# set master node
hostnamectl set-hostname master
# set hosts
nano /etc/hosts
---------------
192.168.137.100 master
192.168.137.101 worker1
192.168.137.101 worker2
# (저장)
# cri-dockerd 설치
mkdir k8s-labfile
cd k8s-labfile
wget https://labfile-0425.s3.ap-northeast-2.amazonaws.com/cri-dockerd.tgz
tar -xvzf cri-dockerd.tgz
# cri-dockerd compile script
cd ~
git clone https://github.com/Mirantis/cri-dockerd.git
nano install.sh
---------------
# Run these commands as root
###Install GO###
wget https://storage.googleapis.com/golang/getgo/installer_linux
chmod +x ./installer_linux
./installer_linux
source ~/.bash_profile
cd cri-dockerd
mkdir bin
go build -o bin/cri-dockerd
mkdir -p /usr/local/bin
install -o root -g root -m 0755 bin/cri-dockerd /usr/local/bin/cri-dockerd
cp -a packaging/systemd/* /etc/systemd/system
sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
systemctl daemon-reload
systemctl enable cri-docker.service
systemctl enable --now cri-docker.socket
# (저장)
# run script
chmod +x install.sh
./install.sh
# kubelet(daemon)을 위해 swap을 사용하지 않음.
swapon && cat /etc/fstab
swapoff -a && sed -i '/swap/s/^/#/' /etc/fstab
# 방화벽 해제
ufw disable
# bridged traffic 확인
# (복붙)
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
overlay
EOF
# (복붙)
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 시스템 확인
sysctl --system
# kubeadm, kubelet, kubectl 1.24 version 설치
apt-get update
apt-get install -y apt-transport-https ca-certificates curl
curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet=1.24.0-00 kubeadm=1.24.0-00 kubectl=1.24.0-00
apt-mark hold kubelet kubeadm kubectl
# resource define
# (복붙)
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
# 부팅시 작업설정
systemctl enable docker
systemctl daemon-reload
systemctl restart docker
# docker 정보 확인
docker info
Cluster 구성
# 클러스터 생성
kubeadm init --cri-socket=unix:///var/run/cri-dockerd.sock
# token을 저장한다.
cat > token.sh (enter)
kubeadm join 192.168.137.100:6443 --token nvwzs4.aeipj1v8cri4k0rl \
--discovery-token-ca-cert-hash sha256:c502bf615bec8323d42e7fa1f342608a2bf531cd0cb3e3c83966711871279954 \
--cri-socket=unix:///var/run/cri-dockerd.sock (enter)
# (ctrl + d)
# KUBECONFIG 변수설정
nano ~/.bash_profile
--------------------
export KUBECONFIG=/etc/kubernetes/admin.conf
# (추가, 저장)
# 변수 반영
source ~/.bash_profile
echo $KUBECONFIG
# Pod 네트워크 추가기능 구성
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml -O
kubectl apply -f calico.yaml
# 클러스터 구성 상태 확인
kubectl get nodes
kubectl get pods --all-namespaces
연결 test
#[master] ssh-key 생성
# (/root/.ssh/id_rsa)
ssh-keygen
#[master] public key 복사
cat ~/.ssh/id_rsa.pub
# (내용 복사)
#[worker nodes] authorized_keys에 master public key 복사
nano ~/.ssh/authorized_keys
# (public key 붙여넣기)
#[master] hostname을 활용해서 token 전달
scp token.sh worker1:/root/token.sh
scp token.sh worker2:/root/token.sh
#[worker nodes] token 실행
chmod +x token.sh
./token.sh
#[master] join 상태 확인
kubectl get nodes
kubectl get pods --all-namespaces
kubectl 자동완성 설정
#[master] kubectl 자동완성
nano ~/.bashrc
--------------
source <(kubectl completion bash)
# (맨 뒤에 작성 후 저장)
nano ~/.bash_profile
--------------------
. ~/.bashrc
# (맨 뒤에 작성 후 저장)
source ~/.bash_profile
Namespace 확인, 변경
# namespace 확인
kubectl get namespace
# deploy 확인
kubectl get deploy
# 현재 context(계정) 확인
kubectl config current-context
# 현재 context의 access parameter 확인
kubectl config get-contexts $(kubectl config current-context)
# 기본 namespace를 "kube-system"으로 변경
kubectl config set-context $(kubectl config current-context) --namespace=kube-system
# 기본 namespace를 다시 default로 변경
kubectl config set-context $(kubectl config current-context) --namespace=""
