安装
安装Helm-client
建议:将helm client安装在k8s的master节点上
我们通过编译好的二进文件进行安装。从https://github.com/helm/helm/releases下载最新版本的压缩包(此时最新版本为v2.13.1,linux系统一般下载linux-amd64)。下载后解压,然后把其中的heml可执行文件拷贝到/usr/local/bin/目录下
$ wget https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz
$ tar xzvf helm-v2.13.1-linux-amd64.tar.gz
$ cp -vf linux-amd64/helm /usr/local/bin/然后执行helm help即可看到帮助信息。
安装tiller
集群内安装
最简单的安装tiller的方法就是执行helm init命令,这样helm client便会把tiller安装到k8s集群中。
[root@peng01 linux-amd64]# helm init
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!这里你可能会有疑问,helm client是如何知道把tiller安装到哪个集群中的呢?其实,helm client会读取环境变量KUBECONFIG的配置,即kubectl可以连接到哪个集群,则helm client就能连接到哪个集群,所以我们都是建议将helm client安装在k8s的master节点上。
helm init默认会连接https://kubernetes-charts.storage.googleapis.com以及去storage.googleapis.com拉取镜像,很容易被墙。可以通过以下的方法指定tiller镜像版本及stable-repo-url
$ helm init --upgrade --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.13.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts当我们把tiller安装在k8s集群中时,由于tiller需要访问apiserver,所以需要给tiller配置serviceaccount并给该serviceaccount授权。
$ kubectl create serviceaccount --namespace kube-system tiller
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller然后,更改tiller-deploy使用tiller这个ServiceAccount
$ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'当安装好以后,执行helm version命令即可查看tiller的状态
$ helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}发布一个chart
执行命令helm install stable/tomcat:0.2.0即可安装一个chart,但由于stable这个repository在google,国内访问不了,所以我们可以先翻墙把这个chart下载下来,然后再安装:
$ wget https://kubernetes-charts.storage.googleapis.com/tomcat-0.2.0.tgz
$ helm install ./tomcat-0.2.0.tgz
NAME: incendiary-saola
LAST DEPLOYED: Thu Apr 25 09:07:25 2019
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
incendiary-saola-tomcat-79dbb4ccd7-s8rmt 0/1 Init:0/1 0 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
incendiary-saola-tomcat LoadBalancer 10.109.200.121 <pending> 80:32604/TCP 0s
==> v1beta2/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
incendiary-saola-tomcat 0/1 1 0 0s
NOTES:
1. Get the application URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w incendiary-saola-tomcat'
export SERVICE_IP=$(kubectl get svc --namespace default incendiary-saola-tomcat -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo http://$SERVICE_IP:执行该命令后,会在default命令空间中生成了一个名字包含tomcat的Deployment与Service。
$ kubectl get deploy | grep tomcat
incendiary-saola-tomcat 1/1 1 1 15m
$ kubectl get service | grep tomcat
incendiary-saola-tomcat LoadBalancer 10.109.200.121 <pending> 80:32604/TCP 15mReference
Last updated
Was this helpful?