์ง๋ ํฌ์คํ , Kubernetes Service(1): ClusterIP/NodePort์ ์ด์ด LoadBalancer Type์ ๊ฐ๋ณ๊ฒ ์ดํด๋ณด๊ณ , MetalLB๋ฅผ ๊ฐ๋ณ๊ฒ ๋ถ์ฌ๋ณด๊ฒ ์ต๋๋ค.
CloudNet@์์ ์งํํ๊ณ ์๋ K8s Advanced Network Study(์ดํ, KANS)๋ฅผ ํตํด ํ์ตํ ๋ด์ฉ์ ์ ๋ฆฌํฉ๋๋ค.
1. LoadBalancer Type
Service(1)์์ ์ธ๊ธ๋ ๋ถ๋ถ์ ๊ฑฐ๋์ ๋ฏธํ๊ณ , ์ถ๊ฐ๋ก ์ ์ ์ ์๋ ๋ถ๋ถ์ด ์๋ค๋ฉด, ์๋ ํ ์ค์ด ์์ต๋๋ค.
You can define a LoadBalancer Service by disabling the load balancer NodePort allocation.
๊ธ์ ๊ทธ๋๋ก LB์ NodePort ํ ๋น์ ๋นํ์ฑํ์ฌ, LoadBalancer Service๋ฅผ ์ ์ํ ์ ์์ต๋๋ค.
Disabling load balancer NodePort allocation ๋ฌธ์๋ฅผ ์ดํด๋ณด๋,
v1.24๋ถํฐ Stable ์ํ๋ก ๋ณด์
๋๋ค.
ํด๋น ๋ฌธ์์์ ํต์ฌ๋ง ์ถ๋ฆฌ์๋ฉด…
spec.allocateLoadBalancerNodePorts:true(default)- Traffic์ Pod๋ก ์ง์ Routingํ๋ LB๋ฅผ ๊ตฌํ(implementation)ํ๊ณ ์ ํ ๋๋ง
false๋ก ๋ณ๊ฒฝํ์ฌ ์ฌ์ฉ๋์ด์ผ ํ๋ค๊ณ ํฉ๋๋ค. - ๊ทธ๋ ์ง ์์ผ๋ฉด, ์ฆ Node port๊ฐ ํ ๋น๋ ๊ธฐ์กด ๋
ธ๋์
false๊ฐ ์ค์ ๋๋ฉด, Node ports๋์๋์ผ๋ก ํ ๋น ํด์ ๋์ง ์๋๋ค๊ณ ํฉ๋๋ค.**not** be de-allocated automatically- ๋ชจ๋ ์๋น์ค์์ ๋ช
์์ ์ผ๋ก
nodePorts๋ฅผ ์ ๊ฑฐํด์ผํ๋ค๊ณ ํฉ๋๋ค.
- ๊ทธ๋ฆฌ๊ณ ์ด์กฐ๊ฐ ๊ฝค๋ ์ผ ํธ์ ๋๋ค.
๊ทธ๋ง ์์๋ณด์
2. MetalLB
์คํฐ๋ ํ๋ฐ๋ถ์ AWS EKS๋ฅผ ์ฌ์ฉํ๊ณ , ํ์ฌ๋ kind ํ๊ฒฝ์์ ์งํํ๋ ๊ฒ์ด๋ฏ๋ก MetalLB๋ฅผ ์ฌ์ฉํ๊ธฐ๋ก ํ์ต๋๋ค.
์ด๋ฏธ ์๋
์ ๊ฐ์ธ ํ๋ก์ ํธ๋ก kubeadm+virtualbox ์กฐํฉ์ผ๋ก ๊ตฌ์ถํ ๋ ์ธ๋ถ ์ ๊ทผ์ ์ํด MetalLB๋ฅผ ์จ๋ดค๊ณ ,
V-raptor SQ nano๋ก ์ด๊ฒ์ ๊ฒ ๋ง์ ธ๋ณผ๋, Canonical microk8s์์๋ metalLB addon์ ์ง์ํ๋ ๊ฒ์ ์๊ฒ๋ ๋ฐ,
์ด๋ฏธ ํ์
๋ถ๋ค์๊ฒ๋ ์น์ํ ํด์ด๋ผ ์๊ฐํ๊ณ ์ค๋ช
์ ์๋ตํ๊ฒ ์ต๋๋ค(?).
์ฌ์ค ๋น์์ ์ฌ์ ๊ณ ์์ ํด์, ํฌ์คํ
์ ๋จ๊ฒจ๋จ์ ๊ฒ ๊ฐ์๋๋ฐ ์ฝ๋๋ก๋ง ์กด์ฌํ๋ค์. ๋น ๋ฅธ ์์ .
๊ทธ๊ฑด ๊ทธ๋ ๊ณ microk8s์์ metalLB addon ํฐ์ปค๊ฐ v1.17๋ก ๋จ์์์ด ์ฌํ ๋ถํธํจ์ ๊ฐ์ถ ์ ์๊ตฐ์
์ผ๋จ BGP๋ ํด๋ฌ์คํฐ๋ง์ ๋ ๊ฐ๋ฅผ ํด์ผ๋์ ์ข ๊ทธ๋ ๊ณ , Layer2 ๊ธฐ๋ฐ์ผ๋ก ์ฌ์ฉํด๋ณด๊ฒ ์ต๋๋ค.
3. kind ๊ตฌ์ฑ
a. ์ด๊ธฐ ๊ตฌ์ฑ
ํ์ฌ ์์ฑ ์ค์ธ ๋๋ฐ์ด์ค์ kind๊ฐ ๊น๋ ค์์ง ์์ ๊ธฐ์กด ํฌ์คํ
(๋ฆฌ๋
์ค์ KIND ์ค์นํ๊ธฐ w/golang)๋ฅผ ์ฐธ๊ณ ํ์ฌ ์ค์นํ์ต๋๋ค.
๊ธฐ์กด ํฌ์คํ
(KIND ํบ์๋ณด๊ธฐ)๊ณผ ๋ฌ๋ผ์ง ์ ์ด ์๋ค๋ฉด, kindest/node:v1.31.0์ผ๋ก ๋ฒ์ ์ ์ฌ๋ ค ์ฌ์ฉํ์ต๋๋ค.
โฏ go version
go version go1.22.2 linux/amd64
โฏ go env GOPATH
/home/kkumtree/go
โฏ go install sigs.k8s.io/[email protected]
go: downloading sigs.k8s.io/kind v0.24.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading github.com/alessio/shellescape v1.4.2
go: downloading github.com/spf13/cobra v1.8.0
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/mattn/go-isatty v0.0.20
go: downloading golang.org/x/sys v0.6.0
go: downloading github.com/pelletier/go-toml v1.9.5
go: downloading github.com/BurntSushi/toml v1.4.0
go: downloading github.com/evanphx/json-patch/v5 v5.6.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading sigs.k8s.io/yaml v1.4.0
go: downloading github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2
โฏ vi .profile # ๋์ ์ง์ ํ๋ ๊ฒ์ผ๋ก ์์ธํ๊ฑด ์ด์ ํฌ์คํ
์ฐธ์กฐ
โฏ source .profile
โฏ kind version
kind v0.24.0 go1.22.2 linux/amd64
b. kind ํด๋ฌ์คํฐ yaml ๊ตฌ์ฑ ๋ฐ ๊ตฌ์ถ
๋น์ฐํ ์ด์ผ๊ธฐ์ง๋ง, ์ด๋ฏธ์ง ํฌ๊ธฐ๊ฐ 900MB๋ฅผ ๋์ด์๊ธฐ ๋๋ฌธ์ ์ฒ์ ๋์ธ ์ ์๊ฐ์ด ๋ค์ ์์๋ฉ๋๋ค.
(Network)
- Node
ํ๋ ์ปจํ ์ด๋network cidr: 172.18.0.0/16 - Pod network cidr: 10.10.0.0/16
10.10.1.0/24, 10.10.2.0/24, 10.10.3.0/24, 10.10.4.0/24
์ชผ๊ฐ์ง๋ ์ด์ ๋ค์๋ ๊ฑฐ ๊ฐ์๋ฐ ๋ ์์๋ค…
- Service network cidr: 10.200.1.0/24
(Entry)
- featureGates[k8s]
- Alpha,Beta ์ํ์ ๊ธฐ๋ฅ ๊ด๋ฆฌ
- InPlacePodVerticalScaling: false/alpha/1.27/-
, ์ ๊ณง๋ด - MultiCIDRServiceAllocator: false/beta/1.31/-, IPAddress ๊ฐ์ฒด๋ฅผ ์ฌ์ฉํ์ฌ Service ClusterIP์ ๋ํ IP ์ฃผ์ ํ ๋น ์ถ์
- extraPortMappings: ํธ์คํธ์ ์ปจํ
์ด๋ ๊ฐ ํฌํธ ๋งคํ
- 30000~30004
- Topology Aware Routing
nodes.labels.topology.kubernetes.io/zone: ์ด๊ฒ์ ๋์ฒด ๋ฌด์์ธ๊ฐ?์ ๋ํ ํด๋ต- <= v1.27:
Topology Aware Hints๋ก ๋ถ๋ฆผ. - EndpointSlice controller: ํ ๋น ๊ฐ๋ฅํ CPU ์ฝ์ด ์๋ฅผ ๊ธฐ๋ฐ์ผ๋ก ์๋ํฌ์ธํธ ๋ฐ kube-proxy ํ ๋น
- ๊ตญ๋ฌธ: ํ ํด๋ก์ง ์ธ์ง ํํธ, ํ ํด๋ก์ง ํค
- deprecated: ์ดํ ์์ด์ง ์ ์์
- [kubeadmConfigPatches]
- ์ ๊ณง๋ด… ์ ๋๋์ด ์์ ๋์ง๋ง
extraArgs.runtime-config: api/all=true์๋ฏธ๋?์ฑ์ฐํผํฐ์ฝํ์ผ๋ฟ์๊ฒ ๋ฌผ์ด๋ดค๋๋, ๋์ถฉ ๋งํฌ๋ฅผ ๋์ ธ์คฌ์ต๋๋ค.- Runtime Configuration
- ํฌ๋งท:
--runtime-config <comma-separated 'key=value' pairs> - ์ค์ :
-runtime-config=api/all=true - ํด๋น ํ๋ผ๋ฏธํฐ: api/all=true|false controls all API versions
- ๋คํํ ๋งํฌ๋ ์ ์ฃผ์ จ๊ตฐ์.
์ด๋ฐ ์ญ์ ํ ๊ฑธ ๋ค๋ค ์ด๋ป๊ฒ ์ฐ์๋ ๊ฑฐ์ง @.@
cat <<EOT> kind-metallb-test.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
"InPlacePodVerticalScaling": true
"MultiCIDRServiceAllocator": true
nodes:
- role: control-plane
labels:
mynode: control-plane
topology.kubernetes.io/zone: ap-northeast-2a
extraPortMappings:
- containerPort: 30000
hostPort: 30000
- containerPort: 30001
hostPort: 30001
- containerPort: 30002
hostPort: 30002
- containerPort: 30003
hostPort: 30003
- containerPort: 30004
hostPort: 30004
kubeadmConfigPatches:
- |
kind: ClusterConfiguration
apiServer:
extraArgs:
runtime-config: api/all=true
controllerManager:
extraArgs:
bind-address: 0.0.0.0
etcd:
local:
extraArgs:
listen-metrics-urls: http://0.0.0.0:2381
scheduler:
extraArgs:
bind-address: 0.0.0.0
- |
kind: KubeProxyConfiguration
metricsBindAddress: 0.0.0.0
- role: worker
labels:
mynode: worker1
topology.kubernetes.io/zone: ap-northeast-2a
- role: worker
labels:
mynode: worker2
topology.kubernetes.io/zone: ap-northeast-2b
- role: worker
labels:
mynode: worker3
topology.kubernetes.io/zone: ap-northeast-2c
networking:
podSubnet: 10.10.0.0/16
serviceSubnet: 10.200.1.0/24
EOT
์ดํ ์คํํฉ๋๋ค.
kind create cluster --config kind-metallb-test.yaml --name myk8s --image kindest/node:v1.31.0
# Install additional tools
docker exec -it myk8s-control-plane sh -c 'apt update && apt install tree psmisc lsof wget bsdmainutils bridge-utils net-tools dnsutils ipset ipvsadm nfacct tcpdump ngrep iputils-ping arping git vim arp-scan -y'
4. ํ ์คํธ Pod ๊ตฌ์ฑ
a. ํ๊ฒฝ ๊ธฐ๋ณธ์ ๋ณด ํ์ธ
# cidr check
โฏ kubectl cluster-info dump | grep -m 2 -E "cluster-cidr|service-cluster-ip-range"
"--service-cluster-ip-range=10.200.1.0/24",
"--cluster-cidr=10.10.0.0/16",
# confirm kube-proxy mode: iptables proxy mode
โฏ kubectl describe configmap -n kube-system kube-proxy | grep mode
mode: iptables
# iptables info
# ์ถ๋ ฅ๊ฐ์ ๋๋ฌด ๊ธธ์ด์ ์๋ต / MetalLB ์ค์น ํ ๋์กฐ์ฉ
for i in filter nat mangle raw ; do echo ">> IPTables Type : $i <<"; docker exec -it myk8s-control-plane iptables -t $i -S ; echo; done
for i in filter nat mangle raw ; do echo ">> IPTables Type : $i <<"; docker exec -it myk8s-worker iptables -t $i -S ; echo; done
for i in filter nat mangle raw ; do echo ">> IPTables Type : $i <<"; docker exec -it myk8s-worker2 iptables -t $i -S ; echo; done
for i in filter nat mangle raw ; do echo ">> IPTables Type : $i <<"; docker exec -it myk8s-worker3 iptables -t $i -S ; echo; done
b. ํ ์คํธ Pod ์์ฑ
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: webpod1
labels:
app: webpod
spec:
nodeName: myk8s-worker
containers:
- name: container
image: traefik/whoami
terminationGracePeriodSeconds: 0
---
apiVersion: v1
kind: Pod
metadata:
name: webpod2
labels:
app: webpod
spec:
nodeName: myk8s-worker2
containers:
- name: container
image: traefik/whoami
terminationGracePeriodSeconds: 0
EOF
# pod/webpod1 created
# pod/webpod2 created
5. MetalLB ์ค์น
BGP๋ชจ๋๋ ์์ ์ ์๋๋ ํด๋ดค์์ง๋ง, ์ฌ๋ฌ๊ฐ์ง ์ด์ ๋ก L2 Layer ๋ฐฉ์์ผ๋ก ์ค์นํฉ๋๋ค.
์ฐธ๊ณ : kube-proxy ์ ipvs ๋ชจ๋ ์ฌ์ฉ ์ ‘strictARP: true’ ์ค์ ํ์
- ๊ทธ๋ฅ Documentation ๋ณด์ธ์
https://metallb.universe.tf/installation/ - ์คํฐ๋ ์๊ฐ์๋ Manifest๋ก ์งํํ์ง๋ง,
์ค๋๋ ์ฒญ๊ฐ๊ตฌ๋ฆฌ๋ Operator๋ก ์ค์นํ ๊ฒ๋๋ค (?_?) - OperatorHub: metallb-operator
- (์ฐธ๊ณ ์ฉ) FRR๋ชจ๋
- BGP์ธ์ ์ BFD์ธ์ ์ผ๋ก ๋ฐฑ์
- BGP Only ๋๋น ๋น ๋ฅด๊ฒ ์ค๋ฅ๋ฅผ ๊ฒ์ฆํ๋ค๊ณ ํฉ๋๋ค.
- BFD?: Docs/Juniper Networks
- Bidirectional Forwarding Detection
a. GitHub, GitHub๋ฅผ ๋ณด์…
์, ์คํผ๋ ์ดํฐํ๋ธ์ ๋ค์ด์๋๋ ๋ญ๊ฐ ๋ญ์ง ๋ชจ๋ฅด๊ฒ ์ต๋๋ค. GitHub๋ก ์ฌ๋น ๋ฅด๊ฒ ๋?๋ง์นฉ๋๋ค.
๋คํํ README๋ ๋ฉ์ฉกํ๋ค์. ์๋ ์๊ฐ๋ณด๋ค ๊ด์ฐฎ์๋ฐ์?
- kind๋ ์๋ ๊ฐ๋ฐ ํ๊ฒฝ์ฉ์ธ์ง๋ผ, e2eํ ์คํธ๊น์ง ์ ๊ณตํ๋ค์.
git clone https://github.com/metallb/metallb-operator.git
cd metallb-operator
make deploy
cat << EOF | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: MetalLB
metadata:
name: metallb
namespace: metallb-system
EOF
make test
make test-e2e
๊ทธ์ Quick Start ๋ฅ๋ํด๋ณด๊ฒ ์ต๋๋ค.
๋ง์ง๋ง ์ปค๋ฐ ๋ฉ์์ง๊ฐ ์๋์ ๊ฐ์๋ฐ…
๋ญ ๊ด์ฐฎ๊ฒ ์ฃ Openshift: instruct the cluster network operator to deploy frrk8s
b. Quick Start
# ์๋ ์ปค๋งจ๋ ์์ฉ
# kubectl apply -f bin/metallb-operator.yaml
# CRD (๋ฐ ์คํผ๋ ์ดํฐ ๋ฐฐํฌ ์ปค๋งจ๋) ๋ค์ด๋ก๋
curl -LO https://raw.githubusercontent.com/metallb/metallb-operator/refs/heads/main/bin/metallb-operator.yaml
# CRD ์ ์ฉ. ํ์ธํด๋ณด๋ ์คํผ๋ ์ดํฐ๋ ํจ๊ป ๋ฐฐํฌํ๋ ๋ชจ์
kubectl apply -f metallb-operator.yaml
์๋์ ์ ์ฌํ๊ฒ ์ถ๋ ฅ๋ฉ๋๋ค.
โฏ curl -LO https://raw.githubusercontent.com/metallb/metallb-operator/refs/heads/main/bin/metallb-operator.yaml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 233k 100 233k 0 0 799k 0 --:--:-- --:--:-- --:--:-- 797k
โฏ kubectl apply -f metallb-operator.yaml
namespace/metallb-system created
customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io created
customresourcedefinition.apiextensions.k8s.io/communities.metallb.io created
customresourcedefinition.apiextensions.k8s.io/frrconfigurations.frrk8s.metallb.io created
customresourcedefinition.apiextensions.k8s.io/frrnodestates.frrk8s.metallb.io created
customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io created
customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io created
customresourcedefinition.apiextensions.k8s.io/metallbs.metallb.io created
customresourcedefinition.apiextensions.k8s.io/servicel2statuses.metallb.io created
serviceaccount/manager-account created
role.rbac.authorization.k8s.io/metallb-manager-role created
clusterrole.rbac.authorization.k8s.io/metallb-manager-role created
rolebinding.rbac.authorization.k8s.io/metallb-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/metallb-manager-rolebinding created
secret/metallb-operator-webhook-server-cert created
secret/metallb-webhook-cert created
service/metallb-operator-webhook-service created
service/metallb-webhook-service created
deployment.apps/metallb-operator-controller-manager created
deployment.apps/metallb-operator-webhook-server created
validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-operator-webhook-configuration created
validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration created
serviceaccount/controller created
serviceaccount/frr-k8s-daemon created
serviceaccount/speaker created
role.rbac.authorization.k8s.io/controller created
role.rbac.authorization.k8s.io/frr-k8s-daemon-role created
role.rbac.authorization.k8s.io/frr-k8s-daemon-scc created
role.rbac.authorization.k8s.io/pod-lister created
role.rbac.authorization.k8s.io/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:kube-rbac-proxy created
clusterrole.rbac.authorization.k8s.io/frr-k8s-daemon-role created
clusterrole.rbac.authorization.k8s.io/frr-k8s-metrics-reader created
clusterrole.rbac.authorization.k8s.io/frr-k8s-proxy-role created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/controller created
rolebinding.rbac.authorization.k8s.io/frr-k8s-daemon-rolebinding created
rolebinding.rbac.authorization.k8s.io/frr-k8s-daemon-scc-binding created
rolebinding.rbac.authorization.k8s.io/pod-lister created
rolebinding.rbac.authorization.k8s.io/speaker created
clusterrolebinding.rbac.authorization.k8s.io/kube-rbac-proxy created
clusterrolebinding.rbac.authorization.k8s.io/frr-k8s-daemon-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/frr-k8s-proxy-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
c. ์คํผ๋ ์ดํฐ ๊ด๋ จ ๋ฆฌ์์ค ํ์ธ
์คํผ๋ ์ดํฐ๊ฐ ์ ๋๋ก ์ ์ฉ๋์๋์ง ์ฒดํฌํด๋ด ์๋ค.
CRD์ FRR๊ด๋ จ ์ ์๋ ๋ค์ด๊ฐ๊ฑฐ ๊ฐ์๋ฐ ์ผ๋จ ๋์ ๊ฐ๊ณ ํด๋ด ์๋ค.
โฏ kubectl get crd | grep metallb
bfdprofiles.metallb.io 2024-10-02T14:18:46Z
bgpadvertisements.metallb.io 2024-10-02T14:18:46Z
bgppeers.metallb.io 2024-10-02T14:18:46Z
communities.metallb.io 2024-10-02T14:18:46Z
frrconfigurations.frrk8s.metallb.io 2024-10-02T14:18:46Z
frrnodestates.frrk8s.metallb.io 2024-10-02T14:18:46Z
ipaddresspools.metallb.io 2024-10-02T14:18:46Z
l2advertisements.metallb.io 2024-10-02T14:18:46Z
metallbs.metallb.io 2024-10-02T14:18:46Z
servicel2statuses.metallb.io 2024-10-02T14:18:46Z
์๋๋ถํฐ๋ ์ดํด์์ด ๋ฌด๋ฐ๊ธฐ๋ก ํ๊ฑฐ๋ผ, ์ํด ๋ถํ๋๋ฆฝ๋๋ค.
NS, POD(deployment,replicaset), SVC, CM, SECRET, EP ๋ค ์ ํ ๋์๋ค์.
โฏ kubectl get all,configmap,secret,ep -n metallb-system
NAME READY STATUS RESTARTS AGE
pod/metallb-operator-controller-manager-5dbc8fd577-bgczj 1/1 Running 0 13m
pod/metallb-operator-webhook-server-77d47cb764-9lcs8 1/1 Running 0 13m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/metallb-operator-webhook-service ClusterIP 10.200.1.159 <none> 443/TCP 13m
service/metallb-webhook-service ClusterIP 10.200.1.149 <none> 443/TCP 13m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/metallb-operator-controller-manager 1/1 1 1 13m
deployment.apps/metallb-operator-webhook-server 1/1 1 1 13m
NAME DESIRED CURRENT READY AGE
replicaset.apps/metallb-operator-controller-manager-5dbc8fd577 1 1 1 13m
replicaset.apps/metallb-operator-webhook-server-77d47cb764 1 1 1 13m
NAME DATA AGE
configmap/kube-root-ca.crt 1 13m
NAME TYPE DATA AGE
secret/metallb-operator-webhook-server-cert Opaque 4 13m
secret/metallb-webhook-cert Opaque 4 13m
NAME ENDPOINTS AGE
endpoints/metallb-operator-webhook-service 10.10.2.2:9443 13m
endpoints/metallb-webhook-service 10.10.3.3:9443 13m
ํ๋ ๋ด์ kube-rbac-proxy ์ปจํ ์ด๋๋ ํ๋ก๋ฉํ ์ฐ์ค ์ต์คํฌํฐ ์ญํ ์ ๊ณตํ๋ค๊ณ ํฉ๋๋ค.
โฏ kubectl get pods -n metallb-system -l app=metallb -o jsonpath="{range .items[*]}{.metadata.name}{':\n'}{range .spec.containers[*]}{' '}{.name}{' -> '}{.image}{'\n'}{end}{end}"
metallb-operator-webhook-server-77d47cb764-9lcs8:
webhook-server -> quay.io/metallb/controller:main
metallb ์ปจํธ๋กค๋ฌ๋ ๋ํ๋ก์ด๋จผํธ๋ก ๋ฐฐํฌ๋๋ค๊ณ ํฉ๋๋ค.
โฏ kubectl get ds,deploy -n metallb-system
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/metallb-operator-controller-manager 1/1 1 1 20m
deployment.apps/metallb-operator-webhook-server 1/1 1 1 20m
์ฌ๊ธฐ์ ์ด์ง ์ธํ๋ค์. ๊ทธ๋ฅ ๋ค ๋ฐ์ด๋ฒ๋ฆฌ๊ณ ์ฒ์๋ถํฐ ๋ค์ ํ ๊น;
speaker pods(speaker-lorem)๊ฐ ๋ณด์ด์ง ์๋๋ฐ, ์ด๊ฑฐ BGP ๊ฐ๊ธฐ๋…
control-plane ์ด๋ worker2๋ ์ด๋๋ก?
โฏ kubectl get pod -n metallb-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
metallb-operator-controller-manager-5dbc8fd577-bgczj 1/1 Running 0 21m 10.10.2.2 myk8s-worker3 <none> <none>
metallb-operator-webhook-server-77d47cb764-9lcs8 1/1 Running 0 21m 10.10.3.3 myk8s-worker <none> <none>
๊ฐ๋ค๋ฌ๊ณ ๋ ์ ์ฐพ์๋ณด๋, OpenShift Docs์์ ์ ์์ด๋ผ๊ณ ํ๋ค์.
์์ง ๋๋๊ฒ ์๋๋ค! ์
์
์ด ๋ ๋์ ๋ฐ๋ก ์๋ฌ๋น๋๋ค.
โฏ kubectl logs -n metallb-system -l app=metallb -f
Defaulted container "speaker" out of: speaker, frr, reloader, frr-metrics, cp-frr-files (init), cp-reloader (init), cp-metrics (init)
Defaulted container "speaker" out of: speaker, frr, reloader, frr-metrics, cp-frr-files (init), cp-reloader (init), cp-metrics (init)
Defaulted container "speaker" out of: speaker, frr, reloader, frr-metrics, cp-frr-files (init), cp-reloader (init), cp-metrics (init)
Defaulted container "speaker" out of: speaker, frr, reloader, frr-metrics, cp-frr-files (init), cp-reloader (init), cp-metrics (init)
error: you are attempting to follow 6 log streams, but maximum allowed concurrency is 5, use --max-log-requests to increase the limit
์์ ๊ฐ์ ๊ฐ๊ณ ์ด์ด๋ด ์๋ค.
d. MetalLB deployment ์์ฑ
GitHub ๋ง์ผ๋ก๋ ๋์ ํ ์ด๊ฒ ๋ญํ๋ ๊ฑด๊ฐ ํ๋๋ฐ, ์คํผ์ปค๋ฅผ ๋ง๋ค์ด์ฃผ๋ ๊ฒ ๊ฐ๋ค์.
โฏ cat << EOF | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: MetalLB
metadata:
name: metallb
namespace: metallb-system
EOF
metallb.metallb.io/metallb created
์ ๋ฐ…! (๋คํธ์ํฌ ์ํ๊ฐ ์ข์ง ์์์ ํซ์คํ…)
โฏ kubectl get pod -n metallb-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
controller-7dd49fb757-rsf9n 0/1 ImagePullBackOff 0 118s 10.10.2.3 myk8s-worker3 <none> <none>
metallb-operator-controller-manager-5dbc8fd577-bgczj 1/1 Running 0 36m 10.10.2.2 myk8s-worker3 <none> <none>
metallb-operator-webhook-server-77d47cb764-9lcs8 1/1 Running 0 36m 10.10.3.3 myk8s-worker <none> <none>
speaker-ndwfb 0/4 Init:0/3 0 118s 172.18.0.3 myk8s-worker3 <none> <none>
speaker-vnjlb 0/4 Init:0/3 0 118s 172.18.0.5 myk8s-worker <none> <none>
speaker-w9946 0/4 Init:0/3 0 118s 172.18.0.2 myk8s-worker2 <none> <none>
speaker-zgf46 0/4 Init:0/3 0 118s 172.18.0.4 myk8s-control-plane <none> <none>
ํด
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m30s default-scheduler Successfully assigned metallb-system/controller-7dd49fb757-rsf9n to myk8s-worker3
Warning Failed 57s kubelet Failed to pull image "quay.io/metallb/controller:main": failed to pull and unpack image "quay.io/metallb/controller:main": failed to copy: read tcp 172.18.0.3:33674->104.18.37.147:443: read: connection reset by peer
Warning Failed 57s kubelet Error: ErrImagePull
Normal BackOff 56s kubelet Back-off pulling image "quay.io/metallb/controller:main"
Warning Failed 56s kubelet Error: ImagePullBackOff
Normal Pulling 45s (x2 over 2m29s) kubelet Pulling image "quay.io/metallb/controller:main"
Normal Pulled 31s kubelet Successfully pulled image "quay.io/metallb/controller:main" in 13.488s (13.488s including waiting). Image size: 29150053 bytes.
Normal Created 31s kubelet Created container controller
Normal Started 31s kubelet Started container controller
์ ๋์๊ฐ๋๋ค.
โฏ kubectl get pod -n metallb-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
controller-7dd49fb757-rsf9n 1/1 Running 0 4m3s 10.10.2.3 myk8s-worker3 <none> <none>
metallb-operator-controller-manager-5dbc8fd577-bgczj 1/1 Running 0 38m 10.10.2.2 myk8s-worker3 <none> <none>
metallb-operator-webhook-server-77d47cb764-9lcs8 1/1 Running 0 38m 10.10.3.3 myk8s-worker <none> <none>
speaker-ndwfb 4/4 Running 0 4m3s 172.18.0.3 myk8s-worker3 <none> <none>
speaker-vnjlb 3/4 Running 0 4m3s 172.18.0.5 myk8s-worker <none> <none>
speaker-w9946 3/4 Running 0 4m3s 172.18.0.2 myk8s-worker2 <none> <none>
speaker-zgf46 4/4 Running 0 4m3s 172.18.0.4 myk8s-control-plane <none> <none>
์์ง ๋๋๊ฒ ์๋๋ค! ์
์
์ด ๋ ๋์ ๋ฐ๋ก ์๋ฌ๋น๋๋ค.
๋ผ๊ธฐ ๋ณด๋ค๋ concurrency ์๋ฌ์๊ตฐ์. --max-log-requests 6๋ก ๋๋ฆฌ๊ณ ํ์ธํด๋ณด๋ ์ ๋์ต๋๋ค.
โฏ kubectl logs -n metallb-system -l app=metallb -f
Defaulted container "speaker" out of: speaker, frr, reloader, frr-metrics, cp-frr-files (init), cp-reloader (init), cp-metrics (init)
Defaulted container "speaker" out of: speaker, frr, reloader, frr-metrics, cp-frr-files (init), cp-reloader (init), cp-metrics (init)
Defaulted container "speaker" out of: speaker, frr, reloader, frr-metrics, cp-frr-files (init), cp-reloader (init), cp-metrics (init)
Defaulted container "speaker" out of: speaker, frr, reloader, frr-metrics, cp-frr-files (init), cp-reloader (init), cp-metrics (init)
error: you are attempting to follow 6 log streams, but maximum allowed concurrency is 5, use --max-log-requests to increase the limit
e. MetalLB ConfigMap ์์ฑ
๊ทธ๋ ์ต๋๋ค. ์ด์ kind์์ ์ฌ์ฉํ๋ ๋ธ๋ฆฌ์ง(docker bridge)๋ฅผ ํ์ธํ๊ณ ์ด ๋์ญ์ ์ก์์ค์ผํฉ๋๋ค.
- kind๋ฅผ ์ฌ์ฉํ๋ฉด ๊ธฐ๋ณธ๊ฐ์ผ๋ก
kind๋ผ๋ ์ด๋ฆ์ ๋ธ๋ฆฌ์ง๋ฅผ ์ฌ์ฉํฉ๋๋ค.
docker network ls
# (sol0) kind alias ๋์ Id(SHA256)์ผ๋ก ํ์ธํด๋ ๋ฉ๋๋ค. ๋ค ๊ฐ์ ์กฐํ๋ฐฉ๋ฒ์ผ ๋ฟ.
docker network inspect kind
# (sol1) docker inspect kind
# (sol2) docker inspect <Id>
# (sol3) docker network inspect <Id>
- IP CIDR ์กฐํ
docker ps -q | xargs docker inspect --format '{{.Name}} {{.NetworkSettings.Networks.kind.IPAddress}}'
# ์์ ๊ฒ ์น๊ธฐ ๊ท์ฐฎ์ผ๋ฉด?
# ์ด๊ฑด ๊ฐ Node์ ํ ๋น ๋ IP
# docker inspect e8 | grep IPv4Address
# ์ด๊ฑด ๋ธ๋ฆฌ์ง์ ์ ์๋ IP ๋์ญ
# docker inspect e8 | grep Subnet
๊ทธ๋ ๊ตฐ์
โฏ docker network ls
NETWORK ID NAME DRIVER SCOPE
9a356b80a908 bridge bridge local
d2f5be011872 host host local
e8e5256f1aa7 kind bridge local
439c3626705a none null local
โฏ docker ps -q | xargs docker inspect --format '{{.Name}} {{.NetworkSettings.Networks.kind.IPAddress}}'
/myk8s-worker 172.18.0.2
/myk8s-control-plane 172.18.0.5
/myk8s-worker2 172.18.0.4
/myk8s-worker3 172.18.0.3
โฏ docker inspect e8 | grep Subnet
"Subnet": "172.18.0.0/16",
"Subnet": "fc00:f853:ccd:e793::/64",
โฏ docker inspect e8 | grep IPv4Address
"IPv4Address": "172.18.0.3/16",
"IPv4Address": "172.18.0.4/16",
"IPv4Address": "172.18.0.2/16",
"IPv4Address": "172.18.0.5/16",
์์ CRD๋ฅผ ์กฐํํด๋ณด๋ฉด,
ipaddresspools.metallb.io์
l2advertisements.metallb.io๊ฐ ์์์ต๋๋ค.
์ ์กฐํํ์๋์ง ์๊ฒ …์ฃ ?
์์ฑ ๋ฐฉ๋ฒ ํ์ธ ๋ฐฉ๋ฒ
kubectl explain ipaddresspools.metallb.io
kubectl explain l2advertisements.metallb.io
- MetalLB ConfigMap: (1) IPAddressPool
ํด๋น ์๋ธ๋ท์์ ์ค๋ง ์ด ๋์ญ๊น์ง๋ ์ฐ์ง ์๊ฒ ์ง?๋
๊ฒฝ๊ฑดํ ๋ง์์ผ๋ก MetalLB์ฉ ์๋น์ค IP ๋์ญ์ ์ค์ ํฉ๋๋ค.
cat << EOF > metallb-ipaddresspool.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: kkumtree-ippool
namespace: metallb-system
spec:
addresses:
- 172.18.255.200-172.18.255.254
EOF
kubectl apply -f metallb-ipaddresspool.yaml
- MetalLB ConfigMap: (2) L2Advertisement
์์์ ์ค์ ํ IPPool์ Layer2 Advertisement์ ๋ฑ๋กํฉ๋๋ค.
cat << EOF > metallb-l2advertisement.yaml
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: kkumtree-l2adv
namespace: metallb-system
spec:
ipAddressPools:
- kkumtree-ippool
EOF
kubectl apply -f metallb-l2advertisement.yaml
๊ทธ๋ ๊ตฐ์
โฏ kubectl get ipaddresspools,l2advertisements -n metallb-system
NAME AUTO ASSIGN AVOID BUGGY IPS ADDRESSES
ipaddresspool.metallb.io/kkumtree-ippool true false ["172.18.255.200-172.18.255.254"]
NAME IPADDRESSPOOLS IPADDRESSPOOL SELECTORS INTERFACES
l2advertisement.metallb.io/kkumtree-l2adv ["kkumtree-ippool"]
6. ํ ์คํธ ์๋น์ค ์์ฑ
MetalLB์ ๋ํ ์ค๋น๊ฐ ๋๋ฌ์ผ๋, LB๋ฅผ ์ฌ์ฉํ๋ ์๋น์ค์ ํ๋๋ฅผ ์์ฑํด๋ด ์๋ค.
cat <<EOF> metallb-test-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: svc1
spec:
ports:
- name: svc1-webport
port: 80
targetPort: 80
selector:
app: webpod
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: svc2
spec:
ports:
- name: svc2-webport
port: 80
targetPort: 80
selector:
app: webpod
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: svc3
spec:
ports:
- name: svc3-webport
port: 80
targetPort: 80
selector:
app: webpod
type: LoadBalancer
EOF
kubectl apply -f metallb-test-svc.yaml
- ์์ฑ ์ดํ ์๋ก์ด ํฐ๋ฏธ๋์์ ARP ์ค์บ์ ์ผ๋ก๋๋ค.
โฏ docker exec -it myk8s-control-plane arp-scan --interfac=eth0 --localnet
Interface: eth0, type: EN10MB, MAC: 02:42:ac:12:00:05, IPv4: 172.18.0.5
Starting arp-scan 1.10.0 with 65536 hosts (https://github.com/royhills/arp-scan)
172.18.0.1 02:42:01:57:ec:6f (Unknown: locally administered)
172.18.0.2 02:42:ac:12:00:02 (Unknown: locally administered)
172.18.0.3 02:42:ac:12:00:03 (Unknown: locally administered)
172.18.0.4 02:42:ac:12:00:04 (Unknown: locally administered)
- LoadBalancer ํ์
์ ์๋น์ค๊ฐ NodePort์ ClusterIP๋ฅผ ํฌํจํ๋ ๊ฒ์ ํ์ธํ ์ ์์ต๋๋ค.
- (default)
allocateLoadBalancerNodePorts : true
- (default)
โฏ kubectl get svc,ep
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.1.1 <none> 443/TCP 2d20h
service/svc1 LoadBalancer 10.200.1.66 172.18.255.200 80:31865/TCP 2m42s
service/svc2 LoadBalancer 10.200.1.133 172.18.255.201 80:30199/TCP 2m42s
service/svc3 LoadBalancer 10.200.1.175 172.18.255.202 80:30462/TCP 2m42s
NAME ENDPOINTS AGE
endpoints/kubernetes 172.18.0.5:6443 2d20h
endpoints/svc1 10.10.1.2:80,10.10.3.2:80 2m42s
endpoints/svc2 10.10.1.2:80,10.10.3.2:80 2m42s
endpoints/svc3 10.10.1.2:80,10.10.3.2:80 2m42s
- ๊ทธ ์ฌ์ด์ ARP ์ค์บ ์ค์ธ ํฐ๋ฏธ๋์์๋ ์ด๋ ๊ฒ ๋ฐ๋์ด์๋ค์
โฏ docker exec -it myk8s-control-plane arp-scan --interfac=eth0 --localnet
Interface: eth0, type: EN10MB, MAC: 02:42:ac:12:00:05, IPv4: 172.18.0.5
Starting arp-scan 1.10.0 with 65536 hosts (https://github.com/royhills/arp-scan)
172.18.0.1 02:42:01:57:ec:6f (Unknown: locally administered)
172.18.0.2 02:42:ac:12:00:02 (Unknown: locally administered)
172.18.0.3 02:42:ac:12:00:03 (Unknown: locally administered)
172.18.0.4 02:42:ac:12:00:04 (Unknown: locally administered)
172.18.0.1 02:42:01:57:ec:6f (Unknown: locally administered) (DUP: 2)
172.18.0.2 02:42:ac:12:00:02 (Unknown: locally administered) (DUP: 2)
172.18.0.3 02:42:ac:12:00:03 (Unknown: locally administered) (DUP: 2)
172.18.0.4 02:42:ac:12:00:04 (Unknown: locally administered) (DUP: 2)
172.18.0.1 02:42:01:57:ec:6f (Unknown: locally administered) (DUP: 3)
172.18.255.200 02:42:ac:12:00:02 (Unknown: locally administered)
172.18.255.201 02:42:ac:12:00:02 (Unknown: locally administered)
172.18.255.202 02:42:ac:12:00:03 (Unknown: locally administered)
172.18.0.1 02:42:01:57:ec:6f (Unknown: locally administered) (DUP: 4)
172.18.0.1 02:42:01:57:ec:6f (Unknown: locally administered) (DUP: 5)
14 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 65536 hosts scanned in 263.158 seconds (249.04 hosts/sec). 7 responded
- ๊ทธ๋ผ ์ด๋ค ๋ ธ๋์์ Leader ์ญํ ์ ํ๋์ง ์ดํด๋ณด๊ฒ ์ต๋๋ค.
โฏ kubectl describe svc | grep Events: -A5
Events: <none>
Name: svc1
Namespace: default
Labels: <none>
--
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal IPAllocated 11m metallb-controller Assigned IP ["172.18.255.200"]
Normal nodeAssigned 11m metallb-speaker announcing from node "myk8s-worker" with protocol "layer2"
--
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal IPAllocated 11m metallb-controller Assigned IP ["172.18.255.201"]
Normal nodeAssigned 11m (x2 over 11m) metallb-speaker announcing from node "myk8s-worker" with protocol "layer2"
--
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal IPAllocated 11m metallb-controller Assigned IP ["172.18.255.202"]
Normal nodeAssigned 11m metallb-speaker announcing from node "myk8s-worker3" with protocol "layer2"
๋ฌผ๋ก , ์ด์ฏค๋๋ฉด ๋ฐฐํฌ๋ ์๋ฌด ์๋น์ค๋ง ์ก๊ณ ์ฐ์ด๋ณด๋ฉด ๋๊ฒ ์ฃ ?
โฏ kubectl describe svc/svc2 | grep metallb-speaker
Normal nodeAssigned 13m (x2 over 13m) metallb-speaker announcing from node "myk8s-worker" with protocol "layer2"
- ์ด์ ๊ฐ ๋
ธ๋์ ํ๋๋ฅผ ๋ถ์ฌ๋ณด๊ฒ ์ต๋๋ค.
- ์๊ฐํด๋ณด๋ ์๋น์ค ๋ถ์ด๊ธฐ ์ ์ ํ๋๋ฅผ ๋จผ์ ๋ถ์์ด์ผํ๋๋ฐ;
cat <<EOT> 3pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: webpod1
labels:
app: webpod
spec:
nodeName: myk8s-worker
containers:
- name: container
image: traefik/whoami
terminationGracePeriodSeconds: 0
---
apiVersion: v1
kind: Pod
metadata:
name: webpod2
labels:
app: webpod
spec:
nodeName: myk8s-worker2
containers:
- name: container
image: traefik/whoami
terminationGracePeriodSeconds: 0
---
apiVersion: v1
kind: Pod
metadata:
name: webpod3
labels:
app: webpod
spec:
nodeName: myk8s-worker3
containers:
- name: container
image: traefik/whoami
terminationGracePeriodSeconds: 0
EOT
kubectl apply -f 3pod.yaml
- ์ด์จ๊ฑฐ๋ ์ ์จ๊ฑฐ๋, kind ๋
ธ๋์์ ์ ์ํด์ ํ
์คํธ ํ์ง ์์๋
metalLB๋ก ์์ฑ๋ EXTERNAL-IP๋ก๋ ์ ์ ์๋๋ ๊ฒ์ ํ์ธํ์ต๋๋ค.
โฏ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.200.1.1 <none> 443/TCP 3d3h
svc1 LoadBalancer 10.200.1.66 172.18.255.200 80:31865/TCP 6h52m
svc2 LoadBalancer 10.200.1.133 172.18.255.201 80:30199/TCP 6h52m
svc3 LoadBalancer 10.200.1.175 172.18.255.202 80:30462/TCP 6h52m
โฏ curl -s 172.18.255.200
Hostname: webpod2
IP: 127.0.0.1
IP: ::1
IP: 10.10.1.2
IP: fe80::b862:52ff:fed1:7cbb
RemoteAddr: 172.18.0.2:3343
GET / HTTP/1.1
Host: 172.18.255.200
User-Agent: curl/8.5.0
Accept: */*
โฏ curl -s 172.18.255.201
Hostname: webpod1
IP: 127.0.0.1
IP: ::1
IP: 10.10.3.2
IP: fe80::d0fa:f1ff:fe03:49bf
RemoteAddr: 10.10.3.1:20630
GET / HTTP/1.1
Host: 172.18.255.201
User-Agent: curl/8.5.0
Accept: */*
โฏ curl -s 172.18.255.202
Hostname: webpod2
IP: 127.0.0.1
IP: ::1
IP: 10.10.1.2
IP: fe80::b862:52ff:fed1:7cbb
RemoteAddr: 172.18.0.3:6166
GET / HTTP/1.1
Host: 172.18.255.202
User-Agent: curl/8.5.0
Accept: */*
7. ๋ฑ๋ค๋ฆฌ
a. docker bridge network default cidr?
… ๊ฐ๋ง ์๊ฐํด๋ณด๋, 172.18.0.0 ๋์ญ์ yaml์ ์ง์ ๋ ์ํ๋๋ฐ ๊ทธ๋์ Docker ๋ฌธ์์์ ๋์ ์ ์ ๋๋ค?๋ฅผ 2์ฃผ ์ ๋ถํฐ ์๊ฐํ์๋๋ฐ์
serverfault/916941์ ๋ณด๊ณ ๊ธฐ์ต๋ฌ์ต๋๋ค.
๋์ปค ๋คํธ์ํฌ ๋ธ๋ฆฟ์ง ์ค์ ๊ฐ์ ๋ณด๋ฉด ๋๋ ๊ฒ … ๋ถ๋ช
์ด๊ฑฐ ๋๋ถ์ ์ฝ์ง์ ์ข ํ๋๊ฑฐ๋ก ์๋๋ฐ ์ ์ ์ด๋๋ ๋๋ฅต.
๋์ปค๊ฐ ์ด๋ ๊ฒ๋ ์?ํํฉ๋๋ค.
โฏ docker -v
Docker version 24.0.7, build 24.0.7-0ubuntu4.1
โฏ sudo docker network ls
NETWORK ID NAME DRIVER SCOPE
a90c02431872 bridge bridge local
d2f5be011872 host host local
439c3626705a none null local
โฏ sudo docker network inspect bridge
[
{
"Name": "bridge",
"Id": "a90c02431872f243e6c3918d0ca4f8875fb070ae0ad1a504891b74485634de14",
"Created": "2024-10-02T08:22:04.247414071+09:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
b. docker ๊ถํ ์ ํ์ด๋๋ฉด, kind ์๋ฌ ํฐ์ง๋ ๊ทธ๊ฑฐ
์, ๊ทธ ๋ปํ ๊ทธ๊ฑฐ์์. ์ด ๊ธฐ๊ธฐ์์๋ ์ธํ ์ ์ํด๋๋ค์.
ERROR: failed to create cluster: failed to list nodes: command "docker ps -a --filter label=io.x-k8s.kind.cluster=myk8s --format '{{.Names}}'" failed with error: exit status 1
Command Output: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22io.x-k8s.kind.cluster%3Dmyk8s%22%3Atrue%7D%7D": dial unix /var/run/docker.sock: connect: permission denied
์ด๋ ๊ฒ ํ๋ฉด ๋ฉ๋๋ค. ์ฐธ ์ฝ์ฃ ?
# https://snapcraft.io/docker refer and apply
sudo addgroup --system docker
sudo adduser $USER docker
newgrp docker
sudo service docker restart
โฏ sudo addgroup --system docker
info: The group `docker' already exists as a system group. Exiting.
โฏ sudo adduser $USER docker
info: Adding user `kkumtree' to group `docker' ...
โฏ newgrp docker
โฏ sudo service docker restart
c. MetalLB ์ค์น ํ Controller ๋ฐ Speaker ํ์ธ
๋ค๋ฅธ ๋ฐฉ๋ฒ๋ ์์ต๋๋ค.
โฏ kubectl get deployment -n metallb-system controller
NAME READY UP-TO-DATE AVAILABLE AGE
controller 1/1 1 1 2d17h
โฏ kubectl get daemonset -n metallb-system speaker
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
speaker 4 4 4 4 4 kubernetes.io/os=linux 2d17h
d. Log cuncurrency ์๋ฌ
โฏ kubectl logs -n metallb-system -l app=metallb -f
error: you are attempting to follow 6 log streams, but maximum allowed concurrency is 5, use --max-log-requests to increase the limit
๊ทธ๋ฌ๋ฉด ํ๋ผ๋ ๋๋ก ํด์ผ์ฃ
โฏ kubectl logs -n metallb-system -l app=metallb -f --max-log-requests 6
# (์ค๋ต) ๋ก๊ทธ๋ ์ ๋์ต๋๋ค.
failed to create fsnotify watcher: too many open files
??? ๊ทธ๊ฒ ์ฐธ ๊น์น ํ ์น๊ตฌ๋ค์. … ์ fd ๋ฌธ์ ์ธ๊ฑฐ ๊ฐ์๋ฐ์?
# 1024์ธ๋ฐ ๋ถ์กฑํ๋ค๊ณ ?
# ์ ๋ค๋ฅธ๊ฑฐ๋ ์ผ๊ณ ํ๊ณ ์์๊ตฌ๋
โฏ ulimit -n
1024
/etc/security/limits.conf ๋ฅผ ์์ ํด์ ์๋์ฒ๋ผ ๊ฐ ๋ฃ๊ณ ํ์ฑํ ํ ์๋ ์๋๋ฐ, ์ ๋
ธํธ๋ถ์ ๊ฑด๋๋ฆฌ๋ ค๋ ์ข ๊ป๋ฆ์นํ๊ตฐ์.
์์ ํ ๊ธฐ๋ณธ๊ฐ ์ฐ๊ฒ ์ต๋๋ค(?).
#<domain> <type> <item> <value>
* soft nofile 10000
* hard nofile 30000
Reference
๋ค ๋๋๊ฐ ์ฏค์ ๋ฐ๊ฒฌํ ๊ฑด๋ฐ, RedHat OpenShift Docs์ ์ธ์ ์น์ ํ๊ฒ ์ฐ์ฌ์์์ต๋๋ค…
kkumtree
Source code on GitHub
ยฉ 2025 kkumtree and contributors All rights reserved.
Licensed under
CC BY-NC-ND 4.0
