当在 Kubernetes 中已经部署很多应用时,后续需要对每个应用的 yaml 文件进行维护操作,这个过程会变的很繁琐,我们可以使用 Helm 来简化这些工作。Helm 是 Kubernetes 的一个包管理工具,用来简化 Kubernetes 应用的部署和管理。
部署 Helm 客户端与服务端
部署客户端
在 github 上Helm Realese 下载最新的二进制文件
$ tar -zxvf helm-v2.11.0-linux-amd64.tar.gz$ mv linux-amd64/helm /usr/local/bin/helm$ helm help
部署服务端(tiller )
$ helm init --upgrade --tiller-image sapcc/tiller:v2.11.0Creating /root/.helm Creating /root/.helm/repository Creating /root/.helm/repository/cache Creating /root/.helm/repository/local Creating /root/.helm/plugins Creating /root/.helm/starters Creating /root/.helm/cache/archive Creating /root/.helm/repository/repositories.yaml Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com Adding local repo with URL: http://127.0.0.1:8879/charts $HELM_HOME has been configured at /root/.helm.Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.Please note: by default, Tiller is deployed with an insecure ‘allow unauthenticated users‘ policy.To prevent this, run `helm init` with the --tiller-tls-verify flag.For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installationHappy Helming!
备注:在 DockerHub 上找到了同步的镜像 :https://hub.docker.com/r/sapcc/tiller/ 。
查看
$ kubectl get pod -n kube-system -l app=helmNAME ????????????????????????????READY ??STATUS ???RESTARTS ??AGEtiller-deploy-69c9dc58bd-jvzkr ??1/1 ????Running ??0 ?????????3m2s$ helm versionClient: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}配置 RBAC
$ vi rbac-config.yamlapiVersion: v1kind: ServiceAccountmetadata: ?name: tiller ?namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: ?name: tillerroleRef: ?apiGroup: rbac.authorization.k8s.io ?kind: ClusterRole ?name: cluster-adminsubjects: ?- kind: ServiceAccount ???name: tiller ???namespace: kube-system
$ kubectl create -f rbac-config.yamlserviceaccount/tiller createdclusterrolebinding.rbac.authorization.k8s.io/tiller created$ kubectl patch deploy --namespace kube-system tiller-deploy -p ‘{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}‘deployment.extensions/tiller-deploy patched备注:上述我们为 Tiller 管理员提供了对整个群集的访问权限,如果不需要授予 Tiller 集群管理员访问权限,可以指定 Role 和 RoleBinding 来将 Tiller 的范围限制为特定的 namespace 中,官方文档是新建一个 namespace 做的(https://docs.helm.sh/using_helm/#role-based-access-control) 。
REFER:
https://docs.helm.sh/using_helm/
https://github.com/helm/helm
https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/
使用 Helm 包管理工具简化 Kubernetes 应用部署
原文地址:https://www.cnblogs.com/Irving/p/9898033.html