第六章：实战部署¶

部署 Nginx 应用¶

创建 Chart¶

# 创建 Chart
helm create nginx-app

# 修改 values.yaml
cat > nginx-app/values.yaml << 'EOF'
replicaCount: 3

image:
  repository: nginx
  tag: "1.24"
  pullPolicy: IfNotPresent

service:
  type: LoadBalancer
  port: 80

ingress:
  enabled: true
  className: nginx
  hosts:
    - host: nginx.example.com
      paths:
        - path: /
          pathType: Prefix

resources:
  limits:
    cpu: 500m
    memory: 256Mi
  requests:
    cpu: 100m
    memory: 64Mi

autoscaling:
  enabled: true
  minReplicas: 2
  maxReplicas: 10
  targetCPUUtilizationPercentage: 70
EOF

部署¶

# 安装
helm install nginx ./nginx-app -n web --create-namespace

# 验证
kubectl get pods -n web
kubectl get svc -n web
kubectl get ingress -n web

# 升级
helm upgrade nginx ./nginx-app -n web

# 回滚
helm rollback nginx 1 -n web

# 卸载
helm uninstall nginx -n web

部署 WordPress¶

添加仓库¶

# 添加 Bitnami 仓库
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

创建配置文件¶

# wordpress-values.yaml
wordpressUsername: admin
wordpressPassword: admin123
wordpressEmail: admin@example.com
wordpressFirstName: Admin
wordpressLastName: User

service:
  type: LoadBalancer

ingress:
  enabled: true
  hostname: wordpress.example.com

mariadb:
  enabled: true
  auth:
    rootPassword: root123
    database: wordpress
    username: wordpress
    password: wordpress123

persistence:
  enabled: true
  size: 10Gi

resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

部署¶

# 安装
helm install wordpress bitnami/wordpress -f wordpress-values.yaml -n blog --create-namespace

# 查看状态
helm status wordpress -n blog

# 获取密码
kubectl get secret wordpress -n blog -o jsonpath="{.data.wordpress-password}" | base64 -d

# 访问应用
kubectl get svc -n blog

部署微服务应用¶

目录结构¶

microservices/
├── Chart.yaml
├── values.yaml
├── values-prod.yaml
├── charts/
│   ├── frontend/
│   ├── backend/
│   └── database/
└── templates/
    └── namespace.yaml

Chart.yaml¶

apiVersion: v2
name: microservices
description: Microservices application
type: application
version: 1.0.0
appVersion: "1.0.0"

dependencies:
  - name: frontend
    version: "1.0.0"
    repository: "file://charts/frontend"
  - name: backend
    version: "1.0.0"
    repository: "file://charts/backend"
  - name: database
    version: "1.0.0"
    repository: "file://charts/database"

部署¶

# 更新依赖
helm dependency update microservices

# 安装
helm install myapp microservices -n production --create-namespace

# 使用生产配置
helm install myapp microservices -f microservices/values-prod.yaml -n production

CI/CD 集成¶

GitHub Actions¶

# .github/workflows/helm-deploy.yml
name: Helm Deploy

on:
  push:
    branches: [main]

env:
  REGISTRY: registry.example.com
  CHART_PATH: ./chart

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.13.0

      - name: Set up kubectl
        uses: azure/setup-kubectl@v3

      - name: Configure kubeconfig
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > ~/.kube/config

      - name: Lint Chart
        run: helm lint ${{ env.CHART_PATH }}

      - name: Update dependencies
        run: helm dependency update ${{ env.CHART_PATH }}

      - name: Deploy
        run: |
          helm upgrade --install myapp ${{ env.CHART_PATH }} \
            --namespace production \
            --values ${{ env.CHART_PATH }}/values-prod.yaml \
            --set image.tag=${{ github.sha }} \
            --wait \
            --timeout 5m

      - name: Verify deployment
        run: |
          kubectl rollout status deployment/myapp -n production
          kubectl get pods -n production

GitLab CI¶

# .gitlab-ci.yml
stages:
  - lint
  - deploy

variables:
  CHART_PATH: ./chart

lint:
  stage: lint
  image: alpine/helm:latest
  script:
    - helm lint $CHART_PATH

deploy:
  stage: deploy
  image: alpine/helm:latest
  script:
    - mkdir -p ~/.kube
    - echo "$KUBE_CONFIG" | base64 -d > ~/.kube/config
    - helm upgrade --install myapp $CHART_PATH
        --namespace production
        --values $CHART_PATH/values-prod.yaml
        --set image.tag=$CI_COMMIT_SHA
        --wait
  environment:
    name: production
    url: https://myapp.example.com

多环境部署¶

目录结构¶

environments/
├── base/
│   ├── Chart.yaml
│   ├── values.yaml
│   └── templates/
├── dev/
│   └── values.yaml
├── staging/
│   └── values.yaml
└── prod/
    └── values.yaml

部署脚本¶

#!/bin/bash
# deploy.sh

ENV=${1:-dev}
NAMESPACE=${2:-$ENV}

helm upgrade --install myapp ./environments/base \
  --namespace $NAMESPACE \
  --values ./environments/base/values.yaml \
  --values ./environments/$ENV/values.yaml \
  --create-namespace

使用¶

# 部署开发环境
./deploy.sh dev

# 部署预发布环境
./deploy.sh staging

# 部署生产环境
./deploy.sh prod

监控和日志¶

Prometheus 监控¶

# values.yaml
metrics:
  enabled: true
  serviceMonitor:
    enabled: true
    labels:
      release: prometheus

日志收集¶

# values.yaml
logging:
  enabled: true
  sidecar:
    image: fluent/fluent-bit:latest
    config: |
      [INPUT]
          Name              tail
          Path              /var/log/app/*.log
      [OUTPUT]
          Name              stdout
          Match             *

故障排除¶

常见问题¶

# 查看 Release 状态
helm status myapp -n production

# 查看历史
helm history myapp -n production

# 查看生成的 YAML
helm get manifest myapp -n production

# 查看配置值
helm get values myapp -n production

# 查看所有信息
helm get all myapp -n production

# 调试模式
helm upgrade myapp ./chart --dry-run --debug -n production

回滚¶

# 查看历史
helm history myapp -n production

# 回滚到指定版本
helm rollback myapp 2 -n production

# 回滚到上一个版本
helm rollback myapp -n production

最佳实践¶

1. 版本控制¶

# 使用 Git 标签
helm package mychart --version $(git describe --tags)

# 使用语义化版本
helm package mychart --version 1.0.0

2. 配置管理¶

# 使用多个 values 文件
helm install myapp ./chart \
  -f values.yaml \
  -f values-prod.yaml \
  -f values-secret.yaml

3. 资源限制¶

# 始终设置资源限制
resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

4. 健康检查¶

# 配置健康检查
livenessProbe:
  httpGet:
    path: /health
    port: http
  initialDelaySeconds: 30
  periodSeconds: 10

readinessProbe:
  httpGet:
    path: /ready
    port: http
  initialDelaySeconds: 5
  periodSeconds: 10

小结¶

本章学习了：

✅ Nginx 应用部署
✅ WordPress 部署
✅ 微服务部署
✅ CI/CD 集成
✅ 多环境部署
✅ 故障排除

总结¶

通过这六章的学习，你已经掌握了：

Helm 基础 - 概念、架构、安装
Helm 配置 - 仓库、插件、环境
Chart 开发 - 结构、模板、依赖
模板语法 - 函数、流程控制
仓库管理 - 私有仓库、索引
实战部署 - 应用部署、CI/CD

继续学习：Terraform 教程 - 基础设施即代码。