Helm error : Error: the server has asked for the client to provide credentials

Helm error : Error: the server has asked for the client to provide credentials

我已经安装了 Rancher 2 并创建了一个内部虚拟机的 kubernetes 集群(没有 AWS / gcloud)。

集群已启动 运行。

我登录了其中一个节点。

1) 安装 Kubectl 并执行 kubectl cluster-info 。它正确地列出了我的集群信息。

2) 安装头盔

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

root@lnmymachine # helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}

3) 配置的 helm 引用 Rancher Helm Init

kubectl -n kube-system create serviceaccount tiller

kubectl create clusterrolebinding tiller \
  --clusterrole cluster-admin \
  --serviceaccount=kube-system:tiller

helm init --service-account tiller

尝试通过 helm 安装 Jenkins

root@lnmymachine # helm ls
Error: Unauthorized
root@lnmymachine # helm install --name initial stable/jenkins
Error: the server has asked for the client to provide credentials

浏览过类似的问题,其中很少是由于多个集群引起的。我只有一个集群。 kubectl 正确地提供了所有信息。

知道发生了什么事。

创建 ClusterRoleBinding 时似乎有错误:

而不是 --clusterrole cluster-admin,你应该 --clusterrole=cluster-admin

您可以通过验证是否正确创建了 ServiceAccount、ClustrerRoleBinding 来检查是否属于这种情况。

kubectl describe -n kube-system sa tiller

kubectl describe clusterrolebinding tiller

他们似乎已经在 Rancher Helm Init 页面上解决了这个问题。

我遇到了同样的问题,但以下步骤对我有用。

root@node1:~# helm install --name prom-operator stable/prometheus-operator --namespace monitoring
Error: the server has asked for the client to provide credentials

第 1 步:删除服务帐户

root@node1:~# kubectl delete serviceaccount --namespace kube-system tiller
serviceaccount "tiller" deleted

第二步:删除集群角色绑定

root@node1:~# kubectl delete clusterrolebinding tiller-cluster-rule 
clusterrolebinding.rbac.authorization.k8s.io "tiller-cluster-rule" deleted

第 3 步:删除 helm 目录

root@node1:~# rm -rf .helm/

第 4 步:再次创建服务帐户。

root@node1:~# kubectl create serviceaccount tiller --namespace kube-system
serviceaccount/tiller created

第 5 步:创建集群角色绑定

root@node1:~# kubectl create clusterrolebinding tiller-cluster-rule \
>  --clusterrole=cluster-admin \
>  --serviceaccount=kube-system:tiller
clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created

Step6: 运行 helm init 命令

helm init --service-account=tiller

Creating /root/.helm 
Creating /root/.helm/repository 
Creating /root/.helm/repository/cache 
Creating /root/.helm/repository/local 
Creating /root/.helm/plugins 
Creating /root/.helm/starters 
Creating /root/.helm/cache/archive 
Creating /root/.helm/repository/repositories.yaml 
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
Adding local repo with URL: http://127.0.0.1:8879/charts 
$HELM_HOME has been configured at /root/.helm.
Warning: Tiller is already installed in the cluster.
(Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)

第 7 步:删除 tiller-deploy-xxx pod

kubectl delete pod -n kube-system tiller-deploy

pod "tiller-deploy-5d58456765-xlns2" deleted

等待重新创建。

第 8 步:安装 helm 图表。

helm install --name prom-operator stable/prometheus-operator --namespace monitoring