日別アーカイブ: 2021年6月18日

Microk8sを試す

microk8sを用いると簡単に単ノード構成のkubernetesを構築することができ、さらにkubernetesクラスタも構築することができるようなので試してみることにしました。

インストールの手順は、microk8sを踏襲することにします。

Install MicroK8s on Linux

sudo snap install microk8s --classic

ユーザを micro8ksのグループへ追加(次のログイン時に反映される)

sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube

microk8s起動状況の表示

$ microk8s status

microk8s is running
high-availability: yes
  datastore master nodes: 192.168.68.132:19001 192.168.68.129:19001 192.168.68.111:19001
  datastore standby nodes: 192.168.68.130:19001

addons:
  enabled:
    dashboard            # The Kubernetes dashboard
    dns                  # CoreDNS
    ha-cluster           # Configure high availability on the current node
    ingress              # Ingress controller for external access
    metallb              # Loadbalancer for your Kubernetes cluster
    metrics-server       # K8s Metrics Server for API access to service metrics
    storage              # Storage class; allocates storage from host directory
  disabled:
    ambassador           # Ambassador API Gateway and Ingress
    cilium               # SDN, fast with full network policy
    fluentd              # Elasticsearch-Fluentd-Kibana logging and monitoring
    gpu                  # Automatic enablement of Nvidia CUDA
    helm                 # Helm 2 - the package manager for Kubernetes
    helm3                # Helm 3 - Kubernetes package manager
    host-access          # Allow Pods connecting to Host services smoothly
    istio                # Core Istio service mesh services
    jaeger               # Kubernetes Jaeger operator with its simple config
    keda                 # Kubernetes-based Event Driven Autoscaling
    knative              # The Knative framework on Kubernetes.
    kubeflow             # Kubeflow for easy ML deployments
    linkerd              # Linkerd is a service mesh for Kubernetes and other frameworks
    multus               # Multus CNI enables attaching multiple network interfaces to pods
    portainer            # Portainer UI for your Kubernetes cluster
    prometheus           # Prometheus operator for monitoring and logging
    rbac                 # Role-Based Access Control for authorisation
    registry             # Private image registry exposed on localhost:32000
    traefik              # traefik Ingress controller for external access

Check the status while Kubernetes starts

microk8s status --wait-ready

disableされている中から必要なservices を有効化

microk8s enable dashboard dns registry istio

ここで microk8s enable –help を実行すると利用可能なサービスを一覧できます。

起動中の利用可能なサービスを表示

microk8s kubectl get all --all-namespaces
$ microk8s kubectl get all --all-namespaces

NAMESPACE        NAME                                             READY   STATUS        RESTARTS   AGE
ingress          pod/nginx-ingress-microk8s-controller-rj2vj      1/1     Running       0          22h
metallb-system   pod/speaker-bwpl7                                1/1     Running       0          22h
metallb-system   pod/speaker-g2kcl                                1/1     Running       1          22h
ingress          pod/nginx-ingress-microk8s-controller-dvb29      1/1     Running       1          22h
kube-system      pod/calico-node-jdpsl                            1/1     Running       1          23h
kube-system      pod/hostpath-provisioner-5c65fbdb4f-wlg45        1/1     Terminating   1          22h
kube-system      pod/coredns-86f78bb79c-r94k8                     1/1     Terminating   1          23h
kube-system      pod/hostpath-provisioner-5c65fbdb4f-6hz6n        1/1     Running       0          10h
kube-system      pod/calico-node-8hqxv                            1/1     Running       0          24h
ingress          pod/nginx-ingress-microk8s-controller-w5qv9      1/1     Running       0          22h
metallb-system   pod/speaker-wpg4z                                1/1     Running       0          22h
kube-system      pod/coredns-86f78bb79c-hl56s                     1/1     Terminating   0          10h
metallb-system   pod/controller-559b68bfd8-6nw4k                  1/1     Running       0          10h
metallb-system   pod/speaker-nrw9w                                1/1     Running       17         22h
kube-system      pod/coredns-86f78bb79c-72zp4                     1/1     Running       3          10h
kube-system      pod/calico-node-nk45x                            1/1     Running       18         24h
ingress          pod/nginx-ingress-microk8s-controller-cnpzq      1/1     Running       15         22h
kube-system      pod/metrics-server-8bbfb4bdb-9kh97               1/1     Running       0          38m
kube-system      pod/dashboard-metrics-scraper-6c4568dc68-vrmzl   1/1     Running       0          36m
kube-system      pod/calico-kube-controllers-847c8c99d-z867h      1/1     Running       0          33h
kube-system      pod/calico-node-ppczw                            1/1     Running       0          24h
kube-system      pod/kubernetes-dashboard-7ffd448895-q7zkf        1/1     Running       7          36m


NAMESPACE     NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
default       service/kubernetes                  ClusterIP   10.152.183.1     <none>        443/TCP                  33h
kube-system   service/kube-dns                    ClusterIP   10.152.183.10    <none>        53/UDP,53/TCP,9153/TCP   23h
kube-system   service/metrics-server              ClusterIP   10.152.183.231   <none>        443/TCP                  38m
kube-system   service/kubernetes-dashboard        ClusterIP   10.152.183.118   <none>        443/TCP                  36m
kube-system   service/dashboard-metrics-scraper   ClusterIP   10.152.183.83    <none>        8000/TCP                 36m

NAMESPACE        NAME                                               DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
kube-system      daemonset.apps/calico-node                         4         4         2       4            2           kubernetes.io/os=linux        33h
metallb-system   daemonset.apps/speaker                             2         2         2       2            2           beta.kubernetes.io/os=linux   22h
ingress          daemonset.apps/nginx-ingress-microk8s-controller   2         2         2       2            2           <none>                        22h

NAMESPACE        NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
kube-system      deployment.apps/hostpath-provisioner        1/1     1            1           22h
metallb-system   deployment.apps/controller                  1/1     1            1           22h
kube-system      deployment.apps/calico-kube-controllers     1/1     1            1           33h
kube-system      deployment.apps/coredns                     1/1     1            1           23h
kube-system      deployment.apps/metrics-server              1/1     1            1           38m
kube-system      deployment.apps/dashboard-metrics-scraper   1/1     1            1           36m
kube-system      deployment.apps/kubernetes-dashboard        1/1     1            1           36m

NAMESPACE        NAME                                                   DESIRED   CURRENT   READY   AGE
kube-system      replicaset.apps/hostpath-provisioner-5c65fbdb4f        1         1         1       22h
metallb-system   replicaset.apps/controller-559b68bfd8                  1         1         1       22h
kube-system      replicaset.apps/calico-kube-controllers-847c8c99d      1         1         1       33h
kube-system      replicaset.apps/coredns-86f78bb79c                     1         1         1       23h
kube-system      replicaset.apps/metrics-server-8bbfb4bdb               1         1         1       38m
kube-system      replicaset.apps/dashboard-metrics-scraper-6c4568dc68   1         1         1       36m
kube-system      replicaset.apps/kubernetes-dashboard-7ffd448895        1         1         1       36m

Kubernetesの起動と停止

microk8s start
or
microk8s stop

ノードをクラスターへ追加;microk8s joink~ の行をCopyし、追加するノードの端末へPasteして実行する。

microk8s add-node

/* ノード参加に必要な以下のようなメッセージ が表示されるので、参加するノードで、microk8s joinjoinを実行 */

Join node with:
microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf

If the node you are adding is not reachable through the default
interface you can use one of the following:

microk8s join 10.1.84.0:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf
microk8s join 10.22.254.77:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf
  • 参加しているノードの表示
microk8s kubectl get no

frirewallの設定

sudo ufw allow in on cni0 && sudo ufw allow out on cni0
sudo ufw default allow routed

dashboardの利用するには、アクセスのためのトークンを作成します。

token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
microk8s kubectl -n kube-system describe secret $token

トークンの一例(dashboardをアクセスした際に要求されるtoken。Copy&Pasteでログイン)

Name:         default-token-57rfp
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: default
              kubernetes.io/service-account.uid: 2f782a0f-3d04-43aa-88fe-a6d67364b297

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Im56Vm1vTVJyaXVJQzBaSnM4SS1PTWNrZTkzMlJMdFBqS0NMeFgxWnIzdWMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLTU3cmZwIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyZjc4MmEwZi0zZDA0LTQzYWEtODhmZS1hNmQ2NzM2NGIyOTciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.EGkufnRoGONpt14vmBLAG8vF2khLtHZLx8J0VNzJUxX28z8NtSNB5MhRKCamChqXdTRm1iwyaPQIlgWwaKTci7CA9TNf8o70EmJBOO1AvDJ_QcC2mRpQzrkxcl0wiuLbpkHzC-wvuzqwY4b32utYikbUxHNjiDsOSyVmqN9NyDZ84FKRZUGkaWrgJmUNakBGetqaOPSpTAIC8JncPznYIOt88nyx6kCIrOFJjjh_UhPGMfevVNFZcji617uNTencBVrkwaej6O09wyqzjPVK-jWXhHaigaIb5O2TmjfcQJCyiEkF_6LYFGr7ilOzzpbAqw-iICmBQUW1Mred3FsN9Q
ca.crt:     1103 bytes

dashboardへログインした画面

dashboardでノードの状態を表示

podの追加例:

インストールの過程で気になったキーワード

multipass  Ubuntu環境へ簡単にVMを構築

helm     Kubernetes 用パッケージマネージャー

WordPress  Helm Chartのデプロイ 

3ノード以上の構成では、データストアーがクラスター内で複製され、1ノード故障に対しては耐性がある。

From the 1.19 release of MicroK8s, HA is enabled by default. If your cluster consists of three or more nodes, the datastore will be replicated across the nodes and it will be resilient to a single failure (if one node develops a problem, workloads will continue to run without interruption).