このエントリーをはてなブックマークに追加

概要

 「Kubernetes 1.10.2をAWS EC2(CentOS 7.5)へインストールしてkubeadmでマスタサーバとして構成」 の記事でKubernetesのマスタサーバでKubernetesクラスタを構築する手順を掲載しました。 今回はそのKubernetesクラスタに参加し、Kubernetesで管理される側のノードを構築します。 Kubernetesで管理されるノードはMinonと呼ばれるようなので、今回もその表現を使っています。 手順の流れ自体はマスタサーバと大きく変わりませんが、マスタサーバでは kubeadm init だったものが kubeadm join に変わるのが一番大きな違いです。 今回のノード構築でもAWSのEC2を利用してインストールしました。

構成

利用環境

 サーバ環境はAWS(Amazon Web Services)のEC2インスタンスを利用しました。 サーバのスペックは以下のとおりです。 Amazonマシンイメージ(AMI)にはAWS Marketplaceで公開されている『CentOS 7 (x86_64) - with Updates HVM』を使用しています。 今回の動作確認ではスペックが低くても問題ないので、インスタンスタイプはt2.microを選択しています。

■サーバスペック
項目内容
AMICentOS 7 (x86_64) - with Updates HVM
インスタンスタイプt2.micro
vCPU1
メモリ1GiB
ディスク汎用SSD(GP2) 8GiB
リージョン日本

サーバ構成

OSバージョン

CentOS 7.5.1804 x86_64

ソフトウェア・パッケージ一覧

  • docker-1.13.1-58.git87f2fab.el7.centos.x86_64.rpm
  • 32e8bd812a3944ccf07750d52088a118fa11493d34e009e2873317e0f0b0dfd2-kubectl-1.10.2-0.x86_64.rpm
  • b754a6990af7d7012189610b0dc69e6e950c13a8c415b9ebea8d56352e9719fd-kubeadm-1.10.2-0.x86_64.rpm
  • bdee083331998c4631bf6653454c584fb796944fe97271906acbaacbf340e1d5-kubelet-1.10.2-0.x86_64.rpm

サーバ構築

SELinuxの無効化

(1) SELinuxの無効化設定

 SELinuxを無効化します。 必須の設定ではありませんが、途中で問題が発生する可能性を下げるために 今回は無効化して作業を進めます。

$ sudo su -
# cd /etc/selinux/
# vi config
ファイル名:/etc/selinux/config
※以下、該当箇所のみ変更※
SELINUX=enforcing
   ↓変更
SELINUX=disabled

(2) Linuxの再起動

 Linuxを再起動してSELinuxの無効化を反映させます。

# shutdown -r 0

Dockerの構築

(1) Dockerのインストール

 Kubernetesはコンテナのオーケストレーションツールです。 Dockerコンテナが稼働し、Kubernetesで管理されるサーバをノードと呼びます。 ノードではWebサーバやAPサーバなどのプロセスをコンテナで稼働させるためDockerをインストールします。

$ sudo su -
Last login: Fri May 18 16:08:34 UTC 2018 on pts/0
# yum -y install docker
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: ftp.riken.jp
 * extras: ftp.riken.jp
 * updates: ftp.riken.jp
base                                                                                             | 3.6 kB  00:00:00
extras                                                                                           | 3.4 kB  00:00:00
updates                                                                                          | 3.4 kB  00:00:00
(1/4): base/7/x86_64/group_gz                                                                    | 166 kB  00:00:00
(2/4): extras/7/x86_64/primary_db                                                                | 125 kB  00:00:00
(3/4): updates/7/x86_64/primary_db                                                               | 1.2 MB  00:00:00
(4/4): base/7/x86_64/primary_db                                                                  | 5.9 MB  00:00:00
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 2:1.13.1-58.git87f2fab.el7.centos will be installed
--> Processing Dependency: docker-common = 2:1.13.1-58.git87f2fab.el7.centos for package: 2:docker-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Processing Dependency: docker-client = 2:1.13.1-58.git87f2fab.el7.centos for package: 2:docker-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Running transaction check
---> Package docker-client.x86_64 2:1.13.1-58.git87f2fab.el7.centos will be installed
---> Package docker-common.x86_64 2:1.13.1-58.git87f2fab.el7.centos will be installed
--> Processing Dependency: skopeo-containers >= 1:0.1.26-2 for package: 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Processing Dependency: oci-umount >= 2:2.3.3-3 for package: 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Processing Dependency: oci-systemd-hook >= 1:0.1.4-9 for package: 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Processing Dependency: oci-register-machine >= 1:0-5.13 for package: 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Processing Dependency: lvm2 >= 2.02.112 for package: 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Processing Dependency: container-storage-setup >= 0.9.0-1 for package: 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Processing Dependency: container-selinux >= 2:2.51-1 for package: 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64
--> Running transaction check
---> Package container-selinux.noarch 2:2.55-1.el7 will be installed
---> Package container-storage-setup.noarch 0:0.9.0-1.rhel75.gite0997c3.el7 will be installed
---> Package lvm2.x86_64 7:2.02.177-4.el7 will be installed
--> Processing Dependency: lvm2-libs = 7:2.02.177-4.el7 for package: 7:lvm2-2.02.177-4.el7.x86_64
--> Processing Dependency: device-mapper-persistent-data >= 0.7.0-0.1.rc6 for package: 7:lvm2-2.02.177-4.el7.x86_64
--> Processing Dependency: liblvm2app.so.2.2(Base)(64bit) for package: 7:lvm2-2.02.177-4.el7.x86_64
--> Processing Dependency: libdevmapper-event.so.1.02(Base)(64bit) for package: 7:lvm2-2.02.177-4.el7.x86_64
--> Processing Dependency: liblvm2app.so.2.2()(64bit) for package: 7:lvm2-2.02.177-4.el7.x86_64
--> Processing Dependency: libdevmapper-event.so.1.02()(64bit) for package: 7:lvm2-2.02.177-4.el7.x86_64
---> Package oci-register-machine.x86_64 1:0-6.git2b44233.el7 will be installed
---> Package oci-systemd-hook.x86_64 1:0.1.15-2.gitc04483d.el7 will be installed
--> Processing Dependency: libyajl.so.2()(64bit) for package: 1:oci-systemd-hook-0.1.15-2.gitc04483d.el7.x86_64
---> Package oci-umount.x86_64 2:2.3.3-3.gite3c9055.el7 will be installed
---> Package skopeo-containers.x86_64 1:0.1.29-1.dev.gitb08350d.el7 will be installed
--> Running transaction check
---> Package device-mapper-event-libs.x86_64 7:1.02.146-4.el7 will be installed
---> Package device-mapper-persistent-data.x86_64 0:0.7.3-3.el7 will be installed
--> Processing Dependency: libaio.so.1(LIBAIO_0.4)(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
--> Processing Dependency: libaio.so.1(LIBAIO_0.1)(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
--> Processing Dependency: libaio.so.1()(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
---> Package lvm2-libs.x86_64 7:2.02.177-4.el7 will be installed
--> Processing Dependency: device-mapper-event = 7:1.02.146-4.el7 for package: 7:lvm2-libs-2.02.177-4.el7.x86_64
---> Package yajl.x86_64 0:2.0.4-4.el7 will be installed
--> Running transaction check
---> Package device-mapper-event.x86_64 7:1.02.146-4.el7 will be installed
---> Package libaio.x86_64 0:0.3.109-13.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                               Arch           Version                                      Repository      Size
========================================================================================================================
Installing:
 docker                                x86_64         2:1.13.1-58.git87f2fab.el7.centos            extras          16 M
Installing for dependencies:
 container-selinux                     noarch         2:2.55-1.el7                                 extras          34 k
 container-storage-setup               noarch         0.9.0-1.rhel75.gite0997c3.el7                extras          33 k
 device-mapper-event                   x86_64         7:1.02.146-4.el7                             base           185 k
 device-mapper-event-libs              x86_64         7:1.02.146-4.el7                             base           184 k
 device-mapper-persistent-data         x86_64         0.7.3-3.el7                                  base           405 k
 docker-client                         x86_64         2:1.13.1-58.git87f2fab.el7.centos            extras         3.8 M
 docker-common                         x86_64         2:1.13.1-58.git87f2fab.el7.centos            extras          87 k
 libaio                                x86_64         0.3.109-13.el7                               base            24 k
 lvm2                                  x86_64         7:2.02.177-4.el7                             base           1.3 M
 lvm2-libs                             x86_64         7:2.02.177-4.el7                             base           1.0 M
 oci-register-machine                  x86_64         1:0-6.git2b44233.el7                         extras         1.1 M
 oci-systemd-hook                      x86_64         1:0.1.15-2.gitc04483d.el7                    extras          33 k
 oci-umount                            x86_64         2:2.3.3-3.gite3c9055.el7                     extras          32 k
 skopeo-containers                     x86_64         1:0.1.29-1.dev.gitb08350d.el7                extras          13 k
 yajl                                  x86_64         2.0.4-4.el7                                  base            39 k

Transaction Summary
========================================================================================================================
Install  1 Package (+15 Dependent packages)

Total download size: 25 M
Installed size: 81 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/extras/packages/container-selinux-2.55-1.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for container-selinux-2.55-1.el7.noarch.rpm is not installed
(1/16): container-selinux-2.55-1.el7.noarch.rpm                                                  |  34 kB  00:00:00
(2/16): container-storage-setup-0.9.0-1.rhel75.gite0997c3.el7.noarch.rpm                         |  33 kB  00:00:00
Public key for device-mapper-event-1.02.146-4.el7.x86_64.rpm is not installed
(3/16): device-mapper-event-1.02.146-4.el7.x86_64.rpm                                            | 185 kB  00:00:00
(4/16): device-mapper-event-libs-1.02.146-4.el7.x86_64.rpm                                       | 184 kB  00:00:00
(5/16): device-mapper-persistent-data-0.7.3-3.el7.x86_64.rpm                                     | 405 kB  00:00:00
(6/16): docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64.rpm                                 |  87 kB  00:00:00
(7/16): libaio-0.3.109-13.el7.x86_64.rpm                                                         |  24 kB  00:00:00
(8/16): lvm2-libs-2.02.177-4.el7.x86_64.rpm                                                      | 1.0 MB  00:00:00
(9/16): lvm2-2.02.177-4.el7.x86_64.rpm                                                           | 1.3 MB  00:00:00
(10/16): oci-systemd-hook-0.1.15-2.gitc04483d.el7.x86_64.rpm                                     |  33 kB  00:00:00
(11/16): docker-client-1.13.1-58.git87f2fab.el7.centos.x86_64.rpm                                | 3.8 MB  00:00:00
(12/16): oci-register-machine-0-6.git2b44233.el7.x86_64.rpm                                      | 1.1 MB  00:00:00
(13/16): oci-umount-2.3.3-3.gite3c9055.el7.x86_64.rpm                                            |  32 kB  00:00:00
(14/16): skopeo-containers-0.1.29-1.dev.gitb08350d.el7.x86_64.rpm                                |  13 kB  00:00:00
(15/16): yajl-2.0.4-4.el7.x86_64.rpm                                                             |  39 kB  00:00:00
(16/16): docker-1.13.1-58.git87f2fab.el7.centos.x86_64.rpm                                       |  16 MB  00:00:00
------------------------------------------------------------------------------------------------------------------------
Total                                                                                    27 MB/s |  25 MB  00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-5.1804.el7.centos.x86_64 (installed)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 7:device-mapper-event-libs-1.02.146-4.el7.x86_64                                                    1/16
  Installing : yajl-2.0.4-4.el7.x86_64                                                                             2/16
  Installing : 2:oci-umount-2.3.3-3.gite3c9055.el7.x86_64                                                          3/16
  Installing : 1:oci-systemd-hook-0.1.15-2.gitc04483d.el7.x86_64                                                   4/16
  Installing : 7:device-mapper-event-1.02.146-4.el7.x86_64                                                         5/16
  Installing : 7:lvm2-libs-2.02.177-4.el7.x86_64                                                                   6/16
  Installing : libaio-0.3.109-13.el7.x86_64                                                                        7/16
  Installing : device-mapper-persistent-data-0.7.3-3.el7.x86_64                                                    8/16
  Installing : 7:lvm2-2.02.177-4.el7.x86_64                                                                        9/16
  Installing : container-storage-setup-0.9.0-1.rhel75.gite0997c3.el7.noarch                                       10/16
  Installing : 1:oci-register-machine-0-6.git2b44233.el7.x86_64                                                   11/16
  Installing : 1:skopeo-containers-0.1.29-1.dev.gitb08350d.el7.x86_64                                             12/16
  Installing : 2:container-selinux-2.55-1.el7.noarch                                                              13/16
setsebool:  SELinux is disabled.
  Installing : 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64                                             14/16
  Installing : 2:docker-client-1.13.1-58.git87f2fab.el7.centos.x86_64                                             15/16
  Installing : 2:docker-1.13.1-58.git87f2fab.el7.centos.x86_64                                                    16/16
  Verifying  : 2:container-selinux-2.55-1.el7.noarch                                                               1/16
  Verifying  : 1:skopeo-containers-0.1.29-1.dev.gitb08350d.el7.x86_64                                              2/16
  Verifying  : 2:docker-client-1.13.1-58.git87f2fab.el7.centos.x86_64                                              3/16
  Verifying  : device-mapper-persistent-data-0.7.3-3.el7.x86_64                                                    4/16
  Verifying  : 7:device-mapper-event-1.02.146-4.el7.x86_64                                                         5/16
  Verifying  : 2:docker-1.13.1-58.git87f2fab.el7.centos.x86_64                                                     6/16
  Verifying  : 2:docker-common-1.13.1-58.git87f2fab.el7.centos.x86_64                                              7/16
  Verifying  : 1:oci-register-machine-0-6.git2b44233.el7.x86_64                                                    8/16
  Verifying  : 2:oci-umount-2.3.3-3.gite3c9055.el7.x86_64                                                          9/16
  Verifying  : 7:device-mapper-event-libs-1.02.146-4.el7.x86_64                                                   10/16
  Verifying  : 1:oci-systemd-hook-0.1.15-2.gitc04483d.el7.x86_64                                                  11/16
  Verifying  : container-storage-setup-0.9.0-1.rhel75.gite0997c3.el7.noarch                                       12/16
  Verifying  : yajl-2.0.4-4.el7.x86_64                                                                            13/16
  Verifying  : libaio-0.3.109-13.el7.x86_64                                                                       14/16
  Verifying  : 7:lvm2-libs-2.02.177-4.el7.x86_64                                                                  15/16
  Verifying  : 7:lvm2-2.02.177-4.el7.x86_64                                                                       16/16

Installed:
  docker.x86_64 2:1.13.1-58.git87f2fab.el7.centos

Dependency Installed:
  container-selinux.noarch 2:2.55-1.el7                  container-storage-setup.noarch 0:0.9.0-1.rhel75.gite0997c3.el7
  device-mapper-event.x86_64 7:1.02.146-4.el7            device-mapper-event-libs.x86_64 7:1.02.146-4.el7
  device-mapper-persistent-data.x86_64 0:0.7.3-3.el7     docker-client.x86_64 2:1.13.1-58.git87f2fab.el7.centos
  docker-common.x86_64 2:1.13.1-58.git87f2fab.el7.centos libaio.x86_64 0:0.3.109-13.el7
  lvm2.x86_64 7:2.02.177-4.el7                           lvm2-libs.x86_64 7:2.02.177-4.el7
  oci-register-machine.x86_64 1:0-6.git2b44233.el7       oci-systemd-hook.x86_64 1:0.1.15-2.gitc04483d.el7
  oci-umount.x86_64 2:2.3.3-3.gite3c9055.el7             skopeo-containers.x86_64 1:0.1.29-1.dev.gitb08350d.el7
  yajl.x86_64 0:2.0.4-4.el7

Complete!

(2) Dockerの自動起動設定とサービスの起動

 初期状態ではDockerの自動起動が無効化されており、サービスも停止しています。 DockerはKubernetesの稼働に必要なのでLinuxの起動に合わせて自動起動するようSystemdの設定を行います。 また、Dockerのサービスを起動します。

# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) ←自動起動無効
   Active: inactive (dead) ←停止状態
     Docs: http://docs.docker.com
# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) ←自動起動有効
   Active: inactive (dead) ←停止状態
     Docs: http://docs.docker.com
# systemctl start docker.service
# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) ←自動起動有効
   Active: active (running) since Fri 2018-05-18 16:36:47 UTC; 1s ago ←起動状態
     Docs: http://docs.docker.com
 Main PID: 1347 (dockerd-current)
   CGroup: /system.slice/docker.service
           tq1347 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --defaul...
           mq1351 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock -...

May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.76..."
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.78..."
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.79..."
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.85..."
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.93..."
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.96..."
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.97..."
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.97...1
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal systemd[1]: Started Docker Application Container E...e.
May 18 16:36:47 ip-172-31-21-206.ap-northeast-1.compute.internal dockerd-current[1347]: time="2018-05-18T16:36:47.99..."
Hint: Some lines were ellipsized, use -l to show in full.

ノードの構築

(1) KubernetesのYUMリポジトリを登録

 KubernetesをYUMでインストールするために、YUMのリポジトリを登録します。 設定ファイルとして /etc/yum.repos.d/kubernetes.repo ファイルを生成します。

# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=1
> repo_gpgcheck=1
> gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
> EOF

(2) Kubernetesのインストール

 YUMでKubernetesをインストールします。 必要なものは kubelet と kubeadm と kubectl です。 ノードでも3つともすべて必要かは正確に調べていませんが、kubectlは不要かも? でも念のためマスタサーバと同じものをインストールしておきます。

# yum -y install kubelet kubeadm kubectl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.riken.jp
 * extras: ftp.riken.jp
 * updates: ftp.riken.jp
kubernetes/signature                                                                             |  454 B  00:00:00
Retrieving key from https://packages.cloud.google.com/yum/doc/yum-key.gpg
Importing GPG key 0xA7317B0F:
 Userid     : "Google Cloud Packages Automatic Signing Key <gc-team@google.com>"
 Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f
 From       : https://packages.cloud.google.com/yum/doc/yum-key.gpg
Retrieving key from https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
kubernetes/signature                                                                             | 1.4 kB  00:00:00 !!!
kubernetes/primary                                                                               |  29 kB  00:00:00
kubernetes                                                                                                      205/205
Resolving Dependencies
--> Running transaction check
---> Package kubeadm.x86_64 0:1.10.2-0 will be installed
--> Processing Dependency: kubernetes-cni for package: kubeadm-1.10.2-0.x86_64
---> Package kubectl.x86_64 0:1.10.2-0 will be installed
---> Package kubelet.x86_64 0:1.10.2-0 will be installed
--> Processing Dependency: socat for package: kubelet-1.10.2-0.x86_64
--> Processing Dependency: ebtables for package: kubelet-1.10.2-0.x86_64
--> Running transaction check
---> Package ebtables.x86_64 0:2.0.10-16.el7 will be installed
---> Package kubernetes-cni.x86_64 0:0.6.0-0 will be installed
---> Package socat.x86_64 0:1.7.3.2-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                        Arch                   Version                         Repository                  Size
========================================================================================================================
Installing:
 kubeadm                        x86_64                 1.10.2-0                        kubernetes                  17 M
 kubectl                        x86_64                 1.10.2-0                        kubernetes                 7.6 M
 kubelet                        x86_64                 1.10.2-0                        kubernetes                  17 M
Installing for dependencies:
 ebtables                       x86_64                 2.0.10-16.el7                   base                       123 k
 kubernetes-cni                 x86_64                 0.6.0-0                         kubernetes                 8.6 M
 socat                          x86_64                 1.7.3.2-2.el7                   base                       290 k

Transaction Summary
========================================================================================================================
Install  3 Packages (+3 Dependent packages)

Total download size: 51 M
Installed size: 273 M
Downloading packages:
(1/6): ebtables-2.0.10-16.el7.x86_64.rpm                                                         | 123 kB  00:00:00
warning: /var/cache/yum/x86_64/7/kubernetes/packages/32e8bd812a3944ccf07750d52088a118fa11493d34e009e2873317e0f0b0dfd2-kubectl-1.10.2-0.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 3e1ba8d5: NOKEY
Public key for 32e8bd812a3944ccf07750d52088a118fa11493d34e009e2873317e0f0b0dfd2-kubectl-1.10.2-0.x86_64.rpm is not installed
(2/6): 32e8bd812a3944ccf07750d52088a118fa11493d34e009e2873317e0f0b0dfd2-kubectl-1.10.2-0.x86_64. | 7.6 MB  00:00:03
(3/6): b754a6990af7d7012189610b0dc69e6e950c13a8c415b9ebea8d56352e9719fd-kubeadm-1.10.2-0.x86_64. |  17 MB  00:00:04
(4/6): socat-1.7.3.2-2.el7.x86_64.rpm                                                            | 290 kB  00:00:00
(5/6): fe33057ffe95bfae65e2f269e1b05e99308853176e24a4d027bc082b471a07c0-kubernetes-cni-0.6.0-0.x | 8.6 MB  00:00:03
(6/6): bdee083331998c4631bf6653454c584fb796944fe97271906acbaacbf340e1d5-kubelet-1.10.2-0.x86_64. |  17 MB  00:00:07
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   4.5 MB/s |  51 MB  00:00:11
Retrieving key from https://packages.cloud.google.com/yum/doc/yum-key.gpg
Importing GPG key 0xA7317B0F:
 Userid     : "Google Cloud Packages Automatic Signing Key <gc-team@google.com>"
 Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f
 From       : https://packages.cloud.google.com/yum/doc/yum-key.gpg
Retrieving key from https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
Importing GPG key 0x3E1BA8D5:
 Userid     : "Google Cloud Packages RPM Signing Key <gc-team@google.com>"
 Fingerprint: 3749 e1ba 95a8 6ce0 5454 6ed2 f09c 394c 3e1b a8d5
 From       : https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ebtables-2.0.10-16.el7.x86_64                                                                        1/6
  Installing : socat-1.7.3.2-2.el7.x86_64                                                                           2/6
  Installing : kubernetes-cni-0.6.0-0.x86_64                                                                        3/6
  Installing : kubelet-1.10.2-0.x86_64                                                                              4/6
  Installing : kubectl-1.10.2-0.x86_64                                                                              5/6
  Installing : kubeadm-1.10.2-0.x86_64                                                                              6/6
  Verifying  : kubectl-1.10.2-0.x86_64                                                                              1/6
  Verifying  : kubelet-1.10.2-0.x86_64                                                                              2/6
  Verifying  : kubeadm-1.10.2-0.x86_64                                                                              3/6
  Verifying  : socat-1.7.3.2-2.el7.x86_64                                                                           4/6
  Verifying  : kubernetes-cni-0.6.0-0.x86_64                                                                        5/6
  Verifying  : ebtables-2.0.10-16.el7.x86_64                                                                        6/6

Installed:
  kubeadm.x86_64 0:1.10.2-0              kubectl.x86_64 0:1.10.2-0              kubelet.x86_64 0:1.10.2-0

Dependency Installed:
  ebtables.x86_64 0:2.0.10-16.el7         kubernetes-cni.x86_64 0:0.6.0-0         socat.x86_64 0:1.7.3.2-2.el7

Complete!

(3) kubeletの自動起動設定

 kubeletの自動起動設定を行います。 後続の手順でKubernetesクラスタへの参加(kubeadm join)を行いますが、 このタイミングでkubeletが勝手に起動されるので、ここでは起動する必要はありません。

# systemctl status kubelet.service
● kubelet.service - kubelet: The Kubernetes Node Agent
   Loaded: loaded (/etc/systemd/system/kubelet.service; disabled; vendor preset: disabled) ←自動起動無効
  Drop-In: /etc/systemd/system/kubelet.service.d
           mq10-kubeadm.conf
   Active: inactive (dead)
     Docs: http://kubernetes.io/docs/
# systemctl enable kubelet.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /etc/systemd/system/kubelet.service.
# systemctl status kubelet.service
● kubelet.service - kubelet: The Kubernetes Node Agent
   Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled) ←自動起動有効
  Drop-In: /etc/systemd/system/kubelet.service.d
           mq10-kubeadm.conf
   Active: inactive (dead)
     Docs: http://kubernetes.io/docs/

(4) カーネルパラメータの設定

 RHELやCentOSのバージョン7ではiptablesがバイパスされているため通信が正しくルーティングされない問題が 報告されているようで、これを回避するための設定を行います。

# cat <<EOF >  /etc/sysctl.d/k8s.conf ←sysctlの設定ファイル作成
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
# sysctl --system ←sysctlの設定ファイルのロード
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/99-docker.conf ...
fs.may_detach_mounts = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
* Applying /etc/sysctl.conf ...

(5) cgroupドライバの設定確認

 Dockerとkubeletで同じcgroupドライバを使用していることを確認します。 今回の手順ではcgroupドライバにどちらもsystemdが設定されていたので、特に設定変更は必要ありませんでした。 以下、確認手順のみ参考に。

# docker info | grep -i cgroup
  WARNING: You're not using the default seccomp profile
Cgroup Driver: systemd ←systemdが設定されている
# cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true"
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local"
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd" ←systemdが設定されている
Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CGROUP_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS

(6) Kubernetesクラスタへの参加

 ここがメインです。マスタサーバで構築したKubernetesクラスタに参加します。 参加するためのコマンドは、マスタサーバで kubeadm init を実行したときに表示されたものを そのまま実行するだけです。

# kubeadm join 172.31.29.161:6443 --token i5yacl.dq5e9blx3wf0j5u7 --discovery-token-ca-cert-hash sha256:091f5435dc60028666ce9f8f8541b0709e0b48a20809644dcf2ab3ece5875339
[preflight] Running pre-flight checks.
        [WARNING FileExisting-crictl]: crictl not found in system path
Suggestion: go get github.com/kubernetes-incubator/cri-tools/cmd/crictl
[discovery] Trying to connect to API Server "172.31.29.161:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://172.31.29.161:6443"
[discovery] Requesting info from "https://172.31.29.161:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "172.31.29.161:6443"
[discovery] Successfully established connection with API Server "172.31.29.161:6443"

This node has joined the cluster:
* Certificate signing request was sent to master and a response
  was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

 以上でノードの構築は完了です。

動作テスト

(1) Kubernetesのノード確認 ※マスタサーバで実行

 Kubernetesのマスタサーバでノードの一覧を表示してみます。 マスタサーバ1台とノード 1台の計2台が表示されるはずです。 これはノード上ではなく、Kubernetesのマスタサーバ上で実行してください。 ノード上で実行してもエラーになります。

# kubectl get nodes
NAME                                               STATUS    ROLES     AGE       VERSION
ip-172-31-21-206.ap-northeast-1.compute.internal   Ready     <none>    41s       v1.10.2 ←ノード
ip-172-31-29-161.ap-northeast-1.compute.internal   Ready     master    58m       v1.10.2 ←マスタサーバ

 なお、 kube join 実行後、すぐにこの確認を行うと、STATUS が NotReady と表示される場合があります。 1分程度待ってから再度実行すると Ready に変わっていると思います。

(2) kubeletの起動確認

 先の手順でkubeletの起動は行いませんでしたが、クラスタの参加の過程で正常に起動していることを念のため確認します。

# systemctl status kubelet.service
● kubelet.service - kubelet: The Kubernetes Node Agent
   Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/kubelet.service.d
           mq10-kubeadm.conf
   Active: active (running) since Fri 2018-05-18 15:48:04 UTC; 2 days ago ←起動状態
     Docs: http://kubernetes.io/docs/
 Main PID: 1759 (kubelet)
   CGroup: /system.slice/kubelet.service
           mq1759 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/ku...

May 21 14:18:11 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: W0521 14:18:11.159449    1759 contai...7
May 21 14:18:11 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: W0521 14:18:11.159465    1759 contai...7
May 21 14:18:11 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: W0521 14:18:11.159536    1759 contai...9
May 21 14:18:11 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: W0521 14:18:11.159542    1759 contai...9
May 21 14:18:17 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: E0521 14:18:17.317936    1759 summary...
May 21 14:18:17 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: E0521 14:18:17.317955    1759 summar..."
May 21 14:18:27 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: E0521 14:18:27.325552    1759 summary...
May 21 14:18:27 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: E0521 14:18:27.325572    1759 summar..."
May 21 14:18:37 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: E0521 14:18:37.333621    1759 summary...
May 21 14:18:37 ip-172-31-29-161.ap-northeast-1.compute.internal kubelet[1759]: E0521 14:18:37.333644    1759 summar..."
Hint: Some lines were ellipsized, use -l to show in full.

参考にしたサイト

 Kubernetesの公式サイト kubernetes.io に掲載されている手順を参考にしました。 ほぼこのサイトの手順通りに構築しています。