一,Helm基礎概述
1,使用Helm的目的?
由之前的應用部署過程中可知,在kubernetes 系統上部署容器化應用時需要事先手動編寫資源配置清單文件以定義資源對象,而且其每一次的配置定義基本上都是硬編碼,基本上無法實現複用。對於較大規模的應用場景,應用程序的配置,分發,版本控制,查找,回滾甚至是查看都將是用戶的噩夢。 Helm可大大簡化應用管理的難度。
2,Helm是什麼?
簡單來說,Helm就是kubernetes的應用程序包管理器,類似於Linux系統上的 yum 或 apt-get 等,可用於實現幫助用戶查找,分享及使用kubernetes應用程序,目前的版本由CNCF(Microsoft,Google,Bitnami 和 Helm 社區) 維護。它的核心打包功能組件稱爲chart, 可以幫助用戶創建,安裝及升級複雜應用。
Helm將kubernetes資源(Deployment,service或configmap等)打包到一個charts中,製作並測試完成的各個charts 將保存到charts倉庫進行存儲和分發。另外Helm實現了可配置的發佈,它支持應用配置的版本管理,簡化了kubernetes 部署應用的版本控制,打包,發佈,刪除和更新操作。Helm架構組件如下圖所示:
3,Helm的優點?
- 管理複雜應用: charts能夠描述哪怕是最複雜的程序結構,其提供了可重複使用的應用安裝的定義。
- 易於升級: 使用就地升級和自定義鉤子來解決更新的難題。
- 簡單分享: charts易於通過公共或私用服務完成版本化,分享及主機構建。
- 回滾:可使用 “helm rollback” 命令輕鬆實現快速回滾。
4,Helm的核心術語
對與Heml來說,它具有以下幾個關鍵概念:
- Charts:即一個Helm程序包,它包含了運行一個kubernetes應用所需要的鏡像,依賴關係和資源定義等,必要時還會包含service的定義;它類似於APT的dpkg文件或者 yum 的 rpm文件。
- Repository:Charts倉庫,用於集中存儲和分發Charts,類似於Perl的CPAN,或者python的pyPI。
- Config: 應用程序實例化安裝運行使用的配置信息。
- Release: 應用程序實例化配置後運行與kubernetes集羣中的一個Charts實例;在同一個集羣上,一個charts 可以使用不同的Config重複安裝多次,每次安裝都會創建一個新的Release。
5,Helm架構
Helm主要由Helm客戶端,Tiller服務器和Charts倉庫(Repository)組成。Helm 成員間通信圖如下:
Heml客戶端:Helm客戶端是命令行客戶端工具,採用Go語言編寫,基於gRPC協議與Tiller server交互,它主要完成如下任務:
- 本地 charts開發。
- 管理Charts倉庫。
- 與Tiller服務器交互(發送Charts以安裝,查詢release的相關信息以及升級或卸載已有的Release)。
Tiller server:Tiller server是運行與kubernetes集羣之中的容器化服務應用,它接收來自Helm客戶端的請求,並在必要時與kubernetes APi server進行交互,它主要完成以下任務:
- 監聽來自於Helm客戶端的請求。
- 合併charts 和配置以構建一個Release。
- 向kubernetes 記者安裝Charts並對相應的Release進行跟蹤。
- 升級和卸載Charts。
Charts倉庫:僅在有分發需求時,才應該將同一應用的Charts文件打包成歸檔壓縮格式提交到特定的charts倉庫。倉庫既可以運行爲公共託guan平臺,也可以是用戶自建的服務器,僅供特定的組織和個人使用。
二,部署Helm
1,安裝Helm Client
安裝Helm client方式有兩種:預編譯的二進制程序和源碼編譯安裝。本文采用預編譯的二進制程序安裝方式。
1)下載二進制包,並安裝:
二進制安裝包下載地址:https://github.com/helm/helm/releases ,可以選擇不同的版本,例如安裝2.14.3版本:
[root@master helm]# wget https://get.helm.sh/helm-v2.14.3-linux-amd64.tar.gz
[root@master helm]# tar zxf helm-v2.14.3-linux-amd64.tar.gz
[root@master helm]# ls linux-amd64/
helm LICENSE README.md tiller
#將其二進制命令(helm)複製或移動到系統PATH環境變量指向的目錄中
[root@master helm]# cp linux-amd64/helm /usr/local/bin/
#查看helm版本
[root@master helm]# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Error: could not find tiller
//執行helm version命令發現helm客戶端版本爲v2.14.3,提示服務端tiller還未安裝。2)命令補全
Helm 有很多子命令和參數,爲了提高使用命令行的效率,通常建議安裝 helm 的 bash 命令補全腳本,方法如下:
[root@master helm]# echo "source <(helm completion bash)" >> /root/.bashrc
[root@master helm]# source /root/.bashrc #現在就可以通過 Tab 鍵補全 helm 子命令和參數了:
[root@master helm]# helm
completion dependency history inspect list repo search template verify
create fetch home install package reset serve test version
delete get init lint plugin rollback status upgrade
[root@master helm]# helm install --
--atomic --name= --timeout=
--ca-file= --namespace= --tls
--cert-file= --name-template= --tls-ca-cert=
--debug --no-crd-hook --tls-cert=
--dep-up --no-hooks --tls-hostname=
--description= --password= --tls-key=
--devel --render-subchart-notes --tls-verify
--dry-run --replace --username=
--home= --repo= --values=
--host= --set= --verify
--key-file= --set-file= --version=
--keyring= --set-string= --wait
--kubeconfig= --tiller-connection-timeout=
--kube-context= --tiller-namespace= 2,安裝Tiller server
Tiller是helm的服務器端,一般應該運行於k8s集羣之上,如果k8s開啓了RBAC的授權,那麼應該創建相關的ServiceAccount才能進行安裝。
1)創建帶有cluster-admin角色權限的服務賬戶
[root@master helm]# vim tiller-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system[root@master helm]# kubectl apply -f tiller-rbac.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created[root@master helm]# kubectl get serviceaccounts -n kube-system | grep tiller
tiller 1 78s2)Tiller server的環境初始化(安裝tiller server)[root@master helm]# helm init --service-account=tiller #service-account指向剛剛創建的服務賬戶
#查看Tiller server是否成功運行:
[root@master helm]# kubectl get pod -n kube-system | grep tiller
tiller-deploy-8557598fbc-hwzdv 0/1 ErrImagePull 0 2m53s
[root@master helm]# kubectl describe pod -n kube-system tiller-deploy-8557598fbc-hwzdv 
#通過查看詳細信息可以看到鏡像拉取失敗,以爲該鏡像是谷歌的鏡像,所以我們通過阿里雲鏡像站去下載,通過上面的事件信息中,我們可以看到該Tiller server是運行在node01節點上的,所以我們只需要在node01上下載鏡像:
[root@node01 ~]# docker pull registry.aliyuncs.com/google_containers/tiller:v2.14.3
[root@node01 ~]# docker tag registry.aliyuncs.com/google_containers/tiller:v2.14.3 gcr.io/kubernetes-helm/tiller:v2.14.3 #需要重命名爲源鏡像名
[root@node01 ~]# docker rmi -f registry.aliyuncs.com/google_containers/tiller:v2.14.3
[root@node01 ~]# docker images | grep tiller
gcr.io/kubernetes-helm/tiller v2.14.3 2d0a693df3ba 6 months ago 94.2MB#鏡像導入成功後,可以看到tiller server已正常運行:
[root@master helm]# kubectl get pod -n kube-system | grep tiller
tiller-deploy-8557598fbc-hwzdv 1/1 Running 0 17m#現在, 執行helm version 已經能夠查看tiller server的版本信息了:
[root@master helm]# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}三,使用Helm
1,Helm的基本操作詳解
#helm 安裝成功後,可以執行helm repo list查看helm倉庫:
[root@master helm]# helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
//Helm安裝時已經默認配置好了兩個倉庫:stable和local。stable是官方倉庫,local是用戶存放自己開發的chart的本地倉庫。#由於官方默認倉庫源是國外的,爲了方便使用,我們指定爲國內的helm倉庫源:
[root@master helm]# helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"stable" has been added to your repositories//再次查看可用看到原有倉庫源已經被覆蓋:
[root@master helm]# helm repo list
NAME URL
stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
local http://127.0.0.1:8879/charts #更改後,我們執行repo update更新一下倉庫:
[root@master helm]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.#我們可執行 helm search 查看當前可安裝的 chart,也可以某一個服務的版本信息(查看到的是helm charts包的版本):
[root@master helm]# helm search mysql
NAME CHART VERSION APP VERSION DESCRIPTION
stable/mysql 0.3.5 Fast, reliable, scalable, and easy to use open-source rel...
stable/percona 0.3.0 free, fully compatible, enhanced, open source drop-in rep...
stable/percona-xtradb-cluster 0.0.2 5.7.19 free, fully compatible, enhanced, open source drop-in rep...
stable/gcloud-sqlproxy 0.2.3 Google Cloud SQL Proxy
stable/mariadb 2.1.6 10.1.31 Fast, reliable, scalable, and easy to use open-source rel...#例如,通過以下命令來下載mysql的charts包:
[root@master helm]# helm install stable/mysql
#下載過程中,會輸出以下信息:
NAME: mean-spaniel
LAST DEPLOYED: Sat Feb 15 14:43:39 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
mean-spaniel-mysql Pending 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mean-spaniel-mysql-5868455f75-n8lb6 0/1 Pending 0 0s
==> v1/Secret
NAME TYPE DATA AGE
mean-spaniel-mysql Opaque 2 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mean-spaniel-mysql ClusterIP 10.102.92.19 <none> 3306/TCP 0s
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mean-spaniel-mysql 0/1 1 0 0s
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
mean-spaniel-mysql.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default mean-spaniel-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h mean-spaniel-mysql -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following commands to route the connection:
export POD_NAME=$(kubectl get pods --namespace default -l "app=mean-spaniel-mysql" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward $POD_NAME 3306:3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}輸出信息分爲三個部分:
(1)chart本次部署的描述信息:
NAME 是 release的名字,因爲我們沒用-n 參數指定,heml隨機生成了一個,這裏是mean-spaniel。
NAMESPACE 是 release 部署的namespace,默認是default,也可以通過--namespace 指定。
STATUS 爲DEPLOYED,表示已經將chart部署到集羣。
(2)當前 release包含的資源(RESOURCES):
Service,Deployment,Secret和PersistentVolumeClaim,其名字都是
mean-spaniel-mysql,命名的格式爲“ReleaseName-ChartName”。
(3)NOTES 部分顯示的是 release的使用方式。比如如何訪問Service,如何獲取數據庫密碼,以及如何連接數據庫等。
#執行以下命令,查看已部署的release:
[root@master helm]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
mean-spaniel 1 Sat Feb 15 14:43:39 2020 DEPLOYED mysql-0.3.5 default #通過以下命令,查看release的狀態:
[root@master helm]# helm status mean-spaniel
部分內容如下:
LAST DEPLOYED: Sat Feb 15 14:43:39 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
mean-spaniel-mysql Pending 26m
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mean-spaniel-mysql-5868455f75-n8lb6 0/1 Pending 0 26m
==> v1/Secret
NAME TYPE DATA AGE
mean-spaniel-mysql Opaque 2 26m
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mean-spaniel-mysql ClusterIP 10.102.92.19 <none> 3306/TCP 26m
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mean-spaniel-mysql 0/1 1 0 26m#在生產環境中,我們也可以使用kubectl get 和kubectl describe來查看實例的各個對象,以快速的進行排錯。例如查看當前pod:
[root@master helm]# kubectl get pod mean-spaniel-mysql-5868455f75-n8lb6
NAME READY STATUS RESTARTS AGE
mean-spaniel-mysql-5868455f75-n8lb6 0/1 Pending 0 31m
[root@master helm]# kubectl describe pod mean-spaniel-mysql-5868455f75-n8lb6 
通過pod的事件信息中,得知,因爲我們還沒有準備pv,所以當前實例還不可用。
#如果想要刪除已部署的release,可執行helm delete 命令(注意:必須加上--purge刪除緩存,才能夠徹底的刪除:
[root@master helm]# helm delete mean-spaniel --purge
release "mean-spaniel" deleted2,chart 目錄結構
我們知道Charts是Helm使用的kubernetes程序包打包格式,一個charts就是一個描述一組kubernetes資源的文件的集合。
一個單獨的charts既能部署簡單應用,例如一個memcached服務,也能部署複雜的應用,比如包含HTTP Servers,Database,消息中間件,cache等。
chart 將這些文件放置在預定義的目錄結構中,通常整個chart被打包成tar包,而且標註上版本信息,便於Helm部署。下面我們將詳細討論chart的目錄結構以及包含的各類文件。
#例如,之前安裝的mysql chart,一旦安裝了某個chart,我們就可以在
~/.helm/cache/archive 中找到 chart 的 tar 包。
[root@master helm]# ls ~/.helm/cache/archive/
mysql-0.3.5.tgz#解壓後,mysql chart 目錄結構如下:
[root@master helm]# tree -C mysql/
mysql/
├── Chart.yaml
├── README.md
├── templates
│ ├── configmap.yaml
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── NOTES.txt
│ ├── pvc.yaml
│ ├── secrets.yaml
│ └── svc.yaml
└── values.yaml
1 directory, 10 files包含如下內容:
(1)chart.yaml:YAML文件,描述chart的概要信息。
description: Fast, reliable, scalable, and easy to use open-source relational database
system.
engine: gotpl
home: https://www.mysql.com/
icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png
keywords:
- mysql
- database
- sql
maintainers:
- email: [email protected]
name: Vic Iglesias
name: mysql
sources:
- https://github.com/kubernetes/charts
- https://github.com/docker-library/mysql
version: 0.3.5其中,name和version是必填項,其他都是可選的。
(2)README.md:Markdown 格式的README 文件,也就是chart的使用文檔,此文件可選。
(3)values.yaml :chart支持在安裝的時根據參數進行定製化配置,而values.yaml 則提供了這些配置參數的默認值。
(4)templates 目錄 :各類kubernetes資源的配置模板都放置在這裏。Helm會將values.yaml 中的參數值注入到模板中生成標準的YAML配置文件。
模板是chart最重要的部分,也是helm最強大地方。模板增加了應用部署的靈活性,能夠適用不同的環境。
四,Helm實踐
1,Helm部署MySQL
在安裝之前,我們可以先執行helm inspect values 查看 mysql chart的使用方法:
[root@master ~]# helm inspect values stable/mysql輸出的實際上是values.yaml的內容。閱讀註釋就可以知道mysql chart支持哪些參數,安裝之前需要做哪些準備,其中有一部分是關於存儲的:
## Persist data to a persistent volume
persistence:
enabled: true
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gichart定義了一個pvc,申請8G的pv,因爲是測試環境,所我們得預先創建好相應的pv。
1)創建pv:
//首先搭建nfs(master 爲nfs服務器):
[root@master helm]# yum -y install nfs-utils
[root@master helm]# vim /etc/exports
/nfsdata/mysql *(rw,sync,no_root_squash)
[root@master helm]# mkdir -p /nfsdata/mysql
[root@master helm]# systemctl start rpcbind
[root@master helm]# systemctl start nfs-server
[root@master helm]# systemctl enable nfs-server
[root@master mysql]# showmount -e
Export list for master:
/nfsdata/mysql *
//創建mysql-pv,配置內容如下:
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 8Gi
persistentVolumeReclaimPolicy: Retain
nfs:
path: /nfsdata/mysql
server: 172.16.1.30
[root@master ~]# kubectl apply -f mysql-pv.yaml
persistentvolume/mysql-pv created#確保pv能夠正常使用:
[root@master helm]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
mysql-pv 8Gi RWO Retain Available 2)安裝mysql chart
//下載mysql (設置mysql root用戶的密碼,並且指定release的名稱)
#可以通過--set直接傳入參數值:
[root@master helm]# helm install stable/mysql --set mysqlRootPassword=123.com -n test-mysql//查看已安裝的release:
[root@master helm]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
test-mysql 1 Sun Feb 16 12:39:57 2020 DEPLOYED mysql-0.3.5 default #查看release的狀態:
[root@master helm]# helm status test-mysql
LAST DEPLOYED: Mon Feb 17 11:51:38 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
test-mysql-mysql Bound mysql-pv 8Gi RWO 23m
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
test-mysql-mysql-dfb9b6944-f6pgs 1/1 Running 0 23m
==> v1/Secret
NAME TYPE DATA AGE
test-mysql-mysql Opaque 2 23m
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
test-mysql-mysql ClusterIP 10.103.220.95 <none> 3306/TCP 23m
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
test-mysql-mysql 1/1 1 1 23m
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
test-mysql-mysql.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default test-mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h test-mysql-mysql -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following commands to route the connection:
export POD_NAME=$(kubectl get pods --namespace default -l "app=test-mysql-mysql" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward $POD_NAME 3306:3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}
可以看到pv的狀態爲Bound,並且pod已正常運行。
注意:如果pod沒有正常運行,可以查看pv是否綁定成功(狀態確保爲Available),如果pv沒有問題的話,那就是鏡像還沒有拉取成功(因爲mysql鏡像比較大,所以花費時間較長。)
3)測試登錄mysql
#注意:如果我們在不知道mysql root用戶密碼的情況下,可以通過以下方式進行獲取:(其實在執行helm status命令輸出的信息中,已經告訴我們了mysql的各種事項)
[root@master helm]# helm status test-mysql
#內容在NOTES部分:
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
test-mysql-mysql.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default test-mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h test-mysql-mysql -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following commands to route the connection:
export POD_NAME=$(kubectl get pods --namespace default -l "app=test-mysql-mysql" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward $POD_NAME 3306:3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}#執行”To get your root password run:“中告訴我們的內容:
[root@master helm]# kubectl get secret --namespace default test-mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
123.com #得到mysql root密碼爲123.com//有了密碼,測試登陸mysql數據庫:
[root@master helm]# kubectl exec -it test-mysql-mysql-dfb9b6944-f6pgs -- mysql -uroot -p123.com
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 222
Server version: 5.7.14 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \s
--------------
mysql Ver 14.14 Distrib 5.7.14, for Linux (x86_64) using EditLine wrapper
Connection id: 222
Current database:
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.7.14 MySQL Community Server (GPL)
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: latin1
Db characterset: latin1
Client characterset: latin1
Conn. characterset: latin1
UNIX socket: /var/run/mysqld/mysqld.sock
Uptime: 20 min 4 sec
Threads: 1 Questions: 486 Slow queries: 0 Opens: 109 Flush tables: 1 Open tables: 102 Queries per second avg: 0.403
--------------2,Helm升級與回滾服務
1)升級操作:
#就以上面部署的mysql爲例,進行版本升級:
//查看當前mysql版本:
[root@master helm]# kubectl get deployments. -o wide test-mysql-mysql
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
test-mysql-mysql 1/1 1 1 63m test-mysql-mysql mysql:5.7.14 app=test-mysql-mysql#比如,將當前mysql版本升級爲5.7.15版本:
[root@master helm]# helm upgrade --set imageTag=5.7.15 test-mysql stable/mysql #通過--set參數進行指定,後面跟上release名稱和release即可#等待一些時間(將重新拉取新的鏡像,並生成新的pod),升級成功:
[root@master helm]# kubectl get deployments. test-mysql-mysql -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
test-mysql-mysql 1/1 1 1 55m test-mysql-mysql mysql:5.7.15 app=test-mysql-mysql//可以通過helm list查看當前release的version:
[root@master helm]# helm list #當前版本爲2版本
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
test-mysql 2 Mon Feb 17 12:38:24 2020 DEPLOYED mysql-0.3.5 default 2)回滾操作:
通過helm history 可以查看 release 所有的版本:
[root@master helm]# helm history test-mysql
REVISION UPDATED STATUS CHART DESCRIPTION
1 Mon Feb 17 11:51:38 2020 SUPERSEDED mysql-0.3.5 Install complete
2 Mon Feb 17 12:38:24 2020 DEPLOYED mysql-0.3.5 Upgrade complete#比如,當前執行helm rollback將mysql回滾到版本1:
[root@master helm]# helm rollback test-mysql 1
Rollback was a success.#查看版本是否回滾成功:
[root@master helm]# kubectl get deployments. -o wide test-mysql-mysql
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
test-mysql-mysql 1/1 1 1 63m test-mysql-mysql mysql:5.7.14 app=test-mysql-mysql
//可以看到版本回滾爲5.7.14版本#再次查看,發現當前release revision的值爲3(表示爲第三次的一個修訂版)
[root@master helm]# helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
test-mysql 3 Mon Feb 17 12:54:00 2020 DEPLOYED mysql-0.3.5 default 3,Helm+StroagClass
在實踐部署mysql的過程中,手動創建pv是非常的不方便的,在生產環境中,有很多的應用需要實現部署,所以我們可以通過StorageClass來爲我們提供pv。關於SC的詳細內容,參考博文k8s之StorageClass
1)部署nfs server:
[root@master ~]# yum -y install nfs-utils
[root@master ~]# vim /etc/exports
/nfsdata/SC *(rw,sync,no_root_squash)
[root@master ~]# mkdir -p /nfsdata/SC
[root@master ~]# systemctl restart rpcbind
[root@master ~]# systemctl restart nfs-server
[root@master ~]# showmount -e 172.16.1.30
Export list for 172.16.1.30:
/nfsdata/SC *2)創建rbac權限:
[root@master helm]# vim rbac-rolebind.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-provisioner
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nfs-provisioner-runner
namespace: default
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get","create","list", "watch","update"]
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
resourceNames: ["nfs-provisioner"]
verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-provisioner
subjects:
- kind: ServiceAccount
name: nfs-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-provisioner-runner
apiGroup: rbac.authorization.k8s.io[root@master helm]# kubectl apply -f rbac-rolebind.yaml
serviceaccount/nfs-provisioner created
clusterrole.rbac.authorization.k8s.io/nfs-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-provisioner created3)創建nfs的Deployment:
[root@master helm]# vim nfs-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nfs-client-provisioner
namespace: default
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccount: nfs-provisioner
containers:
- name: nfs-client-provisioner
image: registry.cn-hangzhou.aliyuncs.com/open-ali/nfs-client-provisioner
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: nfs-deploy
- name: NFS_SERVER
value: 172.16.1.30
- name: NFS_PATH
value: /nfsdata/SC
volumes:
- name: nfs-client-root
nfs:
server: 172.16.1.30
path: /nfsdata/SC//導入nfs-client-provisioner鏡像(集羣中的每個節點都需導入,包括master)
[root@master helm]# docker load --input nfs-client-provisioner.tar [root@master helm]# kubectl apply -f nfs-deployment.yaml
deployment.extensions/nfs-client-provisioner created//確保pod正常運行:
[root@master helm]# kubectl get pod nfs-client-provisioner-958547f7d-95jkg
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-958547f7d-95jkg 1/1 Running 0 42s4)創建stroage class:
[root@master sc]# vim test-sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: statefu-nfs
namespace: default
provisioner: nfs-deploy
reclaimPolicy: Retain[root@master helm]# kubectl apply -f test-sc.yaml
storageclass.storage.k8s.io/statefu-nfs created
[root@master helm]# kubectl get sc
NAME PROVISIONER AGE
statefu-nfs nfs-deploy 3m1s5)爲release申請pv
通過修改release chart目錄下的values.yaml文件,values文件可以通過解壓release chart包獲得:
[root@master helm]# tar zxf ~/.helm/cache/archive/mysql-0.3.5.tgz #例如部署mysql
[root@master helm]# cd mysql/
[root@master mysql]# ls
Chart.yaml README.md templates values.yaml
[root@master mysql]# vim values.yaml
#修改內容如下:
6)下載mysql chart
#注意,下載方式爲通過chart本地目錄進行安裝(後面會講到):
[root@master helm]# helm install mysql/ -n new-mysql #查看release 狀態:
[root@master helm]# helm status new-mysql
部分信息如下:
LAST DEPLOYED: Mon Feb 17 13:38:09 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
new-mysql-mysql Bound pvc-6a4686cc-fb67-4577-8c6d-848a0ae800b5 5Gi RWO statefu-nfs 41s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
new-mysql-mysql-6cf95546fb-fqg54 1/1 Running 0 41s
==> v1/Secret
NAME TYPE DATA AGE
new-mysql-mysql Opaque 2 41s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
new-mysql-mysql ClusterIP 10.108.202.123 <none> 3306/TCP 41s
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
new-mysql-mysql 1/1 1 1 41s可以看到pvc,pod,service,deployment資源已正常運行,且看到pvc是通過向stroageclass去獲取的(狀態已爲Bound)。
4,自定義chart
kubernetes 給我們提供了大量官方chart,不過要部署微服務應用,還是需要開發自己的chart。但它僅能用於本地訪問,當然,用戶也可以通過 helm package命令將其打包爲tar格式後分享給團隊或者社區。
在創建自定義chart之前,我們先來了解helm的幾種安裝方法,Helm支持4種安裝方法:
安裝倉庫中的 chart,例如:helm install stable/nginx
通過 tar 包安裝,例如:helm install ./nginx-1.2.3.tgz
通過 chart 本地目錄安裝,例如:helm install ./nginx
- 通過 URL 安裝,例如:helm install https://example.com/charts/nginx-1.2.3.tgz
1)創建自定義的chart
[root@master ~]# helm create mychart
Creating mychart
[root@master ~]# tree mychart/
mychart/
├── charts
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── service.yaml
│ └── tests
│ └── test-connection.yaml
└── values.yaml
3 directories, 8 filesHelm 會幫助我們創建目錄(mychart),並生成各類chart文件,這樣我們就可以在此基礎上開發自己的chart。
2)使用自己開發的chart,簡單部署nginx服務
當我們創建完chart後,查看默認生成的values.yaml文件:
[root@master ~]# cat mychart/values.yaml
# Default values for mychart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
tag: stable
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}可以看到部署鏡像默認是nginx,但是其標籤(tag)爲測試版本(stable),所以我們無法直接安裝release。
#直接修改values文件(修改tag爲可使用的版本):
[root@master ~]# vim mychart/values.yaml 
#安裝release:
[root@master ~]# helm install mychart/ -n mynginx#查看release狀態:
[root@master ~]# helm status mynginx
LAST DEPLOYED: Mon Feb 17 15:34:10 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mynginx-mychart 1/1 1 1 10m
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mynginx-mychart-bf987cd5d-vp9qp 1/1 Running 0 10m
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mynginx-mychart ClusterIP 10.96.34.246 <none> 80/TCP 10m
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mychart,app.kubernetes.io/instance=mynginx" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80#測試訪問nginx:
[root@master ~]# curl -I 10.96.34.246
HTTP/1.1 200 OK #nignx成功訪問
Server: nginx/1.17.3
Date: Mon, 17 Feb 2020 07:45:39 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 13 Aug 2019 08:50:00 GMT
Connection: keep-alive
ETag: "5d5279b8-264"
Accept-Ranges: bytes#上面我們使用的是ClusterIP訪問的nginx,如果外部應用需要訪問內部服務,怎麼辦?所以我們可以以NodePort的方式將服務端口映射出去。
注意:我們並不能在values文件中直接添加,需要先在自定義chart的templates目錄下的service.yaml文件進行添加變量,操作如下:
[root@master ~]# vim mychart/templates/service.yaml
service.yaml文件是以json語言編寫的,所以我們進行修改時,需要按照其格式進行修改。
#在service文件中添加了nodeport的類型,接下來修改其values文件:
[root@master ~]# vim mychart/values.yaml 
#修改完成後,重新部署nginx:
[root@master ~]# helm delete mynginx --purge #將原來的release刪除
release "mynginx" deleted
[root@master ~]# helm install mychart/ -n mynginx #重新安裝#查看release狀態:
[root@master ~]# helm status mynginx
LAST DEPLOYED: Mon Feb 17 16:02:04 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
mynginx-mychart 1/1 1 1 16s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
mynginx-mychart-bf987cd5d-xdm2d 1/1 Running 0 16s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mynginx-mychart NodePort 10.100.31.89 <none> 80:32134/TCP 16s#外部通過nodeport方式訪問nginx:
5,調試chart
只要是程序,就會有bug,chart也不例外。Helm提供了debug的工具:helm lint和helm install --dry-run --debug 。
1)helm lint工具:
helm lint 會檢測chart的語法,報告錯誤以及給出建議。
#比如我們在values.yaml文件中漏掉了一個冒號“:” ,通過 helm lint 進行測試,它會指出這個語法錯誤。
[root@master ~]# helm lint mychart/
==> Linting mychart/
[INFO] Chart.yaml: icon is recommended
[ERROR] values.yaml: unable to parse YAML
error converting YAML to JSON: yaml: line 8: could not find expected ':'
Error: 1 chart(s) linted, 1 chart(s) failed一般在編寫完values文件後,可以先利用helm lint工具檢查是否有bug。
2)helm install --dry-run --debug測試:
helm install --dry-run --debug 會模擬安裝chart,並輸出每個模板生成的YAML內容。
[root@master ~]# helm install --dry-run mychart/ --debug
[debug] Created tunnel using local port: '43350'
[debug] SERVER: "127.0.0.1:43350"
[debug] Original chart version: ""
[debug] CHART PATH: /root/mychart
NAME: exacerbated-grizzly
REVISION: 1
RELEASED: Mon Feb 17 16:18:48 2020
CHART: mychart-0.1.0
USER-SUPPLIED VALUES:
{}
COMPUTED VALUES:
affinity: {}
fullnameOverride: ""
image:
pullPolicy: IfNotPresent
repository: nginx
tag: latest
imagePullSecrets: []
ingress:
annotations: {}
enabled: false
hosts:
- host: chart-example.local
paths: []
tls: []
nameOverride: ""
nodeSelector: {}
replicaCount: 1
resources: {}
service:
nodePort: 32134
port: 80
type: NodePort
tolerations: []
HOOKS:
---
# exacerbated-grizzly-mychart-test-connection
apiVersion: v1
kind: Pod
metadata:
name: "exacerbated-grizzly-mychart-test-connection"
labels:
app.kubernetes.io/name: mychart
helm.sh/chart: mychart-0.1.0
app.kubernetes.io/instance: exacerbated-grizzly
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['exacerbated-grizzly-mychart:80']
restartPolicy: Never
MANIFEST:
---
# Source: mychart/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: exacerbated-grizzly-mychart
labels:
app.kubernetes.io/name: mychart
helm.sh/chart: mychart-0.1.0
app.kubernetes.io/instance: exacerbated-grizzly
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
spec:
type: NodePort
ports:
- port: 80
targetPort: http
nodePort: 32134
protocol: TCP
name: http
selector:
app.kubernetes.io/name: mychart
app.kubernetes.io/instance: exacerbated-grizzly
---
# Source: mychart/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: exacerbated-grizzly-mychart
labels:
app.kubernetes.io/name: mychart
helm.sh/chart: mychart-0.1.0
app.kubernetes.io/instance: exacerbated-grizzly
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: mychart
app.kubernetes.io/instance: exacerbated-grizzly
template:
metadata:
labels:
app.kubernetes.io/name: mychart
app.kubernetes.io/instance: exacerbated-grizzly
spec:
containers:
- name: mychart
image: "nginx:latest"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{}我們可以檢視這些輸出, 判斷是否與預期相符。
6, 將chart添加到倉庫
chart通過測試後可以將其添加到倉庫,團隊其他成員就能夠方便使用。任何HTTP Server度可以作爲chart倉庫,下面將在集羣中node01節點節點上搭建倉庫。
1)在node01上運行一個httpd容器:(提供web服務)
[root@node01 ~]# docker run -d -p 8080:80 -v /var/www/:/usr/local/apache2/htdocs httpd
a2fb5f89dd3fd3f729139e41a105498a60d0bee02c73ad8706636007390eaa552)回到master,通過helm package 將mychart打包:
[root@master ~]# helm package mychart/
Successfully packaged chart and saved it to: /root/mychart-0.1.0.tgz3)執行helm repo index 生成倉庫的index文件:
[root@master ~]# mkdir myrepo
[root@master ~]# mv mychart-0.1.0.tgz myrepo/
[root@master ~]# helm repo index myrepo/ --url http://172.16.1.31:8080/charts #該地址爲chart倉庫地址(node01)
[root@master ~]# ls myrepo/
index.yaml mychart-0.1.0.tgzhelm會掃描 myrepo目錄中的所有tgz包,並生成index.yaml文件。--url指定的是新chart倉庫的訪問路徑。新生成的index.yaml 記錄了當前倉庫中所有 chart 的信息:
[root@master ~]# cat myrepo/index.yaml
apiVersion: v1
entries:
mychart:
- apiVersion: v1
appVersion: "1.0"
created: "2020-02-17T16:34:25.239190623+08:00"
description: A Helm chart for Kubernetes
digest: 367436d83e973f89e4bac162837fb4e9579cf3176b2506a7ed6617a182f11031
name: mychart
urls:
- http://172.16.1.31:8080/charts/mychart-0.1.0.tgz
version: 0.1.0
generated: "2020-02-17T16:34:25.238618624+08:00"
#可以看到當前只有mychart這一個chart。4)將 mychart-0.1.0.tgz 和 index.yaml 上傳到node1 的 /var/www/charts 目錄。
#在node01上創建目錄:
[root@node01 ~]# mkdir /var/www/charts
#將文件拷貝給node01:
[root@master ~]# scp myrepo/index.yaml myrepo/mychart-0.1.0.tgz node01:/var/www/charts
index.yaml 100% 400 0.4KB/s 00:00
mychart-0.1.0.tgz 100% 2842 2.8KB/s 00:00 5)通過helm repo add 將新倉庫添加到Helm:
[root@master ~]# helm repo add myrepo http://172.16.1.31:8080/charts
"myrepo" has been added to your repositories
[root@master ~]# helm repo list
NAME URL
stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
local http://127.0.0.1:8879/charts
myrepo http://172.16.1.31:8080/charts
倉庫命名爲myrepo,Helm會從倉庫下載index.yaml。#現在用戶就可以repo search 到mychart了:
[root@master ~]# helm search mychart
NAME CHART VERSION APP VERSION DESCRIPTION
local/mychart 0.1.0 1.0 A Helm chart for Kubernetes
myrepo/mychart 0.1.0 1.0 A Helm chart for Kubernetes除了自己上傳的倉庫,這還有一個local/mychart。這是因爲在執行第 2 步打包操作的同時,mychart 也被同步到了 local 的倉庫。
#從新倉庫中安裝mychart:
[root@master ~]# helm install myrepo/mychart -n new-nginx#查看release的狀態:
[root@master ~]# helm status new-nginx #pod正常運行
LAST DEPLOYED: Mon Feb 17 16:56:54 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
new-nginx-mychart 1/1 1 1 55s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
new-nginx-mychart-66d6bbb795-fsgml 1/1 Running 0 55s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
new-nginx-mychart NodePort 10.106.51.8 <none> 80:32134/TCP 55s
NOTES:
1. Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services new-nginx-mychart)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT如果以後倉庫添加了新的chart,需要用helm repo update命令更新本地的index。
[root@master ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "myrepo" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.