IT 잡지식/DevOps

[CKA] KodeKloud - Deploy Network Solution

쯀리♥️ 2024. 8. 8. 22:23

안녕하세요, 쯀리입니다.

오늘은 Deploy Network Solution강의에대해 살펴보겠습니다. 

 


Quiz.

1. In this practice test we will install weave-net POD networking solution to the cluster. Let us first inspect the setup. We have deployed an application called app in the default namespace. What is the state of the pod?

controlplane ~ ➜  k get po
NAME   READY   STATUS              RESTARTS   AGE
app    0/1     ContainerCreating   0          83s

controlplane ~ ➜  k describe po app
 Type     Reason                  Age                 From               Message
  ----     ------                  ----                ----               -------
  Normal   Scheduled               117s                default-scheduler  Successfully assigned default/app to controlplane
  Warning  FailedCreatePodSandBox  116s                kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "549578934bcb90e5fb70e8700d68cf8d70543a5646913e186d7336efcf2c15d9": plugin type="weave-net" name="weave" failed (add): unable to allocate IP address: Post "http://127.0.0.1:6784/ip/549578934bcb90e5fb70e8700d68cf8d70543a5646913e186d7336efcf2c15d9": dial tcp 127.0.0.1:6784: connect: connection refused
  Normal   SandboxChanged          1s (x10 over 115s)  kubelet            Pod sandbox changed, it will be killed and re-created.

Pod가 Failed되어 다시 만들기를 반복하고 있습니다.

2. Inspect why the POD is not running.

에러 내용:

Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "549578934bcb90e5fb70e8700d68cf8d70543a5646913e186d7336efcf2c15d9": plugin type="weave-net" name="weave" failed (add): unable to allocate IP address: Post "http://127.0.0.1:6784/ip/549578934bcb90e5fb70e8700d68cf8d70543a5646913e186d7336efcf2c15d9": dial tcp 127.0.0.1:6784: connect: connection refused

Kubernetes 클러스터에서 Weave Net CNI 플러그인을 사용하여 네트워크를 설정하는 과정에서 문제가 발생했음을 나타냅니다.
특히, Weave Net이 IP 주소를 할당하려고 할 때, 로컬 호스트(127.0.0.1)의 포트 6784로의 연결이 거부되었습니다

No Network Configured

 

3. Deploy weave-net networking solution to the cluster.
NOTE: - We already have provided a weave manifest file under the /root/weave directory.

controlplane ~/weave ➜  ls
weave-daemonset-k8s.yaml

controlplane ~/weave ➜  k apply -f weave-daemonset-k8s.yaml 
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.apps/weave-net created

 

매니페스트 내용을 살펴볼까요? 

apiVersion: v1
kind: List
items:
  - apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: weave-net
      labels:
        name: weave-net
      namespace: kube-system
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: weave-net
      labels:
        name: weave-net
    rules:
      - apiGroups:
          - ''
        resources:
          - pods
          - namespaces
          - nodes
        verbs:
          - get
          - list
          - watch
      - apiGroups:
          - extensions
        resources:
          - networkpolicies
        verbs:
          - get
          - list
          - watch
      - apiGroups:
          - 'networking.k8s.io'
        resources:
          - networkpolicies
        verbs:
          - get
          - list
          - watch
      - apiGroups:
        - ''
        resources:
        - nodes/status
        verbs:
        - patch
        - update
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: weave-net
      labels:
        name: weave-net
    roleRef:
      kind: ClusterRole
      name: weave-net
      apiGroup: rbac.authorization.k8s.io
    subjects:
      - kind: ServiceAccount
        name: weave-net
        namespace: kube-system
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      name: weave-net
      namespace: kube-system
      labels:
        name: weave-net
    rules:
      - apiGroups:
          - ''
        resources:
          - configmaps
        resourceNames:
          - weave-net
        verbs:
          - get
          - update
      - apiGroups:
          - ''
        resources:
          - configmaps
        verbs:
          - create
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: weave-net
      namespace: kube-system
      labels:
        name: weave-net
    roleRef:
      kind: Role
      name: weave-net
      apiGroup: rbac.authorization.k8s.io
    subjects:
      - kind: ServiceAccount
        name: weave-net
        namespace: kube-system
  - apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: weave-net
      labels:
        name: weave-net
      namespace: kube-system
    spec:
      # Wait 5 seconds to let pod connect before rolling next pod
      selector:
        matchLabels:
          name: weave-net
      minReadySeconds: 5
      template:
        metadata:
          labels:
            name: weave-net
        spec:
          initContainers:
            - name: weave-init
              image: 'weaveworks/weave-kube:2.8.1'
              command:
                - /home/weave/init.sh
              env:
              securityContext:
                privileged: true
              volumeMounts:
                - name: cni-bin
                  mountPath: /host/opt
                - name: cni-bin2
                  mountPath: /host/home
                - name: cni-conf
                  mountPath: /host/etc
                - name: lib-modules
                  mountPath: /lib/modules
                - name: xtables-lock
                  mountPath: /run/xtables.lock
                  readOnly: false
          containers:
            - name: weave
              command:
                - /home/weave/launch.sh
              env:
                - name: IPALLOC_RANGE
                  value: 10.32.1.0/24
                - name: INIT_CONTAINER
                  value: "true"
                - name: HOSTNAME
                  valueFrom:
                    fieldRef:
                      apiVersion: v1
                      fieldPath: spec.nodeName
              image: 'weaveworks/weave-kube:2.8.1'
              readinessProbe:
                httpGet:
                  host: 127.0.0.1
                  path: /status
                  port: 6784
              resources:
                requests:
                  cpu: 50m
              securityContext:
                privileged: true
              volumeMounts:
                - name: weavedb
                  mountPath: /weavedb
                - name: dbus
                  mountPath: /host/var/lib/dbus
                  readOnly: true
                - mountPath: /host/etc/machine-id
                  name: cni-machine-id
                  readOnly: true
                - name: xtables-lock
                  mountPath: /run/xtables.lock
                  readOnly: false
            - name: weave-npc
              env:
                - name: HOSTNAME
                  valueFrom:
                    fieldRef:
                      apiVersion: v1
                      fieldPath: spec.nodeName
              image: 'weaveworks/weave-npc:2.8.1'
#npc-args
              resources:
                requests:
                  cpu: 50m
              securityContext:
                privileged: true
              volumeMounts:
                - name: xtables-lock
                  mountPath: /run/xtables.lock
                  readOnly: false
          hostNetwork: true
          dnsPolicy: ClusterFirstWithHostNet
          hostPID: false
          restartPolicy: Always
          securityContext:
            seLinuxOptions: {}
          serviceAccountName: weave-net
          tolerations:
            - effect: NoSchedule
              operator: Exists
            - effect: NoExecute
              operator: Exists
          volumes:
            - name: weavedb
              hostPath:
                path: /var/lib/weave
            - name: cni-bin
              hostPath:
                path: /opt
            - name: cni-bin2
              hostPath:
                path: /home
            - name: cni-conf
              hostPath:
                path: /etc
            - name: cni-machine-id
              hostPath:
                path: /etc/machine-id
            - name: dbus
              hostPath:
                path: /var/lib/dbus
            - name: lib-modules
              hostPath:
                path: /lib/modules
            - name: xtables-lock
              hostPath:
                path: /run/xtables.lock
                type: FileOrCreate
          priorityClassName: system-node-critical
      updateStrategy:
        type: RollingUpdate

 

Pod또한 Running으로 변한것을 확인했습니다. 

controlplane ~ ➜  k get po
NAME   READY   STATUS    RESTARTS   AGE
app    1/1     Running   0          7m18s

 

weave로 CNI가 설정되어있고 6784 포트 리스닝 상태였지만 실행되지 않았던 이유는  Weave Net 데몬이 실행되지 않았기 때문입니다. 

controlplane /etc/cni/net.d ➜  ls
10-weave.conflist

controlplane /etc/cni/net.d ➜  netstat -tuln | grep 6784
tcp        0      0 127.0.0.1:6784          0.0.0.0:*               LISTEN     
udp        0      0 0.0.0.0:6784            0.0.0.0:*                          
udp6       0      0 :::6784                 :::*

 


 

 


참조

 Udemy Labs - Certified Kubernetes Administrator with Practice Tests