深入了解:Helm——Taylor Thomas,微软

深入了解即将推出的 Helm 第 3 版本的内部工作原理!其目标是让所有与会者确切知道新代码的工作方式,并向维护人员提供关键反馈。我们将深入研究并讨论新的体系结构/功能,并探索代码的每个新增部分。在此过程中,我们停下来展开任何讨论、问题和疑虑。最后,我们将讨论从 Helm 2 到 Helm 3 的迁移和路线图。随着 Helm 3 的即将发布,做好准备了解激动人心的新变化并提供必要的观点。
展开查看详情

1.Helm 3 Deep Dive All the things you never wanted to know

2. A Huge Thanks ● The Helm Core maintainers ● Josh Dolitsky

3. BRIEF HISTORY OF HELM Helm v1 is announced at the Helm project joins first KubeCon the CNCF Helm 2.0.0 is Helm merges with released Helm Summit “k8splace” is Google takes place to kick developed at a Deployment off discussion on Helm 3 is Deis hackathon Manager Helm 3 Released OCT 2015 NOV 2015 JAN 2016 NOV 2016 FEB 2018 JUN 2018 ???

4.The Helm 3 Project Board https://github.com/helm/helm/projects/1

5. Embedded Lua engine Major Removal of Tiller changes to Chart repo auth & upload New Charts.yaml expect in Helm 3

6. Embedded Lua engine Major changes to Chart repo auth & upload New Charts.yaml expect in Helm 3

7. Embedded Lua engine Major Removal of Tiller changes to New Charts.yaml expect in Helm 3

8. Embedded Lua engine Major Removal of Tiller changes to Chart repo auth & upload expect in Helm 3

9. Other Helm 3 changes ● “Managed” hooks - if Helm creates something, it will delete it ● index.yaml will move to index.json, and be partitioned for performance ● Schematize your values by including a values.schema.yaml file ● Helm client libraries will be much better

10.Embedded Lua engine Making Helm charts more robust and programmable

11.Major changes to expect in Helm 3 Embedded Lua engine ● Lua can be used with, or in place of, YAML templates Embedded Lua engine ● Treat Kubernetes resources as objects, not strings Removal of ● Intercept lifecycle events, modify chart on-the-fly Tiller ● Sandboxed - optionally limit access to network/io Chart repo auth & upload ● Develop and import reusable “library charts” New Chart.yaml ● Helm plugins will have access to the Lua runtime

12. Helm 2 Helm 3 apiVersion: v1 kind: Pod metadata: name: {{ template "alpine.fullname" . }} labels: heritage: {{ .Release.Service }} release: {{ .Release.Name }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} app: {{ template "alpine.name" . }} spec: restartPolicy: {{ .Values.restartPolicy }} containers: - name: waiter image: "{{.Values.img}}:{{.Values.img.tag}}" imagePullPolicy: {{ .Values.img.pullPolicy }} command: ["/bin/sleep", "9000"]

13. Helm 2 Helm 3 apiVersion: v1 function create_alpine_pod(_) kind: Pod local pod = { metadata: apiVersion = "v1", name: {{ template "alpine.fullname" . }} kind = "Pod", labels: metadata = { heritage: {{ .Release.Service }} name = alpine_fullname(_), release: {{ .Release.Name }} labels = { chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage = _.Release.Service or "helm", app: {{ template "alpine.name" . }} release = _.Release.Name, spec: chart = _.Chart.Name .. "-" .. _.Chart.Vers restartPolicy: {{ .Values.restartPolicy }} app = alpine_name(_) containers: } - name: waiter }, image: "{{.Values.img}}:{{.Values.img.tag}}" spec = { imagePullPolicy: {{ .Values.img.pullPolicy }} restartPolicy = _.Values.restartPolicy, command: ["/bin/sleep", "9000"] containers = { { name = waiter, image = _.Values.image.repository .. ":" imagePullPolicy = _.Values.image.pullPoli command = { "/bin/sleep",

14. Helm 2 Helm 3 apiVersion: v1 -- Example of using a "library chart" kind: Pod local pods = require("mylib.pods"); metadata: name: {{ template "alpine.fullname" . }} function create_alpine_pod(_) labels: myPod = pods.new("alpine:3.7", _) heritage: {{ .Release.Service }} myPod.spec.restartPolicy = "Always" release: {{ .Release.Name }} -- set any other properties chart: {{ .Chart.Name }}-{{ .Chart.Version }} _.Manifests.add(myPod) app: {{ template "alpine.name" . }} end spec: restartPolicy: {{ .Values.restartPolicy }} containers: - name: waiter image: "{{.Values.img}}:{{.Values.img.tag}}" imagePullPolicy: {{ .Values.img.pullPolicy }} command: ["/bin/sleep", "9000"]

15. Removal of Tiller TILLER Improving security by delegating auth to Kubernetes RBAC

16.Major changes to expect in Helm 3 Removal of Tiller ● Shrinks the security model for Helm, now client-only Embedded Lua engine ● Auth is delegated to Kubernetes RBAC Removal of ● Release history maintained using ULIDs vs. integers Tiller ● “Release” CRD will store instance of an application Chart repo auth & upload ● “ReleaseVersion” CRD will store version of release New Chart.yaml

17. Helm 2 Helm 3 Helm CLI gRPC Kubernetes Tiller Kube API ConfigMap ConfigMap ConfigMap ConfigMap ConfigMap ConfigMap Helm Releases

18. Helm 2 Helm 3 Helm CLI Helm CLI gRPC HTTP Kubernetes Kubernetes Tiller Kube API Kube API Release CRD Release CRD ReleaseVersion CRD ReleaseVersion CRD ConfigMap ConfigMap ReleaseVersion CRD ReleaseVersion CRD ConfigMap ConfigMap ReleaseVersion CRD ReleaseVersion CRD ConfigMap ConfigMap Helm Releases Helm Releases

19.Chart repo auth & upload New commands and API spec for working with chart repositories

20.Major changes to expect in Helm 3 Chart repo auth & upload ● “helm push” command to upload chart to a repo Embedded Lua engine ● Push spec is still being finalized Removal of ● Plugins can supply custom protocols (e.g. s3://) Tiller ● “helm login” command to authenticate against a repo Chart repo auth & upload ● OAuth2 authorization flow, bearer/token auth New Chart.yaml ● Limit which users can upload/install which charts

21. Helm 2 Helm 3 $ helm repo add myrepo \ https://site.com/myrepo \ --username=josh \ --password=***** $ helm package mychart/ $ ./my-custom-uploader.sh \ mychart-0.1.0.tgz $ helm repo update $ helm install myrepo/mychart

22. Helm 2 Helm 3 $ helm repo add myrepo \ $ helm login https://site.com https://site.com/myrepo \ --username=josh \ --password=***** $ helm repo add myrepo \ https://site.com/myrepo $ helm package mychart/ $ helm push mychart/ myrepo $ ./my-custom-uploader.sh \ mychart-0.1.0.tgz $ helm repo update $ helm repo update $ helm install myrepo/mychart $ helm install myrepo/mychart

23.Major changes to expect in Helm 3 New chart.yaml ● Current chart.yaml files will not be broken Embedded Lua engine ● The requirements file will no longer exist Removal of ● Requirements will now be part of the charts.yaml Tiller Chart repo auth & upload New Chart.yaml

24. Helm 2 Helm 3 # requirements.yaml dependencies: - name: reqsubchart version: 0.1.0 repository: "https://example.com/charts" - name: reqsubchart2 version: 0.2.0 repository: "https://example.com/charts" - name: reqsubchart3 version: ">=0.1.0" repository: "https://example.com/charts" # chart.yaml description: A Helm chart for Kubernetes name: reqtest version: 0.1.0

25. Helm 2 Helm 3 # requirements.yaml description: A Helm chart for Kubernetes dependencies: name: reqtest - name: reqsubchart version: 0.1.0 version: 0.1.0 dependencies: repository: "https://example.com/charts" - name: reqsubchart - name: reqsubchart2 version: 0.1.0 version: 0.2.0 repository: "https://example.com/charts" repository: "https://example.com/charts" - name: reqsubchart2 - name: reqsubchart3 version: 0.2.0 version: ">=0.1.0" repository: "https://example.com/charts" repository: "https://example.com/charts" - name: reqsubchart3 # chart.yaml version: ">=0.1.0" description: A Helm chart for Kubernetes repository: "https://example.com/charts" name: reqtest version: 0.1.0

26.Want to know more about Helm 3? https://github.com/helm/community/tree/master/helm-v3 https://github.com/helm/helm/tree/dev-v3