一、helm介绍以及安装
1.helm概述
-
helm有点类似于Linux的yum,apt工具,帮助我们管理K8S集群的资源清单。
-
Helm 帮助您管理 Kubernetes 应用—— Helm Chart,即使是最复杂的 Kubernetes 应用程序,都可以帮助您定义,安装和升级。
-
Helm Chart 易于创建、发版、分享和发布,所以停止复制粘贴,开始使用 Helm 吧。
-
Helm 是 CNCF 的毕业项目,由 Helm 社区维护。
-
官方文档:https://helm.sh/zh/
2.helm的架构版本选择
-
2019年11月Helm团队发布V3版本,相比v2版本最大变化是将Tiller删除,并大部分代码重构。
-
helm v3相比helm v2还做了很多优化,比如不同命名空间资源同名的情况在v3版本是允许的,我们在生产环境中使用建议大家使用v3版本,不仅仅是因为它版本功能较强,而且相对来说也更加稳定了。
-
官方地址:
-
https://helm.sh/docs/intro/install/
-
github地址:
-
https://github.com/helm/helm/releases
3.安装helm
wget https://get.helm.sh/helm-v3.18.4-linux-amd64.tar.gz
[root@master231 ~]# tar xf helm-v3.18.4-linux-amd64.tar.gz -C /usr/local/bin/ linux-amd64/helm --strip-components=1
[root@master231 ~]#
[root@master231 ~]# ll /usr/local/bin/helm
-rwxr-xr-x 1 1001 fwupd-refresh 59715768 Jul 9 04:36 /usr/local/bin/helm*
[root@master231 ~]#
[root@master231 ~]# helm version
version.BuildInfo{Version:"v3.18.4", GitCommit:"d80839cf37d860c8aa9a0503fe463278f26cd5e2", GitTreeState:"clean", GoVersion:"go1.24.4"}
[root@master231 ~]# 4.配置helm的自动补全功能
[root@master231 ~]# helm completion bash > /etc/bash_completion.d/helm
[root@master231 ~]# source /etc/bash_completion.d/helm
[root@master231 ~]# echo 'source /etc/bash_completion.d/helm' >> ~/.bashrc
二 helm的Chart基本管理
1.创建Chart
mkdir 05-helm
helm create oldboyedu-linux98[root@master231 helm-Chart]# tree oldboyedu-linux98/
oldboyedu-linux98/
├── charts # 包含chart依赖的其他chart
├── Chart.yaml # 包含了chart信息的YAML文件
├── templates # 模板目录, 当和values 结合时,可生成有效的Kubernetes manifest文件
│ ├── deployment.yaml # deployment资源清单模板。
│ ├── _helpers.tpl # 自定义模板
│ ├── hpa.yaml # hpa资源清单模板。
│ ├── ingress.yaml # Ingress资源清单模板。
│ ├── NOTES.txt # 可选: 包含简要使用说明的纯文本文件
│ ├── serviceaccount.yaml # sa资源清单模板。
│ ├── service.yaml # svc资源清单模板。
│ └── tests # 测试目录
│ └── test-connection.yaml
└── values.yaml # chart 默认的配置值
2.修改默认的values.yaml
[root@master231 05-helm]# egrep "repository:|tag:" oldboyedu-linux98/values.yaml repository: nginxtag: ""
[root@master231 05-helm]#
[root@master231 05-helm]# sed -i "/repository\:/s#nginx#registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps#" oldboyedu-linux98/values.yaml
[root@master231 05-helm]#
[root@master231 05-helm]# sed -ri '/tag\:/s#tag: ""#tag: v1#' oldboyedu-linux98/values.yaml
[root@master231 05-helm]#
[root@master231 05-helm]# egrep "repository:|tag:" oldboyedu-linux98/values.yaml repository: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/appstag: v1
[root@master231 05-helm]#
3.基于Chart安装服务发行Release
[root@master231 05-helm]# helm install xiuxian oldboyedu-linux98
NAME: xiuxian
LAST DEPLOYED: Mon Jul 28 09:34:21 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=oldboyedu-linux98,app.kubernetes.io/instance=xiuxian" -o jsonpath="{.items[0].metadata.name}")export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")echo "Visit http://127.0.0.1:8080 to use your application"kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
4查看服务
[root@master231 05-helm]# kubectl get deploy,svc,pods
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/xiuxian-oldboyedu-linux98 1/1 1 1 84sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d22h
service/xiuxian-oldboyedu-linux98 ClusterIP 10.200.231.250 <none> 80/TCP 84sNAME READY STATUS RESTARTS AGE
pod/xiuxian-oldboyedu-linux98-68c6c66bb6-srwkx 1/1 Running 0 84s
[root@master231 05-helm]#
[root@master231 05-helm]# curl 10.200.231.250
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v1</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: green">凡人修仙传 v1 </h1><div><img src="1.jpg"><div></body></html>
[root@master231 05-helm]#
5.卸载服务
helm uninstall xiuxian
三、 helm的两种升级方式案例
1.安装旧的服务
[root@master231 05-helm]# helm install xiuxian oldboyedu-linux98
E0728 10:15:47.679502 103409 memcache.go:287] "Unhandled Error" err="couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request" logger="UnhandledError"
E0728 10:15:47.689877 103409 memcache.go:121] "Unhandled Error" err="couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request" logger="UnhandledError"
NAME: xiuxian
LAST DEPLOYED: Mon Jul 28 10:15:47 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=oldboyedu-linux98,app.kubernetes.io/instance=xiuxian" -o jsonpath="{.items[0].metadata.name}")export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")echo "Visit http://127.0.0.1:8080 to use your application"kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
[root@master231 05-helm]#
[root@master231 05-helm]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
xiuxian default 1 2025-07-28 10:15:47.695220923 +0800 CST deployed oldboyedu-linux98-0.1.0 1.16.0
[root@master231 05-helm]#
[root@master231 05-helm]# kubectl get deploy,svc,po -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/xiuxian-oldboyedu-linux98 1/1 1 1 2m17s oldboyedu-linux98 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 app.kubernetes.io/instance=xiuxian,app.kubernetes.io/name=oldboyedu-linux98NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d23h <none>
service/xiuxian-oldboyedu-linux98 ClusterIP 10.200.67.55 <none> 80/TCP 2m17s app.kubernetes.io/instance=xiuxian,app.kubernetes.io/name=oldboyedu-linux98NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/xiuxian-oldboyedu-linux98-68c6c66bb6-cpcz7 1/1 Running 0 2m17s 10.100.2.168 worker233 <none> <none>
[root@master231 05-helm]#
[root@master231 05-helm]#
[root@master231 05-helm]# curl 10.200.67.55
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v1</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: green">凡人修仙传 v1 </h1><div><img src="1.jpg"><div></body></html>
[root@master231 05-helm]#
2.修改要升级的相关参数【当然,你也可以做其他的修改哟~】
root@master231 05-helm]# egrep "replicaCount|tag:" oldboyedu-linux98/values.yaml
replicaCount: 1tag: v1
[root@master231 05-helm]#
[root@master231 05-helm]# sed -i '/replicaCount/s#1#3#' oldboyedu-linux98/values.yaml
[root@master231 05-helm]#
[root@master231 05-helm]# sed -i "/tag:/s#v1#v2#" oldboyedu-linux98/values.yaml
[root@master231 05-helm]#
[root@master231 05-helm]# egrep "replicaCount|tag:" oldboyedu-linux98/values.yaml
replicaCount: 3tag: v2
[root@master231 05-helm]#
[root@master231 05-helm]#
3.基于文件方式升级
[root@master231 05-helm]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
xiuxian default 1 2025-07-28 10:15:47.695220923 +0800 CST deployed oldboyedu-linux98-0.1.0 1.16.0
[root@master231 05-helm]#
[root@master231 05-helm]# helm upgrade xiuxian -f oldboyedu-linux98/values.yaml oldboyedu-linux98/
Release "xiuxian" has been upgraded. Happy Helming!
NAME: xiuxian
LAST DEPLOYED: Mon Jul 28 10:21:07 2025
NAMESPACE: default
STATUS: deployed
REVISION: 2
NOTES:
1. Get the application URL by running these commands:export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=oldboyedu-linux98,app.kubernetes.io/instance=xiuxian" -o jsonpath="{.items[0].metadata.name}")export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")echo "Visit http://127.0.0.1:8080 to use your application"kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
[root@master231 05-helm]#
[root@master231 05-helm]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
xiuxian default 2 2025-07-28 10:21:07.155788336 +0800 CST deployed oldboyedu-linux98-0.1.0 1.16.0
[root@master231 05-helm]#
4.验证升级效果
[root@master231 05-helm]# kubectl get deploy,svc,po
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/xiuxian-oldboyedu-linux98 3/3 3 3 5m35sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d23h
service/xiuxian-oldboyedu-linux98 ClusterIP 10.200.67.55 <none> 80/TCP 5m35sNAME READY STATUS RESTARTS AGE
pod/xiuxian-oldboyedu-linux98-5b48f4cb6c-fvwfv 1/1 Running 0 15s
pod/xiuxian-oldboyedu-linux98-5b48f4cb6c-jjc6c 1/1 Running 0 13s
pod/xiuxian-oldboyedu-linux98-5b48f4cb6c-scrpn 1/1 Running 0 12s
[root@master231 05-helm]#
[root@master231 05-helm]# curl 10.200.67.55
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v2</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: red">凡人修仙传 v2 </h1><div><img src="2.jpg"><div></body></html>
[root@master231 05-helm]# 5.基于环境变量方式升级
[root@master231 05-helm]# helm upgrade xiuxian --set replicaCount=5,image.tag=v3 oldboyedu-linux98
Release "xiuxian" has been upgraded. Happy Helming!
NAME: xiuxian
LAST DEPLOYED: Mon Jul 28 10:24:33 2025
NAMESPACE: default
STATUS: deployed
REVISION: 3
NOTES:
1. Get the application URL by running these commands:export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=oldboyedu-linux98,app.kubernetes.io/instance=xiuxian" -o jsonpath="{.items[0].metadata.name}")export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")echo "Visit http://127.0.0.1:8080 to use your application"kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
[root@master231 05-helm]# 6.再次验证升级效果
[root@master231 05-helm]# kubectl get deploy,svc,po
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/xiuxian-oldboyedu-linux98 5/5 5 5 8m53sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d23h
service/xiuxian-oldboyedu-linux98 ClusterIP 10.200.67.55 <none> 80/TCP 8m53sNAME READY STATUS RESTARTS AGE
pod/xiuxian-oldboyedu-linux98-6989979888-574ss 1/1 Running 0 5s
pod/xiuxian-oldboyedu-linux98-6989979888-bsmp5 1/1 Running 0 6s
pod/xiuxian-oldboyedu-linux98-6989979888-kd5j2 1/1 Running 0 7s
pod/xiuxian-oldboyedu-linux98-6989979888-nrwfq 1/1 Running 0 7s
pod/xiuxian-oldboyedu-linux98-6989979888-shdnk 1/1 Running 0 7s
[root@master231 05-helm]#
[root@master231 05-helm]# curl 10.200.67.55
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v3</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: pink">凡人修仙传 v3 </h1><div><img src="3.jpg"><div></body></html>
[root@master231 05-helm]# 四、- helm的回滚实战
1.查看RELEASE历史版本
[root@master231 05-helm]# helm history xiuxian
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Mon Jul 28 10:15:47 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Install complete
2 Mon Jul 28 10:21:07 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Upgrade complete
3 Mon Jul 28 10:24:33 2025 deployed oldboyedu-linux98-0.1.0 1.16.0 Upgrade complete
[root@master231 05-helm]#
[root@master231 05-helm]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
xiuxian default 3 2025-07-28 10:24:33.168320177 +0800 CST deployed oldboyedu-linux98-0.1.0 1.16.0
[root@master231 05-helm]#
[root@master231 05-helm]# 2.回滚到上一个版本
[root@master231 05-helm]# helm rollback xiuxian
Rollback was a success! Happy Helming!
[root@master231 05-helm]#
[root@master231 05-helm]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
xiuxian default 4 2025-07-28 10:27:07.456398093 +0800 CST deployed oldboyedu-linux98-0.1.0 1.16.0
[root@master231 05-helm]#
[root@master231 05-helm]# helm history xiuxian
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Mon Jul 28 10:15:47 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Install complete
2 Mon Jul 28 10:21:07 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Upgrade complete
3 Mon Jul 28 10:24:33 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Upgrade complete
4 Mon Jul 28 10:27:07 2025 deployed oldboyedu-linux98-0.1.0 1.16.0 Rollback to 2
[root@master231 05-helm]#
3.验证测试回滚效果
[root@master231 05-helm]# kubectl get deploy,svc,po
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/xiuxian-oldboyedu-linux98 3/3 3 3 11mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d23h
service/xiuxian-oldboyedu-linux98 ClusterIP 10.200.67.55 <none> 80/TCP 11mNAME READY STATUS RESTARTS AGE
pod/xiuxian-oldboyedu-linux98-5b48f4cb6c-2wgvt 1/1 Running 0 32s
pod/xiuxian-oldboyedu-linux98-5b48f4cb6c-4r4vx 1/1 Running 0 33s
pod/xiuxian-oldboyedu-linux98-5b48f4cb6c-mctq7 1/1 Running 0 30s
[root@master231 05-helm]#
[root@master231 05-helm]# curl 10.200.67.55
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v2</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: red">凡人修仙传 v2 </h1><div><img src="2.jpg"><div></body></html>
[root@master231 05-helm]#
4.注意再次回滚到上一个版本并验证结果
[root@master231 05-helm]# helm rollback xiuxian
Rollback was a success! Happy Helming!
[root@master231 05-helm]#
[root@master231 05-helm]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
xiuxian default 5 2025-07-28 10:29:10.472334011 +0800 CST deployed oldboyedu-linux98-0.1.0 1.16.0
[root@master231 05-helm]#
[root@master231 05-helm]# helm history xiuxian
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Mon Jul 28 10:15:47 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Install complete
2 Mon Jul 28 10:21:07 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Upgrade complete
3 Mon Jul 28 10:24:33 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Upgrade complete
4 Mon Jul 28 10:27:07 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Rollback to 2
5 Mon Jul 28 10:29:10 2025 deployed oldboyedu-linux98-0.1.0 1.16.0 Rollback to 3
[root@master231 05-helm]#
[root@master231 05-helm]# kubectl get deploy,svc,po
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/xiuxian-oldboyedu-linux98 5/5 5 5 13mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d23h
service/xiuxian-oldboyedu-linux98 ClusterIP 10.200.67.55 <none> 80/TCP 13mNAME READY STATUS RESTARTS AGE
pod/xiuxian-oldboyedu-linux98-6989979888-2l9rt 1/1 Running 0 15s
pod/xiuxian-oldboyedu-linux98-6989979888-dq2d4 1/1 Running 0 15s
pod/xiuxian-oldboyedu-linux98-6989979888-hg5pr 1/1 Running 0 15s
pod/xiuxian-oldboyedu-linux98-6989979888-k82x6 1/1 Running 0 13s
pod/xiuxian-oldboyedu-linux98-6989979888-qwsmf 1/1 Running 0 13s
[root@master231 05-helm]#
[root@master231 05-helm]# curl 10.200.67.55
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v3</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: pink">凡人修仙传 v3 </h1><div><img src="3.jpg"><div></body></html>
[root@master231 05-helm]#
5.回滚到指定版本
[root@master231 05-helm]# helm rollback xiuxian 1
Rollback was a success! Happy Helming!
[root@master231 05-helm]#
[root@master231 05-helm]# helm history xiuxian
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Mon Jul 28 10:15:47 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Install complete
2 Mon Jul 28 10:21:07 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Upgrade complete
3 Mon Jul 28 10:24:33 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Upgrade complete
4 Mon Jul 28 10:27:07 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Rollback to 2
5 Mon Jul 28 10:29:10 2025 superseded oldboyedu-linux98-0.1.0 1.16.0 Rollback to 3
6 Mon Jul 28 10:30:01 2025 deployed oldboyedu-linux98-0.1.0 1.16.0 Rollback to 1
[root@master231 05-helm]#
[root@master231 05-helm]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
xiuxian default 6 2025-07-28 10:30:01.204347883 +0800 CST deployed oldboyedu-linux98-0.1.0 1.16.0
[root@master231 05-helm]#
五、helm的公有仓库管理及es-exporter环境部署案例
1 主流的Chart仓库概述
-
互联网公开Chart仓库,可以直接使用他们制作好的Chart包:
-
微软仓库:
-
http://mirror.azure.cn/kubernetes/charts/ -
阿里云仓库:
-
https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
2 添加共有仓库
[root@master231 05-helm]# helm repo add azure http://mirror.azure.cn/kubernetes/charts/
"azure" has been added to your repositories
[root@master231 05-helm]#
[root@master231 05-helm]# helm repo add oldboyedu-aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"oldboyedu-aliyun" has been added to your repositories
[root@master231 05-helm]#
3.查看本地的仓库列表
helm repo list
4.更新本地的仓库信息
helm repo update
5.搜索我们关心的"Chart"
[root@master231 05-helm]# helm search repo elasticsearch # 此处的“elasticsearch”可以换成你想要搜索的Chart关键字即可
6.查看Chart的详细信息
helm show chart oldboyedu-aliyun/elasticsearch-exporter
7.拉取Chart
helm pull oldboyedu-aliyun/elasticsearch-exporter # 若不指定,拉取最新的Chart
helm pull oldboyedu-aliyun/elasticsearch-exporter --version 0.1.1 # 拉取指定Chart版本
8.解压Chart包
[root@master231 05-helm]# tar xf elasticsearch-exporter-0.1.2.tgz
[root@master231 05-helm]# tree elasticsearch-exporter
elasticsearch-exporter
├── Chart.yaml
├── README.md
├── templates
│ ├── cert-secret.yaml
│ ├── deployment.yaml
│ ├── _helpers.tpl
│ ├── NOTES.txt
│ └── service.yaml
└── values.yaml1 directory, 8 files
[root@master231 05-helm]#
[root@master231 05-helm]# grep apiVersion elasticsearch-exporter/templates/deployment.yaml
apiVersion: apps/v1beta2
[root@master231 05-helm]#
[root@master231 05-helm]# sed -ri '/apiVersion/s#(apps\/v1)beta2#\1#' elasticsearch-exporter/templates/deployment.yaml
[root@master231 05-helm]# grep apiVersion elasticsearch-exporter/templates/deployment.yaml
apiVersion: apps/v1
[root@master231 05-helm]#
9.基于Chart安装服务发行Release
[root@master231 05-helm]# helm install myes-exporter elasticsearch-exporter
NAME: myes-exporter
LAST DEPLOYED: Mon Jul 28 10:56:18 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get the application URL by running these commands:export POD_NAME=$(kubectl get pods --namespace default -l "app=myes-exporter-elasticsearch-exporter" -o jsonpath="{.items[0].metadata.name}")echo "Visit http://127.0.0.1:9108/metrics to use your application"kubectl port-forward $POD_NAME 9108:9108 --namespace default
[root@master231 05-helm]#
[root@master231 05-helm]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myes-exporter default 1 2025-07-28 10:56:18.011736108 +0800 CST deployed elasticsearch-exporter-0.1.2 1.0.2
xiuxian default 6 2025-07-28 10:30:01.204347883 +0800 CST deployed oldboyedu-linux98-0.1.0 1.16.0
[root@master231 05-helm]#
[root@master231 05-helm]# kubectl get deploy,svc,po -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/myes-exporter-elasticsearch-exporter 1/1 1 1 2m13s elasticsearch-exporter justwatch/elasticsearch_exporter:1.0.2 app=elasticsearch-exporter,release=myes-exporter
deployment.apps/xiuxian-oldboyedu-linux98 1/1 1 1 42m oldboyedu-linux98 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 app.kubernetes.io/instance=xiuxian,app.kubernetes.io/name=oldboyedu-linux98NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d23h <none>
service/myes-exporter-elasticsearch-exporter ClusterIP 10.200.210.74 <none> 9108/TCP 2m13s app=elasticsearch-exporter,release=myes-exporter
service/xiuxian-oldboyedu-linux98 ClusterIP 10.200.67.55 <none> 80/TCP 42m app.kubernetes.io/instance=xiuxian,app.kubernetes.io/name=oldboyedu-linux98NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/myes-exporter-elasticsearch-exporter-5b68b7f954-ctzgw 1/1 Running 0 3s 10.100.2.184 worker233 <none> <none>
pod/xiuxian-oldboyedu-linux98-68c6c66bb6-dd7st 1/1 Running 0 28m 10.100.2.182 worker233 <none> <none>
[root@master231 05-helm]#
[root@master231 05-helm]# curl -s 10.200.210.74:9108/metrics | tail
process_open_fds 7
# HELP process_resident_memory_bytes Resident memory size in bytes.
# TYPE process_resident_memory_bytes gauge
process_resident_memory_bytes 6.7584e+06
# HELP process_start_time_seconds Start time of the process since unix epoch in seconds.
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1.75367150895e+09
# HELP process_virtual_memory_bytes Virtual memory size in bytes.
# TYPE process_virtual_memory_bytes gauge
process_virtual_memory_bytes 1.0010624e+07
[root@master231 05-helm]# 温馨提示:如果镜像拉取不成功,可以在我的仓库中找到即可。
http://192.168.21.253/Resources/Kubernetes/Add-ons/helm/
10.删除第三方仓库
[root@master231 05-helm]# helm repo list
NAME URL
azure http://mirror.azure.cn/kubernetes/charts/
oldboyedu-aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
[root@master231 05-helm]#
[root@master231 05-helm]# helm repo remove oldboyedu-aliyun
"oldboyedu-aliyun" has been removed from your repositories
[root@master231 05-helm]#
[root@master231 05-helm]# helm repo list
NAME URL
azure http://mirror.azure.cn/kubernetes/charts/
[root@master231 05-helm]#
[root@master231 05-helm]# helm repo remove azure
"azure" has been removed from your repositories
[root@master231 05-helm]#
[root@master231 05-helm]# helm repo list
Error: no repositories to show
[root@master231 05-helm]# 六、基于helm部署Ingress-nginx实战
1.Ingress-Nginx概述
Ingress-Nginx是K8S官方写的一个Ingress Controller,而"nginx-Ingress"是Nginx官方写的资源清单。
注意,部署时要观察对比一下K8S和Ingress-Nginx对应的版本以来关系哟。
-
github地址:
-
https://github.com/kubernetes/ingress-nginx
-
安装文档:
-
https://kubernetes.github.io/ingress-nginx/deploy/#installation-guide
-
如上图所示,官方推荐了三种安装方式:
-
- 使用"helm"安装;
-
- 使用"kubectl apply"创建yaml资源清单的方式进行安装;
-
- 使用第三方插件的方式进行安装;
2.添加第三方仓库
[root@master231 ingress-nginx]# helm repo add oldboyedu-ingress https://kubernetes.github.io/ingress-nginx
3.搜索Ingress-nginx的Chart
helm search repo ingress-nginx
4.下载指定的Chart
helm pull oldboyedu-ingress/ingress-nginx --version 4.2.5
5.解压软件包并修改配置参数
[root@master231 helm]# tar xf ingress-nginx-4.2.5.tgz
[root@master231 helm]#
[root@master231 helm]# sed -i '/registry:/s#registry.k8s.io#registry.cn-hangzhou.aliyuncs.com#g' ingress-nginx/values.yaml
[root@master231 helm]# sed -i 's#ingress-nginx/controller#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i 's#ingress-nginx/kube-webhook-certgen#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i 's#v1.3.0#kube-webhook-certgen-v1.3.0#' ingress-nginx/values.yaml
[root@master231 helm]# sed -ri '/digest:/s@^@#@' ingress-nginx/values.yaml
[root@master231 helm]# sed -i '/hostNetwork:/s#false#true#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i '/dnsPolicy/s#ClusterFirst#ClusterFirstWithHostNet#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i '/kind/s#Deployment#DaemonSet#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i '/default:/s#false#true#' ingress-nginx/values.yaml
温馨提示:- 修改镜像为国内的镜像,否则无法下载海外镜像,除非你会FQ;- 如果使用我提供的镜像需要将digest注释掉,因为我的镜像是从海外同步过来的,被重新构建过,其digest不一致;- 建议大家使用宿主机网络效率最高,但是使用宿主机网络将来DNS解析策略会直接使用宿主机的解析;- 如果还想要继续使用K8S内部的svc名称解析,则需要将默认的"ClusterFirst"的DNS解析策略修改为"ClusterFirstWithHostNet";- 建议将Deployment类型改为DaemonSet类型,可以确保在各个节点部署一个Pod,也可以修改"nodeSelector"字段让其调度到指定节点;- 如果仅有一个ingress controller,可以考虑将"ingressClassResource.default"设置为true,表示让其成为默认的ingress controller;
6.关闭 admissionWebhooks功能
[root@master231 ingress-nginx]# vim ingress-nginx/values.yaml
...
admissionWebhooks:...enabled: false # 关闭admissionWebhooks功能,避免后面使用Ingress时报错!
7.安装ingress-nginx
helm upgrade --install ingress-server ingress-nginx -n ingress-nginx --create-namespace
8.验证Ingress-nginx是否安装成功
[root@master231 ingress-nginx]# helm list -n ingress-nginx
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
ingress-server ingress-nginx 1 2025-07-28 11:50:11.629524463 +0800 CST deployed ingress-nginx-4.2.5 1.3.1 kubectl get ingressclass,deploy,svc,po -n ingress-nginx -o wide
NAME CONTROLLER PARAMETERS AGE
ingressclass.networking.k8s.io/nginx k8s.io/ingress-nginx <none> 61sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/ingress-server-ingress-nginx-controller LoadBalancer 10.200.35.157 10.0.0.150 80:32384/TCP,443:31918/TCP 61s app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-server,app.kubernetes.io/name=ingress-nginxNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/ingress-server-ingress-nginx-controller-58m2j 1/1 Running 0 61s 10.0.0.233 worker233 <none> <none>
pod/ingress-server-ingress-nginx-controller-hfrrc 1/1 Running 0 61s 10.0.0.232 worker232 <none> <none>
[root@master231 ingress-nginx]#
9.测试验证
curl http://10.0.0.150/
七、ingress的映射http案例
1.为什么要学习Ingress
-
NodePort在暴露服务时,会监听一个NodePort端口,且多个服务无法使用同一个端口的情况。
-
因此我们说Service可以理解为四层代理。说白了,就是基于IP:PORT的方式进行代理。
-
假设"v1.oldboyedu.com"的服务需要监听80端口,而"v2.oldboyedu.com"和"v3.oldboyedu.com"同时也需要监听80端口,svc就很难实现。
-
这个时候,我们可以借助Ingress来实现此功能,可以将Ingress看做七层代理,底层依旧基于svc进行路由。
-
而Ingress在K8S是内置的资源,表示主机到svc的解析规则,但具体实现需要安装附加组件(对应的是IngressClass),比如ingress-nginx,traefik等。
-
IngressClass和Ingress的关系优点类似于: nginx和nginx.conf的关系。
2.准备环境
代码
[root@master231 25-ingresses]# cat > 01-deploy-svc-xiuxian.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-xiuxian-v1
spec:replicas: 3selector:matchLabels:apps: v1template:metadata:labels:apps: v1spec:containers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1ports:- containerPort: 80---
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-xiuxian-v2
spec:replicas: 3selector:matchLabels:apps: v2template:metadata:labels:apps: v2spec:containers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v2ports:- containerPort: 80---
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-xiuxian-v3
spec:replicas: 3selector:matchLabels:apps: v3template:metadata:labels:apps: v3spec:containers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v3ports:- containerPort: 80---apiVersion: v1
kind: Service
metadata:name: svc-xiuxian-v1
spec:type: ClusterIPselector:apps: v1ports:- port: 80---apiVersion: v1
kind: Service
metadata:name: svc-xiuxian-v2
spec:type: ClusterIPselector:apps: v2ports:- port: 80---apiVersion: v1
kind: Service
metadata:name: svc-xiuxian-v3
spec:type: ClusterIPselector:apps: v3ports:- port: 80
EOF[root@master231 25-ingresses]# kubectl apply -f 01-deploy-svc-xiuxian.yaml
deployment.apps/deploy-xiuxian-v1 created
deployment.apps/deploy-xiuxian-v2 created
deployment.apps/deploy-xiuxian-v3 created
service/svc-xiuxian-v1 created
service/svc-xiuxian-v2 created
service/svc-xiuxian-v3 created
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl get pods -o wide --show-labels
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS
deploy-xiuxian-v1-6bc556784f-28h62 1/1 Running 0 33s 10.100.2.186 worker233 <none> <none> apps=v1,pod-template-hash=6bc556784f
deploy-xiuxian-v1-6bc556784f-4wc6d 1/1 Running 0 33s 10.100.2.185 worker233 <none> <none> apps=v1,pod-template-hash=6bc556784f
deploy-xiuxian-v1-6bc556784f-ntmlq 1/1 Running 0 33s 10.100.1.32 worker232 <none> <none> apps=v1,pod-template-hash=6bc556784f
deploy-xiuxian-v2-64bb8c9785-ck9jd 1/1 Running 0 33s 10.100.2.189 worker233 <none> <none> apps=v2,pod-template-hash=64bb8c9785
deploy-xiuxian-v2-64bb8c9785-cq5s6 1/1 Running 0 33s 10.100.2.188 worker233 <none> <none> apps=v2,pod-template-hash=64bb8c9785
deploy-xiuxian-v2-64bb8c9785-jtxn8 1/1 Running 0 33s 10.100.1.34 worker232 <none> <none> apps=v2,pod-template-hash=64bb8c9785
deploy-xiuxian-v3-698c86cf85-dm72r 1/1 Running 0 33s 10.100.2.187 worker233 <none> <none> apps=v3,pod-template-hash=698c86cf85
deploy-xiuxian-v3-698c86cf85-jpz5j 1/1 Running 0 33s 10.100.1.35 worker232 <none> <none> apps=v3,pod-template-hash=698c86cf85
deploy-xiuxian-v3-698c86cf85-kzp8g 1/1 Running 0 33s 10.100.1.33 worker232 <none> <none> apps=v3,pod-template-hash=698c86cf85
[root@master231 25-ingresses]#
3.编写Ingress规则
Ingress规则代码
[root@master231 25-ingresses]# cat > 02-ingress-xiuxian.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-xiuxian
spec:# 指定IngressClass的名称ingressClassName: nginx# 定义解析规则rules:# 定义的是主机名- host: v1.oldboyedu.com# 配置http协议http:# 配置访问路径paths:# 配置匹配用户访问的类型,表示前缀匹配- pathType: Prefix# 指定匹配的路径path: /# 配置后端的调度svcbackend:# 配置svc的名称及端口service:name: svc-xiuxian-v1port:number: 80- host: v2.oldboyedu.comhttp:paths:- pathType: Prefixbackend:service:name: svc-xiuxian-v2port:number: 80path: /- host: v3.oldboyedu.comhttp:paths:- pathType: Prefixbackend:service:name: svc-xiuxian-v3port:number: 80path: /
EOF
4.创建Ingress规则
[root@master231 25-ingresses]# kubectl apply -f 02-ingress-xiuxian.yaml
ingress.networking.k8s.io/ingress-xiuxian created
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-xiuxian nginx v1.oldboyedu.com,v2.oldboyedu.com,v3.oldboyedu.com 80 4s
[root@master231 25-ingresses]#
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl describe ingress ingress-xiuxian
Name: ingress-xiuxian
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:Host Path Backends---- ---- --------v1.oldboyedu.com / svc-xiuxian-v1:80 (10.100.1.32:80,10.100.2.185:80,10.100.2.186:80)v2.oldboyedu.com / svc-xiuxian-v2:80 (10.100.1.34:80,10.100.2.188:80,10.100.2.189:80)v3.oldboyedu.com / svc-xiuxian-v3:80 (10.100.1.33:80,10.100.1.35:80,10.100.2.187:80)
Annotations: <none>
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Sync 12s nginx-ingress-controller Scheduled for syncNormal Sync 12s nginx-ingress-controller Scheduled for sync
[root@master231 25-ingresses]#
八 Ingress实现uri多路径匹配案例
1.编写资源清单
点击查看代码
[root@master231 25-ingresses]# cat > 03-ingress-xiuxian-uri.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-xiuxian-uri
spec:ingressClassName: nginxrules:- host: xiuxian.oldboyedu.comhttp:paths:- pathType: Prefixpath: /v1backend:service:name: svc-xiuxian-v1port:number: 80- pathType: Prefixpath: /v2backend:service:name: svc-xiuxian-v2port:number: 80- pathType: Prefixpath: /v3backend:service:name: svc-xiuxian-v3port:number: 80
EOF
2.创建Ingress资源
root@master231 25-ingresses]# kubectl apply -f 03-ingress-xiuxian-uri.yaml
ingress.networking.k8s.io/ingress-xiuxian-uri created
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-xiuxian-uri nginx xiuxian.oldboyedu.com 80 4s
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl describe ingress ingress-xiuxian-uri
Name: ingress-xiuxian-uri
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:Host Path Backends---- ---- --------xiuxian.oldboyedu.com /v1 svc-xiuxian-v1:80 (10.100.1.37:80,10.100.2.191:80,10.100.2.192:80)/v2 svc-xiuxian-v2:80 (10.100.1.36:80,10.100.2.190:80,10.100.2.193:80)/v3 svc-xiuxian-v3:80 (10.100.1.38:80,10.100.1.39:80,10.100.2.194:80)
Annotations: <none>
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Sync 9s nginx-ingress-controller Scheduled for syncNormal Sync 9s nginx-ingress-controller Scheduled for sync
[root@master231 25-ingresses]# 九、ingress的映射https案例
1.为什么要学习Ingress
-
NodePort在暴露服务时,会监听一个NodePort端口,且多个服务无法使用同一个端口的情况。
-
因此我们说Service可以理解为四层代理。说白了,就是基于IP:PORT的方式进行代理。
-
假设"v1.oldboyedu.com"的服务需要监听80端口,而"v2.oldboyedu.com"和"v3.oldboyedu.com"同时也需要监听80端口,svc就很难实现。
-
这个时候,我们可以借助Ingress来实现此功能,可以将Ingress看做七层代理,底层依旧基于svc进行路由。
-
而Ingress在K8S是内置的资源,表示主机到svc的解析规则,但具体实现需要安装附加组件(对应的是IngressClass),比如ingress-nginx,traefik等。
-
IngressClass和Ingress的关系优点类似于: nginx和nginx.conf的关系。
2.准备环境
[root@master231 25-ingresses]# cat > 01-deploy-svc-xiuxian.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-xiuxian-v1
spec:replicas: 3selector:matchLabels:apps: v1template:metadata:labels:apps: v1spec:containers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1ports:- containerPort: 80---
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-xiuxian-v2
spec:replicas: 3selector:matchLabels:apps: v2template:metadata:labels:apps: v2spec:containers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v2ports:- containerPort: 80---
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-xiuxian-v3
spec:replicas: 3selector:matchLabels:apps: v3template:metadata:labels:apps: v3spec:containers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v3ports:- containerPort: 80---apiVersion: v1
kind: Service
metadata:name: svc-xiuxian-v1
spec:type: ClusterIPselector:apps: v1ports:- port: 80---apiVersion: v1
kind: Service
metadata:name: svc-xiuxian-v2
spec:type: ClusterIPselector:apps: v2ports:- port: 80---apiVersion: v1
kind: Service
metadata:name: svc-xiuxian-v3
spec:type: ClusterIPselector:apps: v3ports:- port: 80
EOF3.编写Ingress规则
cat > 02-ingress-xiuxian.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-xiuxian
spec:# 指定IngressClass的名称ingressClassName: nginx# 定义解析规则rules:# 定义的是主机名- host: v1.oldboyedu.com# 配置http协议http:# 配置访问路径paths:# 配置匹配用户访问的类型,表示前缀匹配- pathType: Prefix# 指定匹配的路径path: /# 配置后端的调度svcbackend:# 配置svc的名称及端口service:name: svc-xiuxian-v1port:number: 80- host: v2.oldboyedu.comhttp:paths:- pathType: Prefixbackend:service:name: svc-xiuxian-v2port:number: 80path: /- host: v3.oldboyedu.comhttp:paths:- pathType: Prefixbackend:service:name: svc-xiuxian-v3port:number: 80path: /
EOF4.创建Ingress规则
kubectl apply -f 02-ingress-xiuxian.yaml
kubectl describe ingress ingress-xiuxian
Name: ingress-xiuxian
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:Host Path Backends---- ---- --------v1.oldboyedu.com / svc-xiuxian-v1:80 (10.100.1.32:80,10.100.2.185:80,10.100.2.186:80)v2.oldboyedu.com / svc-xiuxian-v2:80 (10.100.1.34:80,10.100.2.188:80,10.100.2.189:80)v3.oldboyedu.com / svc-xiuxian-v3:80 (10.100.1.33:80,10.100.1.35:80,10.100.2.187:80)
Annotations: <none>
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Sync 12s nginx-ingress-controller Scheduled for syncNormal Sync 12s nginx-ingress-controller Scheduled for sync
[root@master231 25-ingresses]#
6.访问Ingress-class服务
http://v1.oldboyedu.com/
http://v2.oldboyedu.com/
http://v3.oldboyedu.com/
7.Ingress和Ingress class底层原理验证
[root@master231 25-ingresses]# kubectl get pods -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ingress-server-ingress-nginx-controller-58m2j 1/1 Running 0 174m 10.0.0.233 worker233 <none> <none>
ingress-server-ingress-nginx-controller-hfrrc 1/1 Running 0 174m 10.0.0.232 worker232 <none> <none>
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl -n ingress-nginx exec -it ingress-server-ingress-nginx-controller-58m2j -- bash
bash-5.1$ grep oldboyedu.com /etc/nginx/nginx.conf## start server v1.oldboyedu.comserver_name v1.oldboyedu.com ;## end server v1.oldboyedu.com## start server v2.oldboyedu.comserver_name v2.oldboyedu.com ;## end server v2.oldboyedu.com## start server v3.oldboyedu.comserver_name v3.oldboyedu.com ;## end server v3.oldboyedu.com
bash-5.1$
exit
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl delete ingress ingress-xiuxian
ingress.networking.k8s.io "ingress-xiuxian" deleted
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl -n ingress-nginx exec -it ingress-server-ingress-nginx-controller-58m2j -- bash
bash-5.1$ grep oldboyedu.com /etc/nginx/nginx.conf
bash-5.1$
十、ingress的映射https案例
1.生成证书文件【如果有生产环境的证书此步骤可以跳过】
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=www.yinzhengjie.com"
2.将证书文件以secrets形式存储
kubectl create secret tls ca-secret --cert=tls.crt --key=tls.key
3.部署测试服务
[root@master231 25-ingresses]# cat > 04-deploy-apple.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:name: deployment-apple
spec:replicas: 3selector:matchLabels:apps: appletemplate:metadata:labels:apps: applespec:containers:- name: appleimage: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:appleports:- containerPort: 80---apiVersion: v1
kind: Service
metadata:name: svc-apple
spec:selector:apps: appleports:- protocol: TCPport: 80targetPort: 80
EOF
[root@master231 25-ingresses]# kubectl apply -f 04-deploy-apple.yaml
deployment.apps/deployment-apple created
service/svc-apple created
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl get pods -l apps=apple -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deployment-apple-5496cd9b6c-dxjqc 1/1 Running 0 9s 10.100.2.195 worker233 <none> <none>
deployment-apple-5496cd9b6c-qwzhz 1/1 Running 0 9s 10.100.2.196 worker233 <none> <none>
deployment-apple-5496cd9b6c-wxf5v 1/1 Running 0 9s 10.100.1.40 worker232 <none> <none>
[root@master231 25-ingresses]# 4.配置Ingress添加TLS证书
[root@master231 25-ingresses]# cat > 05-ingress-tls.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-tls-https# 如果指定了"ingressClassName"参数,就不需要在这里重复声明啦。# 如果你的K8S 1.22- 版本,则使用注解的方式进行传参即可。#annotations:# kubernetes.io/ingress.class: "nginx"
spec:# 指定Ingress Class,要求你的K8S 1.22+ingressClassName: nginxrules:- host: www.yinzhengjie.comhttp:paths:- backend:service:name: svc-appleport:number: 80path: /pathType: ImplementationSpecific# 配置https证书tls:- hosts:- www.yinzhengjie.comsecretName: ca-secret
EOF[root@master231 25-ingresses]# kubectl apply -f 05-ingress-tls.yaml
ingress.networking.k8s.io/ingress-tls-https created
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl get ingress ingress-tls-https
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-tls-https nginx www.yinzhengjie.com 80, 443 13s
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl describe ingress ingress-tls-https
Name: ingress-tls-https
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:ca-secret terminates www.yinzhengjie.com
Rules:Host Path Backends---- ---- --------www.yinzhengjie.com / svc-apple:80 (10.100.1.40:80,10.100.2.195:80,10.100.2.196:80)
Annotations: <none>
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Sync 16s nginx-ingress-controller Scheduled for syncNormal Sync 16s nginx-ingress-controller Scheduled for sync
[root@master231 25-ingresses]# 5.windows添加解析
10.0.0.233 www.yinzhengjie.com6.访问测试
https://www.yinzhengjie.com/
十一、 基于helm部署trafik使用指南
1.添加仓库
[root@master231 traefik]# helm repo add traefik https://traefik.github.io/charts
"traefik" has been added to your repositories
[root@master231 traefik]#
[root@master231 traefik]# helm repo list
NAME URL
oldboyedu-ingress https://kubernetes.github.io/ingress-nginx
traefik https://traefik.github.io/charts
[root@master231 traefik]#
2.更新仓库信息
[root@master231 traefik]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "oldboyedu-ingress" chart repository
...Successfully got an update from the "traefik" chart repository
Update Complete. ⎈Happy Helming!⎈
[root@master231 traefik]#
3.安装traefik
[root@master231 traefik]# helm search repo traefik
NAME CHART VERSION APP VERSION DESCRIPTION
azure/traefik 1.87.7 1.7.26 DEPRECATED - A Traefik based Kubernetes ingress...
traefik/traefik 36.0.0 v3.4.1 A Traefik based Kubernetes ingress controller
traefik/traefik-crds 1.8.1 A Traefik based Kubernetes ingress controller
traefik/traefik-hub 4.2.0 v2.11.0 Traefik Hub Ingress Controller
traefik/traefik-mesh 4.1.1 v1.4.8 Traefik Mesh - Simpler Service Mesh
traefik/traefikee 4.2.3 v2.12.4 Traefik Enterprise is a unified cloud-native ne...
traefik/maesh 2.1.2 v1.3.2 Maesh - Simpler Service Mesh
[root@master231 traefik]#
[root@master231 traefik]# helm pull traefik/traefik
[root@master231 traefik]#
[root@master231 traefik]# ll
total 260
drwxr-xr-x 2 root root 4096 Jul 28 16:13 ./
drwxr-xr-x 4 root root 4096 Jul 28 16:11 ../
-rw-r--r-- 1 root root 257573 Jul 28 16:13 traefik-36.3.0.tgz
[root@master231 traefik]#
[root@master231 traefik]# tar xf traefik-36.3.0.tgz
[root@master231 traefik]#
[root@master231 traefik]# ll
total 264
drwxr-xr-x 3 root root 4096 Jul 28 16:14 ./
drwxr-xr-x 4 root root 4096 Jul 28 16:11 ../
drwxr-xr-x 4 root root 4096 Jul 28 16:14 traefik/
-rw-r--r-- 1 root root 257573 Jul 28 16:13 traefik-36.3.0.tgz
[root@master231 traefik]#
[root@master231 traefik]# helm install traefik-server traefik
NAME: traefik-server
LAST DEPLOYED: Mon Jul 28 16:14:30 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
traefik-server with docker.io/traefik:v3.4.3 has been deployed successfully on default namespace !
[root@master231 traefik]#
[root@master231 traefik]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
traefik-server default 1 2025-07-28 16:14:30.08425946 +0800 CST deployed traefik-36.3.0 v3.4.3
[root@master231 traefik]#
4.查看服务
[root@master231 traefik]# kubectl get ingressclass,deploy,svc,po -o wide
NAME CONTROLLER PARAMETERS AGE
ingressclass.networking.k8s.io/nginx k8s.io/ingress-nginx <none> 4h29m
ingressclass.networking.k8s.io/traefik-server traefik.io/ingress-controller <none> 5m5sNAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/traefik-server 1/1 1 1 5m5s traefik-server docker.io/traefik:v3.4.3 app.kubernetes.io/instance=traefik-server-default,app.kubernetes.io/name=traefikNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 3d5h <none>
service/traefik-server LoadBalancer 10.200.224.167 10.0.0.152 80:12742/TCP,443:19345/TCP 5m5s app.kubernetes.io/instance=traefik-server-default,app.kubernetes.io/name=traefikNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/traefik-server-56846685f9-x5ws4 1/1 Running 0 5m5s 10.100.2.197 worker233 <none> <none>
[root@master231 traefik]# 温馨提示:如果无法下载镜像,则需要你手动下载。SVIP直接来我的仓库获取:http://192.168.21.253/Resources/Kubernetes/Add-ons/traefik/
5.创建测试案例
[root@master231 25-ingresses]# kubectl apply -f 01-deploy-svc-xiuxian.yaml
deployment.apps/deploy-xiuxian-v1 created
deployment.apps/deploy-xiuxian-v2 created
deployment.apps/deploy-xiuxian-v3 created
service/svc-xiuxian-v1 created
service/svc-xiuxian-v2 created
service/svc-xiuxian-v3 created
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# cat 02-ingress-xiuxian.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-xiuxian
spec:# 指定IngressClass的名称,不使用之前的Ingress-nginx,而是使用Traefik。# ingressClassName: nginxingressClassName: traefik-serverrules:- host: v1.oldboyedu.comhttp:paths:- pathType: Prefixpath: /backend:service:name: svc-xiuxian-v1port:number: 80- host: v2.oldboyedu.comhttp:paths:- pathType: Prefixbackend:service:name: svc-xiuxian-v2port:number: 80path: /- host: v3.oldboyedu.comhttp:paths:- pathType: Prefixbackend:service:name: svc-xiuxian-v3port:number: 80path: /
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl apply -f 02-ingress-xiuxian.yaml
ingress.networking.k8s.io/ingress-xiuxian created
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl describe -f 02-ingress-xiuxian.yaml
Name: ingress-xiuxian
Labels: <none>
Namespace: default
Address: 10.0.0.152
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:Host Path Backends---- ---- --------v1.oldboyedu.com / svc-xiuxian-v1:80 (10.100.1.43:80,10.100.2.198:80,10.100.2.199:80)v2.oldboyedu.com / svc-xiuxian-v2:80 (10.100.1.41:80,10.100.1.42:80,10.100.2.200:80)v3.oldboyedu.com / svc-xiuxian-v3:80 (10.100.1.44:80,10.100.2.201:80,10.100.2.202:80)
Annotations: <none>
Events: <none>
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# kubectl get ingress ingress-xiuxian
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-xiuxian traefik-server v1.oldboyedu.com,v2.oldboyedu.com,v3.oldboyedu.com 10.0.0.152 80 79s
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# curl -H "HOST: v1.oldboyedu.com" http://10.0.0.152/
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v1</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: green">凡人修仙传 v1 </h1><div><img src="1.jpg"><div></body></html>
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# curl -H "HOST: v2.oldboyedu.com" http://10.0.0.152/
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v2</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: red">凡人修仙传 v2 </h1><div><img src="2.jpg"><div></body></html>
[root@master231 25-ingresses]#
[root@master231 25-ingresses]# curl -H "HOST: v3.oldboyedu.com" http://10.0.0.152/
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v3</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: pink">凡人修仙传 v3 </h1><div><img src="3.jpg"><div></body></html>
[root@master231 25-ingresses]#
十二、彩蛋: traefik开启Dashboard
1.开启Dashboard参数
1.开启Dashboard参数
[root@master231 helm]# vim traefik/values.yaml
...187 ingressRoute:188 dashboard:189 # -- Create an IngressRoute for the dashboard 190 # enabled: false191 enabled: true2.重新安装traefik
[root@master231 traefik]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
traefik-server default 1 2025-07-28 16:14:30.08425946 +0800 CST deployed traefik-36.3.0 v3.4.3
[root@master231 traefik]#
[root@master231 traefik]# helm uninstall traefik-server
release "traefik-server" uninstalled
[root@master231 traefik]#
[root@master231 traefik]# helm install traefik-server traefik
NAME: traefik-server
LAST DEPLOYED: Mon Jul 28 16:29:05 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
traefik-server with docker.io/traefik:v3.4.3 has been deployed successfully on default namespace !
[root@master231 traefik]#
[root@master231 traefik]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
traefik-server default 1 2025-07-28 16:29:05.025166045 +0800 CST deployed traefik-36.3.0 v3.4.3
[root@master231 traefik]#
[root@master231 traefik]# 3.创建svc关联Dashboard
[root@master231 traefik]# kubectl get pods -l app.kubernetes.io/name=traefik -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
traefik-server-74654b469d-zrx9c 1/1 Running 0 20s 10.100.203.156 worker232 <none> <none>
[root@master231 traefik]#
[root@master231 traefik]# cat > 03-svc-ing-traefik-dashboard.yaml <<EOF
apiVersion: v1
kind: Service
metadata:name: jiege-traefik-dashboard
spec:ports:- name: dashboardport: 8080selector:app.kubernetes.io/name: traefiktype: ClusterIP
---apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-traefik-dashboard
spec:ingressClassName: traefik-serverrules:- host: traefik.oldboyedu.comhttp:paths:- pathType: Prefixpath: /backend:service:name: jiege-traefik-dashboardport:number: 8080
EOF[root@master231 traefik]# kubectl apply -f 03-svc-ing-traefik-dashboard.yaml
service/jiege-traefik-dashboard created
ingress.networking.k8s.io/ingress-traefik-dashboard created
[root@master231 traefik]#
[root@master231 traefik]# kubectl get ingress ingress-traefik-dashboard
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-traefik-dashboard traefik-server traefik.oldboyedu.com 10.0.0.152 80 7s
[root@master231 traefik]# 4.windows添加解析
10.0.0.152 traefik.oldboyedu.com5.访问traefik的WebUI
http://traefik.oldboyedu.com/dashboard/#/