혼자 공부할 때 K8s를 설치할 일이 잦다.
일일히 설치하는게 너무 귀찮아서 초고속 요약을 정리해보았다.
1. 기본 유틸리티 설치
sudo apt update
sudo apt install net-tools vim wget curl -y
2. Docker engine 설치
sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
sudo mkdir -m 0755 -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
3. Go lang 설치
wget https://storage.googleapis.com/golang/getgo/installer_linux
chmod +x ./installer_linux
./installer_linux
wget https://go.dev/dl/go1.22.1.linux-amd64.tar.gz
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf go1.22.1.linux-amd64.tar.gz
# ~/.bashrc 수정
...
export PATH=$PATH:/usr/local/go/bin
...
# 저장
source ~/.bashrc
4. CRI Docker 설치
git clone https://github.com/Mirantis/cri-dockerd.git
cd cri-dockerd
mkdir bin
go build -o bin/cri-dockerd
mkdir -p /usr/local/bin
sudo install -o root -g root -m 0755 bin/cri-dockerd /usr/local/bin/cri-dockerd
sudo cp -a packaging/systemd/* /etc/systemd/system
sudo sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
sudo systemctl daemon-reload
sudo systemctl enable cri-docker.service
sudo systemctl enable --now cri-docker.socket
5. IPv4 포워딩 및 브리징 트래픽 설정
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
6. Kubernetes 설치
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
# Deprecated
#curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg
#echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
# 아래의 두 명령은 설치할 버전으로 수정하여 실행
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
7. Master 노드 초기화
*Master 노드 에서만
kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket unix:///var/run/cri-dockerd.sock
# HA 설정 시
kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket unix:///var/run/cri-dockerd.sock --control-plane-endpoint=<hostname>
8. 사용자에게 kubeadm 권한 제공
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
9. Master 노드 CNI 적용
2중택1
*Weave CNI
kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml*Flannel CNI (CIDR=10.244.0.0/16) (UDP 8285, 8472 허용)
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
10. Worker 노드 클러스터 참여
kubeadm join 192.168.11.134:6443 --token llkxyq.2rq77uj52r8zzfsx \
--discovery-token-ca-cert-hash sha256:9b44bee15947ba659aee0a5cc31470ec578ea32f64fefb7809ead91b72815a32 --cri-socket unix:///var/run/cri-dockerd.sock
11. Control-plane에 Taint 옵션 제거
kubectl taint node <node 명> node-role.kubernetes.io/control-plane:NoSchedule-
12. 노드 제거 및 초기화
*Worker 노드 제거
kubectl drain <노드 이름> --delete-emptydir-data --force --ignore-daemonsets
kubectl delete node <노드 이름>*Worker 및 Master 노드 초기화
kubeadm reset --cri-socket unix:///var/run/cri-dockerd.sock'Today I Learned > 쿠버네티스' 카테고리의 다른 글
| K8s 권한 관리하기(RBAC) (1) | 2023.11.22 |
|---|