何が起きたのか
deisをサクっと試すのにチュートリアルをやっている。
Install Workflow - Deis Workflow Documentation
で、GKEのクラスタを準備して、helmをいれて、さぁdeisをdeployすっぞーというタイミングでエラー。
$ helm install deis/workflow --namespace deis Error: no available release name found
解決策としてはこのへん
でやってみる
$ kubectl create serviceaccount --namespace kube-system tiller serviceaccount "tiller" created $ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller clusterrolebinding "tiller-cluster-rule" created $ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' deployment "tiller-deploy" patched $ helm init --service-account tiller $HELM_HOME has been configured at /Users/take/.helm. Warning: Tiller is already installed in the cluster. (Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.) Happy Helming!
成功。
$ helm install deis/workflow --namespace deis --set global.use_rbac=true NAME: austere-mongoose LAST DEPLOYED: Mon Jul 23 01:59:04 2018 NAMESPACE: deis STATUS: DEPLOYED RESOURCES: ==> v1/Secret NAME TYPE DATA AGE minio-user Opaque 2 3s deis-router-dhparam Opaque 1 3s objectstorage-keyfile Opaque 2 3s ==> v1/ConfigMap NAME DATA AGE dockerbuilder-config 2 3s slugbuilder-config 2 3s slugrunner-config 1 3s ==> v1beta1/RoleBinding NAME AGE deis-builder 3s deis-monitor-telegraf 3s deis-router 3s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE deis-builder ClusterIP 10.7.250.176 <none> 2222/TCP 3s deis-controller ClusterIP 10.7.253.248 <none> 80/TCP 3s deis-database ClusterIP 10.7.254.205 <none> 5432/TCP 3s deis-logger ClusterIP 10.7.249.24 <none> 80/TCP 3s deis-minio ClusterIP 10.7.251.113 <none> 9000/TCP 3s deis-monitor-grafana ClusterIP 10.7.250.120 <none> 80/TCP 3s deis-monitor-influxapi ClusterIP 10.7.245.126 <none> 80/TCP 3s deis-monitor-influxui ClusterIP 10.7.248.97 <none> 80/TCP 3s deis-nsqd ClusterIP 10.7.251.253 <none> 4151/TCP,4150/TCP 3s deis-logger-redis ClusterIP 10.7.255.161 <none> 6379/TCP 3s deis-registry ClusterIP 10.7.245.229 <none> 80/TCP 3s deis-router LoadBalancer 10.7.247.6 <pending> 80:30737/TCP,443:30975/TCP,2222:32153/TCP,9090:30151/TCP 3s deis-workflow-manager ClusterIP 10.7.246.247 <none> 80/TCP 3s ==> v1/ServiceAccount NAME SECRETS AGE deis-builder 1 3s deis-controller 1 3s deis-database 1 3s deis-logger-fluentd 1 3s deis-logger 1 3s deis-minio 1 3s deis-monitor-telegraf 1 3s deis-nsqd 1 3s deis-registry 1 3s deis-router 1 3s deis-workflow-manager 1 3s ==> v1beta1/ClusterRole NAME AGE deis:deis-builder 3s deis:deis-controller 3s deis:deis-logger-fluentd 3s deis:deis-router 3s ==> v1beta1/ClusterRoleBinding NAME AGE deis:deis-builder 3s deis:deis-controller 3s deis:deis-logger-fluentd 3s deis:deis-router 3s ==> v1beta1/Role NAME AGE deis-builder 3s deis-monitor-telegraf 3s deis-router 3s ==> v1beta1/DaemonSet NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE deis-logger-fluentd 2 2 0 2 0 <none> 3s deis-monitor-telegraf 2 2 0 2 0 <none> 3s deis-registry-proxy 2 2 1 2 1 <none> 3s ==> v1beta1/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deis-builder 1 1 1 0 3s deis-controller 1 1 1 0 3s deis-database 1 1 1 0 3s deis-logger 1 1 1 0 3s deis-minio 1 1 1 0 3s deis-monitor-grafana 1 1 1 0 2s deis-monitor-influxdb 1 1 1 0 2s deis-nsqd 1 1 1 0 2s deis-logger-redis 1 1 1 0 1s deis-registry 1 0 0 0 1s deis-router 1 0 0 0 1s deis-workflow-manager 1 0 0 0 0s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE deis-logger-fluentd-2nzb5 0/1 ContainerCreating 0 3s deis-logger-fluentd-tdr9q 1/1 Running 0 3s deis-monitor-telegraf-4flv9 0/1 ContainerCreating 0 3s deis-monitor-telegraf-sscpr 0/1 ContainerCreating 0 3s deis-registry-proxy-97cgs 0/1 ContainerCreating 0 3s deis-registry-proxy-j2k2s 1/1 Running 0 3s deis-builder-55bbd946bd-9srb5 0/1 ContainerCreating 0 3s deis-controller-59c948dbd4-k7hxq 0/1 Pending 0 3s deis-database-5875dcff85-6cl6t 0/1 Pending 0 3s deis-logger-7445666f95-8w9wq 0/1 ContainerCreating 0 2s deis-minio-64454c6bf6-cvpch 0/1 Pending 0 2s deis-monitor-grafana-77d54db485-rdq48 0/1 Pending 0 2s deis-monitor-influxdb-5fb56d489c-zn4c5 0/1 Pending 0 1s deis-nsqd-649fbc4947-tjcwr 0/1 ContainerCreating 0 1s deis-logger-redis-7fcc95cc5d-977tm 0/1 Pending 0 1s deis-registry-554c5569db-zxcgb 0/1 Pending 0 0s deis-router-98ccf5c64-466r5 0/1 Pending 0 0s
何をしたのか
そういえばhelm initを最初にしたときにこう言われている。
$ helm init Creating /Users/take/.helm Creating /Users/take/.helm/repository Creating /Users/take/.helm/repository/cache Creating /Users/take/.helm/repository/local Creating /Users/take/.helm/plugins Creating /Users/take/.helm/starters Creating /Users/take/.helm/cache/archive Creating /Users/take/.helm/repository/repositories.yaml Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com Adding local repo with URL: http://127.0.0.1:8879/charts $HELM_HOME has been configured at /Users/take/.helm. Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster. Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy. For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation Happy Helming!
TillerというHelmのServer側にあるコンポーネントは既にGKE上にインストールされてるよ。デフォルトだとallow unauthenticated usersを認めてないんよ。と言ってる。
やり方公式に載ってました。
Service Accountはkubernetesの認証方式の1つ。作成したservice accountにはsecretも一緒に作成されて、そのtokenを使ってclientはpodへアクセスすることができる。今回helm initで使うservice accountを明示することで、podのdeployが許可されたのだろう。
参考
⎈ Happy Helming!⎈