參考:https://segmentfault.com/a/1190000019608181
安裝helm
wget https://get.helm.sh/helm-v2.14.2-linux-amd64.tar.gz
tar fxz helm-v2.14.2-linux-amd64.tar.gz
1.安裝tiller:
oc new-project helm-tiller
oc project helm-tiller
export TILLER_NAMESPACE=helm-tiller
2.默認鏡像爲gcr.io/kubernetes-helm/tiller,因網絡原因,換成registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:
oc process -f https://github.com/openshift/origin/raw/master/examples/helm/tiller-template.yaml
-p TILLER_NAMESPACE="${TILLER_NAMESPACE}" -p HELM_VERSION=v2.14.2 |
perl -i -ne ‘s#gcr.io/kubernetes-helm#registry.cn-hangzhou.aliyuncs.com/google_containers#g;print’ |
oc create -f -
等待tiller創建完成(注意默認創建在kube-system環境空間,如果沒有配置TILLER_NAMESPACE環境變量,則執行helm需要指定namespace:helm --tiller-namespace helm-tiller version)
helm version
Client: &version.Version{SemVer:“v2.14.2”, GitCommit:“a8b13cc5ab6a7dbef0a58f5061bcc7c0c61598e7”, GitTreeState:“clean”}
Server: &version.Version{SemVer:“v2.14.2”, GitCommit:“a8b13cc5ab6a7dbef0a58f5061bcc7c0c61598e7”, GitTreeState:“clean”}
賦權:
#僅賦予在本項目內的edit權限:
oc policy add-role-to-user edit “system:serviceaccount:${TILLER_NAMESPACE}:tiller”
role “edit” added: “system:serviceaccount:helm-tiller:tiller”
#爲使helm可管理整個集羣,即在其他project項目也有權限,賦予:
oc adm policy add-cluster-role-to-user cluster-admin
system:serviceaccount:${TILLER_NAMESPACE}:tiller
創建service,此service被kubeapps程序所使用。
oc create -f - <<EOF
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: helm
name: tiller
name: tiller-deploy
namespace: helm-tiller
spec:
ports:
- name: tiller
port: 44134
targetPort: tiller
selector:
app: helm
name: tiller
type: ClusterIP
status:
loadBalancer: {}
EOF
安裝kubeapps
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install --name kubeapps --namespace helm-tiller bitnami/kubeapps
#kubeapps-internal-tiller-proxy 這個項目啓動腳本指定的默認值是kube-system 下的tiller ,手動修改一下即可 --host=tiller-deploy.kube-system:44134
配置route規則映射到kubeapps應用
登錄kubeapps
kubectl create -n helm-tiller serviceaccount kubeapps
kubectl get -n helm-tiller secret $(kubectl get -n helm-tiller serviceaccount kubeapps -o jsonpath=’{.secrets[].name}’) -o jsonpath=’{.data.token}’ | base64 --decode