kubernetes worker node 수동 추가

 

사전 작업

node(EC2) 준비

앞에서 kubernetes cluster를 설치하기 위해 Node를 준비했던 것 처럼 kubeadm까지 설치를 진행

[참고]https://dev-tobe.tistory.com/9

kubernetes cluster 수동 설치(w/aws)

kubelet, kubectl 을 생략하고 아래와 같이 kubeadm을 설치한 것은 약간의 차이점. 

sudo yum install -y kubeadm --disableexcludes=kubernetes

 

 

Node 추가하기

준비한 node를 아래와 같은 절차로 작업을 진행.

 

[참고]https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#join-nodes

Creating a cluster with kubeadm

 

control-plane 설치시 기록해두지 않았다면 아래와 같이 token 및 hash 확인 가능

[root@ip-10-180-16-34 ~]# kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
zvb9pz.jarq7z66m8297w95   20h         2024-03-09T01:36:51Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

[root@ip-10-180-16-34 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
>    openssl dgst -sha256 -hex | sed 's/^.* //'
9175b0f698c8b7514f6670502a07717df3ee793d1077c0bac1280a2d172caf73

 

node 추가

[root@ip-10-180-16-9 ~]# kubeadm join 10.180.16.34:6443 --token zvb9pz.jarq7z66m8297w95 --discovery-token-ca-cert-hash sha256:9175b0f698c8b7514f6670502a07717df3ee793d1077c0bac1280a2d172caf73
[preflight] Running pre-flight checks
        [WARNING FileExisting-tc]: tc not found in system path
        [WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

 

 

확인

순조롭게 준비한 node가 Cluster에 추가되고, 일부 DemonSet에 의한 pod가 추가된 node에서 서비스 됨.

[ec2-user@ip-10-180-16-34 ~]$ k get no
NAME                                              STATUS   ROLES           AGE    VERSION
ip-10-180-16-34.ap-northeast-2.compute.internal   Ready    control-plane   4h2m   v1.29.2
ip-10-180-16-9.ap-northeast-2.compute.internal    Ready    <none>          100s   v1.29.2

 

 

 

Trouble Shooting

cilium-agent: required IPv4 PodCIDR not available

일반적인 경우 발생하지 않을 것으로 예상되나, 현재 Cluster는 최소의 비용으로 유지하기 위해 Operator(Deplioyment: cilium-operator)를 Stop 상태로 운영 중이다. 신규 Node Join시 'cilium-agent' Pod에서 'required IPv4 PodCIDR not available'  경고가 출력됐는데, 이 때 cilium-operator를 잠시 켜서 'cilium-agent' Pod를 Running 상태로 만들면 문제 해결 가능하다.