Help us understand the problem. What is going on with this article?

Kubernetesの構築

Kubernetesの構築

(2018/11時点)

環境

  • OS: CentOS 7.4
  • Kubernetes: v1.12
  • Docker: docker-ce-18.06.1.ce
  • Cluster構成: Master Node - 1台, Worker Node - n台
  • Podネットワークアドオン: Flannel

手順

1. Dockerのインストール (Master/Worker共通)

# yum install yum-utils device-mapper-persistent-data lvm2
# yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
# yum update && yum install docker-ce-18.06.1.ce
# mkdir /etc/docker
# cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

# mkdir -p /etc/systemd/system/docker.service.d
# systemctl daemon-reload
# systemctl restart docker

2. Swapの無効化 (Master/Worker共通)

# swapoff -a
/etc/fstab
# /dev/mapper/xxx-swap swap                    swap    defaults        0 0

swap行をコメントアウト

3. Firewalldの設定

  • Master Node
# firewall-cmd --add-port=6443/tcp --zone=public --permanent
# firewall-cmd --add-port=2379-2380/tcp --zone=public --permanent
# firewall-cmd --add-port=10250-10252/tcp --zone=public --permanent
# firewall-cmd --reload
  • Worker Node
# firewall-cmd --add-port=10250/tcp --zone=public --permanent
# firewall-cmd --add-port=30000-32767/tcp --zone=public --permanent
# firewall-cmd --reload
  • (必要があれば)
# cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

# sysctl --system

4. SELinuxの停止 (Master/Worker共通)

# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
# reboot

5. kubeadm, kubelet, kubectlのインストール (Master/Worker共通)

# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
# systemctl enable kubelet && systemctl start kubelet

6. Cluster Master構築 (Masterのみ)

# kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=<x.x.x.x>

※ --pod-network-cidr: Podに割り振られるネットワークの指定, Flannelを使用する場合は10.244.0.0/16」を指定
※ --apiserver-advertise-address: Master Nodeに設定されているIPアドレスを指定
※ kubeadm実行時に出力された"kubeadm join --toke..."を取得、Worker NodeをClusterに追加するために使用

export KUBECONFIG=/etc/kubernetes/admin.conf

7. Podネットワークアドオンのインストール (Masterのみ)

# sysctl net.bridge.bridge-nf-call-iptables=1
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml

8. Master Nodeの隔離 (Masterのみ)

# kubectl taint nodes --all node-role.kubernetes.io/master-

9. Worker Nodeの追加 (Workerのみ)

#kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>

※ 手順4で取得したコマンドを実行

10. Cluster Nodeの確認 (Master上で)

# kubectl get node -o wide
NAME       STATUS   ROLES    AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION               CONTAINER-RUNTIME
master00   Ready    master   21d   v1.12.2   x.x.x.x   <none>        CentOS Linux 7 (Core)   3.10.0-862.14.4.el7.x86_64   docker://18.6.1
worker01   Ready    <none>   21d   v1.12.2   x.x.x.y   <none>        CentOS Linux 7 (Core)   3.10.0-862.14.4.el7.x86_64   docker://18.6.1
worker02   Ready    <none>   21d   v1.12.2   x.x.x.z   <none>        CentOS Linux 7 (Core)   3.10.0-862.14.4.el7.x86_64   docker://18.6.1

参考

Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away