Kubernetes

Docker** Kubernetes [#s3f08f98]

• 別名 k8s
• Podによるクラスター構築環境
• 勉強中

• kubectl
• helm

• RANCHER https://qiita.com/suzukihi724/items/00b167c6f5f2ddeca718

• https://qiita.com/ishida0503/items/f3b62b02dec4f6fef42f

Check !!!! 後でチェックする．†[edit]

• kubectl config set-context $(kubectl config current-context) --namespace k8sns

Install （CentOS8）†[edit]

• オンプレ用

swap を止める†[edit]

# swapoff -a

• 再起動するとまた有効になるので，/etc/fstab でスワップ行をコメントアウト

firewalld を止める．†[edit]

routing の適用設定†[edit]

• /etc/sysctl.d/k8s.conf

  net.bridge.bridge-nf-call-ip6tables = 1
  net.bridge.bridge-nf-call-iptables = 1

• sysctl --system

本体のインストール†[edit]

K8sリポジトリ（RHEL7）†[edit]

• /etc/yum.repos.d/kubernetes.repo

  [kubernetes]
  name=Kubernetes
  baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
  enabled=1
  gpgcheck=1
  repo_gpgcheck=1
  gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
  exclude=kube*

• yum install -y ipvsadm iproute-tc
• yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

RHEL7 ではなくて，最新版を手動で入れる．†[edit]

• yum install -y socat iproute-tc ipvsadm conntrack-tools
• バイナリのダウンロード

  cd /usr/bin
  RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
  curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
  chmod a+rx /usr/bin/kube* 

• /usr/lib/systemd/system/kubelet.service

  [Unit]
  Description=kubelet: The Kubernetes Node Agent
  Documentation=https://kubernetes.io/docs/
  Wants=network-online.target
  After=network-online.target
  
  [Service]
  ExecStart=/usr/bin/kubelet
  Restart=always
  StartLimitInterval=0
  RestartSec=10
  
  [Install]
  WantedBy=multi-user.target

• /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf

  [Service]
  Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
  Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" 
  # This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
  EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
  # This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use 
  # the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
  EnvironmentFile=-/etc/sysconfig/kubelet
  ExecStart=
  ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

cgroup の設定†[edit]

• /etc/sysconfig/kubelet

  KUBELET_EXTRA_ARGS="--cgroup-driver=cgroupfs"

• 設定しないと kubeadm が正常に動作しない

クラスター構築†[edit]

kubeadm†[edit]

• kubeadm init --pod-network-cidr=10.128.0.0/16 --service-cidr 10.128.0.0/16 --control-plane-endpoint=172.22.1.75:6443
  • --control-plane-endpoint は内部 DNSのIP:Port を指定する？　
• 作られるファイル
  • /var/lib/etcd/
  • /var/lib/kubelet
  • /etc/kubernetes
  • /etc/cni/net.d

• もう一度設定する場合は，kubeadm reset を行う
  • ネットワークインターフェイスを作った場合は，削除して置く．ex) ip link delete flannel.1
  • 何かリセットできない.... 関連ファイル削除，関連プロセス皆殺し...

minikube†[edit]

• 別のクラスター構築ツール．

環境設定†[edit]

• mkdir ~/.kube
• cp /etc/kubernetes/admin.conf ~/.kube/config

• または

• export KUBECONFIG=/etc/kubernetes/admin.conf

仮想ネットワーク設定　CNI（calico）†[edit]

Create a single-host Kubernetes cluster†[edit]

• https://docs.projectcalico.org/getting-started/kubernetes/quickstart

kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
wget https://docs.projectcalico.org/manifests/custom-resources.yaml
vi custom-resources.yaml      (correct IP)
kubectl create -f custom-resources.yaml

watch kubectl get pods -n calico-system
kubectl taint nodes --all node-role.kubernetes.io/master-   (マスタノードでも Podを実行できるようになる)
kubectl get nodes -o wide

• /etc/NetworkManager/conf.d/calico.conf で以下の設定が必要になるかもしれない

  [keyfile]
  unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico

calicoctl†[edit]

• 各ソフトのバージョンを合わせる．
• Install calicoctl as a binary on a single host

  cd /usr/local/bin
  curl -o calicoctl -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.0/calicoctl"
  chmod a+rx calicoctl
  ln -s calicoctl kubectl-calico

  • kubectl calico -h でチェック

• Install calicoctl as a container on a single host

  docker pull calico/ctl:v3.20.0

• Install calicoctl as a Kubernetes pod

  kubectl apply -f https://docs.projectcalico.org/manifests/calicoctl.yaml

• 確認

  kubectl exec -ti -n kube-system calicoctl -- /calicoctl get profiles -o wide

* 他の方法†[edit]

• その１

  curl -L https://docs.projectcalico.org/manifests/calico.yaml | \
  sed  '/            - name: CALICO_DISABLE_FILE_LOGGING/i\            # ADD' | \
  sed  '/            - name: CALICO_DISABLE_FILE_LOGGING/i\            - name: FELIX_IPTABLESBACKEND' | \
  sed  '/            - name: CALICO_DISABLE_FILE_LOGGING/i\              value: Auto'  | \
  sed  '/            - name: CALICO_DISABLE_FILE_LOGGING/i\            # ADD' | \
  sed  '/            - name: CALICO_DISABLE_FILE_LOGGING/i\            - name: CALICO_IPV4POOL_CIDR' | \
  sed  '/            - name: CALICO_DISABLE_FILE_LOGGING/i\              value: \"10.128.0.0\/16\"' | \
  cat - >  calico.yaml
  kubectl apply -f calico.yaml
  
  watch kubectl get pods -n calico-system
  kubectl taint nodes --all node-role.kubernetes.io/master-
  kubectl get nodes -o wide

• その2

  cat <<EOF > /etc/NetworkManager/conf.d/calico.conf
  [keyfile]
  unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico
  EOF
  wget https://docs.projectcalico.org/v3.15/manifests/calico.yaml
  vi calico.yaml   (correct IP)
  kubectl apply -f calico.yaml
  
  watch kubectl get pods -n calico-system
  kubectl taint nodes --all node-role.kubernetes.io/master-
  kubectl get nodes -o wide

Worker node†[edit]

• 初期化で kubeadm join コマンドを打つ．
  • ex) kubeadm join 172.22.1.75:6443 --token nmtraf.wfzxuqzqti5unh9f --discovery-token-ca-cert-hash sha256:13d681e6bd6466503666bbb...
• マスタの /etc/kubernetes/admin.conf をコピーすると，kubectl コマンドが打てるようになる．

MetalLB Load Balancer†[edit]

• https://zaki-hmkc.hatenablog.com/entry/2020/07/10/235944

kubectl edit configmap -n kube-system kube-proxy
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml
kubectl get ns
kubectl get pod -n metallb-system
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
vi l2-configuration.yaml
kubectl apply -f l2-configuration.yaml
kubectl get service

• l2-configuration.yaml

Getting first†[edit]

• kubeadm はデフォルト状態では --type=LoadBalancer が使用できないという情報あり？
  • EXTERNA-IP が pending のままになる．

nginx†[edit]

• https://qiita.com/suzukihi724/items/241f7241d297a2d4a55c

MetalLB を使用した場合†[edit]

kubectl run nginx --image=nginx:1.11.3
kubectl get pod
kubectl expose pod nginx  --port=80 --type=LoadBalancer --name=nginx
kubectl get service

NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP      10.128.0.1      <none>        443/TCP        17m
nginx        LoadBalancer   10.128.44.222   172.22.1.70   80:32606/TCP   3m42s

• 172.22.1.70:80 へのアクセスで Webに接続可

OLD: nginx†[edit]

Start†[edit]

kubectl run nginx --image=nginx:1.11.3
kubectl get pod
kubectl expose pod nginx --external-ip=172.22.1.75  --port=80 
kubectl get service

NAME         TYPE        CLUSTER-IP       EXTERNAL-IP     PORT(S)   AGE
kubernetes   ClusterIP   10.128.0.1       <none>          443/TCP   15m
nginx        ClusterIP   10.128.175.104   192.168.27.43   80/TCP    3s

• access to http://192.168.27.43
• IP を自分のもの以外にしても，アクセスポイントはできる．ルーティングしていないから外部からはアクセス不可．

Stop†[edit]

kubectl delete service nginx
kubectl get service
kubectl delete pod nginx
kubectl get pod

LoadBalancer†[edit]

• IPを指定した場合，--type=LoadBalancer を付けると，そのまま通る．
• その場合，ポートは通常の 80番 と LoadBalancerが指定した番号，どちらも使用できる？

# kubectl expose pod nginx  --external-ip=172.22.1.75 --port=80 --type=LoadBalancer
# kubectl get service
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP      10.96.0.1       <none>        443/TCP        80m
nginx        LoadBalancer   10.107.28.138   172.22.1.75   80:32348/TCP   4s

• --external-ip を指定しない場合は，pending となる

# kubectl expose pod nginx  --port=80 --type=LoadBalancer --name=nginx2
# kubectl get service
NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP      10.96.0.1        <none>        443/TCP        95m
nginx        LoadBalancer   10.107.28.138    172.22.1.75   80:32348/TCP   14m
nginx2       LoadBalancer   10.107.150.209   <pending>     80:31353/TCP   7s

• pending 状態のサービスには，kubectl edit service -n .... で pending 部分を編集できる！

spec:
   allocateLoadBalancerNodePorts: true
   clusterIP: 10.128.90.50
   clusterIPs:
   - 10.128.90.50
   externalIPs:
   - 192.168.27.43
   externalTrafficPolicy: Cluster

自分のIP以外でも指定可能†[edit]

# kubectl expose pod nginx --port 80 --external-ip=192.168.27.44 --name=nginx2
# kubectl get service
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP     PORT(S)   AGE
kubernetes   ClusterIP   10.128.0.1       <none>          443/TCP   67m
nginx        ClusterIP   10.128.175.104   192.168.27.43   80/TCP    51m
nginx2       ClusterIP   10.128.175.124   192.168.27.44   80/TCP    4m53s

JupyterHub†[edit]

• JupyterHub

 

最新の30件

[edit]