Helm is kubernetes application package management tool, it is a project under the CNCF incubators, mainly used to manage Charts. Ubuntu's APT or YUM in CentOS similar. It provides an easy way to find, share and use the packages for kubernetes prepared. It eliminates the complex configuration and deployment, thereby greatly increasing the developer's entry into force effectiveness.
How to understand it then, assuming that our projects are very complex, and the need to deploy api gateway, registration center, distribution center, web services, databases, middleware, message queuing middleware and middleware caches ... This will generate a lot of configuration file, if the order over the conduct of certain parameters or not does not, it could cause the entire system deployment fails, he may still need a lot of time if you go through a period of practice familiar with the entire deployment process, but the work to other colleagues to understand the deployment scenario, if you want your program to share on the Internet, developers often want a key deployment for complex configurations may be prohibitive. in practice only a wordpress deploy a web project and a mysql server to deploy really put a lot of developers frustrating not light, not to mention the complex configuration like the above ...
The helm is precisely to solve this problem, it is the deployment of a complex series of state and non-state service package together (in fact, the organization of yaml file), then you can expose some custom parameter information for the user to choose such deployment will become much easier. Let's helm for some commonly used terms are introduced and demonstrated how to install the helm
Related terms helm
Helm is a command-line client tool. Primarily used for creating applications Chart of Kubernetes, packaging, publishing, and create and manage local and remote Chart warehouse.
Tiller is a server Helm, deployment in Kubernetes cluster. Helm Tiller for receiving a request, according to Chart generated Kubernetes deployment files (referred to as Release Helm), then submitted to Kubernetes create applications. Tiller also offers an upgrade Release, delete, roll back a series of functions.
Chart package Helm, using the TAR format. APT's bag or similar DEB YUM RPM package, which contains a defined set of resources associated YAML file Kubernetes
Repoistory Helm depot, the Repository is essentially a Web server, which holds a series of Chart software package for users to download and provides a list of files in the Repository of Chart package for inquiries. Helm can simultaneously manage several different Repository.
Release using the helm install command to deploy in Kubernetes cluster called Release Chart
Note: Note that: Release Helm and we usually mentioned in the concept version is different, Release here can be understood using the example of an application package deployment Chart for Helm.
Chart Install process
Helm Chart parsing the configuration information from the specified directory or file TAR.
Helm Chart configuration and the specified information to Tiller Values through gRPC.
Tiller and generates a Release according to Chart Values.
Tiller be transmitted to Kubernetes for generating Release Release.
Chart Update Process
Helm Chart parsing the configuration information from the specified directory or file TAR.
Helm will need to update the name of the Release, Chart and Values structural information to Tiller.
History Tiller generate and update the Release Release of the specified name.
Tiller transmitted to the Release Release Kubernetes for updating.
Chart Rollback process
Helm will be rolled back in the name of Release pass to Tiller.
Find History Release according to Tiller's name.
Tiller Gets a Release from History in.
Tiller a Release sent to the upper Kubernetes to replace the current Release.
Chart processing depends Description
Tiller in Chart processing, and all Charts Chart directly into one of its dependent Release, while passing to Kubernetes. So Tiller not responsible for managing the dependencies between the boot sequence. The application needs to be able to handle Chart these dependencies.
Installation process
1) First socat each node installed software on K8S cluster, or will report the following error:
E0522 22:22:15.492436 24409 portforward.go:331] an error occurred forwarding 38398 -> 44134: error forwarding port 44134 to pod dc6da4ab99ad9c497c0cef1776b9dd18e0a612d507e2746ed63d36ef40f30174, uid : unable to do port forwarding: socat not found.
Error: cannot connect to Tiller# YUM 安装(每个节点都要安装)
yum install -y socat To verify socat has been installed, enter the command vessel
sockat
2) Download the helm release
Each version HELM provides a binary version of a variety of operating systems. You can manually download and install these versions.
Download Page https://github.com/helm/helm/releases/
Note that download time is the option to download the
Installation and Upgradingfollowing package, rather than the content of the following assets inside
Note that the above address github download link actually points to
storage.googleapis.comthe address currently in the country is still accessible, but the good times and bad, through wget to download a lot can fail, it is recommended to download click on the link on the windows, if not successful then to download Retry, tried several times to be able to download multiple success, of course, there is Internet software better it!
3) extracting and copying
tar -xzvf helm-v2.12.0-linux-amd64.tar.gz
cd linux-amd64 && mv helm /usr/bin/Compression contains two executable files helm, tiller. Wherein the tiller is the server, if the deployment vessel to kubernetes employed, the tiller can not control, simply copy the helm / usr / bin directory.
4) Installation server (Tiller)
```bash
Create a server
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.13.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
Creating TLS authentication server, the reference address: https: //github.com/gjmzj/kubeasz/blob/master/docs/guide/helm.md
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.13.1 --tiller-tls-cert /etc/kubernetes/ssl/tiller001.pem --tiller-tls-key /etc/kubernetes/ssl/tiller001-key.pem --tls-ca-cert /etc/kubernetes/ssl/ca.pem --tiller-namespace kube-system --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
若遇到错误 failed to list: configmaps is forbidden: User “system:serviceaccount:kube-system:default” cannot list configmaps in the namespace “kube-system”Execute the following command
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'It should be specified in the source image when init init is because when the liner tiller server, deployment server is mounted to.
You can also try the following key installation command
$ curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
$ chmod 700 get_helm.sh
$ ./get_helm.shNote the following reference to this article , did not actually recorded at the time of installation, so my account is already normal, do not know is the default sa new version has been created or I manually created and then forgotten. Here also posted, beginner friends do not be afraid, even if the default has been created, and then execute the following command will not cause the error occurred.
Authorization to Tiller
because Tiller Helm server is deployed in a Kubernetes in Kube-? Deployment in System Namespace, it will go to create a connection Kube-Api in Kubernetes in and remove applications.
From the beginning of Kubernetes version 1.6, API Server enabled RBAC authorization. The default is not defined ServiceAccount current Tiller authorized the deployment, which can result in being refused access API Server. So we need to explicitly authorize the deployment of added Tiller.
Read the above description may be friends still confused, incomprehensible, in fact, because helm itself can create and delete pod, so it needs to have operating authority.
- Creating Kubernetes of? Service account and binding role
$ kubectl get deployment --all-namespaces
NAMESPACE NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kube-system tiller-deploy 1 1 1 1 1h
$ kubectl create serviceaccount --namespace kube-system tiller
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller- To set up the account Tiller
使用 kubectl patch 更新 API 对象
$ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
deployment.extensions "tiller-deploy" patched- To see if authorization is successful
$ kubectl get deploy --namespace kube-system tiller-deploy --output yaml|grep serviceAccount
serviceAccount: tiller
serviceAccountName: tiller- Tiller verify whether the installation was successful
[centos@k8s-master ~]$ kubectl -n kube-system get pods|grep tiller
tiller-deploy-6df646875f-ttbn7 1/1 Running 5 15d
[centos@k8s-master ~]$ helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}helm client version and server must be consistent to work
Smart helm command completion
source <(helm completion bash)For zsh command, using the following command
source <(helm completion zsh)Uninstall helm
Use you will find, helm is not as perfectly normal work of the imagination, while Seoul will be some small problems, you can use the following command to uninstall
helm resetCheck helm version information
[centos@k8s-master tekton]$ helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}