내 컴퓨터 192.168.0.14
VMware 192.168.181.0/24
컨테이너 100.100.100.0/24
CNI 200.200.200.0/24
vi /etc/hosts
애들 이름 설정해주기!
192.168.181.10 master
192.168.181.20 node-01
192.168.181.20 node-02
firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=2379-2380/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=10251/tcp
firewall-cmd --permanent --add-port=10252/tcp
firewall-cmd --permanent --add-port=10255/tcp
firewall-cmd --reload
modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
setenforce 0
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
init 6
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --enable docker-ce-nightly
yum-config-manager --enable docker-ce-test
yum install -y docker-ce docker-ce-cli containerd.io --allowerasing
mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
docker info|grep "Cgroup Driver"
This can take up to 4m0s 에러해결!
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
이 명령어로 위 허용해주는 것들이 포함되었는지 확인해 준다.cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
dnf install -y kubelet-1.22.5 kubeadm-1.22.5 kubectl-1.22.5 --disableexcludes=kubernetes
설치
systemctl enable kubelet
systemctl start kubelet
swapoff -a
vi /etc/fstab
#/dev/mapper/cl-swap none swap defaults 0 0
kubeadm init --pod-network-cidr 100.100.100.0/24 --control-plane-endpoint "192.168.0.14"
This can take up to 4m0s 에러해결!
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
사용자 홈디렉토리에 관리자 설정파일을 넣어줘야 쿠버 명령어를 사용할 수 있다.
한번 디렉토리 넣었다가 다시 넣어르했떠니 아래와 같은 에러가 나왔고 그 아래 명령어로 해결했다.
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
unset KUBECONFIG
export KUBECONFIG=/etc/kubernetes/admin.conf
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get nodes
확인, 일단 마스터만 나옴
kubectl get all --all-namespaces
네트워크가 설정되지 않아서 ready 상태가 아니다.
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/calico.yaml -O
vi calico.yaml
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
- name: CALICO_IPV4POOL_CIDR
value: "200.200.200.0/24"
kubectl apply -f calico.yaml
칼리오 yaml 파일 실행!firewall-cmd --zone=public --permanent --add-port={10250,30000-32767}/tcp
firewall-cmd --reload
kubeadm join 192.168.0.14:6443 --token 9rcwt1.k4gkq3z9qrhw2fjl \
--discovery-token-ca-cert-hash sha256:2ea844bd0bf24fee4d8124113c8d66b46e335cdb4c5b98ee9568a1a05ec2c916
kubectl get pod -n kube-system
전부 Running으로 뜨는지 확인해주고
kubectl get nodes
전부 Ready로 나오는지 확인해주면 된다.
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
vi recommended.yaml
39 spec:
40 ports:
41 - port: 443
42 targetPort: 8443
43 selector:
44 k8s-app: kubernetes-dashboard
45 type: NodePort
kubectl apply -f recommended.yaml
yaml 실행
kubectl get services -n kubernetes-dashboard
대시보드 포트번호 확인
firewall-cmd --permanent --add-port=[확인한포트번호]/tcp
firewall-cmd --reload
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
이친구로 토큰을 확인할 수 있고 접속할 수 가 있다.
history
로 저 명령어 실행했던 번호 확인한 다음에 ![번호]
해주면 토큰값을 바로 얻을 수 있다.