background
The last article briefly introduced the Kubernetes PC version of the development test environment minikube build and environment configuration, in a long period of time I have not built, today suddenly under a new version, found that the startup can not be started, so then darling Minikube Moving back to version 0.25.2, this article briefly documents the steps as the project has recently been deployed and released using Helm and Swift.
concept
Helm
Helm is a package management tool for K8S cluster deployment and management application. It uses Chart file configuration project to hide some basic concepts of K8S itself and has some features of version rollback and easy upgrade. Helm is divided into client and server, the server tiller runs in the K8S cluster, user management and deployment, update the application in the K8S cluster, the client has kubernetes-Helm’s client (command line) tool, used to connect and communicate with the server Tiller.
Swift
For example, TILler uses GRPC protocol, etc., so partners in the community developed such a proxy (Swift), which is encapsulated into a restful HTTP interface form to facilitate communication and operation between various languages and Tiller.
Set up
Environment of this paper: Kubernetes 1.9.4 minikube 0.25.2 helm 0.10.0 swift version 2.12.1 swift needs and helm version, reference https://github.com/appscode/swift
Start the minikube environment
Minikube start - kubernetes - version v1.9.4 - extra - config = apiserver. Authorization. The Mode = RBACCopy the code- RBAC permission mode must be enabled, otherwise the subsequent installation will have many problems, such as the default mode is not
cluster-adminCannot installswiftAnd so on. - This is why you encounter such problems installing Swift with helm.
Error: release my-searchlight failed: clusterroles.rbac.authorization.k8s.io "my-searchlight" is forbidden: attempt to grant extra privileges: [PolicyRule{APIGroups:["apiextensions.k8s.io"], Resources:["customresourcedefinitions"], Verbs:["*"]} PolicyRule{APIGroups:["extensions"], Resources:["thirdpartyresources"], Verbs:["*"]} PolicyRule{APIGroups:["monitoring.appscode.com"], Resources:["*"], Verbs:["*"]} PolicyRule{APIGroups:["storage.k8s.io"], Resources:["*"], Verbs:["get"]} PolicyRule{APIGroups:[""], Resources:["secrets"], Verbs:["get"]} PolicyRule{APIGroups:[""], Resources:["secrets"], Verbs:["list"]} PolicyRule{APIGroups:[""], Resources:["componentstatuses"], Verbs:["get"]} PolicyRule{APIGroups:[""], Resources:["componentstatuses"], Verbs:["list"]} PolicyRule{APIGroups:[""], Resources:["persistentvolumes"], Verbs:["get"]} PolicyRule{APIGroups:[""], Resources:["persistentvolumes"], Verbs:["list"]} PolicyRule{APIGroups:[""], Resources:["persistentvolumeclaims"], Verbs:["get"]} PolicyRule{APIGroups:[""], Resources:["persistentvolumeclaims"], Verbs:["list"]} PolicyRule{APIGroups:[""], Resources:["pods"], Verbs:["get"]} PolicyRule{APIGroups:[""], Resources:["pods"], Verbs:["list"]} PolicyRule{APIGroups:[""], Resources:["pods"], Verbs:["patch"]} PolicyRule{APIGroups:[""], Resources:["pods"], Verbs:["watch"]} PolicyRule{APIGroups:[""], Resources:["nodes"], Verbs:["get"]} PolicyRule{APIGroups:[""], Resources:["nodes"], Verbs:["list"]} PolicyRule{APIGroups:[""], Resources:["nodes"], Verbs:["patch"]} PolicyRule{APIGroups:[""], Resources:["nodes"], Verbs:["watch"]} PolicyRule{APIGroups:[""], Resources:["namespaces"], Verbs:["get"]} PolicyRule{APIGroups:[""], Resources:["namespaces"], Verbs:["list"]} PolicyRule{APIGroups:[""], Resources:["namespaces"], Verbs:["patch"]} PolicyRule{APIGroups:[""], Resources:["namespaces"], Verbs:["watch"]} PolicyRule{APIGroups:[""], Resources:["pods/exec"], Verbs:["create"]} PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["create"]} PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["list"]}] user=&{system:serviceaccount:kube-system:tilleruser a61ce1ed-0a6d-11e9-babc-0800274b952b [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[clusterroles.rbac.authorization.k8s.io "cluster-admin" not found]
Copy the code- The reason for using K8S 1.9.4 is that 1.10.0 does not have a default
kube-dnsModule, a little inconvenient, and Swift and Tiller communication depends on DNS. - Configure the agent as above to access some resources outside the wall.
Install the Helm client
brew install kubernetes-helm
helm version
Copy the codeKube – DNS installation
- Waiting for the
kube-dnsThe installation is complete
kubectl get deployment -n kube-system --watch
Copy the code- Create a ServiceAccount account
kubectl create serviceaccount kube-dns -n kube-system
Copy the code- for
kube-dnsThe Deployment Settings association
kubectl patch deployment kube-dns -n kube-system -p '{"spec":{"template":{"spec":{"serviceAccountName":"kube-dns"}}}}'
Copy the code- Wait for DNS related Pods to complete startup
kubectl get pods -n kube-system --watch
Copy the code
The deployment of Tiller,
- Tiller serves as the server of the Helm and its version is the same as that of the client.
- Before deploying the Tiller, grant k8S operation rights to the Tiller
$ kubectl create serviceaccount tiller --namespace kube-system $ kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller $ helm init --service-account tiller $ helm version --short Client: V2.12.1 + g02a47c7 Server: v2.12.1 + g02a47c7Copy the code- Wait for tiller deployment to complete
The deployment of Swift,
- Start by adding an Appscode repository for helm
$ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update
$ helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
appscode https://charts.appscode.com/stable/
Copy the code- Search for swift in helm
$helm Search Swift NAME CHART VERSION APP VERSION DESCRIPTION AppsCode/SWIFT 0.10.0 0.10.0 Swift by Appscode - Ajax Friendly Helm Tiller Proxy stable/ SWIFT 0.6.3 0.7.3 DEPRECATED Swift by AppsCode - Ajax Friendly Helm Tiller Proxy stable/ SWIFT 0.6.3 0.7.3 DEPRECATED Swift by AppsCode - Ajax Friendly Helm TillerCopy the code- Install 0.10.0
helm install appscode/swift --name my-swift
Copy the code- Check whether the installation is complete
kubectl get pods --all-namespaces -l app=swift --watch
Copy the code
test
- Get the service and look at the IP and port
$kubectl get SVC swift-my-swift NAME TYPE cluster-ip external-ip PORT(S) AGE swift-my-swift NodePort 10.107.55.194 <none> 9855:31743/TCP,50055:32523/TCP,56790:30092/TCP 3h58mCopy the codeminikube sshAfter entering minikube access, successful return, indicating ok
${curl http://10.107.55.194:9855/tiller/v2/version/json"Version": {"sem_ver":"v2.12.1"."git_commit":"02a47c7249b1fc6d8fd3b94e6b4babf9d818144e"."git_tree_state":"clean"}}
Copy the code- The default Type of the service above should be
Cluster IPIn order for the host machine to be able to accessNodePortMethods:
kubectl patch svc swift -n kube-system -p '{"spec":{"type":"NodePort"}}'
Copy the code- Try it on the host
$minikube IP 192.168.99.100Copy the code${curl http://192.168.99.100:31743/tiller/v2/version/json"Version": {"sem_ver":"v2.12.1"."git_commit":"02a47c7249b1fc6d8fd3b94e6b4babf9d818144e"."git_tree_state":"clean"}} %Copy the code- Dashborad view
And you’re done!
Ps: at the beginning of the startup minikube only minikube start toss for a long time…..
How to test whether kube – DNS in work, refer to the official case kubernetes. IO/docs/tasks /…
# Related errors
- Failed to resolve internal DNS
I1228 09:25:08. 241821 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0 xc00043da40, TRANSIENT_FAILURE I1228 09:25:08. 243483 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0xC00043DA40, CONNECTING W1228 09:25:28.242336 1 addrConn.createTransport failed to connect to {tiller-deploy.kube-system.svc:44134 0 <nil>}. Err :connection error: desc ="transport: Error while dialing dial tcp: i/o timeout". Reconnecting... I1228 09:25:28. 242368 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0 xc00043da40, TRANSIENT_FAILURE I1228 09:25:28. 242629 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0xC00043DA40, CONNECTING W1228 09:25:53.349620 1 addrConn.createTransport failed to connect to {tiller-deploy.kube-system.svc:44134 0 <nil>}. Err :connection error: desc ="transport: Error while dialing dial tcp: i/o timeout". Reconnecting... I1228 09:25:53. 349990 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0 xc00043da40, TRANSIENT_FAILURE I1228 09:25:53. 350133 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0xC00043DA40, CONNECTING W1228 09:26:32.635786 1 addrConn.createTransport failed to connect to {tiller-deploy.kube-system.svc:44134 0 <nil>}. Err :connection error: desc ="transport: Error while dialing dial tcp: i/o timeout". Reconnecting... I1228 09:26:32. 635949 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0 xc00043da40, TRANSIENT_FAILURE I1228 09:26:32. 636553 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0xC00043DA40, CONNECTING W1228 09:27:12.647474 1 addrConn.createTransport failed to connect to {tiller-deploy.kube-system.svc:44134 0 <nil>}. Err :connection error: desc ="Transport: Error while Dialing TCP: lookup tiller-deploy.kube-system. SVC on 10.96.0.10:53: Read UDP 172.17.0.4:58290->10.96.0.10:53: I/O timeout". Reconnecting... I1228 09:27:12. 647527 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0 xc00043da40, TRANSIENT_FAILURE I1228 09:27:44. 000042 1 pickfirst. Go: 71] pickfirstBalancer: HandleSubConnStateChange: 0xC00043DA40, CONNECTING W1228 09:28:08.235280 1 Clientconn. go:830] Failed to dial tiller-deploy. Kube -system. SVC :44134: grpc: the connection is closing; please retry.Copy the code- Found minikube up, there is no
kube-dnsandkube-dashborad, butminikube addons listThese two areenabledThe status of the reference solution https://github.com/kubernetes/minikube/issues/2619 principle is manually installedkube-dnsComponent makes it work.
reference
[1] github.com/appscode/sw…
[2] appscode.com/products/sw…