{"id":654,"date":"2022-10-11T09:00:00","date_gmt":"2022-10-11T00:00:00","guid":{"rendered":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/?p=654"},"modified":"2022-10-11T15:57:50","modified_gmt":"2022-10-11T06:57:50","slug":"%e3%80%8ckubernetes-the-hard-way%e3%80%8d%e3%82%92aws%e3%81%a7%e3%83%88%e3%83%a9%e3%82%a4%e3%81%97%e3%81%a6%e3%81%bf%e3%81%9f","status":"publish","type":"post","link":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/654\/","title":{"rendered":"\u300cKubernetes The Hard Way\u300d\u3092AWS\u3067\u30c8\u30e9\u30a4\u3057\u3066\u307f\u305f"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">\u76ee\u6b21<\/h2>\n\n\n\n<ol class=\"wp-block-list\" id=\"block-4ad281eb-7992-4e73-a30b-7427c46089d9\"><li><a href=\"#1\" title=\"\u306f\u3058\u3081\u306b\">\u306f\u3058\u3081\u306b<\/a><\/li><li><a href=\"#2\" title=\"\u53c2\u8003\u6587\u732e\">\u53c2\u8003\u6587\u732e<\/a><\/li><li><a href=\"#3\" title=\"\u69cb\u7bc9\u3059\u308b\u74b0\u5883\">\u69cb\u7bc9\u3059\u308b\u74b0\u5883<\/a><\/li><li><a href=\"#4\" title=\"\u4e8b\u524d\u6e96\u5099\">\u4e8b\u524d\u6e96\u5099<\/a><ul><li><a href=\"#4-1\" title=\"Amazon Web Service\">Amazon Web Service<\/a><\/li><li><a href=\"#4-2\" title=\"AWS CLI\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\">AWS CLI\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/li><li><a href=\"#4-3\" title=\"\u30c7\u30d5\u30a9\u30eb\u30c8\u30ea\u30fc\u30b8\u30e7\u30f3\u306e\u8a2d\u5b9a\">\u30c7\u30d5\u30a9\u30eb\u30c8\u30ea\u30fc\u30b8\u30e7\u30f3\u306e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#4-4\" title=\"tmux\u3092\u4f7f\u3063\u305f\u30d1\u30e9\u30ec\u30eb\u306a\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\">tmux\u3092\u4f7f\u3063\u305f\u30d1\u30e9\u30ec\u30eb\u306a\u30b3\u30de\u30f3\u30c9\u5b9f\u884c<\/a><\/li><li><a href=\"#4-5\" title=\"\u4f5c\u696d\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4f5c\u6210\">\u4f5c\u696d\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4f5c\u6210<\/a><\/li><\/ul><\/li><li><a href=\"#5\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30c4\u30fc\u30eb\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><ul><li><a href=\"#5-1\" title=\"CFSSL\u3068CFSSLJSON\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\">CFSSL\u3068CFSSLJSON\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/li><li><a href=\"#5-2\">kubectl\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/li><\/ul><\/li><li><a href=\"#6\">EC2\u3067Computing Resource\u3092\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0<\/a><ul><li><a href=\"#6-1\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af<\/a><\/li><li><a href=\"#6-2\">\u4eee\u60f3\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30af\u30e9\u30a6\u30c9(VPC)<\/a><\/li><li><a href=\"#6-3\">\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9<\/a><\/li><li><a href=\"#6-4\">Kubernetes Control Plane\u7528\u30db\u30b9\u30c8\u306e\u7acb\u3061\u4e0a\u3052<\/a><\/li><li><a href=\"#6-5\">Kubernetes Worker Node\u7528\u30db\u30b9\u30c8\u306e\u7acb\u3061\u4e0a\u3052<\/a><\/li><\/ul><\/li><li><a href=\"#7\">\u8a8d\u8a3c\u5c40(CA)\u306e\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3068TLS\u8a3c\u660e\u66f8\u306e\u751f\u6210<\/a><ul><li><a href=\"#7-1\">\u8a8d\u8a3c\u5c40(CA)\u306e\u7acb\u3061\u4e0a\u3052<\/a><\/li><li><a href=\"#7-2\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u30b5\u30fc\u30d0\u30fc\u306e\u8a3c\u660e\u66f8\u767a\u884c<\/a><\/li><li><a href=\"#7-3\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u914d\u5e03<\/a><\/li><\/ul><\/li><li><a href=\"#8\">\u8a8d\u8a3c\u7528kubeconfig\u306e\u751f\u6210<\/a><ul><li><a href=\"#8-1\">Kubernetes\u306ePublic DNS\u30a2\u30c9\u30ec\u30b9\u3092\u53d6\u5f97<\/a><\/li><li><a href=\"#8-2\">kubelet\u7528kubeconfigs\u306e\u751f\u6210<\/a><\/li><li><a href=\"#8-3\">kube-proxy\u7528kubeconfig\u306e\u751f\u6210<\/a><\/li><li><a href=\"#8-4\">kube-controller-manager\u7528kubeconfig\u306e\u751f\u6210<\/a><\/li><li><a href=\"#8-5\">kube-scheduler\u7528kubeconfig\u306e\u751f\u6210<\/a><\/li><li><a href=\"#8-6\">admin\u30e6\u30fc\u30b6\u30fc\u7528kubeconfig\u306e\u751f\u6210<\/a><\/li><li><a href=\"#8-7\">kubeconfig\u306e\u914d\u5e03<\/a><\/li><\/ul><\/li><li><a href=\"#9\">\u6697\u53f7\u5316\u306e\u8a2d\u5b9a\u3068\u30ad\u30fc\u306e\u751f\u6210<\/a><ul><li><a href=\"#9-1\">\u6697\u53f7\u5316\u9375<\/a><\/li><li><a href=\"#9-2\">\u6697\u53f7\u5316\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb<\/a><\/li><\/ul><\/li><li><a href=\"#10\">etcd\u306e\u8d77\u52d5<\/a><ul><li><a href=\"#10-1\">\u6e96\u5099<\/a><\/li><li><a href=\"#10-2\">etcd\u306e\u30af\u30e9\u30b9\u30bf\u30e1\u30f3\u30d0\u30fc\u306e\u8d77\u52d5<\/a><\/li><\/ul><\/li><li><a href=\"#11\">Kubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d7\u30ec\u30fc\u30f3\u306e\u8d77\u52d5<\/a><ul><li><a href=\"#11-1\">\u4e8b\u524d\u78ba\u8a8d<\/a><\/li><li><a href=\"#11-2\" title=\"\u4f5c\u696d\u5bfe\u8c61\">\u4f5c\u696d\u5bfe\u8c61<\/a><\/li><li><a href=\"#11-3\">Kubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d7\u30ec\u30fc\u30f3\u306e\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0<\/a><\/li><li><a href=\"#11-4\">Kubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u306e\u30d0\u30a4\u30ca\u30ea\u306eDL\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/li><li><a href=\"#11-5\">KubernetesAPI\u30b5\u30fc\u30d0\u30fc\u306e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#11-6\">Kubernetes\u306e\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#11-7\">Kubernetes\u306escheduler\u306e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#11-8\">\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30b5\u30fc\u30d3\u30b9\u306e\u8d77\u52d5<\/a><\/li><li><a href=\"#11-9\">\u30db\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u8ffd\u52a0<\/a><\/li><li><a href=\"#11-10\">kubelet\u8a8d\u8a3c\u306eRBAC\u8a2d\u5b9a<\/a><\/li><li><a href=\"#11-11\">Kubernetes\u30af\u30e9\u30b9\u30bf\u30fc\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3092\u6709\u52b9\u5316\u3059\u308b<\/a><\/li><\/ul><\/li><li><a href=\"#12\">\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u8d77\u52d5<\/a><ul><li><a href=\"#12-1\">\u6e96\u5099<\/a><\/li><li><a href=\"#12-2\">Kubernetes\u306e\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u30d7\u30ed\u30d3\u30b8\u30e7\u30f3\u30b0<\/a><\/li><li><a href=\"#12-3\">CNI\u30cd\u30c3\u30c8\u30ef\u30fc\u30ad\u30f3\u30b0\u306e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#12-4\">containerd\u306e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#12-5\">Kubelet\u306e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#12-6\">Kubernetes Proxy\u306e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#12-7\">\u30ef\u30fc\u30ab\u30fc\u306e\u30b5\u30fc\u30d3\u30b9\u7fa4\u306e\u8d77\u52d5<\/a><\/li><\/ul><\/li><li><a href=\"#13\">\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u7528\u306ekubectl\u8a2d\u5b9a<\/a><ul><li><a href=\"#13-1\">Admin Kubernetes\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210<\/a><\/li><\/ul><\/li><li><a href=\"#14\">\u30af\u30e9\u30b9\u30bf\u5185\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u8a2d\u5b9a<\/a><ul><li><a href=\"#14-1\">\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u30c6\u30fc\u30d6\u30eb\u3068\u30eb\u30fc\u30c8\u3092\u5b9a\u7fa9<\/a><\/li><li><a href=\"#14-2\">\u30eb\u30fc\u30c8\u306e\u78ba\u8a8d<\/a><\/li><\/ul><\/li><li><a href=\"#15\">DNS\u30af\u30e9\u30b9\u30bf\u30a2\u30c9\u30aa\u30f3\u306e\u5c0e\u5165<\/a><ul><li><a href=\"#15-1\">DNS\u30af\u30e9\u30b9\u30bf\u30fc\u30a2\u30c9\u30aa\u30f3<\/a><\/li><li><a href=\"#15-2\">\u78ba\u8a8d<\/a><\/li><\/ul><\/li><li><a href=\"#16\">\u30b9\u30e2\u30fc\u30af\u30c6\u30b9\u30c8<\/a><ul><li><a href=\"#16-1\">\u30c7\u30fc\u30bf\u306e\u6697\u53f7\u5316<\/a><\/li><li><a href=\"#16-2\">\u81ea\u7aef\u672b\u304b\u3089Deployment\u306e\u4f5c\u6210\u3068\u7ba1\u7406<\/a><\/li><li><a href=\"#16-3\">Port Forwarding<\/a><\/li><li><a href=\"#16-4\">Logs<\/a><\/li><li><a href=\"#16-5\">Exec<\/a><\/li><li><a href=\"#16-6\">Services<\/a><\/li><\/ul><\/li><li><a href=\"#17\">crictl\u3092\u4f7f\u7528\u3057\u3066\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u30a4\u30e1\u30fc\u30b8\u30fb\u30dd\u30c3\u30c9\u30fb\u30b3\u30f3\u30c6\u30ca\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b<\/a><\/li><li><a href=\"#18\">\u5f8c\u7247\u4ed8\u3051<\/a><ul><li><a href=\"#18-1\">EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9<\/a><\/li><li><a href=\"#18-2\">Networking<\/a><\/li><\/ul><\/li><li><a href=\"#19\">\u304a\u308f\u308a\u306b<\/a><\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"1\">\u306f\u3058\u3081\u306b<\/h2>\n\n\n\n<p><span style=\"border-bottom: solid 3px #4169e1;\">\u4e8b\u696d\u958b\u767a\u63a8\u9032\u90e8\u306e\u6b66\u4e95<\/span>\u3067\u3059\u3002<\/p>\n\n\n\n<p>\u300cKubernetes The Hard Way\u300d\u3092\u3054\u5b58\u77e5\u3067\u3057\u3087\u3046\u304b\u3002<br><a href=\"https:\/\/github.com\/kelseyhightower\" target=\"_blank\" rel=\"noreferrer noopener\">Kelsey Hightower<\/a>\u3055\u3093\u306b\u3088\u3063\u3066\u57f7\u7b46\u3055\u308c\u305f\u3001Kubernetes\u30921\u304b\u3089\u624b\u4f5c\u696d\u3067\u69cb\u7bc9\u3059\u308b\u624b\u9806\u304c\u307e\u3068\u3081\u3089\u308c\u305f<a href=\"https:\/\/github.com\/kelseyhightower\/kubernetes-the-hard-way\" target=\"_blank\" rel=\"noreferrer noopener\">\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb<\/a>\u3067\u3059\u3002<br>\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u306fGCP\u3092\u4f7f\u3063\u305f\u69cb\u7bc9\u624b\u9806\u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u79c1\u304c\u666e\u6bb5\u4f7f\u7528\u3059\u308b\u983b\u5ea6\u306e\u9ad8\u3044AWS\u3067\u306e\u518d\u73fe\u3092\u8a66\u307f\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"2\">\u53c2\u8003\u6587\u732e<\/h2>\n\n\n\n<p>AWS\u74b0\u5883\u306b\u672c\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3092\u69cb\u6210\u3059\u308b\u306b\u3042\u305f\u308a\u3001\u4ee5\u4e0b\u306e\u8a18\u4e8b\u3092\u53c2\u8003\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/prabhatsharma\/kubernetes-the-hard-way-aws\/blob\/master\/README.md\">https:\/\/github.com\/prabhatsharma\/kubernetes-the-hard-way-aws\/blob\/master\/README.md<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/qiita.com\/rabiho\/items\/1e7423909701a44a69af\">https:\/\/qiita.com\/rabiho\/items\/1e7423909701a44a69af<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"3\">\u69cb\u7bc9\u3059\u308b\u74b0\u5883<\/h2>\n\n\n\n<p id=\"645733ec-ff9c-4f0e-9d1b-58d1aec50c1e\">Kubernetes The Hard Way\u3067\u306f\u3001\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u9593\u306e\u6697\u53f7\u5316\u3068RBAC\u8a8d\u8a3c\u304c\u3067\u304d\u308b\u3001\u53ef\u7528\u6027\u306e\u9ad8\u3044\u30af\u30e9\u30b9\u30bf\u3092\u69cb\u7bc9\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"645733ec-ff9c-4f0e-9d1b-58d1aec50c1e\">\u4f7f\u7528\u3059\u308b\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3068\u305d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u4e00\u89a7\u306f\u4e0b\u8a18\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"0eddb7bd-e051-44db-b51b-ef0b679e39c1\"><li>Kubernetes v1.24.0<\/li><li>containerd v1.16.6<\/li><li>coredns v1.19.3<\/li><li>cni v1.1.1<\/li><li>etcd v3.5.4<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"4\">01-\u4e8b\u524d\u6e96\u5099<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-1\">Amazon Web Service<\/h3>\n\n\n\n<p>\u3053\u306e\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u306fAmazon Web Service(\u4ee5\u4e0bAWS)\u3092\u5229\u7528\u3057\u3066\u3001kubernetes\u30af\u30e9\u30b9\u30bf\u30fc\u3092\u7acb\u3061\u4e0a\u3052\u307e\u3059\u3002\u4eca\u56de\u4f7f\u7528\u3059\u308b\u30ea\u30bd\u30fc\u30b9\u306fAWS\u306e\u7121\u6599\u67a0\u3092\u8d85\u3048\u308b\u306e\u3067\u3001\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u7d42\u4e86\u5f8c\u306b\u306f\u4f5c\u6210\u3057\u305f\u30ea\u30bd\u30fc\u30b9\u3092\u30af\u30ea\u30fc\u30f3\u30a2\u30c3\u30d7\u3057\u3001\u4e0d\u8981\u306a\u30b3\u30b9\u30c8\u304c\u767a\u751f\u3057\u306a\u3044\u3088\u3046\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-2\">AWS CLI\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h3>\n\n\n\n<p>AWS CLI\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3001\u5fc5\u8981\u306a\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002 \u8a73\u7d30\u624b\u9806\u306b\u95a2\u3057\u3066\u306f<a href=\"https:\/\/aws.amazon.com\/jp\/cli\/\" target=\"_blank\" rel=\"noreferrer noopener\">AWS\u306e\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8<\/a>\u3092\u53c2\u7167\u304f\u3060\u3055\u3044\u3002<br>\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5b8c\u4e86\u5f8c\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067AWS CLI\u304c\u6709\u52b9\u3067\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-3\">\u30c7\u30d5\u30a9\u30eb\u30c8\u30ea\u30fc\u30b8\u30e7\u30f3\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<p id=\"0fb5bc43-9698-467a-a76b-b65631e45402\">\u3053\u306e\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u4f7f\u7528\u3059\u308b\u30c7\u30d5\u30a9\u30eb\u30c8\u30ea\u30fc\u30b8\u30e7\u30f3\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"8278ab81-13d0-4a9e-9cd4-5dda0f790bb8\" class=\"wp-block-code\"><code>AWS_REGION=ap-northeast-1aws configure set default.region $AWS_REGION<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-4\">tmux\u3092\u4f7f\u3063\u305f\u30d1\u30e9\u30ec\u30eb\u306a\u30b3\u30de\u30f3\u30c9\u5b9f\u884c<\/h3>\n\n\n\n<p id=\"1eccaa22-2f50-42d6-89c3-260415eddfe3\">\u30aa\u30ea\u30b8\u30ca\u30eb\u306e\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u3082\u63a8\u5968\u306e\u8a2d\u5b9a\u3068\u3057\u3066\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br>\u3053\u306e\u624b\u9806\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u3066\u3082Kubernetes\u30af\u30e9\u30b9\u30bf\u306e\u52d5\u4f5c\u306b\u5f71\u97ff\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/kelseyhightower\/kubernetes-the-hard-way\/blob\/master\/docs\/01-prerequisites.md#running-commands-in-parallel-with-tmux\" rel=\"noreferrer noopener\" target=\"_blank\"><strong>kubernetes-the-hard-way\/01-prerequisites.md at master \u00b7 kelseyhightower\/kubernetes-the-hard-way<\/strong> <em>Bootstrap Kubernetes the hard way on Google Cloud Platform. N<\/em> <em>github.com<\/em> <\/a><a href=\"https:\/\/github.com\/kelseyhightower\/kubernetes-the-hard-way\/blob\/master\/docs\/01-prerequisites.md#running-commands-in-parallel-with-tmux\" rel=\"noreferrer noopener\" target=\"_blank\"><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-5\">\u4f5c\u696d\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4f5c\u6210<\/h3>\n\n\n\n<p id=\"d7a001a3-af33-443f-99d4-05259d305e6f\">\u672c\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u306f\u3001\u591a\u304f\u306e\u30d5\u30a1\u30a4\u30eb\u751f\u6210\u3084\u8ee2\u9001\u306e\u51e6\u7406\u3092\u884c\u3044\u307e\u3059\u3002<br>\u307e\u305f\u3001\u30ea\u30e2\u30fc\u30c8\u63a5\u7d9a\u306e\u305f\u3081\u306e\u30ad\u30fc\u30da\u30a2\u306e\u6255\u3044\u51fa\u3057\u3082\u884c\u3044\u307e\u3059\u3002<br>\u30d5\u30a1\u30a4\u30eb\u7ba1\u7406\u306e\u89b3\u70b9\u304b\u3089\u3001\u4e88\u3081\u4f5c\u696d\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u3001\u305d\u3053\u3092\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u4e2d\u306e\u30ab\u30ec\u30f3\u30c8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3068\u3059\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"5\">02-\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30c4\u30fc\u30eb\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n\n\n\n<p id=\"06b6ec36-f233-41ac-ac73-afc2f93b3b97\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f<strong>cfssl<\/strong>, <strong>cfssljson<\/strong>,<strong>kubectl<\/strong>\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"5-1\">CFSSL\u3068CFSSLJSON\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h3>\n\n\n\n<p id=\"9610d604-688f-4c82-8ec5-8e17f855aea6\">cvfssl\u3068cfssljson\u306fPKI\u74b0\u5883\u306e\u69cb\u7bc9\u3068TLS\u306e\u8a3c\u660e\u66f8\u767a\u884c\u306b\u4f7f\u7528\u3059\u308b\u30c4\u30fc\u30eb\u3067\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>OS X(Mac OS)<\/strong><\/h4>\n\n\n\n<pre id=\"91382bfa-fe8e-4f8b-b145-d525eb7fe167\" class=\"wp-block-code\"><code>curl -o cfssl https:\/\/pkg.cfssl.org\/R1.2\/cfssl_darwin-amd64\ncurl -o cfssljson https:\/\/pkg.cfssl.org\/R1.2\/cfssljson_darwin-amd64<\/code><\/pre>\n\n\n\n<pre id=\"8879b7a4-e7e9-45f4-8972-09cc528adf89\" class=\"wp-block-code\"><code>chmod +x cfssl cfssljson<\/code><\/pre>\n\n\n\n<pre id=\"1262f0ad-86e2-4691-bef5-f3716a34f3ec\" class=\"wp-block-code\"><code>sudo mv cfssl cfssljson \/usr\/local\/bin\/<\/code><\/pre>\n\n\n\n<p id=\"6ba9aa2a-e45a-4474-8a95-4f7e83c71861\">OS X\u3092\u4f7f\u7528\u3057pre-build\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3088\u3046\u3068\u3057\u305f\u5834\u5408\u3001\u554f\u984c\u304c\u751f\u3058\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059<br>\u305d\u306e\u5834\u5408\u306fHomebrew\u3092\u4f7f\u7528\u3057\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u306a\u3063\u3066\u304f\u3060\u3055\u3044\u3002<br>\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306e\u30b3\u30de\u30f3\u30c9\u306f\u4ee5\u4e0b\u3067\u3059\u3002<\/p>\n\n\n\n<pre id=\"4beefca7-4213-4b3c-addb-4da6d4f94e00\" class=\"wp-block-code\"><code>brew install cfssl<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Linux<\/strong><\/h4>\n\n\n\n<pre id=\"64eefbef-2c8a-4c3e-85a8-66d9571cd637\" class=\"wp-block-code\"><code>wget -q --show-progress --https-only --timestamping \\\n  https:\/\/pkg.cfssl.org\/R1.2\/cfssl_linux-amd64 \\\n  https:&#47;&#47;pkg.cfssl.org\/R1.2\/cfssljson_linux-amd64\n\nchmod +x cfssl_linux-amd64 cfssljson_linux-amd64\nchmod +x cfssl_linux-amd64 cfssljson_linux-amd64\nsudo mv cfssljson_linux-amd64 \/usr\/local\/bin\/cfssljson<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u78ba\u8a8d<\/strong><\/h4>\n\n\n\n<pre id=\"457d8a9a-61e8-49a2-8496-fc77eea16134\" class=\"wp-block-code\"><code>cfssl version<\/code><\/pre>\n\n\n\n<p id=\"6f35c261-0fbe-4cf3-a2d8-80aa0a4b2742\">\u52d5\u4f5c\u78ba\u8a8d\u6e08\u307f\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u4ee5\u4e0b\u3067\u3059\u3002<\/p>\n\n\n\n<pre id=\"000b6be3-df27-4b97-b12b-cc3928fddc0b\" class=\"wp-block-code\"><code>Version: 1.6.1\nRuntime: go1.17.2<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"5-2\">kubectl\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h3>\n\n\n\n<p id=\"fe0b4a07-20ee-4048-bc4c-e18ab5ab52d0\">kubectl\u306fKubernetes\u304c\u6301\u3064API Server\u3068\u306e\u901a\u4fe1\u306b\u4f7f\u7528\u3055\u308c\u308b\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u30c4\u30fc\u30eb\u3067\u3059\u3002\u4eca\u56de\u306f<strong>v1.24.0<\/strong>\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>OS X<\/strong><\/h4>\n\n\n\n<pre id=\"a5a9ff15-1a62-4ab0-a30f-335a4ce9af6f\" class=\"wp-block-code\"><code>curl -o kubectl https:\/\/storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/darwin\/amd64\/kubectl<\/code><\/pre>\n\n\n\n<pre id=\"389e01c4-043f-481c-a03d-5a41d8577e92\" class=\"wp-block-code\"><code>chmod +x kubectl<\/code><\/pre>\n\n\n\n<pre id=\"16d6cd12-fe6f-4fed-8a30-3169337f0951\" class=\"wp-block-code\"><code>sudo mv kubectl \/usr\/local\/bin\/<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Linux<\/strong><\/h4>\n\n\n\n<pre id=\"aa126485-9d94-45b1-ba57-29b6007fbda4\" class=\"wp-block-code\"><code>wget https:\/\/storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/linux\/amd64\/kubectl<\/code><\/pre>\n\n\n\n<pre id=\"5ddefc7d-7945-4018-9fe7-de240891983e\" class=\"wp-block-code\"><code>chmod +x kubectl<\/code><\/pre>\n\n\n\n<pre id=\"0a1e3480-3e51-49aa-9eb4-3cd8e37d5e0d\" class=\"wp-block-code\"><code>sudo mv kubectl \/usr\/local\/bin\/<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u78ba\u8a8d<\/strong><\/h4>\n\n\n\n<p id=\"afc3c1b2-c9e5-4ced-9a01-b4c5ab394276\">kubectl\u30d0\u30fc\u30b8\u30e7\u30f31.24.0\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"f1eb95ed-cd85-4084-ae42-3fba5d779688\" class=\"wp-block-code\"><code>kubectl version --client<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"c435d955-2cb5-48cf-969b-7c312fcb94b3\" class=\"wp-block-code\"><code>Client Version: version.Info{Major:\"1\", Minor:\"24\", GitVersion:\"v1.24.0\", GitCommit:\"4ce5a8954017644c5420bae81d72b09b735c21f0\", GitTreeState:\"clean\", BuildDate:\"2022-05-03T13:46:05Z\", GoVersion:\"go1.18.1\", Compiler:\"gc\", Platform:\"darwin\/amd64\"}Kustomize Version: v4.5.4<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"6\">03-EC2\u3067Computing Resource\u3092\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0<\/h2>\n\n\n\n<p id=\"93bce050-9dac-4f3f-8e4e-b1a4f2dafb4d\">Kubernetes\u306f\u30af\u30e9\u30b9\u30bf\u3092\u7ba1\u7406\u3059\u308b\u305f\u3081\u306eControll Plane\u3068\u3001\u30b3\u30f3\u30c6\u30ca\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306eKubernetes Node\u3067\u69cb\u6210\u3055\u308c\u3066\u304a\u308a\u3001\u305d\u308c\u3089\u3092\u30db\u30b9\u30c8\u3059\u308b\u305f\u3081\u306e\u3053\u306e\u30e6\u30fc\u30c6\u30a3\u30f3\u30b0\u30ea\u30bd\u30fc\u30b9\u304c\u5fc5\u8981\u3067\u3059\u3002<br>\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001\u5358\u4e00\u306e\u30b3\u30f3\u30d4\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u30be\u30fc\u30f3\u3067\u5b89\u5168\u3067\u53ef\u7528\u6027\u306e\u9ad8\u3044Kubernetes\u30af\u30e9\u30b9\u30bf\u30fc\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u30b3\u30f3\u30d4\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u30ea\u30bd\u30fc\u30b9\u3092\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6-1\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af<\/h3>\n\n\n\n<p id=\"266cb8dd-f9e8-4a9a-9c53-2d76693bf378\"><a href=\"https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/networking\/#kubernetes-model\" target=\"_blank\" rel=\"noreferrer noopener\">Kubernetes\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e2\u30c7\u30eb<\/a>\u306f\u3001\u30b3\u30f3\u30c6\u30ca\u3068\u30ce\u30fc\u30c9\u304c\u76f8\u4e92\u306b\u901a\u4fe1\u3067\u304d\u308b\u30d5\u30e9\u30c3\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u60f3\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u304c\u6b63\u3057\u304f\u69cb\u6210\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u3001<a href=\"https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/network-policies\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30dd\u30ea\u30b7\u30fc<\/a>\u306b\u3088\u308a\u30b3\u30f3\u30c6\u30ca\u9593\u3084\u5916\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3078\u306e\u901a\u4fe1\u304c\u5236\u9650\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u5c1a\u3001Network Policy\u306e\u8a2d\u5b9a\u306f\u3053\u306e\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u306e\u7bc4\u56f2\u5916\u3067\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6-2\">\u4eee\u60f3\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30af\u30e9\u30a6\u30c9(VPC)<\/h3>\n\n\n\n<p id=\"c571310a-ed2c-41cf-806a-a493cea0109e\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001Kubernetes\u30af\u30e9\u30b9\u30bf\u3092\u30db\u30b9\u30c8\u3059\u308b\u305f\u3081\u306b\u5c02\u7528\u306e<a href=\"https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/network-policies\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u4eee\u60f3\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30af\u30e9\u30a6\u30c9(VPC)<\/a>\u3084\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3057\u307e\u3059\u3002<br>\u4eca\u56de\u306f<strong>kubernetes-the-hard-way<\/strong>\u3068\u3044\u3046Value\u3092\u6301\u3063\u305fVPC\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>VPC\u306e\u4f5c\u6210<\/strong><\/h4>\n\n\n\n<pre id=\"81d4c2b3-a5e8-4536-b0de-bd38012c4855\" class=\"wp-block-code\"><code>VPC_ID=$(aws ec2 create-vpc --cidr-block 10.0.0.0\/16 --output text --query 'Vpc.VpcId')\naws ec2 create-tags --resources ${VPC_ID} --tags Key=Name,Value=kubernetes-the-hard-way\naws ec2 modify-vpc-attribute --vpc-id ${VPC_ID} --enable-dns-support '{\"Value\": true}'\naws ec2 modify-vpc-attribute --vpc-id ${VPC_ID} --enable-dns-hostnames '{\"Value\": true}'<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Subnet\u306e\u4f5c\u6210<\/strong><\/h4>\n\n\n\n<p><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/vpc\/latest\/userguide\/configure-subnets.html#subnet-basics\" target=\"_blank\" rel=\"noreferrer noopener\">\u30b5\u30d6\u30cd\u30c3\u30c8<\/a>\u306f\u3001Kubernetes\u30af\u30e9\u30b9\u30bf\u5185\u306e\u5404\u30ce\u30fc\u30c9\u306b\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8IP\u30a2\u30c9\u30ec\u30b9\u3092\u5272\u308a\u5f53\u3066\u308b\u305f\u3081\u306e\u30ea\u30bd\u30fc\u30b9\u3067\u3059\u3002IP\u30ec\u30f3\u30b8\u306b\u95a2\u3057\u3066\u306f\u5341\u5206\u306a\u7bc4\u56f2\u3092\u6301\u305f\u305b\u3066\u304f\u3060\u3055\u3044\u3002\u5c1a\u3001\u3053\u306e\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u306f<strong>10.0.1.0\/24<\/strong>\u306e\u30b5\u30d6\u30cd\u30c3\u30c8\u3092\u4f7f\u7528\u3057\u3066\u304a\u308a\u3001\u6700\u5927254\u306e\u30b3\u30f3\u30d4\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u30db\u30b9\u30c8\u3067\u304d\u307e\u3059\u3002<br>\u4ee5\u4e0b\u306f<strong>kubernetes-the-hard-way<\/strong>\u306eVPC\u306b<strong>kubernetes<\/strong>\u30b5\u30d6\u30cd\u30c3\u30c8\u3092\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"e1b7b3ee-2255-44d8-b93d-d3d65a1ce666\" class=\"wp-block-code\"><code>SUBNET_ID=$(aws ec2 create-subnet \\\n  --vpc-id ${VPC_ID} \\\n  --cidr-block 10.0.1.0\/24 \\\n  --output text --query 'Subnet.SubnetId')\naws ec2 create-tags --resources ${SUBNET_ID} --tags Key=Name,Value=kubernetes<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Internet Gateway\u306e\u4f5c\u6210<\/strong><\/h4>\n\n\n\n<p><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/vpc\/latest\/userguide\/VPC_Internet_Gateway.html\" target=\"_blank\" rel=\"noreferrer noopener\">\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4<\/a>\u306fKubernetes\u306e\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u304c\u5916\u90e8\u304b\u3089API\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3068\u306a\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u69cb\u6210\u3067\u3059\u3002<br>\u4ee5\u4e0b\u306f<strong>kubernetes-the-hard-way<\/strong>\u306eVPC\u306b<strong>kubernetes Internet Gateway<\/strong>\u3092\u4f5c\u6210\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"70f37fec-cb52-4794-9aeb-5bb3ffe2f586\" class=\"wp-block-code\"><code>INTERNET_GATEWAY_ID=$(aws ec2 create-internet-gateway --output text --query 'InternetGateway.InternetGatewayId')\naws ec2 create-tags --resources ${INTERNET_GATEWAY_ID} --tags Key=Name,Value=kubernetes\naws ec2 attach-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID} --vpc-id ${VPC_ID}<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Route Tables\u306e<\/strong>\u4f5c\u6210<\/h4>\n\n\n\n<p><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/vpc\/latest\/userguide\/VPC_Route_Tables.html\" target=\"_blank\" rel=\"noreferrer noopener\">\u30eb\u30fc\u30c8\u30c6\u30fc\u30d6\u30eb<\/a>\u306f\u3001VPC\u5185\u306e\u4eee\u60f3\u30eb\u30fc\u30bf\u304c\u53c2\u7167\u3059\u308b\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u30c6\u30fc\u30d6\u30eb\u3067\u3059\u3002\u4ee5\u4e0b\u306f<strong>kubernetes-the-hard-way<\/strong>\u306eVPC\u306b<strong>0.0.0.0\/0<\/strong>\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u30eb\u30fc\u30c8\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"d82306b6-299f-492a-8462-50bcd6ddad80\" class=\"wp-block-code\"><code>ROUTE_TABLE_ID=$(aws ec2 create-route-table --vpc-id ${VPC_ID} --output text --query 'RouteTable.RouteTableId')\naws ec2 create-tags --resources ${ROUTE_TABLE_ID} --tags Key=Name,Value=kubernetes\naws ec2 associate-route-table --route-table-id ${ROUTE_TABLE_ID} --subnet-id ${SUBNET_ID}\naws ec2 create-route --route-table-id ${ROUTE_TABLE_ID} --destination-cidr-block 0.0.0.0\/0 --gateway-id ${INTERNET_GATEWAY_ID}<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Security Groups\u306e\u4f5c\u6210<\/strong><\/h4>\n\n\n\n<p><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/vpc\/latest\/userguide\/VPC_SecurityGroups.html\" target=\"_blank\" rel=\"noreferrer noopener\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7<\/a>\u306fVPC\u5185\u306e\u4eee\u60f3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3068\u3057\u3066\u6a5f\u80fd\u3057\u307e\u3059\u3002<br>\u4ee5\u4e0b\u306fKubernetes\u30af\u30e9\u30b9\u30bf\u9593\u306e\u5185\u90e8\u901a\u4fe1\u3068\u5916\u90e8SSH,ICMP\u304a\u3088\u3073HTTPS\u3092\u8a31\u53ef\u3059\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30dd\u30ea\u30b7\u30fc\u3092\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"0b9170bf-2c01-4590-8594-6f31ee9da12a\" class=\"wp-block-code\"><code>SECURITY_GROUP_ID=$(aws ec2 create-security-group \\\n  --group-name kubernetes \\\n  --description \"Kubernetes security group\" \\\n  --vpc-id ${VPC_ID} \\\n  --output text --query 'GroupId')\naws ec2 create-tags --resources ${SECURITY_GROUP_ID} --tags Key=Name,Value=kubernetes\naws ec2 authorize-security-group-ingress --group-id ${SECURITY_GROUP_ID} --protocol all --cidr 10.0.0.0\/16\naws ec2 authorize-security-group-ingress --group-id ${SECURITY_GROUP_ID} --protocol all --cidr 10.200.0.0\/16\naws ec2 authorize-security-group-ingress --group-id ${SECURITY_GROUP_ID} --protocol tcp --port 22 --cidr 0.0.0.0\/0\naws ec2 authorize-security-group-ingress --group-id ${SECURITY_GROUP_ID} --protocol tcp --port 6443 --cidr 0.0.0.0\/0\naws ec2 authorize-security-group-ingress --group-id ${SECURITY_GROUP_ID} --protocol tcp --port 443 --cidr 0.0.0.0\/0\naws ec2 authorize-security-group-ingress --group-id ${SECURITY_GROUP_ID} --protocol icmp --port -1 --cidr 0.0.0.0\/0<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Kubernetes Public Access\u306e\u8a2d\u5b9a<\/strong><\/h4>\n\n\n\n<p>Kubernetes API\u30b5\u30fc\u30d0\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3068\u3057\u3066\u5272\u308a\u5f53\u3066\u308bIP\u30a2\u30c9\u30ec\u30b9\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"43b2de00-a63e-4d4d-852d-175e2bd031c4\" class=\"wp-block-code\"><code>LOAD_BALANCER_ARN=$(aws elbv2 create-load-balancer \\\n    --name kubernetes \\\n    --subnets ${SUBNET_ID} \\\n    --scheme internet-facing \\\n    --type network \\\n    --output text --query 'LoadBalancers&#91;].LoadBalancerArn')\n  TARGET_GROUP_ARN=$(aws elbv2 create-target-group \\\n    --name kubernetes \\\n    --protocol TCP \\\n    --port 6443 \\\n    --vpc-id ${VPC_ID} \\\n    --target-type ip \\\n    --output text --query 'TargetGroups&#91;].TargetGroupArn')\n  aws elbv2 register-targets --target-group-arn ${TARGET_GROUP_ARN} --targets Id=10.0.1.1{0,1,2}\n  aws elbv2 create-listener \\\n    --load-balancer-arn ${LOAD_BALANCER_ARN} \\\n    --protocol TCP \\\n    --port 443 \\\n    --default-actions Type=forward,TargetGroupArn=${TARGET_GROUP_ARN} \\\n    --output text --query 'Listeners&#91;].ListenerArn'<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6-3\">\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9<\/h3>\n\n\n\n<p id=\"ed60349f-8d4e-4ac4-b5e6-ed3e2a27deaf\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001Kubernetes\u30af\u30e9\u30b9\u30bf\u306e\u30db\u30b9\u30c8\u3068\u306a\u308bVM\u3092\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Instance Image\u306e\u5b9a\u7fa9<\/strong><\/h4>\n\n\n\n<p id=\"ed60349f-8d4e-4ac4-b5e6-ed3e2a27deaf\">\u5229\u7528\u3059\u308b\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u30a4\u30e1\u30fc\u30b8\u3092\u5b9a\u7fa9\u3057\u307e\u3059\u3002<br>\u4eca\u56de\u306f\u30d1\u30d6\u30ea\u30c3\u30af\u3068\u3057\u3066\u516c\u958b\u3057\u3066\u3044\u308bubuntu\u306e<a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/AWSEC2\/latest\/UserGuide\/AMIs.html\" target=\"_blank\" rel=\"noreferrer noopener\">AMI<\/a>\u3092\u6307\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"633f4263-592f-46cb-a1c7-cd8a98a6d83c\" class=\"wp-block-code\"><code>IMAGE_ID=$(aws ec2 describe-images --owners 099720109477 \\\n  --output json \\\n  --filters \\\n  'Name=root-device-type,Values=ebs' \\\n  'Name=architecture,Values=x86_64' \\\n  'Name=name,Values=ubuntu\/images\/hvm-ssd\/ubuntu-focal-20.04-amd64-server-*' \\\n  | jq -r '.Images|sort_by(.Name)&#91;-1]|.ImageId')<\/code><\/pre>\n\n\n\n<p id=\"6b2e1072-72b4-4b59-a72a-f04e0ccda0a6\">jq\u30b3\u30de\u30f3\u30c9\u304c\u5165\u3063\u3066\u3044\u306a\u3044\u5834\u5408\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"220d83fe-6fe7-499f-ab67-ac7523d0350a\" class=\"wp-block-code\"><code>brew install jq<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>SSH Key Pair\u306e\u4f5c\u6210<\/strong><\/h4>\n\n\n\n<p>EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306bSSH\u63a5\u7d9a\u3059\u308b\u305f\u3081\u306eKey Pair\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"7ea23ca7-d855-46b5-ba03-a4727dfa8cf6\" class=\"wp-block-code\"><code>aws ec2 create-key-pair --key-name kubernetes --output text --query 'KeyMaterial' &gt; kubernetes.id_rsa\nchmod 600 kubernetes.id_rsa<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6-4\"><strong>Kubernetes Control Plane\u7528\u30db\u30b9\u30c8\u306e\u7acb\u3061\u4e0a\u3052<\/strong><\/h3>\n\n\n\n<p id=\"fde7432b-3e46-477b-97e0-ecda75c61d3a\"><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/AWSEC2\/latest\/UserGuide\/concepts.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon EC2<\/a>\u3067\u3001Kubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30ce\u30fc\u30c9\u306e\u30db\u30b9\u30c8\u3068\u306a\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4eca\u56de\u306f <strong>t3.micro<\/strong>\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u4f7f\u7528\u3057\u30013\u53f0\u306e\u4eee\u60f3\u30de\u30b7\u30f3\u3092\u7acb\u3061\u4e0a\u3052\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"91c762f6-f909-4fd3-a815-18cfbb8a0bd4\" class=\"wp-block-code\"><code>for i in 0 1 2; do\n  instance_id=$(aws ec2 run-instances \\\n    --associate-public-ip-address \\\n    --image-id ${IMAGE_ID} \\\n    --count 1 \\\n    --key-name kubernetes \\\n    --security-group-ids ${SECURITY_GROUP_ID} \\\n    --instance-type t3.micro \\\n    --private-ip-address 10.0.1.1${i} \\\n    --user-data \"name=controller-${i}\" \\\n    --subnet-id ${SUBNET_ID} \\\n    --block-device-mappings='{\"DeviceName\": \"\/dev\/sda1\", \"Ebs\": { \"VolumeSize\": 50 }, \"NoDevice\": \"\" }' \\\n    --output text --query 'Instances&#91;].InstanceId')\n  aws ec2 modify-instance-attribute --instance-id ${instance_id} --no-source-dest-check\n  aws ec2 create-tags --resources ${instance_id} --tags \"Key=Name,Value=controller-${i}\"\n  echo \"controller-${i} created \"\ndone<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6-5\">Kubernetes Worker Node\u7528\u30db\u30b9\u30c8\u306e\u7acb\u3061\u4e0a\u3052<\/h3>\n\n\n\n<p id=\"6cd24c05-7f42-47c7-b4bd-4c8843b7b276\"><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/AWSEC2\/latest\/UserGuide\/concepts.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon EC2<\/a>\u3067Kubernetes Worker Node\u306e\u30db\u30b9\u30c8\u3068\u306a\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4eca\u56de\u306f <strong>t3.micro<\/strong>\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u4f7f\u7528\u3057\u30013\u53f0\u306e\u4eee\u60f3\u30de\u30b7\u30f3\u3092\u7acb\u3061\u4e0a\u3052\u307e\u3059\u3002<br>Kubernetes Worker Node\u306f\u30b3\u30f3\u30c6\u30ca\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u5c55\u958b\u3001\u5b9f\u884c\u3055\u308c\u308b\u5834\u6240\u3067\u3042\u308b\u305f\u3081\u5b9f\u969b\u306e\u30b5\u30a4\u30b8\u30f3\u30b0\u306f\u975e\u5e38\u306b\u91cd\u8981\u3067\u3059\u3002\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u8981\u4ef6\u306b\u5fdc\u3058\u305f\u30ea\u30bd\u30fc\u30b9\u8a08\u7b97\u304c\u6c42\u3081\u3089\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"36ca9998-545f-43cf-acc9-7665285bd7e0\" class=\"wp-block-code\"><code>for i in 0 1 2; do\n  instance_id=$(aws ec2 run-instances \\\n    --associate-public-ip-address \\\n    --image-id ${IMAGE_ID} \\\n    --count 1 \\\n    --key-name kubernetes \\\n    --security-group-ids ${SECURITY_GROUP_ID} \\\n    --instance-type t3.micro \\\n    --private-ip-address 10.0.1.2${i} \\\n    --user-data \"name=worker-${i}|pod-cidr=10.200.${i}.0\/24\" \\\n    --subnet-id ${SUBNET_ID} \\\n    --block-device-mappings='{\"DeviceName\": \"\/dev\/sda1\", \"Ebs\": { \"VolumeSize\": 50 }, \"NoDevice\": \"\" }' \\\n    --output text --query 'Instances&#91;].InstanceId')\n  aws ec2 modify-instance-attribute --instance-id ${instance_id} --no-source-dest-check\n  aws ec2 create-tags --resources ${instance_id} --tags \"Key=Name,Value=worker-${i}\"\n  echo \"worker-${i} created\"\ndone<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"7\">04-\u8a8d\u8a3c\u5c40(CA)\u306e\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3068TLS\u8a3c\u660e\u66f8\u306e\u751f\u6210<\/h2>\n\n\n\n<p id=\"517cd0b3-4778-4b1a-92e4-f8cf2831ac68\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001CloudFlare\u306ePKI\u30c4\u30fc\u30eb\u30ad\u30c3\u30c8\u3067\u3042\u308b cfssl\u3092\u4f7f\u7528\u3057\u3066PKI\u57fa\u76e4\u3092\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3057\u307e\u3059\u3002PKI\u57fa\u76e4\u3092\u5229\u7528\u3057\u3066\u8a8d\u8a3c\u5c40\u3092\u4f5c\u308a\u3001\u4ee5\u4e0b\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"08e5f95d-7548-4b04-88a5-1e04e814dc79\"><li>admin\u7528\u306eTLS\u8a3c\u660e\u66f8<\/li><li>\u5404\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306eTLS\u8a3c\u660e\u66f8<ul><li>etcd<\/li><li>kube-apiserver<\/li><li>kube-controller-manager<\/li><li>kube-scheduler<\/li><li>kubelet<\/li><li>kube-proxy<\/li><\/ul><\/li><\/ul>\n\n\n\n<p id=\"502a1589-e558-4f5f-b2d9-80456f4fc43b\">\u5404\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306e\u5f79\u5272\u306f\u4ee5\u4e0b\u3092\u53c2\u7167\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p id=\"502a1589-e558-4f5f-b2d9-80456f4fc43b\"><a href=\"https:\/\/kubernetes.io\/docs\/concepts\/overview\/components\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Kubernetes ComponentsKubernetes Components<\/strong> <em>A Kubernetes cluster consists of the components that represen<\/em> <em>kubernetes.io<\/em> <\/a><a href=\"https:\/\/kubernetes.io\/docs\/concepts\/overview\/components\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"7-1\">\u8a8d\u8a3c\u5c40(CA)\u306e\u7acb\u3061\u4e0a\u3052<\/h3>\n\n\n\n<p id=\"43b857fb-c3b9-44de-b781-e6cef203486a\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001TLS\u8a3c\u660e\u66f8\u3092\u751f\u6210\u3059\u308b\u305f\u3081\u306e\u8a8d\u8a3c\u5c40(CA)\u3092\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3057\u307e\u3059\u3002<br>CA\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3001CA\u81ea\u8eab\u306e\u8a3c\u660e\u66f8\u3001\u304a\u3088\u3073\u79d8\u5bc6\u9375\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"f08c2322-0a4c-41bc-8ae7-5429ba6982a7\" class=\"wp-block-code\"><code>cat &gt; ca-config.json &lt;&lt;EOF\n{\n  \"signing\": {\n    \"default\": {\n      \"expiry\": \"8760h\"\n    },\n    \"profiles\": {\n      \"kubernetes\": {\n        \"usages\": &#91;\"signing\", \"key encipherment\", \"server auth\", \"client auth\"],\n        \"expiry\": \"8760h\"\n      }\n    }\n  }\n}\nEOF\n\ncat &gt; ca-csr.json &lt;&lt;EOF\n{\n  \"CN\": \"Kubernetes\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": &#91;\n    {\n      \"C\": \"US\",\n      \"L\": \"Portland\",\n      \"O\": \"Kubernetes\",\n      \"OU\": \"CA\",\n      \"ST\": \"Oregon\"\n    }\n  ]\n}\nEOF\n\ncfssl gencert -initca ca-csr.json | cfssljson -bare ca<\/code><\/pre>\n\n\n\n<p id=\"d966959a-bb00-4a58-a405-ba0a66180a30\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"bb78cbf3-45ec-4ac7-9264-91705569ba66\" class=\"wp-block-code\"><code>ca-key.pem\nca.pem<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"7-2\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u30b5\u30fc\u30d0\u30fc\u306e\u8a3c\u660e\u66f8\u767a\u884c<\/h3>\n\n\n\n<p id=\"327de15d-c9ec-4316-bf1a-ef6d00fe149c\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001\u5404Kubernetes\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3067\u4f7f\u3046\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u3001admin\u30e6\u30fc\u30b6\u30fc\u7528\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Admin\u7528\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/strong><\/h4>\n\n\n\n<p id=\"56d293c4-e777-4fad-bfe1-d5a7cababdff\">admin\u7528\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"12edeef9-e10e-4698-a04f-c7d31a12e742\" class=\"wp-block-code\"><code>cat &gt; admin-csr.json &lt;&lt;EOF\n{\n  \"CN\": \"admin\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": &#91;\n    {\n      \"C\": \"US\",\n      \"L\": \"Portland\",\n      \"O\": \"system:masters\",\n      \"OU\": \"Kubernetes The Hard Way\",\n      \"ST\": \"Oregon\"\n    }\n  ]\n}\nEOF\n\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -profile=kubernetes \\\n  admin-csr.json | cfssljson -bare admin<\/code><\/pre>\n\n\n\n<p id=\"996f71ee-a6d4-4d46-a2d2-532134f2ac66\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"164b8cbb-33a4-4390-8d24-e72a40a8f2ed\" class=\"wp-block-code\"><code>admin-key.pem\nadmin.pem<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Kubelet\u7528\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/strong><\/h4>\n\n\n\n<p id=\"cf6ef511-147e-43c1-9a75-fb7d5288c96b\">Kubernetes\u306f\u3001Node Authorizer\u3068\u547c\u3070\u308c\u308b\u7279\u5225\u306a\u7528\u9014\u5411\u3051\u306e\u8a8d\u53ef\u30e2\u30fc\u30c9\u3092\u5229\u7528\u3057\u307e\u3059\u3002\u4e3b\u306bKubelets\u304b\u3089\u306eAPI\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u8a8d\u8a3c\u306e\u5f79\u5272\u3092\u62c5\u3044\u307e\u3059\u304c\u3001Node Authorizer\u306e\u8a8d\u53ef\u306e\u305f\u3081\u306b\u306f<strong>system:nodes group<\/strong>\u306e\u4e2d\u306e<strong>system:node:&lt;nodeName&gt;<\/strong>\u3068\u3044\u3046\u30e6\u30fc\u30b6\u30fc\u540d\u3067\u8a8d\u8a3c\u3055\u308c\u308b\u3088\u3046\u306b\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u3002\u8a73\u7d30\u306f\u4ee5\u4e0b\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/kubernetes.io\/docs\/reference\/access-authn-authz\/node\/\" rel=\"noreferrer noopener\" target=\"_blank\"><strong>Using Node AuthorizationUsing Node Authorization<\/strong> <em>Node authorization is a special-purpose authorization mode th<\/em> <em>kubernetes.io<\/em> <\/a><a href=\"https:\/\/kubernetes.io\/docs\/reference\/access-authn-authz\/node\/\" rel=\"noreferrer noopener\" target=\"_blank\"><\/a><\/p>\n\n\n\n<p id=\"4f4a8b2c-6e56-4470-ab6b-ad95026cecdc\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001Kubernetes\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u3054\u3068\u306bNode Authorizer\u306e\u8981\u6c42\u3092\u6e80\u305f\u3059\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"99d76766-8179-4bbb-8eda-fbbcf86801f0\" class=\"wp-block-code\"><code>for i in 0 1 2; do\n  instance=\"worker-${i}\"\n  instance_hostname=\"ip-10-0-1-2${i}\"\n  cat &gt; ${instance}-csr.json &lt;&lt;EOF\n{\n  \"CN\": \"system:node:${instance_hostname}\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": &#91;\n    {\n      \"C\": \"US\",\n      \"L\": \"Portland\",\n      \"O\": \"system:nodes\",\n      \"OU\": \"Kubernetes The Hard Way\",\n      \"ST\": \"Oregon\"\n    }\n  ]\n}\nEOF\n\n  external_ip=$(aws ec2 describe-instances --filters \\\n    \"Name=tag:Name,Values=${instance}\" \\\n    \"Name=instance-state-name,Values=running\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\n  internal_ip=$(aws ec2 describe-instances --filters \\\n    \"Name=tag:Name,Values=${instance}\" \\\n    \"Name=instance-state-name,Values=running\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PrivateIpAddress')\n\n  cfssl gencert \\\n    -ca=ca.pem \\\n    -ca-key=ca-key.pem \\\n    -config=ca-config.json \\\n    -hostname=${instance_hostname},${external_ip},${internal_ip} \\\n    -profile=kubernetes \\\n    worker-${i}-csr.json | cfssljson -bare worker-${i}\ndone<\/code><\/pre>\n\n\n\n<p id=\"d692ccb7-6a79-4723-ad7e-176939241f2c\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"70b883c3-26fa-459c-9ff8-439805e23da3\" class=\"wp-block-code\"><code>\nworker-0-key.pem\nworker-0.pem\nworker-1-key.pem\nworker-1.pem\nworker-2-key.pem\nworker-2.pem<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>kube-contorller-manager\u7528 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/strong><\/h4>\n\n\n\n<p id=\"e3133bf6-55c0-4f25-ba2b-51085e9c644d\">kube-controller-manager\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"96f6346b-8c86-4ea4-9dec-b4d66976e449\" class=\"wp-block-code\"><code>cat &gt; kube-controller-manager-csr.json &lt;&lt;EOF\n{\n  \"CN\": \"system:kube-controller-manager\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": &#91;\n    {\n      \"C\": \"US\",\n      \"L\": \"Portland\",\n      \"O\": \"system:kube-controller-manager\",\n      \"OU\": \"Kubernetes The Hard Way\",\n      \"ST\": \"Oregon\"\n    }\n  ]\n}\nEOF\n\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -profile=kubernetes \\\n  kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager<\/code><\/pre>\n\n\n\n<p id=\"427586d5-9054-46b9-aa07-ef8a4ebedba0\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"ea747422-8f74-4069-ae64-ffc5f43916ca\" class=\"wp-block-code\"><code>kube-controller-manager-key.pem\nkube-controller-manager.pem<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>kube-proxy \u7528 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/strong><\/h4>\n\n\n\n<p id=\"b213c19c-5095-4a4b-9301-8777082df0f4\">kube-proxy\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"a33bc5ef-9e54-4cbf-9caa-a0b45c8b856a\" class=\"wp-block-code\"><code>cat &gt; kube-proxy-csr.json &lt;&lt;EOF\n{\n  \"CN\": \"system:kube-proxy\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": &#91;\n    {\n      \"C\": \"US\",\n      \"L\": \"Portland\",\n      \"O\": \"system:node-proxier\",\n      \"OU\": \"Kubernetes The Hard Way\",\n      \"ST\": \"Oregon\"\n    }\n  ]\n}\nEOF\n\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -profile=kubernetes \\\n  kube-proxy-csr.json | cfssljson -bare kube-proxy<\/code><\/pre>\n\n\n\n<p id=\"bc5e2ec9-21d6-411d-a2ed-92edc968ca32\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"95d5aef7-5ca3-40f2-b7f3-211437aa9351\" class=\"wp-block-code\"><code>kube-proxy-key.pem\nkube-proxy.pem<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>kube-scheduler\u7528 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/strong><\/h4>\n\n\n\n<p id=\"f29bf2da-0c89-4505-965a-567fb82311a0\">kube-scheduler \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u306e\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"ea507947-bbfa-4add-b737-0297ed770f07\" class=\"wp-block-code\"><code>cat &gt; kube-scheduler-csr.json &lt;&lt;EOF\n{\n  \"CN\": \"system:kube-scheduler\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": &#91;\n    {\n      \"C\": \"US\",\n      \"L\": \"Portland\",\n      \"O\": \"system:kube-scheduler\",\n      \"OU\": \"Kubernetes The Hard Way\",\n      \"ST\": \"Oregon\"\n    }\n  ]\n}\nEOF\n\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -profile=kubernetes \\\n  kube-scheduler-csr.json | cfssljson -bare kube-scheduler<\/code><\/pre>\n\n\n\n<p id=\"3c8c507c-600d-4765-b938-315ff8dd4ebe\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"8e1d4859-5751-4f50-98b5-a37687b33399\" class=\"wp-block-code\"><code>kube-scheduler-key.pem\nkube-scheduler.pem<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Kubernetes API \u30b5\u30fc\u30d0\u30fc\u7528\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/strong><\/h4>\n\n\n\n<p id=\"8564252d-6ee0-4976-aa3f-2630aadf45aa\">kubernetes-the-hard-way \u306estatic IP\u30a2\u30c9\u30ec\u30b9\u306f\u3001Kubernetes API \u30b5\u30fc\u30d0\u30fc\u306e\u8a3c\u660e\u66f8\u306eSAN(subject alternative names)\u306e\u30ea\u30b9\u30c8\u306b\u542b\u3081\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br>\u5916\u90e8\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u3082\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u305f\u691c\u8a3c\u3092\u884c\u3046\u305f\u3081\u306e\u8a2d\u5b9a\u3067\u3059\u3002<\/p>\n\n\n\n<p id=\"8564252d-6ee0-4976-aa3f-2630aadf45aa\">Kubernetes API \u30b5\u30fc\u30d0\u30fc\u306e\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"b7410c87-1355-44a4-83a8-a029aa0885dc\" class=\"wp-block-code\"><code>KUBERNETES_HOSTNAMES=kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.svc.cluster.local\n\ncat &gt; kubernetes-csr.json &lt;&lt;EOF\n{\n  \"CN\": \"kubernetes\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": &#91;\n    {\n      \"C\": \"US\",\n      \"L\": \"Portland\",\n      \"O\": \"Kubernetes\",\n      \"OU\": \"Kubernetes The Hard Way\",\n      \"ST\": \"Oregon\"\n    }\n  ]\n}\nEOF\n\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -hostname=10.32.0.1,10.0.1.10,10.0.1.11,10.0.1.12,${KUBERNETES_PUBLIC_ADDRESS},127.0.0.1,${KUBERNETES_HOSTNAMES} \\\n  -profile=kubernetes \\\n  kubernetes-csr.json | cfssljson -bare kubernetes<\/code><\/pre>\n\n\n\n<p id=\"f46d5fd9-5fa5-4d20-a12b-6bfe8836df74\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"36c10148-901c-4c0a-8593-d9455ad096b4\" class=\"wp-block-code\"><code>kubernetes-key.pem\nkubernetes.pem<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u30ad\u30fc\u30da\u30a2\u3092\u767a\u884c<\/strong><\/h4>\n\n\n\n<p id=\"e37dcfb6-7d48-4a87-aace-c877b165072c\"><a href=\"https:\/\/kubernetes.io\/docs\/reference\/access-authn-authz\/service-accounts-admin\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u7ba1\u7406<\/a>\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u3042\u308b\u3088\u3046\u306b\u3001Kubernetes Controller Manager\u306f\u3001\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u30c8\u30fc\u30af\u30f3\u306e\u751f\u6210\u3068\u7f72\u540d\u3092\u3059\u308b\u305f\u3081\u306b\u30ad\u30fc\u30da\u30a2\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"db4dd9ab-55ab-415d-9035-deaf2721f630\">service-account \u306e\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u767a\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"12753a54-b285-4797-a8b3-760b868f0764\" class=\"wp-block-code\"><code>cat &gt; service-account-csr.json &lt;&lt;EOF\n{\n  \"CN\": \"service-accounts\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": &#91;\n    {\n      \"C\": \"US\",\n      \"L\": \"Portland\",\n      \"O\": \"Kubernetes\",\n      \"OU\": \"Kubernetes The Hard Way\",\n      \"ST\": \"Oregon\"\n    }\n  ]\n}\nEOF\n\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -profile=kubernetes \\\n  service-account-csr.json | cfssljson -bare service-account<\/code><\/pre>\n\n\n\n<p id=\"06c12bb7-08e2-4ca4-9cf6-7b3c973704d1\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"5aa24fbc-c4e6-4e39-ba4c-35dac2ab43f9\" class=\"wp-block-code\"><code>service-account-key.pem\nservice-account.pem<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"7-3\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u914d\u5e03<\/h3>\n\n\n\n<p id=\"5c4af5cc-8742-43c6-aa74-e8e4bfa2a161\">\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u30b3\u30d4\u30fc\u3057\u3001\u5404\u30ef\u30fc\u30ab\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u914d\u7f6e\u3057\u307e\u3059\u3002<br>\u914d\u7f6e\u5bfe\u8c61\u306f\u4ee5\u4e0b\u3067\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"d55b8264-08cc-41c5-8fc3-6e9c8e09cd15\"><li>CA\u8a3c\u660e\u66f8<\/li><li>API\u30b5\u30fc\u30d0\u306e\u8a3c\u660e\u66f8<\/li><li>\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375<\/li><\/ul>\n\n\n\n<pre id=\"fb7bdef4-39c9-4c74-baaf-6040383e5296\" class=\"wp-block-code\"><code>for instance in worker-0 worker-1 worker-2; do\n  external_ip=$(aws ec2 describe-instances --filters \\\n    \"Name=tag:Name,Values=${instance}\" \\\n    \"Name=instance-state-name,Values=running\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\n  scp -i kubernetes.id_rsa ca.pem ${instance}-key.pem ${instance}.pem ubuntu@${external_ip}:~\/\ndone<\/code><\/pre>\n\n\n\n<p id=\"b56ad013-bbde-4d9e-ad67-60985e70fa6f\">\u63a5\u7d9a\u51e6\u7406\u3092\u7d9a\u3051\u3066\u826f\u3044\u304b\u805e\u304b\u308c\u305f\u5834\u5408\u306f<strong>yes<\/strong>\u3092\u5165\u529b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"22106af5-3b24-4c35-8246-169fae524e9b\" class=\"wp-block-code\"><code>Are you sure you want to continue connecting (yes\/no\/&#91;fingerprint])?<\/code><\/pre>\n\n\n\n<p id=\"51ad9cce-8f18-43fd-b8c5-730ff7949803\">\u8ee2\u9001\u306b\u6210\u529f\u3059\u308b\u3068\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u51fa\u529b\u7d50\u679c\u3092\u5f97\u3089\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"a817afe1-adc1-4cfb-aee9-f2bf6a40d05f\" class=\"wp-block-code\"><code>ca.pem                                        100% 1318    32.0KB\/s   00:00    \nworker-1-key.pem                              100% 1675    72.6KB\/s   00:00    \nworker-1.pem                                  100% 1509    40.6KB\/s   00:00 <\/code><\/pre>\n\n\n\n<p id=\"09cae04d-9a52-4a73-b1e2-d836f6940d42\">\u4e0a\u8a18\u306f\u30ef\u30fc\u30ab\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u53f0\u6570\u5206\u7e70\u308a\u8fd4\u3057\u51e6\u7406\u3055\u308c\u307e\u3059\u3002\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u3082\u540c\u69d8\u306b\u914d\u7f6e\u3057\u307e\u3059\u3002<br>\u914d\u7f6e\u5bfe\u8c61\u306f\u4ee5\u4e0b\u3067\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"5ee830c6-fc35-4866-ad04-2e0ed6b2b739\"><li>CA\u8a3c\u660e\u66f8<\/li><li>API\u30b5\u30fc\u30d0\u306e\u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375<\/li><li>\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u6255\u3044\u51fa\u3057\u7528\u30ad\u30fc\u30da\u30a2<\/li><\/ul>\n\n\n\n<pre id=\"49190009-d79a-4dee-b960-fc3c0bc0a033\" class=\"wp-block-code\"><code>for instance in controller-0 controller-1 controller-2; do\n  external_ip=$(aws ec2 describe-instances --filters \\\n    \"Name=tag:Name,Values=${instance}\" \\\n    \"Name=instance-state-name,Values=running\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\n  scp -i kubernetes.id_rsa \\\n    ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem \\\n    service-account-key.pem service-account.pem ubuntu@${external_ip}:~\/\ndone<\/code><\/pre>\n\n\n\n<p id=\"6ac2389a-c2e1-4005-ba7a-7483e5cc26a8\">\u63a5\u7d9a\u51e6\u7406\u3092\u7d9a\u3051\u3066\u826f\u3044\u304b\u805e\u304b\u308c\u305f\u5834\u5408\u306f&#8217;yes&#8217;\u3092\u5165\u529b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"499134b9-a1ec-4811-a299-da9db00e9b6b\" class=\"wp-block-code\"><code>Are you sure you want to continue connecting (yes\/no\/&#91;fingerprint])?<\/code><\/pre>\n\n\n\n<p id=\"cc0d994e-7539-4a4b-88df-0f341cdc86ab\">\u8ee2\u9001\u306b\u6210\u529f\u3059\u308b\u3068\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u51fa\u529b\u7d50\u679c\u3092\u5f97\u3089\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"deca3f65-39ab-49ad-9889-881689c0d164\" class=\"wp-block-code\"><code>ca.pem                                        100% 1318    59.2KB\/s   00:00    \nca-key.pem                                    100% 1679    42.0KB\/s   00:00    \nkubernetes-key.pem                            100% 1675    73.4KB\/s   00:00    \nkubernetes.pem                                100% 1598    44.6KB\/s   00:00    \nservice-account-key.pem                       100% 1675    72.0KB\/s   00:00    \nservice-account.pem                           100% 1440    65.8KB\/s   00:00  <\/code><\/pre>\n\n\n\n<p id=\"02c48f15-d5f0-401f-9f96-b60f698546a8\">\u5c1a\u3001\u4e0b\u8a18\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306f\u6b21\u306e\u624b\u9806\u3067\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"1bd00b0a-1260-4d57-afe4-8bebdc3a373a\"><li>kube-proxy<\/li><li>kube-controller-manager<\/li><li>kube-scheduler<\/li><li>kubelet<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"8\">05-\u8a8d\u8a3c\u7528kubeconfig\u306e\u751f\u6210<\/h2>\n\n\n\n<p id=\"6acf7fa1-8daa-4ffd-98f8-bad30a90e6f6\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001Kubernetes API\u30b5\u30fc\u30d0\u30fc\u304cKubernetes\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u914d\u7f6e\u3001\u8a8d\u8a3c\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u305f\u3081\u306ekubeconfig(Kubernetes\u69cb\u6210\u30d5\u30a1\u30a4\u30eb)\u3092\u751f\u6210\u3057\u307e\u3059\u3002\u751f\u6210\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u306f\u4ee5\u4e0b\u3067\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"e2652795-12c0-405c-b012-acb1eb2e3a57\"><li>conttoller-manager<\/li><li>kubelet<\/li><li>kube-proxy<\/li><li>scheduler<\/li><li>admin\u30e6\u30fc\u30b6\u30fc\u7528\u306ekubeconfig<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-1\">Kubernetes\u306ePublic DNS\u30a2\u30c9\u30ec\u30b9\u3092\u53d6\u5f97<\/h3>\n\n\n\n<p id=\"35950c28-57ab-49d8-80df-450d6774b637\">\u5404<strong>kubeconfig<\/strong>\u306fKubernetes API\u30b5\u30fc\u30d0\u3068\u63a5\u7d9a\u3067\u304d\u308b\u3053\u3068\u304c\u8981\u6c42\u3055\u308c\u307e\u3059\u3002<br>\u9ad8\u53ef\u7528\u6027\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306b\u3001Kubernetes API\u30b5\u30fc\u30d0\u306e\u524d\u306b\u8a2d\u7f6e\u3055\u308c\u3066\u3044\u308b\u5916\u90e8\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u306eIP\u30a2\u30c9\u30ec\u30b9\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"da9b38c0-f9f6-427a-a50d-b1e94d1995df\"><strong>kubernetes-the-hard-way<\/strong>\u306eDNS\u30a2\u30c9\u30ec\u30b9\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"8da3988c-7eaf-4af6-a247-ce8e5f950f13\" class=\"wp-block-code\"><code>KUBERNETES_PUBLIC_ADDRESS=$(aws elbv2 describe-load-balancers \\\n  --load-balancer-arns ${LOAD_BALANCER_ARN} \\\n  --output text --query 'LoadBalancers&#91;0].DNSName')\necho ${KUBERNETES_PUBLIC_ADDRESS}<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-2\">kubelet\u7528kubeconfigs\u306e\u751f\u6210<\/h3>\n\n\n\n<p id=\"e7235ab1-0ab2-47a8-a1eb-05433758acb3\">kubelet\u7528\u306e<strong>kubeconfig<\/strong>\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u3059\u308b\u3068\u304d\u306f\u3001<strong>kubelet<\/strong>\u306e\u30ce\u30fc\u30c9\u540d\u3068\u540c\u3058\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u4f7f\u7528\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001<strong>kubelet<\/strong>\u304cKubernetes\u306eNode Authorizer\u306b\u3088\u3063\u3066\u8a8d\u53ef\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"114789ab-0372-4d2b-a874-4e5a10f96176\">\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u6bce\u306bkubeconfig\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"ecb61b86-3e55-49cd-a75f-66c426b79e54\" class=\"wp-block-code\"><code>for instance in worker-0 worker-1 worker-2; do\n  kubectl config set-cluster kubernetes-the-hard-way \\\n    --certificate-authority=ca.pem \\\n    --embed-certs=true \\\n    --server=https:\/\/${KUBERNETES_PUBLIC_ADDRESS}:443 \\\n    --kubeconfig=${instance}.kubeconfig\n\n  kubectl config set-credentials system:node:${instance} \\\n    --client-certificate=${instance}.pem \\\n    --client-key=${instance}-key.pem \\\n    --embed-certs=true \\\n    --kubeconfig=${instance}.kubeconfig\n\n  kubectl config set-context default \\\n    --cluster=kubernetes-the-hard-way \\\n    --user=system:node:${instance} \\\n    --kubeconfig=${instance}.kubeconfig\n\n  kubectl config use-context default --kubeconfig=${instance}.kubeconfig\ndone<\/code><\/pre>\n\n\n\n<p id=\"a7608e70-006e-466d-a39b-72bacc20344d\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"df12dd06-33ba-4209-9838-d96ed4ebc07f\" class=\"wp-block-code\"><code>worker-0.kubeconfig\nworker-1.kubeconfig\nworker-2.kubeconfig<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-3\">kube-proxy\u7528kubeconfig\u306e\u751f\u6210<\/h3>\n\n\n\n<p id=\"6eb1d0bc-19cf-45f9-a6d9-f3460335a4fc\">kube-proxy\u306ekubeconfig\u3082\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"65c47c84-34ec-47b9-ab6f-1fdf9b6ae241\" class=\"wp-block-code\"><code>kubectl config set-cluster kubernetes-the-hard-way \\\n  --certificate-authority=ca.pem \\\n  --embed-certs=true \\\n  --server=https:\/\/${KUBERNETES_PUBLIC_ADDRESS}:443 \\\n  --kubeconfig=kube-proxy.kubeconfig\n\nkubectl config set-credentials system:kube-proxy \\\n  --client-certificate=kube-proxy.pem \\\n  --client-key=kube-proxy-key.pem \\\n  --embed-certs=true \\\n  --kubeconfig=kube-proxy.kubeconfig\n\nkubectl config set-context default \\\n  --cluster=kubernetes-the-hard-way \\\n  --user=system:kube-proxy \\\n  --kubeconfig=kube-proxy.kubeconfig\n\nkubectl config use-context default --kubeconfig=kube-proxy.kubeconfig<\/code><\/pre>\n\n\n\n<p id=\"b2b33e9a-ddb1-4233-9ba5-99358f0aad1c\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"32c30887-48b3-4400-a936-9a0a681de2ba\" class=\"wp-block-code\"><code>kube-proxy.kubeconfig<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-5\">kube-controller-manager\u7528kubeconfig\u306e\u751f\u6210<\/h3>\n\n\n\n<p id=\"eb8f8bc9-061d-417d-98b5-3fa1f71ebd9a\">kube-controller-manager\u306ekubeconfig\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"e8eb557f-9462-443b-aa5d-0de317d1d04f\" class=\"wp-block-code\"><code>kubectl config set-cluster kubernetes-the-hard-way \\\n  --certificate-authority=ca.pem \\\n  --embed-certs=true \\\n  --server=https:\/\/127.0.0.1:6443 \\\n  --kubeconfig=kube-controller-manager.kubeconfig\n\nkubectl config set-credentials system:kube-controller-manager \\\n  --client-certificate=kube-controller-manager.pem \\\n  --client-key=kube-controller-manager-key.pem \\\n  --embed-certs=true \\\n  --kubeconfig=kube-controller-manager.kubeconfig\n\nkubectl config set-context default \\\n  --cluster=kubernetes-the-hard-way \\\n  --user=system:kube-controller-manager \\\n  --kubeconfig=kube-controller-manager.kubeconfig\n\nkubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig<\/code><\/pre>\n\n\n\n<p id=\"fcadec86-510c-4cd1-8b5b-5a6d5b7a425b\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"1b3c44cf-0ab9-40fb-b1d2-774be4948392\" class=\"wp-block-code\"><code>kube-controller-manager.kubeconfig<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-4\">kube-scheduler\u7528kubeconfig\u306e\u751f\u6210<\/h3>\n\n\n\n<p id=\"6cbcc20a-ec48-423c-8867-12a7403d3a21\">kube-scheduler\u306ekubeconfig\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"62ddb216-3c55-43b9-bc64-d756b32797b5\" class=\"wp-block-code\"><code>kubectl config set-cluster kubernetes-the-hard-way \\\n  --certificate-authority=ca.pem \\\n  --embed-certs=true \\\n  --server=https:\/\/127.0.0.1:6443 \\\n  --kubeconfig=kube-scheduler.kubeconfig\n\nkubectl config set-credentials system:kube-scheduler \\\n  --client-certificate=kube-scheduler.pem \\\n  --client-key=kube-scheduler-key.pem \\\n  --embed-certs=true \\\n  --kubeconfig=kube-scheduler.kubeconfig\n\nkubectl config set-context default \\\n  --cluster=kubernetes-the-hard-way \\\n  --user=system:kube-scheduler \\\n  --kubeconfig=kube-scheduler.kubeconfig\n\nkubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig<\/code><\/pre>\n\n\n\n<p id=\"04e91be7-63c8-4329-b431-e924c5d29a13\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"29a938c8-4b6a-4ac9-bc1f-71576e16c5aa\" class=\"wp-block-code\"><code>kube-scheduler.kubeconfig<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-6\">admin\u30e6\u30fc\u30b6\u30fc\u7528kubeconfig\u306e\u751f\u6210<\/h3>\n\n\n\n<p id=\"9bb16b1f-cfa6-4e65-a2f9-d5992dcf5a0c\">admin\u30e6\u30fc\u30b6\u30fc\u306ekubeconfig\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"b648d22d-a511-4b99-8f23-34a5e36e0bab\" class=\"wp-block-code\"><code>kubectl config set-cluster kubernetes-the-hard-way \\\n  --certificate-authority=ca.pem \\\n  --embed-certs=true \\\n  --server=https:\/\/127.0.0.1:6443 \\\n  --kubeconfig=admin.kubeconfig\n\nkubectl config set-credentials admin \\\n  --client-certificate=admin.pem \\\n  --client-key=admin-key.pem \\\n  --embed-certs=true \\\n  --kubeconfig=admin.kubeconfig\n\nkubectl config set-context default \\\n  --cluster=kubernetes-the-hard-way \\\n  --user=admin \\\n  --kubeconfig=admin.kubeconfig\n\nkubectl config use-context default --kubeconfig=admin.kubeconfig<\/code><\/pre>\n\n\n\n<p id=\"83aa075e-4b0f-4739-9e1b-4ac4eb298d57\">\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"679ec063-9971-4c73-9d40-5ac1fcc30889\" class=\"wp-block-code\"><code>admin.kubeconfig<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-7\">kubeconfig\u306e\u914d\u5e03<\/h3>\n\n\n\n<p id=\"c33669ff-1ef3-4a08-a46e-049efbd45579\">kubelet\u3068kube-proxy\u306ekubecnofig\u3092\u30b3\u30d4\u30fc\u3057\u3001\u5404\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306b\u914d\u7f6e\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"d68fa524-cfc3-40db-a146-da192abc2017\" class=\"wp-block-code\"><code>for instance in worker-0 worker-1 worker-2; do\n  external_ip=$(aws ec2 describe-instances --filters \\\n    \"Name=tag:Name,Values=${instance}\" \\\n    \"Name=instance-state-name,Values=running\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\n  scp -i kubernetes.id_rsa \\\n    ${instance}.kubeconfig kube-proxy.kubeconfig ubuntu@${external_ip}:~\/\ndone<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"30e3fd8b-f2b5-489a-8dc0-bc86a16e0aa0\" class=\"wp-block-code\"><code>worker-0.kubeconfig                           100% 6449   260.8KB\/s   00:00    \nkube-proxy.kubeconfig                         100% 6371   261.1KB\/s   00:00    \nworker-1.kubeconfig                           100% 6449   273.1KB\/s   00:00    \nkube-proxy.kubeconfig                         100% 6371   268.2KB\/s   00:00    \nworker-2.kubeconfig                           100% 6449   265.6KB\/s   00:00    \nkube-proxy.kubeconfig                         100% 6371   287.2KB\/s   00:00 <\/code><\/pre>\n\n\n\n<p id=\"437d5fd5-3ec6-4469-b1a9-dd34acd5f512\"><strong>kube-controller-manager<\/strong>\u3068<strong>kube-scheduler<\/strong>\u306e<strong>kubeconfig<\/strong>\u3092\u30b3\u30d4\u30fc\u3057\u3001\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ce\u30fc\u30c9\u306b\u914d\u7f6e\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"16893c1a-3ca9-4604-b2de-9609a288ffea\" class=\"wp-block-code\"><code>for instance in controller-0 controller-1 controller-2; do\n  external_ip=$(aws ec2 describe-instances \\\n    --filters \"Name=tag:Name,Values=${instance}\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\n  scp -i kubernetes.id_rsa \\\n    admin.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig ubuntu@${external_ip}:~\/\ndone<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"662c12ba-e365-4939-9cf9-6609a4492ba9\" class=\"wp-block-code\"><code>admin.kubeconfig                              100% 6265   255.2KB\/s   00:00    \nkube-controller-manager.kubeconfig            100% 6387    51.6KB\/s   00:00    \nkube-scheduler.kubeconfig                     100% 6241   249.1KB\/s   00:00    \nadmin.kubeconfig                              100% 6265   276.1KB\/s   00:00    \nkube-controller-manager.kubeconfig            100% 6387   271.4KB\/s   00:00    \nkube-scheduler.kubeconfig                     100% 6241   122.2KB\/s   00:00    \nadmin.kubeconfig                              100% 6265   278.5KB\/s   00:00    \nkube-controller-manager.kubeconfig            100% 6387   127.7KB\/s   00:00    \nkube-scheduler.kubeconfig                     100% 6241   276.7KB\/s   00:00<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"9\">06-\u6697\u53f7\u5316\u306e\u8a2d\u5b9a\u3068\u30ad\u30fc\u306e\u751f\u6210<\/h2>\n\n\n\n<p id=\"02996ad9-feeb-4396-a001-3c115c395060\">Kubernetes\u306f\u3001\u30af\u30e9\u30b9\u30bf\u306e\u72b6\u614b\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a\u3001\u79d8\u533f\u60c5\u5831\u306a\u3069\u3092\u542b\u3080\u3055\u307e\u3056\u307e\u306a\u30c7\u30fc\u30bf\u304c\u683c\u7d0d\u3055\u308c\u307e\u3059\u3002\u305d\u306e\u30c7\u30fc\u30bf\u3092\u5b88\u308b\u305f\u3081\u306b\u3001Kubernetes\u306f\u30af\u30e9\u30b9\u30bf\u5185\u3067\u4fdd\u6301\u3057\u3066\u3044\u308b\u30c7\u30fc\u30bf\u3092\u6697\u53f7\u5316\u3059\u308b\u6a5f\u80fd\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001Kubernetes Secrets\u306e\u6697\u53f7\u5316\u306b\u5408\u308f\u305b\u305f\u6697\u53f7\u5316\u9375\u3068\u6697\u53f7\u5316\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"9-1\">\u6697\u53f7\u5316\u9375<\/h3>\n\n\n\n<p id=\"4a96a9de-369b-46ac-abbf-ff1b4b937a74\">\u6697\u53f7\u5316\u306b\u4f7f\u7528\u3059\u308b\u9375\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"479c2969-8d38-4dd1-8c1d-e30e5b05eba0\" class=\"wp-block-code\"><code>ENCRYPTION_KEY=$(head -c 32 \/dev\/urandom | base64)<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"9-2\">\u6697\u53f7\u5316\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb<\/h3>\n\n\n\n<p id=\"d70b3033-c4a5-4e74-9aac-feef741d3e02\">\u6697\u53f7\u5316\u306e\u8a2d\u5b9a\u306e\u305f\u3081\u306e<strong>encryption-config.yaml<\/strong>\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"9e12ff9a-b1bd-446e-9c2f-f6644e6716b1\" class=\"wp-block-code\"><code>cat &gt; encryption-config.yaml &lt;&lt;EOF\nkind: EncryptionConfig\napiVersion: v1\nresources:\n  - resources:\n      - secrets\n    providers:\n      - aescbc:\n          keys:\n            - name: key1\n              secret: ${ENCRYPTION_KEY}\n      - identity: {}\nEOF<\/code><\/pre>\n\n\n\n<p id=\"05b5bfde-5a54-4537-9bcd-f1ea9495c8e8\">encryption-config.yaml\u3092\u30b3\u30d4\u30fc\u3057\u3001\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ce\u30fc\u30c9\u306b\u914d\u7f6e\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"952da1b0-e797-424b-b78a-98ad6c9c9cc2\" class=\"wp-block-code\"><code>for instance in controller-0 controller-1 controller-2; do\n  external_ip=$(aws ec2 describe-instances --filters \\\n    \"Name=tag:Name,Values=${instance}\" \\\n    \"Name=instance-state-name,Values=running\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n  \n  scp -i kubernetes.id_rsa encryption-config.yaml ubuntu@${external_ip}:~\/\ndone<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"525037bc-f00b-4490-93cb-a0ed4344130b\" class=\"wp-block-code\"><code>encryption-config.yaml                        100%  240    10.4KB\/s   00:00    \nencryption-config.yaml                        100%  240     5.2KB\/s   00:00    \nencryption-config.yaml                        100%  240     4.9KB\/s   00:00 <\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"10\">07-etcd\u306e\u8d77\u52d5<\/h2>\n\n\n\n<p id=\"1be35e38-00dc-4d52-aff4-6f19c16d0999\">Kubernetes\u306e\u5404\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306f\u30b9\u30c6\u30fc\u30c8\u30ec\u30b9\u306b\u306a\u3063\u3066\u304a\u308a\u3001\u30af\u30e9\u30b9\u30bf\u306e\u72b6\u614b\u306f\u5168\u3066etcd\u306b\u683c\u7d0d\u3055\u308c\u7ba1\u7406\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u305d\u306e\u305f\u3081\u3001etcd\u306fKubernetes\u306b\u304a\u3044\u3066\u91cd\u8981\u306a\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3067\u3042\u308b\u3068\u4f4d\u7f6e\u4ed8\u3051\u3089\u308c\u3066\u304a\u308a\u3001\u591a\u304f\u306e\u5834\u5408\u306fetcd\u306e\u9ad8\u3044\u53ef\u7528\u6027\u3092\u62c5\u4fdd\u3059\u308b\u3053\u3068\u304c\u6c42\u3081\u3089\u308c\u307e\u3059\u3002\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u30013\u30ce\u30fc\u30c9\u306eetcd\u30af\u30e9\u30b9\u30bf\u3092\u69cb\u7bc9\u3057\u3066\u3001\u9ad8\u53ef\u7528\u6027\u3068\u5b89\u5168\u306a\u5916\u90e8\u30a2\u30af\u30bb\u30b9\u3092\u5b9f\u73fe\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"10-1\">\u6e96\u5099<\/h3>\n\n\n\n<p id=\"910b6543-e99e-4439-9730-a5c2a5c37ce9\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u306e\u30b3\u30de\u30f3\u30c9\u306f\u3001<strong>controller-0<\/strong>\u3001<strong>controller-1<\/strong>\u3001<strong>controller-2<\/strong>\u306e\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u5b9f\u884c\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u69d8\u306bssh\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ce\u30fc\u30c9\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<pre id=\"93ad35c1-8f37-4326-8952-cfa07e1b3f4b\" class=\"wp-block-code\"><code>for instance in controller-0 controller-1 controller-2; do\n  external_ip=$(aws ec2 describe-instances \\\n    --filters \"Name=tag:Name,Values=${instance}\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\n  echo ssh -i kubernetes.id_rsa ubuntu@$external_ip\ndone<\/code><\/pre>\n\n\n\n<p id=\"967879d0-b278-4ebc-a0fa-8155d8489580\">\u3053\u3053\u304b\u3089\u306e\u624b\u9806\u306f\u3001\u76f4\u524d\u306e\u30b3\u30de\u30f3\u30c9\u306b\u3088\u3063\u3066\u51fa\u529b\u3055\u308c\u305f\u305d\u308c\u305e\u308c\u306eIP\u30a2\u30c9\u30ec\u30b9\u306bssh\u63a5\u7d9a\u3057\u3066\u884c\u3044\u307e\u3059\u3002<br><strong>\uff083\u53f0\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u5168\u3066\u3067\u540c\u3058\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\uff09<br><\/strong>tmux\u3092\u4f7f\u3048\u3070\u3001\u5bb9\u6613\u306b\u8907\u6570\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u540c\u6642\u306b\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3067\u304d\u307e\u3059\u3002\u8a73\u7d30\u306f<a href=\"https:\/\/github.com\/kelseyhightower\/kubernetes-the-hard-way\/blob\/master\/docs\/01-prerequisites.md#running-commands-in-parallel-with-tmux\" target=\"_blank\" rel=\"noreferrer noopener\">\u3053\u3061\u3089<\/a>\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"10-2\">etcd\u306e\u30af\u30e9\u30b9\u30bf\u30e1\u30f3\u30d0\u30fc\u306e\u8d77\u52d5<\/h3>\n\n\n\n<p id=\"74992b4d-9125-4033-855a-1d82ed7c3a04\">\u3053\u3053\u304b\u3089\u306e\u624b\u9806\u306f\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u884c\u3044\u307e\u3059<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>etcd\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/h4>\n\n\n\n<p id=\"749d50d6-dadb-4656-8cd6-a95f5d51e8f7\">etcd\u306e\u30d0\u30a4\u30ca\u30ea\u3092github\u304b\u3089\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"25573274-dade-484b-886b-bf2a8bd3a624\" class=\"wp-block-code\"><code>wget -q --show-progress --https-only --timestamping \\\n  \"https:\/\/github.com\/etcd-io\/etcd\/releases\/download\/v3.5.4\/etcd-v3.5.4-linux-amd64.tar.gz\"<\/code><\/pre>\n\n\n\n<p id=\"04e19a3d-1569-4236-a16f-4308a8bb1313\">\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u5c55\u958b\u3057\u3066etcd\u30b5\u30fc\u30d0\u30fc\u3068etcdctl\u306e\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u30e6\u30fc\u30c6\u30a3\u30ea\u30c6\u30a3\u3092\u62bd\u51fa\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"ac501c0b-08c9-48a7-842d-c41e6f57647a\" class=\"wp-block-code\"><code>tar -xvf etcd-v3.5.4-linux-amd64.tar.gz\nsudo mv etcd-v3.5.4-linux-amd64\/etcd* \/usr\/local\/bin\/<\/code><\/pre>\n\n\n\n<p id=\"a0bd142a-ab6b-4276-abcd-ab58e0459d62\">etcd\u30b5\u30fc\u30d0\u30fc\u306e\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"4fa9a6e7-d8e7-47fa-8272-28a2bec61d83\" class=\"wp-block-code\"><code>sudo mkdir -p \/etc\/etcd \/var\/lib\/etcd\nsudo chmod 700 \/var\/lib\/etcd\nsudo cp ca.pem kubernetes-key.pem kubernetes.pem \/etc\/etcd\/<\/code><\/pre>\n\n\n\n<p id=\"e90916dc-44c2-4179-aa1b-11424c64199f\">\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u5185\u90e8IP\u30a2\u30c9\u30ec\u30b9\u306f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u53d7\u3051\u4ed8\u3051\u3066\u3001etcd\u30af\u30e9\u30b9\u30bf\u9593\u3067\u901a\u4fe1\u3059\u308b\u305f\u3081\u306b\u4f7f\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"f1548d15-3078-44ad-9ee6-cdc738c3b0cd\">\u73fe\u5728\u306eEC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u5185\u90e8IP\u30a2\u30c9\u30ec\u30b9\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"2b51d980-a1a3-4d26-9d0b-9d88d77b9ad3\" class=\"wp-block-code\"><code>INTERNAL_IP=$(curl -s http:\/\/169.254.169.254\/latest\/meta-data\/local-ipv4)\necho ${INTERNAL_IP}<\/code><\/pre>\n\n\n\n<p id=\"e5bc7eb6-ece5-44f8-b06f-2fa181c5b60a\">\u5404etcd\u306e\u30e1\u30f3\u30d0\u30fc\u306f\u3001etcd\u30af\u30e9\u30b9\u30bf\u30fc\u5185\u3067\u540d\u524d\u306f\u30e6\u30cb\u30fc\u30af\u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u306f\u3001\u73fe\u5728\u4f7f\u7528\u3057\u3066\u3044\u308bEC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u30db\u30b9\u30c8\u540d\u3092etcd\u306e\u540d\u524d\u3068\u3057\u3066\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"06bb3793-cbf1-4040-a0ae-acf7993d9264\" class=\"wp-block-code\"><code>ETCD_NAME=$(curl -s http:\/\/169.254.169.254\/latest\/user-data\/ \\\n  | tr \"|\" \"\\n\" | grep \"^name\" | cut -d\"=\" -f2)\necho \"${ETCD_NAME}\"<\/code><\/pre>\n\n\n\n<p id=\"e17cc2be-e602-4fac-bd24-dc61146b3b64\">etcd.service\u3068\u3057\u3066systemd\u306e\u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"84e3f403-8359-490c-9c1d-4d05bf4340db\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/systemd\/system\/etcd.service\n&#91;Unit]\nDescription=etcd\nDocumentation=https:\/\/github.com\/coreos\n\n&#91;Service]\nType=notify\nExecStart=\/usr\/local\/bin\/etcd \\\\\n  --name ${ETCD_NAME} \\\\\n  --cert-file=\/etc\/etcd\/kubernetes.pem \\\\\n  --key-file=\/etc\/etcd\/kubernetes-key.pem \\\\\n  --peer-cert-file=\/etc\/etcd\/kubernetes.pem \\\\\n  --peer-key-file=\/etc\/etcd\/kubernetes-key.pem \\\\\n  --trusted-ca-file=\/etc\/etcd\/ca.pem \\\\\n  --peer-trusted-ca-file=\/etc\/etcd\/ca.pem \\\\\n  --peer-client-cert-auth \\\\\n  --client-cert-auth \\\\\n  --initial-advertise-peer-urls https:\/\/${INTERNAL_IP}:2380 \\\\\n  --listen-peer-urls https:\/\/${INTERNAL_IP}:2380 \\\\\n  --listen-client-urls https:\/\/${INTERNAL_IP}:2379,https:\/\/127.0.0.1:2379 \\\\\n  --advertise-client-urls https:\/\/${INTERNAL_IP}:2379 \\\\\n  --initial-cluster-token etcd-cluster-0 \\\\\n  --initial-cluster controller-0=https:\/\/10.0.1.10:2380,controller-1=https:\/\/10.0.1.11:2380,controller-2=https:\/\/10.0.1.12:2380 \\\\\n  --initial-cluster-state new \\\\\n  --data-dir=\/var\/lib\/etcd\nRestart=on-failure\nRestartSec=5\n\n&#91;Install]\nWantedBy=multi-user.target\nEOF<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"> <strong>etcd\u30b5\u30fc\u30d0\u30fc\u306e\u8d77\u52d5<\/strong><\/h4>\n\n\n\n<pre id=\"9d736537-643f-414a-8b2a-66294a8174fd\" class=\"wp-block-code\"><code>sudo systemctl daemon-reload\nsudo systemctl enable etcd\nsudo systemctl start etcd<\/code><\/pre>\n\n\n\n<p id=\"ad0f0632-8ec1-4fd4-805d-badab0441aae\">\u3053\u3053\u307e\u3067\u306e\u624b\u9806\u3092\u3001\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ce\u30fc\u30c9<strong>controller-0<\/strong>,<strong>controller-1<\/strong>,<strong>controller-2<\/strong>\u3067\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u78ba\u8a8d<\/strong><\/h4>\n\n\n\n<p>etcd\u306e\u30af\u30e9\u30b9\u30bf\u30e1\u30f3\u30d0\u30fc\u3092\u4e00\u89a7\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"9afbdee3-427c-47a0-828e-55f4df5b74ba\" class=\"wp-block-code\"><code>sudo ETCDCTL_API=3 etcdctl member list \\\n  --endpoints=https:\/\/127.0.0.1:2379 \\\n  --cacert=\/etc\/etcd\/ca.pem \\\n  --cert=\/etc\/etcd\/kubernetes.pem \\\n  --key=\/etc\/etcd\/kubernetes-key.pem<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"c1a97cb1-4820-4b63-bf83-d6810e4b36b3\" class=\"wp-block-code\"><code>3a57933972cb5131, started, controller-2, https:\/\/10.240.0.12:2380, https:\/\/10.240.0.12:2379, false\nf98dc20bce6225a0, started, controller-0, https:\/\/10.240.0.10:2380, https:\/\/10.240.0.10:2379, false\nffed16798470cab5, started, controller-1, https:\/\/10.240.0.11:2380, https:\/\/10.240.0.11:2379, false<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"11\">08-Kubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d7\u30ec\u30fc\u30f3\u306e\u8d77\u52d5<\/h2>\n\n\n\n<p id=\"338f020a-bbd7-40ad-b899-304d168930a7\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u30013\u3064\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u4f7f\u3063\u3066\u53ef\u7528\u6027\u306e\u9ad8\u3044Kubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d7\u30ec\u30fc\u30f3\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u5408\u308f\u305b\u3066\u3001Kubernetes API Server\u3092\u5916\u90e8\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u516c\u958b\u3059\u308b\u5916\u90e8\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u3082\u4f5c\u6210\u3057\u307e\u3059\u3002<br>\u5404\u30ce\u30fc\u30c9\u306b\u3001Kubernetes API Server\u3001Scheduler\u3001\u304a\u3088\u3073Controller Manager\u306e\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-1\">\u4e8b\u524d\u78ba\u8a8d<\/h3>\n\n\n\n<p id=\"63ceedf7-a112-4ef4-9429-e192460daebf\">\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30ce\u30fc\u30c9\u306b\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u524d\u306b\u3001\u81ea\u8eab\u306e\u7aef\u672b\u3067Kubernetes\u30af\u30e9\u30b9\u30bf\u306e\u5916\u90e8\u516c\u958b\u7528\u306eFQDN\u3092\u78ba\u8a8d\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"7de3d882-3352-4bdd-870c-32a4db93c1f5\">\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001FQDN\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"9b9b0d73-6edd-4397-a029-bc1cfcb1ff51\" class=\"wp-block-code\"><code> echo ${KUBERNETES_PUBLIC_ADDRESS}<\/code><\/pre>\n\n\n\n<p id=\"255997bd-29cd-4ada-8fd3-a57fba22bd69\">\u5f8c\u7d9a\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u4f7f\u7528\u3059\u308b\u305f\u3081\u3001\u51fa\u529b\u7d50\u679c\u3092\u30e1\u30e2\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-2\">\u4f5c\u696d\u5bfe\u8c61<\/h3>\n\n\n\n<p id=\"853080c7-8c31-4106-8738-2bce09725f3a\">\u524d\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3068\u540c\u69d8\u3001\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u3082<strong>controller-0,controller-1<\/strong>,<strong>controller-2<\/strong>\u306e\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u5b9f\u884c\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u5168\u3066\u306e\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ce\u30fc\u30c9\u306bssh\u30b3\u30de\u30f3\u30c9\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u65e2\u306b\u5404\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ce\u30fc\u30c9\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308b\u72b6\u614b\u3067\u3042\u308c\u3070\u3001\u6b21\u306e\u300cKubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d7\u30ec\u30fc\u30f3\u306e\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u300d\u306b\u98db\u3093\u3067\u304f\u3060\u3055\u3044<\/p>\n\n\n\n<pre id=\"6e23b617-b10b-4a8d-9eda-4e26f28a1a5d\" class=\"wp-block-code\"><code>for instance in controller-0 controller-1 controller-2; do\n  external_ip=$(aws ec2 describe-instances \\\n    --filters \"Name=tag:Name,Values=${instance}\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\n  echo ssh -i kubernetes.id_rsa ubuntu@$external_ip\ndone<\/code><\/pre>\n\n\n\n<p id=\"3d1d9158-95aa-4cf2-838c-c6735bd1d7db\">\u3053\u3053\u304b\u3089\u306e\u624b\u9806\u306f\u3001\u76f4\u524d\u306e\u30b3\u30de\u30f3\u30c9\u306b\u3088\u3063\u3066\u51fa\u529b\u3055\u308c\u305f\u305d\u308c\u305e\u308c\u306eIP\u30a2\u30c9\u30ec\u30b9\u306bssh\u63a5\u7d9a\u3057\u3066\u884c\u3044\u307e\u3059\u3002<br><strong>\uff083\u53f0\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u5168\u3066\u3067\u540c\u3058\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\uff09<br><\/strong>tmux\u3092\u4f7f\u3048\u3070\u3001\u5bb9\u6613\u306b\u8907\u6570\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u540c\u6642\u306b\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3067\u304d\u307e\u3059\u3002\u8a73\u7d30\u306f<a href=\"https:\/\/github.com\/kelseyhightower\/kubernetes-the-hard-way\/blob\/master\/docs\/01-prerequisites.md#running-commands-in-parallel-with-tmux\" target=\"_blank\" rel=\"noreferrer noopener\">\u3053\u3061\u3089<\/a>\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-3\">Kubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d7\u30ec\u30fc\u30f3\u306e\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0<\/h3>\n\n\n\n<p id=\"a438313c-dc5d-497d-ab96-9a383fd3e8cf\">Kubernetes\u306econfig\u30d5\u30a1\u30a4\u30eb\u3092\u914d\u7f6e\u3059\u308b\u305f\u3081\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"3c4a684b-9657-4cc9-825f-92527bdb3580\" class=\"wp-block-code\"><code>sudo mkdir -p \/etc\/kubernetes\/config<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-4\">Kubernetes\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u306e\u30d0\u30a4\u30ca\u30ea\u306eDL\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h3>\n\n\n\n<p id=\"ef7719b4-f442-4d17-8868-d4358438bd1a\">Kubernetes\u306e\u516c\u5f0f\u306e\u30ea\u30ea\u30fc\u30b9\u30d0\u30a4\u30ca\u30ea\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059<\/p>\n\n\n\n<pre id=\"086b563a-aa58-495e-ae82-7f625ed19290\" class=\"wp-block-code\"><code>wget -q --show-progress --https-only --timestamping \\\n  \"https:\/\/storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/linux\/amd64\/kube-apiserver\" \\\n  \"https:\/\/storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/linux\/amd64\/kube-controller-manager\" \\\n  \"https:\/\/storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/linux\/amd64\/kube-scheduler\" \\\n  \"https:\/\/storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/linux\/amd64\/kubectl\"<\/code><\/pre>\n\n\n\n<p id=\"96912708-b821-4698-8617-558ed901b15c\">\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u30d0\u30a4\u30ca\u30ea\u3092\u79fb\u52d5\u3055\u305b\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"67132b39-ad24-447c-8b92-6236b8fd34f4\" class=\"wp-block-code\"><code>chmod +x kube-apiserver kube-controller-manager kube-scheduler kubectl\nsudo mv kube-apiserver kube-controller-manager kube-scheduler kubectl \/usr\/local\/bin\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-5\">KubernetesAPI\u30b5\u30fc\u30d0\u30fc\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" id=\"8e48e909-f662-4c2a-9f33-54a1c9f699a4\"\/>\n\n\n\n<pre id=\"86b64f1f-8950-49b0-b88b-0522ed92007f\" class=\"wp-block-code\"><code>sudo mkdir -p \/var\/lib\/kubernetes\/\n\nsudo mv ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem \\\n  service-account-key.pem service-account.pem \\\n  encryption-config.yaml \/var\/lib\/kubernetes\/<\/code><\/pre>\n\n\n\n<p id=\"61e598cb-d76b-4001-a799-84e7d5ccbcb9\">API\u30b5\u30fc\u30d0\u30fc\u3092\u30af\u30e9\u30b9\u30bf\u30fc\u306e\u30e1\u30f3\u30d0\u30fc\u306b\u77e5\u3089\u305b\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u3068\u3057\u3066\u3001\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u5185\u90e8IP\u30a2\u30c9\u30ec\u30b9\u3092\u4f7f\u3044\u307e\u3059\u3002\u73fe\u5728\u306eEC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u5185\u90e8IP\u30a2\u30c9\u30ec\u30b9\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"d5c05866-aa25-4729-8620-896865d97633\" class=\"wp-block-code\"><code>INTERNAL_IP=$(curl -s http:\/\/169.254.169.254\/latest\/meta-data\/local-ipv4)\necho ${INTERNAL_IP}<\/code><\/pre>\n\n\n\n<p id=\"7e4da80e-5ffd-42ba-955b-0a1597b1ff8b\">kube-apiserver.service\u306esystemd\u306e\u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"99bdfac1-cfac-4b36-a303-fa913db450dd\" class=\"wp-block-code\"><code>KUBERNETES_PUBLIC_ADDRESS=&#91;\u4e8b\u524d\u78ba\u8a8d\u306e\u51fa\u529b\u7d50\u679c](#\u4e8b\u524d\u78ba\u8a8d)<\/code><\/pre>\n\n\n\n<pre id=\"c1262513-0b00-4fb3-9669-f036d54b11f9\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/systemd\/system\/kube-apiserver.service\n&#91;Unit]\nDescription=Kubernetes API Server\nDocumentation=https:\/\/github.com\/kubernetes\/kubernetes\n\n&#91;Service]\nExecStart=\/usr\/local\/bin\/kube-apiserver \\\\\n  --advertise-address=${INTERNAL_IP} \\\\\n  --allow-privileged=true \\\\\n  --apiserver-count=3 \\\\\n  --audit-log-maxage=30 \\\\\n  --audit-log-maxbackup=3 \\\\\n  --audit-log-maxsize=100 \\\\\n  --audit-log-path=\/var\/log\/audit.log \\\\\n  --authorization-mode=Node,RBAC \\\\\n  --bind-address=0.0.0.0 \\\\\n  --client-ca-file=\/var\/lib\/kubernetes\/ca.pem \\\\\n  --enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \\\\\n  --etcd-cafile=\/var\/lib\/kubernetes\/ca.pem \\\\\n  --etcd-certfile=\/var\/lib\/kubernetes\/kubernetes.pem \\\\\n  --etcd-keyfile=\/var\/lib\/kubernetes\/kubernetes-key.pem \\\\\n  --etcd-servers=https:\/\/10.0.1.10:2379,https:\/\/10.0.1.11:2379,https:\/\/10.0.1.12:2379 \\\\\n  --event-ttl=1h \\\\\n  --encryption-provider-config=\/var\/lib\/kubernetes\/encryption-config.yaml \\\\\n  --kubelet-certificate-authority=\/var\/lib\/kubernetes\/ca.pem \\\\\n  --kubelet-client-certificate=\/var\/lib\/kubernetes\/kubernetes.pem \\\\\n  --kubelet-client-key=\/var\/lib\/kubernetes\/kubernetes-key.pem \\\\\n  --runtime-config='api\/all=true' \\\\\n  --service-account-key-file=\/var\/lib\/kubernetes\/service-account.pem \\\\\n  --service-account-signing-key-file=\/var\/lib\/kubernetes\/service-account-key.pem \\\\\n  --service-account-issuer=https:\/\/${KUBERNETES_PUBLIC_ADDRESS}:443 \\\\\n  --service-cluster-ip-range=10.32.0.0\/24 \\\\\n  --service-node-port-range=30000-32767 \\\\\n  --tls-cert-file=\/var\/lib\/kubernetes\/kubernetes.pem \\\\\n  --tls-private-key-file=\/var\/lib\/kubernetes\/kubernetes-key.pem \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n&#91;Install]\nWantedBy=multi-user.target\nEOF<\/code><\/pre>\n\n\n\n<p id=\"cae1f6c5-ee0e-4a81-ae2b-de850f1e7f42\">\u4ee5\u4e0b\u3092\u53c2\u8003\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/kubernetes.io\/docs\/reference\/command-line-tools-reference\/kube-apiserver\/\" rel=\"noreferrer noopener\" target=\"_blank\"><strong>kube-apiserverkube-apiserver<\/strong> <em>Synopsis The Kubernetes API server validates and configures d<\/em> <em>kubernetes.io<\/em> <\/a><a href=\"https:\/\/kubernetes.io\/docs\/reference\/command-line-tools-reference\/kube-apiserver\/\" rel=\"noreferrer noopener\" target=\"_blank\"><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-6\">Kubernetes\u306e\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<p id=\"3dc78aeb-2103-4f27-8dfa-d2859ae2e17c\"><strong>kube-controller-manager<\/strong>\u306ekubeconfig\u3092\u79fb\u52d5\u3055\u305b\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"2bb3b670-95cd-49b1-a0e9-232721fc7571\" class=\"wp-block-code\"><code>sudo mv kube-controller-manager.kubeconfig \/var\/lib\/kubernetes\/<\/code><\/pre>\n\n\n\n<p id=\"324c7b03-553d-4b52-b4a6-b98bb4c43a0d\"><strong>kube-controller-manager.service<\/strong>\u306esystemd\u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"f8d49a19-3b75-4905-9845-7c7377cd7870\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/systemd\/system\/kube-controller-manager.service\n&#91;Unit]\nDescription=Kubernetes Controller Manager\nDocumentation=https:\/\/github.com\/kubernetes\/kubernetes\n\n&#91;Service]\nExecStart=\/usr\/local\/bin\/kube-controller-manager \\\\\n  --bind-address=0.0.0.0 \\\\\n  --cluster-cidr=10.200.0.0\/16 \\\\\n  --cluster-name=kubernetes \\\\\n  --cluster-signing-cert-file=\/var\/lib\/kubernetes\/ca.pem \\\\\n  --cluster-signing-key-file=\/var\/lib\/kubernetes\/ca-key.pem \\\\\n  --kubeconfig=\/var\/lib\/kubernetes\/kube-controller-manager.kubeconfig \\\\\n  --leader-elect=true \\\\\n  --root-ca-file=\/var\/lib\/kubernetes\/ca.pem \\\\\n  --service-account-private-key-file=\/var\/lib\/kubernetes\/service-account-key.pem \\\\\n  --service-cluster-ip-range=10.32.0.0\/24 \\\\\n  --use-service-account-credentials=true \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n&#91;Install]\nWantedBy=multi-user.target\nEOF<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-7\">Kubernetes\u306escheduler\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<pre id=\"ad672866-9e24-42b6-8751-084678b0f1d8\" class=\"wp-block-code\"><code>sudo mkdir -p \/etc\/kubernetes\/config\/<\/code><\/pre>\n\n\n\n<p id=\"84e8afeb-91f3-4d40-a888-8209240cb5c1\"><strong>kube-scheduler<\/strong>\u306ekubeconfig\u3092\u79fb\u52d5\u3055\u305b\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"a0f1292a-b8e0-4328-a8f6-43f3e54d7978\" class=\"wp-block-code\"><code>sudo mv kube-scheduler.kubeconfig \/var\/lib\/kubernetes\/<\/code><\/pre>\n\n\n\n<p id=\"54f4f79f-81a1-4cdf-a740-213eaa44bde0\"><strong>kube-scheduler.yaml<\/strong>\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"ea10bf44-e11b-464c-8b31-b4f303a3f891\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/kubernetes\/config\/kube-scheduler.yaml\napiVersion: kubescheduler.config.k8s.io\/v1beta3\nkind: KubeSchedulerConfiguration\nclientConnection:\n  kubeconfig: \"\/var\/lib\/kubernetes\/kube-scheduler.kubeconfig\"\nleaderElection:\n  leaderElect: true\nEOF<\/code><\/pre>\n\n\n\n<p id=\"0afa1c27-6f47-47df-bb98-d23d48701d43\">Version1.24\u304b\u3089\u3001apiVersion <strong>v1beta1<\/strong>\u304c\u5229\u7528\u3067\u304d\u306a\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"64897cb0-9818-4d79-a28d-3c2568d02710\"><strong>kube-scheduler.service<\/strong>\u306esystemd\u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"a91e7c16-0c5b-44fe-9be4-ef1142b5df04\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/systemd\/system\/kube-scheduler.service\n&#91;Unit]\nDescription=Kubernetes Scheduler\nDocumentation=https:\/\/github.com\/kubernetes\/kubernetes\n\n&#91;Service]\nExecStart=\/usr\/local\/bin\/kube-scheduler \\\\\n  --config=\/etc\/kubernetes\/config\/kube-scheduler.yaml \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n&#91;Install]\nWantedBy=multi-user.target\nEOF<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-8\">\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30b5\u30fc\u30d3\u30b9\u306e\u8d77\u52d5<\/h3>\n\n\n\n<pre id=\"74459467-761e-49e0-a4bd-1703caa70bd8\" class=\"wp-block-code\"><code>sudo systemctl daemon-reload\nsudo systemctl enable kube-apiserver kube-controller-manager kube-scheduler\nsudo systemctl start kube-apiserver kube-controller-manager kube-scheduler<\/code><\/pre>\n\n\n\n<p id=\"a07e6f61-1d8c-4df6-9b52-151dd1cf7682\">Kubernetes API\u30b5\u30fc\u30d0\u30fc\u306f\u521d\u671f\u5316\u304c\u5b8c\u4e86\u3059\u308b\u307e\u306730\u79d2\u304f\u3089\u3044\u304b\u304b\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u78ba\u8a8d<\/strong><\/h4>\n\n\n\n<p>\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306e\u5404\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306e\u72b6\u614b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"93808b3d-c203-493a-a58d-f7527b0d3fb5\" class=\"wp-block-code\"><code>kubectl cluster-info --kubeconfig admin.kubeconfig<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"6bca12ac-e1c9-47e4-9bb1-45b9908812b5\" class=\"wp-block-code\"><code>Kubernetes control plane is running at https:\/\/127.0.0.1:6443<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-9\">\u30db\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u8ffd\u52a0<\/h3>\n\n\n\n<p id=\"daaf8e2a-0357-432a-bcab-faf863629c24\"><strong>kubectl exec<\/strong>\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u969b\u3001\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30ce\u30fc\u30c9\u306f\u305d\u308c\u305e\u308c\u306e\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u540d\u524d\u89e3\u6c7a\u3092\u884c\u3046\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"533b42f5-8f5f-4ed0-958c-4a209b877ec4\">\u30db\u30b9\u30c8\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306ehosts\u30d5\u30a1\u30a4\u30eb\u306b\u3001\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u30db\u30b9\u30c8\u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u624b\u52d5\u3067\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"1d4afd0c-6097-4a0f-94cb-2f57eda7e58f\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee -a \/etc\/hosts\n10.0.1.20 ip-10-0-1-20\n10.0.1.21 ip-10-0-1-21\n10.0.1.22 ip-10-0-1-22\nEOF<\/code><\/pre>\n\n\n\n<p id=\"a36ad22d-ef61-4f31-95cd-43c122afd045\">\u3053\u306e\u624b\u9806\u3092\u5b9f\u884c\u3057\u306a\u3044\u3068\u3001\u5f8c\u7d9a\u306e\u30c6\u30b9\u30c8\u304c\u5931\u6557\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-10\">kubelet\u8a8d\u8a3c\u306eRBAC\u8a2d\u5b9a<\/h3>\n\n\n\n<p id=\"f4e29326-e73a-4c94-89dc-09fdf358d06a\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001Kubernetes API\u30b5\u30fc\u30d0\u30fc\u304c\u5404\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306eKubelet API\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306bRBAC\u306b\u3088\u308b\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<br>\u30e1\u30c8\u30ea\u30c3\u30af\u3084\u30ed\u30b0\u306e\u53d6\u5f97\u3001Pod\u5185\u3067\u306e\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u306b\u306f\u3001Kubernetes API\u30b5\u30fc\u30d0\u30fc\u304b\u3089Kubelet API\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n<p id=\"1c8717b8-dd47-4a7a-ac05-6e6025d5a70a\">\u3053\u306e\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u306f\u3001<strong>Kubelet authorization-mode<\/strong>\u30d5\u30e9\u30b0\u3092Webhook\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002Webhook\u30e2\u30fc\u30c9\u306f SubjectAccessReview API\u3092\u4f7f\u7528\u3057\u3066\u8a8d\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<br>\u3053\u3053\u3067\u5b9f\u884c\u3059\u308b\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u306f<strong>\u30af\u30e9\u30b9\u30bf\u30fc\u5168\u4f53\u306b\u4f5c\u7528<\/strong>\u3057\u307e\u3059\u3002<br>\u4efb\u610f\u306e<strong>\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ce\u30fc\u30c9\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u4e00\u5ea6\u3060\u3051\u5b9f\u884c<\/strong>\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p id=\"7dcbf816-7492-4881-b147-9754e8b98b1b\">\u4ee5\u4e0b\u3067\u306f\u3001\u81ea\u8eab\u306e\u7aef\u672b\u304b\u3089<strong>controller-0<\/strong>\u30ce\u30fc\u30c9\u306b\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u6240\u304b\u3089\u624b\u9806\u3092\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"f746f336-9164-434d-9bac-a579493cfec6\" class=\"wp-block-code\"><code>external_ip=$(aws ec2 describe-instances \\\n    --filters \"Name=tag:Name,Values=controller-0\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\nssh -i kubernetes.id_rsa ubuntu@${external_ip}\nkube-apiserver-to-kubelet\u3068\u3044\u3046\u540d\u524d\u3067ClusterRole\u3092\u4f5c\u308a\u307e\u3059\u3002<\/code><\/pre>\n\n\n\n<p id=\"918a33bb-4d29-4c73-9756-2e9c934f113c\">\u3053\u306e\u30ed\u30fc\u30eb\u306b\u3001Kubelet API\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3066\u30dd\u30c3\u30c9\u306e\u7ba1\u7406\u306b\u95a2\u9023\u3059\u308b\u30bf\u30b9\u30af\u3092\u5b9f\u884c\u3059\u308b\u6a29\u9650\u3092\u4ed8\u4e0e\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"81fe6f39-1914-4ae3-83dc-95e4ab756f3e\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | kubectl apply --kubeconfig admin.kubeconfig -f -\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRole\nmetadata:\n  annotations:\n    rbac.authorization.kubernetes.io\/autoupdate: \"true\"\n  labels:\n    kubernetes.io\/bootstrapping: rbac-defaults\n  name: system:kube-apiserver-to-kubelet\nrules:\n  - apiGroups:\n      - \"\"\n    resources:\n      - nodes\/proxy\n      - nodes\/stats\n      - nodes\/log\n      - nodes\/spec\n      - nodes\/metrics\n    verbs:\n      - \"*\"\nEOF<\/code><\/pre>\n\n\n\n<p id=\"8abc42ee-205b-476e-b071-3444829aa81c\">Kubernetes API\u30b5\u30fc\u30d0\u30fc\u306f\u3001<strong>&#8211;kubelet-client-certificate<\/strong>\u30d5\u30e9\u30b0\u3067\u5b9a\u7fa9\u3057\u305f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u3066\u3001<strong>kubernetes<\/strong>\u30e6\u30fc\u30b6\u30fc\u3068\u3057\u3066<strong>Kubelet<\/strong>\u306b\u5bfe\u3057\u3066\u8a8d\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"c6b4098f-85cd-426c-a1ad-717034ac2ff8\"><strong>system:kube-apiserver-to-kubelet<\/strong>\u306e<strong>ClusterRole<\/strong>\u3092<strong>kubernetes<\/strong>\u30e6\u30fc\u30b6\u30fc\u306b\u30d0\u30a4\u30f3\u30c9\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"c8237e6d-4b35-4005-9290-92d22a54fbbd\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | kubectl apply --kubeconfig admin.kubeconfig -f -\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: system:kube-apiserver\n  namespace: \"\"\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: system:kube-apiserver-to-kubelet\nsubjects:\n  - apiGroup: rbac.authorization.k8s.io\n    kind: User\n    name: kubernetes\nEOF<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-11\">Kubernetes\u30af\u30e9\u30b9\u30bf\u30fc\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3092\u6709\u52b9\u5316\u3059\u308b<\/h3>\n\n\n\n<p id=\"ec8217ff-74df-4f08-9f8a-e0484e13f4f7\">\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u306f\u3001EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u306f\u306a\u304f\u81ea\u8eab\u306eMac\u3082\u3057\u304f\u306fLinux\u74b0\u5883\u306e\u30e9\u30c3\u30d7\u30c8\u30c3\u30d7\u3067\u884c\u3044\u307e\u3059\u3002<br><strong>kubernetes-the-hard-way<\/strong>\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u306e\u30a2\u30c9\u30ec\u30b9\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"2cc03499-9d8d-4859-9618-c0f58c15b0c1\" class=\"wp-block-code\"><code>KUBERNETES_PUBLIC_ADDRESS=$(aws elbv2 describe-load-balancers \\\n  --load-balancer-arns ${LOAD_BALANCER_ARN} \\\n  --output text --query 'LoadBalancers&#91;].DNSName')\necho ${KUBERNETES_PUBLIC_ADDRESS}<\/code><\/pre>\n\n\n\n<p id=\"4c7251f8-349a-4ca1-ba42-80c33f8bafa1\">HTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u4f5c\u6210\u3057Kubernetes\u306eVersion\u60c5\u5831\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"5351636b-b11a-4263-97cc-05d3bd210eac\" class=\"wp-block-code\"><code>curl -k --cacert ca.pem https:\/\/${KUBERNETES_PUBLIC_ADDRESS}\/version<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"2fb0b115-eec0-442d-91c8-d7ad005d105a\" class=\"wp-block-code\"><code>{\n  \"major\": \"1\",\n  \"minor\": \"24\",\n  \"gitVersion\": \"v1.24.0\",\n  \"gitCommit\": \"4ce5a8954017644c5420bae81d72b09b735c21f0\",\n  \"gitTreeState\": \"clean\",\n  \"buildDate\": \"2022-05-03T13:38:19Z\",\n  \"goVersion\": \"go1.18.1\",\n  \"compiler\": \"gc\",\n  \"platform\": \"linux\/amd64\"\n}%             <\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"12\">09-\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u8d77\u52d5<\/h2>\n\n\n\n<p id=\"d5f9b347-ff07-4454-a411-c29848447578\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u30013\u3064\u306eKubernetes\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u3092\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3057\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u5404\u30ce\u30fc\u30c9\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"b6592fbc-7a59-4922-8e27-e26d885f7a1c\"><li>runc<\/li><li>gVisor<\/li><li>container networking plugins<\/li><li>containerd<\/li><li>kubelet<\/li><li>kube-proxy<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-1\">\u6e96\u5099<\/h3>\n\n\n\n<p id=\"5a401bbc-6efb-493b-be20-223b0f8410e7\">\u3053\u306e\u624b\u9806\u3067\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u30b3\u30de\u30f3\u30c9\u306f\u3001<strong>worker-0,<\/strong><strong>worker-1<\/strong>\u3001<strong>worker-2<\/strong>\u306e\u5404\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u3067\u5b9f\u884c\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"80753b3e-850b-4ea7-9dcb-e62132cd81e6\">\u307e\u305a\u306fssh\u30b3\u30de\u30f3\u30c9\u3067\u5404\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3059<\/p>\n\n\n\n<pre id=\"acee407a-5bf6-4f0c-80f4-2fc6aba274cc\" class=\"wp-block-code\"><code>for instance in worker-0 worker-1 worker-2; do\n  external_ip=$(aws ec2 describe-instances \\\n    --filters \"Name=tag:Name,Values=${instance}\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\n  echo ssh -i kubernetes.id_rsa ubuntu@$external_ip\ndone<\/code><\/pre>\n\n\n\n<p id=\"b0514602-2f1c-4e92-a835-31a439443507\">\u3053\u3053\u304b\u3089\u306e\u624b\u9806\u306f\u3001\u76f4\u524d\u306e\u30b3\u30de\u30f3\u30c9\u306b\u3088\u3063\u3066\u51fa\u529b\u3055\u308c\u305f\u305d\u308c\u305e\u308c\u306eIP\u30a2\u30c9\u30ec\u30b9\u306bssh\u63a5\u7d9a\u3057\u3066\u884c\u3044\u307e\u3059\u3002<br><strong>\uff083\u53f0\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u5168\u3066\u3067\u540c\u3058\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\uff09<br><\/strong>tmux\u3092\u4f7f\u3048\u3070\u3001\u5bb9\u6613\u306b\u8907\u6570\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u540c\u6642\u306b\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3067\u304d\u307e\u3059\u3002\u8a73\u7d30\u306f<a href=\"https:\/\/github.com\/kelseyhightower\/kubernetes-the-hard-way\/blob\/master\/docs\/01-prerequisites.md#running-commands-in-parallel-with-tmux\" target=\"_blank\" rel=\"noreferrer noopener\">\u3053\u3061\u3089<\/a>\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-2\">Kubernetes\u306e\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u30d7\u30ed\u30d3\u30b8\u30e7\u30f3\u30b0<\/h3>\n\n\n\n<p id=\"cd1e6def-64ae-4163-b3c8-471a2d6576b6\">\u4f7f\u7528\u3059\u308b\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"2d3b39f4-c4e9-4454-9f09-c21500000a5e\" class=\"wp-block-code\"><code>sudo apt-get update\nsudo apt-get -y install socat conntrack ipset<\/code><\/pre>\n\n\n\n<p id=\"8086ed0f-7ab2-4bc8-9ba9-7b7122b1bb19\"><strong>socat<\/strong>\u306f<strong>kubectl port-forward<\/strong>\u30b3\u30de\u30f3\u30c9\u306b\u5fc5\u8981\u306a\u30d0\u30a4\u30ca\u30ea\u3067\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>swap\u306e\u7121\u52b9\u5316<\/strong><\/h4>\n\n\n\n<p>swap\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u5834\u5408\u3001kubelet\u306e\u8d77\u52d5\u306b\u5931\u6557\u3057\u307e\u3059\u3002<br>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067swap\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"59ccf650-0a22-460f-9d1b-b74eb4b961fb\" class=\"wp-block-code\"><code>sudo swapon --show<\/code><\/pre>\n\n\n\n<p id=\"93b40110-cf96-45d2-b7ba-c9bea9a1b924\">\u51fa\u529b\u304c\u4f55\u3082\u306a\u3044\u5834\u5408\u306fswap\u306f\u7121\u52b9\u5316\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br>\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067swap\u3092\u7121\u52b9\u5316\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"36299341-bee6-4704-bd59-e6f7ba6c4620\" class=\"wp-block-code\"><code>sudo swapoff -a<\/code><\/pre>\n\n\n\n<p id=\"b072d7eb-40ce-4b7c-b1e9-b6732dc85894\">\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306b\u5fc5\u8981\u306a\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306e\u30d0\u30a4\u30ca\u30ea\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"4b573a92-022e-4b05-83ff-f5f59783c892\" class=\"wp-block-code\"><code>wget -q --show-progress --https-only --timestamping \\\n  https:\/\/github.com\/kubernetes-sigs\/cri-tools\/releases\/download\/v1.24.0\/crictl-v1.24.0-linux-amd64.tar.gz \\\n  https:\/\/github.com\/opencontainers\/runc\/releases\/download\/v1.1.3\/runc.amd64 \\\n  https:\/\/github.com\/containernetworking\/plugins\/releases\/download\/v1.1.1\/cni-plugins-linux-amd64-v1.1.1.tgz \\\n  https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.6.6\/containerd-1.6.6-linux-amd64.tar.gz \\\n  https:\/\/storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/linux\/amd64\/kubectl \\\n  https:\/\/storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/linux\/amd64\/kube-proxy \\\n  https:&#47;&#47;storage.googleapis.com\/kubernetes-release\/release\/v1.24.0\/bin\/linux\/amd64\/kubelet<\/code><\/pre>\n\n\n\n<p id=\"905369c8-ee82-47ea-9718-09282b5eb78c\">\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u5148\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"3d80a440-2a64-41aa-89a1-416eba13c48d\" class=\"wp-block-code\"><code>sudo mkdir -p \\\n  \/etc\/cni\/net.d \\\n  \/opt\/cni\/bin \\\n  \/var\/lib\/kubelet \\\n  \/var\/lib\/kube-proxy \\\n  \/var\/lib\/kubernetes \\\n  \/var\/run\/kubernetes<\/code><\/pre>\n\n\n\n<p id=\"2bd4e136-4b57-45e1-b3de-1fc34384081a\">\u30ef\u30fc\u30ab\u30fc\u306e\u30d0\u30a4\u30ca\u30ea\u3092\u5c55\u958b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"d0a86681-7594-4f2b-a086-9f374eaf1015\" class=\"wp-block-code\"><code>mkdir containerd\ntar -xvf crictl-v1.24.0-linux-amd64.tar.gz\ntar -xvf containerd-1.6.6-linux-amd64.tar.gz -C containerd\nsudo tar -xvf cni-plugins-linux-amd64-v1.1.1.tgz -C \/opt\/cni\/bin\/\nsudo mv runc.amd64 runc\nchmod +x crictl kubectl kube-proxy kubelet runc \nsudo mv crictl kubectl kube-proxy kubelet runc \/usr\/local\/bin\/\nsudo mv containerd\/bin\/* \/bin\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-3\">CNI\u30cd\u30c3\u30c8\u30ef\u30fc\u30ad\u30f3\u30b0\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<p id=\"f7668ac7-ad84-423e-9881-df1384044e4b\">EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306ePod\u7528\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308bCIDR\u7bc4\u56f2\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"7ae41e5a-c49f-402e-8a29-4446c9053b7d\" class=\"wp-block-code\"><code>POD_CIDR=$(curl -s http:\/\/169.254.169.254\/latest\/user-data\/ \\\n  | tr \"|\" \"\\n\" | grep \"^pod-cidr\" | cut -d\"=\" -f2)\necho \"${POD_CIDR}\"<\/code><\/pre>\n\n\n\n<p id=\"37f02725-93a1-4c7c-b507-acea44b22352\">bridge\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"3c7dedd0-925c-43b7-af4b-71d38638a05f\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/cni\/net.d\/10-bridge.conf\n{\n    \"cniVersion\": \"1.0.0\",\n    \"name\": \"bridge\",\n    \"type\": \"bridge\",\n    \"bridge\": \"cnio0\",\n    \"isGateway\": true,\n    \"ipMasq\": true,\n    \"ipam\": {\n        \"type\": \"host-local\",\n        \"ranges\": &#91;\n          &#91;{\"subnet\": \"${POD_CIDR}\"}]\n        ],\n        \"routes\": &#91;{\"dst\": \"0.0.0.0\/0\"}]\n    }\n}\nEOF<\/code><\/pre>\n\n\n\n<p id=\"04eca2c1-bec9-4c57-9c66-72c95dd8e9fb\">loopback\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"f2556362-4b44-4578-92b8-5f609f8f2027\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/cni\/net.d\/99-loopback.conf\n{\n    \"cniVersion\": \"1.0.0\",\n    \"name\": \"lo\",\n    \"type\": \"loopback\"\n}\nEOF<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-4\">containerd\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<p id=\"38e6f945-fb81-49f8-bed8-9015f72f8f69\"><strong>containerd<\/strong>\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"fbcacd32-3c20-4f89-bcf5-0bbd7eafdc38\" class=\"wp-block-code\"><code>sudo mkdir -p \/etc\/containerd\/<\/code><\/pre>\n\n\n\n<pre id=\"bf26e144-5b01-4d91-b9c6-d7921aa2031b\" class=\"wp-block-code\"><code>cat &lt;&lt; EOF | sudo tee \/etc\/containerd\/config.toml\n&#91;plugins]\n  &#91;plugins.cri.containerd]\n    snapshotter = \"overlayfs\"\n    &#91;plugins.cri.containerd.default_runtime]\n      runtime_type = \"io.containerd.runtime.v1.linux\"\n      runtime_engine = \"\/usr\/local\/bin\/runc\"\n      runtime_root = \"\"\nEOF<\/code><\/pre>\n\n\n\n<p id=\"f575f8c7-dc01-4a61-b906-bcb382edd969\"><strong>containerd.service<\/strong>\u306esystemd\u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"56b60d08-6f83-4de1-9142-b2305a7cabc5\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/systemd\/system\/containerd.service\n&#91;Unit]\nDescription=containerd container runtime\nDocumentation=https:\/\/containerd.io\nAfter=network.target\n\n&#91;Service]\nExecStartPre=\/sbin\/modprobe overlay\nExecStart=\/bin\/containerd\nRestart=always\nRestartSec=5\nDelegate=yes\nKillMode=process\nOOMScoreAdjust=-999\nLimitNOFILE=1048576\nLimitNPROC=infinity\nLimitCORE=infinity\n\n&#91;Install]\nWantedBy=multi-user.target\nEOF<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-5\">Kubelet\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<pre id=\"6147cb77-fee3-498a-b0f2-bdbc8edba843\" class=\"wp-block-code\"><code>WORKER_NAME=$(curl -s http:\/\/169.254.169.254\/latest\/user-data\/ \\\n| tr \"|\" \"\\n\" | grep \"^name\" | cut -d\"=\" -f2)\necho \"${WORKER_NAME}\"\n\nsudo mv ${WORKER_NAME}-key.pem ${WORKER_NAME}.pem \/var\/lib\/kubelet\/\nsudo mv ${WORKER_NAME}.kubeconfig \/var\/lib\/kubelet\/kubeconfig\nsudo mv ca.pem \/var\/lib\/kubernetes\/<\/code><\/pre>\n\n\n\n<p id=\"a7f9ed9d-b278-47ba-a15b-b0bbb78206e7\">kubelet-config.yaml\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"79ad1b62-11ea-49f4-9af1-7dff78842493\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/var\/lib\/kubelet\/kubelet-config.yaml\nkind: KubeletConfiguration\napiVersion: kubelet.config.k8s.io\/v1beta1\nauthentication:\n  anonymous:\n    enabled: false\n  webhook:\n    enabled: true\n  x509:\n    clientCAFile: \"\/var\/lib\/kubernetes\/ca.pem\"\nauthorization:\n  mode: Webhook\nclusterDomain: \"cluster.local\"\nclusterDNS:\n  - \"10.32.0.10\"\npodCIDR: \"${POD_CIDR}\"\nresolvConf: \"\/run\/systemd\/resolve\/resolv.conf\"\nruntimeRequestTimeout: \"15m\"\ntlsCertFile: \"\/var\/lib\/kubelet\/${WORKER_NAME}.pem\"\ntlsPrivateKeyFile: \"\/var\/lib\/kubelet\/${WORKER_NAME}-key.pem\"\nEOF<\/code><\/pre>\n\n\n\n<p id=\"803b564c-a7ad-4337-880f-fc162a0eae88\"><strong>resolvconf<\/strong>\u306f<strong>systemd-resolv<\/strong>\u3092\u4f7f\u7528\u3057\u3066CoreDNS\u3092\u5b9f\u884c\u3059\u308b\u3068\u304d\u306b\u30eb\u30fc\u30d7\u3092\u56de\u907f\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"86c6d1cb-6995-4e84-8591-0baf148bad5d\"><strong>kubelet.servicesystemd<\/strong>\u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"c1ed620e-0220-4daf-b8a2-683eb4f0d519\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/systemd\/system\/kubelet.service\n&#91;Unit]\nDescription=Kubernetes Kubelet\nDocumentation=https:\/\/github.com\/kubernetes\/kubernetes\nAfter=containerd.service\nRequires=containerd.service\n\n&#91;Service]\nExecStart=\/usr\/local\/bin\/kubelet \\\\\n  --config=\/var\/lib\/kubelet\/kubelet-config.yaml \\\\\n  --container-runtime=remote \\\\\n  --container-runtime-endpoint=unix:\/\/\/var\/run\/containerd\/containerd.sock \\\\\n  --kubeconfig=\/var\/lib\/kubelet\/kubeconfig \\\\\n  --register-node=true \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n&#91;Install]\nWantedBy=multi-user.target\nEOF\n<\/code><\/pre>\n\n\n\n<p id=\"74627c0d-c183-4f41-93b7-d21b3072a944\">\u5c1a\u3001Version1.24\u304b\u3089\u4ee5\u4e0b\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u304c\u524a\u9664\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br>&#8211;image-pull-progress-deadline=2m<br>&#8211;network-plugin=cni<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-6\">Kubernetes Proxy\u306e\u8a2d\u5b9a<\/h3>\n\n\n\n<pre id=\"233b6828-402e-4373-89c9-c48fb66f8270\" class=\"wp-block-code\"><code>sudo mv kube-proxy.kubeconfig \/var\/lib\/kube-proxy\/kubeconfig<\/code><\/pre>\n\n\n\n<p id=\"8d70a2dc-7049-40ca-b282-f464f8b77ec9\"><strong>kube-proxy-config.yaml<\/strong>\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"85c1869e-34b4-42ac-b45f-d338f3fb0c21\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/var\/lib\/kube-proxy\/kube-proxy-config.yaml\nkind: KubeProxyConfiguration\napiVersion: kubeproxy.config.k8s.io\/v1alpha1\nclientConnection:\n  kubeconfig: \"\/var\/lib\/kube-proxy\/kubeconfig\"\nmode: \"iptables\"\nclusterCIDR: \"10.200.0.0\/16\"\nEOF<\/code><\/pre>\n\n\n\n<p id=\"ed316413-63bd-44a2-8b79-0372916194a1\"><strong>kube-proxy.service<\/strong>systemd\u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"5197c454-debf-450d-86a8-eab22bd5e57e\" class=\"wp-block-code\"><code>cat &lt;&lt;EOF | sudo tee \/etc\/systemd\/system\/kube-proxy.service\n&#91;Unit]\nDescription=Kubernetes Kube Proxy\nDocumentation=https:\/\/github.com\/kubernetes\/kubernetes\n\n&#91;Service]\nExecStart=\/usr\/local\/bin\/kube-proxy \\\\\n  --config=\/var\/lib\/kube-proxy\/kube-proxy-config.yaml\nRestart=on-failure\nRestartSec=5\n\n&#91;Install]\nWantedBy=multi-user.target\nEOF<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-7\">\u30ef\u30fc\u30ab\u30fc\u306e\u30b5\u30fc\u30d3\u30b9\u7fa4\u306e\u8d77\u52d5<\/h3>\n\n\n\n<pre id=\"deb77d8a-261e-4463-ac19-73ff82c80377\" class=\"wp-block-code\"><code>sudo systemctl daemon-reload\nsudo systemctl enable containerd kubelet kube-proxy\nsudo systemctl start containerd kubelet kube-proxy<\/code><\/pre>\n\n\n\n<p id=\"a85762a3-c8b1-4f79-b237-ad78dac34a23\">\u3053\u3053\u307e\u3067\u306e\u624b\u9806\u3092\u5404\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u3001<strong>worker-0<\/strong>\u3001<strong>worker-1<\/strong>\u3001<strong>worker-2<\/strong>\u3067\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u78ba\u8a8d<\/strong><\/h4>\n\n\n\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u306f\u3001\u81ea\u8eab\u306eMac\u3082\u3057\u304f\u306fLinux\u7aef\u672b\u304b\u3089\u5b9f\u884c\u3057\u307e\u3059\u3002<br>\u767b\u9332\u3055\u308c\u3066\u3044\u308bKubernetes\u30ce\u30fc\u30c9\u306e\u4e00\u89a7\u3092\u8868\u793a\u3055\u305b\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"ea0bf815-6f54-45ed-ad6a-39485a9df88a\" class=\"wp-block-code\"><code>external_ip=$(aws ec2 describe-instances --filters \\\n    \"Name=tag:Name,Values=controller-0\" \\\n    \"Name=instance-state-name,Values=running\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\nssh -i kubernetes.id_rsa ubuntu@${external_ip} kubectl get nodes --kubeconfig admin.kubeconfig<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"531b974b-39d1-433d-81a4-66f38ed50cc0\" class=\"wp-block-code\"><code>NAME           STATUS   ROLES    AGE   VERSION\nip-10-0-1-20   Ready    &lt;none&gt;   32s   v1.24.0\nip-10-0-1-21   Ready    &lt;none&gt;   29s   v1.24.0\nip-10-0-1-22   Ready    &lt;none&gt;   26s   v1.24.0<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"13\">10-\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u7528\u306ekubectl\u8a2d\u5b9a<\/h2>\n\n\n\n<p id=\"56847d0f-88c2-4913-9860-2fa3d69c6663\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001admin\u30e6\u30fc\u30b6\u30fc\u306ecredenial\u306b\u57fa\u3065\u3044\u305f\u3001kubectl\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u30e6\u30fc\u30c6\u30a3\u30ea\u30c6\u30a3\u7528\u306ekubeconfig\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u3057\u307e\u3059\u3002<br>admin\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u751f\u6210\u306b\u4f7f\u7528\u3057\u305f\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3068\u540c\u3058\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3067\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"13-1\">Admin Kubernetes\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210<\/h3>\n\n\n\n<p id=\"665ae401-49f1-4291-8e63-eb34ff0a6f11\">\u5404kubeconfig\u306f\u3001Kubernetes API\u30b5\u30fc\u30d0\u30fc\u3068\u63a5\u7d9a\u3067\u304d\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br>\u9ad8\u53ef\u7528\u6027\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306b\u3001Kubernetes API\u30b5\u30fc\u30d0\u30fc\u306e\u524d\u306b\u8a2d\u7f6e\u3057\u305f\u5916\u90e8\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u306b\u5272\u308a\u5f53\u3066\u3089\u308c\u305fIP\u30a2\u30c9\u30ec\u30b9\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"c31e8f88-fc87-4e29-a6d6-d347d532c3ba\">admin\u30e6\u30fc\u30b6\u30fc\u3092\u8a8d\u8a3c\u3059\u308b<strong>kubeconfig<\/strong>\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"856bb661-7720-4921-bc8f-d8e232dc0c7d\" class=\"wp-block-code\"><code>KUBERNETES_PUBLIC_ADDRESS=$(aws elbv2 describe-load-balancers \\\n--load-balancer-arns ${LOAD_BALANCER_ARN} \\\n--output text --query 'LoadBalancers&#91;].DNSName')\n\nkubectl config set-cluster kubernetes-the-hard-way \\\n  --certificate-authority=ca.pem \\\n  --embed-certs=true \\\n  --server=https:\/\/${KUBERNETES_PUBLIC_ADDRESS}:443\n\nkubectl config set-credentials admin \\\n  --client-certificate=admin.pem \\\n  --client-key=admin-key.pem\n\nkubectl config set-context kubernetes-the-hard-way \\\n  --cluster=kubernetes-the-hard-way \\\n  --user=admin\n\nkubectl config use-context kubernetes-the-hard-way<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u78ba\u8a8d<\/strong><\/h4>\n\n\n\n<p id=\"9fb35338-30f7-4802-89e7-415ed6b62ed6\">remote\u306eKubernetes\u30af\u30e9\u30b9\u30bf\u306e\u30ce\u30fc\u30c9\u306e\u4e00\u89a7\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"d14b87a1-106f-48b0-9bb7-f33e2dd00d76\" class=\"wp-block-code\"><code>kubectl get nodes<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"25ba14d0-44f6-4bd9-b88e-0d2ccf56b3fe\" class=\"wp-block-code\"><code>NAME           STATUS   ROLES    AGE   VERSION\nip-10-0-1-20   Ready    &lt;none&gt;   89m   v1.24.0\nip-10-0-1-21   Ready    &lt;none&gt;   89m   v1.24.0\nip-10-0-1-22   Ready    &lt;none&gt;   89m   v1.24.0<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"14\">11-\u30af\u30e9\u30b9\u30bf\u5185\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u8a2d\u5b9a<\/h2>\n\n\n\n<p id=\"aec2df6a-f69c-4aa9-8a43-b56c8f3d8338\">\u30ce\u30fc\u30c9\u306b\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3055\u308c\u305fPod\u306f\u3001\u30ce\u30fc\u30c9\u306ePod CIDR\u7bc4\u56f2\u304b\u3089IP\u30a2\u30c9\u30ec\u30b9\u3092\u53d7\u3051\u53d6\u308a\u307e\u3059\u3002\u3053\u306e\u6642\u70b9\u3067\u306f\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30eb\u30fc\u30c8\u304c\u898b\u3064\u304b\u3089\u306a\u3044\u305f\u3081\u3001Pod\u306f\u7570\u306a\u308b\u30ce\u30fc\u30c9\u3067\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u4ed6\u306ePod\u3068\u901a\u4fe1\u3067\u304d\u307e\u305b\u3093\u3002<br>\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001\u30ce\u30fc\u30c9\u306ePod CIDR\u7bc4\u56f2\u3092\u30ce\u30fc\u30c9\u306e\u5185\u90e8IP\u30a2\u30c9\u30ec\u30b9\u306b\u30de\u30c3\u30d7\u3059\u308b\u305f\u3081\u306e\u3001\u5404\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u30eb\u30fc\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<br>\u672c\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3067\u7d39\u4ecb\u3059\u308b\u30e2\u30c7\u30eb\u306f\u4e00\u4f8b\u3067\u3042\u308a\u3001Kubernetes\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e2\u30c7\u30eb\u306e\u5b9f\u88c5\u306f\u4ed6\u306b\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"14-1\">\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u30c6\u30fc\u30d6\u30eb\u3068\u30eb\u30fc\u30c8\u3092\u5b9a\u7fa9<\/h3>\n\n\n\n<p id=\"e074bd6f-b11d-4945-a81c-03252c1a7f06\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001kubernetes-the-hard-wayVPC\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u3067\u30eb\u30fc\u30c8\u3092\u4f5c\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u60c5\u5831\u3092\u96c6\u3081\u307e\u3059\u3002<br>\u901a\u5e38\u3001\u3053\u306e\u6a5f\u80fd\u306f<strong>flannel<\/strong>, <strong>calico<\/strong>, <strong>amazon-vpc-cin-k8s<\/strong>\u7b49\u306eCNI\u30d7\u30e9\u30b0\u30a4\u30f3\u306b\u3088\u3063\u3066\u63d0\u4f9b\u3055\u308c\u307e\u3059\u3002<br>\u3053\u308c\u3092\u624b\u4f5c\u696d\u3067\u884c\u3046\u3053\u3068\u306b\u3088\u308a\u3001\u3053\u308c\u3089\u306e\u30d7\u30e9\u30b0\u30a4\u30f3\u304c\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9\u3067\u4f55\u3092\u3057\u3066\u3044\u308b\u306e\u304b\u3092\u7406\u89e3\u3057\u3084\u3059\u304f\u306a\u308a\u307e\u3059\u3002<br>\u307e\u305a\u306f\u5404\u30ef\u30fc\u30ab\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u5185\u90e8IP\u30a2\u30c9\u30ec\u30b9\u3068Pod CIDR\u7bc4\u56f2\u3092\u8868\u793a\u3055\u305b\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"79ba5c6b-feb0-4036-86b3-8a90337854bb\" class=\"wp-block-code\"><code>for instance in worker-0 worker-1 worker-2; do\n  instance_id_ip=\"$(aws ec2 describe-instances \\\n    --filters \"Name=tag:Name,Values=${instance}\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].&#91;InstanceId,PrivateIpAddress]')\"\n  instance_id=\"$(echo \"${instance_id_ip}\" | cut -f1)\"\n  instance_ip=\"$(echo \"${instance_id_ip}\" | cut -f2)\"\n  pod_cidr=\"$(aws ec2 describe-instance-attribute \\\n    --instance-id \"${instance_id}\" \\\n    --attribute userData \\\n    --output text --query 'UserData.Value' \\\n    | base64 --decode | tr \"|\" \"\\n\" | grep \"^pod-cidr\" | cut -d'=' -f2)\"\n  echo \"${instance_ip} ${pod_cidr}\"\n\n  aws ec2 create-route \\\n    --route-table-id \"${ROUTE_TABLE_ID}\" \\\n    --destination-cidr-block \"${pod_cidr}\" \\\n    --instance-id \"${instance_id}\"\ndone<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"b91ce84a-2683-4c23-a1d1-019d0c8dbf26\" class=\"wp-block-code\"><code>10.0.1.20 10.200.0.0\/24\n{\n    \"Return\": true\n}\n10.0.1.21 10.200.1.0\/24\n{\n    \"Return\": true\n}\n10.0.1.22 10.200.2.0\/24\n{\n    \"Return\": true\n}<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"14-2\">\u30eb\u30fc\u30c8\u306e\u78ba\u8a8d<\/h3>\n\n\n\n<p id=\"709bd6cb-a2cb-4dbe-9f4d-a4243390b7b7\">\u5404\u30ef\u30fc\u30ab\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u5bfe\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30eb\u30fc\u30c8\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"a41f297c-91da-41d8-9edb-f63bed2cdd6a\" class=\"wp-block-code\"><code>aws ec2 describe-route-tables \\\n  --route-table-ids \"${ROUTE_TABLE_ID}\" \\\n  --query 'RouteTables&#91;].Routes'<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"5811c1fb-2d62-4662-9b19-79e27651589d\" class=\"wp-block-code\"><code>&#91;\n    &#91;\n        {\n            \"DestinationCidrBlock\": \"10.200.0.0\/24\",\n            \"InstanceId\": \"i-0cb0e48788838daa4\",\n            \"InstanceOwnerId\": \"523358537305\",\n            \"NetworkInterfaceId\": \"eni-0d5ff998bd2fb09c5\",\n            \"Origin\": \"CreateRoute\",\n            \"State\": \"active\"\n        },\n        {\n            \"DestinationCidrBlock\": \"10.200.1.0\/24\",\n            \"InstanceId\": \"i-001c9deec822b1325\",\n            \"InstanceOwnerId\": \"523358537305\",\n            \"NetworkInterfaceId\": \"eni-04334cbdcbcf2cfd5\",\n            \"Origin\": \"CreateRoute\",\n            \"State\": \"active\"\n        },\n        {\n            \"DestinationCidrBlock\": \"10.200.2.0\/24\",\n            \"InstanceId\": \"i-0055e9af229f7ea5d\",\n            \"InstanceOwnerId\": \"523358537305\",\n            \"NetworkInterfaceId\": \"eni-0c28e31352ccd881a\",\n            \"Origin\": \"CreateRoute\",\n            \"State\": \"active\"\n        },\n        {\n            \"DestinationCidrBlock\": \"10.0.0.0\/16\",\n            \"GatewayId\": \"local\",\n            \"Origin\": \"CreateRouteTable\",\n            \"State\": \"active\"\n        },\n        {\n            \"DestinationCidrBlock\": \"0.0.0.0\/0\",\n            \"GatewayId\": \"igw-0f1932111bd00691f\",\n            \"Origin\": \"CreateRoute\",\n            \"State\": \"active\"\n        }\n    ]\n]<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"15\">12-DNS\u30af\u30e9\u30b9\u30bf\u30a2\u30c9\u30aa\u30f3\u306e\u5c0e\u5165<\/h2>\n\n\n\n<p id=\"565e12e9-8a14-4218-a828-2b1cd47ed65a\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001Kubernetes\u30af\u30e9\u30b9\u30bf\u5185\u3067\u52d5\u3044\u3066\u3044\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u3001CoreDNS\u3092\u4f7f\u3063\u305fDNS\u30d9\u30fc\u30b9\u306e\u30b5\u30fc\u30d3\u30b9\u30c7\u30a3\u30b9\u30ab\u30d0\u30ea\u3092\u63d0\u4f9b\u3059\u308bDNS\u30a2\u30c9\u30aa\u30f3\u3092\u30c7\u30d7\u30ed\u30a4\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"15-1\">DNS\u30af\u30e9\u30b9\u30bf\u30fc\u30a2\u30c9\u30aa\u30f3<\/h3>\n\n\n\n<p id=\"b216762d-238e-45c4-a450-44ed833069b8\">coredns\u30af\u30e9\u30b9\u30bf\u30fc\u30a2\u30c9\u30aa\u30f3\u3092\u30c7\u30d7\u30ed\u30a4\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"37747277-f3ed-4c48-b29d-f8b4f28aeabb\" class=\"wp-block-code\"><code>cat &gt; coredns-1.9.yaml &lt;&lt;EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: coredns\n  namespace: kube-system\n\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    kubernetes.io\/bootstrapping: rbac-defaults\n  name: system:coredns\nrules:\n  - apiGroups:\n    - \"\"\n    resources:\n    - endpoints\n    - services\n    - pods\n    - namespaces\n    verbs:\n    - list\n    - watch\n  - apiGroups:\n    - discovery.k8s.io\n    resources:\n    - endpointslices\n    verbs:\n    - list\n    - watch\n\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRoleBinding\nmetadata:\n  annotations:\n    rbac.authorization.kubernetes.io\/autoupdate: \"true\"\n  labels:\n    kubernetes.io\/bootstrapping: rbac-defaults\n  name: system:coredns\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: system:coredns\nsubjects:\n- kind: ServiceAccount\n  name: coredns\n  namespace: kube-system\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: coredns\n  namespace: kube-system\ndata:\n  Corefile: |\n    .:53 {\n        errors\n        health {\n          lameduck 5s\n        }\n        ready\n        kubernetes cluster.local in-addr.arpa ip6.arpa {\n          fallthrough in-addr.arpa ip6.arpa\n        }\n        prometheus :9153\n        cache 30\n        loop\n        reload\n        loadbalance\n    }\n\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n  name: coredns\n  namespace: kube-system\n  labels:\n    k8s-app: kube-dns\n    kubernetes.io\/name: \"CoreDNS\"\nspec:\n  replicas: 2\n  strategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxUnavailable: 1\n  selector:\n    matchLabels:\n      k8s-app: kube-dns\n  template:\n    metadata:\n      labels:\n        k8s-app: kube-dns\n    spec:\n      priorityClassName: system-cluster-critical\n      serviceAccountName: coredns\n      tolerations:\n        - key: \"CriticalAddonsOnly\"\n          operator: \"Exists\"\n      nodeSelector:\n        kubernetes.io\/os: linux\n      affinity:\n         podAntiAffinity:\n           requiredDuringSchedulingIgnoredDuringExecution:\n           - labelSelector:\n               matchExpressions:\n               - key: k8s-app\n                 operator: In\n                 values: &#91;\"kube-dns\"]\n             topologyKey: kubernetes.io\/hostname\n      containers:\n      - name: coredns\n        image: coredns\/coredns:1.9.3\n        imagePullPolicy: IfNotPresent\n        resources:\n          limits:\n            memory: 170Mi\n          requests:\n            cpu: 100m\n            memory: 70Mi\n        args: &#91; \"-conf\", \"\/etc\/coredns\/Corefile\" ]\n        volumeMounts:\n        - name: config-volume\n          mountPath: \/etc\/coredns\n          readOnly: true\n        ports:\n        - containerPort: 53\n          name: dns\n          protocol: UDP\n        - containerPort: 53\n          name: dns-tcp\n          protocol: TCP\n        - containerPort: 9153\n          name: metrics\n          protocol: TCP\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            add:\n            - NET_BIND_SERVICE\n            drop:\n            - all\n          readOnlyRootFilesystem: true\n        livenessProbe:\n          httpGet:\n            path: \/health\n            port: 8080\n            scheme: HTTP\n          initialDelaySeconds: 60\n          timeoutSeconds: 5\n          successThreshold: 1\n          failureThreshold: 5\n        readinessProbe:\n          httpGet:\n            path: \/ready\n            port: 8181\n            scheme: HTTP\n      dnsPolicy: Default\n      volumes:\n        - name: config-volume\n          configMap:\n            name: coredns\n            items:\n            - key: Corefile\n              path: Corefile\n\napiVersion: v1\nkind: Service\nmetadata:\n  name: kube-dns\n  namespace: kube-system\n  annotations:\n    prometheus.io\/port: \"9153\"\n    prometheus.io\/scrape: \"true\"\n  labels:\n    k8s-app: kube-dns\n    kubernetes.io\/cluster-service: \"true\"\n    kubernetes.io\/name: \"CoreDNS\"\nspec:\n  selector:\n    k8s-app: kube-dns\n  clusterIP: 10.32.0.10\n  ports:\n  - name: dns\n    port: 53\n    protocol: UDP\n  - name: dns-tcp\n    port: 53\n    protocol: TCP\n  - name: metrics\n    port: 9153\n    protocol: TCP\nEOF<\/code><\/pre>\n\n\n\n<pre id=\"61af91cd-e622-431d-b7ad-51903ba234bc\" class=\"wp-block-code\"><code>kubectl apply -f coredns-1.9.yaml<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b<\/strong>\u4f8b<\/h4>\n\n\n\n<pre id=\"86a91064-2d76-40bc-ae59-aa6d338c64da\" class=\"wp-block-code\"><code>serviceaccount\/coredns created\nclusterrole.rbac.authorization.k8s.io\/system:coredns created\nclusterrolebinding.rbac.authorization.k8s.io\/system:coredns created\nconfigmap\/coredns created\ndeployment.apps\/coredns created\nservice\/kube-dns created<\/code><\/pre>\n\n\n\n<p id=\"e6064d6f-de4d-4dfa-8c40-3261747f6ec0\"><strong>kube-dns deployment<\/strong>\u306b\u3088\u3063\u3066\u4f5c\u3089\u308c\u305fPod\u306e\u78ba\u8a8d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"6ba3a03c-6705-468b-bd71-4fa71fd01392\" class=\"wp-block-code\"><code>kubectl get pods -l k8s-app=kube-dns -n kube-system<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"77329dbc-5c20-4029-b852-c998a7e66ea8\" class=\"wp-block-code\"><code>NAME                       READY   STATUS    RESTARTS   AGE\ncoredns-8494f9c688-jth4j   1\/1     Running   0          46s\ncoredns-8494f9c688-p679g   1\/1     Running   0          46s<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"15-2\">\u78ba\u8a8d<\/h3>\n\n\n\n<p id=\"675c148e-0d25-4eb0-9562-b4f4095b3205\">busybox deployment\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"63784b52-d671-44bd-a6af-03b0d8cf74e3\" class=\"wp-block-code\"><code>kubectl run busybox --image=busybox:1.28 --command -- sleep 3600<\/code><\/pre>\n\n\n\n<p id=\"03bd28ab-7dde-4637-af91-1bbdd8091247\">busybox deployment\u306b\u3088\u3063\u3066\u4f5c\u3089\u308c\u3066Pod\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"c8977a94-7520-477a-8bff-9bc58f441a98\" class=\"wp-block-code\"><code>kubectl get pods -l run=busybox<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"2278cf92-2020-479e-a620-b9e2dbad21b1\" class=\"wp-block-code\"><code>NAME      READY   STATUS    RESTARTS   AGE\nbusybox   1\/1     Running   0          25s<\/code><\/pre>\n\n\n\n<p id=\"ef82ccfb-edad-40b5-8b11-fb751f249cd5\">busybox pod\u5185\u304b\u3089kubernetesservice\u306eDNS lookup\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"14545713-df8f-41c1-b645-13e9b99d083b\" class=\"wp-block-code\"><code>POD_NAME=$(kubectl get pods -l run=busybox -o jsonpath=\"{.items&#91;0].metadata.name}\")\necho ${POD_NAME}\n\nkubectl exec -ti $POD_NAME -- nslookup kubernetes<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"a0f50ce8-06b7-41bf-8ba7-17e95d676549\" class=\"wp-block-code\"><code>ubernetes\nServer:    10.32.0.10\nAddress 1: 10.32.0.10 kube-dns.kube-system.svc.cluster.local\n\nName:      kubernetes\nAddress 1: 10.32.0.1 kubernetes.default.svc.cluster.local<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"16\">13-\u30b9\u30e2\u30fc\u30af\u30c6\u30b9\u30c8<\/h2>\n\n\n\n<p id=\"b6957abd-4454-46ed-a9cd-3fb325c030bb\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001Kubernetes\u30af\u30e9\u30b9\u30bf\u304c\u6b63\u3057\u304f\u6a5f\u80fd\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u305f\u3081\u306e\u30bf\u30b9\u30af\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"16-1\">\u30c7\u30fc\u30bf\u306e\u6697\u53f7\u5316<\/h3>\n\n\n\n<p id=\"d3b68cf4-2b2e-4c98-90f1-f61cca636870\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u4fdd\u5b58\u3055\u308c\u3066\u3044\u308b\u30c7\u30fc\u30bf\u306e\u6697\u53f7\u5316\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<br>generic secret\u3092\u4f5c\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"41470eaf-9414-4d7d-85ca-fb6c57985090\" class=\"wp-block-code\"><code>kubectl create secret generic kubernetes-the-hard-way \\\n  --from-literal=\"mykey=mydata\"<\/code><\/pre>\n\n\n\n<p id=\"519381c3-9a8e-4eaa-8d6e-0275ddfbcc94\">etcd\u306b\u4fdd\u5b58\u3055\u308c\u3066\u3044\u308b<strong>kubernetes-the-hard-way<\/strong>\u306esecret\u3092hexdump\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"20462722-f5ee-4838-817c-192089b4540a\" class=\"wp-block-code\"><code>external_ip=$(aws ec2 describe-instances --filters \\\n  \"Name=tag:Name,Values=controller-0\" \\\n  \"Name=instance-state-name,Values=running\" \\\n  --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')\n\nssh -i kubernetes.id_rsa ubuntu@${external_ip} \\\n \"sudo ETCDCTL_API=3 etcdctl get \\\n  --endpoints=https:\/\/127.0.0.1:2379 \\\n  --cacert=\/etc\/etcd\/ca.pem \\\n  --cert=\/etc\/etcd\/kubernetes.pem \\\n  --key=\/etc\/etcd\/kubernetes-key.pem\\\n  \/registry\/secrets\/default\/kubernetes-the-hard-way | hexdump -C\"<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"c535d8b6-1d3b-4a02-b8d0-ae2285deb230\" class=\"wp-block-code\"><code>00000000  2f 72 65 67 69 73 74 72  79 2f 73 65 63 72 65 74  |\/registry\/secret|\n00000010  73 2f 64 65 66 61 75 6c  74 2f 6b 75 62 65 72 6e  |s\/default\/kubern|\n00000020  65 74 65 73 2d 74 68 65  2d 68 61 72 64 2d 77 61  |etes-the-hard-wa|\n00000030  79 0a 6b 38 73 3a 65 6e  63 3a 61 65 73 63 62 63  |y.k8s:enc:aescbc|\n00000040  3a 76 31 3a 6b 65 79 31  3a 67 3f 76 23 d3 0f 9b  |:v1:key1:g?v#...|\n00000050  c2 92 14 54 6e 7f 26 41  a6 27 e0 a7 d6 9e 3f 67  |...Tn.&amp;A.'....?g|\n00000060  07 88 36 c9 99 ac dd e5  5f 44 e5 f0 7e 45 9b 0a  |..6....._D..~E..|\n00000070  04 ed 0c b8 77 0b a7 29  7c df 34 ec 4c 22 d6 36  |....w..)|.4.L\".6|\n00000080  f7 58 38 b9 5f 49 1f 0f  b8 ac a6 ea 4d 23 95 0f  |.X8._I......M#..|\n00000090  aa 35 c8 39 eb 33 e2 c8  4c 70 5e f8 2c 05 ef 88  |.5.9.3..Lp^.,...|\n000000a0  cc 41 3f da d2 05 93 3a  3c 4d 1c 33 a2 fe 78 fb  |.A?....:&lt;M.3..x.|\n000000b0  ec fa 02 af cd c0 6d 8e  dd 6d b7 5a e2 b1 f7 44  |......m..m.Z...D|\n000000c0  3c ec d9 04 7d 9b 82 5e  d4 22 fe 6f 5e 2b 47 aa  |&lt;...}..^.\".o^+G.|\n000000d0  56 76 13 a0 9c a4 ca a6  c1 46 a1 5e 1b a6 ab 9b  |Vv.......F.^....|\n000000e0  d8 71 e7 84 3c ed 94 a0  f6 b8 6e 11 2e 44 8e ab  |.q..&lt;.....n..D..|\n000000f0  0f f4 89 9a ac e6 cb f6  8f 48 da 8e 0e c2 ba cf  |.........H......|\n00000100  c5 be 3f a4 c2 a0 38 29  78 23 a7 56 db b3 e0 20  |..?...8)x#.V... |\n00000110  a3 ae d2 9b d7 8a 4b 3b  83 df ee 12 c5 71 1f e5  |......K;.....q..|\n00000120  c6 5b 97 0a 98 02 9e 85  df db e2 70 44 37 35 b2  |.&#91;.........pD75.|\n00000130  a8 30 cf 79 b5 25 4b d3  7a 35 f6 cf 69 11 25 f2  |.0.y.%K.z5..i.%.|\n00000140  bd 37 9e 2c 57 ed c0 d0  26 e0 8d b7 da bb 5e 76  |.7.,W...&amp;.....^v|\n00000150  0b e8 46 6d 6e 38 65 09  c2 0a                    |..Fmn8e...|\n0000015a<\/code><\/pre>\n\n\n\n<p id=\"5d22845a-e99a-42f0-8e98-d379fc2e1e7b\">etcd\u30ad\u30fc\u306f\u3001k8s:enc:aescbc:v1:key1\u3068\u3044\u3046\u30d7\u30ec\u30d5\u30a3\u30c3\u30af\u30b9\u306b\u306a\u3063\u3066\u3044\u308b\u306f\u305a\u3067\u3059\u3002\u3053\u308c\u306f\u3001aescbc\u30d7\u30ed\u30d0\u30a4\u30c0\u304ckey1\u3068\u3044\u3046\u6697\u53f7\u5316\u30ad\u30fc\u3067\u30c7\u30fc\u30bf\u3092\u6697\u53f7\u5316\u3057\u305f\u3053\u3068\u3092\u8868\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"16-2\">\u81ea\u7aef\u672b\u304b\u3089Deployment\u306e\u4f5c\u6210\u3068\u7ba1\u7406<\/h3>\n\n\n\n<p id=\"721c007d-f785-4e9e-af63-5cc246c87e50\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306fDeployment\u306e\u4f5c\u6210\u3068\u7ba1\u7406\u304c\u3067\u304d\u3066\u3044\u308b\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p id=\"6fbe3e50-cd34-4288-aa5a-d9552ea4f670\">nginx web server\u306edeployment\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"4a45d86c-1d51-49c1-93e9-0d90d5e2aa17\" class=\"wp-block-code\"><code>kubectl create deployment nginx --image=nginx<\/code><\/pre>\n\n\n\n<p id=\"0f99e7fa-514b-43c5-bd70-837c9da3fd04\">nginx deployment\u306b\u3088\u3063\u3066\u3067\u304d\u305fPod\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"eaeaee6f-a8e4-4cb8-8ace-da5a029ede2a\" class=\"wp-block-code\"><code>kubectl get pods -l app=nginx<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"0e23dce2-cde9-4052-bd80-fa6a834f45fd\" class=\"wp-block-code\"><code>NAME                     READY   STATUS    RESTARTS   AGE\nnginx-6799fc88d8-qfjkw   1\/1     Running   0          13s<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"16-3\">Port Forwarding<\/h3>\n\n\n\n<p id=\"250acb07-02ce-4063-99ce-e35d7bf73d90\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001port forwarding\u3092\u4f7f\u3063\u3066\u5916\u90e8\u304b\u3089\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002nginx pod\u306e\u30d5\u30eb\u30cd\u30fc\u30e0\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"e349af35-7895-481d-a98f-dd49bf4bd5f7\" class=\"wp-block-code\"><code>POD_NAME=$(kubectl get pods -l app=nginx -o jsonpath=\"{.items&#91;0].metadata.name}\")<\/code><\/pre>\n\n\n\n<p id=\"a8bcc81d-6455-4fdf-9cdd-7dc45af3fccb\">\u30ed\u30fc\u30ab\u30eb\u306e8080\u30dd\u30fc\u30c8\u3092nginx Pod\u306e80\u756a\u30dd\u30fc\u30c8\u306b\u30d5\u30a9\u30ef\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"ec9667ce-5aa5-47de-be6e-9558c9ae09b0\" class=\"wp-block-code\"><code>kubectl port-forward $POD_NAME 8080:80<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"2ffeb10d-12b5-4167-82db-89de6b1755fe\" class=\"wp-block-code\"><code>Forwarding from 127.0.0.1:8080 -&gt; 80\nForwarding from &#91;::1]:8080 -&gt; 80<\/code><\/pre>\n\n\n\n<p id=\"4bd32c80-678a-4e48-ab1a-c094f3706367\">\u5225\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u304b\u3089\u30d5\u30a9\u30ef\u30fc\u30c9\u3057\u305f\u30a2\u30c9\u30ec\u30b9\u306bHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u6295\u3052\u3066\u307f\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"9065fd55-dc7e-4764-b314-d7f78d11ce35\" class=\"wp-block-code\"><code>curl --head http:\/\/127.0.0.1:8080<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"529cb5c6-394b-4f82-87f5-efcfc0e59427\" class=\"wp-block-code\"><code>HTTP\/1.1 200 OK\nServer: nginx\/1.21.6\nDate: Mon, 25 Apr 2022 05:07:07 GMT\nContent-Type: text\/html\nContent-Length: 615\nLast-Modified: Tue, 25 Jan 2022 15:03:52 GMT\nConnection: keep-alive\nETag: \"61f01158-267\"\nAccept-Ranges: bytes<\/code><\/pre>\n\n\n\n<p id=\"cd2bd39a-ad7f-443d-beda-fd94fbb06e43\">\u5143\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u306b\u623b\u3063\u3066nginx Pod\u3078\u306e\u30d5\u30a9\u30ef\u30fc\u30c7\u30a3\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u3092\u6b62\u3081\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"e1b1a38a-58fa-47c3-a61d-81d478370934\" class=\"wp-block-code\"><code>Forwarding from 127.0.0.1:8080 -&gt; 80\nForwarding from &#91;::1]:8080 -&gt; 80\nHandling connection for 8080\n^C<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"16-4\">Logs<\/h3>\n\n\n\n<p id=\"6db4c007-bb2d-4d1d-9426-159d7215dfd0\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001\u30b3\u30f3\u30c6\u30ca\u306e\u30ed\u30b0\u306e\u53d6\u5f97\u304c\u3067\u304d\u308b\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<br>nginx Pod\u306e\u30ed\u30b0\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"a35469c1-8f3b-4441-99c8-bd8e7fa73c71\" class=\"wp-block-code\"><code>kubectl logs $POD_NAME<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"5b472100-c1b7-47bc-9555-507d46441129\" class=\"wp-block-code\"><code>\/docker-entrypoint.sh: \/docker-entrypoint.d\/ is not empty, will attempt to perform configuration\n\/docker-entrypoint.sh: Looking for shell scripts in \/docker-entrypoint.d\/\n\/docker-entrypoint.sh: Launching \/docker-entrypoint.d\/10-listen-on-ipv6-by-default.sh\n10-listen-on-ipv6-by-default.sh: info: Getting the checksum of \/etc\/nginx\/conf.d\/default.conf\n10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in \/etc\/nginx\/conf.d\/default.conf\n\/docker-entrypoint.sh: Launching \/docker-entrypoint.d\/20-envsubst-on-templates.sh\n\/docker-entrypoint.sh: Launching \/docker-entrypoint.d\/30-tune-worker-processes.sh\n\/docker-entrypoint.sh: Configuration complete; ready for start up\n2022\/04\/25 05:05:55 &#91;notice] 1#1: using the \"epoll\" event method\n2022\/04\/25 05:05:55 &#91;notice] 1#1: nginx\/1.21.6\n2022\/04\/25 05:05:55 &#91;notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) \n2022\/04\/25 05:05:55 &#91;notice] 1#1: OS: Linux 5.13.0-1022-aws\n2022\/04\/25 05:05:55 &#91;notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576\n2022\/04\/25 05:05:55 &#91;notice] 1#1: start worker processes\n2022\/04\/25 05:05:55 &#91;notice] 1#1: start worker process 32\n2022\/04\/25 05:05:55 &#91;notice] 1#1: start worker process 33\n127.0.0.1 - - &#91;25\/Apr\/2022:05:07:07 +0000] \"HEAD \/ HTTP\/1.1\" 200 0 \"-\" \"curl\/7.79.1\" \"-\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"16-5\">Exec<\/h3>\n\n\n\n<p id=\"3e0de937-af7f-4b89-a874-279e092496ff\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u30b3\u30f3\u30c6\u30ca\u5185\u3067\u306e\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u304c\u3067\u304d\u308b\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002nginx\u30b3\u30f3\u30c6\u30ca\u306b\u5165\u3063\u3066\u3001nginx -v\u3092\u5b9f\u884c\u3057\u3066nginx\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"cfc5f82c-b672-4f9b-a1f3-7bf5aa0be086\" class=\"wp-block-code\"><code>kubectl exec -ti $POD_NAME -- nginx -v<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"6b783a37-7b14-45fc-b640-416e31be6b17\" class=\"wp-block-code\"><code>nginx version: nginx\/1.21.6<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"16-6\">Services<\/h3>\n\n\n\n<p id=\"fa28b257-6888-4168-8574-9252c0e08c80\">\u3053\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001Service\u3092\u4f7f\u3063\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u516c\u958b\u304c\u3067\u304d\u308b\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002nginx deployment\u3092NodePort \u3092\u4f7f\u3063\u3066\u516c\u958b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"f9e3a511-4fbe-4d73-96a9-a66459b6dc7d\" class=\"wp-block-code\"><code>kubectl expose deployment nginx --port 80 --type NodePort<\/code><\/pre>\n\n\n\n<p id=\"cb010529-c597-4cfc-bf61-3c5ec70ebbc7\">\u30af\u30e9\u30b9\u30bf\u30fc\u304c\u30af\u30e9\u30a6\u30c9\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u30a4\u30f3\u30c6\u30b0\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a\u304c\u3055\u308c\u3066\u3044\u306a\u3044\u305f\u3081\u3001LoadBalancer\u306f\u4f7f\u7528\u3067\u304d\u307e\u305b\u3093\u3002\u3053\u306e\u624b\u9806\u3067\u306f\u3001\u30af\u30e9\u30a6\u30c9\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u30a4\u30f3\u30c6\u30b0\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a\u306f\u5bfe\u8c61\u5916\u3067\u3059\u3002<\/p>\n\n\n\n<p id=\"a194b655-d348-4ad3-844a-dced44cb9ab9\">nginx service\u3067\u30a2\u30b5\u30a4\u30f3\u3055\u308c\u305f\u30ce\u30fc\u30c9\u306e\u30dd\u30fc\u30c8\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"750f093d-8194-46eb-887b-33565aabdb4b\" class=\"wp-block-code\"><code>NODE_PORT=$(kubectl get svc nginx \\\n  --output=jsonpath='{range .spec.ports&#91;0]}{.nodePort}')<\/code><\/pre>\n\n\n\n<p id=\"6c2b3c96-647d-4df6-9a47-f70a740cdb4f\">nginx\u30ce\u30fc\u30c9\u30dd\u30fc\u30c8\u3078\u306e\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u30eb\u30fc\u30eb\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"3f87a53c-4925-410a-ad54-f5aaf936f7f9\" class=\"wp-block-code\"><code>aws ec2 authorize-security-group-ingress \\\n  --group-id ${SECURITY_GROUP_ID} \\\n  --protocol tcp \\\n  --port ${NODE_PORT} \\\n  --cidr 0.0.0.0\/0<\/code><\/pre>\n\n\n\n<p id=\"ac8ea5f5-decb-470c-a323-d29bf55c2a61\"><strong>nginx<\/strong>\u306epod\u304c\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u540d\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"ad2fdfb2-4c26-4989-b378-82a2fe73d535\" class=\"wp-block-code\"><code>INSTANCE_NAME=$(kubectl get pod $POD_NAME --output=jsonpath='{.spec.nodeName}')<\/code><\/pre>\n\n\n\n<p id=\"50bdd5de-ddc7-4d93-9850-8552cae2514c\">\u30ef\u30fc\u30ab\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306eExternal IP\u30a2\u30c9\u30ec\u30b9\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"565cc357-7313-4a9f-b38e-acd347683159\" class=\"wp-block-code\"><code>EXTERNAL_IP=$(aws ec2 describe-instances --filters \\\n    \"Name=instance-state-name,Values=running\" \\\n    \"Name=network-interface.private-dns-name,Values=${INSTANCE_NAME}.*.internal*\" \\\n    --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')<\/code><\/pre>\n\n\n\n<p id=\"cb2e30fb-ff0e-401c-b31c-b6de7b6882a2\">External IP\u3068nginx\u306e\u30ce\u30fc\u30c9\u30dd\u30fc\u30c8\u3092\u4f7f\u7528\u3057\u3066HTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"c49e38f6-e740-4a1c-a66f-764dbcef82fb\" class=\"wp-block-code\"><code>curl -I http:\/\/${EXTERNAL_IP}:${NODE_PORT}<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"ea9df9b0-f5f6-499d-a68a-c1d3e25d4f21\" class=\"wp-block-code\"><code>HTTP\/1.1 200 OK\nServer: nginx\/1.21.6\nDate: Mon, 25 Apr 2022 05:12:16 GMT\nContent-Type: text\/html\nContent-Length: 615\nLast-Modified: Tue, 25 Jan 2022 15:03:52 GMT\nConnection: keep-alive\nETag: \"61f01158-267\"\nAccept-Ranges: bytes<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"17\">14-crictl\u3092\u4f7f\u7528\u3057\u3066\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306e\u30a4\u30e1\u30fc\u30b8\u30fb\u30dd\u30c3\u30c9\u30fb\u30b3\u30f3\u30c6\u30ca\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b<\/h2>\n\n\n\n<p id=\"9f1d0dab-70a8-449e-8a2b-2c1406da8df9\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u306f\u3001\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3001\u30ea\u30bd\u30fc\u30b9\u4e00\u89a7\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u6271\u3046\u30b3\u30de\u30f3\u30c9\u306f\u3001\u7acb\u3061\u4e0a\u304c\u3063\u3066\u3044\u308b3\u53f0\u306e\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u5168\u3066\u3067\u5b9f\u884c\u53ef\u80fd\u3067\u3059\u3002<\/p>\n\n\n\n<pre id=\"61580a79-828c-4733-872b-40d4d8f21c37\" class=\"wp-block-code\"><code>external_ip=$(aws ec2 describe-instances \\\n  --filters \"Name=tag:Name,Values=worker-0\" \\\n  --output text --query 'Reservations&#91;].Instances&#91;].PublicIpAddress')<\/code><\/pre>\n\n\n\n<pre id=\"eb2d2a93-ba6b-4421-b929-4689b176d715\" class=\"wp-block-code\"><code>ssh -i kubernetes.id_rsa ubuntu@${external_ip}<\/code><\/pre>\n\n\n\n<p id=\"733dddb6-d54b-4bef-887f-a1257c6b82fe\">\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u51fa\u529b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"805e7bed-1037-41d7-91ba-c332af054235\" class=\"wp-block-code\"><code>sudo crictl -r unix:\/\/\/var\/run\/containerd\/containerd.sock images<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"5ce783b0-b96d-4127-b190-41a75b2dc63e\" class=\"wp-block-code\"><code>IMAGE                       TAG                 IMAGE ID            SIZE\ndocker.io\/coredns\/coredns   1.8.3               3885a5b7f138c       12.9MB\ndocker.io\/coredns\/coredns   1.9.3               5185b96f0becf       14.8MB\ndocker.io\/library\/busybox   1.28                8c811b4aec35f       728kB\nk8s.gcr.io\/pause            3.6                 6270bb605e12e       302kB<\/code><\/pre>\n\n\n\n<p id=\"4b166e86-fae5-492b-b0ca-90b47d3621db\">\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u51fa\u529b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"d6550d9d-6f6c-418c-913b-ac1e41ab72a6\" class=\"wp-block-code\"><code>sudo crictl -r unix:\/\/\/var\/run\/containerd\/containerd.sock pods<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"417b297d-d738-4c17-8b20-1917f2d149d1\" class=\"wp-block-code\"><code>POD ID              CREATED             STATE               NAME                NAMESPACE           ATTEMPT             RUNTIME\n948e94faa3aad       21 hours ago        Ready               busybox             default             0                   (default)<\/code><\/pre>\n\n\n\n<p id=\"ba2f74be-0e0e-4c3a-ab1e-29bd12b2fa58\">\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u51fa\u529b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"13f66df1-b3ad-470b-a9db-e998744246a7\" class=\"wp-block-code\"><code>sudo crictl -r unix:\/\/\/var\/run\/containerd\/containerd.sock ps<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u51fa\u529b\u4f8b<\/strong><\/h4>\n\n\n\n<pre id=\"d6d0c71c-09a4-43a9-ad2e-4c99d325699c\" class=\"wp-block-code\"><code>CONTAINER           IMAGE               CREATED             STATE           NAME           ATTEMPT       POD\u3000ID       \u3000\u3000POD\n65c829a4a642c       8c811b4aec35f       46 minutes ago      Running         busybox        20            948e94faa3aad  \u3000busybox<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"18\">15-\u5f8c\u7247\u4ed8\u3051<\/h2>\n\n\n\n<p id=\"32239055-077e-4b30-b3f6-946f9dee5c3b\">\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001\u3053\u308c\u307e\u3067\u306b\u4f5c\u6210\u3057\u3066\u304d\u305fAWS\u306b\u95a2\u3059\u308b\u30ea\u30bd\u30fc\u30b9\u3092\u524a\u9664\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"18-1\">EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9<\/h3>\n\n\n\n<p id=\"e64c6f21-26f6-4eca-ab73-d309113bec60\">\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ce\u30fc\u30c9\u3001\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u3092\u524a\u9664\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"838e6f73-eb68-4b75-acc0-4c3aae7e4a92\" class=\"wp-block-code\"><code>aws ec2 terminate-instances \\\n  --instance-ids \\\n    $(aws ec2 describe-instances \\\n      --filter \"Name=tag:Name,Values=controller-0,controller-1,controller-2,worker-0,worker-1,worker-2\" \\\n      --output text --query 'Reservations&#91;].Instances&#91;].InstanceId')\naws ec2 delete-key-pair --key-name kubernetes<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"18-2\">Networking<\/h3>\n\n\n\n<p id=\"307e4e1e-74df-423f-b085-f21791e34568\">\u5916\u90e8\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u3001VPC\u7b49\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30ea\u30bd\u30fc\u30b9\u3092\u524a\u9664\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre id=\"c0c4bdbd-3506-41f7-942f-6f951f4a5a92\" class=\"wp-block-code\"><code>aws elbv2 delete-load-balancer --load-balancer-arn \"${LOAD_BALANCER_ARN}\"<\/code><\/pre>\n\n\n\n<pre id=\"34cde6af-b37a-40a0-9031-afac91dfb4e7\" class=\"wp-block-code\"><code>aws elbv2 delete-target-group --target-group-arn \"${TARGET_GROUP_ARN}\"<\/code><\/pre>\n\n\n\n<pre id=\"207e0930-0d31-4356-bfb8-3616bef86c00\" class=\"wp-block-code\"><code>aws ec2 delete-security-group --group-id \"${SECURITY_GROUP_ID}\"\nROUTE_TABLE_ASSOCIATION_ID=\"$(aws ec2 describe-route-tables \\\n  --route-table-ids \"${ROUTE_TABLE_ID}\" \\\n  --output text --query 'RouteTables&#91;].Associations&#91;].RouteTableAssociationId')\"<\/code><\/pre>\n\n\n\n<pre id=\"8485211e-5ad4-4960-b500-6946bc342319\" class=\"wp-block-code\"><code>aws ec2 disassociate-route-table --association-id \"${ROUTE_TABLE_ASSOCIATION_ID}\"<\/code><\/pre>\n\n\n\n<pre id=\"c4dd8458-d2eb-4b0b-ab6c-2a5574aa3baf\" class=\"wp-block-code\"><code>aws ec2 delete-route-table --route-table-id \"${ROUTE_TABLE_ID}\"<\/code><\/pre>\n\n\n\n<pre id=\"78f7d310-c6ab-46cb-93e2-586c3117162b\" class=\"wp-block-code\"><code>aws ec2 detach-internet-gateway \\\n  --internet-gateway-id \"${INTERNET_GATEWAY_ID}\" \\\n  --vpc-id \"${VPC_ID}\"<\/code><\/pre>\n\n\n\n<pre id=\"4979dac7-1a98-4a63-a750-0a403ef05de4\" class=\"wp-block-code\"><code>aws ec2 delete-internet-gateway --internet-gateway-id \"${INTERNET_GATEWAY_ID}\"<\/code><\/pre>\n\n\n\n<pre id=\"58423bc3-db2b-4497-9da2-c5bca4e9e1ee\" class=\"wp-block-code\"><code>aws ec2 delete-subnet --subnet-id \"${SUBNET_ID}\"<\/code><\/pre>\n\n\n\n<pre id=\"3e1bbe0c-69cf-4dea-98e5-98da1746d3d3\" class=\"wp-block-code\"><code>aws ec2 delete-vpc --vpc-id \"${VPC_ID}\"<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"19\">16-\u304a\u308f\u308a\u306b<\/h2>\n\n\n\n<p id=\"49a8fe4c-6c69-49a0-9109-06171b60fc40\">\u4eca\u56de\u306f\u30c4\u30fc\u30eb\u3092\u4f7f\u308f\u305a\u306bKubernetes\u306e\u30af\u30e9\u30b9\u30bf\u3092AWS\u3067\u69cb\u7bc9\u3059\u308b\u65b9\u6cd5\u3092\u7d39\u4ecb\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n\n<p id=\"49a8fe4c-6c69-49a0-9109-06171b60fc40\">Kubernetes\u306e\u521d\u5b66\u8005\u3084\u8cc7\u683c\u8a66\u9a13\u5bfe\u7b56\u306e\u304a\u5f79\u306b\u7acb\u3066\u308c\u3070\u5e78\u3044\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"\u76ee\u6b21 \u306f\u3058\u3081\u306b \u53c2\u8003\u6587\u732e \u69cb\u7bc9\u3059\u308b\u74b0\u5883 \u4e8b\u524d\u6e96\u5099 Amazon Web Service AWS CLI\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb \u30c7\u30d5\u30a9\u30eb\u30c8\u30ea\u30fc\u30b8\u30e7\u30f3\u306e\u8a2d\u5b9a tmux\u3092\u4f7f\u3063\u305f\u30d1\u30e9\u30ec\u30eb\u306a\u30b3\u30de\u30f3\u30c9\u5b9f\u884c \u4f5c\u696d\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4f5c\u6210 \u30af\u30e9\u30a4\u30a2 [&hellip;]","protected":false},"author":23,"featured_media":93,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[19,21],"class_list":["post-654","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-categry-cloud","tag-aws","tag-kubernetes"],"_links":{"self":[{"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/posts\/654"}],"collection":[{"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/comments?post=654"}],"version-history":[{"count":23,"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/posts\/654\/revisions"}],"predecessor-version":[{"id":813,"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/posts\/654\/revisions\/813"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/media\/93"}],"wp:attachment":[{"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/media?parent=654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/categories?post=654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/symphonict.nesic.co.jp\/tech-blog\/wp-json\/wp\/v2\/tags?post=654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}