Helm安装和使用

Helm 是一个简化应用在 Kubernetes 部署的工具

准备工作

  • 一个可以使用的 Kubernetes 集群

下载/安装

一键安装脚本 版本 v2.11.0 适用于 Linux amd64

1
wget -qO- https://blog.yumc.pw/attachment/script/shell/helm.sh | bash
  • CentOs 安装流程
  • 下载 helm 发布页面

    1
    wget https://storage.googleapis.com/kubernetes-helm/helm-v2.11.0-linux-amd64.tar.gz
  • 解压压缩包

    1
    tar -xvzf helm-v2.11.0-linux-amd64.tar.gz
  • 复制 二进制文件到 PATH 目录

    1
    sudo mv linux-amd64/helm /usr/local/bin/helm
  • 执行 helm 查看是否安装成功

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    jtb @ yumc-pw in ~/src/linux-amd64 [21:05:05]
    $ helm
    The Kubernetes package manager

    To begin working with Helm, run the 'helm init' command:

    $ helm init

    This will install Tiller to your running Kubernetes cluster.
    It will also set up any necessary local configuration.

    Common actions from this point include:

    - helm search: search for charts
    - helm fetch: download a chart to your local directory to view
    - helm install: upload the chart to Kubernetes
    - helm list: list releases of charts

    Environment:
    $HELM_HOME set an alternative location for Helm files. By default, these are stored in ~/.helm
    $HELM_HOST set an alternative Tiller host. The format is host:port
    $HELM_NO_PLUGINS disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
    $TILLER_NAMESPACE set an alternative Tiller namespace (default "kube-system")
    $KUBECONFIG set an alternative Kubernetes configuration file (default "~/.kube/config")
    $HELM_TLS_CA_CERT path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
    $HELM_TLS_CERT path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
    $HELM_TLS_KEY path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
    $HELM_TLS_VERIFY enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
    $HELM_TLS_ENABLE enable TLS connection between Helm and Tiller (default "false")

    Usage:
    helm [command]

    Available Commands:
    completion Generate autocompletions script for the specified shell (bash or zsh)
    create create a new chart with the given name
    delete given a release name, delete the release from Kubernetes
    dependency manage a chart's dependencies
    fetch download a chart from a repository and (optionally) unpack it in local directory
    get download a named release
    help Help about any command
    history fetch release history
    home displays the location of HELM_HOME
    init initialize Helm on both client and server
    inspect inspect a chart
    install install a chart archive
    lint examines a chart for possible issues
    list list releases
    package package a chart directory into a chart archive
    plugin add, list, or remove Helm plugins
    repo add, list, remove, update, and index chart repositories
    reset uninstalls Tiller from a cluster
    rollback roll back a release to a previous revision
    search search for a keyword in charts
    serve start a local http web server
    status displays the status of the named release
    template locally render templates
    test test a release
    upgrade upgrade a release
    verify verify that a chart at the given path has been signed and is valid
    version print the client/server version information

    Flags:
    --debug enable verbose output
    -h, --help help for helm
    --home string location of your Helm config. Overrides $HELM_HOME (default "/home/jtb/.helm")
    --host string address of Tiller. Overrides $HELM_HOST
    --kube-context string name of the kubeconfig context to use
    --kubeconfig string absolute path to the kubeconfig file to use
    --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300)
    --tiller-namespace string namespace of Tiller (default "kube-system")

    Use "helm [command] --help" for more information about a command.

初始化

  • 如果集群启用了 RBAC 权限控制 还需要创建一个账户配置

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    $ cat > helm-rbac-config.yaml<<EOF
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: tiller
    namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: tiller
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
    subjects:
    - kind: ServiceAccount
    name: tiller
    namespace: kube-system
    EOF
    kubectl apply -f helm-rbac-config.yaml
  • 初始化 Helm

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    jtb @ yumc-pw in ~/src/linux-amd64 [21:05:05]
    $ helm init --service-account tiller
    Creating /home/jtb/.helm
    Creating /home/jtb/.helm/repository
    Creating /home/jtb/.helm/repository/cache
    Creating /home/jtb/.helm/repository/local
    Creating /home/jtb/.helm/plugins
    Creating /home/jtb/.helm/starters
    Creating /home/jtb/.helm/cache/archive
    Creating /home/jtb/.helm/repository/repositories.yaml
    Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
    Adding local repo with URL: http://127.0.0.1:8879/charts
    $HELM_HOME has been configured at /home/jtb/.helm.

    Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

    Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
    To prevent this, run `helm init` with the --tiller-tls-verify flag.
    For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
    Happy Helming!

问题解决

  • 单节点部署 Tiller 服务端时 提示部署失败 0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.
    1
    $ kubectl taint nodes --all node-role.kubernetes.io/master-

相关资源