# helm
1. 복잡한 어플리케이션들을 배포할때 사용하며, yum 이나 apt와 비슷하게 쿠버네티스 안의 package manager 역할을 한다.
2. chart template을 통해서 kubenetes application 을 패키징한다.
3. helm은 chart의 install을 요청하는 client 이다.
4. chart에 따라서 Tiller(서버) 가 cluster resource들을 생성한다.
# helm과 Tiller
helm은 로컬에 설치한 client를 말하고 Tiller는 쿠버네티스 클러스터 안에서 실행 중인 서버이다.
# Helm 과 Charts
helm 을 사용하면 복잡한 구성을 쉽게 구현할 수 있다. multi-part 애플리케이션을 한 번에 deployment 할 수 있다. Chart 또는 템플릿 파일을 사용하면 필요한 구성 요소와 해당 관계가 선언된다. tiller와 같은 로컬 에이전트는 API를 사용하여 사용자를 대신하여 object를 생성한다. 효과적으로 오케스트레이션할 수 있다. 이번 실습에서는 helm을 설치하고 클러스터에서 Maria DB를 구성하는 chart를 배포해 보도록 한다.
# Helm install
# -------------------------------------------------------
# helm setup
# -------------------------------------------------------
# helm install
ps0107@k8smaster1:~$ curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 7164 100 7164 0 0 18119 0 --:--:-- --:--:-- --:--:-- 18136
Downloading https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz
Preparing to install helm and tiller into /usr/local/bin
helm installed into /usr/local/bin/helm
tiller installed into /usr/local/bin/tiller
Run 'helm init' to configure helm.
# 새로운 RBAC 구성으로 인해 helm은 이 버전의 kubernetes에서 default namespace 에서 실행할 수 없습니다. initalization 중에 새로운 namespace를 생성하고 선언할 수 있습니다. 다른 RBAC 이슈는 그때도 발생할 수 있습니다. 이번 실습에서는 tiller를 위한 service account를 생성하고 클러스터에 대한 관리 기능을 제공합니다.
ps0107@k8smaster1:~$ kubectl create serviceaccount --namespace kube-system tiller
serviceaccount/tiller created
# kube-system namespace안에 cluster-admin 이라는 이름으로 admin role으로 serviceaccount를 바인드한다.
ps0107@k8smaster1:~$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created
# helm init
ps0107@k8smaster1:~$ helm init --service-account tiller
Creating /home/ps0107/.helm
Creating /home/ps0107/.helm/repository
Creating /home/ps0107/.helm/repository/cache
Creating /home/ps0107/.helm/repository/local
Creating /home/ps0107/.helm/plugins
Creating /home/ps0107/.helm/starters
Creating /home/ps0107/.helm/cache/archive
Creating /home/ps0107/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /home/ps0107/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
# 생성된 pod 확인
ps0107@k8smaster1:~$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-node-wvxxm 2/2 Running 0 11d
kube-system calico-node-zxkxk 2/2 Running 2 11d
kube-system coredns-5c98db65d4-97gng 1/1 Running 0 11d
kube-system coredns-5c98db65d4-fvz2k 1/1 Running 0 11d
kube-system etcd-k8smaster1 1/1 Running 0 11d
kube-system kube-apiserver-k8smaster1 1/1 Running 0 11d
kube-system kube-controller-manager-k8smaster1 1/1 Running 0 11d
kube-system kube-proxy-t62q4 1/1 Running 0 11d
kube-system kube-proxy-tnmtr 1/1 Running 1 11d
kube-system kube-scheduler-k8smaster1 1/1 Running 0 11d
kube-system metrics-server-86cd7c944f-99qsx 1/1 Running 0 3d7h
kube-system tiller-deploy-54f7455d59-kfq5d 0/1 Running 0 9s
kube-system traefik-ingress-controller-8884w 1/1 Running 0 3d13h
kube-system traefik-ingress-controller-jdvck 1/1 Running 0 4d6h
kubernetes-dashboard dashboard-metrics-scraper-fb986f88d-wrsv9 1/1 Running 0 2d13h
kubernetes-dashboard kubernetes-dashboard-6bb65fcc49-wvw2z 1/1 Running 0 2d13h
# tiller 로그 확인
ps0107@k8smaster1:~$ kubectl -n kube-system logs tiller-deploy-54f7455d59-kfq5d
[main] 2020/02/08 15:17:07 Starting Tiller v2.16.1 (tls=false)
[main] 2020/02/08 15:17:07 GRPC listening on :44134
[main] 2020/02/08 15:17:07 Probes listening on :44135
[main] 2020/02/08 15:17:07 Storage driver is ConfigMap
[main] 2020/02/08 15:17:07 Max history per release is 0
# helm 도움말
ps0107@k8smaster1:~$ helm help
The Kubernetes package manager
To begin working with Helm, run the 'helm init' command:
$ helm init
This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.
Common actions from this point include:
- helm search: Search for charts
- helm fetch: Download a chart to your local directory to view
- helm install: Upload the chart to Kubernetes
- helm list: List releases of charts
Environment:
- $HELM_HOME: Set an alternative location for Helm files. By default, these are stored in ~/.helm
- $HELM_HOST: Set an alternative Tiller host. The format is host:port
- $HELM_NO_PLUGINS: Disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
- $TILLER_NAMESPACE: Set an alternative Tiller namespace (default "kube-system")
- $KUBECONFIG: Set an alternative Kubernetes configuration file (default "~/.kube/config")
- $HELM_TLS_CA_CERT: Path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
- $HELM_TLS_CERT: Path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
- $HELM_TLS_KEY: Path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
- $HELM_TLS_ENABLE: Enable TLS connection between Helm and Tiller (default "false")
- $HELM_TLS_VERIFY: Enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
- $HELM_TLS_HOSTNAME: The hostname or IP address used to verify the Tiller server certificate (default "127.0.0.1")
- $HELM_KEY_PASSPHRASE: Set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for the passphrase while signing helm charts
Usage:
helm [command]
Available Commands:
completion Generate autocompletions script for the specified shell (bash or zsh)
create Create a new chart with the given name
delete Given a release name, delete the release from Kubernetes
dependency Manage a chart is dependencies
fetch Download a chart from a repository and (optionally) unpack it in local directory
get Download a named release
help Help about any command
history Fetch release history
home Displays the location of HELM_HOME
init Initialize Helm on both client and server
inspect Inspect a chart
install Install a chart archive
lint Examines a chart for possible issues
list List releases
package Package a chart directory into a chart archive
plugin Add, list, or remove Helm plugins
repo Add, list, remove, update, and index chart repositories
reset Uninstalls Tiller from a cluster
rollback Rollback a release to a previous revision
search Search for a keyword in charts
serve Start a local http web server
status Displays the status of the named release
template Locally render templates
test Test a release
upgrade Upgrade a release
verify Verify that a chart at the given path has been signed and is valid
version Print the client/server version information
Flags:
--debug Enable verbose output
-h, --help help for helm
--home string Location of your Helm config. Overrides $HELM_HOME (default "/home/ps0107/.helm")
--host string Address of Tiller. Overrides $HELM_HOST
--kube-context string Name of the kubeconfig context to use
--kubeconfig string Absolute path of the kubeconfig file to be used
--tiller-connection-timeout int The duration (in seconds) Helm will wait to establish a connection to Tiller (default 300)
--tiller-namespace string Namespace of Tiller (default "kube-system")
Use "helm [command] --help" for more information about a command.
# helm home
ps0107@k8smaster1:~$ helm home
/home/ps0107/.helm
# helm homedirectory 확인
ps0107@k8smaster1:~$ ls -R /home/ps0107/.helm
/home/ps0107/.helm:
cache plugins repository starters
/home/ps0107/.helm/cache:
archive
/home/ps0107/.helm/cache/archive:
/home/ps0107/.helm/plugins:
/home/ps0107/.helm/repository:
cache local repositories.yaml
/home/ps0107/.helm/repository/cache:
local-index.yaml stable-index.yaml
/home/ps0107/.helm/repository/local:
index.yaml
/home/ps0107/.helm/starters:
# helm 버전 확인
ps0107@k8smaster1:~$ helm version
Client: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}
# helm을 이용한 mariadb 배포
- mariadb 디버그 모드로 인스톨 해본다.
# -------------------------------------------------
# helm을 이용한 mariadb 배포
# ---------------------------------------------------
# helm search 를 통해 리스트를 확인해 볼수 있다. database에 대한 리스트가 많이 나오는군요...
ps0107@k8smaster1:~$ helm search database
NAME CHART VERSION APP VERSION DESCRIPTION
stable/cockroachdb 3.0.4 19.2.3 CockroachDB is a scalable, survivable, strongly-consisten...
stable/couchdb 2.3.0 2.3.1 DEPRECATED A database featuring seamless multi-master syn...
stable/dokuwiki 6.0.6 0.20180422.201901061035 DokuWiki is a standards-compliant, simple to use wiki opt...
stable/ignite 1.0.1 2.7.6 Apache Ignite is an open-source distributed database, cac...
stable/janusgraph 0.2.1 1.0 Open source, scalable graph database.
stable/kubedb 0.1.3 0.8.0-beta.2 DEPRECATED KubeDB by AppsCode - Making running production...
stable/mariadb 7.3.7 10.3.22 Fast, reliable, scalable, and easy to use open-source rel...
.......
# mariadb 인스톨 (debug 모드)
ps0107@k8smaster1:~$ helm --debug install stable/mariadb --set master.persistence.enabled=false --set slave.persistence.enabled=false|tee helm.out
[debug] Created tunnel using local port: '34569'
[debug] SERVER: "127.0.0.1:34569"
[debug] Original chart version: ""
[debug] Fetched stable/mariadb to /home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz
[debug] CHART PATH: /home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz
NAME: right-termite # <-- 기억해두기
REVISION: 1
RELEASED: Sat Feb 8 15:47:33 2020
CHART: mariadb-7.3.7
USER-SUPPLIED VALUES:
master:
persistence:
enabled: false
slave:
persistence:
enabled: false
COMPUTED VALUES:
db:
forcePassword: false
injectSecretsAsVolume: false
name: my_database
password: ""
user: ""
image:
debug: false
pullPolicy: IfNotPresent
registry: docker.io
repository: bitnami/mariadb
tag: 10.3.22-debian-10-r0
master:
affinity: {}
antiAffinity: soft
config: |-
[mysqld]
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
plugin_dir=/opt/bitnami/mariadb/plugin
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
tmpdir=/opt/bitnami/mariadb/tmp
max_allowed_packet=16M
bind-address=0.0.0.0
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
log-error=/opt/bitnami/mariadb/logs/mysqld.log
character-set-server=UTF8
collation-server=utf8_general_ci
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
default-character-set=UTF8
plugin_dir=/opt/bitnami/mariadb/plugin
[manager]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
extraInitContainers: ""
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
nodeSelector: {}
persistence:
accessModes:
- ReadWriteOnce
annotations: {}
enabled: false
mountPath: /bitnami/mariadb
size: 8Gi
podDisruptionBudget:
enabled: false
minAvailable: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
service:
annotations: {}
tolerations: []
updateStrategy:
type: RollingUpdate
metrics:
annotations:
prometheus.io/port: "9104"
prometheus.io/scrape: "true"
enabled: false
extraArgs:
master: []
slave: []
image:
pullPolicy: IfNotPresent
registry: docker.io
repository: bitnami/mysqld-exporter
tag: 0.12.1-debian-10-r4
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
serviceMonitor:
enabled: false
selector:
prometheus: kube-prometheus
rbac:
create: false
replication:
enabled: true
forcePassword: false
injectSecretsAsVolume: false
password: ""
user: replicator
rootUser:
forcePassword: false
injectSecretsAsVolume: false
password: ""
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
service:
port: 3306
type: ClusterIP
serviceAccount:
create: false
slave:
affinity: {}
antiAffinity: soft
config: |-
[mysqld]
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
tmpdir=/opt/bitnami/mariadb/tmp
max_allowed_packet=16M
bind-address=0.0.0.0
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
log-error=/opt/bitnami/mariadb/logs/mysqld.log
character-set-server=UTF8
collation-server=utf8_general_ci
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
default-character-set=UTF8
[manager]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
extraInitContainers: ""
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
nodeSelector: {}
persistence:
accessModes:
- ReadWriteOnce
annotations: null
enabled: false
size: 8Gi
podDisruptionBudget:
enabled: false
minAvailable: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 45
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
replicas: 1
resources: {}
service:
annotations: {}
tolerations: []
updateStrategy:
type: RollingUpdate
tests:
enabled: true
testFramework:
image:
registry: docker.io
repository: dduportal/bats
tag: 0.4.0
volumePermissions:
enabled: false
image:
pullPolicy: Always
registry: docker.io
repository: bitnami/minideb
tag: stretch
resources: {}
HOOKS:
---
# right-termite-mariadb-test-3tk9w
apiVersion: v1
kind: Pod
metadata:
name: "right-termite-mariadb-test-3tk9w"
annotations:
"helm.sh/hook": test-success
spec:
initContainers:
- name: "test-framework"
image: docker.io/dduportal/bats:0.4.0
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
containers:
- name: mariadb-test
image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
imagePullPolicy: "IfNotPresent"
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
env:
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: right-termite-mariadb
key: mariadb-root-password
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
volumes:
- name: tests
configMap:
name: right-termite-mariadb-tests
- name: tools
emptyDir: {}
restartPolicy: Never
MANIFEST:
---
# Source: mariadb/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: right-termite-mariadb
labels:
app: "mariadb"
chart: "mariadb-7.3.7"
release: "right-termite"
heritage: "Tiller"
type: Opaque
data:
mariadb-root-password: "eDJTd01NWm93OA=="
mariadb-replication-password: "Qm50UEp0elI3dw=="
---
# Source: mariadb/templates/master-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: right-termite-mariadb-master
labels:
app: "mariadb"
component: "master"
chart: "mariadb-7.3.7"
release: "right-termite"
heritage: "Tiller"
data:
my.cnf: |-
[mysqld]
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
plugin_dir=/opt/bitnami/mariadb/plugin
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
tmpdir=/opt/bitnami/mariadb/tmp
max_allowed_packet=16M
bind-address=0.0.0.0
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
log-error=/opt/bitnami/mariadb/logs/mysqld.log
character-set-server=UTF8
collation-server=utf8_general_ci
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
default-character-set=UTF8
plugin_dir=/opt/bitnami/mariadb/plugin
[manager]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
---
# Source: mariadb/templates/slave-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: right-termite-mariadb-slave
labels:
app: "mariadb"
component: "slave"
chart: "mariadb-7.3.7"
release: "right-termite"
heritage: "Tiller"
data:
my.cnf: |-
[mysqld]
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
tmpdir=/opt/bitnami/mariadb/tmp
max_allowed_packet=16M
bind-address=0.0.0.0
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
log-error=/opt/bitnami/mariadb/logs/mysqld.log
character-set-server=UTF8
collation-server=utf8_general_ci
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
default-character-set=UTF8
[manager]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
---
# Source: mariadb/templates/tests.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: right-termite-mariadb-tests
data:
run.sh: |-
@test "Testing MariaDB is accessible" {
mysql -h right-termite-mariadb -uroot -p$MARIADB_ROOT_PASSWORD -e 'show databases;'
}
---
# Source: mariadb/templates/master-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: right-termite-mariadb
labels:
app: "mariadb"
component: "master"
chart: "mariadb-7.3.7"
release: "right-termite"
heritage: "Tiller"
spec:
type: ClusterIP
ports:
- name: mysql
port: 3306
targetPort: mysql
selector:
app: "mariadb"
component: "master"
release: "right-termite"
---
# Source: mariadb/templates/slave-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: right-termite-mariadb-slave
labels:
app: "mariadb"
chart: "mariadb-7.3.7"
component: "slave"
release: "right-termite"
heritage: "Tiller"
spec:
type: ClusterIP
ports:
- name: mysql
port: 3306
targetPort: mysql
selector:
app: "mariadb"
component: "slave"
release: "right-termite"
---
# Source: mariadb/templates/master-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: right-termite-mariadb-master
labels:
app: mariadb
chart: mariadb-7.3.7
release: right-termite
heritage: Tiller
component: master
spec:
selector:
matchLabels:
app: mariadb
release: right-termite
component: master
serviceName: right-termite-mariadb-master
replicas: 1
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: mariadb
chart: mariadb-7.3.7
release: right-termite
component: master
spec:
serviceAccountName: default
securityContext:
fsGroup: 1001
runAsUser: 1001
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: mariadb
release: right-termite
initContainers:
containers:
- name: "mariadb"
image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
imagePullPolicy: "IfNotPresent"
env:
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: right-termite-mariadb
key: mariadb-root-password
- name: MARIADB_DATABASE
value: "my_database"
- name: MARIADB_REPLICATION_MODE
value: "master"
- name: MARIADB_REPLICATION_USER
value: "replicator"
- name: MARIADB_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: right-termite-mariadb
key: mariadb-replication-password
ports:
- name: mysql
containerPort: 3306
livenessProbe:
exec:
command:
- sh
- -c
- |
password_aux="${MARIADB_ROOT_PASSWORD:-}"
if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then
password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE)
fi
mysqladmin status -uroot -p$password_aux
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- |
password_aux="${MARIADB_ROOT_PASSWORD:-}"
if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then
password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE)
fi
mysqladmin status -uroot -p$password_aux
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: data
mountPath: /bitnami/mariadb
- name: config
mountPath: /opt/bitnami/mariadb/conf/my.cnf
subPath: my.cnf
volumes:
- name: config
configMap:
name: right-termite-mariadb-master
- name: data
emptyDir: {}
---
# Source: mariadb/templates/slave-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: right-termite-mariadb-slave
labels:
app: mariadb
chart: mariadb-7.3.7
release: right-termite
heritage: Tiller
component: slave
spec:
selector:
matchLabels:
app: mariadb
release: right-termite
component: slave
serviceName: right-termite-mariadb-slave
replicas: 1
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: mariadb
chart: mariadb-7.3.7
release: right-termite
component: slave
spec:
serviceAccountName: default
securityContext:
fsGroup: 1001
runAsUser: 1001
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: mariadb
release: right-termite
initContainers:
containers:
- name: "mariadb"
image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
imagePullPolicy: "IfNotPresent"
env:
- name: MARIADB_REPLICATION_MODE
value: "slave"
- name: MARIADB_MASTER_HOST
value: right-termite-mariadb
- name: MARIADB_MASTER_PORT_NUMBER
value: "3306"
- name: MARIADB_MASTER_ROOT_USER
value: "root"
- name: MARIADB_MASTER_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: right-termite-mariadb
key: mariadb-root-password
- name: MARIADB_REPLICATION_USER
value: "replicator"
- name: MARIADB_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: right-termite-mariadb
key: mariadb-replication-password
ports:
- name: mysql
containerPort: 3306
livenessProbe:
exec:
command:
- sh
- -c
- |
password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then
password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE)
fi
mysqladmin status -uroot -p$password_aux
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- |
password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then
password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE)
fi
mysqladmin status -uroot -p$password_aux
initialDelaySeconds: 45
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: data
mountPath: /bitnami/mariadb
- name: config
mountPath: /opt/bitnami/mariadb/conf/my.cnf
subPath: my.cnf
volumes:
- name: config
configMap:
name: right-termite-mariadb-slave
- name: "data"
emptyDir: {}
LAST DEPLOYED: Sat Feb 8 15:47:33 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME AGE
right-termite-mariadb-master 0s
right-termite-mariadb-slave 0s
right-termite-mariadb-tests 0s
==> v1/Pod(related)
NAME AGE
right-termite-mariadb-master-0 0s
right-termite-mariadb-slave-0 0s
==> v1/Secret
NAME AGE
right-termite-mariadb 0s
==> v1/Service
NAME AGE
right-termite-mariadb 0s
right-termite-mariadb-slave 0s
==> v1/StatefulSet
NAME AGE
right-termite-mariadb-master 0s
right-termite-mariadb-slave 0s
NOTES:
Please be patient while the chart is being deployed
Tip:
Watch the deployment status using the command: kubectl get pods -w --namespace default -l release=right-termite
Services:
echo Master: right-termite-mariadb.default.svc.cluster.local:3306
echo Slave: right-termite-mariadb-slave.default.svc.cluster.local:3306
Administrator credentials:
Username: root
Password : $(kubectl get secret --namespace default right-termite-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
To connect to your database:
1. Run a pod that you can use as a client:
kubectl run right-termite-mariadb-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mariadb:10.3.22-debian-10-r0 --namespace default --command -- bash
2. To connect to master service (read/write):
mysql -h right-termite-mariadb.default.svc.cluster.local -uroot -p my_database
3. To connect to slave service (read-only):
mysql -h right-termite-mariadb-slave.default.svc.cluster.local -uroot -p my_database
To upgrade this helm chart:
1. Obtain the password as described on the 'Administrator credentials' section and set the 'rootUser.password' parameter as shown below:
ROOT_PASSWORD=$(kubectl get secret --namespace default right-termite-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
helm upgrade right-termite stable/mariadb --set rootUser.password=$ROOT_PASSWORD
- maria db 패스워드 알아내서 mariadb client 설치하여 확인해보기
# maria db 패스워드
ps0107@k8smaster1:~$ kubectl get secret -n default right-termite-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode
x2SwMMZow8
# 자! 이제 mariadb client를 깔고 확인해보자. ubuntu 이미지를 하나 설치 하여 mariadb client 설치한다.
ps0107@k8smaster1:~$ kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
If you do not see a command prompt, try pressing enter.
root@ubuntu:/# apt-get update; apt-get install -y mariadb-client
root@ubuntu:/# mysql -h right-termite-mariadb -p
Enter password:x2SwMMZow8
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 132
Server version: 10.3.22-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| my_database |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]>
MariaDB [(none)]> quit
Bye
root@ubuntu:/# exit
logout
- helm 설치 한거 삭제해보자
# helm list
ps0107@k8smaster1:~$ helm list -a
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
right-termite 1 Sat Feb 8 15:47:33 2020 DEPLOYED mariadb-7.3.7 10.3.22 default
# 생성한 helm 삭제
ps0107@k8smaster1:~$ helm delete right-termite
release "right-termite" deleted
# 삭제 확인
ps0107@k8smaster1:~$ helm list
- 이번엔 지워진 mariadb를 다운로드된 chart를 이용하여 패스워드를 수정하고 다시 설치해보자.
# 이번엔 지워진 mariadb를 다운로드된 chart를 이용하여 패스워드를 수정하고 다시 설치해보자.
# 다운로드 된 chart를 찾는다.
ps0107@k8smaster1:~$ find ~ -name *mariadb*
/home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz
ps0107@k8smaster1:~$ cd /home/ps0107/.helm/cache/archive/
ps0107@k8smaster1:~/.helm/cache/archive$ tar -xvf mariadb-7.3.7.tgz
mariadb/Chart.yaml
mariadb/values.yaml
mariadb/templates/NOTES.txt
mariadb/templates/_helpers.tpl
mariadb/templates/initialization-configmap.yaml
mariadb/templates/master-configmap.yaml
mariadb/templates/master-pdb.yaml
mariadb/templates/master-statefulset.yaml
mariadb/templates/master-svc.yaml
mariadb/templates/role.yaml
mariadb/templates/rolebinding.yaml
mariadb/templates/secrets.yaml
mariadb/templates/serviceaccount.yaml
mariadb/templates/servicemonitor.yaml
mariadb/templates/slave-configmap.yaml
mariadb/templates/slave-pdb.yaml
mariadb/templates/slave-statefulset.yaml
mariadb/templates/slave-svc.yaml
mariadb/templates/test-runner.yaml
mariadb/templates/tests.yaml
mariadb/.helmignore
mariadb/OWNERS
mariadb/README.md
mariadb/files/docker-entrypoint-initdb.d/README.md
mariadb/values-production.yaml
mariadb/values.schema.json
ps0107@k8smaster1:~/.helm/cache/archive$ cp mariadb/values.yaml ~/custom.yaml ; cd
ps0107@k8smaster1:~$ vi custom.yaml
rootUser:
## MariaDB admin password
## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run
##
password: qwe123. # <- 수정
persistence:
## If true, use a Persistent Volume Claim, If false, use emptyDir
##
enabled: false. #<- 수정
# 수정된 chart로 mariadb 인스톨
ps0107@k8smaster1:~$ helm install -f custom.yaml stable/mariadb
NAME: snug-aardvark
LAST DEPLOYED: Sat Feb 8 16:21:53 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME AGE
snug-aardvark-mariadb-master 1s
snug-aardvark-mariadb-slave 1s
snug-aardvark-mariadb-tests 1s
==> v1/Pod(related)
NAME AGE
snug-aardvark-mariadb-master-0 1s
snug-aardvark-mariadb-slave-0 1s
==> v1/Secret
NAME AGE
snug-aardvark-mariadb 1s
==> v1/Service
NAME AGE
snug-aardvark-mariadb 1s
snug-aardvark-mariadb-slave 1s
==> v1/StatefulSet
NAME AGE
snug-aardvark-mariadb-master 1s
snug-aardvark-mariadb-slave 1s
NOTES:
Please be patient while the chart is being deployed
Tip:
Watch the deployment status using the command: kubectl get pods -w --namespace default -l release=snug-aardvark
Services:
echo Master: snug-aardvark-mariadb.default.svc.cluster.local:3306
echo Slave: snug-aardvark-mariadb-slave.default.svc.cluster.local:3306
Administrator credentials:
Username: root
Password : $(kubectl get secret --namespace default snug-aardvark-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
To connect to your database:
1. Run a pod that you can use as a client:
kubectl run snug-aardvark-mariadb-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mariadb:10.3.22-debian-10-r0 --namespace default --command -- bash
2. To connect to master service (read/write):
mysql -h snug-aardvark-mariadb.default.svc.cluster.local -uroot -p my_database
3. To connect to slave service (read-only):
mysql -h snug-aardvark-mariadb-slave.default.svc.cluster.local -uroot -p my_database
To upgrade this helm chart:
1. Obtain the password as described on the 'Administrator credentials' section and set the 'rootUser.password' parameter as shown below:
ROOT_PASSWORD=$(kubectl get secret --namespace default snug-aardvark-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
helm upgrade snug-aardvark stable/mariadb --set rootUser.password=$ROOT_PASSWORD
- 설치가 잘되었다면, mariadb client를 사용하여 접속해보자. 이번엔 수정한 패스워드로 접속이 잘되어야 한다.
# mariadb client를 생성하여 다시 접속해보자. 수정한 password로 잘 접속이 되어야 한다.
ps0107@k8smaster1:~$ kubectl run -i --tty ubuntu2 --image=ubuntu:16.04 --restart=Never -- bash -il
root@ubuntu2:/# apt-get update; apt-get install -y mariadb-client
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
.....
root@ubuntu2:/# mysql -h snug-aardvark-mariadb -uroot -p
Enter password:qwe123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 38
Server version: 10.3.22-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| my_database |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> exit
Bye
root@ubuntu2:/# exit
logout# 다른 repo 등록과 search 해보기
# 다른 repository 를 추가하고 이용할 수 있는 Charts를 볼수 있다.
ps0107@k8smaster1:~$ helm repo add common http://storage.googleapis.com/kubernetes-charts
"common" has been added to your repositories
# helm repo list 확인
ps0107@k8smaster1:~$ helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
common http://storage.googleapis.com/kubernetes-charts
# helm search를 통한 확인
ps0107@k8smaster1:~$ helm search
NAME CHART VERSION APP VERSION DESCRIPTION
common/acs-engine-autoscaler 2.2.2 2.1.1 DEPRECATED Scales worker nodes within agent pools
common/aerospike 0.3.2 v4.5.0.5 A Helm chart for Aerospike in Kubernetes
common/airflow 6.0.0 1.10.4 Airflow is a platform to programmatically author, schedul...
common/ambassador 5.3.1 0.86.1 A Helm chart for Datawire Ambassador
common/anchore-engine 1.4.2 0.6.1 Anchore container analysis and policy evaluation engine s...
common/apm-server 2.1.5 7.0.0 The server receives data from the Elastic APM agents and ...
.......