【架构实战】Helm Chart应用部署最佳实践

一、Helm 概述

Helm是Kubernetes的包管理器：

核心概念：

• Chart：应用包
• Repository：Chart仓库
• Release：部署实例

二、Chart结构

mychart/
├── Chart.yaml          # 元数据
├── values.yaml         # 默认配置
├── values.schema.json  # 配置校验
├── templates/          # K8s资源模板
│   ├── deployment.yaml
│   ├── service.yaml
│   └── _helpers.tpl    # 辅助函数
└── charts/             # 依赖Chart

1. Chart.yaml

apiVersion: v2
name: myapp
description: My Application
type: application
version: 1.0.0
appVersion: "1.0"
keywords:
  - myapp
  - web
maintainers:
  - name: developer
    email: dev@example.com
dependencies:
  - name: redis
    version: "17.1.0"
    repository: "https://charts.bitnami.com/bitnami"

2. values.yaml

replicaCount: 3

image:
  repository: myapp/web
  tag: latest
  pullPolicy: IfNotPresent

service:
  type: ClusterIP
  port: 80

resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 200m
    memory: 256Mi

ingress:
  enabled: true
  className: nginx
  hosts:
    - host: myapp.example.com
      paths:
        - path: /
          pathType: Prefix

三、 模板 语法

1. 变量引用

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {
   {
    .Release.Name }}-{
   {
    .Chart.Name }}
spec:
  replicas: {
   {
    .Values.replicaCount }}
  selector:
    matchLabels:
      app: {
   {
    .Chart.Name }}

2. 条件判断

{
   {
   - if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {
   {
    .Release.Name }}
spec:
  {
   {
   - end }}

3. 循环

{
   {
   - range .Values.ingress.hosts }}
- host: {
   {
    .host }}
  http:
    paths:
      {
   {
   - range .paths }}
      - path: {
   {
    .path }}
        pathType: {
   {
    .pathType }}
        backend:
          service:
            name: {
   {
    $.Release.Name }}
            port:
              number: 80
      {
   {
   - end }}
{
   {
   - end }}

4. 辅助函数

# _helpers.tpl
{
   {
   /*
Expand the name of the chart.
*/}}
{
   {
   - define "myapp.name" -}}
{
   {
   - default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{
   {
   - end }}

{
   {
   /*
Create a default fully qualified app name.
*/}}
{
   {
   - define "myapp.fullname" -}}
{
   {
   - if .Values.fullnameOverride }}
{
   {
   - .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{
   {
   - else }}
{
   {
   - $name := default .Chart.Name .Values.nameOverride }}
{
   {
   - if contains $name .Release.Name }}
{
   {
   - .Release.Name | trunc 63 | trimSuffix "-" }}
{
   {
   - else }}
{
   {
   - printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{
   {
   - end }}
{
   {
   - end }}
{
   {
   - end }}

四、Helm 命令

1. 基础命令

# 创建Chart
helm create mychart

# 打包Chart
helm package mychart

# 安装Chart
helm install myapp ./mychart

# 升级
helm upgrade myapp ./mychart

# 回滚
helm rollback myapp 1

# 卸载
helm uninstall myapp

2. 调试和验证

# 渲染模板
helm template myapp ./mychart

# 本地调试
helm install --dry-run --debug myapp ./mychart

# 验证Chart
helm lint ./mychart

3. 仓库管理

# 添加仓库
helm repo add bitnami https://charts.bitnami.com/bitnami

# 更新仓库
helm repo update

# 搜索Chart
helm search repo nginx

# 列出已安装
helm list

五、最佳实践

1. 版本管理

# Chart.yaml
apiVersion: v2
name: myapp
version: 1.0.0      # Semantic Versioning
appVersion: "1.0"   # 应用版本

2. 配置 分离

# 生产环境配置
helm install myapp ./mychart -f production-values.yaml

# 开发环境配置
helm install myapp ./mychart -f dev-values.yaml

3. 密钥管理

# 使用SealedSecret或ExternalSecrets
apiVersion: v1
kind: Secret
metadata:
  name: {
   {
    include "myapp.fullname" . }}-secret
type: Opaque
stringData:
  password: {
   {
    .Values.db.password | b64enc }}

六、总结

Helm Chart最佳实践：

• 结构清晰：合理组织Chart
• 模板化：使用辅助函数
• 版本管理：遵循语义化版本
• 配置分离：环境差异化配置

个人观点，仅供参考