kubernetes helm deployment with different serviceaccount

1. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/test-tiller-with-integrations on git:master x [16:39:13] C:1
2. $ helm reset --tiller-namespace integrations-acc --force
3. Tiller (the Helm server-side component) has been uninstalled from your Kubernetes Cluster.
4.  
5. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/test-tiller-with-integrations on git:master x [16:39:38] C:1
6. $ helm init --service-account tiller --tiller-namespace integrations-acc --override 'spec.template.spec.containers[0].resources.limits.cpu'="2" --override 'spec.template.spec.containers[0].resources.limits.memory'="1Gi" --debug --upgrade
7. apiVersion: extensions/v1beta1
8. kind: Deployment
9. metadata:
10.   creationTimestamp: null
11.   labels:
12.     app: helm
13.     name: tiller
14.   name: tiller-deploy
15.   namespace: integrations-acc
16. spec:
17.   strategy: {}
18.   template:
19.     metadata:
20.       creationTimestamp: null
21.       labels:
22.         app: helm
23.         name: tiller
24.     spec:
25.       containers:
26.       - env:
27.         - name: TILLER_NAMESPACE
28.           value: integrations-acc
29.         - name: TILLER_HISTORY_MAX
30.           value: "0"
31.         image: gcr.io/kubernetes-helm/tiller:v2.7.2
32.         imagePullPolicy: IfNotPresent
33.         livenessProbe:
34.           httpGet:
35.             path: /liveness
36.             port: 44135
37.           initialDelaySeconds: 1
38.           timeoutSeconds: 1
39.         name: tiller
40.         ports:
41.         - containerPort: 44134
42.           name: tiller
43.         readinessProbe:
44.           httpGet:
45.             path: /readiness
46.             port: 44135
47.           initialDelaySeconds: 1
48.           timeoutSeconds: 1
49.         resources:
50.           limits:
51.             cpu: "2"
52.             memory: 1Gi
53.       serviceAccountName: tiller
54. status: {}
55. ---
56. apiVersion: v1
57. kind: Service
58. metadata:
59.   creationTimestamp: null
60.   labels:
61.     app: helm
62.     name: tiller
63.   name: tiller-deploy
64.   namespace: integrations-acc
65. spec:
66.   ports:
67.   - name: tiller
68.     port: 44134
69.     targetPort: tiller
70.   selector:
71.     app: helm
72.     name: tiller
73.   type: ClusterIP
74. status:
75.   loadBalancer: {}
76. ...
77. $HELM_HOME has been configured at /Users/maxx/.helm.
78.  
79. Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
80. Happy Helming!
81.  
82.  
83. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/test-tiller-with-integrations on git:master x [16:40:09] C:1
84. $ helm del --purge rmlater3 --tiller-namespace integrations-acc
85. release "rmlater3" deleted
86.  
87. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/test-tiller-with-integrations on git:master x [16:40:26]
88. $ helm install stable/drupal --tiller-namespace integrations-acc --namespace integrations-acc --name rmlater3
89. NAME:   rmlater3
90. LAST DEPLOYED: Thu Dec 28 16:40:30 2017
91. NAMESPACE: integrations-acc
92. STATUS: DEPLOYED
93.  
94. RESOURCES:
95. ==> v1/PersistentVolumeClaim
96. NAME                    STATUS   VOLUME  CAPACITY  ACCESS MODES  STORAGECLASS  AGE
97. rmlater3-mariadb        Pending  1s
98. rmlater3-drupal-apache  Pending  1s
99. rmlater3-drupal-drupal  Pending  1s
100.  
101. ==> v1/Service
102. NAME              TYPE          CLUSTER-IP     EXTERNAL-IP  PORT(S)                     AGE
103. rmlater3-mariadb  ClusterIP     10.233.61.241  <none>       3306/TCP                    1s
104. rmlater3-drupal   LoadBalancer  10.233.22.34   <pending>    80:31815/TCP,443:31321/TCP  1s
105.  
106. ==> v1beta1/Deployment
107. NAME              DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
108. rmlater3-mariadb  1        0        0           0          1s
109. rmlater3-drupal   1        0        0           0          1s
110.  
111. ==> v1/Secret
112. NAME              TYPE    DATA  AGE
113. rmlater3-mariadb  Opaque  2     1s
114. rmlater3-drupal   Opaque  1     1s
115.  
116. ==> v1/ConfigMap
117. NAME                    DATA  AGE
118. rmlater3-mariadb        1     1s
119. rmlater3-mariadb-tests  1     1s
120.  
121.  
122. NOTES:
123.  
124. *******************************************************************
125. *** PLEASE BE PATIENT: Drupal may take a few minutes to install ***
126. *******************************************************************
127.  
128. 1. Get the Drupal URL:
129.  
130.   NOTE: It may take a few minutes for the LoadBalancer IP to be available.
131.         Watch the status with: 'kubectl get svc --namespace integrations-acc -w rmlater3-drupal'
132.  
133.   export SERVICE_IP=$(kubectl get svc --namespace integrations-acc rmlater3-drupal -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
134.   echo http://$SERVICE_IP/
135.  
136. 2. Login with the following credentials
137.  
138.   echo Username: user
139.   echo Password: $(kubectl get secret --namespace integrations-acc rmlater3-drupal -o jsonpath="{.data.drupal-password}" | base64 --decode)
140.  
141.  
142. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/test-tiller-with-integrations on git:master x [16:40:32]
143. $ helm del --purge rmlater3 --tiller-namespace integrations-acc
144. helm ls release "rmlater3" deleted
145.  
146. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/test-tiller-with-integrations on git:master x [16:41:18]
147. $ helm reset --tiller-namespace integrations-acc --force
148. Tiller (the Helm server-side component) has been uninstalled from your Kubernetes Cluster.
149.  
150. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/test-tiller-with-integrations on git:master x [16:42:09]
151. $ kubectl config use-context integrations@kube.a.nl02
152. Switched to context "integrations@kube.a.nl02".
153.  
154.  
155.  
156. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/test-tiller-with-integrations on git:master x [16:42:22]
157. $ vim tiller.rolebinding.yaml
158.  
159. # Changed the rolebinding to use the tiller-integrations-acc service account instead of the tiller service account.
160.  
161. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:46:44]
162. $ cat tiller.rolebinding.yaml
163. kind: RoleBinding
164. apiVersion: rbac.authorization.k8s.io/v1beta1
165. metadata:
166.   name: tiller-binding-integrations-acc
167.   namespace: integrations-acc
168. subjects:
169. - kind: ServiceAccount
170. #  name: tiller
171.   name: tiller-integrations-acc
172.   namespace: integrations-acc
173. roleRef:
174.   kind: Role
175.   name: tiller-manager-role-integrations-acc
176.   apiGroup: rbac.authorization.k8s.io
177.  
178.  
179. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:42:49]
180. $ kubectl config use-context admin@kube.a.nl02
181. Switched to context "admin@kube.a.nl02".
182.  
183. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:42:53]
184. $ kubectl get sa -n integrations-acc
185. NAME                      SECRETS   AGE
186. default                   1         34d
187. tiller                    1         50m
188. tiller-integrations-acc   1         23m
189.  
190.  
191. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:43:07]
192. $ kubectl replace -f tiller.rolebinding.yaml
193. rolebinding "tiller-binding-integrations-acc" replaced
194.  
195. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:43:13]
196. $ kubectl config use-context integrations@kube.a.nl02
197. Switched to context "integrations@kube.a.nl02".
198.  
199.  
200. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:44:04]
201. $ helm init --service-account tiller-integrations-acc --tiller-namespace integrations-acc --override 'spec.template.spec.containers[0].resources.limits.cpu'="2" --override 'spec.template.spec.containers[0].resources.limits.memory'="1Gi" --debug
202. apiVersion: extensions/v1beta1
203. kind: Deployment
204. metadata:
205.   creationTimestamp: null
206.   labels:
207.     app: helm
208.     name: tiller
209.   name: tiller-deploy
210.   namespace: integrations-acc
211. spec:
212.   strategy: {}
213.   template:
214.     metadata:
215.       creationTimestamp: null
216.       labels:
217.         app: helm
218.         name: tiller
219.     spec:
220.       containers:
221.       - env:
222.         - name: TILLER_NAMESPACE
223.           value: integrations-acc
224.         - name: TILLER_HISTORY_MAX
225.           value: "0"
226.         image: gcr.io/kubernetes-helm/tiller:v2.7.2
227.         imagePullPolicy: IfNotPresent
228.         livenessProbe:
229.           httpGet:
230.             path: /liveness
231.             port: 44135
232.           initialDelaySeconds: 1
233.           timeoutSeconds: 1
234.         name: tiller
235.         ports:
236.         - containerPort: 44134
237.           name: tiller
238.         readinessProbe:
239.           httpGet:
240.             path: /readiness
241.             port: 44135
242.           initialDelaySeconds: 1
243.           timeoutSeconds: 1
244.         resources:
245.           limits:
246.             cpu: "2"
247.             memory: 1Gi
248.       serviceAccountName: tiller-integrations-acc
249. status: {}
250. ---
251. apiVersion: v1
252. kind: Service
253. metadata:
254.   creationTimestamp: null
255.   labels:
256.     app: helm
257.     name: tiller
258.   name: tiller-deploy
259.   namespace: integrations-acc
260. spec:
261.   ports:
262.   - name: tiller
263.     port: 44134
264.     targetPort: tiller
265.   selector:
266.     app: helm
267.     name: tiller
268.   type: ClusterIP
269. status:
270.   loadBalancer: {}
271. ...
272. $HELM_HOME has been configured at /Users/maxx/.helm.
273.  
274. Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
275. Happy Helming!
276.  
277. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:45:29] C:1
278. $ kubectl get pods -n integrations-acc
279. NAME                             READY     STATUS    RESTARTS   AGE
280. tiller-deploy-57755c7847-hhbdt   1/1       Running   0          1m
281.  
282. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:45:31]
283. $ helm install stable/drupal --tiller-namespace integrations-acc --namespace integrations-acc --name rmlater3
284. Error: Get http://localhost:8080/version: dial tcp [::1]:8080: getsockopt: connection refused
285.  
286. # maxx @ MacBook-Pro in ~/TK/kubernetes/git/helm/acc on git:master x [16:46:07] C:1
287. $ kubectl logs tiller-deploy-57755c7847-hhbdt -n integrations-acc
288. [main] 2017/12/28 15:44:16 Starting Tiller v2.7.2 (tls=false)
289. [main] 2017/12/28 15:44:16 GRPC listening on :44134
290. [main] 2017/12/28 15:44:16 Probes listening on :44135
291. [main] 2017/12/28 15:44:16 Storage driver is ConfigMap
292. [main] 2017/12/28 15:44:16 Max history per release is 0
293. [tiller] 2017/12/28 15:44:34 preparing install for rmlater3
294. [storage] 2017/12/28 15:44:34 getting release history for "rmlater3"
295. [storage/driver] 2017/12/28 15:44:34 query: failed to query with labels: Get http://localhost:8080/api/v1/namespaces/integrations-acc/configmaps?labelSelector=NAME%3Drmlater3%2COWNER%3DTILLER: dial tcp [::1]:8080: getsockopt: connection refused
296. [tiller] 2017/12/28 15:44:34 failed install prepare step: Get http://localhost:8080/version: dial tcp [::1]:8080: getsockopt: connection refused
297. [tiller] 2017/12/28 15:58:07 preparing install for rmlater3
298. [storage] 2017/12/28 15:58:07 getting release history for "rmlater3"
299. [storage/driver] 2017/12/28 15:58:07 query: failed to query with labels: Get http://localhost:8080/api/v1/namespaces/integrations-acc/configmaps?labelSelector=NAME%3Drmlater3%2COWNER%3DTILLER: dial tcp [::1]:8080: getsockopt: connection refused
300. [tiller] 2017/12/28 15:58:07 failed install prepare step: Get http://localhost:8080/version: dial tcp [::1]:8080: getsockopt: connection refused