반응형
1. 외부 환경에 클러스터 생성
| Master | Node1 | Node2 |
| 10.0.2.100 | 10.0.2.3 | 10.0.2.4 |
| 게이트웨이 | 10.0.2.2 | 10.0.2.2 |
> master
#! /bin/bash
yum install -y rdate
rdate -s time.bora.net
# selinux off
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
# firewall off & disable
systemctl stop firewalld
systemctl disable firewalld
# Masteer
# firewall-cmd --add-port={80,443,6443,2379,2380,10250,10251,10252,30000-32767}/tcp --permanent
# Node
# firewall-cmd --add-port={80,443,10250,30000-32767}/tcp --permanent
# swap off
swapoff -a
sed -i '/swap/ s/^\(.*\)$/#\1/g' /etc/fstab
# overlay 및 iptables Module Load
cat > /etc/modules-load.d/k8s.conf << EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
# iptables 및 NAT 활성화
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward =1
EOF
sysctl --system
# /etc/hosts file edit
cat >> /etc/hosts << EOF
10.0.2.100 master k8s-ma
10.0.2.3 node1 k8s-no1
10.0.2.4 node2 k8s-no2
EOF
# K8S Repository
cat > /etc/yum.repos.d/k8s.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
#gpgcheck=1
#repo_gpgcheck=0
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# kubeadm, kubelet, kubectl Package Install
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet
systemctl start kubelet
# container runtime install
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd.io
mkdir -p /etc/cotainerd
containerd config default | sudo tee /etc/containerd/config.toml
sed -i'' -r -e "/containerd.default_runtime.options/a\SystemdCgroup=true" /etc/containerd/config.toml
systemctl enable containerd
systemctl restart containerd
# master
#kubeadm config print init-defaults > kubeadm-init.yaml
#cat >> kubeadm-init.yaml << EOF
#---
#apiVersion: kubelet.config.k8s.io/v1beta1
#kind: KubeletConfiguration
#cgroupDriver: systemd
#EOF
#sed -i 's/name: node/name: master/g' kubeadm-init.yaml
#sed -i 's/advertiseAddress: 1.2.3.4/advertiseAddress: 10.0.0.1/' kubeadm-init.yaml
#kubeadm init --config=kubeadm-init.yaml
kubeadm init --ignore-preflight-errors=all --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=10.0.2.100
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
yum install -y wget
kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml> node
#! /bin/bash
yum install -y rdate
rdate -s time.bora.net
# selinux off
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
# firewall off & disable
systemctl stop firewalld
systemctl disable firewalld
# Masteer
# firewall-cmd --add-port={80,443,6443,2379,2380,10250,10251,10252,30000-32767}/tcp --permanent
# Node
# firewall-cmd --add-port={80,443,10250,30000-32767}/tcp --permanent
# swap off
swapoff -a
sed -i '/swap/ s/^\(.*\)$/#\1/g' /etc/fstab
# overlay 및 iptables Module Load
cat > /etc/modules-load.d/k8s.conf << EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
# iptables 및 NAT 활성화
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward =1
EOF
sysctl --system
# /etc/hosts file edit
cat >> /etc/hosts << EOF
10.0.2.100 master k8s-ma
10.0.2.3 node1 k8s-no1
10.0.2.4 node2 k8s-no2
EOF
# K8S Repository
cat > /etc/yum.repos.d/k8s.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
#gpgcheck=1
#repo_gpgcheck=0
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# kubeadm, kubelet, kubectl Package Install
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet
systemctl start kubelet
# container runtime install
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd.io
mkdir -p /etc/cotainerd
containerd config default | sudo tee /etc/containerd/config.toml
sed -i'' -r -e "/containerd.default_runtime.options/a\SystemdCgroup=true" /etc/containerd/config.toml
systemctl enable containerd
systemctl restart containerd2. IAM에서 역할 및 권한 생성
2-1 역할 생성
사용자 지정 신뢰 정책에는 Amazon EKS Connector IAM 역할을 넣어준다.
2 단계, 권한 추가 할 거 없이 다음
3 단계, 이름, 지정 검토 및 생성 부분에서는 이름만 넣어주고 생성
2-2 권한 추가
json 데이터에 아래의 데이터를 넣어준다.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SsmControlChannel",
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel"
],
"Resource": "arn:aws:eks:*:*:cluster/*"
},
{
"Sid": "ssmDataplaneOperations",
"Effect": "Allow",
"Action": [
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenDataChannel",
"ssmmessages:OpenControlChannel"
],
"Resource": "*"
}
]
}3. 외부 클러스터 등록
만들어둔 역할을 선택을 하고 이름을 정해준 후 클러스터 등록을 해주면 끝.
반응형
'AWS' 카테고리의 다른 글
| AWS - (RDS - EC2연결, S3, ALB 사용, CloudFront) (0) | 2024.03.20 |
|---|---|
| AWS VPC 피어링 연결 및 람다 (0) | 2024.03.19 |
| ECS fargate 구성해보기 (0) | 2024.02.03 |
| EKS 클러스터 생성 (0) | 2024.02.01 |
| 온프레미스 DB를 AWS 에 복제 하기 (0) | 2024.01.30 |