Kubernetes version 1.13.2
Helm 3 removes the Tiller server, see this post
This blog primarily talks about Tiller
server, especially creating service account and cluster role binding for it.
还有一种解决办法是Tillerless
, 将Tiller server 运行在本地的container中,见我的 <<Helm Quick Start>>
Zen uses Helm
to install in ICP4D cluster. Helm
is a tool for managing Kubernetes charts. Charts
are packages of pre-configured Kubernetes resources. Think of Helm
like apt(deb), yum(rpm), homebrew for Kubernetes.
Resource
Download Helm Installer
Download the Latest release from Helm Release. For example in Linux, we use:
1 | Linux amd64 (checksum / 9f50e69cf5cfa7268b28686728ad0227507a169e52bf59c99ada872ddd9679f0) |
Helm
needs to be put in the control node that already configured withkubectl
.
Untar the file and you can move helm
binary to one of the exectuable path, such as /usr/local/bin
:
1 | # which helm |
Deploy Tiller Server
Helm client needs to talk to Tiller
server, which will be deploied in the K8s cluster.
Most cloud providers enable a feature called Role-Based Access Control - RBAC
for short. If your cloud provider enables this feature, you will need to create a service account for Tiller with the right roles and permissions to access resources.
From here, you need to create a cluster role binding
which specifies a role and a service account
name that have been set up in advance rbac-config.yaml
:
1 | apiVersion: v1 |
Then install Helm
:
1 | kubectl create -f rbac-config.yaml |
If you forget to create service account
and cluster role binding
before you initiate Helm
, no worries, create rbac-config.yaml
objects and patch it by:
1 | kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' |
Then check Tiller
pod is running:
1 | kubectl get pods -n kube-system -l app=helm |
Now, we are in good shape, actually I can config SSL/TLS
between Helm
and Tiller
, not covered in this blog.
Uninstall Tiller Server
There are 2 ways to uninstall:
1 | helm reset |