Helm v3概念
Helm的應用包,採用tgz格式。類似於Yum的RPM包,其包含了一組定義Kubernetes資源相關的YAML文件。也稱爲應用Chart。
Helm的應用倉庫,Repository本質上是一個Web服務器,該服務器保存了一系列的Chart應用包以供用戶下載,並且提供了一個該Repository的Chart包的清單文件以供查詢。Helm可以同時管理多個不同的Repository。
Helm社區官方提供了stable和incubator倉庫,但Helm社區沒有打算獨佔倉庫,而是允許其他人和組織也可以搭建倉庫。倉庫可以是公共倉庫,也可以是私有倉庫。
不同的個人和組織提供的公共倉庫形成了分散和分佈的Helm倉庫,不利於查找,所以官方提供了Helm Hub,各公共倉庫可以註冊到Helm Hub中以方便集中查找,Helm Hub只是分佈的倉庫的集中展示中心。
倉庫註冊到Helm Hub時,會將Chart清單文件向Helm Hub同步一份,這樣可以在Helm Hub集中展示倉庫列表和各倉庫中的Chart列表。
Helm Hub地址爲https://hub.helm.sh/charts,下圖的左邊爲註冊到Helm Hub中的倉庫列表,點擊倉庫鏈接,右邊爲該倉庫的Chart列表。
Chart包也就是tgz文件實際上存儲在各倉庫中。Helm Hub並不實際存儲Chart包。Helm只是在查詢Chart時和Helm Hub有交互,其它操作都是和倉庫直接交互的。
點擊上圖的某個Chart圖標,打開Chart詳細說明頁面(下圖),右邊Install區域可以看到如何增加該Chart所在的倉庫。
在Kubernetes集羣上運行的Chart的一個實例。在同一個集羣上,一個Chart可以安裝很多次。每次安裝都會創建一個新的Release。例如一個MySQL Chart,如果想在服務器上運行兩個MySQL數據庫,就可以把這個Chart安裝兩次。每次安裝都會生成一個新的Release。
Helm v3常用命令
索引
- helm version
- helm help
- helm completion
- helm env
- helm repo
- helm search
- helm pull
- helm install
- helm list
- helm uninstall
- helm test
- helm upgrade
- helm status
- helm history
- helm rollback
- helm get
- helm create
- helm show
- helm template
- helm dependency
- helm lint
- helm package
- helm plugin
- helm verify
查看helm版本。
helm version
version.BuildInfo{Version:"v3.0.2", GitCommit:"19e47ee3283ae98139d98460de796c1be1e3975f", GitTreeState:"clean", GoVersion:"go1.13.5"}
查看helm短版本。
helm version --short
v3.0.2+g19e47ee
查看命令行幫助,有以下幾種方式:
- helm
- helm help
- helm help [command]
- helm -h(常用)
- helm --help
- helm [command] -h(常用)
- helm [command] -help
- helm [command] [sub command] -h(常用)
- helm [command] [sub command] -help
查看命令行幫助。
helm -h
The Kubernetes package manager
Common actions for Helm:
- helm search: search for charts
- helm pull: download a chart to your local directory to view
- helm install: upload the chart to Kubernetes
- helm list: list releases of charts
Environment variables:
+------------------+-----------------------------------------------------------------------------+
| Name | Description |
+------------------+-----------------------------------------------------------------------------+
| $XDG_CACHE_HOME | set an alternative location for storing cached files. |
| $XDG_CONFIG_HOME | set an alternative location for storing Helm configuration. |
| $XDG_DATA_HOME | set an alternative location for storing Helm data. |
| $HELM_DRIVER | set the backend storage driver. Values are: configmap, secret, memory |
| $HELM_NO_PLUGINS | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. |
| $KUBECONFIG | set an alternative Kubernetes configuration file (default "~/.kube/config") |
+------------------+-----------------------------------------------------------------------------+
Helm stores configuration based on the XDG base directory specification, so
- cached files are stored in $XDG_CACHE_HOME/helm
- configuration is stored in $XDG_CONFIG_HOME/helm
- data is stored in $XDG_DATA_HOME/helm
By default, the default directories depend on the Operating System. The defaults are listed below:
+------------------+---------------------------+--------------------------------+-------------------------+
| Operating System | Cache Path | Configuration Path | Data Path |
+------------------+---------------------------+--------------------------------+-------------------------+
| Linux | $HOME/.cache/helm | $HOME/.config/helm | $HOME/.local/share/helm |
| macOS | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm |
| Windows | %TEMP%\helm | %APPDATA%\helm | %APPDATA%\helm |
+------------------+---------------------------+--------------------------------+-------------------------+
Usage:
helm [command]
Available Commands:
completion Generate autocompletions script for the specified shell (bash or zsh)
create create a new chart with the given name
dependency manage a chart's dependencies
env Helm client environment information
get download extended information of a named release
help Help about any command
history fetch release history
install install a chart
lint examines a chart for possible issues
list list releases
package package a chart directory into a chart archive
plugin install, list, or uninstall Helm plugins
pull download a chart from a repository and (optionally) unpack it in local directory
repo add, list, remove, update, and index chart repositories
rollback roll back a release to a previous revision
search search for a keyword in charts
show show information of a chart
status displays the status of the named release
template locally render templates
test run tests for a release
uninstall uninstall a release
upgrade upgrade a release
verify verify that a chart at the given path has been signed and is valid
version print the client version information
Flags:
--add-dir-header If true, adds the file directory to the header
--alsologtostderr log to standard error as well as files
--debug enable verbose output
-h, --help help for helm
--kube-context string name of the kubeconfig context to use
--kubeconfig string path to the kubeconfig file
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log-dir string If non-empty, write log files in this directory
--log-file string If non-empty, use this log file
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
-n, --namespace string namespace scope for this request
--registry-config string path to the registry config file (default "/root/.config/helm/registry.json")
--repository-cache string path to the file containing cached repository indexes (default "/root/.cache/helm/repository")
--repository-config string path to the file containing repository names and URLs (default "/root/.config/helm/repositories.yaml")
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Use "helm [command] --help" for more information about a command.
Helm命令補全。
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(helm completion bash)
# 順便補全kubectl。
source <(kubectl completion bash)
helm <tab>
completion dependency get install list plugin repo search status test upgrade version
create env history lint package pull rollback show template uninstall verify
打印出Helm使用的所有環境變量。
helm env
HELM_KUBECONTEXT=""
HELM_BIN="helm"
HELM_DEBUG="false"
HELM_PLUGINS="/root/.local/share/helm/plugins"
HELM_REGISTRY_CONFIG="/root/.config/helm/registry.json"
HELM_REPOSITORY_CACHE="/root/.cache/helm/repository"
HELM_REPOSITORY_CONFIG="/root/.config/helm/repositories.yaml"
HELM_NAMESPACE="default"
Helm倉庫的管理。
增加倉庫,以下命令爲增加helm官方stable倉庫,命令中stable爲倉庫名稱,鏈接爲倉庫的Chart清單文件地址。當增加倉庫時,Helm會將倉庫的Chart清單文件下載到本地並存放到Kubernetes中,以後helm search、install和pull等操作都通過倉庫名稱到Kubernetes中查找該倉庫相關的Chart包。可以注意到官方的stable倉庫的地址和Helm Hub地址是不同的,兩者是獨立存在的,stable倉庫只是衆多公共倉庫之一,但是是Helm官方提供的。
helm repo add stable https://kubernetes-charts.storage.googleapis.com
以下爲官方stable倉庫的清單文件,地址https://kubernetes-charts.storage.googleapis.com。可以看出就是一個個Chart包的信息,按照字母順序排列,而且只到D開頭的Chart包,所有Chart清單應該分片爲多個清單文件,應該多次請求才能全部下載下來。也可以直接訪問https://kubernetes-charts.storage.googleapis.com/ambassador-5.3.1.tgz將tgz包下載下來。
<ListBucketResult xmlns="http://doc.s3.amazonaws.com/2006-03-01">
<Name>kubernetes-charts</Name>
<Prefix/>
<Marker/>
<NextMarker>datadog-0.2.0.tgz</NextMarker>
<IsTruncated>true</IsTruncated>
<Contents>
<Key>acs-engine-autoscaler-0.1.0.tgz</Key>
<Generation>1501637633913843</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2017-08-02T01:33:53.600Z</LastModified>
<ETag>"7ba1dd9555e78f23eac07a7223cdad18"</ETag>
<Size>4069</Size>
</Contents>
<Contents>
<Key>acs-engine-autoscaler-1.0.0.tgz</Key>
<Generation>1505061247273212</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2017-09-10T16:34:07.187Z</LastModified>
<ETag>"fcea91b52795fb8576be7a62ceebb731"</ETag>
<Size>4229</Size>
</Contents>
<Contents>
<Key>acs-engine-autoscaler-2.0.0.tgz</Key>
<Generation>1507577650862706</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2017-10-09T19:34:10.842Z</LastModified>
<ETag>"500fa8390acdd0cc98eb8d0548ec8268"</ETag>
<Size>4238</Size>
</Contents>
<Contents>
<Key>acs-engine-autoscaler-2.1.0.tgz</Key>
<Generation>1510935533778152</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2017-11-17T16:18:53.738Z</LastModified>
<ETag>"d9f92504ce7cee39d5790e56c14bc8f0"</ETag>
<Size>4228</Size>
</Contents>
.....
<Contents>
<Key>datadog-0.2.0.tgz</Key>
<Generation>1486783107723000</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2017-02-11T03:18:27.708Z</LastModified>
<ETag>"066d6eb53b0c70318322b87d980753ae"</ETag>
<Size>2968</Size>
</Contents>
</ListBucketResult>
以下爲幾個常用的倉庫的添加命令。
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add aliyuncs https://apphub.aliyuncs.com
helm repo add kong https://charts.konghq.com
查看加到本地的倉庫列表。
helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
aliyuncs https://apphub.aliyuncs.com
bitnami https://charts.bitnami.com/bitnami
incubator https://kubernetes-charts-incubator.storage.googleapis.com
kong https://charts.konghq.com
Helm v3取消了v2的local repo,Helm v3本地增加的倉庫列表存放在/root/.config/helm/repositories.yaml
cat /root/.config/helm/repositories.yaml
apiVersion: ""
generated: "0001-01-01T00:00:00Z"
repositories:
- caFile: ""
certFile: ""
keyFile: ""
name: stable
password: ""
url: https://kubernetes-charts.storage.googleapis.com
username: ""
- caFile: ""
certFile: ""
keyFile: ""
name: aliyuncs
password: ""
url: https://apphub.aliyuncs.com
username: ""
- caFile: ""
certFile: ""
keyFile: ""
name: bitnami
password: ""
url: https://charts.bitnami.com/bitnami
username: ""
- caFile: ""
certFile: ""
keyFile: ""
name: incubator
password: ""
url: https://kubernetes-charts-incubator.storage.googleapis.com
username: ""
- caFile: ""
certFile: ""
keyFile: ""
name: kong
password: ""
url: https://charts.konghq.com
username: ""
倉庫的Chart清單應該是存儲在Kubernetes的etcd中,但在/root/.cache/helm/repository存儲了備份。下載的Chart包也緩存在該目錄下。
ls /root/.cache/helm/repository
aliyuncs-index.yaml bitnami-index.yaml kong-index.yaml nginx-5.1.4.tgz tomcat-6.1.3.tgz
ambassador-6.1.1.tgz incubator-index.yaml mysql-1.6.2.tgz stable-index.yaml
移除本地倉庫。
helm repo remove kong
"kong" has been removed from your repositories
更新本地倉庫,將倉庫的實時清單文件更新到Kubernetes中。
helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "kong" chart repository
...Successfully got an update from the "incubator" chart repository
...Successfully got an update from the "aliyuncs" chart repository
...Successfully got an update from the "bitnami" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
根據本地目錄生成Chart清單文件。和helm package命令配合用來搭建私有倉庫。
ls
kong-1.1.1.tgz tomcat-6.1.6.tgz
helm repo index .
ls
index.yaml kong-1.1.1.tgz tomcat-6.1.6.tgz
cat index.yaml
apiVersion: v1
entries:
kong:
- apiVersion: v1
appVersion: "1.4"
created: "2020-02-12T10:04:06.478170989+08:00"
dependencies:
- condition: postgresql.enabled
name: postgresql
repository: https://kubernetes-charts.storage.googleapis.com/
version: ~8.1.0
description: The Cloud-Native Ingress and API-management
digest: 2439910d3de8757b2c7ed8c57952537df2c15e755df9ec35675bb26a81b7b1c2
home: https://konghq.com/
icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png
maintainers:
- email: [email protected]
name: shashiranjan84
- email: [email protected]
name: hbagdi
name: kong
urls:
- kong-1.1.1.tgz
version: 1.1.1
tomcat:
- apiVersion: v1
appVersion: 9.0.30
created: "2020-02-12T10:04:06.489744806+08:00"
description: Chart for Apache Tomcat
digest: 2b2e7d7ba14b1e8a7ed9ef42fa7d9591fe5e9514224728188056ba5b2bba79f2
home: http://tomcat.apache.org
icon: https://bitnami.com/assets/stacks/tomcat/img/tomcat-stack-110x117.png
keywords:
- tomcat
- java
- http
- web
- application server
- jsp
maintainers:
- email: [email protected]
name: Bitnami
name: tomcat
sources:
- https://github.com/bitnami/bitnami-docker-tomcat
urls:
- tomcat-6.1.6.tgz
version: 6.1.6
generated: "2020-02-12T10:04:06.40968204+08:00"
生成index.yaml後,將所有的tgz的Chart包和index.yaml放到web服務器提供下載,即可搭建一個私有倉庫。
查詢Chart包,查詢命令分爲helm search hub和helm search repo。
-
helm search hub,只從Helm Hub中查找Chart,這些Chart來自於註冊到Helm Hub中的各個倉庫。
-
helm search repo,從所有加到本地的倉庫中查找應用,這些倉庫加到本地時Chart清單文件已被存放到Kubernetes中,所以查找應用時無需聯網。
-
helm search hub
從Helm Hub中查詢Chart,而且只展示最新Chart版本。
helm search hub kong
URL CHART VERSION APP VERSION DESCRIPTION
https://hub.helm.sh/charts/stable/kong 0.36.6 1.4 DEPRECATED The Cloud-Native Ingress and API-man...
https://hub.helm.sh/charts/kong/kong 1.1.1 1.4 The Cloud-Native Ingress and API-management
注意到Kong在Helm Hub中有兩條記錄,應該是原來Kong公司沒有自己的倉庫,Kong Chart是直接存放在官方的stable倉庫,後來Kong搭建了自己的倉庫,自行維護Chart了,原來的stable/kong標明被廢棄了。至於能通過helm search hub命令查詢到kong/kong,是因爲Kong倉庫註冊到了Helm Hub,可以在上圖的Helm Hub的左邊倉庫列表中找到Kong倉庫。
從本地的倉庫列表中查詢Chart,而且只展示Chart最新版本。注意Chart包本身有版本號,區別於Chart包中應用的版本號。
helm search repo kong
NAME CHART VERSION APP VERSION DESCRIPTION
aliyuncs/kong 0.27.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
kong/kong 1.1.1 1.4 The Cloud-Native Ingress and API-management
stable/kong 0.32.0 1.4 The Cloud-Native Ingress and Service Mesh for A...
注意到aliyuncs/kong在helm search hub命令中沒有查詢到,是因爲aliyuncs倉庫並沒有註冊到Helm Hub中,在上圖的Helm Hub的左邊倉庫列表中是找不到aliyuncs倉庫的。
查詢某個特定Chart版本。
helm search repo kong --version '1.0.1'
NAME CHART VERSION APP VERSION DESCRIPTION
kong/kong 1.0.1 1.4 The Cloud-Native Ingress and API-management
查詢所有Chart版本。
helm search repo kong --versions
NAME CHART VERSION APP VERSION DESCRIPTION
aliyuncs/kong 0.27.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
aliyuncs/kong 0.26.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
aliyuncs/kong 0.24.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
aliyuncs/kong 0.23.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
aliyuncs/kong 0.22.1 1.3 The Cloud-Native Ingress and Service Mesh for A...
kong/kong 1.1.1 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.1.0 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.0.3 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.0.2 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.0.1 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.0.0 1.4 The Cloud-Native Ingress and API-management
kong/kong 0.36.5 1.4 The Cloud-Native Ingress and API-management
stable/kong 0.32.0 1.4 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.31.2 1.4 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.31.1 1.4 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.31.0 1.4 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.30.1 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.30.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.29.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.28.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.27.2 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.27.1 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.27.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.26.1 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.26.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.25.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
......
stable/kong 0.18.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.17.0 1.3 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.16.1 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.16.0 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.15.2 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.15.1 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.15.0 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.14.3 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.14.2 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.14.1 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.14.0 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.13.0 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.12.2 1.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.12.1 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.12.0 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.11.2 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.11.1 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.11.0 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.10.3 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.10.2 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.10.1 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.10.0 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.9.9 1.1 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.9.8 1.0.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.9.7 1.0.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.9.6 1.0.2 The Cloud-Native Ingress and Service Mesh for A...
stable/kong 0.9.5 1.0.2 The Cloud-Native Ingress and Service Mesh for A...
......
stable/kong 0.3.0 0.14.0 Kong is open-source API Gateway and Microservic...
stable/kong 0.2.7 0.13.1 Kong is open-source API Gateway and Microservic...
stable/kong 0.2.6 0.13.1 Kong is open-source API Gateway and Microservic...
stable/kong 0.2.5 0.13.0 Kong is open-source API Gateway and Microservic...
stable/kong 0.2.4 0.13.0 Kong is open-source API Gateway and Microservic...
stable/kong 0.2.3 0.12.3 Kong is open-source API Gateway and Microservic...
stable/kong 0.2.2 0.12.3 Kong is open-source API Gateway and Microservic...
stable/kong 0.2.1 0.12.2 Kong is open-source API Gateway and Microservic...
stable/kong 0.2.0 0.12.2 Kong is open-source API Gateway and Microservic...
stable/kong 0.1.2 0.12.1 Kong is open-source API Gateway and Microservic...
stable/kong 0.1.1 0.12.1 Kong is open-source API Gateway and Microservic...
stable/kong 0.1.0 0.12.1 Kong is open-source API Gateway and Microservic...
查詢某個範圍的Chart版本,以下要求Chart版本號大於等於1.0.0。
helm search repo kong --version '>=1.0.0' --versions
NAME CHART VERSION APP VERSION DESCRIPTION
kong/kong 1.1.1 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.1.0 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.0.3 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.0.2 1.4 The Cloud-Native Ingress and API-management
kong/kong 1.0.1 1.4 The Cloud-Native Ingress and API-management
將Chart包下載到本地,缺省下載的是最新的Chart版本,並且是tgz包。
# 先查詢Chart,選擇一個合適的Chart。
helm search repo tomcat
NAME CHART VERSION APP VERSION DESCRIPTION
aliyuncs/tomcat 6.1.3 9.0.30 Chart for Apache Tomcat
bitnami/tomcat 6.1.5 9.0.30 Chart for Apache Tomcat
stable/tomcat 0.4.1 7.0 Deploy a basic tomcat application server with s...
# 下拉Chart包。
helm pull bitnami/tomcat
ls
tomcat-6.1.5.tgz
# 可以解壓Chart包。
tar zxvf tomcat-6.1.5.tgz
tomcat/Chart.yaml
tomcat/values.yaml
tomcat/templates/NOTES.txt
tomcat/templates/_helpers.tpl
tomcat/templates/deployment.yaml
tomcat/templates/ingress.yaml
tomcat/templates/pvc.yaml
tomcat/templates/secrets.yaml
tomcat/templates/svc.yaml
tomcat/.helmignore
tomcat/README.md
tomcat/ci/values-with-ingress-and-initcontainers.yaml
ls
tomcat tomcat-6.1.5.tgz
# Chart目錄結構。
tree tomcat
tomcat
├── Chart.yaml
├── ci
│ └── values-with-ingress-and-initcontainers.yaml
├── README.md
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── pvc.yaml
│ ├── secrets.yaml
│ └── svc.yaml
└── values.yaml
2 directories, 11 files
下拉指定版本。
helm pull bitnami/tomcat --version 2.2.2
ls
tomcat-2.2.2.tgz
下拉Chart包後直接解壓爲目錄,而不是tgz包。
helm pull bitnami/tomcat --untar
ls
tomcat
直接從URL下拉Chart包。
helm pull https://kubernetes-charts.storage.googleapis.com/ambassador-5.3.1.tgz
ls
ambassador-5.3.1.tgz
下載Chart包到指定路徑。
helm pull stable/kong -d /root/helm/
ls /root/helm/
kong-0.36.6.tgz
安裝應用,也就是部署一Chart Release實例。缺省安裝最新Chart版本。其中my-web爲Release名稱,–set配置會覆蓋Chart的values。Chart values其它文檔專門介紹。
helm install my-web bitnami/tomcat \
--set service.type=NodePort \
--set persistence.enabled=false
NAME: my-web
LAST DEPLOYED: Mon Feb 10 09:34:13 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **
1. Get the Tomcat URL by running:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services my-web-tomcat)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
2. Login with the following credentials
echo Username: user
echo Password: $(kubectl get secret --namespace default my-web-tomcat -o jsonpath="{.data.tomcat-password}" | base64 --decode)
# Helm Release列表
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
my-web default 1 2020-02-10 09:34:13.080044306 +0800 CST deployed tomcat-6.1.3 9.0.30
# 安裝的Kubernetes資源
kubectl get all
NAME READY STATUS RESTARTS AGE
pod/my-web-tomcat-5759ff9f44-2phqd 1/1 Running 0 6h10m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 57d
service/my-web-tomcat NodePort 10.1.148.29 <none> 80:8051/TCP 6h10m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/my-web-tomcat 1/1 1 1 6h10m
NAME DESIRED CURRENT READY AGE
replicaset.apps/my-web-tomcat-5759ff9f44 1 1 1 6h10m
# 訪問Tomcat。
curl -i http://192.168.1.55:8051/
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 10 Feb 2020 07:48:34 GMT
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache Tomcat/9.0.30</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</head>
......
<p class="copyright">Copyright ©1999-2020 Apache Software Foundation. All Rights Reserved</p>
</div>
</body>
</html>
有五種安裝Chart的方式。
- Chart Reference:helm install myweb bitnami/tomcat
- Chart包路徑:helm install myweb ./tomcat-6.1.3.tgz
- Chart包目錄:helm install myweb ./tomcat
- URL絕對路徑:helm install myweb https://charts.bitnami.com/bitnami/tomcat-6.1.3.tgz
- 倉庫URL和Chart Reference:helm install --repo https://charts.bitnami.com/bitnami/ myweb tomcat
Chart Reference表示爲[Repository]/[Chart],如bitnami/tomcat,Helm將在本地配置中查找名爲bitnami的Chart倉庫,然後在該倉庫中查找名爲tomcat的Chart。
安裝特定Chart版本應用。
helm install myweb bitnami/tomcat --version 6.0.0
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-10 16:14:58.542308667 +0800 CST deployed tomcat-6.0.0 9.0.26
將應用安裝到某一命名空間,不同的命名空間Release名稱可以相同。
kubectl create namespace web-ns
helm install myweb bitnami/tomcat -n web-ns
helm list -n web-ns
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb web-ns 1 2020-02-10 16:19:09.940328369 +0800 CST deployed tomcat-6.1.3 9.0.30
安裝應用時,如果要覆蓋Chart中的值,可以使用–set選項並從命令行傳遞配置。若要強制–set指定的值爲字符串,請使用–set-string。–set和–set-string支持重複配置,後面(右邊)的值優先級更高。
helm install myweb bitnami/tomcat \
--set service.type=NodePort \
--set persistence.enabled=false
也可以將key=values對配置在文件中,可以通過-f或者–values指定覆蓋的values文件。-f或者–values支持重複指定,後面(右邊)的值優先級更高。
helm install myweb bitnami/tomcat -f ./values.yaml
如果一個值很大或者佔用多行,很難使用–values或–set,可以使用–set-file從文件中讀取單個大值。
helm install myweb bitnami/tomcat \
--set-file podAnnotations=./tomcat-annotations.yaml
當Release被卸載時設置了–keep-history,可以在安裝時重用該Release名稱。
helm uninstall --keep-history myweb
# helm list不會顯示卸載了但保留歷史的Release。
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
# helm list -a會顯示卸載了但保留歷史的Release。注意修訂REVISION爲1。
helm list -a
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-11 18:07:06.201453014 +0800 CST uninstalled tomcat-6.1.6 9.0.30
helm history myweb
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Feb 11 18:07:06 2020 uninstalled tomcat-6.1.6 9.0.30 Uninstallation complete
helm install myweb bitnami/tomcat \
--replace \
--set persistence.enabled=false
# helm list只顯示生效的Release。注意修訂REVISION爲2
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 2 2020-02-11 17:55:47.971239954 +0800 CST deployed tomcat-6.1.6 9.0.30
helm history myweb
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Feb 11 16:46:37 2020 superseded tomcat-6.1.6 9.0.30 superseded by new release
2 Tue Feb 11 17:55:47 2020 deployed tomcat-6.1.6 9.0.30 Install complete
# 從Service看,卸載後重新安裝service.type確實使用values.yaml文件缺省值了。
kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 58d
myweb-tomcat LoadBalancer 10.1.9.37 <pending> 80:7466/TCP 94s
通過–dry-run模擬安裝應用,會輸出每個模板生成的yaml內容,可查看將要部署的渲染後的yaml,檢視這些輸出,判斷是否與預期相符。
helm install my-web bitnami/tomcat \
--dry-run \
--set service.type=NodePort \
--set persistence.enabled=false
NAME: my-web
LAST DEPLOYED: Mon Feb 10 16:53:45 2020
NAMESPACE: default
STATUS: pending-install
REVISION: 1
TEST SUITE: None
HOOKS:
MANIFEST:
---
# Source: tomcat/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: my-web-tomcat
labels:
app: tomcat
chart: tomcat-6.1.3
release: my-web
heritage: Helm
type: Opaque
data:
tomcat-password: "emxXNTJSVm9tdw=="
---
# Source: tomcat/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: my-web-tomcat
labels:
app: tomcat
chart: tomcat-6.1.3
release: my-web
heritage: Helm
spec:
type: NodePort
externalTrafficPolicy: "Cluster"
ports:
- name: http
port: 80
targetPort: http
selector:
app: tomcat
release: my-web
---
# Source: tomcat/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-web-tomcat
labels:
app: tomcat
chart: tomcat-6.1.3
release: my-web
heritage: Helm
spec:
selector:
matchLabels:
app: tomcat
release: my-web
template:
metadata:
labels:
app: tomcat
chart: tomcat-6.1.3
release: my-web
heritage: Helm
spec:
securityContext:
fsGroup: 1001
runAsUser: 1001
containers:
- name: tomcat
image: docker.io/bitnami/tomcat:9.0.30-debian-9-r9
imagePullPolicy: "IfNotPresent"
env:
- name: TOMCAT_USERNAME
value: "user"
- name: TOMCAT_PASSWORD
valueFrom:
secretKeyRef:
name: my-web-tomcat
key: tomcat-password
- name: TOMCAT_ALLOW_REMOTE_MANAGEMENT
value: "0"
ports:
- name: http
containerPort: 8080
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 120
timeoutSeconds: 5
failureThreshold: 6
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 51
resources:
limits: {}
requests:
cpu: 300m
memory: 512Mi
volumeMounts:
- name: data
mountPath: /bitnami/tomcat
volumes:
- name: data
emptyDir: {}
NOTES:
** Please be patient while the chart is being deployed **
1. Get the Tomcat URL by running:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services my-web-tomcat)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
2. Login with the following credentials
echo Username: user
echo Password: $(kubectl get secret --namespace default my-web-tomcat -o jsonpath="{.data.tomcat-password}" | base64 --decode)
通過設置–wait參數,將等待所有Pod、PVC和Service以及Deployment、StatefulSet和ReplicaSet的最小Pod數都處於就緒狀態後,然後纔將Release標記爲deployed狀態,然後install命令行返回成功。等待–timeout時間,–timeout缺省爲5m0s。
helm install myweb bitnami/tomcat \
--wait \
--set service.type=NodePort \
--set persistence.enabled=false
設置–timeout參數,缺省爲5m0s。如果超過–timeout還沒有就緒,Release狀態將被標記爲failed,命令行返回值爲1,但並不會回退提交給Kubernetes的資源,所以安裝不一定失敗。如下載鏡像時間過長,Release的狀態被置爲failed,但Kubernetes仍在會繼續下載鏡像,所以安裝最終會成功,但Release不會被重置爲deployed。沒有找到修改Release狀態的命令。
helm install myweb bitnami/tomcat \
--wait --timeout=1m\
--set service.type=NodePort \
--set persistence.enabled=false
Error: timed out waiting for the condition
echo $?
1
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-10 20:05:09.101813603 +0800 CST failed tomcat-6.1.3 9.0.30
kubectl get all
NAME READY STATUS RESTARTS AGE
pod/myweb-tomcat-56fcfd47fb-kxlpq 0/1 Running 0 3m2s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 57d
service/myweb-tomcat NodePort 10.1.193.168 <none> 80:23392/TCP 3m2s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/myweb-tomcat 0/1 1 0 3m2s
NAME DESIRED CURRENT READY AGE
replicaset.apps/myweb-tomcat-56fcfd47fb 1 1 0 3m2s
設置–atomic參數,如果安裝失敗,會自動清除Chart,相當於如果狀態爲failed時會回退所有操作,保持安裝的原子性。當設置–atomic參數時,–wait參數會自動配置。
helm install myweb bitnami/tomcat \
--atomic --timeout=1m \
--set service.type=NodePort \
--set persistence.enabled=false
Error: release myweb failed, and has been uninstalled due to atomic being set: timed out waiting for the condition
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
kubectl get all
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 58d
列出default命名空間的Release列表,只顯示狀態爲deployed或failed的Release。
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-10 17:22:15.326570859 +0800 CST deployed tomcat-6.1.3 9.0.30
列出某一命名空間的Release列表。
helm list -nweb-ns
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb web-ns 1 2020-02-10 17:16:41.719412368 +0800 CST deployed tomcat-6.1.3 9.0.30
列出所有命名空間的Release列表。
helm list --all-namespaces
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb web-ns-2 1 2020-02-10 17:16:51.081685598 +0800 CST deployed tomcat-6.1.3 9.0.30
myweb web-ns 1 2020-02-10 17:16:41.719412368 +0800 CST deployed tomcat-6.1.3 9.0.30
列出所有的Release列表,不止包括狀態爲deployed或failed的Release。
helm list -a
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-11 19:37:12.992204173 +0800 CST deployed tomcat-6.1.6 9.0.30
myweb-2 default 1 2020-02-11 19:43:27.35764105 +0800 CST uninstalled tomcat-6.1.6 9.0.30
myweb-3 default 1 2020-02-11 19:52:38.86292511 +0800 CST failed tomcat-6.1.6 9.0.30
只列出所有狀態爲deployed的Release列表。
helm list --deployed
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-11 19:37:12.992204173 +0800 CST deployed tomcat-6.1.6 9.0.30
只列出所有狀態爲uninstalled的Release列表。
helm list --uninstalled
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb-2 default 1 2020-02-11 19:43:27.35764105 +0800 CST uninstalled tomcat-6.1.6 9.0.30
只列出所有狀態爲failed的Release列表。
helm list --failed
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb-3 default 1 2020-02-11 19:52:38.86292511 +0800 CST failed tomcat-6.1.6 9.0.30
只列出所有狀態爲pending-install的Release列表。
# 在一個終端安裝Chart,會花費一些時間。
helm install myweb-4 bitnami/tomcat \
--wait --timeout=10m \
--set service.type=NodePort \
--set persistence.enabled=false
# 在另一個終端執行如下命令,只列出正在安裝的Release。
helm list --pending
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb-4 default 1 2020-02-11 20:04:54.798887637 +0800 CST pending-install tomcat-6.1.6 9.0.30
只列出Release名稱。
helm list -q
myweb
myweb-2
myweb-3
按照時間順序由早到晚列出Release。
helm list -d
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-11 19:37:12.992204173 +0800 CST deployed tomcat-6.1.6 9.0.30
myweb-2 default 1 2020-02-11 19:43:27.35764105 +0800 CST deployed tomcat-6.1.6 9.0.30
myweb-3 default 1 2020-02-11 19:43:34.312640618 +0800 CST deployed tomcat-6.1.6 9.0.30
按照時間順序由晚到早列出Release,-r翻轉排序。
helm list -d -r
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb-3 default 1 2020-02-11 19:43:34.312640618 +0800 CST deployed tomcat-6.1.6 9.0.30
myweb-2 default 1 2020-02-11 19:43:27.35764105 +0800 CST deployed tomcat-6.1.6 9.0.30
myweb default 1 2020-02-11 19:37:12.992204173 +0800 CST deployed tomcat-6.1.6 9.0.30
卸載應用,也就是刪除Chart Release實例。
helm uninstall myweb
卸載某一命名空間的應用。
helm uninstall myweb -n web-ns
卸載應用,但保留歷史記錄,保留歷史記錄主要是爲了回滾操作。
helm uninstall myweb --keep-history
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
# 列出所有Release,包括已經卸載但保留歷史的Release。注意STATUS列。
helm list -a
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-10 17:22:15.326570859 +0800 CST uninstalled tomcat-6.1.3 9.0.30
# 可以看出Kubernetes資源都已經刪除。
kubectl get all
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 57d
Chart包含了很多Kubernetes資源,而且根據values。Helm支持編寫測試用例來驗證Chart是否按預期工作。測試用例也有助於Chart使用者瞭解Chart應該做什麼。
測試用例在Helm Chart中的templates/目錄,是一個pod定義,指定一個的命令來運行容器。容器應該成功退出(exit 0),測試被認爲是成功的。該pod定義必須包含helm測試hook註釋之一:helm.sh/hook: test-success或helm.sh/hook: test-failure。
helm install ambassador stable/ambassador \
--set authService.create=false \
--set rateLimit.create=false \
--set adminService.type=NodePort \
--set service.type=NodePort
helm pull stable/ambassador
# 查看測試用例pod,helm test執行就是該pod。
# 其實就是在容器執行命令:wget http://ambassador:80/ambassador/v0/check_ready
cat ambassador/templates/tests/test-ready.yaml
{{- if not .Values.daemonSet }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "ambassador.fullname" . }}-test-ready"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "ambassador.fullname" . }}:{{ include "ambassador.servicePort" . }}/ambassador/v0/check_ready']
restartPolicy: Never
{{- end }}
helm test ambassador
Pod ambassador-test-ready pending
Pod ambassador-test-ready pending
Pod ambassador-test-ready pending
Pod ambassador-test-ready succeeded
NAME: ambassador
LAST DEPLOYED: Wed Feb 12 12:56:51 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: ambassador-test-ready
Last Started: Wed Feb 12 13:10:24 2020
Last Completed: Wed Feb 12 13:10:42 2020
Phase: Succeeded
NOTES:
Congratulations! You've successfully installed Ambassador.
For help, visit our Slack at https://d6e.co/slack or view the documentation online at https://www.getambassador.io.
To get the IP address of Ambassador, run the following commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services ambassador)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
測試時打印容器日誌。
helm test ambassador --logs
Pod ambassador-test-ready pending
Pod ambassador-test-ready pending
Pod ambassador-test-ready pending
Pod ambassador-test-ready succeeded
NAME: ambassador
LAST DEPLOYED: Wed Feb 12 12:56:51 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: ambassador-test-ready
Last Started: Wed Feb 12 13:17:30 2020
Last Completed: Wed Feb 12 13:17:41 2020
Phase: Succeeded
NOTES:
Congratulations! You've successfully installed Ambassador.
For help, visit our Slack at https://d6e.co/slack or view the documentation online at https://www.getambassador.io.
To get the IP address of Ambassador, run the following commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services ambassador)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
POD LOGS: ambassador-test-ready
Connecting to ambassador:80 (10.1.203.100:80)
saving to 'check_ready'
check_ready 100% |********************************| 39 0:00:00 ETA
'check_ready' saved
# 測試完成後,還遺留一個pod,需要手工刪除。
kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/ambassador-69b784f9d5-448vv 1/1 Running 0 23m
pod/ambassador-69b784f9d5-7wg7t 1/1 Running 0 23m
pod/ambassador-69b784f9d5-w59kj 1/1 Running 0 23m
pod/ambassador-test-ready 0/1 Completed 0 2m31s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ambassador NodePort 10.1.203.100 <none> 80:7141/TCP,443:10860/TCP 23m
service/ambassador-admin NodePort 10.1.6.8 <none> 8877:39544/TCP 23m
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 59d
升級Release到一個新的Chart版本;或者同一Chart版本,但更改values。
helm install ambassador stable/ambassador \
--set authService.create=false \
--set rateLimit.create=false
kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ambassador LoadBalancer 10.1.192.233 <pending> 80:28409/TCP,443:16208/TCP 117s
ambassador-admin ClusterIP 10.1.77.19 <none> 8877/TCP 117s
kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 59d
helm upgrade ambassador stable/ambassador \
--set authService.create=false \
--set rateLimit.create=false \
--set adminService.type=NodePort \
--set service.type=NodePort
Release "ambassador" has been upgraded. Happy Helming!
NAME: ambassador
LAST DEPLOYED: Wed Feb 12 13:24:59 2020
NAMESPACE: default
STATUS: deployed
REVISION: 2
NOTES:
Congratulations! You've successfully installed Ambassador.
For help, visit our Slack at https://d6e.co/slack or view the documentation online at https://www.getambassador.io.
To get the IP address of Ambassador, run the following commands:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services ambassador)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ambassador NodePort 10.1.192.233 <none> 80:28409/TCP,443:16208/TCP 3m18s
ambassador-admin NodePort 10.1.77.19 <none> 8877:21626/TCP 3m18s
kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 59d
如果Release存在,則升級;如果Release不存在,則安裝。
helm upgrade ambassador stable/ambassador -i \
--set authService.create=false \
--set rateLimit.create=false
Release "ambassador" does not exist. Installing it now.
NAME: ambassador
LAST DEPLOYED: Wed Feb 12 13:43:00 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
Congratulations! You've successfully installed Ambassador.
For help, visit our Slack at https://d6e.co/slack or view the documentation online at https://www.getambassador.io.
To get the IP address of Ambassador, run the following commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w --namespace default ambassador'
On GKE/Azure:
export SERVICE_IP=$(kubectl get svc --namespace default ambassador -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
On AWS:
export SERVICE_IP=$(kubectl get svc --namespace default ambassador -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo http://$SERVICE_IP:
如果upgrade命令的絕大多數參數和install命令相同,不再贅述。
顯示Release的狀態。
helm status myweb-2
NAME: myweb-2
LAST DEPLOYED: Tue Feb 11 20:35:52 2020
NAMESPACE: default
STATUS: deployed
REVISION: 4
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **
1. Get the Tomcat URL by running:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services myweb-2-tomcat)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
2. Login with the following credentials
echo Username: user
echo Password: $(kubectl get secret --namespace default myweb-2-tomcat -o jsonpath="{.data.tomcat-password}" | base64 --decode)
顯示Release的某個修訂版本的狀態。
helm status myweb-2 --revision 2
NAME: myweb-2
LAST DEPLOYED: Tue Feb 11 20:18:49 2020
NAMESPACE: default
STATUS: superseded
REVISION: 2
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **
1. Get the Tomcat URL by running:
** Please ensure an external IP is associated to the myweb-2-tomcat service before proceeding **
** Watch the status using: kubectl get svc --namespace default -w myweb-2-tomcat **
export SERVICE_IP=$(kubectl get svc --namespace default myweb-2-tomcat --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
echo URL : http://$SERVICE_IP/
echo Management URL : http://$SERVICE_IP/manager
2. Login with the following credentials
echo Username: user
echo Password: $(kubectl get secret --namespace default myweb-2-tomcat -o jsonpath="{.data.tomcat-password}" | base64 --decode)
顯示Release的歷史修訂。
helm uninstall --keep-history myweb
# helm list不會顯示卸載了但保留歷史的Release。
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
# helm list -a會顯示卸載了但保留歷史的Release。注意修訂REVISION爲1。
helm list -a
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 1 2020-02-11 18:07:06.201453014 +0800 CST uninstalled tomcat-6.1.6 9.0.30
helm history myweb
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Feb 11 18:07:06 2020 uninstalled tomcat-6.1.6 9.0.30 Uninstallation complete
helm install myweb bitnami/tomcat \
--replace \
--set persistence.enabled=false
# helm list只顯示生效的Release。注意修訂REVISION爲2
helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myweb default 2 2020-02-11 17:55:47.971239954 +0800 CST deployed tomcat-6.1.6 9.0.30
helm history myweb
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Feb 11 16:46:37 2020 superseded tomcat-6.1.6 9.0.30 superseded by new release
2 Tue Feb 11 17:55:47 2020 deployed tomcat-6.1.6 9.0.30 Install complete
將Release回滾到以前的修訂版本。
# 先安裝myweb-2
helm install myweb-2 bitnami/tomcat \
--set service.type=NodePort \
--set persistence.enabled=false
# 卸載myweb-2,但保留歷史。
helm uninstall myweb-2 --keep-history
# 再重新安裝myweb-2
helm install myweb-2 bitnami/tomcat \
--replace \
--set persistence.enabled=false
helm history myweb-2
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Feb 11 19:43:27 2020 superseded tomcat-6.1.6 9.0.30 superseded by new release
2 Tue Feb 11 20:18:49 2020 superseded tomcat-6.1.6 9.0.30 Install complete
回滾Release,沒有指定修訂版本,則回滾到上一個修訂版本。
helm rollback myweb-2
# 可以看出回滾是重新安裝,會生成新的修訂版本。
helm history myweb-2
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Feb 11 19:43:27 2020 superseded tomcat-6.1.6 9.0.30 superseded by new release
2 Tue Feb 11 20:18:49 2020 superseded tomcat-6.1.6 9.0.30 Install complete
3 Tue Feb 11 20:25:55 2020 deployed tomcat-6.1.6 9.0.30 Rollback to 1
# 看Service,類型爲NodePort,確實回滾到前一個修訂版本。
kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myweb-2-tomcat NodePort 10.1.218.184 <none> 80:15153/TCP 15m
回滾到指定修訂版本。
helm rollback myweb-2 1
Rollback was a success! Happy Helming!
helm history myweb-2
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Feb 11 19:43:27 2020 superseded tomcat-6.1.6 9.0.30 superseded by new release
2 Tue Feb 11 20:18:49 2020 superseded tomcat-6.1.6 9.0.30 Install complete
3 Tue Feb 11 20:25:55 2020 superseded tomcat-6.1.6 9.0.30 Rollback to 1
4 Tue Feb 11 20:35:52 2020 deployed tomcat-6.1.6 9.0.30 Rollback to 1
模擬回滾操作。
helm rollback myweb-2 --dry-run
Rollback was a success! Happy Helming!
顯示Release的各種信息。注意helm show命令是針對Chart的,helm get是針對Release的。
顯示Release的用戶提供的values。
helm get values myweb
USER-SUPPLIED VALUES:
persistence:
enabled: false
service:
type: NodePort
顯示Release的所有的values,注意是經過計算後的values。
helm get values myweb -a
COMPUTED VALUES:
affinity: {}
image:
pullPolicy: IfNotPresent
registry: docker.io
repository: bitnami/tomcat
tag: 9.0.30-debian-10-r0
ingress:
annotations: null
certManager: false
enabled: false
hosts:
- name: tomcat.local
path: /
tls: false
tlsSecret: tomcat.local-tls
nodeSelector: {}
persistence:
accessModes:
- ReadWriteOnce
annotations: null
enabled: false
size: 8Gi
podAnnotations: {}
podLabels: {}
resources:
limits: {}
requests:
cpu: 300m
memory: 512Mi
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
service:
annotations: {}
externalTrafficPolicy: Cluster
nodePort: ""
port: 80
type: NodePort
tolerations: []
tomcatAllowRemoteManagement: 0
tomcatUsername: user
volumePermissions:
enabled: false
image:
pullPolicy: Always
registry: docker.io
repository: bitnami/minideb
tag: buster
resources:
limits: {}
requests: {}
顯示Release的所有的Kubernetes資源清單,註釋標明瞭該資源生成於那個模板yaml文件。
helm get manifest myweb
---
# Source: tomcat/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: myweb-tomcat
labels:
app: tomcat
chart: tomcat-6.1.6
release: myweb
heritage: Helm
type: Opaque
data:
tomcat-password: "cEZBWHFMNEtVVw=="
---
# Source: tomcat/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myweb-tomcat
labels:
app: tomcat
chart: tomcat-6.1.6
release: myweb
heritage: Helm
spec:
type: NodePort
externalTrafficPolicy: "Cluster"
ports:
- name: http
port: 80
targetPort: http
selector:
app: tomcat
release: myweb
---
# Source: tomcat/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myweb-tomcat
labels:
app: tomcat
chart: tomcat-6.1.6
release: myweb
heritage: Helm
spec:
selector:
matchLabels:
app: tomcat
release: myweb
template:
metadata:
labels:
app: tomcat
chart: tomcat-6.1.6
release: myweb
heritage: Helm
spec:
securityContext:
fsGroup: 1001
runAsUser: 1001
containers:
- name: tomcat
image: docker.io/bitnami/tomcat:9.0.30-debian-10-r0
imagePullPolicy: "IfNotPresent"
env:
- name: TOMCAT_USERNAME
value: "user"
- name: TOMCAT_PASSWORD
valueFrom:
secretKeyRef:
name: myweb-tomcat
key: tomcat-password
- name: TOMCAT_ALLOW_REMOTE_MANAGEMENT
value: "0"
ports:
- name: http
containerPort: 8080
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 120
timeoutSeconds: 5
failureThreshold: 6
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 51
resources:
limits: {}
requests:
cpu: 300m
memory: 512Mi
volumeMounts:
- name: data
mountPath: /bitnami/tomcat
volumes:
- name: data
emptyDir: {}
顯示Release的說明文件NOTES.txt。
helm get notes myweb
NOTES:
** Please be patient while the chart is being deployed **
1. Get the Tomcat URL by running:
export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services myweb-tomcat)
export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
2. Login with the following credentials
echo Username: user
echo Password: $(kubectl get secret --namespace default myweb-tomcat -o jsonpath="{.data.tomcat-password}" | base64 --decode)
顯示Release的所有信息,包括基本信息、說明信息、hooks,values和Kubernetes資源清單。
helm get all myweb
......
顯示Release的所涉及模板變量的值。
helm get all myweb --template {{.Release.Name}}
myweb
創建一個模板Chart,會根據給定的Chart名稱生成一個目錄以及該Chart的一些樣例文件。
helm create foo
Creating foo
ls
foo
tree foo
foo
├── charts
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── serviceaccount.yaml
│ ├── service.yaml
│ └── tests
│ └── test-connection.yaml
└── values.yaml
3 directories, 9 files
我們可以使用create命令創建一個模板,然後根據該模板快速開發。
顯示Chart包的各種信息,Chart包中的Chart.yaml, values.yaml和README.md文件包含了Chart重要關鍵信息,可以通過helm show命令行顯示這些文件的內容,方便了解Chart關鍵內容。以下爲Tomcat Chart目錄結構。
tree tomcat
tomcat
├── Chart.yaml
├── ci
│ └── values-with-ingress-and-initcontainers.yaml
├── README.md
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── pvc.yaml
│ ├── secrets.yaml
│ └── svc.yaml
└── values.yaml
顯示Chart.yaml信息,該文件描述了Chart的版本,描述,開發者等信息。
helm show chart bitnami/tomcat
apiVersion: v1
appVersion: 9.0.30
description: Chart for Apache Tomcat
home: http://tomcat.apache.org
icon: https://bitnami.com/assets/stacks/tomcat/img/tomcat-stack-110x117.png
keywords:
- tomcat
- java
- http
- web
- application server
- jsp
maintainers:
- email: [email protected]
name: Bitnami
name: tomcat
sources:
- https://github.com/bitnami/bitnami-docker-tomcat
version: 6.1.3
顯示values.yaml信息,該文件描述了Chart模板中各個可以覆蓋的參數,這些參數都可以在安裝Chart時被命令行參數覆蓋。
helm show values bitnami/tomcat
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
# global:
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Bitnami Tomcat image version
## ref: https://hub.docker.com/r/bitnami/tomcat/tags/
##
image:
registry: docker.io
repository: bitnami/tomcat
tag: 9.0.30-debian-9-r9
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## String to partially override tomcat.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override tomcat.fullname template
##
# fullnameOverride:
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
enabled: false
image:
registry: docker.io
repository: bitnami/minideb
tag: stretch
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Init container' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests: {}
# cpu: 100m
# memory: 128Mi
## Admin user
## ref: https://github.com/bitnami/bitnami-docker-tomcat#creating-a-custom-user
##
tomcatUsername: user
## Admin password
## ref: https://github.com/bitnami/bitnami-docker-tomcat#creating-a-custom-user
##
# tomcatPassword:
## Expose management services
## ref: https://github.com/bitnami/charts/tree/master/bitnami/tomcat#configuration
##
tomcatAllowRemoteManagement: 0
## Additional pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Tomcat containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 500m
# memory: 1Gi
requests:
cpu: 300m
memory: 512Mi
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## If true, use a Persistent Volume Claim, If false, use emptyDir
##
enabled: true
## Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Persistent Volume Claim annotations
##
annotations:
## Persistent Volume Access Mode
##
accessModes:
- ReadWriteOnce
## Persistent Volume size
##
size: 8Gi
## Service parameters
##
service:
## Service type
##
type: LoadBalancer
## HTTP port
##
port: 80
## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePort: ""
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## Ingress parameters
##
ingress:
## Set to true to enable ingress record generation
##
enabled: false
## Set this to true in order to add the corresponding annotations for cert-manager
##
certManager: false
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
##
annotations:
# kubernetes.io/ingress.class: nginx
## The list of hostnames to be covered with this ingress record.
## Most likely this will be just one host, but in the event more hosts are needed, this is an array
##
hosts:
- name: tomcat.local
path: /
## Set this to true in order to enable TLS on the ingress record
##
tls: false
## Optionally specify the TLS hosts for the ingress record
## Useful when the Ingress controller supports www-redirection
## If not specified, the above host name will be used
# tlsHosts:
# - www.tomcat.local
# - tomcat.local
## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
##
tlsSecret: tomcat.local-tls
顯示README.md信息,該文件包含Chart介紹、安裝、參數、版本等信息。
helm show readme bitnami/tomcat
# Tomcat
[Apache Tomcat](http://tomcat.apache.org/), often referred to as Tomcat, is an open-source web server and servlet container developed by the Apache Software Foundation. Tomcat implements several Java EE specifications including Java Servlet, JavaServer Pages, Java EL, and WebSocket, and provides a "pure Java" HTTP web server environment for Java code to run in.
## TL;DR;
```console
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install bitnami/tomcat
```
## Introduction
This chart bootstraps a [Tomcat](https://github.com/bitnami/bitnami-docker-tomcat) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications.
## Prerequisites
- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install --name my-release bitnami/tomcat
```
These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
The following tables lists the configurable parameters of the Tomcat chart and their default values.
| Parameter | Description | Default |
| ------------------------------------ | --------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
| `image.registry` | Tomcat image registry | `docker.io` |
| `image.repository` | Tomcat Image name | `bitnami/tomcat` |
| `image.tag` | Tomcat Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
| `volumePermissions.resources` | Init container resource requests/limit | `{}` |
| `nameOverride` | String to partially override tomcat.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override tomcat.fullname template with a string | `nil` |
| `tomcatUsername` | Tomcat admin user | `user` |
| `tomcatPassword` | Tomcat admin password | _random 10 character alphanumeric string_ |
| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` (disabled) |
| `podAnnotations` | Pod annotations | `{}` |
| `affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) |
| `nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) |
| `tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the container | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `resources` | CPU/Memory resource requests/limits | `{"requests": {"Memory": "512Mi", CPU: "300m"}}` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `nil` (uses alpha storage class annotation) |
| `persistence.accessMode` | PVC Access Mode for Tomcat volume | `ReadWriteOnce` |
| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` |
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.port` | Service HTTP port | `80` |
| `service.nodePort` | Kubernetes http node port | `""` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.loadBalancerIP` | LoadBalancer service IP address | `""` |
| `service.annotations` | Service annotations | `{}` |
| `ingress.enabled` | Enable the ingress controller | `false` |
| `ingress.certManager` | Add annotations for certManager | `false` |
| `ingress.annotations` | Annotations to set in the ingress controller | `{}` |
| `ingress.hosts[0].name` | Hostname to your opencart installation | `tomcat.local` |
| `ingress.hosts[0].path` | Path within the url structure | `/` |
| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` |
| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` |
| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `tomcat.local-tls` |
The above parameters map to the env variables defined in [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat). For more information please refer to the [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install --name my-release \
--set tomcatUser=manager,tomcatPassword=password bitnami/tomcat
```
The above command sets the Tomcat management username and password to `manager` and `password` respectively.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
$ helm install --name my-release -f values.yaml bitnami/tomcat
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
## Persistence
The [Bitnami Tomcat](https://github.com/bitnami/bitnami-docker-tomcat) image stores the Tomcat data and configurations at the `/bitnami/tomcat` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
### Adjust permissions of persistent volume mountpoint
As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it.
By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions.
As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination.
You can enable this initContainer by setting `volumePermissions.enabled` to `true`.
## Notable changes
### 5.0.0
This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which is based on Bash instead of Node.js.
## Upgrading
### To 2.1.0
Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below:
```
$ helm upgrade my-release stable/tomcat
```
If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below:
```
$ helm upgrade my-release stable/tomcat --set securityContext.enabled=fase,image.tag=XXX
```
### To 1.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is tomcat:
```console
$ kubectl patch deployment tomcat --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
```
通過一個命令顯示Chart的所有信息,包括Chart.yaml, values.yaml和README.md。
helm show all bitnami/tomcat
......
渲染Chart模板並打印輸出,並不實際安裝。和helm get manifest類似。
helm template myweb bitnami/tomcat \
--set service.type=NodePort \
--set persistence.enabled=false
---
# Source: tomcat/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: myweb-tomcat
labels:
app: tomcat
chart: tomcat-6.1.6
release: myweb
heritage: Helm
type: Opaque
data:
tomcat-password: "em9kbkc1RU5pcw=="
---
# Source: tomcat/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myweb-tomcat
labels:
app: tomcat
chart: tomcat-6.1.6
release: myweb
heritage: Helm
spec:
type: NodePort
externalTrafficPolicy: "Cluster"
ports:
- name: http
port: 80
targetPort: http
selector:
app: tomcat
release: myweb
---
# Source: tomcat/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myweb-tomcat
labels:
app: tomcat
chart: tomcat-6.1.6
release: myweb
heritage: Helm
spec:
selector:
matchLabels:
app: tomcat
release: myweb
template:
metadata:
labels:
app: tomcat
chart: tomcat-6.1.6
release: myweb
heritage: Helm
spec:
securityContext:
fsGroup: 1001
runAsUser: 1001
containers:
- name: tomcat
image: docker.io/bitnami/tomcat:9.0.30-debian-10-r0
imagePullPolicy: "IfNotPresent"
env:
- name: TOMCAT_USERNAME
value: "user"
- name: TOMCAT_PASSWORD
valueFrom:
secretKeyRef:
name: myweb-tomcat
key: tomcat-password
- name: TOMCAT_ALLOW_REMOTE_MANAGEMENT
value: "0"
ports:
- name: http
containerPort: 8080
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 120
timeoutSeconds: 5
failureThreshold: 6
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 51
resources:
limits: {}
requests:
cpu: 300m
memory: 512Mi
volumeMounts:
- name: data
mountPath: /bitnami/tomcat
volumes:
- name: data
emptyDir: {}
template命令的絕大多數參數和install命令相同,不再贅述。
管理Chart依賴。
列出Chart申明的所有依賴的列表。
helm dependency list kong
NAME VERSION REPOSITORY STATUS
postgresql ~8.1.0 https://kubernetes-charts.storage.googleapis.com/ ok
helm dependency list kong-1.1.1.tgz
NAME VERSION REPOSITORY STATUS
postgresql ~8.1.0 https://kubernetes-charts.storage.googleapis.com/ missing
更新Chart申明的所有依賴符合要求的最新版本,更新的依賴的tgz包文件會放到charts路徑下。更新之前會先更新所有的倉庫。
ls kong/charts/
postgresql
helm dependency update kong
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "kong" chart repository
...Successfully got an update from the "incubator" chart repository
...Successfully got an update from the "aliyuncs" chart repository
...Successfully got an update from the "bitnami" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 1 charts
Downloading postgresql from repo https://kubernetes-charts.storage.googleapis.com/
Deleting outdated charts
ls kong/charts/
postgresql postgresql-8.1.5.tgz
Helm運行一系列測試以驗證Chart格式是否正確。如果遇到會導致Chart安裝失敗的事件,將發出[ERROR]消息。如果遇到違反約定或推薦的問題,將發出[WARNING]消息。
helm lint tomcat/
==> Linting tomcat/
1 chart(s) linted, 0 chart(s) failed
將目錄結構的Chart打包成帶版本號tgz格式的Chart包。和helm repo index配合用來搭建私有倉庫。
helm pull bitnami/tomcat --untar --version 6.1.6
ls
tomcat
helm package tomcat
Successfully packaged chart and saved it to: /root/helm/tomcat-6.1.6.tgz
ls
tomcat tomcat-6.1.6.tgz
在打包時,設置覆蓋的values,此時Chart包中values.yaml文件對應的key的鍵值會被自動替換爲命令行中的values。
helm package tomcat \
--set service.type=NodePort \
--set persistence.enabled=false
Successfully packaged chart and saved it to: /root/helm/tomcat-6.1.6.tgz
# service.type和persistence.enabled確實被改了缺省值
helm show values tomcat-6.1.6.tgz
affinity: {}
image:
pullPolicy: IfNotPresent
registry: docker.io
repository: bitnami/tomcat
tag: 9.0.30-debian-10-r0
ingress:
annotations: null
certManager: false
enabled: false
hosts:
- name: tomcat.local
path: /
tls: false
tlsSecret: tomcat.local-tls
nodeSelector: {}
persistence:
accessModes:
- ReadWriteOnce
annotations: null
enabled: false
size: 8Gi
podAnnotations: {}
podLabels: {}
resources:
limits: {}
requests:
cpu: 300m
memory: 512Mi
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
service:
annotations: {}
externalTrafficPolicy: Cluster
nodePort: ""
port: 80
type: NodePort
tolerations: []
tomcatAllowRemoteManagement: 0
tomcatUsername: user
volumePermissions:
enabled: false
image:
pullPolicy: Always
registry: docker.io
repository: bitnami/minideb
tag: buster
resources:
limits: {}
requests: {}
本地開發完成Chart後,可以使用package命令打包生成tgz的Chart包,和index命令生成的index.yaml一起上傳到Web服務器搭建私有倉庫。
插件管理。
驗證Chart是否有有效的provenance文件。