【转】K8S中部署Helm

K8S中的包管理工具

1. 客户端Helm(即Helm)

通过脚本安装：curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > helm.sh，赋权运行：

chmod +x helm.sh
./helm.sh

# 输出
Downloading https://kubernetes-helm.storage.googleapis.com/helm-v2.13.1-linux-amd64.tar.gz
Preparing to install helm and tiller into /usr/local/bin
helm installed into /usr/local/bin/helm
tiller installed into /usr/local/bin/tiller
Run 'helm init' to configure helm.

# 验证
helm help

注：可能在执行脚本时出现curl: (7) Failed connect to kubernetes-helm.storage.googleapis.com:443; 网络不可达异常信息，多执行几次即可。

2. 服务端Tiller

直接helm init，即可在K8S集群中安装Tiller（在kube-system命名空间中），但执行的时虽然提示成功了，但K8S查看容器状态发现有Failed to pull image "gcr.io/kubernetes-helm/tiller:v2.13.1"....的异常，查看tiller-deployment的yaml文件发现容器的镜像为gcr.io/kubernetes-helm/tiller:v2.13.1，拉不到，去dockerhub上查看谷歌复制镜像命名空间中mirrorgooglecontainers是否有，没有又查看是否有用户镜像docker search tiller:v2.13.1，拉取一个用户的镜像，修改tag、删除旧的（建议在每个节点都干一下，选择器可能没有指定）：

1
2
3

docker pull hekai/gcr.io_kubernetes-helm_tiller_v2.13.1
docker tag hekai/gcr.io_kubernetes-helm_tiller_v2.13.1 gcr.io/kubernetes-helm/tiller:v2.13.1
docker rmi hekai/gcr.io_kubernetes-helm_tiller_v2.13.1

再次查看pod已经成功。

tiller授权：

# 设置账号
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

# 使用 kubectl patch 更新 API 对象
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

# 查看授权是否成功
kubectl get deploy --namespace kube-system   tiller-deploy  --output yaml|grep  serviceAccount

serviceAccount: tiller
serviceAccountName: tiller

helm version

Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}

卸载tiller：helm reset或helm reset --force

3. 使用

创建Helm chart（Helm中的包的形式叫做chart）：

# 拉取测试代码
git clone https://github.com/daemonza/testapi.git;

cd testapi
# 创建chart骨架
helm create testapi-chart

生成的chart骨架为：

testapi-chart
├── charts
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
| ├── service.yaml
│ └── tests
└── values.yaml

其中templates目录中存放的是K8S部署文件的模板，Chart.yaml文件如下：

# chartAPI的版本，必须只能设为v1
apiVersion: v1
# 可选参数
appVersion: "1.0"
# 可选参数
description: A Helm chart for Kubernetes
# chart的名字，必选参数
name: testapi-chart
# chart的版本号，必选参数，必须符合SemVer
version: 0.1.0

其中values.yaml文件如下：

# Default values for testapi-chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicaCount: 1

image:
  repository: nginx
  tag: stable
  pullPolicy: IfNotPresent

nameOverride: ""
fullnameOverride: ""

service:
  type: ClusterIP
  port: 80

ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths: []

  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

nodeSelector: {}

tolerations: []

affinity: {}

可以进入Chart.yaml所在目录运行Chart：

cd testapi-chart

# 运行chart
helm lint

一切OK的话可以进行打包（在Chart.yaml的父目录外）：

# --debug标识可选，加上可以看到输出，testapi-chart是要打包的chart目录，打出的包在当前目录下
helm package testapi-chart --debug

# 输出
Successfully packaged chart and saved it to: /root/k8s/helm/testapi/testapi-chart-0.1.0.tgz
[debug] Successfully saved /root/k8s/helm/testapi/testapi-chart-0.1.0.tgz to /root/.helm/repository/local

现在打包出来在当前目录，也可以直接发布到本地的helm仓库：helm install testapi-chart-0.1.0.tgz，输出如下：

NAME:   lumbering-zebu
LAST DEPLOYED: Fri Apr 26 18:54:26 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Deployment
NAME                          READY  UP-TO-DATE  AVAILABLE  AGE
lumbering-zebu-testapi-chart  0/1    1           0          0s

==> v1/Pod(related)
NAME                                           READY  STATUS             RESTARTS  AGE
lumbering-zebu-testapi-chart-7fb48fc7b6-n6824  0/1    ContainerCreating  0         0s

==> v1/Service
NAME                          TYPE       CLUSTER-IP  EXTERNAL-IP  PORT(S)  AGE
lumbering-zebu-testapi-chart  ClusterIP  10.97.1.55  <none>       80/TCP   0s

NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=testapi-chart,app.kubernetes.io/instance=lumbering-zebu" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:80

上述就已经在K8S中创建了deployment，查看默认的命名空间就可以发现多了一个lumbering-zebu-testapi-chart的Deployment，可以查看deployment的包：

helm ls

# 输出
NAME          	REVISION	UPDATED                 	STATUS  	CHART              	APP VERSION	NAMESPACE
lumbering-zebu	1       	Fri Apr 26 18:54:26 2019	DEPLOYED	testapi-chart-0.1.0	1.0        	default

修改Chart的打包版本0.1.0–>0.1.1，再次执行打包、发布，再次查看：

kubectl get deployments

NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
lumbering-zebu-testapi-chart   1/1     1            1           13m
odd-chicken-testapi-chart      1/1     1            1           85s

出现2个了，现在需要删除旧版本的deployment的chart：helm delete lumbering-zebu-testapi-chart，通过helm ls和kubectl get pods可以发现旧版本的deployment都已经被删除。删除后同样可以回滚：

# 将testapi包按顺序回滚1次修改，注意不带-testapi-chart
helm rollback lumbering-zebu 1
# 输出
Rollback was a success! Happy Helming!
# 验证
helm ls

但这种情况必须记得删除包的名字，实际可以通过helm ls --deleted查看已删除包的名字。

升级，可以在修改相关的Chart.yaml文件后，直接在其所在目录运行helm upgrade odd-chicken .命令即可更新：

# 验证
helm ls
# 版本号已变
NAME       	REVISION	UPDATED                 	STATUS  	CHART               	APP VERSION	NAMESPACE
odd-chicken	2       	Fri Apr 26 19:26:21 2019	DEPLOYED	testapi-chart2-2.1.1	2.0        	default

【设置Helm仓库】

越来越觉得这东西像mvn了，Helm的仓库就是一个WEB服务器，如从charts目录提供helm服务：helm serve --repo-path ./charts。此外关于Chart服务的管理可能需要安装Monocular来提供WEB页面，安装步骤如下：

# 拉取所需要的镜像
docker pull registry.cn-shanghai.aliyuncs.com/hhu/defaultbackend:1.4
docker tag registry.cn-shanghai.aliyuncs.com/hhu/defaultbackend:1.4 k8s.gcr.io/defaultbackend:1.4
docker rmi registry.cn-shanghai.aliyuncs.com/hhu/defaultbackend:1.4

# 安装Nginx Ingress controller
helm install stable/nginx-ingress --set controller.hostNetwork=true,rbac.create=true

# 添加源（最新的源）
helm repo add monocular https://helm.github.io/monocular
# 安装monocular
helm install monocular/monocular

然后等待，安装完了之后，即可通过

【使用Helm仓库】

使用Helmet作为Helm仓库，可以将它部署到K8S集群中并添加Chart。

转自：https://blog.wgl.wiki/K8S%E4%B8%AD%E9%83%A8%E7%BD%B2Helm/