Centos8配置harbor仓库和Helm-v2.13.1

下载

wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz

解压

tar -xzf harbor-offline-installer-v1.9.3.tgz
mkdir /opt/harbor
mv harbor/* /opt/harbor
cd /opt/harbor

修改配置文件

启动

./install.sh   --with-clair --with-chartmuseum

Helm安装

wget https://get.helm.sh/helm-v3.0.2-linux-amd64.tar.gz
自己的地址：https://github.com/hkj123/helm-3.x.git
tar -xvf helm-v3.0.2-linux-amd64.tar.gz

cp linux-amd64/helm /usr/local/bin/
helm version

在k8s的node节点解压镜像
docker load -i tiler_2_13_1.tar.gz

授权

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
给tiller设置账号
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
检查是否授权成功
kubectl get deploy --namespace kube-system   tiller-deploy  --output yaml|grep  serviceAccount

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'      
helm init --service-account tiller --upgrade
helm init --service-account tiller --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | kubectl apply -f -

helm init --output yaml
cat tiller.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: helm
    name: tiller
  name: tiller-deploy
  namespace: kube-system
spec:
  selector:
    matchLabels:
     app: helm
     name: tiller
  replicas: 1
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: helm
        name: tiller
    spec:
      automountServiceAccountToken: true
      serviceAccount:  tiller
      containers:
      - env:
        - name: TILLER_NAMESPACE
          value: kube-system
        - name: TILLER_HISTORY_MAX
          value: "0"
        image: gcr.io/kubernetes-helm/tiller:v2.13.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /liveness
            port: 44135
          initialDelaySeconds: 1
          timeoutSeconds: 1
        name: tiller
        ports:
        - containerPort: 44134
          name: tiller
        - containerPort: 44135
          name: http
        readinessProbe:
          httpGet:
            path: /readiness
            port: 44135
          initialDelaySeconds: 1
          timeoutSeconds: 1
        resources: {}
status: {}
 
 
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: helm
    name: tiller
  name: tiller-deploy
  namespace: kube-system
spec:
  ports:
  - name: tiller
    port: 44134
    targetPort: tiller
  selector:
    app: helm
    name: tiller
  type: ClusterIP
status:
  loadBalancer: {}
 
 
...

更新yaml文件
kubectl apply -f tiller.yaml
验证tiller是否部署成功：
kubectl get pods -n kube-system

helm init  --service-account tiller  --tiller-image  registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.14.1  --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

helm init  --service-account tiller  --tiller-image  gcr.io/kubernetes-helm/tiller:v2.13.1 --skip-refresh
helm init --service-account tiller --skip-refresh


helm init --service-account tiller  --tiller-image  gcr.io/kubernetes-helm/tiller:v2.13.1 --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | kubectl apply -f -


helm init --service-account tiller --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | kubectl apply -f -

kubectl get pod -n kube-system|grep tiller
helm repo list
helm reset -f
helm reset --remove-helm-home
rm -rf /root/.helm

helm常用命令如下
升级一个版本
helm upgrade
helm upgrade [RELEASE] [CHART] [flags]
回滚一个版本
helm rollback
helm rollback [flags] [RELEASE] [REVISION]
创建一个release实例
helm install
删除一个release
helm delete
查看历史
helm  history
重新部署
helm reset -f

# vim ~/.bashrc
source <(helm completion bash)
 
# source ~/.bashrc

添加官方Charts仓库，stable是官方的，aliyuncs最快
helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com	
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add aliyuncs https://apphub.aliyuncs.com
更新仓库信息

helm repo update
查看官方Charts仓库

helm search repo stable

helm repo add --username=admin --password=Harbor12345 myrepo http://192.168.75.100:10000/chartrepo/myrepo
"myrepo" has been added to your repositories

# or 添加特定仓库
helm repo add --username=admin --password=Harbor12345 myrepo https://xx.xx.xx.xx/chartrepo/myproject

# 创建demo
helm create app

	Creating app

# 推送到harbor,push
helm push --username=admin --password=Harbor12345 app myrepo
	Pushing app-0.1.0.tgz to myrepo...
	Done.

问题处理Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”

  rm -rf $HOME/.kube
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm部署master不允许污染

kubectl get pods --all-namespaces

kubectl describe pod tiller-deploy-7b4c7db69-ghg5g -n kube-system

直译意思是节点有了污点无法容忍
使用kubeadm搭建的集群默认就给 master 节点添加了一个污点标记，所以pod 都没有被调度到 master 上去

kubectl get no -o yaml | grep taint -A 5

kubectl describe node

kubectl describe node localhost.localdomain
kubectl taint nodes --all node-role.kubernetes.io/master-

禁止部署命令

kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule