1. 客户端Helm(即Helm)
通过脚本安装:curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > helm.sh
chmod +x helm.sh ./helm.sh
# 输出 Downloading https://kubernetes-helm.storage.googleapis.com/helm-v2.13.1-linux-amd64.tar.gz Preparing to install helm and tiller into /usr/local/bin helm installed into /usr/local/bin/helm tiller installed into /usr/local/bin/tiller Run 'helm init' to configure helm.
# 验证 helm help
注:可能在执行脚本时出现curl: (7) Failed connect to kubernetes-helm.storage.googleapis.com:443; 网络不可达
2. 服务端Tiller
直接helm init
,即可在K8S集群中安装Tiller(在kube-system命名空间中),但执行的时虽然提示成功了,但K8S查看容器状态发现有Failed to pull image "gcr.io/kubernetes-helm/tiller:v2.13.1"....
是否有,没有又查看是否有用户镜像docker search tiller:v2.13.1
docker pull hekai/gcr.io_kubernetes-helm_tiller_v2.13.1 docker tag hekai/gcr.io_kubernetes-helm_tiller_v2.13.1 gcr.io/kubernetes-helm/tiller:v2.13.1 docker rmi hekai/gcr.io_kubernetes-helm_tiller_v2.13.1
# 设置账号 kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
# 使用 kubectl patch 更新 API 对象 kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
# 查看授权是否成功 kubectl get deploy --namespace kube-system tiller-deploy --output yaml|grep serviceAccount
serviceAccount: tiller serviceAccountName: tiller
helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
卸载tiller:helm reset
或helm reset --force
3. 使用
创建Helm chart(Helm中的包的形式叫做chart):
# 拉取测试代码 git clone https://github.com/daemonza/testapi.git;
cd testapi # 创建chart骨架 helm create testapi-chart
├── charts
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
| ├── service.yaml
│ └── tests
└── values.yaml
# chartAPI的版本,必须只能设为v1 apiVersion: v1 # 可选参数 appVersion: "1.0" # 可选参数 description: A Helm chart for Kubernetes # chart的名字,必选参数 name: testapi-chart # chart的版本号,必选参数,必须符合SemVer version: 0.1.0
# Default values for testapi-chart. # This is a YAML-formatted file. # Declare variables to be passed into your templates.
replicaCount: 1
image: repository: nginx tag: stable pullPolicy: IfNotPresent
nameOverride: "" fullnameOverride: ""
service: type: ClusterIP port: 80
ingress: enabled: false annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: []
tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local
resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
cd testapi-chart
# 运行chart helm lint
# --debug标识可选,加上可以看到输出,testapi-chart是要打包的chart目录,打出的包在当前目录下 helm package testapi-chart --debug
# 输出 Successfully packaged chart and saved it to: /root/k8s/helm/testapi/testapi-chart-0.1.0.tgz [debug] Successfully saved /root/k8s/helm/testapi/testapi-chart-0.1.0.tgz to /root/.helm/repository/local
现在打包出来在当前目录,也可以直接发布到本地的helm仓库:helm install testapi-chart-0.1.0.tgz
NAME: lumbering-zebu LAST DEPLOYED: Fri Apr 26 18:54:26 2019 NAMESPACE: default STATUS: DEPLOYED
RESOURCES: ==> v1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE lumbering-zebu-testapi-chart 0/1 1 0 0s
==> v1/Pod(related) NAME READY STATUS RESTARTS AGE lumbering-zebu-testapi-chart-7fb48fc7b6-n6824 0/1 ContainerCreating 0 0s
==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE lumbering-zebu-testapi-chart ClusterIP <none> 80/TCP 0s
NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=testapi-chart,app.kubernetes.io/instance=lumbering-zebu" -o jsonpath="{.items[0].metadata.name}") echo "Visit to use your application" kubectl port-forward $POD_NAME 8080:80
helm ls
# 输出 NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE lumbering-zebu 1 Fri Apr 26 18:54:26 2019 DEPLOYED testapi-chart-0.1.0 1.0 default
kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE lumbering-zebu-testapi-chart 1/1 1 1 13m odd-chicken-testapi-chart 1/1 1 1 85s
出现2个了,现在需要删除旧版本的deployment的chart:helm delete lumbering-zebu-testapi-chart
,通过helm ls
和kubectl get pods
# 将testapi包按顺序回滚1次修改,注意不带-testapi-chart helm rollback lumbering-zebu 1 # 输出 Rollback was a success! Happy Helming! # 验证 helm ls
但这种情况必须记得删除包的名字,实际可以通过helm ls --deleted
升级,可以在修改相关的Chart.yaml文件后,直接在其所在目录运行helm upgrade odd-chicken .
# 验证 helm ls # 版本号已变 NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE odd-chicken 2 Fri Apr 26 19:26:21 2019 DEPLOYED testapi-chart2-2.1.1 2.0 default
目录提供helm服务:helm serve --repo-path ./charts
# 拉取所需要的镜像 docker pull registry.cn-shanghai.aliyuncs.com/hhu/defaultbackend:1.4 docker tag registry.cn-shanghai.aliyuncs.com/hhu/defaultbackend:1.4 k8s.gcr.io/defaultbackend:1.4 docker rmi registry.cn-shanghai.aliyuncs.com/hhu/defaultbackend:1.4
# 安装Nginx Ingress controller helm install stable/nginx-ingress --set controller.hostNetwork=true,rbac.create=true
# 添加源(最新的源) helm repo add monocular https://helm.github.io/monocular # 安装monocular helm install monocular/monocular