環境
- Ubuntu 20.04
- Kubernetes v1.24
事前設定
cat > /etc/modules-load.d/containerd.conf <<EOF overlay br_netfilter EOF modprobe overlay modprobe br_netfilter cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF sysctl --system
apt install -y iptables arptables ebtables update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy update-alternatives --set arptables /usr/sbin/arptables-legacy update-alternatives --set ebtables /usr/sbin/ebtables-legacy
swapを無効にしておく
swapoff -a
containerdのインストール
## 競合するパッケージを削除 apt remove docker-ce containerd docker-ce-cli docker-ce-rootless-extras ## Docker公式のGPG鍵を追加 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - ## Dockerのaptリポジトリの追加 add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" apt install -y containerd.io && apt-mark hold containerd.io
containerdの設定
mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml systemctl restart containerd systemctl enable containerd
kubeadmコマンドのインストール
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list deb https://apt.kubernetes.io/ kubernetes-xenial main EOF apt update && apt install -y kubelet kubeadm kubectl && apt-mark hold kubelet kubeadm kubectl # 確認 kubeadm version -o yaml
インストール
cluster-config.yaml を作成して以下
apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.168.16.14 --- apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration clusterName: myhome networking: serviceSubnet: "10.96.0.0/16" podSubnet: "10.189.0.0/16" controlPlaneEndpoint: "192.168.16.50:6443"
kubeadm init --config cluster-config.yaml --upload-certs
2CPU以上じゃないとエラーになる。 1CPUでも動かしたいなら --ignore-preflight-errors=NumCPU
つける
control-plane(ubuntu05)に以下を実行
kubeadm join 192.168.16.50:6443 --token 0si9q3.hr4zvkpyg89lnnk2 \ --discovery-token-ca-cert-hash sha256:40f30f128ba07472d5daa288955853f3b2a5c237c43a323f1ae5a4249fff8a62 \ --control-plane --certificate-key 7d3cb93ffc3c5495f9b894398babb745ff472a528cb54b23efc33e3c16b390e4
worker-plane(ubuntu01とか)に以下を実行
kubeadm join 192.168.16.50:6443 --token 0si9q3.hr4zvkpyg89lnnk2 \ --discovery-token-ca-cert-hash sha256:40f30f128ba07472d5daa288955853f3b2a5c237c43a323f1ae5a4249fff8a62
最初のノード以外はホスト側で以下実行
sudo mkdir -p /etc/kubernetes/manifests
Calico
kubectl delete -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml kubectl delete -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
kubectl delete -f https://docs.projectcalico.org/archive/v3.21/manifests/tigera-operator.yaml
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml
複数NICあるとREADYになってくれないのでネットワーク帯域を指定してあげる 詳細
kubectl apply -f - <<EOF kind: Installation apiVersion: operator.tigera.io/v1 metadata: name: default spec: calicoNetwork: nodeAddressAutodetectionV4: cidrs: - "192.168.16.0/24" EOF
kubectl set env daemonset/calico-node -n kube-system IP_AUTODETECTION_METHOD=cidr=192.168.16.0/24
Calicoのインストールまで完了すれば全ノードがReadyになるはず
❯ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME ubuntu01 Ready <none> 27m v1.26.0 192.168.16.11 <none> Ubuntu 20.04.4 LTS 5.15.0-67-generic containerd://1.6.18 ubuntu04 Ready control-plane 62m v1.26.3 192.168.16.14 <none> Ubuntu 20.04.4 LTS 5.15.0-1025-intel-iotg containerd://1.6.18 ubuntu05 Ready control-plane 55m v1.26.0 192.168.16.15 <none> Ubuntu 20.04.4 LTS 5.15.0-1025-intel-iotg containerd://1.6.18
MetalLB
MetalLB L2 モードをインストール
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.9/config/manifests/metallb-native.yaml
2024年2月10日アップデート
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.3/config/manifests/metallb-native.yaml
kubectl apply -n metallb-system -f - <<EOF apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: name: default-pool namespace: metallb-system spec: addresses: - 192.168.16.30-192.168.16.49 --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: default-advertisement namespace: metallb-system EOF
istio
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.17.1 sh -
export PATH="$PATH:/Users/thr3a/istio-1.17.1/bin"
❯ istioctl version client version: 1.17.1 control plane version: 1.17.1 data plane version: 1.17.1 (2 proxies)
istioctl install --set profile=demo -y --set meshConfig.outboundTrafficPolicy.mode=ALLOW_ANY --set meshConfig.accessLogFile=/dev/stdout --vklog=9
アドオンをインストールする適当なディレクトリにいってclone
git clone https://github.com/istio/istio.git cd istio git checkout 1.14.1
適用
kubectl apply -f ./samples/addons