【Kubernetes基础】Helm工具入门与使用

Feng随风
421 阅读4分钟

背景

Helm是Kubernetes包管理工具,对应CentOS的yum包管理工具。

OCI(Open Container Initiative)制品是一种用于存储和传输容器相关文件的标准格式。Helm 3增加了对OCI制品的支持,可以将Chart打包为OCI制品,并使用该形式推送和拉取Chart。

一、Helm基本管理

1.1 检查Helm版本

helm version

二、配置Helm仓库

Helm可以通过添加仓库源来使用公共的 Chart仓库

2.1 添加官方稳定Chart仓库

Helm repo add

helm repo add stable https://charts.helm.sh/stable

helm repo add stable-hub https://hub.helm.sh/stable

常见问题

#国内直接配置报错
Error: looks like "https://charts.helm.sh/stable" is not a valid chart repository or cannot be reached: Get "https://charts.helm.sh/stable/index.yaml": dial tcp: lookup charts.helm.sh: no such host

Error: looks like "https://charts.helm.sh/stable" is not a valid chart repository or cannot be reached: Get "https://charts.helm.sh/stable/index.yaml": dial tcp [2606:50c0:8002::153]:443: connect: no route to host


Error: looks like "https://charts.helm.sh/stable" is not a valid chart repository or cannot be reached: context deadline exceeded (Client.Timeout or context cancellation while reading body)

helm init --stable-repo-url=https://charts.helm.sh/stable --client-only

2.2 添加国内Helm仓库



$ helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

$ helm repo add azure http://mirror.azure.cn/kubernetes/charts

$ helm repo add kaiyuanshe http://mirror.kaiyuanshe.cn/kubernetes/charts

$ helm repo add bitnami https://charts.bitnami.com/bitnami

#arthub上ingress-nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

2.2.1 本地Docker Desktop添加Chart仓库

aliyun

kaiyuanshe

bitnami(Vmware)

ingress-nginx(kubernetes仓库)

k8s-dashboard(kubernetes仓库)

harbor(harbor官方)
helm repo add harbor https://helm.goharbor.io

2.2.2 云服务器添加chart仓库

添加仓库

更新仓库

2.3 查看已添加的仓库

Helm repo list

helm repo list

2.4 刷新仓库本地缓存

Helm repo update

helm repo update

2.4 查找Helm仓库

helm search hub

helm search repo

三、Helm安装应用

3.1 Helm搜索Chart包

helm search repo nginx

helm search repo nginx

3.2 查看安装包内容

Helm inspect values

3.3 Helm安装Chart包

3.3.1 Helm安装Nginx

helm install my-ingress-nginx
Helm install mynginx stable/nginx

helm install stable/nginx-ingress

helm install --name my-release stable/nginx-ingress

查看pod安装情况

查看deployment安装情况

查看service创建情况

Nginx安装主要资源对象

访问Nginx服务

安装问题记录
Init:ImagePullBackOff

解决思路:kubectl describe pod,手动pull镜像

手动拉取镜像成功

检查pod状态

3.3.2 Helm安装kubernetes-dashboard

kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443            #访问Dashboard执行

kubectl -n default get svc

https://localhost:8443
查看deployment情况

查看pod情况

查看service情况

端口转发port-forward 8443->443
kubectl port-forward svc/my-kubernetes-dashboard-kong-proxy 8443:443


kubectl port-forward service/harbor-core -n myharbor 8080:80

kubectl port-forward service/my-harbor-core 8080:80

kubectl port-forward svc/my-kubernetes-dashboard-kong-proxy 8443:443

配置访问域名

kubectl -n NAMESPACE create token SERVICE_ACCOUNT

YkZXWXhzbit3am1GNklTTFNNdjd0QUlEbXRuSzF1WjFmT201a1E3eG02TjljRXBzalhYQ1EzenBzZ29OMjdRTys5RnppNlhtSm01a0ZwaG5JZktDYzArL0ZXZEJRQTRJZGVqNDE1ajVTclZQUHdQaVlwMEhUb0o5NHR4VGp3aGxuU3ZWK0x5SGprVzVnRjI3SndFY0o1UUhKZFV5RUtuYlBQNmVTTTZLc1Y0M1N3L0gxc0YzNStmYnBnRVJ1N04xall5MEhsbWk0L09XcmZOWXJ0YWJwRHg3Z1JjTzlrVGNycHo0dngyN3JJNUN4eGdOamY4cDRxTmJKcFhyR2IyRVBVTkJGcmZtS3lHU2xEWUt4Y3ZFWFNhc2d5RGc4ZEZyY0pxVGtiMWlyOXNCcXo2RGdUdmpkYVdFaTJuYlNzNmNLZTFzVEhGNWp2UUhoV0xmSkhPcldnPT0=

创建sa账号dashboard
  1. 创建sa serviceaccount
kubectl create serviceaccount dashboard -n kubernetes-dashboard

2. ##### 创建rolebinding

kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin

3. ##### 创建clusterrolebinding

kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard

  1. 创建secret(1.24版本后不会自动创建)
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: dashboard
  annotations:
    kubernetes.io/service-account.name: "dashboard"
EOF

  1. 查看sa的token
kubectl describe sa dashboard

  1. 查看secret dashboard

#dashboard的token

eyJhbGciOiJSUzI1NiIsImtpZCI6ImRqR3hMcnBJN1p1NDdIZC03dG1Od0FxZ2pPeEF3RHJnbDB4TzFQWTNLWmcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkYXNoYm9hcmQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyNzc0MWQ5YS02NDVkLTQ3MmQtYjRmNi05ZmJjNzQ1ZmYxY2QiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkYXNoYm9hcmQifQ.axDhE9dkNmYckomFpGBk9OIfLY0PH1kwRk3HUo47Is8-nST8FbE4_OFyisZe9dMQtv8hw6sDGsWavkmwfIgzd-crCPUpVCMB0xysFCaWn9lz4aC8jPYZ4YK0Ejqn-pV40EbvqzVqv2OBTkRc_6TR9Zrzn4Fkyp_WTFLG_1Qg1-E3Wau7qR0TmkGoAVIndMvHgB0dyEFmrxHzhUdYGlDU1GEelQb9gaqD3trWY0zMwq7EeY7-BtEqGMo2iiMDc_e_ARYkC30Isu1Hl7C1Xq_icY4XjPHsjhj7NCqvo-k8ugsOFFs7E89EpABXzKWAIskrpx9fjRjE2D8XaGAi2P_t2g
创建sa账号dashboard-admin
1. 创建sa serviceaccount
kubectl create serviceaccount dashboard-admin -n kube-system        #创建dashboard管理用户
2. 绑定用户为集群管理用户
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

3. 创建secret给dashboard-admin(1.24版本后不会自动创建)
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: dashboard-admin-token
  annotations:
    kubernetes.io/service-account.name: "dashboard-admin"
EOF
4. 查看secret dashboard-admin-token

#dashboard-admin的token

eyJhbGciOiJSUzI1NiIsImtpZCI6ImRqR3hMcnBJN1p1NDdIZC03dG1Od0FxZ2pPeEF3RHJnbDB4TzFQWTNLWmcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRhc2hib2FyZC1hZG1pbi10b2tlbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIxNDRiOTYzNS1lMjY4LTQ0MTEtODQ4MS00NjdlYzJjNjFhZjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkYXNoYm9hcmQtYWRtaW4ifQ.R0A7le7u5L2OLXJ9pBE41RTNyUrdlICzOrk-b2Vk7cWOF3aNOOm5McS0MzC9u_5nXDr0s3boragrWn2EyFseBp0o2BRH5mkU8-ity5MjWC3T4ZUO1WtEIzMcr95jGQgfLsk8FXTVuMiTzrLpzWVUwFwH5ZFhwDZ-C8bpqgpNUcCRLJsTHlYKwRl-TGw1I0ZKRz_p4yqaec59KYYKewtePORfKKMKjOxJnMoWmJsJIpuZ8G1i7_CVe2gHQWbVCuaiOvlvNeJBPxT1pfZpcsw1BayClzEnEtHcVwX4w4WDhGXyvAAN4Mxkx16KVn5dwG9qfPWhMY7Jor3IvPM-PSFJ-g
访问Kubernets-Dashboard

3.3.3 Helm安装harbor

Helm install my-harbor
helm install my-harbor harbor/harbor --version 1.15.1

查看pod安装情况

查看deployment安装情况

查看statefulset安装情况

查看ingress安装情况

查看service安装情况

查看pv创建情况

查看pvc创建情况

Harbor安装主要资源对象

查看node节点的外部IP

访问Harbor

3.4 Helm安装列表

3.4.1 查看安装列表

helm list
helm list

helm list --all

3.4.2 查看Release状态

helm status my-harbor

3.4.3 查看Release具体信息

Helm get notes

Helm get manifest

3.5 查看应用Chart 可配置参数

3.5.1 查看应用Chart

Helm show chart /

3.5.2 查看应用可配置参数Values

Helm show values /

3.6 Helm升级应用Chart包

3.6.1 Helm升级Chart

Helm upgrade my-harbor

192.168.65.3 - - [08/Sep/2024:17:37:44 +0000] "GET /favicon.ico HTTP/1.1" 400 650 "http://localhost:443/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0" 640 0.000 [] [] - - - - 01c92088e8286ffb001ad7d942bdcb67

写在最后

Helm作为Kubernetes的包管理工具,学习掌握Helm的使用对Kubernetes上的应用管理很有帮助,快来试试,用Helm搭建你的Kubernetes应用,大大提高效率哦~

avatar
文章
阅读
粉丝