一、下载helm安装脚本
1.1 介绍
- Helm是Kubernetes的包管理器。
- 其实就是管理了一推配置文件,ds,configmap,deployment......,一类规则。
就类似:
- yum是centos的包管理器。
- apt-get是ubuntu的包管理器。
- pip是python的包管理器。
- npm是nodejs的包管理器。
1.2 下载helm安装脚本
# 这样下载的都是master 最新版的。
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh
# 我这下载的是v2.17.0版本的
curl https://raw.githubusercontent.com/helm/helm/v2.17.0/scripts/get > get_helm.sh
1.3 安装helm客户端
# 正常是执行安装脚本就行,脚本会帮你去下载安装包,并且安装。
bash get_helm.sh
注:由于国内网络原因,下载helm安装包时会失败,所以我已经把安装包下载到本地,并修改了安装脚本。安装包和安装脚本都放同级目录下。
安装包:链接: https://pan.baidu.com/s/1fmhhSE3zAO2bNdlvV38KMA 密码: acdv
安装脚本:猛击这里
查看代码
#!/usr/bin/env bash
# Copyright The Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The install script is based off of the MIT-licensed script from glide,
# the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get
PROJECT_NAME="helm"
TILLER_NAME="tiller"
: ${USE_SUDO:="true"}
: ${HELM_INSTALL_DIR:="/usr/local/bin"}
# initArch discovers the architecture for this system.
initArch() {
ARCH=$(uname -m)
case $ARCH in
armv5*) ARCH="armv5";;
armv6*) ARCH="armv6";;
armv7*) ARCH="arm";;
aarch64) ARCH="arm64";;
x86) ARCH="386";;
x86_64) ARCH="amd64";;
i686) ARCH="386";;
i386) ARCH="386";;
esac
}
# initOS discovers the operating system for this system.
initOS() {
OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')
case "$OS" in
# Minimalist GNU for Windows
mingw*) OS='windows';;
esac
}
# runs the given command as root (detects if we are root already)
runAsRoot() {
if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
sudo "${@}"
else
"${@}"
fi
}
# verifySupported checks that the os/arch combination is supported for
# binary builds.
verifySupported() {
local supported="darwin-amd64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-ppc64le\nlinux-s390x\nwindows-amd64"
if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then
echo "No prebuilt binary for ${OS}-${ARCH}."
echo "To build from source, go to https://github.com/helm/helm"
exit 1
fi
if ! type "curl" > /dev/null && ! type "wget" > /dev/null; then
echo "Either curl or wget is required"
exit 1
fi
}
# checkDesiredVersion checks if the desired version is available.
checkDesiredVersion() {
if [ "x$DESIRED_VERSION" == "x" ]; then
# Pinning tag to v2.17.0 as per https://github.com/helm/helm/issues/9607
TAG=v2.17.0
else
TAG=$DESIRED_VERSION
fi
}
# checkHelmInstalledVersion checks which version of helm is installed and
# if it needs to be changed.
checkHelmInstalledVersion() {
if [[ -f "${HELM_INSTALL_DIR}/${PROJECT_NAME}" ]]; then
local version=$("${HELM_INSTALL_DIR}/${PROJECT_NAME}" version -c | grep '^Client' | cut -d'"' -f2)
if [[ "$version" == "$TAG" ]]; then
echo "Helm ${version} is already ${DESIRED_VERSION:-latest}"
return 0
else
echo "Helm ${TAG} is available. Changing from version ${version}."
return 1
fi
else
return 1
fi
}
# downloadFile downloads the latest binary package and also the checksum
# for that binary.
downloadFile() {
HELM_DIST="helm-$TAG-$OS-$ARCH.tar.gz"
DOWNLOAD_URL="https://get.helm.sh/$HELM_DIST"
CHECKSUM_URL="$DOWNLOAD_URL.sha256"
HELM_TMP_ROOT="$(mktemp -dt helm-installer-XXXXXX)"
HELM_TMP_FILE="$HELM_TMP_ROOT/$HELM_DIST"
HELM_SUM_FILE="$HELM_TMP_ROOT/$HELM_DIST.sha256"
echo "Downloading $DOWNLOAD_URL"
if type "curl" > /dev/null; then
curl -SsL "$CHECKSUM_URL" -o "$HELM_SUM_FILE"
elif type "wget" > /dev/null; then
wget -q -O "$HELM_SUM_FILE" "$CHECKSUM_URL"
fi
if type "curl" > /dev/null; then
#curl -SsL "$DOWNLOAD_URL" -o "$HELM_TMP_FILE"
cp -rf ./helm-v2.17.0-linux-amd64.tar.gz $HELM_TMP_FILE # 就修改了这个地方 让脚本直接复制的本地包。
elif type "wget" > /dev/null; then
wget -q -O "$HELM_TMP_FILE" "$DOWNLOAD_URL"
fi
}
# installFile verifies the SHA256 for the file, then unpacks and
# installs it.
installFile() {
HELM_TMP="$HELM_TMP_ROOT/$PROJECT_NAME"
local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}')
local expected_sum=$(cat ${HELM_SUM_FILE})
if [ "$sum" != "$expected_sum" ]; then
echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting."
exit 1
fi
mkdir -p "$HELM_TMP"
tar xf "$HELM_TMP_FILE" -C "$HELM_TMP"
HELM_TMP_BIN="$HELM_TMP/$OS-$ARCH/$PROJECT_NAME"
TILLER_TMP_BIN="$HELM_TMP/$OS-$ARCH/$TILLER_NAME"
echo "Preparing to install $PROJECT_NAME and $TILLER_NAME into ${HELM_INSTALL_DIR}"
runAsRoot cp "$HELM_TMP_BIN" "$HELM_INSTALL_DIR"
echo "$PROJECT_NAME installed into $HELM_INSTALL_DIR/$PROJECT_NAME"
if [ -x "$TILLER_TMP_BIN" ]; then
runAsRoot cp "$TILLER_TMP_BIN" "$HELM_INSTALL_DIR"
echo "$TILLER_NAME installed into $HELM_INSTALL_DIR/$TILLER_NAME"
else
echo "info: $TILLER_NAME binary was not found in this release; skipping $TILLER_NAME installation"
fi
}
# fail_trap is executed if an error occurs.
fail_trap() {
result=$?
if [ "$result" != "0" ]; then
if [[ -n "$INPUT_ARGUMENTS" ]]; then
echo "Failed to install $PROJECT_NAME with the arguments provided: $INPUT_ARGUMENTS"
help
else
echo "Failed to install $PROJECT_NAME"
fi
echo -e "\tFor support, go to https://github.com/helm/helm."
fi
cleanup
exit $result
}
# testVersion tests the installed client to make sure it is working.
testVersion() {
set +e
HELM="$(command -v $PROJECT_NAME)"
if [ "$?" = "1" ]; then
echo "$PROJECT_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?'
exit 1
fi
set -e
echo "Run '$PROJECT_NAME init' to configure $PROJECT_NAME."
}
# help provides possible cli installation arguments
help () {
echo "Accepted cli arguments are:"
echo -e "\t[--help|-h ] ->> prints this help"
echo -e "\t[--version|-v <desired_version>]"
echo -e "\te.g. --version v2.4.0 or -v latest"
echo -e "\t[--no-sudo] ->> install without sudo"
}
# cleanup temporary files to avoid https://github.com/helm/helm/issues/2977
cleanup() {
if [[ -d "${HELM_TMP_ROOT:-}" ]]; then
rm -rf "$HELM_TMP_ROOT"
fi
}
# Execution
#Stop execution on any error
trap "fail_trap" EXIT
set -e
# Parsing input arguments (if any)
export INPUT_ARGUMENTS="${@}"
set -u
while [[ $# -gt 0 ]]; do
case $1 in
'--version'|-v)
shift
if [[ $# -ne 0 ]]; then
export DESIRED_VERSION="${1}"
else
echo -e "Please provide the desired version. e.g. --version v2.4.0 or -v latest"
exit 0
fi
;;
'--no-sudo')
USE_SUDO="false"
;;
'--help'|-h)
help
exit 0
;;
*) exit 1
;;
esac
shift
done
set +u
initArch
initOS
verifySupported
checkDesiredVersion
if ! checkHelmInstalledVersion; then
downloadFile
installFile
fi
testVersion
cleanup
二、安装tiller
说白了就是接收到helm发送的请求,然后根据一系类 的配置文件生成k8s的部署文件(yaml文件),然后提交给k8s。
2.1 安装socat
socat是解决helm连接不上tiller问题。一个通信的问题。
报错如下:
[root@k8s-master hello-svc]# helm version
Client: &version.Version{SemVer:"v2.17.0", GitCommit:"6af75a8fd72e2aa18a2b278cfe5c7a1c5feca7f2", GitTreeState:"clean"}
E0224 14:13:16.077226 7416 portforward.go:331] an error occurred forwarding 37271 -> 44134: error forwarding port 44134 to pod 76a7312e49220a229e443546a4b32d3e0406f09fd9b3646b3d30f6833e121375, uid : unable to do port forwarding: socat not found.
Error: cannot connect to Tiller
解决:安装一下这个包就行
yum -y install socat
###########
apt-get -y install socat
2.2 创建tiller rbac授权
首先tiller想要把配置文件提交给k8s,那么它肯定需要权限才行。
所以这一步就是给tiller权限。
# 一个sa,然后把sa绑定给admin角色。这样这个sa就有集群的admin 所有权限。然后tiller使用这个sa就行。
kubectl create -f heml-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
传送门:k8s rbac权限随笔
2.3 初始化helm
其实就是在k8s起了一个tiller pod。
# 使用的镜像要和helm版本一样
# stable-repo-url 是仓库地址,就是类似于yum仓库的源。
# service-account 指定上面创建的sa
# --history-max 设置最大历史记录,大限制清除,如果没有设置最大历史记录,则无限期地保留历史记录.
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.17.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts --service-account=tiller --history-max 50
2.4 验证
# 这样就是安装成功了
[root@zm-qa-k8s40 v2.0]# helm version
Client: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
三、常用命令
# 查看版本
helm version
# 查看当前安装的charts
helm list
# 查询 charts
helm search [release_name]
# 安装charts
helm install --name redis --namespaces prod bitnami/redis
# 查看charts状态
helm status [release_name]
# 删除charts
helm delete --purge [release_name]
# 增加repo
helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo add --username admin --password password myharbor https://xxx.ooo.com
# 更新repo仓库资源
helm repo update
# 创建charts
helm create helm_charts
# 测试charts语法
helm lint
# 打包charts
cd helm_charts && helm package ./
#查看生成的yaml文件
helm template helm_charts-0.1.1.tgz
# 更新image
helm upgrade --set image.tag='v2021-12-22-10-48-40' study-api-en-oral myharbor/study-api-en-oral
# 回滚relase
helm hist study-api-en-oral
helm rollback study-api-en-oral 4
#升级版本
helm upgrade [release_name] .
helm upgrade -f values.yaml [release_name] .
helm upgrade [release_name] --set image.tag='latest'