zaki work log

作業ログやら生活ログやらなんやら

CentOS 7.7 1908へ --vm-driver=none を使ってMinikubeをベアメタルインストールする

起動が早くて便利なので、Minikubeを入れているホストOSであるCentOSに(VMを作らずに)直接インストールする手順。

ちなみに以前はSELinuxをPermissiveにしたり、--extra-config=kubelet.cgroup-driver=systemdをオプション追加したり、libcgroup-toolsパッケージを入れてcgredcgconfigサービスを起動したりしてたけど、不要になってました。あとdocker-ce-selinuxもdocker的に不要になってた。

もしかしたら、ほかにも不要な手順や、実は必要な手順があるかもしれないけど、ひとまず動いてそうなので…

環境

[zaki@develop1 ~]$ cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)
  • docker: 19.03
  • minikube: 1.6.2

Minikubeインストール

Linux | minikube

$ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-1.6.2.rpm
$ sudo rpm -ivh minikube-1.6.2.rpm
[zaki@develop1 ~]$ minikube version
minikube version: v1.6.2
commit: 54f28ac5d3a815d1196cd5d57d707439ee4bb392

docker-ceインストール

Get Docker Engine - Community for CentOS | Docker Documentation

前提パッケージ

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2

リポジトリ追加

$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Docker入れる

$ sudo yum install docker-ce

ちなみにdocker-ce-selinuxはdocker-ceによって不要になっている

[zaki@develop1 ~]$ rpm -qa | grep docker
docker-ce-cli-19.03.5-3.el7.x86_64
docker-ce-19.03.5-3.el7.x86_64

Minikubeセットアップ

まずは無邪気に実行してみる。(dockerは動いていないが大丈夫)

$ sudo minikube start --vm-driver=none
[zaki@develop1 ~]$ minikube start --vm-driver=none
* minikube v1.6.2 on Centos 7.7.1908
* Selecting 'none' driver from user configuration (alternates: [])
X The "none" driver requires root privileges. Please run minikube using 'sudo minikube --vm-driver=none'.
[zaki@develop1 ~]$ sudo minikube start --vm-driver=none
* minikube v1.6.2 on Centos 7.7.1908
* Selecting 'none' driver from user configuration (alternates: [])
* Running on localhost (CPUs=2, Memory=3770MB, Disk=15858MB) ...
* OS release is CentOS Linux 7 (Core)
! VM may be unable to resolve external DNS records
* Preparing Kubernetes v1.17.0 on Docker '19.03.5' ...
* Downloading kubeadm v1.17.0
* Downloading kubelet v1.17.0
* Pulling images ...
* Launching Kubernetes ... 
* 
X Error starting cluster: init failed. cmd: "/bin/bash -c \"sudo env PATH=/var/lib/minikube/binaries/v1.17.0:$PATH kubeadm init --config /var/tmp/minikube/kubeadm.yaml  --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests,DirAvailable--var-lib-minikube,DirAvailable--var-lib-minikube-etcd,FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml,FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml,FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml,FileAvailable--etc-kubernetes-manifests-etcd.yaml,Port-10250,Swap\"": /bin/bash -c "sudo env PATH=/var/lib/minikube/binaries/v1.17.0:$PATH kubeadm init --config /var/tmp/minikube/kubeadm.yaml  --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests,DirAvailable--var-lib-minikube,DirAvailable--var-lib-minikube-etcd,FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml,FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml,FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml,FileAvailable--etc-kubernetes-manifests-etcd.yaml,Port-10250,Swap": exit status 1
stdout:
[init] Using Kubernetes version: v1.17.0
[preflight] Running pre-flight checks

stderr:
W0125 23:18:06.367849    3190 common.go:77] your configuration file uses a deprecated API spec: "kubeadm.k8s.io/v1beta1". Please use 'kubeadm config migrate --old-config old.yaml --new-config new.yaml', which will write the new, similar spec using a newer API version.
W0125 23:18:06.368338    3190 common.go:77] your configuration file uses a deprecated API spec: "kubeadm.k8s.io/v1beta1". Please use 'kubeadm config migrate --old-config old.yaml --new-config new.yaml', which will write the new, similar spec using a newer API version.
W0125 23:18:06.369548    3190 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0125 23:18:06.369558    3190 validation.go:28] Cannot validate kubelet config - no validator is available
        [WARNING Firewalld]: firewalld is active, please ensure ports [8443 10250] are open or your cluster may not function correctly
        [WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service'
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING Swap]: running with swap on is not supported. Please disable swap
        [WARNING FileExisting-socat]: socat not found in system path
        [WARNING Hostname]: hostname "minikube" could not be reached
        [WARNING Hostname]: hostname "minikube": lookup minikube on 192.168.0.11:53: no such host
        [WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

* 
* minikube is exiting due to an error. If the above message is not useful, open an issue:
  - https://github.com/kubernetes/minikube/issues/new/choose

警告とエラーがいろいろ出てきたのでまとめると

  • firewalld使ってるなら8443,10250を開けろ
  • dockerがenableになってないぞ (minikube startによって起動はしている)
  • cgroupfsドライバが入ってるけどsystemdの方が推奨だぞ (←おそらくdockerの設定)
  • swapを無効にしろ
  • socatが入ってないぞ
  • minikubeってホスト名が名前解決できないぞ
  • kubeletがenableになってないぞ
  • /proc/sys/net/bridge/bridge-nf-call-iptables1じゃないぞ
$ sudo firewall-cmd --add-port=8443/tcp --zone=public --permanent
$ sudo firewall-cmd --add-port=10250/tcp --zone=public --permanent
$ sudo firewall-cmd --reload
$ sudo systemctl enable docker
$ sudo swapoff -a                  # 一時的に設定 (永続設定は/etc/fstabに設定する)
$ sudo yum install -y socat
$ sudo sh -c 'echo "127.0.0.1 minikube" >> /etc/hosts'
$ sudo systemctl enable kubelet
$ sudo sysctl -w net.bridge.bridge-nf-call-iptables=1

設定できたらもう一度。

[zaki@develop1 ~]$ sudo minikube start --vm-driver=none
* minikube v1.6.2 on Centos 7.7.1908
* Selecting 'none' driver from user configuration (alternates: [])
* Tip: Use 'minikube start -p <name>' to create a new cluster, or 'minikube delete' to delete this one.
* Starting existing none VM for "minikube" ...
* Waiting for the host to be provisioned ...
! VM may be unable to resolve external DNS records
* Preparing Kubernetes v1.17.0 on Docker '19.03.5' ...
* Launching Kubernetes ... 
* Configuring local host environment ...
* 
! The 'none' driver provides limited isolation and may reduce system security and reliability.
! For more information, see:
  - https://minikube.sigs.k8s.io/docs/reference/drivers/none/
* 
! kubectl and minikube configuration will be stored in /root
! To use kubectl or minikube commands as your own user, you may need to relocate them. For example, to overwrite your own settings, run:
* 
  - sudo mv /root/.kube /root/.minikube $HOME
  - sudo chown -R $USER $HOME/.kube $HOME/.minikube
* 
* This can also be done automatically by setting the env var CHANGE_MINIKUBE_NONE_USER=true
* Done! kubectl is now configured to use "minikube"
* For best results, install kubectl: https://kubernetes.io/docs/tasks/tools/install-kubectl/

うごいた

ユーザ設定

rootユーザのホーム以下の設定ファイルをパクるようにメッセージ出てるのでパクる。 mvになってるけどちょっと不安なのでcpで。

$ sudo cp -a /root/.kube /root/.minikube $HOME
$ sudo chown -R $USER $HOME/.kube $HOME/.minikube

また、~/.kube/configファイルは中のパス設定が/root/.minikubeを見ているものがあり、手元の環境ではkubectlがちゃんと動作しなかったので、実行ユーザのパスに書き換える。

すると一般ユーザでもステータスが見れる

[zaki@develop1 ~]$ minikube status
host: Running
kubelet: Running
apiserver: Running
kubeconfig: Configured

kubectlのインストール

Install and Set Up kubectl - Kubernetes

curlでバイナリ直接ダウンロードする手順もあるけど、"Install using native package management"にパッケージインストールも載ってるのでそっちでやってみる。

$ cat <<EOF > kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
$ sudo mv kubernetes.repo /etc/yum.repos.d/
$ sudo yum install kubectl
[zaki@develop1 ~]$ kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"clean", BuildDate:"2020-01-18T23:30:10Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:12:17Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}

はい

[zaki@develop1 ~]$ kubectl get node -o wide
NAME       STATUS   ROLES    AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION           CONTAINER-RUNTIME
minikube   Ready    master   13m   v1.17.0   192.168.0.31   <none>        CentOS Linux 7 (Core)   3.10.0-1062.el7.x86_64   docker://19.3.5
[zaki@develop1 ~]$ kubectl get pod -A
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
kube-system   coredns-6955765f44-6wnkk           1/1     Running   0          13m
kube-system   coredns-6955765f44-spnbw           1/1     Running   0          9m56s
kube-system   etcd-minikube                      1/1     Running   0          12m
kube-system   kube-addon-manager-minikube        1/1     Running   0          13m
kube-system   kube-apiserver-minikube            1/1     Running   0          12m
kube-system   kube-controller-manager-minikube   1/1     Running   0          12m
kube-system   kube-proxy-77l2g                   1/1     Running   0          13m
kube-system   kube-scheduler-minikube            1/1     Running   0          12m
kube-system   storage-provisioner                1/1     Running   0          13m

ちなみにこの時点で、OSをリブートしてもMinikubeは自動で起動するようになってる。


そろそろkindも使ってみような…

kind.sigs.k8s.io