흙수저의 엔지니어링

CISA CPE 등록 방법입니다.

오른쪽 상단 MYISACA -> CPE CERTIFICATES 선택

Certifications & CPE Management 선택

REPORT & MANAGE CPE 선택

ADD NEW CPE RECORD 선택

CPE 내용 작성 전

CPE 내용 작성

Qualifying Activity 선택은 2가지 중으로 국내 사용자들이 선택하는 것 같아요.

1. "Self-study courses"

2. "Non-ISACA professional education activities"

저는 "Non-ISACA professional education activities"를 선택해서 등록합니다.

아쉽게도 CPE 시간은 0.5 시간 단위로 등록이 가능하네요.

개인정보보호 포털에서 제공하는 CPE 시간은 소수점 1자리까지 가능한데.. (Ex. 1.3시간)

2024년도 CPE 시간 전부 다 채웠습니다.

매년 CPE 시간 채우는 거 너무 어렵네요. 후~

공부하기 위해서 설치해봅니다.

ansible 설치하기

apt install -y ansible

관리할 서버 접속 설정하기 (사전에 ssh-keygen 설정 필요)

# pub 파일이 id_rsa.pub 인지 다른 이름인지 반드시 확인 필요
# 저는 다른 vm이 있어서 접속 테스트 했습니다.
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.205
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.206
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.207

ansible 테스트

root@13500T-ubuntu:~# mkdir /etc/ansible
root@13500T-ubuntu:~# touch /etc/ansible/hosts
root@13500T-ubuntu:~# cat /etc/ansible/hosts
#192.168.0.205 k8s-master
192.168.0.205
#192.168.0.206 k8s-node1
192.168.0.206
#192.168.0.207 k8s-node2
192.168.0.207
root@13500T-ubuntu:~# ansible all -m ping
192.168.0.207 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
192.168.0.206 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
192.168.0.205 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
root@13500T-ubuntu:~#

일반 유저로 설정을 하니 아래와 같이 권한 문제가 발생하여 ssh로 root 접속할 수 있도록 설정하여 수행하였습니다.

root@13500T-ubuntu:~# ansible all -m ping
192.168.0.205 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: root@192.168.0.205: Permission denied (publickey,password).",
    "unreachable": true
}
192.168.0.206 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: root@192.168.0.206: Permission denied (publickey,password).",
    "unreachable": true
}
192.168.0.207 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: root@192.168.0.207: Permission denied (publickey,password).",
    "unreachable": true
}
root@13500T-ubuntu:~#

/usr/bin/ssh-copy-id: ERROR: No identities found 발생 시

root@13500T-ubuntu:~# ssh-copy-id master@192.168.0.205
/usr/bin/ssh-copy-id: ERROR: No identities found

1단계: 사이사이 물어보면 "엔터"만 치시면 됩니다.

root@13500T-ubuntu:~# ssh-keygen
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ed25519
Your public key has been saved in /root/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:tXRz---------------------------- root@13500T-ubuntu
The key's randomart image is:
+--[ED25519 256]--+
|             *EBX|
|            o*B^*|
|          o Bo/*B|
|         o = X =*|
|        S .   ..o|
|               . |
|                 |
|                 |
|                 |
+----[SHA256]-----+
root@13500T-ubuntu:~#

2단계: pub 파일이 어떤 이름인지 꼭 확인해보세요. 저는 " id_rsa.pub"가 아닌 " id_ed25519.pub" 였습니다.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.205
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.205's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.0.205'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.206
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.206's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.0.206'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.207
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.207's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.0.207'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~#

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub master@192.168.0.205
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
The authenticity of host '192.168.0.205 (192.168.0.205)' can't be established.
ED25519 key fingerprint is SHA256:Rg4V0-------------------------OmwKSq8s.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
master@192.168.0.205's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'master@192.168.0.205'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub node1@192.168.0.206
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
The authenticity of host '192.168.0.206 (192.168.0.206)' can't be established.
ED25519 key fingerprint is SHA256:Rg4V0-------------------------OmwKSq8s.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
node1@192.168.0.206's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node1@192.168.0.206'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub node2@192.168.0.207
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
The authenticity of host '192.168.0.207 (192.168.0.207)' can't be established.
ED25519 key fingerprint is SHA256:Rg4V0-------------------------OmwKSq8s.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: [hashed name]
    ~/.ssh/known_hosts:4: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
node2@192.168.0.207's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node2@192.168.0.207'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~#

3단계: 패스워드 없이 계정 접속하기

root@13500T-ubuntu:~# ssh master@192.168.0.205
Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-48-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

Expanded Security Maintenance for Applications is not enabled.

139 updates can be applied immediately.
24 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

Last login: Mon Nov 18 14:55:57 2024 from 192.168.0.201
master@k8s-master:~$

kubectl get nodes 명령어 실행 시 계속 refused 오류가 나서 깔끔하게 삭제 후 재설치를 했습니다.

차라리 삭제하고 재설치하는 것이 더 빠르게 복구가 되네요.

자료가 없을 때 k8s 이슈 있을 때 사용하실때 사용하세요~

kubeadm reset
systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /var/lib/etcd
rm -rf /run/flannel
rm -rf /etc/cni
rm -rf /etc/kubernetes
rm -rf ~/.kube
apt purge kubeadm kubectl kubelet kubebernetes-cni
apt autoremove

reboot

k8s == k8(ubernete)s

처음 k8s가 무슨 의미인지 몰랐는데, 알고 보니.... 너무....

생각보다 많은 분들이 보시는 것 같아서 명령어를 붙여넣기 식으로 수정했습니다.

기본적으로 명령어는 root 로 실행하여 sudo 명령어를 사용하지 않았습니다.

설치 시 반드시 계정 유의하여 설치하세요.

공식 설치 문서도 참고하세요.

https://kubernetes.io/ko/docs/setup/production-environment/tools/kubeadm/

환경 설정

ㅇ OS: Ubuntu 24.04.1 LTS

ㅇ node

  - k8s-master: 192.168.0.205

  - k8s-node1: 192.168.0.206

  - k8s-node2: 192.168.0.207

1. 공통 설정 (대상 node: k8s-master, k8s-node1, k8s-node2)

1. Swap 비활성화

#swap 비활성화
swapoff -a

#부팅 시 swap 비화설화 설정
sed -i 's/^\/swap/\#\/swap/g' /etc/fstab

2. 네트워크 모듈 및 sysctl 설정

# 네트워크 모듈 로드
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

# sysctl 파라미터 설정
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# sysctl 파라미터 적용
sysctl --system

3. 컨테이너 설치

(저는 그냥 Docker 설치했습니다. 최근은 Docker에 포함되어 있는 Containerd를 사용한다고 하네요)

# Docker 설치 (containerd 포함)
apt install -y docker.io

# containerd 설정 파일 생성 및 수정
mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml

# containerd 설정 파일 중 SystemdCgroup를 false -> true로 수정
sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml

# containerd 서비스 재시작
systemctl restart containerd.service

4. 쿠버네티스 설치하기

# 쿠버네티스 apt 리포지터리를 사용하는 데 필요한 패키지를 설치
apt install -y apt-transport-https ca-certificates curl

# 구글 클라우드의 공객 사이닝 키를 다운로드 (저는 버전 1.29로 했습니다. 최신버전은 비추)
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

# apt 리포지터리 추가 (저는 버전 1.29로 했습니다. 최신버전은 비추)
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

# apt 리포지터리 업데이트
apt update

# 쿠버네티스 설치
apt install -y kubelet kubeadm kubectl

# 쿠버네티스 버전 고정
apt-mark hold kubelet kubeadm kubectl

2. 노드별 쿠버네티스 설정하기

1. 마스터 노트 설정 (대상 node: k8s-master)

# 쿠버네티스 초기화 및 pod 네트워크 설정
kubeadm init --apiserver-advertise-address=192.168.0.205 --pod-network-cidr=10.1.0.0/16

# 위 명령어 결과 값 중 마스터 노드 설정
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

2. 워커 노트 설정 (대상 node: k8s-node1, k8s-node2)

# kubeadm init --apiserver-advertise-address=192.168.0.205 --pod-network-cidr=10.1.0.0/16 실행 후 나온 설정 값 값
kubeadm join 192.168.0.205:6443 --token rv50n5.cj04tpgfr9eqm9x4 \
--discovery-token-ca-cert-hash sha256:cef9cb71a8fa8ac2943f6252b0f7c3777cbbd2a5b4134e96755c9f2cf3c5a250

root@k8s-master:~# kubeadm init --apiserver-advertise-address=192.168.0.205 --pod-network-cidr=10.1.0.0/16
I1113 00:17:29.745593    5069 version.go:256] remote version is much newer: v1.31.2; falling back to: stable-1.29
[init] Using Kubernetes version: v1.29.10
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
W1113 00:17:46.621371    5069 checks.go:835] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.k8s.io/pause:3.9" as the CRI sandbox image.
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.205]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.0.205 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.0.205 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "super-admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 5.501103 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node k8s-master as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: rv50n5.cj04tpgfr9eqm9x4
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.0.205:6443 --token rv50n5.cj04tpgfr9eqm9x4 \
--discovery-token-ca-cert-hash sha256:cef9cb71a8fa8ac2943f6252b0f7c3777cbbd2a5b4134e96755c9f2cf3c5a250 
root@k8s-master:~#

root@k8s-node1:~# kubeadm join 192.168.0.205:6443 --token rv50n5.cj04tpgfr9eqm9x4 \
        --discovery-token-ca-cert-hash sha256:cef9cb71a8fa8ac2943f6252b0f7c3777cbbd2a5b4134e96755c9f2cf3c5a250
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

root@k8s-node1:~#

3. calico 설치 (대상 node: k8s-master)

아래 공식 사이트 기술문서 참고하세요.

https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.0/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.29.0/manifests/custom-resources.yaml

# 아래의 명령어 중 --pod-network-cidr 설정한 주소 대역으로 변경
# kubeadm init --apiserver-advertise-address=192.168.0.205 --pod-network-cidr=10.1.0.0/16
sed -i 's/192.168.0.0\/16/10.1.0.0\/16/g' ./custom-resources.yaml

kubectl create -f ./custom-resources.yaml

kubeadm reset 실행 시 아래와 같은 경우 로그가 있는 경우 

root@kube-master-node:~# kubeadm reset
W1103 01:58:36.260832    3368 preflight.go:56] [reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W1103 01:58:37.907191    3368 removeetcdmember.go:106] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
W1103 01:58:49.601400    3368 cleanupnode.go:105] [reset] Failed to remove containers: failed to stop running pod 6b252a18cbc126dfa84ab65398a3fafd8c286fcee46aa4fad81cd1c6b4c2a9f4: rpc error: code = Unknown desc = failed to stop container "93f58c2fc0ce6a5914f62c94a9c2b4ce8d734e265c882fd3694a5b2e25face7d": failed to kill container "93f58c2fc0ce6a5914f62c94a9c2b4ce8d734e265c882fd3694a5b2e25face7d": unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied
: unknown
[reset] Deleting contents of directories: [/etc/kubernetes/manifests /var/lib/kubelet /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/super-admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
root@kube-master-node:~#

아래 명령어로 초기화 실행

root@kube-master-node:~# kubeadm reset --cri-socket unix:///run/containerd/containerd.sock -v 5

root@kube-master-node:~# kubeadm reset --cri-socket unix:///run/containerd/containerd.sock -v 5
I1103 02:01:20.182111    3547 reset.go:126] [reset] Could not obtain a client set from the kubeconfig file: /etc/kubernetes/admin.conf
W1103 02:01:20.182155    3547 preflight.go:56] [reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
I1103 02:01:22.840828    3547 removeetcdmember.go:60] [reset] Checking for etcd config
W1103 02:01:22.840847    3547 removeetcdmember.go:106] [reset] No kubeadm config, using etcd pod spec to get data directory
I1103 02:01:22.840896    3547 cleanupnode.go:65] [reset] Getting init system
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
I1103 02:01:22.844032    3547 cleanupnode.go:103] [reset] Removing Kubernetes-managed containers
[reset] Deleting contents of directories: [/etc/kubernetes/manifests /var/lib/kubelet /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/super-admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
root@kube-master-node:~#

kubeadm init --apiserver-advertise-address=<마스터 노드 IP> --pod-network-cidr=<사용할 사설 IP>

# pod 이름 및 상태 확인
root@kube-master-node:~/demo# kubectl get all -o wide


# pod의 상태가 Terminating으로 되어 있고, 종료되지 않을 때
# 명령어: kubkubectl delete pods <파드 이름> --grace-period=0 --force
root@kube-master-node:~/demo# kubectl delete pods nginx-deployment-5d56d949b-ghfvd --grace-period=0 --force

파드 삭제 전

파드 삭제 후

root@kube-master-node:/kube# kubectl get no
NAME               STATUS   ROLES           AGE   VERSION
kube-master-node   Ready    control-plane   80m   v1.31.2
kube-worker1       Ready    <none>          54m   v1.31.2
kube-worker2       Ready    <none>          54m   v1.31.2
root@kube-master-node:/kube# kubectl label node kube-worker1 node-role.kubernetes.io/worker=
node/kube-worker1 labeled
root@kube-master-node:/kube# kubectl get no
NAME               STATUS   ROLES           AGE   VERSION
kube-master-node   Ready    control-plane   82m   v1.31.2
kube-worker1       Ready    worker          55m   v1.31.2
kube-worker2       Ready    <none>          55m   v1.31.2
root@kube-master-node:/kube# kubectl label node kube-worker2 node-role.kubernetes.io/worker=
node/kube-worker2 labeled
root@kube-master-node:/kube# kubectl get no
NAME               STATUS   ROLES           AGE   VERSION
kube-master-node   Ready    control-plane   82m   v1.31.2
kube-worker1       Ready    worker          56m   v1.31.2
kube-worker2       Ready    worker          56m   v1.31.2
root@kube-master-node:/kube# kubectl label node kube-master-node node-role.kubernetes.io/master=
node/kube-master-node labeled
root@kube-master-node:/kube# kubectl get no
NAME               STATUS   ROLES                  AGE   VERSION
kube-master-node   Ready    control-plane,master   82m   v1.31.2
kube-worker1       Ready    worker                 56m   v1.31.2
kube-worker2       Ready    worker                 56m   v1.31.2
root@kube-master-node:/kube#
root@kube-master-node:/kube# kubectl label node kube-worker1 node-role.kubernetes.io/worker-
node/kube-worker1 unlabeled
root@kube-master-node:/kube# kubectl get no
NAME               STATUS   ROLES                  AGE   VERSION
kube-master-node   Ready    control-plane,master   88m   v1.31.2
kube-worker1       Ready    <none>                 61m   v1.31.2
kube-worker2       Ready    worker                 61m   v1.31.2
root@kube-master-node:/kube# kubectl label node kube-worker1 node-role.kubernetes.io/worker=
node/kube-worker1 labeled
root@kube-master-node:/kube# kubectl get no
NAME               STATUS   ROLES                  AGE   VERSION
kube-master-node   Ready    control-plane,master   90m   v1.31.2
kube-worker1       Ready    worker                 63m   v1.31.2
kube-worker2       Ready    worker                 63m   v1.31.2
root@kube-master-node:/kube#

우분투 설치 방법입니다.

우분투 사이트에서 ISO 파일을 다운로드 받습니다.

https://ubuntu.com/download/desktop

다운로드 받은 이미지는 아래의 위치에서 업로드해 줍니다.

Proxmox -> Datacenter -> local -> ISO Images -> Upload

VM을 생성합니다.

부팅 후 리눅스 설치를 시작합니다.

설치 완료

설치 후 아래 2가지 설정하기

https://dirt-spoon.tistory.com/181

https://dirt-spoon.tistory.com/182

[썰 풉니다]

얼마전 이사를 하면서, 드디어 100Mbps 회선에서 500Mbps 회선으로 교체를 했습니다.

그.런.데.

이전까지는 모뎀이 있고, 그 이후에 공유기를 연결하는 방식으로 구성되었습니다.

현재는 통신사 연결 모뎀이 바로 공유기 역할을 하네요.

그래서 현재 사용 중인 공유기로 바꿔서 사용해도 되는지 기사님께 여쭈어 보니, "2P 500Mbps 이상 지원하면 가능하다." 라고 하셨습니다.

당연히 저는 비~~싼 공유기를 사용하고 있어서 될거라고 했더니, 그게 아니라네요.

2P 500Mbps 지원 여부가 중요한거라고 하네요.

그리고 제 공유기는 4년 전꺼라서 기능이 후져졌으니, 제공하는 모뎀겸 공유기를 사용하라고 하시네요.

여기서 욱 했습니다.

현재 사용 중인 공유기가 넷기어 RAX200 입니다.

아직 현역 중에서도 최상위에 속하는 제품인데..... ㅠㅠ 아주 슬펐습니다.

그런데, 제 공유기로 인터넷 회선을 직접 연결해보니... 100Mbps만 나오네요ㅠㅠ

"2P 500Mbps"를 설명 해주지 않아 몰라서, 인터넷 써칭을 해보니 이런 내용이었습니다.

통신사에서 인터넷 개통 시, 가정집에 모뎀 설치 전 선 연결이 UTP는 4P(8가닥) 케이블 전부 연결해야 하는데, 4가닥(2P)만 연결하는 경우가 많이 있습니다. 일반적인 공유기는 무조건 UTP의 4P(8가닥)를 전부 연결해야 합니다. 그래야 공유기가 1Gbps를 지원합니다.

그런데 공유기 중 옵션에 UTP 2P 500Mbps 지원은 아무래도, 특정 모델들이 가능한 것으로 보입니다.

예로, 통신사가 설치해 주는 모뎀겸 공유기!!

네!!! 넷기어 RAX200 제품도 2P 500Mbps 이상 지원이 불가합니다. ㅠㅠ

[결론]

저 같은 경우 보유한 공유기가 좋을 뿐더러, Port forwarding으로 정책 설정이 되어 있어서, 제 개인 공유기로 인터넷을 연결하고 싶었습니다.

해결방법은 생각보다 간단했습니다.

통신사에서 제공하는 모뎀겸 공유기를 공유기로 사용하지 않고 모뎀으로 용도를 변경하면 해결됩니다.

저와 같은 상황에 처하신 분이 있다면, 저처럼 해메이지 않길 바랍니다.

ㅇ 모델명: 머큐리 GW-ME611R

   - 운영모드: NAT -> Bridge