Reference:
- Make a Kubernetes Operator in 15 minutes with Helm;
- Deploy Monocular ocular on OpenShift;
- HELM Chinese Guide;
- Use Helm to manage Kubernetes applications;
- https://helm.sh/docs/using_he…;
Refer to the official documentation https://docs.helm.sh/using_he… , install Openshift environment Helm when its Tiller to Blog:https://blog.openshift.com/ge… :
Helm works straightforward on OpenShift Online, OpenShift Dedicated, OpenShift Container Platform (version >= 3.6) or OpenShift Origin (version >= 3.6). To learn more read
this blog post.
Install helm client, version reference https://github.com/helm/helm/… . Install the latest documentation version V2.12.3 on the M01 host as shown below:
CD/TMP curl -s \ | https://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz tar xz sudo mv linux-amd64/helm /usr/local/bin sudo chmod a+x /usr/local/bin/helmOptional. The default STable repository is https://kubernetes-charts.sto… , but the network cannot be connected due to the wall, so you can delete it and add another third-party warehouse, such as:
HELM Repo Remove Stable Helm init - the client - only - stable - '08 - url \ https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts # or set a different name for the warehouse: helm repo add ali-stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts helm repo add ali-incubator \ https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator helm repo add bitnami https://charts.bitnami.com/bitnami helm repo listInstall the tiller:
-
Create the project:
oc new-project helm-tiller oc project helm-tiller export TILLER_NAMESPACE=helm-tiller -
The default image for GCR. IO/kubernetes – helm/tiller, due to network reasons, with registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:
export TILLER_NAMESPACE=helm-tiller oc process -f https://github.com/openshift/origin/raw/master/examples/helm/tiller-template.yaml \ -p TILLER_NAMESPACE = "${TILLER_NAMESPACE}" - p = v2.12.3 HELM_VERSION | \ perl - I - ne 's#gcr.io/kubernetes-helm#registry.cn-hangzhou.aliyuncs.com/google_containers#g; print' | \ oc create -f - -
Testing:
% helm version Client: & version. Version {SemVer: "v2.12.3 GitCommit:" eecf22f77df5f65c823aacd2dbd30ae6c65f186e GitTreeState: "clean"} Server: & version. Version {SemVer: "v2.12.3 GitCommit:" eecf22f77df5f65c823aacd2dbd30ae6c65f186e ", GitTreeState:"clean"} % helm list
Note: Helm init — dry-run-o YAML only outputs YAML files and does not actually execute them. The differences between using template to create tiller and Helm init to create tiller are:
-
helm initNot fortillerconfigurationSAandRBACPermission binding, and is created by default inkube-systemIn the namespace (–tiller-namespace kube-system); -
helm initfortillerTo create theservice, buttemplateNot created. We need to create additional ones later. ThisServiceinkubeappsTo be used in;
Empowerment:
# Only grant edit permissions within this project: % oc policy add-role-to-user edit "system:serviceaccount:${TILLER_NAMESPACE}:tiller" role "edit" added: "System: serviceaccount: helm - tiller, tiller" # for the helm can manage the whole cluster, namely have permissions in other project project, giving: oc adm policy add-cluster-role-to-user cluster-admin \ system:serviceaccount:${TILLER_NAMESPACE}:tillerIf K8S is a native cluster, create an SA with the following command:
kubectl -n helm-tiller create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin \
--serviceaccount=helm-tiller:tillerTo facilitate HELM execution, add TILLER_NAMESPACE to the environment variable:
echo export TILLER_NAMESPACE=helm-tiller >> .bash_profileCreate a service to be used by the kubeapps program.
oc create -f - <<EOF
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: helm
name: tiller
name: tiller-deploy
namespace: helm-tiller
spec:
ports:
- name: tiller
port: 44134
targetPort: tiller
selector:
app: helm
name: tiller
type: ClusterIP
status:
loadBalancer: {}
EOF