์๋
์ฌ๋ฌ๋ถ
๋๋ ๋จ์ง ๋ฌด์์ด ์๋ชป๋๊ณ ์๋์ง ์ ํ ๋ชจ๋ฅธ๋ค.
์ฒ์ ์คํ์ ์๋ํ ํ :
$ helm install stable/mongodb-replicaset
Error: no available release name found
i "๋นํ์ฑํ"RBAC
kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts
๊ทธ๋ฌ๋ ์๋ฌด๊ฒ๋ ๋ณ๊ฒฝ๋์ง ์์์ต๋๋ค.
$ helm install stable/mongodb-replicaset
Error: no available release name found
Kubernetes
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"6e937839ac04a38cac63e6a7a306c5d035fe7b0a", GitTreeState:"clean", BuildDate:"2017-09-28T22:57:57Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.1", GitCommit:"f38e43b221d08850172a9a4ea785a86a3ffa3b3a", GitTreeState:"clean", BuildDate:"2017-10-11T23:16:41Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
์ง๋ฐฐ
$ helm version
Client: &version.Version{SemVer:"v2.6.2", GitCommit:"be3ae4ea91b2960be98c07e8f73754e67e87963c", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.6.2", GitCommit:"be3ae4ea91b2960be98c07e8f73754e67e87963c", GitTreeState:"clean"}
helms repos
$ helm search | grep mongo
stable/mongodb 0.4.17 NoSQL document-oriented database that stores JS...
stable/mongodb-replicaset 2.1.2 NoSQL document-oriented database that stores JS...
ํธ๋ฌ ํฌ๋
$ kubectl get pods --all-namespaces | grep tiller
kube-system tiller-deploy-5cd755f8f-c8nnl 1/1 Running 0 22m
````
tiller log
```bash
[tiller] 2017/10/23 19:12:50 preparing install for
[storage] 2017/10/23 19:12:50 getting release "busted-shark.v1"
[storage/driver] 2017/10/23 19:13:20 get: failed to get "busted-shark.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/busted-shark.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/23 19:13:20 info: generated name busted-shark is taken. Searching again.
[storage] 2017/10/23 19:13:20 getting release "lucky-rabbit.v1"
[storage/driver] 2017/10/23 19:13:50 get: failed to get "lucky-rabbit.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/lucky-rabbit.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/23 19:13:50 info: generated name lucky-rabbit is taken. Searching again.
[storage] 2017/10/23 19:13:50 getting release "exiled-lynx.v1"
[storage/driver] 2017/10/23 19:14:20 get: failed to get "exiled-lynx.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/exiled-lynx.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/23 19:14:20 info: generated name exiled-lynx is taken. Searching again.
[storage] 2017/10/23 19:14:20 getting release "eloping-echidna.v1"
[storage/driver] 2017/10/23 19:14:50 get: failed to get "eloping-echidna.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/eloping-echidna.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/23 19:14:50 info: generated name eloping-echidna is taken. Searching again.
[storage] 2017/10/23 19:14:50 getting release "soft-salamander.v1"
[storage/driver] 2017/10/23 19:15:20 get: failed to get "soft-salamander.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/soft-salamander.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/23 19:15:20 info: generated name soft-salamander is taken. Searching again.
[tiller] 2017/10/23 19:15:20 warning: No available release names found after 5 tries
[tiller] 2017/10/23 19:15:20 failed install prepare step: no available release name found
Kubernetes 1.8 ์ง์์ ์ต๊ทผ์์ผ helm v2.7.0์ ์ถ๊ฐ๋์์ผ๋ฏ๋ก Helm v2.6.2๊ฐ 1.8 ํด๋ฌ์คํฐ์์ ์๋ ํ ๊ฒ์ผ๋ก ์์ํ์ง ์์ต๋๋ค. v2.7.0-rc1 ๋ฆด๋ฆฌ์ค๋ฅผ ์ฌ์ฉํด๋ณด๊ณ ์๋ํ๋์ง ํ์ธํ ์ ์์ต๋๊น? v2.7.0-rc1 ๋ฐ์ด๋๋ฆฌ๋ฅผ ๋ก์ปฌ์ ์ค์นํ๊ณ helm reset && helm init
์คํํ๋ฉด ํธ๋ฆญ์ ์ํ ํ ์ ์์ต๋๋ค. ๊ฐ์ฌ! :)
@bacongobbler ํํธ๋ฅผ ์ฃผ์ ์ ๊ฐ์ฌํ์ง๋ง ์ผ์น๋ฅผ ๋ณ๊ฒฝํ์ง ์์์ต๋๋ค.
helm version
Client: &version.Version{SemVer:"v2.7.0", GitCommit:"08c1144f5eb3e3b636d9775617287cc26e53dba4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.7.0", GitCommit:"08c1144f5eb3e3b636d9775617287cc26e53dba4", GitTreeState:"clean"}
๊ทธ๋ฆฌ๊ณ ๋ค์ ์๋ํ๋ฉด :
$ helm install stable/mongodb-replicaset
Error: no available release name found
๋ค์ ๋ก๊ทธ์ ํจ๊ป :
[tiller] 2017/10/26 18:11:22 preparing install for
[storage] 2017/10/26 18:11:22 getting release "listless-toucan.v1"
[storage/driver] 2017/10/26 18:11:36 get: failed to get "zealous-panther.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/zealous-panther.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:11:36 info: generated name zealous-panther is taken. Searching again.
[storage] 2017/10/26 18:11:36 getting release "terrifying-serval.v1"
[storage/driver] 2017/10/26 18:11:52 get: failed to get "listless-toucan.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/listless-toucan.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:11:52 info: generated name listless-toucan is taken. Searching again.
[storage] 2017/10/26 18:11:52 getting release "jittery-rat.v1"
[storage/driver] 2017/10/26 18:12:06 get: failed to get "terrifying-serval.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/terrifying-serval.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:12:06 info: generated name terrifying-serval is taken. Searching again.
[storage] 2017/10/26 18:12:06 getting release "wayfaring-dachshund.v1"
[storage/driver] 2017/10/26 18:12:22 get: failed to get "jittery-rat.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/jittery-rat.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:12:22 info: generated name jittery-rat is taken. Searching again.
[storage] 2017/10/26 18:12:22 getting release "lucky-arachnid.v1"
[storage/driver] 2017/10/26 18:12:36 get: failed to get "wayfaring-dachshund.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/wayfaring-dachshund.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:12:36 info: generated name wayfaring-dachshund is taken. Searching again.
[storage] 2017/10/26 18:12:36 getting release "gangly-lambkin.v1"
[storage/driver] 2017/10/26 18:12:52 get: failed to get "lucky-arachnid.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/lucky-arachnid.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:12:52 info: generated name lucky-arachnid is taken. Searching again.
[storage] 2017/10/26 18:12:52 getting release "boiling-kudu.v1"
[storage/driver] 2017/10/26 18:13:06 get: failed to get "gangly-lambkin.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/gangly-lambkin.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:13:06 info: generated name gangly-lambkin is taken. Searching again.
[storage] 2017/10/26 18:13:06 getting release "quoting-sloth.v1"
[storage/driver] 2017/10/26 18:13:22 get: failed to get "boiling-kudu.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/boiling-kudu.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:13:22 info: generated name boiling-kudu is taken. Searching again.
[storage] 2017/10/26 18:13:22 getting release "nordic-rabbit.v1"
[storage/driver] 2017/10/26 18:13:36 get: failed to get "quoting-sloth.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/quoting-sloth.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:13:36 info: generated name quoting-sloth is taken. Searching again.
[tiller] 2017/10/26 18:13:36 warning: No available release names found after 5 tries
[tiller] 2017/10/26 18:13:36 failed install prepare step: no available release name found
[storage/driver] 2017/10/26 18:13:52 get: failed to get "nordic-rabbit.v1": Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/nordic-rabbit.v1: dial tcp 10.96.0.1:443: i/o timeout
[tiller] 2017/10/26 18:13:52 info: generated name nordic-rabbit is taken. Searching again.
[tiller] 2017/10/26 18:13:52 warning: No available release names found after 5 tries
[tiller] 2017/10/26 18:13:52 failed install prepare step: no available release name found
ํ์ธ...
๋๋ ์ฅ์๋ชฉ์ ํตํด ํ๋๋ฌ์ ๊ต์ฒดํ๊ณ ์คํ๋ฉ๋๋ค.
https://github.com/kubernetes/helm/issues/2224#issuecomment -356344286์ ๋ฐ๋ผ ๋ค์ ๋ช ๋ น์ผ๋ก ์ค๋ฅ๊ฐ ํด๊ฒฐ๋์์ต๋๋ค.
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
๋ง์ ์ ๊ทผ ๋์ ๋ง์นจ๋ด ์ด๊ฒ์ ๋๋ฅผ ์ํด ์ผํ์ต๋๋ค. ๊ฐ์ฌํฉ๋๋ค!
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole = cluster-admin --serviceaccount = kube- system : tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{ "spec": { "template": { "spec": { "serviceAccount": "tiller"}}}}'
์์ 3 ์ค๋์ด ๋ฌธ์ ๋ฅผ ํด๊ฒฐํ์ต๋๋ค.
kubectl ํด๋ผ์ด์ธํธ : 1.9.6
kubectl ์๋ฒ : 1.8.7
helm ํด๋ผ์ด์ธํธ : 2.8.2
helm ์๋ฒ : 2.8.2
๋ฌธ์ ๊ฐ ๋ํ๋๊ณ ์ธ๊ธ ๋ ์๋ฃจ์ ์ด ์๋ํ์ง ์๋ ๊ฒฝ์ฐ :
Kube Client Version: 1.10.1
Kube Server Version: 1.10.1
Helm Client: "v2.9.0"
Helm Server: "v2.9.0"
๋ํ minikue๋ฅผ ์ผ๊ณ helm list
์คํํ๋ฉด ์ค๋ฅ๊ฐ ๋ฐ์ํ์ต๋๋ค.
Error: Get http://localhost:8080/api/v1/namespaces/kube-system/configmaps?labelSelector=OWNER%!D(MISSING)TILLER: dial tcp 127.0.0.1:8080: connect: connection refused
@viane ์๋ helm init --service-account default
; ๋ค๋ฅธ ํฐ์ผ์ด์ง๋ง ๋์ผํ ์ผ๋ฐ ์ค๋ฅ๊ฐ ๋ฐ์ํฉ๋๋ค.
@viane ๋ค์ ๋จ๊ณ๋ฅผ ์๋ํ์ญ์์ค. (๊ฒฝ์ด๊ธฐ ์๋น์ค ๋ฐ ๋ฐฐํฌ์ kubectl delete
๊ฐ ํ์ํ ์ ์์ต๋๋ค.)
$ kubectl create serviceaccount --namespace kube-system tiller
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
$ helm init --service-account tiller
๊ทธ๊ฒ์ ๋๋ฅผ ์ํด ๊ทธ๊ฒ์ ๊ณ ์ณค์ต๋๋ค.
helm reset && helm init
๋ ์ ์๊ฒ ์ ํฉํ์ง ์์์ผ๋ฉฐ ์์ RBAC ์๋ฃจ์
๋ ์๋ํ์ง ์์์ต๋๋ค.
๋ง์ง๋ง์ผ๋ก Tiller๋ฅผ ์ญ์ ํ ๋ค์ https://github.com/kubernetes/helm/issues/3055#issuecomment -385296641์ ์ ์์ ์ฌ์ฉํ์ฌ ๋ค์ ์๋ํ๊ฒํ์ต๋๋ค.
kubectl delete deployment tiller-deploy --namespace kube-system
helm init --upgrade --service-account default
๊ฐ์ ๋ฌธ์ ๊ฐ ๋ฐ์ํ์ต๋๋ค. ๊ทธ๋ฐ ๋ค์ ๋๋ ๋ค์์ ์๋ํ๋ค
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
์ ๋๋ถ์ด
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
"์๋ฒ ์ค๋ฅ (BadRequest) : ๊ฐ์ฒด ํค ๋ฌธ์์ด์ ์์์ ์ฐพ๋ ์๋ชป๋ ๋ฌธ์ '๋ผ๋ ๋ฉ์์ง๊ฐ ๋ํ๋ฉ๋๋ค."
๊ทธ๋ฐ ๋ค์ ๋ค์ ๋ช ๋ น์ ์๋ํ์ต๋๋ค.
$ kubectl create serviceaccount --namespace kube-system tiller
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
$ helm init --service-account tiller
๋๋ ๋ฉ์์ง๋ฅผ ๋ฐ์๋ค :
failed: clusterroles.rbac.authorization.k8s.io .... [clusterroles.rbac.authorization.k8s.io "cluster-admin" not found]
๋์์ฃผ์ธ์! ...
๋ค์์ ๋ด ์ ๋ณด์
๋๋ค.
ํฌ๊ตฌ ๋ฒ์
Client: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
kubectl ๋ฒ์
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T21:07:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.6", GitCommit:"9f8ebd171479bec0ada837d7ee641dec2f8c6dd1", GitTreeState:"clean", BuildDate:"2018-03-21T15:13:31Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
minikube ๋ฒ์
minikube version: v0.25.0
์ด์ํ ์ ์ Helm์ ์ฌ์ฉํ์ฌ 5 ์ 9 ์ผ์ stable / nginx-ingress๋ฅผ ์ค์นํ๊ณ ์ฑ๊ณต์ ์ผ๋ก ์ค์น ํ ๋ค์ Kubernetes๋ฅผ ์ญ์ (์ฐ์ต์ฉ) ํ ๋ค์ ์ค๋ Kubernetes๋ฅผ ๋ค์ ์ค์นํ๊ณ stable / nginx-ingress๋ฅผ ๋ค์ ์ค์นํ๋ ๊ฒ์ ๋๋ค. ์ค๋ฅ.
๋ฏธ๋ฆฌ ์ง์ ํด์ฃผ์ ์ ๊ฐ์ฌํฉ๋๋ค
@ nguyenhuuloc304 ๊ฐ์ ๋ฌธ์ ๊ฐ ๋ฐ์ํ์ต๋๋ค. cluster-admin
ClusterRole์ ๋ง๋ค์ด์ผํ์ต๋๋ค.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: null
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: cluster-admin
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
๋๋ ์ด๊ฒ์ ๊ฐ์ด๋ ์ด๋๊ฐ์ ์ถ๊ฐํ๋ ๊ฒ์ด ์ ๋ง ์ค์ํ๋ค๊ณ ์๊ฐํฉ๋๋ค. azure์ AKS๋ ๊ธฐ๋ณธ ํด๋ฌ์คํฐ ๊ด๋ฆฌ์ ์ญํ ์ ์ ๊ณตํ์ง ์์ผ๋ฏ๋ก ์ฌ์ฉ์๊ฐ ๋ง๋ค์ด์ผํฉ๋๋ค.
https://github.com/jenkins-x/jx/issues/485#issuecomment -376804810
https://github.com/Azure/acs-engine/issues/1892#issuecomment -353960778์์ ๋ณผ ์ ์๋ฏ์ด ACS์์๋ ๋ง์ฐฌ๊ฐ์ง์
๋๋ค.
redis๋ฅผ ์ค์นํ๋ ค๊ณ ํ ๋ ์ด๊ฒ์ ๋๋ฅผ ์ํด ์ผํ์ต๋๋ค.
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole = cluster-admin --serviceaccount = kube- system : tiller
helm init --service-account tiller --upgrade
helm update repo. # ํผ์ฆ์ ๋ง์ง๋ง ์กฐ๊ฐ
helm install stable / redis-๋ฒ์ 3.3.5
์ฌ๊ธฐ๋ ๋ง์ฐฌ๊ฐ์ง์
๋๋ค.
kube ํด๋ผ์ด์ธํธ : v1.10.4
kube ์๋ฒ : v1.9.6
helm ํด๋ผ์ด์ธํธ / erver v2.9.1
# helm install stable/prometheus --namespace=monitoring --set rbac.create="true"
Error: no available release name found
# helm search | grep prometheus
coreos/grafana 0.0.35 Grafana instance for kube-prometheus
coreos/kube-prometheus 0.0.82 Manifests, dashboards, and alerting rules for e...
coreos/prometheus 0.0.43 Prometheus instance created by the CoreOS Prome...
coreos/prometheus-operator 0.0.26 0.20.0 Provides easy monitoring definitions for Kubern...
stable/prometheus 6.7.2 2.2.1 Prometheus is a monitoring system and time seri...
์ด ๋ผ์ธ์ ์คํํ๊ณ ์๋ํ์ต๋๋ค. ๊ฒ์ ํด ์ฃผ์
์ ๊ฐ์ฌํฉ๋๋ค! : kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
#kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
clusterrolebinding.rbac.authorization.k8s.io "tiller-cluster-rule" created
[root@ip-172-31-90-223 charts]# helm install stable/prometheus --namespace=monitoring --set rbac.create="true"
NAME: ungaged-sloth
LAST DEPLOYED: Thu Jun 14 23:52:31 2018
NAMESPACE: monitoring
STATUS: DEPLOYED
Error: no available release name found
์ด ํ์๋๋ ๋ฐ ์ ๊ทธ๋ ๊ฒ ์ค๋ ๊ฑธ๋ฆฌ๋์? ์ ์งํ๊ฒ ์ค๋ฅ ๋ฉ์์ง๋ฅผ๋ฐ๋ ๋ฐ 5 ๋ถ์ด ๊ฑธ๋ฆฌ๊ธฐ ๋๋ฌธ์ ์๋ํ๋๋ก ์๋ํด์ผํ๋ 40,000 ๊ฐ์ ์์
์ 5m * 40,000์ด ๊ฑธ๋ฆฝ๋๋ค.
์ ์๊ฒ๋ ๋จ์ผ ์๋ฃจ์ ์ด ํจ๊ณผ๊ฐ ์์์ต๋๋ค. ๊ทธ๋ฌ๋, ๋๋ ์ ๊ฒฝ์ด๊ธฐ ๋ฑ์ผ๋ก minikube์ ๋ค์ ์ค์นํ๊ณ ๋ด๊ฐ ๊ทธ๋ฌ์ด ์ด ์ฒซ ๋ฒ์งธ ๋จ๊ณ :
ํด๋ฌ์คํฐ์ RBAC (์ญํ ๊ธฐ๋ฐ ์ก์ธ์ค ์ ์ด)๊ฐ ํ์ฑํ ๋ ๊ฒฝ์ฐ ๊ณ์ํ๊ธฐ ์ ์ ์๋น์ค ๊ณ์ ๋ฐ ๊ท์น์ ๊ตฌ์ฑ ํ ์ ์์ต๋๋ค.
์ด๊ฒ์ ์ค์ ๋ก ๋ฌธ์์ ์ธ๊ธ๋์ด ์์ง๋ง์ด ๋จ๋ฝ ๋ค์ ๋ํ๋๊ธฐ ๋๋ฌธ์ ์ฝ๊ฐ ํผ๋ ์ค๋ฝ์ต๋๋ค.
๊ณต์ ๊ฐ ๋ฌธ์ ๊ฐ๋์ง ์๋ ์ฌ์ค ๋คํธ์ํฌ์ ํด๋ฌ์คํฐ ๋๋ minikube์ ๊ฐ์ด ์์ ํ ์ ์ดํ๋ โโํด๋ฌ์คํฐ์์ Helm์ ์ฌ์ฉํ๋ ๊ฒฝ์ฐ ๋ณด์ ๊ตฌ์ฑ์ ์ ์ฉํ์ง ์๋ ๊ธฐ๋ณธ ์ค์น๊ฐ ๊ด์ฐฎ์ผ๋ฉฐ ํ์คํ ๊ฐ์ฅ ์ฌ์ด ๋ฐฉ๋ฒ์ ๋๋ค. ์ถ๊ฐ ๋ณด์ ๋จ๊ณ์์ด Helm์ ์ค์นํ๋ ค๋ฉด Helm์ ์ค์น ํ ๋ค์ Helm์ ์ด๊ธฐํํ์ญ์์ค.
์๋ ์ง์นจ์ helm v2.11.0 ๋ฐ kube 1.12.1 ๋ฒ์ ์์๋ ๋ด ๋ฌธ์ ๋ฅผ ํด๊ฒฐํ์ต๋๋ค.
$ kubectl create serviceaccount --namespace kube-system tiller
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole = cluster-admin --serviceaccount = kube- system : tiller
$ helm init --service-account tiller
sudo iptables -P FORWARD ACCEPT
์์ ๋ช ๋ น์ ์ค๋ฅ๋ฅผ ์ ๊ฑฐํ๊ธฐ ์ํด ๋ด๊ฐํด์ผ๋งํ๋ ์ ๋ถ์ ๋๋ค. ๋ค๋ฅธ ์๋ฃจ์ ์ ์ ์๊ฒ ํจ๊ณผ๊ฐ์๋ ๊ฒ ๊ฐ์ต๋๋ค.
๋ฌธ์ ์ธ์ฌ
Ranga
๊ฐ์ ๋ฐฉ์์ด์ง๋ง ํ ๋ผ ํผ์ ์ฌ์ฉํฉ๋๋ค.
resource "kubernetes_service_account" "tiller" {
metadata {
name = "tiller"
namespace = "kube-system"
}
}
resource "kubernetes_cluster_role_binding" "tiller-cluster-rule" {
metadata {
name = "tiller-cluster-rule"
}
role_ref {
kind = "ClusterRole"
name = "cluster-admin"
api_group = "rbac.authorization.k8s.io"
}
subject {
kind = "ServiceAccount"
namespace = "kube-system"
name = "tiller"
api_group = ""
}
provisioner "local-exec" {
command = "helm init --service-account tiller"
}
}
์ด๊ฑฐ ํด๋ดค ์ด?
sudo iptables -P FORWARD ACCEPT
๋ฌธ์ ์ธ์ฌ
Ranga
์์ ๋ชจ๋ ์ต์ ์ ํ๋์ด ์๋ํ๊ณ rangapv๊ฐ ์ ์ํ ์ต์ ์ด ์ ์๊ฒ ํจ๊ณผ์ ์ด์์ต๋๋ค. ๊ฐ์ฌํฉ๋๋ค.
์์ ์๋ฌด๊ฒ๋ ์๋ํ์ง ์์์ต๋๋ค.
์์์ ์ธ๊ธ ํ ์๋ฃจ์ ์ค ์ด๋ ๊ฒ๋ ์๋ํ์ง ์์ต๋๋ค.
$ kubectl ๋ฒ์
ํด๋ผ์ด์ธํธ ๋ฒ์ : version.Info {Major : "1", Minor : "12", GitVersion : "v1.12.4", GitCommit : "f49fa022dbe63faafd0da106ef7e05a29721d3f1", GitTreeState : "clean", BuildDate : "2018-12-14T07 : 10 : 00Z ", GoVersion :"go1.10.4 ", ์ปดํ์ผ๋ฌ :"gc ", ํ๋ซํผ :"darwin / amd64 "}
์๋ฒ ๋ฒ์ : version.Info {Major : "1", Minor : "13", GitVersion : "v1.13.2", GitCommit : "cff46ab41ff0bb44d8584413b598ad8360ec1def", GitTreeState : "clean", BuildDate : "2019-01-10T23 : 28 : 14Z ", GoVersion :"go1.11.4 ", ์ปดํ์ผ๋ฌ :"gc ", ํ๋ซํผ :"linux / amd64 "}
$ helm ๋ฒ์
ํด๋ผ์ด์ธํธ : & version.Version {SemVer : "v2.12.3", GitCommit : "eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState : "clean"}
์๋ฒ : & version.Version {SemVer : "v2.12.3", GitCommit : "eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState : "clean"}
$ kubectl create serviceaccount --namespace kube-system tiller
์๋ฒ ์ค๋ฅ (AlreadyExists) : ์๋น์ค ๊ณ์ "tiller"๊ฐ ์ด๋ฏธ ์์ต๋๋ค.
Ravis-MacBook-Pro-2 : .kube ravi $ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole = cluster-admin --serviceaccount = kube- system : tiller
์๋ฒ ์ค๋ฅ (AlreadyExists) : clusterrolebindings.rbac.authorization.k8s.io "tiller-cluster-rule"์ด ์ด๋ฏธ ์กด์ฌํฉ๋๋ค.
Ravis-MacBook-Pro-2 : .kube ravi $ helm init --service-account tiller --upgrade
$ HELM_HOME์ด /Users/ravi/.helm์ ๊ตฌ์ฑ๋์์ต๋๋ค.
Tiller (Helm ์๋ฒ ์ธก ๊ตฌ์ฑ ์์)๊ฐ ํ์ฌ ๋ฒ์ ์ผ๋ก ์
๊ทธ๋ ์ด๋๋์์ต๋๋ค.
ํฌ๋ฐ ํดํผ!
Ravis-MacBook-Pro-2 : .kube ravi $ helm ์
๋ฐ์ดํธ ์ ์ฅ์
"update"๋ช
๋ น์ ๋ ์ด์ ์ฌ์ฉ๋์ง ์์ต๋๋ค. 'helm repo update'๋ฅผ ์ฌ์ฉํ์ญ์์ค.
์ฐจํธ ์ ์ฅ์์์ ์ต์ ์ ๋ณด๋ฅผ ๊ฐ์ ธ ์ค๋ ๋์ ์ ์ ๊ธฐ๋ค๋ ค์ฃผ์ธ์ ...
... ๋ก์ปฌ ์ฐจํธ ์ ์ฅ์ ๊ฑด๋ ๋ฐ๊ธฐ
... "์์ ๋"์ฐจํธ ์ ์ฅ์์์ ์ฑ๊ณต์ ์ผ๋ก ์
๋ฐ์ดํธ๋ฅผ ๋ฐ์์ต๋๋ค.
์
๋ฐ์ดํธ ์๋ฃ. โ ํดํผ ํฌ๋ฐ! โ
Ravis-MacBook-Pro-2 : .kube ravi $ helm install stable / redis
์ค๋ฅ : ์ฌ์ฉ ๊ฐ๋ฅํ ๋ฆด๋ฆฌ์ค ์ด๋ฆ์ด ์์ต๋๋ค.
์ผ,
ํด๋ฌ์คํฐ ์ญํ ๊ด๋ฆฌ์ ๊ถํ์ด์๋๋ณด๋ค ์์ ํ ์๋ฃจ์ :
TILLER_NAMESPACE='your tiller namespace'
cat <<EOF | kubectl create -n ${TILLER_NAMESPACE} -f -
- kind: Role
apiVersion: v1
metadata:
name: tiller
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- list
- update
- delete
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
EOF
kubectl create serviceaccount --namespace ${TILLER_NAMESPACE} tiller
kubectl create rolebinding tiller-rule --role=tiller --serviceaccount=${TILLER_NAMESPACE}:tiller
kubectl patch deploy --namespace ${TILLER_NAMESPACE} tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
์์ ์ค๋ฅ๋ฅผ ์์ ํด์ผํฉ๋๋ค.
ํธ๋ฌ ์ฐจํธ๋ฅผ ํ๋ก์ ํธ์ ๋ฐฐํฌํ๋ ค๋ฉด ํธ๋ฌ ํธ์ง ๊ถํ์ ๋ถ์ฌํด์ผํฉ๋๋ค.
kubectl create rolebinding tiller-edit-rights -n ${YOUR-PROJECT_NAMESPACE} --clusterrole=edit --serviceaccount=${TILLER_NAMESPACE}:tiller
์์ ์๋ฃจ์ ์ค ์ด๋ ๊ฒ๋ ์ ์๊ฒ ํจ๊ณผ๊ฐ ์์์ง๋ง ๋ค์ ๋งํฌ์ ์ง์นจ์ ํจ๊ณผ๊ฐ ์์ต๋๋ค.
์์ ์๋ฃจ์ ์ค ์ด๋ ๊ฒ๋ ์ ์๊ฒ ํจ๊ณผ๊ฐ ์์์ง๋ง ๋ค์ ๋งํฌ์ ์ง์นจ์ ํจ๊ณผ๊ฐ ์์ต๋๋ค.
๊ณ ๋ง์ ์น๊ตฌ, ์๋
๊ฐ์ฅ ์ ์ฉํ ๋๊ธ
https://github.com/kubernetes/helm/issues/2224#issuecomment -356344286์ ๋ฐ๋ผ ๋ค์ ๋ช ๋ น์ผ๋ก ์ค๋ฅ๊ฐ ํด๊ฒฐ๋์์ต๋๋ค.