k8s-helm

一、helm简介：

做为Kubernetes的一个包管理工具，Helm具有如下功能：

创建新的chart
chart打包成tgz格式
上传chart到chart仓库或从仓库中下载chart
在Kubernetes集群中安装或卸载chart
管理用Helm安装的chart的发布周期

Helm有两个重要概念：

chart：包含了创建Kubernetes的一个应用实例的必要信息
release：是一个chart及其配置的一个运行实例

Helm组件

Helm有以下两个组成部分：
Helm Client是用户命令行工具，其主要负责如下：

本地chart开发
仓库管理
与Tiller sever交互
发送预安装的chart
查询release信息
要求升级或卸载已存在的release
Tiller Server是一个部署在Kubernetes集群内部的server，其与Helm client、Kubernetes API server进行交互。

Tiller server主要负责如下：

监听来自Helm client的请求
通过chart及其配置构建一次发布
安装chart到Kubernetes集群，并跟踪随后的发布
通过与Kubernetes交互升级或卸载chart

简单的说，client管理charts，而server管理发布release。
Helm实现

Helm client

Helm client采用go语言编写，采用gRPC协议与Tiller server交互。

Helm server

Tiller server也同样采用go语言编写，提供了gRPC server与client进行交互，利用Kubernetes client 库与Kubernetes进行通信，当前库使用了REST JSON格式。
Tiller server 没有自己的数据库，目前使用Kubernetes的ConfigMaps存储相关信息

helm安装：

官网所有的安装方法：https://helm.sh/docs/intro/install/
k8s版本和helm的支持：https://helm.sh/docs/topics/version_skew/

下载官方指定版本压缩包：

[root@apiserver local]# wget https://get.helm.sh/helm-v2.9.0-linux-amd64.tar.gz

解压：

[root@apiserver local]# tar -zxvf helm-v2.9.0-linux-amd64.tar.gz 
linux-amd64/
linux-amd64/LICENSE
linux-amd64/helm
linux-amd64/README.md

将helm文件移到/usr/local/bin下：

[root@apiserver local]# mv linux-amd64/helm /usr/local/bin

给helm增加执行权限：

[root@apiserver bin]# chmod a+x /usr/local/bin/helm

查看helm:

[root@apiserver bin]# helm
The Kubernetes package manager

To begin working with Helm, run the 'helm init' command:

	$ helm init

This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.

Common actions from this point include:

- helm search:    search for charts
- helm fetch:     download a chart to your local directory to view
- helm install:   upload the chart to Kubernetes
- helm list:      list releases of charts

Environment:
  $HELM_HOME          set an alternative location for Helm files. By default, these are stored in ~/.helm
  $HELM_HOST          set an alternative Tiller host. The format is host:port
  $HELM_NO_PLUGINS    disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
  $TILLER_NAMESPACE   set an alternative Tiller namespace (default "kube-system")
  $KUBECONFIG         set an alternative Kubernetes configuration file (default "~/.kube/config")

Usage:
  helm [command]

Available Commands:
  completion  Generate autocompletions script for the specified shell (bash or zsh)
  create      create a new chart with the given name
  delete      given a release name, delete the release from Kubernetes
  dependency  manage a chart's dependencies
  fetch       download a chart from a repository and (optionally) unpack it in local directory
  get         download a named release
  history     fetch release history
  home        displays the location of HELM_HOME
  init        initialize Helm on both client and server
  inspect     inspect a chart
  install     install a chart archive
  lint        examines a chart for possible issues
  list        list releases
  package     package a chart directory into a chart archive
  plugin      add, list, or remove Helm plugins
  repo        add, list, remove, update, and index chart repositories
  reset       uninstalls Tiller from a cluster
  rollback    roll back a release to a previous revision
  search      search for a keyword in charts
  serve       start a local http web server
  status      displays the status of the named release
  template    locally render templates
  test        test a release
  upgrade     upgrade a release
  verify      verify that a chart at the given path has been signed and is valid
  version     print the client/server version information

Flags:
      --debug                           enable verbose output
  -h, --help                            help for helm
      --home string                     location of your Helm config. Overrides $HELM_HOME (default "/root/.helm")
      --host string                     address of Tiller. Overrides $HELM_HOST
      --kube-context string             name of the kubeconfig context to use
      --tiller-connection-timeout int   the duration (in seconds) Helm will wait to establish a connection to tiller (default 300)
      --tiller-namespace string         namespace of Tiller (default "kube-system")

Use "helm [command] --help" for more information about a command.

RBAC设置:
Tiller是helm的服务器端，一般运行于kubernetes集群之上，定义tiller的ServiceAccount，并通过ClusterRoleBinding将其绑定至集群管理员角色cluster-admin，从而使得它拥有集群级别所有的最高权限。
在helm目录下有tiller-rbac.yaml文件

[root@apiserver helm]# cat tiller-rbac.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

运行上述文件：

[root@apiserver helm]# kubectl apply -f tiller-rbac.yaml 

初始化helm:

helm init --upgrade --service-account tiller  --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

参数说明：

–upgrade：如果已安装Tiller，则升级
–service-account：使用 Service Account 安装 RBAC enabled clusters)
–tiller-image：安装特定的镜像（版本）
–tiller-namespace：用一个特定的命名空间 (namespace) 安装
–stable-repo-url：指定仓库地址，默认是https://kubernetes-charts.storage.googleapis.com

查看helm版本：可以看到Client、Server

[root@apiserver helm]# helm version
Client: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}

查看tiller是否正常运行：

[root@apiserver helm]# kubectl get pods -n kube-system | grep tiller
tiller-deploy-676d85947c-pq5mz           1/1     Running   0          50s

helm常用命令的使用

去官网查找应用部署：https://hub.helm.sh/
1.添加chart：（Add gitlab repository）

helm repo add gitlab https://charts.gitlab.io

2.添加release:(Install chart)

helm install gitlab/gitlab-runner --version 0.16.0-rc1

3.helm search：通过关键字搜索charts

[root@apiserver helm]# helm search runner
NAME                	CHART VERSION	APP VERSION	DESCRIPTION  
gitlab/gitlab-runner	0.16.0-rc1   	12.10.0-rc1	GitLab Runner

4.helm list列出发布的服务：

[root@apiserver helm]# helm list
NAME           	REVISION	UPDATED                 	STATUS  	CHART                   	NAMESPACE
queenly-opossum	1       	Sun Apr 19 14:45:13 2020	DEPLOYED	gitlab-runner-0.16.0-rc1	default  

5.helm history查看历史：

[root@apiserver helm]# helm history queenly-opossum
REVISION	UPDATED                 	STATUS  	CHART                   	DESCRIPTION     
1       	Sun Apr 19 14:45:13 2020	DEPLOYED	gitlab-runner-0.16.0-rc1	Install complete

6.helm status 查看状态

[root@apiserver helm]# helm status queenly-opossum
LAST DEPLOYED: Sun Apr 19 14:45:13 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME                           DATA  AGE
queenly-opossum-gitlab-runner  5     10m

==> v1/Deployment
NAME                           DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
queenly-opossum-gitlab-runner  1        1        1           0          10m

==> v1/Pod(related)
NAME                                            READY  STATUS    RESTARTS  AGE
queenly-opossum-gitlab-runner-56f7bbb7d9-hzphc  0/1    Init:0/1  0         10m


NOTES:
##############################################################################
## WARNING: You did not specify an gitlabUrl in your 'helm install' call. ##
##############################################################################

This deployment will be incomplete until you provide the URL that your
GitLab instance is reachable at:

    helm upgrade queenly-opossum \
        --set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \
        stable/gitlab-runner

helm部署kubernetes-dashboard

helm部署kubernetes-dashboard
修改以下（修改是因为域名填写令牌未成功，所以使用IP登录）：
kubectl edit svc -n kube-system kubernetes-dashboard
将clusterIP改为NodePort
搜索SVC获取端口，然后用https://ip:端口 ，然后填写令牌