Helm
helm2有两个组件:
- helm: 客户端
- tiller: 服务端(helm3被移除)
概念:
- chart: helm包,包含运行一个应用所需的镜像,依赖和资源.
- repository: 用于发布和存储chart的仓库.
- release: 在k8s集群上运行的一个chart实例.
repository有哪些:
- charts: OSS, public, 已经被artifacthub取代, https://github.com/helm/charts
- artifacthub: OSS, public, https://artifacthub.io/
- chartmuseum: OSS, private, self-host, https://github.com/helm/chartmuseum
- harbor: OSS, private, self-host.
- artifactory(jfrog): enterprise, private, self-host.
安装
helm和kubectl一样,访问指定配置的k8s集群。
helm2需要安装tiller并且执行helm init初始化,helm不需要tiller.
本地二进制安装helm3+:
curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
sudo apt-get install apt-transport-https --yes
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm
命令
repo管理
查看有哪些repo,默认没有repo
$ helm repo list
添加repo并命名
$ helm repo add [NAME] [URL] [flags]
// 添加charts/artifactoryhub stable命名为stable
$ helm repo add stable https://charts.helm.sh/stable
更新repo:
$ helm repo update
chart管理
从repo中查找chart:
$ helm search hub [KEYWORD] [flags]
从repo里面的chart里面搜索关键字:
$ helm search repo [keyword] [flags]
//查看repo里面所有chart
$ helm search repo
// 查看repo里面所有treafik chart
$ helm search repo traefik
查看chart信息:
helm show chart traefik/traefik
helm show values traefik/traefik > value.yaml
下载chart:
helm pull chart-name
release管理
install/upgrade/uninstall/rollback
status/list/get/history
安装chart:
helm install [name] [chart] [flags]
// 验证签名
helm install --verify ...
helm install traefik traefik/traefik
// 需提前创建namespace, 修改value
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard -f value.yaml -n kubernetes-dashboard
查看release(每个install都是一个release):
helm list
-a, --all show all releases without any filter applied.
-A, --all-namespaces list releases across all namespaces.
卸载release:
helm uninstall kubernetes-dashboard -n kubernetes-dashboard
查看状态:
helm status mysql
获取release信息:
helm get manifest [name]
misc
helm plugin
helm env
chart开发
创建chart:
helm create my-chart
debug chart:
// 检查语法
helm lint my-chart
// 模拟安装
helm install my-chart ./my-chart --dry-run --debug
模板管理:
helm template [name] [chart]
// 在本地渲染模板
helm template my-chart ./my-chart
依赖chart管理:
helm dependency
// 将依赖的chart下载到chart目录.
helm dep up <chart-name>
测试chart:
helm test
打包chart:
https://helm.sh/zh/docs/topics/provenance/
helm package my-chart
// 会另外生成一个.prov文件
helm package --sign --key "Canux" --keyring ~/.gnupg/secring.gpg my-chart
验证打包的chart:
helm verify my-chart.tgz
生成index文件:
helm repo index my-chart-folder --url <repo-url>
上传chart到registry:
有的registry支持ui上直接upload,或者CLI上传,也可以通过helm push上传.
helm registry login
helm push my-chart.tgz oci://registry/helm-charts
helm registry logout
如果是OCI registry目前只支持以下命令:
helm registry login/logout
helm push
helm pull
helm show
helm template
helm install
helm upgrade
chart 目录:
values.yaml
Chart.yaml
charts/
templates/
templates/tests/
Chart.yaml语法:
https://helm.sh/zh/docs/topics/charts/#chartyaml-%E6%96%87%E4%BB%B6
template的流控制:
https://helm.sh/zh/docs/chart_template_guide/control_structures/
// 用$代替. 来获取上一级的变量
{{- range .Values.worker }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app.fullname" $ }}-worker-{{ .name }}
labels:
{{- include "worker.labels" $ | nindent 4 }}
spec:
{{- if not .autoscaling.enabled }}
replicas: {{ $.Values.replicaCount }}
{{- end }}
......
---
{{- end }}
template的函数:
https://helm.sh/zh/docs/chart_template_guide/function_list/
hooks:
helm uninstall 不会删除有hook的资源。
https://helm.sh/zh/docs/topics/charts_hooks/
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-install, pre-install, ...
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed, ...