미션 #1. 쿠버네티스 설치 구간별 상태 확인
4개월 전
1.1 내 PC 네트워크 확인
❱❱❱ ip a | grep tailscale
3: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500
inet 100.87.136.148/32 scope global tailscale0
1.2 내 PC 자원 확인
❱❱❱ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 39 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 4
1.3 VirtualBox 설치 버전 확인
❱❱❱ VBoxManage -v
7.1.8r168469
1.4 Vagrant 설치 버전 확인
❱❱❱ vagrant -v
Vagrant 2.4.5
2.1 VirtualBox VM 확인
❱❱❱ VBoxManage list vms
"kube_master-node_1748525171409_12647" {84f639c4-a8a7-4fba-9c52-b5646bdfcf73}
2.2 내 VM에 적용된 NAT 확인
❱❱❱ VBoxManage showvminfo kube_master-node_1748525171409_12647 | grep -i "nic 1"
NIC 1: MAC: 080027FCE996, Attachment: NAT, Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
NIC 1 Settings: MTU: 0, Socket (send: 64, receive: 64), TCP Window (send:64, receive: 64)
NIC 1 Rule(0): name = ssh, protocol = tcp, host ip = 127.0.0.1, host port = 2222, guest ip = , guest port = 22
2.3 내 VM에 적용된 Host-Only Network 확인
❱❱❱ VBoxManage showvminfo kube_master-node_1748525171409_12647 | grep -i "nic 2"
NIC 2: MAC: 0800271FFB0D, Attachment: Host-only Interface 'vboxnet0', Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
2.4 VirtualBox Host-Only cidr 확인
❱❱❱ VBoxManage list hostonlyifs
Name: vboxnet0
GUID: f0000000-dae8-4abf-8000-0a0027000000
DHCP: Disabled
IPAddress: 192.168.56.1
NetworkMask: 255.255.255.0
IPV6Address: fe80::800:27ff:fe00:0
IPV6NetworkMaskPrefixLength: 64
HardwareAddress: 0a:00:27:00:00:00
MediumType: Ethernet
Wireless: No
Status: Up
VBoxNetworkName: HostInterfaceNetworking-vboxnet0
3.1 Rocky Linux 버전 확인
[root@k8s-master ~]# cat /etc/*-release
Rocky Linux release 8.8 (Green Obsidian)
NAME="Rocky Linux"
VERSION="8.8 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.8 (Green Obsidian)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2029-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-8"
ROCKY_SUPPORT_PRODUCT_VERSION="8.8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.8"
Rocky Linux release 8.8 (Green Obsidian)
Rocky Linux release 8.8 (Green Obsidian)
Rocky Linux release 8.8 (Green Obsidian)
매번 "cat /etc/os-release" 명령어만 사용하여 다른 release 파일이 있는줄 몰랐음
[root@k8s-master ~]# ls -l /etc/*-release
lrwxrwxrwx. 1 root root 13 Apr 26 2023 /etc/centos-release -> rocky-release
lrwxrwxrwx. 1 root root 21 Apr 26 2023 /etc/os-release -> ../usr/lib/os-release
lrwxrwxrwx. 1 root root 13 Apr 26 2023 /etc/redhat-release -> rocky-release
-rw-r--r--. 1 root root 41 Apr 26 2023 /etc/rocky-release
lrwxrwxrwx. 1 root root 13 Apr 26 2023 /etc/system-release -> rocky-release심볼릭 링크 되어있는걸 확인
3.2 Hostname 확인
[root@k8s-master ~]# hostname
k8s-master
3.3 Network 확인(NAT)
[root@k8s-master ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:fc:e9:96 brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
3.4 Network 확인(Host-Only)
[root@k8s-master ~]# ip a
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:1f:fb:0d brd ff:ff:ff:ff:ff:ff
altname enp0s8
inet 192.168.56.30/24 brd 192.168.56.255 scope global noprefixroute eth1
3.5 자원(cpu) 확인
[root@k8s-master ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
3.6 자원(memory) 확인
[root@k8s-master ~]# free -h
total used free shared buff/cache available
Mem: 5.8Gi 1.5Gi 527Mi 19Mi 3.7Gi 4.0Gi
Swap: 0B 0B 0B
4.1 타임존 설정 확인
[root@k8s-master ~]# timedatectl
Local time: Fri 2025-05-30 17:51:35 KST
Universal time: Fri 2025-05-30 08:51:35 UTC
RTC time: Fri 2025-05-30 08:51:35
Time zone: Asia/Seoul (KST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
5. kubeadm 설치 전 사전작업
5.1 방화벽 해제 확인
[root@k8s-master ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)5.1 방화벽 해제 확인
[root@k8s-master ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
스왑(swap) 비활성화 확인
[root@k8s-master ~]# free
total used free shared buff/cache available
Mem: 6061208 1682108 358316 19816 4020784 4077976
Swap: 0 0 0
[root@k8s-master ~]# cat /etc/fstab | grep swap
#/swapfile none swap defaults 0 0
6. 컨테이너 런타임 설치
6.1 컨테이너 런타임 설치 전 사전작업
iptables 세팅
[root@k8s-master ~]# cat /etc/modules-load.d/k8s.conf
overlay
br_netfilter
[root@k8s-master ~]# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
[root@k8s-master ~]# lsmod | grep overlay
overlay 139264 35
[root@k8s-master ~]# lsmod | grep br_netfilter
br_netfilter 24576 0
bridge 290816 1 br_netfilter
6.2 컨테이너 런타임 (containerd 설치)
6.2.1 docker engine (containerd.io)만 설치
docker repo 설정 확인
[root@k8s-master ~]# yum repolist enabled
repo id repo name
appstream Rocky Linux 8 - AppStream
baseos Rocky Linux 8 - BaseOS
docker-ce-stable Docker CE Stable - x86_64
extras Rocky Linux 8 - Extras
kubernetes Kubernetes
6.2.2 containerd 설치 확인
[root@k8s-master ~]# yum repolist enabled
repo id repo name
appstream Rocky Linux 8 - AppStream
baseos Rocky Linux 8 - BaseOS
docker-ce-stable Docker CE Stable - x86_64
extras Rocky Linux 8 - Extras
kubernetes Kubernetes
[root@k8s-master ~]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor pre>
Active: active (running) since Thu 2025-05-29 22:28:51 KST; 19h ago
Docs: https://containerd.io
Main PID: 25572 (containerd)
Tasks: 243
Memory: 2.7G
6.2.3 설치 가능한 버전의 containerd.io 리스트 확인
[root@k8s-master ~]# yum list containerd.io --showduplicates | sort -r
Last metadata expiration check: 3:53:03 ago on Fri 30 May 2025 02:17:28 PM KST.
Installed Packages
containerd.io.x86_64 1.6.9-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.8-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.7-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.6-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.4-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.32-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.31-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.28-3.2.el8 docker-ce-stable
containerd.io.x86_64 1.6.28-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.27-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.26-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.25-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.24-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.22-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.21-3.1.el8 docker-ce-stable
containerd.io.x86_64 1.6.21-3.1.el8 @docker-ce-stable
6.3 컨테이너 런타임 (CRI활성화)
cri 활성화 설정 확인
[root@k8s-master ~]# cat /etc/containerd/config.toml
...
...
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
6.4 kubelet cgroup 확인 (configmap)
[root@k8s-master ~]# kubectl get -n kube-system cm kubelet-config -o yaml
apiVersion: v1
data:
kubelet: |
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 0s
cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
6.5 kubelet cgroup 확인 (kubelet)
[root@k8s-master ~]# cat /var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 0s
cacheUnauthorizedTTL: 0s
cgroupDriver: systemdkubelet에서 cgroup 수정 필요시 적용 방법
- 아래 두 군데에서 cgroupDriver를 systemd 혹은 cgroupfs로 변경
--
vi /var/lib/kubelet/config.yaml--
kubectl edit -n kube-system cm kubelet-config--
systemctl restart kubelet
댓글을 작성해보세요.
