kunernets使用helm安装tiller的问题总结
目录《使用kubeadm安装Kubernetes 1.15》原文问题1:not find the requested resource问题2:podSTATUS:ImagePullBackOff《使用kubeadm安装Kubernetes 1.15》原文Helm的安装Helm由客户端命helm令行工具和服务端tiller组成,Helm的安装十分简单。 下载helm命令行工...
目录
《使用kubeadm安装Kubernetes 1.15》原文
问题1:not find the requested resource
问题2:pod STATUS:ImagePullBackOff
《使用kubeadm安装Kubernetes 1.15》原文
Helm的安装
Helm由客户端命helm令行工具和服务端tiller组成,Helm的安装十分简单。 下载helm命令行工具到master节点node1的/usr/local/bin下,这里下载的2.14.1版本:
curl -O https://get.helm.sh/helm-v2.14.1-linux-amd64.tar.gz
tar -zxvf helm-v2.14.1-linux-amd64.tar.gz
cd linux-amd64/
cp helm /usr/local/bin/为了安装服务端tiller,还需要在这台机器上配置好kubectl工具和kubeconfig文件,确保kubectl工具可以在这台机器上访问apiserver且正常使用。 这里的node1节点已经配置好了kubectl。
因为Kubernetes APIServer开启了RBAC访问控制,所以需要创建tiller使用的service account: tiller并分配合适的角色给它。 详细内容可以查看helm文档中的Role-based Access Control。 这里简单起见直接分配cluster-admin这个集群内置的ClusterRole给它。创建 helm-rbac.yaml 文件:
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system执行:
kubectl create -f helm-rbac.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created接下来使用helm部署tiller:
helm init --service-account tiller --skip-refresh
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!问题1:not find the requested resource
# helm init --service-account tiller --skip-refresh
报错:
Error: error installing: the server could not find the requested resource
----服务器无法找到请求的资源
查找了一系列文章最终找到《Kubernetes指南》解决:
对于 Kubernetes v1.16.0 以上的版本,有可能会碰到 Error: error installing: the server could not find the requested resource 的错误。这是由于 extensions/v1beta1 已经被 apps/v1 替代,解决方法是:
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | kubectl apply -f -更新 charts 列表:
helm repo update结果OK:
问题2:pod STATUS:ImagePullBackOff
查看状态发现 STATUS:ImagePullBackOff
# tiller默认被部署在k8s集群中的 kube-system 这个namespace下
# kubectl get pods -n kube-system
查看pod的事件
# kubectl describe pod tiller-deploy-cf88b7d9-zlb7s -n kube-system
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 11m default-scheduler Successfully assigned kube-system/tiller-deploy-cf88b7d9-zlbe2
Normal Pulling 8m44s (x4 over 11m) kubelet, node2 Pulling image "gcr.io/kubernetes-helm/tiller:v2.14.1"
Warning Failed 8m29s (x4 over 10m) kubelet, node2 Failed to pull image "gcr.io/kubernetes-helm/tiller:v2.14.1"or: code = Unknown desc = Error response from daemon: Get https://gcr.io/v2/: net/http: request canceled while waiting foron (Client.Timeout exceeded while awaiting headers)
Warning Failed 8m29s (x4 over 10m) kubelet, node2 Error: ErrImagePull
Normal BackOff 8m15s (x6 over 10m) kubelet, node2 Back-off pulling image "gcr.io/kubernetes-helm/tiller:v2.14.
Warning Failed 54s (x35 over 10m) kubelet, node2 Error: ImagePullBackOff
显然是获取 gcr.io/kubernetes-helm/tiller:v2.14 镜像失败。
需要手动拉取镜像
1、查看可用镜像
[root@node1 linux-amd64]# docker search tiller
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
jessestuart/tiller Nightly multi-architecture (amd64, arm64, ar… 19 [OK]
sapcc/tiller Mirror of https://gcr.io/kubernetes-helm/til… 9
ist0ne/tiller https://gcr.io/kubernetes-helm/tiller 3 [OK]
rancher/tiller 2
jmgao1983/tiller from gcr.io/kubernetes-helm/tiller 2 [OK]
ibmcom/tiller Docker Image for IBM Cloud private-CE (Commu… 1
luxas/tiller 1
itinerisltd/tiller [Deprecated] Use https://circleci.com/orbs/r… 1
ansibleplaybookbundle/tiller-apb An APB that deploys tiller for use with helm. 1 [OK]
cfplatformeng/tiller-ubuntu 0我选取的:sapcc/tiller Mirror of https://gcr.io/kubernetes-helm/til…
2、去dockerhub上确认下
3、下载镜像:
docker pull sapcc/tiller:v2.16.3
查看本地镜像
[root@node1 linux-amd64]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sapcc/tiller v2.16.3 6a79bebf87f5 7 days ago 91.2MB
...4、编辑下配置文件
# kubectl edit deployment tiller-deploy -n kube-system...
template:
metadata:
creationTimestamp: null
labels:
app: helm
name: tiller
spec:
automountServiceAccountToken: true
containers:
- env:
- name: TILLER_NAMESPACE
value: kube-system
- name: TILLER_HISTORY_MAX
value: "0"
# image:改成手动下载的镜像的 NAME:TAG
image: sapcc/tiller:v2.16.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /liveness
port: 44135
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: tiller
...另一种方法是
找到镜像拉取策略做以下修改:
imagePullPolicy:NeverIfNotPresent :如果本地存在镜像就优先使用本地镜像。 Never:直接不再去拉取镜像了,使用本地的;如果本地不存在就报异常了
5、然后更新 charts 列表
helm repo update7、查看pod状态,Running !
[root@node1 linux-amd64]# kubectl get pod -n kube-system -l app=helm
NAME READY STATUS RESTARTS AGE
tiller-deploy-655f8745d9-zgkwc 1/1 Running 0 98m参考:
https://feisky.gitbooks.io/kubernetes/content/apps/helm.html
开源、云原生的融合云平台
更多推荐
3
0- 0
已为社区贡献2条内容
所有评论(0)