Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

k8s 리소스 순서대로 배포하기 #4

Closed
BaeKY opened this issue Jan 6, 2023 · 4 comments
Closed

k8s 리소스 순서대로 배포하기 #4

BaeKY opened this issue Jan 6, 2023 · 4 comments
Assignees
Labels
enhancement New feature or request

Comments

@BaeKY
Copy link
Owner

BaeKY commented Jan 6, 2023

kubernetes/kubectl#1117 같은 문제를 겪는 사람...

kfilt

  • 위 이슈에서는 kfilt를 사용하였지만 yq로도 충분히 가능할것 같다

yq

  • 아래와 같이 하면 동작할것 같은데...
    # CRD만 먼저 생성
    cat my-manifest.k8s.yaml | yq '. | select(.kind == "CustomResourceDefinition")' | kubectl apply -f -
    
    # 경건한 마음으로 CRD 생성을 기다리자
    sleep 27
    
    # CRD 제외한 나머지 생성
    cat my-manifest.k8s.yaml | yq '. | select(.kind != "CustomResourceDefinition")' | kubectl apply -f -
  • 복잡하게 kubectl wait --for condition=~~~ 해서 하는것 보다 간단할듯.
  • sleep time 정도만 parameter로 받도록 하자.(기본값 27)
@BaeKY BaeKY self-assigned this Jan 6, 2023
@BaeKY BaeKY added the enhancement New feature or request label Jan 6, 2023
@BaeKY BaeKY changed the title kubectl apply -f 로 배포시 CRD 생성지연으로 manifest의 일부 Resource가 생성되지 않음 kubectl apply -f 로 배포시 CRD생성 전에 CR생성으로인한 에러 Jan 7, 2023
@BaeKY
Copy link
Owner Author

BaeKY commented Jan 8, 2023

script 작성

  • deploy-manifest.sh
    #!/bin/bash
    
    MANIFESTS=$1
    
    case $MANIFESTS in
      -*|--*|'')
        echo "Unknown k8s manifest path '$MANIFESTS'"
        exit 1
        ;;
    esac
    shift
    
    if [ -d $MANIFESTS ]; then
      MANIFESTS=$(realpath $MANIFESTS)/*
    elif [ ! -f $MANIFESTS ]; then
      echo "Files not exists"
      exit 1
    fi
    
    POSITIONAL_ARGS=()
    
    while [[ $# -gt 0 ]]; do
      case $1 in
        -w|--wait-crd-creation)
          WAIT_CRD_CREATION="$2"
          shift # past argument
          shift # past value
          ;;
        -*|--*)
          echo "Unknown option $1"
          exit 1
          ;;
        *)
          POSITIONAL_ARGS+=("$1") # save positional arg
          shift # past argument
          ;;
      esac
    done
    
    set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
    
    cat $(ls $MANIFESTS | grep '.yaml') | yq '. | select(.kind == "CustomResourceDefinition")' | kubectl apply -f -
    
    sleep $WAIT_CRD_CREATION
    
    cat $(ls $MANIFESTS | grep '.yaml') | yq '. | select(.kind != "CustomResourceDefinition")' | kubectl apply -f -

Metallb 배포 테스트

  • 아래 명령어로 deploy-manifest.sh를 통해 ./manifest/0000-metallb.k8s.yaml를 배포한다
    # cd <root>/chart
    bash ./scripts/deploy-manifest.sh ./manifest/0000-metallb.k8s.yaml --wait-crd-creation 30
  • 결과: 실패
    customresourcedefinition.apiextensions.k8s.io/addresspools.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/communities.metallb.io created
    serviceaccount/l2-lb-metallb-controller created
    serviceaccount/l2-lb-metallb-speaker created
    secret/webhook-server-cert created
    clusterrole.rbac.authorization.k8s.io/l2-lb-metallb:controller created
    clusterrole.rbac.authorization.k8s.io/l2-lb-metallb:speaker created
    clusterrolebinding.rbac.authorization.k8s.io/l2-lb-metallb:controller created
    clusterrolebinding.rbac.authorization.k8s.io/l2-lb-metallb:speaker created
    role.rbac.authorization.k8s.io/l2-lb-metallb-pod-lister created
    role.rbac.authorization.k8s.io/l2-lb-metallb-controller created
    rolebinding.rbac.authorization.k8s.io/l2-lb-metallb-pod-lister created
    rolebinding.rbac.authorization.k8s.io/l2-lb-metallb-controller created
    service/metallb-webhook-service created
    daemonset.apps/l2-lb-metallb-speaker created
    deployment.apps/l2-lb-metallb-controller created
    validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration created
    Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "ipaddresspoolvalidationwebhook.metallb.io": failed to call webhook: Post "https://metallb-webhook-service.metallb-system.svc:443/validate-metallb-io-v1beta1-ipaddresspool?timeout=10s": dial tcp 10.103.248.228:443: connect: connection refused
    
  • CRD생성이 문제가 아니었다

에러로그를 잘 확인하자...

@BaeKY BaeKY changed the title kubectl apply -f 로 배포시 CRD생성 전에 CR생성으로인한 에러 k8s 리소스 순서대로 배포하기 Jan 8, 2023
@BaeKY
Copy link
Owner Author

BaeKY commented Jan 8, 2023

개선

  • CRD를 먼저 생성하고 기다리는것이 아니라 사용자가 "나중에 생성할 Resource들을 지정"하는 방식으로 배포하도록 한다

BaeKY added a commit that referenced this issue Jan 8, 2023
@BaeKY
Copy link
Owner Author

BaeKY commented Jan 8, 2023

결과

  • metallb 다시 배포
    pnpm k8s:deploy ./manifest/0000-metallb.k8s.yaml --wait 17 --resources IPAddressPool
  • 결과: 성공
    > @kube-ops/[email protected] k8s:deploy /Users/bky/dev-private/k8s-lab/chart
    > ./scripts/deploy-manifest.sh $@ "./manifest/0000-metallb.k8s.yaml" "--wait" "17" "--resources" "IPAddressPool"
    
    IPAddressPool
    serviceaccount/l2-lb-metallb-controller created
    serviceaccount/l2-lb-metallb-speaker created
    secret/webhook-server-cert created
    customresourcedefinition.apiextensions.k8s.io/addresspools.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io created
    customresourcedefinition.apiextensions.k8s.io/communities.metallb.io created
    clusterrole.rbac.authorization.k8s.io/l2-lb-metallb:controller created
    clusterrole.rbac.authorization.k8s.io/l2-lb-metallb:speaker created
    clusterrolebinding.rbac.authorization.k8s.io/l2-lb-metallb:controller created
    clusterrolebinding.rbac.authorization.k8s.io/l2-lb-metallb:speaker created
    role.rbac.authorization.k8s.io/l2-lb-metallb-pod-lister created
    role.rbac.authorization.k8s.io/l2-lb-metallb-controller created
    rolebinding.rbac.authorization.k8s.io/l2-lb-metallb-pod-lister created
    rolebinding.rbac.authorization.k8s.io/l2-lb-metallb-controller created
    service/metallb-webhook-service created
    daemonset.apps/l2-lb-metallb-speaker created
    deployment.apps/l2-lb-metallb-controller created
    validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration created
    ipaddresspool.metallb.io/local-ip created
    

@BaeKY BaeKY closed this as completed Jan 8, 2023
BaeKY added a commit that referenced this issue Jan 16, 2023
* chore(chart): Add argocd chart

- #3

* chore(chart): Add harbor chart

- #3

* feat(package/helm-value-inferer): Add helm-chart version

- kube-ops/chart/src/index.ts에도 version 명시

* chore(package/k8s-generated): Add crd for helm chart

* fix(chart): Fix script for custom dns resolver on MacOS

* chore(chart): Add cert-manager chart

- #3

* chore(chart)!: Deprecate cdk8s-loader

* feat(chart): Add scripts/deploy-manifest.sh

- #4

* chore(chart): Add execute permission on scripts/*

- chmod +x ./scripts/*

* chore(chart): cert-manager

- Certificate생성시 k8s의 기본 coredns로 Chellenge 요청가던 이슈 해결
- #3

* chore(chart): argocd

- cert-manager를 통한 tls생성 추가
- #3

* chore(chart): harbor ingress tls

- #3

* chore(chart): coredns Corefile

- forward 추가
- #3

* chore(chart): Add jenkins

- #3
@dev-whoan
Copy link

감사합니다. metallb 최신 버전 에러 발생 이유가 배포 순서 때문이었군요....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants