table of Contents
1, application deployment challenges Kubernetes
Kubernetes is a cluster-based application provides a solution container management program, Kubernetes provides operational deployment, resource scheduling, service discovery and dynamic stretching and a series of full-featured applications for the container.
Kubernetes core design philosophy is: the application of user-defined rules to be deployed, and Kubernetes is responsible for deploying and running the application in accordance with the rules defined. If the application problems lead to deviations from the definition of specifications, Kubernetes responsible for its automatic correction. For example: application of the rules defined in claim deploying two instances (Pod), an example of which terminates abnormally, Kubernetes checks and to restart a new instance.
User rules will be described by using Kubernetes API application objects, including Pod, Service, Volume, Namespace, ReplicaSet, Deployment, Job like. General definition of these resources need to write a series of objects YAML file, and then deployed via Kubernetes command-line tool Kubectl tune Kubernetes API.
With a typical three-tier application Wordpress, for example, the application will involve multiple Kubernetes API objects, and to describe these Kubernetes API objects may have to simultaneously maintain multiple YAML files.
When Kubernetes software during deployment, we are faced with the following questions:
- How to manage, edit and update these disparate Kubernetes application configuration file.
- How to set the relevant configuration file is managed as an application.
- How to distribute the application configuration and reuse of Kubernetes
2. What is the Helm
Helm is a package management tool developed for Kubernetes Deis applications, mainly used to manage Charts. Somewhat similar to Ubuntu's APT or CentOS in YUM.
Helm Chart YAML file is used to package a series Kubernetes native application. You can customize the application of some of the Metadata when you deploy the application in order to distribute the application.
For applications publisher, it can be packaged applications, manage application dependencies by Helm, application version and release management application to a depot.
For users, the use of Helm do not need to write complex application deployment files, you can find a simple way on Kubernetes, install, upgrade, rollback, uninstall the application.
As Kubernetes of a package management tool, Helm has the following features:
create a new chart
chart packaged into tgz format
to upload or download chart to chart the warehouse chart from the warehouse
to install or uninstall chart in Kubernetes cluster
management is installed with the release of Helm's chart cycle
3, Helm components and related terms
V2 talked about in this article is the latest version helm, V3 version has been released a beta version, in the Helm 3, Tiller was removed.
Helm
Helm is a command-line client tool. Primarily used for creating applications Chart of Kubernetes, packaging, publishing, and create and manage local and remote Chart warehouse.Tiller
Tiller is a server Helm, deployment in Kubernetes cluster. Helm Tiller for receiving a request, according to Chart generated Kubernetes deployment files (referred to as Release Helm), then submitted to Kubernetes create applications. Tiller also offers an upgrade Release, delete, roll back a series of functions.Chart
contains the necessary information to create an instance of the application of the Kubernetes, Helm package, using the TAR format. APT's bag or similar DEB YUM RPM package, which contains a defined set of resources associated Kubernetes YAML file.Repoistory
Helm depot, the Repository is essentially a Web server, which holds a series of Chart software package for users to download and provides a list of files in the Repository of Chart package for inquiries. Helm can simultaneously manage several different Repository.Release
is a chart and a running instance configuration, use the helm install command to deploy in Kubernetes cluster Chart called Release.
4, Helm works
Chart the Install Process
Helm Chart parsing the configuration information from the specified directory or file TAR.
Helm Chart configuration and the specified information to Tiller Values through gRPC.
Tiller and generates a Release according to Chart Values.
Tiller be transmitted to Kubernetes for generating Release Release.Chart the Update Process
Helm Chart parsing the configuration information from the specified directory or file TAR.
Helm will need to update the name of the Release, Chart and Values structural information to Tiller.
History Tiller generate and update the Release Release of the specified name.
Tiller transmitted to the Release Release Kubernetes for updating.Chart Rollback process
Helm will be rolled back Release name passed to Tiller.
Find History Release according to Tiller's name.
Tiller Gets a Release from History in.
Tiller a Release sent to the upper Kubernetes to replace the current Release.Chart described processing depends
Tiller Chart in handling, as well as all Charts Chart directly into one of its dependent Release, while passing to Kubernetes. So Tiller not responsible for managing the dependencies between the boot sequence. The application needs to be able to handle Chart these dependencies.
Helm Client is a user command-line tool, which is responsible for the following:
- Local development chart
- Warehouse Management
- Tiller sever interact with
- Transmitting chart preinstalled
- Queries release information
- Required to upgrade or uninstall the existing release
Tiller Server is a server inside Kubernetes cluster deployment, it interacts with Helm client, Kubernetes API server. Tiller server is responsible for the following:
listening for requests from Helm client's
build and configure a chart released by
the installation chart to Kubernetes cluster, and track subsequent release
by interacting with Kubernetes upgrade or uninstall chart
Simply put, client management charts, and server management published release
5, Helm installation
5.1 Client Installation
Client binaries Download: https: //github.com/helm/helm/releases
unzip the executable file helm copied to / usr / local / bin directory can be, so Helm on the client machine installation is complete.
[root@master01 helm-soft]# mv linux-amd64/helm /usr/local/bin/
[root@master01 helm-soft]# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Error: could not find tiller5.2 server installation Tiller
Tiller is deployed in Kubernetes Deployment cluster, you can simply use the following simple instructions to complete the installation, use and installation Ali cloud mirroring the default warehouse to warehouse on Ali cloud mirror
[root@master01 helm-soft]# helm init --upgrade --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.14.3 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Happy Helming!
[root@master01 helm-soft]# kubectl get pods -n kube-system |grep tiller-deploy
tiller-deploy-6d99bc8567-zv9q8 1/1 Running 0 2m33s
[root@master01 helm-soft]# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}If the error during initialization
Error: cannot connect to TillerSolutions to the node execution
yum install -y socat5.3 Authorization to Tiller
Because the server Tiller Helm is a Deployment in Kubernetes in Kube-System Namespace deployment, it will go to connect Kube-Api create and delete applications Kubernetes years.
From the beginning of Kubernetes version 1.6, API Server enabled RBAC authorization. The default is not defined ServiceAccount current Tiller authorized the deployment, which can result in being refused access API Server. So we need to explicitly authorize the deployment of added Tiller. Details visible https://docs.helm.sh/using_helm/#role-based-access-control
[root@master01 helm]# pwd
/root/manifest/helm
[root@master01 helm]# vim rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
[root@master01 helm]# kubectl create -f rbac.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created Use kubectl patch update API object, to patch a ServiceAccount of Tiller
[root@master01 helm]# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
deployment.extensions/tiller-deploy patchedSee if authorization is successful
[root@master01 helm]# kubectl get deploy --namespace kube-system tiller-deploy --output yaml|grep serviceAccount
serviceAccount: tiller
serviceAccountName: tillerHelm Tiller uninstall the server
if you need to uninstall deployed in Kubernetes in Tiller, use the command helm reset to complete the uninstall.
5.4 Helm command completion
Command auto-completion
for the convenience of using the helm commands, Helm provides auto-complete function
If you are using ZSH do
$ source <(helm completion zsh)If you do use BASH
$ source <(helm completion bash)
$ echo "source <(helm completion bash)" >> ~/.bashrc