KyungRyeol Yoon KyungRyeol Yoon
Kubernetes · Cluster ·

[Kubernetes] Install Kubernetes(v1.11.0) on CentOS

· 6분 읽기

Configure the master node #

Preparation Run the following commands to pass bridged IP traffic to iptables chains

1[root@test-vm1 ~]$ yum update -y
2[root@test-vm1 ~]$ modprobe br_netfilter
3
4[root@test-vm1 ~]$ cat <<EOF >  /etc/sysctl.d/k8s.conf
5net.bridge.bridge-nf-call-ip6tables = 1
6net.bridge.bridge-nf-call-iptables = 1
7EOF
8[root@test-vm1 ~]$ sysctl --system

2a) Allow the necessary ports trough the firewall when you’re working in an unsafe environment or in production

1firewall-cmd --zone=public --add-port=6443/tcp --permanent
2firewall-cmd --zone=public --add-port=80/tcp --permanent
3firewall-cmd --zone=public --add-port=443/tcp --permanent
4firewall-cmd --zone=public --add-port=18080/tcp --permanent
5firewall-cmd --zone=public --add-port=10254/tcp --permanent
6firewall-cmd --reload

2b) If you’re just testing this in a safe lab environment you can disable the firewall.

1[root@test-vm1 ~]$ systemctl stop firewalld && systemctl disable firewalld

Check if selinux is Enabled with the following command

1[root@test-vm1 ~]$ sestatus

If the current mode is enforcing then you need to change the mode to permissive or disabled.

1[root@test-vm1 ~]$ sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
2[root@test-vm1 ~]$ setenforce 0

Kubernetes doesn’t want to use swap so it can offer the best performance, so we have to disable it.

1[root@test-vm1 ~]$ swapoff -a
1[root@test-vm1 ~]$ vi /etc/fstab
2
3
4#/dev/mapper/centos-swap swap                    swap    defaults        0 0

6a) Add the kubernetes repository to yum

1[root@test-vm1 ~]$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
2[kubernetes]
3name=Kubernetes
4baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
5enabled=1
6gpgcheck=1
7repo_gpgcheck=1
8gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
9EOF

6b) Add the official docker repo to yum

1[root@test-vm1 ~]$ yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
2[root@test-vm1 ~]$ yum install -y yum-utils device-mapper-persistent-data lvm2
3[root@test-vm1 ~]$ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Installation Install kubeadm and docker

1[root@test-vm1 ~]$ yum install -y ebtables ethtool docker-ce kubelet kubeadm kubectl

Start docker and enable it at boot

1[root@test-vm1 ~]$ systemctl start docker && systemctl enable docker

Start kubelet and enable it at boot

1[root@test-vm1 ~]$ systemctl start kubelet && systemctl enable kubelet

Initialize kubernetes. Be aware, for some pod network implementations you might need to add a specific ‘–pod-network-cidr=’ setting. Please check https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network before continuing.

 1[root@test-vm1 ~]$ kubeadm init --pod-network-cidr=10.244.0.0/16
 2I0715 12:50:01.543998    1958 feature_gate.go:230] feature gates: &{map[]}
 3[init] using Kubernetes version: v1.11.0
 4[preflight] running pre-flight checks
 5I0715 12:50:01.577212    1958 kernel_validator.go:81] Validating kernel version
 6I0715 12:50:01.577289    1958 kernel_validator.go:96] Validating kernel config
 7[preflight/images] Pulling images required for setting up a Kubernetes cluster
 8[preflight/images] This might take a minute or two, depending on the speed of your internet connection
 9[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'
10[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
11[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
12[preflight] Activating the kubelet service
13[certificates] Generated ca certificate and key.
14[certificates] Generated apiserver certificate and key.
15[certificates] apiserver serving cert is signed for DNS names [test-vm1.home.lcl kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.221]
16[certificates] Generated apiserver-kubelet-client certificate and key.
17[certificates] Generated sa key and public key.
18[certificates] Generated front-proxy-ca certificate and key.
19[certificates] Generated front-proxy-client certificate and key.
20[certificates] Generated etcd/ca certificate and key.
21[certificates] Generated etcd/server certificate and key.
22[certificates] etcd/server serving cert is signed for DNS names [test-vm1.home.lcl localhost] and IPs [127.0.0.1 ::1]
23[certificates] Generated etcd/peer certificate and key.
24[certificates] etcd/peer serving cert is signed for DNS names [test-vm1.home.lcl localhost] and IPs [192.168.1.221 127.0.0.1 ::1]
25[certificates] Generated etcd/healthcheck-client certificate and key.
26[certificates] Generated apiserver-etcd-client certificate and key.
27[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"
28[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
29[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
30[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
31[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
32[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
33[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
34[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
35[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
36[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"
37[init] this might take a minute or longer if the control plane images have to be pulled
38[apiclient] All control plane components are healthy after 43.502080 seconds
39[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
40[kubelet] Creating a ConfigMap "kubelet-config-1.11" in namespace kube-system with the configuration for the kubelets in the cluster
41[markmaster] Marking the node test-vm1.home.lcl as master by adding the label "node-role.kubernetes.io/master=''"
42[markmaster] Marking the node test-vm1.home.lcl as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]
43[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "test-vm1.home.lcl" as an annotation
44[bootstraptoken] using token: e8yb38.htt4pz8dmxq77jha
45[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
46[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
47[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
48[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
49[addons] Applied essential addon: CoreDNS
50[addons] Applied essential addon: kube-proxy
51
52Your Kubernetes master has initialized successfully!
53
54To start using your cluster, you need to run the following as a regular user:
55
56  mkdir -p $HOME/.kube
57  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
58  sudo chown $(id -u):$(id -g) $HOME/.kube/config
59
60You should now deploy a pod network to the cluster.
61Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
62  https://kubernetes.io/docs/concepts/cluster-administration/addons/
63
64You can now join any number of machines by running the following on each node
65as root:
66
67  kubeadm join 192.168.1.221:6443 --token e8yb38.hqq4pz9dmlq77jha --discovery-token-ca-cert-hash sha256:50b01f19d8060ba593a009d134912d62b95ca80fdbe76f3995c8ba6c4a92c705

Create admin user

 1[root@test-vm1 ~]$ groupadd -g 1000 k8sadm
 2[root@test-vm1 ~]$ useradd -u 1000 -g k8sadm -G wheel k8sadm
 3[root@test-vm1 ~]$ passwd k8sadm
 4Changing password for user k8sadm.
 5New password:
 6Retype new password:
 7passwd: all authentication tokens updated successfully.
 8[root@test-vm1 ~]$ su - k8sadm
 9[k8sadm@test-vm1 ~]$ mkdir -p $HOME/.kube
10[k8sadm@test-vm1 ~]$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
11[k8sadm@test-vm1 ~]$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

Configure the pod network

1[k8sadm@test-vm1 ~]$ kubectl get nodes
2NAME                STATUS     ROLES     AGE       VERSION
3test-vm1.home.lcl   NotReady   master    2m        v1.11.0
1[k8sadm@test-vm1 ~]$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
1[k8sadm@test-vm1 ~]$ kubectl get nodes
2NAME                STATUS    ROLES     AGE       VERSION
3test-vm1.home.lcl   Ready     master    3m        v1.11.0
 1[k8sadm@test-vm1 ~]$ kubectl get pods --all-namespaces
 2NAMESPACE     NAME                                        READY     STATUS    RESTARTS   AGE
 3kube-system   coredns-78fcdf6894-g7rg4                    1/1       Running   0          2h
 4kube-system   coredns-78fcdf6894-vr4xm                    1/1       Running   0          2h
 5kube-system   etcd-test-vm1.home.lcl                      1/1       Running   1          2h
 6kube-system   kube-apiserver-test-vm1.home.lcl            1/1       Running   1          2h
 7kube-system   kube-controller-manager-test-vm1.home.lcl   1/1       Running   1          2h
 8kube-system   kube-proxy-524ql                            1/1       Running   1          2h
 9kube-system   kube-scheduler-test-vm1.home.lcl            1/1       Running   1          2h
10kube-system   kube-flannel-ds-45d87                       1/1       Running   1          2h
11kube-system   kube-flannel-ds-bqh8j                       1/1       Running   1          2h
12kube-system   kube-flannel-ds-dfldc                       1/1       Running   1          2h

Configure the worker nodes #

Repeat steps 1 to 6 on all worker nodes

Install docker and kubeadm

1[root@test-vm2 ~]$ yum install -y kubeadm docker-ce kubelet
2[root@test-vm3 ~]$ yum install -y kubeadm docker-ce kubelet

Start docker and enable it at boot

1[root@test-vm2 ~]$ systemctl start docker && systemctl enable docker
2[root@test-vm3 ~]$ systemctl start docker && systemctl enable docker

Start kubelet and enable it at boot

1[root@test-vm2 ~]$ systemctl start kubelet && systemctl enable kubelet
2[root@test-vm3 ~]$ systemctl start kubelet && systemctl enable kubelet

Join the workers to the master use the command kubeadm returned in step 10

1[root@test-vm2 ~]$ kubeadm join 192.168.1.221:6443 --token e8yb38.hqq4pz9dmlq77jha --discovery-token-ca-cert-hash sha256:50b01f19d8060ba593a009d134912d62b95ca80fdbe76f3995c8ba6c4a92c705
2[root@test-vm3 ~]$ kubeadm join 192.168.1.221:6443 --token e8yb38.hqq4pz9dmlq77jha --discovery-token-ca-cert-hash sha256:50b01f19d8060ba593a009d134912d62b95ca80fdbe76f3995c8ba6c4a92c705

verify the status after a little while you will see

1[k8sadm@test-vm1 ~]$ kubectl get nodes
2NAME                STATUS    ROLES     AGE       VERSION
3test-vm1.home.lcl   Ready     master    26m       v1.11.1
4test-vm2.home.lcl   Ready     <none>    1m        v1.11.1
5test-vm3.home.lcl   Ready     <none>    1m        v1.11.1
Advertisement
관련 글