실제 프로젝트 시 인터넷이 불가한 환경이 대부분이기 때문에 이에 대비한 스크립트 입니다
✅ 작업 순서 : File Download >/root/files폴더 전체를 압축 > 인터넷이 불가한 환경으로 반입 > 설치 진행
File Download
yum update -y
# ContainerD 다운로드
mkdir -p /root/files/containerd
cd /root/files/containerd
curl -L https://github.com/containerd/containerd/releases/download/v1.6.36/containerd-1.6.36-linux-amd64.tar.gz -o /root/files/containerd/containerd-1.6.36-linux-amd64.tar.gz
curl -L https://raw.githubusercontent.com/containerd/containerd/main/containerd.service -o /root/files/containerd/containerd.service
curl -L https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 -o /root/files/containerd/runc.amd64
# 리눅스 패키지 다운로드
mkdir -p /root/files/packages/base
PACKAGES="conntrack-tools libibverbs libnetfilter_conntrack libnetfilter_cthelper libnetfilter_cttimeout libnetfilter_queue libnfnetlink libnftnl libpcap nfs-utils gssproxy keyutils libev libverto-libev quota rpcbind git vim"
for pkg in $PACKAGES; do
dnf download --resolve --destdir=/root/files/packages/base --arch=x86_64 $pkg
done
# noarch
dnf download --resolve --destdir=/root/files/packages/base quota-nls
dnf download --resolve --destdir=/root/files/packages/base bash-completion
# Kubernetes 패키지 다운로드
mkdir -p /root/files/packages/k8s
KUBE_VER=1.30
KUBE_DETAIL_VER=1.30.3
# Kubernetes 리포지토리 설정 파일 생성
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v$KUBE_VER/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v$KUBE_VER/rpm/repodata/repomd.xml.key
EOF
dnf download --resolve --destdir=/root/files/packages/k8s --arch=x86_64 kubelet-$KUBE_DETAIL_VER kubectl-$KUBE_DETAIL_VER kubeadm-$KUBE_DETAIL_VER
# Cilium 다운로드
mkdir -p /root/files/cilium
curl -L https://github.com/cilium/charts/raw/refs/heads/master/cilium-1.16.4.tgz -o /root/files/cilium/cilium-1.16.4.tgz
curl -L https://github.com/cilium/cilium-cli/releases/download/v0.16.21/cilium-linux-amd64.tar.gz -o /root/files/cilium/cilium-linux-amd64.tar.gz
# NFS Provisioner 설치파일
mkdir -p /root/files/nfs
curl -L https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/releases/download/nfs-subdir-external-provisioner-4.0.18/nfs-subdir-external-provisioner-4.0.18.tgz -o /root/files/nfs/nfs-subdir-external-provisioner-4.0.18.tgz
# Tool 다운로드 (helm, kustomize, yq, k9s, cilium-cli)
mkdir -p /root/files/tool
cd /root/files/tool
curl -L https://get.helm.sh/helm-v3.16.3-linux-amd64.tar.gz -o /root/files/tool/helm-v3.16.3-linux-amd64.tar.gz
curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.5.0/kustomize_v5.5.0_linux_amd64.tar.gz -o /root/files/tool/kustomize_v5.5.0_linux_amd64.tar.gz
YQ_VERSION=v4.34.1
curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /root/files/tool/yq_linux_amd64
curl -L https://github.com/derailed/k9s/releases/download/v0.27.4/k9s_Linux_amd64.tar.gz -o /root/files/tool/k9s_Linux_amd64.tar.gz
Pre Install Script (All Node)
# root 계정으로 작업
# sudo su -
##################################################
# 시스템 업데이트
# yum update -y
# 시간대 설정
sudo ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
# Kubernetes 관련 모듈 로드 설정
echo -e "overlay\nbr_netfilter" | sudo tee /etc/modules-load.d/k8s.conf
sudo modprobe overlay
sudo modprobe br_netfilter
# sysctl 설정
echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/k8s.conf
sudo sysctl --system
# 스왑 비활성화
swapoff -a
sed -i '/ swap / s/^/#/' /etc/fstab
# 방화벽 비활성화
systemctl stop firewalld
systemctl disable firewalld
# SELinux 설정 변경
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
##################################################
# ContainerD 설치
tar Cxzvf /usr/local /root/files/containerd/containerd-1.6.36-linux-amd64.tar.gz
# systemd 서비스 파일 복사
mkdir -p /usr/local/lib/systemd/system
cp /root/files/containerd/containerd.service /usr/local/lib/systemd/system/containerd.service
# systemd 재로드 및 ContainerD 서비스 시작
systemctl daemon-reload
systemctl enable --now containerd
systemctl status containerd --no-pager
# runc 설치
install -m 755 /root/files/containerd/runc.amd64 /usr/local/sbin/runc
# ContainerD 설정
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# sed -i 's|sandbox_image = "registry.k8s.io/pause:3.6"|sandbox_image = "registry.k8s.io/pause:3.9"|' /etc/containerd/config.toml
# ContainerD 서비스 재시작
systemctl restart containerd
systemctl status containerd --no-pager
# 기본 리눅스 패키지 설치
dnf localinstall -y --disablerepo=\* /root/files/packages/base/*.rpm
# K8S 리눅스 패키지 설치
dnf localinstall -y --disablerepo=\* /root/files/packages/k8s/*.rpm
# kubelet 서비스 활성화 및 시작
systemctl enable kubelet && systemctl start kubelet
systemctl status kubelet --no-pager
# crictl 설정 디렉토리 및 파일 생성
sudo tee /etc/crictl.yaml <<- CRICTL_CONFIG
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
CRICTL_CONFIG
# crictl 명령어 테스트
crictl ps
crictl images
NFS 활성화
# NET_CIDR="10.0.0.0/20" # AWS VPC CIDR
NET_CIDR="10.178.0.0/20" # GCP VPC CIDR
# nfs-server 서비스 기동
sudo systemctl start nfs-server.service
sudo systemctl enable nfs-server.service
sudo systemctl status nfs-server.service --no-pager
sudo mkdir -p /nfs/kf
sudo chmod -R 777 /nfs/kf
sudo chown -R 999:999 /nfs/kf
sudo systemctl restart nfs-server.service
sudo tee /etc/exports <<- NFS_EXPORTS
/nfs/kf $NET_CIDR(rw,sync,no_subtree_check,no_root_squash)
NFS_EXPORTS
sudo exportfs -arv
sudo exportfs -s
sudo systemctl restart nfs-server.service
NFS_IP=$(hostname -I | awk '{print $1}')
sudo showmount -e $NFS_IP
Tool 설치 (Helm, Kustomize, k9s, cilium cli)
tar -zxvf /root/files/tool/helm-v3.16.3-linux-amd64.tar.gz -C /root/files/tool/
mv /root/files/tool/linux-amd64/helm /usr/local/bin/helm
helm version
tar -zxvf /root/files/tool/kustomize_v5.5.0_linux_amd64.tar.gz -C /root/files/tool/
mv /root/files/tool/kustomize /usr/local/bin/
kustomize version
chmod +x /root/files/tool/yq_linux_amd64
sudo mv /root/files/tool/yq_linux_amd64 /usr/local/bin/yq
yq --version
tar -zxvf /root/files/tool/k9s_Linux_amd64.tar.gz
chmod +x /root/files/tool/k9s
mv /root/files/tool/k9s /usr/local/bin
tar -zxvf /root/files/cilium/cilium-linux-amd64.tar.gz -C /usr/local/bin