跳转至

第二章:Helm 安装与配置

环境要求

  • Kubernetes 集群
  • kubectl 已配置
  • Helm 3.x

安装验证

# 检查 Helm 版本
helm version

# 检查 Kubernetes 连接
kubectl cluster-info

# 检查权限
kubectl auth can-i create pods
kubectl auth can-i create secrets

配置文件

Helm 配置目录

~/.config/helm/
├── repositories.yaml  # 仓库配置
├── repository/        # 仓库缓存
│   └── index.yaml
├── plugins/           # 插件目录
└── registry/          # OCI 注册表配置

环境变量

# Helm 配置目录
export HELM_CACHE_HOME=~/.cache/helm
export HELM_CONFIG_HOME=~/.config/helm
export HELM_DATA_HOME=~/.local/share/helm

# 调试模式
export HELM_DEBUG=true

# 最大历史版本
export HELM_MAX_HISTORY=10

仓库配置

常用仓库

# Bitnami
helm repo add bitnami https://charts.bitnami.com/bitnami

# 官方稳定版
helm repo add stable https://charts.helm.sh/stable

# 官方孵化版
helm repo add incubator https://charts.helm.sh/incubator

# 阿里云
helm repo add ali https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

# 微软
helm repo add microsoft https://mcr.microsoft.com/helm/v1/repo

# 查看仓库
helm repo list

仓库管理

# 更新仓库索引
helm repo update

# 移除仓库
helm repo remove stable

# 查看仓库详情
helm repo show bitnami

插件管理

安装插件

# Helm Diff(对比差异)
helm plugin install https://github.com/databus23/helm-diff

# Helm Secrets(加密配置)
helm plugin install https://github.com/jkroepke/helm-secrets

# Helm S3(S3 仓库)
helm plugin install https://github.com/hypnoglow/helm-s3.git

# Helm Git(Git 仓库)
helm plugin install https://github.com/aslafy-z/helm-git.git

# Helm Push(推送 Chart)
helm plugin install https://github.com/chartmuseum/helm-push

管理插件

# 查看插件
helm plugin list

# 更新插件
helm plugin update diff

# 卸载插件
helm plugin uninstall diff

自动补全

Bash

# 启用自动补全
source <(helm completion bash)

# 永久启用
echo 'source <(helm completion bash)' >> ~/.bashrc

Zsh

# 启用自动补全
source <(helm completion zsh)

# 永久启用
echo 'source <(helm completion zsh)' >> ~/.zshrc

Fish

helm completion fish > ~/.config/fish/completions/helm.fish

常用配置

配置文件示例

# ~/.config/helm/repositories.yaml
apiVersion: ""
generated: "0001-01-01T00:00:00Z"
repositories:
  - name: bitnami
    url: https://charts.bitnami.com/bitnami
  - name: stable
    url: https://charts.helm.sh/stable

values.yaml 配置

# 全局配置
global:
  imageRegistry: registry.example.com
  imagePullSecrets:
    - name: registry-secret

# 镜像配置
image:
  repository: nginx
  tag: "1.24"
  pullPolicy: IfNotPresent

# 副本数
replicaCount: 3

# 资源配置
resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

# 节点选择
nodeSelector: {}

# 容忍
tolerations: []

# 亲和性
affinity: {}

# 服务配置
service:
  type: ClusterIP
  port: 80
  targetPort: 80

# Ingress 配置
ingress:
  enabled: false
  className: ""
  annotations: {}
  hosts:
    - host: chart-example.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []

# 自动扩缩容
autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 10
  targetCPUUtilizationPercentage: 80

# 健康检查
livenessProbe:
  httpGet:
    path: /health
    port: http
  initialDelaySeconds: 30
  periodSeconds: 10

readinessProbe:
  httpGet:
    path: /ready
    port: http
  initialDelaySeconds: 5
  periodSeconds: 10

# 环境变量
env: []

# 配置文件
configMaps: {}

# 密钥
secrets: {}

# 持久化存储
persistence:
  enabled: false
  storageClass: ""
  accessMode: ReadWriteOnce
  size: 1Gi

安全配置

RBAC 配置

# ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: helm-deployer
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: helm-deployer
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: ["apps"]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: ["extensions"]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: ["networking.k8s.io"]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: helm-deployer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: helm-deployer
subjects:
  - kind: ServiceAccount
    name: helm-deployer
    namespace: default

使用 ServiceAccount

# 获取 Token
kubectl create token helm-deployer

# 配置 kubeconfig
kubectl config set-credentials helm-deployer --token=<token>

CI/CD 集成

GitHub Actions

# .github/workflows/helm-deploy.yml
name: Helm Deploy

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.13.0

      - name: Set up kubectl
        uses: azure/setup-kubectl@v3

      - name: Configure kubeconfig
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > ~/.kube/config

      - name: Deploy
        run: |
          helm upgrade --install myapp ./chart \
            --namespace production \
            --values ./chart/values-prod.yaml \
            --set image.tag=${{ github.sha }}

GitLab CI

# .gitlab-ci.yml
stages:
  - deploy

deploy:
  stage: deploy
  image: alpine/helm:latest
  script:
    - mkdir -p ~/.kube
    - echo "$KUBE_CONFIG" | base64 -d > ~/.kube/config
    - helm upgrade --install myapp ./chart
        --namespace production
        --values ./chart/values-prod.yaml
        --set image.tag=$CI_COMMIT_SHA

最佳实践

1. 版本控制

# 使用语义化版本
helm package mychart --version 1.0.0

# 使用 Git 标签
helm package mychart --version $(git describe --tags)

2. 命名规范

# Release 名称
helm install myapp-prod mychart -n production
helm install myapp-staging mychart -n staging

# 命名空间
kubectl create namespace production
kubectl create namespace staging

3. 配置管理

# 多环境配置
helm install myapp mychart \
  -f values.yaml \
  -f values-prod.yaml \
  -n production

4. 历史管理

# 设置最大历史版本
helm upgrade myapp mychart --history-max 10

# 或通过环境变量
export HELM_MAX_HISTORY=10

小结

本章学习了:

  • ✅ Helm 环境要求
  • ✅ 配置文件和环境变量
  • ✅ 仓库配置
  • ✅ 插件管理
  • ✅ 自动补全
  • ✅ 安全配置
  • ✅ CI/CD 集成

下一章

第三章:Chart 开发 - 学习如何开发自定义 Chart。