github.com/amundsenjunior/helm@v2.8.0-rc.1.0.20180119233529-2b92431476e1+incompatible/docs/install_faq.md (about) 1 # Installation: Frequently Asked Questions 2 3 This section tracks some of the more frequently encountered issues with installing 4 or getting started with Helm. 5 6 **We'd love your help** making this document better. To add, correct, or remove 7 information, [file an issue](https://github.com/kubernetes/helm/issues) or 8 send us a pull request. 9 10 ## Downloading 11 12 I want to know more about my downloading options. 13 14 **Q: I can't get to GitHub releases of the newest Helm. Where are they?** 15 16 A: We no longer use GitHub releases. Binaries are now stored in a 17 [GCS public bucket](https://kubernetes-helm.storage.googleapis.com). 18 19 **Q: Why aren't there Debian/Fedora/... native packages of Helm?** 20 21 We'd love to provide these or point you toward a trusted provider. If you're 22 interested in helping, we'd love it. This is how the Homebrew formula was 23 started. 24 25 **Q: Why do you provide a `curl ...|bash` script?** 26 27 A: There is a script in our repository (`scripts/get`) that can be executed as 28 a `curl ..|bash` script. The transfers are all protected by HTTPS, and the script 29 does some auditing of the packages it fetches. However, the script has all the 30 usual dangers of any shell script. 31 32 We provide it because it is useful, but we suggest that users carefully read the 33 script first. What we'd really like, though, are better packaged releases of 34 Helm. 35 36 ## Installing 37 38 I'm trying to install Helm/Tiller, but something is not right. 39 40 **Q: How do I put the Helm client files somewhere other than ~/.helm?** 41 42 Set the `$HELM_HOME` environment variable, and then run `helm init`: 43 44 ```console 45 export HELM_HOME=/some/path 46 helm init --client-only 47 ``` 48 49 Note that if you have existing repositories, you will need to re-add them 50 with `helm repo add...`. 51 52 **Q: How do I configure Helm, but not install Tiller?** 53 54 A: By default, `helm init` will ensure that the local `$HELM_HOME` is configured, 55 and then install Tiller on your cluster. To locally configure, but not install 56 Tiller, use `helm init --client-only`. 57 58 **Q: How do I manually install Tiller on the cluster?** 59 60 A: Tiller is installed as a Kubernetes `deployment`. You can get the manifest 61 by running `helm init --dry-run --debug`, and then manually install it with 62 `kubectl`. It is suggested that you do not remove or change the labels on that 63 deployment, as they are sometimes used by supporting scripts and tools. 64 65 **Q: Why do I get `Error response from daemon: target is unknown` during Tiller install?** 66 67 A: Users have reported being unable to install Tiller on Kubernetes instances that 68 are using Docker 1.13.0. The root cause of this was a bug in Docker that made 69 that one version incompatible with images pushed to the Docker registry by 70 earlier versions of Docker. 71 72 This [issue](https://github.com/docker/docker/issues/30083) was fixed shortly 73 after the release, and is available in Docker 1.13.1-RC1 and later. 74 75 ## Getting Started 76 77 I successfully installed Helm/Tiller but I can't use it. 78 79 **Q: Trying to use Helm, I get the error "client transport was broken"** 80 81 ``` 82 E1014 02:26:32.885226 16143 portforward.go:329] an error occurred forwarding 37008 -> 44134: error forwarding port 44134 to pod tiller-deploy-2117266891-e4lev_kube-system, uid : unable to do port forwarding: socat not found. 83 2016/10/14 02:26:32 transport: http2Client.notifyError got notified that the client transport was broken EOF. 84 Error: transport is closing 85 ``` 86 87 A: This is usually a good indication that Kubernetes is not set up to allow port forwarding. 88 89 Typically, the missing piece is `socat`. If you are running CoreOS, we have been 90 told that it may have been misconfigured on installation. The CoreOS team 91 recommends reading this: 92 93 - https://coreos.com/kubernetes/docs/latest/kubelet-wrapper.html 94 95 Here are a few resolved issues that may help you get started: 96 97 - https://github.com/kubernetes/helm/issues/1371 98 - https://github.com/kubernetes/helm/issues/966 99 100 **Q: Trying to use Helm, I get the error "lookup XXXXX on 8.8.8.8:53: no such host"** 101 102 ``` 103 Error: Error forwarding ports: error upgrading connection: dial tcp: lookup kube-4gb-lon1-02 on 8.8.8.8:53: no such host 104 ``` 105 106 A: We have seen this issue with Ubuntu and Kubeadm in multi-node clusters. The 107 issue is that the nodes expect certain DNS records to be obtainable via global 108 DNS. Until this is resolved upstream, you can work around the issue as 109 follows: 110 111 1) Add entries to `/etc/hosts` on the master mapping your hostnames to their public IPs 112 2) Install `dnsmasq` on the master (e.g. `apt install -y dnsmasq`) 113 3) Kill the k8s api server container on master (kubelet will recreate it) 114 4) Then `systemctl restart docker` (or reboot the master) for it to pick up the /etc/resolv.conf changes 115 116 See this issue for more information: https://github.com/kubernetes/helm/issues/1455 117 118 **Q: On GKE (Google Container Engine) I get "No SSH tunnels currently open"** 119 120 ``` 121 Error: Error forwarding ports: error upgrading connection: No SSH tunnels currently open. Were the targets able to accept an ssh-key for user "gke-[redacted]"? 122 ``` 123 124 Another variation of the error message is: 125 126 127 ``` 128 Unable to connect to the server: x509: certificate signed by unknown authority 129 130 ``` 131 132 A: The issue is that your local Kubernetes config file must have the correct credentials. 133 134 When you create a cluster on GKE, it will give you credentials, including SSL 135 certificates and certificate authorities. These need to be stored in a Kubernetes 136 config file (Default: `~/.kube/config` so that `kubectl` and `helm` can access 137 them. 138 139 **Q: When I run a Helm command, I get an error about the tunnel or proxy** 140 141 A: Helm uses the Kubernetes proxy service to connect to the Tiller server. 142 If the command `kubectl proxy` does not work for you, neither will Helm. 143 Typically, the error is related to a missing `socat` service. 144 145 **Q: Tiller crashes with a panic** 146 147 When I run a command on Helm, Tiller crashes with an error like this: 148 149 ``` 150 Tiller is listening on :44134 151 Probes server is listening on :44135 152 Storage driver is ConfigMap 153 Cannot initialize Kubernetes connection: the server has asked for the client to provide credentials 2016-12-20 15:18:40.545739 I | storage.go:37: Getting release "bailing-chinchilla" (v1) from storage 154 panic: runtime error: invalid memory address or nil pointer dereference 155 [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x8053d5] 156 157 goroutine 77 [running]: 158 panic(0x1abbfc0, 0xc42000a040) 159 /usr/local/go/src/runtime/panic.go:500 +0x1a1 160 k8s.io/helm/vendor/k8s.io/kubernetes/pkg/client/unversioned.(*ConfigMaps).Get(0xc4200c6200, 0xc420536100, 0x15, 0x1ca7431, 0x6, 0xc42016b6a0) 161 /home/ubuntu/.go_workspace/src/k8s.io/helm/vendor/k8s.io/kubernetes/pkg/client/unversioned/configmap.go:58 +0x75 162 k8s.io/helm/pkg/storage/driver.(*ConfigMaps).Get(0xc4201d6190, 0xc420536100, 0x15, 0xc420536100, 0x15, 0xc4205360c0) 163 /home/ubuntu/.go_workspace/src/k8s.io/helm/pkg/storage/driver/cfgmaps.go:69 +0x62 164 k8s.io/helm/pkg/storage.(*Storage).Get(0xc4201d61a0, 0xc4205360c0, 0x12, 0xc400000001, 0x12, 0x0, 0xc420200070) 165 /home/ubuntu/.go_workspace/src/k8s.io/helm/pkg/storage/storage.go:38 +0x160 166 k8s.io/helm/pkg/tiller.(*ReleaseServer).uniqName(0xc42002a000, 0x0, 0x0, 0xc42016b800, 0xd66a13, 0xc42055a040, 0xc420558050, 0xc420122001) 167 /home/ubuntu/.go_workspace/src/k8s.io/helm/pkg/tiller/release_server.go:577 +0xd7 168 k8s.io/helm/pkg/tiller.(*ReleaseServer).prepareRelease(0xc42002a000, 0xc42027c1e0, 0xc42002a001, 0xc42016bad0, 0xc42016ba08) 169 /home/ubuntu/.go_workspace/src/k8s.io/helm/pkg/tiller/release_server.go:630 +0x71 170 k8s.io/helm/pkg/tiller.(*ReleaseServer).InstallRelease(0xc42002a000, 0x7f284c434068, 0xc420250c00, 0xc42027c1e0, 0x0, 0x31a9, 0x31a9) 171 /home/ubuntu/.go_workspace/src/k8s.io/helm/pkg/tiller/release_server.go:604 +0x78 172 k8s.io/helm/pkg/proto/hapi/services._ReleaseService_InstallRelease_Handler(0x1c51f80, 0xc42002a000, 0x7f284c434068, 0xc420250c00, 0xc42027c190, 0x0, 0x0, 0x0, 0x0, 0x0) 173 /home/ubuntu/.go_workspace/src/k8s.io/helm/pkg/proto/hapi/services/tiller.pb.go:747 +0x27d 174 k8s.io/helm/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc4202f3ea0, 0x28610a0, 0xc420078000, 0xc420264690, 0xc420166150, 0x288cbe8, 0xc420250bd0, 0x0, 0x0) 175 /home/ubuntu/.go_workspace/src/k8s.io/helm/vendor/google.golang.org/grpc/server.go:608 +0xc50 176 k8s.io/helm/vendor/google.golang.org/grpc.(*Server).handleStream(0xc4202f3ea0, 0x28610a0, 0xc420078000, 0xc420264690, 0xc420250bd0) 177 /home/ubuntu/.go_workspace/src/k8s.io/helm/vendor/google.golang.org/grpc/server.go:766 +0x6b0 178 k8s.io/helm/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc420124710, 0xc4202f3ea0, 0x28610a0, 0xc420078000, 0xc420264690) 179 /home/ubuntu/.go_workspace/src/k8s.io/helm/vendor/google.golang.org/grpc/server.go:419 +0xab 180 created by k8s.io/helm/vendor/google.golang.org/grpc.(*Server).serveStreams.func1 181 /home/ubuntu/.go_workspace/src/k8s.io/helm/vendor/google.golang.org/grpc/server.go:420 +0xa3 182 ``` 183 184 A: Check your security settings for Kubernetes. 185 186 A panic in Tiller is almost always the result of a failure to negotiate with the 187 Kubernetes API server (at which point Tiller can no longer do anything useful, so 188 it panics and exits). 189 190 Often, this is a result of authentication failing because the Pod in which Tiller 191 is running does not have the right token. 192 193 To fix this, you will need to change your Kubernetes configuration. Make sure 194 that `--service-account-private-key-file` from `controller-manager` and 195 `--service-account-key-file` from apiserver point to the _same_ x509 RSA key. 196 197 198 ## Upgrading 199 200 My Helm used to work, then I upgrade. Now it is broken. 201 202 **Q: After upgrade, I get the error "Client version is incompatible". What's wrong?** 203 204 Tiller and Helm have to negotiate a common version to make sure that they can safely 205 communicate without breaking API assumptions. That error means that the version 206 difference is too great to safely continue. Typically, you need to upgrade 207 Tiller manually for this. 208 209 The [Installation Guide](install.md) has definitive information about safely 210 upgrading Helm and Tiller. 211 212 The rules for version numbers are as follows: 213 214 - Pre-release versions are incompatible with everything else. `Alpha.1` is incompatible with `Alpha.2`. 215 - Patch revisions _are compatible_: 1.2.3 is compatible with 1.2.4 216 - Minor revisions _are not compatible_: 1.2.0 is not compatible with 1.3.0, 217 though we may relax this constraint in the future. 218 - Major revisions _are not compatible_: 1.0.0 is not compatible with 2.0.0. 219 220 ## Uninstalling 221 222 I am trying to remove stuff. 223 224 **Q: When I delete the Tiller deployment, how come all the releases are still there?** 225 226 Releases are stored in ConfigMaps inside of the `kube-system` namespace. You will 227 have to manually delete them to get rid of the record. 228 229 **Q: I want to delete my local Helm. Where are all its files?** 230 231 Along with the `helm` binary, Helm stores some files in `$HELM_HOME`, which is 232 located by default in `~/.helm`.