veilletechno:atomic

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision		 Révision précédente
veilletechno:atomic [2017/07/23 09:15] madkoveilletechno:atomic [2017/07/23 09:33] (Version actuelle) – [Services kubernetes master] madko
Ligne 8: Ligne 8:
  
 <code> <code>
-sudo docker create -p 5000:5000 -v /var/lib/local-registry:/var/lib/registry -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io --name=local-registry registry:2+sudo docker create -p 5000:5000 
 +-v /var/lib/local-registry:/var/lib/registry 
 +-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry 
 +-e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io 
 +--name=local-registry registry:2
 </code> </code>
  
Ligne 17: Ligne 21:
 sudo chcon -Rvt svirt_sandbox_file_t /var/lib/local-registry sudo chcon -Rvt svirt_sandbox_file_t /var/lib/local-registry
 </code> </code>
 +
 +Création d'un service pour démarrer automatiquement le registry. Contenu du fichier /etc/systemd/system/local-registry.service :
 +
 +<file>
 +[Unit]
 +Description=Local Docker Mirror registry cache
 +Requires=docker.service
 +After=docker.service
 +
 +[Service]
 +Restart=on-failure
 +RestartSec=10
 +ExecStart=/usr/bin/docker start -a %p
 +ExecStop=-/usr/bin/docker stop -t 2 %p
 +
 +[Install]
 +WantedBy=multi-user.target
 +</file>
 +
 +Pour l'activer :
 +
 +<code>
 +sudo systemctl daemon-reload
 +sudo systemctl enable local-registry
 +sudo systemctl start local-registry
 +</code>
 +
 +==== Configuration ETCD ====
 +
 +Fichier /etc/etcd/etcd.conf :
 +
 +<file>
 +# [member]
 +ETCD_NAME=default
 +ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
 +#ETCD_WAL_DIR=""
 +#ETCD_SNAPSHOT_COUNT="10000"
 +#ETCD_HEARTBEAT_INTERVAL="100"
 +#ETCD_ELECTION_TIMEOUT="1000"
 +#ETCD_LISTEN_PEER_URLS="http://localhost:2380"
 +ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
 +#ETCD_MAX_SNAPSHOTS="5"
 +#ETCD_MAX_WALS="5"
 +#ETCD_CORS=""
 +#
 +#[cluster]
 +#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
 +# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
 +#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
 +#ETCD_INITIAL_CLUSTER_STATE="new"
 +#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
 +ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
 +#ETCD_DISCOVERY=""
 +#ETCD_DISCOVERY_SRV=""
 +#ETCD_DISCOVERY_FALLBACK="proxy"
 +#ETCD_DISCOVERY_PROXY=""
 +#ETCD_STRICT_RECONFIG_CHECK="false"
 +#ETCD_AUTO_COMPACTION_RETENTION="0"
 +#
 +#[proxy]
 +#ETCD_PROXY="off"
 +#ETCD_PROXY_FAILURE_WAIT="5000"
 +#ETCD_PROXY_REFRESH_INTERVAL="30000"
 +#ETCD_PROXY_DIAL_TIMEOUT="1000"
 +#ETCD_PROXY_WRITE_TIMEOUT="5000"
 +#ETCD_PROXY_READ_TIMEOUT="0"
 +#
 +#[security]
 +#ETCD_CERT_FILE=""
 +#ETCD_KEY_FILE=""
 +#ETCD_CLIENT_CERT_AUTH="false"
 +#ETCD_TRUSTED_CA_FILE=""
 +#ETCD_AUTO_TLS="false"
 +#ETCD_PEER_CERT_FILE=""
 +#ETCD_PEER_KEY_FILE=""
 +#ETCD_PEER_CLIENT_CERT_AUTH="false"
 +#ETCD_PEER_TRUSTED_CA_FILE=""
 +#ETCD_PEER_AUTO_TLS="false"
 +#
 +#[logging]
 +#ETCD_DEBUG="false"
 +# examples for -log-package-levels etcdserver=WARNING,security=DEBUG
 +#ETCD_LOG_PACKAGE_LEVELS=""
 +#
 +#[profiling]
 +#ETCD_ENABLE_PPROF="false"
 +#ETCD_METRICS="basic"
 +</file>
 +
 +==== Services kubernetes master ====
 +
 +Pour générer les certificats :
 +
 +<code>
 +curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
 +tar xzf easy-rsa.tar.gz
 +cd easy-rsa-master/easyrsa3
 +./easyrsa init-pki
 +MASTER_IP=192.168.2.112
 +./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass
 +./easyrsa --subject-alt-name="IP:${MASTER_IP}" build-server-full server nopass
 +sudo mkdir /etc/kubernetes/certs
 +for i in {pki/ca.crt,pki/issued/server.crt,pki/private/server.key}; do sudo cp $i /etc/kubernetes/certs; done
 +sudo chown -R kube:kube /etc/kubernetes/certs
 +</code>
 +
 +Les services passent par l'utilisation de containeurs. Ils seront gérés par 3 services systemd.
 +
 +Fichier /etc/systemd/system/kube-apiserver.service :
 +
 +<file>
 +[Unit]
 +Description=Kubernetes API Server
 +Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 +After=docker.service
 +Requires=docker.service
 +
 +[Service]
 +TimeoutStartSec=0
 +Restart=always
 +ExecStartPre=-/usr/bin/docker stop %n
 +ExecStartPre=-/usr/bin/docker rm %n
 +ExecStartPre=/usr/bin/docker pull registry.centos.org/centos/kubernetes-apiserver
 +ExecStart=/usr/bin/docker run --rm --net=host -p 443:443 -v /etc/kubernetes:/etc/kubernetes:z --name %n registry.centos.org/centos/kubernetes-apiserver
 +
 +[Install]
 +WantedBy=multi-user.target
 +</file>
 +
 +Fichier /etc/systemd/system/kube-controller-manager.service :
 +
 +<file>
 +[Unit]
 +Description=Kubernetes Controller Manager
 +Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 +After=docker.service
 +Requires=docker.service
 +
 +[Service]
 +TimeoutStartSec=0
 +Restart=always
 +ExecStartPre=-/usr/bin/docker stop %n
 +ExecStartPre=-/usr/bin/docker rm %n
 +ExecStartPre=/usr/bin/docker pull registry.centos.org/centos/kubernetes-controller-manager
 +ExecStart=/usr/bin/docker run --rm --net=host -v /etc/kubernetes:/etc/kubernetes:z --name %n registry.centos.org/centos/kubernetes-controller-manager
 +
 +[Install]
 +WantedBy=multi-user.target
 +</file>
 +
 +Fichier /etc/systemd/system/kube-scheduler.service :
 +
 +<file>
 +[Unit]
 +Description=Kubernetes Scheduler Plugin
 +Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 +After=docker.service
 +Requires=docker.service
 +
 +[Service]
 +TimeoutStartSec=0
 +Restart=always
 +ExecStartPre=-/usr/bin/docker stop %n
 +ExecStartPre=-/usr/bin/docker rm %n
 +ExecStartPre=/usr/bin/docker pull registry.centos.org/centos/kubernetes-scheduler
 +ExecStart=/usr/bin/docker run --rm --net=host -v /etc/kubernetes:/etc/kubernetes:z --name %n registry.centos.org/centos/kubernetes-scheduler
 +
 +[Install]
 +WantedBy=multi-user.target
 +</file>
 +
 +Configuration du serveur API, fichier /etc/kubernetes/apiserver :
 +
 +<file>
 +KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
 +
 +KUBE_API_ARGS="--tls-cert-file=/etc/kubernetes/certs/server.crt --tls-private-key-file=/etc/kubernetes/certs/server.key --client-ca-file=/etc/kubernetes/certs/ca.crt --service-account-key-file=/etc/kubernetes/certs/server.crt --etcd-servers=http://192.168.2.112:2379 --service-cluster-ip-range=172.20.0.0/24"
 +</file>
 +
 +Partie controller-manager, fichier /etc/kubernetes/controller-manager :
 +
 +<file>
 +KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/certs/server.key --root-ca-file=/etc/kubernetes/certs/ca.crt"
 +</file>
 +
 +Activation des services :
 +
 +<code>
 +sudo systemctl enable etcd kube-apiserver kube-controller-manager kube-scheduler
 +sudo systemctl start etcd kube-apiserver kube-controller-manager kube-scheduler
 +</code>
 +
  
 ===== Configuration d'un noeud ===== ===== Configuration d'un noeud =====
  • veilletechno/atomic.1500801339.txt.gz
  • Dernière modification : 2017/07/23 09:15
  • de madko