- 여기에서는 가장 간단하게 그냥 무조건 기본값으로 그냥 막 엔터만 쳐서 생성하도록 하자.
(master)$ ssh-keygen
Generating public/private rsa key pair. Enter file in which to save the key (/home/whatwant/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/whatwant/.ssh/id_rsa Your public key has been saved in /home/whatwant/.ssh/id_rsa.pub The key fingerprint is: SHA256:MtIQVARuKNcksL0D3beQ2aMMbMYfcdybNFVZVRGgDnQ whatwant@master The key's randomart image is: +---[RSA 3072]----+ |....*=+. o.E.+o+*| | * B B. = . o | |+ @ @ +. = . | | * * B oo o | | o = = S . | | . . o | | | | | | | +----[SHA256]-----+
③ copy key
- ssh-key 인증을 통해 master에서 worker로 접속할 수 있도록 하기 위한 과정이다
- 명령어에 있는 IP는 worker들의 IP이다. 각자 상황에 맞춰 사용하면 된다.
- 자기 자신(master)에도 등록을 하자.
(master)$ ssh-copy-id 192.168.100.151
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/whatwant/.ssh/id_rsa.pub" The authenticity of host '192.168.100.151 (192.168.100.151)' can't be established. ED25519 key fingerprint is SHA256:Nu127IO/HdpFbO3HvWB8J61ZdhGjXpYDBSb3qg3rSY8. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys whatwant@192.168.100.151's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.100.151'" and check to make sure that only the key(s) you wanted were added.
❯ kubectl cluster-info
Kubernetes control plane is running at https://192.168.100.200:6443
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.1. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master-stg] and IPs [10.96.0.1 192.168.100.119]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master-stg] and IPs [192.168.100.119 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master-stg] and IPs [192.168.100.119 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 13.002889 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master-stg as control-plane by adding the labels "node-role.kubernetes.io/master=''" and "node-role.kubernetes.io/control-plane='' (deprecated)"
[mark-control-plane] Marking the node master-stg as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: t4tcwj.22xh9lzstu56qyrb