简单介绍:
Helm其实就是一个基于Kubernetes的程序包(资源包)管理器,它将一个应用的相关资源组织成为Charts,并通过Charts管理程序包。再简单点说,可以当做RHEL/CentOS系统中的yum机制,有yum install,也有helm install等等。具体可以参考网上其他介绍。
GitHub:https://github.com/helm/helm
官网:https://helm.sh/docs/using_helm/#quickstart-guide
测试环境:
同之前部署的集群环境,如下
System | Hostname | IP | Helm |
CentOS 7.6 | k8s-master | 192.168.1.120 | helm命令安装在主节点上 |
CentOS 7.6 | k8s-node1 | 192.168.1.121 | — |
CentOS 7.6 | k8s-node2 | 192.168.1.122 | — |
具体步骤:
1. 安装客户端Helm命令(https://github.com/helm/helm/releases)
[root@k8s-master ~]# wget https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz
解压,将其中的helm文件移至 /usr/local/bin/
[root@k8s-master ~]# mv linux-amd64/helm /usr/local/bin/
helm的命令安装完成,如需查看命令怎么使用,使用 ~]# helm help 即可。
2. 安装Tiller服务
Tiller是helm的服务器端,一般运行于kubernetes集群之上,当然少不了RBAC授权,事先创建相关的ServiceAccount才能进行安装。
下面给出了一个样例yaml清单,定义了一个名为tiller的ServiceAccount,并通过ClusterRoleBinding将其绑定至集群管理员角色cluster-admin,从而使得它拥有集群级别所有的最高权限:
[root@k8s-master ~]# cat till-rbac-config.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
发布到kubernetes集群中去:
[root@k8s-master ~]# kubectl apply -f till-rbac-config.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created
接下来,初始化Tiller服务:
[root@k8s-master ~]# helm init --upgrade --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.13.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
如上显示,初始化成功!
注意:helm init命令进行初始化时,Kubernetes集群会到gcr.io/kubernetes-helm/上获取所需的镜像,不出意外,被墙了,故指定替代镜像可以解决。同时还要将repo源更换成阿里的镜像,更快更便捷。
3. helm命令使用
①更新使用的默认仓库元数据信息
[root@k8s-master ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
②搜索列出
[root@k8s-master ~]# helm search redis
NAME CHART VERSION APP VERSION DESCRIPTION
stable/redis 1.1.15 4.0.8 Open source, advanced key-value store. It is often referr...
stable/redis-ha 2.0.1 Highly available Redis cluster with multiple sentinels an...
stable/sensu 0.2.0 Sensu monitoring framework backed by the Redis transport
③打印指定Charts详细信息
[root@k8s-master ~]# helm inspect stable/redis
④安装
[root@k8s-master ~]# helm install stable/redis -n redis // -n 给个名字;也可以在安装前加个 --dry-run 用作测试
⑤查看已经安装
[root@k8s-master ~]# helm list
⑥删除已经安装的
[root@k8s-master ~]# helm delete redis
⑦其他
[root@k8s-master ~]# helm upgrade
[root@k8s-master ~]# helm rollback
[root@k8s-master ~]# helm history
至此,Helm的安装和简单使用到此完成。