安裝Helm
Helm由客戶端命helm令行工具和服務(wù)端tiller組成军熏,Helm的安裝十分簡單。 下載helm命令行工具到master節(jié)點(diǎn)node1的/usr/local/bin下艾恼,這里下載的2.12.0版本:
wget https://storage.googleapis.com/kubernetes-helm/helm-v2.12.0-linux-amd64.tar.gz
tar -zxvf helm-v2.12.0-linux-amd64.tar.gz
cd linux-amd64/
cp helm /usr/local/bin/
為了安裝服務(wù)端tiller,還需要在這臺(tái)機(jī)器上配置好kubectl工具和kubeconfig文件,確保kubectl工具可以在這臺(tái)機(jī)器上訪問apiserver且正常使用蜡饵。 這里的node1節(jié)點(diǎn)以及配置好了kubectl。
因?yàn)镵ubernetes APIServer開啟了RBAC訪問控制胳施,所以需要?jiǎng)?chuàng)建tiller使用的service account: tiller并分配合適的角色給它溯祸。 詳細(xì)內(nèi)容可以查看helm文檔中的Role-based Access Control。 這里簡單起見直接分配cluster-admin這個(gè)集群內(nèi)置的ClusterRole給它舞肆。創(chuàng)建rbac-config.yaml文件:
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
kubectl create -f rbac-config.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created
接下來使用helm部署tiller:
# 創(chuàng)建服務(wù)端
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
# 創(chuàng)建TLS認(rèn)證服務(wù)端焦辅,參考地址:https://github.com/gjmzj/kubeasz/blob/master/docs/guide/helm.md
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.0 --tiller-tls-cert /etc/kubernetes/ssl/tiller001.pem --tiller-tls-key /etc/kubernetes/ssl/tiller001-key.pem --tls-ca-cert /etc/kubernetes/ssl/ca.pem --tiller-namespace kube-system --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
tiller默認(rèn)被部署在k8s集群中的kube-system這個(gè)namespace下:
kubectl get pod -n kube-system -l app=helm
NAME READY STATUS RESTARTS AGE
tiller-deploy-c4fd4cd68-dwkhv 1/1 Running 0 83s
helm version
Client: &version.Version{SemVer:"v2.12.0", GitCommit:"d325d2a9c179b33af1a024cdb5a4472b6288016a", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.0", GitCommit:"d325d2a9c179b33af1a024cdb5a4472b6288016a", GitTreeState:"clean"}
Nginx Ingress
為了便于將集群中的服務(wù)暴露到集群外部,從集群外部訪問椿胯,接下來使用Helm將Nginx Ingress部署到Kubernetes上筷登。
helm install --name nginx-ingress --namespace ingress-nginx stable/nginx-ingress --version 1.4.0 --set controller.hostNetwork=true,rbac.create=true,controller.image.repository=hub.ppmoney.io/google_containers/nginx-ingress-controller,controller.image.tag=0.21.0
root@k8smaster1:/home/osboxes# kubectl get pod -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-6c8dbd489-fhtxv 1/1 Running 0 46h 192.168.21.73 k8snode2 <none> <none>
nginx-ingress-default-backend-56d99b86fb-h5kxg 0/1 ImagePullBackOff 0 46h 10.244.1.19 k8snode2 <none> <none>
Dashboard
helm install stable/kubernetes-dashboard --name kubernetes-dashboard --namespace kube-system --set ingress.enabled=true,rbac.clusterAdminRole=true,ingress.hosts[0]=dashboard.k8sfy.ppmoney.io,image.repository=hub.ppmoney.io/google_containers/kubernetes-dashboard-amd64,image.tag=v1.10.1,enableSkipLogin=true,enableInsecureLogin=true
這時(shí)候我們?cè)L問http://dashboard.k8sfy.ppmoney.io即可