[Book] GitOps Cookbook: 04. Helm
// scaffold the project
$ helm create <name>
https://github.com/gitops-cookbook/helm-charts/tree/master/pacman
$ helm template .
// override
$ helm template --set replicaCount=3 .
$ helm install pacman .
$ kubectl get pods
$ helm history pacman
$ helm uninstall pacman
5.3 Updating a Container Image in Helm
values.yaml - update the version
Chart.yaml - update the appVersion field
$ helm upgrade pacman .
$ helm history pacman
$ helm rollback pacman 1
$ helm template pacman -f newvalues.yaml .
5.4 Packaging and Distributing a Helm Chart
$ helm package .
$ helm package --sign --key '[email protected]' \
--keyring /home/me/.gnupg/secring.gpg .
$ helm verify pacman-0.1.0.tgz
[OK!] 5.5 Deploying a Chart from a Repository
Делаю:
26.05.2023
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm repo update
$ helm repo list
$ helm search repo postgresql
$ helm install my-db \
bitnami/postgresql \
--namespace postgres \
--create-namespace \
--set auth.username=user1,auth.password=postgres1,auth.database=postgresdb1,primary.persistence.enabled=false
// To get the password for "user1" run:
$ {
export POSTGRES_PASSWORD=$(kubectl get secret --namespace postgres my-db-postgresql -o jsonpath="{.data.password}" | base64 -d)
echo ${POSTGRES_PASSWORD}
}
// To connect to your database
$ kubectl run my-db-postgresql-client --rm --tty -i --restart='Never' --namespace postgres --image docker.io/bitnami/postgresql:15.3.0-debian-11-r4 --env="PGPASSWORD=$POSTGRES_PASSWORD" \
--command -- psql --host my-db-postgresql -U user1 -d postgresdb1 -p 5432
// To connect to your database from outside the cluster
$ kubectl port-forward --namespace postgres svc/my-db-postgresql 5432:5432 &
PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U user1 -d postgresdb1 -p 5432
$ kubectl get pods -n postgres
$ kubectl get statefulset -n postgres
$ helm show values bitnami/postgresql
[OK!] 5.6 Deploying a Chart with a Dependency
Делаю:
26.05.2023
https://github.com/bitnami/charts/tree/main/bitnami/postgresql/#installing-the-chart
$ cd ~/tmp
$ mkdir -p music/templates
$ cd music
$ cat > templates/deployment.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name:
labels:
app.kubernetes.io/name:
app.kubernetes.io/version:
spec:
replicas:
selector:
matchLabels:
app.kubernetes.io/name:
template:
metadata:
labels:
app.kubernetes.io/name:
spec:
containers:
- image: ":"
imagePullPolicy:
securityContext:
name:
ports:
- containerPort:
name: http
protocol: TCP
env:
- name: QUARKUS_DATASOURCE_JDBC_URL
value:
- name: QUARKUS_DATASOURCE_USERNAME
value:
- name: QUARKUS_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name:
key:
EOF
$ cat > templates/service.yaml << EOF
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name:
name:
spec:
ports:
- name: http
port:
targetPort:
selector:
app.kubernetes.io/name:
EOF
$ cat > Chart.yaml << EOF
apiVersion: v2
name: music
description: A Helm chart for Music service
type: application
version: 0.1.0
appVersion: "1.0.0"
dependencies:
- name: postgresql
repository: "https://charts.bitnami.com/bitnami"
version: 12.5.5
EOF
$ cat > values.yaml << EOF
image:
repository: quay.io/gitops-cookbook/music
tag: "1.0.0"
pullPolicy: Always
containerPort: 8080
replicaCount: 1
postgresql:
server: jdbc:postgresql://music-db-postgresql:5432/postgresdb1
postgresqlUsername: user1
secretName: music-db-postgresql
secretKey: password
EOF
$ helm dependency update
.
├── Chart.lock
├── charts
│ └── postgresql-12.5.5.tgz
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ └── service.yaml
└── values.yaml
2 directories, 6 files
$ helm install music-db \
--namespace music \
--create-namespace \
--set global.postgresql.auth.username=user1,global.postgresql.auth.password=postgres1,global.postgresql.auth.database=postgresdb1,primary.persistence.enabled=false .
$ kubectl get pods -n music
NAME READY STATUS RESTARTS AGE
music-6d957c46bf-5w2g8 1/1 Running 2 (4m3s ago) 4m12s
music-db-postgresql-0 1/1 Running 0 4m12s
// GET ADMIN_POSTGRES_PASSWORD
$ {
export ADMIN_POSTGRES_PASSWORD=$(kubectl get -n music secret music-db-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
echo ${POSTGRES_PASSWORD}
}
// To connect to your database as admin
$ kubectl run my-db-postgresql-client --rm --tty -i --restart='Never' --namespace music --image docker.io/bitnami/postgresql:15.3.0-debian-11-r4 --env="PGPASSWORD=$ADMIN_POSTGRES_PASSWORD" \
--command -- psql --host music-db-postgresql -U postgres -d postgres -p 5432
// GET USER POSTGRES_PASSWORD
$ {
export USER_POSTGRES_PASSWORD=$(kubectl get -n music secret music-db-postgresql -o jsonpath="{.data.password}" | base64 -d)
echo ${POSTGRES_PASSWORD}
}
// To connect to your database as user1
$ kubectl run my-db-postgresql-client --rm --tty -i --restart='Never' --namespace music --image docker.io/bitnami/postgresql:15.3.0-debian-11-r4 --env="PGPASSWORD=$USER_POSTGRES_PASSWORD" \
--command -- psql --host music-db-postgresql -U user1 -d postgresdb1 -p 5432
// To connect to your database from outside the cluster
$ kubectl port-forward --namespace music svc/music-db-postgresql 5432:5432 &
PGPASSWORD="$USER_POSTGRES_PASSWORD" psql --host 127.0.0.1 -U user1 -d postgresdb1 -p 5432
$ kubectl get services -n music
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
music ClusterIP 10.109.139.154 <none> 8080/TCP 83s
music-db-postgresql ClusterIP 10.106.198.189 <none> 5432/TCP 83s
music-db-postgresql-hl ClusterIP None <none> 5432/TCP 83s
$ kubectl port-forward -n music service/music 8080:8080
$ curl localhost:8080/song | jq
[
{
"id": 1,
"artist": "DT",
"name": "Quiero Munchies"
},
{
"id": 2,
"artist": "Lin-Manuel Miranda",
"name": "We Don't Talk About Bruno"
},
{
"id": 3,
"artist": "Imagination",
"name": "Just An Illusion"
},
{
"id": 4,
"artist": "Txarango",
"name": "Tanca Els Ulls"
},
{
"id": 5,
"artist": "Halsey",
"name": "Could Have Been Me"
}
]
[OK!] 5.7 Triggering a Rolling Update Automatically
Делаю:
27.05.2023
$ cd ~/tmp
$ mkdir -p greetings/templates
$ cd greetings
$ cat > templates/deployment.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name:
labels:
app.kubernetes.io/name:
app.kubernetes.io/version:
spec:
replicas:
selector:
matchLabels:
app.kubernetes.io/name:
template:
metadata:
labels:
app.kubernetes.io/name:
spec:
containers:
- image: ":"
imagePullPolicy:
securityContext:
name:
ports:
- containerPort:
name: http
protocol: TCP
env:
- name: GREETING
valueFrom:
configMapKeyRef:
name:
key: greeting
EOF
$ cat > templates/service.yaml << EOF
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name:
name:
spec:
ports:
- name: http
port:
targetPort:
selector:
app.kubernetes.io/name:
EOF
$ cat > templates/configmap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: greeting-config
data:
greeting: Aloha
EOF
$ cat > Chart.yaml << EOF
apiVersion: v2
name: greetings
description: A Helm chart for Greetings service
type: application
version: 0.1.0
appVersion: "1.0.0"
EOF
$ cat > values.yaml << EOF
image:
repository: quay.io/gitops-cookbook/greetings
tag: "1.0.0"
pullPolicy: Always
containerPort: 8080
replicaCount: 1
configmap:
name: greeting-config
EOF
$ helm install greetings .
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
greetings-6df4d99d46-vzrj9 1/1 Running 0 29s
$ kubectl port-forward service/greetings 8080:8080
$ curl localhost:8080
returns
Aloha Ada
Update the ConfigMap
$ cat > templates/configmap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: greeting-config
data:
greeting: Hola
EOF
$ helm upgrade greetings .
$ kubectl port-forward service/greetings 8080:8080
$ curl localhost:8080
returns
Aloha Alexandra⏎
There are no changes in the Deployment object, there is no restart of the pod;
$ cat > templates/deployment.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name:
labels:
app.kubernetes.io/name:
app.kubernetes.io/version:
spec:
replicas:
selector:
matchLabels:
app.kubernetes.io/name:
template:
metadata:
labels:
app.kubernetes.io/name:
annotations:
checksum/config:
spec:
containers:
- image: ":"
imagePullPolicy:
securityContext:
name:
ports:
- containerPort:
name: http
protocol: TCP
env:
- name: GREETING
valueFrom:
configMapKeyRef:
name:
key: greeting
EOF
$ cat > templates/configmap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: greeting-config
data:
greeting: Namaste
EOF
$ helm upgrade greetings .
$ kubectl port-forward service/greetings 8080:8080
$ curl localhost:8080
returns
Namaste Ada⏎
$ kubectl describe pod greetings-bd8c9c4df-59xrj
***
Annotations: checksum/config:
***
$ cat > templates/configmap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: greeting-config
data:
greeting: Привет!
EOF
$ helm upgrade greetings .
$ kubectl port-forward service/greetings 8080:8080
// Нужно подождать перестартовки пода
$ curl localhost:8080
Привет! Ada⏎