[HARDWAY] 05. Generating Kubernetes Configuration Files for Authentication
https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/05-kubernetes-configuration-files.md
kubeconfig 파일을 생성
[master]
controller manager, scheduler
[worker]
kubelet, kube-proxy
[client]
admin
### Kubernetes Public IP Address
kubernetes 의 public ip 를 gcloud 에서는 cloud resource 로 구성하였으나, local 에서는 haproxy 로 구성하도록 하자
[root@master01 ~]# cat 051_haproxy_setting.sh
#!/bin/bash
echo "START"
echo "SET OS ENV"
systemctl disable firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
sleep 2
echo ""
echo "INSTALL HAPROXY"
yum install -y haproxy
systemctl enable haproxy
sleep 2
echo ""
MASTER=("192.168.1.21" "192.168.1.55" "192.168.1.56")
INTERNAL_IP=$(ip addr | grep global | awk '{print $2}' | cut -d/ -f1)
### Kubernetes Multi Master Proxy Config ###
echo "HAPROXY Config"
cat << EOF >> /etc/haproxy/haproxy.cfg
frontend k8s
bind ${INTERNAL_IP}:6443
option tcplog
mode tcp
default_backend k8s-backend
backend k8s-backend
mode tcp
balance roundrobin
option tcp-check
server master01 ${MASTER[0]}:6443 check fall 3 rise 2
server master02 ${MASTER[1]}:6443 check fall 3 rise 2
server master03 ${MASTER[2]}:6443 check fall 3 rise 2
EOF
sleep 2
echo ""
echo "HAPROXY Service RESTART"
systemctl restart haproxy
netstat -lpn | grep 6443
echo ""
echo "HAPRORY INSTALL EDN"
echo ""
Haproxy 설치를 간단하게 스크립트화 구성
# 원격에서 haproxy 스트립트를 실행하기위한 스크립트
[root@master01 ~]# cat 052_haproxy_install_exec.sh
#!/bin/bash
TARGET=("haproxy")
HAPROXY_IP=$1
### install scripts copy
for ((i=0; i<1; i++)); do
echo "${TARGET[i]} install scripts copy START"
scp 051_haproxy_setting.sh ${TARGET[i]}:~/
echo "${TARGET[i]} install scripts copy END"
echo ""
sleep 2
done
### install scripts execute
for ((i=0; i<1; i++)); do
echo "${TARGET[i]} install scripts EXEC START"
ssh ${TARGET[i]} sh ~/051_haproxy_setting.sh
echo "${TARGET[i]} install scripts EXEC END"
echo ""
sleep 2
done
# 원격 실행 스크립트 실행
sh 052_haproxy_install_exec.sh 192.168.1.47
### The kubelet Kubernetes Configuration File
[root@master01 ~]# cat 011_kubelet_client_auth_kubeconfig.sh
KUBERNETES_PUBLIC_ADDRESS=192.168.1.47
for instance in worker01 worker02 worker03; do
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \
--kubeconfig=${instance}.kubeconfig
kubectl config set-credentials system:node:${instance} \
--client-certificate=${instance}.pem \
--client-key=${instance}-key.pem \
--embed-certs=true \
--kubeconfig=${instance}.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:node:${instance} \
--kubeconfig=${instance}.kubeconfig
kubectl config use-context default --kubeconfig=${instance}.kubeconfig
done
# 확인
[root@master01 ~]# ll | grep -e "worker" | grep kubeconfig
-rw------- 1 root root 6386 Nov 30 16:02 worker01.kubeconfig
-rw------- 1 root root 6382 Nov 30 16:02 worker02.kubeconfig
-rw------- 1 root root 6386 Nov 30 16:02 worker03.kubeconfig
### The kube-proxy Kubernetes Configuration File
[root@master01 ~]# cat 012_kube-proxy_kubeconfig.sh
#!/bin/bash
KUBERNETES_PUBLIC_ADDRESS=192.168.1.47
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials system:kube-proxy \
--client-certificate=kube-proxy.pem \
--client-key=kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:kube-proxy \
--kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
[root@master01 ~]# cat 015_kube-admin_kubeconfig.sh
#!/bin/bash
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=https://127.0.0.1:6443 \
--kubeconfig=admin.kubeconfig
kubectl config set-credentials admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem \
--embed-certs=true \
--kubeconfig=admin.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=admin \
--kubeconfig=admin.kubeconfig
kubectl config use-context default --kubeconfig=admin.kubeconfig
# 스크립트 작성 후 실행
sh 015_kube-admin_kubeconfig.sh
# 확인
[root@master01 ~]# ll | grep -e "admin" | grep kubeconfig
-rw------- 1 root root 6261 Nov 30 16:03 admin.kubeconfig
### Distribute the Kubernetes Configuration Files (설정파일 배포)
[root@master01 ~]# cat 016_kubeconfig_copy.sh
#!/bin/bash
WORKER=("worker01" "worker02" "worker03")
MASTER=("master01" "master02" "master03")
for ((i=0; i<3; i++)); do
scp ${WORKER[i]}.kubeconfig kube-proxy.kubeconfig ${WORKER[i]}:~/
done
sleep 2
for ((i=0; i<3; i++)); do
scp admin.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig ${MASTER[i]}:~/
done
# 복사되는 파일
master - admin.kubeconfig, kube-controller-manager.kubeconfig, kube-scheduler.kubeconfig
worker - worker0x.kubeconfig, kube-proxy.kubeconfig