Install minikube with Driver none and cri-dockerd on CentOS 9

kubernetes 2024. 6. 7. 18:20

minikube start --driver=none 환경으로 실행하기 위한 방법

driver=none 방식은 vm 같은곳에 설치하게되면 클러스터 접속을 위한 proxy가 필요없이 host의 IP로 바로 접근가능하여 k8s의 구조를 이해하는데 도움이 된다.

install minikube using docker, cri-dockerd on CentOS 9 stream

  • 2024-06-07 확인
    • runtime을 crio로 설치는 가능하지만 minikube addons enable시 오류 발생함
    • podman 설치하면 minikube start --driver=podman --force 실행가능함
      • 명령어를 minikube kubectl get po 이런식으로 하거나 alias kubectl="minikube kubectl --" 를 주면됨
        • 이 방식은 클러스터에 접근히기 위해서는 proxy 를 통해야함
    • crio를 설치하면 minikube start --driver=none --container-runtime=cri-o 시작가능함 ->

설치 순서

  • dnf update
  • install docker
  • install crio
  • install conntrack
  • install cri-dockerd
    • /etc/crictl.yaml 내용 확인
      • container rumtime 위치 확인 -> "runtime-endpoint: unix:///var/run/cri-dockerd.sock"
    • copy /etc/crio/crio.conf.d/10-crio.conf --> /etc/crio/crio.conf.d/02-crio.conf
  • install kubectl
  • install minikube
    • minikube start --driver=none --container-runtime=cri-o

update dnf

dnf update

install docker

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

sudo systemctl start docker

install crio

curl https://raw.githubusercontent.com/cri-o/packaging/main/get | bash
systemctl status crio
systemctl start crio
crio status info
crictl info

yum install -y conntrack

cri-dockerd 설치

아래 2개 모두 download필요함
소스에는 cri-dockerd 파일이 없다.

wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14.amd64.tgz
wget https://github.com/Mirantis/cri-dockerd/archive/refs/tags/v0.3.14.tar.gz


tar -xvf cri-dockerd-0.3.14.amd64.tgz
install -o root -g root -m 0755 ./cri-dockerd/cri-dockerd /usr/local/bin/cri-dockerd
install -o root -g root -m 0755 ./cri-dockerd/cri-dockerd /usr/bin/cri-dockerd

tar -xvf v0.3.14.tar.gz
install ./cri-dockerd-0.3.14/packaging/systemd/* /etc/systemd/system

systemctl daemon-reload
systemctl status cri-docker
systemctl enable cri-docker.service
systemctl start cri-docker.service


# /etc/crio/crio.conf.d/10-crio.conf 파일 복사
cp /etc/crio/crio.conf.d/10-crio.conf /etc/crio/crio.conf.d/02-crio.conf

Install kubectl

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

kubectl version

install minikube

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube


minikube start --driver=none 
# minikube start --driver=none  --container-runtime=cri-o --force

정상 동작확인.

  • cri-dockerd 설치 
    $ minikube profile list
|----------|-----------|---------|--------------|------|---------|---------|-------|----------------|--------------------|
| Profile  | VM Driver | Runtime |      IP      | Port | Version | Status  | Nodes | Active Profile | Active Kubecontext |
|----------|-----------|---------|--------------|------|---------|---------|-------|----------------|--------------------|
| minikube | none      | docker  | 10.30.147.175 | 8443 | v1.30.0 | Running |     1 | *              | *                  |
|----------|-----------|---------|--------------|------|---------|---------|-------|----------------|--------------------|

troubleshooting

containerd 로 설정하는 방법 -> minikube에서는 안된다

sudo containerd config default | sudo tee /etc/containerd/config.toml
sudo systemctl restart containerd

runtime을 docker로 사용하는 경우

cri-dockerd 설치 필수
cni-plugin 필요 없음

runtime을 containerd, cri-o로 사용하는 경우

설치는 되지만, minikube addons enable 하면 아래 오류 발생함
Exiting due to MK_ADDON_ENABLE_PAUSED: enabled failed: check paused: list paused:

❌  Exiting due to MK_ADDON_ENABLE_PAUSED: enabled failed: check paused: list paused: crictl list: sudo -s eval "crictl ps -a --quiet --label io.kubernetes.pod.namespace=kube-system": exit status 127
stdout:

stderr:
/bin/bash: line 1: crictl: command not found

crictl 설치 오류

crictl 설치후 /etc/crictl.yaml 파일 생성 내용 추가 필요
cri-dockerd 설치후 cri-dockerd.sock 오류 나면
visudo의 default secure path 에 /usr/local/bin 추가 필요

설치시 오류 발생

이렇게 하면 minikube addons enable dashboard 에서 오류 발생함

  • install docker, conntrack, minikube
    • minikube start --driver=none
    • crictl 필요하다고 오류남. GUEST_MISSING_CONNTRACK -> conntrack은 설치했지만 오류가 난다?
    • cni plugin 설치후 crictl info에서 오류 보임 /etc/cni/net.d/에 파일이 없다고
    • minikube start --driver=none 하면 cri-docerd가 필요하다고 실행 실패
    • containerd 를 기본으로 설정하고, crictl.yaml에 runtime-endpoint: unix:///var/run/containerd/containerd.sock 설정하고 minikube start --driver=none --container-runtime=containerd 해도 -> crictl 없다고 오류 발생
    • install crio -> minikube start 헤도 같은 crictl 오류남
    • crictl.yaml 내용을 crio.sock으로 변경
    • minikube start --driver=none --container-runtime=cri-o -> 실행됨 addons enable 하면 오류남

instll cni-plugin

없어도 된다

CNI_PLUGIN_VERSION="<version_here>"
CNI_PLUGIN_VERSION="v1.5.0"

# change arch if not on amd64
CNI_PLUGIN_TAR="cni-plugins-linux-amd64-$CNI_PLUGIN_VERSION.tgz" 
CNI_PLUGIN_INSTALL_DIR="/opt/cni/bin"

curl -LO "https://github.com/containernetworking/plugins/releases/download/$CNI_PLUGIN_VERSION/$CNI_PLUGIN_TAR"
sudo mkdir -p "$CNI_PLUGIN_INSTALL_DIR"
sudo tar -xf "$CNI_PLUGIN_TAR" -C "$CNI_PLUGIN_INSTALL_DIR"
rm "$CNI_PLUGIN_TAR"

# 설치후 crictl info 하면 아래 오류 보임
  "lastCNILoadStatus": "cni config load failed: no network config found in /etc/cni/net.d: cni plugin not initialized: failed to load cni config",
  "lastCNILoadStatus.default": "cni config load failed: no network config found in /etc/cni/net.d: cni plugin not initialized: failed to load cni config"

'kubernetes' 카테고리의 다른 글

install containerd-based k8s using Ansible  (0) 2023.03.10
minikube on ubuntu  (0) 2020.04.17
POD 과 local machine 간 file copy  (0) 2020.03.13
ingress controller log  (0) 2020.02.13
Posted by jerymy
,

LDAP install on minikube

Open Source 2020. 6. 8. 16:17

# openldap, phpldapadmin install

 

 

# 작업 directory 및 namespace 생성

root@minik8s:~# mkdir ldap
root@minik8s:~# cd ldap/
root@minik8s:~/ldap# ls
root@minik8s:~/ldap# kubectl create namespace ldap
namespace/ldap created
root@minik8s:~/ldap#

# helm repo 연결 및 config.yaml 생성

root@minik8s:~/ldap# helm repo add stable https://kubernetes-charts.storage.googleapis.com
"stable" has been added to your repositories
root@minik8s:~/ldap# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "codecentric" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
root@minik8s:~/ldap# helm inspect values stable/openldap > config.yaml

# config.yaml 수정

- LDAP_DOMAIN : ldap.cloudpak.com

- adminPassword : 주석제거, 암호지정

- storageClass -> 'standard' ( minikube의 storageclass )

- size : 8Gi -> 5Gi -> minikube vm의 volume이 적어서 변경

 

# helm install

root@minik8s:~/ldap# helm install ldap -f config.yaml stable/openldap -n ldap

 

# phpldapadmin 설치 -> ldap에 console로 접근해서 관리 용도

root@minik8s:~/ldap# helm repo add cetic https://cetic.github.io/helm-charts
"cetic" has been added to your repositories
root@minik8s:~/ldap# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "cetic" chart repository
...Successfully got an update from the "codecentric" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
root@minik8s:~/ldap# helm inspect values cetic/phpldapadmin > phpldapadmin.yaml

# phpldapadmin.yaml 수정

- LDAP_HOST : 앞에 설치한 openldap의 service 명( 동일 namespace 경우 ) 

- ClusterIP로 지정하고, 배포후 NordPort 변경 또는 ingress 생성

# helm install

helm install ldapadmin -f phpldapadmin.yaml cetic/phpldapadmin -n ldap

# ingress 생성

 

# web 접근 및 로그인

- openldap 생성시 지정한 계정명+도메인명으로 로그인 ( cn=admin,dc=ldap,dc=cloudpak,dc=com )

'Open Source' 카테고리의 다른 글

docker install on CentOS 8.x  (0) 2021.09.29
Keycloak(User Federation) - LDAP 연계  (0) 2020.06.08
Keycloak install on minikube  (0) 2020.06.08
install tekton on minikube  (0) 2020.04.21
Presto db 접근 방법  (0) 2020.03.31
Posted by jerymy
,

Keycloak install on minikube

Open Source 2020. 6. 8. 13:40

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

www.keycloak.org/about.html

 

Keycloak - About

About Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. This page gives a brief introduction to Keycloak and some of th

www.keycloak.org

Keycloak 기능

  • SSO
  • User Federation : LDAP, AD...
  • Account Management Console
  • Standard Protocols : OIDC, OAuth 2.0, SAML

# namespace 생성 및 helm repo 추가

root@minik8s:~# kubectl create ns keycloak
namespace/keycloak created
root@minik8s:~# helm repo add codecentric https://codecentric.github.io/helm-charts
"codecentric" has been added to your repositories

# keycloak config 설정을 위해 values.yaml 생성

root@minik8s:~# mkdir keycloak && cd keycloak
root@minik8s:~/keycloak# helm show values codecentric/keycloak > values.yaml

# values.yaml 내용 수정

- keycloak 계정 암호 지정

- ingress, route 생성시 true로 변경 ( 이 문서에서는 false로 설치 함 )

- DB 지정

- PVC 지정

- 생성된 PVC

# 설치 후 확인

root@minik8s:~/keycloak# kubectl get all -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
pod/keycloak-0              1/1     Running   0          2m13s
pod/keycloak-postgresql-0   1/1     Running   0          2m13s


NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
service/keycloak-headless              ClusterIP   None             <none>        80/TCP,8443/TCP   2m15s
service/keycloak-http                  ClusterIP   10.104.146.230   <none>        80/TCP,8443/TCP   2m14s
service/keycloak-postgresql            ClusterIP   10.106.34.115    <none>        5432/TCP          2m14s
service/keycloak-postgresql-headless   ClusterIP   None             <none>        5432/TCP          2m15s


NAME                                   READY   AGE
statefulset.apps/keycloak              1/1     2m14s
statefulset.apps/keycloak-postgresql   1/1     2m14s

- values.yaml에서 ingress를 true로 하지 않아서 외부 접근 안됨 -> ClusterIP를 NodePort로 변경해서 접근 가능함

# clusterIP를 NodePort 로 변경후 확인
root@minik8s:~/keycloak# kubectl edit svc keycloak-http -n keycloak
service/keycloak-http edited
root@minik8s:~/keycloak# kubectl get all -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
pod/keycloak-0              1/1     Running   0          5m15s
pod/keycloak-postgresql-0   1/1     Running   0          5m15s


NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                       AGE
service/keycloak-headless              ClusterIP   None             <none>        80/TCP,8443/TCP               5m17s
service/keycloak-http                  NodePort    10.104.146.230   <none>        80:30478/TCP,8443:32572/TCP   5m16s
service/keycloak-postgresql            ClusterIP   10.106.34.115    <none>        5432/TCP                      5m16s
service/keycloak-postgresql-headless   ClusterIP   None             <none>        5432/TCP                      5m17s


NAME                                   READY   AGE
statefulset.apps/keycloak              1/1     5m16s
statefulset.apps/keycloak-postgresql   1/1     5m16s

 

# URL접근( http://<VM IP>:<NodePort>

# administration console 눌러서 login 화면 이동 -> values.yaml에서 지정한 계정/암호(keycloak / password)로 로그인

# Master Realm 은 default로 생성됨

- realm을 생성하고, clients(연계 대상 : jenkins 등)을 생성해서 연계함

'Open Source' 카테고리의 다른 글

Keycloak(User Federation) - LDAP 연계  (0) 2020.06.08
LDAP install on minikube  (0) 2020.06.08
install tekton on minikube  (0) 2020.04.21
Presto db 접근 방법  (0) 2020.03.31
mongodb 로그인, 조회 명령  (0) 2020.03.13
Posted by jerymy
,

install tekton on minikube

Open Source 2020. 4. 21. 19:27

 

# tekton 설치

$ kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

 

# tekton dashboard 설치

$ kubectl apply --filename https://github.com/tektoncd/dashboard/releases/download/v0.6.0/tekton-dashboard-release.yaml

# tekton 설치 확인

# 외부 접근을 위해 tekton ingress 생성

$ kubectl apply -f ing-tekton.yaml

# ing-tekton.yaml, <VM_IP>는 본인의 IP로 변경 필요.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tekton-dashboard
  namespace: tekton-pipelines
spec:
  rules:
  - host: tekton-dashboard.<VM_IP>.nip.io
    http:
      paths:
      - backend:
          serviceName: tekton-dashboard
          servicePort: 9097

ingress 적용하면

http://tekton-dashboard.<VM_IP>.nip.io 로 dashboard 접근 가능

 

# tekton cli 설치

# Get the tar.xz
curl -LO https://github.com/tektoncd/cli/releases/download/v0.8.0/tkn_0.8.0_Linux_x86_64.tar.gz

# Extract tkn to your PATH (e.g. /usr/local/bin)
sudo tar xvzf tkn_0.8.0_Linux_x86_64.tar.gz -C /usr/local/bin/ tkn

 

# tekton cli 설치확인

$ tkn version

 

 

참고사이트

https://github.com/tektoncd/pipeline/blob/master/docs/install.md#installing-tekton-pipelines-on-kubernetes

 

tektoncd/pipeline

A K8s-native Pipeline resource. Contribute to tektoncd/pipeline development by creating an account on GitHub.

github.com

 

'Open Source' 카테고리의 다른 글

Keycloak(User Federation) - LDAP 연계  (0) 2020.06.08
LDAP install on minikube  (0) 2020.06.08
Keycloak install on minikube  (0) 2020.06.08
Presto db 접근 방법  (0) 2020.03.31
mongodb 로그인, 조회 명령  (0) 2020.03.13
Posted by jerymy
,

minikube on ubuntu

kubernetes 2020. 4. 17. 15:51

ubuntu 18.04에 minikube v1.9.2 설치(2020-04-19 기준)

 

Prerequisites : VM에 설치, 호스트 설치에 따라 달라짐

호스트 설치

  - docker가 설치되어 있어야함

  - --driver=none 옵션 

 

VM 설치는 root이외의 계정으로 실행해야 하며, 외부 접근을 위해서는 minikube start 시 proxy 설정이 필요함

여기서는 호스트 설치를 기준으로 진행함.

 

 

# kubectl 설치

# kubectl download
$ curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl

# Make the kubectl binary executable.
$ chmod +x ./kubectl

# Move the binary in to your PATH.
$ sudo mv ./kubectl /usr/local/bin/kubectl

# Test to ensure the version you installed is up-to-date:
$ kubectl version --client

 

# minikube 설치

# minikube binary download
curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \
  && chmod +x minikube

# Minikube 실행 파일을 사용자 실행 경로에 추가
$ sudo mkdir -p /usr/local/bin/
$ sudo install minikube /usr/local/bin/

# 최초 설치시 오류

$ minikube start --driver=none

root path 설치를 위해서는 conntrack 가 필요하다는 메세지.

( Kubernetes v1.18.0 requires conntrack to be installed in root's path )

# conntrack 설치

$ sudo apt install conntract 

 

# minikube 설치

$ minikube start --driver=none

위와 같은 메세지 보이면 정상 설치된 것

이후로 minikube start만 입력하면 기존 driver=none 옵션으로 실행됨.

 

# dashboard 설치

$ minikube dashboard —url

처음 한번만 설치하면 이후로는 minikube start 되면 자동으로 실행됨.

 

# 외부에서 접근을 위해 proxy 실행

$ kubectl proxy --address='0.0.0.0' --disable-filter=true &

# dashboard 접속(VM_PUBLIC_IP는 본인의 IP로 변경)

http://{VM_PUBLIC_IP}:8001/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

 

 

# minikube 참고 사이트

https://minikube.sigs.k8s.io/docs/

'kubernetes' 카테고리의 다른 글

Install minikube with Driver none and cri-dockerd on CentOS 9  (0) 2024.06.07
install containerd-based k8s using Ansible  (0) 2023.03.10
POD 과 local machine 간 file copy  (0) 2020.03.13
ingress controller log  (0) 2020.02.13
Posted by jerymy
,

티스토리툴바