前言
Helm 是 Kubernetes 的包管理器,类似于yum是Redhat/Centos包管理工具,利用Helm可以简化一些软件的安装
安装Helm
官网给我们提供了很多安装方法,包括二进制文件安装,脚本安装和yum/apt安装等等,但是实际上因为一些众所周知的原因,下载其实是一件比较困难的事情
脚本安装
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
以上两种方法都可以通过脚本安装,但是不出意外的我反正是下载了很久,然后在运行脚本的时候也失败了,我这边就直接把脚本贴出来
[root@cm1 helm]# cat get_helm.sh #!/usr/bin/env bash # Copyright The Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # The install script is based off of the MIT-licensed script from glide, # the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get : ${BINARY_NAME:="helm"} : ${USE_SUDO:="true"} : ${DEBUG:="false"} : ${VERIFY_CHECKSUM:="true"} : ${VERIFY_SIGNATURES:="false"} : ${HELM_INSTALL_DIR:="/usr/local/bin"} : ${GPG_PUBRING:="pubring.kbx"} HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)" HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)" HAS_OPENSSL="$(type "openssl" &> /dev/null && echo true || echo false)" HAS_GPG="$(type "gpg" &> /dev/null && echo true || echo false)" # initArch discovers the architecture for this system. initArch() { ARCH=$(uname -m) case $ARCH in armv5*) ARCH="armv5";; armv6*) ARCH="armv6";; armv7*) ARCH="arm";; aarch64) ARCH="arm64";; x86) ARCH="386";; x86_64) ARCH="amd64";; i686) ARCH="386";; i386) ARCH="386";; esac } # initOS discovers the operating system for this system. initOS() { OS=$(echo `uname`|tr '[:upper:]' '[:lower:]') case "$OS" in # Minimalist GNU for Windows mingw*|cygwin*) OS='windows';; esac } # runs the given command as root (detects if we are root already) runAsRoot() { if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then sudo "${@}" else "${@}" fi } # verifySupported checks that the os/arch combination is supported for # binary builds, as well whether or not necessary tools are present. verifySupported() { local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-ppc64le\nlinux-s390x\nwindows-amd64" if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then echo "No prebuilt binary for ${OS}-${ARCH}." echo "To build from source, go to https://github.com/helm/helm" exit 1 fi if [ "${HAS_CURL}" != "true" ] && [ "${HAS_WGET}" != "true" ]; then echo "Either curl or wget is required" exit 1 fi if [ "${VERIFY_CHECKSUM}" == "true" ] && [ "${HAS_OPENSSL}" != "true" ]; then echo "In order to verify checksum, openssl must first be installed." echo "Please install openssl or set VERIFY_CHECKSUM=false in your environment." exit 1 fi if [ "${VERIFY_SIGNATURES}" == "true" ]; then if [ "${HAS_GPG}" != "true" ]; then echo "In order to verify signatures, gpg must first be installed." echo "Please install gpg or set VERIFY_SIGNATURES=false in your environment." exit 1 fi if [ "${OS}" != "linux" ]; then echo "Signature verification is currently only supported on Linux." echo "Please set VERIFY_SIGNATURES=false or verify the signatures manually." exit 1 fi fi } # checkDesiredVersion checks if the desired version is available. checkDesiredVersion() { if [ "x$DESIRED_VERSION" == "x" ]; then # Get tag from release URL local latest_release_url="https://github.com/helm/helm/releases" if [ "${HAS_CURL}" == "true" ]; then TAG=$(curl -Ls $latest_release_url | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | sed -E 's/.*\/helm\/helm\/releases\/tag\/(v[0-9\.]+)".*/\1/g' | head -1) elif [ "${HAS_WGET}" == "true" ]; then TAG=$(wget $latest_release_url -O - 2>&1 | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | sed -E 's/.*\/helm\/helm\/releases\/tag\/(v[0-9\.]+)".*/\1/g' | head -1) fi else TAG=$DESIRED_VERSION fi } # checkHelmInstalledVersion checks which version of helm is installed and # if it needs to be changed. checkHelmInstalledVersion() { if [[ -f "${HELM_INSTALL_DIR}/${BINARY_NAME}" ]]; then local version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}") if [[ "$version" == "$TAG" ]]; then echo "Helm ${version} is already ${DESIRED_VERSION:-latest}" return 0 else echo "Helm ${TAG} is available. Changing from version ${version}." return 1 fi else return 1 fi } # downloadFile downloads the latest binary package and also the checksum # for that binary. downloadFile() { HELM_DIST="helm-$TAG-$OS-$ARCH.tar.gz" DOWNLOAD_URL="https://get.helm.sh/$HELM_DIST" CHECKSUM_URL="$DOWNLOAD_URL.sha256" HELM_TMP_ROOT="$(mktemp -dt helm-installer-XXXXXX)" HELM_TMP_FILE="$HELM_TMP_ROOT/$HELM_DIST" HELM_SUM_FILE="$HELM_TMP_ROOT/$HELM_DIST.sha256" echo "Downloading $DOWNLOAD_URL" if [ "${HAS_CURL}" == "true" ]; then curl -SsL "$CHECKSUM_URL" -o "$HELM_SUM_FILE" curl -SsL "$DOWNLOAD_URL" -o "$HELM_TMP_FILE" elif [ "${HAS_WGET}" == "true" ]; then wget -q -O "$HELM_SUM_FILE" "$CHECKSUM_URL" wget -q -O "$HELM_TMP_FILE" "$DOWNLOAD_URL" fi } # verifyFile verifies the SHA256 checksum of the binary package # and the GPG signatures for both the package and checksum file # (depending on settings in environment). verifyFile() { if [ "${VERIFY_CHECKSUM}" == "true" ]; then verifyChecksum fi if [ "${VERIFY_SIGNATURES}" == "true" ]; then verifySignatures fi } # installFile installs the Helm binary. installFile() { HELM_TMP="$HELM_TMP_ROOT/$BINARY_NAME" mkdir -p "$HELM_TMP" tar xf "$HELM_TMP_FILE" -C "$HELM_TMP" HELM_TMP_BIN="$HELM_TMP/$OS-$ARCH/helm" echo "Preparing to install $BINARY_NAME into ${HELM_INSTALL_DIR}" runAsRoot cp "$HELM_TMP_BIN" "$HELM_INSTALL_DIR/$BINARY_NAME" echo "$BINARY_NAME installed into $HELM_INSTALL_DIR/$BINARY_NAME" } # verifyChecksum verifies the SHA256 checksum of the binary package. verifyChecksum() { printf "Verifying checksum... " local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}') local expected_sum=$(cat ${HELM_SUM_FILE}) if [ "$sum" != "$expected_sum" ]; then echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting." exit 1 fi echo "Done." } # verifySignatures obtains the latest KEYS file from GitHub main branch # as well as the signature .asc files from the specific GitHub release, # then verifies that the release artifacts were signed by a maintainer's key. verifySignatures() { printf "Verifying signatures... " local keys_filename="KEYS" local github_keys_url="https://raw.githubusercontent.com/helm/helm/main/${keys_filename}" if [ "${HAS_CURL}" == "true" ]; then curl -SsL "${github_keys_url}" -o "${HELM_TMP_ROOT}/${keys_filename}" elif [ "${HAS_WGET}" == "true" ]; then wget -q -O "${HELM_TMP_ROOT}/${keys_filename}" "${github_keys_url}" fi local gpg_keyring="${HELM_TMP_ROOT}/keyring.gpg" local gpg_homedir="${HELM_TMP_ROOT}/gnupg" mkdir -p -m 0700 "${gpg_homedir}" local gpg_stderr_device="/dev/null" if [ "${DEBUG}" == "true" ]; then gpg_stderr_device="/dev/stderr" fi gpg --batch --quiet --homedir="${gpg_homedir}" --import "${HELM_TMP_ROOT}/${keys_filename}" 2> "${gpg_stderr_device}" gpg --batch --no-default-keyring --keyring "${gpg_homedir}/${GPG_PUBRING}" --export > "${gpg_keyring}" local github_release_url="https://github.com/helm/helm/releases/download/${TAG}" if [ "${HAS_CURL}" == "true" ]; then curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" elif [ "${HAS_WGET}" == "true" ]; then wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" fi local error_text="If you think this might be a potential security issue," error_text="${error_text}\nplease see here: https://github.com/helm/community/blob/master/SECURITY.md" local num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)') if [[ ${num_goodlines_sha} -lt 2 ]]; then echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256!" echo -e "${error_text}" exit 1 fi local num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)') if [[ ${num_goodlines_tar} -lt 2 ]]; then echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz!" echo -e "${error_text}" exit 1 fi echo "Done." } # fail_trap is executed if an error occurs. fail_trap() { result=$? if [ "$result" != "0" ]; then if [[ -n "$INPUT_ARGUMENTS" ]]; then echo "Failed to install $BINARY_NAME with the arguments provided: $INPUT_ARGUMENTS" help else echo "Failed to install $BINARY_NAME" fi echo -e "\tFor support, go to https://github.com/helm/helm." fi cleanup exit $result } # testVersion tests the installed client to make sure it is working. testVersion() { set +e HELM="$(command -v $BINARY_NAME)" if [ "$?" = "1" ]; then echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?' exit 1 fi set -e } # help provides possible cli installation arguments help () { echo "Accepted cli arguments are:" echo -e "\t[--help|-h ] ->> prints this help" echo -e "\t[--version|-v <desired_version>] . When not defined it fetches the latest release from GitHub" echo -e "\te.g. --version v3.0.0 or -v canary" echo -e "\t[--no-sudo] ->> install without sudo" } # cleanup temporary files to avoid https://github.com/helm/helm/issues/2977 cleanup() { if [[ -d "${HELM_TMP_ROOT:-}" ]]; then rm -rf "$HELM_TMP_ROOT" fi } # Execution #Stop execution on any error trap "fail_trap" EXIT set -e # Set debug if desired if [ "${DEBUG}" == "true" ]; then set -x fi # Parsing input arguments (if any) export INPUT_ARGUMENTS="${@}" set -u while [[ $# -gt 0 ]]; do case $1 in '--version'|-v) shift if [[ $# -ne 0 ]]; then export DESIRED_VERSION="${1}" else echo -e "Please provide the desired version. e.g. --version v3.0.0 or -v canary" exit 0 fi ;; '--no-sudo') USE_SUDO="false" ;; '--help'|-h) help exit 0 ;; *) exit 1 ;; esac shift done set +u initArch initOS verifySupported checkDesiredVersion if ! checkHelmInstalledVersion; then downloadFile verifyFile installFile fi testVersion cleanup
二进制文件安装
[root@cm1 helm]# wget https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz [root@cm1 helm]# tar -xf helm-v3.10.2-linux-amd64.tar.gz [root@cm1 helm]# cp linux-amd64/helm /usr/local/bin/ [root@cm1 helm]# helm version version.BuildInfo{Version:"v3.10.2", GitCommit:"50f003e5ee8704ec937a756c646870227d7c8b58", GitTreeState:"clean", GoVersion:"go1.18.8"}
为避免wget下载失败,我这边直接把包传到网盘了,有需要可以自取
链接:https://pan.baidu.com/s/1GXgKLAmxIhFztBLcsvpxpA?pwd=cjcj
二进制安装之后可以配置helm命令自动补全
[root@cm1 helm]# echo "source <(helm completion bash)" >> ~/.bashrc && source ~/.bashrc #或者 [root@cm1 helm]# helm completion bash > /usr/share/bash-completion/completions/helm # 小提示:kubectl、kubeadm、crictl都可以用这种方法配置命令补全,当然前提是已经按照了bash-completion
包管理工具安装helm
Helm社区提供了通过操作系统包管理器安装Helm的方式。但Helm项目不支持且不认为是可信的第三方。
Debian/Ubuntu安装:
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null sudo apt-get install apt-transport-https --yes echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list sudo apt-get update sudo apt-get install helm
fedoras/Redhat安装
sudo dnf install helm sudo yum install helm
添加repo
[root@cm1 helm]# helm repo add stable http://mirror.azure.cn/kubernetes/charts "stable" has been added to your repositories [root@cm1 helm]# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts "aliyun" has been added to your repositories [root@cm1 helm]# helm repo add jetstack https://charts.jetstack.io "jetstack" has been added to your repositories # 上面添加了3个repo [root@cm1 helm]# helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "aliyun" chart repository ...Successfully got an update from the "jetstack" chart repository ...Successfully got an update from the "stable" chart repository Update Complete. ⎈Happy Helming!⎈ # 更新repo [root@cm1 helm]# helm repo list NAME URL stable http://mirror.azure.cn/kubernetes/charts aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts jetstack https://charts.jetstack.io #列出已有的repo
查找chart
[root@cm1 helm]# helm search repo nginx NAME CHART VERSION APP VERSION DESCRIPTION aliyun/nginx-ingress 0.9.5 0.10.2 An nginx Ingress controller that uses ConfigMap... aliyun/nginx-lego 0.3.1 Chart for nginx-ingress-controller and kube-lego stable/nginx-ingress 1.41.3 v0.34.1 DEPRECATED! An nginx Ingress controller that us... stable/nginx-ldapauth-proxy 0.1.6 1.13.5 DEPRECATED - nginx proxy with ldapauth stable/nginx-lego 0.3.1 Chart for nginx-ingress-controller and kube-lego aliyun/gcloud-endpoints 0.1.0 Develop, deploy, protect and monitor your APIs ... stable/gcloud-endpoints 0.1.2 1 DEPRECATED Develop, deploy, protect and monitor...
查询chart详情
[root@cm1 helm]# helm inspect chart aliyun/nginx-ingress apiVersion: v1 appVersion: 0.10.2 description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: - ingress - nginx maintainers: - email: jack.zampolin@gmail.com name: jackzampolin - email: mgoodness@gmail.com name: mgoodness - email: chance.zibolski@coreos.com name: chancez name: nginx-ingress sources: - https://github.com/kubernetes/ingress-nginx version: 0.9.5
安装chart
安装chart ,name 加chart名,可以指定namespace
[root@cm1 helm]# helm install nginx-ingress stable/nginx-ingress --namespace=default WARNING: This chart is deprecated NAME: nginx-ingress LAST DEPLOYED: Wed Nov 23 12:09:11 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: ******************************************************************************************************* * DEPRECATED, please use https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx * ******************************************************************************************************* The nginx-ingress controller has been installed. It may take a few minutes for the LoadBalancer IP to be available. You can watch the status by running 'kubectl --namespace default get services -o wide -w nginx-ingress-controller' An example Ingress that makes use of the controller: apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx name: example namespace: foo spec: rules: - host: www.example.com http: paths: - backend: serviceName: exampleService servicePort: 80 path: / # This section is only required if TLS is to be enabled for the Ingress tls: - hosts: - www.example.com secretName: example-tls If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: apiVersion: v1 kind: Secret metadata: name: example-tls namespace: foo data: tls.crt: <base64 encoded cert> tls.key: <base64 encoded key> type: kubernetes.io/tls
#阿里云那个repo貌似挂了,安装没有成功
查询安装结果
[root@cm1 helm]# kubectl get all NAME READY STATUS pod/nginx-ingress-controller-5dc99577d-wprst 0/1 ImagePullBackOff 0 44s pod/nginx-ingress-default-backend-77d44b445c-l8l8q 0/1 ImagePullBackOff 0 44s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/nginx-ingress-controller LoadBalancer 10.100.169.10 <pending> 80:32043/TCP,443:30856/TCP 44s service/nginx-ingress-default-backend ClusterIP 10.104.222.251 <none> 80/TCP 44s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/nginx-ingress-controller 0/1 1 0 44s deployment.apps/nginx-ingress-default-backend 0/1 1 0 44s NAME DESIRED CURRENT READY AGE replicaset.apps/nginx-ingress-controller-5dc99577d 1 1 0 44s replicaset.apps/nginx-ingress-default-backend-77d44b445c 1 1 0 44s
可以看到安装不成功,其实主要还是image指向不对,所以可以先pull到本地再修改镜像地址然后安装
[root@cm1 helm]# helm pull stable/nginx-ingress [root@cm1 helm]# ls nginx-ingress-1.41.3.tgz [root@cm1 helm]# tar -xf nginx-ingress-1.41.3.tgz [root@cm1 helm]# cd nginx-ingress/ [root@cm1 nginx-ingress]# ll total 72 -rwxr-xr-x 1 root root 474 Jan 1 1970 Chart.yaml drwxr-xr-x 2 root root 4096 Nov 23 12:34 ci -rwxr-xr-x 1 root root 76 Jan 1 1970 OWNERS -rwxr-xr-x 1 root root 32843 Jan 1 1970 README.md drwxr-xr-x 3 root root 4096 Nov 23 12:34 templates -rwxr-xr-x 1 root root 17120 Jan 1 1970 values.yaml
将一些无法访问的仓库注释
修改values.yaml将其中的repository修改为可以拉下来的
先卸载原来的
[root@cm1 helm]# helm uninstall nginx-ingress stable/nginx-ingress --namespace=default release "nginx-ingress" uninstalled
重新从本地安装
[root@cm1 helm]# cd nginx-ingress/ [root@cm1 nginx-ingress]# pwd /root/pv/helm/nginx-ingress [root@cm1 nginx-ingress]# helm install nginx . -n default WARNING: This chart is deprecated NAME: nginx LAST DEPLOYED: Wed Nov 23 12:58:30 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: ******************************************************************************************************* * DEPRECATED, please use https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx * ******************************************************************************************************* The nginx-ingress controller has been installed. It may take a few minutes for the LoadBalancer IP to be available. You can watch the status by running 'kubectl --namespace default get services -o wide -w nginx-nginx-ingress-controller' An example Ingress that makes use of the controller: apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx name: example namespace: foo spec: rules: - host: www.example.com http: paths: - backend: serviceName: exampleService servicePort: 80 path: / # This section is only required if TLS is to be enabled for the Ingress tls: - hosts: - www.example.com secretName: example-tls If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: apiVersion: v1 kind: Secret metadata: name: example-tls namespace: foo data: tls.crt: <base64 encoded cert> tls.key: <base64 encoded key> type: kubernetes.io/tls
检查是否成功
[root@cm1 nginx-ingress]# kubectl get ingress,pod NAME READY STATUS RESTARTS AGE pod/nginx-nginx-ingress-controller-5799965899-k6kdc 1/1 Running 0 100s pod/nginx-nginx-ingress-default-backend-5cf67f89c7-mx8l9 1/1 Running 0 100s [root@cm1 nginx-ingress]# kubectl get ingress,pod,svc NAME READY STATUS RESTARTS AGE pod/nginx-nginx-ingress-controller-5799965899-k6kdc 1/1 Running 0 114s pod/nginx-nginx-ingress-default-backend-5cf67f89c7-mx8l9 1/1 Running 0 114s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7d20h service/nginx-nginx-ingress-controller LoadBalancer 10.103.126.5 <pending> 80:31056/TCP,443:31463/TCP 114s service/nginx-nginx-ingress-default-backend ClusterIP 10.109.95.48 <none> 80/TCP 114s
