Openshift安裝helm

參考：https://segmentfault.com/a/1190000019608181

安裝helm

wget https://get.helm.sh/helm-v2.14.2-linux-amd64.tar.gz
tar fxz helm-v2.14.2-linux-amd64.tar.gz

1.安裝tiller：

oc new-project helm-tiller
oc project helm-tiller
export TILLER_NAMESPACE=helm-tiller

2.默認鏡像爲gcr.io/kubernetes-helm/tiller，因網絡原因，換成registry.cn-hangzhou.aliyuncs.com/google_containers/tiller：
oc process -f https://github.com/openshift/origin/raw/master/examples/helm/tiller-template.yaml
-p TILLER_NAMESPACE="${TILLER_NAMESPACE}" -p HELM_VERSION=v2.14.2 |
perl -i -ne ‘s#gcr.io/kubernetes-helm#registry.cn-hangzhou.aliyuncs.com/google_containers#g;print’ |
oc create -f -

等待tiller創建完成（注意默認創建在kube-system環境空間，如果沒有配置TILLER_NAMESPACE環境變量，則執行helm需要指定namespace：helm --tiller-namespace helm-tiller version）
helm version
Client: &version.Version{SemVer:“v2.14.2”, GitCommit:“a8b13cc5ab6a7dbef0a58f5061bcc7c0c61598e7”, GitTreeState:“clean”}
Server: &version.Version{SemVer:“v2.14.2”, GitCommit:“a8b13cc5ab6a7dbef0a58f5061bcc7c0c61598e7”, GitTreeState:“clean”}

賦權：

#僅賦予在本項目內的edit權限：
oc policy add-role-to-user edit “system:serviceaccount:${TILLER_NAMESPACE}:tiller”
role “edit” added: “system:serviceaccount:helm-tiller:tiller”

#爲使helm可管理整個集羣，即在其他project項目也有權限，賦予：
oc adm policy add-cluster-role-to-user cluster-admin
system:serviceaccount:${TILLER_NAMESPACE}:tiller

創建service，此service被kubeapps程序所使用。
oc create -f - <<EOF
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: helm
name: tiller
name: tiller-deploy
namespace: helm-tiller
spec:
ports:

• name: tiller
  port: 44134
  targetPort: tiller
  selector:
  app: helm
  name: tiller
  type: ClusterIP
  status:
  loadBalancer: {}
  EOF

安裝kubeapps

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install --name kubeapps --namespace helm-tiller bitnami/kubeapps

#kubeapps-internal-tiller-proxy 這個項目啓動腳本指定的默認值是kube-system 下的tiller ，手動修改一下即可 --host=tiller-deploy.kube-system:44134

配置route規則映射到kubeapps應用

登錄kubeapps
kubectl create -n helm-tiller serviceaccount kubeapps
kubectl get -n helm-tiller secret $(kubectl get -n helm-tiller serviceaccount kubeapps -o jsonpath=’{.secrets[].name}’) -o jsonpath=’{.data.token}’ | base64 --decode