02 安装Helm

安装 Helm client

Helm的安装方式有两种：预编译的二进制程序和源码编译安装。

helm项目地址： https://github.com/kubernetes/helm

这里使用二进制程序的2.14.2版本Helm

cd ~ && wget https://get.helm.sh/helm-v2.14.2-linux-amd64.tar.gz
tar -xf helm-v2.14.2-linux-amd64.tar.gz
cp -a linux-amd64/helm /usr/local/bin/

Helm 命令使用帮助

helm help
The Kubernetes package manager
To begin working with Helm, run the 'helm init' command:
    $ helm init
This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.
Common actions from this point include:
- helm search:    search for charts
- helm fetch:     download a chart to your local directory to view
- helm install:   upload the chart to Kubernetes
- helm list:      list releases of charts
Environment:
- $HELM_HOME:           set an alternative location for Helm files. By default, these are stored in ~/.helm
- $HELM_HOST:           set an alternative Tiller host. The format is host:port
- $HELM_NO_PLUGINS:     disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
- $TILLER_NAMESPACE:    set an alternative Tiller namespace (default "kube-system")
- $KUBECONFIG:          set an alternative Kubernetes configuration file (default "~/.kube/config")
- $HELM_TLS_CA_CERT:    path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
- $HELM_TLS_CERT:       path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
- $HELM_TLS_KEY:        path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
- $HELM_TLS_ENABLE:     enable TLS connection between Helm and Tiller (default "false")
- $HELM_TLS_VERIFY:     enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
- $HELM_TLS_HOSTNAME:   the hostname or IP address used to verify the Tiller server certificate (default "127.0.0.1")
- $HELM_KEY_PASSPHRASE: set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for the passphrase while signing helm charts
Usage:
  helm [command]
Available Commands:
  completion  Generate autocompletions script for the specified shell (bash or zsh)
  create      create a new chart with the given name
  delete      given a release name, delete the release from Kubernetes
  dependency  manage a chart's dependencies
  fetch       download a chart from a repository and (optionally) unpack it in local directory
  get         download a named release
  help        Help about any command
  history     fetch release history
  home        displays the location of HELM_HOME
  init        initialize Helm on both client and server
  inspect     inspect a chart
  install     install a chart archive
  lint        examines a chart for possible issues
  list        list releases
  package     package a chart directory into a chart archive
  plugin      add, list, or remove Helm plugins
  repo        add, list, remove, update, and index chart repositories
  reset       uninstalls Tiller from a cluster
  rollback    roll back a release to a previous revision
  search      search for a keyword in charts
  serve       start a local http web server
  status      displays the status of the named release
  template    locally render templates
  test        test a release
  upgrade     upgrade a release
  verify      verify that a chart at the given path has been signed and is valid
  version     print the client/server version information
Flags:
      --debug                           enable verbose output
  -h, --help                            help for helm
      --home string                     location of your Helm config. Overrides $HELM_HOME (default "/home/appuser/.helm")
      --host string                     address of Tiller. Overrides $HELM_HOST
      --kube-context string             name of the kubeconfig context to use
      --kubeconfig string               absolute path to the kubeconfig file to use
      --tiller-connection-timeout int   the duration (in seconds) Helm will wait to establish a connection to tiller (default 300)
      --tiller-namespace string         namespace of Tiller (default "kube-system")
Use "helm [command] --help" for more information about a command.

安装Tiller Server

1、 首先需要在创建 Tiller Server的 Serviceaccount

vim tiller_rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: mobile
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: mobile

2、创建上面的资源清单创建资源

kubectl apply -f tiller-rbac.yaml

3、创建tiller server

#国内拉不到镜像
helm init --service-account tiller --tiller-namespace=mobile

#使用国内镜像
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.0 --service-account=tiller --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts --tiller-namespace=mobile

#阿里镜像不全可以使用aws的
stable: http://mirror.azure.cn/kubernetes/charts/
incubator:    http://mirror.azure.cn/kubernetes/charts-incubator/

helm init常用配置项如下：

--canary-image：安装canary分之，即项目Master的分支
--tiller-image：安装指定image，默认通Helm版本
--kube-context：安装到指定的kubernetes集群
--tiller-namespace：安装到指定的namespace中，默认为kube-system
--upgrade：如果tiller server已经被安装了，可以使用此选项更新镜像
--service-account：用于指定运行tiller server的serviceaccount，该account需要事先在kubernetes集群中创建，且需要相应的rbac授权

4、卸载Tiller的方法常用的两种方式

#1
kubectl delete deployment tiller-deploy --namespace kube-system
#2
helm reset