$ helm version version.BuildInfo{Version:"v3.0.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6", GitTreeState:"clean", GoVersion:"go1.13.4"}
# 查看一下帮助: $ helm --help The Kubernetes package manager
Common actions for Helm:
- helm search: search for charts - helm pull: download a chart to your local directory to view - helm install: upload the chart to Kubernetes - helm list: list releases of charts
Environment variables: # 这里列出了有用的环境变量
+------------------+-----------------------------------------------------------------------------+ | Name | Description | +------------------+-----------------------------------------------------------------------------+ | $XDG_CACHE_HOME | set an alternative location for storing cached files. | | $XDG_CONFIG_HOME | set an alternative location for storing Helm configuration. | | $XDG_DATA_HOME | set an alternative location for storing Helm data. | | $HELM_DRIVER | set the backend storage driver. Values are: configmap, secret, memory | | $HELM_NO_PLUGINS | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. | | $KUBECONFIG | set an alternative Kubernetes configuration file (default "~/.kube/config") | +------------------+-----------------------------------------------------------------------------+
Helm stores configuration based on the XDG base directory specification, so
- cached files are stored in$XDG_CACHE_HOME/helm - configuration is stored in$XDG_CONFIG_HOME/helm - data is stored in$XDG_DATA_HOME/helm
# 这里列出了有用的存储目录 By default, the default directories depend on the Operating System. The defaults are listed below:
Available Commands: completion Generate autocompletions script for the specified shell (bash or zsh) # 命令自动补全 create create a new chart with the given name # 创建chart dependency manage a chart's dependencies # 管理chart依赖 env Helm client environment information # 列出helm 环境 get download extended information of a named release # 获取release的额外信息 help Help about any command history fetch release history # 获取历史release install install a chart # 安装chart lint examines a chart for possible issues # 检查chart是否有问题 list list releases # 列出release package package a chart directory into a chart archive # 打包一个chart目录 plugin install, list, or uninstall Helm plugins # helm plugin 插件子命令 pull download a chart from a repository and (optionally) unpack it in local directory # 从chart仓库下载chart,并解压到当前目录 repo add, list, remove, update, and index chart repositories # helm repo 子命令 rollback roll back a release to a previous revision # 回滚一个release search search for a keyword in charts # 搜索chart show show information of a chart # 查看chart的信息 status displays the status of the named release # 查看release的状态 template locally render templates # helm 模板 test run tests for a release # 测试一个release uninstall uninstall a release # 卸载release upgrade upgrade a release # 升级release verify verify that a chart at the given path has been signed and is valid # 验证chart version print the client version information Flags: --add-dir-header If true, adds the file directory to the header --alsologtostderr log to standard error as well as files --debug enable verbose output -h, --help help for helm --kube-context string name of the kubeconfig context to use --kubeconfig string path to the kubeconfig file --log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log-dir string If non-empty, write log files in this directory --log-file string If non-empty, use this log file --log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) --logtostderr log to standard error instead of files (default true) -n, --namespace string namespace scope for this request --registry-config string path to the registry config file (default "/home/microoak/.config/helm/registry.json") --repository-cache string path to the file containing cached repository indexes (default "/home/microoak/.cache/helm/repository") --repository-config string path to the file containing repository names and URLs (default "/home/microoak/.config/helm/repositories.yaml") --skip-headers If true, avoid header prefixes in the log messages --skip-log-headers If true, avoid headers when opening log files --stderrthreshold severity logs at or above this threshold go to stderr (default 2) -v, --v Level number for the log level verbosity --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging Use "helm [command] --help" for more information about a command.
A Chart is a Helm package. It contains all of the resource definitions necessary to run an application, tool, or service inside of a Kubernetes cluster. Think of it like the Kubernetes equivalent of a Homebrew formula, an Apt dpkg, or a Yum RPM file.
A Repository is the place where charts can be collected and shared. It’s like Perl’s CPAN archive or the Fedora Package Database, but for Kubernetes packages.
A Release is an instance of a chart running in a Kubernetes cluster. One chart can often be installed many times into the same cluster. And each time it is installed, a new release is created. Consider a MySQL chart. If you want two databases running in your cluster, you can install that chart twice. Each one will have its own release, which will in turn have its own release name.
With these concepts in mind, we can now explain Helm like this:
Helm installs charts into Kubernetes, creating a new release for each installation. And to find new charts, you can search Helm chart repositories.
# 测试 $ helm <tab键> completion dependency get install list plugin repo search status test upgrade version create env history lint package pull rollback show template uninstall verify
This command consists of multiple subcommands to interact with chart repositories.
It can be used to add, remove, list, and index chart repositories.
Usage: helm repo [command]
Available Commands: add add a chart repository index generate an index file given a directory containing packaged charts list list chart repositories remove remove a chart repository update update information of available charts locally from chart repositories
$ helm repo list NAME URL stable http://mirror.azure.cn/kubernetes/charts
$ helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "stable" chart repository Update Complete. ⎈ Happy Helming!⎈
Search provides the ability to search for Helm charts in the various places they can be stored including the Helm Hub and repositories you have added. Use search subcommands to search different locations for charts.
Usage: helm search [command]
Available Commands: hub search for charts in the Helm Hub or an instance of Monocular # 这里多了个Helm Hub repo search repositories for a keyword in charts # 这是以前的概念 # 查找nginx-ingress $ helm search repo nginx-ingress NAME CHART VERSION APP VERSION DESCRIPTION stable/nginx-ingress 1.24.7 0.26.1 An nginx Ingress controller that uses ConfigMap... stable/nginx-lego 0.3.1 Chart for nginx-ingress-controller and kube-lego
$ kubectl get node NAME STATUS ROLES AGE VERSION k8s01.test.awsbj.cn Ready master 26h v1.15.5 k8s02.test.awsbj.cn Ready <none> 26h v1.15.5 k8s03.test.awsbj.cn Ready <none> 26h v1.15.5
$ kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS k8s01.test.awsbj.cn Ready master 26h v1.15.5 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,canruningress=run,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s01.test.awsbj.cn,kubernetes.io/os=linux,node-role.kubernetes.io/master= k8s02.test.awsbj.cn Ready <none> 26h v1.15.5 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s02.test.awsbj.cn,kubernetes.io/os=linux k8s03.test.awsbj.cn Ready <none> 26h v1.15.5 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s03.test.awsbj.cn,kubernetes.io/os=linux
安装nginx-ingress:
还一样,先查看对应命名的帮助:
$ helm install --help
This command installs a chart archive.
The install argument must be a chart reference, a path to a packaged chart, a path to an unpacked chart directory or a URL.
To override values in a chart, use either the '--values' flag and pass in a file or use the '--set' flag and pass configuration from the command line, to force a string value use '--set-string'. In case a value is large and therefore you want not to use neither '--values' nor '--set', use '--set-file' to read the single large value from file.
or $ helm install --set-file my_script=dothings.sh myredis ./redis
You can specify the '--values'/'-f' flag multiple times. The priority will be given to the last (right-most) file specified. For example, if both myvalues.yaml and override.yaml contained a key called 'Test', the value setin override.yaml would take precedence:
You can specify the '--set' flag multiple times. The priority will be given to the last (right-most) set specified. For example, if both 'bar' and 'newbar' values are setfor a key called 'foo', the 'newbar' value would take precedence:
To check the generated manifests of a release without installing the chart, the '--debug' and '--dry-run' flags can be combined.
If --verify is set, the chart MUST have a provenance file, and the provenance file MUST pass all verification steps.
There are five different ways you can express the chart you want to install:
1. By chart reference: helm install mymaria example/mariadb 2. By path to a packaged chart: helm install mynginx ./nginx-1.2.3.tgz 3. By path to an unpacked chart directory: helm install mynginx ./nginx 4. By absolute URL: helm install mynginx https://example.com/charts/nginx-1.2.3.tgz 5. By chart reference and repo url: helm install --repo https://example.com/charts/ mynginx nginx
CHART REFERENCES
A chart reference is a convenient way of referencing a chart in a chart repository.
When you use a chart reference with a repo prefix ('example/mariadb'), Helm will look in the local configuration for a chart repository named 'example', and will then look for a chart in that repository whose name is 'mariadb'. It will install the latest stable version of that chart until you specify '--devel' flag to also include development version (alpha, beta, and release candidate releases), or supply a version number with the '--version' flag.
To see the list of chart repositories, use 'helm repo list'. To search for charts in a repository, use 'helm search'.
Usage: # 命令格式 helm install [NAME] [CHART] [flags]
Flags: --atomic ifset, installation process purges chart on fail. The --wait flag will be set automatically if --atomic is used --ca-file string verify certificates of HTTPS-enabled servers using this CA bundle --cert-file string identify HTTPS client using this SSL certificate file --dependency-update run helm dependency update before installing the chart --devel use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored --dry-run simulate an install -g, --generate-name generate the name (and omit the NAME parameter) -h, --helphelpfor install --key-file string identify HTTPS client using this SSL key file --keyring string location of public keys used for verification (default "/home/microoak/.gnupg/pubring.gpg") --name-template string specify template used to name the release --no-hooks prevent hooks from running during install -o, --output format prints the output in the specified format. Allowed values: table, json, yaml (default table) --password string chart repository password where to locate the requested chart --render-subchart-notes ifset, render subchart notes along with the parent --replace re-use the given name, even if that name is already used. This is unsafe in production --repo string chart repository url where to locate the requested chart --set stringArray set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) --set-file stringArray set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2) --set-string stringArray set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) --skip-crds ifset, no CRDs will be installed. By default, CRDs are installed if not already present --timeout duration time to waitfor any individual Kubernetes operation (like Jobs for hooks) (default 5m0s) --username string chart repository username where to locate the requested chart -f, --values strings specify values in a YAML file or a URL(can specify multiple) --verify verify the package before installing it --version string specify the exact chart version to install. If this is not specified, the latest version is installed --waitifset, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. It will waitfor as long as --timeout
Global Flags: --add-dir-header If true, adds the file directory to the header --alsologtostderr log to standard error as well as files --debug enable verbose output --kube-context string name of the kubeconfig context to use --kubeconfig string path to the kubeconfig file --log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log-dir string If non-empty, write log files in this directory --log-file string If non-empty, use this log file --log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) --logtostderr log to standard error instead of files (default true) -n, --namespace string namespace scope for this request --registry-config string path to the registry config file (default "/home/microoak/.config/helm/registry.json") --repository-cache string path to the file containing cached repository indexes (default "/home/microoak/.cache/helm/repository") --repository-config string path to the file containing repository names and URLs (default "/home/microoak/.config/helm/repositories.yaml") --skip-headers If true, avoid header prefixes in the log messages --skip-log-headers If true, avoid headers when opening log files --stderrthreshold severity logs at or above this threshold go to stderr (default 2) -v, --v Level number for the log level verbosity --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
An example Ingress that makes use of the controller:
apiVersion:extensions/v1beta1 kind:Ingress metadata: annotations: kubernetes.io/ingress.class:nginx name:example namespace:foo spec: rules: -host:www.example.com http: paths: -backend: serviceName:exampleService servicePort:80 path:/ # This section is only required if TLS is to be enabled for the Ingress tls: -hosts: -www.example.com secretName:example-tls
IfTLSisenabledfortheIngress,a Secret containing the certificate and key must also be provided:
$ helm install nginx-ingress --namespace=kube-system ./ NAME: nginx-ingress LAST DEPLOYED: Wed Nov 13 16:05:22 2019 NAMESPACE: kube-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The nginx-ingress controller has been installed. Get the application URL by running these commands: export POD_NAME=$(kubectl --namespace kube-system get pods -o jsonpath="{.items[0].metadata.name}" -l "app=nginx-ingress,component=controller,release=nginx-ingress") kubectl --namespace kube-system port-forward $POD_NAME 8080:80 echo"Visit http://127.0.0.1:8080 to access your application."
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx name: example namespace: foo spec: rules: - host: www.example.com http: paths: - backend: serviceName: exampleService servicePort: 80 path: / # This section is only required if TLS is to be enabled for the Ingress tls: - hosts: - www.example.com secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
$ helm -n kube-system status nginx-ingress # 输入完status,直接tab键,如果只有一个默认就自动帮你输入上了。 NAME: nginx-ingress LAST DEPLOYED: Wed Nov 13 16:05:22 2019 NAMESPACE: kube-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The nginx-ingress controller has been installed. Get the application URL by running these commands: export POD_NAME=$(kubectl --namespace kube-system get pods -o jsonpath="{.items[0].metadata.name}" -l "app=nginx-ingress,component=controller,release=nginx-ingress") kubectl --namespace kube-system port-forward $POD_NAME 8080:80 echo"Visit http://127.0.0.1:8080 to access your application."
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx name: example namespace: foo spec: rules: - host: www.example.com http: paths: - backend: serviceName: exampleService servicePort: 80 path: / # This section is only required if TLS is to be enabled for the Ingress tls: - hosts: - www.example.com secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
# 通过IP访问master节点,返回是404,因为我们的ingress规则配置了是nginx.test.com域名访问 # 我们加上主机头:Host: nginx.test.com 访问到了nginx pod。 $ curl -H "Host: nginx.test.com" 172.17.0.7 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p>
<p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p> </body> </html>
Usage of : --add_dir_header If true, adds the file directory to the header --alsologtostderr log to standard error as well as files --annotations-prefix string Prefix of the Ingress annotations specific to the NGINX controller. (default "nginx.ingress.kubernetes.io") --apiserver-host string Address of the Kubernetes API server. Takes the form "protocol://address:port". If not specified, it is assumed the program runs inside a Kubernetes cluster and local discovery is attempted. --configmap string Name of the ConfigMap containing custom global configurations for the controller. --default-backend-service string Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form "namespace/name". The controller configures NGINX to forward requests to the first port of this Service. --default-server-port int Port to use for exposing the default server (catch-all). (default 8181) --default-ssl-certificate string Secret containing a SSL certificate to be used by the default HTTPS server (catch-all). Takes the form "namespace/name". --disable-catch-all Disable support for catch-all Ingresses --election-id string Election id to use for Ingress status updates. (default "ingress-controller-leader") --enable-metrics Enables the collection of NGINX metrics (default true) --enable-ssl-chain-completion Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. --enable-ssl-passthrough Enable SSL Passthrough. --health-check-path string URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") --health-check-timeout int Time limit, in seconds, for a probe to health-check-path to succeed. (default 10) --healthz-port int Port to use for the healthz endpoint. (default 10254) --http-port int Port to use for servicing HTTP traffic. (default 80) --https-port int Port to use for servicing HTTPS traffic. (default 443) --ingress-class string Name of the ingress class this controller satisfies. The class of an Ingress object is set using the annotation "kubernetes.io/ingress.class". All ingress classes are satisfied if this parameter is left empty. --kubeconfig string Path to a kubeconfig file containing authorization and API server information. --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log_dir string If non-empty, write log files in this directory --log_file string If non-empty, use this log file --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) --logtostderr log to standard error instead of files (default true) --metrics-per-host Export metrics per-host (default true) --profiler-port int Port to use for expose the ingress controller Go profiler when it is enabled. (default 10245) --profiling Enable profiling via web interface host:port/debug/pprof/ (default true) --publish-service string Service fronting the Ingress controller. Takes the form "namespace/name". When used together with update-status, the controller mirrors the address of this service's endpoints to the load-balancer status of all Ingress objects it satisfies. --publish-status-address string Customized address to set as the load-balancer status of Ingress objects this controller satisfies. Requires the update-status parameter. --report-node-internal-ip-address Set the load-balancer status of Ingress objects to internal Node addresses instead of external. Requires the update-status parameter. --skip_headers If true, avoid header prefixes in the log messages --skip_log_headers If true, avoid headers when opening log files --ssl-passthrough-proxy-port int Port to use internally for SSL Passthrough. (default 442) --status-port int Port to use for the lua HTTP endpoint configuration. (default 10246) --stderrthreshold severity logs at or above this threshold go to stderr (default 2) --stream-port int Port to use for the lua TCP/UDP endpoint configuration. (default 10247) --sync-period duration Period at which the controller forces the repopulation of its local object stores. Disabled by default. --sync-rate-limit float32 Define the sync frequency upper limit (default 0.3) --tcp-services-configmap string Name of the ConfigMap containing the definition of the TCP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port number or name. TCP ports 80 and 443 are reserved by the controller for servicing HTTP traffic. --udp-services-configmap string Name of the ConfigMap containing the definition of the UDP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port name or number. --update-status Update the load-balancer status of Ingress objects this controller satisfies. Requires setting the publish-service parameter to a valid Service reference. (default true) --update-status-on-shutdown Update the load-balancer status of Ingress objects when the controller shuts down. Requires the update-status parameter. (default true) -v, --v Level number for the log level verbosity --validating-webhook string The address to start an admission controller on to validate incoming ingresses. Takes the form "<host>:port". If not provided, no admission controller is started. --validating-webhook-certificate string The path of the validating webhook certificate PEM. --validating-webhook-key string The path of the validating webhook key PEM. --version Show release information about the NGINX Ingress controller and exit. --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging --watch-namespace string Namespace the controller watches for updates to Kubernetes objects. This includes Ingresses, Services and all configuration resources. All namespaces are watched if this parameter is left empty.
注意到有一条参数:
--watch-namespace string Namespace the controller watches for updates to Kubernetes objects.This includes Ingresses, Services and all configuration resources. All namespaces are watched if this parameter is left empty.
