[kubernetes-실습] helm

# helm
1. 복잡한 어플리케이션들을 배포할때 사용하며, yum 이나 apt와 비슷하게 쿠버네티스 안의 package manager 역할을 한다.
2. chart template을 통해서 kubenetes application 을 패키징한다.
3. helm은 chart의 install을 요청하는 client 이다.
4. chart에 따라서 Tiller(서버) 가 cluster resource들을 생성한다.

 

# helm과 Tiller
helm은 로컬에 설치한 client를 말하고 Tiller는 쿠버네티스 클러스터 안에서 실행 중인 서버이다.

 

# Helm 과 Charts

helm 을 사용하면 복잡한 구성을 쉽게 구현할 수 있다. multi-part 애플리케이션을 한 번에 deployment 할 수 있다. Chart 또는 템플릿 파일을 사용하면 필요한 구성 요소와 해당 관계가 선언된다. tiller와 같은 로컬 에이전트는 API를 사용하여 사용자를 대신하여 object를 생성한다. 효과적으로 오케스트레이션할 수 있다. 이번 실습에서는 helm을 설치하고 클러스터에서 Maria DB를 구성하는 chart를 배포해 보도록 한다.

# Helm install

# -------------------------------------------------------
# helm setup
# -------------------------------------------------------
# helm install
ps0107@k8smaster1:~$ curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  7164  100  7164    0     0  18119      0 --:--:-- --:--:-- --:--:-- 18136
Downloading https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz
Preparing to install helm and tiller into /usr/local/bin
helm installed into /usr/local/bin/helm
tiller installed into /usr/local/bin/tiller
Run 'helm init' to configure helm.

# 새로운 RBAC 구성으로 인해 helm은 이 버전의 kubernetes에서 default namespace 에서 실행할 수 없습니다. initalization 중에 새로운 namespace를 생성하고 선언할 수 있습니다. 다른 RBAC 이슈는 그때도 발생할 수 있습니다. 이번 실습에서는 tiller를 위한 service account를 생성하고 클러스터에 대한 관리 기능을 제공합니다. 
ps0107@k8smaster1:~$ kubectl create serviceaccount --namespace kube-system tiller
serviceaccount/tiller created

# kube-system namespace안에 cluster-admin 이라는 이름으로 admin role으로 serviceaccount를 바인드한다.
ps0107@k8smaster1:~$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created

# helm init
ps0107@k8smaster1:~$ helm init --service-account tiller
Creating /home/ps0107/.helm
Creating /home/ps0107/.helm/repository
Creating /home/ps0107/.helm/repository/cache
Creating /home/ps0107/.helm/repository/local
Creating /home/ps0107/.helm/plugins
Creating /home/ps0107/.helm/starters
Creating /home/ps0107/.helm/cache/archive
Creating /home/ps0107/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /home/ps0107/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation

# 생성된 pod 확인
ps0107@k8smaster1:~$ kubectl get pods --all-namespaces
NAMESPACE              NAME                                        READY   STATUS    RESTARTS   AGE
kube-system            calico-node-wvxxm                           2/2     Running   0          11d
kube-system            calico-node-zxkxk                           2/2     Running   2          11d
kube-system            coredns-5c98db65d4-97gng                    1/1     Running   0          11d
kube-system            coredns-5c98db65d4-fvz2k                    1/1     Running   0          11d
kube-system            etcd-k8smaster1                             1/1     Running   0          11d
kube-system            kube-apiserver-k8smaster1                   1/1     Running   0          11d
kube-system            kube-controller-manager-k8smaster1          1/1     Running   0          11d
kube-system            kube-proxy-t62q4                            1/1     Running   0          11d
kube-system            kube-proxy-tnmtr                            1/1     Running   1          11d
kube-system            kube-scheduler-k8smaster1                   1/1     Running   0          11d
kube-system            metrics-server-86cd7c944f-99qsx             1/1     Running   0          3d7h
kube-system            tiller-deploy-54f7455d59-kfq5d              0/1     Running   0          9s
kube-system            traefik-ingress-controller-8884w            1/1     Running   0          3d13h
kube-system            traefik-ingress-controller-jdvck            1/1     Running   0          4d6h
kubernetes-dashboard   dashboard-metrics-scraper-fb986f88d-wrsv9   1/1     Running   0          2d13h
kubernetes-dashboard   kubernetes-dashboard-6bb65fcc49-wvw2z       1/1     Running   0          2d13h

# tiller 로그 확인
ps0107@k8smaster1:~$ kubectl -n kube-system logs tiller-deploy-54f7455d59-kfq5d
[main] 2020/02/08 15:17:07 Starting Tiller v2.16.1 (tls=false)
[main] 2020/02/08 15:17:07 GRPC listening on :44134
[main] 2020/02/08 15:17:07 Probes listening on :44135
[main] 2020/02/08 15:17:07 Storage driver is ConfigMap
[main] 2020/02/08 15:17:07 Max history per release is 0

# helm 도움말
ps0107@k8smaster1:~$ helm help
The Kubernetes package manager

To begin working with Helm, run the 'helm init' command:

	$ helm init

This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.

Common actions from this point include:

- helm search:    Search for charts
- helm fetch:     Download a chart to your local directory to view
- helm install:   Upload the chart to Kubernetes
- helm list:      List releases of charts

Environment:

- $HELM_HOME:           Set an alternative location for Helm files. By default, these are stored in ~/.helm
- $HELM_HOST:           Set an alternative Tiller host. The format is host:port
- $HELM_NO_PLUGINS:     Disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
- $TILLER_NAMESPACE:    Set an alternative Tiller namespace (default "kube-system")
- $KUBECONFIG:          Set an alternative Kubernetes configuration file (default "~/.kube/config")
- $HELM_TLS_CA_CERT:    Path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
- $HELM_TLS_CERT:       Path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
- $HELM_TLS_KEY:        Path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
- $HELM_TLS_ENABLE:     Enable TLS connection between Helm and Tiller (default "false")
- $HELM_TLS_VERIFY:     Enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
- $HELM_TLS_HOSTNAME:   The hostname or IP address used to verify the Tiller server certificate (default "127.0.0.1")
- $HELM_KEY_PASSPHRASE: Set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for the passphrase while signing helm charts

Usage:
  helm [command]

Available Commands:
  completion  Generate autocompletions script for the specified shell (bash or zsh)
  create      Create a new chart with the given name
  delete      Given a release name, delete the release from Kubernetes
  dependency  Manage a chart is dependencies
  fetch       Download a chart from a repository and (optionally) unpack it in local directory
  get         Download a named release
  help        Help about any command
  history     Fetch release history
  home        Displays the location of HELM_HOME
  init        Initialize Helm on both client and server
  inspect     Inspect a chart
  install     Install a chart archive
  lint        Examines a chart for possible issues
  list        List releases
  package     Package a chart directory into a chart archive
  plugin      Add, list, or remove Helm plugins
  repo        Add, list, remove, update, and index chart repositories
  reset       Uninstalls Tiller from a cluster
  rollback    Rollback a release to a previous revision
  search      Search for a keyword in charts
  serve       Start a local http web server
  status      Displays the status of the named release
  template    Locally render templates
  test        Test a release
  upgrade     Upgrade a release
  verify      Verify that a chart at the given path has been signed and is valid
  version     Print the client/server version information

Flags:
      --debug                           Enable verbose output
  -h, --help                            help for helm
      --home string                     Location of your Helm config. Overrides $HELM_HOME (default "/home/ps0107/.helm")
      --host string                     Address of Tiller. Overrides $HELM_HOST
      --kube-context string             Name of the kubeconfig context to use
      --kubeconfig string               Absolute path of the kubeconfig file to be used
      --tiller-connection-timeout int   The duration (in seconds) Helm will wait to establish a connection to Tiller (default 300)
      --tiller-namespace string         Namespace of Tiller (default "kube-system")

Use "helm [command] --help" for more information about a command.

# helm home
ps0107@k8smaster1:~$ helm home
/home/ps0107/.helm

# helm homedirectory 확인
ps0107@k8smaster1:~$ ls -R /home/ps0107/.helm
/home/ps0107/.helm:
cache  plugins  repository  starters

/home/ps0107/.helm/cache:
archive

/home/ps0107/.helm/cache/archive:

/home/ps0107/.helm/plugins:

/home/ps0107/.helm/repository:
cache  local  repositories.yaml

/home/ps0107/.helm/repository/cache:
local-index.yaml  stable-index.yaml

/home/ps0107/.helm/repository/local:
index.yaml

/home/ps0107/.helm/starters:

# helm 버전 확인
ps0107@k8smaster1:~$ helm version
Client: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}

# helm을 이용한 mariadb 배포

- mariadb 디버그 모드로 인스톨 해본다.

# -------------------------------------------------
# helm을 이용한 mariadb 배포
# ---------------------------------------------------
# helm search 를 통해 리스트를 확인해 볼수 있다. database에 대한 리스트가 많이 나오는군요...
ps0107@k8smaster1:~$ helm search database
NAME                         	CHART VERSION	APP VERSION            	DESCRIPTION
stable/cockroachdb           	3.0.4        	19.2.3                 	CockroachDB is a scalable, survivable, strongly-consisten...
stable/couchdb               	2.3.0        	2.3.1                  	DEPRECATED A database featuring seamless multi-master syn...
stable/dokuwiki              	6.0.6        	0.20180422.201901061035	DokuWiki is a standards-compliant, simple to use wiki opt...
stable/ignite                	1.0.1        	2.7.6                  	Apache Ignite is an open-source distributed database, cac...
stable/janusgraph            	0.2.1        	1.0                    	Open source, scalable graph database.
stable/kubedb                	0.1.3        	0.8.0-beta.2           	DEPRECATED KubeDB by AppsCode - Making running production...
stable/mariadb               	7.3.7        	10.3.22                	Fast, reliable, scalable, and easy to use open-source rel...
.......

# mariadb 인스톨 (debug 모드)
ps0107@k8smaster1:~$ helm --debug install stable/mariadb --set master.persistence.enabled=false --set slave.persistence.enabled=false|tee helm.out
[debug] Created tunnel using local port: '34569'

[debug] SERVER: "127.0.0.1:34569"

[debug] Original chart version: ""
[debug] Fetched stable/mariadb to /home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz

[debug] CHART PATH: /home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz

NAME:   right-termite  # <-- 기억해두기
REVISION: 1
RELEASED: Sat Feb  8 15:47:33 2020
CHART: mariadb-7.3.7
USER-SUPPLIED VALUES:
master:
  persistence:
    enabled: false
slave:
  persistence:
    enabled: false

COMPUTED VALUES:
db:
  forcePassword: false
  injectSecretsAsVolume: false
  name: my_database
  password: ""
  user: ""
image:
  debug: false
  pullPolicy: IfNotPresent
  registry: docker.io
  repository: bitnami/mariadb
  tag: 10.3.22-debian-10-r0
master:
  affinity: {}
  antiAffinity: soft
  config: |-
    [mysqld]
    skip-name-resolve
    explicit_defaults_for_timestamp
    basedir=/opt/bitnami/mariadb
    plugin_dir=/opt/bitnami/mariadb/plugin
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    tmpdir=/opt/bitnami/mariadb/tmp
    max_allowed_packet=16M
    bind-address=0.0.0.0
    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
    log-error=/opt/bitnami/mariadb/logs/mysqld.log
    character-set-server=UTF8
    collation-server=utf8_general_ci

    [client]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    default-character-set=UTF8
    plugin_dir=/opt/bitnami/mariadb/plugin

    [manager]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
  extraInitContainers: ""
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 120
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  nodeSelector: {}
  persistence:
    accessModes:
    - ReadWriteOnce
    annotations: {}
    enabled: false
    mountPath: /bitnami/mariadb
    size: 8Gi
  podDisruptionBudget:
    enabled: false
    minAvailable: 1
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 30
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  resources: {}
  service:
    annotations: {}
  tolerations: []
  updateStrategy:
    type: RollingUpdate
metrics:
  annotations:
    prometheus.io/port: "9104"
    prometheus.io/scrape: "true"
  enabled: false
  extraArgs:
    master: []
    slave: []
  image:
    pullPolicy: IfNotPresent
    registry: docker.io
    repository: bitnami/mysqld-exporter
    tag: 0.12.1-debian-10-r4
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 120
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 30
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  resources: {}
  serviceMonitor:
    enabled: false
    selector:
      prometheus: kube-prometheus
rbac:
  create: false
replication:
  enabled: true
  forcePassword: false
  injectSecretsAsVolume: false
  password: ""
  user: replicator
rootUser:
  forcePassword: false
  injectSecretsAsVolume: false
  password: ""
securityContext:
  enabled: true
  fsGroup: 1001
  runAsUser: 1001
service:
  port: 3306
  type: ClusterIP
serviceAccount:
  create: false
slave:
  affinity: {}
  antiAffinity: soft
  config: |-
    [mysqld]
    skip-name-resolve
    explicit_defaults_for_timestamp
    basedir=/opt/bitnami/mariadb
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    tmpdir=/opt/bitnami/mariadb/tmp
    max_allowed_packet=16M
    bind-address=0.0.0.0
    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
    log-error=/opt/bitnami/mariadb/logs/mysqld.log
    character-set-server=UTF8
    collation-server=utf8_general_ci

    [client]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    default-character-set=UTF8

    [manager]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
  extraInitContainers: ""
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 120
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  nodeSelector: {}
  persistence:
    accessModes:
    - ReadWriteOnce
    annotations: null
    enabled: false
    size: 8Gi
  podDisruptionBudget:
    enabled: false
    minAvailable: 1
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 45
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  replicas: 1
  resources: {}
  service:
    annotations: {}
  tolerations: []
  updateStrategy:
    type: RollingUpdate
tests:
  enabled: true
  testFramework:
    image:
      registry: docker.io
      repository: dduportal/bats
      tag: 0.4.0
volumePermissions:
  enabled: false
  image:
    pullPolicy: Always
    registry: docker.io
    repository: bitnami/minideb
    tag: stretch
  resources: {}

HOOKS:
---
# right-termite-mariadb-test-3tk9w
apiVersion: v1
kind: Pod
metadata:
  name: "right-termite-mariadb-test-3tk9w"
  annotations:
    "helm.sh/hook": test-success
spec:
  initContainers:
    - name: "test-framework"
      image: docker.io/dduportal/bats:0.4.0
      command:
        - "bash"
        - "-c"
        - |
          set -ex
          # copy bats to tools dir
          cp -R /usr/local/libexec/ /tools/bats/
      volumeMounts:
      - mountPath: /tools
        name: tools
  containers:
    - name: mariadb-test
      image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
      imagePullPolicy: "IfNotPresent"
      command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
      env:
        - name: MARIADB_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: right-termite-mariadb
              key: mariadb-root-password
      volumeMounts:
      - mountPath: /tests
        name: tests
        readOnly: true
      - mountPath: /tools
        name: tools
  volumes:
  - name: tests
    configMap:
      name: right-termite-mariadb-tests
  - name: tools
    emptyDir: {}
  restartPolicy: Never
MANIFEST:

---
# Source: mariadb/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: right-termite-mariadb
  labels:
    app: "mariadb"
    chart: "mariadb-7.3.7"
    release: "right-termite"
    heritage: "Tiller"
type: Opaque
data:
  mariadb-root-password: "eDJTd01NWm93OA=="

  mariadb-replication-password: "Qm50UEp0elI3dw=="
---
# Source: mariadb/templates/master-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: right-termite-mariadb-master
  labels:
    app: "mariadb"
    component: "master"
    chart: "mariadb-7.3.7"
    release: "right-termite"
    heritage: "Tiller"
data:
  my.cnf: |-
    [mysqld]
    skip-name-resolve
    explicit_defaults_for_timestamp
    basedir=/opt/bitnami/mariadb
    plugin_dir=/opt/bitnami/mariadb/plugin
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    tmpdir=/opt/bitnami/mariadb/tmp
    max_allowed_packet=16M
    bind-address=0.0.0.0
    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
    log-error=/opt/bitnami/mariadb/logs/mysqld.log
    character-set-server=UTF8
    collation-server=utf8_general_ci

    [client]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    default-character-set=UTF8
    plugin_dir=/opt/bitnami/mariadb/plugin

    [manager]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
---
# Source: mariadb/templates/slave-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: right-termite-mariadb-slave
  labels:
    app: "mariadb"
    component: "slave"
    chart: "mariadb-7.3.7"
    release: "right-termite"
    heritage: "Tiller"
data:
  my.cnf: |-
    [mysqld]
    skip-name-resolve
    explicit_defaults_for_timestamp
    basedir=/opt/bitnami/mariadb
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    tmpdir=/opt/bitnami/mariadb/tmp
    max_allowed_packet=16M
    bind-address=0.0.0.0
    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
    log-error=/opt/bitnami/mariadb/logs/mysqld.log
    character-set-server=UTF8
    collation-server=utf8_general_ci

    [client]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    default-character-set=UTF8

    [manager]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
---
# Source: mariadb/templates/tests.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: right-termite-mariadb-tests
data:
  run.sh: |-
    @test "Testing MariaDB is accessible" {
      mysql -h right-termite-mariadb -uroot -p$MARIADB_ROOT_PASSWORD -e 'show databases;'
    }
---
# Source: mariadb/templates/master-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: right-termite-mariadb
  labels:
    app: "mariadb"
    component: "master"
    chart: "mariadb-7.3.7"
    release: "right-termite"
    heritage: "Tiller"
spec:
  type: ClusterIP
  ports:
  - name: mysql
    port: 3306
    targetPort: mysql
  selector:
    app: "mariadb"
    component: "master"
    release: "right-termite"
---
# Source: mariadb/templates/slave-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: right-termite-mariadb-slave
  labels:
    app: "mariadb"
    chart: "mariadb-7.3.7"
    component: "slave"
    release: "right-termite"
    heritage: "Tiller"
spec:
  type: ClusterIP
  ports:
  - name: mysql
    port: 3306
    targetPort: mysql
  selector:
    app: "mariadb"
    component: "slave"
    release: "right-termite"
---
# Source: mariadb/templates/master-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: right-termite-mariadb-master
  labels:
    app: mariadb
    chart: mariadb-7.3.7
    release: right-termite
    heritage: Tiller
    component: master
spec:
  selector:
    matchLabels:
      app: mariadb
      release: right-termite
      component: master
  serviceName: right-termite-mariadb-master
  replicas: 1
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: mariadb
        chart: mariadb-7.3.7
        release: right-termite
        component: master
    spec:
      serviceAccountName: default
      securityContext:
        fsGroup: 1001
        runAsUser: 1001
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              podAffinityTerm:
                topologyKey: kubernetes.io/hostname
                labelSelector:
                  matchLabels:
                    app: mariadb
                    release: right-termite
      initContainers:
      containers:
        - name: "mariadb"
          image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
          imagePullPolicy: "IfNotPresent"
          env:
            - name: MARIADB_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: right-termite-mariadb
                  key: mariadb-root-password
            - name: MARIADB_DATABASE
              value: "my_database"
            - name: MARIADB_REPLICATION_MODE
              value: "master"
            - name: MARIADB_REPLICATION_USER
              value: "replicator"
            - name: MARIADB_REPLICATION_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: right-termite-mariadb
                  key: mariadb-replication-password
          ports:
            - name: mysql
              containerPort: 3306
          livenessProbe:
            exec:
              command:
                - sh
                - -c
                - |
                  password_aux="${MARIADB_ROOT_PASSWORD:-}"
                  if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then
                      password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE)
                  fi
                  mysqladmin status -uroot -p$password_aux
            initialDelaySeconds: 120
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          readinessProbe:
            exec:
              command:
                - sh
                - -c
                - |
                  password_aux="${MARIADB_ROOT_PASSWORD:-}"
                  if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then
                      password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE)
                  fi
                  mysqladmin status -uroot -p$password_aux
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          volumeMounts:
            - name: data
              mountPath: /bitnami/mariadb
            - name: config
              mountPath: /opt/bitnami/mariadb/conf/my.cnf
              subPath: my.cnf
      volumes:
        - name: config
          configMap:
            name: right-termite-mariadb-master
        - name: data
          emptyDir: {}
---
# Source: mariadb/templates/slave-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: right-termite-mariadb-slave
  labels:
    app: mariadb
    chart: mariadb-7.3.7
    release: right-termite
    heritage: Tiller
    component: slave
spec:
  selector:
    matchLabels:
      app: mariadb
      release: right-termite
      component: slave
  serviceName: right-termite-mariadb-slave
  replicas: 1
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: mariadb
        chart: mariadb-7.3.7
        release: right-termite
        component: slave
    spec:
      serviceAccountName: default
      securityContext:
        fsGroup: 1001
        runAsUser: 1001
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              podAffinityTerm:
                topologyKey: kubernetes.io/hostname
                labelSelector:
                  matchLabels:
                    app: mariadb
                    release: right-termite
      initContainers:
      containers:
        - name: "mariadb"
          image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
          imagePullPolicy: "IfNotPresent"
          env:
            - name: MARIADB_REPLICATION_MODE
              value: "slave"
            - name: MARIADB_MASTER_HOST
              value: right-termite-mariadb
            - name: MARIADB_MASTER_PORT_NUMBER
              value: "3306"
            - name: MARIADB_MASTER_ROOT_USER
              value: "root"
            - name: MARIADB_MASTER_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: right-termite-mariadb
                  key: mariadb-root-password
            - name: MARIADB_REPLICATION_USER
              value: "replicator"
            - name: MARIADB_REPLICATION_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: right-termite-mariadb
                  key: mariadb-replication-password
          ports:
            - name: mysql
              containerPort: 3306
          livenessProbe:
            exec:
              command:
                - sh
                - -c
                - |
                  password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
                  if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then
                      password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE)
                  fi
                  mysqladmin status -uroot -p$password_aux
            initialDelaySeconds: 120
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          readinessProbe:
            exec:
              command:
                - sh
                - -c
                - |
                  password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
                  if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then
                      password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE)
                  fi
                  mysqladmin status -uroot -p$password_aux
            initialDelaySeconds: 45
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          volumeMounts:
            - name: data
              mountPath: /bitnami/mariadb
            - name: config
              mountPath: /opt/bitnami/mariadb/conf/my.cnf
              subPath: my.cnf
      volumes:
        - name: config
          configMap:
            name: right-termite-mariadb-slave
        - name: "data"
          emptyDir: {}
LAST DEPLOYED: Sat Feb  8 15:47:33 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME                          AGE
right-termite-mariadb-master  0s
right-termite-mariadb-slave   0s
right-termite-mariadb-tests   0s

==> v1/Pod(related)
NAME                            AGE
right-termite-mariadb-master-0  0s
right-termite-mariadb-slave-0   0s

==> v1/Secret
NAME                   AGE
right-termite-mariadb  0s

==> v1/Service
NAME                         AGE
right-termite-mariadb        0s
right-termite-mariadb-slave  0s

==> v1/StatefulSet
NAME                          AGE
right-termite-mariadb-master  0s
right-termite-mariadb-slave   0s


NOTES:

Please be patient while the chart is being deployed

Tip:

  Watch the deployment status using the command: kubectl get pods -w --namespace default -l release=right-termite

Services:

  echo Master: right-termite-mariadb.default.svc.cluster.local:3306
  echo Slave:  right-termite-mariadb-slave.default.svc.cluster.local:3306

Administrator credentials:

  Username: root
  Password : $(kubectl get secret --namespace default right-termite-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)

To connect to your database:

  1. Run a pod that you can use as a client:

      kubectl run right-termite-mariadb-client --rm --tty -i --restart='Never' --image  docker.io/bitnami/mariadb:10.3.22-debian-10-r0 --namespace default --command -- bash

  2. To connect to master service (read/write):

      mysql -h right-termite-mariadb.default.svc.cluster.local -uroot -p my_database

  3. To connect to slave service (read-only):

      mysql -h right-termite-mariadb-slave.default.svc.cluster.local -uroot -p my_database

To upgrade this helm chart:

  1. Obtain the password as described on the 'Administrator credentials' section and set the 'rootUser.password' parameter as shown below:

      ROOT_PASSWORD=$(kubectl get secret --namespace default right-termite-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
      helm upgrade right-termite stable/mariadb --set rootUser.password=$ROOT_PASSWORD

 

- maria db 패스워드 알아내서 mariadb client 설치하여 확인해보기

# maria db 패스워드
ps0107@k8smaster1:~$ kubectl get secret -n default  right-termite-mariadb  -o jsonpath="{.data.mariadb-root-password}"  | base64 --decode
x2SwMMZow8

# 자! 이제 mariadb client를 깔고 확인해보자. ubuntu 이미지를 하나 설치 하여 mariadb client 설치한다.
ps0107@k8smaster1:~$ kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
If you do not see a command prompt, try pressing enter.
root@ubuntu:/# apt-get update; apt-get install -y mariadb-client
root@ubuntu:/# mysql -h right-termite-mariadb -p
Enter password:x2SwMMZow8
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 132
Server version: 10.3.22-MariaDB-log Source distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| my_database        |
| mysql              |
| performance_schema |
| test               |
+--------------------+
5 rows in set (0.00 sec)

MariaDB [(none)]>
MariaDB [(none)]> quit
Bye
root@ubuntu:/# exit
logout

 

- helm 설치 한거 삭제해보자

# helm list
ps0107@k8smaster1:~$ helm list -a
NAME         	REVISION	UPDATED                 	STATUS  	CHART        	APP VERSION	NAMESPACE
right-termite	1       	Sat Feb  8 15:47:33 2020	DEPLOYED	mariadb-7.3.7	10.3.22    	default

# 생성한 helm 삭제
ps0107@k8smaster1:~$ helm delete right-termite
release "right-termite" deleted

# 삭제 확인
ps0107@k8smaster1:~$ helm list

 

- 이번엔 지워진 mariadb를 다운로드된 chart를 이용하여 패스워드를 수정하고 다시 설치해보자.

# 이번엔 지워진 mariadb를 다운로드된 chart를 이용하여 패스워드를 수정하고 다시 설치해보자.
# 다운로드 된 chart를 찾는다.
ps0107@k8smaster1:~$ find ~ -name *mariadb*
/home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz

ps0107@k8smaster1:~$ cd /home/ps0107/.helm/cache/archive/

ps0107@k8smaster1:~/.helm/cache/archive$ tar -xvf mariadb-7.3.7.tgz
mariadb/Chart.yaml
mariadb/values.yaml
mariadb/templates/NOTES.txt
mariadb/templates/_helpers.tpl
mariadb/templates/initialization-configmap.yaml
mariadb/templates/master-configmap.yaml
mariadb/templates/master-pdb.yaml
mariadb/templates/master-statefulset.yaml
mariadb/templates/master-svc.yaml
mariadb/templates/role.yaml
mariadb/templates/rolebinding.yaml
mariadb/templates/secrets.yaml
mariadb/templates/serviceaccount.yaml
mariadb/templates/servicemonitor.yaml
mariadb/templates/slave-configmap.yaml
mariadb/templates/slave-pdb.yaml
mariadb/templates/slave-statefulset.yaml
mariadb/templates/slave-svc.yaml
mariadb/templates/test-runner.yaml
mariadb/templates/tests.yaml
mariadb/.helmignore
mariadb/OWNERS
mariadb/README.md
mariadb/files/docker-entrypoint-initdb.d/README.md
mariadb/values-production.yaml
mariadb/values.schema.json

ps0107@k8smaster1:~/.helm/cache/archive$ cp mariadb/values.yaml ~/custom.yaml ; cd

ps0107@k8smaster1:~$ vi custom.yaml
	rootUser:
	  ## MariaDB admin password
	  ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run
	  ##
	  password: qwe123.  # <- 수정


	  persistence:
	    ## If true, use a Persistent Volume Claim, If false, use emptyDir
	    ##
	    enabled: false. #<- 수정

# 수정된 chart로 mariadb 인스톨
ps0107@k8smaster1:~$ helm install -f custom.yaml stable/mariadb
NAME:   snug-aardvark
LAST DEPLOYED: Sat Feb  8 16:21:53 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME                          AGE
snug-aardvark-mariadb-master  1s
snug-aardvark-mariadb-slave   1s
snug-aardvark-mariadb-tests   1s

==> v1/Pod(related)
NAME                            AGE
snug-aardvark-mariadb-master-0  1s
snug-aardvark-mariadb-slave-0   1s

==> v1/Secret
NAME                   AGE
snug-aardvark-mariadb  1s

==> v1/Service
NAME                         AGE
snug-aardvark-mariadb        1s
snug-aardvark-mariadb-slave  1s

==> v1/StatefulSet
NAME                          AGE
snug-aardvark-mariadb-master  1s
snug-aardvark-mariadb-slave   1s


NOTES:

Please be patient while the chart is being deployed

Tip:

  Watch the deployment status using the command: kubectl get pods -w --namespace default -l release=snug-aardvark

Services:

  echo Master: snug-aardvark-mariadb.default.svc.cluster.local:3306
  echo Slave:  snug-aardvark-mariadb-slave.default.svc.cluster.local:3306

Administrator credentials:

  Username: root
  Password : $(kubectl get secret --namespace default snug-aardvark-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)

To connect to your database:

  1. Run a pod that you can use as a client:

      kubectl run snug-aardvark-mariadb-client --rm --tty -i --restart='Never' --image  docker.io/bitnami/mariadb:10.3.22-debian-10-r0 --namespace default --command -- bash

  2. To connect to master service (read/write):

      mysql -h snug-aardvark-mariadb.default.svc.cluster.local -uroot -p my_database

  3. To connect to slave service (read-only):

      mysql -h snug-aardvark-mariadb-slave.default.svc.cluster.local -uroot -p my_database

To upgrade this helm chart:

  1. Obtain the password as described on the 'Administrator credentials' section and set the 'rootUser.password' parameter as shown below:

      ROOT_PASSWORD=$(kubectl get secret --namespace default snug-aardvark-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
      helm upgrade snug-aardvark stable/mariadb --set rootUser.password=$ROOT_PASSWORD

 

- 설치가 잘되었다면, mariadb client를 사용하여 접속해보자. 이번엔 수정한 패스워드로 접속이 잘되어야 한다.

# mariadb client를 생성하여 다시 접속해보자. 수정한 password로 잘 접속이 되어야 한다.
ps0107@k8smaster1:~$ kubectl run -i --tty ubuntu2 --image=ubuntu:16.04 --restart=Never -- bash -il
root@ubuntu2:/# apt-get update; apt-get install -y mariadb-client
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
.....
root@ubuntu2:/# mysql -h snug-aardvark-mariadb -uroot -p
Enter password:qwe123
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 38
Server version: 10.3.22-MariaDB-log Source distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| my_database        |
| mysql              |
| performance_schema |
| test               |
+--------------------+
5 rows in set (0.00 sec)

MariaDB [(none)]> exit
Bye
root@ubuntu2:/# exit
logout

# 다른 repo 등록과 search 해보기

# 다른 repository 를 추가하고 이용할 수 있는 Charts를 볼수 있다.
ps0107@k8smaster1:~$ helm repo add common  http://storage.googleapis.com/kubernetes-charts
"common" has been added to your repositories

# helm repo list 확인
ps0107@k8smaster1:~$ helm repo list
NAME  	URL
stable	https://kubernetes-charts.storage.googleapis.com
local 	http://127.0.0.1:8879/charts
common	http://storage.googleapis.com/kubernetes-charts

# helm search를 통한 확인
ps0107@k8smaster1:~$ helm search
NAME                                 	CHART VERSION	APP VERSION            	DESCRIPTION
common/acs-engine-autoscaler         	2.2.2        	2.1.1                  	DEPRECATED Scales worker nodes within agent pools
common/aerospike                     	0.3.2        	v4.5.0.5               	A Helm chart for Aerospike in Kubernetes
common/airflow                       	6.0.0        	1.10.4                 	Airflow is a platform to programmatically author, schedul...
common/ambassador                    	5.3.1        	0.86.1                 	A Helm chart for Datawire Ambassador
common/anchore-engine                	1.4.2        	0.6.1                  	Anchore container analysis and policy evaluation engine s...
common/apm-server                    	2.1.5        	7.0.0                  	The server receives data from the Elastic APM agents and ...
.......