Tag: Linux

Stuff to help me remember

Five Minute Tip: Kubernetes helm in multiple namespaces

Five Minute Tip: Kubernetes helm in multiple namespaces

A while ago I’ve upgraded the infrastructure to work in Kubernetes and having the application separated though namespaces. I’ve created deployment files and use helm to install applications in the cluster. I’ve found that using helm in multiple namespaces requires a bit extra editing to make it work.

Assuming helm client has been installed and ready to go. We’ll create a service account:

kubectl -n myapp create serviceaccount tiller

This basically creates a serviceaccount called tiller in a namespace called myapp. Now will need to create a cluster role binding for the account.

kubectl create clusterrolebinding tiller -n myapp --clusterrole=cluster-admin --serviceaccount=myapp:tiller

The –clusterrole=cluster-admin is defining what role is the account going to have. In this case, a cluster-admin role. The account can go beyond a namespace and view resources cluster-wide. The last part –serviceaccount=myapp:some-tiller-account tells Kubernetes where to install the service account. In this case, inside the namespace myapp.

Then install helm into that namespace:

helm init --service-account tiller --tiller-namespace myapp

Oh wait, what if we need helm to work in multiple namespaces? That easy! We can recycle the last command and installed a to install a service account into a different namespace:

kubectl create clusterrolebinding some-tiller-account -n mydata --clusterrole=cluster-admin --serviceaccount=mydata:tiller

Next, will need to update the clusterrolebinding so that helm can see what’s inside of another namespace.

kubectl edit clusterrolebinding tiller -n myapp

Origonal:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: tiller
  namespace: myapp

Updated:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: tiller
  namespace: myapp
- <span style="color: rgb(255, 0, 0);" data-mce-style="color: #ff0000;">kind: ServiceAccount</span>
<span style="color: rgb(255, 0, 0);" data-mce-style="color: #ff0000;">  name: tiller</span>
<span style="color: rgb(255, 0, 0);" data-mce-style="color: #ff0000;">  namespace: mydata</span>

That it! When you do a helm install or helm ls you should beable to see inside both namespaces.

Linux: Five Minute tip

Linux: Five Minute tip

I remember when I first started as Linux System Administrator, I would google Linux command lines. Expectedly if I was looking for a command but not sure what it might be called. It was not until I came across a command called apropos. It has saved my bacon and time when I was in a bind.

Looking at the command apropos:

In computingapropos is a command to search the man page files in Unix and Unix-like operating systems. apropos takes its name from the English word with the same spelling that means relevant. It is particularly useful when searching for commands without knowing their exact names. – source: wiki – apropos

basically, this command will search through the manpages in the description and manuals for the command that is being searched. Seeing the command I action:

apropos dmesg

dmesg (1) – print or control the kernel ring buffer
vmcore-dmesg (8) – This is just a placeholder until real man page has been written

 

That’s really cool how a simple the command it. You use the man command to read the manual of the command to go more in-depth with it.

My take on this; I’m glad that I’ve found this command and it has served my well up to the is.

connecting a virtual console with VirtualBox and SoCat

connecting a virtual console with VirtualBox and SoCat

There are times when being able to connect a console to a terminal application becomes useful. For example, Getting kernel panic messages and you need to get the entire message so that it can help you figure out what is going on. If using Virtualbox on linux, the serial console with need to be setup:

 

Once that is set, download and install the command screen and socat.

yum install screen socat

When the programs have finished installing. Run this command:

./socat-2.0.0-b9/socat UNIX-CONNECT:/tmp/NyLinuxVM-con PTY,link=/tmp/NyLinuxVM-con-pty &

This creates a socket to the virtual machines console and the & allows it run in the background.


screen /tmp/NyLinuxVM-con-pty

Now I can connect to the console using the command screen.

%d bloggers like this: