1 Helm基础
1.1 Helm简介
Helm是kubernetes的包管理器,类似于CentOS使用yum、Ubuntu使用apt一样,Helm可以基于已有的仓库,快速部署常见的服务,从而大幅简化在kubernetes部署app的难度并提升部署效
率。
1.2 Helm安装
1.2.1 安装依赖
参考:https://helm.sh/zh/docs/intro/install/
依赖:
已部署kubernetes并正常运行。
已经配置kubectl认证并可以通过认证。
选择与kubernetes对应的helm版本。
1.2.2 二进制安装
https://helm.sh/docs/topics/version_skew/ #与kubernetes对应的版本
# cd /usr/local/src
root@master01:/usr/local/src# wget https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz
root@master01:/usr/local/src# tar -zxvf helm-v3.15.4-linux-amd64.tar.gz
root@master01:/usr/local/src# cp linux-amd64/ /usr/local/bin/
root@master01:/usr/local/src# cp linux-amd64/helm /usr/local/bin/
root@master01:/usr/local/src# helm version
version.BuildInfo{Version:"v3.15.4", GitCommit:"fa9efb07d9d8debbb4306d72af76a383895aa8c4", GitTreeState:"clean", GoVersion:"go1.22.6"}
1.3 Helm使用
参考:https://helm.sh/zh/docs/helm/helm/
https://andreimaksimov.medium.com/quick-and-simple-introduction-to-kubernetes-helm-charts-in-10-minutes-ac2fd686173c
1.3.1 Helm命令简介
- completion:为指定的shell生成自动补全脚本,可以自动补全helm参数
root@master01:/usr/local/src# mkdir /data/helm -p
root@master01:/usr/local/src# helm completion bash > /data/helm/helm-completion.sh
root@master01:/usr/local/src# chmod a+x /data/helm/helm-completion.sh
root@master01:/usr/local/src# echo "source /data/helm/helm-completion.sh" >> /etc/profile
root@master01:/usr/local/src# source /etc/profile
- create:使用给定名称创建新的chart
root@master01:/usr/local/src# cd /data/helm
root@master01:/data/helm# mkdir charts
root@master01:/data/helm# cd charts
root@master01:/data/helm/charts# helm create nginx-myserver
Creating nginx-myserver
root@master01:/data/helm/charts# ll nginx-myserver
total 12
drwxr-xr-x 4 root root 93 Apr 4 15:18 ./
drwxr-xr-x 3 root root 28 Apr 4 15:18 ../
-rw-r--r-- 1 root root 349 Apr 4 15:18 .helmignore
-rw-r--r-- 1 root root 1150 Apr 4 15:18 Chart.yaml
drwxr-xr-x 2 root root 6 Apr 4 15:18 charts/
drwxr-xr-x 3 root root 162 Apr 4 15:18 templates/
-rw-r--r-- 1 root root 2367 Apr 4 15:18 values.yaml
- dependency:管理chart依赖
root@master01:/data/helm/charts# helm dependency list ./nginx-myserver
WARNING: no dependencies at nginx-myserver/charts
- env:查看helm 客户端环境信息
- get:查看已安装的 RELEASE(已经安装的chart) 的扩展信息,类似于kubectl describe deployment xx查看deployment
- help:查看帮助
- history:获取发布历史记录
root@k8s-master1:~# helm history myserver-ingress
- repo add:添加仓库
root@k8s-master1:/data/helm/charts# helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"aliyun" has been added to your repositories
- repo list:列出已添加的仓库
root@master01:/data/helm/charts# helm repo list
NAME URL
argo https://argoproj.github.io/argo-helm
aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
- repo update:更新仓库
root@k8s-master1:/data/helm/charts# helm repo update
- install:安装chart,命令格式:helm install 自定义名称(DNS格式) 目的仓库
- lint:验证本地char目录是否存在问题
- list:查看release,-A是所有命名空间,默认显示default命名空间
- package:打包chart
root@master01:/data/helm/charts# helm package ./nginx-myserver/
Successfully packaged chart and saved it to: /data/helm/charts/nginx-myserver-0.1.0.tgz
- plugin:管理helm插件(install, list, uninstall, update)
- pull:从仓库拉取chart
- push:将chart推送到仓库
helm push [chart] [repository] [flags] - registry:登录或退出远程仓库
- rollback:回滚chart到上一个版本
- search repo:根据关键字搜索chart
root@k8s-master1:/data/helm/charts# helm search repo nginx
NAME CHART VERSION APP VERSION DESCRIPTION
aliyun/nginx-ingress 0.9.5 0.10.2 An nginx Ingress controller that uses ConfigMap...
aliyun/nginx-lego 0.3.1 Chart for nginx-ingress-controller and kube-lego
aliyun/gcloud-endpoints 0.1.0 Develop, deploy, protect and monitor your APIs ...
- show:查看chart信息
- status:查看release状态
- template:生成chart的模板
- test:测试release
- uninstall:卸载release
- upgrade:升级chart
- verify:验证chart被签名且有效
- version:查看helm版本
1.4 charts目录结构
# ls harbor
Chart.yaml LICENSE README.md templates values.yaml
```bash
# ll harbor
total 244
drwxr-xr-x 3 root root 111 Mar 29 17:48 ./
drwxr-xr-x 4 root root 119 Mar 29 18:18 ../
-rw-r--r-- 1 root root 57 Mar 29 17:36 .helmignore #git忽略文件
-rw-r--r-- 1 root root 567 Mar 29 17:36 Chart.yaml #yaml文件,用于描述Chart的基本信息,包括名称版本等信息
-rw-r--r-- 1 root root 11357 Mar 29 17:36 LICENSE
-rw-r--r-- 1 root root 185057 Mar 29 17:36 README.md
drwxr-xr-x 14 root root 4096 Mar 29 17:36 templates/ #模板文件目录,Helm会通过模板渲染引擎将所有文件发送到templates/目录中,然后收集模板的结果并发送给Kubernetes
-rw-r--r-- 1 root root 35373 Mar 29 17:36 values.yaml #包含了chart的 默认值# ll harbor/templates/nginx/
total 32
drwxr-xr-x 2 root root 123 Mar 29 17:36 ./
drwxr-xr-x 14 root root 4096 Mar 29 17:36 ../
-rw-r--r-- 1 root root 4714 Mar 29 17:36 configmap-http.yaml #configmap(非必须,可选)
-rw-r--r-- 1 root root 6075 Mar 29 17:36 configmap-https.yaml #configmap(非必须,可选)
-rw-r--r-- 1 root root 4005 Mar 29 17:36 deployment.yaml #deployment
-rw-r--r-- 1 root root 889 Mar 29 17:36 secret.yaml #创建secret非必须,可选)
-rw-r--r-- 1 root root 2207 Mar 29 17:36 service.yaml #创建service
2 Helm部署Harbor
2.1 部署harbor
# kubectl apply -f 1.1-ingress-nginx-1.11.3/1.ingressnginx-controller-v1.11.3_deployment.yaml
# helm repo add harbor https://helm.goharbor.io
"harbor" has been added to your repositories
# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "harbor" chart repository
...Successfully got an update from the "aliyun" chart repository
...Successfully got an update from the "argo" chart repository
Update Complete. ⎈Happy Helming!⎈
# helm search repo harbor -l
NAME CHART VERSION APP VERSION DESCRIPTION
harbor/harbor 1.18.3 2.14.3 An open source trusted cloud native registry th...
harbor/harbor 1.18.2 2.14.2 An open source trusted cloud native registry th...
harbor/harbor 1.18.1 2.14.1 An open source trusted cloud native registry th...
... # 此处省略其他版本准备harbor证书
root@master01:/data/helm/charts## mkdir certs-harbor.myarchitect.online_nginx.io
root@master01:/data/helm/charts# cd certs-harbor.myarchitect.online_nginx.io/
root@master01:/data/helm/charts/certs-harbor.myarchitect.online_nginx.io# unzip harbor.myarchitect.online_nginx.zip
基于证书创建secret
# kubectl create secret \
> tls harbor-myarchitect-io-secret \
> --cert=./harbor.myarchitect.online.pem \
> --key=./harbor.myarchitect.online.key -n myserver
secret/harbor-myarchitect-io-secret created
下载chart(部署之前可以进行配置参数验证或修改)
root@master01:/data/helm/charts# helm pull harbor/harbor --version 1.13.2
root@master01:/data/helm/charts# tar xvf harbor-1.13.2.tgz
harbor/Chart.yaml
harbor/values.yaml
harbor/templates/NOTES.txt
harbor/templates/_helpers.tpl
harbor/templates/core/core-cm.yaml
harbor/templates/core/core-dpl.yaml
harbor/templates/core/core-pre-upgrade-job.yaml
harbor/templates/core/core-secret.yaml
harbor/templates/core/core-svc.yaml
harbor/templates/core/core-tls.yaml
harbor/templates/database/database-secret.yaml
harbor/templates/database/database-ss.yaml
harbor/templates/database/database-svc.yaml
harbor/templates/exporter/exporter-cm-env.yaml
harbor/templates/exporter/exporter-dpl.yaml
harbor/templates/exporter/exporter-secret.yaml
harbor/templates/exporter/exporter-svc.yaml
harbor/templates/ingress/ingress.yaml
harbor/templates/ingress/secret.yaml
harbor/templates/internal/auto-tls.yaml
harbor/templates/jobservice/jobservice-cm-env.yaml
harbor/templates/jobservice/jobservice-cm.yaml
harbor/templates/jobservice/jobservice-dpl.yaml
harbor/templates/jobservice/jobservice-pvc.yaml
harbor/templates/jobservice/jobservice-secrets.yaml
harbor/templates/jobservice/jobservice-svc.yaml
harbor/templates/jobservice/jobservice-tls.yaml
harbor/templates/metrics/metrics-svcmon.yaml
harbor/templates/nginx/configmap-http.yaml
harbor/templates/nginx/configmap-https.yaml
harbor/templates/nginx/deployment.yaml
harbor/templates/nginx/secret.yaml
harbor/templates/nginx/service.yaml
harbor/templates/portal/configmap.yaml
harbor/templates/portal/deployment.yaml
harbor/templates/portal/service.yaml
harbor/templates/portal/tls.yaml
harbor/templates/redis/service.yaml
harbor/templates/redis/statefulset.yaml
harbor/templates/registry/registry-cm.yaml
harbor/templates/registry/registry-dpl.yaml
harbor/templates/registry/registry-pvc.yaml
harbor/templates/registry/registry-secret.yaml
harbor/templates/registry/registry-svc.yaml
harbor/templates/registry/registry-tls.yaml
harbor/templates/registry/registryctl-cm.yaml
harbor/templates/registry/registryctl-secret.yaml
harbor/templates/trivy/trivy-secret.yaml
harbor/templates/trivy/trivy-sts.yaml
harbor/templates/trivy/trivy-svc.yaml
harbor/templates/trivy/trivy-tls.yaml
harbor/.helmignore
harbor/LICENSE
harbor/README.md
修改value文件或单独提供value文件
# helm install myserver-harborregistry -f values-harbor.yaml ./harbor -n myserver --dry-run #测试部署# helm install myserver-harborregistry -f values-harbor.yaml ./harbor -n myserver #执行部署
W0410 20:15:56.767384 215365 warnings.go:70] annotation "kubernetes.io/ingress.class" is deprecated, please use 'spec.ingressClassName' instead
NAME: myserver-harborregistry
LAST DEPLOYED: Fri Apr 10 20:15:51 2026
NAMESPACE: myserver
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://harbor.myarchitect.online
For more details, please visit https://github.com/goharbor/harbor
验证pod是否正常运行
root@master01:/data/helm/charts/helm-harbor-case# kubectl -n myserver get pod
NAME READY STATUS RESTARTS AGE
dns-debug 1/1 Running 1088 (60m ago) 60d
myserver-harborregistry-core-d5857688b-6v52j 1/1 Running 2 (5m42s ago) 7m51s
myserver-harborregistry-database-0 1/1 Running 0 5m5s
myserver-harborregistry-jobservice-5b66b9784b-zgjkf 1/1 Running 5 (5m53s ago) 7m51s
myserver-harborregistry-portal-586bb6d8f4-bq77z 1/1 Running 0 7m51s
myserver-harborregistry-redis-0 1/1 Running 0 7m51s
myserver-harborregistry-registry-fd9ccc56b-dwwgr 2/2 Running 0 7m51s
myserver-harborregistry-trivy-0 1/1 Running 0 7m51s
验证ingress规则
root@node02:~# kubectl -n myserver get ingress myserver-harborregistry-ingress -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:annotations:ingress.kubernetes.io/proxy-body-size: "0"ingress.kubernetes.io/ssl-redirect: "true"kubernetes.io/ingress.class: nginxmeta.helm.sh/release-name: myserver-harborregistrymeta.helm.sh/release-namespace: myservernginx.ingress.kubernetes.io/proxy-body-size: "0"nginx.ingress.kubernetes.io/ssl-redirect: "true"creationTimestamp: "2026-04-21T13:09:39Z"generation: 1labels:app: harborapp.kubernetes.io/managed-by: Helmchart: harborheritage: Helmrelease: myserver-harborregistryname: myserver-harborregistry-ingressnamespace: myserverresourceVersion: "9741568"uid: 75aa5a1c-ddf3-4678-b94c-94b5af97abf2
spec:rules:- host: harbor.myarchitect.onlinehttp:paths:- backend:service:name: myserver-harborregistry-coreport:number: 80path: /api/pathType: Prefix- backend:service:name: myserver-harborregistry-coreport:number: 80path: /service/pathType: Prefix- backend:service:name: myserver-harborregistry-coreport:number: 80path: /v2/pathType: Prefix- backend:service:name: myserver-harborregistry-coreport:number: 80path: /chartrepo/pathType: Prefix- backend:service:name: myserver-harborregistry-coreport:number: 80path: /c/pathType: Prefix- backend:service:name: myserver-harborregistry-portalport:number: 80path: /pathType: Prefixtls:- hosts:- harbor.myarchitect.onlinesecretName: harbor-myarchitect-online-secret
status:loadBalancer:ingress:- ip: 172.31.7.111
ingress-nginx svc端口
root@node02:~# kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.100.216.140 <none> 80:30437/TCP,443:30190/TCP 14d
ingress-nginx-controller-admission ClusterIP 10.100.99.32 <none> 443/TCP 14d
配置负载均衡转发到ingress-controller的svc端口
listen harbor-443bind 172.31.7.189:443mode tcpserver 172.31.7.111 172.31.7.112:30190 check inter 2000 fall 3 rise 5
listen harbor-80bind 172.31.7.189:80mode tcpserver 172.31.7.111 172.31.7.112:30437 check inter 2000 fall 3 rise 5
harbor 域名解析,指向负载均衡入口:
>ping harbor.myarchitect.online正在 Ping harbor.myarchitect.online [172.31.7.189] 具有 32 字节的数据:
来自 172.31.7.189 的回复: 字节=32 时间=1ms TTL=64
来自 172.31.7.189 的回复: 字节=32 时间<1ms TTL=64
来自 172.31.7.189 的回复: 字节=32 时间<1ms TTL=64
来自 172.31.7.189 的回复: 字节=32 时间<1ms TTL=64172.31.7.189 的 Ping 统计信息:数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):最短 = 0ms,最长 = 1ms,平均 = 0ms
2.2 访问harbor控制台
访问地址:https://harbor.myarchitect.online