一、Helm工具介绍
1.了解Helm
Helm是kubernetes中查找、分享、构建应用的最佳方式。
Helm是一个Kubernetes应用的包管理工具,用来管理chart(一种预先配置好的安装包资源),有点类似于Ubuntu 的APT和CentOS/Rocky中的YUM。因此,helm的出现解决了k8s应用管理
能力缺失的问题。
另外Helm也是dev和ops的桥梁,运维人员在使用Helm的时候,一方面不需要理解大量在Chart中的各种k8s元素,只需要配置少量的环境变量即可安装;另一方面,Helm也给初级运维人员提供了学习的机会,他们可以在Chart中学习并理解各种K8s元素,从而能够更快的掌握K8s。
2.Helm核心概念
① Chart:Chart就是helm package,包含了一个k8s app应用运行起来的所有要素,比如service, deployment, configmap,serviceaccount, rbac, 等,这些要素都是以template文件的形式存在,再结合values文件,最终渲染出能够被k8s执行的yaml文件。
② Repository:仓库是charts的集合,方便进行分享和分发。我们可以将这个仓库添加到本地,然后从这些仓库里查找chart,并使用。
③ Hub: 不同的个人和组织提供的公共仓库(Repository)形成了分散和分布的Helm仓库,不利于查找,所以官方提供了HelmHub,各公共仓库可以注册到Helm Hub中以方便集中查找。HelmHub只是分布的仓库的集中展示中心。仓库注册到Helm Hub时,会将Chart清单文件向Helm Hub同步一份,这样可以在Helm Hub集中展示仓库列表和各仓库中的Chart列表。Chart包也就是tgz文件实际上存储在各仓库中。Helm Hub并不实际存储Chart包。Helm只是在查询Chart时和Helm Hub有交互,其它操作都是和仓库直接交互的。
④ Release:Release是Helm Chart在kubernetes的一个运行实例,这个release名字会体现在K8s里,其中service和deploy的名字跟这个release名字一致。
3.Helm版本和Kubernetes版本要求
参考:https://helm.sh/zh/docs/topics/version_skew/
Helm 版本 | 支持的 Kubernetes 版本 |
---|---|
3.12.x | 1.27.x - 1.24.x |
3.11.x | 1.26.x - 1.23.x |
3.10.x | 1.25.x - 1.22.x |
3.9.x | 1.24.x - 1.21.x |
3.8.x | 1.23.x - 1.20.x |
3.7.x | 1.22.x - 1.19.x |
3.6.x | 1.21.x - 1.18.x |
3.5.x | 1.20.x - 1.17.x |
3.4.x | 1.19.x - 1.16.x |
3.3.x | 1.18.x - 1.15.x |
3.2.x | 1.18.x - 1.15.x |
3.1.x | 1.17.x - 1.14.x |
3.0.x | 1.16.x - 1.13.x |
2.16.x | 1.16.x - 1.15.x |
2.15.x | 1.15.x - 1.14.x |
2.14.x | 1.14.x - 1.13.x |
2.13.x | 1.13.x - 1.12.x |
2.12.x | 1.12.x - 1.11.x |
2.11.x | 1.11.x - 1.10.x |
2.10.x | 1.10.x - 1.9.x |
2.9.x | 1.10.x - 1.9.x |
2.8.x | 1.9.x - 1.8.x |
2.7.x | 1.8.x - 1.7.x |
2.6.x | 1.7.x - 1.6.x |
2.5.x | 1.6.x - 1.5.x |
2.4.x | 1.6.x - 1.5.x |
2.3.x | 1.5.x - 1.4.x |
2.2.x | 1.5.x - 1.4.x |
2.1.x | 1.5.x - 1.4.x |
2.0.x | 1.4.x - 1.3.x |
二、Helm工具常见用法
1.安装Helm
说明:根据helm和Kubernetes版本的对应关系,选择相应的版本为,我的版本为v1.26.2,所以helm版本选择3.12.X
下载二进制包
wget https://get.helm.sh/helm-v3.12.3-linux-amd64.tar.gz
[root@aminglinux01 ~]# wget https://get.helm.sh/helm-v3.12.3-linux-amd64.tar.gz
--2024-07-22 20:15:47-- https://get.helm.sh/helm-v3.12.3-linux-amd64.tar.gz
Resolving get.helm.sh (get.helm.sh)... 152.199.39.108, 2606:2800:247:1cb7:261b:1f9c:2074:3c
Connecting to get.helm.sh (get.helm.sh)|152.199.39.108|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16028423 (15M) [application/x-tar]
Saving to: ‘helm-v3.12.3-linux-amd64.tar.gz’
helm-v3.12.3-linux-amd64. 100%[=====================================>] 15.29M 350KB/s in 42s
2024-07-22 20:16:31 (374 KB/s) - ‘helm-v3.12.3-linux-amd64.tar.gz’ saved [16028423/16028423]
[root@aminglinux01 ~]#
解压并做软连接
tar zxf helm-v3.12.3-linux-amd64.tar.gz -C /opt/
mv /opt/linux-amd64/ /opt/helm
ln -s /opt/helm/helm /bin/
[root@aminglinux01 ~]# tar zxf helm-v3.12.3-linux-amd64.tar.gz -C /opt/
[root@aminglinux01 ~]# mv /opt/linux-amd64/ /opt/helm
[root@aminglinux01 ~]# ln -s /opt/helm/helm /bin/
[root@aminglinux01 ~]#
2.Helm常用命令
添加仓库,这样会把该仓库添加到本地
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add helm_sh https://charts.helm.sh/stable
helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
[root@aminglinux01 ~]# helm repo add bitnami https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories
[root@aminglinux01 ~]# helm repo add helm_sh https://charts.helm.sh/stable
"helm_sh" has been added to your repositories
[root@aminglinux01 ~]# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"aliyun" has been added to your repositories
[root@aminglinux01 ~]#
更新仓库列表到本地
helm repo update
[root@aminglinux01 ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "aliyun" chart repository
...Successfully got an update from the "bitnami" chart repository
...Successfully got an update from the "helm_sh" chart repository
Update Complete. ⎈Happy Helming!⎈
[root@aminglinux01 ~]#
查看仓库列表
helm repo list
[root@aminglinux01 ~]# helm repo list
NAME URL
bitnami https://charts.bitnami.com/bitnami
helm_sh https://charts.helm.sh/stable
aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
[root@aminglinux01 ~]#
在本地添加的仓库里搜索所有chart
helm search repo
在本地的仓库里搜索mysql
helm search repo mysql
[root@aminglinux01 ~]# helm search repo mysql
NAME CHART VERSION APP VERSION DESCRIPTION
aliyun/mysql 0.3.5 Fast, reliable, scalable, and easy to use open-...
bitnami/mysql 11.1.10 8.4.1 MySQL is a fast, reliable, scalable, and easy t...
helm_sh/mysql 1.6.9 5.7.30 DEPRECATED - Fast, reliable, scalable, and easy...
helm_sh/mysqldump 2.6.2 2.4.1 DEPRECATED! - A Helm chart to help backup MySQL...
helm_sh/prometheus-mysql-exporter 0.7.1 v0.11.0 DEPRECATED A Helm chart for prometheus mysql ex...
aliyun/percona 0.3.0 free, fully compatible, enhanced, open source d...
aliyun/percona-xtradb-cluster 0.0.2 5.7.19 free, fully compatible, enhanced, open source d...
bitnami/phpmyadmin 17.0.1 5.2.1 phpMyAdmin is a free software tool written in P...
helm_sh/percona 1.2.3 5.7.26 DEPRECATED - free, fully compatible, enhanced, ...
helm_sh/percona-xtradb-cluster 1.0.8 5.7.19 DEPRECATED - free, fully compatible, enhanced, ...
helm_sh/phpmyadmin 4.3.5 5.0.1 DEPRECATED phpMyAdmin is an mysql administratio...
aliyun/gcloud-sqlproxy 0.2.3 Google Cloud SQL Proxy
aliyun/mariadb 2.1.6 10.1.31 Fast, reliable, scalable, and easy to use open-...
bitnami/mariadb 19.0.1 11.4.2 MariaDB is an open source, community-developed ...
bitnami/mariadb-galera 14.0.2 11.4.2 MariaDB Galera is a multi-primary database clus...
helm_sh/gcloud-sqlproxy 0.6.1 1.11 DEPRECATED Google Cloud SQL Proxy
helm_sh/mariadb 7.3.14 10.3.22 DEPRECATED Fast, reliable, scalable, and easy t...
[root@aminglinux01 ~]#
还可以从公共的hub里搜索chart,目的是找到合适的repo
helm search hub mysql
helm search hub mysql --list-repo-url ##查看对应repo的url
helm search hub mysql --max-col-width 100 ##可以设置每一列的宽度,这样可以显示所有的描述信息
查看某个chart详细信息
helm show chart bitnami/mysql
[root@aminglinux01 ~]# helm show chart bitnami/mysql
annotations:
category: Database
images: |
- name: mysql
image: docker.io/bitnami/mysql:8.4.1-debian-12-r3
- name: mysqld-exporter
image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-12-r27
- name: os-shell
image: docker.io/bitnami/os-shell:12-debian-12-r25
licenses: Apache-2.0
apiVersion: v2
appVersion: 8.4.1
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
description: MySQL is a fast, reliable, scalable, and easy to use open source relational
database system. Designed to handle mission-critical, heavy-load production applications.
home: https://bitnami.com
icon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png
keywords:
- mysql
- database
- sql
- cluster
- high availability
maintainers:
- name: Broadcom, Inc. All Rights Reserved.
url: https://github.com/bitnami/charts
name: mysql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mysql
version: 11.1.10
[root@aminglinux01 ~]#
查看某个chart values(这个values相当于是该cahrt的配置文件)
helm show values helm_sh/redis
安装chart (示例,安装nginx)
helm search repo nginx ##先搜索合适的包
helm install nginx-test bitnami/nginx #这个nginx-test就是release名字,同时也是service和deployment/statefulset以及pod前缀,当然你也可以不去定义release name,让Helm帮忙定义,那么命令就要改为
helm install bitnami/nginx --generate-name
install过程中会自动生成缓存目录:
~/.cache/helm/repository/
[root@aminglinux01 ~]# helm install nginx-test bitnami/nginx
NAME: nginx-test
LAST DEPLOYED: Mon Jul 22 20:41:09 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: nginx
CHART VERSION: 18.1.5
APP VERSION: 1.27.0
** Please be patient while the chart is being deployed **
NGINX can be accessed through the following DNS name from within your cluster:
nginx-test.default.svc.cluster.local (port 80)
To access NGINX from outside the cluster, follow the steps below:
1. Get the NGINX URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w nginx-test'
export SERVICE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].port}" services nginx-test)
export SERVICE_IP=$(kubectl get svc --namespace default nginx-test -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "http://${SERVICE_IP}:${SERVICE_PORT}"
WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
- cloneStaticSiteFromGit.gitSync.resources
- resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
⚠ SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.
Substituted images detected:
- %!s(<nil>)/:%!s(<nil>)
[root@aminglinux01 ~]#
安装完后,查看用helm安装过的chart
helm list -A #-A会列出所有namespace里的release,不加-A只列default namespace里的release
[root@aminglinux01 ~]# helm list -A
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
nginx-test default 1 2024-07-22 20:41:09.726497166 +0800 CST deployed nginx-18.1.5 1.27.0
[root@aminglinux01 ~]#
注意:chart中的镜像地址如果不通,也会造成部署问题,在values.yaml中修改镜像地址
[root@aminglinux01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-test-5b88bf545f-q8jk7 0/1 Init:ErrImagePull 0 101s
[root@aminglinux01 redis-cluster]# cat values.yaml | grep registry | grep -v '##'
registry:
repository: registry.cn-hangzhou.aliyuncs.com/daliyused/redis-cluster
registry:
repository: registry.cn-hangzhou.aliyuncs.com/daliyused/os-shell
registry:
repository: registry.cn-hangzhou.aliyuncs.com/daliyused/redis-exporter
registry:
repository: registry.cn-hangzhou.aliyuncs.com/daliyused/os-shell
[root@aminglinux01 redis-cluster]#
注意:如果使用自定义镜像地址,register位置为空,repository位置填写镜像地址,否则会出现镜像地址错误的问题
E0723 17:48:45.852660 1053521 remote_image.go:171] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"registry.cn-hangzhou.aliyuncs.com/registry.cn-hangzhou.aliyuncs.com/*/redis-cluster:7.2.5-debian-12-r2\": failed to resolve reference \"registry.cn-hangzhou.aliyuncs.com/registry.cn-hangzhou.aliyuncs.com/*/redis-cluster:7.2.5-debian-12-r2\": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed" image="registry.cn-hangzhou.aliyuncs.com/registry.cn-hangzhou.aliyuncs.com/*/redis-cluster:7.2.5-debian-12-r2"
卸载
helm uninstall nginx-test
下载一个chart包
helm pull bitnami/mysql #会下载一个tgz的压缩包
利用本地的chart包,直接安装
tar zxf mysql-11.1.10.tgz
cd mysql
helm install test-mysql .
[root@aminglinux01 ~]# tar zxf mysql-11.1.10.tgz
[root@aminglinux01 ~]# cd mysql
[root@aminglinux01 mysql]# helm install test-mysql .
NAME: test-mysql
LAST DEPLOYED: Mon Jul 22 20:49:20 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: mysql
CHART VERSION: 11.1.10
APP VERSION: 8.4.1
** Please be patient while the chart is being deployed **
Tip:
Watch the deployment status using the command: kubectl get pods -w --namespace default
Services:
echo Primary: test-mysql.default.svc.cluster.local:3306
Execute the following to get the administrator credentials:
echo Username: root
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default test-mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d)
To connect to your database:
1. Run a pod that you can use as a client:
kubectl run test-mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.4.1-debian-12-r3 --namespace default --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash
2. To connect to primary service (read/write):
mysql -h test-mysql.default.svc.cluster.local -uroot -p"$MYSQL_ROOT_PASSWORD"
WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
- primary.resources
- secondary.resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
[root@aminglinux01 mysql]#
三、Helm工具实践
1.安装redis-cluster
先搭建一个NFS的SC(只需要SC,不需要pvc),具体步骤此文档不再提供,请参考前面相关章节。
下载redis-cluster的chart包
helm pull bitnami/redis-cluster --untar #会下载一个目录下来,#untar参数为下载后解压
[root@aminglinux01 ~]# helm pull bitnami/redis-cluster --untar
[root@aminglinux01 ~]# ls -l redis-cluster/
total 184
-rw-r--r-- 1 root root 227 Jul 23 00:09 Chart.lock
drwxr-xr-x 3 root root 20 Jul 23 00:09 charts
-rw-r--r-- 1 root root 1043 Jul 23 00:09 Chart.yaml
-rw-r--r-- 1 root root 118802 Jul 23 00:09 README.md
drwxr-xr-x 2 root root 4096 Jul 23 00:09 templates
-rw-r--r-- 1 root root 51524 Jul 23 00:09 values.yaml
[root@aminglinux01 ~]#
修改values.yaml
cd redis-cluster
vi values.yaml # 定义sc和密码
storageClass: "nfs-client"
redis:
password: "aminglinux.com"
安装
helm install redis-cluster . ##注意,这是在chart的目录里,该目录下有values.yaml,后面的. 表示使用当前目录下的values.yaml
[root@aminglinux01 redis-cluster]# helm install redis-cluster .
NAME: redis-cluster
LAST DEPLOYED: Tue Jul 23 17:56:35 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis-cluster
CHART VERSION: 10.2.7
APP VERSION: 7.2.5** Please be patient while the chart is being deployed **
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace "default" redis-cluster -o jsonpath="{.data.redis-password}" | base64 -d)
You have deployed a Redis® Cluster accessible only from within you Kubernetes Cluster.INFO: The Job to create the cluster will be created.To connect to your Redis® cluster:
1. Run a Redis® pod that you can use as a client:
kubectl run --namespace default redis-cluster-client --rm --tty -i --restart='Never' \
--env REDIS_PASSWORD=$REDIS_PASSWORD \
--image registry.cn-hangzhou.aliyuncs.com/daliyused/redis-cluster:7.2.5-debian-12-r2 -- bash
2. Connect using the Redis® CLI:
redis-cli -c -h redis-cluster -a $REDIS_PASSWORD
WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
- redis.resources
- updateJob.resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
⚠ SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.
Substituted images detected:
- %!s(<nil>)/registry.cn-hangzhou.aliyuncs.com/daliyused/redis-cluster:7.2.5-debian-12-r2
- %!s(<nil>)/registry.cn-hangzhou.aliyuncs.com/daliyused/os-shell:12-debian-12-r24
- %!s(<nil>)/registry.cn-hangzhou.aliyuncs.com/daliyused/redis-exporter:1.61.0-debian-12-r2
- %!s(<nil>)/registry.cn-hangzhou.aliyuncs.com/daliyused/os-shell:12-debian-12-r24
[root@aminglinux01 redis-cluster]# kubectl describe pod redis-cluster-0
Name: redis-cluster-0
Namespace: default
Priority: 0
Service Account: redis-cluster
Node: aminglinux02/192.168.100.152
Start Time: Tue, 23 Jul 2024 17:56:36 +0800
Labels: app.kubernetes.io/instance=redis-cluster
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=redis-cluster
app.kubernetes.io/version=7.2.5
controller-revision-hash=redis-cluster-6d6f6dfb48
helm.sh/chart=redis-cluster-10.2.7
statefulset.kubernetes.io/pod-name=redis-cluster-0
Annotations: checksum/config: 42ba018149c259b4f98f1f17b46ba146333e7e0c04fd659fe9c926c6fd18fc9b
checksum/scripts: 6a1212c00774e998669f90fade5b4f25e6979af8d3192b8c63a20cd7e462501d
checksum/secret: 38a235f784732ca0fd0d1cecacde9b8369de6700be522981dff2ebe49856ddd2
cni.projectcalico.org/containerID: 3ae422c4885bbfa254e9bbe9a270ae103b6f8c612d453da6d14193a191195610
cni.projectcalico.org/podIP: 10.18.206.223/32
cni.projectcalico.org/podIPs: 10.18.206.223/32
Status: Pending
IP:
IPs: <none>
Controlled By: StatefulSet/redis-cluster
Containers:
redis-cluster:
Container ID:
Image: registry.cn-hangzhou.aliyuncs.com/daliyused/redis-cluster:7.2.5-debian-12-r2
Image ID:
Ports: 6379/TCP, 16379/TCP
Host Ports: 0/TCP, 0/TCP
Command:
/bin/bash
-c
Args:
# Backwards compatibility change
if ! [[ -f /opt/bitnami/redis/etc/redis.conf ]]; then
echo COPYING FILE
cp /opt/bitnami/redis/etc/redis-default.conf /opt/bitnami/redis/etc/redis.conf
fi
pod_index=($(echo "$POD_NAME" | tr "-" "\n"))
pod_index="${pod_index[-1]}"
if [[ "$pod_index" == "0" ]]; then
export REDIS_CLUSTER_CREATOR="yes"
export REDIS_CLUSTER_REPLICAS="1"
fi
/opt/bitnami/scripts/redis-cluster/entrypoint.sh /opt/bitnami/scripts/redis-cluster/run.sh
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
Requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
Liveness: exec [sh -c /scripts/ping_liveness_local.sh 5] delay=5s timeout=6s period=5s #success=1 #failure=5
Readiness: exec [sh -c /scripts/ping_readiness_local.sh 1] delay=5s timeout=2s period=5s #success=1 #failure=5
Environment:
POD_NAME: redis-cluster-0 (v1:metadata.name)
REDIS_NODES: redis-cluster-0.redis-cluster-headless redis-cluster-1.redis-cluster-headless redis-cluster-2.redis-cluster-headless redis-cluster-3.redis-cluster-headless redis-cluster-4.redis-cluster-headless redis-cluster-5.redis-cluster-headless
REDISCLI_AUTH: <set to the key 'redis-password' in secret 'redis-cluster'> Optional: false
REDIS_PASSWORD: <set to the key 'redis-password' in secret 'redis-cluster'> Optional: false
REDIS_AOF_ENABLED: yes
REDIS_TLS_ENABLED: no
REDIS_PORT_NUMBER: 6379
Mounts:
/bitnami/redis/data from redis-data (rw)
/opt/bitnami/redis/etc/ from empty-dir (rw,path="app-conf-dir")
/opt/bitnami/redis/etc/redis-default.conf from default-config (rw,path="redis-default.conf")
/opt/bitnami/redis/logs from empty-dir (rw,path="app-logs-dir")
/opt/bitnami/redis/tmp from empty-dir (rw,path="app-tmp-dir")
/scripts from scripts (rw)
/tmp from empty-dir (rw,path="tmp-dir")
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
redis-data:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: redis-data-redis-cluster-0
ReadOnly: false
scripts:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: redis-cluster-scripts
Optional: false
default-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: redis-cluster-default
Optional: false
empty-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7s default-scheduler Successfully assigned default/redis-cluster-0 to aminglinux02
Warning FailedMount 6s kubelet MountVolume.SetUp failed for volume "default-config" : failed to sync configmap cache: timed out waiting for the condition
Warning FailedMount 6s kubelet MountVolume.SetUp failed for volume "scripts" : failed to sync configmap cache: timed out waiting for the condition
Normal Pulling 4s kubelet Pulling image "registry.cn-hangzhou.aliyuncs.com/daliyused/redis-cluster:7.2.5-debian-12-r2"
查看状态
helm status redis-cluster
[root@aminglinux01 redis-cluster]# kubectl get pod | grep redis
redis-cluster-0 1/1 Running 0 13m
redis-cluster-1 1/1 Running 2 (12m ago) 13m
redis-cluster-2 1/1 Running 1 (12m ago) 13m
redis-cluster-3 1/1 Running 0 13m
redis-cluster-4 1/1 Running 2 (12m ago) 13m
redis-cluster-5 1/1 Running 1 (13m ago) 13m
[root@aminglinux01 redis-cluster]#
测试
2.应用的升级和回滚
安装好的应用,如果再次修改values.yaml(比如修改密码为aminglinux.com1),则需要做升级处理
helm upgrade redis-cluster . ##注意,这是在chart的目录里,该目录下有values.yaml
查看升级历史
helm history redis-cluster
[root@aminglinux01 redis-cluster]# helm history redis-cluster
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Jul 23 17:56:35 2024 deployed redis-cluster-10.2.7 7.2.5 Install complete
[root@aminglinux01 redis-cluster]#
回滚
helm rollback redis-cluster 1
四、自定义chart-内置对象
1.Helm chart包目录结构
创建自定义chart模板
helm create my-template
查看目录结构
tree my-template
说明:
* Chart.yaml:用于描述这个chart的基本信息,包括名字、描述信息、版本信息等。
* values.yaml:用于存储templates目录中模板文件中用到的变量信息,也就是说template中的模板文件引用的是values.yaml中的变量。
* templates:用于存放部署使用的yaml文件模板,这里面的yaml都是通过各种判断、流程控制、引用变量去调用values中设
置的变量信息,最后完成部署。
* deployment.yaml:deployment资源yaml文件。
* ingress.yaml:ingress资源文件。
* NOTES.txt:用于接收chart的帮助信息,helm install部署完成后展示给用户,也可以时候helm status列出信息。
* _helpers.tpl:放置模板助手的地方,可以在整个chart中重复使用。
2.helm chart模板
Helm最核心的就是模板,即模板化的K8s清单文件(如,deployment, service等),模板经过渲染后会被提交到K8s中,本质上就是Go语言的template模板,模板文件位于template/目录中。
将K8s清单文件中可能经常变动的字段,通过指定一个变量,在安装的过程中该变量将被值value动态替换掉,这个过程就是模板的渲染。
变量的值定义在values.yaml文件中,该文件中定义了变量的缺省值,但可以在helm install命令中配置新的值来覆盖缺省值。
以下为模板内置对象
Release对象
Release 对象描述了版本发布自身的一些信息。
Release.Name | Release名字 |
Release.Namespace | Release所在命名空间 |
Release.IsUpgrade | 如果当前操作是升级或回滚,则将其设置 为true |
Release.IsInstall | 如果当前操作是安装,则设置为true |
Release.Revision | 此Release 的修订版本号 |
Release.Service | 渲染此模板的服务,一般都是“Helm” |
Values对象
Values 对象描述的是 values.yaml 文件中的内容,默认为空。使用Value 对象可以获取到 values.yaml 文件中已定义的任何数值。Values对象的值有4个来源:
- chart包中的values.yaml文件;
- 父chart包的values.yaml文件;
- 通过helm install或者helm upgrade的-f 或者 --values参数传入的自定义的yaml文件(比如,helm install -f abc.yaml )
- 通过--set传递单个参数(比如,helm install --set
- image=nginx:1.23.2)
优先级:--set > -f > 父chart里的values.yaml > chart里的values.yaml
Value 键值对 | 获取方式 |
name: aaron | Values.name |
info: name: aaron | Values.info.name |
Chart对象
Chart 对象用于获取 chart.yaml 文件中的内容
Chart.Name | 获取Chart的名称 |
Chart.Version | 获取Chart的版本 |
Chart.apiVersion | 获取Chart的API版本 |
Chart.description | 获取Chart的描述 |
Chart.type | 获取Chart的类型 |
Chart.keywords | 获取Chart的一组关键字 |
Capabilities对象
Capabilities 对象提供了关于 Kubernetes 集群相关的信息。
Capabilities.APIVersions | 返回 Kubernetes 集群API 版本信息集合 |
Capabilities.APIVersions.Has $version | 用于检测指定的版本或资源在 Kubernetes 集群中是否可用,例如 batch/v1 或apps/v1/Deployment |
Capabilities.KubeVersion | 用于获取 Kubernetes的版本号 |
Capabilities.KubeVersion.Version | 用于获取 Kubernetes的版本号 |
Capabilities.KubeVersion.Major | Kubernetes 的主版本号 |
Capabilities.KubeVersion.Minor | Kubernetes 的小版本号 |
Template对象
Template 对象用于获取当前模板的信息
Template.Name | 用于获取当前模板的名称和路径(例如:mychart/templates/mytemplate.yaml) |
Template.BasePath | 用于获取当前模板的路径(例如:mychart/templates) |
Files对象
Files对象在chart中提供访问所有非特殊文件的对象。你不能使它访问template对象,只能访问其它文件。
Files.Get | 通过文件名获取文件的方法 |
Files.GetBytes | 用字节数组代替字符串获取文件内容的方法,常用于图片类的文件 |
Files.Glob | 用给定的shell glob模式匹配文件名返回文件列表的方法 |
Files.Lines | 逐行读取文件内容的方法 |
Files.AsSecrets | 使用Base64编码字符串返回文件体的方法 |
Files.AsConfig | 使用YAML格式返回文件体的方法 |
五、Chart的values
Values.yaml是Helm最重要的一个配置文件,所以我们再来研究一下它。
首先,挪走自带的values.yaml
mv values.yaml values.yaml.bak
[root@aminglinux01 redis-cluster]# mv values.yaml values.yaml.bak
[root@aminglinux01 redis-cluster]# ls
Chart.lock charts Chart.yaml README.md templates values.yaml.bak
[root@aminglinux01 redis-cluster]#
然后,写一个自定义的值
cat > values.yaml <<EOF
myname: yeyunyi
EOF
[root@aminglinux01 redis-cluster]# cat > values.yaml <<EOF
> myname: yeyunyi
> EOF
[root@aminglinux01 redis-cluster]# cat values.yaml
myname: yeyunyi
[root@aminglinux01 redis-cluster]#
调用上面自定义变量的方法为:
{{ .Values.myname}}
在configmap.yaml里调用
cp -r templates/ templates.bak ##先备份一下template目录
rm -rf templates/* ##删除掉所有模板文件
cat > templates/configmap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-configmap
data:
myvalue: "Hello World"
myname: {{ .Values.myname }} ##调用value中自定义变量方法
EOF
[root@aminglinux01 redis-cluster]# cp -r templates/ templates.bak
[root@aminglinux01 redis-cluster]# ls
Chart.lock charts Chart.yaml README.md templates templates.bak values.yaml values.yaml.bak
[root@aminglinux01 redis-cluster]# rm -rf templates
[root@aminglinux01 redis-cluster]# mkdir templates
[root@aminglinux01 redis-cluster]# cat > templates/configmap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-configmap
data:
myvalue: "Hello World"
myname: {{ .Values.myname }} ##调用value中自定义变量方法
EOF
[root@aminglinux01 redis-cluster]# cat templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-configmap
data:
myvalue: "Hello World"
myname: {{ .Values.myname }} ##调用value中自定义变量方法
[root@aminglinux01 redis-cluster]#
查看渲染效果
helm template testrelease . ## 当前目录是在测试的chart里面,假定release名字为testrelease
[root@aminglinux01 redis-cluster]# helm template testrelease .
---
# Source: redis-cluster/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testrelease-configmap
data:
myvalue: "Hello World"
myname: yeyunyi ##调用value中自定义变量方法
[root@aminglinux01 redis-cluster]#
但是,这个myname值是会被--set参数覆盖的,例如:
helm template testrelease . --set myname=yeyunyitest
[root@aminglinux01 redis-cluster]# helm template testrelease . --set myname=yeyunyitest
---
# Source: redis-cluster/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testrelease-configmap
data:
myvalue: "Hello World"
myname: yeyunyitest ##调用value中自定义变量方法
[root@aminglinux01 redis-cluster]#
继续修改values.yaml内容
cat > values.yaml <<EOF
myname: yeyunyi
service:
type: ClusterIP
port: 80
EOF
[root@aminglinux01 redis-cluster]# cat > values.yaml <<EOF
> myname: yeyunyi
> service:
> type: ClusterIP
> port: 80
> EOF
[root@aminglinux01 redis-cluster]# cat values.yaml
myname: yeyunyi
service:
type: ClusterIP
port: 80
[root@aminglinux01 redis-cluster]#
要调用上面的type,需要引用{{ Vlues.service.type }}定义service.yaml
cat > templates/service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
name: testserivce
labels:
app: myapp
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
EOF
查看渲染效果:
[root@aminglinux01 redis-cluster]# helm template testrelease -f values.yaml .
---
# Source: redis-cluster/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testrelease-configmap
data:
myvalue: "Hello World"
myname: ##调用value中自定义变量方法
---
# Source: redis-cluster/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: redis-svc
labels:
app: myapp
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app: myapp
[root@aminglinux01 redis-cluster]#
六、Chart模板里的函数
函数列表: https://helm.sh/zh/docs/chart_template_guide/function_list/
A. quote函数:给对象加双引号,从而作为字符串使用
cat > templates/configmap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-configmap
data:
myvalue: "Hello World"
myname: {{ quote .Values.myname }}
EOF
渲染
helm template testrelease .
[root@aminglinux01 redis-cluster]# helm template testrelease .
---
# Source: redis-cluster/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testrelease-configmap
data:
myname: "yeyunyi"
myvalue: "Hello World"
---
# Source: redis-cluster/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: redis-svc
labels:
app: myapp
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app: myapp
[root@aminglinux01 redis-cluster]#
B. 管道+函数
upper函数:小写变大写
[root@aminglinux01 redis-cluster]# cat templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: testservice
labels:
app: myapp
spec:
type: {{ .Values.service.type|upper|quote }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
[root@aminglinux01 redis-cluster]#
渲染
[root@aminglinux01 redis-cluster]# helm template testrelease .
---
# Source: redis-cluster/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testrelease-configmap
data:
myname: "yeyunyi"
myvalue: "Hello World"
---
# Source: redis-cluster/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: testservice
labels:
app: myapp
spec:
type: "CLUSTERIP"
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
C. default函数:当对象值为空时,使用该函数定义的值
cat > templates/service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
name: testserivce
labels:
app: myapp
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port |default 8080 }}
targetPort: http
protocol: TCP
name: http
EOF
渲染
[root@aminglinux01 redis-cluster]# helm template testrelease . --set service.port=null
---
# Source: redis-cluster/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testrelease-configmap
data:
myname: "yeyunyi"
myvalue: "Hello World"
---
# Source: redis-cluster/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: testserivce
labels:
app: myapp
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
[root@aminglinux01 redis-cluster]#
D. indent函数: 缩进,例如indent 4,表示缩进4个字符
cat > templates/service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
name: testserivce
labels:
app: myapp
spec:
type: {{ .Values.service.type|indent 8 }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
EOF
渲染
[root@aminglinux01 redis-cluster]# helm template testrelease .
---
# Source: redis-cluster/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testrelease-configmap
data:
myname: "yeyunyi"
myvalue: "Hello World"
---
# Source: redis-cluster/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: testserivce
labels:
app: myapp
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
E. nindent函数: 换行并缩进
cat > templates/service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
name: testserivce
labels:
app: myapp
spec:
type: {{ .Values.service.type|nindent 8 }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
EOF
渲染
[root@aminglinux01 redis-cluster]# helm template testrelease .
---
# Source: redis-cluster/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testrelease-configmap
data:
myname: "yeyunyi"
myvalue: "Hello World"
---
# Source: redis-cluster/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: testserivce
labels:
app: myapp
spec:
type:
ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http