Helm错误:错误:服务器已请求客户端提供凭据

时间:2019-02-14 05:09:51

标签: kubernetes kubernetes-helm rancher

我已经安装了Rancher 2并创建了一个内部vm的kubernetes集群(没有AWS / gcloud)。

集群已启动并正在运行。

我登录了其中一个节点。

1)安装Kubectl并执行kubectl cluster-info。它正确列出了我的集群信息。

2)已安装头盔

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

root@lnmymachine # helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}

3)引用Rancher Helm Init

的配置头盔
kubectl -n kube-system create serviceaccount tiller

kubectl create clusterrolebinding tiller \
  --clusterrole cluster-admin \
  --serviceaccount=kube-system:tiller

helm init --service-account tiller

尝试通过头盔安装Jenkins

root@lnmymachine # helm ls
Error: Unauthorized
root@lnmymachine # helm install --name initial stable/jenkins
Error: the server has asked for the client to provide credentials

浏览了类似的问题,其中很少有归因于多个群集。我只有一个集群。 kubectl正确提供了所有信息。

任何想法发生了什么。

2 个答案:

答案 0 :(得分:1)

创建ClusterRoleBinding时似乎有一个错误:

您应该拥有--clusterrole cluster-admin而不是--clusterrole=cluster-admin

您可以通过验证ServiceAccount,ClustrerRoleBinding是否正确创建来检查是否存在这种情况。

kubectl describe sa tiller

kubectl describe clusterrolebinding tiller

似乎他们已经在Rancher Helm Init页面上解决了此问题。

答案 1 :(得分:0)

我遇到了同样的问题,但是以下步骤对我有用。

root@node1:~# helm install --name prom-operator stable/prometheus-operator --namespace monitoring
Error: the server has asked for the client to provide credentials

第1步:删除服务帐户

root@node1:~# kubectl delete serviceaccount --namespace kube-system tiller
serviceaccount "tiller" deleted

第二步:删除集群角色绑定

root@node1:~# kubectl delete clusterrolebinding tiller-cluster-rule 
clusterrolebinding.rbac.authorization.k8s.io "tiller-cluster-rule" deleted

Step3:删除头盔目录

root@node1:~# rm -rf .helm/

第4步:再次创建服务帐户。

root@node1:~# kubectl create serviceaccount tiller --namespace kube-system
serviceaccount/tiller created

第5步:创建集群角色绑定

root@node1:~# kubectl create clusterrolebinding tiller-cluster-rule \
>  --clusterrole=cluster-admin \
>  --serviceaccount=kube-system:tiller
clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created

第六步:运行helm init命令

helm init --service-account=tiller

Creating /root/.helm 
Creating /root/.helm/repository 
Creating /root/.helm/repository/cache 
Creating /root/.helm/repository/local 
Creating /root/.helm/plugins 
Creating /root/.helm/starters 
Creating /root/.helm/cache/archive 
Creating /root/.helm/repository/repositories.yaml 
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
Adding local repo with URL: http://127.0.0.1:8879/charts 
$HELM_HOME has been configured at /root/.helm.
Warning: Tiller is already installed in the cluster.
(Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)

步骤7:删除tiller-deploy-xxx窗格

kubectl delete pod -n kube-system tiller-deploy

pod "tiller-deploy-5d58456765-xlns2" deleted

等待直到重新创建。

第8步:安装头盔图表。

helm install --name prom-operator stable/prometheus-operator --namespace monitoring