在 DigitalOcean 上的 K8S 集群中使用 terraform 安装 Helm 时没有分蘖

【问题标题】:No tiller when installing Helm with terraform in a K8S cluster on DigitalOcean在 DigitalOcean 上的 K8S 集群中使用 terraform 安装 Helm 时没有分蘖
【发布时间】:2020-02-02 15:58:33
【问题描述】:

我正在尝试使用 Terraform 在 DigitalOcean 上部署一个新集群,主要思想是部署 Fission 以获得无服务器环境,这是我的文件:

do_provider.tf

provider "digitalocean" {
  token = "${var.do_token}"
}

variables.tf

variable region {
  description = "Region for cloud resources."
  default     = "lon1"
}

k8s_cluster.tf

resource "random_id" "fission-cluster" {
  byte_length = 8
}

resource "digitalocean_kubernetes_cluster" "fission-cluster" {
  name = "k8s-fission-${var.region}-${random_id.fission-cluster.hex}"
  region = "${var.region}"
  version =  "1.15.3-do.3"
  node_pool {
    name = "k8s-fission-${var.region}-${random_id.fission-cluster.hex}-worker"
    size = "s-1vcpu-2gb"
    node_count = "3"
    tags = ["fission", "worker"]
  }
  tags = ["fission"]
}

resource "local_file" "config" {
    content     = "${digitalocean_kubernetes_cluster.fission-cluster.kube_config.0.raw_config}"
    filename = "${path.module}/config"
}

provider "kubernetes" {
  host = "${digitalocean_kubernetes_cluster.fission-cluster.endpoint}"

  client_certificate     = "${base64decode(digitalocean_kubernetes_cluster.fission-cluster.kube_config.0.client_certificate)}"
  client_key             = "${base64decode(digitalocean_kubernetes_cluster.fission-cluster.kube_config.0.client_key)}"
  cluster_ca_certificate = "${base64decode(digitalocean_kubernetes_cluster.fission-cluster.kube_config.0.cluster_ca_certificate)}"
}

helm.tf

provider "helm" {
    service_account = "tiller"
    install_tiller = true
    namespace = "kube-system"
    kubernetes {
      config_path =  "${path.module}/config"
      load_config_file = true
    }
}

data "helm_repository" "stable" {
  name = "stable"
  url  = "https://kubernetes-charts.storage.googleapis.com"
}

resource "kubernetes_service_account" "tiller" {
  metadata {
    name      = "tiller"
    namespace = "kube-system"
  }
  depends_on =  [ "kubernetes_cluster_role_binding.tiller" ]
}

resource "kubernetes_cluster_role_binding" "tiller" {
  metadata {
    name = "tiller"
  }
  role_ref {
      api_group = "rbac.authorization.k8s.io"
      kind = "ClusterRole"
      name = "cluster-admin"
  }
  subject {
      kind = "User"
      name = "admin"
      api_group = "rbac.authorization.k8s.io"
  }
  subject {
      kind = "ServiceAccount"
      name = "tiller"
      namespace = "kube-system"
  }
  subject {
      kind = "Group"
      name = "system:masters"
      api_group = "rbac.authorization.k8s.io"
  }
}

当我运行terrarform plan 时,它会正确显示更改,并且当我运行terraform apply 时,会创建集群并显示正确的输出

random_id.fission-cluster: Creating...
random_id.fission-cluster: Creation complete after 0s [id=dag8ooN_yVg]
digitalocean_kubernetes_cluster.fission-cluster: Creating...
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Creation complete after 5m52s [id=a2dbf847-a273-41c0-a5f7-5aab8ab21407]
local_file.config: Creating...
local_file.config: Creation complete after 0s [id=bab7483e4abd5e02e473464556055c80ec952826]
kubernetes_service_account.tiller: Creating...
kubernetes_service_account.tiller: Creation complete after 2s [id=kube-system/tiller]

Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

问题是,经过所有进程,tiller没有部署在集群内部,helm cli命令请求先初始化tiller。

更新

helm.tf 文件错误

【问题讨论】:

  • 你设法让它工作了吗?
  • 是的,通过我发布的 terraform 文件以及查看第一个答案中指示的正确日志级别的帮助,问题是我没有定义任何 helm_release,您必须定义一个 @ 987654329@强制安装分蘖
  • 好的,是的,我也一样。这就是我后来最终意识到的,呵呵

标签: kubernetes terraform digital-ocean kubernetes-helm


【解决方案1】:

默认情况下,应使用 helm terraform 提供程序安装 tiller 组件。但是默认情况下它会在路径中查找 kube 配置文件:

~/.kube/config

在您的配置中,您似乎正在使用 local_file 配置资源将新的 Kubernetes 集群 kube 配置保存到模块路径中。

"${path.module}/config"

所以我会在 helm provider 部分调整您的 kubernetes 块,以添加如下内容:

load_config_file = "${path.module}/config"

如果失败,请在运行时启用更高的日志调试级别 - 可能无法初始化 helm tiller 组件是静默警告或信息日志消息。

尝试将 TF_LOG 环境变量设置为 TRACEDebugging docs for Terraform

【讨论】:

  • TF_LOG 设置为 TRACE 显示此 [DEBUG] pruning unused provider.helm,为什么忽略提供者?
猜你喜欢
  • 2021-07-07
  • 2021-12-24
  • 1970-01-01
  • 2019-08-27
  • 1970-01-01
  • 2019-12-12
  • 2020-05-16
  • 1970-01-01
  • 2021-06-25
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode