티스토리 뷰
들어가기 앞서
본 게시글의 가장 큰 취지는 쿠버네티스를 배우고자 하시는 분들이라면 한번 쯤 겪으셨을 복잡스런 설치 과정을 보다 용이하게 자동화 설치해본다는데 있으며, 향후 쿠버네티스 학습을 위한 테스트 환경을 Minikube 수준에서 한 단계 더 나아가 다중 노드로 직접 구성해 본다는 데 또 다른 의미가 있을 것입니다.
참고로, 배포 대상을 GCP로 선정한 것은 별 뜻이 없으며(Azure용 구성도 별도 게시 예정), Azure, AWS 또는 로컬 VM, On-Premises 환경에서도 활용이 가능합니다.
본 환경은 학습을 위한 테스트 용도임을 강조드리며 GCP, Azure 또는 AWS 계정을 사전에 준비해 주시고, 효과적인 학습을 위해 가급적 본 실습을 진행 전 또는 진행 후 공식가이드 등을 통한 설치과정을 직접 체험해 보실 것을 권장드립니다.
실제 자동 배포 쉘을 이용하여 최종 쿠버네티스 클러스터 설치 자체는 단순하지만, 사전 준비할 것이 많아 2편에 걸쳐 나누어 올릴 예정입니다.
1. GCP에 클러스터 구성을 위한 VM 노드 생성
생성하고자 하는 노드와 역할은 다음과 같다. (호스트네임 및 배포 환경은 각자 상황에 맞게 변경 가능)
구분 | 호스트네임 | 역 할 | 비고 |
1 | k8s-master-gcp | Kubernetes Master 노드 | |
2 |
k8s-worker-01-gcp k8s-worker-02-gcp |
Kubernetes Worker 노드 | |
3 | zero-gcp-vmc | Ansible 제어 노드 및 작업자용 노드 |
GCP에서 위 노드들을 생성한다.
먼저 다음과 같이 Master용 VM을 생성한다.
이름 : k8s-master-gcp
리전 : 도쿄
머신 유형 : vCPU 2개
이미지 : CentOS 7
방화벽 : HTTP, HTTPS 허용
동일한 내용으로 이름만 달리하여 k8s-worker-01-gcp, k8s-worker-02-gcp, zero-gcp-vmc를 각각 만든다.
작업이 완료되면 다음과 같은 내용으로 구성될 것이다.
2. Ansible 배포를 위한 사전 작업환경 구성
SSH를 기반으로 통신을 해야 하므로 전체 서버를 대상으로 다음의 작업을 수행한다.
root 패스워드 변경과 ssh 환경 구성 파일 중 ROOT 로그인 허용과 패스워드 인증 관련 설정을 허용하고 sshd를 재구동 해준다.
PermitRootLogin yes
PasswordAuthentication yes
Connected, host fingerprint: ssh-rsa 0 58:70:67:CC:E6:F4:08:7A:CD:F0:C5:D2:D6:DD:34:D3:13:70:DA:72:48:5D:4D:C6:AA:8B:EB:C8:6D:8E:57:FA
[zerobig_kim@k8s-master-gcp ~]$ sudo su
[root@k8s-master-gcp zerobig_kim]# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@k8s-master-gcp zerobig_kim]# vi /etc/ssh/sshd_config
[root@k8s-master-gcp zerobig_kim]# systemctl restart sshd
/etc/hots 파일에 각 노드의 정보를 구성해 준다.
[root@k8s-master-gcp zerobig_kim]# vi /etc/hosts
10.146.0.8 k8s-master-gcp
10.146.0.9 k8s-worker-01-gcp
10.146.0.10 k8s-worker-02-gcp
10.146.0.11 zero-gcp-vmc
zero-gcp-vmc를 대상으로 Ansible을 설치한다.
먼저 저장소를 추가하고 설치를 한 후 버전 확인을 통해 설치 결과를 검증한다.
[root@zero-gcp-vmc ~]# [root@zero-gcp-vmc ~]# yum install epel-release -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.usc.edu
* epel: mirror.layeronline.com
* extras: mirror.mobap.edu
* updates: mirror.chpc.utah.edu
Package epel-release-7-11.noarch already installed and latest version
Nothing to do
[root@zero-gcp-vmc ~]# yum install ansible -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.usc.edu
* epel: mirror.layeronline.com
* extras: mirror.mobap.edu
* updates: mirror.chpc.utah.edu
Resolving Dependencies
<중략>
Complete!
[root@zero-gcp-vmc ~]# ansible --version
ansible 2.7.9
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
패스워드 없이 SSH 접속이 가능하도록 SSH 키를 생성하고
관리 대상 호스트 노드에 해당 키 값을 복사한 뒤, 패스워드 없이 로그인이 이루어지는지 확인해본다.
[root@zero-gcp-vmc ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:MONrt/FYioxeoBeH8/ROTTcpBOFwYAhY/KO+KwA+4L0 root@zero-gcp-vmc
The key's randomart image is:
+---[RSA 2048]----+
| +o. .+.+. |
|. . .. + . |
| . + . . |
|o oo + . . |
|= ..=.+ S o + |
|.+.o B o o o . |
|..o o = = o |
|. .E = = B |
| .o+o o = . |
+----[SHA256]-----+
[root@zero-gcp-vmc ~]# ssh-copy-id 10.146.0.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.146.0.8 (10.146.0.8)' can't be established.
ECDSA key fingerprint is SHA256:qMNoNbqWmfRymxyheX0f3Ipw/JOPplv6XN3WlddGjuA.
ECDSA key fingerprint is MD5:f6:b6:bb:c7:27:9d:c7:7c:46:4b:c4:69:8c:a9:07:3d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.146.0.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.146.0.8'"
and check to make sure that only the key(s) you wanted were added.
[root@zero-gcp-vmc ~]# ssh-copy-id 10.146.0.9
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.146.0.9 (10.146.0.9)' can't be established.
ECDSA key fingerprint is SHA256:MTWNXmUVrMDpKg60UQ8stDln4lgaD2KFEciLgBQJK20.
ECDSA key fingerprint is MD5:a1:a8:24:9b:4d:c5:84:c1:e0:d5:69:27:9e:5d:f9:96.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.146.0.9's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.146.0.9'"
and check to make sure that only the key(s) you wanted were added.
[root@zero-gcp-vmc ~]# ssh-copy-id 10.146.0.10
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.146.0.10 (10.146.0.10)' can't be established.
ECDSA key fingerprint is SHA256:SnwLm1IYQcihIbWDGipLKLIAtodZEblWwWP5yolLiu0.
ECDSA key fingerprint is MD5:6a:39:6c:79:db:e3:25:eb:d1:98:0c:ec:bf:d3:58:f1.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.146.0.10's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.146.0.10'"
and check to make sure that only the key(s) you wanted were added.
[root@zero-gcp-vmc ~]# ssh 10.146.0.8
Last login: Thu Mar 28 08:44:06 2019 from zero-gcp-vmc
[root@k8s-master-gcp ~]# exit
logout
Connection to 10.146.0.8 closed.
[root@zero-gcp-vmc ~]# ssh k8s-master-gcp
The authenticity of host 'k8s-master-gcp (10.146.0.8)' can't be established.
ECDSA key fingerprint is SHA256:qMNoNbqWmfRymxyheX0f3Ipw/JOPplv6XN3WlddGjuA.
ECDSA key fingerprint is MD5:f6:b6:bb:c7:27:9d:c7:7c:46:4b:c4:69:8c:a9:07:3d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'k8s-master-gcp' (ECDSA) to the list of known hosts.
Last login: Thu Mar 28 08:46:00 2019 from zero-gcp-vmc
[root@k8s-master-gcp ~]# exit
logout
Connection to k8s-master-gcp closed.
[root@zero-gcp-vmc ~]# ssh k8s-worker-01-gcp
The authenticity of host 'k8s-worker-01-gcp (10.146.0.9)' can't be established.
ECDSA key fingerprint is SHA256:MTWNXmUVrMDpKg60UQ8stDln4lgaD2KFEciLgBQJK20.
ECDSA key fingerprint is MD5:a1:a8:24:9b:4d:c5:84:c1:e0:d5:69:27:9e:5d:f9:96.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'k8s-worker-01-gcp' (ECDSA) to the list of known hosts.
Last login: Thu Mar 28 08:44:19 2019 from zero-gcp-vmc
[root@k8s-worker-01-gcp ~]# exit
logout
Connection to k8s-worker-01-gcp closed.
[root@zero-gcp-vmc ~]# ssh k8s-worker-02-gcp
The authenticity of host 'k8s-worker-02-gcp (10.146.0.10)' can't be established.
ECDSA key fingerprint is SHA256:SnwLm1IYQcihIbWDGipLKLIAtodZEblWwWP5yolLiu0.
ECDSA key fingerprint is MD5:6a:39:6c:79:db:e3:25:eb:d1:98:0c:ec:bf:d3:58:f1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'k8s-worker-02-gcp' (ECDSA) to the list of known hosts.
Last login: Thu Mar 28 08:44:34 2019 from zero-gcp-vmc
[root@k8s-worker-02-gcp ~]#
인벤토리 hosts 파일을 다음과 같이 생성하고, ping 명령을 통해 연결 상태를 확인해 본다.
[root@k8s-worker-02-gcp ~]# vi hosts
master ansible_host=10.146.0.8 ansible_user=root
[workers]
worker1 ansible_host=10.146.0.9 ansible_user=root
worker2 ansible_host=10.146.0.10 ansible_user=root
[root@zero-gcp-vmc ~]# ansible -m ping all -i hosts
worker2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
master | SUCCESS => {
"changed": false,
"ping": "pong"
}
worker1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
SUCCESS, "pong" 값을 리턴 받으면 정상이다.
몸풀기를 위해 몇 가지 간단한 명령을 전달해 원하는 응답을 잘 주는지 확인해 본다.
[root@zero-gcp-vmc ~]# ansible -m command -a "date" all -i hosts
worker2 | CHANGED | rc=0 >>
Thu Mar 28 09:14:49 UTC 2019
master | CHANGED | rc=0 >>
Thu Mar 28 09:14:49 UTC 2019
worker1 | CHANGED | rc=0 >>
Thu Mar 28 09:14:49 UTC 2019
[root@zero-gcp-vmc ~]# ansible -m command -a "uname -a" all -i hosts
master | CHANGED | rc=0 >>
Linux k8s-master-gcp 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
worker2 | CHANGED | rc=0 >>
Linux k8s-worker-02-gcp 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
worker1 | CHANGED | rc=0 >>
Linux k8s-worker-01-gcp 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
굿이다~!!!
이제 본작업을 위한 준비가 되었다^^
(2편에서 계속됩니다~~~^^)
'Kubernetes' 카테고리의 다른 글
28 Azure와 Ansible을 활용한 쿠버네티스 클러스터 한방에 구성하기 (2) | 2019.04.08 |
---|---|
27 GCP와 Ansible을 활용한 쿠버네티스 클러스터 한방에 구성하기 2편 (3) | 2019.04.01 |
25 Kubernetes 201 (2) | 2018.09.27 |
24 Kubernetes 101 (0) | 2018.09.27 |
23 Services - Using Source IP (0) | 2018.09.27 |