Helm简介、安装、配置、使用!
一、简介
Helm 是 Kubernetes 的包管理器。包管理器类似于我们在 Ubuntu 中使用的apt、Centos中使用的yum 或者Python中的 pip 一样,能快速查找、下载和安装软件包。Helm 由客户端组件 helm 和服务端组件 Tiller 组成, 能够将一组K8S资源打包统一管理, 是查找、共享和使用为Kubernetes构建的软件的最佳方式。
Helm3之前是C/S架构的。主要分为客户端 helm 和服务端 Tiller。Tiller负责对charts的解析生成k8s资源声明文件,然后调用k8s api进行部署。同时还保存chart部署的版本信息。
Helm3移除了 Tiller,直接在客户端就对charts进行解析,调用k8s api部署资源声明文件。同时将charts release的版本信息保存至对应k8s应用部署所在命名空间下的secret中。(例如:名为sh.helm.release.v1.sentry-kubernetes-events.v1 helm.sh/release.v1类型的secret)
全面拥抱Helm3
二、安装
Github下载地址:Releases · helm/helm · GitHub
1、二进制包安装
-
下载二进制文件解压至系统环境路径下即可。
-
命令脚本
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh# 或者 curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
2、包管理器安装
-
Brew
brew install helm
3、源码编译安装
$ cd $GOPATH
$ mkdir -p src/helm.sh
$ cd src/helm.sh
$ git clone https://github.com/helm/helm.git
$ cd helm
$ make三、配置
helm3默认读取当前用户目录下~/.kube/config文件中的当前k8s环境上下文来配置部署charts到哪个k8s集群。相关权限跟随着kuectl配置的用户权限。(开箱即用的感觉)
1、配置helm的环境变量
| Name | Description |
|---|---|
$XDG_CACHE_HOME | set an alternative location for storing cached files. |
$XDG_CONFIG_HOME | set an alternative location for storing Helm configuration. |
$XDG_DATA_HOME | set an alternative location for storing Helm data. |
$HELM_DRIVER | set the backend storage driver. Values are: configmap, secret, memory |
$HELM_NO_PLUGINS | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. |
$KUBECONFIG | set an alternative Kubernetes configuration file (default "~/.kube/config") |
2、Helm相关文件存储的默认路径
- cached文件都存在
$XDG_CACHE_HOME/helm - 配置文件存在
$XDG_CONFIG_HOME/helm - 数据文件存在
$XDG_DATA_HOME/helm
3、各个操作操作系统的默认配置
| 操作系统 | Cache文件路径 | 配置文件路径 | 数据文件路径 |
|---|---|---|---|
| Linux | $HOME/.cache/helm | $HOME/.config/helm | $HOME/.local/share/helm |
| macOS | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm |
| Windows | %TEMP%\helm | %APPDATA%\helm | %APPDATA%\helm |
4、命令行的命令补全
helm completion zsh
source <(helm completion zsh)四、charts的管理
全局通用的命令行参数
--add-dir-header 添加文件路径到Header中
--alsologtostderr log to standard error as well as files
--debug 输出Debug级别的日志
--kube-context string 指定使用哪个kubeconfig context
--kubeconfig string 指定kubeconfig文件路径
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log-dir string 指定日志输出到哪个路径下
--log-file string 指定日志输出到哪个文件中
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
-n, --namespace string 指定在哪个K8S命名空间下进行操作
--registry-config string path to the registry config file (default "/Users/curiouser/Library/Preferences/helm/registry.json")
--repository-cache string path to the file containing cached repository indexes (default "/Users/curiouser/Library/Caches/helm/repository")
--repository-config string path to the file containing repository names and URLs (default "/Users/curiouser/Library/Preferences/helm/repositories.yaml")
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging1、远程Charts仓库的管理
添加远程charts仓库
helm repo add 远程仓库别名 https://kubernetes-charts-incubator.storage.googleapis.com/
查看当前所有的远程charts仓库
helm repo list
删除指定的远程charts仓库
helm repo rm/remove 远程仓库别名
查看远程仓库中的所有charts
helm search repo
查看Github中的所有charts
helm search hub
2、Charts的管理
从远程仓库中下载Charts到本地
helm pull 远程仓库别名/chart名 参数项# 参数项
--ca-file string verify certificates of HTTPS-enabled servers using this CA bundle
--cert-file string identify HTTPS client using this SSL certificate file
-d/--destination string location to write the chart. If this and tardir are specified, tardir is appended to this (default ".")
--devel use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored.
-h/--help help for pull
--key-file string identify HTTPS client using this SSL key file
--keyring string location of public keys used for verification (default "/Users/curiouser/.gnupg/pubring.gpg")
--password string chart repository password where to locate the requested chart
--prov fetch the provenance file, but don't perform verification
--repo string chart repository url where to locate the requested chart
--untar 下载后解压
--untardir string 下载后解压到指定目录(默认是当前路径".")
--username string chart repository username where to locate the requested chart
--verify verify the package before installing it
--version string specify the exact chart version to install. If this is not specified, the latest version is installed# 支持全局通用参数五、部署Charts到k8s集群
命令格式
helm install [NAME] [CHART] [参数项]# 参数项
--atomic 原子部署。当charts部署失败时,所有操作进行回滚删除。同时如果设置该参数, 一并的"--wait"也会被设置
--ca-file string verify certificates of HTTPS-enabled servers using this CA bundle
--cert-file string identify HTTPS client using this SSL certificate file
--dependency-update 在部署前更新charts依赖
--description string 添加自定义描述
--devel use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored
--disable-openapi-validation if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema
--dry-run 模拟部署
-g, --generate-name generate the name (and omit the NAME parameter)
-h, --help 显示帮助信息
--key-file string identify HTTPS client using this SSL key file
--keyring string location of public keys used for verification (default "/Users/curiouser/.gnupg/pubring.gpg")
--name-template string specify template used to name the release
--no-hooks prevent hooks from running during install
-o, --output format 指定日志输出的格式(可选项table, json, yaml 默认是table)
--password string 远程chart仓库用户的密码
--post-renderer postrenderer the path to an executable to be used for post rendering. If it exists in $PATH, the binary will be used, otherwise it will try to look for the executable at the given path (default exec)
--render-subchart-notes if set, render subchart notes along with the parent
--replace re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production
--repo string 设置远程chart仓库的url
--set stringArray 设置vaules。(覆盖values.yaml中的值可设置多个,以“,”分割。例如 key1=val1,key2=val2)
--set-file stringArray 从文件中读取va luset values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--set-string stringArray set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--skip-crds if set, no CRDs will be installed. By default, CRDs are installed if not already present
--timeout duration time to wait for any individual Kubernetes operation (like Jobs for hooks) (默认5分0秒)
--username string 远程chart仓库的用户名-f, --values strings 指定values文件或URL(可设置多个)
--verify verify the package before installing it
--version string specify the exact chart version to install. If this is not specified, the latest version is installed
--wait 设置等待charts涉及的k8s资源变为ready状态的时间才认为部署成功。它的值等 同timeout设置的值例如Pods, PVCs, Services, Deployment的最少POD数, StatefulSet, or ReplicaSet )
# 支持全局通用参数1、部署远程仓库中的charts到k8s集群
helm install 部署名 远程仓库别名/chart名 参数项
2、部署本地的Charts到k8s集群
helm install 部署名 -f values.yaml .
3、更新charts的部署
helm upgrade charts的部署名 -f values.yaml .# 参数项
--atomic 原子更新。当charts更新部署失败时,所有操作进行回滚删除。同时如果设置该参数,一并的"--wait"也会被设置
--ca-file string verify certificates of HTTPS-enabled servers using this CA bundle
--cert-file string identify HTTPS client using this SSL certificate file
--cleanup-on-fail allow deletion of new resources created in this upgrade when upgrade fails
--description string 添加自定义描述
--devel use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored
--dry-run 模拟更新部署
--force force resource updates through a replacement strategy
-h, --help 显示帮助信息
--history-max int limit the maximum number of revisions saved per release. Use 0 for no limit (default 10)
-i, --install 如果指定的chart部署名不存在,就直接安装
--key-file string identify HTTPS client using this SSL key file
--keyring string 指定验证时公钥的路径(默认当前用户路径下的.gnupg/pubring.gpg")
--no-hooks disable pre/post upgrade hooks
-o, --output format 指定日志输出的格式(可选项table, json, yaml 默认是table)
--password string 远程chart仓库用户的密码
--post-renderer postrenderer the path to an executable to be used for post rendering. If it exists in $PATH, the binary will be used, otherwise it will try to look for the executable at the given path (default exec)
--render-subchart-notes if set, render subchart notes along with the parent
--repo string 设置远程chart仓库的url
--reset-values when upgrading, reset the values to the ones built into the chart
--reuse-values when upgrading, reuse the last release's values and merge in any overrides from the command line via --set and -f. If '--reset-values' is specified, this is ignored
--set stringArray 设置vaules。(覆盖values.yaml中的值可设置多个,以“,”分割。例如 key1=val1,key2=val2)
--set-file stringArray set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--set-string stringArray set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--timeout duration time to wait for any individual Kubernetes operation (like Jobs for hooks) (默认5分0秒)
--username string 远程chart仓库的用户名
-f, --values strings 指定values文件或URL(可设置多个)
--verify verify the package before installing it
--version string specify the exact chart version to install. If this is not specified, the latest version is installed
--wait 设置等待charts涉及的k8s资源变为ready状态的时间才认为部署成功。它的值等 同timeout设置的值例如Pods, PVCs, Services, Deployment的最少POD数, StatefulSet, or ReplicaSet )
# 支持全局通用参数4、删除部署charts的资源
默认删除charts涉及的所有资源和charts的发布版本
helm del/uninstall/del/delete/un charts的部署名 参数项
# 参数项
--description string 添加自定义描述
--dry-run 模拟删除
-h, --help 显示帮助信息
--keep-history 删除charts涉及的所有资源,然后标记该charts的发布为删除状态,但保留删除历史
--no-hooks prevent hooks from running during uninstallation
--timeout duration time to wait for any individual Kubernetes operation (like Jobs for hooks) (默认5m0s)
# 支持全局通用参数六、其他操作
1、value文件中的List数组配置映射到命令行 set中
# values.yaml中参数
globalArguments:- "--api.disabledashboardad=false"- "--global.checknewversion=false"- "--global.sendanonymoususage=false"- "--api.insecure=false"- "--accesslog=true"- "--accesslog.fields.names.accesslog"- "--accesslog.fields.headers.defaultmode=keep"- "--accesslog.filepath=/data/400-599-reponse-json.log"- "--accesslog.format=json"- "--accesslog.filters.statuscodes=400-599"# 映射为 set参数值
helm upgrade --install traefik-ingress-controller \--version 24.0.0 \--namespace kube-system \--set ports.traefik.hostPort=9000 \--set deployment.replicas=2 \--set globalArguments="{"--api.disabledashboardad=false","--global.sendanonymoususage=false","--global.checknewversion=false","--accesslog=true","--accesslog.fields.names.accesslog","--accesslog.fields.headers.defaultmode=keep","--accesslog.filepath=/data/400-599-reponse-json.log","--accesslog.format=json","--accesslog.filters.statuscodes=400-599"}" \--set service.type=ClusterIP \--set hostNetwork=true \traefik/traefik2、value文件中的对象数组配置映射到命令行 set中
# values.yaml中参数
server:ingress:hosts:- host: chart-example.localpaths: []# 映射为 set参数值
helm upgrade --install vault --namespace tools hashicorp/vault \--set "server.ingress.enabled=true" \--set "server.ingress.hosts[0].host=vault.test.com"3、value文件中的完整对象数组配置映射到命令行 set中
extraObjects:- apiVersion: v1kind: Servicemetadata:name: traefik-apispec:type: ClusterIPselector:app.kubernetes.io/name: traefikapp.kubernetes.io/instance: traefik-defaultports:- port: 8080name: traefiktargetPort: 9000protocol: TCP- apiVersion: v1kind: Secretmetadata:name: traefik-dashboard-auth-secrettype: kubernetes.io/basic-authstringData:username: adminpassword: changeme- apiVersion: traefik.io/v1alpha1kind: Middlewaremetadata:name: traefik-dashboard-authspec:basicAuth:secret: traefik-dashboard-auth-secret- apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: traefik-dashboardannotations:traefik.ingress.kubernetes.io/router.entrypoints: websecuretraefik.ingress.kubernetes.io/router.middlewares: default-traefik-dashboard-auth@kubernetescrdhelm upgrade --install --atomic traefik-ingress-controller \--version 24.0.0 \--namespace kube-system \--set extraObjects[0].apiVersion=v1 \--set extraObjects[0].kind=Service \--set extraObjects[0].metadata.name=traefik-api \--set extraObjects[0].spec.type=ClusterIP \--set extraObjects[0].spec.ports[0].port=8080 \--set extraObjects[0].spec.ports[0].name=traefik \--set extraObjects[0].spec.ports[0].targetPort=9000 \--set extraObjects[0].spec.ports[0].protocol=TCP \--set extraObjects[0].spec.selector."app\.kubernetes\.io\/name"="traefik" \--set extraObjects[0].spec.selector."app\.kubernetes\.io\/instance"="traefik-default" \--set extraObjects[1].apiVersion=v1 \--set extraObjects[1].kind=Secret \--set extraObjects[1].metadata.name=traefik-dashboard-auth-secret \--set extraObjects[1].type=kubernetes.io/basic-auth \--set extraObjects[1].stringData.username=admin \--set extraObjects[1].stringData.password=changeme \--set extraObjects[2].apiVersion=traefik.io/v1alpha1 \--set extraObjects[2].kind=Middleware \--set extraObjects[2].metadata.name=traefik-dashboard-auth \--set extraObjects[2].spec.basicAuth.secret=traefik-dashboard-auth-secret \--set extraObjects[3].apiVersion=networking.k8s.io/v1 \--set extraObjects[3].kind=Ingress \--set extraObjects[3].metadata.name=traefik-dashboard \--set extraObjects[3].spec.rules[0].host=traefik-dashboard.test.com \--set extraObjects[3].spec.rules[0].http.paths[0].path=/ \--set extraObjects[3].spec.rules[0].http.paths[0].pathType=Prefix \--set extraObjects[3].spec.rules[0].http.paths[0].backend.service.name=traefik-api \--set extraObjects[3].spec.rules[0].http.paths[0].backend.service.port.name=traefik \--set extraObjects[3].metadata.annotations."traefik\.ingress\.kubernetes\.io\/router\.entrypoints"="websecure" \--set extraObjects[3].metadata.annotations."traefik\.ingress\.kubernetes\.io\/router\.middlewares"="default-traefik-dashboard-auth@kubernetescrd" \traefik/traefik