\ucc38\uc870<\/a><\/p>\n \ucc38\uc870<\/a><\/p>\n \ucc38\uc870<\/a><\/p>\n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<\/p>\n \ubaa8\ub4e0 master\/worker node \uc5d0 \uc544\ub798 \ub0b4\uc6a9\uc774 \ubc18\uc601\ub418\uc5b4 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \uac1c\ubc1c\uc11c\ubc84\ub77c\uba74 \uc544\ub798\uc758 \ubc29\ubc95\uc73c\ub85c \ubc29\ud654\ubcbd\uc744 disable \ud574\uc8fc\uba74 \ub41c\ub2e4.<\/p>\n \uc6b4\uc601\uc11c\ubc84\ub77c\uba74 \uc544\ub798\uc5d0\uc11c \uc124\uba85\ud558\ub294 \ubc29\uc2dd\uc73c\ub85c \ud544\uc694\ud55c \ud3ec\ud2b8\ub9cc \uc624\ud508\ud574 \uc900\ub2e4.<\/p>\n RockyLinux \ub294 \ud1b5\uc0c1\uc801\uc778 CentOS \ubc29\uc2dd\uc73c\ub85c \uc124\uce58\uac00 \ub418\uc9c0 \uc54a\uace0 \uc544\ub798 \ubc29\uc2dd\uc744 \uc124\uce58\ud574\uc57c \ud55c\ub2e4.<\/p>\n \uc6b4\uc601\uc11c\ubc84\ub77c\uba74 \uc544\ub798\uc758 \ubc29\uc2dd\uc73c\ub85c \ub9c8\uc2a4\ud130\/\uc6cc\ucee4 \ub178\ub4dc\uc758 \ubc29\ud654\ubcbd\uc744 \uc624\ud508\ud574 \uc900\ub2e4.<\/p>\n \ub9c8\uc2a4\ud130<\/p>\n \uc6cc\ucee4<\/p>\n 1 \ubc88 \uc11c\ubc84\uc5d0 haproxy \ub97c \uc124\uce58\ud558\uace0 16443 \ud3ec\ud2b8\ub85c \ub4e4\uc5b4\uc624\ub294 \uc694\uccad\uc744 1\/2\/3 \ubc88 \uc11c\ubc84\ub85c \ubd84\uc0b0\uc2dc\ucf1c \uc904 \uc218 \uc788\ub2e4.<\/p>\n \uc704 \uba85\ub839\uc744 root \ub85c \uc2e4\ud589\ud574\uc11c \ub9c8\uc2a4\ud130 \ub178\ub4dc\ub97c \ucd94\uac00\ud560 \uc218 \uc788\ub2e4. calico network \ud50c\ub7ec\uadf8\uc778\uc744 \uc4f0\uae30 \ub54c\ubb38\uc5d0 \uc544\ub798 \uba85\ub839\uc744 \uc774\uc6a9\ud574 \ucd94\uac00 \ub9c8\uc2a4\ud130 \ub178\ub4dc\ub97c \ucd94\uac00\ud560 \uc218 \uc788\ub2e4.<\/p>\n \ub9c8\uc2a4\ud130 \ub178\ub4dc\uc5d0\ub3c4 Pod \ub97c \uc0dd\uc131\ud55c\ub2e4\uba74 \uc544\ub798\uba85\ub839\uc744 \uc218\ud589\ud574 \uc900\ub2e4.<\/p>\n \uc544\ub798 \uba85\ub839\uc744 \uc774\uc6a9\ud574 \uc6cc\ucee4 \ub178\ub4dc\ub97c \ucd94\uac00\ud560 \uc218 \uc788\ub2e4.<\/p>\n \ud1a0\ud070\uc774 \ub9cc\ub8cc\ub418\uba74 \uc544\ub798 \uba85\ub839\uc744 \uc774\uc6a9\ud574 \ud1a0\ud070\uc744 \uc7ac\ubc1c\uae09 \ubc1b\uc744 \uc218 \uc788\ub2e4.<\/p>\n RockyLinux(CentOS 8) \uc5d0\uc11c Kubernetes \uc124\uce58\ud558\uae30 \ucc38\uc870 \ucc38\uc870 \ucc38\uc870 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-7317","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7317"}],"version-history":[{"count":29,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7317\/revisions"}],"predecessor-version":[{"id":7401,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7317\/revisions\/7401"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\uc0ac\uc804 \uc900\ube44<\/h2>\n
\n
sudo \uacc4\uc815\uc0dd\uc131<\/h3>\n
useradd -d \/home\/username username\necho "password" | passwd username --stdin\n\nchmod 700 \/usr\/bin\/su\n\nsed -ie '\/wheel\/s\/$\/\\:username\/' \/etc\/group<\/code><\/pre>\n\ubc29\ud654\ubcbd off<\/h3>\n
sudo systemctl stop firewalld && sudo systemctl disable firewalld\n\nsudo setenforce 0\nsudo sed -i 's\/SELINUX=enforcing\/SELINUX=disabled\/g' \/etc\/selinux\/config<\/code><\/pre>\nSwap off<\/h3>\n
sudo swapoff -a\nsudo sed -i -e '\/swap\/d' \/etc\/fstab<\/code><\/pre>\nhosts \ud30c\uc77c \uc218\uc815(\uc635\uc158)<\/h3>\n
vi \/etc\/hosts\n---------------------------\n172.16.0.101 node-01\n172.16.0.102 node-02\n172.16.0.103 node-03\n172.16.0.104 node-04\n172.16.0.105 node-05\n---------------------------<\/code><\/pre>\nDocker, containerd \uc124\uce58 (\ubaa8\ub4e0 master, worker node)<\/h2>\n
Docker \uc124\uce58<\/h3>\n
sudo dnf config-manager --add-repo=https:\/\/download.docker.com\/linux\/centos\/docker-ce.repo\n\nsudo dnf update\n\n# \ucda9\ub3cc\ub098\ub294 \ud328\ud0a4\uc9c0\ub97c \uad50\uccb4\ud55c\ub2e4.(ex, podman)\nsudo dnf install -y docker-ce docker-ce-cli containerd.io --allowerasing\n\ndocker --version\n\nsudo systemctl enable docker\nsudo systemctl start docker\nsudo systemctl status docker\n\nsudo usermod -aG docker \uacc4\uc815\uc544\uc774\ub514\nid \uacc4\uc815\uc544\uc774\ub514<\/code><\/pre>\nsudo mkdir -p \/etc\/docker\ncat <<EOF | sudo tee \/etc\/docker\/daemon.json\n{\n "exec-opts": ["native.cgroupdriver=systemd"],\n "log-driver": "json-file",\n "log-opts": {\n "max-size": "100m"\n },\n "storage-driver": "overlay2"\n}\nEOF\n\nsudo systemctl daemon-reload\nsudo systemctl restart docker<\/code><\/pre>\ncontainerd \uc124\uce58<\/h3>\n
cat <<EOF | sudo tee \/etc\/modules-load.d\/containerd.conf\noverlay\nbr_netfilter\nEOF\n\nsudo modprobe overlay\nsudo modprobe br_netfilter\n\ncat <<EOF | sudo tee \/etc\/sysctl.d\/99-kubernetes-cri.conf\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nEOF\n\nsudo sysctl --system<\/code><\/pre>\ncat <<EOF | sudo tee \/etc\/yum.repos.d\/kubernetes.repo\n[kubernetes]\nname=Kubernetes\nbaseurl=https:\/\/packages.cloud.google.com\/yum\/repos\/kubernetes-el7-\\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=0\ngpgkey=https:\/\/packages.cloud.google.com\/yum\/doc\/yum-key.gpg https:\/\/packages.cloud.google.com\/yum\/doc\/rpm-package-key.gpg\nexclude=kubelet kubeadm kubectl\nEOF\n\nsudo dnf -y install kubelet kubeadm kubectl --disableexcludes=kubernetes epel-release\nsudo systemctl enable --now kubelet<\/code><\/pre>\nsudo mkdir -p \/etc\/containerd\ncontainerd config default | sudo tee \/etc\/containerd\/config.toml<\/code><\/pre>\nsudo vi \/etc\/containerd\/config.toml\n---------------------------\n......\n [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]\n SystemdCgroup = true\n......\n---------------------------<\/code><\/pre>\nsudo systemctl enable containerd\nsudo systemctl restart containerd<\/code><\/pre>\nKubernetes \uc124\uce58<\/h2>\n
\ubc29\ud654\ubcbd \uc624\ud508<\/h3>\n
sudo firewall-cmd --add-port={80,443,6443,2379,2380,10250,10251,10252,30000-32767}\/tcp --permanent\nsudo firewall-cmd --reload<\/code><\/pre>\nsudo firewall-cmd --add-port={80,443,10250,30000-32767}\/tcp --permanent\nsudo firewall-cmd --reload<\/code><\/pre>\nhaproxy \uc124\uce58(\uc635\uc158)<\/h3>\n
sudo dnf -y install haproxy<\/code><\/pre>\nsudo vi \/etc\/haproxy\/haproxy.cfg\n---------------------------\nfrontend kubernetes-master-lb\n bind 0.0.0.0:16443\n option tcplog\n mode tcp\n default_backend kubernetes-master-nodes\n\nbackend kubernetes-master-nodes\n mode tcp\n balance roundrobin\n option tcp-check\n option tcplog\n server node1 node-01:6443 check\n server node2 node-02:6443 check\n server node3 node-03:6443 check\n---------------------------<\/code><\/pre>\nsudo firewall-cmd --add-port={80,443,6443,2379,2380,10250,10251,10252,16443,30000-32767}\/tcp --permanent\nsudo firewall-cmd --reload<\/code><\/pre>\nsudo systemctl enable haproxy\nsudo systemctl restart haproxy<\/code><\/pre>\nmaster node \uc124\uce58<\/h3>\n
\n\uc544\ub798 \uba85\ub839\uc744 root \ub85c \uc2e4\ud589\ud574\uc11c \uc6cc\ucee4 \ub178\ub4dc\ub97c \ucd94\uac00\ud560 \uc218 \uc788\ub2e4.<\/p>\n192.168.0.0\/16<\/code> \ub294 \uace0\uc815\uac12\uc73c\ub85c \uc124\uc815\ud574\uc57c \ud55c\ub2e4.
\n10.0.0.10<\/code> \ub294 \ub9c8\uc2a4\ud130 \uc11c\ubc84 \uc811\uc18d \uc544\uc774\ud53c\uc774\ub2e4.<\/p>\n# --apiserver-advertise-address=172.16.0.101 \\\nsudo kubeadm init \\\n --control-plane-endpoint "node-01:16443" \\\n --pod-network-cidr=192.168.0.0\/16 \\\n --upload-certs<\/code><\/pre>\nYou can now join any number of the control-plane node running the following command on each as root:\n\n kubeadm join node-01:16443 --token qelzz0.dq8fp6bmq3t8ns31 \\\n --discovery-token-ca-cert-hash sha256:160c9543e023b599d6cb624e15dXXXXXXXXXXXXXXXXXXX \\\n --control-plane --certificate-key ec722f6286381b4b91f2f8022854XXXXXXXXXXXXX\n\nThen you can join any number of worker nodes by running the following on each as root:\n\nkubeadm join node-01:16443 --token qelzz0.dq8fpXXXXXXXXXXX \\\n --discovery-token-ca-cert-hash sha256:160c9543e023b599d6cb624XXXXXXXXXXXX<\/code><\/pre>\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config<\/code><\/pre>\ncurl https:\/\/projectcalico.docs.tigera.io\/manifests\/calico.yaml -O\n# kubectl apply -f https:\/\/docs.projectcalico.org\/manifests\/calico.yaml\n\nvi calico.yaml\n---------------------------\n - name: CALICO_IPV4POOL_CIDR\n value: "192.168.0.0\/16\n---------------------------\n\nkubectl apply -f calico.yaml\n\nkubectl get pods -o wide -A\n\n# calico-kube-controllers \uac00 Pending \uc0c1\ud0dc\uc774\uba74 \uc544\ub798\uba85\ub839\uc744 \uc218\ud589\ud558\uc790.\nsudo systemctl restart containerd<\/code><\/pre>\nsudo kubeadm join node-01:16443 --token qelzz0.dq8fp6bmq3t8ns31 \\\n --discovery-token-ca-cert-hash sha256:160c9543e023b599d6cb624e15dXXXXXXXXXXXXXXXXXXX \\\n --control-plane --certificate-key ec722f6286381b4b91f2f8022854XXXXXXXXXXXXX\n\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\nkubectl get nodes\n\n# kubectl get nodes \uac00 Pending \uc0c1\ud0dc\uc774\uba74 \uc544\ub798\uba85\ub839\uc744 \uc218\ud589\ud558\uc790.\nsudo systemctl restart containerd<\/code><\/pre>\n# kubectl taint nodes --all node-role.kubernetes.io\/master-\nkubectl taint nodes --all node-role.kubernetes.io\/control-plane-<\/code><\/pre>\nworker node \uc124\uce58<\/h3>\n
sudo kubeadm join node-01:16443 --token qelzz0.dq8fpXXXXXXXXXXX \\\n --discovery-token-ca-cert-hash sha256:160c9543e023b599d6cb624XXXXXXXXXXXX\n\n# kubectl get nodes \uac00 Pending \uc0c1\ud0dc\uc774\uba74 \uc544\ub798\uba85\ub839\uc744 \uc218\ud589\ud558\uc790.\nsudo systemctl restart containerd<\/code><\/pre>\ntrouble shoot<\/h2>\n
\ud1a0\ud070 \uc7ac\ubc1c\uae09<\/h3>\n
kubeadm token list\nkubeadm token delete \ud1a0\ud070\uc774\ub984\nkubeadm token create --print-join-command<\/code><\/pre>\n\ub2e4\uc2dc \uc124\uce58<\/h3>\n
sudo systemctl stop kubelet\nsudo kubeadm reset\n\nsudo rm -rf \/etc\/cni\/net.d\nsudo rm -rf $HOME\/.kube\/<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"