[급한 k8s] 2. k8s 설치

설치 과정 요약

k8s의 설치 과정은 3개(환경 설정 / container runtime 설치 / CNI 배포)  로 나눠집니다.

1. 환경 설정

아래 두개의 설정은 필수 입니다.

    1) 방화벽 해제 

    2) swappof -a 

2. container runtime 설치 

k8s가 container를 생성하고 실행하는 것이 아니기 때문에 container runtime을 설치해 주어야 합니다.

 

    1) k8s는 container runtime 별로 설치 방법이 다르기때문에 k8s.io 사이트에서 매번 확인을 하는 것으르 추천 합니다.

https://kubernetes.io/docs/setup/production-environment/container-runtimes/

   2) cri-o 설치 가이드

https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/install-cri-o-on-ub

https://tech.hostway.co.kr/2022/05/12/1029/

3. kubeadm, kubelet , kubectl 설치

kubadm : k8s cluster 구성을 도와 줍니다. 

kubelet : k8s 시스템의 관리자 역활을 합니다.

kubectl : k8s 관리 tool 입니다.

    1) k8s 설치 방법은 아래 친절하게 나와있습니다.

https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl

    2) 막약 특정 버전을 지정해서 설치 해야한다면?

    sudo apt-get install -y kubelet=${k8s_ver} kubeadm=${k8s_ver} kubectl=${k8s_ver}

4. CNI 배포

CNI는 여러가지 plugin이 존재 함으로 선택 해서 사용합니다. 

https://github.com/containernetworking/cni

 

- 저는 calico를 사용했습니다.

https://projectcalico.docs.tigera.io/getting-started/kubernetes/self-managed-onprem/onpremises

 

k8s 완전 삭제 

kubeadm reset
sudo apt-mark unhold kubelet kubeadm kubectl
sudo apt-get purge kubeadm kubectl kubelet kube*   
sudo apt-get autoremove  
sudo rm -rf ~/.kube

---

트러블 슈팅

the following signatures couldn’t be verified because the public key is not available

해결책

ubuntu의 key를 다시 설정 해주어야한다. 아래는 해결 방법 이다.

https://chrisjean.com/fix-apt-get-update-the-following-signatures-couldnt-be-verified-because-the-public-key-is-not-available/

 

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.

해결책

우분투에서 ca-certificates 라는 패키지를 업데이트 시켜서 인증서가 맞지 않아 생기는 문제입니다.

ca-certificates 설치가 필요 

sudo apt install ca-certificates

The following signatures were invalid

해결책

ubuntu-dbgsym-keyring 재설치

https://askubuntu.com/questions/1325481/how-to-fix-the-following-signatures-were-invalid-expkeysig-c8cab6595fdff622-ub

sudo apt remove --purge ubuntu-dbgsym-keyring
sudo apt-key del 0xC8CAB6595FDFF622
sudo apt install ubuntu-dbgsym-keyring

kubeadm join 발생 에러

해결책

1. master node랑 worker node랑 버전 안맞아서 그럼

root@worker1:~# kubeadm join 1.1.1.1:6443 --token bur00f.xotc4vrqbj9lmj1x --discovery-token-ca-cert-hash sha256:2abc43bad6e1cec3ec61386db0db91cb260e41dad81e51e509b22d3237c8add1                           
[preflight] Running pre-flight checks                                                                                                                                                                      
[preflight] Reading configuration from the cluster...                                                                                                                                                      
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'                                                                                              
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get component configs: configmaps "kubelet-config-1.24" is forbidden: User "system:bootstrap:bur00f" cannot get re
source "configmaps" in API group "" in the namespace "kube-system"                                                                                                                                         
To see the stack trace of this error execute with --v=5 or higher

cilium run CrashLoopBackOff

해결책

worker node kubelet 을  재실행 하면됨. 

 

Calico 배포하다 안될 때 

Events:                                                                                                                                                                                                            

  Type     Reason                  Age   From               Message                                                                                                                                                
  ----     ------                  ----  ----               -------                                                                                                                                                
  Normal   Scheduled               3m4s  default-scheduler  Successfully assigned kube-system/calico-kube-controllers-

66bfd4dbc-ttbqq to worker1                                                                   
  Warning  FailedCreatePodSandBox  2m3s  kubelet            Failed to create pod sandbox: rpc error: code = Unknown des

c = failed to setup network for sandbox "c4770a27a898d39e91f6eb80c2462e7623b8f1e11c7fcf3fa85
3faeff0e3a70d": plugin type="cilium-cni" name="cilium" failed (add): unable to connect to Cilium daemon: failed to create cilium agent client after 30.000000 s

econds timeout: Get "http:///var/run/cilium/cilium.s
ock/v1/config": dial unix /var/run/cilium/cilium.sock: connect: no such file or directory                                                                                                                          
Is the agent running?                                                                                                                                                                                              
  Warning  FailedCreatePodSandBox  50s  kubelet  Failed to create pod sandbox: rpc error: code = Unknown desc = faile

d to setup network for sandbox "04d220d01fc4c9239624fdbe7cb3aab71c2590655b9995c3805496af3defa9
97": plugin type="cilium-cni" name="cilium" failed (add): unable to connect to Cilium daemon: failed to create cilium agent client after 30.000000 s

econds timeout: Get "http:///var/run/cilium/cilium.sock/v1/conf
ig": dial unix /var/run/cilium/cilium.sock: connect: no such file or directory  

 

해결책

master node와 worker node의 cni 를 다 날리고 재설치

#kubectl delete -f calico.yam

#rm -rf /etc/cni/net.d/*

#rm -rf /opt/cni/bin/*

#kubectl apply -f calico.yaml

 

CoreDNS 재시작 방법 

kubectl rollout restart -n kube-system deployment/coredns