Helm产生原因
利用Kubernetes部署一个应用,需要Kubernetes原生资源文件如deployment、replicationcontroller、service或pod 等。而对于一个复杂的应用,会有很多类似上面的资源描述文件,如果有更新或回滚应用的需求,可能要修改和维护所涉及的大量资源文件,且由于缺少对发布过的应用版本管理和控制,使Kubernetes上的应用维护和更新等面临诸多的挑战,而Helm可以帮我们解决这些问题。
Helm架构
Helm基本架构如下:
Helm官方网页将Helm定义为“Kubernetes的软件包管理器”,但不止于此。Helm是用于管理在Kubernetes集群管理器中运行的应用程序的工具.Helm提供了一组用于管理应用程序的操作,例如:检查,安装,升级和删除。
Helm是包管理器(类似yum和apt),Charts 是包 (类似于debs和rpms)
在Kubernetes集群中运行和管理应用程序的最简单方法是使用Helm。Helm允许您执行管理应用程序的关键操作,如安装,升级或删除。如前所述,Helm由两部分组成:Helm(客户端)和Tiller(服务器)。按照以下步骤完成Helm和Tiller的安装。
安装
一、安装helm
直接下载Helm的二进制文件:
解压缩helm二进制文件并将其添加到PATH中,就可以了!
安装命令补全
helm completion bash >/etc/bash_completion.d/helm.sh
source /usr/share/bash-completion/bash_completion
二、安装Tiller
创建tiller用户,绑定超级权限,当然你也可以绑定其他角色
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller
namespace: kube-system
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
创建服务账户
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
安装tiller
初始化配置的时候, Helm 会去 gcr.io 中拉取 tiller 的镜像, 而且会将 "https://kubernetes-charts.storage.googleapis.com" 做为 stable repository 地址 需要使用代理
helm init --upgrade --tiller-image=gcr.io/kubernetes-helm/tiller:v2.7.0
输出结果如下:
[root@node1 ~]# helm init --upgrade --tiller-image=gcr.io/kubernetes-helm/tiller:v2.7.0
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been upgraded to the current version.
Happy Helming!
修改Tiller的服务账户
kubectl patch deployment tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' -n kube-system安装示例 CHART
[root@node1 ~]# helm install stable/mysql
NAME: jaunty-hyena
LAST DEPLOYED: Thu Dec 14 20:47:23 2017
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Secret
NAME TYPE DATA AGE
jaunty-hyena-mysql Opaque 2 <invalid>
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
jaunty-hyena-mysql Pending <invalid>
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jaunty-hyena-mysql ClusterIP 10.233.35.247 <none> 3306/TCP <invalid>
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
jaunty-hyena-mysql 1 1 1 0 <invalid>
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
jaunty-hyena-mysql-56559fb447-vm7x8 0/1 Pending 0 <invalid>
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
jaunty-hyena-mysql.default.svc.cluster.local
To get your root password run:
kubectl get secret --namespace default jaunty-hyena-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h jaunty-hyena-mysql -p
查询版本
[root@node1 ~]# helm ls
NAME REVISION UPDATED STATUS CHART NAMESPACE
jaunty-hyena 1 Thu Dec 14 20:47:23 2017 DEPLOYED mysql-0.3.0 default
卸载release
[root@node1 ~]# helm delete jaunty-hyena
release "jaunty-hyena" deleted
卸载之后还可以查询该release状态,甚至可以取消删除helm rollback
[root@node1 ~]# helm status jaunty-hyena
LAST DEPLOYED: Thu Dec 14 20:47:23 2017
NAMESPACE: default
STATUS: DELETED
这是由于没有安装socat
四、卸载 tiller
helm reset
or
kubectl -n kube-system delete deployment tiller-deploy
