编排之神--Kubernetes中包管理Helm工具详解
12.Kubernetes中包管理Helm工具
12.1 helm简介
- Helm是Kubernetes 应用的包管理工具,主要用来管理 Charts,类似Linux系统的yum。
- Helm Chart是用来封装Kubernetes原生应用程序的一系列YAML文件。可以在你部署应用的时候自定义应用程序的一些 Metadata,以便于应用程序的分发。
- 对于应用发布者而言
- 通过Helm打包应用、管理应用依赖关系、管理应用版本并发布应用到软件仓库。
- 对于使用者而言
- 使用Helm后可以以简单的方式在Kubernetes上查找、安装、升级、回滚、卸载应用程序
12.2 部署helm
12.2.1 官网与资源
官网: https://helm.sh/zh/docs/intro/quickstart/
软件资源: https://github.com/helm/helm/releases
12.2.2 部署helm
12.2.2.1 安装helm
# 将资源包里面的内容上传
[root@k8s-master ~]# mkdir helm
[root@k8s-master ~]# cd helm/
[root@k8s-master helm]# tar zxf helm-v3.15.4-linux-amd64.tar.gz
[root@k8s-master helm]# cd linux-amd64/
[root@k8s-master linux-amd64]# cp -p helm /usr/local/bin/
12.2.2.2 配置helm命令补齐
[root@k8s-master linux-amd64]# echo "source <(helm completion bash)" >> ~/.bashrc
[root@k8s-master linux-amd64]# source ~/.bashrc# 查看版本
[root@k8s-master linux-amd64]# helm version
12.3 helm常用操作
| 命令 | 描述 |
|---|---|
| create | 创建一个 chart 并指定名字 |
| dependency | 管理 chart 依赖 |
| get | 下载一个 release。可用子命令:all、hooks、manifest、notes、values |
| history | 获取 release 历史 |
| install | 安装一个 chart |
| list | 列出 release |
| package | 将 chart 目录打包到 chart 存档文件中 |
| pull | 从远程仓库中下载 chart 并解压到本地 # helm pull stable/mysql – untar |
| repo | 添加,列出,移除,更新和索引 chart 仓库。可用子命令:add、index、 list、remove、update |
| rollback | 从之前版本回滚 |
| search | 根据关键字搜索 chart。可用子命令:hub、repo |
| show | 查看 chart 详细信息。可用子命令:all、chart、readme、values |
| status | 显示已命名版本的状态 |
| template | 本地呈现模板 |
| uninstall | 卸载一个 release |
| upgrade | 更新一个 release |
| version | 查看 helm 客户端版本 |
12.3.1 查询官方应用中心
[root@k8s-master helm]# helm search hub nginx # 在官方仓库中搜索
[root@k8s-master helm]# helm search repo nginx # 在本地仓库中搜索
12.3.2 管理第三方repo源
- 阿里云仓库:https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
- bitnami仓库: https://charts.bitnami.com/bitnami
- 微软仓库:http://mirror.azure.cn/kubernetes/charts/
- 官方仓库: https://hub.kubeapps.com/charts/incubator
# 添加阿里云仓库
[root@k8s-master helm]# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"aliyun" has been added to your repositories# 添加bitnami仓库
[root@k8s-master helm]# helm repo add bitnami https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories# 查看仓库信息
[root@k8s-master helm]# helm repo list
NAME URL
aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
bitnami https://charts.bitnami.com/bitnami# 查看仓库存储helm清单
[root@k8s-master helm]# helm search repo aliyun
NAME CHART VERSION APP VERSION DESCRIPTION # 应用名称 封装版本 软件版本 软件描述
aliyun/acs-engine-autoscaler 2.1.3 2.1.1 Scales worker nodes within agent pools
aliyun/aerospike 0.1.7 v3.14.1.2 A Helm chart for Aerospike in Kubernetes # 删除第三方存储库
[root@k8s-master helm]# helm repo list[root@k8s-master helm]# helm repo remove aliyun
12.3.3 helm的使用方法
12.3.3.1 查找chart
[root@k8s-master helm]# helm search repo nginx
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/nginx 21.1.23 1.29.1 NGINX Open Source is a web server that can be a...
bitnami/nginx-ingress-controller 12.0.7 1.13.1 NGINX Ingress Controller is an Ingress controll...
bitnami/nginx-intel 2.1.15 0.4.9 DEPRECATED NGINX Open Source for Intel is a lig...
12.3.3.2 查看chart信息
[root@k8s-master helm]# helm show chart bitnami/nginx
annotations:category: Infrastructureimages: |- name: gitimage: docker.io/bitnami/git:2.46.0-debian-12-r0- name: nginximage: docker.io/bitnami/nginx:1.27.1-debian-12-r2- name: nginx-exporterimage: docker.io/bitnami/nginx-exporter:1.3.0-debian-12-r2licenses: Apache-2.0
12.3.3.3 安装chart包
# 以下方法适用于网络环境不好,直接上传资源包里面的内容来做实验
[root@k8s-master helm]# ls
nginx-1.27.1-debian-12-r2.tar
[root@k8s-master ~]# cd /mnt/[root@k8s-master mnt]# docker load -i /root/helm/nginx-1.27.1-debian-12-r2.tar
[root@k8s-master mnt]# docker tag bitnami/nginx:1.27.1-debian-12-r2 reg.dhj.org/bitnami/nginx:1.27.1-debian-12-r2
[root@k8s-master mnt]# docker push reg.dhj.org/bitnami/nginx:1.27.1-debian-12-r2
# 如果网络环境不好,或者说没有科技的话,建议使用资源包里面的内容,以下方法适用于科技(翻墙)
[root@k8s-master ~]# helm install timinglee bitnami/nginx
[root@k8s-master ~]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
timinglee default 1 2024-09-10 12:08:12.3165525 +0800 CST deployed nginx-18.1.11 1.27.1[root@k8s-master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
timinglee-nginx-8598578bcf-qjwwq 1/1 Running 0 41s# 查看项目的发布状态
[root@k8s-master ~]# helm status timinglee
NAME: timinglee
LAST DEPLOYED: Tue Sep 10 12:08:12 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: nginx
CHART VERSION: 18.1.11
APP VERSION: 1.27.1# 卸载项目
[root@k8s-master nginx]# helm uninstall timinglee
release "timinglee" uninstalled[root@k8s-master nginx]# kubectl get pods
No resources found in default namespace.[root@k8s-master nginx]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
12.3.4 安装项目前预定义项目选项
# 拉取项目(如果上面使用资源包方法的话,就不需要了)
[root@k8s-master helm]# helm pull bitnami/nginx[root@k8s-master helm]# ls
nginx-18.1.11.tgz[root@k8s-master helm]# tar zxf nginx-18.1.11.tgz[root@k8s-master helm]# ls
nginx nginx-18.1.11.tgz[root@k8s-master helm]# cd nginx/
[root@k8s-master nginx]# ls
Chart.lock charts Chart.yaml README.md templates values.schema.json values.yaml[root@k8s-master nginx]# ls templates/ # 项目模板[root@k8s-master nginx]# vim values.yaml # 项目变量文件13 imageRegistry: "reg.dhj.org"# 上传项目所需要镜像到仓库(这一步上面做过了就不用做了)
[root@k8s-master ~]# docker tag bitnami/nginx:1.27.1-debian-12-r2 reg.timinglee.org/bitnami/nginx:1.27.1-debian-12-r2
[root@k8s-master ~]# docker push reg.timinglee.org/bitnami/nginx:1.27.1-debian-12-r2# 安装本地项目
[root@k8s-master nginx]# helm install timinglee /root/helm/nginx[root@k8s-master templates]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11d
timinglee-nginx LoadBalancer 10.96.246.24 172.25.254.51 80:39653/TCP,443:39701/TCP 60s
[root@k8s-master templates]# kubectl get pods
'NAME READY STATUS RESTARTS AGE
timinglee-nginx-8598578bcf-v9svx 1/1 Running 0 73s# 更新项目
[root@k8s-master nginx]# vim values.yaml # 更新变量文件
623 type: ClusterI
751 enabled: true
763 hostname: myapp.timinglee.org
783 ingressClassName: "nginx"[root@k8s-master nginx]# helm upgrade timinglee . [root@k8s-master nginx]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 6d21h
timinglee-nginx ClusterIP 10.107.92.71 <none> 80/TCP,443/TCP 7m34s[root@k8s-master nginx]# kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.98.27.12 172.25.254.50 80:32244/TCP,443:34533/TCP 7d23h
ingress-nginx-controller-admission ClusterIP 10.96.154.255 <none> 443/TCP 7d23h[root@k8s-master nginx]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
timinglee-nginx nginx myapp.timinglee.org 172.25.254.20 80 68s[root@k8s-master nginx]# vim /etc/hosts
172.25.254.50 myapp.timinglee.org# 测试
[root@k8s-master nginx]# curl myapp.timinglee.org# 查看历史
[root@k8s-master nginx]# helm history timinglee
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Sep 10 15:24:40 2024 superseded nginx-18.1.11 1.27.1 Install complete
2 Tue Sep 10 15:31:19 2024 deployed nginx-18.1.11 1.27.1 # 删除项目
[root@k8s-master nginx]# helm uninstall timinglee
release "timinglee" uninstalled
[root@k8s-master nginx]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
12.4 构建helm中的chart包
12.4.1 Helm Chart目录结构
# 简历chart项目
[root@k8s-master helm]# helm create timinglee
Creating timinglee
[root@k8s-master helm]# ls
timinglee
[root@k8s-master helm]# tree timinglee/
timinglee/
├── charts # 目录里存放这个chart依赖的所有子chart。
├── Chart.yaml # 用于描述这个 Chart 的基本信息# 包括名字、描述信息以及版本等。├── templates # 目录里面存放所有 yaml 模板文件。
│ ├── deployment.yaml
│ ├── _helpers.tpl # 放置模板助手的地方,可以在整个 chart 中重复使用
│ ├── hpa.yaml
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── serviceaccount.yaml
│ ├── service.yaml
│ └── tests
│ └── test-connection.yaml
└── values.yaml # 用于存储 templates 目录中模板文件中用到变量的值。3 directories, 10 files
12.4.2 构建方法
[root@k8s-master timinglee]# vim Chart.yaml
apiVersion: v2
name: timinglee
description: A Helm chart for Kubernetes
type: application
version: 0.1.0 # 项目版本
appVersion: "v1" # 软件版本[root@k8s-master timinglee]# vim values.yaml
image:repository: myapppullPolicy: IfNotPresenttag: "v1"
ingress:enabled: trueclassName: "nginx"annotations: {}# kubernetes.io/ingress.class: nginx# kubernetes.io/tls-acme: "true"hosts:- host: myapp.timinglee.orgpaths:- path: /pathType: ImplementationSpecific# 语法检测
[root@k8s-master timinglee]# helm lint .
==> Linting .
[INFO] Chart.yaml: icon is recommended1 chart(s) linted, 0 chart(s) failed# 项目打包
[root@k8s-master timinglee]# cd ..
[root@k8s-master helm]# helm package timinglee/
Successfully packaged chart and saved it to: /root/helm/timinglee-0.1.0.tgz[root@k8s-master helm]# ls
timinglee timinglee-0.1.0.tgz# 项目可以通过各种分享方式发方为任何人后部署即可
[root@k8s-master helm]# helm install timinglee timinglee-0.1.0.tgz
NAME: timinglee
LAST DEPLOYED: Tue Sep 10 15:54:05 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:http://myapp.timinglee.org/[root@k8s-master helm]# kubectl get pods
NAME READY STATUS RESTARTS AGE
timinglee-8889c6bf5-cn257 1/1 Running 0 17s
[root@k8s-master helm]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
timinglee nginx myapp.timinglee.org 80 22s[root@k8s-master helm]# curl http://myapp.timinglee.org/
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
12.5 构建helm仓库
12.5.1 在harbor仓库中构建一个公开的项目
12.5.2 安装helm push插件
官方网址:https://github.com/chartmuseum/helm-push
12.5.2.1 在线安装
如果网络没问题情况下直接安装即可
[root@k8s-master helm]# dnf install git -y
[root@k8s-master helm]# helm plugin install https://github.com/chartmuseum/helm-push
12.5.2.2 离线安装
# 创建helm plugin的存放目录
[root@k8s-master helm]# mkdir ~/.local/share/helm/plugins/helm-push -p# 解压push插件包到指定目录
[root@k8s-master helm]# tar zxf helm-push_0.10.4_linux_amd64.tar.gz -C ~/.local/share/helm/plugins/helm-push
[root@k8s-master helm]# ls ~/.local/share/helm/plugins/helm-push
bin LICENSE plugin.yaml# 查看helm调用命令是否成功
[root@k8s-master helm]# helm cm-push --help
Helm plugin to push chart package to ChartMuseumExamples:$ helm cm-push mychart-0.1.0.tgz chartmuseum # push .tgz from "helm package"$ helm cm-push . chartmuseum # package and push chart directory$ helm cm-push . --version="1.2.3" chartmuseum # override version in Chart.yaml$ helm cm-push . https://my.chart.repo.com # push directly to chart repo URL
12.5.3 上传项目到仓库
12.5.3.1 添加仓库
[root@k8s-master helm]# helm repo add timinglee https://reg.dhj.org/chartrepo/timinglee# 添加仓库时报错,因为我们用的是加密访问
Error: looks like "https://reg.timinglee.org/chartrepo/timinglee" is not a valid chart repository or cannot be reached: Get "https://reg.timinglee.org/chartrepo/timinglee/index.yaml": tls: failed to verify certificate: x509: certificate signed by unknown authority# 为helm添加证书
[root@k8s-master helm]# cp /etc/docker/certs.d/reg.timinglee.org/ca.crt /etc/pki/ca-trust/source/anchors/# 更新本地ca认证库
[root@k8s-master helm]# update-ca-trust# 再次添加仓库
[root@k8s-master helm]# helm repo add timinglee https://reg.dhj.org/chartrepo/timinglee
12.5.3.2 上传本地项目
# 命令执行格式
helm cm-push <项目名称> <仓库名称> -u admin -p lee
[root@k8s-master helm]# helm cm-push timinglee-0.1.0.tgz timinglee -u admin -p admin\# 查看项目上传情况
[root@k8s-master helm]# helm search repo timinglee # 上传后数据未更新
No results found# 更新仓库
[root@k8s-master helm]# helm repo update timinglee# 再次查看
[root@k8s-master helm]# helm search repo timinglee
NAME CHART VERSION APP VERSION DESCRIPTION
timinglee/timinglee 0.1.0 v1 A Helm chart for Kubernetes# 安装项目
# 如果前面安装过,可以卸载
[root@k8s-master helm]# helm uninstall timinglee
[root@k8s-master helm]# helm install timinglee timinglee/timinglee[root@k8s-master helm]# curl myapp.timinglee.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
12.6 helm的版本迭代
12.6.1 重新构建新版本项目
[root@k8s-master helm]# vim timinglee/Chart.yaml
version: 0.2.0
appVersion: "v2"[root@k8s-master helm]# vim timinglee/values.yaml
tag: "v2"[root@k8s-master helm]# helm package timinglee
12.6.2 上传项目到helm仓库中
[root@k8s-master helm]# helm cm-push timinglee-0.2.0.tgz timinglee -u admin -p admin[root@k8s-master helm]# helm repo update timinglee[root@k8s-master helm]# helm search repo[root@k8s-master helm]# helm search repo timinglee -l
NAME CHART VERSION APP VERSION DESCRIPTION
timinglee/timinglee 0.2.0 v2 A Helm chart for Kubernetes
timinglee/timinglee 0.1.0 v1 A Helm chart for Kubernetes
12.6.3 更新应用
# 1.更新
[root@k8s-master helm]# helm upgrade timinglee timinglee/timinglee[root@k8s-master helm]# curl http://myapp.timinglee.org/
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a># 显示项目版本
[root@k8s-master helm]# helm history timinglee
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Fri Aug 22 12:13:18 2025 superseded timinglee-0.1.0 v1 Install complete
2 Fri Aug 22 13:55:51 2025 deployed timinglee-0.2.0 v2 Upgrade complete# 2.应用回滚
[root@k8s-master helm]# helm rollback timinglee[root@k8s-master helm]# helm history timinglee
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Fri Aug 22 12:13:18 2025 superseded timinglee-0.1.0 v1 Install complete
2 Fri Aug 22 13:55:51 2025 superseded timinglee-0.2.0 v2 Upgrade complete
3 Fri Aug 22 13:56:36 2025 deployed timinglee-0.1.0 v1 Rollback to 1[root@k8s-master helm]# curl myapp.timinglee.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>