Kubernetes: Instalação Online usando repositórios públicos

From Wiki

Dica: Caso você não tenha acesso ao repositório na internet, veja o artigo Kubernetes: Instalação Offline ou Instalação usando repositórios privados

Docker

Instalando o Docker

1) Criar arquivo /etc/yum.repos.d/docker-ce.repo, com o conteúdo: 

[docker-ce]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
#baseurl=http://repomirror.company.com/docker-mirror/linux/centos/7/$basearch/stable/
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
#gpgkey=http://repomirror.company.com/docker-mirror/linux/centos/gpg

2) Instalando os pacotes no CentOS 

yum install -y docker-ce-18.06.3

3) Remover o arquivoo 

/etc/yum.repos.d/docker-ce.repo

Configuração pós-instalação

1) Tuning do SO 

sysctl -a | grep may_detach_mounts

Se o valor for diferente de "fs.may_detach_mounts = 1", ajustar: 

echo 1 > /proc/sys/fs/may_detach_mounts
echo fs.may_detach_mounts=1 > /usr/lib/sysctl.d/99-docker.conf

3) Editar o arquivo /etc/docker/daemon.json e configurar o devicemapper storage driver.

Importante: No meu caso precisava utilizar um repositório interno, então adicionei a variável insecure-registries.
mkdir -p /etc/docker
 
cat <<EOF >> /etc/docker/daemon.json
{
    "bip": "1.1.1.1/16",
    "insecure-registries": ["repomirror.company.com:5001"],
    "storage-driver": "devicemapper",
    "storage-opts": [
        "dm.thinpooldev=/dev/mapper/dockerVg-thinpoolLv",
        "dm.use_deferred_removal=true",
        "dm.use_deferred_deletion=true"
    ]
}
EOF

4) Start o Docker 

systemctl start docker

5) Verificando as configurações 

docker info

6) Se tudo estiver correto ajustar para iniciar automaticamente 

systemctl enable docker

Verificando problemas

Inspecionando os logs do docker: 

journalctl -ul docker

Kubernetes

Instalando o Kubernetes

1) Criar arquivo /etc/yum.repos.d/kubernetes.repo, com o conteúdo: 

[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*

2) Instalando os pacotes no CentOS 

yum install -y kubelet-1.11.9 kubeadm-1.11.9 kubectl-1.11.9

3) Remover o arquivoo 

/etc/yum.repos.d/kubernetes.repo

Configuração do Cluster Kubernetes sem HA

Create a kubeadm-config.yaml

Criar arquivo kubeadm-config.yaml, com o conteúdo: 

apiVersion: kubeadm.k8s.io/v1alpha2
kind: MasterConfiguration
apiServerExtraArgs:
  enable-admission-plugins: PodSecurityPolicy
kubernetesVersion: v1.11.9
networking:
    # This CIDR is a Calico default. Substitute or remove for your CNI provider.
    podSubnet: "192.168.0.0/16"


Initialize the master. 

kubeadm init --config=kubeadm-config.yaml

To make kubectl work, 

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

Anote a mensagem com o token para adicionar os demais nodes 

kubeadm join --token token master-ip:master-port --discovery-token-ca-cert-hash sha256:hash

For HCL Component pack

If you enabled the PodSecurityPolicy admission plugin in step 6, then you need to download the Component Pack installation zip to the master node, extract the file privileged-psp-with-rbac.yaml and apply it so that system pods are able to start in the kube-system namespace: 

unzip -p IC-ComponentPack-6.0.0.8.zip 
cd microservices_connections/hybridcloud/support/psp/

To allow system pods to start in the kube-system namespace, apply the yaml file: 

kubectl apply -f privileged-psp-with-rbac.yaml

Instalar o Calico Network

kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

Após a configuração, veja o artigo Kubernetes: Verificando o estado do Kubernetes após a configuração, este tópico inclui debug o Calico.

Adicionar os demais nodes

Execute o comando com o token para adicionar os demais nodes 

kubeadm join --token token master-ip:master-port --discovery-token-ca-cert-hash sha256:hash

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=Kubernetes:_Instalação_Online_usando_repositórios_públicos&oldid=5451"