Kubernetes And Helm v2

What is Helm

Major Chart Repositories

Preparing a k8s cluster

Public cloud faction:

On-premise:

Environment

Install Helm

Install tiller

root@vagrant:/home/vagrant# helm init --stable-repo-url https://charts.helm.sh/stable
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://charts.helm.sh/stable
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://v2.helm.sh/docs/securing_installation/
root@vagrant:/home/vagrant# kubectl get deployment -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
coredns 1/1 1 1 7m31s
calico-kube-controllers 1/1 1 1 7m57s
dashboard-metrics-scraper 1/1 1 1 6m57s
hostpath-provisioner 1/1 1 1 6m55s
kubernetes-dashboard 1/1 1 1 6m57s
metrics-server 1/1 1 1 7m9s
tiller-deploy 1/1 1 1 12s
root@vagrant:/home/vagrant#
root@vagrant:/home/vagrant# kubectl -n kube-system create serviceaccount tiller
serviceaccount/tiller created
root@vagrant:/home/vagrant# kubectl create clusterrolebinding tiller \
> --clusterrole=cluster-admin \
> --serviceaccount=kube-system:tiller

clusterrolebinding.rbac.authorization.k8s.io/tiller created
root@vagrant:/home/vagrant# helm init --stable-repo-url https://charts.helm.sh/stable

Check the version

root@vagrant:/home/vagrant# helm version
Client: &version.Version{SemVer:"v2.16.12", GitCommit:"47f0b88409e71fd9ca272abc7cd762a56a1c613e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.12", GitCommit:"47f0b88409e71fd9ca272abc7cd762a56a1c613e", GitTreeState:"clean"}
root@vagrant:/home/vagrant#
root@vagrant:/home/vagrant# helm reset --force
root@vagrant:/home/vagrant# which helm
/usr/local/bin/helm
root@vagrant:/home/vagrant# rm -rf /usr/local/bin/helm

Helm command list

Let’s start !

Check the repository

Display the repository list

root@vagrant:/home/vagrant# helm repo list
NAME URL
stable https://charts.helm.sh/stable
local http://127.0.0.1:8879/charts
root@vagrant:/home/vagrant#

Add repository

root@vagrant:/home/vagrant# helm repo add incubator https://charts.helm.sh/incubator
"incubator" has been added to your repositories
root@vagrant:/home/vagrant# helm repo list
NAME URL
stable https://charts.helm.sh/stable
local http://127.0.0.1:8879/charts
incubator https://charts.helm.sh/incubator

Show deployable charts

root@vagrant:/home/vagrant# helm repo add bitnami https://charts.bitnami.com/bitnami
root@vagrant:/home/vagrant# helm search bitnami/kube-prometheus
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/kube-prometheus 6.1.1 0.48.1 kube-prometheus collects Kubernetes manifests to provide ...
root@vagrant:/home/vagrant#

Install application

root@vagrant:/home/vagrant# kubectl create ns example-ns
namespace/example-ns created
root@vagrant:/home/vagrant# helm install stable/prometheus --name example-prometheus --namespace example-ns --dry-run
WARNING: This chart is deprecated
NAME: example-prometheus
root@vagrant:/home/vagrant# helm install stable/prometheus --name example-prometheus --namespace example-ns
WARNING: This chart is deprecated
NAME: example-prometheus
E0720 16:55:35.043263 22581 portforward.go:372] error copying from remote stream to local connection: readfrom tcp4 127.0.0.1:34597->127.0.0.1:55820: write tcp4 127.0.0.1:34597->127.0.0.1:55820: write: broken pipe
LAST DEPLOYED: Tue Jul 20 16:55:34 2021
NAMESPACE: example-ns
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME DATA AGE
example-prometheus-alertmanager 1 1s
example-prometheus-server 5 1s

==> v1/DaemonSet
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
example-prometheus-node-exporter 1 1 0 1 0 <none> 2s

==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
example-prometheus-alertmanager 0/1 1 0 2s
example-prometheus-kube-state-metrics 0/1 1 0 2s
example-prometheus-pushgateway 0/1 1 0 2s
example-prometheus-server 0/1 1 0 2s

==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
example-prometheus-alertmanager Bound pvc-5420e7e2-9e80-4792-8353-96ca4bf5f4c5 2Gi RWO microk8s-hostpath 1s
example-prometheus-server Bound pvc-1dd34575-1625-4b66-a0a0-3f6c25464922 8Gi RWO microk8s-hostpath 1s

==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
example-prometheus-alertmanager-97d67646d-rtt5w 0/2 ContainerCreating 0 3s
example-prometheus-kube-state-metrics-64cbc579cd-6v8sc 0/1 Pending 0 3s
example-prometheus-node-exporter-bkjht 0/1 ContainerCreating 0 2s
example-prometheus-pushgateway-784b8f8d5f-dnqlc 0/1 ContainerCreating 0 3s
example-prometheus-server-7f64f9b7d8-j5lxj 0/2 Pending 0 2s

==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
example-prometheus-alertmanager ClusterIP 10.152.183.193 <none> 80/TCP 2s
example-prometheus-kube-state-metrics ClusterIP 10.152.183.135 <none> 8080/TCP 2s
example-prometheus-node-exporter ClusterIP None <none> 9100/TCP 2s
example-prometheus-pushgateway ClusterIP 10.152.183.223 <none> 9091/TCP 2s
example-prometheus-server ClusterIP 10.152.183.199 <none> 80/TCP 1s

==> v1/ServiceAccount
NAME SECRETS AGE
example-prometheus-alertmanager 1 1s
example-prometheus-kube-state-metrics 1 1s
example-prometheus-node-exporter 1 1s
example-prometheus-pushgateway 1 1s
example-prometheus-server 1 1s

==> v1beta1/ClusterRole
NAME CREATED AT
example-prometheus-alertmanager 2021-07-20T16:55:34Z
example-prometheus-kube-state-metrics 2021-07-20T16:55:34Z
example-prometheus-pushgateway 2021-07-20T16:55:34Z
example-prometheus-server 2021-07-20T16:55:34Z

==> v1beta1/ClusterRoleBinding
NAME ROLE AGE
example-prometheus-alertmanager ClusterRole/example-prometheus-alertmanager 1s
example-prometheus-kube-state-metrics ClusterRole/example-prometheus-kube-state-metrics 1s
example-prometheus-pushgateway ClusterRole/example-prometheus-pushgateway 1s
example-prometheus-server ClusterRole/example-prometheus-server 1s


NOTES:
DEPRECATED and moved to <https://github.com/prometheus-community/helm-charts>The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
example-prometheus-server.example-ns.svc.cluster.local


Get the Prometheus server URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods --namespace example-ns -l "app=prometheus,component=server" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace example-ns port-forward $POD_NAME 9090


The Prometheus alertmanager can be accessed via port 80 on the following DNS name from within your cluster:
example-prometheus-alertmanager.example-ns.svc.cluster.local


Get the Alertmanager URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods --namespace example-ns -l "app=prometheus,component=alertmanager" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace example-ns port-forward $POD_NAME 9093
#################################################################################
###### WARNING: Pod Security Policy has been moved to a global property. #####
###### use .Values.podSecurityPolicy.enabled with pod-based #####
###### annotations #####
###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) #####
#################################################################################


The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
example-prometheus-pushgateway.example-ns.svc.cluster.local


Get the PushGateway URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods --namespace example-ns -l "app=prometheus,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace example-ns port-forward $POD_NAME 9091

For more information on running Prometheus, visit:
https://prometheus.io/

root@vagrant:/home/vagrant# helm ls
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
example-prometheus 1 Tue Jul 20 16:55:34 2021 DEPLOYED prometheus-11.12.1 2.20.1 example-ns

Check deployment

root@vagrant:/home/vagrant# kubectl get deploy,svc,po,configmap -n example-ns
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/example-prometheus-pushgateway 1/1 1 1 5m54s
deployment.apps/example-prometheus-kube-state-metrics 1/1 1 1 5m54s
deployment.apps/example-prometheus-alertmanager 1/1 1 1 5m54s
deployment.apps/example-prometheus-server 1/1 1 1 5m54s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/example-prometheus-node-exporter ClusterIP None <none> 9100/TCP 5m54s
service/example-prometheus-server ClusterIP 10.152.183.199 <none> 80/TCP 5m54s
service/example-prometheus-pushgateway ClusterIP 10.152.183.223 <none> 9091/TCP 5m54s
service/example-prometheus-kube-state-metrics ClusterIP 10.152.183.135 <none> 8080/TCP 5m54s
service/example-prometheus-alertmanager ClusterIP 10.152.183.193 <none> 80/TCP 5m54s
NAME READY STATUS RESTARTS AGE
pod/example-prometheus-node-exporter-bkjht 1/1 Running 0 5m54s
pod/example-prometheus-pushgateway-784b8f8d5f-dnqlc 1/1 Running 0 5m54s
pod/example-prometheus-kube-state-metrics-64cbc579cd-6v8sc 1/1 Running 0 5m54s
pod/example-prometheus-alertmanager-97d67646d-rtt5w 2/2 Running 0 5m54s
pod/example-prometheus-server-7f64f9b7d8-j5lxj 2/2 Running 0 5m54s
NAME DATA AGE
configmap/kube-root-ca.crt 1 12m
configmap/example-prometheus-server 5 5m54s
configmap/example-prometheus-alertmanager 1 5m54s
root@vagrant:/home/vagrant#

View installed applications

root@vagrant:/home/vagrant# helm ls --namespace example-ns
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
example-prometheus 1 Tue Jul 20 16:55:34 2021 DEPLOYED prometheus-11.12.1 2.20.1 example-ns

Undeploy the application

root@vagrant:/home/vagrant# helm ls --namespace example-ns
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
example-prometheus 1 Tue Jul 20 16:55:34 2021 DEPLOYED prometheus-11.12.1 2.20.1 example-ns
root@vagrant:/home/vagrant# helm delete example-prometheus --purge
release "example-prometheus" deleted
root@vagrant:/home/vagrant# helm ls --namespace example-ns
root@vagrant:/home/vagrant#

Summary

DevOps Consultant. I’m strongly focused on automation, security, and reliability.