728x90

목차

     

     

    시작하며

    k8s v1.20 이후 부터 container runtime으로 docker를 사용하는 것을 중단하였다. 심지어 대안책으로 나온 dockershim까지 v1.24 이후 부터 지원을 중단하면서 docker가 필요없어져서 삭제하기로 했다.

    그러나 런타임에서 docker를 제거하더라도 docker에서 만든 컨테이너 이미지를 등록하고 실행하는 것은 가능하다. 이유는 docker가 생성하는 이미지는 docker에만 특정된 이미지가 아닌 OCI(Open Container Initiative)와 호환되는 이미지이기 때문이다.

    대안으로는 컨테이너 런타임을 위해 containerd를 설치하기로 했다.

    docker와 기존에 설치한 k8s를 삭제하는 방법은 아래 포스팅을 참고하길 바란다.

    https://jfbta.tistory.com/284

     

    [kubernetes] CentOS에서 Docker 완전 삭제하기

    목차 시작하며 k8s v1.20 이후 부터 container runtime으로 docker를 사용하는 것을 중단하였다. 심지어 대안책으로 나온 dockershim까지 v1.24 이후 부터 지원을 중단하면서 docker가 필요없어져서 삭제하기로

    jfbta.tistory.com

    https://jfbta.tistory.com/285

     

    [kubernetes] CentOS에서 k8s 완전 삭제하기

    목차 실행 중인 도커(컨테이너, 볼륨, 이미지) 모두 제거 # 이미지 목록 docker images # 이미지 삭제 docker rmi {이미지이름} # 네트워크 목록 docker network ls # 네트워크 삭제 docker network rm {네트워크이름}

    jfbta.tistory.com

     

    최소 사양

     

    1. 마스터 노드(Master Node):
      • CPU: 2 코어 이상
      • RAM: 2GB 이상
      • 디스크: 20GB 이상의 여유 공간
    2. 워커 노드(Worker Node):
      • CPU: 1 코어 이상
      • RAM: 1GB 이상
      • 디스크: 10GB 이상의 여유 공간

    selinux 비활성화

    [root@docker03 etc]# setenforce 0
    setenforce: SELinux is disabled

    swap 비활성화

    [root@docker03 etc]# swapoff -a

    방화벽 비활성화

    [root@docker03 etc]# systemctl disable firewalld
    [root@docker03 etc]# systemctl stop firewalld

    containerd 설치 및 설정

    [root@docker03 etc]# yum install -y yum-utils
    [root@docker03 etc]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    [root@docker03 etc]# yum install containerd.io
    [root@docker03 yum.repos.d]# cd /etc/modules-load.d/
    [root@docker03 modules-load.d]# vim containerd.conf
    ---
    overlay
    br_netfilter
    ---
    :wq
    ---
    [root@docker03 modules-load.d]# modprobe overlay
    [root@docker03 modules-load.d]# modprobe br_netfilter
    [root@docker03 modules-load.d]# cd /etc/sysctl.d/
    [root@docker03 modules-load.d]# vim 99-kubernetes-cri.conf
    ---
    net.bridge.bridge-nf-call-iptables  = 1
    net.ipv4.ip_forward                 = 1
    net.bridge.bridge-nf-call-ip6tables = 1
    ---
    :wq
    ---
    [root@docker03 sysctl.d]# sysctl --system
    * Applying /usr/lib/sysctl.d/00-system.conf ...
    net.bridge.bridge-nf-call-ip6tables = 0
    net.bridge.bridge-nf-call-iptables = 0
    net.bridge.bridge-nf-call-arptables = 0
    * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
    kernel.yama.ptrace_scope = 0
    * Applying /usr/lib/sysctl.d/50-default.conf ...
    kernel.sysrq = 16
    kernel.core_uses_pid = 1
    kernel.kptr_restrict = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.promote_secondaries = 1
    net.ipv4.conf.all.promote_secondaries = 1
    fs.protected_hardlinks = 1
    fs.protected_symlinks = 1
    * Applying /etc/sysctl.d/99-kubernetes-cri.conf ...
    net.bridge.bridge-nf-call-iptables = 1
    net.ipv4.ip_forward = 1
    net.bridge.bridge-nf-call-ip6tables = 1
    * Applying /etc/sysctl.d/99-sysctl.conf ...
    vm.swappiness = 1
    * Applying /etc/sysctl.conf ...
    vm.swappiness = 1
    [root@docker03 modules-load.d]# vim /etc/containerd/config.toml
    # 주석처리
    disabled_plugins = ["cri"]
    # 내용 추가
    [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]
    SystemdCgroup = true

    다시 시작해서 적용

    [root@docker03 modules-load.d]# systemctl restart containerd

    설치 확인

    [root@docker03 sysctl.d]# systemctl status containerd
    ● containerd.service - containerd container runtime
       Loaded: loaded (/usr/lib/systemd/system/containerd.service; disabled; vendor preset: disabled)
       Active: active (running) since Sun 2024-03-03 21:46:33 KST; 40s ago
         Docs: https://containerd.io
      Process: 36278 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
     Main PID: 36280 (containerd)
        Tasks: 95
       Memory: 2.5G
       CGroup: /system.slice/containerd.service
               ├─33552 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 79fc1589e50c808b...
               ├─33571 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id c89976f208042e39...
               ├─36280 /usr/bin/containerd
               ├─kubepods-burstable-pod00e23bc2_2a42_4688_8dd5_5d8f22291121.slice:cri-containerd:c78bcd5704bb8620872079872938755f1216650dd4b02bbc0ba429f725cfc11b
               │ ├─33952 /usr/local/bin/runsvdir -P /etc/service/enabled
               │ ├─34028 runsv felix
               │ ├─34029 runsv monitor-addresses
               │ ├─34030 runsv allocate-tunnel-addrs
               │ ├─34031 runsv node-status-reporter
               │ ├─34032 runsv bird
               │ ├─34033 runsv bird6
               │ ├─34034 runsv confd
               │ ├─34035 runsv cni
               │ ├─34037 calico-node -monitor-addresses
               │ ├─34039 calico-node -status-reporter
               │ ├─34041 calico-node -confd
               │ ├─34060 calico-node -monitor-token
               │ ├─34199 bird6 -R -s /var/run/calico/bird6.ctl -d -c /etc/calico/confd/config/...
               │ ├─34200 bird -R -s /var/run/calico/bird.ctl -d -c /etc/calico/confd/config/bi...
               │ ├─35416 calico-node -allocate-tunnel-addrs
               │ └─36086 calico-node -felix
               ├─kubepods-burstable-pod00e23bc2_2a42_4688_8dd5_5d8f22291121.slice:cri-containerd:c89976f208042e39c49168c7e4d49078e525a215b1fd3f19bef7ed33140ff078
               │ └─33608 /pause
               └─kubepods-besteffort-pod6ba323f8_4720_4a5d_9da5_01efa499f1d4.slice:cri-containerd:79fc1589e50c808bb945cefd1b62eadde9c5135d66e0edc6d83711adea15425d
                 └─33598 /pause
    
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.076602139+09:00" l...60
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.076983484+09:00" l...io
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.077003570+09:00" l...m"
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.087167717+09:00" l...n"
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.268915488+09:00" l...r"
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.268974607+09:00" l...r"
    Mar 03 21:46:33 docker03 systemd[1]: Started containerd container runtime.
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.268990433+09:00" l...t"
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.269000696+09:00" l...r"
    Mar 03 21:46:33 docker03 containerd[36280]: time="2024-03-03T21:46:33.269077615+09:00" l...s"
    Hint: Some lines were ellipsized, use -l to show in full.

     

    k8s 설치하기

    [root@docker03 modules-load.d]# cd /etc/yum.repos.d/
    [root@docker03 modules-load.d]# vim kubernetes.repo
    ---
    [kubernetes]
    name=Kubernetes
    baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
    enabled=1
    gpgcheck=1
    gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    ---
    :wq
    ---
    [root@docker03 modules-load.d]# mv kubernetes.repo Kubernetes.repo
    [root@docker03 modules-load.d]# yum install kubelet kubeadm kubectl --disableexcludes=kubernetes

    설치중 404 에러가 뜨는서버가 하나가 있었다. 이때는 repository 내용을 아래로 변경해서 설치하면 된다.

    ---
    [kubernetes]
    name=Kubernetes
    baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
    enabled=1
    gpgcheck=1
    repo_gpgcheck=1
    gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
           https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    ---
    :wq
    ---

    Master인 경우

    [root@docker03 modules-load.d]# systemctl enable kubelet
    [root@docker03 modules-load.d]# kubeadm init
    
    [root@docker03 modules-load.d]# mkdir -p $HOME/.kube
    [root@docker03 modules-load.d]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    [root@docker03 modules-load.d]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
    [root@docker03 modules-load.d]# export KUBECONFIG=/etc/kubernetes/admin.conf

    Worker Node인 경우

    [root@docker03 modules-load.d]# kubeadm reset
    [root@docker03 modules-load.d]# kubeadm join {Master_IP}:6443 --token {token_키} --discovery-token-ca-cert-hash sha256:{hash_token_키}

     

    node 추가를 위해 join하는 방법 정리 포스팅은 아래를 참고하세요.

    https://jfbta.tistory.com/287

     

    [kubernetes] token, hash token 발급 후 join, node 추가 방법

    # 인증서 업데이트 kubeadm alpha certs renew all # 인증서 갱신 여부 확인 openssl x509 -in apiserver.crt -noout -text |grep ' Not ' # token 생성 및 확인(만료되면 사라지기 때문에 재생성必) kubeadm token create --print-join-

    jfbta.tistory.com

     

    728x90
    TOP