IT/쿠버네티스 / / 2020. 2. 9.

[kubernetes-실습] helm

포스팅 목차

    # helm
    1. 복잡한 어플리케이션들을 배포할때 사용하며, yum 이나 apt와 비슷하게 쿠버네티스 안의 package manager 역할을 한다.
    2. chart template을 통해서 kubenetes application 을 패키징한다.
    3. helm은 chart의 install을 요청하는 client 이다.
    4. chart에 따라서 Tiller(서버) 가 cluster resource들을 생성한다.

     

    # helm과 Tiller
    helm은 로컬에 설치한 client를 말하고 Tiller는 쿠버네티스 클러스터 안에서 실행 중인 서버이다.

     

    # Helm 과 Charts

    helm 을 사용하면 복잡한 구성을 쉽게 구현할 수 있다. multi-part 애플리케이션을 한 번에 deployment 할 수 있다. Chart 또는 템플릿 파일을 사용하면 필요한 구성 요소와 해당 관계가 선언된다. tiller와 같은 로컬 에이전트는 API를 사용하여 사용자를 대신하여 object를 생성한다. 효과적으로 오케스트레이션할 수 있다. 이번 실습에서는 helm을 설치하고 클러스터에서 Maria DB를 구성하는 chart를 배포해 보도록 한다.

    # Helm install

    # -------------------------------------------------------
    # helm setup
    # -------------------------------------------------------
    # helm install
    ps0107@k8smaster1:~$ curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100  7164  100  7164    0     0  18119      0 --:--:-- --:--:-- --:--:-- 18136
    Downloading https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz
    Preparing to install helm and tiller into /usr/local/bin
    helm installed into /usr/local/bin/helm
    tiller installed into /usr/local/bin/tiller
    Run 'helm init' to configure helm.
    
    # 새로운 RBAC 구성으로 인해 helm은 이 버전의 kubernetes에서 default namespace 에서 실행할 수 없습니다. initalization 중에 새로운 namespace를 생성하고 선언할 수 있습니다. 다른 RBAC 이슈는 그때도 발생할 수 있습니다. 이번 실습에서는 tiller를 위한 service account를 생성하고 클러스터에 대한 관리 기능을 제공합니다. 
    ps0107@k8smaster1:~$ kubectl create serviceaccount --namespace kube-system tiller
    serviceaccount/tiller created
    
    # kube-system namespace안에 cluster-admin 이라는 이름으로 admin role으로 serviceaccount를 바인드한다.
    ps0107@k8smaster1:~$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
    clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created
    
    # helm init
    ps0107@k8smaster1:~$ helm init --service-account tiller
    Creating /home/ps0107/.helm
    Creating /home/ps0107/.helm/repository
    Creating /home/ps0107/.helm/repository/cache
    Creating /home/ps0107/.helm/repository/local
    Creating /home/ps0107/.helm/plugins
    Creating /home/ps0107/.helm/starters
    Creating /home/ps0107/.helm/cache/archive
    Creating /home/ps0107/.helm/repository/repositories.yaml
    Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
    Adding local repo with URL: http://127.0.0.1:8879/charts
    $HELM_HOME has been configured at /home/ps0107/.helm.
    
    Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
    
    Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
    To prevent this, run `helm init` with the --tiller-tls-verify flag.
    For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
    
    # 생성된 pod 확인
    ps0107@k8smaster1:~$ kubectl get pods --all-namespaces
    NAMESPACE              NAME                                        READY   STATUS    RESTARTS   AGE
    kube-system            calico-node-wvxxm                           2/2     Running   0          11d
    kube-system            calico-node-zxkxk                           2/2     Running   2          11d
    kube-system            coredns-5c98db65d4-97gng                    1/1     Running   0          11d
    kube-system            coredns-5c98db65d4-fvz2k                    1/1     Running   0          11d
    kube-system            etcd-k8smaster1                             1/1     Running   0          11d
    kube-system            kube-apiserver-k8smaster1                   1/1     Running   0          11d
    kube-system            kube-controller-manager-k8smaster1          1/1     Running   0          11d
    kube-system            kube-proxy-t62q4                            1/1     Running   0          11d
    kube-system            kube-proxy-tnmtr                            1/1     Running   1          11d
    kube-system            kube-scheduler-k8smaster1                   1/1     Running   0          11d
    kube-system            metrics-server-86cd7c944f-99qsx             1/1     Running   0          3d7h
    kube-system            tiller-deploy-54f7455d59-kfq5d              0/1     Running   0          9s
    kube-system            traefik-ingress-controller-8884w            1/1     Running   0          3d13h
    kube-system            traefik-ingress-controller-jdvck            1/1     Running   0          4d6h
    kubernetes-dashboard   dashboard-metrics-scraper-fb986f88d-wrsv9   1/1     Running   0          2d13h
    kubernetes-dashboard   kubernetes-dashboard-6bb65fcc49-wvw2z       1/1     Running   0          2d13h
    
    # tiller 로그 확인
    ps0107@k8smaster1:~$ kubectl -n kube-system logs tiller-deploy-54f7455d59-kfq5d
    [main] 2020/02/08 15:17:07 Starting Tiller v2.16.1 (tls=false)
    [main] 2020/02/08 15:17:07 GRPC listening on :44134
    [main] 2020/02/08 15:17:07 Probes listening on :44135
    [main] 2020/02/08 15:17:07 Storage driver is ConfigMap
    [main] 2020/02/08 15:17:07 Max history per release is 0
    
    # helm 도움말
    ps0107@k8smaster1:~$ helm help
    The Kubernetes package manager
    
    To begin working with Helm, run the 'helm init' command:
    
    	$ helm init
    
    This will install Tiller to your running Kubernetes cluster.
    It will also set up any necessary local configuration.
    
    Common actions from this point include:
    
    - helm search:    Search for charts
    - helm fetch:     Download a chart to your local directory to view
    - helm install:   Upload the chart to Kubernetes
    - helm list:      List releases of charts
    
    Environment:
    
    - $HELM_HOME:           Set an alternative location for Helm files. By default, these are stored in ~/.helm
    - $HELM_HOST:           Set an alternative Tiller host. The format is host:port
    - $HELM_NO_PLUGINS:     Disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
    - $TILLER_NAMESPACE:    Set an alternative Tiller namespace (default "kube-system")
    - $KUBECONFIG:          Set an alternative Kubernetes configuration file (default "~/.kube/config")
    - $HELM_TLS_CA_CERT:    Path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
    - $HELM_TLS_CERT:       Path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
    - $HELM_TLS_KEY:        Path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
    - $HELM_TLS_ENABLE:     Enable TLS connection between Helm and Tiller (default "false")
    - $HELM_TLS_VERIFY:     Enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
    - $HELM_TLS_HOSTNAME:   The hostname or IP address used to verify the Tiller server certificate (default "127.0.0.1")
    - $HELM_KEY_PASSPHRASE: Set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for the passphrase while signing helm charts
    
    Usage:
      helm [command]
    
    Available Commands:
      completion  Generate autocompletions script for the specified shell (bash or zsh)
      create      Create a new chart with the given name
      delete      Given a release name, delete the release from Kubernetes
      dependency  Manage a chart is dependencies
      fetch       Download a chart from a repository and (optionally) unpack it in local directory
      get         Download a named release
      help        Help about any command
      history     Fetch release history
      home        Displays the location of HELM_HOME
      init        Initialize Helm on both client and server
      inspect     Inspect a chart
      install     Install a chart archive
      lint        Examines a chart for possible issues
      list        List releases
      package     Package a chart directory into a chart archive
      plugin      Add, list, or remove Helm plugins
      repo        Add, list, remove, update, and index chart repositories
      reset       Uninstalls Tiller from a cluster
      rollback    Rollback a release to a previous revision
      search      Search for a keyword in charts
      serve       Start a local http web server
      status      Displays the status of the named release
      template    Locally render templates
      test        Test a release
      upgrade     Upgrade a release
      verify      Verify that a chart at the given path has been signed and is valid
      version     Print the client/server version information
    
    Flags:
          --debug                           Enable verbose output
      -h, --help                            help for helm
          --home string                     Location of your Helm config. Overrides $HELM_HOME (default "/home/ps0107/.helm")
          --host string                     Address of Tiller. Overrides $HELM_HOST
          --kube-context string             Name of the kubeconfig context to use
          --kubeconfig string               Absolute path of the kubeconfig file to be used
          --tiller-connection-timeout int   The duration (in seconds) Helm will wait to establish a connection to Tiller (default 300)
          --tiller-namespace string         Namespace of Tiller (default "kube-system")
    
    Use "helm [command] --help" for more information about a command.
    
    # helm home
    ps0107@k8smaster1:~$ helm home
    /home/ps0107/.helm
    
    # helm homedirectory 확인
    ps0107@k8smaster1:~$ ls -R /home/ps0107/.helm
    /home/ps0107/.helm:
    cache  plugins  repository  starters
    
    /home/ps0107/.helm/cache:
    archive
    
    /home/ps0107/.helm/cache/archive:
    
    /home/ps0107/.helm/plugins:
    
    /home/ps0107/.helm/repository:
    cache  local  repositories.yaml
    
    /home/ps0107/.helm/repository/cache:
    local-index.yaml  stable-index.yaml
    
    /home/ps0107/.helm/repository/local:
    index.yaml
    
    /home/ps0107/.helm/starters:
    
    # helm 버전 확인
    ps0107@k8smaster1:~$ helm version
    Client: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}
    Server: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}
    

    # helm을 이용한 mariadb 배포

    - mariadb 디버그 모드로 인스톨 해본다.

    # -------------------------------------------------
    # helm을 이용한 mariadb 배포
    # ---------------------------------------------------
    # helm search 를 통해 리스트를 확인해 볼수 있다. database에 대한 리스트가 많이 나오는군요...
    ps0107@k8smaster1:~$ helm search database
    NAME                         	CHART VERSION	APP VERSION            	DESCRIPTION
    stable/cockroachdb           	3.0.4        	19.2.3                 	CockroachDB is a scalable, survivable, strongly-consisten...
    stable/couchdb               	2.3.0        	2.3.1                  	DEPRECATED A database featuring seamless multi-master syn...
    stable/dokuwiki              	6.0.6        	0.20180422.201901061035	DokuWiki is a standards-compliant, simple to use wiki opt...
    stable/ignite                	1.0.1        	2.7.6                  	Apache Ignite is an open-source distributed database, cac...
    stable/janusgraph            	0.2.1        	1.0                    	Open source, scalable graph database.
    stable/kubedb                	0.1.3        	0.8.0-beta.2           	DEPRECATED KubeDB by AppsCode - Making running production...
    stable/mariadb               	7.3.7        	10.3.22                	Fast, reliable, scalable, and easy to use open-source rel...
    .......
    
    # mariadb 인스톨 (debug 모드)
    ps0107@k8smaster1:~$ helm --debug install stable/mariadb --set master.persistence.enabled=false --set slave.persistence.enabled=false|tee helm.out
    [debug] Created tunnel using local port: '34569'
    
    [debug] SERVER: "127.0.0.1:34569"
    
    [debug] Original chart version: ""
    [debug] Fetched stable/mariadb to /home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz
    
    [debug] CHART PATH: /home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz
    
    NAME:   right-termite  # <-- 기억해두기
    REVISION: 1
    RELEASED: Sat Feb  8 15:47:33 2020
    CHART: mariadb-7.3.7
    USER-SUPPLIED VALUES:
    master:
      persistence:
        enabled: false
    slave:
      persistence:
        enabled: false
    
    COMPUTED VALUES:
    db:
      forcePassword: false
      injectSecretsAsVolume: false
      name: my_database
      password: ""
      user: ""
    image:
      debug: false
      pullPolicy: IfNotPresent
      registry: docker.io
      repository: bitnami/mariadb
      tag: 10.3.22-debian-10-r0
    master:
      affinity: {}
      antiAffinity: soft
      config: |-
        [mysqld]
        skip-name-resolve
        explicit_defaults_for_timestamp
        basedir=/opt/bitnami/mariadb
        plugin_dir=/opt/bitnami/mariadb/plugin
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        tmpdir=/opt/bitnami/mariadb/tmp
        max_allowed_packet=16M
        bind-address=0.0.0.0
        pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
        log-error=/opt/bitnami/mariadb/logs/mysqld.log
        character-set-server=UTF8
        collation-server=utf8_general_ci
    
        [client]
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        default-character-set=UTF8
        plugin_dir=/opt/bitnami/mariadb/plugin
    
        [manager]
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
      extraInitContainers: ""
      livenessProbe:
        enabled: true
        failureThreshold: 3
        initialDelaySeconds: 120
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      nodeSelector: {}
      persistence:
        accessModes:
        - ReadWriteOnce
        annotations: {}
        enabled: false
        mountPath: /bitnami/mariadb
        size: 8Gi
      podDisruptionBudget:
        enabled: false
        minAvailable: 1
      readinessProbe:
        enabled: true
        failureThreshold: 3
        initialDelaySeconds: 30
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      resources: {}
      service:
        annotations: {}
      tolerations: []
      updateStrategy:
        type: RollingUpdate
    metrics:
      annotations:
        prometheus.io/port: "9104"
        prometheus.io/scrape: "true"
      enabled: false
      extraArgs:
        master: []
        slave: []
      image:
        pullPolicy: IfNotPresent
        registry: docker.io
        repository: bitnami/mysqld-exporter
        tag: 0.12.1-debian-10-r4
      livenessProbe:
        enabled: true
        failureThreshold: 3
        initialDelaySeconds: 120
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      readinessProbe:
        enabled: true
        failureThreshold: 3
        initialDelaySeconds: 30
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      resources: {}
      serviceMonitor:
        enabled: false
        selector:
          prometheus: kube-prometheus
    rbac:
      create: false
    replication:
      enabled: true
      forcePassword: false
      injectSecretsAsVolume: false
      password: ""
      user: replicator
    rootUser:
      forcePassword: false
      injectSecretsAsVolume: false
      password: ""
    securityContext:
      enabled: true
      fsGroup: 1001
      runAsUser: 1001
    service:
      port: 3306
      type: ClusterIP
    serviceAccount:
      create: false
    slave:
      affinity: {}
      antiAffinity: soft
      config: |-
        [mysqld]
        skip-name-resolve
        explicit_defaults_for_timestamp
        basedir=/opt/bitnami/mariadb
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        tmpdir=/opt/bitnami/mariadb/tmp
        max_allowed_packet=16M
        bind-address=0.0.0.0
        pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
        log-error=/opt/bitnami/mariadb/logs/mysqld.log
        character-set-server=UTF8
        collation-server=utf8_general_ci
    
        [client]
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        default-character-set=UTF8
    
        [manager]
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
      extraInitContainers: ""
      livenessProbe:
        enabled: true
        failureThreshold: 3
        initialDelaySeconds: 120
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      nodeSelector: {}
      persistence:
        accessModes:
        - ReadWriteOnce
        annotations: null
        enabled: false
        size: 8Gi
      podDisruptionBudget:
        enabled: false
        minAvailable: 1
      readinessProbe:
        enabled: true
        failureThreshold: 3
        initialDelaySeconds: 45
        periodSeconds: 10
        successThreshold: 1
        timeoutSeconds: 1
      replicas: 1
      resources: {}
      service:
        annotations: {}
      tolerations: []
      updateStrategy:
        type: RollingUpdate
    tests:
      enabled: true
      testFramework:
        image:
          registry: docker.io
          repository: dduportal/bats
          tag: 0.4.0
    volumePermissions:
      enabled: false
      image:
        pullPolicy: Always
        registry: docker.io
        repository: bitnami/minideb
        tag: stretch
      resources: {}
    
    HOOKS:
    ---
    # right-termite-mariadb-test-3tk9w
    apiVersion: v1
    kind: Pod
    metadata:
      name: "right-termite-mariadb-test-3tk9w"
      annotations:
        "helm.sh/hook": test-success
    spec:
      initContainers:
        - name: "test-framework"
          image: docker.io/dduportal/bats:0.4.0
          command:
            - "bash"
            - "-c"
            - |
              set -ex
              # copy bats to tools dir
              cp -R /usr/local/libexec/ /tools/bats/
          volumeMounts:
          - mountPath: /tools
            name: tools
      containers:
        - name: mariadb-test
          image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
          imagePullPolicy: "IfNotPresent"
          command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
          env:
            - name: MARIADB_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: right-termite-mariadb
                  key: mariadb-root-password
          volumeMounts:
          - mountPath: /tests
            name: tests
            readOnly: true
          - mountPath: /tools
            name: tools
      volumes:
      - name: tests
        configMap:
          name: right-termite-mariadb-tests
      - name: tools
        emptyDir: {}
      restartPolicy: Never
    MANIFEST:
    
    ---
    # Source: mariadb/templates/secrets.yaml
    apiVersion: v1
    kind: Secret
    metadata:
      name: right-termite-mariadb
      labels:
        app: "mariadb"
        chart: "mariadb-7.3.7"
        release: "right-termite"
        heritage: "Tiller"
    type: Opaque
    data:
      mariadb-root-password: "eDJTd01NWm93OA=="
    
      mariadb-replication-password: "Qm50UEp0elI3dw=="
    ---
    # Source: mariadb/templates/master-configmap.yaml
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: right-termite-mariadb-master
      labels:
        app: "mariadb"
        component: "master"
        chart: "mariadb-7.3.7"
        release: "right-termite"
        heritage: "Tiller"
    data:
      my.cnf: |-
        [mysqld]
        skip-name-resolve
        explicit_defaults_for_timestamp
        basedir=/opt/bitnami/mariadb
        plugin_dir=/opt/bitnami/mariadb/plugin
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        tmpdir=/opt/bitnami/mariadb/tmp
        max_allowed_packet=16M
        bind-address=0.0.0.0
        pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
        log-error=/opt/bitnami/mariadb/logs/mysqld.log
        character-set-server=UTF8
        collation-server=utf8_general_ci
    
        [client]
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        default-character-set=UTF8
        plugin_dir=/opt/bitnami/mariadb/plugin
    
        [manager]
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
    ---
    # Source: mariadb/templates/slave-configmap.yaml
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: right-termite-mariadb-slave
      labels:
        app: "mariadb"
        component: "slave"
        chart: "mariadb-7.3.7"
        release: "right-termite"
        heritage: "Tiller"
    data:
      my.cnf: |-
        [mysqld]
        skip-name-resolve
        explicit_defaults_for_timestamp
        basedir=/opt/bitnami/mariadb
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        tmpdir=/opt/bitnami/mariadb/tmp
        max_allowed_packet=16M
        bind-address=0.0.0.0
        pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
        log-error=/opt/bitnami/mariadb/logs/mysqld.log
        character-set-server=UTF8
        collation-server=utf8_general_ci
    
        [client]
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        default-character-set=UTF8
    
        [manager]
        port=3306
        socket=/opt/bitnami/mariadb/tmp/mysql.sock
        pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
    ---
    # Source: mariadb/templates/tests.yaml
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: right-termite-mariadb-tests
    data:
      run.sh: |-
        @test "Testing MariaDB is accessible" {
          mysql -h right-termite-mariadb -uroot -p$MARIADB_ROOT_PASSWORD -e 'show databases;'
        }
    ---
    # Source: mariadb/templates/master-svc.yaml
    apiVersion: v1
    kind: Service
    metadata:
      name: right-termite-mariadb
      labels:
        app: "mariadb"
        component: "master"
        chart: "mariadb-7.3.7"
        release: "right-termite"
        heritage: "Tiller"
    spec:
      type: ClusterIP
      ports:
      - name: mysql
        port: 3306
        targetPort: mysql
      selector:
        app: "mariadb"
        component: "master"
        release: "right-termite"
    ---
    # Source: mariadb/templates/slave-svc.yaml
    apiVersion: v1
    kind: Service
    metadata:
      name: right-termite-mariadb-slave
      labels:
        app: "mariadb"
        chart: "mariadb-7.3.7"
        component: "slave"
        release: "right-termite"
        heritage: "Tiller"
    spec:
      type: ClusterIP
      ports:
      - name: mysql
        port: 3306
        targetPort: mysql
      selector:
        app: "mariadb"
        component: "slave"
        release: "right-termite"
    ---
    # Source: mariadb/templates/master-statefulset.yaml
    apiVersion: apps/v1
    kind: StatefulSet
    metadata:
      name: right-termite-mariadb-master
      labels:
        app: mariadb
        chart: mariadb-7.3.7
        release: right-termite
        heritage: Tiller
        component: master
    spec:
      selector:
        matchLabels:
          app: mariadb
          release: right-termite
          component: master
      serviceName: right-termite-mariadb-master
      replicas: 1
      updateStrategy:
        type: RollingUpdate
      template:
        metadata:
          labels:
            app: mariadb
            chart: mariadb-7.3.7
            release: right-termite
            component: master
        spec:
          serviceAccountName: default
          securityContext:
            fsGroup: 1001
            runAsUser: 1001
          affinity:
            podAntiAffinity:
              preferredDuringSchedulingIgnoredDuringExecution:
                - weight: 1
                  podAffinityTerm:
                    topologyKey: kubernetes.io/hostname
                    labelSelector:
                      matchLabels:
                        app: mariadb
                        release: right-termite
          initContainers:
          containers:
            - name: "mariadb"
              image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
              imagePullPolicy: "IfNotPresent"
              env:
                - name: MARIADB_ROOT_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: right-termite-mariadb
                      key: mariadb-root-password
                - name: MARIADB_DATABASE
                  value: "my_database"
                - name: MARIADB_REPLICATION_MODE
                  value: "master"
                - name: MARIADB_REPLICATION_USER
                  value: "replicator"
                - name: MARIADB_REPLICATION_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: right-termite-mariadb
                      key: mariadb-replication-password
              ports:
                - name: mysql
                  containerPort: 3306
              livenessProbe:
                exec:
                  command:
                    - sh
                    - -c
                    - |
                      password_aux="${MARIADB_ROOT_PASSWORD:-}"
                      if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then
                          password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE)
                      fi
                      mysqladmin status -uroot -p$password_aux
                initialDelaySeconds: 120
                periodSeconds: 10
                timeoutSeconds: 1
                successThreshold: 1
                failureThreshold: 3
              readinessProbe:
                exec:
                  command:
                    - sh
                    - -c
                    - |
                      password_aux="${MARIADB_ROOT_PASSWORD:-}"
                      if [ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]; then
                          password_aux=$(cat $MARIADB_ROOT_PASSWORD_FILE)
                      fi
                      mysqladmin status -uroot -p$password_aux
                initialDelaySeconds: 30
                periodSeconds: 10
                timeoutSeconds: 1
                successThreshold: 1
                failureThreshold: 3
              volumeMounts:
                - name: data
                  mountPath: /bitnami/mariadb
                - name: config
                  mountPath: /opt/bitnami/mariadb/conf/my.cnf
                  subPath: my.cnf
          volumes:
            - name: config
              configMap:
                name: right-termite-mariadb-master
            - name: data
              emptyDir: {}
    ---
    # Source: mariadb/templates/slave-statefulset.yaml
    apiVersion: apps/v1
    kind: StatefulSet
    metadata:
      name: right-termite-mariadb-slave
      labels:
        app: mariadb
        chart: mariadb-7.3.7
        release: right-termite
        heritage: Tiller
        component: slave
    spec:
      selector:
        matchLabels:
          app: mariadb
          release: right-termite
          component: slave
      serviceName: right-termite-mariadb-slave
      replicas: 1
      updateStrategy:
        type: RollingUpdate
      template:
        metadata:
          labels:
            app: mariadb
            chart: mariadb-7.3.7
            release: right-termite
            component: slave
        spec:
          serviceAccountName: default
          securityContext:
            fsGroup: 1001
            runAsUser: 1001
          affinity:
            podAntiAffinity:
              preferredDuringSchedulingIgnoredDuringExecution:
                - weight: 1
                  podAffinityTerm:
                    topologyKey: kubernetes.io/hostname
                    labelSelector:
                      matchLabels:
                        app: mariadb
                        release: right-termite
          initContainers:
          containers:
            - name: "mariadb"
              image: docker.io/bitnami/mariadb:10.3.22-debian-10-r0
              imagePullPolicy: "IfNotPresent"
              env:
                - name: MARIADB_REPLICATION_MODE
                  value: "slave"
                - name: MARIADB_MASTER_HOST
                  value: right-termite-mariadb
                - name: MARIADB_MASTER_PORT_NUMBER
                  value: "3306"
                - name: MARIADB_MASTER_ROOT_USER
                  value: "root"
                - name: MARIADB_MASTER_ROOT_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: right-termite-mariadb
                      key: mariadb-root-password
                - name: MARIADB_REPLICATION_USER
                  value: "replicator"
                - name: MARIADB_REPLICATION_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: right-termite-mariadb
                      key: mariadb-replication-password
              ports:
                - name: mysql
                  containerPort: 3306
              livenessProbe:
                exec:
                  command:
                    - sh
                    - -c
                    - |
                      password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
                      if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then
                          password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE)
                      fi
                      mysqladmin status -uroot -p$password_aux
                initialDelaySeconds: 120
                periodSeconds: 10
                timeoutSeconds: 1
                successThreshold: 1
                failureThreshold: 3
              readinessProbe:
                exec:
                  command:
                    - sh
                    - -c
                    - |
                      password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
                      if [ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]; then
                          password_aux=$(cat $MARIADB_MASTER_ROOT_PASSWORD_FILE)
                      fi
                      mysqladmin status -uroot -p$password_aux
                initialDelaySeconds: 45
                periodSeconds: 10
                timeoutSeconds: 1
                successThreshold: 1
                failureThreshold: 3
              volumeMounts:
                - name: data
                  mountPath: /bitnami/mariadb
                - name: config
                  mountPath: /opt/bitnami/mariadb/conf/my.cnf
                  subPath: my.cnf
          volumes:
            - name: config
              configMap:
                name: right-termite-mariadb-slave
            - name: "data"
              emptyDir: {}
    LAST DEPLOYED: Sat Feb  8 15:47:33 2020
    NAMESPACE: default
    STATUS: DEPLOYED
    
    RESOURCES:
    ==> v1/ConfigMap
    NAME                          AGE
    right-termite-mariadb-master  0s
    right-termite-mariadb-slave   0s
    right-termite-mariadb-tests   0s
    
    ==> v1/Pod(related)
    NAME                            AGE
    right-termite-mariadb-master-0  0s
    right-termite-mariadb-slave-0   0s
    
    ==> v1/Secret
    NAME                   AGE
    right-termite-mariadb  0s
    
    ==> v1/Service
    NAME                         AGE
    right-termite-mariadb        0s
    right-termite-mariadb-slave  0s
    
    ==> v1/StatefulSet
    NAME                          AGE
    right-termite-mariadb-master  0s
    right-termite-mariadb-slave   0s
    
    
    NOTES:
    
    Please be patient while the chart is being deployed
    
    Tip:
    
      Watch the deployment status using the command: kubectl get pods -w --namespace default -l release=right-termite
    
    Services:
    
      echo Master: right-termite-mariadb.default.svc.cluster.local:3306
      echo Slave:  right-termite-mariadb-slave.default.svc.cluster.local:3306
    
    Administrator credentials:
    
      Username: root
      Password : $(kubectl get secret --namespace default right-termite-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
    
    To connect to your database:
    
      1. Run a pod that you can use as a client:
    
          kubectl run right-termite-mariadb-client --rm --tty -i --restart='Never' --image  docker.io/bitnami/mariadb:10.3.22-debian-10-r0 --namespace default --command -- bash
    
      2. To connect to master service (read/write):
    
          mysql -h right-termite-mariadb.default.svc.cluster.local -uroot -p my_database
    
      3. To connect to slave service (read-only):
    
          mysql -h right-termite-mariadb-slave.default.svc.cluster.local -uroot -p my_database
    
    To upgrade this helm chart:
    
      1. Obtain the password as described on the 'Administrator credentials' section and set the 'rootUser.password' parameter as shown below:
    
          ROOT_PASSWORD=$(kubectl get secret --namespace default right-termite-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
          helm upgrade right-termite stable/mariadb --set rootUser.password=$ROOT_PASSWORD

     

    - maria db 패스워드 알아내서 mariadb client 설치하여 확인해보기

    # maria db 패스워드
    ps0107@k8smaster1:~$ kubectl get secret -n default  right-termite-mariadb  -o jsonpath="{.data.mariadb-root-password}"  | base64 --decode
    x2SwMMZow8
    
    # 자! 이제 mariadb client를 깔고 확인해보자. ubuntu 이미지를 하나 설치 하여 mariadb client 설치한다.
    ps0107@k8smaster1:~$ kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
    If you do not see a command prompt, try pressing enter.
    root@ubuntu:/# apt-get update; apt-get install -y mariadb-client
    root@ubuntu:/# mysql -h right-termite-mariadb -p
    Enter password:x2SwMMZow8
    Welcome to the MariaDB monitor.  Commands end with ; or \g.
    Your MariaDB connection id is 132
    Server version: 10.3.22-MariaDB-log Source distribution
    
    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [(none)]> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | my_database        |
    | mysql              |
    | performance_schema |
    | test               |
    +--------------------+
    5 rows in set (0.00 sec)
    
    MariaDB [(none)]>
    MariaDB [(none)]> quit
    Bye
    root@ubuntu:/# exit
    logout

     

    - helm 설치 한거 삭제해보자

    # helm list
    ps0107@k8smaster1:~$ helm list -a
    NAME         	REVISION	UPDATED                 	STATUS  	CHART        	APP VERSION	NAMESPACE
    right-termite	1       	Sat Feb  8 15:47:33 2020	DEPLOYED	mariadb-7.3.7	10.3.22    	default
    
    # 생성한 helm 삭제
    ps0107@k8smaster1:~$ helm delete right-termite
    release "right-termite" deleted
    
    # 삭제 확인
    ps0107@k8smaster1:~$ helm list

     

    - 이번엔 지워진 mariadb를 다운로드된 chart를 이용하여 패스워드를 수정하고 다시 설치해보자.

    # 이번엔 지워진 mariadb를 다운로드된 chart를 이용하여 패스워드를 수정하고 다시 설치해보자.
    # 다운로드 된 chart를 찾는다.
    ps0107@k8smaster1:~$ find ~ -name *mariadb*
    /home/ps0107/.helm/cache/archive/mariadb-7.3.7.tgz
    
    ps0107@k8smaster1:~$ cd /home/ps0107/.helm/cache/archive/
    
    ps0107@k8smaster1:~/.helm/cache/archive$ tar -xvf mariadb-7.3.7.tgz
    mariadb/Chart.yaml
    mariadb/values.yaml
    mariadb/templates/NOTES.txt
    mariadb/templates/_helpers.tpl
    mariadb/templates/initialization-configmap.yaml
    mariadb/templates/master-configmap.yaml
    mariadb/templates/master-pdb.yaml
    mariadb/templates/master-statefulset.yaml
    mariadb/templates/master-svc.yaml
    mariadb/templates/role.yaml
    mariadb/templates/rolebinding.yaml
    mariadb/templates/secrets.yaml
    mariadb/templates/serviceaccount.yaml
    mariadb/templates/servicemonitor.yaml
    mariadb/templates/slave-configmap.yaml
    mariadb/templates/slave-pdb.yaml
    mariadb/templates/slave-statefulset.yaml
    mariadb/templates/slave-svc.yaml
    mariadb/templates/test-runner.yaml
    mariadb/templates/tests.yaml
    mariadb/.helmignore
    mariadb/OWNERS
    mariadb/README.md
    mariadb/files/docker-entrypoint-initdb.d/README.md
    mariadb/values-production.yaml
    mariadb/values.schema.json
    
    ps0107@k8smaster1:~/.helm/cache/archive$ cp mariadb/values.yaml ~/custom.yaml ; cd
    
    ps0107@k8smaster1:~$ vi custom.yaml
    	rootUser:
    	  ## MariaDB admin password
    	  ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run
    	  ##
    	  password: qwe123.  # <- 수정
    
    
    	  persistence:
    	    ## If true, use a Persistent Volume Claim, If false, use emptyDir
    	    ##
    	    enabled: false. #<- 수정
    
    # 수정된 chart로 mariadb 인스톨
    ps0107@k8smaster1:~$ helm install -f custom.yaml stable/mariadb
    NAME:   snug-aardvark
    LAST DEPLOYED: Sat Feb  8 16:21:53 2020
    NAMESPACE: default
    STATUS: DEPLOYED
    
    RESOURCES:
    ==> v1/ConfigMap
    NAME                          AGE
    snug-aardvark-mariadb-master  1s
    snug-aardvark-mariadb-slave   1s
    snug-aardvark-mariadb-tests   1s
    
    ==> v1/Pod(related)
    NAME                            AGE
    snug-aardvark-mariadb-master-0  1s
    snug-aardvark-mariadb-slave-0   1s
    
    ==> v1/Secret
    NAME                   AGE
    snug-aardvark-mariadb  1s
    
    ==> v1/Service
    NAME                         AGE
    snug-aardvark-mariadb        1s
    snug-aardvark-mariadb-slave  1s
    
    ==> v1/StatefulSet
    NAME                          AGE
    snug-aardvark-mariadb-master  1s
    snug-aardvark-mariadb-slave   1s
    
    
    NOTES:
    
    Please be patient while the chart is being deployed
    
    Tip:
    
      Watch the deployment status using the command: kubectl get pods -w --namespace default -l release=snug-aardvark
    
    Services:
    
      echo Master: snug-aardvark-mariadb.default.svc.cluster.local:3306
      echo Slave:  snug-aardvark-mariadb-slave.default.svc.cluster.local:3306
    
    Administrator credentials:
    
      Username: root
      Password : $(kubectl get secret --namespace default snug-aardvark-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
    
    To connect to your database:
    
      1. Run a pod that you can use as a client:
    
          kubectl run snug-aardvark-mariadb-client --rm --tty -i --restart='Never' --image  docker.io/bitnami/mariadb:10.3.22-debian-10-r0 --namespace default --command -- bash
    
      2. To connect to master service (read/write):
    
          mysql -h snug-aardvark-mariadb.default.svc.cluster.local -uroot -p my_database
    
      3. To connect to slave service (read-only):
    
          mysql -h snug-aardvark-mariadb-slave.default.svc.cluster.local -uroot -p my_database
    
    To upgrade this helm chart:
    
      1. Obtain the password as described on the 'Administrator credentials' section and set the 'rootUser.password' parameter as shown below:
    
          ROOT_PASSWORD=$(kubectl get secret --namespace default snug-aardvark-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
          helm upgrade snug-aardvark stable/mariadb --set rootUser.password=$ROOT_PASSWORD

     

    - 설치가 잘되었다면, mariadb client를 사용하여 접속해보자. 이번엔 수정한 패스워드로 접속이 잘되어야 한다.

    # mariadb client를 생성하여 다시 접속해보자. 수정한 password로 잘 접속이 되어야 한다.
    ps0107@k8smaster1:~$ kubectl run -i --tty ubuntu2 --image=ubuntu:16.04 --restart=Never -- bash -il
    root@ubuntu2:/# apt-get update; apt-get install -y mariadb-client
    Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
    Get:2 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
    .....
    root@ubuntu2:/# mysql -h snug-aardvark-mariadb -uroot -p
    Enter password:qwe123
    Welcome to the MariaDB monitor.  Commands end with ; or \g.
    Your MariaDB connection id is 38
    Server version: 10.3.22-MariaDB-log Source distribution
    
    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [(none)]> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | my_database        |
    | mysql              |
    | performance_schema |
    | test               |
    +--------------------+
    5 rows in set (0.00 sec)
    
    MariaDB [(none)]> exit
    Bye
    root@ubuntu2:/# exit
    logout

    # 다른 repo 등록과 search 해보기

    # 다른 repository 를 추가하고 이용할 수 있는 Charts를 볼수 있다.
    ps0107@k8smaster1:~$ helm repo add common  http://storage.googleapis.com/kubernetes-charts
    "common" has been added to your repositories
    
    # helm repo list 확인
    ps0107@k8smaster1:~$ helm repo list
    NAME  	URL
    stable	https://kubernetes-charts.storage.googleapis.com
    local 	http://127.0.0.1:8879/charts
    common	http://storage.googleapis.com/kubernetes-charts
    
    # helm search를 통한 확인
    ps0107@k8smaster1:~$ helm search
    NAME                                 	CHART VERSION	APP VERSION            	DESCRIPTION
    common/acs-engine-autoscaler         	2.2.2        	2.1.1                  	DEPRECATED Scales worker nodes within agent pools
    common/aerospike                     	0.3.2        	v4.5.0.5               	A Helm chart for Aerospike in Kubernetes
    common/airflow                       	6.0.0        	1.10.4                 	Airflow is a platform to programmatically author, schedul...
    common/ambassador                    	5.3.1        	0.86.1                 	A Helm chart for Datawire Ambassador
    common/anchore-engine                	1.4.2        	0.6.1                  	Anchore container analysis and policy evaluation engine s...
    common/apm-server                    	2.1.5        	7.0.0                  	The server receives data from the Elastic APM agents and ...
    .......
    

    • 네이버 블로그 공유
    • 네이버 밴드 공유
    • 페이스북 공유
    • 카카오스토리 공유