Kubernetes version 1.13.2
Helm 3 removes the Tiller server, see this post
This blog primarily talks about Tiller server, especially creating service account and cluster role binding for it.
还有一种解决办法是Tillerless, 将Tiller server 运行在本地的container中,见我的 <<Helm Quick Start>>
Zen uses Helm to install in ICP4D cluster. Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. Think of Helm like apt(deb), yum(rpm), homebrew for Kubernetes.
Resource
Download Helm Installer
Download the Latest release from Helm Release. For example in Linux, we use:
1 | Linux amd64 (checksum / 9f50e69cf5cfa7268b28686728ad0227507a169e52bf59c99ada872ddd9679f0) |
Helmneeds to be put in the control node that already configured withkubectl.
Untar the file and you can move helm binary to one of the exectuable path, such as /usr/local/bin:
1 | # which helm |
Deploy Tiller Server
Helm client needs to talk to Tiller server, which will be deploied in the K8s cluster.
Most cloud providers enable a feature called Role-Based Access Control - RBAC for short. If your cloud provider enables this feature, you will need to create a service account for Tiller with the right roles and permissions to access resources.
From here, you need to create a cluster role binding which specifies a role and a service account name that have been set up in advance rbac-config.yaml:
1 | apiVersion: v1 |
Then install Helm:
1 | kubectl create -f rbac-config.yaml |
If you forget to create service account and cluster role binding before you initiate Helm, no worries, create rbac-config.yaml objects and patch it by:
1 | kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' |
Then check Tiller pod is running:
1 | kubectl get pods -n kube-system -l app=helm |
Now, we are in good shape, actually I can config SSL/TLS between Helm and Tiller, not covered in this blog.
Uninstall Tiller Server
There are 2 ways to uninstall:
1 | helm reset |