この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。
Helmの勉強のために、各サブコマンドで何ができるか調べました。
環境情報
EKS Workshopで使う、Cloud 9インスタンス上で検証しています。Linuxです。
Helmのバージョンは以下です。
$ helm version
version.BuildInfo{Version:"v3.5.0", GitCommit:"32c22239423b3b4ba6706d450bd044baffdcf9e6", GitTreeState:"clean", GoVersion:"go1.15.6"}
completion
generate autocompletions script for the specified shell
シェル自動補完のためのスクリプトを吐いてくれます。
各シェル用のサブコマンドがあります。
Available Commands:
bash generate autocompletion script for bash
fish generate autocompletion script for fish
zsh generate autocompletion script for zsh
例えばbashの場合、現在のシェルセッションで自動補完を有効化するには、以下のコマンドを実行します。
$ source <(helm completion bash)
今後のセッションで自動補完を有効化するには、以下のコマンドを実行します。
$ helm completion bash >> ~/.bash_completion
そうすると、helm以降のサブコマンドの自動補完が効くようになります。
例
$ helm (ここでTabを押す)
completion dependency get install list plugin repo search status test upgrade version
create env history lint package pull rollback show template uninstall verify
create
create a new chart with the given name
独自のチャートを作成します。EKS Workshopでも登場します。
$ helm create eksdemo
Creating eksdemo
$ tree eksdemo/
eksdemo/
├── charts
├── Chart.yaml
├── templates
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── hpa.yaml
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── serviceaccount.yaml
│ ├── service.yaml
│ └── tests
│ └── test-connection.yaml
└── values.yaml
3 directories, 10 files
こんな感じで、チャートの雛形を作ってくれます。
--starter
もしくは -p
オプションがあります。これは他のチャートを雛形として新しいチャートを作るオプションです。
雛形となるチャートは$XDG_DATA_HOME/helm/starters
に存在している必要があります。
$ mkdir -p /home/ec2-user/.local/share/helm/starters/
$ cp -r eksdemo /home/ec2-user/.local/share/helm/starters/
$ helm create eksdemo2 --starter eksdemo
Creating eksdemo2
dependency
manage a chart's dependencies
チャートは別のチャートに依存している場合があります。そのような依存関係を管理するコマンドです。
以下のサブコマンドがあります。
Available Commands:
build rebuild the charts/ directory based on the Chart.lock file
list list the dependencies for the given chart
update update charts/ based on the contents of Chart.yaml
先程作ったチャートeksdemoは現在中身空っぽなので何の依存関係もありません。
$ helm dependency list eksdemo
WARNING: no dependencies at eksdemo/charts
依存関係があるチャートをダウンロードしてきて確認したいと思います。
$ helm pull stable/wordpress
$ tar zxvf wordpress-9.3.21.tgz
$ tree wordpress
wordpress
├── charts
│ └── mariadb
│ ├── Chart.yaml
│ ├── files
│ │ └── docker-entrypoint-initdb.d
│ │ └── README.md
│ ├── OWNERS
│ ├── README.md
│ ├── templates
│ │ ├── _helpers.tpl
│ │ ├── initialization-configmap.yaml
│ │ ├── master-configmap.yaml
│ │ ├── master-pdb.yaml
│ │ ├── master-statefulset.yaml
│ │ ├── master-svc.yaml
│ │ ├── NOTES.txt
│ │ ├── rolebinding.yaml
│ │ ├── role.yaml
│ │ ├── secrets.yaml
│ │ ├── serviceaccount.yaml
│ │ ├── servicemonitor.yaml
│ │ ├── slave-configmap.yaml
│ │ ├── slave-pdb.yaml
│ │ ├── slave-statefulset.yaml
│ │ ├── slave-svc.yaml
│ │ ├── test-runner.yaml
│ │ └── tests.yaml
│ ├── values-production.yaml
│ ├── values.schema.json
│ └── values.yaml
├── Chart.yaml
├── README.md
├── requirements.lock
├── requirements.yaml
├── templates
│ ├── deployment.yaml
│ ├── externaldb-secrets.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── pvc.yaml
│ ├── secrets.yaml
│ ├── servicemonitor.yaml
│ ├── svc.yaml
│ ├── tests
│ │ └── test-mariadb-connection.yaml
│ └── tls-secrets.yaml
├── values.schema.json
└── values.yaml
mariadbに依存していることがわかります。
$ helm dependencies list wordpress
NAME VERSION REPOSITORY STATUS
mariadb 7.x.x https://kubernetes-charts.storage.googleapis.com/ unpacked
この情報はどこから取ってきているのかというと、YAMLのdependencies:
以下です。上記のチャートですと
requirements.yaml
に書かれています。
requirements.yaml
dependencies:
- name: mariadb
version: 7.x.x
repository: https://kubernetes-charts.storage.googleapis.com/
condition: mariadb.enabled
tags:
- wordpress-database
そして、dependencies:
以下に定義されたチャートは、 charts/
以下に実態ファイルがあります。先程のtree
の結果にも、eksdemo/charts/mariadb
というディレクトリがありますよね。
また、helm dependencies update
でdependencies:
以下の定義に基づきcharts/
以下のチャートを更新することができます。
$ helm dependencies update wordpress
Getting updates for unmanaged Helm repositories...
...Unable to get an update from the "https://kubernetes-charts.storage.googleapis.com/" chart repository:
failed to fetch https://kubernetes-charts.storage.googleapis.com/index.yaml : 403 Forbidden
失敗しましたね…調べたところによると、mariadbチャート配布元のhttps://kubernetes-charts.storage.googleapis.com/
リポジトリが廃止され、代わりにhttps://charts.helm.sh/stable
を使う必要があるようです。というわけで先程のYAMLを更新します。
requirements.yaml
dependencies:
- name: mariadb
version: 7.x.x
- repository: https://kubernetes-charts.storage.googleapis.com/
+ repository: https://charts.helm.sh/stable
condition: mariadb.enabled
tags:
- wordpress-database
もう一度helm dependencies update
してみます。
$ helm dependencies update wordpress
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "eks" chart repository
...Successfully got an update from the "stable" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 1 charts
Downloading mariadb from repo https://charts.helm.sh/stable
Deleting outdated charts
今度は成功したようです。成功した場合requirements.lock
ファイルが更新されます。
requirements.lock
dependencies:
- name: mariadb
repository: https://charts.helm.sh/stable
version: 7.3.14
digest: sha256:a011b4950ffc35f94724fd8a1d7c99f8ce7b26cd9806cd00a6454f5ee3ee5b70
generated: "2021-01-16T12:41:09.122145628Z"
バージョン7.3.14がインストールされているようですね。
試しにdependencies:
のバージョンを変更してみましょう。
requirements.yaml
dependencies:
- name: mariadb
- version: 7.x.x
+ version: 6.x.x
repository: https://charts.helm.sh/stable
condition: mariadb.enabled
tags:
- wordpress-database
その後再度helm dependencies update wordpress
してみると、requirements.lock
ファイルの中身が更新されていることが確認できました。
requirements.lock
dependencies:
- name: mariadb
repository: https://charts.helm.sh/stable
version: 6.13.0
digest: sha256:739bdb805fe539dd522fdc639e44af2bed8ca0fda36ee418a960405f9634d61b
generated: "2021-01-17T12:02:38.579708892Z"
最後のサブコマンド helm dependencies build
は以下のようなコマンドです。
- 前述のロックファイルが無い時 →
helm dependencies update
と同じ挙動 - ロックファイルがある時 → YAMLファイルの
dependencies:
以下に書かれているバージョンではなく、ロックファイルに書かれているバージョンを使って依存関係のチャートをインストールする
env
helm client environment information
Helmが使う環境変数一覧を出力します。
$ helm env
HELM_BIN="helm"
HELM_CACHE_HOME="/home/ec2-user/.cache/helm"
HELM_CONFIG_HOME="/home/ec2-user/.config/helm"
HELM_DATA_HOME="/home/ec2-user/.local/share/helm"
HELM_DEBUG="false"
HELM_KUBEAPISERVER=""
HELM_KUBEASGROUPS=""
HELM_KUBEASUSER=""
HELM_KUBECAFILE=""
HELM_KUBECONTEXT=""
HELM_KUBETOKEN=""
HELM_MAX_HISTORY="10"
HELM_NAMESPACE="default"
HELM_PLUGINS="/home/ec2-user/.local/share/helm/plugins"
HELM_REGISTRY_CONFIG="/home/ec2-user/.config/helm/registry.json"
HELM_REPOSITORY_CACHE="/home/ec2-user/.cache/helm/repository"
HELM_REPOSITORY_CONFIG="/home/ec2-user/.config/helm/repositories.yaml"
get
download extended information of a named release
リリースについての 様々な詳細方法を取得するコマンドです。以下サブコマンドがあります。
Available Commands:
all download all information for a named release
hooks download all hooks for a named release
manifest download the manifest for a named release
notes download the notes for a named release
values download the values file for a named release
EKS Workshopでは Bitnamiリポジトリのnginxチャートからmywebserverという名前のリリースを作成します。このリリースに対してgetコマンドを使ってみます。
$ helm get hooks mywebserver
$ helm get manifest mywebserver
---
# Source: nginx/templates/server-block-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mywebserver-nginx-server-block
labels:
app.kubernetes.io/name: nginx
helm.sh/chart: nginx-8.3.0
app.kubernetes.io/instance: mywebserver
app.kubernetes.io/managed-by: Helm
data:
server-blocks-paths.conf: |-
include "/opt/bitnami/nginx/conf/server_blocks/ldap/*.conf";
include "/opt/bitnami/nginx/conf/server_blocks/common/*.conf";
---
# Source: nginx/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: mywebserver-nginx
labels:
app.kubernetes.io/name: nginx
helm.sh/chart: nginx-8.3.0
app.kubernetes.io/instance: mywebserver
app.kubernetes.io/managed-by: Helm
spec:
type: LoadBalancer
externalTrafficPolicy: "Cluster"
ports:
- name: http
port: 80
targetPort: http
selector:
app.kubernetes.io/name: nginx
app.kubernetes.io/instance: mywebserver
---
# Source: nginx/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mywebserver-nginx
labels:
app.kubernetes.io/name: nginx
helm.sh/chart: nginx-8.3.0
app.kubernetes.io/instance: mywebserver
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: nginx
app.kubernetes.io/instance: mywebserver
template:
metadata:
labels:
app.kubernetes.io/name: nginx
helm.sh/chart: nginx-8.3.0
app.kubernetes.io/instance: mywebserver
app.kubernetes.io/managed-by: Helm
spec:
affinity:
podAffinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: nginx
app.kubernetes.io/instance: mywebserver
namespaces:
- default
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
containers:
- name: nginx
image: docker.io/bitnami/nginx:1.19.6-debian-10-r21
imagePullPolicy: "IfNotPresent"
env:
- name: BITNAMI_DEBUG
value: "false"
ports:
- name: http
containerPort: 8080
livenessProbe:
tcpSocket:
port: http
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
resources:
limits: {}
requests: {}
volumeMounts:
- name: nginx-server-block-paths
mountPath: /opt/bitnami/nginx/conf/server_blocks
volumes:
- name: nginx-server-block-paths
configMap:
name: mywebserver-nginx-server-block
items:
- key: server-blocks-paths.conf
path: server-blocks-paths.conf
$ helm get notes mywebserver
NOTES:
** Please be patient while the chart is being deployed **
NGINX can be accessed through the following DNS name from within your cluster:
mywebserver-nginx.default.svc.cluster.local (port 80)
To access NGINX from outside the cluster, follow the steps below:
1. Get the NGINX URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w mywebserver-nginx'
export SERVICE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].port}" services mywebserver-nginx)
export SERVICE_IP=$(kubectl get svc --namespace default mywebserver-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "http://${SERVICE_IP}:${SERVICE_PORT}"
$ helm get values mywebserver
USER-SUPPLIED VALUES:
null
リリースの中身を確認するのに便利ですね。
個人的に便利だなーと感じたのは--revision
オプションです。helm history
で確認できる各リビジョン時のリリースの中身がどうなっていたのかを知ることができます。
help
Help about any command
サブコマンドを教えてくれるだけかと思いきや、環境変数の解説なども表示してくれるんですね。
$ helm help
The Kubernetes package manager
Common actions for Helm:
- helm search: search for charts
- helm pull: download a chart to your local directory to view
- helm install: upload the chart to Kubernetes
- helm list: list releases of charts
Environment variables:
| Name | Description |
|------------------------------------|-----------------------------------------------------------------------------------|
| $HELM_CACHE_HOME | set an alternative location for storing cached files. |
| $HELM_CONFIG_HOME | set an alternative location for storing Helm configuration. |
| $HELM_DATA_HOME | set an alternative location for storing Helm data. |
| $HELM_DEBUG | indicate whether or not Helm is running in Debug mode |
| $HELM_DRIVER | set the backend storage driver. Values are: configmap, secret, memory, postgres |
| $HELM_DRIVER_SQL_CONNECTION_STRING | set the connection string the SQL storage driver should use. |
| $HELM_MAX_HISTORY | set the maximum number of helm release history. |
| $HELM_NAMESPACE | set the namespace used for the helm operations. |
| $HELM_NO_PLUGINS | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. |
| $HELM_PLUGINS | set the path to the plugins directory |
| $HELM_REGISTRY_CONFIG | set the path to the registry config file. |
| $HELM_REPOSITORY_CACHE | set the path to the repository cache directory |
| $HELM_REPOSITORY_CONFIG | set the path to the repositories file. |
| $KUBECONFIG | set an alternative Kubernetes configuration file (default "~/.kube/config") |
| $HELM_KUBEAPISERVER | set the Kubernetes API Server Endpoint for authentication |
| $HELM_KUBECAFILE | set the Kubernetes certificate authority file. |
| $HELM_KUBEASGROUPS | set the Groups to use for impersonation using a comma-separated list. |
| $HELM_KUBEASUSER | set the Username to impersonate for the operation. |
| $HELM_KUBECONTEXT | set the name of the kubeconfig context. |
| $HELM_KUBETOKEN | set the Bearer KubeToken used for authentication. |
Helm stores cache, configuration, and data based on the following configuration order:
- If a HELM_*_HOME environment variable is set, it will be used
- Otherwise, on systems supporting the XDG base directory specification, the XDG variables will be used
- When no other location is set a default location will be used based on the operating system
By default, the default directories depend on the Operating System. The defaults are listed below:
| Operating System | Cache Path | Configuration Path | Data Path |
|------------------|---------------------------|--------------------------------|-------------------------|
| Linux | $HOME/.cache/helm | $HOME/.config/helm | $HOME/.local/share/helm |
| macOS | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm |
| Windows | %TEMP%\helm | %APPDATA%\helm | %APPDATA%\helm |
Usage:
helm [command]
Available Commands:
completion generate autocompletion scripts for the specified shell
create create a new chart with the given name
dependency manage a chart's dependencies
env helm client environment information
get download extended information of a named release
help Help about any command
history fetch release history
install install a chart
lint examine a chart for possible issues
list list releases
package package a chart directory into a chart archive
plugin install, list, or uninstall Helm plugins
pull download a chart from a repository and (optionally) unpack it in local directory
repo add, list, remove, update, and index chart repositories
rollback roll back a release to a previous revision
search search for a keyword in charts
show show information of a chart
status display the status of the named release
template locally render templates
test run tests for a release
uninstall uninstall a release
upgrade upgrade a release
verify verify that a chart at the given path has been signed and is valid
version print the client version information
Flags:
--debug enable verbose output
-h, --help help for helm
--kube-apiserver string the address and the port for the Kubernetes API server
--kube-as-group stringArray group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--kube-as-user string username to impersonate for the operation
--kube-ca-file string the certificate authority file for the Kubernetes API server connection
--kube-context string name of the kubeconfig context to use
--kube-token string bearer token used for authentication
--kubeconfig string path to the kubeconfig file
-n, --namespace string namespace scope for this request
--registry-config string path to the registry config file (default "/home/ec2-user/.config/helm/registry.json")
--repository-cache string path to the file containing cached repository indexes (default "/home/ec2-user/.cache/helm/repository")
--repository-config string path to the file containing repository names and URLs (default "/home/ec2-user/.config/helm/repositories.yaml")
Use "helm [command] --help" for more information about a command.
history
fetch release history
リリースにはリビジョンの概念があります。このコマンドでは特定のリリースのリビジョン履歴が確認できます。
インストールしたばっかりのリリースのリビジョンは当然1だけです。
$ helm install mywebserver bitnami/nginx
(省略)
$ helm history mywebserver
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Jan 19 12:06:58 2021 deployed nginx-8.3.0 1.19.6 Install complete
upgradeしてみます。
$ helm upgrade -f ./mywebserver.yaml mywebserver bitnami/nginx
Release "mywebserver" has been upgraded. Happy Helming!
NAME: mywebserver
LAST DEPLOYED: Tue Jan 19 12:22:25 2021
NAMESPACE: default
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **
NGINX can be accessed through the following DNS name from within your cluster:
mywebserver-nginx.default.svc.cluster.local (port 80)
To access NGINX from outside the cluster, follow the steps below:
1. Get the NGINX URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w mywebserver-nginx'
export SERVICE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].port}" services mywebserver-nginx)
export SERVICE_IP=$(kubectl get svc --namespace default mywebserver-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "http://${SERVICE_IP}:${SERVICE_PORT}"
もう一度 helm history
してみます。
$ helm history mywebserver
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Jan 19 12:06:58 2021 superseded nginx-8.3.0 1.19.6 Install complete
2 Tue Jan 19 12:22:25 2021 deployed nginx-8.3.0 1.19.6 Upgrade complete
STATUS列に注目ください。先程はdeployed
ステータスだったリビジョン1がsuperseded
(=取って代わられた)になり、代わりにリビジョン2のステータスがdeployed
になっています。
また、rollback
コマンドですぐに元のリビジョンに戻せます。
$ helm rollback mywebserver 1
Rollback was a success! Happy Helming!
$ helm history mywebserver
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Jan 19 12:06:58 2021 superseded nginx-8.3.0 1.19.6 Install complete
2 Tue Jan 19 12:22:25 2021 superseded nginx-8.3.0 1.19.6 Upgrade complete
3 Tue Jan 19 12:28:05 2021 deployed nginx-8.3.0 1.19.6 Rollback to 1
リビジョン1が再びdeployed
になるわけではなく、1と同じ内容のリビジョン3が作られそのステータスがdeployed
になります。
install
install a chart
リポジトリからチャートをダウンロードしてきて、リリースを作成します。
$ helm install mywebserver bitnami/nginx
NAME: mywebserver
LAST DEPLOYED: Sun Jan 24 12:46:14 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **
NGINX can be accessed through the following DNS name from within your cluster:
mywebserver-nginx.default.svc.cluster.local (port 80)
To access NGINX from outside the cluster, follow the steps below:
1. Get the NGINX URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w mywebserver-nginx'
export SERVICE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].port}" services mywebserver-nginx)
export SERVICE_IP=$(kubectl get svc --namespace default mywebserver-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "http://${SERVICE_IP}:${SERVICE_PORT}"
lint
examine a chart for possible issues
チャートの構文チェックを行ないます。
$ helm create lintexample
Creating lintexample
$ helm lint lintexample
==> Linting lintexample
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, 0 chart(s) failed
icon is recommended
という指摘が入りましたね。追加してみます。
lintexample/Chart.yaml
apiVersion: v2
name: lintexample
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
icon: https://dev.classmethod.jp/_nuxt/img/91723c1.svg
もう一度lintを実行するとiconの指摘はされなくなりました。
$ helm lint lintexample
==> Linting lintexample
1 chart(s) linted, 0 chart(s) failed
list
list releases
リリースの一覧を出力します。
$ helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
mywebserver default 1 2021-01-24 12:46:14.506322101 +0000 UTC deployed nginx-8.3.0 1.19.6
デフォルトでは現在のネームスペースに存在するリリースのみを出力することにご注意ください。-n
もしくは--namespace
オプションで別ネームスペース上のリリースも確認できます。 -A
か --all-namespaces
オプションを使うと全ネームスペース上のリリースを一挙確認もできます。フィルタリングとかソートのオプションも色々ありますが、まだそこまで活用したことないです。。
package
package a chart directory into a chart archive
チャートを圧縮ファイルを作成します。圧縮ファイルはリポジトリを作成する際に使うそうです。
$ helm package wordpress
Successfully packaged chart and saved it to: /home/ec2-user/environment/wordpress-9.0.3.tgz
plugin
install, list, or uninstall Helm plugins
HelmにはHelm pluginというアドオンツール群が存在します。この helm plugin
コマンドはその管理を担います。以下4つのサブコマンドが存在します。
Available Commands:
install install one or more Helm plugins
list list installed Helm plugins
uninstall uninstall one or more Helm plugins
update update one or more Helm plugins
helm diff
というプラグインを例に説明します。
最初は何のプラグインもありません。
$ helm plugin list
NAME VERSION DESCRIPTION
helm diff
をインストールしてみます。
$ helm plugin install https://github.com/databus23/helm-diff
Downloading https://github.com/databus23/helm-diff/releases/download/v3.1.3/helm-diff-linux.tgz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 643 100 643 0 0 2248 0 --:--:-- --:--:-- --:--:-- 2248
100 14.9M 100 14.9M 0 0 4348k 0 0:00:03 0:00:03 --:--:-- 6071k
Preparing to install into /home/ec2-user/.local/share/helm/plugins/helm-diff
helm-diff installed into /home/ec2-user/.local/share/helm/plugins/helm-diff/helm-diff
The Helm Diff Plugin
(割愛)
Additional help topics:
diff
Use "diff [command] --help" for more information about a command.
Installed plugin: diff
$ helm plugin list
NAME VERSION DESCRIPTION
diff 3.1.3 Preview helm upgrade changes as a diff
これでhelm diff
コマンドが使えるようになります。
アンインストールします。
$ helm plugin uninstall diff
Uninstalled plugin: diff
$ helm plugin list
NAME VERSION DESCRIPTION
pull
download a chart from a repository and (optionally) unpack it in local directory
helm dependency
の項ですでにやっていますが、リポジトリからチャートをダウンロードしてくるコマンドです。
$ helm pull stable/wordpress
$ tar zxvf wordpress-9.3.21.tgz
$ tree wordpress
wordpress
├── charts
│ └── mariadb
│ ├── Chart.yaml
│ ├── files
│ │ └── docker-entrypoint-initdb.d
│ │ └── README.md
│ ├── OWNERS
│ ├── README.md
│ ├── templates
│ │ ├── _helpers.tpl
│ │ ├── initialization-configmap.yaml
│ │ ├── master-configmap.yaml
│ │ ├── master-pdb.yaml
│ │ ├── master-statefulset.yaml
│ │ ├── master-svc.yaml
│ │ ├── NOTES.txt
│ │ ├── rolebinding.yaml
│ │ ├── role.yaml
│ │ ├── secrets.yaml
│ │ ├── serviceaccount.yaml
│ │ ├── servicemonitor.yaml
│ │ ├── slave-configmap.yaml
│ │ ├── slave-pdb.yaml
│ │ ├── slave-statefulset.yaml
│ │ ├── slave-svc.yaml
│ │ ├── test-runner.yaml
│ │ └── tests.yaml
│ ├── values-production.yaml
│ ├── values.schema.json
│ └── values.yaml
├── Chart.yaml
├── README.md
├── requirements.lock
├── requirements.yaml
├── templates
│ ├── deployment.yaml
│ ├── externaldb-secrets.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── pvc.yaml
│ ├── secrets.yaml
│ ├── servicemonitor.yaml
│ ├── svc.yaml
│ ├── tests
│ │ └── test-mariadb-connection.yaml
│ └── tls-secrets.yaml
├── values.schema.json
└── values.yaml
上記は圧縮形式でダウンロードして後から解凍していますが、--untar
オプションを使えば解凍状態でダウンロードもできます。(今知りました。) --untardir
で解凍先ディレクトリも指定できます。
repo
add, list, remove, update, and index chart repositories
リポジトリを操作するコマンドです。以下サブコマンドがあります。
Available Commands:
add add a chart repository
index generate an index file given a directory containing packaged charts
list list chart repositories
remove remove one or more chart repositories
update update information of available charts locally from chart repositories
一番使うのはaddでしょうか。
add
$ helm repo add bitnami https://charts.bitnami.com/bitnami
"bitnami" has been added to your repositories
list
$ helm repo list
NAME URL
stable https://charts.helm.sh/stable
eks https://aws.github.io/eks-charts
bitnami https://charts.bitnami.com/bitnami
update
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "eks" chart repository
...Successfully got an update from the "stable" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈
remove
$ helm repo remove bitnami
"bitnami" has been removed from your repositories
上記コマンド群はリポジトリを利用する際に使うものですが、次のindex
はリポジトリを作成する際に使います。
リポジトリにはインデックスファイルというYAMLファイルを置く必要があります。YAMLの中身はリポジトリに格納されているチャートのメタデータ一覧です。このコマンドはそのインデックスファイルを自動作成してくれるコマンドです。
index
$ helm pull stable/wordpress --untar
$ helm repo index .
(カレントディレクトリにindex.yamlが作成される)
$ cat index.yaml
apiVersion: v1
entries:
wordpress:
- apiVersion: v1
appVersion: 5.3.2
created: "2021-01-27T05:52:03.289919598Z"
dependencies:
- condition: mariadb.enabled
name: mariadb
repository: https://kubernetes-charts.storage.googleapis.com/
tags:
- wordpress-database
version: 7.x.x
deprecated: true
description: DEPRECATED Web publishing platform for building blogs and websites.
digest: b83c4d4009d3a37298a13e75afa1a16f1826b3f84504d1201c1bd7e301501f44
home: http://www.wordpress.com/
icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png
keywords:
- wordpress
- cms
- blog
- http
- web
- application
- php
name: wordpress
sources:
- https://github.com/bitnami/bitnami-docker-wordpress
urls:
- wordpress-9.0.3.tgz
version: 9.0.3
generated: "2021-01-27T05:52:03.285432454Z"
rollback
roll back a release to a previous revision
helm history
の項で説明したとおり、リリースを過去のリビジョンに巻き戻すことができるコマンドです。
history
の欄をご覧ください。
search
search for a keyword in charts
ふたつサブコマンドがあります。
Available Commands:
hub search for charts in the Artifact Hub or your own hub instance
repo search repositories for a keyword in charts
helm search repo
はリポジトリ内を検索してチャートを探します。検索対象のリポジトリはhelm repo add
してるリポジトリつまりhelm repo list
で表示されるリポジトリ達です。
search repo
$ helm search repo nginx
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/nginx 8.4.1 1.19.6 Chart for the nginx server
bitnami/nginx-ingress-controller 7.1.3 0.43.0 Chart for the nginx Ingress controller
stable/nginx-ingress 1.41.3 v0.34.1 DEPRECATED! An nginx Ingress controller that us...
stable/nginx-ldapauth-proxy 0.1.6 1.13.5 DEPRECATED - nginx proxy with ldapauth
stable/nginx-lego 0.3.1 Chart for nginx-ingress-controller and kube-lego
bitnami/kong 3.3.2 2.3.1 Kong is a scalable, open source API layer (aka ...
stable/gcloud-endpoints 0.1.2 1 DEPRECATED Develop, deploy, protect and monitor...
helm serach hub
はもっと広範囲に、Artifact HUB上のチャートを検索します。Artifact HUBはCloud Native Computing Foundation(CNCF)が運営している、Helmチャート含む様々なパッケージを検索、配布などするWebサイトです。
search hub
$ helm search hub nginx -o yaml
- app_version: ""
description: An NGINX HTTP server
url: https://artifacthub.io/packages/helm/wiremind/nginx
version: 2.1.1
- app_version: 1.19.6
description: Chart for the nginx server
url: https://artifacthub.io/packages/helm/bitnami/nginx
version: 8.4.1
- app_version: 1.16.0
description: A NGINX Docker Community based Helm chart for Kubernetes
url: https://artifacthub.io/packages/helm/mirantis/nginx
version: 0.1.0
- app_version: 1.17.9
description: |-
Helm chart to deploy [nginx](https://www.nginx.com).
Chart supports environment variables inside of the nginx.conf file.
url: https://artifacthub.io/packages/helm/slamdev/nginx
version: 0.0.11
- app_version: latest
description: A chart to do nginx things
url: https://artifacthub.io/packages/helm/cocainefarm/nginx
version: 1.0.1
- app_version: ""
description: Simple nginx deployment usable for deploying proxies or small sites.
url: https://artifacthub.io/packages/helm/t3n/nginx
version: 0.1.1
- app_version: 0.43.0
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
url: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
version: 3.21.0
- app_version: 1.10.0
description: NGINX Ingress Controller
url: https://artifacthub.io/packages/helm/nginx/nginx-ingress
version: 0.8.0
- app_version: 0.29.0
description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration.
url: https://artifacthub.io/packages/helm/hkube/nginx-ingress
version: 1.31.1002
- app_version: 0.0.0-edge
description: NGINX Ingress Controller
url: https://artifacthub.io/packages/helm/nginx-edge/nginx-ingress
version: 0.0.0-edge
- app_version: 0.43.0
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
url: https://artifacthub.io/packages/helm/wener/ingress-nginx
version: 3.21.0
- app_version: ""
description: A Helm chart for Nginx Ingress
url: https://artifacthub.io/packages/helm/cloudposse/nginx-ingress
version: 0.1.8
- app_version: latest
description: A Dockerfile for nginx-rtmp-module + FFmpeg from source with basic settings for streaming HLS. Built on Alpine Linux
url: https://artifacthub.io/packages/helm/cocainefarm/nginx-rtmp
version: 0.7.0
- app_version: "1.1"
description: A Helm chart for installing a simple nginx
url: https://artifacthub.io/packages/helm/newrelic/simple-nginx
version: 1.1.1
- app_version: ""
description: A Helm chart for nginx-default-backend to be used by nginx-ingress controller
url: https://artifacthub.io/packages/helm/cloudposse/nginx-default-backend
version: 0.5.0
- app_version: 0.43.0
description: Chart for the nginx Ingress controller
url: https://artifacthub.io/packages/helm/bitnami/nginx-ingress-controller
version: 7.1.3
- app_version: 0.1.2
description: A Simple Web service Chart
url: https://artifacthub.io/packages/helm/pnnl-miscscripts/nginx-app
version: 0.1.2
- app_version: 1.13.5-alpine
description: A Helm chart for Kubernetes
url: https://artifacthub.io/packages/helm/choerodon/nginx-files-server
version: 0.1.0
- app_version: 2.5.0
description: A Demo application for the logging-operator
url: https://artifacthub.io/packages/helm/banzaicloud-stable/nginx-logging-demo
version: 2.5.0
- app_version: 2.5.0
description: A Demo application for the logging-operator AWS CloudWatch backend
url: https://artifacthub.io/packages/helm/banzaicloud-stable/nginx-logging-cw-demo
version: 2.5.0
- app_version: 2.5.0
description: A Demo application for the logging-operator
url: https://artifacthub.io/packages/helm/banzaicloud-stable/nginx-logging-es-demo
version: 2.5.0
- app_version: 2.5.0
description: A Helm chart for Kubernetes
url: https://artifacthub.io/packages/helm/banzaicloud-stable/nginx-logging-kafka-demo
version: 2.5.0
- app_version: 2.5.0
description: A Demo application for the logging-operator
url: https://artifacthub.io/packages/helm/banzaicloud-stable/nginx-logging-loki-demo
version: 2.5.0
- app_version: ""
description: A Helm chart that provides a maintenance backend to be used by nginx-ingress controller
url: https://artifacthub.io/packages/helm/cloudposse/fail-whale
version: 0.1.1
- app_version: 1.6.1
description: Flagger is a progressive delivery operator for Kubernetes
url: https://artifacthub.io/packages/helm/flagger/flagger
version: 1.6.1
- app_version: 2.3.1
description: Kong is a scalable, open source API layer (aka API gateway or API middleware) that runs in front of any RESTful API. Extra functionalities beyond the core platform are extended through plugins. Kong is built on top of reliable technologies like NGINX and provides an easy-to-use RESTful API to operate and configure the system.
url: https://artifacthub.io/packages/helm/bitnami/kong
version: 3.3.2
- app_version: v0.0.1
description: A Helm chart for deployoing ORY Oathkeeper Rule Controller in Kubernetes
url: https://artifacthub.io/packages/helm/ory/maester
version: 0.0.17
- app_version: v0.38.4-beta.1
description: A Helm chart for deploying ORY Oathkeeper in Kubernetes
url: https://artifacthub.io/packages/helm/ory/oathkeeper
version: 0.5.2
- app_version: v0.1.0
description: A Helm chart for deploying ORY Oathkeeper Rule Controller in Kubernetes
url: https://artifacthub.io/packages/helm/ory/oathkeeper-maester
version: 0.5.2
- app_version: 0.17.3
description: An SSO and OAuth login solution for nginx using the auth_request module
url: https://artifacthub.io/packages/helm/halkeye/vouch
version: 1.0.0
show
show information of a chart
チャートの情報を取得します。サブコマンドは以下です。
Available Commands:
all show all information of the chart
chart show the chart's definition
readme show the chart's README
values show the chart's values
helm get
と混同しそうになりますが、 helm get
はリリース、helm show
はチャートの情報を取得します。
readme
$ helm show readme bitnami/nginx
(https://github.com/bitnami/charts/tree/master/bitnami/nginxの内容がズラーッと表示されます)
chart
$ helm show chart bitnami/nginx
annotations:
category: Infrastructure
apiVersion: v2
appVersion: 1.19.6
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
tags:
- bitnami-common
version: 1.x.x
description: Chart for the nginx server
home: https://github.com/bitnami/charts/tree/master/bitnami/nginx
icon: https://bitnami.com/assets/stacks/nginx/img/nginx-stack-220x234.png
keywords:
- nginx
- http
- web
- www
- reverse proxy
maintainers:
- email: containers@bitnami.com
name: Bitnami
name: nginx
sources:
- https://github.com/bitnami/bitnami-docker-nginx
- http://www.nginx.org
version: 8.4.1
values
$ helm show values bitnami/nginx
(https://github.com/bitnami/charts/blob/master/bitnami/nginx/values.yamlの情報が表示されます)
show values
は便利ですねー。今後使いたいと思います。
status
display the status of the named release
リリースのステータスを取得します。
$ helm install mywebserver bitnami/nginx
$ helm status mywebserver
NAME: mywebserver
LAST DEPLOYED: Wed Jan 27 09:49:48 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **
NGINX can be accessed through the following DNS name from within your cluster:
mywebserver-nginx.default.svc.cluster.local (port 80)
To access NGINX from outside the cluster, follow the steps below:
1. Get the NGINX URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w mywebserver-nginx'
export SERVICE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].port}" services mywebserver-nginx)
export SERVICE_IP=$(kubectl get svc --namespace default mywebserver-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "http://${SERVICE_IP}:${SERVICE_PORT}"
helm get
と混同しそうですが、こっちはその名のとおりステータス的な情報の取得で、getの方がより細かい情報を取れる感じです。
template
locally render templates
チャートからマニフェストファイルを作成して出力します。その際、チャートの動的な部分はvalueファイルの値を使って置換されます。つまり出来上がったマニフェストファイルが確認できるということですね。
EKS WorkshopDeploy Example Microservices Using Helmの項を例に挙げます。ここまでやってから helm template
してみます。
$ helm template ~/environment/eksdemo
---
# Source: eksdemo/templates/service/crystal.yaml
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-crystal
spec:
selector:
app: ecsdemo-crystal
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
# Source: eksdemo/templates/service/frontend.yaml
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-frontend
spec:
selector:
app: ecsdemo-frontend
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
# Source: eksdemo/templates/service/nodejs.yaml
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-nodejs
spec:
selector:
app: ecsdemo-nodejs
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
# Source: eksdemo/templates/deployment/crystal.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-crystal
labels:
app: ecsdemo-crystal
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: ecsdemo-crystal
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-crystal
spec:
containers:
- image: brentley/ecsdemo-crystal:latest
imagePullPolicy: Always
name: ecsdemo-crystal
ports:
- containerPort: 3000
protocol: TCP
---
# Source: eksdemo/templates/deployment/frontend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-frontend
labels:
app: ecsdemo-frontend
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: ecsdemo-frontend
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-frontend
spec:
containers:
- image: brentley/ecsdemo-frontend:latest
imagePullPolicy: Always
name: ecsdemo-frontend
ports:
- containerPort: 3000
protocol: TCP
env:
- name: CRYSTAL_URL
value: "http://ecsdemo-crystal.default.svc.cluster.local/crystal"
- name: NODEJS_URL
value: "http://ecsdemo-nodejs.default.svc.cluster.local/"
---
# Source: eksdemo/templates/deployment/nodejs.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-nodejs
labels:
app: ecsdemo-nodejs
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: ecsdemo-nodejs
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-nodejs
spec:
containers:
- image: brentley/ecsdemo-nodejs:latest
imagePullPolicy: Always
name: ecsdemo-nodejs
ports:
- containerPort: 3000
protocol: TCP
別のvalueファイルを作って、それをtemplateに渡して結果を見てみましょう。value2.yamlを作ります。ハイライトにしたreplicaの部分が元のvalueファイルとの相違点です。
value2.yaml
# Default values for eksdemo.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Release-wide Values
replicas: 1
version: 'latest'
# Service Specific Values
nodejs:
image: brentley/ecsdemo-nodejs
crystal:
image: brentley/ecsdemo-crystal
frontend:
image: brentley/ecsdemo-frontend
-f
オプションで食わせるvalueファイルを変更できます。valueファイルの相違点が反映されていることがわかります。(ハイライト部分)
$ helm template ~/environment/eksdemo -f ~/environment/eksdemo/values2.yaml
---
# Source: eksdemo/templates/service/crystal.yaml
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-crystal
spec:
selector:
app: ecsdemo-crystal
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
# Source: eksdemo/templates/service/frontend.yaml
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-frontend
spec:
selector:
app: ecsdemo-frontend
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
# Source: eksdemo/templates/service/nodejs.yaml
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-nodejs
spec:
selector:
app: ecsdemo-nodejs
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
# Source: eksdemo/templates/deployment/crystal.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-crystal
labels:
app: ecsdemo-crystal
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: ecsdemo-crystal
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-crystal
spec:
containers:
- image: brentley/ecsdemo-crystal:latest
imagePullPolicy: Always
name: ecsdemo-crystal
ports:
- containerPort: 3000
protocol: TCP
---
# Source: eksdemo/templates/deployment/frontend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-frontend
labels:
app: ecsdemo-frontend
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: ecsdemo-frontend
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-frontend
spec:
containers:
- image: brentley/ecsdemo-frontend:latest
imagePullPolicy: Always
name: ecsdemo-frontend
ports:
- containerPort: 3000
protocol: TCP
env:
- name: CRYSTAL_URL
value: "http://ecsdemo-crystal.default.svc.cluster.local/crystal"
- name: NODEJS_URL
value: "http://ecsdemo-nodejs.default.svc.cluster.local/"
---
# Source: eksdemo/templates/deployment/nodejs.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-nodejs
labels:
app: ecsdemo-nodejs
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: ecsdemo-nodejs
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-nodejs
spec:
containers:
- image: brentley/ecsdemo-nodejs:latest
imagePullPolicy: Always
name: ecsdemo-nodejs
ports:
- containerPort: 3000
protocol: TCP
test
run tests for a release
リリースのテストを実行します。
テストの内容は、templates/
以下に書く必要があります。複数のファイルに分割もできますし、他と区別するため templates/tests
以下に書くこともできます。Jobのマニフェストを書きます。以下アノテーションを付ける必要があります。
metadata:
annotations:
"helm.sh/hook": test
指定したイメージからコンテナを立ち上げ、指定したコマンドを実行してエラーが出なかったらテスト成功です。
EKSWorkshopの Deploy Example Microservices Using Helmを例にして、テストを書いてみたいと思います。frontend podからcrystal serviceへの疎通を確認します。
~/environment/eksdemo/templates/tests/frontend.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ecsdemo-frontend-test
annotations:
"helm.sh/hook": test
spec:
template:
metadata:
labels:
app: ecsdemo-frontend
spec:
containers:
- image: {{ .Values.frontend.image }}:{{ .Values.version }}
name: ecsdemo-frontend-test
ports:
- containerPort: 3000
protocol: TCP
env:
- name: CRYSTAL_URL
value: "http://ecsdemo-crystal.default.svc.cluster.local/crystal"
- name: NODEJS_URL
value: "http://ecsdemo-nodejs.default.svc.cluster.local/"
command: ["curl"]
args: ["$(CRYSTAL_URL)"]
restartPolicy: Never
リリースを更新します。
$ helm upgrade workshop ~/environment/eksdemo
Release "workshop" has been upgraded. Happy Helming!
NAME: workshop
LAST DEPLOYED: Thu Jan 28 07:22:47 2021
NAMESPACE: default
STATUS: deployed
REVISION: 2
テスト実行します。
$ helm test workshop
NAME: workshop
LAST DEPLOYED: Thu Jan 28 07:22:47 2021
NAMESPACE: default
STATUS: deployed
REVISION: 2
TEST SUITE: ecsdemo-frontend-test
Last Started: Thu Jan 28 07:23:27 2021
Last Completed: Thu Jan 28 07:23:31 2021
Phase: Succeeded
uninstall
uninstall a release
そのまんまですが、リリースをアンインストールします。
$ helm uninstall workshop
release "workshop" uninstalled
upgrade
upgrade a release
最新版のチャートを取得してリリースを更新します。
$ helm upgrade workshop ~/environment/eksdemo
Release "workshop" has been upgraded. Happy Helming!
NAME: workshop
LAST DEPLOYED: Thu Jan 28 07:22:47 2021
NAMESPACE: default
STATUS: deployed
REVISION: 2
--version
オプションで最新版ではなく任意のバージョンで更新することもできます。またhelm install
と同様 -f
でvalueファイルを指定もできます。
verify
verify that a chart at the given path has been signed and is valid
チャートが改ざんされたものでないかの検証を行ないます。検証は、helm package
時に --sign
オプションを使って圧縮ファイルを作成したチャートに対してのみ実行可能です。
PGP鍵作成
$ gpg --gen-key
gpg (GnuPG) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: kazue
Email address: xxx@xxx.jp
Comment:
You selected this USER-ID:
"kazue <xxx@xxx.jp>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 3011578B marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/3011578B 2021-01-28
Key fingerprint = B8AB 7395 C85D C8D3 DFA7 8A1B 4C10 32A4 3011 578B
uid [ultimate] kazue <xxx@xxx.jp>
sub 2048R/A6E23953 2021-01-28
圧縮ファイル作成
$ helm package wordpress --sign --keyring ~/.gnupg/secring.gpg --key 'kazue'
Password for key "kazue <xxx@xxx.jp>" >
Successfully packaged chart and saved it to: /home/ec2-user/environment/wordpress-9.0.3.tgz
検証
$ helm verify wordpress-9.0.3.tgz --keyring ~/.gnupg/pubring.gpg
Signed by: kazue <xxx@xxx.jp>
Using Key With Fingerprint: B8AB7395C85DC8D3DFA78A1B4C1032A43011578B
Chart Hash Verified: sha256:adc53579beb3cd51b93a33f1866c9a8cdad24900d94927c00693bf534e5295f3
version
print the client version information
どのコマンドにもある、バージョン確認のためのサブコマンドです。
$ helm version
version.BuildInfo{Version:"v3.5.0", GitCommit:"32c22239423b3b4ba6706d450bd044baffdcf9e6", GitTreeState:"clean", GoVersion:"go1.15.6"}
$ helm version --short
v3.5.0+g32c2223