8

쿠버네티스 API에 명령을 내리는 kubectl 명령어 설치





curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

kubectl version





9

TF 소스 받아 쿠버네티스 클러스터 생성





테라폼 쿠버네티스  소스


cd

wget  https://github.com/NaverCloudPlatform/terraform-provider-ncloud/archive/refs/heads/master.zip

unzip master.zip





cd /root/terraform-provider-ncloud-main/examples/nks





10  

네이버 쿠버네티스 서비스의 권한을 받기 위한 툴 설치



ncp-iam-authenticator  설치





curl -o ncp-iam-authenticator -L https://github.com/NaverCloudPlatform/ncp-iam-authenticator/releases/latest/download/ncp-iam-authenticator_linux_amd64



chmod +x ./ncp-iam-authenticator



mkdir -p $HOME/bin && cp ./ncp-iam-authenticator $HOME/bin/ncp-iam-authenticator && 

export PATH=$PATH:$HOME/bin



echo 'export PATH=$PATH:$HOME/bin' >> ~/.bash_profile

ncp-iam-authenticator help



메뉴얼

https://guide.ncloud-docs.com/docs/k8s-iam-auth-ncp-iam-authenticator





//

인증

cd

ncp-iam-authenticator create-kubeconfig --region KR --clusterUuid   a2143bde-4e6f-44d8-bfaf-075ede2a452f --output kubeconfig.yaml





11

테라폼으로 쿠버네티스 생성해 보자



아래 3과정을 거친다.

terraform init

terraform plan

terraform apply -auto-approve





12

변수 파일~~~~

값을 넣어야 한다!!!!



vi variables.tf



[root@command1 nks]# more variables.tf

variable name {

  default = "tf-nks"

}

variable nks_version {

  default = "1.27"

}

variable client_ip {

  default = "YOUR_CLIENT_IP"

}

variable access_key {

  default = "YOUR_ACCESS_KEY"

}

variable secret_key {

  default = "YOUR_SECRET_KEY"

}

variable login_key {

  default = "YOUR_LOGIN_KEY"

}

[root@command1 nks]#







13

[root@command1 nks]# terraform plan

Planning failed. Terraform encountered an error while generating this plan.

╷

│ Error: Status: 401 Unauthorized, Body: {"error":{"errorCode":"200","message":"Authentication Failed","details":"This account is not allowed."}}

│

│   with provider["registry.terraform.io/navercloudplatform/ncloud"],

│   on main.tf line 4, in provider "ncloud":

│    4: provider "ncloud" {

│

╵

[root@command1 nks]#



테라폼으로 쿠버네티스를 생성하려니 권한이 없다는 것이다.

테라폼 변수 파일에 Access-key나 Secret-key를 입력해야 권한이 생긴다.











14

terraform plan



ncloud_nks_cluster.cluster: Creating...

╷

│ Error: Status: 400 Bad Request, Body: {"error":{"errorCode":400,"message":"Bad Request","details":"Require lbPublicSubnetNo"},"timestamp":"2024-06-01T11:10:53.147Z"}

│

│   with ncloud_nks_cluster.cluster,

│   on main.tf line 48, in resource "ncloud_nks_cluster" "cluster":

│   48: resource "ncloud_nks_cluster" "cluster" {

│

╵

[root@command1 nks]#









15

public lb 추가 필요



vi main.tf



resource "ncloud_subnet" "lb_subnet2" {

  vpc_no         = ncloud_vpc.vpc.id

  subnet         = "10.0.102.0/24"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  name           = "lb-subnet2"

  usage_type     = "LOADB"

}







resource "ncloud_nks_cluster" "cluster" {

  cluster_type                = "SVR.VNKS.STAND.C002.M008.NET.SSD.B050.G002"

  k8s_version                 = data.ncloud_nks_versions.version.versions.0.value

  login_key_name              = ncloud_login_key.loginkey.key_name

  name                        = "sample-cluster"

  lb_private_subnet_no        = ncloud_subnet.lb_subnet.id

  lb_public_subnet_no        = ncloud_subnet.lb_subnet2.id







16

  taint  부분 삭제~





  label {

    key = "foo"

    value = "bar"

  }

  taint {

    key = "foo"

    value = "bar"

    effect = "NoExecute"

  }



https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

Taints and Tolerations
Node affinity is a property of Pods that attracts them to a set of nodes (either as a preference or a hard requirement). Taints are the opposite -- they allow a node to repel a set of pods. Tolerations are applied to pods. Tolerations allow the scheduler t

kubernetes.io 






17

terraform apply -auto-approve



35분 후
브런치 글 이미지 4










16

생성된 쿠버네티스 권한 등록



cd

ncp-iam-authenticator create-kubeconfig --region KR --clusterUuid   b01xxxxxxxxxx --output kubeconfig.yaml



ncp-iam-authenticator create-kubeconfig --region <region-code> --clusterUuid <cluster-uuid> --output kubeconfig.yaml



브런치 글 이미지 5




17

콘솔에서 확인





브런치 글 이미지 6
브런치 글 이미지 7






참고

https://brunch.co.kr/@topasvga/3587

16탄-1.테라폼-네이버 클라우드 쿠버네티스 명령서버
테라폼으로 네이버 클라우드에서 쿠버네티스를 구축하여 운영해보자. 하나씩 따라해 보자. <1> 콘솔로 퍼블릭서브넷, 테라폼 명령서버 1대 만들자. <2> access-key , secret-key 생성과 권한부여 <3> 명령

brunch.co.kr/@topasvga/3587 



18



vi  ~/.bash_profile  



맨 아래줄에 아래 내용 추가

alias k='kubectl --kubeconfig="/root/kubeconfig.yaml"'

alias kw='watch -d kubectl get deploy,svc,pods --kubeconfig="/root/kubeconfig.yaml"'





source ~/.bash_profile

k get nodes





참고사이트

https://medium.com/naver-cloud-platform/cbe27e197a97









19



cat <<EOF | k create -f -

apiVersion: apps/v1

kind: Deployment

metadata:

  name: deployment-2048

spec:

  selector:

    matchLabels:

      app.kubernetes.io/name: app-2048

  replicas: 2

  template:

    metadata:

      labels:

        app.kubernetes.io/name: app-2048

    spec:

      containers:

      - image: alexwhen/docker-2048

        name: app-2048

        ports:

        - containerPort: 80

EOF



k expose deployment deployment-2048 --port=80 --type=LoadBalancer




클래식 로드 밸런서 연결

외부에서 접속






20
kw



브런치 글 이미지 8




21



cd /root/terraform-provider-ncloud-main/examples/nks





pub1.tf

::::::::::::::

resource "ncloud_subnet" "pup1_subnet" {

  vpc_no         = ncloud_vpc.vpc.id

  subnet         = "10.0.0.0/24"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  name           = "pub1-subnet"

  usage_type     = "GEN"

}





terraform plan

terraform apply -auto-approve