Helm2's problem
One of the main problems of Helm2 is that it needs to run a server in the k8s cluster, which needs to expose the tiller port to the outside world, which will lead to security risks.
The tiller introduced in helm 2 is mainly because at that time k8s there was no RBAC mechanism, so the server tiller was introduced.
Later k8s, the functions were improved accordingly, and RBAC and CRD were added, which made tiller redundant.
helm3 has only one client and no server, so it is very convenient to install. Just download the corresponding program. There is no need to install helm init.
Characteristics of helm3
Compared with helm2, helm3 has several characteristics:
tiller removed
It supports distributed helm hub, which can eliminate the need to manually add unofficial repo in many cases, such as helm3 search hub
Perform json schema validation for the chart input value.
You can add test to helm charts. Through helm test, you can run some tests for deployed applications.
The release name must be specified during deployment. If it is not specified during helm2, one will be generated automatically.
You don't need to purge when deleting. Deleting is deleting.
Install helm3
Download the helm installation package
Address: https://get.helm.sh/helm-v3.2.3-linux-amd64.tar.gz
Unzip and copy as system command
[root@master k8s]# tar xf helm-v3.2.3-linux-amd64.tar.gz
[root@master k8s]# cd linux-amd64/
[root@master linux-amd64]# ls
helm LICENSE README.md
[root@master linux-amd64]# cp helm /usr/local/bin/
[root@master linux-amd64]# cd
[root@master ~]# helm version
version.BuildInfo{Version:"v3.2.3", GitCommit:"8f832046e258e2cb800894579b1b3b50c2d83492", GitTreeState:"clean", GoVersion:"go1.13.12"}
Add Alibaba cloud helm warehouse
$ helm repo add stable https://apphub.aliyuncs.com/stable
View warehouse:
[root@master conf]# helm repo list NAME URL stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm3 common command description
helm inspect in helm2 has been replaced by helm show. The helm3 command can be viewed according to helm --help
helm install redis
redis chart
[root@master conf]# helm search repo redis NAME CHART VERSION APP VERSION DESCRIPTION stable/redis 1.1.15 4.0.8 Open source, advanced key-value store. It is of... stable/redis-ha 2.0.1 Highly available Redis cluster with multiple se... stable/sensu 0.2.0
Redis HA is a redis cluster mode
You can use helm show readme stable/redis to view the installation instructions
The following table lists the Redis chart configuration parameters and their default values.
| Parameter | Description | Default |
|---|---|---|
| image | Redis image | bitnami/redis:{VERSION} |
| imagePullPolicy | Image pull policy | IfNotPresent |
| serviceType | Kubernetes Service type | ClusterIP |
| usePassword | Use password | true |
| redisPassword | Redis password | Randomly generated |
| args | Redis command-line args | [] |
| redisExtraFlags | Redis additional command line flags | [] |
| persistence.enabled | Use a PVC to persist data | true |
| persistence.path | Path to mount the volume at, to use other images | /bitnami |
| persistence.subPath | Subdirectory of the volume to mount at | "" |
| persistence.existingClaim | Use an existing PVC to persist data | nil |
| persistence.storageClass | Storage class of backing PVC | generic |
| persistence.accessMode | Use volume as ReadOnly or ReadWrite | ReadWriteOnce |
| persistence.size | Size of data volume | 8Gi |
| resources | CPU/Memory resource requests/limits | Memory: 256Mi, CPU: 100m |
| metrics.enabled | Start a side-car prometheus exporter | false |
| metrics.image | Exporter image | oliver006/redis_exporter |
| metrics.imageTag | Exporter image | v0.11 |
| metrics.imagePullPolicy | Exporter image pull policy | IfNotPresent |
| metrics.resources | Exporter resource requests/limit | Memory: 256Mi, CPU: 100m |
| nodeSelector | Node labels for pod assignment | {} |
| tolerations | Toleration labels for pod assignment | [] |
| networkPolicy.enabled | Enable NetworkPolicy | false |
| networkPolicy.allowExternal | Don't require client label for connections | true |
| service.annotations | annotations for redis service | {} |
| service.loadBalancerIP | loadBalancerIP if service type is LoadBalancer | `` |
| securityContext.enabled | Enable security context | true |
Use '– set key=value [, key=value]' to specify parameters for 'helm install', for example:
$ helm install --name my-release \
--set redisPassword=secretpassword \
stable/redis
The above command sets the password of redis service as "secret password"
In addition, you can provide another form of specifying parameters when installing chart, YAML file. for example
$ helm install --name my-release -f values.yaml stable/redis
Persistence
By default, chart mounts one locally Persistent volume Volume, provided that the PV must be created locally in advance. volumes are created through dynamic PV issuance. If a pvc already exists, you can specify it during installation.
$ helm install --set persistence.existingClaim=PVC_NAME redis
Default installation
[root@master conf]# helm install redis stable/redis
NAME: redis
LAST DEPLOYED: Fri Apr 16 17:36:12 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Redis can be accessed via port 6379 on the following DNS name from within your cluster:
redis-redis.default.svc.cluster.local
To get your password run:
REDIS_PASSWORD=$(kubectl get secret --namespace default redis-redis -o jsonpath="{.data.redis-password}" | base64 --decode)
To connect to your Redis server:
1. Run a Redis pod that you can use as a client:
kubectl run --namespace default redis-redis-client --rm --tty -i \
--env REDIS_PASSWORD=$REDIS_PASSWORD \
--image bitnami/redis:4.0.8-r2 -- bash
2. Connect using the Redis CLI:
redis-cli -h redis-redis -a $REDIS_PASSWORD
– name can be specified. If not specified, it defaults to redis
View installation status
[root@master conf]# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION redis default 1 2021-04-16 16:39:05.0033357 +0800 CST deployed redis-1.1.15 4.0.8
At this time, the status of pod is in pending status
[root@master conf]# kubectl get pod NAME READY STATUS RESTARTS AGE redis-redis-b69965b4d-466d7 0/1 Pending 0 53s
kubectl describe pod redis-redis-b69965b4d-466d7 you can see "pod has unbound immediate persistent volume claims (repeated 2 times)"
Create PV
[root@master k8s]# cat redis-pv.yaml
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-volume
labels:
type: local
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data"
Directory authorization:
chmod 777 -R /mnt/data
Check again that the pod is normal
helm uninstall redis
helm delete redis