之前一直回避这个东东,源于两方面原因:一是感觉构架复杂了,又有tiller又有helm,二来我自己写的部署平台,是自己来解析Yaml的。
但是,helm3.0构架变得简单了,并且这个东东,几乎是k8s的又一个部署标准,不了解不行呀。这不,gitlab在k8s里运行runner,推荐就是用Helm来作。
那即然如是,弄起来呗!
参考URL:
https://blog.csdn.net/cyfblog/article/details/99594921
https://www.jianshu.com/p/7ab38da8758e
先来一份简单安装,边操作边记录:
一,下载helm二进制客户端
wget https://get.helm.sh/helm-v2.9.0-linux-amd64.tar.gz
二,解压,放到/usr/local/bin下面,方便执行命令
tar -zxvf helm-v2.9.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/
三,测试helm客户端命令
[root@localhost linux-amd64]# helm
The Kubernetes package manager
To begin working with Helm, run the 'helm init' command:
$ helm init
This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.
Common actions from this point include:
- helm search: search for charts
- helm fetch: download a chart to your local directory to view
- helm install: upload the chart to Kubernetes
- helm list: list releases of charts
Environment:
$HELM_HOME set an alternative location for Helm files. By default, these are stored in ~/.helm
$HELM_HOST set an alternative Tiller host. The format is host:port
$HELM_NO_PLUGINS disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
$TILLER_NAMESPACE set an alternative Tiller namespace (default "kube-system")
$KUBECONFIG set an alternative Kubernetes configuration file (default "~/.kube/config")
Usage:
helm [command]
Available Commands:
completion Generate autocompletions script for the specified shell (bash or zsh)
create create a new chart with the given name
delete given a release name, delete the release from Kubernetes
dependency manage a chart's dependencies
fetch download a chart from a repository and (optionally) unpack it in local directory
get download a named release
history fetch release history
home displays the location of HELM_HOME
init initialize Helm on both client and server
inspect inspect a chart
install install a chart archive
lint examines a chart for possible issues
list list releases
package package a chart directory into a chart archive
plugin add, list, or remove Helm plugins
repo add, list, remove, update, and index chart repositories
reset uninstalls Tiller from a cluster
rollback roll back a release to a previous revision
search search for a keyword in charts
serve start a local http web server
status displays the status of the named release
template locally render templates
test test a release
upgrade upgrade a release
verify verify that a chart at the given path has been signed and is valid
version print the client/server version information
Flags:
--debug enable verbose output
-h, --help help for helm
--home string location of your Helm config. Overrides $HELM_HOME (default "/root/.helm")
--host string address of Tiller. Overrides $HELM_HOST
--kube-context string name of the kubeconfig context to use
--tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300)
--tiller-namespace string namespace of Tiller (default "kube-system")
Use "helm [command] --help" for more information about a command.
四,k8s集群rbac权限设置
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
五,在k8s集群内安装Tiller
helm init --upgrade --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
要是上面这个命令报错:
$HELM_HOME has been configured at /root/.helm.
Error: error installing: the server could not find the requested resource
这说明api的版本有些落后,则使用如下命令弄一弄:
helm init --upgrade --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | kubectl apply -f -
六,一旦安装完成,使用helm version命令验证客户端和服务器端版本
[root@localhost linux-amd64]# helm version
Client: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
七,不能出网的内网,如何初始化helm服务?
前面的操作,只是表示Helm已在服务端和客户端就绪,而如果真正应用一个heml chart仓库在k8s中,才能发挥Helm的真正作用。
其实在第5步时,如果没有连上网络,是不能够正常运行的。会报错。
一个连随时联网的网络,按网上大路货操作,就是可以了。但如果在一个封闭的内网呢?网外的任何chart仓库都是不能访问的,那如何玩helm呢?
1,自己启动一个heml仓库空服务
helm serve --address localhost:8005 &
2,更新第5步的命令如下:
helm init --upgrade --service-account tiller --tiller-image xxx/3rd_part/tiller:v2.9.0 --stable-repo-url http://localhost:8005/
3,需要helm部署时,从应用的官网下载chart文件
https://github.com/helm/charts/
4,更新chart后,打包成tgz文件
helm package .
5,使用heml命令更新到k8s(因为没有chart仓库,可能需要先删除老的,再部署新的)
helm del --purge gitlab-runner
helm install --namespace gitlab --name gitlab-runner gitlab-runner-0.17.0-beta.tgz
6,一个快捷打包和更新应用的命令
helm package . && helm upgrade gitlab-runner gitlab-runner-0.17.0-beta.tgz