Kubernetes: creating a hostPath PersistentVolume in a single node cluster

To create a ‘hostPath’ PersistentVolume in a single node cluster (do not use in a cluster with more than 1 node):

kind: PersistentVolume
apiVersion: v1
metadata:
name: pv1
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/your-path-for-vol1"

If the above is pv1.yaml, apply with:

kubectl apply -f pv1.yaml

For more info, see the docs here.

Helm install of MariaDB on bare metal Kubernetes: “mkdir: cannot create directory ‘/bitnami/mariadb/data’: Permission denied”

Installing the MariaDB chart with Helm on Kubernetes, I ran into issues with permissions on the folder that I created for the PersistentVolume:

INFO  ==> ** Starting MariaDB setup **
INFO ==> Validating settings in MYSQL_/MARIADB_ env vars..
INFO ==> Initializing mariadb database…
mkdir: cannot create directory '/bitnami/mariadb/data': Permission denied
INFO ==> Stopping mariadb…

Per similar question here, if you’re manually creating or reusing a PersistentVolume for MariaDB, you need to “chown -R 1001:1001 /pv-dir” on the PV directory, as the MariaDB container runs with userid 1001 and group 1001.

Kubernetes: installing helm tiller with RBAC role and service account

From here.

kubectl create namespace tiller-world
kubectl create serviceaccount tiller --namespace tiller-world

role-tiller.yml:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tiller-manager
  namespace: tiller-world
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
  resources: ["*"]
  verbs: ["*"]

rolebinding-tiller.yml:

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tiller-binding
  namespace: tiller-world
subjects:
- kind: ServiceAccount
  name: tiller
  namespace: tiller-world
roleRef:
  kind: Role
  name: tiller-manager
  apiGroup: rbac.authorization.k8s.io

helm init with service account and namespace:

helm init --service-account tiller --tiller-namespace tiller-world

Combining with tls certs (from here):

helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem --service-account tiller --tiller-namespace tiller-world