介绍
- Helm是Kubernetes 应用的包管理工具,主要用来管理 Charts,类似Linux系统的yum。
- Helm Chart 是用来封装 Kubernetes 原生应用程序的一系列 YAML 文件。可以在你部署应用的时候自定义应用程序的一些 Metadata,以便于应用程序的分发。
- 对于应用发布者而言,可以通过 Helm 打包应用、管理应用依赖关系、管理应用版本并发布应用到软件仓库。
- 对于使用者而言,使用 Helm 后不用需要编写复杂的应用部署文件,可以以简单的方式在 Kubernetes 上查找、安装、升级、回滚、卸载应用程序
Helm安装
安装地址 PATH
下载包:helm-v3.11.1-linux-amd64.tar.gz
解压:
[root@master ~]# tar -xf helm-v3.11.1-linux-amd64.tar.gz [root@master ~]# cd linux-amd64/ [root@master linux-amd64]# ll -rwxr-xr-x 1 1001 1002 46870528 2月 9 01:29 helm -rw-r--r-- 1 1001 1002 11373 2月 9 01:39 LICENSE -rw-r--r-- 1 1001 1002 3367 2月 9 01:39 README.md [root@master linux-amd64]# cp helm /usr/local/bin/
- helm命令自动补齐:
[root@master linux-amd64]# yum -y install bash-completion [root@master linux-amd64]# echo "source <(kubectl completion bash)" >> ~/.bashrc [root@master linux-amd64]# helm completion bash > /etc/bash_completion.d/helm [root@master linux-amd64]# helm completion bash -h Generate the autocompletion script for Helm for the bash shell. To load completions in your current shell session: source <(helm completion bash) To load completions for every new session, execute once: - Linux: helm completion bash > /etc/bash_completion.d/helm - MacOS: helm completion bash > /usr/local/etc/bash_completion.d/helm 自动补齐命令安装后,因为.bashrc文件被修改,login输入端会变化为 -bash-4.2#
- 安装完成:
[root@master linux-amd64]# helm version version.BuildInfo{Version:"v3.11.1", GitCommit:"293b50c65d4d56187cd4e2f390f0ada46b4c4737", GitTreeState:"clean", GoVersion:"go1.18.10"}
Helm命令大全
[root@master linux-amd64]# helm --help The Kubernetes package manager Common actions for Helm: - helm search: search for charts - helm pull: download a chart to your local directory to view - helm install: upload the chart to Kubernetes - helm list: list releases of charts Environment variables: | Name | Description | |------------------------------------|---------------------------------------------------------------------------------------------------| | $HELM_CACHE_HOME | set an alternative location for storing cached files. | | $HELM_CONFIG_HOME | set an alternative location for storing Helm configuration. | | $HELM_DATA_HOME | set an alternative location for storing Helm data. | | $HELM_DEBUG | indicate whether or not Helm is running in Debug mode | | $HELM_DRIVER | set the backend storage driver. Values are: configmap, secret, memory, sql. | | $HELM_DRIVER_SQL_CONNECTION_STRING | set the connection string the SQL storage driver should use. | | $HELM_MAX_HISTORY | set the maximum number of helm release history. | | $HELM_NAMESPACE | set the namespace used for the helm operations. | | $HELM_NO_PLUGINS | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. | | $HELM_PLUGINS | set the path to the plugins directory | | $HELM_REGISTRY_CONFIG | set the path to the registry config file. | | $HELM_REPOSITORY_CACHE | set the path to the repository cache directory | | $HELM_REPOSITORY_CONFIG | set the path to the repositories file. | | $KUBECONFIG | set an alternative Kubernetes configuration file (default "~/.kube/config") | | $HELM_KUBEAPISERVER | set the Kubernetes API Server Endpoint for authentication | | $HELM_KUBECAFILE | set the Kubernetes certificate authority file. | | $HELM_KUBEASGROUPS | set the Groups to use for impersonation using a comma-separated list. | | $HELM_KUBEASUSER | set the Username to impersonate for the operation. | | $HELM_KUBECONTEXT | set the name of the kubeconfig context. | | $HELM_KUBETOKEN | set the Bearer KubeToken used for authentication. | | $HELM_KUBEINSECURE_SKIP_TLS_VERIFY | indicate if the Kubernetes API server's certificate validation should be skipped (insecure) | | $HELM_KUBETLS_SERVER_NAME | set the server name used to validate the Kubernetes API server certificate | | $HELM_BURST_LIMIT | set the default burst limit in the case the server contains many CRDs (default 100, -1 to disable)| Helm stores cache, configuration, and data based on the following configuration order: - If a HELM_*_HOME environment variable is set, it will be used - Otherwise, on systems supporting the XDG base directory specification, the XDG variables will be used - When no other location is set a default location will be used based on the operating system By default, the default directories depend on the Operating System. The defaults are listed below: | Operating System | Cache Path | Configuration Path | Data Path | |------------------|---------------------------|--------------------------------|-------------------------| | Linux | $HOME/.cache/helm | $HOME/.config/helm | $HOME/.local/share/helm | | macOS | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm | | Windows | %TEMP%\helm | %APPDATA%\helm | %APPDATA%\helm | Usage: helm [command] Available Commands: completion generate autocompletion scripts for the specified shell create create a new chart with the given name dependency manage a chart's dependencies env helm client environment information get download extended information of a named release help Help about any command history fetch release history install install a chart lint examine a chart for possible issues list list releases package package a chart directory into a chart archive plugin install, list, or uninstall Helm plugins pull download a chart from a repository and (optionally) unpack it in local directory push push a chart to remote registry login to or logout from a registry repo add, list, remove, update, and index chart repositories rollback roll back a release to a previous revision search search for a keyword in charts show show information of a chart status display the status of the named release template locally render templates test run tests for a release uninstall uninstall a release upgrade upgrade a release verify verify that a chart at the given path has been signed and is valid version print the client version information Flags: --burst-limit int client-side default throttling limit (default 100) --debug enable verbose output -h, --help help for helm --kube-apiserver string the address and the port for the Kubernetes API server --kube-as-group stringArray group to impersonate for the operation, this flag can be repeated to specify multiple groups. --kube-as-user string username to impersonate for the operation --kube-ca-file string the certificate authority file for the Kubernetes API server connection --kube-context string name of the kubeconfig context to use --kube-insecure-skip-tls-verify if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure --kube-tls-server-name string server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used --kube-token string bearer token used for authentication --kubeconfig string path to the kubeconfig file -n, --namespace string namespace scope for this request --registry-config string path to the registry config file (default "/root/.config/helm/registry/config.json") --repository-cache string path to the file containing cached repository indexes (default "/root/.cache/helm/repository") --repository-config string path to the file containing repository names and URLs (default "/root/.config/helm/repositories.yaml") Use "helm [command] --help" for more information about a command.
completion
为指定的shell(bash或zsh)生成自动完成脚本。
helm completion bash -h 查看命令补全操作流程
create
语法:helm create chartname
本地创建一个chart
[root@master helm]# helm create create firstchart [root@master helm]# tree firstchart/ firstchart/ ├── charts ├── Chart.yaml ├── templates │ ├── deployment.yaml │ ├── _helpers.tpl │ ├── hpa.yaml │ ├── ingress.yaml │ ├── NOTES.txt │ ├── serviceaccount.yaml │ ├── service.yaml │ └── tests │ └── test-connection.yaml └── values.yaml
firstchart目录下的templates目录中保存有部署的模板文件,values.yaml中定义了部署的变量,Chart.yaml文件包含有version(chart版本)和appVersion(包含应用的版本)
delete
从Kubernetes中删除指定名称的发布,它删除了与chart最后一个发布相关的所有资源。
使用--dry-run选项标记查看哪些发布将被删除,但并不会实际删除它们。
语法:helm delete [flags] RELEASE-NAME [...]
-bash-4.2# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION mytomcat default 2 2023-02-15 17:10:15.835263224 +0800 CST deployed tomcat-0.4.3 7.0 -bash-4.2# helm delete mytomcat --dry-run release "mytomcat" uninstalled -bash-4.2# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION mytomcat default 2 2023-02-15 17:10:15.835263224 +0800 CST deployed tomcat-0.4.3 7.0-bash-4.2# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION mytomcat default 2 2023-02-15 17:10:15.835263224 +0800 CST deployed tomcat-0.4.3 7.0 -bash-4.2# helm delete mytomcat --dry-run release "mytomcat" uninstalled -bash-4.2# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION mytomcat default 2 2023-02-15 17:10:15.835263224 +0800 CST deployed tomcat-0.4.3 7.0
dependency
管理helm依赖
Helm chart将它们的依赖存储在charts/目录中。对于chart开发人员来说,管理一个声明所有依赖的依赖文件(requirements.yaml)通常更容易。
helm dependency命令对该文件进行操作,使得在所需的依赖和存储在charts/目录中的实际依赖项之间进行同步变得很容易。
requirements.yaml样例:
# requirements.yaml dependencies: - name: nginx version: "1.2.3" repository: "https://example.com/charts" - name: memcached version: "3.2.1" repository: "https:///another.example.com/charts"
name是chart的名称,必须与chart的Chart.yaml中的名称匹配
version 声明版本
repository:url指向一个chart repo,后面的url也可以用别名代替,仅限于alias或者@,从2.2.0版本后支持file格式引用本地的chart。
样例:
# requirements.yaml dependencies: - name: nginx version: "1.2.3" repository: "file://../dependency-chart/nginx"
helm dependency build:
语法:helm dependency build [flags] CHART
根据 requirements.lock文件重新构建charts/目录
如果没有找到 requirements.lock文件,helm dependency build将反映helm dependency update命令的行为,等同于update操作
helm dependency list:
语法:helm dependency list [flags] CHART
获取指定chart的依赖列表
helm dependency update:
语法:helm dependency update [flags] CHART
根据requirements.yaml文件内容更新charts目录
get
helm get hooks
语法:helm get hooks [flags] RELEASE-NAME
下载指定发布的所有钩子,钩子为YAML格式,并由YAML —\n分隔符分隔。
钩子样例:
pre-install: 在渲染模板之后,在 Kubernetes 中创建任何资源之前执行。 post-install: 将所有资源加载到 Kubernetes 之后执行 pre-delete: 在从 Kubernetes 删除任何资源之前执行 post-delete: 删除所有 release 资源后执行 pre-upgrade: 在渲染模板之后,但在任何资源加载到 Kubernetes 之前执行 post-upgrade: 升级所有资源后执行 pre-rollback: 在模板渲染后,回滚之前执行 post-rollback: 回滚之后执行 crd-install: 在运行任何其他检查之前添加 CRD 资源。这仅在 chart 中其他清单所使用的 CRD 定义上使用。 test-success: 在运行 helm test,Pod 返回成功 (返回码 ==0) 执行 test-failure: 在运行 helm test,Pod 返回失败 (返回码!=0) 执行
helm get manifest
语法:helm get manifest [flags] RELEASE-NAME
获取为指定发布生成的清单,清单是由yaml编码的Kubernetes资源的表示,这些资源是由这个发布的chart生成的。如果一个chart依赖于其他chart,那么这些资源也将包括在清单中。
-bash-4.2# helm get manifest mytomcat --- # Source: tomcat/templates/appsrv-svc.yaml apiVersion: v1 kind: Service metadata: name: mytomcat labels: app: tomcat chart: tomcat-0.4.3 release: mytomcat heritage: Helm spec: type: LoadBalancer ports: - port: 80 targetPort: 8080 protocol: TCP name: http selector: app: tomcat release: mytomcat
helm get notes
语法:helm get notes [flags] RELEASE-NAME
显示指定发布的chart提供的说明。
-bash-4.2# helm get notes mytomcat NOTES: 1. Get the application URL by running these commands: NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get svc -w mytomcat' export SERVICE_IP=$(kubectl get svc --namespace default mytomcat -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') echo http://$SERVICE_IP:
helm get values
语法:helm get values [flags] RELEASE-NAME
查看release的values配置
-bash-4.2# helm get values mytomcat USER-SUPPLIED VALUES: null
history
helm history
语法:helm history [flags] RELEASE-NAME
打印指定发布的历史修订,默认最多返回256个修订,设置--max配置返回的修订列表的最大长度。
-bash-4.2# helm upgrade -f values.yaml mytomcat . WARNING: This chart is deprecated Release "mytomcat" has been upgraded. Happy Helming! NAME: mytomcat LAST DEPLOYED: Fri Feb 17 16:01:00 2023 NAMESPACE: default STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services mytomcat) export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -bash-4.2# helm history mytomcat REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Fri Feb 17 14:28:50 2023 superseded tomcat-0.4.3 7.0 Install complete 2 Fri Feb 17 16:01:00 2023 deployed tomcat-0.4.3 7.0
rollback
helm rollback
语法:helm rollback [flags] RELEASE-NAME verison-num
常搭配history使用,快速回滚指定版本。
-bash-4.2# helm history mytomcat REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Fri Feb 17 14:28:50 2023 superseded tomcat-0.4.3 7.0 Install complete 2 Fri Feb 17 16:01:00 2023 deployed tomcat-0.4.3 7.0 Upgrade complete -bash-4.2# helm rollback mytomcat 1 (App: 7.0, Chart: tomcat-0.4.3) 2 (App: 7.0, Chart: tomcat-0.4.3) -bash-4.2# helm rollback mytomcat 1 Rollback was a success! Happy Helming! -bash-4.2# helm history mytomcat REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Fri Feb 17 14:28:50 2023 superseded tomcat-0.4.3 7.0 Install complete 2 Fri Feb 17 16:01:00 2023 superseded tomcat-0.4.3 7.0 Upgrade complete 3 Fri Feb 17 16:07:00 2023 deployed tomcat-0.4.3 7.0
inspect/show
helm inspect/show
语法:helm inspect/show [CHART] [flags]
检查一个chart并显示信息,helm inspect命令打印Chart.yaml和values.yaml文件的内容。
-bash-4.2# helm show This command consists of multiple subcommands to display information about a chart Usage: helm show [command] Aliases: show, inspect Available Commands: all show all information of the chart chart show the chart's definition crds show the chart's CRDs readme show the chart's README values show the chart's values
常用参数
helm show chart [CHART]
输出Chart.yaml全部信息
helm show values
输出chart的values
install
helm install
语法:helm install [NAME] [CHART] [flags]
样例:
通过chart引用:helm install local_chart stable/mariadb 通过打包的chart路径:helm install local_chart ./nginx-1.2.3.tgz 通过未打包的chart目录:helm install local_chart ./nginx 通过绝对URL:helm install local_chart https://example.com/charts/nginx-1.2.3.tgz 通过chart引用和仓库URL:helm install local_chart –repo https://example.com/charts/ nginx
安装参数必须是chart引用、打包chart的路径、未打包chart目录的路径或URL。
覆盖chart中的值,可以使用--values选项并传递到文件中,也可以使用--set选项并从命令行传递配置。若要强制--set指定的值为字符串,请使用--set-string。如果一个值很大,因此你不希望使用--values或--set,则使用--set-file从文件中读取单个大值。
-bash-4.2# helm install -f myvalues.yaml ./redis -bash-4.2# helm install --set name=prod ./redis -bash-4.2# helm install --set-string long-int=1234567890 ./redis -bash-4.2# helm install –set-file multiline-text=path/to/textfile
若出现多个指定参数,最后的指定的文件或值优先设定,例如:
override.yaml、foo=newbar优先设定
-bash-4.2# helm install -f myvalues.yaml -f override.yaml ./redis -bash-4.2# helm install --set foo=bar --set foo=newbar ./redis
要在不安装chart的情况下检查生成的版本清单,可以组合--debug和--dry-run选项,但这仍然需要与Tiller服务端通信,helm3已经去掉了tiller,helm需要安装tiller。
-o, --output string Prints the output in the specified format. Allowed values: table, json, yaml (default "table")
- 注意
status
-bash-4.2# helm install mytomcat1 mycharthub/tomcat --dry-run WARNING: This chart is deprecated NAME: mytomcat1 LAST DEPLOYED: Fri Feb 17 18:09:22 2023 NAMESPACE: default STATUS: pending-install REVISION: 1 TEST SUITE: None HOOKS: MANIFEST:
lint
helm lint
语法:helm lint [flags] PATH
使用chart的路径作为参数,并运行一系列测试来验证chart是否格式良好,如果linter遇到了会导致chart安装失败的事情,它将发出[错误]消息。如果遇到违反约定或建议的问题,它将发出[警告]消息。
-bash-4.2# ll 总用量 0 drwxr-xr-x 4 root root 93 2月 14 17:21 firstchart drwxr-xr-x 3 root root 96 2月 16 17:16 mysql drwxr-xr-x 3 root root 77 2月 17 16:00 tomcat -bash-4.2# helm lint mysql ==> Linting mysql 1 chart(s) linted, 0 chart(s) failed -bash-4.2# helm lint tomcat ==> Linting tomcat 1 chart(s) linted, 0 chart(s) failed
list/ls
helm list
语法:helm list [flags] [FILTER]
命令获取所有的发布列表,
-bash-4.2# helm ls NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION mytomcat default 3 2023-02-17 16:07:00.209312399 +0800 CST deployed tomcat-0.4.3 7.0 -bash-4.2# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION mytomcat default 3 2023-02-17 16:07:00.209312399 +0800 CST deployed tomcat-0.4.3 7.0
package
helm package
语法:helm package [flags] [CHART-PATH] [...]
将一个chart打包为版本化的chart归档文件中,如果给定了一个路径,它将检查该chart(其中必须包含一个chart)路径,然后打包那个目录,如果没有指定路径,则在当前工作目录中查找chart。将当前目录构建到一个chart中。
-bash-4.2# helm package firstchart/ Successfully packaged chart and saved it to: /root/myapp/helm/firstchart-0.1.0.tgz -bash-4.2# ll 总用量 4 drwxr-xr-x 4 root root 93 2月 14 17:21 firstchart -rw-r--r-- 1 root root 3757 2月 17 18:45 firstchart-0.1.0.tgz drwxr-xr-x 3 root root 96 2月 16 17:16 mysql drwxr-xr-x 3 root root 77 2月 17 16:00 tomcat
