kubernetes-handbook/practice/helm.md

# 使用Helm管理kubernetes应用

Helm是一个kubernetes应用的包管理工具，用来管理[charts](https://github.com/kubernetes/charts)——预先配置好的安装包资源，有点类似于Ubuntu的APT和CentOS中的yum。

Helm chart是用来封装kubernetes原生应用程序的yaml文件，可以在你部署应用的时候自定义应用程序的一些metadata，便与应用程序的分发。

Helm和charts的主要作用：

- 应用程序封装
- 版本管理
- 依赖检查
- 便于应用程序分发

## 安装Helm

**前提要求**

Kubernetes1.5以上版本，集群可访问到的镜像仓库。

首先需要安装helm客户端

```bash
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh
```

创建tiller的`serviceaccount`和`clusterrolebinding`

```bash
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
```

然后安装helm服务端tiller

```bash
helm init -i sz-pg-oam-docker-hub-001.tendcloud.com/library/kubernetes-helm-tiller:v2.3.1
```

我们使用`-i`指定自己的镜像，因为官方的镜像因为某些原因无法拉取。

为应用程序设置`serviceAccount`：

```bash
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
```

检查是否安装成功：

```bash
$ kubectl -n kube-system get pods|grep tiller
tiller-deploy-2372561459-f6p0z         1/1       Running   0          1h
$ helm version
Client: &version.Version{SemVer:"v2.3.1", GitCommit:"32562a3040bb5ca690339b9840b6f60f8ce25da4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.3.1", GitCommit:"32562a3040bb5ca690339b9840b6f60f8ce25da4", GitTreeState:"clean"}
```

## 创建自己的chart

我们创建一个名为`mychart`的chart，看一看chart的文件结构。

```bash
$ helm create mongodb
$ tree mongodb
mongodb
├── Chart.yaml
├── charts
├── templates
│   ├── NOTES.txt
│   ├── _helpers.tpl
│   ├── deployment.yaml
│   └── service.yaml
└── values.yaml

2 directories, 6 files
```

### 模板

`Templates`目录下是yaml文件的模板，遵循[Go template](https://golang.org/pkg/text/template/)语法。使用过[Hugo](https://gohugo.io)的静态网站生成工具的人应该对此很熟悉。

我们查看下`deployment.yaml`文件的内容。

```yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: {{ template "fullname" . }}
  labels:
    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
spec:
  replicas: {{ .Values.replicaCount }}
  template:
    metadata:
      labels:
        app: {{ template "fullname" . }}
    spec:
      containers:
      - name: {{ .Chart.Name }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        ports:
        - containerPort: {{ .Values.service.internalPort }}
        livenessProbe:
          httpGet:
            path: /
            port: {{ .Values.service.internalPort }}
        readinessProbe:
          httpGet:
            path: /
            port: {{ .Values.service.internalPort }}
        resources:
{{ toYaml .Values.resources | indent 12 }}
```

这是该应用的Deployment的yaml配置文件，其中的双大括号包扩起来的部分是Go template，其中的Values是在`values.yaml`文件中定义的：

```Yaml
# Default values for mychart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
  repository: nginx
  tag: stable
  pullPolicy: IfNotPresent
service:
  name: nginx
  type: ClusterIP
  externalPort: 80
  internalPort: 80
resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi
```

比如在`Deployment.yaml`中定义的容器镜像`image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"`其中的：

- `.Values.image.repository`就是nginx
- `.Values.image.tag`就是stable

以上两个变量值是在create chart的时候自动生成的默认值。

### 检查配置和模板是否有效

当使用kubernetes部署应用的时候实际上讲templates渲染成最终的kubernetes能够识别的yaml格式。

使用`helm install --dry-run --debug <chart_dir>`命令来验证chart配置。该输出中包含了模板的变量配置与最终渲染的yaml文件。

```bash
$ helm install --dry-run --debug mychart
Created tunnel using local port: '58406'
SERVER: "localhost:58406"
CHART PATH: /Users/jimmy/Workspace/github/bitnami/charts/incubator/mean/charts/mychart
NAME:   named-jackal
REVISION: 1
RELEASED: Tue Oct 24 18:57:13 2017
CHART: mychart-0.1.0
USER-SUPPLIED VALUES:
{}

COMPUTED VALUES:
image:
  pullPolicy: IfNotPresent
  repository: nginx
  tag: stable
replicaCount: 1
resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi
service:
  externalPort: 80
  internalPort: 80
  name: nginx
  type: ClusterIP

HOOKS:
MANIFEST:

---
# Source: mychart/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: named-jackal-mychart
  labels:
    chart: "mychart-0.1.0"
spec:
  type: ClusterIP
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: nginx
  selector:
    app: named-jackal-mychart

---
# Source: mychart/templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: named-jackal-mychart
  labels:
    chart: "mychart-0.1.0"
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: named-jackal-mychart
    spec:
      containers:
      - name: mychart
        image: "nginx:stable"
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        livenessProbe:
          httpGet:
            path: /
            port: 80
        readinessProbe:
          httpGet:
            path: /
            port: 80
        resources:
            limits:
              cpu: 100m
              memory: 128Mi
            requests:
              cpu: 100m
              memory: 128Mi
```

## 部署todo测试案例

```bash
$ git clone https://github.com/bitnami/charts.git
$ cd charts/incubator/mean
$ helm dep list
NAME   	VERSION	REPOSITORY                                       	STATUS
mongodb	0.4.x  	https://kubernetes-charts.storage.googleapis.com/	missing
```

缺少mongodb的依赖，需要更新一下chart。

```bash
$ helm dep update
Hang tight while we grab the latest from your chart repositories...
...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
	Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: getsockopt: connection refused
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 1 charts
Downloading mongodb from repo https://kubernetes-charts.storage.googleapis.com/
```

所有的image都在 `values.yaml` 文件中配置。

下载缺失的chart。

```bash
$ helm dep build
Hang tight while we grab the latest from your chart repositories...
...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
	Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: getsockopt: connection refused
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 1 charts
Downloading mongodb from repo https://kubernetes-charts.storage.googleapis.com/
```

## 参考

- [Deploy, Scale And Upgrade An Application On Kubernetes With Helm](https://docs.bitnami.com/kubernetes/how-to/deploy-application-kubernetes-helm/)
- [Helm charts](https://github.com/kubernetes/helm/blob/master/docs/charts.md)
- [Go template](https://golang.org/pkg/text/template/)
- [How To Create Your First Helm Chart](https://docs.bitnami.com/kubernetes/how-to/create-your-first-helm-chart/)
-												初始helm

											
										
										
											2017-10-20 16:11:47 +08:00
+								# 使用Helm管理kubernetes应用
 								Helm是一个kubernetes应用的包管理工具，用来管理[charts](https://github.com/kubernetes/charts)——预先配置好的安装包资源，有点类似于Ubuntu的APT和CentOS中的yum。
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								Helm chart是用来封装kubernetes原生应用程序的yaml文件，可以在你部署应用的时候自定义应用程序的一些metadata，便与应用程序的分发。
 								Helm和charts的主要作用：
 								- 应用程序封装
 								- 版本管理
 								- 依赖检查
 								- 便于应用程序分发
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
+								## 安装Helm
 								**前提要求**
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								Kubernetes1.5以上版本，集群可访问到的镜像仓库。
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								首先需要安装helm客户端
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
 								```bash
 								curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
 								chmod 700 get_helm.sh
 								./get_helm.sh
 								```
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								创建tiller的`serviceaccount`和`clusterrolebinding`
 								```bash
 								kubectl create serviceaccount --namespace kube-system tiller
 								kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
 								```
 								然后安装helm服务端tiller
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
 								```bash
 								helm init -i sz-pg-oam-docker-hub-001.tendcloud.com/library/kubernetes-helm-tiller:v2.3.1
 								```
 								我们使用`-i`指定自己的镜像，因为官方的镜像因为某些原因无法拉取。
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								为应用程序设置`serviceAccount`：
 								```bash
 								kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
 								```
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
+								检查是否安装成功：
 								```bash
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								$ kubectl -n kube-system get pods|grep tiller
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
+								tiller-deploy-2372561459-f6p0z         1/1       Running   0          1h
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								$ helm version
 								Client: &version.Version{SemVer:"v2.3.1", GitCommit:"32562a3040bb5ca690339b9840b6f60f8ce25da4", GitTreeState:"clean"}
 								Server: &version.Version{SemVer:"v2.3.1", GitCommit:"32562a3040bb5ca690339b9840b6f60f8ce25da4", GitTreeState:"clean"}
 								```
 								## 创建自己的chart
 								我们创建一个名为`mychart`的chart，看一看chart的文件结构。
 								```bash
 								$ helm create mongodb
 								$ tree mongodb
 								mongodb
 								├── Chart.yaml
 								├── charts
 								├── templates
 								│   ├── NOTES.txt
 								│   ├── _helpers.tpl
 								│   ├── deployment.yaml
 								│   └── service.yaml
 								└── values.yaml
 directories, 6 files
 								```
 								### 模板
 								`Templates`目录下是yaml文件的模板，遵循[Go template](https://golang.org/pkg/text/template/)语法。使用过[Hugo](https://gohugo.io)的静态网站生成工具的人应该对此很熟悉。
 								我们查看下`deployment.yaml`文件的内容。
 								```yaml
 								apiVersion: extensions/v1beta1
 								kind: Deployment
 								metadata:
 								  name: {{ template "fullname" . }}
 								  labels:
 								    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
 								spec:
 								  replicas: {{ .Values.replicaCount }}
 								  template:
 								    metadata:
 								      labels:
 								        app: {{ template "fullname" . }}
 								    spec:
 								      containers:
 								      - name: {{ .Chart.Name }}
 								        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
 								        imagePullPolicy: {{ .Values.image.pullPolicy }}
 								        ports:
 								        - containerPort: {{ .Values.service.internalPort }}
 								        livenessProbe:
 								          httpGet:
 								            path: /
 								            port: {{ .Values.service.internalPort }}
 								        readinessProbe:
 								          httpGet:
 								            path: /
 								            port: {{ .Values.service.internalPort }}
 								        resources:
 								{{ toYaml .Values.resources | indent 12 }}
 								```
 								这是该应用的Deployment的yaml配置文件，其中的双大括号包扩起来的部分是Go template，其中的Values是在`values.yaml`文件中定义的：
 								```Yaml
 								# Default values for mychart.
 								# This is a YAML-formatted file.
 								# Declare variables to be passed into your templates.
 								replicaCount: 1
 								image:
 								  repository: nginx
 								  tag: stable
 								  pullPolicy: IfNotPresent
 								service:
 								  name: nginx
 								  type: ClusterIP
 								  externalPort: 80
 								  internalPort: 80
 								resources:
 								  limits:
 								    cpu: 100m
 								    memory: 128Mi
 								  requests:
 								    cpu: 100m
 								    memory: 128Mi
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
+								```
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								比如在`Deployment.yaml`中定义的容器镜像`image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"`其中的：
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								- `.Values.image.repository`就是nginx
 								- `.Values.image.tag`就是stable
 								以上两个变量值是在create chart的时候自动生成的默认值。
 								### 检查配置和模板是否有效
 								当使用kubernetes部署应用的时候实际上讲templates渲染成最终的kubernetes能够识别的yaml格式。
 								使用`helm install --dry-run --debug <chart_dir>`命令来验证chart配置。该输出中包含了模板的变量配置与最终渲染的yaml文件。
 								```bash
 								$ helm install --dry-run --debug mychart
 								Created tunnel using local port: '58406'
 								SERVER: "localhost:58406"
 								CHART PATH: /Users/jimmy/Workspace/github/bitnami/charts/incubator/mean/charts/mychart
 								NAME:   named-jackal
 								REVISION: 1
 								RELEASED: Tue Oct 24 18:57:13 2017
 								CHART: mychart-0.1.0
 								USER-SUPPLIED VALUES:
 								{}
 								COMPUTED VALUES:
 								image:
 								  pullPolicy: IfNotPresent
 								  repository: nginx
 								  tag: stable
 								replicaCount: 1
 								resources:
 								  limits:
 								    cpu: 100m
 								    memory: 128Mi
 								  requests:
 								    cpu: 100m
 								    memory: 128Mi
 								service:
 								  externalPort: 80
 								  internalPort: 80
 								  name: nginx
 								  type: ClusterIP
 								HOOKS:
 								MANIFEST:
 								---
 								# Source: mychart/templates/service.yaml
 								apiVersion: v1
 								kind: Service
 								metadata:
 								  name: named-jackal-mychart
 								  labels:
 								    chart: "mychart-0.1.0"
 								spec:
 								  type: ClusterIP
 								  ports:
 								  - port: 80
 								    targetPort: 80
 								    protocol: TCP
 								    name: nginx
 								  selector:
 								    app: named-jackal-mychart
 								---
 								# Source: mychart/templates/deployment.yaml
 								apiVersion: extensions/v1beta1
 								kind: Deployment
 								metadata:
 								  name: named-jackal-mychart
 								  labels:
 								    chart: "mychart-0.1.0"
 								spec:
 								  replicas: 1
 								  template:
 								    metadata:
 								      labels:
 								        app: named-jackal-mychart
 								    spec:
 								      containers:
 								      - name: mychart
 								        image: "nginx:stable"
 								        imagePullPolicy: IfNotPresent
 								        ports:
 								        - containerPort: 80
 								        livenessProbe:
 								          httpGet:
 								            path: /
 								            port: 80
 								        readinessProbe:
 								          httpGet:
 								            path: /
 								            port: 80
 								        resources:
 								            limits:
 								              cpu: 100m
 								              memory: 128Mi
 								            requests:
 								              cpu: 100m
 								              memory: 128Mi
 								```
 								## 部署todo测试案例
 								```bash
 								$ git clone https://github.com/bitnami/charts.git
 								$ cd charts/incubator/mean
 								$ helm dep list
 								NAME   	VERSION	REPOSITORY                                       	STATUS
 								mongodb	0.4.x  	https://kubernetes-charts.storage.googleapis.com/	missing
 								```
 								缺少mongodb的依赖，需要更新一下chart。
 								```bash
 								$ helm dep update
 								Hang tight while we grab the latest from your chart repositories...
 								...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
 									Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: getsockopt: connection refused
 								...Successfully got an update from the "stable" chart repository
 								Update Complete. ⎈Happy Helming!⎈
 								Saving 1 charts
 								Downloading mongodb from repo https://kubernetes-charts.storage.googleapis.com/
 								```
 								所有的image都在 `values.yaml` 文件中配置。
 								下载缺失的chart。
 								```bash
 								$ helm dep build
 								Hang tight while we grab the latest from your chart repositories...
 								...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
 									Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: getsockopt: connection refused
 								...Successfully got an update from the "stable" chart repository
 								Update Complete. ⎈Happy Helming!⎈
 								Saving 1 charts
 								Downloading mongodb from repo https://kubernetes-charts.storage.googleapis.com/
 								```
-												add minikube

											
										
										
											2017-10-23 19:08:33 +08:00
-												初始helm

											
										
										
											2017-10-20 16:11:47 +08:00
+								## 参考
-												创建helm chart说明

											
										
										
											2017-10-24 19:10:34 +08:00
+								- [Deploy, Scale And Upgrade An Application On Kubernetes With Helm](https://docs.bitnami.com/kubernetes/how-to/deploy-application-kubernetes-helm/)
 								- [Helm charts](https://github.com/kubernetes/helm/blob/master/docs/charts.md)
 								- [Go template](https://golang.org/pkg/text/template/)
 								- [How To Create Your First Helm Chart](https://docs.bitnami.com/kubernetes/how-to/create-your-first-helm-chart/)