Kubernetes 설치 구성 방법 [공식가이드 준수] - 2부 -

1부에 이어서...

이제 사전 준비가 완료되었으니 본격적으로 쿠버네티스를 설치해보자!

 

#테스트 환경정보 

Control-Plane VM 2vCPU / 2GvMEM / 20GvDisk / CentOS7.9 -> 컨트롤플레인 서버의 최소 사양이다...

Node#1        VM 1vCPU / 1GvMEM / 20GvDisk / CentOS7.9

Node#2        VM 1vCPU / 1GvMEM / 20GvDisk / CentOS7.9

Node#3        VM 1vCPU / 1GvMEM / 20GvDisk / CentOS7.9

 

#kubeadm 설치 [https://kubernetes.io/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm/]

#######################################
Kubernetes Install
#######################################
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

sudo systemctl enable --now kubelet

 

에러가 발생하는데 gpgcheck에러로 체크 안 하도록 kubernetes.repo 수정 해주자

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=0
#repo_gpgcheck=1
#gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
#exclude=kubelet kubeadm kubectl
EOF

#여기까지 모든 서버[컨트롤플레인역/노드역]에 작업을 수행하도록 하자!#

 

#쿠버네티스 컨트롤 플레인 구성(초기화) [https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/]

#######################################
Kubernetes Control Plane Initailze
#######################################
kubeadm init --pod-network-cidr=10.200.0.0/16 --apiserver-advertise-address=192.168.1.40
...
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
...
[use root]
export KUBECONFIG=/etc/kubernetes/admin.conf

*kubectl get pods -A (--all-namespaces) 확인 시 coredns 상태가 Pending인 이유는 CNI(Container Network Interface)가 없어서다, CNI는 다양하므로 골라서 쓰도록 하자! 난 [Flannel]

[https://kubernetes.io/docs/concepts/cluster-administration/networking/#how-to-implement-the-kubernetes-networking-model]

#CNI [Flannel] 설치 [https://github.com/flannel-io/flannel#flannel]

kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

#Node 추가!

#######################################
Kubernetes Node Join
#######################################
kubeadm join --token <token> <control-plane-host>:<control-plane-port> --discovery-token-ca-cert-hash sha256:<hash>

*항상 그렇듯 별거 아니지만 뿌듯! 이제 시작인데 ㅋㅋ 언제까지 CLI로 낑낑 대시보드 설치 간다!

 

#쿠버네티스 대시보드 설치 [https://kubernetes.io/ko/docs/tasks/access-application-cluster/web-ui-dashboard/]

#######################################
Kubernetes Dashboard Install [NodePort Connect]
#######################################
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
type: ClusterIP -> NodePort
kubectl -n kubernetes-dashboard get service kubernetes-dashboard

*NodePort를 노출 시킴으로 직접 접속할 수 있도록 한다!

 

#쿠버네티스 서비스 계정, 클러스터롤바인딩 및 토큰 생성

 [https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md]

#######################################
Kubernetes Dashboard UserCreate
#######################################
cat <<EOF >> dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
EOF

kubectl apply -f dashboard-adminuser.yaml

#######################################
Kubernetes Dashboard Creating a ClusterRoleBinding
#######################################
cat <<EOF >> ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
EOF

kubectl apply -f ClusterRoleBinding

#######################################
Kubernetes Dashboard Bearer Token
#######################################
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}" >> k8s-token

... 대시보드까지 다 완성이 되었다!

Portainer 만져보듯 k8s 또한 주물럭주물럭 하면서 이것저것 다 시도해보려 한다!

레플리카셋에 httpd 8개 파드 띄우니 순식간에 샤샥! 너무 신기하고 잼난다 ㅋㅋ

 

요약은 따로 없이 각 테스크마다 정리해 놓았으니 참고하기 바란다! 내가!!

 

끝!