Kubeadm은 쿠버네티스 클러스터를 빠르고 쉽게 설치하고 관리할 수 있도록 도와주는 CLI 도구이다.
주로 쿠버네티스 컨트롤 플레인(마스터 노드)과 워커 노드를 초기화하고, 클러스터를 설정하는 역할을 한다.
주요 기능
✅ Kubernetes 클러스터 초기화 (init)
✅ 워커 노드 추가 (join)
✅ 클러스터 토폴로지 구성 및 인증서 관리
✅ 업그레이드 (upgrade) 및 리셋 (reset) 지원
✅ Kubelet 및 CNI(Container Network Interface) 설정 가능
- Vagrant 이용한 설치 (강의 참조)
$ git clone https://github.com/kodekloudhub/certified-kubernetes-administrator-course.git- 참고 문서: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
- 사전작업 install 및 configure
# sysctl params required by setup, params persist across reboots controlplane ~ ➜ cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 EOF net.ipv4.ip_forward = 1 # Apply sysctl params without reboot controlplane ~ ➜ sudo sysctl --system * Applying /etc/sysctl.d/10-console-messages.conf ... kernel.printk = 4 4 1 7 * Applying /etc/sysctl.d/10-ipv6-privacy.conf ... net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2 * Applying /etc/sysctl.d/10-kernel-hardening.conf ... kernel.kptr_restrict = 1 * Applying /etc/sysctl.d/10-magic-sysrq.conf ... kernel.sysrq = 176 ... # 값 확인 controlplane ~ ➜ sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 - kubeadm, kubelet, kubectl 설치 (master 및 worker node에 전부 적용)
Installing kubeadm
This page shows how to install the kubeadm toolbox. For information on how to create a cluster with kubeadm once you have performed this installation process, see the Creating a cluster with kubeadm page. This installation guide is for Kubernetes v1.32. If
kubernetes.io
# 사용하고 있는 운영체제 확인
controlplane ~ ➜ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.5 LTS"
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
# Update the apt package index and install packages needed to use the Kubernetes apt repository
controlplane ~ ➜ sudo apt-get update
Reading package lists... Done
# apt-transport-https may be a dummy package; if so, you can skip that package
controlplane ~ ➜ sudo apt-get install -y apt-transport-https ca-certificates curl gpg
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
ca-certificates is already the newest version (20240203~22.04.1).
curl is already the newest version (7.81.0-1ubuntu1.20).
gpg is already the newest version (2.2.27-3ubuntu2.1).
gpg set to manually installed.
apt-transport-https is already the newest version (2.4.13).
The following packages were automatically installed and are no longer required:
conntrack cri-tools ebtables ethtool kubernetes-cni socat
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 26 not upgraded.
# Debian 12 and Ubuntu 22.04 보다 오래된 release에는 /etc/apt/keyrings가 default로 존재하지 않는다.
# 해당 repo를 만들어준 뒤 command를 실행해야 한다.
controlplane ~ ➜ curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
controlplane ~ ➜ echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /
controlplane ~ ➜ sudo apt-get update
Get:2 https://download.docker.com/linux/ubuntu jammy InRelease [48.8 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:1 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.31/deb InRelease [1,186 B]
Get:4 https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages [52.6 kB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:6 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:7 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.31/deb Packages [9,749 B]
Get:8 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Get:9 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [17.5 MB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages [1,792 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages [164 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [266 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [53.3 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [3,742 kB]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [2,907 kB]
Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1,523 kB]
Get:17 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [35.2 kB]
Get:18 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [81.4 kB]
Get:19 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [1,230 kB]
Get:20 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [3,606 kB]
Get:21 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [45.2 kB]
Get:22 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [2,606 kB]
Fetched 36.3 MB in 4s (9,092 kB/s)
Reading package lists... Done
controlplane ~ ➜ sudo apt-get install -y kubelet=1.31.0-1.1 kubeadm=1.31.0-1.1 kubectl=1.31.0-1.1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
kubeadm kubectl kubelet
0 upgraded, 3 newly installed, 0 to remove and 28 not upgraded.
Need to get 37.8 MB of archives.
After this operation, 192 MB of additional disk space will be used.
Get:1 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.31/deb kubeadm 1.31.0-1.1 [11.4 MB]
Get:2 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.31/deb kubectl 1.31.0-1.1 [11.2 MB]
Get:3 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.31/deb kubelet 1.31.0-1.1 [15.2 MB]
Fetched 37.8 MB in 1s (49.8 MB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package kubeadm.
(Reading database ... 21102 files and directories currently installed.)
Preparing to unpack .../kubeadm_1.31.0-1.1_amd64.deb ...
Unpacking kubeadm (1.31.0-1.1) ...
Selecting previously unselected package kubectl.
Preparing to unpack .../kubectl_1.31.0-1.1_amd64.deb ...
Unpacking kubectl (1.31.0-1.1) ...
Selecting previously unselected package kubelet.
Preparing to unpack .../kubelet_1.31.0-1.1_amd64.deb ...
Unpacking kubelet (1.31.0-1.1) ...
dpkg: warning: unable to delete old directory '/etc/sysconfig': Directory not empty
Setting up kubeadm (1.31.0-1.1) ...
Setting up kubectl (1.31.0-1.1) ...
Setting up kubelet (1.31.0-1.1) ...
controlplane ~ ➜ sudo apt-mark hold kubelet kubeadm kubectl
kubelet set on hold.
kubeadm set on hold.
kubectl set on hold.
controlplane ~ ➜ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"31", GitVersion:"v1.31.5", GitCommit:"af64d838aacd9173317b39cf273741816bd82377", GitTreeState:"clean", BuildDate:"2025-01-15T14:39:21Z", GoVersion:"go1.22.10", Compiler:"gc", Platform:"linux/amd64"}
✔️아직 클러스터 초기화를 하지 않아서 에러가 발생한다.
controlplane ~ ➜ kubectl get nodes
E0206 11:40:54.628877 11243 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server could not find the requested resource"
E0206 11:40:54.631228 11243 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server could not find the requested resource"
E0206 11:40:54.633574 11243 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server could not find the requested resource"
E0206 11:40:54.636129 11243 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server could not find the requested resource"
E0206 11:40:54.638513 11243 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server could not find the requested resource"
Error from server (NotFound): the server could not find the requested resource
- Control plane(마스터 노드) 초기화
ip addr # IP 확인
# apiserver-advertise-address : eth0에 할당된 IP 주소
controlplane ~ ➜ kubeadm init --apiserver-advertise-address=192.8.109.9 --pod-network-cidr=10.244.0.0/16
..
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.8.109.9:6443 --token de17na.7vdwyym87yldykp9 \
--discovery-token-ca-cert-hash sha256:0d2fa0ae77ea808a25572c1fcdbc9f581a5417fe38c30fb944bec340bd24b906
controlplane ~ ➜ mkdir -p $HOME/.kube
controlplane ~ ➜ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
controlplane ~ ➜ sudo chown $(id -u):$(id -g) $HOME/.kube/config
controlplane ~ ➜ kubectl get nodes
NAME STATUS ROLES AGE VERSION
controlplane NotReady control-plane 116s v1.31.0
- worker node join 하기
# sudo kubeadm join <마스터노드_IP>:6443 --token <TOKEN> --discovery-token-ca-cert-hash sha256:<HASH>
node01 ~ ➜ kubeadm join 192.8.109.9:6443 --token de17na.7vdwyym87yldykp9 \
--discovery-token-ca-cert-hash sha256:0d2fa0ae77ea808a25572c1fcdbc9f581a5417fe38c30fb944bec340bd24b906
controlplane ~ ➜ kubectl get nodes
NAME STATUS ROLES AGE VERSION
controlplane NotReady control-plane 3m55s v1.31.0
node01 NotReady <none> 40s v1.31.0
- Network Plugin (CNI) 설치하기
- 클러스터 내에서 Pod 간 네트워크 통신이 가능해진다.
- https://kubernetes.io/docs/concepts/cluster-administration/addons/
controlplane ~ ➜ curl -LO https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 4409 100 4409 0 0 9816 0 --:--:-- --:--:-- --:--:-- 9816
# inter-host communication를 위해 eth0 인터페이스를 활성화시킨다.
controlplane ~ ➜ vi kube-flannel.yml
containers:
- args:
- --ip-masq
- --kube-subnet-mgr
- --iface=eth0
controlplane ~ ➜ kubectl apply -f kube-flannel.yml
namespace/kube-flannel unchanged
serviceaccount/flannel unchanged
clusterrole.rbac.authorization.k8s.io/flannel unchanged
clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged
configmap/kube-flannel-cfg unchanged
daemonset.apps/kube-flannel-ds configured
# 작동 확인
controlplane ~ ➜ kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-77gqh 1/1 Running 0 64s
kube-flannel kube-flannel-ds-zlqz5 1/1 Running 0 85s
kube-system coredns-6f6b679f8f-ktl52 1/1 Running 0 13m
kube-system coredns-6f6b679f8f-nkfhc 1/1 Running 0 13m
kube-system etcd-controlplane 1/1 Running 0 13m
kube-system kube-apiserver-controlplane 1/1 Running 0 13m
kube-system kube-controller-manager-controlplane 1/1 Running 0 13m
kube-system kube-proxy-6nppv 1/1 Running 0 13m
kube-system kube-proxy-fx8db 1/1 Running 0 10m
kube-system kube-scheduler-controlplane 1/1 Running 0 13mContainer-runtime: Containerd 설치하기
https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd
cgroups 은 Linux feature로, Docker나 쿠버네티와 작동할 수 잇도록 allow해주는 것.
- container에서 resource limits을 구체화해서 정할 수 있도록 allow해준다.
반응형
'Container > Kubernetes' 카테고리의 다른 글
| [K8S] Kubectl - jsonpath (0) | 2025.02.10 |
|---|---|
| [K8S] Network & CNI (0) | 2025.02.06 |
| [K8S] Network Policy (0) | 2025.02.04 |
| [K8S] Security Context (0) | 2025.02.03 |
| [K8S] Image Security (0) | 2025.02.03 |
