快速安装 Helm

kubernetes 的包管理器

Mon Jul 23, 2018

600 Words|Read in about 2 Min
Tags: kubernetes  

概述

Helm 是 Kubernetes 的包管理器,可以帮我们简化 kubernetes 的操作,一键部署应用。假如你的机器上已经安装了 kubectl 并且能够操作集群,那么你就可以安装 Helm 了。

安装

执行脚本安装 helm 客户端:

$ curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  6737  100  6737    0     0  12491      0 --:--:-- --:--:-- --:--:-- 12475
Downloading https://kubernetes-helm.storage.googleapis.com/helm-v2.9.1-linux-amd64.tar.gz
Preparing to install into /usr/local/bin
helm installed into /usr/local/bin/helm
Run 'helm init' to configure helm.

查看客户端版本:

$ helm version
Client: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}

安装 tiller 服务端到 kubernetes 集群:

$ helm init
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!

查看 tiller 是否启动成功:

$ kubectl get pods --namespace=kube-system | grep tiller
tiller-deploy-dccdb6fd9-2df4r          0/1       ImagePullBackOff   0          14h

如果状态是 ImagePullBackOff ,说明是镜像问题,一般是未拉取到镜像(国内机器拉取不到 gcr.io 下的镜像) 可以查看下是什么镜像:

$ kubectl describe pod tiller-deploy-dccdb6fd9-2df4r --namespace=kube-system
Events:
  Type     Reason   Age                   From                Message
  ----     ------   ----                  ----                -------
  Warning  Failed   36m (x5 over 12h)     kubelet, k8s-node1  Failed to pull image "gcr.io/kubernetes-helm/tiller:v2.9.1": rpc error: code = Unknown desc = Get https://gcr.io/v1/_ping: dial tcp 64.233.189.82:443: i/o timeout
  Normal   BackOff  11m (x3221 over 14h)  kubelet, k8s-node1  Back-off pulling image "gcr.io/kubernetes-helm/tiller:v2.9.1"
  Warning  Failed   6m (x3237 over 14h)   kubelet, k8s-node1  Error: ImagePullBackOff
  Warning  Failed   1m (x15 over 14h)     kubelet, k8s-node1  Failed to pull image "gcr.io/kubernetes-helm/tiller:v2.9.1": rpc error: code = Unknown desc = Get https://gcr.io/v1/_ping: dial tcp 64.233.188.82:443: i/o timeout

把这个没拉取到镜像想办法下载到这台机器上。当我们看到状态为 Running 说明 tiller 已经成功运行了:

$ kubectl get pods -n kube-system | grep tiller
tiller-deploy-dccdb6fd9-2df4r                   1/1       Running   1          41d

默认安装的 tiller 权限很小,我们执行下面的脚本给它加最大权限,这样方便我们可以用 helm 部署应用到任意 namespace 下:

kubectl create serviceaccount --namespace=kube-system tiller

kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

kubectl patch deploy --namespace=kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

See Also

Mon Jul 23, 2018

600 Words|Read in about 2 Min
Tags: kubernetes