Concepts
Now, let’s understand the basic concepts of Helm: https://helm.sh/docs/intro/using_helm/
Official Document To install helm in the control node, download the corresponding binary and untar to execution path, or using container and mount necessary k8s credentials.
Package manager analogy:
- helm (charts)
- apt (deb)
- yum (rpm)
- maven (Jar)
- npm (node modules)
- pip (python packages)
Helm v3.2.0
Helm3 does not have Tiller server, see what’s new in Helm 3
Plugins
十六种实用的 Kubernetes Helm Charts工具
Tillerless
For helm2
, Tiller server in cluster may not stable and secure, another workaround is run it locally, it talks to remote k8s cluster via kuebctl config.
- Tillerless Helm v2 plugin, read this article Why tillerless is needed.
1 | ## install tillerless plugin |
A good practice is to have helm, helm plugin, kubectl and cloud SDK in one container, for example:
1 | FROM python:3.7.7-alpine3.11 |
Note that HELM_VER < 2.17.0
does not work anymore, the default stable repo is gone, so upgrade to 2.17.0
in environment variable.
Then run it:
1 | # go to tillerless folder that with the dockerfile above |
When first time exec into docker container, run kubectl may not work, try exit out and run kubectl on host and exec log in again.
If switch k8s context, please stop and restart tillerless to adopt change.
1 | ## export if they are gone |
or
1 | ## export if they are gone |
or
1 | helm tiller run <command> |
Overview
helm3 does not have default repo, usually we use https://kubernetes-charts.storage.googleapis.com/
as our stable repo. helm2 can skip this as it has default stable repo.
1 | ## add stable repo to local repo |
Whenever you install a chart, a new release is created. So one chart can be installed multiple times into the same cluster. Each can be independently managed and upgraded.
1 | ## show deployed release |
Install order
Install in certain order, click to see. Or you can split the chart into different part or using init container.
Chart file structure
https://helm.sh/docs/topics/charts/#the-chart-file-structure
1 | <chart name>/ |
To drop a dependency into your
charts/
directory, use thehelm pull
command
- Chart.yaml
apiVersion
, helm3 isv2
, helm2 isv1
appVersion
, application verionversion
, charts version, for example, chart file/structure changedkeywords
field is used for helm searchtype
, we have application and library chart
Managing dependencies
Package the charts to archive, you can use tar
but helm has special command for this purpose:
1 | ## it will create .tgz suffix |
Publishing chart in repos, chartmuseum (like docker hub…), just like private docker registry, you can create a private chartmuseum in your host (有专门的安装包).
1 | ## go to the dir that contains chart archive |
关于dependency,甚至可以只有charts文件夹,里面放所有的chart archive,外面也不需要templates了。
但这样不好管理版本,还是在Chart.yaml中定义依赖比较好。
在定义中还可以指定版本的范围,用的是semver语法: ~1.2.3
, ^0.3.4
, 1.2-3.4.5
1 | ## will download dependency charts archive to your charts folder |
You can also use conditions and tags
to control which dependency is needed or not, for example, in Chart.yaml
file
1 | apiVersion: v2 |
Then in values.yaml
file:
1 | ## can be true or false |
Using existing charts
Helm web: https://hub.helm.sh/
1 | ## add and remove repo |
Customizig existing charts
if you want to override child
chart’s values.yaml, then in your partent
chart values.yaml, 这是常用的,比如你有个dependency 是 mongodb chart, 要改它的默认配置:
1 | ## 'mongodb' is child chart name |
还可以child chart中的values.yaml override parent的,但很少这样用,用法很tricky.
Chart template guide
https://helm.sh/docs/chart_template_guide/getting_started/
Helm Chart templates are written in the Go template language
, with the addition of 50 or so add-on template functions from the Sprig library
and a few other specialized functions.
Template and values
https://helm.sh/docs/topics/charts/#templates-and-values
Where are the configuration values from, precdence low to high from top to bottom:
- values.yaml (default use)
- other-file.yaml:
helm install -f <other-file.yaml> ...
- command:
helm install --set key=val ...
Helm template built-in objects:
- Chart.yaml:
.Chart.Name
(use upper case) - Release data:
.Release.Name
- K8s data:
.Capabilities.KubeVersion
- File data:
.Files.Get. conf.ini
- Template data:
.Template.Name
In values.yaml
:
- use
_
instead of-
- decimal number wrapped by
""
,"2.0"
, integer number no need
使用placeholder 是最基本的操作,let’s see functions and logic.
- use functions and pipelines, they are interchangeable https://helm.sh/docs/chart_template_guide/functions_and_pipelines/ commonly used functions and correspinding pipelines
1 | function usage -- pipeline usage |
- modify scope using
with
to simpify the directives,就不用写一长串引用了 - control whitespaces and indent
use
-
to remove whitespace (newline is treated as white space!)
1 | {{- with ... -}} |
- logical operators and flow control if-else and loop
- use variables define the variable
1 | {{- $defaultPortNum := .Values.defaultPortNum -}} |
- use sub-template
define function in
_helper.tpl
file then useinclude
:
1 | {{ include "fun_name" . | indent 4}} |
Debug template
Locally rendering template: https://helm.sh/docs/helm/helm_template/ https://helm.sh/docs/chart_template_guide/debugging/
Usually first use the static check then dynamic check.
1 | ## static |
Helm commands
1 | ## install with specified release name |
PluralSight Supplement
github: https://github.com/phcollignon/helm3
Helm context
Helm use the same configuration as kubectl
1 | ## helm env, repos, config, cache info |
Helm stores release configuration and history in k8s as secrets. In helm3, it is stored in each corresponding namepsace.
1 | ## in your working namespace |
Improved Upgrade Strategy: 3-way Strategic Merge Patches
In Helm3, Helm considers the old manifest
, its live state
, and the new manifest
when generating a patch.
In helm2, helm client uses gRPC
protocol to access Tiller server (in production secure connection is required, set TLS/SSL), then Tiller (need service account with privilege) will call K8s API to instantiate the charts. In helm3, no Tiller no security issue.