helm工具

安装

下载 https://helm.sh/docs/intro/install/

wget  -P /opt/docker  https://get.helm.sh/helm-v3.9.3-linux-amd64.tar.gz
mkdir /opt/docker/helm-v3.9.3
tar -zxvf  helm-v3.9.3-linux-amd64.tar.gz  -C  ./helm-v3.9.3   --strip-components 1

设置环境变量

$ cat >> ~/.bashrc <<EOF
#helm
export PATH=$PATH:/opt/docker/helm-v3.9.3
EOF
$ helm version
version.BuildInfo{Version:"v3.9.3", GitCommit:"414ff28d4029ae8c8b05d62aa06c7fe3dee2bc58", GitTreeState:"clean", GoVersion:"go1.17.13"}

添加源

helm repo add stable http://mirror.azure.cn/kubernetes/charts 
helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts 
helm repo list

show

helm show chart stable/mysql

install

有六种不同的方式来标识需要安装的chart：

1. 通过chart引用： helm install mymaria example/mariadb
2. 通过chart包： helm install mynginx ./nginx-1.2.3.tgz
3. 通过未打包chart目录的路径： helm install mynginx ./nginx
4. 通过URL绝对路径： helm install mynginx https://example.com/charts/nginx-1.2.3.tgz
5. 通过chart引用和仓库url： helm install –repo https://example.com/charts/ mynginx nginx
6. 通过OCI注册中心： helm install mynginx –version 1.2.3 oci://example.com/charts/nginx

❯ helm list
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/cs/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/cs/.kube/config
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION

#helm list -A

https://github.com/mysql/mysql-operator

helm/mysql-operator

envs.k8sClusterDomain

persists try setting MYSQL_OPERATOR_K8S_CLUSTER_DOMAIN via environment.

helm install

helm install -f ...
❯ helm install -f ./mysql-operator/values.yaml -name mysql-operator --namespace mysql-operator --create-namespace ./mysql-operator
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/cs/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/cs/.kube/config
NAME: mysql-operator
LAST DEPLOYED: Thu Aug 31 20:42:51 2023
NAMESPACE: mysql-operator
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Create an MySQL InnoDB Cluster by executing:
1. When using a source distribution / git clone: `helm install [cluster-name] -n [ns-name] ~/helm/mysql-innodbcluster`
2. When using the Helm repo from ArtifactHub
2.1 With self signed certificates
    export NAMESPACE="your-namespace"
    # in case the namespace doesn't exist, please pass --create-namespace
    helm install my-mysql-innodbcluster mysql-operator/mysql-innodbcluster -n $NAMESPACE \
        --version 2.1.0 \
        --set credentials.root.password=">-0URS4F3P4SS" \
        --set tls.useSelfSigned=true


2.2 When you have own CA and TLS certificates
        export NAMESPACE="your-namespace"
        export CLUSTER_NAME="my-mysql-innodbcluster"
        export CA_SECRET="$CLUSTER_NAME-ca-secret"
        export TLS_SECRET="$CLUSTER_NAME-tls-secret"
        export ROUTER_TLS_SECRET="$CLUSTER_NAME-router-tls-secret"
        # Path to ca.pem, server-cert.pem, server-key.pem, router-cert.pem and router-key.pem
        export CERT_PATH="/path/to/your/ca_and_tls_certificates"


        kubectl create namespace $NAMESPACE


        kubectl create secret generic $CA_SECRET \
            --namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
            --from-file=ca.pem=$CERT_PATH/ca.pem \
        | kubectl apply -f -


        kubectl create secret tls $TLS_SECRET \
            --namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
            --cert=$CERT_PATH/server-cert.pem --key=$CERT_PATH/server-key.pem \
        | kubectl apply -f -


        kubectl create secret tls $ROUTER_TLS_SECRET \
            --namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
            --cert=$CERT_PATH/router-cert.pem --key=$CERT_PATH/router-key.pem \
        | kubectl apply -f -


        helm install my-mysql-innodbcluster mysql-operator/mysql-innodbcluster -n $NAMESPACE \
        --version 2.1.0 \
        --set credentials.root.password=">-0URS4F3P4SS" \
        --set tls.useSelfSigned=false \
        --set tls.caSecretName=$CA_SECRET \
        --set tls.serverCertAndPKsecretName=$TLS_SECRET \
        --set tls.routerCertAndPKsecretName=$ROUTER_TLS_SECRET
  

❯ kubectl get deployment -n mysql-operator mysql-operator
NAME             READY   UP-TO-DATE   AVAILABLE   AGE
mysql-operator   1/1     1            1           74s


❯ helm install mycluster ./mysql-innodbcluster \
        --namespace mysql-operator \
        --set tls.useSelfSigned=true \
        --set credentials.root.user='root' \
        --set credentials.root.password='cs@123456' \
        --set credentials.root.host='%' \
        --set serverInstances=3 \
        --set routerInstances=1
NAME: mycluster
LAST DEPLOYED: Sun Sep  3 20:47:47 2023
NAMESPACE: mysql-operator
STATUS: deployed
REVISION: 1
TEST SUITE: None

dependency

注意： 传统Helm 的Chart.yaml dependencies:部分字段已被完全删除弃用。

用requirements.yaml来管理依赖关系

dependencies:
- name: "loki"
  condition: loki.enabled
  repository: file://./chart/loki
  version: "^2.15.2"
- name: "promtail"
  condition: promtail.enabled
  repository: file://./chart/promtail
  version: "^6.7.4"

>/values.yaml
>loki:
 enabled: true
......
>promtail:
 enabled: true

本地 “file://../prometheus”

❯ helm dependency build
Error: the lock file (Chart.lock) is out of sync with the dependencies file (Chart.yaml). Please update the dependencies
❯ helm dependency update
Hang tight while we grab the latest from your chart repositories…
…Successfully got an update from the “cluster-proportional-autoscaler” chart repository
…Successfully got an update from the “aliyun” chart repository
…Successfully got an update from the “jetstack” chart repository
…Successfully got an update from the “hashicorp” chart repository
…Successfully got an update from the “flannel” chart repository
…Successfully got an update from the “mysql-operator” chart repository
…Successfully got an update from the “stable” chart repository
…Successfully got an update from the “coredns” chart repository
…Successfully got an update from the “bitpoke” chart repository
…Successfully got an update from the “radondb” chart repository
…Successfully got an update from the “prometheus-community” chart repository
…Successfully got an update from the “istio” chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 4 charts
Deleting outdated charts

❯ helm package metrics-server #打包本地文件

package

-d 默认打包到当前目录

❯ helm package  /home/cs/oss/k8s-1.26/helm-charts-main/charts/alertmanager  \
  -d /home/cs/oss/k8s-1.26/helm-charts-main/charts/prometheus/charts

Successfully packaged chart and saved it to: /home/cs/oss/k8s-1.26/helm-charts-main/charts/prometheus/charts/alertmanager-1.6.0.tgz

uninstall

helm uninstall  mysql-operator -n mysql-operator

自定义

 tree ./
./
├── charts #用于存放所依赖的子 chart
├── Chart.yaml    # 描述这个 Chart 的相关信息、包括名字、描述信息、版本等
├── templates     # 模板目录，保留创建 k8s 的资源清单文件
│   ├── deployment.yaml  #deployment 资源的 go 模板文件
│   ├── _helpers.tpl  # 模板助手文件，定义的值可在模板中使用
│   ├── hpa.yaml     #水平 pod 自动扩缩容 go 模板文件
│   ├── ingress.yaml   #七层代理 go 模板文件
│   ├── NOTES.txt  #chart的帮助文本。会在用户执行helm install时展示
│   ├── serviceaccount.yaml
│   ├── service.yaml  #service 的 go 模板文件
│   └── tests
│       └── test-connection.yaml
└── values.yaml  #模板的值文件，这些值会在安装时应用到 GO 模板生成部署文件

模板语法

• helm内置对象

  Release, release相关属性
  Chart, Chart.yaml文件中定义的内容
  Values, values.yaml文件中定义的内容

• 引用方式

  <!–swig11–> 通过双括号注入，小数点开头表示从最顶层命名空间引用

常用函数

• quote：将值转换为字符串，即加双引号

• default：设置默认值，如果获取的值为空则为默认值

• indent和nindent：缩进字符串 ，nindent 换行缩进

• toYaml：引用一块YAML内容，如健康检查，资源配额resources，或者端口

• 其他函数：upper、title等

extraArgs:
  argument1: value1
  argument2: value2
  booleanArg1:
  
      args:
{{- range $key, $value := .Values.extraArgs }}
    {{- if $value }}
    - --{{ $key }}={{ $value }}
    {{- else }}
    - --{{ $key }}
    {{- end }}
{{- end }}

Helm 按需渲染 CM