Helm Tiller Server Deploy

Kubernetes version 1.13.2

Helm 3 removes the Tiller server, see this post

This blog primarily talks about Tiller server, especially creating service account and cluster role binding for it. 还有一种解决办法是Tillerless, 将Tiller server 运行在本地的container中,见我的 <<Helm Quick Start>>

Zen uses Helm to install in ICP4D cluster. Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. Think of Helm like apt(deb), yum(rpm), homebrew for Kubernetes.

Resource

Helm Git Repos

Download Helm Installer

Download the Latest release from Helm Release. For example in Linux, we use:

1
Linux amd64 (checksum / 9f50e69cf5cfa7268b28686728ad0227507a169e52bf59c99ada872ddd9679f0)

Helm needs to be put in the control node that already configured with kubectl.

Untar the file and you can move helm binary to one of the exectuable path, such as /usr/local/bin:

1
2
# which helm
/usr/local/bin/helm

Deploy Tiller Server

Helm client needs to talk to Tiller server, which will be deploied in the K8s cluster.

Most cloud providers enable a feature called Role-Based Access Control - RBAC for short. If your cloud provider enables this feature, you will need to create a service account for Tiller with the right roles and permissions to access resources.

From here, you need to create a cluster role binding which specifies a role and a service account name that have been set up in advance rbac-config.yaml:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system

Then install Helm:

1
2
kubectl create -f rbac-config.yaml
helm init --service-account tiller --history-max 200

If you forget to create service account and cluster role binding before you initiate Helm, no worries, create rbac-config.yaml objects and patch it by:

1
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

Then check Tiller pod is running:

1
2
3
4
kubectl get pods -n kube-system -l app=helm

NAME READY STATUS RESTARTS AGE
tiller-deploy-845fb7cfc6-rn4nq 1/1 Running 0 20h

Now, we are in good shape, actually I can config SSL/TLS between Helm and Tiller, not covered in this blog.

Uninstall Tiller Server

There are 2 ways to uninstall:

1
2
helm reset
helm delete deploy tiller-deploy -n kube-system
0%