[CKA] KodeKloud - Deploy Network Solution
안녕하세요, 쯀리입니다.
오늘은 Deploy Network Solution강의에대해 살펴보겠습니다.
Quiz.
1. In this practice test we will install weave-net POD networking solution to the cluster. Let us first inspect the setup. We have deployed an application called app in the default namespace. What is the state of the pod?
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
app 0/1 ContainerCreating 0 83s
controlplane ~ ➜ k describe po app
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 117s default-scheduler Successfully assigned default/app to controlplane
Warning FailedCreatePodSandBox 116s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "549578934bcb90e5fb70e8700d68cf8d70543a5646913e186d7336efcf2c15d9": plugin type="weave-net" name="weave" failed (add): unable to allocate IP address: Post "http://127.0.0.1:6784/ip/549578934bcb90e5fb70e8700d68cf8d70543a5646913e186d7336efcf2c15d9": dial tcp 127.0.0.1:6784: connect: connection refused
Normal SandboxChanged 1s (x10 over 115s) kubelet Pod sandbox changed, it will be killed and re-created.
Pod가 Failed되어 다시 만들기를 반복하고 있습니다.
2. Inspect why the POD is not running.
에러 내용:
Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "549578934bcb90e5fb70e8700d68cf8d70543a5646913e186d7336efcf2c15d9": plugin type="weave-net" name="weave" failed (add): unable to allocate IP address: Post "http://127.0.0.1:6784/ip/549578934bcb90e5fb70e8700d68cf8d70543a5646913e186d7336efcf2c15d9": dial tcp 127.0.0.1:6784: connect: connection refused
Kubernetes 클러스터에서 Weave Net CNI 플러그인을 사용하여 네트워크를 설정하는 과정에서 문제가 발생했음을 나타냅니다.
특히, Weave Net이 IP 주소를 할당하려고 할 때, 로컬 호스트(127.0.0.1)의 포트 6784로의 연결이 거부되었습니다
No Network Configured
3. Deploy weave-net networking solution to the cluster.
NOTE: - We already have provided a weave manifest file under the /root/weave directory.
controlplane ~/weave ➜ ls
weave-daemonset-k8s.yaml
controlplane ~/weave ➜ k apply -f weave-daemonset-k8s.yaml
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.apps/weave-net created
매니페스트 내용을 살펴볼까요?
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
labels:
name: weave-net
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- pods
- namespaces
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- nodes/status
verbs:
- patch
- update
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: weave-net
labels:
name: weave-net
roleRef:
kind: ClusterRole
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- weave-net
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
roleRef:
kind: Role
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
- apiVersion: apps/v1
kind: DaemonSet
metadata:
name: weave-net
labels:
name: weave-net
namespace: kube-system
spec:
# Wait 5 seconds to let pod connect before rolling next pod
selector:
matchLabels:
name: weave-net
minReadySeconds: 5
template:
metadata:
labels:
name: weave-net
spec:
initContainers:
- name: weave-init
image: 'weaveworks/weave-kube:2.8.1'
command:
- /home/weave/init.sh
env:
securityContext:
privileged: true
volumeMounts:
- name: cni-bin
mountPath: /host/opt
- name: cni-bin2
mountPath: /host/home
- name: cni-conf
mountPath: /host/etc
- name: lib-modules
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
containers:
- name: weave
command:
- /home/weave/launch.sh
env:
- name: IPALLOC_RANGE
value: 10.32.1.0/24
- name: INIT_CONTAINER
value: "true"
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-kube:2.8.1'
readinessProbe:
httpGet:
host: 127.0.0.1
path: /status
port: 6784
resources:
requests:
cpu: 50m
securityContext:
privileged: true
volumeMounts:
- name: weavedb
mountPath: /weavedb
- name: dbus
mountPath: /host/var/lib/dbus
readOnly: true
- mountPath: /host/etc/machine-id
name: cni-machine-id
readOnly: true
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: weave-npc
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-npc:2.8.1'
#npc-args
resources:
requests:
cpu: 50m
securityContext:
privileged: true
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: false
restartPolicy: Always
securityContext:
seLinuxOptions: {}
serviceAccountName: weave-net
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
volumes:
- name: weavedb
hostPath:
path: /var/lib/weave
- name: cni-bin
hostPath:
path: /opt
- name: cni-bin2
hostPath:
path: /home
- name: cni-conf
hostPath:
path: /etc
- name: cni-machine-id
hostPath:
path: /etc/machine-id
- name: dbus
hostPath:
path: /var/lib/dbus
- name: lib-modules
hostPath:
path: /lib/modules
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
priorityClassName: system-node-critical
updateStrategy:
type: RollingUpdate
Pod또한 Running으로 변한것을 확인했습니다.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
app 1/1 Running 0 7m18s
weave로 CNI가 설정되어있고 6784 포트 리스닝 상태였지만 실행되지 않았던 이유는 Weave Net 데몬이 실행되지 않았기 때문입니다.
controlplane /etc/cni/net.d ➜ ls
10-weave.conflist
controlplane /etc/cni/net.d ➜ netstat -tuln | grep 6784
tcp 0 0 127.0.0.1:6784 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:6784 0.0.0.0:*
udp6 0 0 :::6784 :::*
참조
※ Udemy Labs - Certified Kubernetes Administrator with Practice Tests