ツナワタリマイライフ

日常ネタから技術ネタ、音楽ネタまで何でも書きます。

helm installで"Error: no available release name found"

何が起きたのか

deisをサクっと試すのにチュートリアルをやっている。

Install Workflow - Deis Workflow Documentation

で、GKEのクラスタを準備して、helmをいれて、さぁdeisをdeployすっぞーというタイミングでエラー。

$ helm install deis/workflow --namespace deis
Error: no available release name found

解決策としてはこのへん

github.com

でやってみる

$ kubectl create serviceaccount --namespace kube-system tiller
serviceaccount "tiller" created
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
clusterrolebinding "tiller-cluster-rule" created
$ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
deployment "tiller-deploy" patched

$ helm init --service-account tiller
$HELM_HOME has been configured at /Users/take/.helm.
Warning: Tiller is already installed in the cluster.
(Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
Happy Helming!

成功。

$ helm install deis/workflow --namespace deis --set global.use_rbac=true
NAME:   austere-mongoose
LAST DEPLOYED: Mon Jul 23 01:59:04 2018
NAMESPACE: deis
STATUS: DEPLOYED

RESOURCES:
==> v1/Secret
NAME                   TYPE    DATA  AGE
minio-user             Opaque  2     3s
deis-router-dhparam    Opaque  1     3s
objectstorage-keyfile  Opaque  2     3s

==> v1/ConfigMap
NAME                  DATA  AGE
dockerbuilder-config  2     3s
slugbuilder-config    2     3s
slugrunner-config     1     3s

==> v1beta1/RoleBinding
NAME                   AGE
deis-builder           3s
deis-monitor-telegraf  3s
deis-router            3s

==> v1/Service
NAME                    TYPE          CLUSTER-IP    EXTERNAL-IP  PORT(S)                                                   AGE
deis-builder            ClusterIP     10.7.250.176  <none>       2222/TCP                                                  3s
deis-controller         ClusterIP     10.7.253.248  <none>       80/TCP                                                    3s
deis-database           ClusterIP     10.7.254.205  <none>       5432/TCP                                                  3s
deis-logger             ClusterIP     10.7.249.24   <none>       80/TCP                                                    3s
deis-minio              ClusterIP     10.7.251.113  <none>       9000/TCP                                                  3s
deis-monitor-grafana    ClusterIP     10.7.250.120  <none>       80/TCP                                                    3s
deis-monitor-influxapi  ClusterIP     10.7.245.126  <none>       80/TCP                                                    3s
deis-monitor-influxui   ClusterIP     10.7.248.97   <none>       80/TCP                                                    3s
deis-nsqd               ClusterIP     10.7.251.253  <none>       4151/TCP,4150/TCP                                         3s
deis-logger-redis       ClusterIP     10.7.255.161  <none>       6379/TCP                                                  3s
deis-registry           ClusterIP     10.7.245.229  <none>       80/TCP                                                    3s
deis-router             LoadBalancer  10.7.247.6    <pending>    80:30737/TCP,443:30975/TCP,2222:32153/TCP,9090:30151/TCP  3s
deis-workflow-manager   ClusterIP     10.7.246.247  <none>       80/TCP                                                    3s

==> v1/ServiceAccount
NAME                   SECRETS  AGE
deis-builder           1        3s
deis-controller        1        3s
deis-database          1        3s
deis-logger-fluentd    1        3s
deis-logger            1        3s
deis-minio             1        3s
deis-monitor-telegraf  1        3s
deis-nsqd              1        3s
deis-registry          1        3s
deis-router            1        3s
deis-workflow-manager  1        3s

==> v1beta1/ClusterRole
NAME                      AGE
deis:deis-builder         3s
deis:deis-controller      3s
deis:deis-logger-fluentd  3s
deis:deis-router          3s

==> v1beta1/ClusterRoleBinding
NAME                      AGE
deis:deis-builder         3s
deis:deis-controller      3s
deis:deis-logger-fluentd  3s
deis:deis-router          3s

==> v1beta1/Role
NAME                   AGE
deis-builder           3s
deis-monitor-telegraf  3s
deis-router            3s

==> v1beta1/DaemonSet
NAME                   DESIRED  CURRENT  READY  UP-TO-DATE  AVAILABLE  NODE SELECTOR  AGE
deis-logger-fluentd    2        2        0      2           0          <none>         3s
deis-monitor-telegraf  2        2        0      2           0          <none>         3s
deis-registry-proxy    2        2        1      2           1          <none>         3s

==> v1beta1/Deployment
NAME                   DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
deis-builder           1        1        1           0          3s
deis-controller        1        1        1           0          3s
deis-database          1        1        1           0          3s
deis-logger            1        1        1           0          3s
deis-minio             1        1        1           0          3s
deis-monitor-grafana   1        1        1           0          2s
deis-monitor-influxdb  1        1        1           0          2s
deis-nsqd              1        1        1           0          2s
deis-logger-redis      1        1        1           0          1s
deis-registry          1        0        0           0          1s
deis-router            1        0        0           0          1s
deis-workflow-manager  1        0        0           0          0s

==> v1/Pod(related)
NAME                                    READY  STATUS             RESTARTS  AGE
deis-logger-fluentd-2nzb5               0/1    ContainerCreating  0         3s
deis-logger-fluentd-tdr9q               1/1    Running            0         3s
deis-monitor-telegraf-4flv9             0/1    ContainerCreating  0         3s
deis-monitor-telegraf-sscpr             0/1    ContainerCreating  0         3s
deis-registry-proxy-97cgs               0/1    ContainerCreating  0         3s
deis-registry-proxy-j2k2s               1/1    Running            0         3s
deis-builder-55bbd946bd-9srb5           0/1    ContainerCreating  0         3s
deis-controller-59c948dbd4-k7hxq        0/1    Pending            0         3s
deis-database-5875dcff85-6cl6t          0/1    Pending            0         3s
deis-logger-7445666f95-8w9wq            0/1    ContainerCreating  0         2s
deis-minio-64454c6bf6-cvpch             0/1    Pending            0         2s
deis-monitor-grafana-77d54db485-rdq48   0/1    Pending            0         2s
deis-monitor-influxdb-5fb56d489c-zn4c5  0/1    Pending            0         1s
deis-nsqd-649fbc4947-tjcwr              0/1    ContainerCreating  0         1s
deis-logger-redis-7fcc95cc5d-977tm      0/1    Pending            0         1s
deis-registry-554c5569db-zxcgb          0/1    Pending            0         0s
deis-router-98ccf5c64-466r5             0/1    Pending            0         0s

何をしたのか

そういえばhelm initを最初にしたときにこう言われている。

$ helm init
Creating /Users/take/.helm
Creating /Users/take/.helm/repository
Creating /Users/take/.helm/repository/cache
Creating /Users/take/.helm/repository/local
Creating /Users/take/.helm/plugins
Creating /Users/take/.helm/starters
Creating /Users/take/.helm/cache/archive
Creating /Users/take/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /Users/take/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!

TillerというHelmのServer側にあるコンポーネントは既にGKE上にインストールされてるよ。デフォルトだとallow unauthenticated usersを認めてないんよ。と言ってる。

やり方公式に載ってました。

github.com

Service Accountはkubernetesの認証方式の1つ。作成したservice accountにはsecretも一緒に作成されて、そのtokenを使ってclientはpodへアクセスすることができる。今回helm initで使うservice accountを明示することで、podのdeployが許可されたのだろう。

参考

qiita.com

⎈ Happy Helming!⎈