kubernetes(k8s)설치 - kubespray

개요

kubespraykubernetes(k8s) 설치하기
이글은 초고이며, 언제든 예고 없이 수정 될 수 있습니다. 성공해서 어찌 실습은 하고 있지만, VM들을 다시 쪼개서 다시 설치 할 때 이글을 업데이트 하겠습니다.

준비

서버 5대가 필요하다. ubuntu 냐 centos냐 고민
VM에 host 5대 호스트 준비
SSD가 250G라서 1대당 40G 씩 할당 함


서버를 일일이 설치 했었는데 openstack을 설치할까도 고민 중임.

서버구성

kakao-1: 192.168.55.206
kakao-2: 192.168.55.117
kakao-3: 192.168.55.183
kakao-4: 192.168.55.105
kakao-5: 192.168.55.199

쿠버네티스 설치

호스트 정보를 수정해준다.

# The following lines are desirable for IPv6 capable hosts
#::1     localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
# Ansible inventory hosts BEGIN
192.168.55.105 kakao-4.cluster.local kakao-4
192.168.55.199 kakao-5.cluster.local kakao-5
192.168.55.206 kakao-1.cluster.local kakao-1
192.168.55.117 kakao-2.cluster.local kakao-2
192.168.55.183 kakao-3.cluster.local kakao-3
# Ansible inventory hosts END
::1 localhost6 localhost6.localdomain

ssh-key생성후 배포

ssh key 생성

ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/kakao/.ssh/id_rsa):
Created directory '/home/kakao/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kakao/.ssh/id_rsa.
Your public key has been saved in /home/kakao/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jf2Hdsglf6RZupEHLOiwL942CFh/B5HzO41GJpfKsu4 kakao@kakao-1
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
+----[SHA256]-----+

생성 확인

la -l .ssh/
total 8
-rw------- 1 kakao kakao 1679 Mar  4 23:08 id_rsa
-rw-r--r-- 1 kakao kakao  395 Mar  4 23:08 id_rsa.pub

내용 확인

cat .ssh/id_rsa.pub

각 노드로 key 복사

$ssh-copy-id kakao@192.168.55.206 # 마스터 노드 #1
$ssh-copy-id kakao@192.168.55.117
$ssh-copy-id kakao@192.168.55.183
$ssh-copy-id kakao@192.168.55.105
$ssh-copy-id kakao@192.168.55.199

# 작업 피시
$ssh-copy-id kakao@192.168.55.131

ssh-copy-id root@192.168.55.117
ssh-copy-id root@192.168.55.183
ssh-copy-id root@192.168.55.105
ssh-copy-id root@192.168.55.199

각 노드로 접속해 ssh key 확인

ex

kakao@kakao-2:~$ cat .ssh/authorized_keys

마스터 노드에서 pip 설치

kakao1번 서버

sudo apt -y install python-pip
pip install --upgrade pip

kubespray 다운

$git clone https://github.com/kubernetes-sigs/kubespray.git
Cloning into 'kubespray'...
remote: Enumerating objects: 13, done.
remote: Counting objects: 100% (13/13), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 40892 (delta 6), reused 0 (delta 0), pack-reused 40879
Receiving objects: 100% (40892/40892), 11.85 MiB | 4.24 MiB/s, done.
Resolving deltas: 100% (22701/22701), done.
Checking connectivity... done.

설치

$sudo pip install -r requirements.txt
WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip.
Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue.
To avoid this problem you can invoke Python with '-m pip' instead of running pip directly.
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
WARNING: The directory '/home/kakao/.cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:590)'),)': /simple/ansible/
Collecting ansible==2.7.12
  Downloading ansible-2.7.12.tar.gz (11.9 MB)
     |████████████████████████████████| 11.9 MB 4.8 MB/s
Collecting jinja2==2.10.1
  Downloading Jinja2-2.10.1-py2.py3-none-any.whl (124 kB)
     |████████████████████████████████| 124 kB 192 kB/s
Collecting netaddr==0.7.19
  Downloading netaddr-0.7.19-py2.py3-none-any.whl (1.6 MB)
     |████████████████████████████████| 1.6 MB 756 kB/s
Collecting pbr==5.2.0
  Downloading pbr-5.2.0-py2.py3-none-any.whl (107 kB)
     |████████████████████████████████| 107 kB 189 kB/s
Collecting hvac==0.8.2
  Downloading hvac-0.8.2-py2.py3-none-any.whl (91 kB)
     |████████████████████████████████| 91 kB 132 kB/s
Collecting jmespath==0.9.4
  Downloading jmespath-0.9.4-py2.py3-none-any.whl (24 kB)
Collecting ruamel.yaml==0.15.96
  Downloading ruamel.yaml-0.15.96-cp27-cp27mu-manylinux1_x86_64.whl (601 kB)
     |████████████████████████████████| 601 kB 380 kB/s
Collecting PyYAML
  Downloading PyYAML-5.3.tar.gz (268 kB)
     |████████████████████████████████| 268 kB 747 kB/s
Collecting paramiko
  Downloading paramiko-2.7.1-py2.py3-none-any.whl (206 kB)
     |████████████████████████████████| 206 kB 712 kB/s
Collecting cryptography
  Downloading cryptography-2.8-cp27-cp27mu-manylinux2010_x86_64.whl (2.3 MB)
     |████████████████████████████████| 2.3 MB 337 kB/s
Requirement already satisfied: setuptools in /usr/lib/python2.7/dist-packages (from ansible==2.7.12->-r requirements.txt (line 1)) (20.7.0)
Collecting MarkupSafe>=0.23
  Downloading MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl (24 kB)
Collecting requests>=2.21.0
  Downloading requests-2.23.0-py2.py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 23.1 MB/s
Collecting ruamel.ordereddict; platform_python_implementation == "CPython" and python_version <= "2.7"
  Downloading ruamel.ordereddict-0.4.14-cp27-cp27mu-manylinux1_x86_64.whl (93 kB)
     |████████████████████████████████| 93 kB 380 kB/s
Collecting pynacl>=1.0.1
  Downloading PyNaCl-1.3.0-cp27-cp27mu-manylinux1_x86_64.whl (762 kB)
     |████████████████████████████████| 762 kB 336 kB/s
Collecting bcrypt>=3.1.3
  Downloading bcrypt-3.1.7-cp27-cp27mu-manylinux1_x86_64.whl (59 kB)
     |████████████████████████████████| 59 kB 23.3 MB/s
Collecting six>=1.4.1
  Downloading six-1.14.0-py2.py3-none-any.whl (10 kB)
Collecting cffi!=1.11.3,>=1.8
  Downloading cffi-1.14.0-cp27-cp27mu-manylinux1_x86_64.whl (387 kB)
     |████████████████████████████████| 387 kB 315 kB/s
Collecting ipaddress; python_version < "3"
  Downloading ipaddress-1.0.23-py2.py3-none-any.whl (18 kB)
Collecting enum34; python_version < "3"
  Downloading enum34-1.1.9-py2-none-any.whl (11 kB)
Collecting certifi>=2017.4.17
  Downloading certifi-2019.11.28-py2.py3-none-any.whl (156 kB)
     |████████████████████████████████| 156 kB 549 kB/s
Collecting idna<3,>=2.5
  Downloading idna-2.9-py2.py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 22.1 MB/s
Collecting chardet<4,>=3.0.2
  Downloading chardet-3.0.4-py2.py3-none-any.whl (133 kB)
     |████████████████████████████████| 133 kB 647 kB/s
Collecting urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1
  Downloading urllib3-1.25.8-py2.py3-none-any.whl (125 kB)
     |████████████████████████████████| 125 kB 682 kB/s
Collecting pycparser
  Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)
     |████████████████████████████████| 112 kB 516 kB/s
Building wheels for collected packages: ansible, PyYAML
  Building wheel for ansible (setup.py) ... done
  Created wheel for ansible: filename=ansible-2.7.12-py2-none-any.whl size=9430239 sha256=dae0a74b4e52c8a75f6f4d32ebca19920335a8da22fdb8a27129c8ce10763307
  Stored in directory: /tmp/pip-ephem-wheel-cache-IRMPOh/wheels/35/16/79/a507de0ed355e1b8030e0bf6f19b469dfc3600cd0ce4567406
  Building wheel for PyYAML (setup.py) ... done
  Created wheel for PyYAML: filename=PyYAML-5.3-cp27-cp27mu-linux_x86_64.whl size=46466 sha256=eca64dfe0ad2946927bbe688fea1b1bbefe6aad4c85867527dae9d6871ca46cb
  Stored in directory: /tmp/pip-ephem-wheel-cache-IRMPOh/wheels/06/0f/01/cdac9a236377daed23bce2de82d8cc036abc5717f63bd8268c
Successfully built ansible PyYAML
Installing collected packages: MarkupSafe, jinja2, PyYAML, six, pycparser, cffi, ipaddress, enum34, cryptography, pynacl, bcrypt, paramiko, ansible, netaddr, pbr, certifi, idna, chardet, urllib3, requests, hvac, jmespath, ruamel.ordereddict, ruamel.yaml
Successfully installed MarkupSafe-1.1.1 PyYAML-5.3 ansible-2.7.12 bcrypt-3.1.7 certifi-2019.11.28 cffi-1.14.0 chardet-3.0.4 cryptography-2.8 enum34-1.1.9 hvac-0.8.2 idna-2.9 ipaddress-1.0.23 jinja2-2.10.1 jmespath-0.9.4 netaddr-0.7.19 paramiko-2.7.1 pbr-5.2.0 pycparser-2.20 pynacl-1.3.0 requests-2.23.0 ruamel.ordereddict-0.4.14 ruamel.yaml-0.15.96 six-1.14.0 urllib3-1.25.8

inventory.ini 파일 수정

vi inventory/mycluster/inventory.ini

inventory.ini 파일 내용
host명으로 수정해 준다.

## Configure 'ip' variable to bind kubernetes services on a
# ## different ip than the default iface
# ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value.
[all]
kakao-1 ansible_host=192.168.55.206 # ip=192.168.55.206 etcd_member_name=etcd1
kakao-2 ansible_host=192.168.55.117 # ip=192.168.55.117 etcd_member_name=etcd1
kakao-3 ansible_host=192.168.55.183 # ip=192.168.55.183 etcd_member_name=etcd1
kakao-4 ansible_host=192.168.55.105 # ip=192.168.55.105 etcd_member_name=etcd1
kakao-5 ansible_host=192.168.55.199 # ip=192.168.55.199 etcd_member_name=etcd1


# ## configure a bastion host if your nodes are not directly reachable
# bastion ansible_host=x.x.x.x ansible_user=some_user

[kube-master]
# node1
# node2
kakao-1
kakao-2
kakao-3

[etcd]
kakao-1
kakao-2
kakao-3


[kube-node]
kakao-4
kakao-5

[calico-rr]

[k8s-cluster:children]
kube-master
kube-node
calico-rr

설치 확인

노드 가져오기

root@kakao-1:~# kubectl get node
NAME      STATUS   ROLES    AGE     VERSION
kakao-1   Ready    master   5m52s   v1.16.6
kakao-2   Ready    master   5m1s    v1.16.6
kakao-3   Ready    master   5m1s    v1.16.6
kakao-4   Ready    <none>   3m18s   v1.16.6
kakao-5   Ready    <none>   3m18s   v1.16.6

트러블슈팅


Written by@sdk
I explain with words and code. I explain with words and code. I explain with words and code.

GitHubLinkedIn