Atividade 02 - Criação de cluster do Kubernetes
Instalações e pré-requisitos (todos os nós do cluster)
instale o containerd
yum -y install dnf-plugins-core
yum config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd.io
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
systemctl enable containerd.service
systemctl restart containerd.service
Instale as ferramentas de kubernetes
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
EOF
yum install -y kubelet kubeadm kubectl
systemctl enable --now kubelet.service
kubectl completion bash | tee /etc/bash_completion.d/kubectl
source /etc/bash_completion.d/kubectl
Pré-requisitos necessários
yum install -y nfs-utils
systemctl disable firewalld
systemctl stop firewalld
swapoff -a
modprobe br_netfilter
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
EOF
sysctl --system
Permite o Calico no NetworkManager
cat <<EOF | sudo tee /etc/NetworkManager/conf.d/calico.conf
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico;interface-name:wireguard.cali;interface-name:wg-v6.cali
EOF
Inicie o cluster (apenas no master)
kubeadm init --pod-network-cidr=10.85.0.0/16
Copiando o kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Verifica o funcionamento do cluster
kubectl get nodes
Instalando o CNI Calico
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.2/manifests/tigera-operator.yaml
curl https://raw.githubusercontent.com/projectcalico/calico/v3.29.2/manifests/custom-resources.yaml -O
sed -i 's/cidr: 192\.168\.0\.0\/16/cidr: 10.85.0.0\/16/g' custom-resources.yaml
kubectl create -f custom-resources.yaml
Ingressa o worker no cluster (apenas nos workers)
O comando do join será exibido na tela do master
kubeadm join 10.5.18.1:6443 --token <TOKEN> --discovery-token-ca-cert-hash sha256:<HASH>
Caso queira que o nó seja control-plane, adicione o parâmetro --control-plane
Para obter novamente o token execute
kubeadm token create --print-join-command
Conhecendo o cluster
kubectl get nodes
kubectl get pods --all-namespaces
kubectl get pods -n kube-system
kubectl get svc --all-namespaces
kubectl get all --all-namespaces
kubectl get pods --all-namespaces -o wide
kubectl get pods --all-namespaces -o json
kubectl get pods --all-namespaces -o yaml