helm3 installation and redis deployment

Posted by Ben Cleary on Sat, 05 Mar 2022 02:32:22 +0100

Helm2's problem
One of the main problems of Helm2 is that it needs to run a server in the k8s cluster, which needs to expose the tiller port to the outside world, which will lead to security risks.
The tiller introduced in helm 2 is mainly because at that time k8s there was no RBAC mechanism, so the server tiller was introduced.
Later k8s, the functions were improved accordingly, and RBAC and CRD were added, which made tiller redundant.

helm3 has only one client and no server, so it is very convenient to install. Just download the corresponding program. There is no need to install helm init.

Characteristics of helm3
Compared with helm2, helm3 has several characteristics:
tiller removed
It supports distributed helm hub, which can eliminate the need to manually add unofficial repo in many cases, such as helm3 search hub
Perform json schema validation for the chart input value.
You can add test to helm charts. Through helm test, you can run some tests for deployed applications.
The release name must be specified during deployment. If it is not specified during helm2, one will be generated automatically.
You don't need to purge when deleting. Deleting is deleting.

Install helm3

Download the helm installation package

Address: https://get.helm.sh/helm-v3.2.3-linux-amd64.tar.gz

Unzip and copy as system command

[root@master k8s]# tar xf helm-v3.2.3-linux-amd64.tar.gz 
[root@master k8s]# cd linux-amd64/
[root@master linux-amd64]# ls
[root@master linux-amd64]# cp  helm  /usr/local/bin/
[root@master linux-amd64]# cd
[root@master ~]# helm  version
version.BuildInfo{Version:"v3.2.3", GitCommit:"8f832046e258e2cb800894579b1b3b50c2d83492", GitTreeState:"clean", GoVersion:"go1.13.12"}

Add Alibaba cloud helm warehouse

$ helm repo add stable https://apphub.aliyuncs.com/stable

View warehouse:

[root@master conf]# helm repo list
NAME  	URL                                                   
stable	https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

helm3 common command description

helm inspect in helm2 has been replaced by helm show. The helm3 command can be viewed according to helm --help

helm install redis

redis chart

[root@master conf]# helm search repo  redis
NAME           	CHART VERSION	APP VERSION	DESCRIPTION                                       
stable/redis   	1.1.15       	4.0.8      	Open source, advanced key-value store. It is of...
stable/redis-ha	2.0.1        	           	Highly available Redis cluster with multiple se...
stable/sensu   	0.2.0 

Redis HA is a redis cluster mode

You can use helm show readme stable/redis to view the installation instructions

The following table lists the Redis chart configuration parameters and their default values.

imageRedis imagebitnami/redis:{VERSION}
imagePullPolicyImage pull policyIfNotPresent
serviceTypeKubernetes Service typeClusterIP
usePasswordUse passwordtrue
redisPasswordRedis passwordRandomly generated
argsRedis command-line args[]
redisExtraFlagsRedis additional command line flags[]
persistence.enabledUse a PVC to persist datatrue
persistence.pathPath to mount the volume at, to use other images/bitnami
persistence.subPathSubdirectory of the volume to mount at""
persistence.existingClaimUse an existing PVC to persist datanil
persistence.storageClassStorage class of backing PVCgeneric
persistence.accessModeUse volume as ReadOnly or ReadWriteReadWriteOnce
persistence.sizeSize of data volume8Gi
resourcesCPU/Memory resource requests/limitsMemory: 256Mi, CPU: 100m
metrics.enabledStart a side-car prometheus exporterfalse
metrics.imageExporter imageoliver006/redis_exporter
metrics.imageTagExporter imagev0.11
metrics.imagePullPolicyExporter image pull policyIfNotPresent
metrics.resourcesExporter resource requests/limitMemory: 256Mi, CPU: 100m
nodeSelectorNode labels for pod assignment{}
tolerationsToleration labels for pod assignment[]
networkPolicy.enabledEnable NetworkPolicyfalse
networkPolicy.allowExternalDon't require client label for connectionstrue
service.annotationsannotations for redis service{}
service.loadBalancerIPloadBalancerIP if service type is LoadBalancer``
securityContext.enabledEnable security contexttrue

Use '– set key=value [, key=value]' to specify parameters for 'helm install', for example:

$ helm install --name my-release \
  --set redisPassword=secretpassword \

The above command sets the password of redis service as "secret password"
In addition, you can provide another form of specifying parameters when installing chart, YAML file. for example

$ helm install --name my-release -f values.yaml stable/redis


By default, chart mounts one locally Persistent volume Volume, provided that the PV must be created locally in advance. volumes are created through dynamic PV issuance. If a pvc already exists, you can specify it during installation.

$ helm install --set persistence.existingClaim=PVC_NAME redis

Default installation

[root@master conf]# helm install redis stable/redis
NAME: redis
LAST DEPLOYED: Fri Apr 16 17:36:12 2021
NAMESPACE: default
STATUS: deployed
Redis can be accessed via port 6379 on the following DNS name from within your cluster:
To get your password run:

    REDIS_PASSWORD=$(kubectl get secret --namespace default redis-redis -o jsonpath="{.data.redis-password}" | base64 --decode)

To connect to your Redis server:

1. Run a Redis pod that you can use as a client:

   kubectl run --namespace default redis-redis-client --rm --tty -i \
   --image bitnami/redis:4.0.8-r2 -- bash

2. Connect using the Redis CLI:

  redis-cli -h redis-redis -a $REDIS_PASSWORD

– name can be specified. If not specified, it defaults to redis

View installation status

[root@master conf]# helm list
redis	default  	1       	2021-04-16 16:39:05.0033357 +0800 CST	deployed	redis-1.1.15	4.0.8  

At this time, the status of pod is in pending status

[root@master conf]# kubectl  get pod 
NAME                                      READY   STATUS    RESTARTS   AGE
redis-redis-b69965b4d-466d7               0/1     Pending   0          53s

kubectl describe pod redis-redis-b69965b4d-466d7 you can see "pod has unbound immediate persistent volume claims (repeated 2 times)"

Create PV

[root@master k8s]# cat redis-pv.yaml 
kind: PersistentVolume
apiVersion: v1
  name: pv-volume
    type: local
    storage: 10Gi
    - ReadWriteOnce
    path: "/mnt/data"

Directory authorization:

chmod 777 -R /mnt/data

Check again that the pod is normal

helm uninstall redis

helm delete redis

Topics: Redis helm