Google cloud platform 使用terraform helm提供程序“用户”客户端安装helm chart时出错无法在命名空间“kube system”中创建部署。扩展`
我正在尝试使用以下terraform脚本使用helm提供程序安装helmGoogle cloud platform 使用terraform helm提供程序“用户”客户端安装helm chart时出错无法在命名空间“kube system”中创建部署。扩展`,google-cloud-platform,terraform,google-kubernetes-engine,kubernetes-helm,Google Cloud Platform,Terraform,Google Kubernetes Engine,Kubernetes Helm,我正在尝试使用以下terraform脚本使用helm提供程序安装helm data "google_client_config" "current" {} provider "helm" { tiller_image = "gcr.io/kubernetes-helm/tiller:${var.helm_version}" max_history = 250 kubernetes { host = "${google_containe
data "google_client_config" "current" {}
provider "helm" {
tiller_image = "gcr.io/kubernetes-helm/tiller:${var.helm_version}"
max_history = 250
kubernetes {
host = "${google_container_cluster.eu.endpoint}"
token = "${data.google_client_config.current.access_token}"
client_certificate = "${base64decode(google_container_cluster.eu.master_auth.0.client_certificate)}"
client_key = "${base64decode(google_container_cluster.eu.master_auth.0.client_key)}"
cluster_ca_certificate = "${base64decode(google_container_cluster.eu.master_auth.0.cluster_ca_certificate)}"
}
}
resource "helm_release" "mydatabase" {
name = "mydatabase"
chart = "stable/mariadb"
set {
name = "mariadbUser"
value = "foo"
}
set {
name = "mariadbPassword"
value = "qux"
}
}
但是我得到了以下错误
* helm_release.mydatabase: 1 error(s) occurred:
* helm_release.mydatabase: error installing: deployments.extensions is forbidden: User "client" cannot create deployments.extensions in the namespace "kube-system"
我认为,当terraform helm提供商试图安装tiller时,这种情况就会发生。任何人都可以帮助解决它的角色和授权相关问题。使用头盔重置重置头盔,然后运行下面的命令来解决问题 卷曲>获得_helm.sh chmod 700获得_helm.sh //掌舵 kubectl创建serviceaccount-命名空间kube system tiller kubectl创建clusterrolebinding tiller群集规则-clusterrole=群集管理-serviceaccount=kube系统:tiller 头盔初始化
kubectl补丁部署-名称空间kube system tiller部署-p'{spec:{template:{spec:{servicecount:tiller}}}}}}'好的,您走的路是对的,但是。。在这里,我同意@hk helm_release.mydatabase:安装错误:部署.extensions不可用 禁止:用户客户端无法在中创建部署。扩展 名称空间kube系统 上述错误仅属于授权。 很多人在安装和配置Helm provider时遇到困难。例如这里有几个想法可能会对你有所帮助 本文中描述了可能适合您的内容:。 这里面有一个对人们有用的解决方案 请尝试下一步:
resource "kubernetes_service_account" "tiller" {
metadata {
name = "tiller"
namespace = "kube-system"
}
automount_service_account_token = true
}
resource "kubernetes_cluster_role_binding" "tiller" {
metadata {
name = "tiller"
}
role_ref {
kind = "ClusterRole"
name = "cluster-admin"
api_group = "rbac.authorization.k8s.io"
}
subject {
kind = "ServiceAccount"
name = "tiller"
api_group = ""
namespace = "kube-system"
}
}
provider "helm" {
version = "~> 0.7"
debug = true
install_tiller = true
service_account = "${kubernetes_service_account.tiller.metadata.0.name}"
namespace = "${kubernetes_service_account.tiller.metadata.0.namespace}"
tiller_image = "gcr.io/kubernetes-helm/tiller:v2.11.0"
kubernetes {
config_path = "~/.kube/${var.env}"
}
}
或
我正试图通过terraform脚本安装tiller,因此希望/需要使用terraform实现这一点,或者在helm Provider中报告错误我认为您的脚本没有安装helm tiller,而是使用helm through安装mariadbscript@hk“它确实安装了舵柄,helm init安装了舵柄,但作者要求仅通过terraform helm提供商安装tiller
resource "kubernetes_service_account" "tiller" {
metadata {
name = "tiller"
namespace = "kube-system"
}
}
resource "kubernetes_cluster_role_binding" "tiller" {
metadata {
name = "tiller"
}
subject {
api_group = "rbac.authorization.k8s.io"
kind = "User"
name = "system:serviceaccount:kube-system:tiller"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
depends_on = ["kubernetes_service_account.tiller"]
}
provider "helm" {
tiller_image = "gcr.io/kubernetes-helm/tiller:v2.12.3"
install_tiller = true
service_account = "tiller"
namespace = "kube-system"
}