helm charts openshift Certified 实践

2022 年 5 月 10 日
本文字数：3462 字
阅读完需：约 11 分钟

1. helm 介绍

Helm 是 Kubernetes 最初的软件包经理之一。Red Hat®现在正在认证 Helm Charts，与 Red Hat 认证操作员的方式非常相似。为了了解合作伙伴的舵手图或操作员如何被红帽公司认证，红帽公司发布了OpenShift和容器认证的合作伙伴指南。在这个实验室里，你可以学习到认证舵机图。首先，您试图部署未经认证的 Helm 图表，导致安装失败。然后检查安装失败的原因。接下来，您部署一张经过认证的舵轮图，并观察它成功的条件。

目标：

验证 the Red Hat Certified Helm Chart repository
添加第三方 Helm 存储库
Install a non-certified Helm Chart (fails on purpose)
安装 Red Hat Community Helm Chart 存储库

2. 验证红帽认证的 Helm Chart Repository

Red Hat 已经创建了一个舵机海图存储库来提供 Red Hat to provide Certified Helm Charts。在本练习中，您将验证存储库是否存在于您的集群中。charts.openshift.io是官方认证 Helm Charts repository。

浏览到您的 Red Hat OpenShift®容器平台 web 控制台，并以admin身份登录有关此操作的说明和凭证在您收到的配置电子邮件中
使用透视图切换器切换到 Administrator 透视图
在导航菜单中，单击“Home”。
.在“首页导航”区域单击“Search”。
Click the Resources drop-down list and select HelmChartRepository.
Click HCR openshift-helm-charts.
Click the YAML tab.
Scroll to line 36 to see the URL of the OpenShift Certified Charts Repository:url: https://charts.openshift.io

3. 添加 Helm Repository

在本例中，您将安装一个特定的新 Helm Repository。它不会起作用，因为你的集群是在 AWS 上，而这个例子是针对 Azure 的。但是这一课很重要，所以一定要完成练习。

3.1 View Quick Start

1.Use the perspective switcher to switch to the Developer perspective2.Click Add and click View all quick starts:

3.在搜索框中，键入 helm，然后在 helm Chart Catalog 卡中选择“Manage available content in the Helm Chart Catalog”。

4.遵循右边打开的五分钟介绍帮助中的步骤。

3.2 Install Helm Client

1.登录您的 bastion 主机 2.在你的堡垒主机上安装头盔客户端下载它从 Red Hat 镜像:

sudo wget https://mirror.openshift.com/pub/openshift-v4/clients/helm/latest/helm-linux-amd64 -O /usr/local/bin/helmsudo chmod +x /usr/local/bin/helm

复制代码

3.3 Install Non-Certified Helm Chart

在本节中，您将使用 Helm 命令行应用程序从命令行安装未经认证的 Helm Chart。1.Log in to your bastion host using SSH.实验 1 有相关说明 2.检查 helm 是否工作正常:

$ helm versionversion.BuildInfo{Version:"v3.5.0+6.el8", GitCommit:"77fb4bd2415712e8bfebe943389c404893ad53ce", GitTreeState:"clean", GoVersion:"go1.14.12"}

复制代码

3,执行以下命令将 Bitnami Helm 存储库添加到您的堡垒

$ helm repo add bitnami https://charts.bitnami.com/bitnami"bitnami" has been added to your repositories

复制代码

4.为了确保 Bitnami 存储库工作正常，列出所有的 Helm Charts:

$ helm search repo bitnami | grep mariadbbitnami/mariadb                                 9.3.16          10.5.11         Fast, reliable, scalable, and easy to use open-...bitnami/mariadb-cluster                         1.0.2           10.2.14         DEPRECATED Chart to create a Highly available M...bitnami/mariadb-galera                          5.10.3          10.5.11         MariaDB Galera is a multi-master database clust...

复制代码

5.接下来，尝试从 Bitnami 库中安装一个图表:首先，创建一个项目来部署图表到:

$ oc new-project my-helm-test
Now using project "my-helm-test" on server "https://api.cluster-41ff.41ff.sandbox842.opentlc.com:6443".
You can add applications to this project with the 'new-app' command. For example, try:
    oc new-app rails-postgresql-example
to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application:
    kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname

复制代码

Install a chart using a <release_name>, which is a unique identifier you make up, and a <chart> name, which is the actual chart name from the repository:

# helm install <release_name> <chart> <parameters>$ helm install my-mariadb bitnami/mariadb[omitted]

复制代码

6.检查 Pod 是否启动:

$ oc get podsNo resources found in helm-test namespace.

复制代码

如果你确实看到了mariadb荚果，等几分钟，然后尝试再次oc get pods。估计吊舱已经开走了。

错误是什么?这是一个权限问题。MariaDB Helm Chart试图部署 Pods 的StatefulSet，但是失败了，因为运行 pod 请求的 userId 对于 OpenShift 的强默认权限设置来说太低了。

7.：具体错误见:

$ oc describe statefulset my-mariadb[ ... omitted for brevity ... ]Events:  Type     Reason            Age                   From                    Message  ----     ------            ----                  ----                    -------  Normal   SuccessfulCreate  5m12s                 statefulset-controller  create Claim data-my-mariadb-0 Pod my-mariadb-0 in StatefulSet my-mariadb success  Warning  FailedCreate      90s (x17 over 5m12s)  statefulset-controller  create Pod my-mariadb-0 in StatefulSet my-mariadb failed error: pods "my-mariadb-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{1001}: 1001 is not an allowed group, spec.containers[0].securityContext.runAsUser: *Invalid value: 1001: must be in the ranges: [1000650000, 1000659999],* provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]

复制代码

4. 安装 Red Hat 社区 Helm Repository

除了 Red Hat Certified Helm Charts 之外，Red Hat 还有一个开发人员存储库。到目前为止，在认证库中没有多少有趣的舵轮图。在本节中，您将添加开发人员的存储库，并查看是否可以部署一些有用的应用程序。1.从 web 控制台顶部的工具栏中，单击 ocp_web_console_add_icon (Add)，将以下 YAML 内容添加到集群中。2.复制并粘贴以下 YAML 内容到打开的文本区域:

apiVersion: helm.openshift.io/v1beta1kind: HelmChartRepositorymetadata:  name: redhat-developer-chartsspec:  name: redhat-developer-charts  connectionConfig:    url: https://redhat-developer.github.io/redhat-helm-charts

复制代码

3.Click Create.4.Use the perspective switcher to switch to the Developer perspective.5.Select the my-helm-test project if it is not already selected.6.In the navigation menu, click Add.7.Scroll down to the Developer Catalog card and click Helm Chart.

注意，你的集群现在有社区贡献的专门为 OpenShift 制作的 Helm Charts:

8.Install the Helm Charts if you like.Red Hat community charts are likely to work on your cluster.

9.Clean up the the environment:

oc delete project my-helm-test

复制代码

In this lab you experienced the various ways that Helm Charts are made available through Helm Repositories.

You validated the Red Hat Certified Helm Repository
You added a third party Helm Repository
You installed a non-certified Helm Chart to experience a failure
You installed the Red Hat Community Helm Repository

In the next lab you try out the Vertical Pod Autoscaler with your Coffee Shop application.

发布于: 刚刚阅读数: 3

ghostwritten

关注

还未添加个人签名 2018.11.14 加入

还未添加个人简介

发布

暂无评论

创作场景

helm charts openshift Certified 实践

1. helm 介绍

2. 验证红帽认证的 Helm Chart Repository

3. 添加 Helm Repository

3.1 View Quick Start

3.2 Install Helm Client

3.3 Install Non-Certified Helm Chart

4. 安装 Red Hat 社区 Helm Repository

ghostwritten

评论