I was able to initialize kubernetes using ansible
Finally I will add k8s worker and create a final k8s environment </ p>
MBP OS Sierra
MAAS server (192.168.100.152 Network for MAAS: 192.168.200.1)
k8s-master server (KVM: 192.168.100.191)
ansible server (KVM: 192.168.100.192)
k8s worker(192.168.200.151)
k8s worker(192.168.200.153)
dash-board Ver.1.8
Add a machine with OS deployed by MAAS as k8s-worker in the flannel network created by k8s
Also, you can see the usage status of k8s on the dashboard. P>
This time, due to the DHCP problem of MAAS, k8s-master and worker are on different networks, so it is necessary to set the bridge on the MAAS server. P>
ubuntu18 has changed the way of network setting from up to 16
I should have been able to just write /etc/netplan/50-cloud-init.yaml_bk, but this time I wrote it in two types of files because the bridge setting did not work. P>
$ sudo vi /etc/netplan/50-cloud-init.yaml_bk
network:
ethernets:
enp0s31f6:
addresses:
- 192.168.100.152/24
gateway4: 192.168.100.1
nameservers:
addresses:
- 8.8.8.8
search:
- 8.8.4.4
enp2s0:
addresses:
- 192.168.200.1/24
gateway4: 192.168.100.1
nameservers:
addresses:
- 8.8.8.8
search:
- 8.8.4.4
version: 2
$ sudo vi /etc/network/interfaces
auto lo
iface lo inet loopback
auto enp0s31f6
iface enp0s31f6 inet manual
auto br0
iface br0 inet static
address 192.168.100.152
netmask 255.255.255.0
gateway 192.168.100.1
dns-nameservers 8.8.8.8
bridge_ports enp0s31f6
bridge_maxwait 0
bridge_df 0
bridge_stp off
auto enp2s0
iface enp2s0 inet static
address 192.168.200.1
netmask 255.255.255.0
gateway 192.168.100.1
dns-nameservers 8.8.8.8
$ ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.152 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::329c:23ff:feac:5570 prefixlen 64 scopeid 0x20<link>
ether 30:9c:23:ac:55:70 txqueuelen 1000 (Ethernet)
RX packets 9579059 bytes 16579553543 (16.5 GB)
RX errors 0 dropped 657286 overruns 0 frame 0
TX packets 6047022 bytes 936298283 (936.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::329c:23ff:feac:5570 prefixlen 64 scopeid 0x20<link>
ether 30:9c:23:ac:55:70 txqueuelen 1000 (Ethernet)
RX packets 21689196 bytes 26237413396 (26.2 GB)
RX errors 0 dropped 475 overruns 0 frame 0
TX packets 6555651 bytes 4057603928 (4.0 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xdf100000-df120000
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.200.1 netmask 255.255.255.0 broadcast 192.168.200.255
inet6 fe80::6a05:caff:fe66:a834 prefixlen 64 scopeid 0x20<link>
ether 68:05:ca:66:a8:34 txqueuelen 1000 (Ethernet)
RX packets 6867754 bytes 970026556 (970.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13304857 bytes 15246678579 (15.2 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17 memory 0xdf0c0000-df0e0000
Also, set NAT so that you can communicate on the two networks p>
sudo iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -j SNAT --to 192.168.100.152
To add a k8s worker, it's almost the same as the master, but you need a command to start it at the end to join the flannel network p>
The command is displayed in the output contents when kubeadm init is performed, but you can also check it with the following command p>
(k8s-master)$ kubeadm token create --print-join-command
Create a playbook for worker participation using the commands that appear p>
(ansible)$ sudo vi mlp.yml
Edit hosts as you did when mastering p>
$ sudo vi /etc/ansible/hosts
[master]
k8s-master
[mlp]
mlp01
$ sudo vi /etc/hosts
192.168.100.191 k8s-master 192.168.200.151 mlp01
Ansible playbook execution
If you want to use python3, you need the option after "-e" p>
~/ansible$ sudo ansible-playbook --private-key=id_rsa_common mlp.yml -e 'ansible_python_interpreter=/usr/bin/python3'
If the playbook is successful, it will be in the following state p>
(k8s-master)$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 3d v1.10.3
mlp01 Ready <none> 3d v1.10.2
After node is added, run nginx docker image for the time being
The reason will be described later p>
$ sudo vi nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx-container
image: nginx
ports:
- containerPort: 80
$ kubectl apply -f nginx-pod.yaml
create
$ kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-pod 1/1 Running 0 3d
No problem if nginx becomes Running p>
Even if you don't have Dashboard, you can manage to use kubernetes, but I want to use it
That's why I will install it p>
$ kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
If there is no error and "created" is displayed, it's OK
Check if it works p>
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx-pod 1/1 Running 0 3d
kube-system kubernetes-dashboard-7d5dcdb6d9-7hptz 1/1 Running 0 3d
Start kube proxy p>
$ kubectl proxy --address 0.0.0.0 --accept-hosts '.*'
Starting to serve on [::]:8001
If this happens, access it with a browser to see it.
The login screen will appear p>
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
Issue a token to log in p>
$ kubectl -n kube-system get secret
Enter using the issued token p>
The following settings are for people who find it difficult to issue tokens every time.
After doing this, you will be able to enter with SKIP on the login screen
However, since it is loose in terms of security, it is recommended to use it in conditions where there are no outsiders such as in-house only environment. P>
$ cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
EOF
This completes the kubernetes environment construction p>
Once you have created this environment, you can automatically distribute it to node by starting the docker image from k8s-master.
It's very convenient because you can add a new node as soon as you have a command to add it to the flannel network. P>
I mentioned the network settings at the beginning of this article, but until this was decided, I continued to get errors that communication did not pass.
Impression that was swayed by the change of the setting method due to the version change of ubuntu18 p>
The cause is that I just forgot to delete swap, but I tend to forget its existence p>
A node was added to the master, and just by installing dash-board → starting proxy, dash-board was not displayed in the browser, and only the directory tree of files appeared on the browser page.
I tried to start proxy-pod as shown in the middle of the page, and after that, if I proceeded according to the procedure, dash-board came to be displayed
It seems that there was no similar symptom on other referenced pages, and it is unknown whether it is the specification of the dashboard version or whether there is a setting that I have not done alone. P>
I tried to build a NAT environment with iptables
kubernetes official page
access control
Addition of Kubernetes / Web UI (Dashboard)
Install Dashboard on Kubernetes and access without authentication p>
Recommended Posts