Kubernetes The Hard Way#2
今回はネットワークとインスタンスの構築まで
・Provisioning Compute Resources
GCEなどをプロビジョニングしていく
1.カスタムVPC作成
$ gcloud compute networks create ama2-kubernetes-the-hard-way \
--subnet-mode custom
Created [https://www.googleapis.com/compute/v1/projects/xxx/global/networks/ama2-kubernetes-the-hard-way].
NAME SUBNET_MODE BGP_ROUTING_MODE IPV4_RANGE GATEWAY_IPV4
ama2-kubernetes-the-hard-way CUSTOM REGIONAL
Instances on this network will not be reachable until firewall rules
are created. As an example, you can allow all internal traffic between
instances as well as SSH, RDP, and ICMP by running:
$ gcloud compute firewall-rules create <FIREWALL_NAME> --network ama2-kubernetes-the-hard-way --allow tcp,udp,icmp --source-ranges <IP_RANGE>
$ gcloud compute firewall-rules create <FIREWALL_NAME> --network ama2-kubernetes-the-hard-way --allow tcp:22,tcp:3389,icmp$ gcloud compute networks list | grep ama2-kubernetes-the-hard-way
ama2-kubernetes-the-hard-way CUSTOM REGIONALできている
サブネットも作成
$ gcloud compute networks subnets create kubernetes \
--network ama2-kubernetes-the-hard-way \
--range 10.240.0.0/24
Created [https://www.googleapis.com/compute/v1/projects/xxx/regions/asia-northeast1/subnetworks/kubernetes].
NAME REGION NETWORK RANGE
kubernetes asia-northeast1 ama2-kubernetes-the-hard-way 10.240.0.0/24ファイアーウォールルール作成チュートリアル通り/24のCIDRで作成している
2.ファイアーウォールルール作成
Create a firewall rule that allows internal communication across all protocols:
全ての内部通信許可用のルールを作成
$ gcloud compute firewall-rules create ama2-kubernetes-the-hard-way-allow-internal \
--allow tcp,udp,icmp \
--network ama2-kubernetes-the-hard-way \
--source-ranges 10.240.0.0/24,10.200.0.0/16
Create a firewall rule that allows external SSH, ICMP, and HTTPS:
次に外部からのssh, ICMP, HTTPSの許可ルール
$ gcloud compute firewall-rules create ama2-kubernetes-the-hard-way-allow-external \
--allow tcp:22,tcp:6443,icmp \
--network ama2-kubernetes-the-hard-way \
--source-ranges 0.0.0.0/0
6443/tcpがhttpsで使用されるらしい。
ここまででできたNetworkとルールはこんな感じ
3.kubernetesパブリックIP
パブリックIPを取得する
$ gcloud compute addresses create ama2-kubernetes-the-hard-way \
--region $(gcloud config get-value compute/region)確認
$ gcloud compute addresses list --filter="name=('ama2-kubernetes-the-hard-way')"
NAME ADDRESS/RANGE TYPE PURPOSE NETWORK REGION SUBNET STATUS
ama2-kubernetes-the-hard-way xx.xx.xx.xx EXTERNAL asia-northeast1 RESERVEDできている
4.インスタンスの作成(kubernetesコントローラ)
まずコントローラを3台作成する
$ for i in 0 1 2; do
gcloud compute instances create ama2-k8s-controller-${i} \
--async \
--boot-disk-size 200GB \
--can-ip-forward \
--image-family ubuntu-1804-lts \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.1${i} \
--scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring \
--subnet kubernetes \
--tags ama2-kubernetes-the-hard-way,controller
done
NOTE: The users will be charged for public IPs when VMs are created.
Instance creation in progress for [ama2-k8s-controller-0]: https://www.googleapis.com/compute/v1/projects/adways-verification/zones/asia-northeast1-c/operations/operation-1584855486392-5a16aec496947-da5b79c2-ea8f306f
Use [gcloud compute operations describe URI] command to check the status of the operation(s).
NOTE: The users will be charged for public IPs when VMs are created.
Instance creation in progress for [ama2-k8s-controller-1]: https://www.googleapis.com/compute/v1/projects/adways-verification/zones/asia-northeast1-c/operations/operation-1584855489778-5a16aec7d1520-d7e00d0f-c8397044
Use [gcloud compute operations describe URI] command to check the status of the operation(s).
NOTE: The users will be charged for public IPs when VMs are created.
Instance creation in progress for [ama2-k8s-controller-2]: https://www.googleapis.com/compute/v1/projects/adways-verification/zones/asia-northeast1-c/operations/operation-1584855492678-5a16aeca95410-76f746eb-72f26574
Use [gcloud compute operations describe URI] command to check the status of the operation(s).
$確認
$ gcloud compute instances list --filter="name~'ama2.*'"
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
ama2-k8s-controller-0 asia-northeast1-c n1-standard-1 10.240.0.10 xx.xx.xx.178 RUNNING
ama2-k8s-controller-1 asia-northeast1-c n1-standard-1 10.240.0.11 xx.xx.xx.239 RUNNING
ama2-k8s-controller-2 asia-northeast1-c n1-standard-1 10.240.0.12 xx.xx.xx.205 RUNNING作成されている
5.インスタンスの作成(ワーカーノード)
$ for i in 0 1 2; do
gcloud compute instances create ama2-worker-${i} \
--async \
--boot-disk-size 200GB \
--can-ip-forward \
--image-family ubuntu-1804-lts \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--metadata pod-cidr=10.200.${i}.0/24 \
--private-network-ip 10.240.0.2${i} \
--scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring \
--subnet kubernetes \
--tags ama2-kubernetes-the-hard-way,worker
done確認
$ gcloud compute instances list --filter="name~'ama2.*'"
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
ama2-k8s-controller-0 asia-northeast1-c n1-standard-1 10.240.0.10 xx.xx.xx.178 RUNNING
ama2-k8s-controller-1 asia-northeast1-c n1-standard-1 10.240.0.11 xx.xx.xx.239 RUNNING
ama2-k8s-controller-2 asia-northeast1-c n1-standard-1 10.240.0.12 xx.xx.xx.205 RUNNING
ama2-worker-0 asia-northeast1-c n1-standard-1 10.240.0.20 xx.xx.xx.76 RUNNING
ama2-worker-1 asia-northeast1-c n1-standard-1 10.240.0.21 xx.xx.xx.159 RUNNING
ama2-worker-2 asia-northeast1-c n1-standard-1 10.240.0.22 xx.xx.xx.69 RUNNING作成されている
6.SSHの確認
$ gcloud compute ssh ama2-k8s-controller-0
・・・・中略・・・・
ama2@ama2-k8s-controller-0:~$sshできることを確認
今回はここまで
この記事が気に入ったらサポートをしてみませんか?