Pharos 2.0を試す -とっかかり
Kubernetes ディストリビューションである Kontena Pharos のバージョン2.0がリリースされました。
ひとまずセットアップに挑んでみます。
公式ドキュメントはこちら。
https://pharos.sh/docs/install.html
(1) Kontena アカウントを持っていない人は先に作成しておきます。
https://account.kontena.io/signup
(2) 手元のマシンないしデプロイサーバーで、以下のコマンドを実施します。
# curl -s https://get.pharos.sh | bash
(3) Pharos(kubernetes)をインストールするサーバにアカウントを作成し、sudoersに登録します。
手元のマシンからssh-copyidを行いパスワード入力無しで ssh ログインできるようにしておきます。
(4) 手元のマシンにツールを導入します。
$ source /usr/local/share/chpharos/chpharos.sh $ chpharos --version chpharos 0.4.0 $ chpharos login Log in using your Kontena Account credentials Visit https://account.kontena.io/ to register a new account. Username: (kontena account名) Password: (kontena accountのパスワード) Logged in $ chpharos install latest Downloading 'pharos-cluster' (23768560 bytes) from https://get.pharos.sh/versions/download/pharos-cluster-linux-amd64-2.0.0+oss .. ######################################################################## 100.0% Verifying download SHA256 checksum.. OK Downloading 'kubectl' (55422633 bytes) from https://storage.googleapis.com/kubernetes-release/release/v1.11.4/bin/linux/amd64/kubectl .. ######################################################################## 100.0% Verifying download SHA256 checksum.. OK Downloading 'pharos_license' (869 bytes) from https://raw.githubusercontent.com/kontena/pharos-cluster/v2.0.0/LICENSE .. ######################################################################## 100.0% Verifying download SHA256 checksum.. OK Downloading 'kubectl_license' (11358 bytes) from https://raw.githubusercontent.com/kubernetes/kubernetes/v1.11.4/LICENSE .. ######################################################################## 100.0% Verifying download SHA256 checksum.. OK Installed version 2.0.0+oss. To set as current, use: chpharos use 2.0.0+oss The following license files were downloaded, by continuing to use the tools, you agree to the terms: /home/sysop/.pharos/chpharos/versions/2.0.0+oss/pharos_license /home/sysop/.pharos/chpharos/versions/2.0.0+oss/kubectl_license $ chpharos list 2.0.0+oss $ chpharos use 2.0.0+oss using pharos version 2.0.0+oss $ chpharos current 2.0.0+oss (set via chpharos use command) $ pharos --version pharos-cluster 2.0.0+oss
(5) 手元のマシンで cluster.yml を作成します。ここでは最小構成で(pluginを欲張ってますが)。
hosts: - address: "10.0.0.hoe" user: kontenaadmin (インストール先サーバで作成&sudoers登録したアカウント) role: master network: provider: weave addons: ingress-nginx: enabled: true openebs: enabled: true host-upgrades: enabled: true schedule: "0 6 * * *" schedule_window: 1h reboot: true
(6) 手元のマシンで以下コマンドを実施します。
$ pharos up -c cluster.yml ==> KONTENA PHAROS v2.0.0+oss (Kubernetes v1.11.4) ==> Reading instructions ... ==> Sharpening tools ... ==> Check for Pharos upgrade @ localhost [localhost] Checking for a new version ... ==> Gather host facts @ 10.0.0.hoge [10.0.0.hoge] Checking sudo access ... [10.0.0.hoge] Gathering host facts ... ==> Configure kube client @ foo-bar ==> Validate hosts @ foo-bar [foo-bar] Validating current role matches ... [foo-bar] Validating distro and version ... [foo-bar] Validating host configuration ... [foo-bar] Validating hostname uniqueness ... [foo-bar] Validating host routes ... [foo-bar] Validating localhost dns resolve ... [foo-bar] Validating peer address ... ==> Validate cluster version @ foo-bar ==> Using following software versions: cfssl: 1.2 docker: 1.13.1 etcd: 3.2.18 kubernetes: 1.11.4 metrics-server: 0.2.1 weave-net: 2.4.1 ==> Using following addons: ingress-nginx: 0.17.1 openebs: 0.5.3 host-upgrades: 0.3.0 ==> Configuration is generated and shown below: --- hosts: - address: 10.0.0.hoge private_address: private_interface: role: master user: sysop container_runtime: docker network: provider: weave service_cidr: 10.96.0.0/12 pod_network_cidr: 10.32.0.0/12 kube_proxy: mode: iptables api: {} authentication: {} audit: file: path: "/var/log/kubernetes/audit.json" max_age: 30 max_backups: 20 max_size: 100 kubelet: read_only_port: false telemetry: enabled: true pod_security_policy: default_policy: 00-pharos-privileged image_repository: registry.pharos.sh/kontenapharos addon_paths: [] addons: ingress-nginx: enabled: true openebs: enabled: true host-upgrades: enabled: true schedule: 0 6 * * * schedule_window: 1h reboot: true container_runtime: insecure_registries: [] Continue? (インストール概要が表示された後ここで確認が入るので Y を回答して Enter で決定します) Continue? Yes ==> Starting to craft cluster ... ==> Migrate master @ foo-bar ==> Configure hosts @ foo-bar [foo-bar] Configuring script helpers ... [foo-bar] Configuring essential packages ... [foo-bar] Configuring package repositories ... [foo-bar] Configuring netfilter ... [foo-bar] Configuring container runtime (docker) packages ... ==> Configure kube client @ foo-bar ==> Configure cfssl @ foo-bar [foo-bar] Installing cfssl ... ==> Configure etcd certificate authority @ foo-bar [foo-bar] Configuring etcd certificate authority ... [foo-bar] Caching certificate authority files to memory ... ==> Configure etcd member changes @ foo-bar ==> Configure etcd @ foo-bar [foo-bar] Configuring etcd certs ... [foo-bar] Configuring etcd ... [foo-bar] Waiting for etcd to respond ... ==> Configure secrets encryption @ foo-bar [foo-bar] Generating new encryption keys ... [foo-bar] Creating secrets encryption configuration ... ==> Setup master configuration files @ foo-bar ==> Upgrade master @ foo-bar [foo-bar] Kubernetes control plane is up-to-date. ==> Configure kubelet @ foo-bar [foo-bar] Configuring Kubernetes packages ... [foo-bar] Configuring kubelet ... ==> Configure master @ foo-bar [foo-bar] Checking if Kubernetes control plane is already initialized ... [foo-bar] Kubernetes control plane is not initialized. [foo-bar] Initializing control plane (v1.11.4) ... [foo-bar] Initialization of control plane succeeded! ==> Configure kube client @ foo-bar [foo-bar] Fetching kubectl config ... ==> Load cluster configuration @ foo-bar ==> Configure pod security policies @ foo-bar [foo-bar] Configuring default pod security policies ... ==> Configure DNS @ foo-bar [foo-bar] Patching coredns deployment with 1 replicas (max-surge 0, max-unavailable 1)... ==> Configure Weave network @ foo-bar [foo-bar] Configuring overlay network shared secret ... [foo-bar] Configuring overlay network ... ==> Configure bootstrap tokens @ foo-bar [foo-bar] No new nodes, skipping bootstrap token creation ... ==> Label nodes @ foo-bar [foo-bar] No labels or taints set ... ==> Configure metrics @ foo-bar [foo-bar] Configuring metrics server ... ==> Configure telemetry @ foo-bar [foo-bar] Configuring telemetry service ... ==> Configuring addons ... ==> Enabling addon ingress-nginx ==> Enabling addon openebs ==> Enabling addon host-upgrades ==> Store cluster configuration @ foo-bar [foo-bar] Storing cluster configuration to configmap ... ==> Cluster has been crafted! (took 4 minutes 5 seconds) To configure kubectl for connecting to the cluster, use: pharos-cluster kubeconfig -c cluster.yml > kubeconfig export KUBECONFIG=./kubeconfig
以上でインストール先サーバに kubernetes 環境が構築できました。
試しにインストール先サーバのプロセスを見るとこのような感じです。
systemd,1 --switched-root --system --deserialize 22 |-NetworkManager,458 --no-daemon | |-dhclient,597 -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-eth0.pid -lf... | |-{NetworkManager},470 | `-{NetworkManager},474 |-acpid,335 |-agetty,433 --noclear tty1 linux |-agetty,435 --keep-baud 115200 38400 9600 ttyS0 vt220 |-auditd,274 | `-{auditd},275 |-chronyd,332,chrony |-crond,422 -n |-dbus-daemon,327,dbus --system --address=systemd: --nofork --nopidfile --systemd-activation | `-{dbus-daemon},362 |-dockerd-current,13708 --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc ... | |-docker-containe,13713 -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0--start-timeo | | |-docker-containe,14162 c8bb700dcaf9b432433e10ae4c17593fbeb14055192a3307dacb473cf4da4f23/var/run/docker/libcontaine | | | |-pause,14179 | | | |-{docker-containe},14163 | | | |-{docker-containe},14164 | | | |-{docker-containe},14165 | | | |-{docker-containe},14166 | | | |-{docker-containe},14167 | | | |-{docker-containe},14168 | | | |-{docker-containe},14169 | | | `-{docker-containe},14171 | | |-docker-containe,14248 7c3a13ec3aab3104f50ab4e95a31d50ff5681c69e3e7725c9f4edd20ccfcef01/var/run/docker/libcontaine | | | |-etcd,14263 --name=foo-bar --cert-file=/etc/kubernetes/pki/etcd/server.pem ... | | | | |-{etcd},14283 | | | | |-{etcd},14284 | | | | |-{etcd},14285 | | | | |-{etcd},14286 | | | | |-{etcd},14287 | | | | |-{etcd},14296 | | | | |-{etcd},14298 | | | | |-{etcd},15238 | | | | `-{etcd},15416 | | | |-{docker-containe},14249 | | | |-{docker-containe},14250 | | | |-{docker-containe},14251 | | | |-{docker-containe},14252 | | | |-{docker-containe},14253 | | | |-{docker-containe},14255 | | | |-{docker-containe},14259 | | | `-{docker-containe},14276 | | |-docker-containe,15064 856d720ac41fa01b32bac59df1f1857429fd97199aa855261dbed902f3fac93c/var/run/docker/libcontaine | | | |-kube-controller,15088 --horizontal-pod-autoscaler-use-rest-clients=true --address=127.0.0.1 ... | | | | |-{kube-controller},15170 | | | | |-{kube-controller},15171 | | | | |-{kube-controller},15172 | | | | |-{kube-controller},15173 | | | | |-{kube-controller},15208 | | | | |-{kube-controller},15210 | | | | |-{kube-controller},15409 | | | | `-{kube-controller},15410 | | | |-{docker-containe},15065 | | | |-{docker-containe},15066 | | | |-{docker-containe},15067 | | | |-{docker-containe},15068 | | | |-{docker-containe},15070 | | | |-{docker-containe},15071 | | | |-{docker-containe},15072 | | | `-{docker-containe},15152 | | |-docker-containe,15077 0f6089a1281eae2594a9ffa4cee203255e60a1188c39653af6751d05c1b46256/var/run/docker/libcontaine | | | |-kube-apiserver,15102 --audit-log-maxage=30 --audit-log-maxbackup=20 --audit-log-maxsize=100... | | | | |-{kube-apiserver},15147 | | | | |-{kube-apiserver},15148 | | | | |-{kube-apiserver},15149 | | | | |-{kube-apiserver},15166 | | | | |-{kube-apiserver},15191 | | | | |-{kube-apiserver},15201 | | | | |-{kube-apiserver},15202 | | | | |-{kube-apiserver},15236 | | | | `-{kube-apiserver},15237 | | | |-{docker-containe},15078 | | | |-{docker-containe},15079 | | | |-{docker-containe},15080 | | | |-{docker-containe},15083 | | | |-{docker-containe},15084 | | | |-{docker-containe},15086 | | | |-{docker-containe},15089 | | | `-{docker-containe},15090 | | |-docker-containe,15108 ca8aa1b5e49cb945eefdc43c24dc154dfdf59c022a3a153fe8bc8078809cdf24/var/run/docker/libcontaine | | | |-kube-scheduler,15139 --address=127.0.0.1 --kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=true | | | | |-{kube-scheduler},15183 | | | | |-{kube-scheduler},15184 | | | | |-{kube-scheduler},15185 | | | | |-{kube-scheduler},15192 | | | | |-{kube-scheduler},15204 | | | | |-{kube-scheduler},15205 | | | | |-{kube-scheduler},15206 | | | | |-{kube-scheduler},15207 | | | | `-{kube-scheduler},16512 | | | |-{docker-containe},15116 | | | |-{docker-containe},15117 | | | |-{docker-containe},15118 | | | |-{docker-containe},15119 | | | |-{docker-containe},15120 | | | |-{docker-containe},15125 | | | |-{docker-containe},15126 | | | `-{docker-containe},15177 | | |-docker-containe,15417 8ceea0be2708072d1394d067db26f6739e9902e951682a5585f6b8e9d783325f/var/run/docker/libcontaine | | | |-pause,15439 | | | |-{docker-containe},15418 | | | |-{docker-containe},15419 | | | |-{docker-containe},15420 | | | |-{docker-containe},15421 | | | |-{docker-containe},15422 | | | |-{docker-containe},15423 | | | |-{docker-containe},15424 | | | `-{docker-containe},15534 | | |-docker-containe,15429 4bacdf4f148c70734705c9211ea14a20ca84e60984de5b2c11b11b4c3537ea20/var/run/docker/libcontaine | | | |-pause,15456 | | | |-{docker-containe},15434 | | | |-{docker-containe},15435 | | | |-{docker-containe},15436 | | | |-{docker-containe},15441 | | | |-{docker-containe},15445 | | | |-{docker-containe},15447 | | | |-{docker-containe},15448 | | | `-{docker-containe},15472 | | |-docker-containe,15574 c55bec88bdca6133bf8e0265e54a13662a71e92cc40d613ae7de39b041f6915e/var/run/docker/libcontaine | | | |-kube-proxy,15598 --config=/var/lib/kube-proxy/config.conf | | | | |-{kube-proxy},15638 | | | | |-{kube-proxy},15639 | | | | |-{kube-proxy},15640 | | | | |-{kube-proxy},15651 | | | | |-{kube-proxy},15789 | | | | `-{kube-proxy},17157 | | | |-{docker-containe},15576 | | | |-{docker-containe},15577 | | | |-{docker-containe},15578 | | | |-{docker-containe},15579 | | | |-{docker-containe},15580 | | | |-{docker-containe},15581 | | | |-{docker-containe},15586 | | | `-{docker-containe},15594 | | |-docker-containe,16006 790a065c54977e569b9af0c73e7a272ae933b2065543c0339966a67078fcaf30/var/run/docker/libcontaine | | | |-launch.sh,16022 /home/weave/launch.sh | | | | `-weaver,16092 --port=6783 --datapath=datapath --name=2a:58:7f:c9:a6:8e --host-root=/host ... | | | | |-{weaver},16094 | | | | |-{weaver},16095 | | | | |-{weaver},16096 | | | | |-{weaver},16097 | | | | |-{weaver},16099 | | | | |-{weaver},16100 | | | | |-{weaver},16101 | | | | |-{weaver},16191 | | | | |-{weaver},16192 | | | | |-{weaver},16193 | | | | |-{weaver},16194 | | | | |-{weaver},16202 | | | | |-{weaver},16210 | | | | `-{weaver},16211 | | | |-{docker-containe},16007 | | | |-{docker-containe},16008 | | | |-{docker-containe},16009 | | | |-{docker-containe},16010 | | | |-{docker-containe},16011 | | | |-{docker-containe},16012 | | | |-{docker-containe},16013 | | | `-{docker-containe},16034 | | |-docker-containe,16376 0093170521f5093cc2e67ac168dc30407ebee4d9472f295522b82962165ca432/var/run/docker/libcontaine | | | |-weave-npc,16393 | | | | |-ulogd,16422 -v | | | | |-{weave-npc},16408 | | | | |-{weave-npc},16409 | | | | |-{weave-npc},16410 | | | | |-{weave-npc},16411 | | | | |-{weave-npc},16412 | | | | |-{weave-npc},16413 | | | | |-{weave-npc},16435 | | | | |-{weave-npc},16436 | | | | `-{weave-npc},16456 | | | |-{docker-containe},16377 | | | |-{docker-containe},16378 | | | |-{docker-containe},16379 | | | |-{docker-containe},16380 | | | |-{docker-containe},16381 | | | |-{docker-containe},16383 | | | |-{docker-containe},16387 | | | `-{docker-containe},16388 | | |-docker-containe,16513 5983cab6d9bf5f7f9bed8a5fea3d7f47491d8fa89fe10e6cc8434cda11315b21/var/run/docker/libcontaine | | | |-pause,16530 | | | |-{docker-containe},16514 | | | |-{docker-containe},16515 | | | |-{docker-containe},16516 | | | |-{docker-containe},16517 | | | |-{docker-containe},16518 | | | |-{docker-containe},16520 | | | |-{docker-containe},16521 | | | `-{docker-containe},16548 | | |-docker-containe,16618 faf3a7049527895a7d1393ea73aaca0e14696284c9cf045cbf319263a5b02e4d/var/run/docker/libcontaine | | | |-pause,16634 | | | |-{docker-containe},16619 | | | |-{docker-containe},16620 | | | |-{docker-containe},16621 | | | |-{docker-containe},16622 | | | |-{docker-containe},16623 | | | |-{docker-containe},16624 | | | |-{docker-containe},16625 | | | `-{docker-containe},16651 | | |-docker-containe,16720 hogehogehogehoge/var/run/docker/libcontaine | | | |-pause,16736 | | | |-{docker-containe},16721 | | | |-{docker-containe},16722 | | | |-{docker-containe},16723 | | | |-{docker-containe},16724 | | | |-{docker-containe},16725 | | | |-{docker-containe},16727 | | | |-{docker-containe},16728 | | | `-{docker-containe},16753 | | |-docker-containe,16786 takotako/var/run/docker/libcontaine | | | |-coredns,16802 -conf /etc/coredns/Corefile | | | | |-{coredns},16821 | | | | |-{coredns},16822 | | | | |-{coredns},16823 | | | | |-{coredns},16824 | | | | |-{coredns},16832 | | | | |-{coredns},16833 | | | | |-{coredns},16835 | | | | |-{coredns},16837 | | | | `-{coredns},17085 | | | |-{docker-containe},16787 | | | |-{docker-containe},16788 | | | |-{docker-containe},16789 | | | |-{docker-containe},16790 | | | |-{docker-containe},16791 | | | |-{docker-containe},16793 | | | |-{docker-containe},16797 | | | `-{docker-containe},16798 | | |-docker-containe,16877 foobarfoobar/var/run/docker/libcontaine | | | |-metrics-server,16894... | | | | |-{metrics-server},16912 | | | | |-{metrics-server},16913 | | | | |-{metrics-server},16914 | | | | |-{metrics-server},16923 | | | | |-{metrics-server},16924 | | | | `-{metrics-server},23149 | | | |-{docker-containe},16878 | | | |-{docker-containe},16879 | | | |-{docker-containe},16880 | | | |-{docker-containe},16881 | | | |-{docker-containe},16882 | | | |-{docker-containe},16883 | | | |-{docker-containe},16884 | | | `-{docker-containe},16886 | | |-docker-containe,17029 b0hogehogehogehoge/var/run/docker/libcontaine | | | |-pharos-host-upg,17045 --schedule=0 6 * * * --schedule-window=3600s --reboot --drain | | | | |-{pharos-host-upg},17063 | | | | |-{pharos-host-upg},17064 | | | | |-{pharos-host-upg},17065 | | | | |-{pharos-host-upg},17066 | | | | |-{pharos-host-upg},17077 | | | | |-{pharos-host-upg},17078 | | | | `-{pharos-host-upg},17079 | | | |-{docker-containe},17030 | | | |-{docker-containe},17031 | | | |-{docker-containe},17032 | | | |-{docker-containe},17033 | | | |-{docker-containe},17034 | | | |-{docker-containe},17035 | | | |-{docker-containe},17036 | | | `-{docker-containe},17057 | | |-{docker-containe},13714 | | |-{docker-containe},13715 | | |-{docker-containe},13716 | | |-{docker-containe},13717 | | |-{docker-containe},13718 | | |-{docker-containe},13719 | | |-{docker-containe},13722 | | |-{docker-containe},14191 | | |-{docker-containe},14278 | | |-{docker-containe},14282 | | |-{docker-containe},15037 | | |-{docker-containe},15059 | | |-{docker-containe},15063 | | |-{docker-containe},15151 | | |-{docker-containe},15155 | | |-{docker-containe},15474 | | |-{docker-containe},15482 | | |-{docker-containe},15540 | | |-{docker-containe},15556 | | |-{docker-containe},15627 | | |-{docker-containe},16549 | | |-{docker-containe},16656 | | |-{docker-containe},16657 | | |-{docker-containe},16816 | | |-{docker-containe},16905 | | |-{docker-containe},16907 | | |-{docker-containe},17147 | | `-{docker-containe},19213 | |-{dockerd-current},13709 | |-{dockerd-current},13710 | |-{dockerd-current},13711 | |-{dockerd-current},13712 | |-{dockerd-current},13720 | |-{dockerd-current},13721 | |-{dockerd-current},13723 | |-{dockerd-current},13725 | |-{dockerd-current},14238 | |-{dockerd-current},14955 | |-{dockerd-current},14962 | |-{dockerd-current},14963 | `-{dockerd-current},15488 |-kubelet,14881 --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf... | |-{kubelet},14883 | |-{kubelet},14884 | |-{kubelet},14885 | |-{kubelet},14886 | |-{kubelet},14887 | |-{kubelet},14888 | |-{kubelet},14889 | |-{kubelet},14892 | |-{kubelet},14905 | |-{kubelet},14921 | |-{kubelet},14922 | |-{kubelet},14939 | |-{kubelet},14942 | |-{kubelet},15200 | `-{kubelet},15607 |-lvmetad,13575 -f |-master,1092 -w | |-pickup,12724,postfix -l -t unix -u | `-qmgr,1122,postfix -l -t unix -u |-polkitd,320,polkitd --no-debug | |-{polkitd},349 | |-{polkitd},369 | |-{polkitd},392 | |-{polkitd},396 | `-{polkitd},401 |-rsyslogd,891 -n | |-{rsyslogd},895 | `-{rsyslogd},897 |-sshd,1095 -D | `-sshd,12476 |-systemd-journal,231 |-systemd-logind,375 |-systemd-udevd,260 `-tuned,892 -Es /usr/sbin/tuned -l -P |-{tuned},1187 |-{tuned},1188 |-{tuned},1191 `-{tuned},1218