Introduction
Helm is an officially supported package management tool for Kubernetes that makes it easy to discover, share, and use applications built for Kubernetes.
It is very convenient for version management and control of k8s applications.
Install
The latest version is used here 2.9.0
, which can be downloaded directly from the official address .
The official download speed is slow, here I also uploaded a package, for everyone to use: download address .
The installation is also divided into two types, the k8s cluster enables RBAC permission control and does not enable permission control.
Permission control is not enabled
When permission control is not enabled, the installation and deployment process is very simple, and it can be executed directly after decompression helm init
.
But by default helm
, it will go to the official repository to download the server tiller image, the address is: gcr.io/kubernetes-helm/tiller:v2.9.0
.
Due to some well-known reasons, gcr.io
this repository is unavailable. Here, I also uploaded an image for everyone to use through Alibaba Cloud Container Service.
As long as we initialize, specify the address of the tiller image used, as follows:
helm init --tiller-image registry.cn-hangzhou.aliyuncs.com/luhaoyuan/tiller:v2.9.0
Enable RBAC permission control
If permission control is enabled, it will be a little more troublesome, we need to create the corresponding serviceaccount , otherwise the following error will be reported:
list: failed to list: Get http://localhost:8080/api/v1/namespaces/kube-system/configmaps?
labelSelector=OWNER%3DTILLER: dial tcp 127.0.0.1:8080: connect: connection refused
helm ls
The following error message is reported when executing :
Error: configmaps is forbidden: User "system:serviceaccount:kube-system:default"
cannot list configmaps in the namespace "kube-system"
Well, let's start the installation and grant permissions, execute the following commands in sequence:
# 在kube-system命名空间中创建tiller账户
kubectl create serviceaccount --namespace kube-system tiller
# 创建角色并授予cluster-admin权限
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
# 指定账户进行初始化,别忘了还要指定tiller镜像哦
helm init --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/luhaoyuan/tiller:v2.9.0
# 最后验证一下,是否有报错,执行以下命令没报错则表示成功了
helm ls
Reference link: https://github.com/kubernetes/helm/issues/3460