1. kubeadm 을 이용한 쿠버네티스 설치 - OnPremiss

# Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

sudo docker run hello-world

swapoff -a && sed -i '/swap/s/^/#/' /etc/fstab # 메모리 상태 확인 sudo free -m

# root 계정의 비밀번호를 설정합니다. sudo passwd root # root 계졍에 로그인합니다. su -

nc 127.0.0.1 6443 -zv -w 2

sudo apt-get install -y firewalld systemctl stop firewalld systemctl disable firewalld

# 방화벽 예외 설정(마스터, 워커) sudo apt-get install -y firewalld sudo systemctl start firewalld sudo systemctl enable firewalld sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https # 마스터 노드일 경우 sudo firewall-cmd --permanent --add-port=6443/tcp sudo firewall-cmd --permanent --add-port=2379-2380/tcp sudo firewall-cmd --permanent --add-port=10250-10252/tcp sudo firewall-cmd --permanent --add-port=8285/udp sudo firewall-cmd --permanent --add-port=8472/udp sudo firewall-cmd --reload # 워커 노드일 경우 sudo firewall-cmd --permanent --add-port=10250/tcp sudo firewall-cmd --permanent --add-port=30000-32767/tcp sudo firewall-cmd --permanent --add-port=8285/udp sudo firewall-cmd --permanent --add-port=8472/udp sudo firewall-cmd --permanent --add-port=26443/tcp sudo firewall-cmd --reload # 방화벽 활성화 확인 systemctl status firewalld

# 열린 포트 확인 sudo firewall-cmd --list-all # 열린 포트 확인 sudo netstat -tlnp # 다른 노드의 포트 점검 telnet [ip] [port] ex) telnet 192.168.100.128 6443 >> Trying 192.168.111.128... telnet: Unable to connect to remote host: Connection refused # Trying 192.168.111.128... 만 계속 나오면 방화벽 오픈되어 있지 않음 # Connection refuesed가 나오면 방화벽 오픈은 되어 있으나 프로세스가 올라가 있지 않은 상태 # 방법2 curl -v telnet://[ip]:[port]

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter # 필요한 sysctl 파라미터를 설정하면, 재부팅 후에도 값이 유지된다. cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF # 재부팅하지 않고 sysctl 파라미터 적용하기 sudo sysctl --system

sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl gpg

sudo mkdir -p -m 755 /etc/apt/keyrings

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl

kubectl version --client kubeadm version kubelet --version

systemctl start kubelet systemctl enable kubelet

kubeadm init <args>

[init] Using Kubernetes version: v1.33.4 [preflight] Running pre-flight checks W0823 12:36:20.768155 1464 checks.go:1065] [preflight] WARNING: Couldn't create the interface used for talking to the container runtime: failed to create new CRI runtime service: validate service connection: validate CRI v1 runtime API for endpoint "unix:///var/run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService [WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly [WARNING SystemVerification]: cgroups v1 support is in maintenance mode, please migrate to cgroups v2 [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action beforehand using 'kubeadm config images pull' error execution phase preflight: [preflight] Some fatal errors occurred: failed to create new CRI runtime service: validate service connection: validate CRI v1 runtime API for endpoint "unix:///var/run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` To see the stack trace of this error execute with --v=5 or higher

# /etc/containerd/config.toml 파일에서 ["cri"] -> [""] vi /etc/containerd/config.toml # containerd 재실행 sudo systemctl restart containerd sudo systemctl status containerd --no-pager

To start using your cluster, you need to run the following as a regular user: # init이 완료된 후 config 복사 및 권한을 설정 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a Pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: /docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: # 아래의 코드를 복사 및 저장해둡니다. kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>

kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml

kubectl get nodes

kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>