[Cloud Native] Getting Started with Helm in Kuberneter to Practice

 

introduction

Helm is a package management tool for k8s. Using helm, you can deploy and upgrade k8s applications in a more simplified and systematic way.

helm is a graduated project of CNCF, and the community is also quite active.   You can find many ready-made helm charts on https://artifacthub.io/ , which can be used in the production environment with slight modifications, which is very convenient.

This article will introduce the core concepts of helm and use an example to help you understand helm more intuitively. You can follow this example and operate it. I believe it will be very helpful in understanding helm.

(Tutorial address: cloud-native-tutorial )

what is helm

First acquaintance with helm

Helm in Greek means: rudder; steering wheel. It is said that Helm founder Mutt Butcher found it by searching through navigation manuals in order to find a word that matches the Kubernetes theme.

Official website address: https://helm.sh/

The official explanation is: Helm is the best way to find, share, and use software built for Kubernetes. This means that Helm is the best way to find, share, and build applications in Kubernetes.

This statement is certainly not an exaggeration. Helm is actually a package management tool for Kubernetes applications, used to manage charts (a pre-configured installation package resource), somewhat similar to Ubuntu's APT and YUM in CentOS. Therefore, the emergence of helm solves the problem of lack of k8s application management capabilities.

In addition, helm is also a bridge between dev and ops. When operation and maintenance personnel use helm, on the one hand, they do not need to understand a large number of various k8s elements in the chart, and only need to configure a small number of environment variables to install; on the other hand, helm also It provides learning opportunities for junior operation and maintenance personnel. They can learn and understand various k8s elements in the chart, so that they can master k8s faster.

The following lists some key information about helm

• Helm 3 was released on November 13, 2019;
• Graduated from CNCF on April 30, 2020;
• There are currently close to 1.90,000 Stars on github;
• Latest version: 3.5.0;
• Main author: Mutt Butcher, currently at Microsoft, mainly focusing on the DevOps field.

Comparison between helm and apt

When we are exposed to a new thing, the best way to learn is to make analogies with things we are familiar with, which can help us quickly grasp the core concepts.

Since Mutt Butcher made a lot of reference to the designs of apt and homebrew when designing helm, here we use apt for comparison to help everyone better understand helm.

As can be seen from the table below, the conceptual comparison between helm and apt. I believe that students who are familiar with apt can quickly have a preliminary understanding of helm.

helmoverview

After having a preliminary impression of helm, let's make an overview of helm, including a brief understanding of helm's core concepts, operating processes, common commands, and charts. In this way, we will be better prepared for our subsequent in-depth study and study of helm. Practice the work of a program to avoid missing the forest for the trees.

three major concepts of helm

• Chart : Chart is the helm package, which contains all the elements for running a k8s app, such as service, deployment, configmap, serviceaccount, rbac, etc. These elements exist in the form of template files, combined with the values ​​file, and finally rendered. Output a yaml file that can be executed by k8s;
• repository : The repository is a collection of charts that facilitates sharing and distribution. Below are the addresses of the official website warehouse and Alibaba Cloud warehouse. You can go in and have a look and feel;
  • https://artifacthub.io/
  • https://developer.aliyun.com/hub
• release : release is a running instance of helm chart in kubernetes. You can install the same chart multiple times with different release names. For example, when multiple redis instances are needed in the cluster, you can use different configuration files to install redis chart.

helm running process

I recommend that you read the picture below several times. It can be said that if you master this picture, you will have mastered the core of helm.

As you can see from the figure below, the core running process of helm is divided into the following steps:

• Get the chart from the chart warehouse;
• Users configure their own values ​​file and modify the values ​​according to their own operating environment;
• The default values ​​file and the user values ​​file will be merged to form the final values ​​file;
• Use the final values ​​file to render the chart template to form a yaml that can be executed by kubernetes;
• Call kube apply to submit yaml to kubernetes

Here, we need to pay attention to the boundary between chart developers and users. It is precisely because when crossing this boundary, from needing to understand a large number of configurations to only needing to understand a small amount of configurations, that the work of ops becomes easier, which is also the core of helm. design philosophy. After reading the entire article, even if you remember nothing but this picture, you will gain a lot.

Helm commonly used commands

When using helm, you can use charts developed by third parties or develop charts yourself. The following are common commands used in both cases. For more detailed commands, you can use helm help to view it after installing helm, or view the official documentation.

Use charts developed by third parties

Before deployment

• repo: add, list, remove, update, and index chart repositories
• search: search for a keyword in charts

After deployment

• install: install a chart
• list: list releases
• status: display the status of the named release
• upgrade: upgrade a release
• rollback: roll back a release to a previous revision
• uninstall: uninstall a release

Develop charts yourself

• lint: examine a chart for possible issues
• package: package a chart directory into a chart archive
• push: push helm chart to chartmuseum
• chart push: push helm chart to OCI repository

chart

Chart can be said to be the most important concept in helm. There is a lot to learn about charts. Here is an enumeration.

• Chart development : mainly refers to using template technology to develop a chart, which will be introduced in detail later;
• Chart hooks : In the life cycle of the chart, some hooks are provided to facilitate some pre- or post-operations.
  • Before installing the chart, create the Secret required by the application
  • Before installing the chart, back up the database
  • After the chart is uninstalled, do some cleanup work
• chart test : After you install a chart, how do you know whether the release is running normally? Chart test provides a way to test to verify whether your application is running normally, such as:
  • Verify that the mysql application can connect normally and accept requests
  • Verify that services can perform load balance normally
• Library chart : A chart that exists in the form of a library and can be shared between application charts to avoid duplication of logic; similar to a public library in a programming language;
• Chart verification : Based on PKI, GnuPG and other technologies, the helm package is signed to ensure security during transmission or release;
• OCI (Open Container Initiative, container publishing specification) support : helm 3 introduced (EXPERIMENTAL), which can push charts to warehouses that support OCI, such as harbor, nexus, etc. For example, save charts to harbor:
• 保存chart：helm chart save kubeedge/ some-harbor-repo/kubeedge-cloud-chart:1.0.0
• 登录repo：helm registry login https://some-harbor-repo
• 推送chart：helm chart push some-harbor-repo/kubeedge-cloud-chart:1.0.0
• Advanced features
  • post rendering: Provides a mechanism to operate and configure manifests before helm install; generally used in conjunction with kustomize. for example:
    • Insert sidecar during installation to add functionality to deployment
    • Change the configuration of manifests without modifying the original chart.

This may not be very easy to understand. Here is an example. Suppose I need to make a small amount of modifications to a third-party chart to meet my deployment requirements. Then I can fork a copy of the chart and then make modifications on it, but this way I need some additional maintenance work. When this chart is upgraded, I still need to do merge work, which is very inconvenient.

Therefore, post rendering provides a mechanism. You only need to use a script written by post rendering+kustomize to make some customized changes to the content of the original chart before installation, avoiding additional maintenance work. As shown below. (kustomize is an open source configuration tool that can easily make some customized modifications to the existing k8s app configuration. Official website address: https://kustomize.io/ )

• go sdk: helm provides golang sdk for easy use in go language;
• storage backend: Specify the storage type of release information, the default is secret; you can specify configmap, secret and postgreSQL; the following figure shows how helm version information is stored in secret.

• helm plugin: supports the expansion of helm functions in the form of plug-ins.

helm demo

Let's use a demo to have a more intuitive understanding of helm. In this demo, our goal is to deploy a redis cluster, including the following steps:

• Install helm
• Use helm install single node redis
• Use helm upgrade to upgrade to master-slave
• Use helm rollback to roll back to single node mode

Step 1: Install helm (via apt)

The following is the command to install helm through apt. For other installation methods, please refer to the official website:

curl https://baltocdn.com/helm/signing.asc | sudo apt-key add – 
sudo apt-get install apt-transport-https --yes 
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list 
sudo apt-get update 
sudo apt-get install helm=3.4.2-1

Step 2: Add the warehouse and find the redis chart

• Add repository: helm repo add stable  https://charts.helm.sh/stable
• View the repositories that have been added: helm repo list
• What charts are there in the search repository: helm search repo stable
• Update the repository list locally: helm repo update
• Search redis: helm search repo redis
• View redis chart details: helm show chart stable/redis
• View redis values ​​(values: equivalent to chart configuration file): helm show values ​​stable/redis

Step 3: install/upgrade/rollback/uninstall

• Create a single-master configuration file named only-master.values

## Cluster settings   
cluster:     
  enabled: false

## Redis pod Security Context   
securityContext:     
  enabled: false

## Use password authentication   
usePassword: true   

## Redis password (both master and slave)   
password: "admin"

## Redis Master parameters   
master:     
  persistence:       
    enabled: false 

Then --dry-run to see if there are any problems with the generated yaml file:

helm install redis-demo stable/redis -f ./only-master.values --dry-run

If there are no problems, proceed to the actual installation

helm install redis-demo stable/redis -f ./only-master.values

After the installation is successful, you can log in to redis for operation and further verification:

redis-cli -h `kubectl get svc redis-demo-master -o=jsonpath="{.spec.clusterIP}"` -a admin
set name zhangsan  
get name
info replication
# 可以看到这时候没有slave连接 

• Create a master-slave configuration file named master-slave.values

## Cluster settings   
cluster:     
  enabled: true     
  slaveCount: 1

securityContext:     
  enabled: false

## Use password authentication   
usePassword: true   
password: "admin"

## Mount secrets as files instead of environment variables   
usePasswordFile: false

## Redis Master parameters   
master:     
  persistence:       
    enabled: false

## Redis Slave properties   
slave:     
  persistence:       
  enabled: false

--dry-run to see if there are any problems with the generated yaml file; since there is already a release of redis-demo in the system, use upgrade to upgrade:

helm upgrade redis-demo stable/redis -f ./master-slave.values --dry-run   helm upgrade redis-demo stable/redis -f ./master-slave.values

Check whether the slave is successfully installed and synchronized successfully

redis-cli -h `kubectl get svc redis-demo-slave -o=jsonpath="{.spec.clusterIP}"` -a admin   
get name

• Finally, roll back to single master mode
• View deployment history: helm history redis-demo
• Roll back to the corresponding single master version: helm rollback redis-demo REVISION
• Reconnecting to the slave has failed:

redis-cli -h `kubectl get svc redis-demo-slave -o=jsonpath="{.spec.clusterIP}"` -a admin

• Only the master can connect:

redis-cli -hkubectl get svc redis-demo-master -o=jsonpath="{.spec.clusterIP}"` -a admin
# 输入命令测试一下
get age

• Uninstall redis-demo

helm uninstall redis-demo 

Detailed explanation of charts

The overall structure

The picture below is the directory structure of wordpress helm chart. The explanation of each element is as follows:

• Chart.yaml : chart information, including chart version information, description information, dependencies, etc.
• LICENSE : (optional) LICENSE information of chart
• README.md : (optional) chart description file
• values.yaml : default configuration information of chart
• values.schema.json : (optional) meta-information of values ​​configuration information (field type, field description, dependencies between fields, etc.), format json
• charts : other dependent charts
• crds: Custom Resource Definitions
• templates : Deployment templates, combined with values.yaml will render the kubernetes yaml file
• templates/NOTES.txt : (optional) installation instructions

Chart.yaml

Chart.yaml is equivalent to the chart's instructions, describing the chart's functions, versions, dependencies, keywords and other information.

The picture below is Chart.yaml of redis

• apiVersion: chart api version, currently helm 3 is fixed to v2
• name: chart name
• description: chart description
• type:
  • application: deployable chart
  • library: not deployable, common logic can be shared between different charts
• version: chart version
• appVersion: The version of the application in the chart, such as the redis version
• kubeVersion: compatible k8s version
• keywords: keywords, used in helm search
• dependencies: dependent charts
• managers: chart developers
• icon: chart icon, will be displayed in the hub

template

The template stores the main content in the chart and mainly exists in the form of a template. Variables, control statements, functions, etc. can be used in the template, and the functions are very rich.

chart hub & chart repo

• chart hub : can be understood as a summary of chart warehouses, official address: https://artifacthub.io/
• chart repo : chart warehouse, which stores specific charts
  • Example: https://charts.bitnami.com/bitnami
  • Open source warehouse: harbor ( https://goharbor.io/ ) (using helm OCI support)
  • Official warehouse provided by helm: chartmuseum -  https://github.com/helm/chartmuseum
• chart repo UI：https://github.com/helm/monocular

CICD helmet

You can use helm to build a CICD pipeline. Here is an example of CICD:

As you can see, the entire CICD is divided into 3 steps. Of course, this is just an example. Developers can adjust this step according to actual needs:

• stage1 : After developers code and pass the self-test, they submit the feature branch, trigger the pipeline build, generate docker images and helm charts with the same tags, and deploy the helm chart.
• stage2 : reviewer reviews the code. After passing the test, merge it into the release branch, modify the version number, generate the docker image and helm chart of the new tag, and deploy it to the cluster.
• stage3 : Test, product, customer, after passing the verification on staging, directly deploy the helm chart to the production environment

What are the changes from helm v2 to v3?

As you can see from the picture below, the biggest change is the removal of tiller. The main reason is that k8s has already supported RBAC, and a "redundant" component like tiller is no longer needed for permission management. Several other modifications are shown in the picture below. , for details, please refer to the official documentation.