1. Download the helm binary packages
https://get.helm.sh/helm-v2.16.0-linux-amd64.tar.gz
将helm目录下的helm文件拷贝到/usr/local/bin/helm
2.helm server installation Tiller
Tiller is deployed in Kubernetes Deployment cluster, you can simply use the following simple instructions to complete the installation.
helm init
Helm default due to storage.googleapis.com pull mirroring, if the machine you are currently executing can not access the domain name, then you can use the following command to install
helm init --client-only --stable-repo-url https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts/
helm repo add incubator https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/
helm repo update
# 创建服务端
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
# 创建TLS认证服务端,参考地址:https://github.com/gjmzj/kubeasz/blob/master/docs/guide/helm.md
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.0 --tiller-tls-cert /etc/kubernetes/ssl/tiller001.pem --tiller-tls-key /etc/kubernetes/ssl/tiller001-key.pem --tls-ca-cert /etc/kubernetes/ssl/ca.pem --tiller-namespace kube-system --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
# 注意helm 版本和 Tiller版本相同
3. Authorization to Tiller
Because the server Tiller Helm is a Deployment in Kubernetes in Kube-System Namespace deployment, it will go to connect Kube-Api create and delete applications Kubernetes years.
From the beginning of Kubernetes version 1.6, API Server enabled RBAC authorization. The default is not defined ServiceAccount current Tiller authorized the deployment, which can result in being refused access API Server. So we need to explicitly authorize the deployment of added Tiller.
Creating Kubernetes service account and binding role
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
To set up an account Tiller
# 使用 kubectl patch 更新 API 对象
$ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
deployment.extensions "tiller-deploy" patched
To see if authorization is successful
$ kubectl get deploy --namespace kube-system tiller-deploy --output yaml|grep serviceAccount
serviceAccount: tiller
serviceAccountName: tiller
Verify Tiller success
$ kubectl -n kube-system get pods|grep tiller
tiller-deploy-6d68f5c78f-nql2z 1/1 Running 0 5m
$ helm version
Client: &version.Version{SemVer:"v2.16.0", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.0", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}
4. Uninstall Helm server Tiller
helm reset 或
helm reset --force