Kubernetes
Minikube
EBS ๋ณผ๋ฅจ ์ฌ์ด์ฆ ๋ณ๊ฒฝ
curl -s https://raw.githubusercontent.com/youngwjung/aws-tools/main/resize.sh \ | bash /dev/stdin 30
Minikube ์ค์น
{ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 sudo install minikube-linux-amd64 /usr/local/bin/minikube }
ํด๋ฌ์คํฐ ์์ฑ
minikube start
์คํ์ค์ธ Pod ํ์ธ
minikube kubectl -- get pod --all-namespaces
๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์ ๋ฐฐํฌ
minikube kubectl -- run nginx --image=nginx
์๋น์ค ์๋ํฌ์ธํธ ์์ฑ
minikube kubectl -- expose pod nginx --port=80 --type=NodePort
์๋น์ค ์๋ํฌ์ธํธ ๋ฐ ํฌํธ ํ์ธ
minikube service nginx
์๋น์ค ์๋ํฌ์ธํธ๋ก ์ ์๋๋์ง ํ์ธ
curl $(minikube service nginx --url)
ํด๋ฌ์คํฐ ์ญ์
minikube delete
์ฟ ๋ฒ๋คํฐ์ค ํด๋ฌ์คํฐ ์์ฑ
์ค์ต ํ๊ฒฝ ์์ฑ
{ cd ~/environment/container-labs git pull terraform init terraform apply --target=module.kubernetes --auto-approve }
์ธ์คํด์ค ์ ๋ณด ํ์ธ
terraform show -json |\ jq -r '.values.root_module.child_modules | .[].resources | .[] | select(.address | contains("module.kubernetes.aws_instance")) | .name + ": " + .values.public_ip'
SSH ๋น๋ฐ๋ฒํธ ํ์ธ
terraform show -json |\ jq -r '.values.root_module.child_modules | .[].resources | .[] | select(.address == "module.kubernetes.random_password.this").values.result'
์๋ก์ด ํฐ๋ฏธ๋์ ์ด๊ณ ์ฒซ๋ฒ์งธ ์ปจํธ๋กค ํ๋ ์ธ ๋ ธ๋๋ก ์ฌ์ฉํ ์ธ์คํด์ค๋ก SSH ์ฐ๊ฒฐ
ssh root@CP_IP_ADDRESS
์์คํ ๊ตฌ๋์ ํ์ํ ๋ผ์ด๋ธ๋ฌ๋ฆฌ ์ค์น
sudo apt update && sudo apt install -y \ curl apt-transport-https vim git wget gnupg2 net-tools \ software-properties-common lsb-release ca-certificates uidmap
์ปจํ ์ด๋ ๋ฐํ์ ๊ตฌ๋์ ํ์ํ overlay์ br_netfilter ์ปค๋ ๋ชจ๋ ๋ถ๋ฌ์ค๊ธฐ
{ cat <<EOF | sudo tee /etc/modules-load.d/kubernetes.conf overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter }
์ปจํ ์ด๋ ๋ฐํ์ ๊ตฌ๋์ ํ์ํ ์ปค๋ ํ๋ผ๋ฏธํฐ ์ค์
{ cat <<EOF | sudo tee /etc/sysctl.d/kubernetes.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF sudo sysctl --system }
containerd ์ค์น
{ sudo mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt update && apt install -y containerd.io sudo containerd config default | tee /etc/containerd/config.toml sudo sed -e 's/SystemdCgroup = false/SystemdCgroup = true/g' -i /etc/containerd/config.toml sudo systemctl restart containerd }
์ฟ ๋ฒ๋คํฐ์ค ์ค์น ๋ฐ ๊ตฌ๋์ ํ์ํ ๋ฐ์ด๋๋ฆฌ ์ค์น
{ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt update && sudo apt install -y kubelet=1.28.1-00 kubeadm=1.28.1-00 kubectl=1.28.1-00 }
/etc/hosts
ํ์ผ์ ์๋์ ๊ฐ์ ๋ผ์ธ ์ถ๊ฐ - CP_IP_ADDRESS๋ CP ๋ ธ๋ IP์ฃผ์CP_IP_ADDRESS k8scp
์๋ฅผ๋ค์ด CP์ IP์ฃผ์๊ฐ 123.45.67.89๋ผ๋ฉด ์๋์ฒ๋ผ ์ ๋ ฅ
123.45.67.89 k8scp
ํด๋ฌ์คํฐ ์ค์ ํ์ผ ์์ฑ
cat << EOF | tee kubeadm-config.yaml apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration kubernetesVersion: 1.28.1 controlPlaneEndpoint: "k8scp:6443" networking: podSubnet: 192.168.0.0/16 EOF
์ปจํธ๋กค ํ๋ ์ธ ๋ ธ๋ ๊ตฌ์ฑ
kubeadm init --config=kubeadm-config.yaml --upload-certs | tee kubeadm-init.out
kubeconfig ํ์ผ ๋ณต์ฌ
{ mkdir -p $HOME/.kube sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config }
kubeconfig ํ์ผ ํ์ธ
cat ~/.kube/config
์คํ์ค์ธ Pod ํ์ธ
kubectl get pod --all-namespaces
Pending ์ํ์ Pod์ ์์ธ๋ด์ฉ ํ์ธ
kubectl describe pod \ $(kubectl get pod -A --field-selector=status.phase=Pending -o=jsonpath='{.items[0].metadata.name}') \ -n $(kubectl get pod -A --field-selector=status.phase=Pending -o=jsonpath='{.items[0].metadata.namespace}')
๋ ธ๋ ๋ชฉ๋ก ํ์ธ
kubectl get node
CP ๋ ธ๋ ์ํ ํ์ธ
kubectl describe node cp
kubelet ๋ก๊ทธ ํ์ธ
sudo journalctl -u kubelet -n 10 --no-pager
CNI ํ๋ฌ๊ทธ์ธ ์ค์น
kubectl apply -f \ https://raw.githubusercontent.com/youngwjung/lf-training/main/LFS458/v1.28.1/SOLUTIONS/s_03/cilium-cni.yaml
์คํ์ค์ธ Pod ํ์ธ
kubectl get pod -A
CP ๋ ธ๋ ์ํ ํ์ธ
kubectl describe node cp
kubectl ๋ช ๋ น์ด์ ๋ํ bash completion ์ค์
{ echo 'source <(kubectl completion bash)' >>~/.bashrc source <(kubectl completion bash) }
์๋ก์ด ํฐ๋ฏธ๋์ ์ด๊ณ ์์ปค ๋ ธ๋๋ก ์ฌ์ฉํ ์ธ์คํด์ค๋ก SSH ์ฐ๊ฒฐ
ssh root@WORKER_IP_ADDRESS
์์คํ ๊ตฌ๋์ ํ์ํ ๋ผ์ด๋ธ๋ฌ๋ฆฌ ์ค์น
sudo apt update && sudo apt install -y \ curl apt-transport-https vim git wget gnupg2 net-tools \ software-properties-common lsb-release ca-certificates uidmap
์ปจํ ์ด๋ ๋ฐํ์ ๊ตฌ๋์ ํ์ํ overlay์ br_netfilter ์ปค๋ ๋ชจ๋ ๋ถ๋ฌ์ค๊ธฐ
{ cat <<EOF | sudo tee /etc/modules-load.d/kubernetes.conf overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter }
์ปจํ ์ด๋ ๋ฐํ์ ๊ตฌ๋์ ํ์ํ ์ปค๋ ํ๋ผ๋ฏธํฐ ์ค์
{ cat <<EOF | sudo tee /etc/sysctl.d/kubernetes.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF sudo sysctl --system }
containerd ์ค์น
{ sudo mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt update && apt install -y containerd.io sudo containerd config default | tee /etc/containerd/config.toml sudo sed -e 's/SystemdCgroup = false/SystemdCgroup = true/g' -i /etc/containerd/config.toml sudo systemctl restart containerd }
์ฟ ๋ฒ๋คํฐ์ค ์ค์น ๋ฐ ๊ตฌ๋์ ํ์ํ ๋ฐ์ด๋๋ฆฌ ์ค์น
{ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt update && sudo apt install -y kubelet=1.28.1-00 kubeadm=1.28.1-00 kubectl=1.28.1-00 }
/etc/hosts
ํ์ผ์ ์๋์ ๊ฐ์ ๋ผ์ธ ์ถ๊ฐ - CP_IP_ADDRESS๋ CP ๋ ธ๋ IP์ฃผ์CP_IP_ADDRESS k8scp
์ปจํธ๋กค ํ๋ ์ธ ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋
Worker ๋ ธ๋ ์กฐ์ธ ๋ช ๋ น์ด ์์ฑ
kubeadm token create --print-join-command --ttl 0
Worker ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋ํด์ ์์ ๋ช ๋ น์ด๋ฅผ ์คํํ๊ณ ๋์จ ๋ช ๋ น์ด๋ฅผ ์คํ
์ปจํธ๋กค ํ๋ ์ธ ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋
๋ ธ๋ ์ํ ํ์ธ
kubectl get no
์ํ ์ ํ๋ฆฌ์ผ์ด์
๋ฐฐํฌ
Deployment ์์ฑ
kubectl create deployment nginx --image=nginx
Deployment ์ํ ํ์ธ
kubectl get deploy
Pod๊ฐ ์์ฑ๋์๋์ง ํ์ธ
kubectl get pod
์์ฑ๋ NGINX Deployment ์ํ ์์ธ ํ์ธ
kubectl describe deployment nginx
ํด๋ฌ์คํฐ์ ๋ฐ์ํ ์ด๋ฒคํธ ํ์ธ
kubectl get events --sort-by='.metadata.creationTimestamp'
Deployment์ ์ํ๋ Pod ์ญ์
kubectl delete pod -l app=nginx
Pod๊ฐ ์กด์ฌํ๋์ง ํ์ธ
kubectl get pod
Service ์์ฑ
kubectl expose deploy nginx --port 80
NGINX ์๋น์ค ํ์ธ
kubectl get svc nginx
NGINX ์๋น์ค์ ์ฐ๊ฒฐ๋ Endpoints ํ์ธ
kubectl get ep nginx
์คํ์ค์ธ Pod์ IP ์ฃผ์ ํ์ธ
kubectl get pod -l app=nginx -o wide
์๋น์ค ์๋ํฌ์ธํธ ๋ฐ ํฌํธ ํ์ธ
kubectl get svc nginx
NGINX ์๋น์ค์ ClusterIP์ HTTP ์์ฒญ
curl $(kubectl get svc nginx -o=jsonpath='{.spec.clusterIP}')
NGINX ์๋น์ค์ ์ฐ๊ฒฐ๋ Endpoints ์ฃผ์๋ก HTTP ์์ฒญ
curl $(kubectl get ep nginx -o=jsonpath='{.subsets[0].addresses[0].ip}:{.subsets[0].ports[0].port}')
NGINX Deployment์ Replica ๊ฐฏ์๋ฅผ 3๊ฐ๋ก ๋ณ๊ฒฝ
kubectl scale deployment nginx --replicas=3
Pod๊ฐ ์ถ๊ฐ๋ก ์์ฑ๋๋์ง ํ์ธ
kubectl get pod -l app=nginx -o wide
NGINX ์๋น์ค์ ์ฐ๊ฒฐ๋ Endpoints ํ์ธ
kubectl get ep nginx
NGNIX ์๋น์ค๋ฅผ NodePort ํ์ ์ผ๋ก ๋ณ๊ฒฝ
kubectl patch svc nginx --type='json' -p '[{"op":"replace","path":"/spec/type","value":"NodePort"}]'
NGINX Service ์๋ํฌ์ธํธ ๋ฐ ํฌํธ ํ์ธ
kubectl get svc nginx
์น๋ธ๋ผ์ฐ์ ์์
ANY_NODE_IP:SERVICE_NODE_PORT
๋ก ์ ์๋๋์ง ํ์ธ - ์๋ ๋ช ๋ น์ด๋ก ์ฃผ์ ํ์ธ ๊ฐ๋ฅecho "$(curl -s ifconfig.io):$(kubectl get svc nginx -o=jsonpath='{.spec.ports[0].nodePort}')"
NGINX Deployment์ Replica ๊ฐฏ์๋ฅผ 0๊ฐ๋ก ๋ณ๊ฒฝ
kubectl scale deployment nginx --replicas=0
์น๋ธ๋ผ์ฐ์ ์์
ANY_NODE_IP:SERVICE_PORT
๋ก ์ ์๋๋์ง ํ์ธNGINX Deployment์ Replica ๊ฐฏ์๋ฅผ 2๊ฐ๋ก ๋ณ๊ฒฝ
kubectl scale deployment nginx --replicas=2
์น๋ธ๋ผ์ฐ์ ์์
ANY_NODE_IP:SERVICE_PORT
๋ก ์ ์๋๋์ง ํ์ธ๋ฆฌ์์ค ์ญ์
{ kubectl delete deployment nginx kubectl delete svc nginx }
๊ณ ๊ฐ์ฉ์ฑ ์ฟ ๋ฒ๋คํฐ์ค ํด๋ฌ์คํฐ ๊ตฌ์ฑ
HAProxy๋ก SSH ์ ์
ssh root@HAPROXY_IP_ADDRESS
HAProxy ์ค์น
sudo apt update && sudo apt install -y haproxy
HAProxy ์ค์ ํ์ผ
/etc/haproxy/haproxy.cfg
์ ์๋์ ๋ผ์ธ๋ค์ ์ถ๊ฐ - CP_IP_ADDRESS์ CP ๋ ธ๋์ IP ์ฃผ์๋ฅผ ๋ฃ์ผ์ธ์.frontend kubernetes-cp mode tcp option tcplog bind *:6443 default_backend kubernetes-cp-nodes backend kubernetes-cp-nodes mode tcp balance roundrobin server cp1 CP_IP_ADDRESS:6443 check listen stats bind :9999 mode http stats enable stats hide-version stats uri /stats
HAProxy ๋ฐ๋ชฌ์ ์ฌ์์ํ๊ณ ์ํ ํ์ธ
{ sudo systemctl restart haproxy sudo systemctl status haproxy --no-pager }
CP ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋
/etc/hosts
ํ์ผ์์ k8scp์ ์ง์ ๋ IP์ฃผ์๋ฅผ HAProxy IP ์ฃผ์๋ก ๋ณ๊ฒฝHAPROXY_IP_ADDRESS k8scp
Worker ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋
/etc/hosts
ํ์ผ์์ k8scp์ ์ง์ ๋ IP์ฃผ์๋ฅผ HAProxy IP ์ฃผ์๋ก ๋ณ๊ฒฝHAPROXY_IP_ADDRESS k8scp
์น ๋ธ๋ผ์ฐ์ ๋ฅผ ์ด๊ณ HAPROXY_IP_ADDRESS:9999/stats ์ฃผ์๋ก ์ ์
CP ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋
kubectl ๋ช ๋ น์ด๋ก API ํธ์ถ
{ kubectl get node kubectl get pod -A }
HAProxy ํต๊ณ ํ์ด์ง๋ฅผ ๋ฆฌํ๋ ์ํด์ ํธ๋ํฝ ์ ๋ณด๊ฐ ์ ๋ฐ์ดํธ ๋๋์ง ํ์ธ
SecondCP๋ก SSH ์ ์
ssh root@SECOND_CP_IP_ADDRESS
์์คํ ๊ตฌ๋์ ํ์ํ ๋ผ์ด๋ธ๋ฌ๋ฆฌ ์ค์น
sudo apt update && sudo apt install -y \ curl apt-transport-https vim git wget gnupg2 net-tools \ software-properties-common lsb-release ca-certificates uidmap
์ปจํ ์ด๋ ๋ฐํ์ ์ค์น
{ cat <<EOF | sudo tee /etc/modules-load.d/kubernetes.conf overlay br_netfilter EOF sudp modprobe overlay sudo modprobe br_netfilter cat <<EOF | sudo tee /etc/sysctl.d/kubernetes.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF sudo sysctl --system sudo mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt update && apt install -y containerd.io sudo containerd config default | tee /etc/containerd/config.toml sudo sed -e 's/SystemdCgroup = false/SystemdCgroup = true/g' -i /etc/containerd/config.toml sudo systemctl restart containerd }
์ฟ ๋ฒ๋คํฐ์ค ์ค์น
{ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt update && apt install -y kubelet=1.28.1-00 kubeadm=1.28.1-00 kubectl=1.28.1-00 }
/etc/hosts
ํ์ผ์ ์๋์ ๊ฐ์ ๋ผ์ธ ์ถ๊ฐHAPROXY_IP_ADDRESS k8scp
ThirdCP๋ก SSH ์ ์
ssh root@THIRD_CP_IP_ADDRESS
14๋ฒ๋ถํฐ 17๋ฒ ๋จ๊ณ๋ฅผ ์คํ
CP ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋
์ปจํธ๋กค ํ๋ ์ธ ์กฐ์ธ ๋ช ๋ น์ด ์์ฑ
echo "sudo kubeadm join k8scp:6443 --control-plane \ --token $(sudo kubeadm token create) \ --discovery-token-ca-cert-hash sha256:$(openssl x509 -pubkey \ -in /etc/kubernetes/pki/ca.crt | openssl rsa \ -pubin -outform der 2>/dev/null | openssl dgst \ -sha256 -hex | grep -oE '[A-z0-9]+$') \ --certificate-key $(sudo kubeadm init phase upload-certs --upload-certs| tail -1)"
์์์ ์์ฑํ ๋ช ๋ น์ด๋ฅผ SecondCP ๋ ธ๋ ๋ฐ ThirdCP ๋ ธ๋์ ์คํ
HAProxy ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋
HAProxy ์ค์ ํ์ผ
/etc/haproxy/haproxy.cfg
์ ์๋์ ๊ฐ์ด ์์ ... ... backend kubernetes-cp-nodes mode tcp balance roundrobin server cp1 CP_IP_ADDRESS:6443 check server cp2 SECOND_CP_IP_ADDRESS:6443 check server cp3 THIRD_CP_IP_ADDRESS:6443 check
HAProxy ๋ฐ๋ชฌ์ ์ฌ์์ํ๊ณ ์ํ ํ์ธ
{ sudo systemctl restart haproxy sudo systemctl status haproxy --no-pager }
์น ๋ธ๋ผ์ฐ์ ๋ฅผ ์ด๊ณ HAPROXY_IP_ADDRESS:9999/stats ์ฃผ์๋ก ์ ์ํด์ ์์์ ์ถ๊ฐํ ๋ ธ๋๋ค์ ์ฐ๊ฒฐ ์ํ ํ์ธ
CP ๋ ธ๋์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋
Node ๋ชฉ๋ก ํ์ธ
kubectl get node
kubectl ๋ช ๋ น์ด๋ก ๋ช๊ฐ์ง API ํธ์ถ์ ์คํํ๊ณ HAProxy ํต๊ณ์ฌ์ดํธ์์ ๋ก๋๊ฐ ๋ถ์ฐ๋๋์ง ํ์ธ
for i in {1..10}; do kubectl get pod; done
๊ณ ๊ฐ์ฉ์ฑ ํ
์คํธ
์คํ์ค์ธ ETCD Pod ํ์ธ
kubectl get pod -n kube-system -l component=etcd
ETCD Pod ๋ก๊ทธ ํ์ธ
kubectl -n kube-system logs etcd-secondcp | grep leader
์คํ์ค์ธ ETCD Pod์ IP ์ฃผ์ ํ์ธ
kubectl get pod -n kube-system -l component=etcd -o wide
ETCD ํด๋ฌ์คํฐ์ ๋ฉค๋ฒ ๋ชฉ๋ก ํ์ธ
kubectl -n kube-system exec -it etcd-cp -- \ etcdctl -w table \ --endpoints localhost:2379 \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ --cert /etc/kubernetes/pki/etcd/server.crt \ --key /etc/kubernetes/pki/etcd/server.key \ member list
ETCD ํด๋ฌ์คํฐ ๋ฉค๋ฒ ๋ชฉ๋ก์ ํ๊ฒฝ๋ณ์๋ก ์ง์
{ export ETCD_ENDPOINTS=$(kubectl -n kube-system exec -it etcd-cp -- \ etcdctl -w json \ --endpoints localhost:2379 \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ --cert /etc/kubernetes/pki/etcd/server.crt \ --key /etc/kubernetes/pki/etcd/server.key \ member list \ | jq -r '.members | map(.clientURLs[]) | join(",")') echo $ETCD_ENDPOINTS }
ETCD ํด๋ฌ์คํฐ์ ๋ฆฌ๋ ํ์ธ
kubectl -n kube-system exec -it etcd-cp -- \ etcdctl -w table \ --endpoints $ETCD_ENDPOINTS \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ --cert /etc/kubernetes/pki/etcd/server.crt \ --key /etc/kubernetes/pki/etcd/server.key \ endpoint status
ETCD ํด๋ฌ์คํฐ์ ๊ฐ ๋ฉค๋ฒ๋ณ ์ํ ํ์ธ
kubectl -n kube-system exec -it etcd-cp -- \ etcdctl -w table \ --endpoints $ETCD_ENDPOINTS \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ --cert /etc/kubernetes/pki/etcd/server.crt \ --key /etc/kubernetes/pki/etcd/server.key \ endpoint health
ETCD ํด๋ฌ์คํฐ์ ๋ฆฌ๋ Pod๊ฐ ๋ฐฐํฌ๋ ๋ ธ๋์ ๊ฐ์ kubelet ๋ฐ ์ปจํ ์ด๋ ๋ฐํ์ ์ ์ง- CP ๋ ธ๋์ ETCD๊ฐ ๊ฐ์ฅ ๋จผ์ ๊ตฌ์ฑ๋์๊ธฐ ๋๋ฌธ์ ์ผ๋ฐ์ ์ผ๋ก CP ๋ ธ๋์ ๋ฐฐํฌ๋ ETCD๊ฐ ๋ฆฌ๋
{ sudo systemctl stop kubelet sudo crictl --runtime-endpoint=unix:///run/containerd/containerd.sock \ stop $(sudo crictl --runtime-endpoint=unix:///run/containerd/containerd.sock ps -q) sudo systemctl stop containerd.service }
ETCD Pod ๋ก๊ทธ ํ์ธ
kubectl -n kube-system logs etcd-secondcp | grep leader
์น ๋ธ๋ผ์ฐ์ ๋ฅผ ์ด๊ณ HAPROXY_IP_ADDRESS:9999/stats ์ฃผ์๋ก ์ ์ํด์ ์์์ ๋ ธ๋๋ค์ ์ฐ๊ฒฐ ์ํ ํ์ธ
ETCD ํด๋ฌ์คํฐ์ ๋ฆฌ๋๊ฐ ๋ณ๊ฒฝ๋์๋์ง ํ์ธ
kubectl -n kube-system exec -it etcd-secondcp -- \ etcdctl -w table \ --endpoints $ETCD_ENDPOINTS \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ --cert /etc/kubernetes/pki/etcd/server.crt \ --key /etc/kubernetes/pki/etcd/server.key \ endpoint status
ETCD ํด๋ฌ์คํฐ ๊ฐ ๋ฉค๋ฒ๋ณ ์ํ ํ์ธ
kubectl -n kube-system exec -it etcd-secondcp -- \ etcdctl -w table \ --endpoints $ETCD_ENDPOINTS \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ --cert /etc/kubernetes/pki/etcd/server.crt \ --key /etc/kubernetes/pki/etcd/server.key \ endpoint health
Node ์ํ ํ์ธ
kubectl get node
CP ๋ ธ๋์์ kubelet ๋ฐ ์ปจํ ์ด๋ ๋ฐํ์์ ์ฌ์คํ
{ sudo systemctl start containerd.service sudo systemctl start kubelet }
์น ๋ธ๋ผ์ฐ์ ๋ฅผ ์ด๊ณ HAPROXY_IP_ADDRESS:9999/stats ์ฃผ์๋ก ์ ์ํด์ ์์์ ๋ ธ๋๋ค์ ์ฐ๊ฒฐ ์ํ ํ์ธ
๋ ธ๋ ์ํ ํ์ธ
kubectl get node
๋ชจ๋ Pod๊ฐ ์ ์์ ์ผ๋ก ์คํ๋๊ณ ์๋์ง ํ์ธ
kubectl get pod -A -o wide
ETCD ํด๋ฌ์คํฐ์ ๋ฆฌ๋๊ฐ ๋ค์ ๋ณ๊ฒฝ๋์๋์ง ํ์ธ
kubectl -n kube-system exec -it etcd-secondcp -- \ etcdctl -w table \ --endpoints $ETCD_ENDPOINTS \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ --cert /etc/kubernetes/pki/etcd/server.crt \ --key /etc/kubernetes/pki/etcd/server.key \ endpoint status
ETCD ํด๋ฌ์คํฐ ๊ฐ ๋ฉค๋ฒ๋ณ ์ํ ํ์ธ
kubectl -n kube-system exec -it etcd-secondcp -- \ etcdctl -w table \ --endpoints $ETCD_ENDPOINTS \ --cacert /etc/kubernetes/pki/etcd/ca.crt \ --cert /etc/kubernetes/pki/etcd/server.crt \ --key /etc/kubernetes/pki/etcd/server.key \ endpoint health
Cloud9์ ์ฐ๊ฒฐ๋ ํฐ๋ฏธ๋๋ก ์ด๋ํด์ ๋ฆฌ์์ค ์ญ์
{ cd ~/environment/container-labs terraform destroy --target=module.kubernetes --auto-approve }

Amazon EKS
eksctl ์ค์น
{ cd ~/environment curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin }
eksctl ๋ฒ์ ํ์ธ
eksctl version
ํ์ฌ ๋ก๊ทธ์ธ๋ IAM ์๊ฒฉ์ฆ๋ช ํ์ธ
aws sts get-caller-identity
IAM ์๊ฒฉ์ฆ๋ช ์ค์ - https://kubernetes.youngwjung.com/preparation/cloud9#cloud9
EKS ํด๋ฌ์คํฐ ์์ฑ
eksctl create cluster \ --name mycluster \ --nodes-min=2 \ --nodes-max=5 \ --region ap-northeast-2
kubectl ์ค์น
{ curl -LO "https://dl.k8s.io/release/v1.27.1/bin/linux/amd64/kubectl" sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl echo 'source <(kubectl completion bash)' >>~/.bashrc source <(kubectl completion bash) }
Node ๋ชฉ๋ก ํ์ธ
kubectl get node
์ฟ ๋ฒ๋คํฐ์ค ํด๋ฌ์คํฐ ๋ฒ์ ํ์ธ
kubectl version --short
Deployment ์์ฑ
kubectl create deployment nginx --image=nginx --replicas=3
์์ฑ๋ Pod ํ์ธ
kubectl get po
Service ์์ฑ
kubectl expose deployment nginx --port 80 --type LoadBalancer
์์ฑ๋ Service ํ์ธ
kubectl get svc nginx
์์ฑ๋ ELB ์ฃผ์ ํ์ธ
kubectl get svc nginx \ -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}'
์น๋ธ๋ผ์ฐ์ ์์ ์์์ ํ์ธํ URL๋ก ์ ์
๋ฆฌ์์ค ์ญ์
{ kubectl delete deploy nginx kubectl delete svc nginx }
๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์ ๋ฐฐํฌ - https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#run-and-expose-php-apache-server
cat <<EOF | kubectl apply -f - apiVersion: apps/v1 kind: Deployment metadata: name: php-apache spec: selector: matchLabels: app: php-apache replicas: 1 template: metadata: labels: app: php-apache spec: containers: - name: php-apache image: k8s.gcr.io/hpa-example ports: - containerPort: 80 resources: limits: cpu: 2 requests: cpu: 1 --- apiVersion: v1 kind: Service metadata: name: php-apache labels: app: php-apache spec: ports: - port: 80 selector: app: php-apache EOF
Pod์ ๋ฆฌ์์ค ์ฌ์ฉ๋ ํ์ธ
kubectl top pod -l app=php-apache
Metrics Server ์ค์น - https://github.com/kubernetes-sigs/metrics-server#kubernetes-metrics-server
kubectl apply -f \ https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
Pod์ ๋ฆฌ์์ค ์ฌ์ฉ๋ ํ์ธ
kubectl top pod -l app=php-apache
๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์ ์ ๋ถํ๋ฅผ ๋ฐ์์ํค๋ Pod ์์ฑ
kubectl create deploy load-generator \ --image=busybox:1.28 \ --replicas=10 \ -- /bin/sh -c "while sleep 0.01; do wget -q -O- http://php-apache; done"
Pod์ ๋ฆฌ์์ค ์ฌ์ฉ๋ ํ์ธ
kubectl top pod -l app=php-apache
HPA ์์ฑ
kubectl autoscale deployment php-apache --cpu-percent=50 --min=1 --max=5
์์์ ์์ฑํ HPA ์ํ ํ์ธ
kubectl get hpa php-apache
HPA ์ํ ๋ชจ๋ํฐ๋ง
kubectl get hpa php-apache -w
Ctrl+C๋ฅผ ์ ๋ ฅํด์ HPA ๋ชจ๋ํฐ๋ง์ ์ค์งํ๊ณ Pod๊ฐ ์์ฑ๋์๋์ง ํ์ธ
kubectl get pod -l app=php-apache
Pod์ ๋ฆฌ์์ค ์ฌ์ฉ๋ ํ์ธ
kubectl top pod -l app=php-apache
Pending ์ํ์ Pod๊ฐ ์๋ค๋ฉด ์๋์ ๋ช ๋ น์ด๋ฅผ ํตํด์ ๊ทธ ์ด์ ๋ฅผ ํ์ธ
kubectl describe pod \ $(kubectl get pod -o=jsonpath='{.items[?(@.status.phase=="Pending")].metadata.name}')
Cluster Autoscaler ์ค์น
{ export CLUSTER_NAME=$(kubectl get node \ -o=jsonpath='{.items[0].metadata.labels.alpha\.eksctl\.io\/cluster-name}') export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) export ASG_NAME=$(aws autoscaling describe-auto-scaling-groups --query \ "AutoScalingGroups[? Tags[? (Key=='eks:cluster-name') && Value=='$CLUSTER_NAME']].AutoScalingGroupName" --output text) eksctl utils associate-iam-oidc-provider --region=ap-northeast-2 \ --cluster=$CLUSTER_NAME --approve eksctl create iamserviceaccount \ --cluster=$CLUSTER_NAME \ --namespace=kube-system \ --name=cluster-autoscaler \ --attach-policy-arn=arn:aws:iam::aws:policy/AmazonEC2FullAccess \ --override-existing-serviceaccounts \ --approve \ --region ap-northeast-2 kubectl apply -f \ https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml kubectl -n kube-system patch deployment cluster-autoscaler --type=json \ -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/command", "value": [ "./cluster-autoscaler", "--v=4", "--stderrthreshold=info", "--cloud-provider=aws", "--skip-nodes-with-local-storage=false", "--expander=least-waste", "--node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/'${CLUSTER_NAME}'", "--balance-similar-node-groups", "--skip-nodes-with-system-pods=false" ]}]' }
Cluster Autoscaler ๋ก๊ทธ ํ์ธ
kubectl -n kube-system logs deploy/cluster-autoscaler
Pending ์ํ์๋ Pod๊ฐ ์์ฑ ๋์๋์ง ํ์ธ
kubectl get pod -l app=php-apache
Node ๊ฐฏ์ ํ์ธ
kubectl get node
Pod์ ๋ฆฌ์์ค ์ฌ์ฉ๋ ํ์ธ
kubectl top pod -l app=php-apache
๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์ ์ ๋ถํ๋ฅผ ๋ฐ์์ํค๋ Pod ์ญ์
kubectl delete deploy load-generator
Pod์ ๋ฆฌ์์ค ์ฌ์ฉ๋ ํ์ธ
kubectl top pod -l app=php-apache
HPA ์ํ ํ์ธ
kubectl get hpa php-apache
HPA ์์ธ ๋ด์ฉ ํ์ธ
kubectl describe hpa php-apache
๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์ ์ ๋ณต์ ๋ณธ ๊ฐฏ์๋ 1๊ฐ๋ก ๊ฐ์ ์ง์
kubectl scale deployment php-apache --replicas=1
Pod๊ฐ ์ญ์ ๋์๋์ง ํ์ธ
kubectl get pod -l app=php-apache
๋ฐ๋ชจ ์ ํ๋ฆฌ์ผ์ด์ ์ญ์
kubectl delete deploy php-apache
Pod๊ฐ ์ญ์ ๋์๋์ง ํ์ธ
kubectl get pod -l app=php-apache
Node๊ฐ ์ญ์ ๋๋์ง ํ์ธ
kubectl get node
Cluster Autoscaler ๋ก๊ทธ ํ์ธ
kubectl -n kube-system logs deploy/cluster-autoscaler
EKS ํด๋ฌ์คํฐ ์ญ์
eksctl delete cluster --name mycluster --region ap-northeast-2
Last updated