[英]helm ls fails with timeout / context deadline exceeded
$ helm2 version --debug
Client: &version.Version{SemVer:"v2.16.10",
GitCommit:"bceca24a91639f045f22ab0f41e47589a932cf5e", GitTreeState:"clean"}
[debug] Created tunnel using local port: '34073'
[debug] SERVER: "127.0.0.1:34073"
Kubernetes: &version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.11-eks-14f01f", GitCommit:"14f01fe8f04411d5e187b220034ca2117d79f7de", GitTreeState:"clean", BuildDate:"2020-05-23T21:32:47Z", GoVersion:"go1.12.17", Compiler:"gc", Platform:"linux/amd64"}
127.0.0.1:34073[debug] context deadline exceeded
Error: cannot connect to Tiller
helm3 也给出了空列表
$ helm ls -a
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
(⎈ |arn:aws:eks:eu-central-1:xxx:cluster/xxx:default)
code on master [!?]
➜ k get pods -n kube-system | grep tiller
tiller-deploy-69849bbd9-9lw6z 1/1 Running 0 31d
(⎈ |arn:aws:eks:eu-central-1:xxx:cluster/xxx:default)
code on master [!?]
➜ k get deployments -n kube-system | grep tiller
tiller-deploy 1/1 1 1 402d
(⎈ |arn:aws:eks:eu-central-1:xxx:cluster/xxx:default)
code on master [!?]
➜ k get sa -n kube-system | grep tiller
tiller 1 402d
(⎈ |arn:aws:eks:eu-central-1:xxx:cluster/xxx:default)
code on master [!?]
➜ k get clusterrole -n kube-system | grep tiller
(⎈ |arn:aws:eks:eu-central-1:xxx:cluster/xxx:default)
code on master [!?]
➜ k get clusterrolebinding -n kube-system | grep tiller
tiller 402d
(⎈ |arn:aws:eks:eu-central-1:xxx:cluster/xxx:default)
code on master [!?]
➜ k get service -n kube-system | grep tiller
tiller-deploy ClusterIP 10.100.23.25 <none> 44134/TCP 402d
解决方案
事实证明,分蘖部署了您需要通过的 SSL 证书。
~/Development/tools/helm-2.14.2/helm list \
--tiller-connection-timeout 30 \
--tls \
--tls-ca-cert ssl/tiller/tiller-ca.crt \
--tls-cert ssl/tiller/tiller.crt \
--tls-key ssl/tiller/tiller.key \
--all \
--tiller-namespace kube-system
要获得证书,您必须这样做:
export TILLER_NAMESPACE="kube-system"
kubectl get secrets/tiller-secret -n "$TILLER_NAMESPACE" -o "jsonpath={.data['ca\.crt']}" | base64 --decode > ssl/tiller/tiller-ca.crt
kubectl get secrets/tiller-secret -n "$TILLER_NAMESPACE" -o "jsonpath={.data['tls\.crt']}" | base64 --decode > ssl/tiller/tiller.crt
kubectl get secrets/tiller-secret -n "$TILLER_NAMESPACE" -o "jsonpath={.data['tls\.key']}" | base64 --decode > ssl/tiller/tiller.key
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.