• 云原生(三十) | Kubernetes篇之应用商店-Helm


    文章目录

    应用商店-Helm

    一、简介

    二、安装

    1、用二进制版本安装

    三、入门使用

    1、三大概念

    2、charts 结构

    3、应用安装

    4、自定义变量值

     5、命令

    6、推送helm chart


    应用商店-Helm

    一、简介

    二、安装

    1、用二进制版本安装

    每个Helm版本都提供了各种操作系统的二进制版本,这些版本可以手动下载和安装。

    1. 下载 需要的版本

    2. 解压(tar -zxvf helm-v3.0.0-linux-amd64.tar.gz)

    3. 在解压目中找到helm程序,移动到需要的目录中(mv linux-amd64/helm /usr/local/bin/helm)

    1. #!/usr/bin/env bash
    2. # Copyright The Helm Authors.
    3. #
    4. # Licensed under the Apache License, Version 2.0 (the "License");
    5. # you may not use this file except in compliance with the License.
    6. # You may obtain a copy of the License at
    7. #
    8. # http://www.apache.org/licenses/LICENSE-2.0
    9. #
    10. # Unless required by applicable law or agreed to in writing, software
    11. # distributed under the License is distributed on an "AS IS" BASIS,
    12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. # See the License for the specific language governing permissions and
    14. # limitations under the License.
    15. # The install script is based off of the MIT-licensed script from glide,
    16. # the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get
    17. : ${BINARY_NAME:="helm"}
    18. : ${USE_SUDO:="true"}
    19. : ${DEBUG:="false"}
    20. : ${VERIFY_CHECKSUM:="true"}
    21. : ${VERIFY_SIGNATURES:="false"}
    22. : ${HELM_INSTALL_DIR:="/usr/local/bin"}
    23. : ${GPG_PUBRING:="pubring.kbx"}
    24. HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)"
    25. HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)"
    26. HAS_OPENSSL="$(type "openssl" &> /dev/null && echo true || echo false)"
    27. HAS_GPG="$(type "gpg" &> /dev/null && echo true || echo false)"
    28. # initArch discovers the architecture for this system.
    29. initArch() {
    30. ARCH=$(uname -m)
    31. case $ARCH in
    32. armv5*) ARCH="armv5";;
    33. armv6*) ARCH="armv6";;
    34. armv7*) ARCH="arm";;
    35. aarch64) ARCH="arm64";;
    36. x86) ARCH="386";;
    37. x86_64) ARCH="amd64";;
    38. i686) ARCH="386";;
    39. i386) ARCH="386";;
    40. esac
    41. }
    42. # initOS discovers the operating system for this system.
    43. initOS() {
    44. OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')
    45. case "$OS" in
    46. # Minimalist GNU for Windows
    47. mingw*) OS='windows';;
    48. esac
    49. }
    50. # runs the given command as root (detects if we are root already)
    51. runAsRoot() {
    52. if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
    53. sudo "${@}"
    54. else
    55. "${@}"
    56. fi
    57. }
    58. # verifySupported checks that the os/arch combination is supported for
    59. # binary builds, as well whether or not necessary tools are present.
    60. verifySupported() {
    61. local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-ppc64le\nlinux-s390x\nwindows-amd64"
    62. if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then
    63. echo "No prebuilt binary for ${OS}-${ARCH}."
    64. echo "To build from source, go to https://github.com/helm/helm"
    65. exit 1
    66. fi
    67. if [ "${HAS_CURL}" != "true" ] && [ "${HAS_WGET}" != "true" ]; then
    68. echo "Either curl or wget is required"
    69. exit 1
    70. fi
    71. if [ "${VERIFY_CHECKSUM}" == "true" ] && [ "${HAS_OPENSSL}" != "true" ]; then
    72. echo "In order to verify checksum, openssl must first be installed."
    73. echo "Please install openssl or set VERIFY_CHECKSUM=false in your environment."
    74. exit 1
    75. fi
    76. if [ "${VERIFY_SIGNATURES}" == "true" ]; then
    77. if [ "${HAS_GPG}" != "true" ]; then
    78. echo "In order to verify signatures, gpg must first be installed."
    79. echo "Please install gpg or set VERIFY_SIGNATURES=false in your environment."
    80. exit 1
    81. fi
    82. if [ "${OS}" != "linux" ]; then
    83. echo "Signature verification is currently only supported on Linux."
    84. echo "Please set VERIFY_SIGNATURES=false or verify the signatures manually."
    85. exit 1
    86. fi
    87. fi
    88. }
    89. # checkDesiredVersion checks if the desired version is available.
    90. checkDesiredVersion() {
    91. if [ "x$DESIRED_VERSION" == "x" ]; then
    92. # Get tag from release URL
    93. local latest_release_url="https://github.com/helm/helm/releases"
    94. if [ "${HAS_CURL}" == "true" ]; then
    95. TAG=$(curl -Ls $latest_release_url | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}')
    96. elif [ "${HAS_WGET}" == "true" ]; then
    97. TAG=$(wget $latest_release_url -O - 2>&1 | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}')
    98. fi
    99. else
    100. TAG=$DESIRED_VERSION
    101. fi
    102. }
    103. # checkHelmInstalledVersion checks which version of helm is installed and
    104. # if it needs to be changed.
    105. checkHelmInstalledVersion() {
    106. if [[ -f "${HELM_INSTALL_DIR}/${BINARY_NAME}" ]]; then
    107. local version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}")
    108. if [[ "$version" == "$TAG" ]]; then
    109. echo "Helm ${version} is already ${DESIRED_VERSION:-latest}"
    110. return 0
    111. else
    112. echo "Helm ${TAG} is available. Changing from version ${version}."
    113. return 1
    114. fi
    115. else
    116. return 1
    117. fi
    118. }
    119. # downloadFile downloads the latest binary package and also the checksum
    120. # for that binary.
    121. downloadFile() {
    122. HELM_DIST="helm-$TAG-$OS-$ARCH.tar.gz"
    123. DOWNLOAD_URL="https://get.helm.sh/$HELM_DIST"
    124. CHECKSUM_URL="$DOWNLOAD_URL.sha256"
    125. HELM_TMP_ROOT="$(mktemp -dt helm-installer-XXXXXX)"
    126. HELM_TMP_FILE="$HELM_TMP_ROOT/$HELM_DIST"
    127. HELM_SUM_FILE="$HELM_TMP_ROOT/$HELM_DIST.sha256"
    128. echo "Downloading $DOWNLOAD_URL"
    129. if [ "${HAS_CURL}" == "true" ]; then
    130. curl -SsL "$CHECKSUM_URL" -o "$HELM_SUM_FILE"
    131. curl -SsL "$DOWNLOAD_URL" -o "$HELM_TMP_FILE"
    132. elif [ "${HAS_WGET}" == "true" ]; then
    133. wget -q -O "$HELM_SUM_FILE" "$CHECKSUM_URL"
    134. wget -q -O "$HELM_TMP_FILE" "$DOWNLOAD_URL"
    135. fi
    136. }
    137. # verifyFile verifies the SHA256 checksum of the binary package
    138. # and the GPG signatures for both the package and checksum file
    139. # (depending on settings in environment).
    140. verifyFile() {
    141. if [ "${VERIFY_CHECKSUM}" == "true" ]; then
    142. verifyChecksum
    143. fi
    144. if [ "${VERIFY_SIGNATURES}" == "true" ]; then
    145. verifySignatures
    146. fi
    147. }
    148. # installFile installs the Helm binary.
    149. installFile() {
    150. HELM_TMP="$HELM_TMP_ROOT/$BINARY_NAME"
    151. mkdir -p "$HELM_TMP"
    152. tar xf "$HELM_TMP_FILE" -C "$HELM_TMP"
    153. HELM_TMP_BIN="$HELM_TMP/$OS-$ARCH/helm"
    154. echo "Preparing to install $BINARY_NAME into ${HELM_INSTALL_DIR}"
    155. runAsRoot cp "$HELM_TMP_BIN" "$HELM_INSTALL_DIR/$BINARY_NAME"
    156. echo "$BINARY_NAME installed into $HELM_INSTALL_DIR/$BINARY_NAME"
    157. }
    158. # verifyChecksum verifies the SHA256 checksum of the binary package.
    159. verifyChecksum() {
    160. printf "Verifying checksum... "
    161. local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}')
    162. local expected_sum=$(cat ${HELM_SUM_FILE})
    163. if [ "$sum" != "$expected_sum" ]; then
    164. echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting."
    165. exit 1
    166. fi
    167. echo "Done."
    168. }
    169. # verifySignatures obtains the latest KEYS file from GitHub main branch
    170. # as well as the signature .asc files from the specific GitHub release,
    171. # then verifies that the release artifacts were signed by a maintainer's key.
    172. verifySignatures() {
    173. printf "Verifying signatures... "
    174. local keys_filename="KEYS"
    175. local github_keys_url="https://raw.githubusercontent.com/helm/helm/main/${keys_filename}"
    176. if [ "${HAS_CURL}" == "true" ]; then
    177. curl -SsL "${github_keys_url}" -o "${HELM_TMP_ROOT}/${keys_filename}"
    178. elif [ "${HAS_WGET}" == "true" ]; then
    179. wget -q -O "${HELM_TMP_ROOT}/${keys_filename}" "${github_keys_url}"
    180. fi
    181. local gpg_keyring="${HELM_TMP_ROOT}/keyring.gpg"
    182. local gpg_homedir="${HELM_TMP_ROOT}/gnupg"
    183. mkdir -p -m 0700 "${gpg_homedir}"
    184. local gpg_stderr_device="/dev/null"
    185. if [ "${DEBUG}" == "true" ]; then
    186. gpg_stderr_device="/dev/stderr"
    187. fi
    188. gpg --batch --quiet --homedir="${gpg_homedir}" --import "${HELM_TMP_ROOT}/${keys_filename}" 2> "${gpg_stderr_device}"
    189. gpg --batch --no-default-keyring --keyring "${gpg_homedir}/${GPG_PUBRING}" --export > "${gpg_keyring}"
    190. local github_release_url="https://github.com/helm/helm/releases/download/${TAG}"
    191. if [ "${HAS_CURL}" == "true" ]; then
    192. curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc"
    193. curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc"
    194. elif [ "${HAS_WGET}" == "true" ]; then
    195. wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc"
    196. wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc"
    197. fi
    198. local error_text="If you think this might be a potential security issue,"
    199. error_text="${error_text}\nplease see here: https://github.com/helm/community/blob/master/SECURITY.md"
    200. local num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
    201. if [[ ${num_goodlines_sha} -lt 2 ]]; then
    202. echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256!"
    203. echo -e "${error_text}"
    204. exit 1
    205. fi
    206. local num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
    207. if [[ ${num_goodlines_tar} -lt 2 ]]; then
    208. echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz!"
    209. echo -e "${error_text}"
    210. exit 1
    211. fi
    212. echo "Done."
    213. }
    214. # fail_trap is executed if an error occurs.
    215. fail_trap() {
    216. result=$?
    217. if [ "$result" != "0" ]; then
    218. if [[ -n "$INPUT_ARGUMENTS" ]]; then
    219. echo "Failed to install $BINARY_NAME with the arguments provided: $INPUT_ARGUMENTS"
    220. help
    221. else
    222. echo "Failed to install $BINARY_NAME"
    223. fi
    224. echo -e "\tFor support, go to https://github.com/helm/helm."
    225. fi
    226. cleanup
    227. exit $result
    228. }
    229. # testVersion tests the installed client to make sure it is working.
    230. testVersion() {
    231. set +e
    232. HELM="$(command -v $BINARY_NAME)"
    233. if [ "$?" = "1" ]; then
    234. echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?'
    235. exit 1
    236. fi
    237. set -e
    238. }
    239. # help provides possible cli installation arguments
    240. help () {
    241. echo "Accepted cli arguments are:"
    242. echo -e "\t[--help|-h ] ->> prints this help"
    243. echo -e "\t[--version|-v <desired_version>] . When not defined it fetches the latest release from GitHub"
    244. echo -e "\te.g. --version v3.0.0 or -v canary"
    245. echo -e "\t[--no-sudo] ->> install without sudo"
    246. }
    247. # cleanup temporary files to avoid https://github.com/helm/helm/issues/2977
    248. cleanup() {
    249. if [[ -d "${HELM_TMP_ROOT:-}" ]]; then
    250. rm -rf "$HELM_TMP_ROOT"
    251. fi
    252. }
    253. # Execution
    254. #Stop execution on any error
    255. trap "fail_trap" EXIT
    256. set -e
    257. # Set debug if desired
    258. if [ "${DEBUG}" == "true" ]; then
    259. set -x
    260. fi
    261. # Parsing input arguments (if any)
    262. export INPUT_ARGUMENTS="${@}"
    263. set -u
    264. while [[ $# -gt 0 ]]; do
    265. case $1 in
    266. '--version'|-v)
    267. shift
    268. if [[ $# -ne 0 ]]; then
    269. export DESIRED_VERSION="${1}"
    270. else
    271. echo -e "Please provide the desired version. e.g. --version v3.0.0 or -v canary"
    272. exit 0
    273. fi
    274. ;;
    275. '--no-sudo')
    276. USE_SUDO="false"
    277. ;;
    278. '--help'|-h)
    279. help
    280. exit 0
    281. ;;
    282. *) exit 1
    283. ;;
    284. esac
    285. shift
    286. done
    287. set +u
    288. initArch
    289. initOS
    290. verifySupported
    291. checkDesiredVersion
    292. if ! checkHelmInstalledVersion; then
    293. downloadFile
    294. verifyFile
    295. installFile
    296. fi
    297. testVersion
    298. cleanup

    三、入门使用

    1、三大概念

    • Chart 代表着 Helm 包。它包含在 Kubernetes 集群内部运行应用程序,工具或服务所需的所有资源定义。你可以把它看作是 Homebrew formula,Apt dpkg,或 Yum RPM 在Kubernetes 中的等价物。

    • Repository(仓库) 是用来存放和共享 charts 的地方。它就像 Perl 的CPAN 档案库网络或是 Fedora 的软件包仓库 ,只不过它是供 Kubernetes 包所使用的。

    • Release 是运行在 Kubernetes 集群中的 chart 的实例。一个 chart 通常可以在同一个集群中安装多次。每一次安装都会创建一个新的 release。以 MySQL chart为例,如果你想在你的集群中运行两个数据库,你可以安装该chart两次。每一个数据库都会拥有它自己的 releaserelease name

    在了解了上述这些概念以后,我们就可以这样来解释 Helm:

    Helm 安装 charts 到 Kubernetes 集群中,每次安装都会创建一个新的 release。你可以在 Helm 的 chart repositories 中寻找新的 chart。

    1. helm pull bitnami/mysql
    2. helm install -f values.yaml mysqlhaha ./

    2、charts 结构

    3、应用安装

    4、自定义变量值

     5、命令

    1. helm install xx
    2. helm list
    3. helm status xx
    4. helm rollback xxx

    6、推送helm chart

    1. helm registry login --insecure 192.168.86.5
    2. helm chart save /root/mariadb 192.168.86.5/chart/mariadb:test
    3. helm chart push 192.168.86.5/chart/mariadb:test
    4. helm registry logout 192.168.86.5

    • 📢博客主页:https://lansonli.blog.csdn.net
    • 📢欢迎点赞 👍 收藏 ⭐留言 📝 如有错误敬请指正!
    • 📢本文由 Lansonli 原创,首发于 CSDN博客🙉
    • 📢停下休息的时候不要忘了别人还在奔跑,希望大家抓紧时间学习,全力奔赴更美好的生活✨
  • 相关阅读:
    【ShardingSphere】单实例模式创建分片表、广播表、单表
    蓝桥杯每日一题2023.11.6
    yii2,脚本内存溢出解决办法
    20. 如何使用 ABAP 代码消费需要传递 CSRF token 的 OData 服务
    筹备三年,自动驾驶L3标准将至,智驾产业链的关键一跃
    Vue2/3 项目中的 ESLint + Prettier 代码检测格式化风格指南
    原来大厂都是这样监控Tomcat性能的,废话不多说,直接开干
    csapp-Machine-Level Representation of Program-review
    vsftpd配置
    Linux :远程访问的 16 个最佳工具(一)
  • 原文地址:https://blog.csdn.net/xiaoweite1/article/details/125477153