K3s+MetalLBを使ってみる
はじめに
今回は軽量なKubernetesと言われるK3sを使ってみたかったので、導入時のメモとMetalLBを導入したログを残す
VagrantでVMを作成
ホストを汚したくないので、VMを作ることにする
Vagrantfile
# -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure("2") do |config| config.vm.box = "bento/ubuntu-18.04" config.vm.network "private_network", ip: "192.168.33.10" config.vm.provider "virtualbox" do |vb| vb.memory = "4096" end end
あとはVagrantfileがあるディレクトリでvagrant upを実行してSSHログインする
$ vagrant up Bringing machine 'default' up with 'virtualbox' provider... ==> default: Importing base box 'bento/ubuntu-18.04'... ==> default: Matching MAC address for NAT networking... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ vagrant ssh Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-29-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Thu Jun 4 13:28:17 UTC 2020 System load: 0.0 Processes: 89 Usage of /: 2.4% of 61.80GB Users logged in: 0 Memory usage: 3% IP address for eth0: 10.0.2.15 Swap usage: 0% IP address for eth1: 192.168.33.10 0 packages can be updated. 0 updates are security updates. vagrant@vagrant:~$
k3sをインストールする前に、rootになってパッケージのアップデートを行っておく
vagrant@vagrant:~$ sudo su - root@vagrant:~# apt update
k3sをインストール
k3sを公式ドキュメントにあるコマンドでインストールしていくが、MetalLBを使いたいのでk3sのデフォルトのservice podをデプロイしないようにオプションを追加する
k3sのデフォルトのLoadBlancerを無効にするのは公式ドキュメントを参照した
root@vagrant:~# curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable servicelb" sh - [INFO] Finding release for channel stable [INFO] Using v1.18.3+k3s1 as release [INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v1.18.3+k3s1/sha256sum-amd64.txt [INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v1.18.3+k3s1/k3s [INFO] Verifying binary download [INFO] Installing k3s to /usr/local/bin/k3s [INFO] Creating /usr/local/bin/kubectl symlink to k3s [INFO] Creating /usr/local/bin/crictl symlink to k3s [INFO] Creating /usr/local/bin/ctr symlink to k3s [INFO] Creating killall script /usr/local/bin/k3s-killall.sh [INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh [INFO] env: Creating environment file /etc/systemd/system/k3s.service.env [INFO] systemd: Creating service file /etc/systemd/system/k3s.service [INFO] systemd: Enabling k3s unit Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service. [INFO] systemd: Starting k3s root@vagrant:~# kubectl get nodes NAME STATUS ROLES AGE VERSION vagrant Ready master 80s v1.18.3+k3s1 root@vagrant:~#
何事もなくインストールできた
MetalLBを導入
MetalLB, bare metal load-balancer for Kubernetes 公式ドキュメントのinstallation通りに進めていく
root@vagrant:~# kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml namespace/metallb-system created root@vagrant:~# kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml podsecuritypolicy.policy/controller created podsecuritypolicy.policy/speaker created serviceaccount/controller created serviceaccount/speaker created clusterrole.rbac.authorization.k8s.io/metallb-system:controller created clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created role.rbac.authorization.k8s.io/config-watcher created role.rbac.authorization.k8s.io/pod-lister created clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created rolebinding.rbac.authorization.k8s.io/config-watcher created rolebinding.rbac.authorization.k8s.io/pod-lister created daemonset.apps/speaker created deployment.apps/controller created root@vagrant:~# kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" secret/memberlist created root@vagrant:~# root@vagrant:~# kubectl get pods,svc -n metallb-system NAME READY STATUS RESTARTS AGE pod/controller-57f648cb96-s7kj7 1/1 Running 0 2m30s pod/speaker-m7w9n 1/1 Running 0 2m30s root@vagrant:~#
L2modeで利用したいので、configmapも追加でapplyしておく
Vagrantで作成したVMのprivate networkのアドレス帯が192.168.33.0/24なのでそのアドレス帯からLBのIPと使用できるように記載した
metallb-configmap.yaml
apiVersion: v1 kind: ConfigMap metadata: namespace: metallb-system name: config data: config: | address-pools: - name: default protocol: layer2 addresses: - 192.168.33.50-192.168.33.100
ConfigMapの適用
root@vagrant:~# kubectl apply -f metallb-configmap.yaml configmap/config created root@vagrant:~#
Pod + Serviceを作成してみる
導入が全て済んだので、実際にk8sのPodとServiceが動作するか試してみる お馴染み(?)のnginxを作成してみる
nginx.yaml
--- apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 2 selector: matchLabels: app: web-app template: metadata: labels: app: web-app spec: containers: - name: nginx-container image: nginx:1.12 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: nginx-service annotations: cloud.google.com/load-balancer-type: "Internal" spec: type: LoadBalancer ports: - name: "http-port" protocol: "TCP" port: 80 targetPort: 80 selector: app: web-app
デプロイ
root@vagrant:~# kubectl get pods,svc NAME READY STATUS RESTARTS AGE pod/nginx-deployment-964cb4cfd-bnmlc 1/1 Running 0 23s pod/nginx-deployment-964cb4cfd-fm6g5 1/1 Running 0 23s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 16m service/nginx-service LoadBalancer 10.43.36.24 192.168.33.51 80:30456/TCP 23s
PodおよびServiceがデプロイできた EXTERNAL-IPに対してcurlしてみる
root@vagrant:~# curl 192.168.33.51 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> root@vagrant:~#
無事アクセスできた
ちなみにlogsも見てみる
root@vagrant:~# kubectl logs pod/nginx-deployment-964cb4cfd-bnmlc 10.42.0.1 - - [04/Jun/2020:14:03:01 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.58.0" "-" root@vagrant:~#
最後に
試したかったk3sとMetalLBの導入ができた
今回は1台でMaster/Nodeの兼用だったが、Nodeの追加もできるとのことなので機会があれば試してみたいところ
とても導入が楽だったので、軽いアプリの運用や手軽なデモ・習熟環境としてはすぐ使えそう