我已经安装了Rancher 2并创建了一个内部vm的kubernetes集群(没有AWS / gcloud)。
集群已启动并正在运行。
我登录了其中一个节点。
1)安装Kubectl并执行kubectl cluster-info。它正确列出了我的集群信息。
2)已安装头盔
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh
root@lnmymachine # helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller \
--clusterrole cluster-admin \
--serviceaccount=kube-system:tiller
helm init --service-account tiller
尝试通过头盔安装Jenkins
root@lnmymachine # helm ls
Error: Unauthorized
root@lnmymachine # helm install --name initial stable/jenkins
Error: the server has asked for the client to provide credentials
浏览了类似的问题,其中很少有归因于多个群集。我只有一个集群。 kubectl正确提供了所有信息。
任何想法发生了什么。
答案 0 :(得分:1)
创建ClusterRoleBinding时似乎有一个错误:
您应该拥有--clusterrole cluster-admin而不是--clusterrole=cluster-admin
您可以通过验证ServiceAccount,ClustrerRoleBinding是否正确创建来检查是否存在这种情况。
kubectl describe sa tiller
kubectl describe clusterrolebinding tiller
似乎他们已经在Rancher Helm Init页面上解决了此问题。
答案 1 :(得分:0)
我遇到了同样的问题,但是以下步骤对我有用。
root@node1:~# helm install --name prom-operator stable/prometheus-operator --namespace monitoring
Error: the server has asked for the client to provide credentials
第1步:删除服务帐户
root@node1:~# kubectl delete serviceaccount --namespace kube-system tiller
serviceaccount "tiller" deleted
第二步:删除集群角色绑定
root@node1:~# kubectl delete clusterrolebinding tiller-cluster-rule
clusterrolebinding.rbac.authorization.k8s.io "tiller-cluster-rule" deleted
Step3:删除头盔目录
root@node1:~# rm -rf .helm/
第4步:再次创建服务帐户。
root@node1:~# kubectl create serviceaccount tiller --namespace kube-system
serviceaccount/tiller created
第5步:创建集群角色绑定
root@node1:~# kubectl create clusterrolebinding tiller-cluster-rule \
> --clusterrole=cluster-admin \
> --serviceaccount=kube-system:tiller
clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created
第六步:运行helm init命令
helm init --service-account=tiller
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Warning: Tiller is already installed in the cluster.
(Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
步骤7:删除tiller-deploy-xxx窗格
kubectl delete pod -n kube-system tiller-deploy
pod "tiller-deploy-5d58456765-xlns2" deleted
等待直到重新创建。
第8步:安装头盔图表。
helm install --name prom-operator stable/prometheus-operator --namespace monitoring