# 安装

## 安装Helm-client

建议：将helm client安装在k8s的master节点上

我们通过编译好的二进文件进行安装。从`https://github.com/helm/helm/releases`下载最新版本的压缩包（此时最新版本为`v2.13.1`，linux系统一般下载`linux-amd64`）。下载后解压，然后把其中的`heml`可执行文件拷贝到`/usr/local/bin/`目录下

```
$ wget https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz
$ tar xzvf helm-v2.13.1-linux-amd64.tar.gz
$ cp -vf linux-amd64/helm /usr/local/bin/
```

然后执行`helm help`即可看到帮助信息。

## 安装tiller

### 集群内安装

最简单的安装tiller的方法就是执行`helm init`命令，这样helm client便会把tiller安装到k8s集群中。

```
[root@peng01 linux-amd64]# helm init
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
```

这里你可能会有疑问，helm client是如何知道把tiller安装到哪个集群中的呢？其实，helm client会读取环境变量`KUBECONFIG`的配置，即kubectl可以连接到哪个集群，则helm client就能连接到哪个集群，所以我们都是建议将helm client安装在k8s的master节点上。

`helm init`默认会连接`https://kubernetes-charts.storage.googleapis.com`以及去`storage.googleapis.com`拉取镜像，很容易被墙。可以通过以下的方法指定tiller镜像版本及`stable-repo-url`

```
$ helm init --upgrade --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.13.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
```

当我们把tiller安装在k8s集群中时，由于tiller需要访问apiserver，所以需要给tiller配置serviceaccount并给该serviceaccount授权。

```
$ kubectl create serviceaccount --namespace kube-system tiller
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
```

然后，更改`tiller-deploy`使用`tiller`这个ServiceAccount

```
$ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
```

当安装好以后，执行`helm version`命令即可查看tiller的状态

```
$ helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
```

## 发布一个chart

执行命令`helm install stable/tomcat:0.2.0`即可安装一个chart，但由于`stable`这个repository在google，国内访问不了，所以我们可以先翻墙把这个chart下载下来，然后再安装：

```
$ wget https://kubernetes-charts.storage.googleapis.com/tomcat-0.2.0.tgz 

$ helm install ./tomcat-0.2.0.tgz 
NAME:   incendiary-saola
LAST DEPLOYED: Thu Apr 25 09:07:25 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                                      READY  STATUS    RESTARTS  AGE
incendiary-saola-tomcat-79dbb4ccd7-s8rmt  0/1    Init:0/1  0         0s

==> v1/Service
NAME                     TYPE          CLUSTER-IP      EXTERNAL-IP  PORT(S)       AGE
incendiary-saola-tomcat  LoadBalancer  10.109.200.121  <pending>    80:32604/TCP  0s

==> v1beta2/Deployment
NAME                     READY  UP-TO-DATE  AVAILABLE  AGE
incendiary-saola-tomcat  0/1    1           0          0s


NOTES:
1. Get the application URL by running these commands:
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get svc -w incendiary-saola-tomcat'
  export SERVICE_IP=$(kubectl get svc --namespace default incendiary-saola-tomcat -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
  echo http://$SERVICE_IP:
```

执行该命令后，会在`default`命令空间中生成了一个名字包含`tomcat`的`Deployment`与`Service`。

```
$ kubectl get deploy | grep tomcat
incendiary-saola-tomcat    1/1     1            1           15m

$ kubectl get service | grep tomcat
incendiary-saola-tomcat    LoadBalancer   10.109.200.121   <pending>     80:32604/TCP   15m
```

## Reference

* <https://helm.sh/docs/using_helm/#installing-helm>
* <https://www.hi-linux.com/posts/21466.html>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://pshizhsysu.gitbook.io/kubernetes/helm/an-zhuang.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.