Kubernetes之Helm包管理
最近研究了下kubernetes用的比较火的Helm, Helm作为一个包管理工具, 它把Kubernetes资源(比如deployments、services或 ingress等) 打包到一个chart中,方便我们将其chart保存到chart仓库用来存储和分享, Helm支持发布应用配置的版本管理, 使发布可配置, 它最终简化了Kubernetes部署应用的版本控制、打包、发布、删除、更新等操作。
其实Helm和我们的ansible playbook有一些类似的地方就是, 它支持变量预定义, 使我们每一个kube脚本将一些重复的配置使用变量代替, 方便我们对一个project release的管理和批量部署, 升级, 回滚等操作.
Let's roll out...
安装环境
Local Desktop: MacOS
Virtual Machine: Virtual Box
Virtual System: CentOS 7.4
Kubernetes: Kubernetes1.9
Docker: 17.03.2-ce
Helm: helm-v2.7.0
kube-master 10.110.16.10
kube-node-1 10.110.16.11
一. 系统环境配置
1.关闭SELINUX和firewall
# vi /etc/sysconfig/selinux
... SELINUX=disabled ...
# setenforce 0
# systemctl stop firewalld && systemctl disable firewalld
2.安装k8s环境.
http://www.showerlee.com/archives/2200
二. Helm配置
1.Helm安装
# wget https://storage.googleapis.com/kubernetes-helm/helm-v2.7.0-linux-amd64.tar.gz
# tar -zxvf helm-v2.7.0-linux-amd64.tar.gz
# mv linux-amd64/helm /usr/local/bin/
2.添加tiller到k8s service account
# kubectl create serviceaccount --namespace kube-system tiller
# kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
3.使用阿里云tiller镜像以及tiller账户初始化helm, 将tiller部署到k8s deployment下.
# vi ~/.helm/repository/repositories.yaml
Tip: username, password为你的阿里云账号密码
apiVersion: v1 generated: 2018-04-13T23:48:19.490774427-04:00 repositories: - caFile: "" cache: /root/.helm/repository/cache/stable-index.yaml certFile: "" keyFile: "" name: stable password: "password" url: https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts username: "username" - caFile: "" cache: /root/.helm/repository/cache/local-index.yaml certFile: "" keyFile: "" name: local password: "" url: http://127.0.0.1:8879/charts username: ""
# helm init --service-account tiller --upgrade --tiller-image=registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.7.0
Tip: 这里helm可以理解为一个操作tiller服务的客户端, tiller作为部署到k8s下的一个deployment, 负责去将我们的chart脚本解析给k8s去做进一步的部署工作.
4.检查tiller是否部署到k8s
# kubectl get pods --namespace kube-system
NAME READY STATUS RESTARTS AGE etcd-kube-master 1/1 Running 0 26d kube-apiserver-kube-master 1/1 Running 0 26d kube-controller-manager-kube-master 1/1 Running 1 26d kube-dns-6f4fd4bdf-54smn 3/3 Running 0 26d kube-flannel-ds-gwl2z 1/1 Running 0 26d kube-flannel-ds-m754s 1/1 Running 0 26d kube-proxy-697qx 1/1 Running 0 26d kube-proxy-cvfd9 1/1 Running 0 26d kube-scheduler-kube-master 1/1 Running 1 26d tiller-deploy-cf797bfbf-rnk4k 1/1 Running 0 1h
5.创建一个chart范例
# helm create helm-chart
# tree ./helm-chart
./helm-chart ├── charts ├── Chart.yaml ├── templates │ ├── deployment.yaml │ ├── _helpers.tpl │ ├── ingress.yaml │ ├── NOTES.txt │ └── service.yaml └── values.yaml
Tip: 可以看到helm默认创建了一个chart表结构, 这里的templates下面放的大部分为k8s的部署脚本, values.yaml和chart.yaml为主要的参数文件存放一些变量供k8s yaml文件调用, 有需要的小伙伴可以将自己的k8s脚本与默认进行替换.
6.检查chart语法
# helm lint ./helm-chart
7.使用默认chart部署到k8s
# helm install --name example1 ./helm-chart --set service.type=NodePort
Tip: 这里 --name命名我们这个chart release的名称, --set service.type=NodePort为将我们的任意node的ip映射到我们部署的pod, 以供访问.
# helm install --name example1 ./helm-chart --set service.type=NodePort
NAME: example1
LAST DEPLOYED: Sat Apr 14 01:08:16 2018
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
example1-helm-chart NodePort 10.105.111.66 <none> 80:25146/TCP 0s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
example1-helm-chart 1 1 1 0 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
example1-helm-chart-7975cbf9b7-86vx5 0/1 ContainerCreating 0 0s
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services example1-helm-chart)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
我们可以使用上面的NOTES去访问我们的部署网站
# curl 10.110.16.10:25146
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
8.查看当前的部署列表
# helm ls
NAME REVISION UPDATED STATUS CHART NAMESPACE example1 1 Sat Apr 14 01:08:16 2018 DEPLOYED helm-chart-0.1.0 default
# kubectl get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE example1-helm-chart 1 1 1 1 4m
9.打包chart
# helm package ./helm-chart --debug
10.使用包去做release部署
# helm install --name example2 helm-chart-0.1.0.tgz --set service.type=NodePort
11.升级当前release
# helm upgrade example2 ./helm-chart
12.回滚当前release
# helm rollback example2 1
13.删除该release
# helm delete example2
# helm del --purge example2
14.查看release历史删除记录
Tip: 如果删除时未使用--purge参数可查看删除记录
# helm ls --deleted -d
NAME REVISION UPDATED STATUS CHART NAMESPACE example2 2 Sat Apr 14 00:14:54 2018 DELETED helm-chart-0.1.0 default
这里作者就不继续介绍helm chart的一些语法结构了, 有需要的小伙伴可以直接访问Helm官方去查看相关文档
Finished...
本文链接:http://www.showerlee.com/archives/2455
2条大神的评论
无法clone仓库!
# git clone git@git.showerlee.com:showerlee/kube-deploy.git
Cloning into ‘kube-deploy’…
ssh: connect to host git.showerlee.com port 22: Connection refused
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
@zhang
试试这个:
git clone https://showerlee@git.showerlee.com/showerlee/kube-deploy.git