Helm:仓库的前端工具
Chart:包管理器
包管理器:Chart
在kubernetes上部署应用程序所需要用到的各类资源配置文件
得给不同的用户面向不用场景留出配置接口:配置文件内置了很多模板字串
go-template
这些模板字串都被内置提供了默认值:values,yaml,值文件
Chart仓库:
Chart制定和分发
Chart Hub:https://artifacthub.io/使用helm部署应用:
(1)配置仓库
(2)定位chart
(3)通过向chart中模板字串赋值完成其实例化,即模板渲染;
模板字串的渲染方式:
(a)直接在helm install的命令行,通过--set选项进行;
(b)自定义values.yaml,由helm install命令加载该文件;
实例化后的结果,就可以部署到目录kubernetes上;
(4)每个部署出来的结果,称为一个release;
应用安装命令:helm install 就是完成部署部署helm
下载helm:
https://github.com/helm/helm/releases/tag/v3.10.2
[root@k8s-master01 packages]#ls
cri-dockerd_0.2.6.3-0.ubuntu-focal_amd64_.deb 'helm-v3.10.2-linux-amd64_(1).tar.gz'
[root@k8s-master01 packages]#tar xf 'helm-v3.10.2-linux-amd64_(1).tar.gz'
解压:
[root@k8s-master01 packages]#ls
cri-dockerd_0.2.6.3-0.ubuntu-focal_amd64_.deb 'helm-v3.10.2-linux-amd64_(1).tar.gz' linux-amd64/
[root@k8s-master01 packages]#cd linux-amd64/
[root@k8s-master01 packages/linux-amd64]#ls
helm LICENSE README.md
将helm文件移动到/usr/local/bin/目录下:
[root@k8s-master01 linux-amd64]#mv helm /usr/local/bin/
helm加载配置节点下的kubeconfig文件,认证到API Server。
该kubeconfig配置文件中所保存认证凭据的用户身份被赋予了什么权限,helm相应的具有什么权限
kubectl config view
此时就有helm命令可以使用:
[root@k8s-master01 ~]#helm
The Kubernetes package manager
Common actions for Helm:
- helm search: search for charts #搜索仓库下的服务,可以去hub或repo(当地仓库)搜索
- helm pull: download a chart to your local directory to view
- helm install: upload the chart to Kubernetes
- helm list: list releases of charts #列出指定名称空间下已经安装好的releases
helm repo:管理仓库
helm repo list:列出本地配置好的仓库
helm repo add:拉取仓库
helm repo remove:移除仓库helm部署MySQL
拉取站点:
https://artifacthub.io/packages/helm/bitnami/mysql
去站点拉取仓库:
[root@k8s-master01 ~]#helm repo add bitnami(仓库名) https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories
查看仓库:
[root@k8s-master01 ~]#helm repo list
NAME URL
bitnami https://charts.bitnami.com/bitnami
在已经下载好的仓库搜索MySQL:
[root@k8s-master01 ~]#helm search repo mysql
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/mysql 9.4.4 8.0.31 MySQL is a fast, reliable, scalable, and easy t...
bitnami/phpmyadmin 10.3.6 5.2.0 phpMyAdmin is a free software tool written in P...
bitnami/mariadb 11.4.0 10.6.11 MariaDB is an open source, community-developed ...
bitnami/mariadb-galera 7.4.8 10.6.11 MariaDB Galera is a multi-primary database clus...
也可以在hub上搜:
[root@k8s-master01 ~]#helm search hub mysql
基于bitnami仓库下mysql chart部署release,就会自动把mysql部署起来了
helm install my-release bitnami/mysql #这里的mysql镜像有没有主从等等取决于默认值文件中的定义
也可以把mysql下载下来进行查看:
[root@k8s-master01 ~]#cd /tmp/
[root@k8s-master01 /tmp/]#helm pull bitnami/mysql
对chart进行解包
[root@k8s-master01 /tmp/]#tar xf mysql-9.4.3.tar
[root@k8s-master01 /tmp/]#cd mysql/
创建一个名称空间给mysql使用:
[root@k8s-master01 ~]#kubectl create namespace blog
namespace/blog created
配置mysql主从复制并支持持久化
下载MySQL:
仅有主节点使用以下命令:
helm install mysql \
--set auth.rootPassword=MageEdu \
--set primary.persistence.storageClass=nfs-csi \
--set auth.database=wpdb \
--set auth.username=wpuser \
--set auth.password='magedu.com' \
bitnami/mysql \
-n blog
主从节点使用以下命令:
helm install mysql \
--set auth.rootPassword=MageEdu \
--set global.storageClass=nfs-csi \
--set architecture=replication \
--set auth.database=wpdb \
--set auth.username=wpuser \
--set auth.password='magedu.com' \
--set secondary.replicaCount=1 \
--set auth.replicationPassword='replpass' \
bitnami/mysql \
-n blog
下载成功,会返回一个信息:
NAME: mysql
LAST DEPLOYED: Mon Nov 21 17:58:12 2022
NAMESPACE: blog
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: mysql
CHART VERSION: 9.4.4
APP VERSION: 8.0.31
查看部署时所显示的相关信息
helm list -n blog
helm status mysql -n blog
release 更新/升级:helm upgrade
release 回滚:helm rollback
增加到两个:
helm upgrade mysql \
--set auth.rootPassword=MageEdu \
--set global.storageClass=nfs-csi \
--set architecture=replication \
--set auth.database=wpdb \
--set auth.username=wpuser \
--set auth.password='magedu.com' \
--set secondary.replicaCount=2 \
--set auth.replicationPassword='replpass' \
bitnami/mysql \
-n blog把主节点的服务入口mysql-primary.blog.svc.cluster.local:3306作为wordpress对接的入口
部署wordpress
在下载好仓库的前提下部署:
Wordpress:
1、自带的MariaDB:
helm install wordpress \
--set wordpressUsername=wpuser \
--set wordpressPassword='magedu.com' \
--set mariadb.auth.rootPassword=secretpassword \
bitnami/wordpress
2、外部的数据:借助于部署好的mysql
helm install wordpress \
--set mariadb.enabled=false \
--set externalDatabase.host=mysql.blog.svc.cluster.local \
--set externalDatabase.user=wpuser \
--set externalDatabase.password='magedu.com' \
--set externalDatabase.database=wpdb \
--set externalDatabase.port=3306 \
--set persistence.storageClass=nfs-csi \
--set wordpressUsername=admin \
--set wordpressPassword='magedu.com' \
bitnami/wordpress \
-n blog
3、外部的数据,支持Ingress,且使用的mysql支持主从架构:
helm install wordpress \
--set mariadb.enabled=false \
--set externalDatabase.host=mysql-primary.blog.svc.cluster.local \
--set externalDatabase.user=wpuser \
--set externalDatabase.password='magedu.com' \
--set externalDatabase.database=wpdb \
--set externalDatabase.port=3306 \
--set persistence.storageClass=nfs-csi \
--set ingress.enabled=true \
--set ingress.ingressClassName=nginx \
--set ingress.hostname=blog.magedu.com \
--set ingress.pathType=Prefix \
--set wordpressUsername=admin \
--set wordpressPassword='magedu.com' \
bitnami/wordpress \
-n blog
返回信息:
NAME: wordpress
LAST DEPLOYED: Mon Nov 21 20:56:36 2022
NAMESPACE: blog
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: wordpress
CHART VERSION: 15.2.16
APP VERSION: 6.1.1
生成service:
[root@k8s-master01 ~]#kubectl get svc -n blog
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mysql-primary ClusterIP 10.98.172.225 <none> 3306/TCP 179m
mysql-primary-headless ClusterIP None <none> 3306/TCP 179m
mysql-secondary ClusterIP 10.96.127.137 <none> 3306/TCP 179m
mysql-secondary-headless ClusterIP None <none> 3306/TCP 179m
wordpress LoadBalancer 10.101.98.37 <pending> 80:32765/TCP,443:32711/TCP 55s
已对接ingress:
[root@k8s-master01 ~]#kubectl get ingress -n blog
NAME CLASS HOSTS ADDRESS PORTS AGE
wordpress nginx blog.magedu.com 10.0.0.200 80 2m2s
可部署proxysql实现mysql的读写分离部署harbor
下载helm官方仓库:
[root@k8s-master01 ~]#helm repo add harbor https://helm.goharbor.io
"harbor" has been added to your repositories
[root@k8s-master01 ~]#helm repo list
NAME URL
bitnami https://charts.bitnami.com/bitnami
harbor https://helm.goharbor.io
配置文件:
[root@k8s-master01 ~]#helm show values harbor/harbor > harbor-values.yaml
[root@k8s-master01 ~]#vim harbor-values.yaml
expose:
type: ingress
tls:
enabled: true
certSource: auto
ingress:
hosts:
core: hub.magedu.com
notary: notary.magedu.com
controller: default
annotations:
kubernetes.io/ingress.class: "nginx"
ipFamily:
ipv6:
enabled: false
ipv4:
enabled: true
externalURL: https://hub.magedu.com
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
chartmuseum:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
jobservice:
jobLog:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
scanDataExports:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
database:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
redis:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
trivy:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
harborAdminPassword: "magedu.com"
创建名称空间:
[root@k8s-master01 ~]#kubectl create namespace harbor
namespace/harbor created
创建harbor:
[root@k8s-master01 ~]#helm install harbor -f harbor-values.yaml harbor/harbor -n harbor
NAME: harbor
LAST DEPLOYED: Mon Nov 21 21:41:19 2022
NAMESPACE: harbor
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://hub.magedu.com
For more details, please visit https://github.com/goharbor/harbor
harbor名称空间下会创建大量的pod:
[root@k8s-master01 ~]#kubectl get pods -n harbor
NAME READY STATUS RESTARTS AGE
harbor-chartmuseum-5d9db64d74-mkh6w 0/1 Pending 0 66s
harbor-core-8c486d7bc-m4pwv 0/1 ContainerCreating 0 65s
harbor-database-0 0/1 Pending 0 65s
harbor-jobservice-5447b4f7d5-pr7n5 0/1 Pending 0 66s
harbor-notary-server-578dd765bb-cm9tf 0/1 ContainerCreating 0 66s
harbor-notary-signer-7dbb4dff54-bvtx7 0/1 ContainerCreating 0 66s
harbor-portal-8d5b66f98-69n42 0/1 ContainerCreating 0 66s
harbor-redis-0 0/1 Pending 0 65s
harbor-registry-8445954467-mjmdw 0/2 Pending 0 66s
harbor-trivy-0 0/1 Pending 0 65s
解析地址hub.magedu.com即可访问删除所有harbor:
[root@k8s-master01 ~]#helm delete harbor -n harbor
