{"id":8209,"date":"2024-01-09T15:20:55","date_gmt":"2024-01-09T06:20:55","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=8209"},"modified":"2025-07-22T17:57:27","modified_gmt":"2025-07-22T08:57:27","slug":"ubuntu-22-04-%ec%97%90%ec%84%9c-kubernetes-%ec%84%a4%ec%b9%98%ed%95%98%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=8209","title":{"rendered":"Ubuntu 22.04 \uc5d0\uc11c Kubernetes \uc124\uce58\ud558\uae30"},"content":{"rendered":"<h1>Ubuntu 22.04 \uc5d0\uc11c Kubernetes \uc124\uce58\ud558\uae30<\/h1>\n<blockquote>\n<p>k8s 1.24 ( 2022\/05 ) \uc774\ud6c4<br \/>\nk8s \uc5d0\uc11c \uae30\ubcf8\uc801\uc73c\ub85c \ub0b4\ubd80 \uc5f0\uacb0 \uc9c0\uc6d0\ud574\uc8fc\ub358 dockershim \uc774 \uc81c\uac70\ub418\uc5b4<br \/>\ncri-docker \ucd94\uac00 \uc124\uce58\ud558\uc5ec \ub3c4\ucee4\ub97c k8s\uc5d0 \uc5f0\uacb0\ud558\ub294 \uc791\uc5c5\uc774 \ud544\uc694<\/p>\n<\/blockquote>\n<p>\uc544\ub798 \ub0b4\uc6a9\uc740 AWS EC2 \ub97c \uc774\uc6a9\ud574 Kubernetes \ub97c \uc124\uce58\ud558\ub294 \ubc29\ubc95\uc744 \uc124\uba85\ud569\ub2c8\ub2e4.<\/p>\n<p>\uac04\ub2e8\ud788 \ud750\ub984\uc744 \uc815\ub9ac\ud574 \ubcf4\uba74<\/p>\n<ul>\n<li>EC2 \uc778\uc2a4\ud134\uc2a4 \uc0dd\uc131<\/li>\n<li>\ubaa8\ub4e0 \uc778\uc2a4\ud134\uc2a4\uc5d0 \uc900\ube44\uc0ac\ud56d \ubc18\uc601<\/li>\n<li>\ubaa8\ub4e0 \uc778\uc2a4\ud134\uc2a4\uc5d0 \ub3c4\ucee4 \uc124\uce58<\/li>\n<li>Control-plane \uad6c\uc131 (master only)<\/li>\n<li>Worker node \uad6c\uc131 (worker node only)<\/li>\n<\/ul>\n<p>\uc774\ub807\uac8c \uc9c4\ud589\ud569\ub2c8\ub2e4.<\/p>\n<p>\uae30\ud0c0 Hello, World \uc571\uc744 \uc2e4\ud589\uc2dc\ucf1c \ubcf4\ub294 \uac83\uc740 \ub2e4\ub978 \ubb38\uc11c\uc5d0 \uc791\uc131\ud558\ub3c4\ub85d \ud558\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>EC2 \uc778\uc2a4\ud134\uc2a4 \uc0dd\uc131<\/h2>\n<p>Ubuntu 22.04 \ubc84\uc804\uc744 \uc120\ud0dd\ud574\uc11c \uc778\uc2a4\ud134\uc2a4\ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n<p>Master \uc5d0\ub294 t3.small(\uba54\ubaa8\ub9ac 2G, CPU 2\uac1c, 20G), Node 01 \uc5d0\ub294 t3.medium(\uba54\ubaa8\ub9ac 4G, CPU 2\uac1c, 20G)\ub97c \uc124\uc815\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n<p>\ube44\uc6a9\uc740 \uc2dc\uac04\ub2f9 100\uc6d0\uc774 \uc548\ub418\ubbc0\ub85c \uc0dd\uc131\ud655\uc778 \ud6c4 \uc0ad\uc81c\ud558\uba74 \ube44\uc6a9\ubc1c\uc0dd\uc740 \ub9ce\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>\ubaa8\ub4e0 \uc778\uc2a4\ud134\uc2a4\uc5d0 \uc900\ube44\uc0ac\ud56d \ubc18\uc601<\/h2>\n<h3>\uc2dc\uc2a4\ud15c \uc5c5\ub370\uc774\ud2b8<\/h3>\n<pre><code class=\"language-bash\">sudo apt update\nsudo sed -i &quot;\/#\\$nrconf{restart} = &#039;i&#039;;\/s\/.*\/\\$nrconf{restart} = &#039;a&#039;;\/&quot; \/etc\/needrestart\/needrestart.conf\nsudo apt -y upgrade<\/code><\/pre>\n<h3>Swap off<\/h3>\n<p>AWS EC2 \uc778\uc2a4\ud134\uc2a4\ub294 \ub514\ud3f4\ud2b8\ub85c \uc2a4\uc651\uc744 disable \uc2dc\ud0a4\ubbc0\ub85c \ud544\uc694\uc5c6\uae30\ub294 \ud558\uc9c0\ub9cc \uadf8\ub798\ub3c4 \uc801\uc5b4 \ub193\uc2b5\ub2c8\ub2e4.<\/p>\n<pre><code class=\"language-bash\">sudo swapoff -a &amp;&amp; sudo sed -i &#039;\/ swap \/ s\/^\\(.*\\)$\/#\\1\/g&#039; \/etc\/fstab<\/code><\/pre>\n<h3>\ubc29\ud654\ubcbd off<\/h3>\n<pre><code class=\"language-bash\">sudo ufw disable<\/code><\/pre>\n<h3>\ucee4\ub110 \ud30c\ub77c\ubbf8\ud130 \uc218\uc815<\/h3>\n<pre><code class=\"language-bash\">sudo tee \/etc\/modules-load.d\/containerd.conf &lt;&lt;EOF\noverlay\nbr_netfilter\nEOF\n\nsudo modprobe overlay\nsudo modprobe br_netfilter<\/code><\/pre>\n<pre><code class=\"language-bash\">sudo tee \/etc\/sysctl.d\/kubernetes.conf &lt;&lt;EOF\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1\nEOF\n\nsudo sysctl --system<\/code><\/pre>\n<h3>\ubcf4\uc548\uadf8\ub8f9 \uc124\uc815<\/h3>\n<p><font color=red><b><br \/>\n\ub3d9\uc77c VPC \ub0b4\ubd80\uc5d0\uc11c\uc758 \ud504\ub77c\uc774\ube57 \uc544\uc774\ud53c\ub97c \uc774\uc6a9\ud55c \ud1b5\uc2e0\ub9cc \ud5c8\uc6a9\ub429\ub2c8\ub2e4.<br \/>\n\ud37c\ube14\ub9ad \uc544\uc774\ud53c\ub97c \uc774\uc6a9\ud55c \uc811\uc18d\uc740 \uc5ec\uc804\ud788 \ucc28\ub2e8\ub429\ub2c8\ub2e4.<br \/>\n<\/b><\/font><\/p>\n<p>allow-kubernetes \ub77c\ub294 \uc774\ub984\uc758 \ubcf4\uc548\uadf8\ub8f9\uc744 \uc0dd\uc131\ud569\ub2c8\ub2e4.<br \/>\ninbound\/outbound \ub294 \uc124\uc815\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n<p>protect-kubernetes \ub77c\ub294 \uc774\ub984\uc758 \ubcf4\uc548\uadf8\ub8f9\uc744 \uc0dd\uc131\ud569\ub2c8\ub2e4.<br \/>\ninbound \uc5d0 \uc544\ub798 \ub0b4\uc6a9\uc744 \uc124\uc815\ud569\ub2c8\ub2e4.<\/p>\n<ul>\n<li>\uc720\ud615 : \ubaa8\ub4e0 TCP<\/li>\n<li>\ud3ec\ud2b8\ubc94\uc704 : 0 \u2013 65535<\/li>\n<li>\uc18c\uc2a4 : allow-kubernetes<\/li>\n<\/ul>\n<p>allow-kubernetes, protect-kubernetes \ub97c \ubaa8\ub4e0 master\/node \uc5d0 \ud560\ub2f9\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n<h2>\ubaa8\ub4e0 \uc778\uc2a4\ud134\uc2a4\uc5d0 \ub3c4\ucee4 \uc124\uce58<\/h2>\n<pre><code class=\"language-bash\">sudo apt-get update\n\nsudo apt-get install -y \\\n    ca-certificates \\\n    curl \\\n    gnupg \\\n    lsb-release<\/code><\/pre>\n<pre><code class=\"language-bash\">curl -fsSL https:\/\/download.docker.com\/linux\/ubuntu\/gpg | sudo gpg --dearmor -o \/usr\/share\/keyrings\/docker-archive-keyring.gpg\n\necho \\\n  &quot;deb [arch=$(dpkg --print-architecture) signed-by=\/usr\/share\/keyrings\/docker-archive-keyring.gpg] https:\/\/download.docker.com\/linux\/ubuntu \\\n  $(lsb_release -cs) stable&quot; | sudo tee \/etc\/apt\/sources.list.d\/docker.list &gt; \/dev\/null<\/code><\/pre>\n<pre><code class=\"language-bash\">sudo apt-get update\nsudo apt-get install -y docker-ce docker-ce-cli containerd.io\n\nsudo docker version<\/code><\/pre>\n<pre><code class=\"language-bash\">sudo systemctl enable docker\nsudo systemctl start docker\n\nsudo systemctl enable containerd\nsudo systemctl start containerd<\/code><\/pre>\n<pre><code class=\"language-bash\">sudo mkdir -p \/etc\/docker\ncat &lt;&lt;EOF | sudo tee \/etc\/docker\/daemon.json\n{\n  &quot;exec-opts&quot;: [&quot;native.cgroupdriver=systemd&quot;],\n  &quot;log-driver&quot;: &quot;json-file&quot;,\n  &quot;log-opts&quot;: {\n    &quot;max-size&quot;: &quot;100m&quot;\n  },\n  &quot;storage-driver&quot;: &quot;overlay2&quot;\n}\nEOF\n\nsudo systemctl daemon-reload\nsudo systemctl restart docker<\/code><\/pre>\n<pre><code class=\"language-bash\"># cri-docker Install\nVER=$(curl -s https:\/\/api.github.com\/repos\/Mirantis\/cri-dockerd\/releases\/latest|grep tag_name | cut -d &#039;&quot;&#039; -f 4|sed &#039;s\/v\/\/g&#039;)\necho $VER\nwget https:\/\/github.com\/Mirantis\/cri-dockerd\/releases\/download\/v${VER}\/cri-dockerd-${VER}.amd64.tgz\ntar xvf cri-dockerd-${VER}.amd64.tgz\nsudo mv cri-dockerd\/cri-dockerd \/usr\/local\/bin\/\n\n# cri-docker Version Check\ncri-dockerd --version\n\nwget https:\/\/raw.githubusercontent.com\/Mirantis\/cri-dockerd\/master\/packaging\/systemd\/cri-docker.service\nwget https:\/\/raw.githubusercontent.com\/Mirantis\/cri-dockerd\/master\/packaging\/systemd\/cri-docker.socket\nsudo mv cri-docker.socket cri-docker.service \/etc\/systemd\/system\/\nsudo sed -i -e &#039;s,\/usr\/bin\/cri-dockerd,\/usr\/local\/bin\/cri-dockerd,&#039; \/etc\/systemd\/system\/cri-docker.service\n\nsudo systemctl daemon-reload\nsudo systemctl enable cri-docker.service\nsudo systemctl enable --now cri-docker.socket\n\n# cri-docker Active Check\nsudo systemctl restart docker &amp;&amp; sudo systemctl restart cri-docker\nsudo systemctl status cri-docker.socket --no-pager<\/code><\/pre>\n<pre><code class=\"language-bash\">sudo docker info | grep Cgroup\n----------------\n Cgroup Driver: systemd\n Cgroup Version: 2<\/code><\/pre>\n<h2>\ubaa8\ub4e0 \uc778\uc2a4\ud134\uc2a4\uc5d0 Kubernetes \uc124\uce58<\/h2>\n<pre><code class=\"language-bash\">curl -s https:\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg | sudo gpg --dearmour -o \/etc\/apt\/trusted.gpg.d\/kubernetes-xenial.gpg\nsudo apt-add-repository -y &quot;deb http:\/\/apt.kubernetes.io\/ kubernetes-xenial main&quot;\n\nsudo apt update\nsudo apt install -y kubelet kubeadm kubectl\nsudo apt-mark hold kubelet kubeadm kubectl<\/code><\/pre>\n<h2>Control-plane \uad6c\uc131 (master only)<\/h2>\n<p>\ubc18\ub4dc\uc2dc master \uc5d0\uc11c\ub9cc \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n<pre><code class=\"language-bash\"># sudo kubeadm init\nsudo kubeadm init --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock<\/code><\/pre>\n<p>\uc544\ub798\uc640 \uc720\uc0ac\ud55c \uba54\uc2dc\uc9c0\uac00 \ud45c\uc2dc\ub418\uba74 \uba54\ubaa8\uc7a5\uac19\uc740 \uacf3\uc5d0 \ubcf5\uc0ac\ud574 \ub193\uc2b5\ub2c8\ub2e4.<\/p>\n<pre><code class=\"language-bash\">kubeadm join 172.31.43.124:6443 --token co2dgc.6tqutxehblku3mpp \\\n        --discovery-token-ca-cert-hash sha256:af76d7e108915d86b3af4be9a8b3d1e26799de1a96ec75f84e80d7be32b68012<\/code><\/pre>\n<p>\uc544\ub798 \uba85\ub839\uc744 \uc124\uc815\ud574 \uc90c\uc73c\ub85c \ud574\uc11c sudo \uc5c6\uc774 kubectl \uc744 \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<pre><code class=\"language-bash\">mkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\n# sudo \ub97c \ubd99\uc774\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.\nkubectl version\n---------------------------\nClient Version: v1.28.2\nKustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3\nServer Version: v1.28.5\n\nkubectl get nodes\n---------------------------\nNAME               STATUS     ROLES           AGE     VERSION\nip-172-31-43-124   NotReady   control-plane   3m40s   v1.28.2\n\nkubectl get pods -n kube-system\n---------------------------\nNAME                                      READY   STATUS    RESTARTS   AGE\ncoredns-5dd5756b68-jz8hj                  0\/1     Pending   0          2m50s\ncoredns-5dd5756b68-qg2ll                  0\/1     Pending   0          2m50s\netcd-ip-172-31-41-44                      1\/1     Running   0          2m53s\nkube-apiserver-ip-172-31-41-44            1\/1     Running   0          2m53s\nkube-controller-manager-ip-172-31-41-44   1\/1     Running   0          2m53s\nkube-proxy-d8lwv                          1\/1     Running   0          2m51s\nkube-scheduler-ip-172-31-41-44            1\/1     Running   0          2m53s<\/code><\/pre>\n<p>\uc704\uc5d0 NotReady\/Pending \uc740 \uc2e0\uacbd\uc4f0\uc9c0 \uc54a\uc544\ub3c4 \ub429\ub2c8\ub2e4.<\/p>\n<h2>Worker node \uad6c\uc131 (worker node only)<\/h2>\n<p>\uc544\ub798 \uba85\ub839\uc73c\ub85c Worker node \ub97c \ub4f1\ub85d\ud569\ub2c8\ub2e4.<\/p>\n<p>sudo \ub97c \ubc18\ub4dc\uc2dc \ubd99\uc5ec\uc11c \uc2e4\ud589\ud574\uc57c \ud569\ub2c8\ub2e4.<br \/>\n<code>--cri-socket<\/code> \uc744 \ucd94\uac00\ud574 \uc8fc\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n<pre><code class=\"language-bash\">sudo kubeadm join 172.31.16.157:6443 --token ou08ek.xzjXXXXXXXXXXXXX \\\n        --discovery-token-ca-cert-hash sha256:6e0305d27b12b3f8b51d8e021138d59227124c2XXXXXXXXXXXXXXXX \\\n        --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock<\/code><\/pre>\n<h2>Pod network \uc560\ub4dc\uc628 \uc124\uce58 (master only)<\/h2>\n<pre><code class=\"language-bash\"># kubectl apply -f https:\/\/github.com\/weaveworks\/weave\/releases\/download\/v2.8.1\/weave-daemonset-k8s.yaml\nkubectl apply -f https:\/\/raw.githubusercontent.com\/projectcalico\/calico\/v3.25.0\/manifests\/calico.yaml<\/code><\/pre>\n<pre><code class=\"language-bash\">kubectl get nodes\nkubectl get pods -n kube-system<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Ubuntu 22.04 \uc5d0\uc11c Kubernetes \uc124\uce58\ud558\uae30 k8s 1.24 ( 2022\/05 ) \uc774\ud6c4 k8s \uc5d0\uc11c \uae30\ubcf8\uc801\uc73c\ub85c \ub0b4\ubd80 \uc5f0\uacb0 \uc9c0\uc6d0\ud574\uc8fc\ub358 dockershim \uc774 \uc81c\uac70\ub418\uc5b4 cri-docker \ucd94\uac00 \uc124\uce58\ud558\uc5ec \ub3c4\ucee4\ub97c k8s\uc5d0 \uc5f0\uacb0\ud558\ub294 \uc791\uc5c5\uc774 \ud544\uc694 \uc544\ub798 \ub0b4\uc6a9\uc740 AWS EC2 \ub97c \uc774\uc6a9\ud574 Kubernetes \ub97c \uc124\uce58\ud558\ub294 \ubc29\ubc95\uc744 \uc124\uba85\ud569\ub2c8\ub2e4. \uac04\ub2e8\ud788 \ud750\ub984\uc744 \uc815\ub9ac\ud574 \ubcf4\uba74 EC2 \uc778\uc2a4\ud134\uc2a4 \uc0dd\uc131 \ubaa8\ub4e0 \uc778\uc2a4\ud134\uc2a4\uc5d0 \uc900\ube44\uc0ac\ud56d \ubc18\uc601 \ubaa8\ub4e0 \uc778\uc2a4\ud134\uc2a4\uc5d0 \ub3c4\ucee4 \uc124\uce58 Control-plane\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=8209\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[46],"tags":[],"class_list":["post-8209","post","type-post","status-publish","format-standard","hentry","category-1-kubernetes-"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/8209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8209"}],"version-history":[{"count":62,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/8209\/revisions"}],"predecessor-version":[{"id":10553,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/8209\/revisions\/10553"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}