Helm产生原因
利用Kubernetes部署一个应用,需要Kubernetes原生资源文件如deployment、replicationcontroller、service或pod 等。而对于一个复杂的应用,会有很多类似上面的资源描述文件,如果有更新或回滚应用的需求,可能要修改和维护所涉及的大量资源文件,且由于缺少对发布过的应用版本管理和控制,使Kubernetes上的应用维护和更新等面临诸多的挑战,而Helm可以帮我们解决这些问题。
Helm架构
Helm基本架构如下:
官方网页将Helm定义为“Kubernetes的软件包管理器”,但不止于此。Helm是用于管理在Kubernetes集群管理器中运行的应用程序的工具.Helm提供了一组用于管理应用程序的操作,例如:检查,安装,升级和删除。
Helm是包管理器(类似yum和apt),Charts 是包 (类似于debs和rpms)
在Kubernetes集群中运行和管理应用程序的最简单方法是使用Helm。Helm允许您执行管理应用程序的关键操作,如安装,升级或删除。如前所述,Helm由两部分组成:Helm(客户端)和Tiller(服务器)。按照以下步骤完成Helm和Tiller的安装。
安装
一、安装helm
直接下载Helm的二进制文件:
解压缩helm二进制文件并将其添加到PATH中,就可以了!
安装命令补全
helm completion bash >/etc/bash_completion.d/helm.sh source /usr/share/bash-completion/bash_completion
二、安装Tiller
创建tiller用户,绑定超级权限,当然你也可以绑定其他角色
--- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: tiller namespace: kube-system subjects: - kind: ServiceAccount name: tiller namespace: kube-system roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io
创建服务账户
--- apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system labels: kubernetes.io/cluster-service: "true"
安装tiller
初始化配置的时候, Helm 会去 gcr.io 中拉取 tiller 的镜像, 而且会将 "" 做为 stable repository 地址 需要使用代理
helm init --upgrade --tiller-image=gcr.io/kubernetes-helm/tiller:v2.7.0
输出结果如下:
[root@node1 ~]# helm init --upgrade --tiller-image=gcr.io/kubernetes-helm/tiller:v2.7.0 Creating /root/.helm Creating /root/.helm/repository Creating /root/.helm/repository/cache Creating /root/.helm/repository/local Creating /root/.helm/plugins Creating /root/.helm/starters Creating /root/.helm/cache/archive Creating /root/.helm/repository/repositories.yaml Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com Adding local repo with URL: http://127.0.0.1:8879/charts $HELM_HOME has been configured at /root/.helm. Tiller (the Helm server-side component) has been upgraded to the current version. Happy Helming!
修改Tiller的服务账户
kubectl patch deployment tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' -n kube-system 安装示例 CHART
[root@node1 ~]# helm install stable/mysql NAME: jaunty-hyena LAST DEPLOYED: Thu Dec 14 20:47:23 2017 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Secret NAME TYPE DATA AGE jaunty-hyena-mysql Opaque 2==> v1/PersistentVolumeClaim NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE jaunty-hyena-mysql Pending ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE jaunty-hyena-mysql ClusterIP 10.233.35.247 3306/TCP ==> v1beta1/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE jaunty-hyena-mysql 1 1 1 0 ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE jaunty-hyena-mysql-56559fb447-vm7x8 0/1 Pending 0 NOTES: MySQL can be accessed via port 3306 on the following DNS name from within your cluster: jaunty-hyena-mysql.default.svc.cluster.local To get your root password run: kubectl get secret --namespace default jaunty-hyena-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo To connect to your database: 1. Run an Ubuntu pod that you can use as a client: kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il 2. Install the mysql client: $ apt-get update && apt-get install mysql-client -y 3. Connect using the mysql cli, then provide your password: $ mysql -h jaunty-hyena-mysql -p
查询版本
[root@node1 ~]# helm ls NAME REVISION UPDATED STATUS CHART NAMESPACE jaunty-hyena 1 Thu Dec 14 20:47:23 2017 DEPLOYED mysql-0.3.0 default
卸载release
[root@node1 ~]# helm delete jaunty-hyena release "jaunty-hyena" deleted
卸载之后还可以查询该release状态,甚至可以取消删除helm rollback
[root@node1 ~]# helm status jaunty-hyena LAST DEPLOYED: Thu Dec 14 20:47:23 2017 NAMESPACE: default STATUS: DELETED
这是由于没有安装socat
四、卸载 tiller
helm reset or kubectl -n kube-system delete deployment tiller-deploy