impersonate for the operation
      --kube-ca-file string         the certificate authority file for the Kubernetes API server connection
      --kube-context string         name of the kubeconfig context to use
      --kube-token string           bearer token used for authentication
      --kubeconfig string           path to the kubeconfig file
  -n, --namespace string            namespace scope for this request
      --registry-config string      path to the registry config file (default "/root/.config/helm/registry.json")
      --repository-cache string     path to the file containing cached repository indexes (default "/root/.cache/helm/repository")
      --repository-config string    path to the file containing repository names and URLs (default "/root/.config/helm/repositories.yaml")

Use "helm repo [command] --help" for more information about a command.
[root@master01 ~]# helm repo list
Error: no repositories to show
[root@master01 ~]# 

  提示:這裡提示我們沒有倉庫;

  新增倉庫

[root@master01 ~]# helm repo add stable https://charts.helm.sh/stable
"stable" has been added to your repositories
[root@master01 ~]# helm repo list
NAME    URL                          
stable  https://charts.helm.sh/stable
[root@master01 ~]# 

  提示:新增倉庫需要連線到對應倉庫,如果你的伺服器無法正常連線到對應倉庫,請使用代理,具體代理方式就是在對應shell終端使用HTTPS_PROXY環境變數賦予一個可以用的代理地址;如HTTPS_PROXY="http://www.ik8s.io:10080",使用代理環境變數的同時需要注意把對應不需要代理的地址給出來,比如本地地址不需要代理可以使用NO_PROXY="127.0.0.0/8,192.168.0.0/24";否則我們使用kubectl它都會代理到我們給定的代理地址上;

  搜尋chart

  提示:helm search repo表示列出已經新增的倉庫中所有chart;

  在倉庫中搜尋redis

[root@master01 ~]# helm search repo redis
NAME                                    CHART VERSION   APP VERSION     DESCRIPTION                                       
stable/prometheus-redis-exporter        3.5.1           1.3.4           DEPRECATED Prometheus exporter for Redis metrics  
stable/redis                            10.5.7          5.0.7           DEPRECATED Open source, advanced key-value stor...
stable/redis-ha                         4.4.6           5.0.6           DEPRECATED - Highly available Kubernetes implem...
stable/sensu                            0.2.5           0.28            DEPRECATED Sensu monitoring framework backed by...
[root@master01 ~]# 

  安裝stable/redis

[root@master01 ~]# helm install redis-demo stable/redis
WARNING: This chart is deprecated
NAME: redis-demo
LAST DEPLOYED: Wed Jan 20 22:27:18 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
This Helm chart is deprecated

Given the `stable` deprecation timeline (https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained Redis Helm chart is now located at bitnami/charts (https://github.com/bitnami/charts/).

The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/<chart>` instead of `stable/<chart>`)

```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/<chart>           # Helm 3
$ helm install --name my-release bitnami/<chart>    # Helm 2
```

To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute
 ```bash                                                                                                                                                                                                                                                                                                                                                                    $ helm
 repo add bitnami https://charts.bitnami.com/bitnami
  $ helm upgrade my-release bitnami/<chart>
  ```

  Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in this issue (https://github.com/helm/charts/issues/20969) created as a common place for discussion.

** Please be patient while the chart is being deployed **
Redis can be accessed via port 6379 on the following DNS names from within your cluster:

redis-demo-master.default.svc.cluster.local for read/write operations
redis-demo-slave.default.svc.cluster.local for read-only operations


To get your password run:

    export REDIS_PASSWORD=$(kubectl get secret --namespace default redis-demo -o jsonpath="{.data.redis-password}" | base64 --decode)

To connect to your Redis server:

1. Run a Redis pod that you can use as a client:

   kubectl run --namespace default redis-demo-client --rm --tty -i --restart='Never' \
    --env REDIS_PASSWORD=$REDIS_PASSWORD \
   --image docker.io/bitnami/redis:5.0.7-debian-10-r32 -- bash

2. Connect using the Redis CLI:
   redis-cli -h redis-demo-master -a $REDIS_PASSWORD
   redis-cli -h redis-demo-slave -a $REDIS_PASSWORD

To connect to your database from outside the cluster execute the following commands:

    kubectl port-forward --namespace default svc/redis-demo-master 6379:6379 &
    redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_PASSWORD
[root@master01 ~]#

  檢視release

[root@master01 ~]# helm list
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSION
redis-demo      default         1               2021-01-20 22:27:18.635916075 +0800 CST deployed        redis-10.5.7    5.0.7      
[root@master01 ~]# 

  驗證:用kubectl工具檢視k8s叢集上對應的redis-demo 是否執行?

[root@master01 ~]# kubectl get pods
NAME                       READY   STATUS    RESTARTS   AGE
myapp-779867bcfc-57zw7     1/1     Running   1          2d7h
myapp-779867bcfc-657qr     1/1     Running   1          2d7h
podinfo-56874dc7f8-5rb9q   1/1     Running   1          2d2h
podinfo-56874dc7f8-t6jgn   1/1     Running   1          2d2h
[root@master01 ~]# kubectl get svc
NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kubernetes            ClusterIP   10.96.0.1       <none>        443/TCP          11d
myapp-svc             NodePort    10.111.14.219   <none>        80:31154/TCP     2d7h
podinfo               NodePort    10.111.10.211   <none>        9898:31198/TCP   2d2h
redis-demo-headless   ClusterIP   None            <none>        6379/TCP         18m
redis-demo-master     ClusterIP   10.100.228.32   <none>        6379/TCP         18m
redis-demo-slave      ClusterIP   10.109.46.121   <none>        6379/TCP         18m
[root@master01 ~]# kubectl get sts
NAME                READY   AGE
redis-demo-master   0/1     18m
redis-demo-slave    0/2     18m
[root@master01 ~]# 

  提示:用kubectl工具檢視pod列表,並沒有發現對應pod執行,但是對應的svc和sts都正常建立;

  檢視pod沒有建立的原因

[root@master01 ~]# kubectl describe sts/redis-demo-master|grep -A 10 Events
Events:
  Type     Reason        Age                   From                    Message
  ----     ------        ----                  ----                    -------
  Warning  FailedCreate  14m (x12 over 14m)    statefulset-controller  create Pod redis-demo-master-0 in StatefulSet redis-demo-master failed error: failed to create PVC redis-data-redis-demo-master-0: persistentvolumeclaims "redis-data-redis-demo-master-0" is forbidden: exceeded quota: quota-storage-demo, requested: requests.storage=8Gi, used: requests.storage=0, limited: requests.storage=5Gi
  Warning  FailedCreate  3m40s (x18 over 14m)  statefulset-controller  create Claim redis-data-redis-demo-master-0 for Pod redis-demo-master-0 in StatefulSet redis-demo-master failed error: persistentvolumeclaims "redis-data-redis-demo-master-0" is forbidden: exceeded quota: quota-storage-demo, requested: requests.storage=8Gi, used: requests.storage=0, limited: requests.storage=5Gi
[root@master01 ~]# kubectl describe sts/redis-demo-slave|grep -A 10 Events 
Events:
  Type     Reason        Age                   From                    Message
  ----     ------        ----                  ----                    -------
  Warning  FailedCreate  14m (x12 over 14m)    statefulset-controller  create Pod redis-demo-slave-0 in StatefulSet redis-demo-slave failed error: failed to create PVC redis-data-redis-demo-slave-0: persistentvolumeclaims "redis-data-redis-demo-slave-0" is forbidden: exceeded quota: quota-storage-demo, requested: requests.storage=8Gi, used: requests.storage=0, limited: requests.storage=5Gi
  Warning  FailedCreate  3m41s (x18 over 14m)  statefulset-controller  create Claim redis-data-redis-demo-slave-0 for Pod redis-demo-slave-0 in StatefulSet redis-demo-slave failed error: persistentvolumeclaims "redis-data-redis-demo-slave-0" is forbidden: exceeded quota: quota-storage-demo, requested: requests.storage=8Gi, used: requests.storage=0, limited: requests.storage=5Gi
[root@master01 ~]# 

  提示:這裡提示我們沒有許可權建立,原因是quota-storage-demo禁止了;

  檢視resourcequota准入控制規則

[root@master01 ~]# kubectl get resourcequota
NAME                 AGE   REQUEST                                                                                   LIMIT
quota-storage-demo   19d   persistentvolumeclaims: 0/5, requests.ephemeral-storage: 0/1Gi, requests.storage: 0/5Gi   limits.ephemeral-storage: 0/2Gi
[root@master01 ~]# kubectl describe resourcequota quota-storage-demo
Name:                       quota-storage-demo
Namespace:                  default
Resource                    Used  Hard
--------                    ----  ----
limits.ephemeral-storage    0     2Gi
persistentvolumeclaims      0     5
requests.ephemeral-storage  0     1Gi
requests.storage            0     5Gi
[root@master01 ~]# 

  提示:resourcequota准入控制明確限制了建立pvc最低下限總和是5G,上面建立redis需要8G所以不滿足對應准入控制規則所以建立pvc就被拒絕了,導致pod沒能正常建立;

  解除安裝redis-demo

[root@master01 ~]# helm list
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSION
redis-demo      default         1               2021-01-20 22:27:18.635916075 +0800 CST deployed        redis-10.5.7    5.0.7      
[root@master01 ~]# helm uninstall redis-demo
release "redis-demo" uninstalled
[root@master01 ~]# helm list
NAME    NAMESPACE       REVISION        UPDATED STATUS  CHART   APP VERSION
[root@master01 ~]# 

  刪除resourcequota准入控制

[root@master01 ~]# kubectl get resourcequota                        
NAME                 AGE   REQUEST                                                                                   LIMIT
quota-storage-demo   19d   persistentvolumeclaims: 0/5, requests.ephemeral-storage: 0/1Gi, requests.storage: 0/5Gi   limits.ephemeral-storage: 0/2Gi
[root@master01 ~]# kubectl delete resourcequota/quota-storage-demo
resourcequota "quota-storage-demo" deleted
[root@master01 ~]# kubectl get resourcequota
No resources found in default namespace.
[root@master01 ~]# 

  檢查pv,是否有足量的pv?

[root@master01 ~]# kubectl get pv
NAME        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                                      STORAGECLASS   REASON   AGE
nfs-pv-v1   5Gi        RWO,ROX,RWX    Retain           Bound       kube-system/alertmanager                                           3d22h
nfs-pv-v2   5Gi        RWO,ROX,RWX    Retain           Bound       kube-system/prometheus-data-prometheus-0                           3d22h
nfs-pv-v3   5Gi        RWO,ROX,RWX    Retain           Available                                                                      3d22h
[root@master01 ~]# 

  提示:上述還有一個pv沒有使用,但大小隻有5g不夠redis使用;

  建立pv

[root@master01 ~]# cat pv-demo.yaml 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv-v4
spec:
  capacity:
    storage: 10Gi
  volumeMode: Filesystem
  accessModes: ["ReadWriteOnce","ReadWriteMany","ReadOnlyMany"]
  persistentVolumeReclaimPolicy: Retain
  mountOptions:
  - hard
  - nfsvers=4.1
  nfs:
    path: /data/v4
    server: 192.168.0.99
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv-v5
spec:
  capacity:
    storage: 10Gi
  volumeMode: Filesystem
  accessModes: ["ReadWriteOnce","ReadWriteMany","ReadOnlyMany"]
  persistentVolumeReclaimPolicy: Retain
  mountOptions:
  - hard
  - nfsvers=4.1
  nfs:
    path: /data/v5
    server: 192.168.0.99
---

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv-v6
spec:
  capacity:
    storage: 10Gi
  volumeMode: Filesystem
  accessModes: ["ReadWriteOnce","ReadWriteMany","ReadOnlyMany"]
  persistentVolumeReclaimPolicy: Retain
  mountOptions:
  - hard
  - nfsvers=4.1
  nfs:
    path: /data/v6
    server: 192.168.0.99
[root@master01 ~]# kubectl apply -f pv-demo.yaml
persistentvolume/nfs-pv-v4 created
persistentvolume/nfs-pv-v5 created
persistentvolume/nfs-pv-v6 created
[root@master01 ~]# kubectl get pv
NAME        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                                      STORAGECLASS   REASON   AGE
nfs-pv-v1   5Gi        RWO,ROX,RWX    Retain           Bound       kube-system/alertmanager                                           3d22h
nfs-pv-v2   5Gi        RWO,ROX,RWX    Retain           Bound       kube-system/prometheus-data-prometheus-0                           3d22h
nfs-pv-v3   5Gi        RWO,ROX,RWX    Retain           Available                                                                      3d22h
nfs-pv-v4   10Gi       RWO,ROX,RWX    Retain           Available                                                                      3s
nfs-pv-v5   10Gi       RWO,ROX,RWX    Retain           Available                                                                      3s
nfs-pv-v6   10Gi       RWO,ROX,RWX    Retain           Available                                                                      3s
[root@master01 ~]# 

  重新安裝redis

[root@master01 ~]# helm install redis-demo stable/redis
WARNING: This chart is deprecated
NAME: redis-demo
LAST DEPLOYED: Wed Jan 20 22:54:30 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
This Helm chart is deprecated

Given the `stable` deprecation timeline (https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained Redis Helm chart is now located at bitnami/charts (https://github.com/bitnami/charts/).

The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/<chart>` instead of `stable/<chart>`)

```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/<chart>           # Helm 3
$ helm install --name my-release bitnami/<chart>    # Helm 2
```

To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute
 ```bash                                                                                                                                                                                                                                                                                                                                                                    $ helm
 repo add bitnami https://charts.bitnami.com/bitnami
  $ helm upgrade my-release bitnami/<chart>
  ```

  Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in this issue (https://github.com/helm/charts/issues/20969) created as a common place for discussion.

** Please be patient while the chart is being deployed **
Redis can be accessed via port 6379 on the following DNS names from within your cluster:

redis-demo-master.default.svc.cluster.local for read/write operations
redis-demo-slave.default.svc.cluster.local for read-only operations


To get your password run:

    export REDIS_PASSWORD=$(kubectl get secret --namespace default redis-demo -o jsonpath="{.data.redis-password}" | base64 --decode)

To connect to your Redis server:

1. Run a Redis pod that you can use as a client:

   kubectl run --namespace default redis-demo-client --rm --tty -i --restart='Never' \
    --env REDIS_PASSWORD=$REDIS_PASSWORD \
   --image docker.io/bitnami/redis:5.0.7-debian-10-r32 -- bash

2. Connect using the Redis CLI:
   redis-cli -h redis-demo-master -a $REDIS_PASSWORD
   redis-cli -h redis-demo-slave -a $REDIS_PASSWORD

To connect to your database from outside the cluster execute the following commands:

    kubectl port-forward --namespace default svc/redis-demo-master 6379:6379 &
    redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_PASSWORD
[root@master01 ~]# 

  再次使用kubectl工具檢視對應pod是否正常執行?

[root@master01 ~]# kubectl get pods 
NAME                       READY   STATUS             RESTARTS   AGE
myapp-779867bcfc-57zw7     1/1     Running            1          2d7h
myapp-779867bcfc-657qr     1/1     Running            1          2d7h
podinfo-56874dc7f8-5rb9q   1/1     Running            1          2d2h
podinfo-56874dc7f8-t6jgn   1/1     Running            1          2d2h
redis-demo-master-0        0/1     CrashLoopBackOff   4          2m33s
redis-demo-slave-0         0/1     CrashLoopBackOff   4          2m33s
[root@master01 ~]# kubectl get pvc
NAME                             STATUS   VOLUME      CAPACITY   ACCESS MODES   STORAGECLASS   AGE
redis-data-redis-demo-master-0   Bound    nfs-pv-v4   10Gi       RWO,ROX,RWX                   2m39s
redis-data-redis-demo-slave-0    Bound    nfs-pv-v6   10Gi       RWO,ROX,RWX                   2m39s
[root@master01 ~]#

  提示:這裡pvc自動建立成功,但是對應pod能正常啟動;

  檢視pod詳情

[root@master01 ~]# kubectl describe pod/redis-demo-master-0|grep -A 10 Events
Events:
  Type     Reason     Age                    From               Message
  ----     ------     ----                   ----               -------
  Normal   Scheduled  6m53s                  default-scheduler  Successfully assigned default/redis-demo-master-0 to node01.k8s.org
  Normal   Pulling    6m51s                  kubelet            Pulling image "docker.io/bitnami/redis:5.0.7-debian-10-r32"
  Normal   Pulled     6m33s                  kubelet            Successfully pulled image "docker.io/bitnami/redis:5.0.7-debian-10-r32" in 18.056248477s
  Normal   Started    5m47s (x4 over 6m33s)  kubelet            Started container redis-demo
  Normal   Created    5m1s (x5 over 6m33s)   kubelet            Created container redis-demo
  Normal   Pulled     5m1s (x4 over 6m32s)   kubelet            Container image "docker.io/bitnami/redis:5.0.7-debian-10-r32" already present on machine
  Warning  BackOff    100s (x28 over 6m31s)  kubelet            Back-off restarting failed container
[root@master01 ~]# kubectl describe pod/redis-demo-slave-0|grep -A 10 Events      
Events:
  Type     Reason            Age                    From               Message
  ----     ------            ----                   ----               -------
  Warning  FailedScheduling  6m58s (x2 over 6m58s)  default-scheduler  0/5 nodes are available: 5 pod has unbound immediate PersistentVolumeClaims.
  Normal   Scheduled         6m55s                  default-scheduler  Successfully assigned default/redis-demo-slave-0 to node01.k8s.org
  Normal   Pulling           6m55s                  kubelet            Pulling image "docker.io/bitnami/redis:5.0.7-debian-10-r32"
  Normal   Pulled            6m37s                  kubelet            Successfully pulled image "docker.io/bitnami/redis:5.0.7-debian-10-r32" in 17.603521415s
  Normal   Created           5m12s (x5 over 6m37s)  kubelet            Created container redis-demo
  Normal   Started           5m12s (x5 over 6m37s)  kubelet            Started container redis-demo
  Normal   Pulled            5m12s (x4 over 6m36s)  kubelet            Container image "docker.io/bitnami/redis:5.0.7-debian-10-r32" already present on machine
  Warning  BackOff           106s (x27 over 6m35s)  kubelet            Back-off restarting failed container
[root@master01 ~]# 

  提示:這裡檢視對應pod詳細資訊也沒有明確提示什麼錯誤;總之pod沒能正常執行(估計和對應的映象啟動有關係);通過上述實驗雖然pod沒能正常執行起來,但是helm能夠將對應的chart提交給k8s執行;helm的使命是成功的;

  解除安裝redis-demo,重新找chart安裝試試

  提示:這裡搜尋stable倉庫中的redis,該倉庫中redis的chart都是廢棄的版本;

  刪除倉庫,重新新增倉庫

[root@master01 ~]# helm repo list
NAME    URL                          
stable  https://charts.helm.sh/stable
[root@master01 ~]# helm repo remove stable
"stable" has been removed from your repositories
[root@master01 ~]# helm repo add bitnami https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories
[root@master01 ~]# helm repo list
NAME    URL                               
bitnami https://charts.bitnami.com/bitnami
[root@master01 ~]# 

  搜尋redis chart

[root@master01 ~]# helm search repo redis
NAME                    CHART VERSION   APP VERSION     DESCRIPTION                                       
bitnami/redis           12.6.2          6.0.10          Open source, advanced key-value store. It is of...
bitnami/redis-cluster   4.2.6           6.0.10          Open source, advanced key-value store. It is of...
[root@master01 ~]# 

  安裝bitnami/redis

[root@master01 ~]# helm install redis-demo bitnami/redis
NAME: redis-demo
LAST DEPLOYED: Thu Jan 21 01:58:18 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **
Redis can be accessed via port 6379 on the following DNS names from within your cluster:

redis-demo-master.default.svc.cluster.local for read/write operations
redis-demo-slave.default.svc.cluster.local for read-only operations


To get your password run:

    export REDIS_PASSWORD=$(kubectl get secret --namespace default redis-demo -o jsonpath="{.data.redis-password}" | base64 --decode)

To connect to your Redis(TM) server:

1. Run a Redis(TM) pod that you can use as a client:
   kubectl run --namespace default redis-demo-client --rm --tty -i --restart='Never' \
    --env REDIS_PASSWORD=$REDIS_PASSWORD \
   --image docker.io/bitnami/redis:6.0.10-debian-10-r1 -- bash

2. Connect using the Redis(TM) CLI:
   redis-cli -h redis-demo-master -a $REDIS_PASSWORD
   redis-cli -h redis-demo-slave -a $REDIS_PASSWORD

To connect to your database from outside the cluster execute the following commands:

    kubectl port-forward --namespace default svc/redis-demo-master 6379:6379 &
    redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_PASSWORD
[root@master01 ~]# 

  檢視pod執行情況

  提示:這裡提示我們append-only file 沒有開啟的許可權,說明我們掛載的對應儲存沒有寫許可權;

  在後端儲存上加上寫許可權

  提示:這裡加上寫的許可權對應pod還是沒能正常跑起來;刪除pod試試,看看對應pod重建以後是否會正常執行?

[root@master01 ~]# kubectl delete pod --all
pod "redis-demo-master-0" deleted
pod "redis-demo-slave-0" deleted
[root@master01 ~]# kubectl get pods        
NAME                  READY   STATUS              RESTARTS   AGE
redis-demo-master-0   0/1     ContainerCreating   0          3s
redis-demo-slave-0    0/1     Running             0          3s
[root@master01 ~]# kubectl get pods 
NAME                  READY   STATUS    RESTARTS   AGE
redis-demo-master-0   0/1     Running   0          5s
redis-demo-slave-0    0/1     Running   0          5s
[root@master01 ~]# kubectl get pods 
NAME                  READY   STATUS             RESTARTS   AGE
redis-demo-master-0   1/1     Running            0          62s
redis-demo-slave-0    1/1     Running            0          62s
redis-demo-slave-1    0/1     CrashLoopBackOff   2          26s
[root@master01 ~]# 

  提示:這裡刪除pod以後,新建的pod就能夠正常執行;但是還有一個slave執行失敗,應該是後端儲存沒有寫許可權造成的;

  再次給後端儲存加寫許可權

  提示:可以看到給對應目錄加上寫許可權,對應pod正常啟動了;

  進入redis主從複製叢集

  提示:可以看到在master節點上,能夠看到對應兩個從節點的資訊;

  驗證:在主節點上寫資料,看看對應從節點上是否能夠同步資料?

  提示:可以看到在master端寫資料,slave端能夠正常將對應資料同步過來,在slave端能夠正常對取到對應資料,說明主從複製叢集工作是正常的;

  更新倉庫

[root@master01 ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈
[root@master01 ~]# 

  提示:建議每次部署新的應用都先更新下倉庫,然後在部署應用;

  使用自定義資訊部署應用

  提示:上述命令用--set選項可以將自定義資訊傳入對應的chart中,用於替換對應模板檔案中的值;上述命令表示設定redis密碼為admin123.com,master和slave都不開啟持久儲存功能(生產環境不建議);當然簡單的設定個別引數可以使用--set來指定,如果過於複雜的引數,建議使用value.yaml檔案來替換,使用--value選項來指定對應的值檔案即可;

相關文章