카테고리 없음

[Rocky 10] Kubernetes 를 해보자

PeamS 2026. 4. 6. 16:11

토막난 글입니다.

kube 1.35

cri-o 사용

 

설치 과정

방화벽 / SELINUX / SWAP 중지

sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
systemctl stop firewalld && systemctl disable firewalld
swapoff -a
sed -i '/ swap /s/./#&/' /etc/fstab

 

https://kubernetes.io/ko/docs/setup/production-environment/container-runtimes/
overlay : 컨테이너용 파일 시스템, br_netfilter : 내부 통신 시 필요

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
kernel.unprivileged_bpf_disabled    = 1 # CNI 설치 시
EOF

sysctl --system

 

cat <<'EOF'> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.key
EOF

cat <<EOF | tee /etc/yum.repos.d/cri-o.repo
[cri-o]
name=CRI-O
baseurl=https://download.opensuse.org/repositories/isv:/cri-o:/stable:/v1.35/rpm/
enabled=1
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/isv:/cri-o:/stable:/v1.35/rpm/repodata/repomd.xml.key
EOF

 

dnf install -y container-selinux
dnf install -y cri-o kubelet kubeadm kubectl

 

/etc/crio/crio.conf.d/10-crio.conf 수정

[crio.runtime]
conmon_cgroup = "pod"
systemd_cgroup = true
# 위에 두개 추가

 

systemctl daemon-reload
systemctl enable --now crio.service
systemctl enable --now kubelet

 

 

cat <<EOF> kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: "<호스트 아이피>"
  bindPort: 6443
nodeRegistration:
  criSocket: "unix:///var/run/crio/crio.sock"
  imagePullPolicy: IfNotPresent
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: "v1.35.0"
controlPlaneEndpoint: "kube-host:6443"
networking:
  serviceSubnet: "10.200.0.0/12"
  podSubnet: "10.0.0.0/16"
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
failSwapOn: true
EOF

 

kubeadm init --config kubeadm-config.yaml

 

실패해서 초기화 할 때

kubeadm reset -f --cri-socket=unix:///var/run/crio/crio.sock

 

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

 

#https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.4/manifests/tigera-operator.yaml

# 배포 상태 확인
kubectl describe pod -n tigera-operator

curl -O https://raw.githubusercontent.com/projectcalico/calico/v3.31.4/manifests/custom-resources.yaml

kubectl get cm -n kube-system kubeadm-config -o yaml | grep podSubnet

# cidr: 192.168.0.0/16 를 10.0.0.0/16 으로 변경

kubectl create -f  custom-resources.yaml

# 칼리오들
kubectl get pods -n calico-system

 

 

# 현재 노드 상황
kubectl get nodes <-o wide>

[root@kube-host ~]# kubectl get node
NAME        STATUS   ROLES           AGE    VERSION
kube-02     Ready    <none>          98m    v1.35.3
kube-host   Ready    control-plane   129m   v1.35.3
kubelet 각 노드에 실행되는 에이전트
CNI(Container Network Interface)  
   

 

kube-apiserver  
etcd  
kube-controller-manager  
kube-scheduler  
kube-proxy  
   
   
   
저작자표시 비영리 변경금지 (새창열림)