美文网首页docker
kubernetes1.13.0安装helm并部署Nginx I

kubernetes1.13.0安装helm并部署Nginx I

作者: 红黑咔咔 | 来源:发表于2019-03-25 17:26 被阅读0次

安装Helm

Helm由客户端命helm令行工具和服务端tiller组成,Helm的安装十分简单。 下载helm命令行工具到master节点node1的/usr/local/bin下,这里下载的2.12.0版本:

wget https://storage.googleapis.com/kubernetes-helm/helm-v2.12.0-linux-amd64.tar.gz
tar -zxvf helm-v2.12.0-linux-amd64.tar.gz
cd linux-amd64/
cp helm /usr/local/bin/

为了安装服务端tiller,还需要在这台机器上配置好kubectl工具和kubeconfig文件,确保kubectl工具可以在这台机器上访问apiserver且正常使用。 这里的node1节点以及配置好了kubectl。

因为Kubernetes APIServer开启了RBAC访问控制,所以需要创建tiller使用的service account: tiller并分配合适的角色给它。 详细内容可以查看helm文档中的Role-based Access Control。 这里简单起见直接分配cluster-admin这个集群内置的ClusterRole给它。创建rbac-config.yaml文件:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system
kubectl create -f rbac-config.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created

接下来使用helm部署tiller:

# 创建服务端
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.0  --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

# 创建TLS认证服务端,参考地址:https://github.com/gjmzj/kubeasz/blob/master/docs/guide/helm.md
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.0 --tiller-tls-cert /etc/kubernetes/ssl/tiller001.pem --tiller-tls-key /etc/kubernetes/ssl/tiller001-key.pem --tls-ca-cert /etc/kubernetes/ssl/ca.pem --tiller-namespace kube-system --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

tiller默认被部署在k8s集群中的kube-system这个namespace下:

kubectl get pod -n kube-system -l app=helm
NAME                            READY   STATUS    RESTARTS   AGE
tiller-deploy-c4fd4cd68-dwkhv   1/1     Running   0          83s
helm version
Client: &version.Version{SemVer:"v2.12.0", GitCommit:"d325d2a9c179b33af1a024cdb5a4472b6288016a", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.0", GitCommit:"d325d2a9c179b33af1a024cdb5a4472b6288016a", GitTreeState:"clean"}

Nginx Ingress

为了便于将集群中的服务暴露到集群外部,从集群外部访问,接下来使用Helm将Nginx Ingress部署到Kubernetes上。

helm install --name nginx-ingress --namespace ingress-nginx stable/nginx-ingress --version 1.4.0 --set controller.hostNetwork=true,rbac.create=true,controller.image.repository=hub.ppmoney.io/google_containers/nginx-ingress-controller,controller.image.tag=0.21.0
root@k8smaster1:/home/osboxes# kubectl get pod -n ingress-nginx -o wide
NAME                                             READY   STATUS             RESTARTS   AGE   IP              NODE       NOMINATED NODE   READINESS GATES
nginx-ingress-controller-6c8dbd489-fhtxv         1/1     Running            0          46h   192.168.21.73   k8snode2   <none>           <none>
nginx-ingress-default-backend-56d99b86fb-h5kxg   0/1     ImagePullBackOff   0          46h   10.244.1.19     k8snode2   <none>           <none>

Dashboard

helm install stable/kubernetes-dashboard --name kubernetes-dashboard --namespace kube-system --set ingress.enabled=true,rbac.clusterAdminRole=true,ingress.hosts[0]=dashboard.k8sfy.ppmoney.io,image.repository=hub.ppmoney.io/google_containers/kubernetes-dashboard-amd64,image.tag=v1.10.1,enableSkipLogin=true,enableInsecureLogin=true

这时候我们访问http://dashboard.k8sfy.ppmoney.io即可

相关文章

网友评论

    本文标题:kubernetes1.13.0安装helm并部署Nginx I

    本文链接:https://www.haomeiwen.com/subject/azubvqtx.html