[CKA] KodeKloud - Cluster Installation using Kubeadm
안녕하세요, 쯀리입니다.
오늘은 Cluster Installation using Kubeadm에 관해 배워보겠습니다.
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
kubeadm
kubeadm을 사용하면 모범 사례를 준수하는 최소 실행 가능한 쿠버네티스 클러스터를 생성할 수 있습니다.. 실제로 kubeadm을 사용하여 Kubernetes 적합성 테스트를 통과하는 클러스터를 설정할 수 있으며, kubeadm은 부트스트랩 토큰 및 클러스터 업그레이드와 같은 다른 클러스터 수명 주기 기능도 지원합니다.
Quiz
1. Install the kubeadm and kubelet packages on the controlplane and node01 nodes.
Use the exact version of 1.30.0-1.1 for both.
두 과정 모두 controlplane 와 node01 에서 실행해주세요.
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
# To see the new version labels
sudo apt-cache madison kubeadm
sudo apt-get install -y kubelet=1.30.0-1.1 kubeadm=1.30.0-1.1 kubectl=1.30.0-1.1
sudo apt-mark hold kubelet kubeadm kubectl
2. What is the version of kubelet installed?
controlplane ~ ➜ kubelet --version
Kubernetes v1.30.0
3. How many nodes are part of kubernetes cluster currently?
Are you able to run kubectl get nodes?
controlplane ~ ➜ k get nodes
E0815 08:02:41.326260 18980 memcache.go:265] couldn't get current server API group list: the server could not find the requested resource
E0815 08:02:41.327399 18980 memcache.go:265] couldn't get current server API group list: the server could not find the requested resource
E0815 08:02:41.328491 18980 memcache.go:265] couldn't get current server API group list: the server could not find the requested resource
E0815 08:02:41.329575 18980 memcache.go:265] couldn't get current server API group list: the server could not find the requested resource
E0815 08:02:41.330602 18980 memcache.go:265] couldn't get current server API group list: the server could not find the requested resource
Error from server (NotFound): the server could not find the requested resource
4. Lets now bootstrap a kubernetes cluster using kubeadm.
The latest version of Kubernetes will be installed.
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/
5. Initialize Control Plane Node (Master Node). Use the following options:
- apiserver-advertise-address - Use the IP address allocated to eth0 on the controlplane node
- apiserver-cert-extra-sans - Set it to controlplane
- pod-network-cidr - Set to 10.244.0.0/16
Once done, set up the default kubeconfig file and wait for node to be part of the cluster.
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
controlplane ~ ✖ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 192.14.34.12 netmask 255.255.255.0 broadcast 192.14.34.255
ether 02:42:c0:0e:22:0c txqueuelen 0 (Ethernet)
RX packets 6935 bytes 801589 (801.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5629 bytes 2584665 (2.5 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
controlplane ~ ✖ IP_ADDR=$(ip addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
controlplane ~ ➜ echo $IP_ADDR
192.14.34.12
controlplane ~ ➜ kubeadm init --apiserver-cert-extra-sans=controlplane --apiserver-advertise-address $IP_ADDR --pod-network-cidr=10.244.0.0/16
로그들이 나오면
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
이대로 실행해주면 됩니다.
6. Generate a kubeadm join token Or copy the one that was generated by kubeadm init command
controlplane ~ ➜ kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
02qlgo.z6eq4pc6y0mt9mdi 23h 2024-08-16T08:08:33Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
새로 토큰 만드는 방법은 create명령어를 사용할 수 있습니다.
kubeadm token create
7. Join node01 to the cluster using the join token
과정:
## controleplane에서 토큰추가
kubeadm token create --print-join-command
## node01로 접근후 join실행
ssh node01
## 해시값을 구해야할떄:
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
## join명령
kubeadm join <controlplane-ip>:6443 --token <your-token> --discovery-token-ca-cert-hash sha256:<hash>
node01 ~ ✖ kubeadm join 192.14.34.12:6443 --token vzsb4v.srnmh1qhv2014efc --discovery-token-ca-cert-hash sha256:c71edf467fffc7f96cefaef84103c1bf47cae1aee5ddc8b91e933e377b077bb3
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
controlplane ~ ➜ k get nodes
NAME STATUS ROLES AGE VERSION
controlplane NotReady control-plane 17m v1.30.0
node01 NotReady <none> 36s v1.30.0
8. To install a network plugin, we will go with Flannel as the default choice. For inter-host communication, we will utilize the eth0 interface.
Please ensure that the Flannel manifest includes the appropriate options for this configuration.
Refer to the official documentation for the procedure.
controlplane ~ ➜ curl -LO https://raw.githubusercontent.com/flannel-io/flannel/v0.20.2/Documentation/kube-flannel.yml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 4591 100 4591 0 0 27344 0 --:--:-- --:--:-- --:--:-- 27491
controlplane ~ ➜ vi kube-flannel.yml
## 159번줄쪽 args 에 --iface=eth0 추가해줍니다.
157 args:
158 - --ip-masq
159 - --kube-subnet-mgr
160 - --iface=eth0
controlplane ~ ➜ kubectl apply -f kube-flannel.yml
namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
controlplane ~ ➜ k get nodes
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 19m v1.30.0
node01 Ready <none> 3m10s v1.30.0
참조
※ Udemy Labs - Certified Kubernetes Administrator with Practice Tests