2

Environment

[root@kubernetes-master-001 centos]# helm version
Client: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}

[root@kubernetes-master-001 centos]# cat /etc/*-release | tail -n 1
CentOS Linux release 7.4.1708 (Core)

Question

I am trying to setup helm in an offline environment, and I am stuck.

I seem to successfully pass the init step, but any call to install fails:

[root@kubernetes-master-001 centos]# export HELM_HOME=/root/.helm
[root@kubernetes-master-001 centos]# helm init --service-account tiller --wait -i $local_registry/kubernetes-helm/tiller:v2.9.0 --skip-refresh
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
[root@kubernetes-master-001 centos]# helm install $local_HTTP_server/nginx-ingress-869c634517dbeb94c4a759fcfb69c44da38007ed.tgz --debug --name my-nginx --set rbac.create=true
[debug] Created tunnel using local port: '34825'
[debug] SERVER: "127.0.0.1:34825"
[debug] Original chart version: ""
Error: no cached repo found. (try 'helm repo update'). open /root/.helm/repository/cache/stable-index.yaml: no such file or directory

This is what can be found in $HELM_HOME:

[root@kubernetes-master-001 centos]# find "$HELM_HOME" -type f
/root/.helm/repository/local/index.yaml
/root/.helm/repository/repositories.yaml

Does anyone see a solution to this?

Elouan Keryell-Even
  • 453
  • 2
  • 8
  • 20

3 Answers3

0

So based on this github comment, I performed a (dirty) workaround:

A file $HELM_HOME/repository/local/index.yaml was created by the helm init process.

[root@kubernetes-master-001 centos]# cat "$HELM_HOME/repository/local/index.yaml"
apiVersion: v1
entries: {}
generated: 2018-06-25T11:48:14.734541008Z

I copied it @ $HELM_HOME/repository/cache/stable-index.yaml:

cp "$HELM_HOME/repository/local/index.yaml" "$HELM_HOME/repository/cache/stable-index.yaml"

and it worked fine afterwards:

[root@kubernetes-master-001 centos]# helm install $local_HTTP_server/nginx-ingress-869c634517dbeb94c4a759fcfb69c44da38007ed.tgz --debug --name my-nginx --set rbac.create=true
[debug] Created tunnel using local port: '42893'
[debug] SERVER: "127.0.0.1:42893"
[debug] Original chart version: ""
[debug] Fetched $local_HTTP_server/nginx-ingress-869c634517dbeb94c4a759fcfb69c44da38007ed.tgz to /root/.helm/cache/archive/nginx-ingress-869c634517dbeb94c4a759fcfb69c44da38007ed.tgz
[debug] CHART PATH: /root/.helm/cache/archive/nginx-ingress-869c634517dbeb94c4a759fcfb69c44da38007ed.tgz
NAME:   my-nginx
REVISION: 1
RELEASED: Mon Jun 25 11:49:27 2018
CHART: nginx-ingress-0.20.3
. . .
. . .
. . .
LAST DEPLOYED: Mon Jun 25 11:49:27 2018
NAMESPACE: default
STATUS: DEPLOYED
. . .
. . .
. . .
Elouan Keryell-Even
  • 453
  • 2
  • 8
  • 20
0
helm init --client-only --skip-refresh

This step will install helm locally and not install tiller.

Next step is to upload tiller image to your docker registry

tiller image: gcr.io/kubernetes-helm/tiller:v2.11.0

If you don't have a private docker registry set yet, alternatively you can also copy the tiller docker image to all the nodes.

Tiller image's tag depends on the version of helm you are installing. In my case, I was installing helm 2.11.0

Next you need to do:

helm init

This will install tiller in one of the nodes.

Next you need to create a service account for your tiller pod and assign it cluster-admin role.

Create a file rbac_service_account.yaml with below content

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

Next you need to just apply the service account and upgrade tiller pod.

kubectl apply -f rbac_service_account.yaml

helm init --service-account tiller --upgrade
spuder
  • 1,695
  • 2
  • 25
  • 42
Amit Thawait
  • 101
  • 3
  • Hi Amit, thanks for your answer. Unfortunately, I am not able to reproduce the issue anymore, so I cannot test your answer :/ However, your answer mentions `helm init` & `RBAC`, yet my problem was related to `helm install`, so I don't really see the link (my `helm init` did not fail, and I did not see any RBAC error) – Elouan Keryell-Even Mar 25 '19 at 16:33
  • @ElouanKeryell-Even Yeah...I agree that your question was different. However I also had the same task of installing helm with internet connection. I didn't found any blog nor any open question in stackoverflow hence, I answered it here so that someone landing here after google search can get help. – Amit Thawait Apr 02 '19 at 06:22
0

Use the --tiller-image option on init to point to your private registry.

As described at https://helm.sh/docs/install/#easy-in-cluster-installation

Stefan van Gastel
  • 101
  • 1