Funky's NoteBook

Install Helm for k8s

字数统计: 940阅读时长: 5 min
2019/03/18 Share

Kubernetes 集群安装 Helm

Step1: 使用官方提供的脚本安装 Helm

使用以下命令安装 Helm

1
2
3
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

在命令行执行:

1
helm

如果你看见以下输入说明 Helm 安装成功:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
The Kubernetes package manager

To begin working with Helm, run the 'helm init' command:

        $ helm init

This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.

Common actions from this point include:

- helm search:    search for charts
- helm fetch:     download a chart to your local directory to view
- helm install:   upload the chart to Kubernetes
- helm list:      list releases of charts

Environment:
  $HELM_HOME           set an alternative location for Helm files. By default, these are stored in ~/.helm
  $HELM_HOST           set an alternative Tiller host. The format is host:port
  $HELM_NO_PLUGINS     disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
  $TILLER_NAMESPACE    set an alternative Tiller namespace (default "kube-system")
  $KUBECONFIG          set an alternative Kubernetes configuration file (default "~/.kube/config")
  $HELM_TLS_CA_CERT    path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
  $HELM_TLS_CERT       path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
  $HELM_TLS_KEY        path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
  $HELM_TLS_ENABLE     enable TLS connection between Helm and Tiller (default "false")
  $HELM_TLS_VERIFY     enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
  $HELM_TLS_HOSTNAME   the hostname or IP address used to verify the Tiller server certificate (default "127.0.0.1")
  $HELM_KEY_PASSPHRASE set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for
                       the passphrase while signing helm charts

Step2:为 Helm 创建 service account

这里将 service account 命名为 helm-sa,在后面初始化 helm 会用得到:

1
2
3
4
5
apiVersion: v1
kind: ServiceAccount
metadata:
  name: helm-sa 
  namespace: kube-system

Step3:为刚刚创建 service account 绑定 RBAC

使用以下配置为service account绑定 RBAC

1
2
3
4
5
6
7
8
9
10
11
12
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: helm-crb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: helm-sa
  namespace: kube-system

Step4: 初始化 Helm

使用以下命令初始化Helm

1
helm init --service-account helm-sa

如果你看见以下输出,说明 helm 安装成功:

1
2
3
4
5
6
7
8
$HELM_HOME has been configured at /root/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!

为了确保 helmtiller 正常运行,执行:

1
$ kubectl get pods -n kube-system | grep tiller

如果看见 tiller 的 pod 在正常运行,说明 helm 安装完成:

1
tiller-deploy-8499c7dfc7-ghkdt          1/1     Running   0          102s

如果发现 pod 无法拉取镜像可以通过 image-pull 工具 拉取镜像:

1
2
3
4
5
> $ docker run --rm -it \
> -v /var/run/docker.sock:/var/run/docker.sock \
> registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest \
> gcr.io/kubernetes-helm/tiller:v2.13.0
>

Step5: 重置 Helm chart repo

由于原有的 stable 源国内无法使用,因此需要切换 repo。

  • 首先移除原有 stable repo:
1
$ helm repo remove stable
  • 添加 Azure 的镜像 repo:
1
2
$ helm repo add stable http://mirror.azure.cn/kubernetes/charts/
$ helm repo add incubator http://mirror.azure.cn/kubernetes/charts-incubator/
  • (验证) 获取 helm repo 列表:
1
$ helm repo list

如果你看见以下输入说明你已经成功配置好镜像 repo :

1
2
3
4
NAME            URL                                                
local           http://127.0.0.1:8879/charts                       
stable          http://mirror.azure.cn/kubernetes/charts/          
incubator       http://mirror.azure.cn/kubernetes/charts-incubator/

执行以下命令,验证 repo 是否正常工作:

1
helm search

如果你看见以下输入说明 repo 正常工作:

1
2
3
4
5
6
NAME                                            CHART VERSION   APP VERSION                     DESCRIPTION                                                 
incubator/artifactory                           5.2.1           5.2.0                           DEPRECATED Universal Repository Manager supporting all ma...
incubator/aws-alb-ingress-controller            0.1.4           v1.0.1                          A Helm chart for AWS ALB Ingress Controller                 
incubator/azuremonitor-containers               0.5.0           2.0.0-3                         Helm chart for deploying Azure Monitor container monitori...
incubator/burrow                                0.3.3           0.17.1                          Burrow is a permissionable smart contract machine           
incubator/cassandra                             0.10.5          3.11.3                          Apache Cassandra is a free and open-source distributed da...

原文作者:Linus Lee

原文链接:http://note.run-linux.com/2019/03/18/Install-Helm-with-k8s/

发表日期:March 18th 2019, 3:15:33 pm

更新日期:March 26th 2019, 9:39:36 pm

版权声明:本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

CATALOG
  1. 1. 为 Kubernetes 集群安装 Helm
    1. 1.1. Step1: 使用官方提供的脚本安装 Helm:
    2. 1.2. Step2:为 Helm 创建 service account
    3. 1.3. Step3:为刚刚创建 service account 绑定 RBAC
    4. 1.4. Step4: 初始化 Helm
    5. 1.5. Step5: 重置 Helm chart repo
Total : 30
2022
2020
2019
2018
2017
arch Data Structure docker Go k8s istio scraping open-source Linux