Kubeadm deep dive
Kubeadm 소개
kubeadm init
초기 Kubernetes 컨트롤 플레인 노드를 부트스트랩(초기 구성)하는 명령이다.
kubeadm join
Kubernetes 워커 노드 또는 추가 컨트롤 플레인 노드를 부트스트랩하여
기존 Kubernetes 클러스터에 참여시키는 명령이다.
kubeadm upgrade
Kubernetes 클러스터를 더 최신 버전으로 업그레이드하는 명령이다.
kubeadm reset
이 호스트에서
kubeadm init또는kubeadm join실행으로 인해 적용된모든 변경 사항을 되돌리는(초기화하는) 명령이다.
Kubeadm 실습 준비 ( Vagrantfile)
PS C:\Users\bom\Desktop\스터디\week3> vagrant up Bringing machine 'k8s-ctr' up with 'virtualbox' provider... Bringing machine 'k8s-w1' up with 'virtualbox' provider... Bringing machine 'k8s-w2' up with 'virtualbox' provider... ==> k8s-ctr: Box 'bento/rockylinux-10.0' could not be found. Attempting to find and install... k8s-ctr: Box Provider: virtualbox k8s-ctr: Box Version: 202510.26.0 #########중략############# k8s-w2: Inserting generated public key within guest... k8s-w2: Removing insecure key from the guest if it's present... k8s-w2: Key inserted! Disconnecting and reconnecting using new SSH key... ==> k8s-w2: Machine booted and ready! ==> k8s-w2: Checking for guest additions in VM... ==> k8s-w2: Setting hostname... ==> k8s-w2: Configuring and enabling network interfaces...
공통사전설정
기본정보확인
PS C:\Users\bom\Desktop\스터디\week3> vagrant ssh k8s-ctr This system is built by the Bento project by Chef Software More information can be found at https://github.com/chef/bento Use of this system is acceptance of the OS vendor EULA and License Agreements. vagrant@k8s-ctr:~$ vagrant@k8s-ctr:~$ whoami vagrant vagrant@k8s-ctr:~$ id uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 vagrant@k8s-ctr:~$ pwd /home/vagrant vagrant@k8s-ctr:~$ rpm -aq | grep release rocky-release-10.0-1.6.el10.noarchTime NTP 설정 : 인증서만료시간 , 로그 타임스탬프 등 모든 노드에 동기화된 시간이 필요 하다.
root@k8s-ctr:~# timedatectl status Local time: Wed 2026-01-21 14:11:22 UTC Universal time: Wed 2026-01-21 14:11:22 UTC RTC time: Wed 2026-01-21 14:11:21 Time zone: UTC (UTC, +0000) System clock synchronized: yes NTP service: active RTC in local TZ: yes root@k8s-ctr:~# timedatectl set-timezone Asia/Seoul root@k8s-ctr:~# date Wed Jan 21 11:11:44 PM KST 2026 root@k8s-ctr:~# chronyc sources -v .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, '+' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* time.ravnus.com 2 6 377 34 +85us[ +280us] +/- 2917us ^+ ec2-3-39-176-65.ap-north> 2 6 377 36 +383us[ +576us] +/- 5118us ^- 121.174.142.82 3 6 377 34 +1248us[+1248us] +/- 32ms ^- ipv4.ntp3.rbauman.com 2 6 377 56 +1540us[+1726us] +/- 18msSelinux, firewalld 종료
root@k8s-ctr:~# getenforce Enforcing root@k8s-ctr:~# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 root@k8s-ctr:~# sestatus ^C root@k8s-ctr:~# setenforce 0 root@k8s-ctr:~# sealert ^C root@k8s-ctr:~# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 root@k8s-ctr:~# cat /etc/selinux/config | grep ^SELINUX SELINUX=enforcing SELINUXTYPE=targeted root@k8s-ctr:~# sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config cat /etc/selinux/config | grep ^SELINUX SELINUX=permissive SELINUXTYPE=targeted root@k8s-ctr:~# systemctl status firewalld ○ firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) Jan 21 23:02:55 localhost systemd[1]: Starting firewalld.service - firewalld - dynamic firewall daemon... Jan 21 23:02:56 localhost systemd[1]: Started firewalld.service - firewalld - dynamic firewall daemon. Jan 21 23:14:39 k8s-ctr systemd[1]: Stopping firewalld.service - firewalld - dynamic firewall daemon... Jan 21 23:14:39 k8s-ctr systemd[1]: firewalld.service: Deactivated successfully. Jan 21 23:14:39 k8s-ctr systemd[1]: Stopped firewalld.service - firewalld - dynamic firewall daemon. Jan 21 23:14:39 k8s-ctr systemd[1]: firewalld.service: Consumed 799ms CPU time, 69.6M memory peak.Swap비활성화
root@k8s-ctr:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 64G 0 disk ├─sda1 8:1 0 1M 0 part ├─sda2 8:2 0 3G 0 part [SWAP] └─sda3 8:3 0 61G 0 part / root@k8s-ctr:~# swapoff -a root@k8s-ctr:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 64G 0 disk ├─sda1 8:1 0 1M 0 part ├─sda2 8:2 0 3G 0 part └─sda3 8:3 0 61G 0 part /커널 모듈 및 커널 파라미터 설정
root@k8s-ctr:~# lsmod | grep -iE 'overlay|br_netfilter' root@k8s-ctr:~# modprobe overlay modprobe br_netfilter root@k8s-ctr:~# lsmod | grep -iE 'overlay|br_netfilter' br_netfilter 36864 0 bridge 417792 1 br_netfilter overlay 245760 0 root@k8s-ctr:~# cat <<EOF | tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 root@k8s-ctr:~# tree /etc/sysctl.d/ /etc/sysctl.d/ ├── 99-sysctl.conf -> ../sysctl.conf └── k8s.conf 1 directory, 2 files root@k8s-ctr:~# sysctl --system * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ... * Applying /usr/lib/sysctl.d/10-map-count.conf ... * Applying /usr/lib/sysctl.d/50-coredump.conf ... * Applying /usr/lib/sysctl.d/50-default.conf ... * Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ... * Applying /usr/lib/sysctl.d/50-pid-max.conf ... * Applying /usr/lib/sysctl.d/50-redhat.conf ... * Applying /etc/sysctl.d/99-sysctl.conf ... * Applying /etc/sysctl.d/k8s.conf ...hosts 설정
root@k8s-ctr:~# cat /etc/hosts # Loopback entries; do not change. # For historical reasons, localhost precedes localhost.localdomain: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 # See hosts(5) for proper format and other examples: # 192.168.1.10 foo.example.org foo # 192.168.1.13 bar.example.org bar 192.168.10.100 k8s-ctr 192.168.10.101 k8s-w1 192.168.10.102 k8s-w2
공통CRI설정(Contrainerd)
contrainerd(runc)설치 v2.1.5
원활한 실습을 위해 containerd 버젼은 2.1.5버젼으로 진행하도록한다.
root@k8s-ctr:~# dnf repolist repo id repo name appstream Rocky Linux 10 - AppStream baseos Rocky Linux 10 - BaseOS extras Rocky Linux 10 - Extras root@k8s-ctr:~# dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo root@k8s-ctr:~# dnf repolist repo id repo name appstream Rocky Linux 10 - AppStream baseos Rocky Linux 10 - BaseOS docker-ce-stable Docker CE Stable - x86_64 extras Rocky Linux 10 - Extras root@k8s-ctr:~# dnf makecache Docker CE Stable - x86_64 188 kB/s | 16 kB 00:00 Rocky Linux 10 - BaseOS 8.2 MB/s | 7.6 MB 00:00 Rocky Linux 10 - AppStream 3.0 MB/s | 2.1 MB 00:00 Rocky Linux 10 - Extras 11 kB/s | 5.9 kB 00:00 Metadata cache created. root@k8s-ctr:~# dnf list --showduplicates containerd.io Last metadata expiration check: 0:00:15 ago on Wed 21 Jan 2026 11:30:36 PM KST. Available Packages containerd.io.x86_64 1.7.23-3.1.el10 docker-ce-stable containerd.io.x86_64 1.7.24-3.1.el10 docker-ce-stable containerd.io.x86_64 1.7.25-3.1.el10 docker-ce-stable containerd.io.x86_64 1.7.26-3.1.el10 docker-ce-stable containerd.io.x86_64 1.7.27-3.1.el10 docker-ce-stable containerd.io.x86_64 1.7.28-1.el10 docker-ce-stable containerd.io.x86_64 1.7.28-2.el10 docker-ce-stable containerd.io.x86_64 1.7.29-1.el10 docker-ce-stable containerd.io.x86_64 2.1.5-1.el10 docker-ce-stable containerd.io.x86_64 2.2.0-2.el10 docker-ce-stable containerd.io.x86_64 2.2.1-1.el10 root@k8s-ctr:~# dnf install -y containerd.io-2.1.5-1.el10 Last metadata expiration check: 0:00:28 ago on Wed 21 Jan 2026 11:30:36 PM KST. Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: containerd.io x86_64 2.1.5-1.el10 docker-ce-stable 34 M Transaction Summary ======================================================================================================================== Install 1 Package ######################중략################################ root@k8s-ctr:~# which runc && runc --version /usr/bin/runc runc version 1.3.3 commit: v1.3.3-0-gd842d771 spec: 1.2.1 go: go1.24.9 libseccomp: 2.5.3 root@k8s-ctr:~# containerd config default | tee /etc/containerd/config.toml version = 3 root = '/var/lib/containerd' state = '/run/containerd' temp = '' disabled_plugins = [] required_plugins = [] oom_score = 0 imports = [] root@k8s-ctr:~# sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml root@k8s-ctr:~# cat /etc/containerd/config.toml | grep -i systemdcgroup SystemdCgroup = true
root@k8s-ctr:~# systemctl daemon-reload
root@k8s-ctr:~# systemctl enable --now containerd
Created symlink '/etc/systemd/system/multi-user.target.wants/containerd.service' → '/usr/lib/systemd/system/containerd.service'.
root@k8s-ctr:~# systemctl status containerd --no-pager
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; preset: disabled)
Active: active (running) since Wed 2026-01-21 23:33:28 KST; 5s ago
Invocation: ef390d0ab56144b19688127d98415f72
Docs: https://containerd.io
root@k8s-ctr:~# containerd config dump | grep -n containerd.sock
11: address = '/run/containerd/containerd.sock'
root@k8s-ctr:~# ss -xl | grep containerd
u_str LISTEN 0 4096 /run/containerd/containerd.sock.ttrpc 20071 * 0
u_str LISTEN 0 4096 /run/containerd/containerd.sock 20072 * 0
root@k8s-ctr:~# ss -xnp | grep containerd
u_str ESTAB 0 0 * 20977 * 20069 users:(("containerd",pid=5439,fd=2),("containerd",pid=5439,fd=1))
root@k8s-ctr:~# ctr --address /run/containerd/containerd.sock version
Client:
Version: v2.1.5
Revision: fcd43222d6b07379a4be9786bda52438f0dd16a1
Go version: go1.24.9
Server:
Version: v2.1.5
Revision: fcd43222d6b07379a4be9786bda52438f0dd16a1
UUID: c0182a7f-b72c-4269-ba99-f2cf345cdfdc
```공통 kubeadm,kublet kubectl 설치 v1.32.11
kubeadm,kublet kubectl
root@k8s-ctr:~# cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/ enabled=1 gpgcheck=1 gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni EOF [kubernetes] name=Kubernetes baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/ enabled=1 gpgcheck=1 gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni root@k8s-ctr:~# dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes Last metadata expiration check: 0:00:05 ago on Wed 21 Jan 2026 11:44:29 PM KST. Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: kubeadm x86_64 1.32.11-150500.1.1 kubernetes 12 M kubectl x86_64 1.32.11-150500.1.1 kubernetes 11 M kubelet x86_64 1.32.11-150500.1.1 kubernetes 15 M Installing dependencies: cri-tools x86_64 1.32.0-150500.1.1 kubernetes 7.1 M kubernetes-cni x86_64 1.6.0-150500.1.1 kubernetes 8.0 M Transaction Summary ======================================================================================================================== Install 5 Packages ################중략########################### root@k8s-ctr:~# systemctl enable --now kubelet Created symlink '/etc/systemd/system/multi-user.target.wants/kubelet.service' → '/usr/lib/systemd/system/kubelet.service'. root@k8s-ctr:~# systemctl status kubelet ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; preset: disabled) Drop-In: /usr/lib/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: activating (auto-restart) (Result: exit-code) since Wed 2026-01-21 23:45:05 KST; 4s ago Invocation: 9290c9551a364306bdd2d324aca03c40 Docs: https://kubernetes.io/docs/ Process: 5703 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBEL> Main PID: 5703 (code=exited, status=1/FAILURE) Mem peak: 11.7M CPU: 79ms root@k8s-ctr:~# crictl info | jq { "cniconfig": { "Networks": [ { "Config": { "CNIVersion": "0.3.1", "Name": "cni-loopback", "Plugins": [ { "Network": { "ipam": {}, "type": "loopback" }, "Source": "{\"type\":\"loopback\"}" } ], "Source": "{\n\"cniVersion\": \"0.3.1\",\n\"name\": \"cni-loopback\",\n\"plugins\": [{\n \"type\": \"loopback\"\n}]\n}" ##############중략############################ root@k8s-ctr:~# systemctl is-active kubelet activating root@k8s-ctr:~# systemctl status kubelet --no-pager ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; preset: disabled) Drop-In: /usr/lib/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: activating (auto-restart) (Result: exit-code) since Wed 2026-01-21 23:46:17 KST; 3s ago Invocation: 7ad519af585240e48db775d8ae3a190d Docs: https://kubernetes.io/docs/ Process: 5778 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=1/FAILURE) Main PID: 5778 (code=exited, status=1/FAILURE) Mem peak: 13.4M CPU: 77ms root@k8s-ctr:~# journalctl -u kubelet --no-pager Jan 21 23:45:05 k8s-ctr systemd[1]: Started kubelet.service - kubelet: The Kubernetes Node Agent. Jan 21 23:45:05 k8s-ctr (kubelet)[5703]: kubelet.service: Referenced but unset environment variable evaluates to an empty string: KUBELET_KUBEADM_ARGS Jan 21 23:45:05 k8s-ctr kubelet[5703]: E0121 23:45:05.839407 5703 run.go:72] "command failed" err="failed to load kubelet config file, path: /var/lib/kubelet/config.yaml, error: failed to load Kubelet config file /var/lib/kubelet/config.yaml, error failed to read kubelet config file \"/var/lib/kubelet/config.yaml\", error: open /var/lib/kubelet/config.yaml: no such file or directory" root@k8s-ctr:~# ls -l /run/containerd/containerd.sock srw-rw----. 1 root root 0 Jan 21 23:33 /run/containerd/containerd.sock root@k8s-ctr:~# ss -xl | grep containerd u_str LISTEN 0 4096 /run/containerd/containerd.sock.ttrpc 20071 * 0 u_str LISTEN 0 4096 /run/containerd/containerd.sock 20072 * 0 root@k8s-ctr:~# ss -xnp | grep containerd u_str ESTAB 0 0 * 20977 * 20069 users:(("containerd",pid=5439,fd=2),("containerd",pid=5439,fd=1))
kubeadm으로 k8s 클러스터 구성 편의성설치 (중요)
kubeadm init 수행
사전 검사 수행: CRI 연결, root 권한, kubelet 최소 버전 충족 여부 확인
보안 구성 생성: Control Plane 통신을 위한 인증서와 키를
/etc/kubernetes/pki에 생성kubeconfig 생성: kubelet, controller-manager, scheduler, admin용 설정 파일 생성
Control Plane 구성요소 배포: kube-apiserver, controller-manager, scheduler, etcd를 Static Pod로 생성
kubelet 기동 및 대기: kubelet을 시작하고 API Server가 정상 상태가 될 때까지 대기
클러스터 설정 저장: kubeadm ClusterConfiguration을
kubeadm-configConfigMap에 저장Control Plane 노드 지정: control-plane 라벨 부여 및 NoSchedule taint 적용
부트스트랩 설정: bootstrap 토큰 생성 및 노드 조인을 위한 TLS/RBAC/cluster-info 구성
필수 애드온 설치: kube-proxy(DaemonSet)와 CoreDNS 설치
```bash
root@k8s-ctr:~# cat kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta4
kind: InitConfiguration
bootstrapTokens:token: "123456.1234567890123456"
ttl: "0s"
usages:- signing
- authentication
nodeRegistration:
kubeletExtraArgs:- name: node-ip
value: "192.168.10.100" # 미설정 시 10.0.2.15 맵핑
criSocket: "unix:///run/containerd/containerd.sock"
localAPIEndpoint:
advertiseAddress: "192.168.10.100"
- name: node-ip
apiVersion: kubeadm.k8s.io/v1beta4
kind: ClusterConfiguration
kubernetesVersion: "1.32.11"
networking:podSubnet: "10.244.0.0/16" serviceSubnet: "10.96.0.0/16"root@k8s-ctr:~# kubeadm init --config="kubeadm-init.yaml"
[init] Using Kubernetes version: v1.32.11
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action beforehand using 'kubeadm config images pull'
W0121 23:56:45.057914 6337 checks.go:843] detected that the sandbox image "" of the container runtime is inconsistent with that used by kubeadm.It is recommended to use "registry.k8s.io/pause:3.10" as the CRI sandbox image.root@k8s-ctr:
# mkdir -p /root/.kube# cp -i /etc/kubernetes/admin.conf /root/.kube/config
root@k8s-ctr:
root@k8s-ctr:# chown $(id -u):$(id -g) /root/.kube/config# kubectl cluster-info
root@k8s-ctr:
Kubernetes control plane is running at https://192.168.10.100:6443
CoreDNS is running at https://192.168.10.100:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxyTo further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
root@k8s-ctr:# kubectl get node -owide# kubectl get pod -n kube-system -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-ctr NotReady control-plane 3m6s v1.32.11 192.168.10.100Rocky Linux 10.0 (Red Quartz) 6.12.0-55.39.1.el10_0.x86_64 containerd://2.1.5
root@k8s-ctr:
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-668d6bf9bc-n2xwv 0/1 Pending 0 3m3s
coredns-668d6bf9bc-xsk2k 0/1 Pending 0 3m3s
etcd-k8s-ctr 1/1 Running 0 3m9s 192.168.10.100 k8s-ctr
kube-apiserver-k8s-ctr 1/1 Running 0 3m9s 192.168.10.100 k8s-ctr
kube-controller-manager-k8s-ctr 1/1 Running 0 3m9s 192.168.10.100 k8s-ctr
kube-proxy-9dpcs 1/1 Running 0 3m3s 192.168.10.100 k8s-ctr
kube-scheduler-k8s-ctr 1/1 Running 0 3m9s 192.168.10.100 k8s-ctrroot@k8s-ctr:
# kubectl -n kube-public get configmap cluster-info# kubectl -n kube-public get configmap cluster-info -o yaml
NAME DATA AGE
cluster-info 2 3m58s
root@k8s-ctr:
apiVersion: v1
data:jws-kubeconfig-123456: eyJhbGciOiJIUzI1NiIsImtpZCI6IjEyMzQ1NiJ9..h64eqq42z6muTTM3tEU5EEZaBcK8--j1gmg7rtEXyo0 kubeconfig: | apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJQkRmelpiZXFoRDR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TmpBeE1qRXhORFV4TkRSYUZ3MHpOakF4TVRreE5EVTJORFJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURHUFR2QnhTcFpKaDJncGdqeXpzZWhxZTR0VnhRend5Q0VVNXVSbzJ1ZlI5N21GeUpLa2VaRjVnYU0Kd0dsSlFZT2JUb0Z2cWNaZk5ZTzZ4SWlTUHdsTEJlYzFCa3Z3d2FQWDhaV1BSVjJHVGRpODc1U2Q2azA5bjVtNgpHOUgrdFVvbU1xY0d3dlU2RWhrYUxqTHVta3pXb1FXT2F3YjB6Q01NTkpjT2MwQkFScGVKTUxXYUI3RzNjYUJhCnh3d3pBS25GMUtNdlVqb2w4aEpaSUM4bGVMWDNzNnpuSUpRSDREVC9DcUZEYnEyM1BqWlFqaENGTkQxeUdtSTgKMVcyYUttTFJJWUVPYzUrYXV6NlByZUZ3TjVCU1JWNllIY1phMzJlSXE0S1k1TGkxdXAxdURReWtjWGFUN1Bvbwp0azY1OFpvWG5rRUdFL3M3NXo2ZGY2cjRiVVJuQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSb2FrV25YSHBwU0lwL05JMFE4eTJFOEJDQlpUQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ3p1ZFhjcU5FcApjSVI1YnJ0ajk1YUhCb0RtZ0NNUjYyaGlrMWdqVUtPaTR2L2tJaWVhUjRmN3hWSGhLNi8wK1M1eXpXVDA4WTVYClluenNuTllrbXQyc2lGWTlKMFFjL1U3cVlKemhleXlsdjZuMzBWMUVDN0pHMkF3WmFUekFyMUVVUEI5TmFGOGIKTFB1c1lSbWR5dnJUMjJzTUFadlZFd0dWZTgrYVFmcWNMZ1pmcW14dHh2WFhiTnRoOFozSWs2Qk9LYVBhQWFZKwpkSHltSDJLTWEvajhobEo5VG9sZFcvQURLY083Y1ZWU0NjcUY1SUFRNldLQTNwRVMzSENnTk5aa3MyUEN2R1NLCnQvelJBd2xUV0JxUWwvSmEraCtzZDQvdW1qR2JUcTZnaEx2V0tnQ09naU9kLzRZbUhFWkVqMWJuSzlmVE9EVGwKclNGSytHckVFUXZhCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://192.168.10.100:6443 name: "" contexts: null current-context: "" kind: Config preferences: {} users: nullkind: ConfigMap
metadata:creationTimestamp: "2026-01-21T14:57:19Z" name: cluster-info namespace: kube-public resourceVersion: "326" uid: 4f8df4c9-5dc4-4734-b1b7-e5a803feab7f
- 작업 편의성 설정
```bash
root@k8s-ctr:~# alias k=kubectl
root@k8s-ctr:~# complete -o default -F __start_kubectl k
root@k8s-ctr:~# echo 'alias k=kubectl' >> /etc/profile
root@k8s-ctr:~# echo 'complete -o default -F __start_kubectl k' >> /etc/profile
root@k8s-ctr:~# k get node
NAME STATUS ROLES AGE VERSION
k8s-ctr NotReady control-plane 6m26s v1.32.11
root@k8s-ctr:~# dnf install -y 'dnf-command(config-manager)'
Last metadata expiration check: 0:19:06 ago on Wed 21 Jan 2026 11:44:43 PM KST.
Package dnf-plugins-core-4.7.0-8.el10.noarch is already installed.
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Upgrading:
dnf-plugins-core noarch 4.7.0-9.el10 baseos 43 k
python3-dnf-plugins-core noarch 4.7.0-9.el10 baseos 315 k
yum-utils noarch 4.7.0-9.el10 baseos 34 k
Transaction Summary
========================================================================================================================
Upgrade 3 Packages
Total download size: 392 k
Downloading Packages:
(1/3): dnf-plugins-core-4.7.0-9.el10.noarch.rpm 1.2 MB/s | 43 kB 00:00
(2/3): yum-utils-4.7.0-9.el10.noarch.rpm 869 kB/s | 34 kB 00:00
(3/3): python3-dnf-plugins-core-4.7.0-9.el10.noarch.rpm 6.0 MB/s | 315 kB 00:00
------------------------------------------------------------------------------------------------------------------------
Total 729 kB/s | 392 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : python3-dnf-plugins-core-4.7.0-9.el10.noarch 1/6
Upgrading : dnf-plugins-core-4.7.0-9.el10.noarch 2/6
Upgrading : yum-utils-4.7.0-9.el10.noarch 3/6
Cleanup : yum-utils-4.7.0-8.el10.noarch 4/6
Cleanup : dnf-plugins-core-4.7.0-8.el10.noarch 5/6
Cleanup : python3-dnf-plugins-core-4.7.0-8.el10.noarch 6/6
Running scriptlet: python3-dnf-plugins-core-4.7.0-8.el10.noarch 6/6
Upgraded:
dnf-plugins-core-4.7.0-9.el10.noarch python3-dnf-plugins-core-4.7.0-9.el10.noarch yum-utils-4.7.0-9.el10.noarch
Complete!
root@k8s-ctr:~# dnf config-manager --add-repo https://kubecolor.github.io/packages/rpm/kubecolor.repo
Adding repo from: https://kubecolor.github.io/packages/rpm/kubecolor.repo
root@k8s-ctr:~# dnf repolist
repo id repo name
appstream Rocky Linux 10 - AppStream
baseos Rocky Linux 10 - BaseOS
docker-ce-stable Docker CE Stable - x86_64
extras Rocky Linux 10 - Extras
kubecolor packages for kubecolor
kubernetes Kubernetes
root@k8s-ctr:~# dnf install -y kubecolor
packages for kubecolor 18 kB/s | 949 B 00:00
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Installing:
kubecolor x86_64 0.5.3-1 kubecolor 2.6 M
Transaction Summary
========================================================================================================================
Install 1 Package
Total download size: 2.6 M
Installed size: 5.9 M
Downloading Packages:
kubecolor_0.5.3_linux_amd64.rpm 8.2 MB/s | 2.6 MB 00:00
------------------------------------------------------------------------------------------------------------------------
Total 8.1 MB/s | 2.6 MB 00:00
##########중략#######
root@k8s-ctr:~# kubecolor get node
NAME STATUS ROLES AGE VERSION
k8s-ctr NotReady control-plane 6m44s v1.32.11
root@k8s-ctr:~# alias kc=kubecolor
root@k8s-ctr:~# echo 'alias kc=kubecolor' >> /etc/profile
root@k8s-ctr:~# kc get node
NAME STATUS ROLES AGE VERSION
k8s-ctr NotReady control-plane 6m52s v1.32.11
root@k8s-ctr:~# kc describe node
Name: k8s-ctr
Roles: control-plane
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
kubernetes.io/hostname=k8s-ctr
kubernetes.io/os=linux
node-role.kubernetes.io/control-plane=
node.kubernetes.io/exclude-from-external-load-balancers=
Annotations: kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/containerd.sock
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Wed, 21 Jan 2026 23:57:17 +0900
Taints: node-role.kubernetes.io/control-plane:NoSchedule
node.kubernetes.io/not-ready:NoSchedule
Unschedulable: false
Lease:
HolderIdentity: k8s-ctr
AcquireTime: <unset>
RenewTime: Thu, 22 Jan 2026 00:04:11 +0900
Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
---- ------ ----------------- ------------------ ------ -------
MemoryPressure False Thu, 22 Jan 2026 00:02:29 +0900 Wed, 21 Jan 2026 23:57:15 +0900 KubeletHasSufficientMemory kubelet has sufficient memory available
DiskPressure False Thu, 22 Jan 2026 00:02:29 +0900 Wed, 21 Jan 2026 23:57:15 +0900 KubeletHasNoDiskPressure kubelet has no disk pressure
PIDPressure False Thu, 22 Jan 2026 00:02:29 +0900 Wed, 21 Jan 2026 23:57:15 +0900 KubeletHasSufficientPID kubelet has sufficient PID available
Ready False Thu, 22 Jan 2026 00:02:29 +0900 Wed, 21 Jan 2026 23:57:15 +0900 KubeletNotReady container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized
Addresses:
InternalIP: 192.168.10.100
Hostname: k8s-ctr
Capacity:
cpu: 4
ephemeral-storage: 62374Mi
hugepages-2Mi: 0
memory: 3036932Ki
pods: 110
Allocatable:
cpu: 4
ephemeral-storage: 58863491385
hugepages-2Mi: 0
memory: 2934532Ki
pods: 110
System Info:
Machine ID: fc9f882274fc4318b555010115a384ff
System UUID: f29c335e-dc4d-504d-b371-d8d01bebc7f7
Boot ID: eb7b009f-47d6-4f8d-a944-97839286ddce
Kernel Version: 6.12.0-55.39.1.el10_0.x86_64
OS Image: Rocky Linux 10.0 (Red Quartz)
Operating System: linux
Architecture: amd64
Container Runtime Version: containerd://2.1.5
Kubelet Version: v1.32.11
Kube-Proxy Version: v1.32.11
PodCIDR: 10.244.0.0/24
PodCIDRs: 10.244.0.0/24
Non-terminated Pods: (5 in total)
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits Age
--------- ---- ------------ ---------- --------------- ------------- ---
kube-system etcd-k8s-ctr 100m (2%) 0 (0%) 100Mi (3%) 0 (0%) 6m51s
kube-system kube-apiserver-k8s-ctr 250m (6%) 0 (0%) 0 (0%) 0 (0%) 6m51s
kube-system kube-controller-manager-k8s-ctr 200m (5%) 0 (0%) 0 (0%) 0 (0%) 6m51s
kube-system kube-proxy-9dpcs 0 (0%) 0 (0%) 0 (0%) 0 (0%) 6m45s
kube-system kube-scheduler-k8s-ctr 100m (2%) 0 (0%) 0 (0%) 0 (0%) 6m51s
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.)
Resource Requests Limits
-------- -------- ------
cpu 650m (16%) 0 (0%)
memory 100Mi (3%) 0 (0%)
ephemeral-storage 0 (0%) 0 (0%)
hugepages-2Mi 0 (0%) 0 (0%)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Starting 6m44s kube-proxy
Normal Starting 6m51s kubelet Starting kubelet.
Warning InvalidDiskCapacity 6m51s kubelet invalid capacity 0 on image filesystem
Normal NodeAllocatableEnforced 6m51s kubelet Updated Node Allocatable limit across pods
Normal NodeHasSufficientMemory 6m51s kubelet Node k8s-ctr status is now: NodeHasSufficientMemory
Normal NodeHasNoDiskPressure 6m51s kubelet Node k8s-ctr status is now: NodeHasNoDiskPressure
Normal NodeHasSufficientPID 6m51s kubelet Node k8s-ctr status is now: NodeHasSufficientPID
Normal RegisteredNode 6m46s node-controller Node k8s-ctr event: Registered Node k8s-ctr in Controller
root@k8s-ctr:~# dnf install -y git
Last metadata expiration check: 0:00:18 ago on Thu 22 Jan 2026 12:03:57 AM KST.
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Installing:
git x86_64 2.47.3-1.el10 appstream 50 k
Installing dependencies:
git-core x86_64 2.47.3-1.el10 appstream 4.8 M
git-core-doc noarch 2.47.3-1.el10 appstream 3.1 M
perl-Error noarch 1:0.17029-18.el10 appstream 40 k
perl-File-Find noarch 1.44-512.2.el10_0 appstream 25 k
perl-Git noarch 2.47.3-1.el10 appstream 37 k
perl-TermReadKey x86_64 2.38-24.el10 appstream 36 k
perl-lib x86_64 0.65-512.2.el10_0 appstream 15 k
Transaction Summary
========================================================================================================================
Install 8 Packages
###################중략 #############################
root@k8s-ctr:~# git clone https://github.com/ahmetb/kubectx /opt/kubectx
Cloning into '/opt/kubectx'...
remote: Enumerating objects: 1540, done.
remote: Counting objects: 100% (469/469), done.
remote: Compressing objects: 100% (110/110), done.
remote: Total 1540 (delta 407), reused 360 (delta 359), pack-reused 1071 (from 2)
#######################중략 ####################
root@k8s-ctr:~# cat << "EOT" >> /root/.bash_profile
source /root/kube-ps1/kube-ps1.sh
KUBE_PS1_SYMBOL_ENABLE=true
function get_cluster_short() {
echo "$1" | cut -d . -f1
}
KUBE_PS1_CLUSTER_FUNCTION=get_cluster_short
KUBE_PS1_SUFFIX=') '
PS1='$(kube_ps1)'$PS1
EOT
```
- Flannel CNI 설치 ( flannel인터페이스 반드시확인)
```bash
(⎈|HomeLab:default) root@k8s-ctr:~# kc describe pod -n kube-system kube-controller-manager-k8s-ctr
Name: kube-controller-manager-k8s-ctr
Namespace: kube-system
Priority: 2000001000
Priority Class Name: system-node-critical
Node: k8s-ctr/192.168.10.100
Start Time: Wed, 21 Jan 2026 23:57:20 +0900
Labels: component=kube-controller-manager
tier=control-plane
Annotations: kubernetes.io/config.hash: 7314ab3f0ec6401c196ca943fad44a05
kubernetes.io/config.mirror: 7314ab3f0ec6401c196ca943fad44a05
kubernetes.io/config.seen: 2026-01-21T23:57:20.682508931+09:00
kubernetes.io/config.source: file
Status: Running
SeccompProfile: RuntimeDefault
IP: 192.168.10.100
IPs:
IP: 192.168.10.100
Controlled By: Node/k8s-ctr
(⎈|HomeLab:default) root@k8s-ctr:~# helm repo add flannel https://flannel-io.github.io/flannel
"flannel" has been added to your repositories
(⎈|HomeLab:default) root@k8s-ctr:~#
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl create namespace kube-flannel
namespace/kube-flannel created
(⎈|HomeLab:default) root@k8s-ctr:~# cat << EOF > flannel.yaml
podCidr: "10.244.0.0/16"
flannel:
cniBinDir: "/opt/cni/bin"
cniConfDir: "/etc/cni/net.d"
args:
- "--ip-masq"
- "--kube-subnet-mgr"
**- "--iface=enp0s9"**
backend: "vxlan"
EOF
(⎈|HomeLab:default) root@k8s-ctr:~# helm install flannel flannel/flannel --namespace kube-flannel --version 0.27.3 -f flannel.yaml
NAME: flannel
LAST DEPLOYED: Thu Jan 22 00:14:31 2026
NAMESPACE: kube-flannel
STATUS: deployed
REVISION: 1
TEST SUITE: None
########### **"--iface=enp0s9"가 아닌 enp0s8로 되어있어서 재구동진행 ########**
(⎈|HomeLab:default) root@k8s-ctr:~# helm upgrade flannel flannel/flannel -n kube-flannel -f flannel.yaml
Release "flannel" has been upgraded. Happy Helming!
NAME: flannel
LAST DEPLOYED: Thu Jan 22 00:24:14 2026
NAMESPACE: kube-flannel
STATUS: deployed
REVISION: 2
TEST SUITE: None
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get pod -n kube-system -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-668d6bf9bc-n2xwv 1/1 Running 0 28m 10.244.0.3 k8s-ctr <none> <none>
coredns-668d6bf9bc-xsk2k 1/1 Running 0 28m 10.244.0.2 k8s-ctr <none> <none>
```
- 노드 정보 확인 기본 환경 정보 출력
kubelet,kubeadm 설치시 커널파라미터가 변경되는게있따
ex) kernnel.panic = 0 > 10 변경
```bash
(⎈|HomeLab:default) root@k8s-ctr:~# systemctl is-active kubelet
active
(⎈|HomeLab:default) root@k8s-ctr:~# kc describe node
Name: k8s-ctr
Roles: control-plane
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
kubernetes.io/hostname=k8s-ctr
kubernetes.io/os=linux
node-role.kubernetes.io/control-plane=
node.kubernetes.io/exclude-from-external-load-balancers=
Annotations: flannel.alpha.coreos.com/backend-data: {"VNI":1,"VtepMAC":"3a:76:87:a6:2d:bf"}
flannel.alpha.coreos.com/backend-type: vxlan
flannel.alpha.coreos.com/kube-subnet-manager: true
flannel.alpha.coreos.com/public-ip: 192.168.10.100
kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/containerd.sock
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Wed, 21 Jan 2026 23:57:17 +0900
**Taints: node-role.kubernetes.io/control-plane:NoSchedule**
(⎈|HomeLab:default) root@k8s-ctr:~# cat /etc/sysconfig/kubelet
tree /etc/kubernetes | tee -a etc_kubernetes-2.txt
tree /var/lib/kubelet | tee -a var_lib_kubelet-2.txt
tree /run/containerd/ -L 3 | tee -a run_containerd-2.txt
pstree -alnp | tee -a pstree-2.txt
systemd-cgls --no-pager | tee -a systemd-cgls-2.txt
lsns | tee -a lsns-2.txt
ip addr | tee -a ip_addr-2.txt
ss -tnlp | tee -a ss-2.txt
df -hT | tee -a df-2.txt
findmnt | tee -a findmnt-2.txt
sysctl -a | tee -a sysctl-2.txt
```
- 인증서 확인
```bash
(⎈|HomeLab:default) root@k8s-ctr:~# kc describe cm -n kube-system kubeadm-config
Name: kubeadm-config
Namespace: kube-system
Labels: <none>
Annotations: <none>
Data
====
ClusterConfiguration:
----
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
**caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s**
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: v1.32.11
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/16
proxy: {}
scheduler: {}
BinaryData
====
(⎈|HomeLab:default) root@k8s-ctr:~# kubeadm certs check-expiration
[check-expiration] Reading configuration from the "kubeadm-config" ConfigMap in namespace "kube-system"...
[check-expiration] Use 'kubeadm init phase upload-config --config your-config.yaml' to re-upload it.
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Jan 21, 2027 14:56 UTC 364d ca no
apiserver Jan 21, 2027 14:56 UTC 364d ca no
apiserver-etcd-client Jan 21, 2027 14:56 UTC 364d etcd-ca no
apiserver-kubelet-client Jan 21, 2027 14:56 UTC 364d ca no
controller-manager.conf Jan 21, 2027 14:56 UTC 364d ca no
etcd-healthcheck-client Jan 21, 2027 14:56 UTC 364d etcd-ca no
etcd-peer Jan 21, 2027 14:56 UTC 364d etcd-ca no
etcd-server Jan 21, 2027 14:56 UTC 364d etcd-ca no
front-proxy-client Jan 21, 2027 14:56 UTC 364d front-proxy-ca no
scheduler.conf Jan 21, 2027 14:56 UTC 364d ca no
super-admin.conf Jan 21, 2027 14:56 UTC 364d ca no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Jan 19, 2036 14:56 UTC 9y no
etcd-ca Jan 19, 2036 14:56 UTC 9y no
front-proxy-ca Jan 19, 2036 14:56 UTC 9y no
```
- kubeconfig 확인
```bash
(⎈|HomeLab:default) root@k8s-ctr:~# cat /etc/kubernetes/admin.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data:
##############중략###################
(⎈|HomeLab:default) root@k8s-ctr:~# cat /etc/kubernetes/super-admin.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data:
##############중략###################
(⎈|HomeLab:default) root@k8s-ctr:~# cat /etc/kubernetes/controller-manager.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data:
##############중략###################
(⎈|HomeLab:default) root@k8s-ctr:~# cat /var/lib/kubelet/pki/kubelet.crt | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4215227672604660729 (0x3a7f7f3c28ff53f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=k8s-ctr-ca@1769007433
Validity
Not Before: Jan 21 13:57:13 2026 GMT
Not After : Jan 21 13:57:13 2027 GMT
Subject: CN=k8s-ctr@1769007433
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
(⎈|HomeLab:default) root@k8s-ctr:~# cat /var/lib/kubelet/pki/kubelet-client-current.pem | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5381870817680008066 (0x4ab03efe8adba382)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: Jan 21 14:51:44 2026 GMT
Not After : Jan 21 14:56:44 2027 GMT
Subject: O=system:nodes, CN=system:node:k8s-ctr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
```
- static pod 확인 : etcd, kube-apiserver, kube-scheduler,kube-controller-manager
```bash
(⎈|HomeLab:default) root@k8s-ctr:~# tree /etc/kubernetes/manifests/
/etc/kubernetes/manifests/
├── etcd.yaml
├── kube-apiserver.yaml
├── kube-controller-manager.yaml
└── kube-scheduler.yaml
(⎈|HomeLab:default) root@k8s-ctr:~# cat /var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
(⎈|HomeLab:default) root@k8s-ctr:~# cat /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///run/containerd/containerd.sock --node-ip=192.168.10.100 --pod-infra-container-image=registry.k8s.io/pause:3.10"
(⎈|HomeLab:default) root@k8s-ctr:~# cat /etc/kubernetes/manifests/etcd.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/etcd.advertise-client-urls: https://192.168.10.100:2379
creationTimestamp: null
labels:
component: etcd
tier: control-plane
name: etcd
namespace: kube-system
spec:
containers:
- command:
- etcd
- --advertise-client-urls=https://192.168.10.100:2379
- --cert-file=/etc/kubernetes/pki/etcd/server.crt
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get svc,ep
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 41m
NAME ENDPOINTS AGE
endpoints/kubernetes 192.168.10.100:6443 41m
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.podCIDR}{"\n"}{end}'
k8s-ctr 10.244.0.0/24
```
- 필수 애드온 설치 확인
```bash
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get deploy -n kube-system coredns -owide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
coredns 2/2 2 2 41m coredns registry.k8s.io/coredns/coredns:v1.11.3 k8s-app=kube-dns
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get pod -n kube-system -l k8s-app=kube-dns -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-668d6bf9bc-n2xwv 1/1 Running 0 41m 10.244.0.3 k8s-ctr <none> <none>
coredns-668d6bf9bc-xsk2k 1/1 Running 0 41m 10.244.0.2 k8s-ctr <none> <none>
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get svc,ep -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 41m
NAME ENDPOINTS AGE
endpoints/kube-dns 10.244.0.2:53,10.244.0.3:53,10.244.0.2:53 + 3 more... 41m
(⎈|HomeLab:default) root@k8s-ctr:~# curl -s http://10.96.0.10:9153/metrics | head
# HELP coredns_build_info A metric with a constant '1' value labeled by version, revision, and goversion from which CoreDNS was built.
# TYPE coredns_build_info gauge
coredns_build_info{goversion="go1.21.11",revision="a6338e9",version="1.11.3"} 1
# HELP coredns_cache_entries The number of elements in the cache.
# TYPE coredns_cache_entries gauge
coredns_cache_entries{server="dns://:53",type="denial",view="",zones="."} 1
coredns_cache_entries{server="dns://:53",type="success",view="",zones="."} 0
# HELP coredns_cache_misses_total The count of cache misses. Deprecated, derive misses from cache hits/requests counters.
# TYPE coredns_cache_misses_total counter
coredns_cache_misses_total{server="dns://:53",view="",zones="."} 1
(⎈|HomeLab:default) root@k8s-ctr:~# kc describe cm -n kube-system coredns
Name: coredns
Namespace: kube-system
Labels: <none>
Annotations: <none>
Events: <none>
(⎈|HomeLab:default) root@k8s-ctr:~# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get ds -n kube-system -owide
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
kube-proxy 1 1 1 1 1 kubernetes.io/os=linux 43m kube-proxy registry.k8s.io/kube-proxy:v1.32.11 k8s-app=kube-proxy
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get pod -n kube-system -l k8s-app=kube-proxy -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-proxy-9dpcs 1/1 Running 0 42m 192.168.10.100 k8s-ctr <none> <none>
(⎈|HomeLab:default) root@k8s-ctr:~# kc describe cm -n kube-system kube-proxy
Name: kube-proxy
Namespace: kube-system
Labels: app=kube-proxy
Annotations: kubeadm.kubernetes.io/component-config.hash: sha256:cdf765c8ace05d9c91a233c33ad96de755530f97919a928be185843e99db7bd7
Data
====
config.conf:
----
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
bindAddressHardFail: false
clientConnection:
acceptContentTypes: ""
burst: 0
contentType: ""
kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
qps: 0
====
Events: <none>
(⎈|HomeLab:default) root@k8s-ctr:~# curl 127.0.0.1:10249/healthz ; echo
ok
(⎈|HomeLab:default) root@k8s-ctr:~# dnf install -y conntrack-tools
Last metadata expiration check: 0:37:12 ago on Thu 22 Jan 2026 12:03:57 AM KST.
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Installing:
conntrack-tools x86_64 1.4.8-3.el10 appstream 235 k
Installing dependencies:
libnetfilter_cthelper x86_64 1.0.1-1.el10 appstream 23 k
libnetfilter_cttimeout x86_64 1.0.0-27.el10 appstream 23 k
libnetfilter_queue x86_64 1.0.5-9.el10 appstream 28 k
Transaction Summary
========================================================================================================================
Install 4 Packages
######중략#######
```k8s-w1,w2 설정
사전설정
접속후 동일하게 세팅진행 PS C:\Users\bom\Desktop\스터디\week3> vagrant ssh k8s-w1 This system is built by the Bento project by Chef Software More information can be found at https://github.com/chef/bento Use of this system is acceptance of the OS vendor EULA and License Agreements. vagrant@k8s-w1:~$ echo "sudo su -" >> /home/vagrant/.bashrc vagrant@k8s-w1:~$ sudo su - root@k8s-w1:~# timedatectl set-local-rtc 0 root@k8s-w1:~# timedatectl set-timezone Asia/Seoul root@k8s-w1:~# setenforce 0 root@k8s-w1:~# sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config root@k8s-w1:~# systemctl disable --now firewalld Removed '/etc/systemd/system/multi-user.target.wants/firewalld.service'. Removed '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'. root@k8s-w1:~# swapoff -a root@k8s-w1:~# sed -i '/swap/d' /etc/fstab root@k8s-w1:~# modprobe overlay root@k8s-w1:~# modprobe br_netfilter root@k8s-w1:~# cat <<EOF | tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF overlay br_netfilter root@k8s-w1:~# cat <<EOF | tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 root@k8s-w1:~# sysctl --system >/dev/null 2>&1 root@k8s-w1:~# sed -i '/^127\.0\.\(1\|2\)\.1/d' /etc/hosts cat << EOF >> /etc/hosts 192.168.10.100 k8s-ctr 192.168.10.101 k8s-w1 192.168.10.102 k8s-w2 EOFCRI설치
root@k8s-w2:~# dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo root@k8s-w2:~# dnf install -y containerd.io-2.1.5-1.el10 Docker CE Stable - x86_64 282 kB/s | 16 kB 00:00 Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: containerd.io x86_64 2.1.5-1.el10 docker-ce-stable 34 M Transaction Summary ======================================================================================================================== Install 1 Package root@k8s-w2:~# containerd config default | tee /etc/containerd/config.toml version = 3 root = '/var/lib/containerd' state = '/run/containerd' temp = '' disabled_plugins = [] required_plugins = [] oom_score = 0 imports = [] ###########중략########### root@k8s-w2:~# sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml root@k8s-w2:~# systemctl daemon-reload root@k8s-w2:~# systemctl enable --now containerd Created symlink '/etc/systemd/system/multi-user.target.wants/containerd.service' → '/usr/lib/systemd/system/containerd.service'.-
kubeadm, kubelet 및 kubectl 설치
root@k8s-w2:~# cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/ enabled=1 gpgcheck=1 gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni EOF [kubernetes] name=Kubernetes baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/ enabled=1 gpgcheck=1 gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni root@k8s-w2:~# dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes Kubernetes 38 kB/s | 19 kB 00:00 Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: kubeadm x86_64 1.32.11-150500.1.1 kubernetes 12 M kubectl x86_64 1.32.11-150500.1.1 kubernetes 11 M kubelet x86_64 1.32.11-150500.1.1 kubernetes 15 M Installing dependencies: cri-tools x86_64 1.32.0-150500.1.1 kubernetes 7.1 M kubernetes-cni x86_64 1.6.0-150500.1.1 kubernetes 8.0 M Transaction Summary ======================================================================================================================== Install 5 Packages root@k8s-w2:~# systemctl enable --now kubelet Created symlink '/etc/systemd/system/multi-user.target.wants/kubelet.service' → '/usr/lib/systemd/system/kubelet.service'. root@k8s-w2:~# cat << EOF > /etc/crictl.yaml runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock EOFkubeadm k8s join
root@k8s-w2:~# crictl images crictl ps cat /etc/sysconfig/kubelet tree /etc/kubernetes | tee -a etc_kubernetes-1.txt tree /var/lib/kubelet | tee -a var_lib_kubelet-1.txt tree /run/containerd/ -L 3 | tee -a run_containerd-1.txt pstree -alnp | tee -a pstree-1.txt systemd-cgls --no-pager | tee -a systemd-cgls-1.txt lsns | tee -a lsns-1.txt ip addr | tee -a ip_addr-1.txt ss -tnlp | tee -a ss-1.txt df -hT | tee -a df-1.txt findmnt | tee -a findmnt-1.txt sysctl -a | tee -a sysctl-1.txt root@k8s-w2:~# NODEIP=$(ip -4 addr show enp0s8 | grep -oP '(?<=inet\s)\d+(\.\d+){3}') root@k8s-w2:~# NODEIP=$(ip -4 addr show enp0s8 | grep -oP '(?<=inet\s)\d+(\.\d+){3}') root@k8s-w2:~# cat << EOF > kubeadm-join.yaml apiVersion: kubeadm.k8s.io/v1beta4 kind: JoinConfiguration discovery: bootstrapToken: token: "123456.1234567890123456" apiServerEndpoint: "192.168.10.100:6443" unsafeSkipCAVerification: true nodeRegistration: criSocket: "unix:///run/containerd/containerd.sock" kubeletExtraArgs: - name: node-ip value: "$NODEIP" EOF root@k8s-w2:~# kubeadm join --config="kubeadm-join.yaml" [preflight] Running pre-flight checks [preflight] Reading configuration from the "kubeadm-config" ConfigMap in namespace "kube-system"... [preflight] Use 'kubeadm init phase upload-config --config your-config.yaml' to re-upload it. [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-check] Waiting for a healthy kubelet at http://127.0.0.1:10248/healthz. This can take up to 4m0s [kubelet-check] The kubelet is healthy after 505.002436ms [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster. root@k8s-w2:~# curl -s -k https://192.168.10.100:6443/api/v1/namespaces/kube-public/configmaps/cluster-info | jq { "kind": "ConfigMap", "apiVersion": "v1", "metadata": { "name": "cluster-info", "namespace": "kube-public", "uid": "4f8df4c9-5dc4-4734-b1b7-e5a803feab7f",k8s-w1/w2 정보확인
(⎈|HomeLab:default) root@k8s-ctr:~# kubectl get node -owide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME k8s-ctr Ready control-plane 2d v1.32.11 192.168.10.100 <none> Rocky Linux 10.0 (Red Quartz) 6.12.0-55.39.1.el10_0.x86_64 containerd://2.1.5 k8s-w1 Ready <none> 58s v1.32.11 192.168.10.101 <none> Rocky Linux 10.0 (Red Quartz) 6.12.0-55.39.1.el10_0.x86_64 containerd://2.1.5 k8s-w2 Ready <none> 53s v1.32.11 192.168.10.102 <none> Rocky Linux 10.0 (Red Quartz) 6.12.0-55.39.1.el10_0.x86_64 containerd://2.1.5 (⎈|HomeLab:default) root@k8s-ctr:~# kc describe node k8s-w2 Name: k8s-w2 Roles: <none> Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=k8s-w2 kubernetes.io/os=linux Annotations: flannel.alpha.coreos.com/backend-data: {"VNI":1,"VtepMAC":"d2:83:ae:e6:6e:a0"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 192.168.10.102 kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/containerd.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Fri, 23 Jan 2026 23:56:42 +0900 Taints: <none>
모니터링 툴 설치진행
metric-server설치진행
(⎈|HomeLab:default) root@k8s-ctr:~# helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/ "metrics-server" has been added to your repositories (⎈|HomeLab:default) root@k8s-ctr:~# helm upgrade --install metrics-server metrics-server/metrics-server --set 'args[0]=--kubelet-insecure-tls' -n kube-system Release "metrics-server" does not exist. Installing it now. NAME: metrics-server LAST DEPLOYED: Sat Jan 24 00:14:07 2026 NAMESPACE: kube-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: *********************************************************************** * Metrics Server * *********************************************************************** Chart version: 3.13.0 App version: 0.8.0 Image tag: registry.k8s.io/metrics-server/metrics-server:v0.8.0 ***********************************************************************kube-prometheus-stack 설치
(⎈|HomeLab:default) root@k8s-ctr:~# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts (⎈|HomeLab:default) root@k8s-ctr:~# helm list -n monitoring NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION kube-prometheus-stack monitoring 1 2026-01-24 00:14:59.530116612 +0900 KST deployed kube-prometheus-stack-80.13.3 v0.87.1 (⎈|HomeLab:default) root@k8s-ctr:~# kubectl get pod,svc,ingress,pvc -n monitoring NAME READY STATUS RESTARTS AGE pod/kube-prometheus-stack-grafana-5cb7c586f9-7ntdf 0/3 ContainerCreating 0 18s pod/kube-prometheus-stack-kube-state-metrics-7846957b5b-gjccp 0/1 Running 0 18s pod/kube-prometheus-stack-operator-584f446c98-nsm8c 0/1 ContainerCreating 0 18s pod/kube-prometheus-stack-prometheus-node-exporter-p7j45 1/1 Running 0 18s pod/kube-prometheus-stack-prometheus-node-exporter-slqhj 1/1 Running 0 18s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kube-prometheus-stack-alertmanager ClusterIP 10.96.42.69 <none> 9093/TCP,8080/TCP 18s service/kube-prometheus-stack-grafana NodePort 10.96.172.144 <none> 80:30002/TCP 18s service/kube-prometheus-stack-kube-state-metrics ClusterIP 10.96.34.132 <none> 8080/TCP 18s service/kube-prometheus-stack-operator ClusterIP 10.96.116.217 <none> 443/TCP 18s service/kube-prometheus-stack-prometheus NodePort 10.96.30.242 <none> 9090:30001/TCP,8080:30485/TCP 18s service/kube-prometheus-stack-prometheus-node-exporter ClusterIP 10.96.83.43 <none> 9100/TCP (⎈|HomeLab:default) root@k8s-ctr:~# kubectl exec -it -n monitoring deploy/kube-prometheus-stack-grafana -- grafana --version grafana version 12.3.1 (⎈|HomeLab:default) root@k8s-ctr:~# kubectl exec -it sts/prometheus-kube-prometheus-stack-prometheus -n monitoring -c prometheus -- prometheus --version prometheus, version 3.9.1 (branch: HEAD, revision: 9ec59baffb547e24f1468a53eb82901e58feabd8) build user: root@61c3a9212c9e build date: 20260107-16:08:09 go version: go1.25.5 platform: linux/amd64 tags: netgo,builtinassets
k8s 대시보드 확인
Certificate exporter 설치 및 화면 구성
(⎈|HomeLab:default) root@k8s-ctr:~# cat << EOF > cert-export-values.yaml # -- hostPaths Exporter hostPathsExporter: hostPathVolumeType: Directory daemonSets: cp: nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists (⎈|HomeLab:default) root@k8s-ctr:~# helm install x509-certificate-exporter enix/x509-certificate-exporter -n monitoring --values cert-export-values.yaml NAME: x509-certificate-exporter LAST DEPLOYED: Sat Jan 24 00:34:37 2026 NAMESPACE: monitoring STATUS: deployed REVISION: 1 TEST SUITE: None (⎈|HomeLab:default) root@k8s-ctr:~# helm list -n monitoring NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION kube-prometheus-stack monitoring 1 2026-01-24 00:14:59.530116612 +0900 KST deployed kube-prometheus-stack-80.13.3 v0.87.1 x509-certificate-exporter monitoring 1 2026-01-24 00:34:37.079222386 +0900 KST deployed x509-certificate-exporter-3.19.1 3.19.1 (⎈|HomeLab:default) root@k8s-ctr:~# curl -s 10.244.0.4:9793/metrics | grep '^x509' | head -n 3 x509_cert_expired{filename="apiserver-etcd-client.crt",filepath="/etc/kubernetes/pki/apiserver-etcd-client.crt",issuer_CN="etcd-ca",serial_number="5085519134918927718",subject_CN="kube-apiserver-etcd-client"} 0 x509_cert_expired{filename="apiserver.crt",filepath="/etc/kubernetes/pki/apiserver.crt",issuer_CN="kubernetes",serial_number="8664196532623716359",subject_CN="kube-apiserver"} 0 x509_cert_expired{filename="ca.crt",filepath="/etc/kubernetes/pki/ca.crt",issuer_CN="kubernetes",serial_number="303979118069449790",subject_CN="kubernetes"} 0
인증서 갱신
(⎈|HomeLab:default) root@k8s-ctr:~# **kc describe cm -n kube-system kubeadm-config | grep -i cert** *caCertificateValidityPeriod: 87600h0m0s certificateValidityPeriod: 8760h0m0s* (⎈|HomeLab:default) root@k8s-ctr:~# **kubeadm certs check-expiration -v 6** **cat /etc/kubernetes/pki/apiserver.crt | openssl x509 -text -noout** *Certificate: Data: Version: 3 (0x2) Serial Number: 9019049356910942135 (0x7d2a199aea6457b7) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=kubernetes **Validity** Not Before: Jan 24 00:18:08 2026 GMT **Not After : Jan 24 00:23:08 2027 GMT** Subject: CN=kube-apiserver* ====================중략===============================
K8S Upgrade by kubeadm
- 쿠버네티스는 1년에 3개의 마이너 버전 출시하며 → 최근 3개 버전 패치를 지원 해준다.
버젼 관련 정보
- HA 클러스터에서는 가장 낮은 kube-apiserver 버전이 모든 기준
- kube-apiserver(HA)는 N / N-1 까지만 가능하며 업그레이드는 apiserver부터 진행
- kubelet / kube-proxy는 apiserver보다 신버젼 불가, 최대 3 마이너 OLD 허용
- kcm·scheduler·ccm은 apiserver보다 신버젼 불가 1 마이너 OLD만 허용
- kubectl 은 apiserver 기준 ±1 마이너 버전까지 허용
실습환경 배포
C:\Users\bom\Desktop\스터디\upgrade_week3>vagrant up
Bringing machine 'k8s-ctr' up with 'virtualbox' provider...
Bringing machine 'k8s-w1' up with 'virtualbox' provider...
Bringing machine 'k8s-w2' up with 'virtualbox' provider...사전준비
kube-prometheus-stack 설치
(⎈|HomeLab:N/A) root@k8s-ctr:~#kubectl exec -it sts/prometheus-kube-prometheus-stack-prometheus -n monitoring -c prometheus -- **prometheus --version** *prometheus, version 3.9.1* ****(⎈|HomeLab:N/A) root@k8s-ctr:~#kubectl exec -it -n monitoring deploy/kube-prometheus-stack-grafana -- **grafana --version** *grafana version 12.3.1*etcd백업
##etcd백업 (⎈|HomeLab:N/A) root@k8s-ctr:~# crictl images | grep etcd registry.k8s.io/etcd 3.5.24-0 8cb12dd0c3e42 23.7MB (⎈|HomeLab:N/A) root@k8s-ctr:~# kubectl exec -n kube-system etcd-k8s-ctr -- etcdctl version etcdctl version: 3.5.24 API version: 3.5 (⎈|HomeLab:N/A) root@k8s-ctr:~# ETCD_VER=3.5.24 (⎈|HomeLab:N/A) root@k8s-ctr:~# ARCH=amd64 (⎈|HomeLab:N/A) root@k8s-ctr:~# (⎈|HomeLab:N/A) root@k8s-ctr:~# curl -L https://github.com/etcd-io/etcd/releases/download/v${ETCD_VER}/etcd-v${ETCD_VER}-linux-${ARCH}.tar.gz -o /tmp/etcd-v${ETCD_VER}.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 21.3M 100 21.3M 0 0 17.4M 0 0:00:01 0:00:01 --:--:-- 17.4M (⎈|HomeLab:N/A) root@k8s-ctr:~# mkdir -p /tmp/etcd-download (⎈|HomeLab:N/A) root@k8s-ctr:~# tar xzvf /tmp/etcd-v${ETCD_VER}.tar.gz -C /tmp/etcd-download --strip-components=1 etcd-v3.5.24-linux-amd64/Documentation/ etcd-v3.5.24-linux-amd64/Documentation/dev-guide/ etcd-v3.5.24-linux-amd64/Documentation/dev-guide/apispec/ etcd-v3.5.24-linux-amd64/Documentation/dev-guide/apispec/swagger/ etcd-v3.5.24-linux-amd64/Documentation/dev-guide/apispec/swagger/v3lock.swagger.json etcd-v3.5.24-linux-amd64/Documentation/dev-guide/apispec/swagger/v3election.swagger.json etcd-v3.5.24-linux-amd64/Documentation/dev-guide/apispec/swagger/rpc.swagger.json etcd-v3.5.24-linux-amd64/Documentation/README.md etcd-v3.5.24-linux-amd64/README-etcdutl.md etcd-v3.5.24-linux-amd64/READMEv2-etcdctl.md etcd-v3.5.24-linux-amd64/README-etcdctl.md etcd-v3.5.24-linux-amd64/README.md etcd-v3.5.24-linux-amd64/etcdutl etcd-v3.5.24-linux-amd64/etcdctl etcd-v3.5.24-linux-amd64/etcd (⎈|HomeLab:N/A) root@k8s-ctr:~# mv /tmp/etcd-download/etcdctl /usr/local/bin/ mv /tmp/etcd-download/etcdutl /usr/local/bin/ chown root:root /usr/local/bin/etcdctl chown root:root /usr/local/bin/etcdutl (⎈|HomeLab:N/A) root@k8s-ctr:~# etcdctl version etcdctl version: 3.5.24 API version: 3.5 (⎈|HomeLab:N/A) root@k8s-ctr:~# etcdctl snapshot save /backup/etcd-snapshot-$(date +%F).db {"level":"info","ts":"2026-01-24T01:04:27.603103+0900","caller":"snapshot/v3_snapshot.go:65","msg":"created temporary db file","path":"/backup/etcd-snapshot-2026-01-24.db.part"}
Flannel CNI업그레이드
이미지 다운로드
⎈|HomeLab:N/A) root@k8s-ctr:~# crictl images | grep flannel ghcr.io/flannel-io/flannel-cni-plugin v1.7.1-flannel1 cca2af40a4a9e 4.88MB ghcr.io/flannel-io/flannel v0.27.3 5de71980e553f 34MB ghcr.io/flannel-io/flannel v0.27.4 e83704a177312 34.1MBHelm업그레이드
(⎈|HomeLab:N/A) root@k8s-ctr:~# cat << EOF > flannel.yaml podCidr: "10.244.0.0/16" flannel: cniBinDir: "/opt/cni/bin" cniConfDir: "/etc/cni/net.d" args: - "--ip-masq" - "--kube-subnet-mgr" - "--iface=enp0s9" backend: "vxlan" image: tag: v0.27.4 EOF (⎈|HomeLab:N/A) root@k8s-ctr:~# helm upgrade flannel flannel/flannel -n kube-flannel -f flannel.yaml --version 0.27.4 Release "flannel" has been upgraded. Happy Helming! NAME: flannel LAST DEPLOYED: Sat Jan 24 01:07:43 2026 NAMESPACE: kube-flannel STATUS: deployed REVISION: 2 TEST SUITE: None
Rockey Linux OS 마이너버젼 업그레이드
업그레이드
(⎈|HomeLab:N/A) root@k8s-ctr:~# rpm -q containerd.io containerd.io-2.1.5-1.el10.aarch64 (⎈|HomeLab:N/A) root@k8s-ctr:~# dnf install -y 'dnf-command(versionlock)' (⎈|HomeLab:N/A) root@k8s-ctr:~# dnf versionlock add containerd.io Adding versionlock on: containerd.io-0:2.1.5-1.el10.* (⎈|HomeLab:N/A) root@k8s-ctr:~# dnf versionlock list containerd.io-0:2.1.5-1.el10.* ------------------------------------------------------------- (⎈|HomeLab:N/A) root@k8s-ctr:~# dnf -y update Running scriptlet: kernel-modules-core-6.12.0-124.27.1.el10_1.aarch64 584/584 (⎈|HomeLab:N/A) root@k8s-ctr:~# reboot (⎈|HomeLab:N/A) root@k8s-ctr:~# ping 192.168.10.100 64 bytes from 192.168.10.100: icmp_seq=47 ttl=64 time=0.454 ms 64 bytes from 192.168.10.100: icmp_seq=48 ttl=64 time=0.532 ms Request timeout for icmp_seq 49 # 재부팅 시점에 ping 통신 불가 Request timeout for icmp_seq 50 (⎈|HomeLab:N/A) root@k8s-ctr:~# kubectl get pod -A -owide | grep k8s-ctr default curl-pod 1/1 Running 1 (2m25s ago) 61m 10.244.0.3 k8s-ctr <none> <none> kube-flannel kube-flannel-ds-f2572 1/1 Running 1 (2m25s ago) 15m 192.168.10.100 k8s-ctr <none> <none> kube-system coredns-668d6bf9bc-ctkmb 1/1 Running 1 (2m25s ago) 142m 10.244.0.2 k8s-ctr <none> <none> kube-system etcd-k8s-ctr 1/1 Running 1 (2m25s ago) 142m 192.168.10.100 k8s-ctr <none> <none> kube-system kube-apiserver-k8s-ctr 1/1 Running 1 (2m25s ago) 142m 192.168.10.100 k8s-ctr <none> <none> kube-system kube-controller-manager-k8s-ctr 1/1 Running 1 (2m25s ago) 142m 192.168.10.100 k8s-ctr <none> <none> kube-system kube-proxy-wwd9c 1/1 Running 1 (2m25s ago) 142m 192.168.10.100 k8s-ctr <none> <none> kube-system kube-scheduler-k8s-ctr 1/1 Running 1 (2m25s ago) 142m 192.168.10.100 k8s-ctr <none> <none> monitoring kube-prometheus-stack-prometheus-node-exporter-6k5rk 1/1 Running 1 (2m25s ago) 36m 192.168.10.100 k8s-ctr <none> <none>
kubeadm,kubelet,kubectl 업그레이드
고려사항(업그레이드순서)
- kubeadm 업그레이드
- kubelet / kubectl 업그레이드
- kubelet 재시작
containerd 관련 유의사항
- containerd 재시작 불필요함
업그레이드 진행
(⎈|HomeLab:N/A) root@k8s-ctr:~# **dnf list --showduplicates kubeadm --disableexcludes=kubernetes** *Installed Packages kubeadm.aarch64 **1.32.11-150500.1.1** @kubernetes Available Packages* (⎈|HomeLab:N/A) root@k8s-ctr:~# dnf install -y --disableexcludes=kubernetes kubeadm-**1.33.7-150500.1.1** (⎈|HomeLab:N/A) root@k8s-ctr:~# **kubeadm upgrade plan** *[upgrade/versions] Target version: **v1.33.7** [upgrade/versions] Latest version in the v1.32 series: **v1.32.11*** - etcd schema 확인 - kube-apiserver / controller-manager / scheduler static pod 교체 - CoreDNS 업그레이드 - kube-proxy 업그레이드 ******(⎈|HomeLab:N/A) root@k8s-ctr:~# **kubeadm config images pull** *[config/images] Pulled registry.k8s.io/kube-apiserver:v1.33.7 [config/images] Pulled registry.k8s.io/kube-controller-manager:v1.33.7 *****(⎈|HomeLab:N/A) root@k8s-ctr:~# crictl pull registry.k8s.io/kube-proxy:v1.33.7 ****(⎈|HomeLab:N/A) root@k8s-ctr:~# crictl pull registry.k8s.io/coredns/coredns:v1.12.0 ****(⎈|HomeLab:N/A) ****root@k8s-ctr:~# **kubeadm upgrade apply v1.33.7** *[upgrade] Reading configuration from the "kubeadm-config" ConfigMap in namespace "kube-system"... [upgrade] Use 'kubeadm init phase upload-config --config your-config-file' to re-upload it. [upgrade/preflight] Running preflight checks [upgrade] Running cluster health checks [upgrade/preflight] You have chosen to upgrade the cluster version to "v1.33.7" [upgrade/versions] Cluster version: v1.32.11 [upgrade/versions] kubeadm version: v1.33.7 [upgrade] Are you sure you want to proceed? [y/N]: **y*** (⎈|HomeLab:N/A) ****root@k8s-ctr:~# dnf install -y --disableexcludes=kubernetes kubeadm-**1.34.3-150500.1.1** (⎈|HomeLab:N/A) ****root@k8s-ctr:~# **kubeadm upgrade plan** *[upgrade/versions] Target version: v1.34.3 [upgrade/versions] Latest version in the v1.33 series: v1.33.7* (⎈|HomeLab:N/A) ****root@k8s-ctr:~#**crictl pull registry.k8s.io/kube-proxy:v1.34.3** (⎈|HomeLab:N/A) ****root@k8s-ctr:~#**crictl pull registry.k8s.io/coredns/coredns:v1.12.1** (⎈|HomeLab:N/A) ****root@k8s-ctr:~#**crictl pull registry.k8s.io/pause:3.10.1** (⎈|HomeLab:N/A) ****root@k8s-ctr:~#**kubeadm upgrade apply v1.34.3 --yes** *[upgrade] Reading configuration from the "kubeadm-config" ConfigMap in namespace "kube-system"... [upgrade] Use 'kubeadm init phase upload-config kubeadm --config your-config-file' to re-upload it. [upgrade/preflight] Running preflight checks [upgrade] Running cluster health checks* (⎈|HomeLab:N/A) ****root@k8s-ctr:~# dnf install -y --disableexcludes=kubernetes **kubelet-1.34.3-150500.1.1 kubectl-1.34.3-150500.1.1** *Upgrading: kubectl aarch64 1.33.7-150500.1.1 kubernetes 9.7 M kubelet aarch64 1.33.7-150500.1.1* (⎈|HomeLab:N/A) ****root@k8s-ctr:~# **systemctl daemon-reload** (⎈|HomeLab:N/A) ****root@k8s-ctr:~# **systemctl restart kubelet** **
'Study > K8S-Deploy' 카테고리의 다른 글
| K8S)2주차 과제 (0) | 2026.01.15 |
|---|---|
| K8S) 1주차 과제 (0) | 2026.01.08 |