-
[k8s] TailScale subnet router 적용하기Computer Science/k8s 2023. 8. 24. 21:25
1. TailScale Auth key 생성
2. k8s Secret 생성
3. k8s Role 생성
4. k8s Deployment ( subnet router ) 생성
5. TailScale 연동 및 설정
1. TailScale Auth key 생성
Auth key Auth key를 생성해준다.
2. k8s Secret 생성
#tailscale-secret.yaml apiVersion: v1 kind: Secret metadata: name: tailscale-secret stringData: TS_AUTH_KEY: tskey-auth-######3. k8s Role 생성
# Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # tailscale-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: tailscale rules: - apiGroups: [""] resources: ["secrets"] verbs: ["create"] - apiGroups: [""] # secret에서 생성한 이름 기입 resourceNames: ["tailscale-secret"] resources: ["secrets"] verbs: ["get", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tailscale subjects: - kind: ServiceAccount name: tailscale roleRef: kind: Role name: tailscale apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: tailscale4. k8s Deployment ( subnet router ) 생성
apiVersion: apps/v1 kind: Deployment metadata: labels: app: tailscale name: tailscale-subnet-router namespace: tailscale spec: replicas: 1 selector: matchLabels: app: tailscale template: metadata: labels: app: tailscale spec: containers: - env: - name: TS_KUBE_SECRET value: tailscale-secret - name: TS_USERSPACE value: "true" - name: TS_AUTH_KEY valueFrom: secretKeyRef: key: AUTH_KEY name: tailscale-auth optional: true - name: TS_ROUTES #value: #pod cidr, #service cidr value: 192.168.0.0/16,10.0.0.0/8 image: ghcr.io/tailscale/tailscale:v1.46.1 name: tailscale securityContext: runAsGroup: 1000 runAsUser: 1000 volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access readOnly: true tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 preemptionPolicy: PreemptLowerPriority priority: 0 serviceAccountName: tailscale volumes: - name: kube-api-access projected: sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: fieldPath: metadata.namespace path: namespace5. TailScale 연동 및 설정
위 파일들을 전부 tailscale namespace에 배포해주었다.
그런뒤 아래의 명령어로 로그를 확인해본다면
kubectl logs -l app=tailscale -n tailscale아래와 같이 링크가 나온다.
2023/08/24 12:13:18 stopEngineAndWait... 2023/08/24 12:13:18 requestEngineStatusAndWait 2023/08/24 12:13:18 requestEngineStatusAndWait: waiting... 2023/08/24 12:13:18 requestEngineStatusAndWait: got status update. 2023/08/24 12:13:18 stopEngineAndWait: done. To authenticate, visit: https://login.tailscale.com/a/#####링크에 접속하여 내 tailscale에 등록해주자
그런뒤 이제 machine 설정에서 해당 routes 를 Approve all 해주면된다.
Subnets에 Review 이제 pod의 ip나 service의 ip로 직접 내 TailScale에서 접근할 수 있다.
'Computer Science > k8s' 카테고리의 다른 글
EFS를 pv, pvc로 k8s 환경에서 사용하기 ( NFS ) (0) 2023.08.15 GitHub Action, ECR 과 ArgoCD를 이용하여 CI/CD 구축하기 ( k8s ) (0) 2023.08.15 kubeadm을 통한 kubernetes(1.27) EC2에 설치하기 (0) 2023.07.31 k8s 설치 방식 종류 (0) 2023.07.28 k8s Secret 적용 및 Containers 에서 사용하기 (0) 2023.06.30