Help us understand the problem. What is going on with this article?

Kubernetesをソースコードからビルドしてローカル環境にkubernetes clusterを構築する

More than 1 year has passed since last update.

はじめに

以下の手順は、CentOS7上で、Kubernetesをソースコードからビルドして、ローカル環境にクラスタを構築する手順です。

事前準備

Go言語のバージョンを1.7以上にする

contextパッケージが必要となりますが、バージョン1.7以上ではない場合同梱されていないということで、Go言語のバージョンをアップデートします。
入手元: https://golang.org/doc/install

# tar -C /usr/local -xzf go1.8.linux-amd64.tar.gz
# export PATH=$PATH:/usr/local/go/bin

なお、次で説明する方法と同じように、Go自体のバージョンを上げるのではなく、contextパッケージのみをダウンロードしてきてPATHを設定する方法でも大丈夫だと思います。

cfssl, cfssljsonパッケージを追加する

ローカルクラスタを起動するために必要となるパッケージです。
これらのパッケージがインストールされていないと、クラスタ起動時に以下のエラーが発生します。
Hintに記載されているコマンドを使って、PATHのexportと、パッケージの入手をしておきます。
https://github.com/cloudflare/cfssl

Failed to successfully run 'cfssl', please verify that cfssl and cfssljson are in $PATH.
Hint: export PATH=$PATH:$GOPATH/bin; go get -u github.com/cloudflare/cfssl/cmd/...

なお、Go言語の環境変数は以下のコマンドで確認できます。

# go env 
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/go"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build134608843=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
PKG_CONFIG="pkg-config"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"

作業ディレクトリ

移行の作業は、全てkubernetesのソースコードフォルダ配下で実行します。ここでは、/opt/git/kubernetes以下となります。

# pwd
/opt/git/kubernetes

環境構築

etcdをセットアップする

ローカルクラスタを実行する前提として、etcdがインストールされている必要があります。用意されているスクリプトを実行して、etcdをインストールし、PATHをexportします。

# ./hack/install-etcd.sh 
Downloading https://github.com/coreos/etcd/releases/download/v3.0.14/etcd-v3.0.14-linux-amd64.tar.gz succeed
etcd v3.0.14 installed. To use:
export PATH=/opt/git/kubernetes/third_party/etcd:${PATH}.
# export PATH=/opt/git/kubernetes/third_party/etcd:${PATH}

ローカルクラスタを起動する

local-up-cluster.shを使用して、ローカルクラスタを起動します。なお起動に必要なコマンド群は、自動的にビルドされます。

# ./hack/local-up-cluster.sh 
make: Entering directory `/opt/git/kubernetes'
make[1]: Entering directory `/opt/git/kubernetes'
make[1]: Leaving directory `/opt/git/kubernetes'
make[1]: Entering directory `/opt/git/kubernetes'
make[1]: Leaving directory `/opt/git/kubernetes'
+++ [0221 20:09:36] Building the toolchain targets:
    k8s.io/kubernetes/hack/cmd/teststale
    k8s.io/kubernetes/vendor/github.com/jteeuwen/go-bindata/go-bindata
+++ [0221 20:09:37] Generating bindata:
    test/e2e/generated/gobindata_util.go
/opt/git/kubernetes /opt/git/kubernetes/test/e2e/generated
/opt/git/kubernetes/test/e2e/generated
+++ [0221 20:09:38] Building go targets for linux/amd64:
    cmd/kubectl
    cmd/hyperkube
    vendor/k8s.io/kube-aggregator
make: Leaving directory `/opt/git/kubernetes'
 WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Kubelet cgroup driver defaulted to use: systemd
API SERVER insecure port is free, proceeding...
API SERVER secure port is free, proceeding...
Detected host and ready to start services.  Doing some housekeeping first...
Using GO_OUT /opt/git/kubernetes/_output/local/bin/linux/amd64
Starting services now!
Starting etcd
etcd --advertise-client-urls http://127.0.0.1:2379 --data-dir /tmp/tmp.BCTwiX1Q3Y --listen-client-urls http://127.0.0.1:2379 --debug > "/dev/null" 2>/dev/null
Waiting for etcd to come up.
+++ [0221 20:09:49] On try 2, etcd: : http://127.0.0.1:2379
{"action":"set","node":{"key":"/_test","value":"","modifiedIndex":4,"createdIndex":4}}
Generating a 2048 bit RSA private key
...........+++
..+++
writing new private key to '/var/run/kubernetes/server-ca.key'
-----
Generating a 2048 bit RSA private key
....................................................+++
............+++
writing new private key to '/var/run/kubernetes/client-ca.key'
-----
Generating a 2048 bit RSA private key
.......................................................................+++
.......................................................................+++
writing new private key to '/var/run/kubernetes/request-header-ca.key'
-----
2017/02/21 20:09:50 [INFO] generate received request
2017/02/21 20:09:50 [INFO] received CSR
2017/02/21 20:09:50 [INFO] generating key: rsa-2048
2017/02/21 20:09:52 [INFO] encoded CSR
2017/02/21 20:09:52 [INFO] signed certificate with serial number 124466083292368969753878751531462897150884477228
2017/02/21 20:09:52 [INFO] generate received request
2017/02/21 20:09:52 [INFO] received CSR
2017/02/21 20:09:52 [INFO] generating key: rsa-2048
2017/02/21 20:09:52 [INFO] encoded CSR
2017/02/21 20:09:52 [INFO] signed certificate with serial number 631329441025824396392927159183757173624650656295
2017/02/21 20:09:52 [INFO] generate received request
2017/02/21 20:09:52 [INFO] received CSR
2017/02/21 20:09:52 [INFO] generating key: rsa-2048
2017/02/21 20:09:52 [INFO] encoded CSR
2017/02/21 20:09:52 [INFO] signed certificate with serial number 701426569215378577074384681992288543339367856691
2017/02/21 20:09:52 [INFO] generate received request
2017/02/21 20:09:52 [INFO] received CSR
2017/02/21 20:09:52 [INFO] generating key: rsa-2048
2017/02/21 20:09:53 [INFO] encoded CSR
2017/02/21 20:09:53 [INFO] signed certificate with serial number 229862793080566960970445958651876853638005750287
2017/02/21 20:09:53 [INFO] generate received request
2017/02/21 20:09:53 [INFO] received CSR
2017/02/21 20:09:53 [INFO] generating key: rsa-2048
2017/02/21 20:09:54 [INFO] encoded CSR
2017/02/21 20:09:54 [INFO] signed certificate with serial number 36416734191975628719770341690511488840046660423
2017/02/21 20:09:54 [INFO] generate received request
2017/02/21 20:09:54 [INFO] received CSR
2017/02/21 20:09:54 [INFO] generating key: rsa-2048
2017/02/21 20:09:54 [INFO] encoded CSR
2017/02/21 20:09:54 [INFO] signed certificate with serial number 553207743375559129377582195944191786742425990488
2017/02/21 20:09:54 [INFO] generate received request
2017/02/21 20:09:54 [INFO] received CSR
2017/02/21 20:09:54 [INFO] generating key: rsa-2048
2017/02/21 20:09:56 [INFO] encoded CSR
2017/02/21 20:09:56 [INFO] signed certificate with serial number 117212563773423357457144032620109324825346970515
2017/02/21 20:09:56 [INFO] generate received request
2017/02/21 20:09:56 [INFO] received CSR
2017/02/21 20:09:56 [INFO] generating key: rsa-2048
2017/02/21 20:09:57 [INFO] encoded CSR
2017/02/21 20:09:57 [INFO] signed certificate with serial number 66524454669338354068916931456157096264836067124
2017/02/21 20:09:57 [INFO] generate received request
2017/02/21 20:09:57 [INFO] received CSR
2017/02/21 20:09:57 [INFO] generating key: rsa-2048
2017/02/21 20:09:58 [INFO] encoded CSR
2017/02/21 20:09:58 [INFO] signed certificate with serial number 472293545949172374356825841988836525612842141668
Waiting for apiserver to come up
+++ [0221 20:09:59] On try 2, apiserver: : {
  "major": "1",
  "minor": "6+",
  "gitVersion": "v1.6.0-alpha.3.346+b201ac2f8f8328-dirty",
  "gitCommit": "b201ac2f8f8328d9c828f36358b106d0ea21a14a",
  "gitTreeState": "dirty",
  "buildDate": "2017-02-22T00:50:02Z",
  "goVersion": "go1.8",
  "compiler": "gc",
  "platform": "linux/amd64"
}
Error from server (AlreadyExists): namespaces "kube-public" already exists
Cluster "local-up-cluster" set.
use 'kubectl --kubeconfig=/var/run/kubernetes/admin-kube-aggregator.kubeconfig' to use the aggregated API server
kubelet ( 13513 ) is running.
Local Kubernetes cluster is running. Press Ctrl-C to shut it down.

Logs:
  /tmp/kube-apiserver.log
  /tmp/kube-controller-manager.log
  /tmp/kube-proxy.log
  /tmp/kube-scheduler.log
  /tmp/kubelet.log

To start using your cluster, you can open up another terminal/tab and run:

  export KUBECONFIG=/var/run/kubernetes/admin.kubeconfig
  cluster/kubectl.sh

Alternatively, you can write to the default kubeconfig:

  export KUBERNETES_PROVIDER=local

  cluster/kubectl.sh config set-cluster local --server=https://localhost:6443 --certificate-authority=/var/run/kubernetes/server-ca.crt
  cluster/kubectl.sh config set-credentials myself --client-key=/var/run/kubernetes/client-admin.key --client-certificate=/var/run/kubernetes/client-admin.crt
  cluster/kubectl.sh config set-context local --cluster=local --user=myself
  cluster/kubectl.sh config use-context local
  cluster/kubectl.sh

ビルド済みのバイナリを使用してクラスタを起動する

事前にコマンド群をビルドしておき、それらを使用してクラスタを起動することも出来ます。
まずは、必要なコマンド群をmakeで作成します。

# make WHAT='cmd/kubectl cmd/hyperkube test/e2e/e2e.test';

次に、作成したコマンドが格納されているフォルダを引数にとって、local-up-cluster.shを実行します。

# ./hack/local-up-cluster.sh -o _output/bin/
skipping build
using source _output/bin/
skipped the build.
 WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Kubelet cgroup driver defaulted to use: systemd
API SERVER insecure port is free, proceeding...
API SERVER secure port is free, proceeding...
Detected host and ready to start services.  Doing some housekeeping first...
Using GO_OUT _output/bin/
Starting services now!
Starting etcd
etcd --advertise-client-urls http://127.0.0.1:2379 --data-dir /tmp/tmp.GVYitifLmI --listen-client-urls http://127.0.0.1:2379 --debug > "/dev/null" 2>/dev/null
Waiting for etcd to come up.
+++ [0221 20:24:34] On try 2, etcd: : http://127.0.0.1:2379
{"action":"set","node":{"key":"/_test","value":"","modifiedIndex":4,"createdIndex":4}}
Generating a 2048 bit RSA private key
...+++
.....+++
writing new private key to '/var/run/kubernetes/server-ca.key'
-----
Generating a 2048 bit RSA private key
............................+++
................................+++
writing new private key to '/var/run/kubernetes/client-ca.key'
-----
Generating a 2048 bit RSA private key
..................+++
..........................................+++
writing new private key to '/var/run/kubernetes/request-header-ca.key'
-----
2017/02/21 20:24:34 [INFO] generate received request
2017/02/21 20:24:34 [INFO] received CSR
2017/02/21 20:24:34 [INFO] generating key: rsa-2048
2017/02/21 20:24:35 [INFO] encoded CSR
2017/02/21 20:24:35 [INFO] signed certificate with serial number 447052118705216540313463589978670235143017346168
2017/02/21 20:24:35 [INFO] generate received request
2017/02/21 20:24:35 [INFO] received CSR
2017/02/21 20:24:35 [INFO] generating key: rsa-2048
2017/02/21 20:24:35 [INFO] encoded CSR
2017/02/21 20:24:35 [INFO] signed certificate with serial number 453147652717934396244790326985575891492885267463
2017/02/21 20:24:35 [INFO] generate received request
2017/02/21 20:24:35 [INFO] received CSR
2017/02/21 20:24:35 [INFO] generating key: rsa-2048
2017/02/21 20:24:35 [INFO] encoded CSR
2017/02/21 20:24:35 [INFO] signed certificate with serial number 272097984252071207959056508542467462400256844015
2017/02/21 20:24:35 [INFO] generate received request
2017/02/21 20:24:35 [INFO] received CSR
2017/02/21 20:24:35 [INFO] generating key: rsa-2048
2017/02/21 20:24:36 [INFO] encoded CSR
2017/02/21 20:24:36 [INFO] signed certificate with serial number 89416123288674897438978570927840403417394925806
2017/02/21 20:24:36 [INFO] generate received request
2017/02/21 20:24:36 [INFO] received CSR
2017/02/21 20:24:36 [INFO] generating key: rsa-2048
2017/02/21 20:24:36 [INFO] encoded CSR
2017/02/21 20:24:36 [INFO] signed certificate with serial number 463788683463756580938211377131316447800974180111
2017/02/21 20:24:36 [INFO] generate received request
2017/02/21 20:24:36 [INFO] received CSR
2017/02/21 20:24:36 [INFO] generating key: rsa-2048
2017/02/21 20:24:36 [INFO] encoded CSR
2017/02/21 20:24:36 [INFO] signed certificate with serial number 686663176438254195071220868931395298199838761704
2017/02/21 20:24:37 [INFO] generate received request
2017/02/21 20:24:37 [INFO] received CSR
2017/02/21 20:24:37 [INFO] generating key: rsa-2048
2017/02/21 20:24:37 [INFO] encoded CSR
2017/02/21 20:24:37 [INFO] signed certificate with serial number 46503830313797068101462792228458221275331011435
2017/02/21 20:24:37 [INFO] generate received request
2017/02/21 20:24:37 [INFO] received CSR
2017/02/21 20:24:37 [INFO] generating key: rsa-2048
2017/02/21 20:24:38 [INFO] encoded CSR
2017/02/21 20:24:38 [INFO] signed certificate with serial number 581841164489590118531163072166076612807454584041
2017/02/21 20:24:38 [INFO] generate received request
2017/02/21 20:24:38 [INFO] received CSR
2017/02/21 20:24:38 [INFO] generating key: rsa-2048
2017/02/21 20:24:38 [INFO] encoded CSR
2017/02/21 20:24:38 [INFO] signed certificate with serial number 2683591120418327848777775490762990201349172159
Waiting for apiserver to come up
+++ [0221 20:24:39] On try 2, apiserver: : {
  "major": "1",
  "minor": "6+",
  "gitVersion": "v1.6.0-alpha.3.346+b201ac2f8f8328-dirty",
  "gitCommit": "b201ac2f8f8328d9c828f36358b106d0ea21a14a",
  "gitTreeState": "dirty",
  "buildDate": "2017-02-22T00:50:02Z",
  "goVersion": "go1.8",
  "compiler": "gc",
  "platform": "linux/amd64"
}
Error from server (AlreadyExists): namespaces "kube-public" already exists
Cluster "local-up-cluster" set.
use 'kubectl --kubeconfig=/var/run/kubernetes/admin-kube-aggregator.kubeconfig' to use the aggregated API server
kubelet ( 16937 ) is running.
Local Kubernetes cluster is running. Press Ctrl-C to shut it down.

Logs:
  /tmp/kube-apiserver.log
  /tmp/kube-controller-manager.log
  /tmp/kube-proxy.log
  /tmp/kube-scheduler.log
  /tmp/kubelet.log

To start using your cluster, you can open up another terminal/tab and run:

  export KUBECONFIG=/var/run/kubernetes/admin.kubeconfig
  cluster/kubectl.sh

Alternatively, you can write to the default kubeconfig:

  export KUBERNETES_PROVIDER=local

  cluster/kubectl.sh config set-cluster local --server=https://localhost:6443 --certificate-authority=/var/run/kubernetes/server-ca.crt
  cluster/kubectl.sh config set-credentials myself --client-key=/var/run/kubernetes/client-admin.key --client-certificate=/var/run/kubernetes/client-admin.crt
  cluster/kubectl.sh config set-context local --cluster=local --user=myself
  cluster/kubectl.sh config use-context local
  cluster/kubectl.sh

ノードの起動を確認する

構築したKubernetes環境を利用するには、cluster/kubectl.shを使用します。

# cluster/kubectl.sh get node
NAME        STATUS    AGE       VERSION
127.0.0.1   Ready     2s        v1.6.0-alpha.3.346+b201ac2f8f8328-dirty

PODを作成する

# cluster/kubectl.sh create -f test.yaml
Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away