使用 Azure Container Registry 作為應用程式圖表的 Helm 存放庫Use Azure Container Registry as a Helm repository for your application charts

若要快速管理及部署 Kubernetes 的應用程式,您可以使用開放原始碼 Helm 套件管理員To quickly manage and deploy applications for Kubernetes, you can use the open-source Helm package manager. 使用 Helm 時,應用程式會定義成儲存在 Helm 圖表存放庫中的「圖表」。With Helm, applications are defined as charts that are stored in a Helm chart repository. 這些圖表會定義設定和相依性,且在整個應用程式生命週期可進行版本設定。These charts define configurations and dependencies, and can be versioned throughout the application lifecycle. Azure Container Registry 可用來作為 Helm 圖表存放庫的主機。Azure Container Registry can be used as the host for Helm chart repositories.

使用 Azure Container Registry 時,您會擁有一個私人、安全的 Helm 圖表存放庫,此存放庫可與組建管線或其他 Azure 服務整合。With Azure Container Registry, you have a private, secure Helm chart repository, that can integrate with build pipelines or other Azure services. Azure Container Registry 中的 Helm 圖表存放庫包含異地複寫功能,可讓您的圖表靠近部署並提供備援。Helm chart repositories in Azure Container Registry include geo-replication features to keep your charts close to deployments and for redundancy. 您只需支付圖表所使用儲存體的費用,且所有 Azure Container Registry 價格層都有提供。You only pay for the storage used by the charts, and are available across all Azure Container Registry price tiers.

此文章說明如何使用儲存在 Azure Container Registry 中的 Helm 圖表存放庫。This article shows you how to use a Helm chart repository stored in Azure Container Registry.

重要

此功能目前為預覽狀態。This feature is currently in preview. 若您同意補充的使用規定,即可取得預覽。Previews are made available to you on the condition that you agree to the supplemental terms of use. 在公開上市 (GA) 之前,此功能的某些領域可能會變更。Some aspects of this feature may change prior to general availability (GA).

開始之前Before you begin

若要完成此文章中的步驟,必須符合下列先決條件︰To complete the steps in this article, the following pre-requisites must be met:

  • Azure Container Registry - 在您的 Azure 訂用帳戶中建立容器登錄。Azure Container Registry - Create a container registry in your Azure subscription. 例如,使用 Azure 入口網站Azure CLIFor example, use the Azure portal or the Azure CLI.
  • Helm 用戶端 2.11.0 版 (不是 RC 版本) 或更新版本 - 執行 helm version 以找出您目前的版本。Helm client version 2.11.0 (not an RC version) or later - Run helm version to find your current version. 此外,您還需要一部在 Kubernetes 叢集內初始化的 Helm 伺服器 (Tiller)。You also need a Helm server (Tiller) initialized within a Kubernetes cluster. 如有需要,您可以建立 Azure Kubernetes Service 叢集If needed, you can create an Azure Kubernetes Service cluster. 如需有關如何安裝及升級 Helm 的詳細資訊,請參閱安裝 HelmFor more information on how to install and upgrade Helm, see Installing Helm.
  • Azure CLI 2.0.46 版或更新版本 - 請執行 az --version 來找出版本。Azure CLI version 2.0.46 or later - Run az --version to find the version. 如果您需要安裝或升級,請參閱安裝 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

將存放庫新增至 Helm 用戶端Add a repository to Helm client

Helm 存放庫是一個可以儲存 Helm 圖表的 HTTP 伺服器。A Helm repository is an HTTP server that can store Helm charts. Azure Container Registry 可為 Helm 圖表提供此儲存體,並在您於存放庫中新增和移除圖表時管理索引定義。Azure Container Registry can provide this storage for Helm charts, and manage the index definition as you add and remove charts to the repository.

若要新增 Azure Container Registry 作為 Helm 圖表存放庫,您可以使用 Azure CLI。To add your Azure Container Registry as a Helm chart repository, you use the Azure CLI. 使用此方法時,會以 Azure Container Registry 所支持存放庫的 URI 和認證更新您的 Helm 用戶端。With this approach, your Helm client is updated with the URI and credentials for the repository backed by Azure Container Registry. 您無須手動指定此存放庫資訊,因此舉例來說,認證並不會暴露在命令歷程記錄中。You don't need to manually specify this repository information, so the credentials aren't exposed in the command history, for example.

如有需要,請登入 Azure CLI 並依照提示進行操作:If needed, log in to the Azure CLI and follow the prompts:

az login

使用 az configure 命令,以您 Azure Container Registry 的名稱設定 Azure CLI 預設值。Configure the Azure CLI defaults with the name of your Azure Container Registry using the az configure command. 在下列範例中,以您的登錄名稱取代 <acrName>In the following example, replace <acrName> with the name of your registry:

az configure --defaults acr=<acrName>

現在,使用 az acr helm repo add 命令,將您的 Azure Container Registry Helm 圖表存放庫新增至 Helm 用戶端。Now add your Azure Container Registry Helm chart repository to your Helm client using the az acr helm repo add command. 此命令會取得 Helm 用戶端所使用 Azure Container Registry 的驗證權杖。This command gets an authentication token for your Azure container registry that is used by the Helm client. 驗證權杖的有效期為 1 小時。The authentication token is valid for 1 hour. docker login 類似,您可以在未來的 CLI 工作階段中執行此命令,以向 Azure Container Registry Helm 圖表存放庫驗證 Helm 用戶端:Similar to docker login, you can run this command in future CLI sessions to authenticate your Helm client with your Azure Container Registry Helm chart repository:

az acr helm repo add

將圖表新增至存放庫Add a chart to the repository

針對此文章,我們將從公用 Helm stable 存放庫取得現有的 Helm 圖表。For this article, let's get an existing Helm chart from the public Helm stable repo. stable 存放庫是一個經過策劃的公用存放庫,當中包含常見的應用程式圖表。The stable repo is a curated, public repo that includes common application charts. 套件維護人員可以將其圖表提交給 stable 存放庫,方式就像 Docker Hub 為常見的容器映像提供公用登錄一樣。Package maintainers can submit their charts to the stable repo, in the same way that Docker Hub provides a public registry for common container images. 接著,便可將從公用 stable 存放庫下載的圖表推送到您的私人 Azure Container Registry 存放庫。The chart downloaded from the public stable repo can then be pushed to your private Azure Container Registry repository. 在大多數情況下,您會為您開發的應用程式建置並上傳自己的圖表。In most scenarios, you would build and upload your own charts for the applications you develop. 如需有關如何建置您自己 Helm 圖表的詳細資訊,請參閱開發 Helm 圖表For more information on how to build your own Helm charts, see developing Helm charts.

首先,在 ~/acr-helm 建立一個目錄,然後下載現有的 stable/wordpress 圖表:First, create a directory at ~/acr-helm, then download the existing stable/wordpress chart:

mkdir ~/acr-helm && cd ~/acr-helm
helm fetch stable/wordpress

列出已下載的圖表,並記下檔案名稱中所包含的 Wordpress 版本。List the downloaded chart, and note the Wordpress version included in the filename. helm fetch stable/wordpress 命令並未指定特定的版本,因此擷取的是「最新」版本。The helm fetch stable/wordpress command didn't specify a particular version, so the latest version was fetched. 所有 Helm 圖表都會在檔案名稱中包含依循 SemVer 2 標準的版本號碼。All Helm charts include a version number in the filename that follows the SemVer 2 standard. 在下列範例輸出中,Wordpress 圖表的版本為 2.1.10In the following example output, the Wordpress chart is version 2.1.10:

$ ls

wordpress-2.1.10.tgz

現在,使用 Azure CLI az acr helm push 命令,將圖表推送至 Azure Container Registry 中的 Helm 圖表存放庫。Now push the chart to your Helm chart repository in Azure Container Registry using the Azure CLI az acr helm push command. 指定在上一個步驟中所下載 Helm 圖表的名稱,例如 wordpress-2.1.10.tgzSpecify the name of your Helm chart downloaded in the previous step, such as wordpress-2.1.10.tgz:

az acr helm push wordpress-2.1.10.tgz

片刻之後,Azure CLI 就會回報已儲存您的圖表,如以下範例輸出所示:After a few moments, the Azure CLI reports that your chart has been saved, as shown in the following example output:

$ az acr helm push wordpress-2.1.10.tgz

{
  "saved": true
}

列出存放庫中的圖表List charts in the repository

Helm 用戶端會維護一份遠端存放庫內容的本機快取複本。The Helm client maintains a local cached copy of the contents of remote repositories. 對遠端存放庫進行變更時,並不會自動更新 Helm 用戶端在本機已知的可用圖表清單。Changes to a remote repository don't automatically update the list of available charts known locally by the Helm client. 當您跨存放庫搜尋圖表時,Helm 會使用其本機快取索引。When you search for charts across repositories, Helm uses it's local cached index. 若要使用在上一個步驟中上傳的圖表,必須更新本機 Helm 存放庫索引。To use the chart uploaded in the previous step, the local Helm repository index must be updated. 您可以為 Helm 用戶端中的存放庫重新編製索引,或使用 Azure CLI 來更新存放庫索引。You can reindex the repositories in the Helm client, or use the Azure CLI to update the repository index. 每次您將圖表新增至存放庫時,都必須完成此步驟:Each time you add a chart to your repository, this step must be completed:

az acr helm repo add

透過將圖表儲存在您的存放庫中,並在本機提供已更新的索引,您便可以使用一般 Helm 用戶端命令來進行搜尋或安裝。With a chart stored in your repository and the updated index available locally, you can use the regular Helm client commands to search or install. 若要查看您存放庫中的所有圖表,請使用 helm search <acrName>To see all the charts in your repository, use helm search <acrName>. 提供您自己的 Azure Container Registry 名稱:Provide your own Azure Container Registry name:

helm search <acrName>

這會列出在上一個步驟中推送的 Wordpress 圖表,如以下範例輸出所示:The Wordpress chart pushed in the previous step is listed, as shown in the following example output:

$ helm search myacrhelm

NAME                CHART VERSION   APP VERSION DESCRIPTION
helmdocs/wordpress  2.1.10          4.9.8       Web publishing platform for building blogs and websites.

您也可以搭配 Azure CLI 使用 az acr helm list來列出圖表:You can also list the charts with the Azure CLI, using az acr helm list:

az acr helm list

顯示 Helm 圖表的資訊Show information for a Helm chart

若要檢視存放庫中特定圖表的資訊,您可以再次使用一般 Helm 用戶端。To view information for a specific chart in the repo, you can again use the regular Helm client. 若要查看名為 wordpress之圖表的資訊,請使用 helm inspectTo see information for the chart named wordpress, use helm inspect.

helm inspect <acrName>/wordpress

未提供任何版本號碼時,會使用「最新」版本。When no version number is provided, the latest version is used. Helm 會傳回您圖表的相關詳細資訊,如以下扼要的範例輸出所示:Helm returns detailed information about your chart, as shown in the following condensed example output:

$ helm inspect myacrhelm/wordpress

appVersion: 4.9.8
description: Web publishing platform for building blogs and websites.
engine: gotpl
home: https://www.wordpress.com/
icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png
keywords:
- wordpress
- cms
- blog
- http
- web
- application
- php
maintainers:
- email: containers@bitnami.com
  name: bitnami-bot
name: wordpress
sources:
- https://github.com/bitnami/bitnami-docker-wordpress
version: 2.1.10
[...]

您也可以使用 Azure CLI az acr helm show 命令來顯示圖表的資訊。You can also show the information for a chart with the Azure CLI az acr helm show command. 同樣地,預設會傳回圖表的「最新」版本。Again, the latest version of a chart is returned by default. 您可以附加 --version 來列出圖表的特定版本,例如 2.1.10You can append --version to list a specific version of a chart, such as 2.1.10:

az acr helm show wordpress

從存放庫安裝 Helm 圖表Install a Helm chart from the repository

安裝您存放庫中的 Helm 圖表時,會以先指定存放庫名稱再指定圖表名稱的方式安裝。The Helm chart in your repository is installed by specifying the repository name and then chart name. 使用 Helm 用戶端來安裝 Wordpress 圖表:Use the Helm client to install the Wordpress chart:

helm install <acrName>/wordpress

提示

如果您推送至 Azure Container Registry Helm 圖表存放庫並稍後回到新的 CLI 工作階段,您的本機 Helm 用戶端就會需要已更新的驗證權杖。If you push to your Azure Container Registry Helm chart repository and later return in a new CLI session, your local Helm client needs an updated authentication token. 若要取得新的驗證權杖,請使用 az acr helm repo add 命令。To obtain a new authentication token, use the az acr helm repo add command.

下列步驟會在安裝程序期間完成:The following steps are completed during the install process:

  • Helm 用戶端會搜尋本機存放庫索引。The Helm client searches the local repository index.
  • 對應的圖表會下載自 Azure Container Registry 存放庫。The corresponding chart is downloaded from the Azure Container Registry repository.
  • 此圖表是使用您 Kubernetes 叢集中的 Tiller 來部署的。The chart is deployed using the Tiller in your Kubernetes cluster.

下列扼要的範例輸出顯示透過 Helm 圖表部署的 Kubernetes 資源:The following condensed example output shows the Kubernetes resources deployed through the Helm chart:

$ helm install myacrhelm/wordpress

NAME:   irreverent-jaguar
LAST DEPLOYED: Thu Sep 13 21:44:20 2018
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                                          READY  STATUS   RESTARTS  AGE
irreverent-jaguar-wordpress-7ff46d9b8c-b7v6m  0/1    Pending  0         1s
irreverent-jaguar-mariadb-0                   0/1    Pending  0         1s
[...]

從存放庫中刪除 Helm 圖表Delete a Helm chart from the repository

若要從存放庫中刪除圖表,請使用 az acr helm delete 命令。To delete a chart from the repository, use the az acr helm delete command. 指定圖表的名稱 (例如 wordpress),以及要刪除的版本 (例如 2.1.10)。Specify the name of the chart, such as wordpress, and the version to delete, such as 2.1.10.

az acr helm delete wordpress --version 2.1.10

如果您想要刪除所指定圖表的所有版本,請省略 --version 參數。If you wish to delete all versions of the named chart, leave out the --version parameter.

將會繼續在 helm search <acrName> 中傳回圖表。The chart continues to be returned in helm search <acrName>. 同樣地,Helm 用戶端並不會自動更新存放庫中的可用圖表清單。Again, the Helm client doesn't automatically update the list of available charts in a repository. 若要更新 Helm 用戶端存放庫索引,請再次使用 az acr helm repo add 命令:To update the Helm client repo index, use the az acr helm repo add command again:

az acr helm repo add

後續步驟Next steps

此文章使用了來自公用 stable 存放庫的現有 Helm 圖表。This article used an existing Helm chart from the public stable repository. 如需有關如何建立及部署 Helm 圖表的詳細資訊,請參閱開發 Helm 圖表For more information on how to create and deploy Helm charts, see Developing Helm charts.

Helm 圖表可以用來作為容器建置程序的一部分。Helm charts can be used as part of the container build process. 如需詳細資訊,請參閱使用 Azure Container Registry 工作For more information, see use Azure Container Registry Tasks.

如需有關如何使用及管理 Azure Container Registry 的詳細資訊,請參閱最佳做法For more information on how to use and manage Azure Container Registry, see the best practices.