20210823 (월) kubeadm으로 클러스터 구성하기

vagrant : 초기 구성에서 키기반 인증만 가능하도록 세팅됨

 

설치단계 #1 vagrant 

##### vagrantfile ##### # -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure("2") do |config|   # kube-control1 VM   config.vm.define "kube-control1" do |config|     config.vm.box = "ubuntu/focal64"     config.vm.provider "virtualbox" do |vb|        vb.name = "kube-control1"        vb.cpus = 2        vb.memory = 4096     end     config.vm.hostname = "kube-control1"     config.vm.network "private_network", ip: "192.168.200.11"   end   # kube-node1 VM   config.vm.define "kube-node1" do |config|     config.vm.box = "ubuntu/focal64"     config.vm.provider "virtualbox" do |vb|        vb.name = "kube-node1"        vb.cpus = 2        vb.memory = 3072     end     config.vm.hostname = "kube-node1"     config.vm.network "private_network", ip: "192.168.200.21"   end   # kube-node2 VM   config.vm.define "kube-node2" do |config|     config.vm.box = "ubuntu/focal64"     config.vm.provider "virtualbox" do |vb|        vb.name = "kube-node2"        vb.cpus = 2        vb.memory = 3072     end     config.vm.hostname = "kube-node2"     config.vm.network "private_network", ip: "192.168.200.22"   end   # kube-node3 VM   config.vm.define "kube-node3" do |config|     config.vm.box = "ubuntu/focal64"     config.vm.provider "virtualbox" do |vb|        vb.name = "kube-node3"        vb.cpus = 2        vb.memory = 3072     end     config.vm.hostname = "kube-node3"     config.vm.network "private_network", ip: "192.168.200.23"   end   # Hostmanager Plugin   config.hostmanager.enabled = true   config.hostmanager.manage_guest = true   # Provision   config.vm.provision "shell", inline: <<-SHELL     sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config     sed -i 's/archive.ubuntu.com/ftp.daum.net/g' /etc/apt/sources.list     sed -i 's/security.ubuntu.com/ftp.daum.net/g' /etc/apt/sources.list     systemctl restart ssh     apt update     apt install -y chrony   SHELL end ##### vagrant up ##### PS C:\Users\user\kube> vagrant up PS C:\Users\user\kube> vagrant status Current machine states: kube-control1             running (virtualbox) kube-node1                running (virtualbox) kube-node2                running (virtualbox) kube-node3                running (virtualbox) PS C:\Users\user\kube> vagrant ssh kube-control1 vagrant@kube-control1:~$ cat /etc/hosts 127.0.0.1       localhost # The following lines are desirable for IPv6 capable hosts ::1     ip6-localhost   ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts 127.0.1.1       ubuntu-focal    ubuntu-focal 127.0.2.1 kube-control1 kube-control1 ## vagrant-hostmanager-start 192.168.200.11  kube-control1 192.168.200.21  kube-node1 192.168.200.22  kube-node2 192.168.200.23  kube-node3 ## vagrant-hostmanager-end root@kube-control1:~# sudo vim /etc/ssh/sshd_config PasswordAuthentication yes  → no에서 yes로 수정 root@kube-control1:~# sudo systemctl restart ssh.service root@kube-control1:~# ssh vagrant@kube-node1  → ssh로 접속하여 control-plane 및 모든 노드들에 동일작업진행 ##### 모든 작업이 진행되면 각각 노드들에 직접 ssh 진행되는지 확인 ##### windows 터미널에서 바로 vm으로 접속 PS C:\Users\user\kube> ssh vagrant@192.168.200.21 password : vagrant

728x90

설치단계 #2 docker, kubernetes

##### Docker CE 설치 #####    < control plane 및 각 nodes 에서 각각 실행 > vagrant@kube-control1:~$ sudo apt-get update vagrant@kube-control1:~$ sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y   vagrant@kube-control1:~$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg → 다운로드 , docker 인증서 gpg키 추가 (패키지 유효성 검증을 위해서 서명이 된 패키지를 다운로드 하기 위한) vagrant@kube-control1:~$ echo \ >   "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ >   $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null → source.list파일의 내용을 일부 추가하여 파일명 docker.list로 저장 vagrant@kube-control1:~$ sudo apt-get update vagrant@kube-control1:~$ sudo apt-get install docker-ce docker-ce-cli containerd.io -y ##### kubernetes 설치 ##### <레포지토리를 추가> vagrant@kube-control1:~$ sudo curl -fssL https://packages.cloud.google.com/apt/doc/apt-key.gpg -o /usr/share/keyrings/kubernetes-archive-keyring.gpg vagrant@kube-control1:~$ echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main vagrant@kube-control1:~$ sudo apt-get update vagrant@kube-control1:~$ sudo apt-get install kubelet=1.19.11-00 kubeadm=1.19.11-00 kubectl=1.19.11-00 -y vagrant@kube-control1:~$ sudo apt-mark hold kubelet kubeadm kubectl kubelet set on hold. kubeadm set on hold. kubectl set on hold. vagrant@kube-control1:~$ sudo kubeadm init --control-plane-endpoint 192.168.200.11 --pod-network-cidr 192.168.0.0/16 --apiserver-advertise-address 192.168.200.11   → Kubernetes Control-Plane 초기화 작업 vagrant@kube-control1:~$ mkdir -p ~/.kube vagrant@kube-control1:~$ sudo cp -i /etc/kubernetes/admin.conf ~/.kube/config vagrant@kube-control1:~$ sudo chown vagrant:vagrant ~/.kube/config vagrant@kube-control1:~$ ls -l .kube/ total 8 -rw------- 1 vagrant vagrant 5566 Aug 23 07:23 config + calico project  (add-on) 컨테이너 네트워크 애드온 설치 vagrant@kube-control1:~$ kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml ##### 각각의 노드들을 가입 ##### vagrant@kube-control1:~$ kubectl get nodes NAME            STATUS     ROLES    AGE   VERSION kube-control1   NotReady   master   28m   v1.19.11 vagrant@kube-node1:~$ sudo kubeadm join 192.168.200.11:6443 --token y5l7nc.iwl29yrehiqy83vh \ >     --discovery-token-ca-cert-hash sha256:996965afcbf92e3e89437b42c549f1dae00e660a9a7d96f276103bc6236d22c8 → $ sudo kubeadm init 했을 때의 결과값에서 복사 해온 명령어를 실행하아여야함. (+ 가입하고자 하는 Nodes VM에서 실행) vagrant@kube-control1:~$ kubectl get nodes → 노드들이 추가된 것을 확인 NAME            STATUS   ROLES    AGE   VERSION kube-control1   Ready    master   51m   v1.19.11 kube-node1      Ready    <none>   20m   v1.19.11 kube-node2      Ready    <none>   20m   v1.19.11 kube-node3      Ready    <none>   20m   v1.19.11

 

Kubernetes Cluster 구성

Docker CE 설치 - 모든 노드
 추가 레포지토리 구성을 위한 사전 패키지 설치
 Docker CE 레포지토리 구성(gpg key, repository)
 Docker CE, containerd 패키지 설치

Kubernetes 구성요소 설치(kubeadm, kubelet, kubectl) - 모든 노드
 Kubernetes 레포지토리 구성(gpg key, repository)
 kubeadm, kubelet, kubectl 설치(버전 지정, 버전 고정)

Kubernetes Control Plane 초기화 - kube-control1
 sudo kubeadm init --control-plane-endpoint CONTROL_IP --pod-network-cidr POD_NET --apiserver-advertise-address APISERVER_IP 

kubectl 명령어 구성(인증 Credential 설정)
mkdir ~/.kube
sudo cp -i /etc/kubernetes/admin.conf ~/.kube/config
sudo chown USER:USER ~/.kube/config

Container Network Add-on : Calico - kube-control1
 kubectl -f apply https://docs.projectcalico.org/manifests/calico.yaml

Kubernetes Cluster에 Node 가입
 sudo kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>