一,Helm基礎(chǔ)概述
1,使用Helm的目的�����?
由之前的應(yīng)用部署過(guò)程中可知�,在kubernetes 系統(tǒng)上部署容器化應(yīng)用時(shí)需要事先手動(dòng)編寫(xiě)資源配置清單文件以定義資源對(duì)象,而且其每一次的配置定義基本上都是硬編碼���,基本上無(wú)法實(shí)現(xiàn)復(fù)用���。對(duì)于較大規(guī)模的應(yīng)用場(chǎng)景,應(yīng)用程序的配置����,分發(fā),版本控制���,查找��,回滾甚至是查看都將是用戶(hù)的噩夢(mèng)����。 Helm可大大簡(jiǎn)化應(yīng)用管理的難度。
成都創(chuàng)新互聯(lián)公司主要從事成都網(wǎng)站設(shè)計(jì)���、成都網(wǎng)站制作�����、網(wǎng)頁(yè)設(shè)計(jì)��、企業(yè)做網(wǎng)站��、公司建網(wǎng)站等業(yè)務(wù)����。立足成都服務(wù)大峪,十載網(wǎng)站建設(shè)經(jīng)驗(yàn),價(jià)格優(yōu)惠�����、服務(wù)專(zhuān)業(yè),歡迎來(lái)電咨詢(xún)建站服務(wù):18982081108
2��,Helm是什么�����?
簡(jiǎn)單來(lái)說(shuō)��,Helm就是kubernetes的應(yīng)用程序包管理器���,類(lèi)似于Linux系統(tǒng)上的 yum 或 apt-get 等����,可用于實(shí)現(xiàn)幫助用戶(hù)查找����,分享及使用kubernetes應(yīng)用程序,目前的版本由CNCF(Microsoft����,Google,Bitnami 和 Helm 社區(qū)) 維護(hù)�。它的核心打包功能組件稱(chēng)為chart, 可以幫助用戶(hù)創(chuàng)建��,安裝及升級(jí)復(fù)雜應(yīng)用����。
Helm將kubernetes資源(Deployment,service或configmap等)打包到一個(gè)charts中�����,制作并測(cè)試完成的各個(gè)charts 將保存到charts倉(cāng)庫(kù)進(jìn)行存儲(chǔ)和分發(fā)。另外Helm實(shí)現(xiàn)了可配置的發(fā)布��,它支持應(yīng)用配置的版本管理���,簡(jiǎn)化了kubernetes 部署應(yīng)用的版本控制�����,打包��,發(fā)布����,刪除和更新操作�����。Helm架構(gòu)組件如下圖所示:
3��,Helm的優(yōu)點(diǎn)����?
- 管理復(fù)雜應(yīng)用: charts能夠描述哪怕是最復(fù)雜的程序結(jié)構(gòu),其提供了可重復(fù)使用的應(yīng)用安裝的定義���。
- 易于升級(jí): 使用就地升級(jí)和自定義鉤子來(lái)解決更新的難題�。
- 簡(jiǎn)單分享: charts易于通過(guò)公共或私用服務(wù)完成版本化,分享及主機(jī)構(gòu)建��。
- 回滾:可使用 “helm rollback” 命令輕松實(shí)現(xiàn)快速回滾��。
4��,Helm的核心術(shù)語(yǔ)
對(duì)與Heml來(lái)說(shuō)���,它具有以下幾個(gè)關(guān)鍵概念:
- Charts:即一個(gè)Helm程序包,它包含了運(yùn)行一個(gè)kubernetes應(yīng)用所需要的鏡像����,依賴(lài)關(guān)系和資源定義等,必要時(shí)還會(huì)包含service的定義���;它類(lèi)似于APT的dpkg文件或者 yum 的 rpm文件���。
- Repository:Charts倉(cāng)庫(kù),用于集中存儲(chǔ)和分發(fā)Charts�,類(lèi)似于Perl的CPAN,或者python的pyPI�����。
- Config: 應(yīng)用程序?qū)嵗惭b運(yùn)行使用的配置信息。
- Release: 應(yīng)用程序?qū)嵗渲煤筮\(yùn)行與kubernetes集群中的一個(gè)Charts實(shí)例����;在同一個(gè)集群上,一個(gè)charts 可以使用不同的Config重復(fù)安裝多次�����,每次安裝都會(huì)創(chuàng)建一個(gè)新的Release��。
5�����,Helm架構(gòu)
Helm主要由Helm客戶(hù)端��,Tiller服務(wù)器和Charts倉(cāng)庫(kù)(Repository)組成����。Helm 成員間通信圖如下:
Heml客戶(hù)端:Helm客戶(hù)端是命令行客戶(hù)端工具,采用Go語(yǔ)言編寫(xiě)���,基于gRPC協(xié)議與Tiller server交互����,它主要完成如下任務(wù):
- 本地 charts開(kāi)發(fā)。
- 管理Charts倉(cāng)庫(kù)�。
- 與Tiller服務(wù)器交互(發(fā)送Charts以安裝,查詢(xún)r(jià)elease的相關(guān)信息以及升級(jí)或卸載已有的Release)����。
Tiller server:Tiller server是運(yùn)行與kubernetes集群之中的容器化服務(wù)應(yīng)用,它接收來(lái)自Helm客戶(hù)端的請(qǐng)求�,并在必要時(shí)與kubernetes APi server進(jìn)行交互���,它主要完成以下任務(wù):
- 監(jiān)聽(tīng)來(lái)自于Helm客戶(hù)端的請(qǐng)求����。
- 合并charts 和配置以構(gòu)建一個(gè)Release�����。
- 向kubernetes 記者安裝Charts并對(duì)相應(yīng)的Release進(jìn)行跟蹤�����。
- 升級(jí)和卸載Charts���。
Charts倉(cāng)庫(kù):僅在有分發(fā)需求時(shí)�����,才應(yīng)該將同一應(yīng)用的Charts文件打包成歸檔壓縮格式提交到特定的charts倉(cāng)庫(kù)�。倉(cāng)庫(kù)既可以運(yùn)行為公共托g(shù)uan平臺(tái),也可以是用戶(hù)自建的服務(wù)器�,僅供特定的組織和個(gè)人使用。
二����,部署Helm
1,安裝Helm Client
安裝Helm client方式有兩種:預(yù)編譯的二進(jìn)制程序和源碼編譯安裝��。本文采用預(yù)編譯的二進(jìn)制程序安裝方式����。
1)下載二進(jìn)制包,并安裝:
二進(jìn)制安裝包下載地址:https://github.com/helm/helm/releases ��,可以選擇不同的版本�,例如安裝2.14.3版本:
[root@master helm]# wget https://get.helm.sh/helm-v2.14.3-linux-amd64.tar.gz
[root@master helm]# tar zxf helm-v2.14.3-linux-amd64.tar.gz
[root@master helm]# ls linux-amd64/
helm LICENSE README.md tiller
#將其二進(jìn)制命令(helm)復(fù)制或移動(dòng)到系統(tǒng)PATH環(huán)境變量指向的目錄中
[root@master helm]# cp linux-amd64/helm /usr/local/bin/
#查看helm版本
[root@master helm]# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Error: could not find tiller
//執(zhí)行helm version命令發(fā)現(xiàn)helm客戶(hù)端版本為v2.14.3,提示服務(wù)端tiller還未安裝�����。
2)命令補(bǔ)全
Helm 有很多子命令和參數(shù),為了提高使用命令行的效率�����,通常建議安裝 helm 的 bash 命令補(bǔ)全腳本��,方法如下:
[root@master helm]# echo "source <(helm completion bash)" >> /root/.bashrc
[root@master helm]# source /root/.bashrc
#現(xiàn)在就可以通過(guò) Tab 鍵補(bǔ)全 helm 子命令和參數(shù)了:
[root@master helm]# helm
completion dependency history inspect list repo search template verify
create fetch home install package reset serve test version
delete get init lint plugin rollback status upgrade
[root@master helm]# helm install --
--atomic --name= --timeout=
--ca-file= --namespace= --tls
--cert-file= --name-template= --tls-ca-cert=
--debug --no-crd-hook --tls-cert=
--dep-up --no-hooks --tls-hostname=
--description= --password= --tls-key=
--devel --render-subchart-notes --tls-verify
--dry-run --replace --username=
--home= --repo= --values=
--host= --set= --verify
--key-file= --set-file= --version=
--keyring= --set-string= --wait
--kubeconfig= --tiller-connection-timeout=
--kube-context= --tiller-namespace=
2�����,安裝Tiller server
Tiller是helm的服務(wù)器端����,一般應(yīng)該運(yùn)行于k8s集群之上�,如果k8s開(kāi)啟了RBAC的授權(quán),那么應(yīng)該創(chuàng)建相關(guān)的ServiceAccount才能進(jìn)行安裝��。
1)創(chuàng)建帶有cluster-admin角色權(quán)限的服務(wù)賬戶(hù)
[root@master helm]# vim tiller-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
[root@master helm]# kubectl apply -f tiller-rbac.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created
[root@master helm]# kubectl get serviceaccounts -n kube-system | grep tiller
tiller 1 78s
2)Tiller server的環(huán)境初始化(安裝tiller server)
[root@master helm]# helm init --service-account=tiller #service-account指向剛剛創(chuàng)建的服務(wù)賬戶(hù)
#查看Tiller server是否成功運(yùn)行:
[root@master helm]# kubectl get pod -n kube-system | grep tiller
tiller-deploy-8557598fbc-hwzdv 0/1 ErrImagePull 0 2m53s
[root@master helm]# kubectl describe pod -n kube-system tiller-deploy-8557598fbc-hwzdv
#通過(guò)查看詳細(xì)信息可以看到鏡像拉取失敗�����,以為該鏡像是谷歌的鏡像���,所以我們通過(guò)阿里云鏡像站去下載�,通過(guò)上面的事件信息中,我們可以看到該Tiller server是運(yùn)行在node01節(jié)點(diǎn)上的�,所以我們只需要在node01上下載鏡像:
[root@node01 ~]# docker pull registry.aliyuncs.com/google_containers/tiller:v2.14.3
[root@node01 ~]# docker tag registry.aliyuncs.com/google_containers/tiller:v2.14.3 gcr.io/kubernetes-helm/tiller:v2.14.3 #需要重命名為源鏡像名
[root@node01 ~]# docker rmi -f registry.aliyuncs.com/google_containers/tiller:v2.14.3
[root@node01 ~]# docker images | grep tiller
gcr.io/kubernetes-helm/tiller v2.14.3 2d0a693df3ba 6 months ago 94.2MB
#鏡像導(dǎo)入成功后,可以看到tiller server已正常運(yùn)行:
[root@master helm]# kubectl get pod -n kube-system | grep tiller
tiller-deploy-8557598fbc-hwzdv 1/1 Running 0 17m
#現(xiàn)在����, 執(zhí)行helm version 已經(jīng)能夠查看tiller server的版本信息了:
[root@master helm]# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
三,使用Helm
1����,Helm的基本操作詳解
#helm 安裝成功后,可以執(zhí)行helm repo list查看helm倉(cāng)庫(kù):
[root@master helm]# helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
//Helm安裝時(shí)已經(jīng)默認(rèn)配置好了兩個(gè)倉(cāng)庫(kù):stable和local�。stable是官方倉(cāng)庫(kù),local是用戶(hù)存放自己開(kāi)發(fā)的chart的本地倉(cāng)庫(kù)���。
#由于官方默認(rèn)倉(cāng)庫(kù)源是國(guó)外的����,為了方便使用����,我們指定為國(guó)內(nèi)的helm倉(cāng)庫(kù)源:
[root@master helm]# helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"stable" has been added to your repositories
//再次查看可用看到原有倉(cāng)庫(kù)源已經(jīng)被覆蓋:
[root@master helm]# helm repo list
NAME URL
stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
local http://127.0.0.1:8879/charts
#更改后,我們執(zhí)行repo update更新一下倉(cāng)庫(kù):
[root@master helm]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
#我們可執(zhí)行 helm search 查看當(dāng)前可安裝的 chart�,也可以某一個(gè)服務(wù)的版本信息(查看到的是helm charts包的版本):
[root@master helm]# helm search MySQL
NAME CHART VERSION APP VERSION DESCRIPTION
stable/mysql 0.3.5 Fast, reliable, scalable, and easy to use open-source rel...
stable/percona 0.3.0 free, fully compatible, enhanced, open source drop-in rep...
stable/percona-xtradb-cluster 0.0.2 5.7.19 free, fully compatible, enhanced, open source drop-in rep...
stable/gcloud-sqlproxy 0.2.3 Google Cloud SQL Proxy
stable/mariadb 2.1.6 10.1.31 Fast, reliable, scalable, and easy to use open-source rel...
#例如,通過(guò)以下命令來(lái)下載mysql的charts包:
[root@master helm]# helm install stable/mysql
#下載過(guò)程中,會(huì)輸出以下信息:
NAME: mean-spaniel
LAST DEPLOYED: Sat Feb 15 14:43:39 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
mean-spaniel-mysql Pending 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mean-spaniel-mysql-5868455f75-n8lb6 0/1 Pending 0 0s
==> v1/Secret
NAME TYPE DATA AGE
mean-spaniel-mysql Opaque 2 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mean-spaniel-mysql ClusterIP 10.102.92.19 3306/TCP 0s
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mean-spaniel-mysql 0/1 1 0 0s
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
mean-spaniel-mysql.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default mean-spaniel-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h mean-spaniel-mysql -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following commands to route the connection:
export POD_NAME=$(kubectl get pods --namespace default -l "app=mean-spaniel-mysql" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward $POD_NAME 3306:3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}
輸出信息分為三個(gè)部分:
(1)chart本次部署的描述信息:
NAME 是 release的名字����,因?yàn)槲覀儧](méi)用-n 參數(shù)指定,heml隨機(jī)生成了一個(gè)���,這里是mean-spaniel�。
NAMESPACE 是 release 部署的namespace��,默認(rèn)是default��,也可以通過(guò)--namespace 指定�。
STATUS 為DEPLOYED,表示已經(jīng)將chart部署到集群��。
(2)當(dāng)前 release包含的資源(RESOURCES):
Service��,Deployment�����,Secret和PersistentVolumeClaim�����,其名字都是
mean-spaniel-mysql�����,命名的格式為“ReleaseName-ChartName”�。
(3)NOTES 部分顯示的是 release的使用方式。比如如何訪問(wèn)Service�,如何獲取數(shù)據(jù)庫(kù)密碼,以及如何連接數(shù)據(jù)庫(kù)等�����。
#執(zhí)行以下命令�,查看已部署的release:
[root@master helm]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
mean-spaniel 1 Sat Feb 15 14:43:39 2020 DEPLOYED mysql-0.3.5 default
#通過(guò)以下命令,查看release的狀態(tài):
[root@master helm]# helm status mean-spaniel
部分內(nèi)容如下:
LAST DEPLOYED: Sat Feb 15 14:43:39 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
mean-spaniel-mysql Pending 26m
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mean-spaniel-mysql-5868455f75-n8lb6 0/1 Pending 0 26m
==> v1/Secret
NAME TYPE DATA AGE
mean-spaniel-mysql Opaque 2 26m
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mean-spaniel-mysql ClusterIP 10.102.92.19 3306/TCP 26m
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mean-spaniel-mysql 0/1 1 0 26m
#在生產(chǎn)環(huán)境中��,我們也可以使用kubectl get 和kubectl describe來(lái)查看實(shí)例的各個(gè)對(duì)象�,以快速的進(jìn)行排錯(cuò)。例如查看當(dāng)前pod:
[root@master helm]# kubectl get pod mean-spaniel-mysql-5868455f75-n8lb6
NAME READY STATUS RESTARTS AGE
mean-spaniel-mysql-5868455f75-n8lb6 0/1 Pending 0 31m
[root@master helm]# kubectl describe pod mean-spaniel-mysql-5868455f75-n8lb6
通過(guò)pod的事件信息中��,得知����,因?yàn)槲覀冞€沒(méi)有準(zhǔn)備pv,所以當(dāng)前實(shí)例還不可用����。
#如果想要?jiǎng)h除已部署的release�����,可執(zhí)行helm delete 命令(注意:必須加上--purge刪除緩存�,才能夠徹底的刪除:
[root@master helm]# helm delete mean-spaniel --purge
release "mean-spaniel" deleted
2����,chart 目錄結(jié)構(gòu)
我們知道Charts是Helm使用的kubernetes程序包打包格式,一個(gè)charts就是一個(gè)描述一組kubernetes資源的文件的集合����。
一個(gè)單獨(dú)的charts既能部署簡(jiǎn)單應(yīng)用,例如一個(gè)memcached服務(wù)��,也能部署復(fù)雜的應(yīng)用�,比如包含HTTP Servers,Database���,消息中間件��,cache等。
chart 將這些文件放置在預(yù)定義的目錄結(jié)構(gòu)中�����,通常整個(gè)chart被打包成tar包,而且標(biāo)注上版本信息�����,便于Helm部署����。下面我們將詳細(xì)討論chart的目錄結(jié)構(gòu)以及包含的各類(lèi)文件。
#例如�,之前安裝的mysql chart,一旦安裝了某個(gè)chart�����,我們就可以在
~/.helm/cache/archive 中找到 chart 的 tar 包����。
[root@master helm]# ls ~/.helm/cache/archive/
mysql-0.3.5.tgz
#解壓后,mysql chart 目錄結(jié)構(gòu)如下:
[root@master helm]# tree -C mysql/
mysql/
├── Chart.yaml
├── README.md
├── templates
│?? ├── configmap.yaml
│?? ├── deployment.yaml
│?? ├── _helpers.tpl
│?? ├── NOTES.txt
│?? ├── pvc.yaml
│?? ├── secrets.yaml
│?? └── svc.yaml
└── values.yaml
1 directory, 10 files
包含如下內(nèi)容:
(1)chart.yaml:YAML文件���,描述chart的概要信息���。
description: Fast, reliable, scalable, and easy to use open-source relational database
system.
engine: gotpl
home: https://www.mysql.com/
icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png
keywords:
- mysql
- database
- sql
maintainers:
- email: viglesias@google.com
name: Vic Iglesias
name: mysql
sources:
- https://github.com/kubernetes/charts
- https://github.com/docker-library/mysql
version: 0.3.5
其中��,name和version是必填項(xiàng)����,其他都是可選的����。
(2)README.md:Markdown 格式的README 文件,也就是chart的使用文檔�����,此文件可選�����。
(3)values.yaml :chart支持在安裝的時(shí)根據(jù)參數(shù)進(jìn)行定制化配置�����,而values.yaml 則提供了這些配置參數(shù)的默認(rèn)值����。
(4)templates 目錄 :各類(lèi)kubernetes資源的配置模板都放置在這里。Helm會(huì)將values.yaml 中的參數(shù)值注入到模板中生成標(biāo)準(zhǔn)的YAML配置文件�����。
模板是chart最重要的部分�,也是helm最強(qiáng)大地方。模板增加了應(yīng)用部署的靈活性����,能夠適用不同的環(huán)境。
四�����,Helm實(shí)踐
1��,Helm部署MySQL
在安裝之前�,我們可以先執(zhí)行helm inspect values 查看 mysql chart的使用方法:
[root@master ~]# helm inspect values stable/mysql
輸出的實(shí)際上是values.yaml的內(nèi)容。閱讀注釋就可以知道m(xù)ysql chart支持哪些參數(shù)��,安裝之前需要做哪些準(zhǔn)備�����,其中有一部分是關(guān)于存儲(chǔ)的:
## Persist data to a persistent volume
persistence:
enabled: true
## database data Persistent Volume Storage Class
## If defined, storageClassName:
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
chart定義了一個(gè)pvc�����,申請(qǐng)8G的pv,因?yàn)槭菧y(cè)試環(huán)境�����,所我們得預(yù)先創(chuàng)建好相應(yīng)的pv��。
1)創(chuàng)建pv:
//首先搭建nfs(master 為nfs服務(wù)器):
[root@master helm]# yum -y install nfs-utils
[root@master helm]# vim /etc/exports
/nfsdata/mysql *(rw,sync,no_root_squash)
[root@master helm]# mkdir -p /nfsdata/mysql
[root@master helm]# systemctl start rpcbind
[root@master helm]# systemctl start nfs-server
[root@master helm]# systemctl enable nfs-server
[root@master mysql]# showmount -e
Export list for master:
/nfsdata/mysql *
//創(chuàng)建mysql-pv��,配置內(nèi)容如下:
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 8Gi
persistentVolumeReclaimPolicy: Retain
nfs:
path: /nfsdata/mysql
server: 172.16.1.30
[root@master ~]# kubectl apply -f mysql-pv.yaml
persistentvolume/mysql-pv created
#確保pv能夠正常使用:
[root@master helm]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
mysql-pv 8Gi RWO Retain Available
2)安裝mysql chart
//下載mysql (設(shè)置mysql root用戶(hù)的密碼���,并且指定release的名稱(chēng))
#可以通過(guò)--set直接傳入?yún)?shù)值:
[root@master helm]# helm install stable/mysql --set mysqlRootPassword=123.com -n test-mysql
//查看已安裝的release:
[root@master helm]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
test-mysql 1 Sun Feb 16 12:39:57 2020 DEPLOYED mysql-0.3.5 default
#查看release的狀態(tài):
[root@master helm]# helm status test-mysql
LAST DEPLOYED: Mon Feb 17 11:51:38 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
test-mysql-mysql Bound mysql-pv 8Gi RWO 23m
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
test-mysql-mysql-dfb9b6944-f6pgs 1/1 Running 0 23m
==> v1/Secret
NAME TYPE DATA AGE
test-mysql-mysql Opaque 2 23m
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
test-mysql-mysql ClusterIP 10.103.220.95 3306/TCP 23m
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
test-mysql-mysql 1/1 1 1 23m
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
test-mysql-mysql.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default test-mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h test-mysql-mysql -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following commands to route the connection:
export POD_NAME=$(kubectl get pods --namespace default -l "app=test-mysql-mysql" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward $POD_NAME 3306:3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}
可以看到pv的狀態(tài)為Bound���,并且pod已正常運(yùn)行。
注意:如果pod沒(méi)有正常運(yùn)行����,可以查看pv是否綁定成功(狀態(tài)確保為Available),如果pv沒(méi)有問(wèn)題的話���,那就是鏡像還沒(méi)有拉取成功(因?yàn)閙ysql鏡像比較大�,所以花費(fèi)時(shí)間較長(zhǎng)�。)
3)測(cè)試登錄mysql
#注意:如果我們?cè)诓恢續(xù)ysql root用戶(hù)密碼的情況下,可以通過(guò)以下方式進(jìn)行獲取:(其實(shí)在執(zhí)行helm status命令輸出的信息中�����,已經(jīng)告訴我們了mysql的各種事項(xiàng))
[root@master helm]# helm status test-mysql
#內(nèi)容在NOTES部分:
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
test-mysql-mysql.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default test-mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h test-mysql-mysql -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following commands to route the connection:
export POD_NAME=$(kubectl get pods --namespace default -l "app=test-mysql-mysql" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward $POD_NAME 3306:3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}
#執(zhí)行”To get your root password run:“中告訴我們的內(nèi)容:
[root@master helm]# kubectl get secret --namespace default test-mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
123.com #得到mysql root密碼為123.com
//有了密碼���,測(cè)試登陸mysql數(shù)據(jù)庫(kù):
[root@master helm]# kubectl exec -it test-mysql-mysql-dfb9b6944-f6pgs -- mysql -uroot -p123.com
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 222
Server version: 5.7.14 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \s
--------------
mysql Ver 14.14 Distrib 5.7.14, for Linux (x86_64) using EditLine wrapper
Connection id: 222
Current database:
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.7.14 MySQL Community Server (GPL)
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: latin1
Db characterset: latin1
Client characterset: latin1
Conn. characterset: latin1
UNIX socket: /var/run/mysqld/mysqld.sock
Uptime: 20 min 4 sec
Threads: 1 Questions: 486 Slow queries: 0 Opens: 109 Flush tables: 1 Open tables: 102 Queries per second avg: 0.403
--------------
2,Helm升級(jí)與回滾服務(wù)
1)升級(jí)操作:
#就以上面部署的mysql為例����,進(jìn)行版本升級(jí):
//查看當(dāng)前mysql版本:
[root@master helm]# kubectl get deployments. -o wide test-mysql-mysql
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
test-mysql-mysql 1/1 1 1 63m test-mysql-mysql mysql:5.7.14 app=test-mysql-mysql
#比如,將當(dāng)前mysql版本升級(jí)為5.7.15版本:
[root@master helm]# helm upgrade --set imageTag=5.7.15 test-mysql stable/mysql #通過(guò)--set參數(shù)進(jìn)行指定���,后面跟上release名稱(chēng)和release即可
#等待一些時(shí)間(將重新拉取新的鏡像��,并生成新的pod)�����,升級(jí)成功:
[root@master helm]# kubectl get deployments. test-mysql-mysql -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
test-mysql-mysql 1/1 1 1 55m test-mysql-mysql mysql:5.7.15 app=test-mysql-mysql
//可以通過(guò)helm list查看當(dāng)前release的version:
[root@master helm]# helm list #當(dāng)前版本為2版本
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
test-mysql 2 Mon Feb 17 12:38:24 2020 DEPLOYED mysql-0.3.5 default
2)回滾操作:
通過(guò)helm history 可以查看 release 所有的版本:
[root@master helm]# helm history test-mysql
REVISION UPDATED STATUS CHART DESCRIPTION
1 Mon Feb 17 11:51:38 2020 SUPERSEDED mysql-0.3.5 Install complete
2 Mon Feb 17 12:38:24 2020 DEPLOYED mysql-0.3.5 Upgrade complete
#比如�,當(dāng)前執(zhí)行helm rollback將mysql回滾到版本1:
[root@master helm]# helm rollback test-mysql 1
Rollback was a success.
#查看版本是否回滾成功:
[root@master helm]# kubectl get deployments. -o wide test-mysql-mysql
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
test-mysql-mysql 1/1 1 1 63m test-mysql-mysql mysql:5.7.14 app=test-mysql-mysql
//可以看到版本回滾為5.7.14版本
#再次查看�����,發(fā)現(xiàn)當(dāng)前release revision的值為3(表示為第三次的一個(gè)修訂版)
[root@master helm]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
test-mysql 3 Mon Feb 17 12:54:00 2020 DEPLOYED mysql-0.3.5 default
3,Helm+StroagClass
在實(shí)踐部署mysql的過(guò)程中���,手動(dòng)創(chuàng)建pv是非常的不方便的����,在生產(chǎn)環(huán)境中���,有很多的應(yīng)用需要實(shí)現(xiàn)部署���,所以我們可以通過(guò)StorageClass來(lái)為我們提供pv。關(guān)于SC的詳細(xì)內(nèi)容��,參考博文k8s之StorageClass
1)部署nfs server:
[root@master ~]# yum -y install nfs-utils
[root@master ~]# vim /etc/exports
/nfsdata/SC *(rw,sync,no_root_squash)
[root@master ~]# mkdir -p /nfsdata/SC
[root@master ~]# systemctl restart rpcbind
[root@master ~]# systemctl restart nfs-server
[root@master ~]# showmount -e 172.16.1.30
Export list for 172.16.1.30:
/nfsdata/SC *
2)創(chuàng)建rbac權(quán)限:
[root@master helm]# vim rbac-rolebind.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-provisioner
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nfs-provisioner-runner
namespace: default
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get","create","list", "watch","update"]
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
resourceNames: ["nfs-provisioner"]
verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-provisioner-runner
apiGroup: rbac.authorization.k8s.io
[root@master helm]# kubectl apply -f rbac-rolebind.yaml
serviceaccount/nfs-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-provisioner created
3)創(chuàng)建nfs的Deployment:
[root@master helm]# vim nfs-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nfs-client-provisioner
namespace: default
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccount: nfs-provisioner
containers:
- name: nfs-client-provisioner
image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: nfs-deploy
- name: NFS_SERVER
value: 172.16.1.30
- name: NFS_PATH
value: /nfsdata/SC
volumes:
- name: nfs-client-root
nfs:
server: 172.16.1.30
path: /nfsdata/SC
//導(dǎo)入nfs-client-provisioner鏡像(集群中的每個(gè)節(jié)點(diǎn)都需導(dǎo)入�,包括master)
[root@master helm]# docker load --input nfs-client-provisioner.tar
[root@master helm]# kubectl apply -f nfs-deployment.yaml
deployment.extensions/nfs-client-provisioner created
//確保pod正常運(yùn)行:
[root@master helm]# kubectl get pod nfs-client-provisioner-958547f7d-95jkg
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-958547f7d-95jkg 1/1 Running 0 42s
4)創(chuàng)建stroage class:
[root@master sc]# vim test-sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: statefu-nfs
namespace: default
provisioner: nfs-deploy
reclaimPolicy: Retain
[root@master helm]# kubectl apply -f test-sc.yaml
storageclass.storage.k8s.io/statefu-nfs created
[root@master helm]# kubectl get sc
NAME PROVISIONER AGE
statefu-nfs nfs-deploy 3m1s
5)為release申請(qǐng)pv
通過(guò)修改release chart目錄下的values.yaml文件,values文件可以通過(guò)解壓release chart包獲得:
[root@master helm]# tar zxf ~/.helm/cache/archive/mysql-0.3.5.tgz #例如部署mysql
[root@master helm]# cd mysql/
[root@master mysql]# ls
Chart.yaml README.md templates values.yaml
[root@master mysql]# vim values.yaml
#修改內(nèi)容如下:
6)下載mysql chart
#注意���,下載方式為通過(guò)chart本地目錄進(jìn)行安裝(后面會(huì)講到):
[root@master helm]# helm install mysql/ -n new-mysql
#查看release 狀態(tài):
[root@master helm]# helm status new-mysql
部分信息如下:
LAST DEPLOYED: Mon Feb 17 13:38:09 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
new-mysql-mysql Bound pvc-6a4686cc-fb67-4577-8c6d-848a0ae800b5 5Gi RWO statefu-nfs 41s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
new-mysql-mysql-6cf95546fb-fqg54 1/1 Running 0 41s
==> v1/Secret
NAME TYPE DATA AGE
new-mysql-mysql Opaque 2 41s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
new-mysql-mysql ClusterIP 10.108.202.123 3306/TCP 41s
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
new-mysql-mysql 1/1 1 1 41s
可以看到pvc����,pod��,service����,deployment資源已正常運(yùn)行�����,且看到pvc是通過(guò)向stroageclass去獲取的(狀態(tài)已為Bound)�����。
4��,自定義chart
kubernetes 給我們提供了大量官方chart,不過(guò)要部署微服務(wù)應(yīng)用����,還是需要開(kāi)發(fā)自己的chart。但它僅能用于本地訪問(wèn)�����,當(dāng)然�����,用戶(hù)也可以通過(guò) helm package命令將其打包為tar格式后分享給團(tuán)隊(duì)或者社區(qū)�。
在創(chuàng)建自定義chart之前,我們先來(lái)了解helm的幾種安裝方法,Helm支持4種安裝方法:
安裝倉(cāng)庫(kù)中的 chart�����,例如:helm install stable/nginx
通過(guò) tar 包安裝���,例如:helm install ./nginx-1.2.3.tgz
通過(guò) chart 本地目錄安裝���,例如:helm install ./nginx
- 通過(guò) URL 安裝,例如:helm install https://example.com/charts/nginx-1.2.3.tgz
1)創(chuàng)建自定義的chart
[root@master ~]# helm create mychart
Creating mychart
[root@master ~]# tree mychart/
mychart/
├── charts
├── Chart.yaml
├── templates
│?? ├── deployment.yaml
│?? ├── _helpers.tpl
│?? ├── ingress.yaml
│?? ├── NOTES.txt
│?? ├── service.yaml
│?? └── tests
│?? └── test-connection.yaml
└── values.yaml
3 directories, 8 files
Helm 會(huì)幫助我們創(chuàng)建目錄(mychart)�,并生成各類(lèi)chart文件,這樣我們就可以在此基礎(chǔ)上開(kāi)發(fā)自己的chart��。
2)使用自己開(kāi)發(fā)的chart���,簡(jiǎn)單部署nginx服務(wù)
當(dāng)我們創(chuàng)建完chart后�����,查看默認(rèn)生成的values.yaml文件:
[root@master ~]# cat mychart/values.yaml
# Default values for mychart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
tag: stable
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
可以看到部署鏡像默認(rèn)是nginx���,但是其標(biāo)簽(tag)為測(cè)試版本(stable),所以我們無(wú)法直接安裝release�。
#直接修改values文件(修改tag為可使用的版本):
[root@master ~]# vim mychart/values.yaml
#安裝release:
[root@master ~]# helm install mychart/ -n mynginx
#查看release狀態(tài):
[root@master ~]# helm status mynginx
LAST DEPLOYED: Mon Feb 17 15:34:10 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mynginx-mychart 1/1 1 1 10m
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mynginx-mychart-bf987cd5d-vp9qp 1/1 Running 0 10m
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mynginx-mychart ClusterIP 10.96.34.246 80/TCP 10m
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mychart,app.kubernetes.io/instance=mynginx" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
#測(cè)試訪問(wèn)nginx:
[root@master ~]# curl -I 10.96.34.246
HTTP/1.1 200 OK #nignx成功訪問(wèn)
Server: nginx/1.17.3
Date: Mon, 17 Feb 2020 07:45:39 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 13 Aug 2019 08:50:00 GMT
Connection: keep-alive
ETag: "5d5279b8-264"
Accept-Ranges: bytes
#上面我們使用的是ClusterIP訪問(wèn)的nginx����,如果外部應(yīng)用需要訪問(wèn)內(nèi)部服務(wù)��,怎么辦�����?所以我們可以以NodePort的方式將服務(wù)端口映射出去�����。
注意:我們并不能在values文件中直接添加�,需要先在自定義chart的templates目錄下的service.yaml文件進(jìn)行添加變量,操作如下:
[root@master ~]# vim mychart/templates/service.yaml
service.yaml文件是以json語(yǔ)言編寫(xiě)的�����,所以我們進(jìn)行修改時(shí)����,需要按照其格式進(jìn)行修改����。
#在service文件中添加了nodeport的類(lèi)型�,接下來(lái)修改其values文件:
[root@master ~]# vim mychart/values.yaml
#修改完成后�����,重新部署nginx:
[root@master ~]# helm delete mynginx --purge #將原來(lái)的release刪除
release "mynginx" deleted
[root@master ~]# helm install mychart/ -n mynginx #重新安裝
#查看release狀態(tài):
[root@master ~]# helm status mynginx
LAST DEPLOYED: Mon Feb 17 16:02:04 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mynginx-mychart 1/1 1 1 16s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mynginx-mychart-bf987cd5d-xdm2d 1/1 Running 0 16s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mynginx-mychart NodePort 10.100.31.89 80:32134/TCP 16s
#外部通過(guò)nodeport方式訪問(wèn)nginx:
5��,調(diào)試chart
只要是程序���,就會(huì)有bug����,chart也不例外���。Helm提供了debug的工具:helm lint和helm install --dry-run --debug ��。
1)helm lint工具:
helm lint 會(huì)檢測(cè)chart的語(yǔ)法���,報(bào)告錯(cuò)誤以及給出建議。
#比如我們?cè)趘alues.yaml文件中漏掉了一個(gè)冒號(hào)“:” ,通過(guò) helm lint 進(jìn)行測(cè)試��,它會(huì)指出這個(gè)語(yǔ)法錯(cuò)誤��。
[root@master ~]# helm lint mychart/
==> Linting mychart/
[INFO] Chart.yaml: icon is recommended
[ERROR] values.yaml: unable to parse YAML
error converting YAML to JSON: yaml: line 8: could not find expected ':'
Error: 1 chart(s) linted, 1 chart(s) failed
一般在編寫(xiě)完values文件后���,可以先利用helm lint工具檢查是否有bug����。
2)helm install --dry-run --debug測(cè)試:
helm install --dry-run --debug 會(huì)模擬安裝chart,并輸出每個(gè)模板生成的YAML內(nèi)容����。
[root@master ~]# helm install --dry-run mychart/ --debug
[debug] Created tunnel using local port: '43350'
[debug] SERVER: "127.0.0.1:43350"
[debug] Original chart version: ""
[debug] CHART PATH: /root/mychart
NAME: exacerbated-grizzly
REVISION: 1
RELEASED: Mon Feb 17 16:18:48 2020
CHART: mychart-0.1.0
USER-SUPPLIED VALUES:
{}
COMPUTED VALUES:
affinity: {}
fullnameOverride: ""
image:
pullPolicy: IfNotPresent
repository: nginx
tag: latest
imagePullSecrets: []
ingress:
annotations: {}
enabled: false
hosts:
- host: chart-example.local
paths: []
tls: []
nameOverride: ""
nodeSelector: {}
replicaCount: 1
resources: {}
service:
nodePort: 32134
port: 80
type: NodePort
tolerations: []
HOOKS:
---
# exacerbated-grizzly-mychart-test-connection
apiVersion: v1
kind: Pod
metadata:
name: "exacerbated-grizzly-mychart-test-connection"
labels:
app.kubernetes.io/name: mychart
helm.sh/chart: mychart-0.1.0
app.kubernetes.io/instance: exacerbated-grizzly
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['exacerbated-grizzly-mychart:80']
restartPolicy: Never
MANIFEST:
---
# Source: mychart/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: exacerbated-grizzly-mychart
labels:
app.kubernetes.io/name: mychart
helm.sh/chart: mychart-0.1.0
app.kubernetes.io/instance: exacerbated-grizzly
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
spec:
type: NodePort
ports:
- port: 80
targetPort: http
nodePort: 32134
protocol: TCP
name: http
selector:
app.kubernetes.io/name: mychart
app.kubernetes.io/instance: exacerbated-grizzly
---
# Source: mychart/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: exacerbated-grizzly-mychart
labels:
app.kubernetes.io/name: mychart
helm.sh/chart: mychart-0.1.0
app.kubernetes.io/instance: exacerbated-grizzly
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: mychart
app.kubernetes.io/instance: exacerbated-grizzly
template:
metadata:
labels:
app.kubernetes.io/name: mychart
app.kubernetes.io/instance: exacerbated-grizzly
spec:
containers:
- name: mychart
image: "nginx:latest"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{}
我們可以檢視這些輸出, 判斷是否與預(yù)期相符。
6��, 將chart添加到倉(cāng)庫(kù)
chart通過(guò)測(cè)試后可以將其添加到倉(cāng)庫(kù)����,團(tuán)隊(duì)其他成員就能夠方便使用。任何HTTP Server度可以作為chart倉(cāng)庫(kù)���,下面將在集群中node01節(jié)點(diǎn)節(jié)點(diǎn)上搭建倉(cāng)庫(kù)��。
1)在node01上運(yùn)行一個(gè)httpd容器:(提供web服務(wù))
[root@node01 ~]# docker run -d -p 8080:80 -v /var/www/:/usr/local/apache2/htdocs httpd
a2fb5f89dd3fd3f729139e41a105498a60d0bee02c73ad8706636007390eaa55
2)回到master,通過(guò)helm package 將mychart打包:
[root@master ~]# helm package mychart/
Successfully packaged chart and saved it to: /root/mychart-0.1.0.tgz
3)執(zhí)行helm repo index 生成倉(cāng)庫(kù)的index文件:
[root@master ~]# mkdir myrepo
[root@master ~]# mv mychart-0.1.0.tgz myrepo/
[root@master ~]# helm repo index myrepo/ --url http://172.16.1.31:8080/charts #該地址為chart倉(cāng)庫(kù)地址(node01)
[root@master ~]# ls myrepo/
index.yaml mychart-0.1.0.tgz
helm會(huì)掃描 myrepo目錄中的所有tgz包����,并生成index.yaml文件。--url指定的是新chart倉(cāng)庫(kù)的訪問(wèn)路徑��。新生成的index.yaml 記錄了當(dāng)前倉(cāng)庫(kù)中所有 chart 的信息:
[root@master ~]# cat myrepo/index.yaml
apiVersion: v1
entries:
mychart:
- apiVersion: v1
appVersion: "1.0"
created: "2020-02-17T16:34:25.239190623+08:00"
description: A Helm chart for Kubernetes
digest: 367436d83e973f89e4bac162837fb4e9579cf3176b2506a7ed6617a182f11031
name: mychart
urls:
- http://172.16.1.31:8080/charts/mychart-0.1.0.tgz
version: 0.1.0
generated: "2020-02-17T16:34:25.238618624+08:00"
#可以看到當(dāng)前只有mychart這一個(gè)chart。
4)將 mychart-0.1.0.tgz 和 index.yaml 上傳到node1 的 /var/www/charts 目錄���。
#在node01上創(chuàng)建目錄:
[root@node01 ~]# mkdir /var/www/charts
#將文件拷貝給node01:
[root@master ~]# scp myrepo/index.yaml myrepo/mychart-0.1.0.tgz node01:/var/www/charts
index.yaml 100% 400 0.4KB/s 00:00
mychart-0.1.0.tgz 100% 2842 2.8KB/s 00:00
5)通過(guò)helm repo add 將新倉(cāng)庫(kù)添加到Helm:
[root@master ~]# helm repo add myrepo http://172.16.1.31:8080/charts
"myrepo" has been added to your repositories
[root@master ~]# helm repo list
NAME URL
stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
local http://127.0.0.1:8879/charts
myrepo http://172.16.1.31:8080/charts
倉(cāng)庫(kù)命名為myrepo�����,Helm會(huì)從倉(cāng)庫(kù)下載index.yaml����。
#現(xiàn)在用戶(hù)就可以repo search 到mychart了:
[root@master ~]# helm search mychart
NAME CHART VERSION APP VERSION DESCRIPTION
local/mychart 0.1.0 1.0 A Helm chart for Kubernetes
myrepo/mychart 0.1.0 1.0 A Helm chart for Kubernetes
除了自己上傳的倉(cāng)庫(kù)����,這還有一個(gè)local/mychart。這是因?yàn)樵趫?zhí)行第 2 步打包操作的同時(shí)����,mychart 也被同步到了 local 的倉(cāng)庫(kù)。
#從新倉(cāng)庫(kù)中安裝mychart:
[root@master ~]# helm install myrepo/mychart -n new-nginx
#查看release的狀態(tài):
[root@master ~]# helm status new-nginx #pod正常運(yùn)行
LAST DEPLOYED: Mon Feb 17 16:56:54 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
new-nginx-mychart 1/1 1 1 55s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
new-nginx-mychart-66d6bbb795-fsgml 1/1 Running 0 55s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
new-nginx-mychart NodePort 10.106.51.8 80:32134/TCP 55s
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services new-nginx-mychart)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
如果以后倉(cāng)庫(kù)添加了新的chart���,需要用helm repo update命令更新本地的index����。
[root@master ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "myrepo" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
當(dāng)前文章:kubernetes應(yīng)用包管理工具(Helm)
轉(zhuǎn)載注明:
http://weahome.cn/article/ihschp.html
重慶分公司
重慶分公司
