kubernetes
  • Introduction
  • 安装
    • 组件端口
    • 二进制安装
    • Kubeadm
      • 安装单Master集群
      • 安装高可用集群(手动分发证书)
      • 安装高可用集群(自动上传证书)
      • 安装ETCD集群
      • 安装高可用集群(外部ETCD)
    • 启动参数解析
      • ETCD相关参数
  • 负载均衡
    • Service
    • Ingress
    • 安装MetalLB
    • Nginx-ingress-controller
      • 转发TCP与UDP服务
      • 启动参数
      • 自定义Nginx模板
  • 存储
    • Volume
    • PV与PVC
    • StorageClass
    • Local-PV
      • Static-Provisioner
    • 实践
      • Ceph-RBD
      • NFS
  • 有状态服务
    • Mysql实践
    • Operator
      • Etcd
      • Zookeeper
      • Mysql
  • 认证与授权
    • 认证
      • 实践
    • 授权
  • Helm
    • 安装
    • Chart
      • 依赖
    • Helm命令
    • Repository
  • 日志
  • 监控
    • Prometheus体系
      • Prometheus
        • 内置函数
        • 配置
          • 规则文件
        • PromQL
      • Exporter
        • Metrics
      • Grafana
        • 配置
      • AlertManager
        • 配置
    • 容器监控
      • Cadvisor的指标
      • k8s中部署Prom与Cadvisor
  • Istio
  • 资源预留
    • imagefs与nodefs
    • 总结
  • 集群联邦
    • 联邦DNS原理
    • 联邦DNS安装
    • 安装federation-v1
  • Other
    • ImagePullSecret
    • QOS
    • Apiserver的代理
    • 资源配额
Powered by GitBook
On this page
  • 安装Helm-client
  • 安装tiller
  • 集群内安装
  • 发布一个chart
  • Reference

Was this helpful?

  1. Helm

安装

安装Helm-client

建议:将helm client安装在k8s的master节点上

我们通过编译好的二进文件进行安装。从https://github.com/helm/helm/releases下载最新版本的压缩包(此时最新版本为v2.13.1,linux系统一般下载linux-amd64)。下载后解压,然后把其中的heml可执行文件拷贝到/usr/local/bin/目录下

$ wget https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz
$ tar xzvf helm-v2.13.1-linux-amd64.tar.gz
$ cp -vf linux-amd64/helm /usr/local/bin/

然后执行helm help即可看到帮助信息。

安装tiller

集群内安装

最简单的安装tiller的方法就是执行helm init命令,这样helm client便会把tiller安装到k8s集群中。

[root@peng01 linux-amd64]# helm init
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!

这里你可能会有疑问,helm client是如何知道把tiller安装到哪个集群中的呢?其实,helm client会读取环境变量KUBECONFIG的配置,即kubectl可以连接到哪个集群,则helm client就能连接到哪个集群,所以我们都是建议将helm client安装在k8s的master节点上。

helm init默认会连接https://kubernetes-charts.storage.googleapis.com以及去storage.googleapis.com拉取镜像,很容易被墙。可以通过以下的方法指定tiller镜像版本及stable-repo-url

$ helm init --upgrade --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.13.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

当我们把tiller安装在k8s集群中时,由于tiller需要访问apiserver,所以需要给tiller配置serviceaccount并给该serviceaccount授权。

$ kubectl create serviceaccount --namespace kube-system tiller
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

然后,更改tiller-deploy使用tiller这个ServiceAccount

$ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

当安装好以后,执行helm version命令即可查看tiller的状态

$ helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}

发布一个chart

执行命令helm install stable/tomcat:0.2.0即可安装一个chart,但由于stable这个repository在google,国内访问不了,所以我们可以先翻墙把这个chart下载下来,然后再安装:

$ wget https://kubernetes-charts.storage.googleapis.com/tomcat-0.2.0.tgz 

$ helm install ./tomcat-0.2.0.tgz 
NAME:   incendiary-saola
LAST DEPLOYED: Thu Apr 25 09:07:25 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                                      READY  STATUS    RESTARTS  AGE
incendiary-saola-tomcat-79dbb4ccd7-s8rmt  0/1    Init:0/1  0         0s

==> v1/Service
NAME                     TYPE          CLUSTER-IP      EXTERNAL-IP  PORT(S)       AGE
incendiary-saola-tomcat  LoadBalancer  10.109.200.121  <pending>    80:32604/TCP  0s

==> v1beta2/Deployment
NAME                     READY  UP-TO-DATE  AVAILABLE  AGE
incendiary-saola-tomcat  0/1    1           0          0s


NOTES:
1. Get the application URL by running these commands:
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get svc -w incendiary-saola-tomcat'
  export SERVICE_IP=$(kubectl get svc --namespace default incendiary-saola-tomcat -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
  echo http://$SERVICE_IP:

执行该命令后,会在default命令空间中生成了一个名字包含tomcat的Deployment与Service。

$ kubectl get deploy | grep tomcat
incendiary-saola-tomcat    1/1     1            1           15m

$ kubectl get service | grep tomcat
incendiary-saola-tomcat    LoadBalancer   10.109.200.121   <pending>     80:32604/TCP   15m

Reference

PreviousHelmNextChart

Last updated 5 years ago

Was this helpful?

https://helm.sh/docs/using_helm/#installing-helm
https://www.hi-linux.com/posts/21466.html