Docker, Kubernetes, Redmine 설치 - signsys/signsys.github.io GitHub Wiki
Kubenetes 설치(CentOS 7)
Docker와 Kubernetes 설치
참고: https://kubernetes.io/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
설치 스크립트: kubernetes-install.sh (Docker와 Kubernetes 동시 설치)
$ su - --> root로 실행
# cat > install-kubernetes.sh --> 아래 내용 복사
--> 내용
# Install Docker Engine
yum update -y
yum install -y yum-utils net-tools
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
# container runtime use systemd as the cgroup driver
cat <<EOF | tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
systemctl restart docker
# local small dns
echo "172.16.5.10 k8s-010-cp" >> /etc/hosts
for (( i=1; i<=3; i++))
do
echo "172.16.5.10$i k8s-10$i-wn$i" >> /etc/hosts
done
# install packages
yum install -y epel-release
yum install -y vim-enhanced
yum install -y wget
# vim configuration
echo 'alias vi=vim' >> /etc/profile
# install git
yum install -y http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-1.noarch.rpm
yum install -y git
#!/usr/bin/env bash
## INFO: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
K8S_VER='1.21.12' # Kubernetes version
# Befor you begin
# Unique hostname, MAC address, and product_uuid for every node.
# You can get the MAC address of the network interfaces using the command "ip link" or "ifconfig -a"
# The product_uuid can be checked by using the command "sudo cat /sys/class/dmi/id/product_uuid"
# Certain ports are open on your machines.
# You MUST disable swap in order for the kubelet to work properly.
swapoff -a && sudo sed -i.bak -r 's/(.+ swap .+)/#\1/' /etc/fstab
# Installing a container runtime
# Install and configure prerequisites
# Forwarding IPv4 and letting iptables see bridged traffic
cat <<EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
# sysctl params required by setup, params persist across reboots
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# Apply sysctl params without reboot
sysctl --system
# Installing kubeadm, kubelet and kubectl
# kubernetes repository
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# Set SELinux in permissive mode (effectively disabling it)
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# install kubernetes
yum update -y
yum install -y kubelet-$K8S_VER kubeadm-$K8S_VER kubectl-$K8S_VER --disableexcludes=kubernetes
systemctl enable --now kubelet
설치 및 확인
# chmod u+x install-kubernetes.sh
# ./install-kubernetes.sh
# docker version
# docker compose version
# kubectl version
# exit
Control plane 초기화: kubeadm으로 cluster 생성
참고: https://kubernetes.io/docs/reference/ports-and-protocols/
참고: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
참고: https://projectcalico.docs.tigera.io/getting-started/kubernetes/quickstart
참고: https://seungjuitmemo.tistory.com/144
방화벽 설정 스크립트(Control plane)
$ sudo usermod -aG docker $(whoami)
방화벽 설정 스크립트(Control plane)
sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp
sudo firewall-cmd --permanent --zone=public --add-port=2379-2380/tcp
sudo firewall-cmd --permanent --zone=public --add-port=10250/tcp
sudo firewall-cmd --permanent --zone=public --add-port=10259/tcp
sudo firewall-cmd --permanent --zone=public --add-port=10257/tcp
sudo firewall-cmd --permanent --zone=public --add-port=179/tcp
sudo firewall-cmd --permanent --zone=public --add-port=4789/udp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
Control-plane node 초기화(hostname 소문자, 숫자, -.)
$ sudo kubeadm init --apiserver-advertise-address=172.16.5.10 --pod-network-cidr=10.244.0.0/16
root 아닌 user의 kubectl 사용을 위한 명령
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
root의 kubectl 사용을 위한 명령
# export KUBECONFIG=/etc/kubernetes/admin.conf
kubeadmin jon 명령 저장
$ cat > join.txt
Pod Network add-on 설치(Calico add-on 설치)
$ wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
$ sed -i -e 's?192.168.0.0/16?10.244.0.0/16?g' calico.yaml --> 기본 IP대역 192.168.0./16 아닌 경우
$ kubectl apply -f calico.yaml
Pod Network add-on 설치(Weave Net add-on 설치)
$ kubectl get nodes
$ kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
$ kubectl get nodes
Worker node 추가
방화벽 설정(Worker node)
firewall-cmd --permanent --zone=public --add-port=10250/tcp
firewall-cmd --permanent --zone=public --add-port=30000-32767/tcp
firewall-cmd --permanent --zone=public --add-port=179/tcp
firewall-cmd --permanent --zone=public --add-port=4789/udp
firewall-cmd --reload
firewall-cmd --list-all
Node 추가(root로 실행할 것)
$ su -
# kubeadm join 172.16.9.10:6443 --token pejjft.2jakn85tcm2m3776 \
--discovery-token-ca-cert-hash sha256:04ee29295e1582a90013e73129766623c506c93319ef5291acc979db6b58eabb
Master에서 확인
$ kubectl get nodes -o wide
Docker & Kubernetes 설치(Ubuntu 20.04)
Docker 설치
참고: https://docs.docker.com/engine/install/ubuntu/
설치: docker-install.sh
$ cat > docker-install.sh --> 아래 내용 복사
--> 내용
#!/usr/bin/env bash
## INFO: https://docs.docker.com/engine/install/ubuntu/
set -euf -o pipefail
# Install dependencies
sudo apt-get update && sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
# Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# Set up the stable repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Install Docker CE
sudo apt-get update && sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
# Use Docker without root
sudo usermod -aG docker $(whoami)
groups $(whoami)
설치
$ chmod u+x docker-install.sh
$ ./docker-install.sh
$ sudo shutdown -r now --> usermod 적용
확인
$ docker version
$ docker compose version
Kubernetes 설치
참고: https://kubernetes.io/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
Docker의 cgroup 변경: https://morian-kim.tistory.com/17
$ sudo docker info | grep -i cgroup
$ cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
$ sudo systemctl restart docker
$ sudo docker info | grep -i cgroup
Swap 해제
$ sudo swapoff -a
$ sudo sed -i '/swap/s/^/#/' /etc/fstab
$ sudo shutdown -r now
iptables가 bridged traffic을 보게 설정
$ cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
$ cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sudo sysctl --system
kubelet, kubeadm, kubectl 설치
$ cat > kubenetes-install.sh --> 아래 내용 복사
--> 내용
#!/usr/bin/env bash
## INFO: https://kubernetes.io/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
## INFO: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management
set -euf -o pipefail
# Install dependencies
sudo apt-get update && sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
# 구글 클라우드의 공개 사이닝 키를 다운로드
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
# 쿠버네티스 apt 리포지터리를 추가
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
# kubelet, kubeadm, kubectl 설치
sudo apt-get update && sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
확인
$ chmod u+x kubenetes-install.sh
$ ./kubenetes-install.sh
$ kubectl version
Creating a cluster with kubeadm
참고: https://kubernetes.io/docs/reference/ports-and-protocols/
참고: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
Control plane 초기화: kubeadm으로 cluster 생성
방화벽 설정(Control plane)
$ sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp
$ sudo firewall-cmd --permanent --zone=public --add-port=2379-2380/tcp
$ sudo firewall-cmd --permanent --zone=public --add-port=10250/tcp
$ sudo firewall-cmd --permanent --zone=public --add-port=10259/tcp
$ sudo firewall-cmd --permanent --zone=public --add-port=10257/tcp
$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-all
Control-plane node 초기화
$ sudo kubeadm init
root 아닌 user의 kubectl 사용을 위한 명령
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
root의 kubectl 사용을 위한 명령
# export KUBECONFIG=/etc/kubernetes/admin.conf
kubeadmin jon 명령 저장
$ cat > token.txt
Pod Network add-on 설치(Weave Net add-on 설치)
$ kubectl get nodes
$ kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
$ kubectl get nodes
Worker node 추가
방화벽 설정(Worker node)
$ sudo firewall-cmd --permanent --zone=public --add-port=10250/tcp
$ sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/tcp
$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-all
Node 추가(root로 실행할 것)
$ su -
# kubeadm join 172.16.9.10:6443 --token pejjft.2jakn85tcm2m3776 \
--discovery-token-ca-cert-hash sha256:04ee29295e1582a90013e73129766623c506c93319ef5291acc979db6b58eabb
Master에서 확인
$ kubectl get nodes -o wide
Manage Kubernetes Objects
kustomize 설치
참고: https://kubectl.docs.kubernetes.io/installation/kustomize/binaries/
설치
$ cat > install-kustomize.sh --> 아래 내용 복사
$ chmod u+x install-kustomize.sh
$ ./install-kustomize.sh
--> 내용
#!/usr/bin/env bash
## INFO: https://kubectl.docs.kubernetes.io/installation/kustomize/binaries/
set -euf -o pipefail
KUSTOMIZE_VERSION=v4.4.1
# Download kustomize binary
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/kustomize/${KUSTOMIZE_VERSION}/hack/install_kustomize.sh" | bash
# Install to /usr/local/bin
sudo install -o root -g root -m 0755 kustomize /usr/local/bin/kustomize
확인
$ kustomize version
Docker 설치(CentOS 7)
참고: https://docs.docker.com/engine/install/centos/
설치 스크립트: docker-install.sh
$ sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
$ vi docker-install.sh --> 아래 내용 복사
--> 내용
#!/usr/bin/env bash
## INFO: https://docs.docker.com/engine/install/centos/
set -euf -o pipefail
sudo yum install -y yum-utils net-tools
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker
sudo systemctl enable docker
# Use Docker without root
sudo usermod -aG docker $(whoami)
groups $(whoami)
설치
$ chmod u+x docker-install.sh
$ ./docker-install.sh
$ sudo shutdown -r now --> usermod 적용을 위해
확인
$ docker version
$ docker compose version
$ docker run hello-world
Redmine
Redmine 설치
https://hub.docker.com/_/redmine
Docker 이미지(Redmine, MySQL) 다운로드
$ sudo docker pull redmine:5.1
$ sudo docker pull mysql:8.0
Docker 및 Redmine 디렉토리 생성
$ sudo mkdir -p /srv/docker/redmine
$ sudo chmod -R 757 /srv/docker
docker-compose.yml 작성
$ cd /srv/docker
$ sudo vi docker-compose.yml
-> 내용
version: '3.2'
services:
redmine:
container_name: redmine
image: redmine:5.1
restart: always
volumes:
- ./redmine/files:/usr/src/redmine/files
- ./redmine/plugins:/usr/src/redmine/plugins
- ./redmine/themes:/usr/src/redmine/public/themes
ports:
- 3000:3000
environment:
REDMINE_DB_MYSQL: db
REDMINE_DB_PASSWORD: redmine
REDMINE_DB_DATABASE: redmine
REDMINE_DB_ENCODING: utf8
REDMINE_SECRET_KEY_BASE: supersecretkey
db:
container_name: db
image: mysql:8.0
restart: always
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: redmine
MYSQL_DATABASE: redmine
command:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
docker container 생성 및 기동 -> 자동 시작 등록됨
$ sudo docker-compose up -d
$ sudo docker ps -a
docker container 접근
$ sudo docker exec -it redmine bash
$ sudo docker exec -it db bash
SMTP 설정파일(configuration.yml) 수정 및 복사
(삽질하지 말고 Gmail을 쓰자!! 보안수준 낮은 앱 https://support.google.com/accounts/answer/6010255?hl=ko#)
$ cd /srv/docker
$ sudo docker cp redmine:/usr/src/redmine/config/configuration.yml.example ./configuration.yml
$ sudo vi configuration.yml
$ sudo docker cp ./configuration.yml redmine:/usr/src/redmine/config/
$ sudo docker-compose restart
기본 데이터 입력
$ sudo docker exec -it redmine bash
# rake redmine:load_default_data RAILS_ENV=production
초기 패스워드
admin / admin
첨부파일 백업: /srv/docker/redmine/files
DB 백업
$ sudo docker exec db sh -c 'exec mysqldump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > /srv/docker/redmine.sql
복원할 DB 백업 파일 복사
$ cd /srv/docker
$ sudo docker cp ./redmine.sql db:/root/
$ sudo docker exec -it db bash
DB 복원
# cd /root
# mysql -uroot -predmine < ./redmine.sql
# exit
레드마인 서버 쉘
$ sudo docker exec -it redmine bash
마이그레이션
# bundle exec rake db:migrate RAILS_ENV=production
# bundle exec rake tmp:cache:clear bundle exec rake tmp:sessions:clear
# exit
Docker 재기동
$ sudo docker-compose restart
.
.
Redmine Plugin 설치
- 플러그인의 소스를 git 이나 서브버전 저장소로부터 체크 아웃
- 또는 zip 이나 tar.gz 로 제공되는 패키지를 다운로드
- plugins 디렉터리에 압축을 해제
- 레드마인 설치 디렉터리에서 번들 명령어로 데이타 이관을 실행
bundle exec rake redmine:plugins:migrate RAILS_ENV=production
.
.
.
Docker CE 설치 on Ubuntu 16.04
Docker repository 설정
$ sudo apt-get update
$ sudo apt-get install
$ sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo apt-key fingerprint 0EBFCD88
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Linux에 Docker Compose 설치
$ sudo curl -L https://github.com/docker/compose/releases/download/1.20.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ docker-compose --version
https://docs.docker.com/install/linux/docker-ce/ubuntu/#set-up-the-repository