k8s/Kubernetes常用组件Helm的部署

Helm的安装

1.Helm的基本概念
Helm是Kubernetes的一个包管理工具，用来简化Kubernetes应用的部署和管理。可以把Helm比作CentOS的yum工具。 Helm有如下几个基本概念：

Chart: 是Helm管理的安装包，里面包含需要部署的安装包资源。可以把Chart比作CentOS yum使用的rpm文件。每个Chart包含下面两部分：
包的基本描述文件Chart.yaml
放在templates目录中的一个或多个Kubernetes manifest文件模板
Release：是chart的部署实例，一个chart在一个Kubernetes集群上可以有多个release，即这个chart可以被安装多次
Repository：chart的仓库，用于发布和存储chart
使用Helm可以完成以下事情：

管理Kubernetes manifest files
管理Helm安装包charts
基于chart的Kubernetes应用分发

更详细的介绍:
https://www.kubernetes.org.cn/3435.html

官方安装文档:https://helm.sh/docs/using_helm/#installing-helm
官方给的安装脚本:https://raw.githubusercontent.com/helm/helm/master/scripts/get

安装(我们手工使用二进制文件安装)

先下载 helm 二进制文件
https://github.com/kubernetes/helm/releases
2.14版下载地址: https://storage.googleapis.com/kubernetes-helm/helm-v2.14.0-linux-amd64.tar.gz
解压,可执行文件移动到/usr/local/bin/下

wget https://storage.googleapis.com/kubernetes-helm/helm-v2.14.0-linux-amd64.tar.gz
tar xvf helm-v2.14.0-linux-amd64.tar.gz
cd linux-amd64/
mv helm /usr/local/bin
cd ..
rm -rf  linux-amd64/

测试运行

[root@k8smaster centos]# helm  version
Client: &version.Version{SemVer:"v2.14.0", GitCommit:"05811b84a3f93603dd6c2fcfe57944dfa7ab7fd0", GitTreeState:"clean"}
Error: could not find tiller
#提示没找到tiller

安装tiller
为了安装服务端tiller，还需要在这台机器上配置好kubectl工具和kubeconfig文件，确保kubectl工具可以在这台机器上访问apiserver且正常使用。

因为Kubernetes APIServer开启了RBAC访问控制，所以需要创建tiller使用的service account: tiller并分配合适的角色给它。 详细内容可以查看helm文档中的Role-based Access Control。 这里简单起见直接分配cluster-admin这个集群内置的ClusterRole给它。创建rbac-config.yaml文件：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

[root@k8smaster ~]# kubectl create -f rbac-config.yaml 
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created

helm部署tiller:

[root@k8smaster centos]# helm init --service-account tiller --skip-refresh
Creating /root/.helm 
Creating /root/.helm/repository 
Creating /root/.helm/repository/cache 
Creating /root/.helm/repository/local 
Creating /root/.helm/plugins 
Creating /root/.helm/starters 
Creating /root/.helm/cache/archive 
Creating /root/.helm/repository/repositories.yaml 
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
Adding local repo with URL: http://127.0.0.1:8879/charts 
$HELM_HOME has been configured at /root/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation

如果镜像拉取有问题,可以使用阿里云的地址
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.5.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

查看和验证
tiller默认被部署在k8s集群中的kube-system这个namespace下：

[root@k8smaster ~]# kubectl get pod -n kube-system -l app=helm
NAME                             READY   STATUS    RESTARTS   AGE
tiller-deploy-598f58dd45-5q8pv   1/1     Running   0          4m23s

[root@k8smaster ~]# helm version
Client: &version.Version{SemVer:"v2.14.0", GitCommit:"05811b84a3f93603dd6c2fcfe57944dfa7ab7fd0", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.0", GitCommit:"05811b84a3f93603dd6c2fcfe57944dfa7ab7fd0", GitTreeState:"clean"}

关于使用:
参考官方 快速使用 https://helm.sh/docs/using_helm/#quickstart-guide

参考:
https://www.kubernetes.org.cn/3435.html
https://blog.frognew.com/2018/10/ingress-edge-node-ha-in-bare-metal-k8s-with-ipvs.html