Kubernetes 쿠버네티스 CKA (Udemy 강의#04)

섹션 6 : Cluster Maintenance 

121) OS Upgrades

 

kubectl drain node-1 -> 파드들 잠시 다른곳으로 가도록 

kubectl cordon node-2 -> 스케줄링 못하게 

kubectl uncordon node-1 -> 스케줄링 다시 가능하도록

 

Lab and Solutions

 

kubectl drain node01 --ignore-daemonsets

 

 

v1.11.3

Major.Minor.Patch 

 

126) Cluster Upgrade Process

 

버전 

kube-apiserver X

controller-manager / kube-scheduler X-1 or X

kubelet / kube-proxy X-2, X-1 or X

 

kubectl  X+1 > X-1

kubeadm upgrade plan

 

kubectl get nodes

apt-get upgrade -y kubelet=1.23.0-00

systemctl restart kubelet

kubectl get nodes

 

kubectl drain node-1

apt-get upgrade -y kubeadm=1.12.0-00

apt-get upgrade -y kubelet=1.12.0-00

kubeadm upgrade node config --kubelet-version v1.12.0

systemctl restart kubelet

 

kubectl uncordon node-1

 

127) Demo - Cluster Upgrade

 

cat /etc/"release"

apt update

apt-cache madison kubeadm

 

apt-mark unhold kubeadm && \ apt-get update && apt-get install -y kubeadm=1.25.10-00 && \ apt-mark hold kubeadm

kubeadm version

kubeadm upgrade plan

 

sudo kubeadm upgrade apply v1.25.10

 

kubectl drain controlplane --ignore-daemonsets

kubectl get node

apt-mark unhold kubelet kubectl && \ apt-get update && apt-get install -y kubelet=1.25.10-00 kubectl=1.25.10-00 && \ apt-mark hold kubelet kubectl

sudo systemctl daemon-reload

sudo systemctl restart kubelet

kubectl get node

kubectl uncordon controlplane

 

ssh node01

apt-mark unhold kubeadm && \ apt-get update && apt-get install -y kubeadm=1.25.10-00 && \ apt-mark hold kubeadm

sudo kubeadm upgrade node

kubectl drain node01 --ignore-daemonsets 

kubectl get node

apt-mark unhold kubelet kubectl && \ apt-get update && apt-get install -y kubelet=1.25.10-00 kubectl=1.25.10-00 && \ apt-mark hold kubelet kubectl

sudo systemctl daemon-reload

sudo systemctl restart kubelet

kubectl get node

kubectl uncordon node01

 

 

 

kubectl describe node | grep Taints

 

130) Backup and Restore Methods

 

Github 에 파일 저장해두는 방식의 Backup 

혹은 Resource Configuration 으로 백업

kubectl get all --all-namespaces -o yaml > all-deploy-services.yaml

 

ETCD - Cluster Backup (클러스터 정보)

 

service kube-apiserver stop

etcdctl \ snapshot restore nsapshot.db \ --date-dir /var/lib/etcd-from-backup

 

--data-dri=/var/lib/etcd-from-backup (etcd.service)

 

systemctl daemon-reload

service etcd restart

 

Lab and Solutions

 

ETCD 버전 확인하기 - kubectl get pods -n kube-system

kubectl describe pod etcd-controlplane -n kube-system

 

ETCD snap shot - ls /etc/kubernetes/manifests

vi /etc/kubernetes/manifests/etcd.yaml

 

백업하기

 

ETCDCTL_API=3 etcdctl snapshot

export ETCDCTL_API=3

etcdctl snapshot

etcdctl snaphot save --endpoints=127.0.0.1:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \

--cert=/etc/kubernetes/pki/etcd/server.crt \

--key=/etc/kubernetes/pki/etcd/server.key \

/opt/snapshot-pre-boot.db

 

6번에서 솔루션 보면서 명령어 하나하나 넣었는데 그대로 되지 않았다...

ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 \
> --cacert=/etc/kubernetes/pki/etcd/ca.crt \
> --cert=/etc/kubernetes/pki/etcd/server.crt \
> --key=/etc/kubernetes/pki/etcd/server.key \
> snapshot save /opt/snapshot-pre-boot.db
Snapshot saved at /opt/snapshot-pre-boot.db

 

kubectl get deploy

kubectl get pods

kubectl get service

 

etcdctl snapshot restore --data-dir /var/lib/etcd-from-backup /opt/snapshot-pre-boot.db

ls /var/lib/etcd-from-backup

vi /etc/kubernetes/manifests/etcd.yaml

 

Hostpath 의 etcd-data 의 경로를 변경 /var/lib/etcd-from-backup

command 라인과 mountpath 는 일치해야하나

hostpath 는 변경해도 괜찮 (name 으로 연결되어있기 때문에)

 

kubectl get pods -n kube-system (run 상태 기다라기)

 

kubectl describe pod etcd-controlplane -n kube-system

kubectl delete pod tecd-controlplane -n kube-system

kubectl get pods -n kube-system

 

갈수록 복잡해지는 느낌...!!!

 

Lab and Solution #2

 

kubectl config view

kubectl config use-context cluster1

 

kubectl get pods -n kube-system

kubectl describe pod kube-apiserver-cluster1-controlplane -n kube-system

 

ssh cluster2-controlplane

cd /etc/kubernetes/manifests/

ls

kubectl get pods -n kube-system

kubectl describe pod kube-apiserver-cluster1-controlplane 의 etcd-server ip 어드레스 확인

 

ps -ef | grep -i etcd 

etcdctl member list

ETCDCTL_API=3 etcdctl --endpoints= --cacert= --cert= --key= --member list

 

scp cluster1-controlplane:/opt/cluster1.db /opt/ cluster1-controlplane 에 있는 파일 복사해오기

 scp /opt/cluster2.db etcd-server:/root etcd-server 로 파일 보내기

 

 

마지막 문항이 너무 복잡하고 길다

강의 내용을 벗어난 범위도 많아서 다시 공부해야할것같다!

 

 

이번 섹션도 끝이 났다

다음은 무려 4시간의 Security Part ..!!