默认状况下,Rancher会生成CA并用于cert-manager颁发证书以访问Rancher服务器界面。由于rancher是默认选项ingress.tls.source,咱们ingress.tls.source在运行helm install命令时没有指定。git
helm install stable/cert-manager \ --name cert-manager \ --namespace kube-system \ --version v0.5.2
Error: namespaces "kube-system" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "kube-system"
kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller kubectl delete deployment tiller-deploy --namespace kube-system helm init --service-account tiller
[root@kubm-01 ~]# helm install stable/cert-manager --name cert-manager --namespace kube-system --version v0.5.2 Error: customresourcedefinitions.apiextensions.k8s.io "certificates.certmanager.k8s.io" already exists
查看现有 custom resource definition [root@kubm-01 ~]# kubectl get customresourcedefinitions --all-namespaces=true |grep certmanager.* certificates.certmanager.k8s.io 2019-08-20T04:03:16Z clusterissuers.certmanager.k8s.io 2019-08-02T06:32:05Z issuers.certmanager.k8s.io 2019-08-02T06:32:06Z #删除 [root@kubm-01 ~]# kubectl delete customresourcedefinition kubectl delete customresourcedefinition certificates.certmanager.k8s.io kubectl delete customresourcedefinition clusterissuers.certmanager.k8s.io kubectl delete customresourcedefinition issuers.certmanager.k8s.io 参考信息:https://github.com/jetstack/cert-manager/issues/870
helm install stable/cert-manager \ --name cert-manager \ --namespace kube-system \ --version v0.5.2
kubectl -n kube-system rollout status deploy/cert-manager cert-manager has been deployed successfully!
https://helm.sh/docs/using_helm/#tiller-and-role-based-access-controlgithub