helm 安装及使用

发表于 更新于 上层目录 阅读次数:

环境信息

  • centos7 5.4.212-1.el7
  • kubernetes Server Version: v1.25.0
  • Helm 3.10.0

Helm 定位为 Kubernetes 包管理器 或者 Kubernetes App Store ,就如 RHEL 中的 yum/dnf 。主要组件如下:

  • helm : 纯客户端工具,负责模板渲染、插件执行和 OCI 交互。
  • kstatus 状态检查器 : 集成 kstatus 标准,替代了以前简单的 wait 逻辑。它能更精准地判断资源(如 Deployment, StatefulSet )是否真正“就绪”。
  • OCI 存储库 : Helm 4 进一步强化了对 OCI(Docker 镜像仓库协议)的支持,支持通过 Digest (散列值) 安装 Chart,确保供应链安全。
  • slog 日志系统 : 内部采用 Go 语言的结构化日志 slog ,方便集成到现代化的可观测性平台。

核心概念

  • Chart : 软件包。它是一系列 YAML 模板的集合,定义了应用如何运行所需的所有资源和信息。
  • Repository(仓库) : 存放 Chart 的地方(类似 Docker Hub 或应用商店),如 https://artifacthub.io/packages/search?kind=0
  • Release : 运行中的实例。你用同一个 Chart 安装了两次,就会产生两个独立的 Release。

Helm 4 支持将复杂的配置拆分到多个 YAML 文档中,或者在一次命令中传入多个文件

helm install my-release ./my-chart -f values-base.yaml -f values-override.yaml

Helm 4 能够直接运行 Helm 3 的 Chart,无需修改代码。

安装

  1. 下载 需要的版本

    wget https://get.helm.sh/helm-v3.10.0-linux-amd64.tar.gz

  2. 解压

    tar -xf helm-v3.10.0-linux-amd64.tar.gz

  3. 在解压目中找到 helm 程序,移动到需要的目录中

    cp linux-amd64/helm /usr/local/bin/

  4. 验证

    $ helm version
     version.BuildInfo{Version:"v3.10.0", GitCommit:"ce66412a723e4d89555dc67217607c6579ffcb21", GitTreeState:"clean", GoVersion:"go1.18.6"}

helm 常用管理命令

安装 Release

首先要添加仓库,告诉 Helm 去哪里下载软件包(Chart)。最常用的是 Bitnami 仓库 或者 Artifact Hub

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

搜索/查看 Repo 中可用的 Charts

$ helm search repo hashicorp/vault
NAME                            	CHART VERSION	APP VERSION	DESCRIPTION                          
hashicorp/vault                 	0.25.0       	1.14.0     	Official HashiCorp Vault Chart       
hashicorp/vault-secrets-operator	0.1.0        	0.1.0      	Official Vault Secrets Operator Chart

安装 Chart,安装时可以为 Release 起个名字(如 vault),也可以不指定名字,让 Helm 自动生成 helm install bitnami/mysql --generate-name

要在安装 Chart 之前自定义配置,可以通过 YAML 配置自定义选项。 要想知道有哪些配置可用,可以使用命令 helm show values 查看

$ helm install vault hashicorp/vault --version 0.25.0
NAME: vault
LAST DEPLOYED: Mon Jul 10 14:59:13 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
Thank you for installing HashiCorp Vault!

Now that you have deployed Vault, you should look over the docs on using
Vault with Kubernetes available here:

https://www.vaultproject.io/docs/


Your release is named vault. To learn more about the release, try:

  $ helm status vault
  $ helm get manifest vault


$ helm install bitnami/mysql --generate-name
NAME: mysql-1612624192
LAST DEPLOYED: Sat Feb  6 16:09:56 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES: ...

查看 Chart 支持的自定义配置选项

## 先查看已安装的 Repo
$ helm repo list
NAME                	URL                                               
eks                 	https://aws.github.io/eks-charts                  
prometheus-community	https://prometheus-community.github.io/helm-charts

## 查看目标 Repo 中有哪些 Charts
$ helm search repo prometheus-community
NAME                                              	CHART VERSION	APP VERSION	DESCRIPTION                                       
prometheus-community/alertmanager                 	1.33.1       	v0.31.1    	The Alertmanager handles alerts sent by client ...
prometheus-community/alertmanager-snmp-notifier   	2.1.0        	v2.1.0     	The SNMP Notifier handles alerts coming from Pr...
prometheus-community/jiralert                     	1.8.2        	v1.3.0     	A Helm chart for Kubernetes to install jiralert   
prometheus-community/kube-prometheus-stack        	82.1.0       	v0.89.0    	kube-prometheus-stack collects Kubernetes manif...
prometheus-community/kube-state-metrics           	7.1.0        	2.18.0     	Install kube-state-metrics to generate and expo...

## 查看目标 Chart 支持哪些自定义配置选项
$ helm show values prometheus-community/kube-prometheus-stack | more
# Default values for kube-prometheus-stack.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

## Provide a name in place of kube-prometheus-stack for `app:` labels
##
nameOverride: ""

## Override the deployment namespace
##
namespaceOverride: ""

## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.26.6
##
kubeTargetVersionOverride: ""

## Allow kubeVersion to be overridden while creating the ingress
##
kubeVersionOverride: ""

## Provide a name to substitute for the full names of resources
##
fullnameOverride: ""
...
defaultRules:
  create: true
  rules:
    alertmanager: true
    etcd: true
    configReloaders: true
    general: true
    k8sContainerCpuUsageSecondsTotal: true
    k8sContainerMemoryCache: true
    k8sContainerMemoryRss: true
    k8sContainerMemorySwap: true
    k8sContainerResource: true
    k8sContainerMemoryWorkingSetBytes: true
    k8sPodOwner: true
    kubeApiserverAvailability: true
    kubeApiserverBurnrate: true
    kubeApiserverHistogram: true
    kubeApiserverSlos: true
    kubeControllerManager: true
    kubelet: true
    kubeProxy: true
    kubePrometheusGeneral: true
    kubePrometheusNodeRecording: true
    kubernetesApps: true
    kubernetesResources: true
    kubernetesStorage: true
    kubernetesSystem: true
    kubeSchedulerAlerting: true
    kubeSchedulerRecording: true
    kubeStateMetrics: true
    network: true
    node: true
    nodeExporterAlerting: true
    nodeExporterRecording: true
    prometheus: true
    prometheusOperator: true
    windows: true
...

查看已经安装的 Release 使用了哪些自定义参数,可以使用命令 helm get values <release-name>

$ helm ls -A
NAME                        	NAMESPACE  	REVISION	UPDATED                                	STATUS  	CHART                             	APP VERSION
aws-load-balancer-controller	kube-system	1       	2026-02-17 15:47:38.190164778 +0800 HKT	deployed	aws-load-balancer-controller-3.0.0	v3.0.0     
eks-monitor                 	monitoring 	14      	2026-02-21 02:23:09.462138692 +0000 UTC	deployed	kube-prometheus-stack-82.2.0      	v0.89.0  

$ helm get values -n monitoring eks-monitor
USER-SUPPLIED VALUES:
alertmanager:
  alertmanagerSpec:
    replicas: 1
  config:
    global:
      resolve_timeout: 5m
    receivers:
    - name: "null"
    - name: telegram
      telegram_configs:
      - bot_token: 7750349799:AAE6KDqMIfNE4Pb9WEM2XiIQ50FadioGkW8
        chat_id: -5293873506
        message: "\U0001F6A8 <b>{{ .CommonAnnotations.summary }}</b>\n\n<b>Alert:</b>
          {{ .CommonLabels.alertname }}\n<b>Cluster:</b> {{ .CommonLabels.cluster
          }}\n<b>Namespace:</b> {{ .CommonLabels.namespace }}\n<b>Severity:</b> {{
          .CommonLabels.severity }}\n\n<b>Description:</b>\n{{ .CommonAnnotations.description
          }}\n"
        parse_mode: HTML
        send_resolved: false
    route:
      group_by:
      - alertname
      - cluster
      group_wait: 10s
      receiver: telegram
      repeat_interval: 1h
  enabled: true
defaultRules:
  disabled:
    KubeCPUOvercommit: true
    KubeMemoryOvercommit: true
grafana:
  enabled: false
...

查看所有已安装的 Release

$ helm list -A
NAME                        	NAMESPACE  	REVISION	UPDATED                                  	STATUS  	CHART                             	APP VERSION
aws-load-balancer-controller	kube-system	1       	2026-02-17 15:47:38.190164778 +0800 +0800	deployed	aws-load-balancer-controller-3.0.0	v3.0.0     
eks-monitor                 	monitoring 	14      	2026-02-21 02:23:09.462138692 +0000 UTC  	deployed	kube-prometheus-stack-82.2.0      	v0.89.0

卸载指定的 Release

$ helm ls -A
NAME        	NAMESPACE    	REVISION	UPDATED                                	STATUS	CHART                APP VERSION
cert-manager	cert-manager 	1       	2022-11-01 09:57:11.373366484 +0800 CST	failed	cert-manager-v1.7.1  v1.7.1     
rancher     	cattle-system	1       	2022-11-01 10:05:07.370131566 +0800 CST	failed	rancher-2.6.9        v2.6.9     

$ helm uninstall rancher -n cattle-system
W1101 10:21:32.764269   11113 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W1101 10:21:34.043445   11113 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W1101 10:21:39.809766   11113 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
release "rancher" uninstalled

更新指定的 Release

helm upgrade my-web bitnami/nginx -f my-values.yaml

helm upgrade --install my-web bitnami/nginx -f my-values.yaml

回滚到上一个 Release 版本

回滚使用命令 helm rollback [RELEASE] [REVISION] ,可以通过命令 helm history [RELEASE]

每次 install, upgrade, rollback 都会更新 REVISOION

$ helm list -A
NAME                        	NAMESPACE  	REVISION	UPDATED                                	STATUS  	CHART                             	APP VERSION
aws-load-balancer-controller	kube-system	1       	2026-02-17 15:47:38.190164778 +0800 HKT	deployed	aws-load-balancer-controller-3.0.0	v3.0.0     
eks-monitor                 	monitoring 	14      	2026-02-21 02:23:09.462138692 +0000 UTC	deployed	kube-prometheus-stack-82.2.0      	v0.89.0

$ helm history eks-monitor -n monitoring
REVISION	UPDATED                 	STATUS    	CHART                       	APP VERSION	DESCRIPTION     
5       	Thu Feb 19 15:21:40 2026	superseded	kube-prometheus-stack-82.1.0	v0.89.0    	Upgrade complete
6       	Thu Feb 19 15:24:23 2026	superseded	kube-prometheus-stack-82.1.0	v0.89.0    	Upgrade complete
7       	Thu Feb 19 15:34:16 2026	superseded	kube-prometheus-stack-82.1.0	v0.89.0    	Upgrade complete
8       	Thu Feb 19 15:37:33 2026	superseded	kube-prometheus-stack-82.1.0	v0.89.0    	Upgrade complete
9       	Thu Feb 19 15:40:24 2026	superseded	kube-prometheus-stack-82.1.0	v0.89.0    	Upgrade complete
10      	Thu Feb 19 15:46:54 2026	superseded	kube-prometheus-stack-82.1.0	v0.89.0    	Upgrade complete
11      	Thu Feb 19 17:29:21 2026	superseded	kube-prometheus-stack-82.1.0	v0.89.0    	Upgrade complete
12      	Sat Feb 21 02:00:26 2026	superseded	kube-prometheus-stack-82.2.0	v0.89.0    	Upgrade complete
13      	Sat Feb 21 02:10:58 2026	superseded	kube-prometheus-stack-82.2.0	v0.89.0    	Upgrade complete
14      	Sat Feb 21 02:23:09 2026	deployed  	kube-prometheus-stack-82.2.0	v0.89.0    	Upgrade complete

$ helm rollback eks-monitor -n monitoring 13

要在更新(upgrade)或者回滚(rollback)后强制重建 Pod,可以使用选项 --recreate-pods

查看已添加的的 Repo

$ helm repo ls
NAME          	URL                                              
rancher-stable	https://releases.rancher.com/server-charts/stable
jetstack      	https://charts.jetstack.io                       
hashicorp     	https://helm.releases.hashicorp.com

查看已安装的 Repo 中可用的 Charts

$ helm search repo hashicorp/vault -l
NAME                            	CHART VERSION	APP VERSION	DESCRIPTION                               
hashicorp/vault                 	0.25.0       	1.14.0     	Official HashiCorp Vault Chart            
hashicorp/vault                 	0.24.1       	1.13.1     	Official HashiCorp Vault Chart            
hashicorp/vault                 	0.24.0       	1.13.1     	Official HashiCorp Vault Chart            
hashicorp/vault                 	0.23.0       	1.12.1     	Official HashiCorp Vault Chart            
hashicorp/vault                 	0.22.1       	1.12.0     	Official HashiCorp Vault Chart            
hashicorp/vault                 	0.22.0       	1.11.3     	Official HashiCorp Vault Chart

$ helm search repo 
NAME                                              	CHART VERSION	APP VERSION	DESCRIPTION                                       
prometheus-community/alertmanager                 	1.33.1       	v0.31.1    	The Alertmanager handles alerts sent by client ...
prometheus-community/alertmanager-snmp-notifier   	2.1.0        	v2.1.0     	The SNMP Notifier handles alerts coming from Pr...
prometheus-community/jiralert                     	1.8.2        	v1.3.0     	A Helm chart for Kubernetes to install jiralert   
prometheus-community/kube-prometheus-stack        	82.2.0       	v0.89.0    	kube-prometheus-stack collects Kubernetes manif...
prometheus-community/kube-state-metrics           	7.1.0        	2.18.0     	Install kube-state-metrics to generate and expo...
prometheus-community/prom-label-proxy             	0.17.2       	v0.12.1    	A proxy that enforces a given label in a given ...
prometheus-community/prometheus                   	28.9.1       	v3.9.1     	Prometheus is a monitoring system and time seri...
prometheus-community/prometheus-adapter           	5.3.0        	v0.12.0    	A Helm chart for k8s prometheus adapter

helm search hub 可以搜索 Artifact Hub 中公开可用的 Charts

$ helm search hub wordpress
URL                                                 CHART VERSION APP VERSION DESCRIPTION
https://hub.helm.sh/charts/bitnami/wordpress        7.6.7         5.2.4       Web publishing platform for building blogs and ...
https://hub.helm.sh/charts/presslabs/wordpress-...  v0.6.3        v0.6.3      Presslabs WordPress Operator Helm Chart
https://hub.helm.sh/charts/presslabs/wordpress-...  v0.7.1        v0.7.1      A Helm chart for deploying a WordPress site on ...

不指定名称搜索 helm search hub 将会列出 Artifact Hub 上所有可用的 Charts 链接(不是具体的 Helm Reop),要展示 Helm Repo 可以使用选项 helm search hub --list-repo-url

查看 Release 状态

$ helm list -A
NAME                        	NAMESPACE  	REVISION	UPDATED                                	STATUS  	CHART                             	APP VERSION
aws-load-balancer-controller	kube-system	1       	2026-02-17 15:47:38.190164778 +0800 HKT	deployed	aws-load-balancer-controller-3.0.0	v3.0.0     
eks-monitor                 	monitoring 	14      	2026-02-21 02:23:09.462138692 +0000 UTC	deployed	kube-prometheus-stack-82.2.0      	v0.89.0    

$ helm status eks-monitor -n monitoring
NAME: eks-monitor
LAST DEPLOYED: Sat Feb 21 02:23:09 2026
NAMESPACE: monitoring
STATUS: deployed
REVISION: 14
TEST SUITE: None
NOTES:
kube-prometheus-stack has been installed. Check its status by running:
  kubectl --namespace monitoring get pods -l "release=eks-monitor"

Get Grafana 'admin' user password by running:

  kubectl --namespace monitoring get secrets eks-monitor-grafana -o jsonpath="{.data.admin-password}" | base64 -d ; echo

Access Grafana local instance:

  export POD_NAME=$(kubectl --namespace monitoring get pod -l "app.kubernetes.io/name=grafana,app.kubernetes.io/instance=eks-monitor" -oname)
  kubectl --namespace monitoring port-forward $POD_NAME 3000

Get your grafana admin user password by running:

  kubectl get secret --namespace monitoring -l app.kubernetes.io/component=admin-secret -o jsonpath="{.items[0].data.admin-password}" | base64 --decode ; echo


Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator.


$ helm status aws-load-balancer-controller -n kube-system
NAME: aws-load-balancer-controller
LAST DEPLOYED: Tue Feb 17 15:47:38 2026
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
AWS Load Balancer controller installed!

查看 Chart 的具体信息

使用命令 helm show chart 或则 helm show all 查看 Chart 详细信息,里面包含了关于 Chart 配置的详细信息和结构。

$ helm show chart prometheus-community/prometheus
annotations:
  artifacthub.io/license: Apache-2.0
  artifacthub.io/links: |
    - name: Chart Source
      url: https://github.com/prometheus-community/helm-charts
    - name: Upstream Project
      url: https://github.com/prometheus/prometheus
apiVersion: v2
appVersion: v3.9.1
dependencies:
- condition: alertmanager.enabled
  name: alertmanager
  repository: https://prometheus-community.github.io/helm-charts
  version: 1.33.*
- condition: kube-state-metrics.enabled
  name: kube-state-metrics
  repository: https://prometheus-community.github.io/helm-charts
  version: 7.1.*
- condition: prometheus-node-exporter.enabled
  name: prometheus-node-exporter
  repository: https://prometheus-community.github.io/helm-charts
  version: 4.51.*
- condition: prometheus-pushgateway.enabled
  name: prometheus-pushgateway
  repository: https://prometheus-community.github.io/helm-charts
  version: 3.6.*
description: Prometheus is a monitoring system and time series database.
...


Chart 结构

当你想要自己写 Chart 时,你会看到这样的文件夹结构(使用 helm create my-chart 生成):

my-chart/
├── Chart.yaml          # 项目信息(版本、描述)
├── values.yaml         # 默认配置(最核心文件!所有的变量都写在这里)
├── charts/             # 依赖的其他子 Chart
└── templates/          # YAML 模板文件夹
    ├── deployment.yaml # K8s 资源模板
    └── service.yaml    # 暴露服务的模板