Kubernetes

쿠버네티스 (Virtual box-ubuntu)

law and security 2024. 10. 10. 11:23

 
1.  가상 시스템 가져오기 
 
 

 
 
 
 
도커 설치시 ‘모든 네트워크 어댑터 MAC 주소 포함’선택하기
 
2. 네트워크 설정 
 

 

 
-> localhost 추가 
 
 
 
 
 
3. 연결 확인 
 
<k8s-master>

 
<k8s-worker1>
 

 
 
<k8s-worker2>
 

 
 
4. 네트워크 설정

 
-> port 22열기 
 

 

 
->포트포워딩
 
 
5. XSHELL 설치하기
 
무료 라이선스 - NetSarang Website

무료 라이선스 - NetSarang Website

무료 라이선스 무료 사용자의 최고의 선택 ㈜넷사랑컴퓨터는 강력한 SSH와 SFTP/FTP 클라이언트 프로그램을 지난 10년간 무료로 배포해온 것에 대해 자부심을 느낍니다. 저희 무료 라이선스는 단지

www.netsarang.com

 

 

 
- 파일 > 새로만들기 
 
 

 
 
 
 
<k8sworker 1,2>
 

 
 

 
 

 
 
 
 
 
 
 

 
 
 

-> 3개의 노드를 모두 접속
 

root@k8s-master:~# su -
root@k8s-master:~# kubectl get nodes
NAME          STATUS   ROLES           AGE    VERSION
k8s-master    Ready    control-plane   315d   v1.28.2
k8s-worker1   Ready    <none>          315d   v1.28.2
k8s-worker2   Ready    <none>          315d   v1.28.2

 
 
 
< kubectl 명령어를 입력할 때 자동 완성 기능이 작동하도록 설정 >

#source 명령어가 이를 현재 세션에서 실행
root@k8s-master:~# source <(kubectl completion bash)

# source 명령어를 사용자의 ~/.bashrc 파일에 추가
root@k8s-master:~# echo "source <(kubectl completion bash)" >>~/.bashrc

 
 
<매트리스 API서버 설치>

root@k8s-master:~# git clone http://github.com/kubernetes-sigs/metrics-server.git
'metrics-server'에 복제합니다...
warning: https://github.com/kubernetes-sigs/metrics-server.git/(으)로 리다이렉트
remote: Enumerating objects: 16980, done.
remote: Counting objects: 100% (4092/4092), done.
remote: Compressing objects: 100% (968/968), done.
remote: Total 16980 (delta 3237), reused 3175 (delta 3124), pack-reused 12888 (from 1)
오브젝트를 받는 중: 100% (16980/16980), 14.23 MiB | 12.69 MiB/s, 완료.
델타를 알아내는 중: 100% (9299/9299), 완료.
root@k8s-master:~# cd metrics-server/manifests/base
root@k8s-master:~/metrics-server/manifests/base# vi deployment.yaml

 
 

 

- --kubelet-insecure-tls

 

root@k8s-master:~/metrics-server/manifests/base# kubectl apply -k.
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
root@k8s-master:~/metrics-server/manifests/base# kubectl get deploy metrics-server -n kube-system
NAME             READY   UP-TO-DATE   AVAILABLE   AGE
metrics-server   0/1     1            0           31s
root@k8s-master:~/metrics-server/manifests/base# kubectl get svc metrics-server -n kube-system
NAME             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
metrics-server   ClusterIP   10.100.141.222   <none>        443/TCP   52s
root@k8s-master:~/metrics-server/manifests/base# kubectl top node --use-protocol-buffers
NAME          CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-master    61m          3%     1363Mi          73%       
k8s-worker1   10m          0%     1104Mi          59%       
k8s-worker2   15m          0%     1095Mi          58%

root@k8s-master:~/metrics-server/manifests/base# kubectl get pods -n kube-system -o wide
NAME                                 READY   STATUS    RESTARTS      AGE    IP             NODE          NOMINATED NODE   READINESS GATES
coredns-5dd5756b68-bwvmq             1/1     Running   4 (43m ago)   315d   10.40.0.1      k8s-master    <none>           <none>
coredns-5dd5756b68-pw2v4             1/1     Running   4 (43m ago)   315d   10.40.0.2      k8s-master    <none>           <none>
etcd-k8s-master                      1/1     Running   5 (43m ago)   315d   10.100.0.105   k8s-master    <none>           <none>
kube-apiserver-k8s-master            1/1     Running   5 (43m ago)   315d   10.100.0.105   k8s-master    <none>           <none>
kube-controller-manager-k8s-master   1/1     Running   5 (43m ago)   315d   10.100.0.105   k8s-master    <none>           <none>
kube-proxy-cnlfq                     1/1     Running   5 (43m ago)   315d   10.100.0.105   k8s-master    <none>           <none>
kube-proxy-n5t2j                     1/1     Running   2 (34m ago)   315d   10.100.0.106   k8s-worker1   <none>           <none>
kube-proxy-zk6q8                     1/1     Running   2 (31m ago)   315d   10.100.0.107   k8s-worker2   <none>           <none>
kube-scheduler-k8s-master            1/1     Running   5 (43m ago)   315d   10.100.0.105   k8s-master    <none>           <none>
metrics-server-5946998cd5-4bfb4      1/1     Running   0             10m    10.38.0.1      k8s-worker2   <none>           <none>
weave-net-2qpp6                      2/2     Running   4 (34m ago)   315d   10.100.0.106   k8s-worker1   <none>           <none>
weave-net-7dqqb                      2/2     Running   9 (43m ago)   315d   10.100.0.105   k8s-master    <none>           <none>
weave-net-bbpn9                      2/2     Running   4 (31m ago)   315d   10.100.0.107   k8s-worker2   <none>           <none>

root@k8s-master:~/metrics-server/manifests/base# kubectl get pods -all-namespaces
error: unknown shorthand flag: 'a' in -all-namespaces
See 'kubectl get --help' for usage.
root@k8s-master:~/metrics-server/manifests/base# kubectl get pods --all-namespaces
NAMESPACE     NAME                                 READY   STATUS    RESTARTS      AGE
kube-system   coredns-5dd5756b68-bwvmq             1/1     Running   4 (46m ago)   315d
kube-system   coredns-5dd5756b68-pw2v4             1/1     Running   4 (46m ago)   315d
kube-system   etcd-k8s-master                      1/1     Running   5 (46m ago)   315d
kube-system   kube-apiserver-k8s-master            1/1     Running   5 (46m ago)   315d
kube-system   kube-controller-manager-k8s-master   1/1     Running   5 (46m ago)   315d
kube-system   kube-proxy-cnlfq                     1/1     Running   5 (46m ago)   315d
kube-system   kube-proxy-n5t2j                     1/1     Running   2 (37m ago)   315d
kube-system   kube-proxy-zk6q8                     1/1     Running   2 (34m ago)   315d
kube-system   kube-scheduler-k8s-master            1/1     Running   5 (46m ago)   315d
kube-system   metrics-server-5946998cd5-4bfb4      1/1     Running   0             13m
kube-system   weave-net-2qpp6                      2/2     Running   4 (37m ago)   315d
kube-system   weave-net-7dqqb                      2/2     Running   9 (46m ago)   315d
kube-system   weave-net-bbpn9                      2/2     Running   4 (34m ago)   315d

 
 

 
-> 매트릭스서버 설치된 것 확인됨.
 

  •  kube-proxy-cnlfq  : 노드안에서 pod간의 통신 담당
  • weave-net-2qpp6  :  …노드간의 통신 담당
  • coredns-5dd5756b68-bwvmq : pod의 FQDN을 아이피로 반환해 주는 역할(2개)

 
 

root@k8s-master:~/metrics-server/manifests/base# kubectl describe nodes k8s-worker1
Name:               k8s-worker1
Roles:              <none>
Labels:             beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/os=linux
                    kubernetes.io/arch=amd64
                    kubernetes.io/hostname=k8s-worker1
                    kubernetes.io/os=linux
Annotations:        kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.sock
                    node.alpha.kubernetes.io/ttl: 0
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Wed, 29 Nov 2023 23:55:36 +0900
Taints:             <none>
Unschedulable:      false
Lease:
  HolderIdentity:  k8s-worker1
  AcquireTime:     <unset>
  RenewTime:       Thu, 10 Oct 2024 15:17:03 +0900
Conditions:
  Type                 Status  LastHeartbeatTime                 LastTransitionTime                Reason                       Message
  ----                 ------  -----------------                 ------------------                ------                       -------
  NetworkUnavailable   False   Thu, 10 Oct 2024 14:29:07 +0900   Thu, 10 Oct 2024 14:29:07 +0900   WeaveIsUp                    Weave pod has set this
  MemoryPressure       False   Thu, 10 Oct 2024 15:15:02 +0900   Thu, 10 Oct 2024 14:28:58 +0900   KubeletHasSufficientMemory   kubelet has sufficient memory available
  DiskPressure         False   Thu, 10 Oct 2024 15:15:02 +0900   Thu, 10 Oct 2024 14:28:58 +0900   KubeletHasNoDiskPressure     kubelet has no disk pressure
  PIDPressure          False   Thu, 10 Oct 2024 15:15:02 +0900   Thu, 10 Oct 2024 14:28:58 +0900   KubeletHasSufficientPID      kubelet has sufficient PID available
  Ready                True    Thu, 10 Oct 2024 15:15:02 +0900   Thu, 10 Oct 2024 14:28:58 +0900   KubeletReady                 kubelet is posting ready status. AppArmor enabled
Addresses:
  InternalIP:  10.100.0.106
  Hostname:    k8s-worker1
Capacity:
  cpu:                2
  ephemeral-storage:  25107716Ki
  hugepages-2Mi:      0
  memory:             2011000Ki
  pods:               110
Allocatable:
  cpu:                2
  ephemeral-storage:  23139271028
  hugepages-2Mi:      0
  memory:             1908600Ki
  pods:               110
System Info:
  Machine ID:                 2b51f4cfc5a14f97a3bf811bac975781
  System UUID:                23af3de7-908c-d44e-a05a-0c363d39c4fb
  Boot ID:                    fd5fa3cb-7c37-429c-b590-856df6fca6ce
  Kernel Version:             5.15.0-89-generic
  OS Image:                   Ubuntu 20.04.6 LTS
  Operating System:           linux
  Architecture:               amd64
  Container Runtime Version:  containerd://1.6.25
  Kubelet Version:            v1.28.2
  Kube-Proxy Version:         v1.28.2
Non-terminated Pods:          (2 in total)
  Namespace                   Name                CPU Requests  CPU Limits  Memory Requests  Memory Limits  Age
  ---------                   ----                ------------  ----------  ---------------  -------------  ---
  kube-system                 kube-proxy-n5t2j    0 (0%)        0 (0%)      0 (0%)           0 (0%)         315d
  kube-system                 weave-net-2qpp6     100m (5%)     0 (0%)      0 (0%)           0 (0%)         315d
Allocated resources:
  (Total limits may be over 100 percent, i.e., overcommitted.)
  Resource           Requests   Limits
  --------           --------   ------
  cpu                100m (5%)  0 (0%)
  memory             0 (0%)     0 (0%)
  ephemeral-storage  0 (0%)     0 (0%)
  hugepages-2Mi      0 (0%)     0 (0%)
Events:
  Type     Reason                   Age                From             Message
  ----     ------                   ----               ----             -------
  Normal   Starting                 48m                kube-proxy       
  Normal   RegisteredNode           56m                node-controller  Node k8s-worker1 event: Registered Node k8s-worker1 in Controller
  Normal   NodeNotReady             55m                node-controller  Node k8s-worker1 status is now: NodeNotReady
  Normal   Starting                 48m                kubelet          Starting kubelet.
  Warning  InvalidDiskCapacity      48m                kubelet          invalid capacity 0 on image filesystem
  Normal   NodeHasSufficientMemory  48m (x2 over 48m)  kubelet          Node k8s-worker1 status is now: NodeHasSufficientMemory
  Normal   NodeHasNoDiskPressure    48m (x2 over 48m)  kubelet          Node k8s-worker1 status is now: NodeHasNoDiskPressure
  Normal   NodeHasSufficientPID     48m (x2 over 48m)  kubelet          Node k8s-worker1 status is now: NodeHasSufficientPID
  Warning  Rebooted                 48m                kubelet          Node k8s-worker1 has been rebooted, boot id: fd5fa3cb-7c37-429c-b590-856df6fca6ce
  Normal   NodeNotReady             48m                kubelet          Node k8s-worker1 status is now: NodeNotReady
  Normal   NodeAllocatableEnforced  48m                kubelet          Updated Node Allocatable limit across pods
  Normal   NodeReady                48m                kubelet          Node k8s-worker1 status is now: NodeReady

 
 

 
-> 각 worker노드에 들어갈 수 있는 pod의 개수 : 110개
 

 
 

root@k8s-master:~# ls
install-docker.sh  metrics-server  snap  token.txt
root@k8s-master:~# cd ..
root@k8s-master:/# cd k8slab
bash: cd: k8slab: 그런 파일이나 디렉터리가 없습니다
root@k8s-master:/# ls
bin   cdrom  etc   lib    lib64   lost+found  mnt  proc  run   snap  swapfile  tmp  var
boot  dev    home  lib32  libx32  media       opt  root  sbin  srv   sys       usr
root@k8s-master:/# cd ~
root@k8s-master:~# ls
install-docker.sh  metrics-server  snap  token.txt

 
 
<k8slab폴더 업로드>

 

 

root@k8s-master:/home/guru# ls
k8slab  공개  다운로드  문서  바탕화면  비디오  사진  음악  템플릿

root@k8s-master:/home/guru# cd k8slab/
root@k8s-master:/home/guru/k8slab# ls
3  4  5  6  7  8  dockerfile

root@k8s-master:/home/guru/k8slab# cd dockerfile
root@k8s-master:/home/guru/k8slab/dockerfile# ls
Dockerfile  app.js

 
 
< 도커 생성 >
 

 

root@k8s-master:/home/guru/k8slab/dockerfile# docker build -t webserver .

 
 

root@k8s-master:/home/guru/k8slab/dockerfile# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
webserver    latest    dee6ff002952   7 seconds ago   912MB
root@k8s-master:/home/guru/k8slab/dockerfile# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
root@k8s-master:/home/guru/k8slab/dockerfile# docker run -d --name web webserver
e481e57a1baee62a3fe5b28009361895fa92a50c2c0964f0773c59056f5cc861
root@k8s-master:/home/guru/k8slab/dockerfile# docker ps
CONTAINER ID   IMAGE       COMMAND         CREATED          STATUS          PORTS     NAMES
e481e57a1bae   webserver   "node app.js"   13 seconds ago   Up 12 seconds             web

 

 

root@k8s-master:/home/guru/k8slab/dockerfile# docker login
Log in with your Docker ID or email address to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com/ to create one.
You can log in with your password or a Personal Access Token (PAT). Using a limited-scope PAT grants better security and is required for organizations using SSO. Learn more at https://docs.docker.com/go/access-tokens/

Username: 
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

 
 
 

root@k8s-master:/home/guru/k8slab/dockerfile# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
webserver    latest    dee6ff002952   6 minutes ago   912MB

root@k8s-master:/home/guru/k8slab/dockerfile# docker tag webserver choichoiyj/webserver:v1.0

root@k8s-master:/home/guru/k8slab/dockerfile# docker images
REPOSITORY             TAG       IMAGE ID       CREATED          SIZE
choichoiyj/webserver   v1.0      dee6ff002952   11 minutes ago   912MB
webserver              latest    dee6ff002952   11 minutes ago   912MB

root@k8s-master:/home/guru/k8slab/dockerfile# docker push choichoiyj/webserver:v1.0
The push refers to repository [docker.io/choichoiyj/webserver]
76353e060647: Mounted from choichoiyj/weberver 
0d5f5a015e5d: Mounted from choichoiyj/weberver 
3c777d951de2: Mounted from choichoiyj/weberver 
f8a91dd5fc84: Mounted from choichoiyj/weberver 
cb81227abde5: Mounted from choichoiyj/weberver 
e01a454893a9: Mounted from choichoiyj/weberver 
c45660adde37: Mounted from choichoiyj/weberver 
fe0fb3ab4a0f: Mounted from choichoiyj/weberver 
f1186e5061f2: Mounted from choichoiyj/weberver 
b2dba7477754: Mounted from choichoiyj/weberver 
v1.0: digest: sha256:100c537e56058413acc64e0620aef527f3696b1525028a20eb751613d233f0c6 size: 2422

 
 

 
 
 

root@k8s-master:~# cd /home/guru
root@k8s-master:/home/guru# ls
k8slab  공개  다운로드  문서  바탕화면  비디오  사진  음악  템플릿
root@k8s-master:/home/guru# cd k8slab/
root@k8s-master:/home/guru/k8slab# ls
3  4  5  6  7  8  dockerfile
root@k8s-master:/home/guru/k8slab# cd 5
root@k8s-master:/home/guru/k8slab/5# ls
init-container-exam-svc.yaml  pod-liveness.yaml   pod-nginx-liveness.yaml   stress.yaml
init-container-exam.yaml      pod-multi.yaml      pod-nginx-resources.yaml
init-container-exam2.yaml     pod-mysql.yaml      pod-nginx.yaml
liveness-exam.yaml            pod-nginx-env.yaml  redis.yaml

root@k8s-master:/home/guru/k8slab/5# kubectl apply -f pod-nginx.yaml
pod/nginx-pod created

root@k8s-master:/home/guru/k8slab/5# kubectl get pods
NAME        READY   STATUS    RESTARTS   AGE
nginx-pod   1/1     Running   0          65m
root@k8s-master:/home/guru/k8slab/5# kubectl describe pod nginx-pod
Name:             nginx-pod
Namespace:        default
Priority:         0
Service Account:  default
Node:             k8s-worker1/10.100.0.106
Start Time:       Thu, 10 Oct 2024 16:35:52 +0900
Labels:           <none>
Annotations:      <none>
Status:           Running
IP:               10.32.0.2
IPs:
  IP:  10.32.0.2
Containers:
  nginx-container:
    Container ID:   containerd://eafc9b14f754ed5649bc1292039ed78737e7f5593acdb0c8477a1e6df034601c
    Image:          nginx:1.14
    Image ID:       docker.io/library/nginx@sha256:f7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Thu, 10 Oct 2024 16:35:59 +0900
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-l542v (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  kube-api-access-l542v:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:                      <none>
root@k8s-master:/home/guru/k8slab/5# curl http://10.32.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@k8s-master:/home/guru/k8slab/5# kubectl get pods -o wide
NAME        READY   STATUS    RESTARTS   AGE   IP          NODE          NOMINATED NODE   READINESS GATES
nginx-pod   1/1     Running   0          68m   10.32.0.2   k8s-worker1   <none>           <none>

 

 
 

root@k8s-master:/home/guru/k8slab/5# kubectl run nginx-pod1 --image=nginx:1.14
pod/nginx-pod1 created

root@k8s-master:/home/guru/k8slab/5# ls
init-container-exam-svc.yaml  liveness-exam.yaml  pod-mysql.yaml           pod-nginx-resources.yaml  stress.yaml
init-container-exam.yaml      pod-liveness.yaml   pod-nginx-env.yaml       pod-nginx.yaml
init-container-exam2.yaml     pod-multi.yaml      pod-nginx-liveness.yaml  redis.yaml

root@k8s-master:/home/guru/k8slab/5# kubectl get pods -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP          NODE          NOMINATED NODE   READINESS GATES
nginx-pod    1/1     Running   0          72m   10.32.0.2   k8s-worker1   <none>           <none>
nginx-pod1   1/1     Running   0          85s   10.38.0.2   k8s-worker2   <none>           <none>

 

 
-> 쿠버네티스 클러스터에서 2개의 nginx 파드가 정상적으로 실행 중인 것 확인