사전 준비
Rocky Linux 9
- k8s-master (172.16.100.100)
- k8s-worker1 (172.16.100.101)
- k8s-worker2 (172.16.100.102)
- k8s-worker3 (172.16.100.103)
containerd 설치
방법 1
Docker Repository 에서 containerd 를 설치 한다.
# Docker Repository 설정
dnf -y install dnf-plugins-core
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
# containerd 설치
dnf install -y containerd.io
# containerd 설정 파일 생성
cd /etc/containerd
containerd config default > config.toml# containerd 설정
vi config.toml
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
...
SystemdCgroup = true
# insecure_skip_verify 설정 (이 설정은 폐쇄망에서 필요한 경우만 설정 하면 된다.)
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry.k8s.io".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry-1.docker.io".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]systemctl restart containerd
방법 2
직접 containerd 를 설치하는 방법이며, 가급적 방법1을 권고한다.
containerd 설정은 방법 1을 참고하면 된다.
# containerd 다운로드 (https://github.com/containerd/containerd/releases)
wget https://github.com/containerd/containerd/releases/download/v2.0.0/containerd-2.0.0-linux-amd64.tar.gz
# containerd 설치
tar Cxzvf /usr/local containerd-2.0.0-linux-amd64.tar.gz
# systemd 등록
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
cp containerd.service /usr/lib/systemd/system/containerd.service
systemctl daemon-reload
systemctl enable --now containerd
IPv4를 포워딩 하여 iptables가 브리지된 트래픽을 보게하기
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 필요한 sysctl 파라미터를 설정하면, 재부팅 후에도 값이 유지된다.
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 재부팅하지 않고 sysctl 파라미터 적용하기
sudo sysctl --system
스왑 메모리 비 활성화
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
Kubeadm 설치
# permissive 모드로 SELinux 설정(효과적으로 비활성화)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/configcat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOFyum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable --now kubelet
kubeadm으로 cluster 생성
kubeadm init --apiserver-advertise-address 172.16.0.100 --pod-network-cidr 192.168.0.0/16
Pod Network 설정 (Calico)
curl https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/calico.yaml -O
kubectl apply -f calico.yaml
LoadBalancer 설치 (MetalLB)
# Preparation
kubectl edit configmap -n kube-system kube-proxy
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
ipvs:
strictARP: true
# Installation by manifest
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.8/config/manifests/metallb-native.yaml
# Layer 2 configuration
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 192.168.1.240-192.168.1.250
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: example
namespace: metallb-system'클라우드 컴퓨팅 > Kubernetes' 카테고리의 다른 글
| 쿠버네티스 HPA 연습 (0) | 2024.12.09 |
|---|