์ง๋ ๋์์์ฟ ์์๋ [๋์์์ฟ ] ์ํ ์ง๊ธฐ feat. ๋ฏธ๋ PC ์กฐ๋ฆฝ์ ์งํํ๊ณ , ์ด๋ฒ ๊ธ์์๋ Proxmox ์ Kubernetes ๋ฅผ ์ค์นํ๋ ค๊ณ ํฉ๋๋ค.
๊ทธ๋ผ ๋ฐ๋ก Proxmox ๋ฅผ ์ค์นํด์ค์๋ค.
Proxmox ์ค์น
Proxmox ๋ Window ์ IOS ์ฒ๋ผ OS ์ ํ ์ข ๋ฅ์ ๋๋ค. ์ฐจ์ด์ ์ด๋ผ๋ฉด Proxmox ๋ ๊ฐ์ ๋จธ์ ๊ณผ ์นํ์ ์ธ ํ๊ฒฝ์ ์ ๊ณตํด์ค๋๋ค.
Proxmox ์ ๋ํด ๊ถ๊ธํ๋ค๋ฉด ์ฌ๊ธฐ๋ฅผ ์ฐธ๊ณ ํด์ฃผ์ธ์.
์ฐ์ Proxmox ๋ฅผ ์ฌ๊ธฐ์ ๋ค์ด๋ฐ์ต๋๋ค.
์ดํ Rufus ๋ฅผ ์ด์ฉํด์ ๋ค์ด๋ฐ์ ISO ๋ฅผ dd ๋ชจ๋๋ก USB ์ ๊ตฌ์์ค๋๋ค.
๊ทธ๋ฐ ๋ค์ USB ๋ฅผ ๋ฏธ๋ PC ์ ๊ผฝ์ผ๋ฉด ์๋์ ๊ฐ์ ํ๋ฉด์ด ๋ํ๋ฉ๋๋ค.
ํฌ๊ฒ ํน๋ณํ ๋ถ๋ถ์ ์์ต๋๋ค. ubuntu ์ค์นํ๋ฏ ์ค์นํด์ฃผ์๋ฉด ๋ฉ๋๋ค.
์ค์น๊ฐ ์๋ฃ๋๋ฉด ์๋์ ๊ฐ์ ๋ฌธ๊ตฌ๊ฐ ๋ํ๋๊ณ , ์น ๋ธ๋ผ์ฐ์ ์์ ์ ๊ทผํ๋ฉด ๋ฉ๋๋ค.
๋น๋ฐ๋ฒํธ๋ฅผ ์น๊ณ , ๋ค์ด๊ฐ๋๋ค.
์๋์ ๊ฐ์ ํ๋ฉด ๋จ๋ฉด ์ฑ๊ณต์ ์ผ๋ก ์ค์นํ ๊ฒ์ ๋๋ค. ์ด๋ฏธ์ง์๋ ๋ ธ๋๋ค์ด ์๋๋ฐ ์ด๊ฑด ์ ๊ฐ ์ค์นํ ํ ์ด๋ฏธ์ง๋ฅผ ์ฐ์๊ธฐ ๋๋ฌธ์ ๊ทธ๋ ์ต๋๋ค. node ๋ฅผ ์ ์ธํ๊ณ ์๋ฌด๊ฒ๋ ์์ด์ผ ์ ์์ ๋๋ค.
์ด๋ ๊ฒ Proxmox ๋ฅผ ์ฑ๊ณต์ ์ผ๋ก ์ค์นํ์ต๋๋ค.
๋ง์ฝ ์ธ๋ถ์์ proxmox ์ ์ ๊ทผํ๊ณ ์ถ๋ค๋ฉด openVPN ์ ์ด์ฉํ์๋ฉด ๋ฉ๋๋ค.
๊ทธ๋ผ ์ด์ ์ฟ ๋ฒ๋คํฐ์ค๋ฅผ ์ค์นํด๋ณด์ฃ .
Kubernetes ์ค์น
์ ๋ containerd ๋ฅผ ์ด์ฉํ๋ v1.26 ์ ์ฟ ๋ฒ๋คํฐ์ค๋ฅผ Ubuntu 20 ๋ฒ์ ์ ์ค์นํ ๊ฒ๋๋ค.
๋ง์คํฐ ๋ ธ๋์ ์์ปค ๋ ธ๋๋ฅผ ์ค์นํ ๋ ๋ฐ๋ณต๋๋ ๊ณผ์ ์ด ์๋๋ฐ ๋งค๋ฒ ํ๊ธฐ ๊ท์ฐฎ์์ ์ ๋ ์ ์คํฌ๋ฆฝํธ๋ฅผ ์์ฑํ์ฌ ์ค์นํ์ต๋๋ค.
๋ง์คํฐ๋ ธ๋
#!/bin/sh
# Source: http://kubernetes.io/docs/getting-started-guides/kubeadm
set -e
source /etc/lsb-release
if [ "$DISTRIB_RELEASE" != "20.04" ]; then
echo "################################# "
echo "############ WARNING ############ "
echo "################################# "
echo
echo "This script only works on Ubuntu 20.04!"
echo "You're using: ${DISTRIB_DESCRIPTION}"
echo "Better ABORT with Ctrl+C. Or press any key to continue the install"
read
fi
KUBE_VERSION=1.28.2
### setup terminal
apt-get --allow-unauthenticated update
apt-get --allow-unauthenticated install -y bash-completion binutils
echo 'colorscheme ron' >> ~/.vimrc
echo 'set tabstop=2' >> ~/.vimrc
echo 'set shiftwidth=2' >> ~/.vimrc
echo 'set expandtab' >> ~/.vimrc
echo 'source <(kubectl completion bash)' >> ~/.bashrc
echo 'alias k=kubectl' >> ~/.bashrc
echo 'alias c=clear' >> ~/.bashrc
echo 'complete -F __start_kubectl k' >> ~/.bashrc
sed -i '1s/^/force_color_prompt=yes\n/' ~/.bashrc
### disable linux swap and remove any existing swap partitions
swapoff -a
sed -i '/\sswap\s/ s/^\(.*\)$/#\1/g' /etc/fstab
### remove packages
kubeadm reset -f || true
crictl rm --force $(crictl ps -a -q) || true
apt-mark unhold kubelet kubeadm kubectl kubernetes-cni || true
apt-get remove -y docker.io containerd kubelet kubeadm kubectl kubernetes-cni || true
apt-get autoremove -y
systemctl daemon-reload
### install podman
. /etc/os-release
echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list
curl -L "http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key" | sudo apt-key add -
apt-get update -qq
apt-get -qq -y install podman cri-tools containers-common
rm /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list
cat <<EOF | sudo tee /etc/containers/registries.conf
[registries.search]
registries = ['docker.io']
EOF
### install packages
apt-get install -y apt-transport-https ca-certificates
mkdir -p /etc/apt/keyrings
curl -fsSL https://dl.k8s.io/apt/doc/apt-key.gpg | sudo gpg --yes --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get --allow-unauthenticated update
apt-get --allow-unauthenticated install -y docker.io containerd kubelet=${KUBE_VERSION}-00 kubeadm=${KUBE_VERSION}-00 kubectl=${KUBE_VERSION}-00 kubernetes-cni
apt-mark hold kubelet kubeadm kubectl kubernetes-cni
### install containerd 1.6 over apt-installed-version
wget https://github.com/containerd/containerd/releases/download/v1.6.12/containerd-1.6.12-linux-amd64.tar.gz
tar xvf containerd-1.6.12-linux-amd64.tar.gz
systemctl stop containerd
mv bin/* /usr/bin
rm -rf bin containerd-1.6.12-linux-amd64.tar.gz
systemctl unmask containerd
systemctl start containerd
### containerd
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
sudo mkdir -p /etc/containerd
### containerd config
cat > /etc/containerd/config.toml <<EOF
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
version = 2
[plugins]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
base_runtime_spec = ""
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
EOF
### crictl uses containerd as default
{
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
EOF
}
### kubelet should use containerd
{
cat <<EOF | sudo tee /etc/default/kubelet
KUBELET_EXTRA_ARGS="--container-runtime-endpoint unix:///run/containerd/containerd.sock"
EOF
}
### start services
systemctl daemon-reload
systemctl enable containerd
systemctl restart containerd
systemctl enable kubelet && systemctl start kubelet
### init k8s
rm /root/.kube/config || true
kubeadm init --kubernetes-version=${KUBE_VERSION} --ignore-preflight-errors=NumCPU --skip-token-print --pod-network-cidr 192.168.0.0/16
mkdir -p ~/.kube
sudo cp -i /etc/kubernetes/admin.conf ~/.kube/config
# etcdctl
ETCDCTL_VERSION=v3.5.1
ETCDCTL_ARCH=$(dpkg --print-architecture)
ETCDCTL_VERSION_FULL=etcd-${ETCDCTL_VERSION}-linux-${ETCDCTL_ARCH}
wget https://github.com/etcd-io/etcd/releases/download/${ETCDCTL_VERSION}/${ETCDCTL_VERSION_FULL}.tar.gz
tar xzf ${ETCDCTL_VERSION_FULL}.tar.gz ${ETCDCTL_VERSION_FULL}/etcdctl
mv ${ETCDCTL_VERSION_FULL}/etcdctl /usr/bin/
rm -rf ${ETCDCTL_VERSION_FULL} ${ETCDCTL_VERSION_FULL}.tar.gz
echo
echo "### COMMAND TO ADD A WORKER NODE ###"
kubeadm token create --print-join-command --ttl 0
์์ปค๋ ธ๋
#!/bin/sh
# Source: http://kubernetes.io/docs/getting-started-guides/kubeadm
set -e
source /etc/lsb-release
if [ "$DISTRIB_RELEASE" != "20.04" ]; then
echo "################################# "
echo "############ WARNING ############ "
echo "################################# "
echo
echo "This script only works on Ubuntu 20.04!"
echo "You're using: ${DISTRIB_DESCRIPTION}"
echo "Better ABORT with Ctrl+C. Or press any key to continue the install"
read
fi
KUBE_VERSION=1.28.2
### setup terminal
apt-get --allow-unauthenticated update
apt-get --allow-unauthenticated install -y bash-completion binutils
echo 'colorscheme ron' >> ~/.vimrc
echo 'set tabstop=2' >> ~/.vimrc
echo 'set shiftwidth=2' >> ~/.vimrc
echo 'set expandtab' >> ~/.vimrc
echo 'source <(kubectl completion bash)' >> ~/.bashrc
echo 'alias k=kubectl' >> ~/.bashrc
echo 'alias c=clear' >> ~/.bashrc
echo 'complete -F __start_kubectl k' >> ~/.bashrc
sed -i '1s/^/force_color_prompt=yes\n/' ~/.bashrc
### disable linux swap and remove any existing swap partitions
swapoff -a
sed -i '/\sswap\s/ s/^\(.*\)$/#\1/g' /etc/fstab
### remove packages
kubeadm reset -f || true
crictl rm --force $(crictl ps -a -q) || true
apt-mark unhold kubelet kubeadm kubectl kubernetes-cni || true
apt-get remove -y docker.io containerd kubelet kubeadm kubectl kubernetes-cni || true
apt-get autoremove -y
systemctl daemon-reload
### install podman
. /etc/os-release
echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list
curl -L "http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key" | sudo apt-key add -
apt-get update -qq
apt-get -qq -y install podman cri-tools containers-common
rm /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list
cat <<EOF | sudo tee /etc/containers/registries.conf
[registries.search]
registries = ['docker.io']
EOF
### install packages
apt-get install -y apt-transport-https ca-certificates
mkdir -p /etc/apt/keyrings
curl -fsSL https://dl.k8s.io/apt/doc/apt-key.gpg | sudo gpg --yes --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get --allow-unauthenticated update
apt-get --allow-unauthenticated install -y docker.io containerd kubelet=${KUBE_VERSION}-00 kubeadm=${KUBE_VERSION}-00 kubectl=${KUBE_VERSION}-00 kubernetes-cni
apt-mark hold kubelet kubeadm kubectl kubernetes-cni
### install containerd 1.6 over apt-installed-version
wget https://github.com/containerd/containerd/releases/download/v1.6.12/containerd-1.6.12-linux-amd64.tar.gz
tar xvf containerd-1.6.12-linux-amd64.tar.gz
systemctl stop containerd
mv bin/* /usr/bin
rm -rf bin containerd-1.6.12-linux-amd64.tar.gz
systemctl unmask containerd
systemctl start containerd
### containerd
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
sudo mkdir -p /etc/containerd
### containerd config
cat > /etc/containerd/config.toml <<EOF
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
version = 2
[plugins]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
base_runtime_spec = ""
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
EOF
### crictl uses containerd as default
{
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
EOF
}
### kubelet should use containerd
{
cat <<EOF | sudo tee /etc/default/kubelet
KUBELET_EXTRA_ARGS="--container-runtime-endpoint unix:///run/containerd/containerd.sock"
EOF
}
### start services
systemctl daemon-reload
systemctl enable containerd
systemctl restart containerd
systemctl enable kubelet && systemctl start kubelet
### init k8s
kubeadm reset -f
systemctl daemon-reload
service kubelet start
echo
echo "EXECUTE ON MASTER: kubeadm token create --print-join-command --ttl 0"
echo "THEN RUN THE OUTPUT AS COMMAND HERE TO ADD AS WORKER"
echo
์ ์คํฌ๋ฆฝํธ๋ฅผ ํตํด์ ์ฟ ๋ฒ๋คํฐ์ค ๋ํ ๊ตฌ์ฑํ์ต๋๋ค.
nodes ๊ฐ Ready ์ธ ๊ฒ์ ๋ณด์ ๋ฌธ์ ์์ด ๋ ธ๋๋ค์ด ์ค์น๋์๊ณ ,
ํ ์คํธ nginx ํ๋๋ฅผ ์ค์นํ๋๋ฐ ๋ฌธ์ ์์ด ์ ์คํ๋๊ณ ์์ต๋๋ค.
์ง๋ ์๊ฐ์ ์ํ (๋ฏธ๋ PC) ๋ฅผ ์ง์๊ณ ์ด๋ฒ ์๊ฐ์ ์ง์ ์ํ ์์ ์ฑ(Proxmox, K8S) ์ ์ง์ด๋ดค์ต๋๋ค.
๋ค์ ์ด์ผ๊ธฐ
๋ค์ ๊ธ์์๋ ๋์ฅ๊ฐ (Add-ons) ๋ ์ง์ด๋ณด๊ณ , ๋ณด์ด (Security) ๋ ์ง์ด๋ณด๊ณ , ๋ณ์ฌ๋ค(Pod) ์์ฑํด๋ณด๊ฒ ์ต๋๋ค.
๊ทธ๋ผ ์ค๋์ ์ฌ๊ธฐ๊น์ง!
'๋๋ง์ ์๊ณ ์์คํ k8s ์๊ตญ' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
[๋์์์ฟ ] ์ฑ๋ฒฝ๊ณผ ์ ์ฅ์ ์ง๊ธฐ feat. Istio, CSI Driver NFS (5) | 2023.08.21 |
---|---|
[๋์์์ฟ ] ์ํ ์ง๊ธฐ feat. ๋ฏธ๋ PC ์กฐ๋ฆฝ (4) | 2023.02.28 |