文章目录
前言
一、Helm是什么?
Helm 是 Kubernetes 的开源包管理器。它提供了提供、共享和使用为 Kubernetes 构建的软件的能力.
使用前提:
- 一个 Kubernetes 集群
- 确定你安装版本的安全配置
- 安装和配置Helm。
二、安装
1.helm3安装
-
首先去helm官网下载压缩包,按照官方的步骤操作即可。
-
然后进行解压,并将linux-amd64中的helm移动到/usr/local/bin目录中。
[root@master helm]# ll
总用量 13384
-rw-r--r-- 1 root root 13701153 7月 14 17:35 helm-v3.6.2-linux-amd64.tar.gz
[root@master helm]# tar -xzvf helm-v3.6.2-linux-amd64.tar.gz
linux-amd64/
linux-amd64/helm
linux-amd64/LICENSE
linux-amd64/README.md
[root@master helm]# ll
总用量 13384
-rw-r--r-- 1 root root 13701153 7月 14 17:35 helm-v3.6.2-linux-amd64.tar.gz
drwxr-xr-x 2 3434 3434 50 6月 29 23:41 linux-amd64
[root@master helm]# cd linux-amd64/
[root@master linux-amd64]# ll
总用量 44068
-rwxr-xr-x 1 3434 3434 45109248 6月 29 23:31 helm
-rw-r--r-- 1 3434 3434 11373 6月 29 23:41 LICENSE
-rw-r--r-- 1 3434 3434 3367 6月 29 23:41 README.md
[root@master linux-amd64]# cp helm /usr/local/bin
[root@master helm]# chmod u+x /usr/local/bin/helm
version.BuildInfo{Version:"v3.6.2",
GitCommit:"ee407bdf364942bcb8e8c665f82e15aa28009b71",
GitTreeState:"clean", GoVersion:"go1.16.5"}
[root@master helm]#
2.helm2安装
- 安装helm客户端
[root@master helm]# wget https://get.helm.sh/helm-v2.15.2-linux-amd64.tar.gz
-rw-r--r-- 1 root root 24525846 10月 30 2019 helm-v2.15.2-linux-amd64.tar.gz
[root@master helm]# tar -xzvf helm-v2.15.2-linux-amd64.tar.gz
drwxr-xr-x 2 root root 64 10月 30 2019 linux-amd64
[root@master helm]# cp helm /usr/local/bin/
[root@master helm]# chmod u+x /usr/local/bin/helm
- 安装Tiller server(需要创建授权用户)
vim rbac-config.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-syste
[root@master helm]# kubectl create -f rbac-config.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created
[root@master helm]# helm init --service-account=tiller
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
[root@master helm]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7ff77c879f-llqmd 1/1 Running 2 4d5h
coredns-7ff77c879f-vn2z2 1/1 Running 2 4d5h
etcd-master 1/1 Running 2 4d5h
kube-apiserver-master 1/1 Running 2 4d5h
kube-controller-manager-master 1/1 Running 2 4d5h
kube-flannel-ds-bq4tr 1/1 Running 3 4d4h
kube-flannel-ds-j9jhg 1/1 Running 0 9h
kube-flannel-ds-mxkb8 1/1 Running 0 144m
kube-proxy-fdrqk 1/1 Running 0 37h
kube-proxy-h8rkp 1/1 Running 2 4d5h
kube-proxy-vm6kq 1/1 Running 0 25h
kube-scheduler-master 1/1 Running 3 4d5h
tiller-deploy-6d59867c45-ll2g8 0/1 ImagePullBackOff 0 13m
# tiller的镜像没有下载成功,需要修改到阿里云的镜像
[root@master helm]# kubectl edit pod tiller-deploy-6d59867c45-ll2g8 -n kube-system
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2021-07-14T14:54:01Z"
generateName: tiller-deploy-6d59867c45-
labels:
app: helm
name: tiller
pod-template-hash: 6d59867c45
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
......#此处省略
spec:
automountServiceAccountToken: true
containers:
- env:
- name: TILLER_NAMESPACE
value: kube-system
- name: TILLER_HISTORY_MAX
value: "0"
image: gcr.io/kubernetes-helm/tiller:v2.15.2
#image: registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.15.2 替换即可
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /liveness
port: 44135
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: tiller
......
- 配置Helm仓库
[root@master helm]# helm repo list # 查看仓库列表 默认是谷歌的
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
[root@master helm]# helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts # 替换为阿里云的镜像
"stable" has been added to your repositories
[root@master helm]# helm repo list
NAME URL
stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
local http://127.0.0.1:8879/charts
[root@master helm]# helm repo update # 更新仓库
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
[root@master helm]# helm version # 只有Client和Server同时出现完成 最后就完成安装了。
Client: &version.Version{SemVer:"v2.15.2", GitCommit:"8dce272473e5f2a7bf58ce79bb5c3691db54c96b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.15.2", GitCommit:"8dce272473e5f2a7bf58ce79bb5c3691db54c96b", GitTreeState:"clean"}
三、部署dashboard
[root@master dashboard]#helm repo add k8s-dashboard https://kubernetes.github.io/dashboard
[root@master dashboard]# helm install k8s-dashboard/kubernetes-dashboard -n kubernetes-dashboard --namespace kube-system --version 2.0.1 必须要指定命名空间--namespace helm2 同时需要指定Chart的名称 -name
NAME: kubernetes-dashboard
LAST DEPLOYED: Thu Jul 15 22:33:45 2021
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ClusterRole
NAME AGE
kubernetes-dashboard-metrics 0s
==> v1/ClusterRoleBinding
NAME AGE
kubernetes-dashboard-metrics 0s
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
kubernetes-dashboard 0/1 1 0 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-6b6487b96-7jhz2 0/1 ContainerCreating 0 0s
==> v1/Role
NAME AGE
kubernetes-dashboard 0s
==> v1/RoleBinding
NAME AGE
kubernetes-dashboard 0s
==> v1/Secret
NAME TYPE DATA AGE
kubernetes-dashboard-certs Opaque 0 0s
kubernetes-dashboard-csrf Opaque 0 0s
kubernetes-dashboard-key-holder Opaque 0 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard ClusterIP 10.97.183.66 <none> 443/TCP 0s
==> v1/ServiceAccount
NAME SECRETS AGE
kubernetes-dashboard 1 0s
NOTES:
*********************************************************************************
*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
*********************************************************************************
Get the Kubernetes Dashboard URL by running:
export POD_NAME=$(kubectl get pods -n kube-system -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=kubernetes-dashboard" -o jsonpath="{.items[0].metadata.name}")
echo https://127.0.0.1:8443/
kubectl -n kube-system port-forward $POD_NAME 8443:8443
#编辑kubernetes-dashboard 类型为NodePort
[root@master dashboard]# kubectl edit svc kubernetes-dashboard -n kube-system
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2021-07-15T14:33:47Z"
labels:
app.kubernetes.io/component: kubernetes-dashboard
app.kubernetes.io/instance: kubernetes-dashboard
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: kubernetes-dashboard
app.kubernetes.io/version: 2.0.1
helm.sh/chart: kubernetes-dashboard-2.0.1
kubernetes.io/cluster-service: "true"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:labels:
.: {}
f:app.kubernetes.io/component: {}
f:app.kubernetes.io/instance: {}
f:app.kubernetes.io/managed-by: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/version: {}
f:helm.sh/chart: {}
f:kubernetes.io/cluster-service: {}
f:spec:
f:ports:
.: {}
k:{"port":443,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector:
.: {}
f:app.kubernetes.io/component: {}
f:app.kubernetes.io/instance: {}
f:app.kubernetes.io/name: {}
f:sessionAffinity: {}
manager: Go-http-client
operation: Update
time: "2021-07-15T14:33:47Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:externalTrafficPolicy: {}
f:type: {}
manager: kubectl
operation: Update
time: "2021-07-15T14:35:05Z"
name: kubernetes-dashboard
namespace: kube-system
resourceVersion: "582640"
selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard
uid: 59ed5213-a5e2-4717-afad-0b3c7a25709e
spec:
clusterIP: 10.97.183.66
externalTrafficPolicy: Cluster
ports:
- name: https
nodePort: 31709
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: kubernetes-dashboard
app.kubernetes.io/instance: kubernetes-dashboard
app.kubernetes.io/name: kubernetes-dashboard
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
[root@master dashboard]# kubectl get svc -o wide -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 5d4h k8s-app=kube-dns
kubernetes-dashboard NodePort 10.97.183.66 <none> 443:31709/TCP 2m52s app.kubernetes.io/component=kubernetes-dashboard,app.kubernetes.io/instance=kubernetes-dashboard,app.kubernetes.io/name=kubernetes-dashboard
tiller-deploy ClusterIP 10.99.39.200 <none> 44134/TCP 23h app=helm,name=tiller
[root@master dashboard]# kubectl -n kube-system get secret | grep kubernetes-dashboard-token
kubernetes-dashboard-token-t42mf kubernetes.io/service-account-token 3 97s
[root@master dashboard]# kubectl describe secret kubernetes-dashboard-token-t42mf -n kube-system
Name: kubernetes-dashboard-token-t42mf
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: c9ecb062-434c-49e2-a9b6-61dd680247b1
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkwtM25SRno5RE9GcUJucmFRRktvQXZIajlkZmZnTTZzRndqT2Z0eldTRUUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi10NDJtZiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImM5ZWNiMDYyLTQzNGMtNDllMi1hOWI2LTYxZGQ2ODAyNDdiMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.b7ETa4u-ydUSuQKCftMYU5jSc7x8aXUybrAFPqrF05b2KRuyvj5QDSRDq4OQBw-geKRufGRRHG0T6GkwKkbN3i3Nzye0XUjKDktZaqzCZ1L3hPWMU85tW1AoIIvvY8BedvpghFbQU_W-CgJSx6HESWjtQcMdRPl9iWLUln-iixXgUiH-lV46FaCgCRu14RXINzKb--o4VSVTnu_tbm0wJ5Y4TXi5cO1JMiSKeV81CJHFgy4cqCMf61eCbAmrqq8tUlcZp1Pax1cYmQJ1X4KwlHjEklEXeH-MQFI6pojNSQwikjkbaBVsHx1n0nGahbNJluTDDMwmJ9XGzU6T9yOOFA
ca.crt: 1025 bytes
namespace: 11 bytes
-
访问dashboard(使用的是火狐,谷歌可能会有问题)
-
输入刚刚查询到Token,登录成功