\uba87\ub144 \uc804\uc5d0\ub294 \uc880 \uace0\uc0dd\ud55c \uae30\uc5b5\uc774 \uc788\ub294\ub370,
\n\uc774\ubc88\uc5d0\ub294 \ubb54\uac00 \uc27d\uac8c \ub418\ub294\uad70\uc694.<\/p>\n
\ubcf4\ud1b5\uc740 \uc5ec\ub7ec \uc0ac\uc774\ud2b8\ub97c \ucc38\uc870\ud558\uc5ec \ubb38\uc11c\ub97c \uc791\uc131\ud558\uae30\uc5d0 \ucd9c\ucc98\ub97c \uc798 \ud45c\uc2dc\ud558\uc9c0 \uc54a\ub294\ub370, \ubaa8\ub4e0 master\/node \uc5d0 \uc544\ub798 \ub0b4\uc6a9\uc774 \ubc18\uc601\ub418\uc5b4 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \uc6b4\uc601\uc11c\ubc84\uac00 \uc544\ub2c8\ub77c \ud14c\uc2a4\ud2b8\ub97c \uc704\ud55c \uc7a5\ube44\uc778 \uacbd\uc6b0, worker \ub294 4G \uba54\ubaa8\ub9ac\uac00 \ucd5c\uc18c\uc774\uace0 \ub354 \ub9ce\uc774 \ud544\uc694\ud560 \uc218 \uc788\ub2e4. \ub610\ub294 \ud5c8\uc6a9\ud574\uc57c\ud560 \ud3ec\ud2b8\ubaa9\ub85d\uc744 \uc9c0\uc815\ud574 \uc904 \uc218 \uc788\ub2e4.<\/p>\n add-on Weave Net works \uc744 \uc0ac\uc6a9\ud558\ub294 \uacbd\uc6b0 \uc544\ub798 \uba85\ub839\uc744 \uc2e4\ud589\ud55c\ub2e4.<\/p>\n allow-kubernetes \ub77c\ub294 \uc774\ub984\uc758 \ubcf4\uc548\uadf8\ub8f9\uc744 \uc0dd\uc131\ud569\ub2c8\ub2e4. protect-kubernetes \ub77c\ub294 \uc774\ub984\uc758 \ubcf4\uc548\uadf8\ub8f9\uc744 \uc0dd\uc131\ud569\ub2c8\ub2e4. allow-kubernetes, protect-kubernetes \ub97c \ubaa8\ub4e0 master\/node \uc5d0 \ud560\ub2f9\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n \ud14c\uc2a4\ud2b8 \uc6a9\ub3c4\ub85c \uc124\uce58\ud558\ub354\ub77c\ub3c4 \uc2e4\ud589\ud574 \uc8fc\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n Kubernetes \ub294 \ucee8\ud14c\uc774\ub108 \uae30\ubc18\uc73c\ub85c \uc791\ub3d9\ud558\ubbc0\ub85c, \uc5ec\uae30<\/a><\/p>\n kubelet \uc2e4\ud589\uc774 \uc2e4\ud328\ud558\ub294 \uac83\uc740 \uc2e0\uacbd\uc4f0\uc9c0 \uc54a\uc544\ub3c4 \ub429\ub2c8\ub2e4., \ubc18\ub4dc\uc2dc master \uc5d0\uc11c\ub9cc \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n \uc624\ub958\uac00 \ubc1c\uc0dd\ud558\uba74 troubleshoot \ud655\uc778\ud558\uc138\uc694.<\/p>\n \uc704 \uba85\ub839\uc744 \uc774\uc6a9\ud574 node \uac00 master \uc5d0 \uc811\uc18d\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uc544\ub798 \uba85\ub839\uc744 \uc124\uc815\ud574 \uc90c\uc73c\ub85c \ud574\uc11c NotReady \ub294 \ubb34\uc2dc\ud574\ub3c4 \ub429\ub2c8\ub2e4. Pod \uac04 \ud1b5\uc2e0\uc744 \uc704\ud55c add-on Weave Net works \uc744 \uc124\uce58\ud569\ub2c8\ub2e4.<\/p>\n 30\ucd08 \uc5d0\uc11c 1\ubd84 \uc815\ub3c4 \uc9c0\ub098\uba74 \uc544\ub798\ucc98\ub7fc Ready \ub85c \uc0c1\ud0dc\uac00 \ubcc0\uacbd\ub429\ub2c8\ub2e4.<\/p>\n \ud14c\uc2a4\ud2b8 \uc6a9\ub3c4\ub85c \ud558\ub098\uc758 \uc11c\ubc84\uc5d0 \ub9c8\uc2a4\ud130 \ub178\ub4dc\ub9cc \uad6c\uc131\ud558\uace0, \uc544\ub798 \uba85\ub839\uc73c\ub85c Worker node \ub97c \ub4f1\ub85d\ud569\ub2c8\ub2e4.<\/p>\n sudo \ub97c \ubc18\ub4dc\uc2dc \ubd99\uc5ec\uc11c \uc2e4\ud589\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \uc544\ub798 \uba85\ub839\uc73c\ub85c \uc815\uc0c1\uc801\uc73c\ub85c Node \uac00 \ub4f1\ub85d\ub41c \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \ud14c\uc2a4\ud2b8\ub97c \uc704\ud574 nginx \ub97c \uc2e4\ud589\uc2dc\ucf1c \ubd05\ub2c8\ub2e4.<\/p>\n nodePort : \uc678\ubd80 \ud3ec\ud2b8<\/p>\n \uc544\ubb34 \ub178\ub4dc\uc5d0\uc11c\ub3c4 \uc774 \ud3ec\ud2b8\ub85c \uc811\uadfc\ud558\uba74 service port \ub85c \ud3ec\uc6cc\ub529\ub41c\ub2e4. port : \uc11c\ube44\uc2a4 \ud3ec\ud2b8<\/p>\n pod port \ub85c \ud3ec\uc6cc\ub529\ud558\uae30 \uc704\ud55c \uc911\uac04 \ud3ec\ud2b8 containerPort(targetPort) : Pod \uc758 \ud3ec\ud2b8<\/p>\n Pod \uc758 \ud3ec\ud2b8\uc774\ub2e4. \uc804\uccb4\uc801\uc778 \ud750\ub984\uc740 \uba38\uc2e0 \ub0b4\ubd80\uc5d0\uc11c\ub294 podIP + \ucee8\ud14c\uc774\ub108\ud3ec\ud2b8 \ub97c \ud1b5\ud574 \ubc14\ub85c \uc811\uc18d \uac00\ub2a5\ud558\ub2e4. \uba38\uc2e0 \ub0b4\ubd80\uc5d0\uc11c\ub294 \ud074\ub7ec\uc2a4\ud130\uc544\uc774\ud53c + \uc11c\ube44\uc2a4\ud3ec\ud2b8 \ub97c \ud1b5\ud574 \uc811\uc18d \uac00\ub2a5\ud558\ub2e4. NodePort \ub85c\ub294 \uc678\ubd80\uc5d0\uc11c\ub9cc \uc811\uc18d\uac00\ub2a5\ud558\ub2e4. 3 \uac1c\uc758 \uc778\uc2a4\ud134\uc2a4\uac00 \uc2e4\ud589\uc911\uc778 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n nginx \uac00 \uc2e4\ud589\uc911\uc778\uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. k8s \ub0b4\ubd80 \uc544\uc774\ud53c\ub97c \uc774\uc6a9\ud574 \uc811\uc18d\uc774 \uac00\ub2a5\ud558\uc9c0\ub9cc, nodePort \uc5d0 \ud560\ub2f9\ub41c \uc678\ubd80\ud3ec\ud2b8 31001 \ub97c \ud1b5\ud574 nginx \uc5d0 \uc811\uadfc\uc774 \uac00\ub2a5\ud569\ub2c8\ub2e4.<\/p>\n http:\/\/<node \uc11c\ubc84 \uc544\uc774\ud53c>:31001\/ \ub85c \uc811\uc18d\ud558\uba74 nginx \uac00 \uc2e4\ud589\ub41c \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n Worker \ub178\ub4dc\uc5d0\uc11c\ub294 \ub178\ub4dc\uc544\uc774\ud53c + \uc11c\ube44\uc2a4\ud3ec\ud2b8\ub85c \uc811\uc18d\uc774 \uac00\ub2a5\ud558\ub2e4. Master \ub178\ub4dc Worker \uc758 \uc678\ubd80\uc544\uc774\ud53c + \ub178\ub4dc\ud3ec\ud2b8 \ub97c \uc774\uc6a9\ud574 \uc811\uc18d\ud560 \uc218 \uc788\ub2e4.<\/p>\n \uae30\uc874 docker \uba85\ub839\uc5b4 \ub300\uc2e0 containerd \ub97c \uc774\uc6a9\ud574 \ub3c4\ucee4\ub97c \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n master \uac00 \uc544\ub2c8\ub77c worker node \uc544\uc774\ud53c\ub85c \uc811\uc18d\ud569\ub2c8\ub2e4.<\/p>\n https:\/\/<worker node \uc544\uc774\ud53c>:30239\/<\/p>\n \ub9cc\uc57d Chrome \uc73c\ub85c \uc811\uc18d\uc911\uc774\ub77c\uba74 \uc778\uc99d\uc624\ub958\ubb34\uc2dc\ud558\uae30 \ubc84\ud2bc\uc774 \ud45c\uc2dc\uac00 \uc548\ub429\ub2c8\ub2e4. \uc0dd\uc131\ud55c token \uc73c\ub85c dashboard \uc5d0 \uc811\uc18d\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uc704\uc5d0\uc11c \uc0dd\uc131\ud55c token \uc740 1\ud68c\uc131\uc785\ub2c8\ub2e4. \uc4f0\ub2e4\ubcf4\uba74 \uc9c0\ub098\uce58\ub2e4 \uc2f6\uc744 \uc815\ub3c4\ub85c token ttl \uc774 \uc9e7\uc2b5\ub2c8\ub2e4. kube-apiserver \uc124\uc815\uc744 \uc218\uc815\ud569\ub2c8\ub2e4. self signed \uc778\uc99d\uc11c\ub97c \ud5c8\uc6a9\ud558\ub3c4\ub85d \uc218\uc815\ud569\ub2c8\ub2e4.<\/p>\n \uc624\ub958\uac00 \ubc1c\uc0dd\ud558\uba74 troubleshoot \ud655\uc778\ud558\uc138\uc694.<\/p>\n \ud574\uacb0\ucc45<\/p>\n \uc544\ub798 \uba85\ub839\uc744 master\/node \uc5d0 \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n \uc544\ub798\uc640 \uac19\uc740 \uc624\ub958\uac00 \ubc1c\uc0dd\ud558\uba74…<\/p>\n \uc544\ub798 \uba85\ub839\uc744 \uc218\ud589\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n \uc544\ub798 \uba85\ub839\uc744 \uc218\ud589\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n \uc0dd\uc131\ub41c token \uc740 24\uc2dc\uac04\uc758 \uc720\ud6a8\uae30\uac04\uc744 \uac00\uc9d1\ub2c8\ub2e4. Pod Auto-scaling<\/a><\/p>\n<\/li>\n Node Auto-scaling(Cluster AutuScaler)<\/p>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":" Ubuntu 20.04 \uc5d0\uc11c Kubernetes \uc124\uce58\ud558\uae30 \uba87\ub144 \uc804\uc5d0\ub294 \uc880 \uace0\uc0dd\ud55c \uae30\uc5b5\uc774 \uc788\ub294\ub370, \uc774\ubc88\uc5d0\ub294 \ubb54\uac00 \uc27d\uac8c \ub418\ub294\uad70\uc694. \uac10\uc0ac \ubcf4\ud1b5\uc740 \uc5ec\ub7ec \uc0ac\uc774\ud2b8\ub97c \ucc38\uc870\ud558\uc5ec \ubb38\uc11c\ub97c \uc791\uc131\ud558\uae30\uc5d0 \ucd9c\ucc98\ub97c \uc798 \ud45c\uc2dc\ud558\uc9c0 \uc54a\ub294\ub370, \uc774 \ubb38\uc11c\ub294 \uc5ec\uae30 \uc5d0\uc11c \uc0c1\ub2f9\ub7c9\uc758 \ub0b4\uc6a9\uc744 \uac00\uc838\uc640\uc11c \ucd9c\ucc98\ub97c \uc801\uc5b4\ub193\uc2b5\ub2c8\ub2e4. \uc900\ube44\uc0ac\ud56d \ubaa8\ub4e0 master\/node \uc5d0 \uc544\ub798 \ub0b4\uc6a9\uc774 \ubc18\uc601\ub418\uc5b4 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4. 2G \uc774\uc0c1\uc758 \uba54\ubaa8\ub9ac 2 CPU core \uc774\uc0c1 \ubc29\ud654\ubcbd off, \ubcf4\uc548\uadf8\ub8f9 \uc124\uc815(AWS\uc778\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-6630","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6630"}],"version-history":[{"count":109,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6630\/revisions"}],"predecessor-version":[{"id":10522,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6630\/revisions\/10522"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\uc774 \ubb38\uc11c\ub294 \uc5ec\uae30<\/a> \uc5d0\uc11c \uc0c1\ub2f9\ub7c9\uc758 \ub0b4\uc6a9\uc744 \uac00\uc838\uc640\uc11c \ucd9c\ucc98\ub97c \uc801\uc5b4\ub193\uc2b5\ub2c8\ub2e4.<\/p>\n\uc900\ube44\uc0ac\ud56d<\/h2>\n
\n
\ud14c\uc2a4\ud2b8\uc6a9 \uc7a5\ube44 \uc2a4\ud399<\/h3>\n
\nmaster \ub294 2G \uba54\ubaa8\ub9ac\uba74 \ucda9\ubd84\ud55c \ub4ef\ud558\ub2e4.(t3.small \ucd94\ucc9c)<\/p>\n
\n\ub514\uc2a4\ud06c\ub294 20G \uc815\ub3c4\ub294 \ud560\ub2f9\ud558\uc790.
\n(\uba54\ubaa8\ub9ac\ub294 \uc62c\ub9ac\uae30 \uc26c\uc6b4\ub370 \ub514\uc2a4\ud06c\ub294 \ubcf5\uc7a1\ud558\ub2e4.)<\/p>\n\ubc29\ud654\ubcbd off<\/h3>\n
sudo ufw disable<\/code><\/pre>\n# Master\nsudo ufw enable\nsudo ufw allow 6443\/tcp\nsudo ufw allow 2379:2380\/tcp\nsudo ufw allow 10250\/tcp\nsudo ufw allow 10251\/tcp\nsudo ufw allow 10252\/tcp\nsudo ufw status\n\n# Worker\nsudo ufw enable\nsudo ufw allow 10250\/tcp\nsudo ufw allow 30000:32767\/tcp\nsudo ufw status<\/code><\/pre>\nsudo ufw route allow in on weave out on weave<\/code><\/pre>\n\ubcf4\uc548\uadf8\ub8f9 \uc124\uc815(AWS)<\/h3>\n
\ninbound\/outbound \ub294 \uc124\uc815\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n
\ninbound \uc5d0 \uc544\ub798 \ub0b4\uc6a9\uc744 \uc124\uc815\ud569\ub2c8\ub2e4.<\/p>\n\n
Swap off<\/h3>\n
sudo swapoff -a && sudo sed -i '\/swap\/s\/^\/#\/' \/etc\/fstab<\/code><\/pre>\nDocker, containerd \uc124\uce58 (\ubaa8\ub4e0 master, worker node)<\/h2>\n
\nDocker, containerd \ub97c \uc120\ud589\ud558\uc5ec \uc124\uce58\ud569\ub2c8\ub2e4.<\/p>\nKubernetes \uc124\uce58<\/h2>\n
kubelet, kubeadm, kubectl \uc124\uce58 (\ubaa8\ub4e0 master, worker node)<\/h3>\n
cat <<EOF | sudo tee \/etc\/modules-load.d\/k8s.conf\nbr_netfilter\nEOF\n\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nEOF\n\nsudo sysctl --system<\/code><\/pre>\nsudo apt-get update\nsudo apt-get install -y apt-transport-https ca-certificates curl\n\nsudo curl -fsSLo \/usr\/share\/keyrings\/kubernetes-archive-keyring.gpg https:\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg\n\necho "deb [signed-by=\/usr\/share\/keyrings\/kubernetes-archive-keyring.gpg] https:\/\/apt.kubernetes.io\/ kubernetes-xenial main" | sudo tee \/etc\/apt\/sources.list.d\/kubernetes.list<\/code><\/pre>\nsudo apt-get update\nsudo apt-get install -y kubelet kubeadm kubectl\nsudo apt-mark hold kubelet kubeadm kubectl<\/code><\/pre>\nsudo systemctl daemon-reload\nsudo systemctl restart kubelet<\/code><\/pre>\n
\n\uc544\ub798 \uba85\ub839\uc744 \uc2e4\ud589\ud558\uba74 kubelet \ub3c4 \uc815\uc0c1\uc801\uc73c\ub85c \uc2e4\ud589\ub429\ub2c8\ub2e4.<\/p>\nControl-plane \uad6c\uc131 (master only)<\/h3>\n
sudo kubeadm init<\/code><\/pre>\nThen you can join any number of worker nodes by running the following on each as root:\n\nkubeadm join 172.31.16.157:6443 --token ou08ek.xzjXXXXXXXXXXXXX \\\n --discovery-token-ca-cert-hash sha256:6e0305d27b12b3f8b51d8e021138d59227124c2XXXXXXXXXXXXXXXX<\/code><\/pre>\nsudo<\/code> \uc5c6\uc774 kubectl<\/code> \uc744 \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\n# sudo \ub97c \ubd99\uc774\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.\nkubectl get nodes\n---------------------------\nNAME STATUS ROLES AGE VERSION\nip-172-31-20-177 NotReady control-plane 79s v1.25.3<\/code><\/pre>\n
\n\uc544\ub798 \ud50c\ub7ec\uadf8\uc778\uc744 \uc124\uce58\ud558\uba74 \ud574\uacb0\ub429\ub2c8\ub2e4.<\/p>\nPod network \uc560\ub4dc\uc628 \uc124\uce58 (master only)<\/h3>\n
kubectl apply -f https:\/\/github.com\/weaveworks\/weave\/releases\/download\/v2.8.1\/weave-daemonset-k8s.yaml<\/code><\/pre>\nkubectl get nodes\nNAME STATUS ROLES AGE VERSION\nip-172-31-20-177 Ready control-plane 3m5s v1.25.3<\/code><\/pre>\nWorker Node \ub97c \uad6c\uc131\ud558\uc9c0 \uc54a\uc744 \uacbd\uc6b0 (master only)<\/h3>\n
\n\uadf8 \uc704\uc5d0 Pod \ub97c \uc2e4\ud589\ud558\ub824\ub294 \uacbd\uc6b0 \uc544\ub798 \uba85\ub839\uc744 \uc2e4\ud589\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n# kubectl taint nodes --all node-role.kubernetes.io\/master-\nkubectl taint nodes --all node-role.kubernetes.io\/control-plane-<\/code><\/pre>\nWorker node \uad6c\uc131 (worker node only)<\/h3>\n
sudo kubeadm join 172.31.16.157:6443 --token ou08ek.xzjXXXXXXXXXXXXX \\\n --discovery-token-ca-cert-hash sha256:6e0305d27b12b3f8b51d8e021138d59227124c2XXXXXXXXXXXXXXXX<\/code><\/pre>\nMaster \uc5d0\uc11c \ub178\ub4dc \ud655\uc778\ud558\uae30 (master)<\/h3>\n
kubectl get nodes\n---------------------------\nNAME STATUS ROLES AGE VERSION\nip-172-31-16-213 Ready <none> 59s v1.25.3\nip-172-31-20-177 Ready control-plane 11m v1.25.3<\/code><\/pre>\n\uc790\ub3d9 \uc644\uc131 \uc124\uc815 (master)<\/h3>\n
source <(kubectl completion bash)\necho "source <(kubectl completion bash)" >> ~\/.bashrc<\/code><\/pre>\nnginx \uc2e4\ud589 \ubc0f \uc0ad\uc81c<\/h2>\n
port \uc815\ub9ac<\/h3>\n
\n
\n\ubc18\ub4dc\uc2dc \uc678\ubd80\uc544\uc774\ud53c + \ub178\ub4dc\ud3ec\ud2b8\ub85c \uc811\uc18d\ud574\uc57c \ud55c\ub2e4.<\/p>\n<\/li>\n
\nWorker \ub178\ub4dc\uc5d0\uc11c\ub9cc \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4.
\n\ud074\ub7ec\uc2a4\ud130\uc544\uc774\ud53c + \uc11c\ube44\uc2a4\ud3ec\ud2b8\ub85c \uc811\uc18d\ud574\uc57c \ud55c\ub2e4.<\/p>\n<\/li>\n
\nWorker \ub178\ub4dc\uc5d0\uc11c\ub9cc \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4.
\nPod\uc544\uc774\ud53c + \ucee8\ud14c\uc774\ub108\ud3ec\ud2b8\ub85c \uc811\uc18d\ud574\uc57c \ud55c\ub2e4.<\/p>\n<\/li>\n<\/ul>\nnodePort<\/code> -> port<\/code> -> containerPort(targetPort)<\/code> \uac00 \ub41c\ub2e4.<\/p>\nkubectl get pod -o yaml | grep " podIP: "\n podIP: 10.32.0.5\n podIP: 10.32.0.6\n podIP: 10.32.0.7\n\nkubectl get svc | grep my-nginx\nmy-nginx NodePort 10.110.214.52 <none> 8080:31001\/TCP 69s<\/code><\/pre>\n
\nMaster \uc5d0\uc11c\ub294 \uc811\uc18d\ud560 \uc218 \uc5c6\ub2e4.
\nWorker \ub178\ub4dc\uc5d0\uc11c\ub9cc \uc811\uc18d\uac00\ub2a5\ud558\ub2e4.<\/p>\ncurl 10.32.0.5<\/code><\/pre>\n
\nMaster \uc5d0\uc11c\ub294 \uc811\uc18d\ud560 \uc218 \uc5c6\ub2e4.
\nWorker \ub178\ub4dc\uc5d0\uc11c\ub9cc \uc811\uc18d\uac00\ub2a5\ud558\ub2e4.<\/p>\n
\nNodePort \ub85c \uc811\uc18d\ud558\ub824\uba74 localhost \uc640 \uac19\uc774 \ud074\ub7ec\uc2a4\ud130 \uc678\ubd80 \uc544\uc774\ud53c\/\ub3c4\uba54\uc778\uc744 \uc774\uc6a9\ud574\uc57c \ud55c\ub2e4.<\/p>\n# OK\ncurl 10.97.13.166:8080\n\n# Timeout\ncurl 10.97.13.166:31001\n\n# OK\ncurl localhost:31001\/<\/code><\/pre>\nDeployment \uc0dd\uc131<\/h3>\n
vi nginx-deployment.yaml\n---------------------------\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n name: nginx-deployment\n labels:\n app: nginx\nspec:\n replicas: 3 # 3\uac1c\uc758 pod\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80 # \ucee8\ud14c\uc774\ub108 \ud3ec\ud2b8(pod \ud3ec\ud2b8)\n---------------------------<\/code><\/pre>\nkubectl apply -f nginx-deployment.yaml<\/code><\/pre>\nkubectl get deployments\nNAME READY UP-TO-DATE AVAILABLE AGE\nnginx-deployment 3\/3 3 3 21s<\/code><\/pre>\nkubectl get pod\nkubectl get pod -o yaml | grep nodeName\nkubectl get pod -o yaml | grep " podIP: "<\/code><\/pre>\n
\nWorker \ub178\ub4dc\uc5d0\uc11c\ub9cc \uc811\uc18d\uc774 \uac00\ub2a5\ud558\ub2e4.
\nMaster \ub178\ub4dc\uc5d0\uc11c\ub294 \uc811\uc18d\ud560 \uc218 \uc5c6\ub2e4.<\/p>\ncurl 10.44.0.1 | grep title\ncurl 10.44.0.2 | grep title\ncurl 10.44.0.3 | grep title<\/code><\/pre>\nService \uc0dd\uc131<\/h3>\n
\n\ud074\ub7ec\uc2a4\ud130 \uc678\ubd80\uc5d0\uc11c \uc811\uc18d\ud558\uae30 \uc704\ud574\uc11c\ub294 \uc11c\ube44\uc2a4\ub97c \uc0dd\uc131\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\nvi nginx-svc.yaml\n---------------------------\napiVersion: v1\nkind: Service\nmetadata:\n name: my-nginx\n labels:\n run: my-nginx\nspec:\n type: NodePort # \uc11c\ube44\uc2a4 \ud0c0\uc785\n ports:\n - nodePort: 31001 # \uc678\ubd80 \ud3ec\ud2b8\n port: 8080 # \uc11c\ube44\uc2a4 \ud3ec\ud2b8\n targetPort: 80 # \ucee8\ud14c\uc774\ub108 \ud3ec\ud2b8(pod \ud3ec\ud2b8)\n protocol: TCP\n name: http\n selector:\n app: nginx\n---------------------------<\/code><\/pre>\nkubectl apply -f nginx-svc.yaml<\/code><\/pre>\nkubectl get svc | grep my-nginx\nmy-nginx NodePort 10.110.214.52 <none> 8080:31001\/TCP 69s<\/code><\/pre>\n
\n\ub178\ub4dc\uc544\uc774\ud53c + \ub178\ub4dc\ud3ec\ud2b8\ub85c\ub294 \uc811\uc18d\ud560 \uc218 \uc5c6\ub2e4.<\/p>\nnginx \uc0ad\uc81c<\/h3>\n
# service \uc0ad\uc81c\nkubectl delete -n default service my-nginx\n\n# deployments \uc0ad\uc81c\nkubectl get deployments\nkubectl delete deployments nginx-deployment<\/code><\/pre>\ncontainerd \uba85\ub839\uc5b4<\/h3>\n
sudo ctr namespaces list\nsudo ctr -n k8s.io container list\nsudo ctr -n k8s.io image list<\/code><\/pre>\nWeb UI(dashboard) \uc124\uce58\ud558\uae30 (master)<\/h2>\n
dashboard \uc124\uce58<\/h3>\n
wget https:\/\/raw.githubusercontent.com\/kubernetes\/dashboard\/v2.5.0\/aio\/deploy\/recommended.yaml<\/code><\/pre>\nvi recommended.yaml\n---------------------------\nkind: Service\napiVersion: v1\nmetadata:\n labels:\n k8s-app: kubernetes-dashboard\n name: kubernetes-dashboard\n namespace: kubernetes-dashboard\nspec:\n type: NodePort # \uc774\uac70\n ports:\n - port: 443\n targetPort: 8443\n nodePort: 30239 # \uc774\uac70\n selector:\n k8s-app: kubernetes-dashboard\n---------------------------<\/code><\/pre>\nkubectl apply -f recommended.yaml<\/code><\/pre>\nkubectl get deployments -n kubernetes-dashboard\nkubectl get pod -n kubernetes-dashboard\n\nkubectl describe pod kubernetes-dashboard-XXXXXXXXXXXX -n kubernetes-dashboard\n---------------------------\n Normal Pulled 2m kubelet Successfully pulled image "kubernetesui\/dashboard:v2.5.0" in 7.729310884s\n Normal Created 2m kubelet Created container kubernetes-dashboard\n Normal Started 119s kubelet Started container kubernetes-dashboard<\/code><\/pre>\nkubectl get svc -n kubernetes-dashboard<\/code><\/pre>\n\n
\n\uc774\ub7f4 \ub54c\ub294 \uc6f9\uc0ac\uc774\ud2b8 \ud654\uba74 \uc544\ubb34\uacf3\uc774\ub098 \ud074\ub9ad \ud6c4 thisisunsafe<\/code> \ub77c\uace0 \ud0c0\uc774\ud551\ud558\uba74 \uc811\uc18d\uc774 \ub429\ub2c8\ub2e4.<\/p>\n<\/blockquote>\n\uacc4\uc815 \uc0dd\uc131<\/h3>\n
vi dashboard-user.yaml\n---------------------------\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: admin-user\n namespace: kubernetes-dashboard\n\n---\n\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRoleBinding\nmetadata:\n name: admin-user\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n name: admin-user\n namespace: kubernetes-dashboard\n---------------------------\n<\/code><\/pre>\nkubectl apply -f dashboard-user.yaml<\/code><\/pre>\nkubectl -n kubernetes-dashboard create token admin-user<\/code><\/pre>\n\n
\n\uc720\ud6a8\uc2dc\uac04\uc774 \uacbd\uacfc\ud558\uba74 \uc704 \uba85\ub839\uc73c\ub85c token \uc744 \uc7ac\ubc1c\uae09\ud569\ub2c8\ub2e4.<\/p>\n<\/blockquote>\ntoken ttl \ub298\ub9ac\uae30<\/h3>\n
\n\uc544\ub798 \ubc29\ubc95\uc73c\ub85c ttl \uc744 12\uc2dc\uac04\uc73c\ub85c \ub298\ub9b4 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\nkubectl -n kubernetes-dashboard edit deployments kubernetes-dashboard\n---------------------------\n spec:\n securityContext:\n seccompProfile:\n type: RuntimeDefault\n containers:\n - name: kubernetes-dashboard\n image: kubernetesui\/dashboard:v2.5.0\n imagePullPolicy: Always\n ports:\n - containerPort: 8443\n protocol: TCP\n args:\n - --auto-generate-certificates\n - --namespace=kubernetes-dashboard\n - --token-ttl=43200 # \uc5ec\uae30\n---------------------------<\/code><\/pre>\nKubernetes Metrics Server<\/h2>\n
\nk8s \uac00 \ud30c\uc77c\ubcc0\uacbd\uc744 \ubaa8\ub2c8\ud130\ub9c1\ud574\uc11c kube-apiserver \ub97c \uc790\ub3d9\uc73c\ub85c \uc7ac\uc2dc\uc791\ud574 \uc90d\ub2c8\ub2e4.<\/p>\nsudo vi \/etc\/kubernetes\/manifests\/kube-apiserver.yaml\n---------------------------\nspec:\n containers:\n - command:\n - kube-apiserver\n - --enable-aggregator-routing=true # \uc5ec\uae30\n - --advertise-address=172.31.20.177\n - --allow-privileged=true\n - --authorization-mode=Node,RBAC\n---------------------------<\/code><\/pre>\nwget https:\/\/github.com\/kubernetes-sigs\/metrics-server\/releases\/latest\/download\/components.yaml\n\nvi components.yaml\n---------------------------\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n labels:\n k8s-app: metrics-server\n name: metrics-server\n namespace: kube-system\nspec:\n selector:\n matchLabels:\n k8s-app: metrics-server\n strategy:\n rollingUpdate:\n maxUnavailable: 0\n template:\n metadata:\n labels:\n k8s-app: metrics-server\n spec:\n containers:\n - args:\n - --kubelet-insecure-tls # \uc5ec\uae30\n - --cert-dir=\/tmp\n - --secure-port=4443\n---------------------------\n\nkubectl apply -f components.yaml<\/code><\/pre>\nkubectl get deployment metrics-server -n kube-system\n---------------------------\nNAME READY UP-TO-DATE AVAILABLE AGE\nmetrics-server 1\/1 1 1 44m\n\nkubectl logs deployment\/metrics-server -n kube-system<\/code><\/pre>\nkubectl top pod\nNAME CPU(cores) MEMORY(bytes)\nnginx-deployment-7fb96c846b-2mpg7 0m 1Mi\nnginx-deployment-7fb96c846b-d222z 0m 1Mi\nnginx-deployment-7fb96c846b-zgqbp 0m 1Mi\n\nkubectl top nodes\nNAME CPU(cores) CPU% MEMORY(bytes) MEMORY%\nip-172-31-16-213 29m 1% 1087Mi 28%\nip-172-31-20-177 103m 5% 1407Mi 36%<\/code><\/pre>\ntroubleshoot<\/h2>\n
kubeadm init \uc911 \uc624\ub958\ubc1c\uc0dd<\/h3>\n
getting status of runtime: rpc error: code = Unimplemented desc = unknown service runtime.v1alpha2.RuntimeService<\/code><\/pre>\nsudo rm \/etc\/containerd\/config.toml\nsudo systemctl restart containerd<\/code><\/pre>\nServiceUnavailable<\/h3>\n
kubectl top pod\nError from server (ServiceUnavailable): the server is currently unable to handle the request (get pods.metrics.k8s.io)\n\nkubectl top nodes\nError from server (ServiceUnavailable): the server is currently unable to handle the request (get pods.metrics.k8s.io)<\/code><\/pre>\nkubectl edit deployment.apps\/metrics-server -n kube-system\n---------------------------\n dnsPolicy: ClusterFirst\n hostNetwork: true\n nodeSelector:\n---------------------------<\/code><\/pre>\nlocalhost:8080 was refused<\/h3>\n
The connection to the server localhost:8080 was refused - did you specify the right host or port?<\/code><\/pre>\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config<\/code><\/pre>\nNetworkPluginNotReady<\/h3>\n
NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized<\/code><\/pre>\nsudo systemctl restart containerd\nkubectl get nodes<\/code><\/pre>\ntoken \uc7ac\ubc1c\uae09<\/h3>\n
\n\uc544\ub798 \uba85\ub839\uc73c\ub85c \ud1a0\ud070\uc744 \uc7ac\ubc1c\uae09\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\nkubeadm token list\n\n# Token \uac12\nkubeadm token create\n\n# Hash \uac12\nopenssl x509 -pubkey -in \/etc\/kubernetes\/pki\/ca.crt | openssl rsa -pubin -outform der 2>\/dev\/null | openssl dgst -sha256 -hex | sed 's\/^.* \/\/'\n\n# join\nkubeadm join <172.31.16.157:6443> --token <Token \uac12> --discovery-token-ca-cert-hash sha256:<Hash \uac12><\/code><\/pre>\nx509: cannot validate certificate for XXX.XXX.XXX.XXX because it doesn’t contain any IP SANs<\/h3>\n
kubectl edit -n kube-system deployments.apps metrics-server\n......\nspec:\n......\n spec:\n containers:\n - args:\n - --cert-dir=\/tmp\n - --secure-port=4443\n - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname\n - --kubelet-use-node-status-port\n - --metric-resolution=15s\n - --kubelet-insecure-tls # \uc774\uac70\n image: k8s.gcr.io\/metrics-server\/metrics-server:v0.6.2\n......<\/code><\/pre>\n\ub2e4\uc2dc \uc124\uce58<\/h3>\n
sudo systemctl stop kubelet\nsudo kubeadm reset\n\nsudo rm -rf \/etc\/cni\/net.d\nsudo rm -rf $HOME\/.kube\/<\/code><\/pre>\nAuto-scaling<\/h2>\n
\n