无法通过 helm over kubernetes 安装 nginx答案

【问题标题】：Can not install nginx by using helm over kubernetes无法通过 helm over kubernetes 安装 nginx
【发布时间】：2019-03-03 07:10:44
【问题描述】：

我有 kubernetes Cluster v1.10 over centos 7，裸机

helm version
Client: &version.Version{SemVer:"v2.11.0-rc.3", GitCommit:"28d295be2a94115b786ee277dffcc2b5483bde47", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0-rc.3", GitCommit:"28d295be2a94115b786ee277dffcc2b5483bde47", GitTreeState:"clean"}

我正在尝试使用 helm 安装 nginx

helm install stable/nginx-ingress --name nginx

Error: release nginx failed: 
clusterroles.rbac.authorization.k8s.io "nginx-nginx-ingress" is 
forbidden: attempt to grant extra privileges: 
[PolicyRule{APIGroups:[""], Resources:["configmaps"], Verbs: 
["list"]} PolicyRule{APIGroups:[""], Resources:["configmaps"], 
Verbs:["watch"]} PolicyRule{APIGroups:[""], Resources: 
["endpoints"], Verbs:["list"]} PolicyRule{APIGroups:[""], 
Resources:["endpoints"], Verbs:["watch"]} PolicyRule{APIGroups: 
[""], Resources:["nodes"], Verbs:["list"]} PolicyRule{APIGroups: 
[""], Resources:["nodes"], Verbs:["watch"]} PolicyRule{APIGroups: 
[""], Resources:["pods"], Verbs:["list"]} PolicyRule{APIGroups: 
[""], Resources:["pods"], Verbs:["watch"]} PolicyRule{APIGroups: 
[""], Resources:["secrets"], Verbs:["list"]} PolicyRule{APIGroups: 
[""], Resources:["secrets"], Verbs:["watch"]} 
PolicyRule{APIGroups:[""], Resources:["nodes"], Verbs:["get"]} 
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:["get"]} 
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:["list"]} 
PolicyRule{APIGroups:[""], Resources:["services"], Verbs: 
["update"]} PolicyRule{APIGroups:[""], Resources:["services"], 
Verbs:["watch"]} PolicyRule{APIGroups:["extensions"], Resources: 
["ingresses"], Verbs:["get"]} PolicyRule{APIGroups:["extensions"], 
Resources:["ingresses"], Verbs:["list"]} PolicyRule{APIGroups: 
["extensions"], Resources:["ingresses"], Verbs:["watch"]} 
PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["create"]} 
PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["patch"]} 
PolicyRule{APIGroups:["extensions"], Resources: 
["ingresses/status"], Verbs:["update"]}] user=& 
{system:serviceaccount:kube-system:default 8f248058-b684-11e8- 
b781-daf0a0c10949 [system:serviceaccounts 
system:serviceaccounts:kube-system system:authenticated] map[]} 
ownerrules=[] ruleResolutionErrors=[]

我该如何解决这个问题？

谢谢你：D

【问题讨论】：

标签： kubernetes nginx-ingress kubernetes-helm

【解决方案1】：

由于kubectl apply -f 用于创建或更新资源，另一方面，Helm 可以称为 Kubernetes 包管理器。您发布的解决方案是一种解决方法，因为问题是关于 Helm，而不是如何使用 kubectl apply 创建资源。添加--set rbac.create=false 表示您可能部署了不支持RBAC 的Tiller。问题是，这是故意的吗？如果没有开启RBAC授权，可以继续使用--set rbac.create=false；如果要启用 RBAC，则必须将 Tiller 服务帐户添加为 cluster-admin 角色。

你可以找到如何正确配置它here.

更多关于 Helm 和 Tiller 的安装和配置的信息可以在 here 获取，类似案例的详细解释在这个 Github issue。

【讨论】：

【解决方案2】：

搜索后我认为这是解决方案

helm install stable/nginx-ingress --name ingress --namespace kube-system --set rbac.create=false --set rbac.createRole=false --set rbac.createClusterRole=false

或

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml

【讨论】：