CKA 예제 리마인더 - 30. Service Networking

클러스터에 속한 노드의 network range는 무엇인가요?

controlplane ~ ➜  kubectl get node -o wide
NAME           STATUS   ROLES           AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION   CONTAINER-RUNTIME
controlplane   Ready    control-plane   27m   v1.31.0   192.7.26.12   <none>        Ubuntu 22.04.4 LTS   5.4.0-1106-gcp   containerd://1.6.26
node01         Ready    <none>          26m   v1.31.0   192.7.26.3    <none>        Ubuntu 22.04.4 LTS   5.4.0-1106-gcp   containerd://1.6.26




클러스터의 pod의 ip addresses range는 무엇인가요?

controlplane ~ ➜  kubectl run busybox --image=busybox -- sleep 1000
pod/busybox created

controlplane ~ ➜  kubectl exec busybox -- ip route
default via 10.244.192.0 dev eth0 
10.244.0.0/16 dev eth0 scope link  src 10.244.192.1


or


kubectl logs [weave pod name] -n kube-system




svc의 ip range는 무엇인가요?

cd /etc/kubernetes/manifests/

ls

controlplane /etc/kubernetes/manifests ➜  cat kube-apiserver.yaml 
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadhttp://m.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.7.26.12:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=192.7.26.12
    - --allow-privileged=true
    - --authorization-mode=Node,RBAC
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --enable-admission-plugins=NodeRestriction
    - --enable-bootstrap-token-auth=true
    - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
    - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
    - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
    - --etcd-servers=https://127.0.0.1:2379
    - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
    - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    - --requestheader-allowed-names=front-proxy-client
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User
    - --secure-port=6443
    - --service-account-issuer=https://kubernetes.default.svc.cluster.local
    - --service-account-key-file=/etc/kubernetes/pki/sa.pub
    - --service-account-signing-key-file=/etc/kubernetes/pki/sa.key
    - --service-cluster-ip-range=10.96.0.0/12
    - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
    - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key

service-cluster-ip-range 는 10.96.0.0/12




kube-proxy 파드는 어떤 proxy 타입을 사용하고 있나요?

kubectl get po -A

controlplane ~ ✖ kubectl logs kube-proxy-ccnbt -n kube-system
I0103 08:12:06.529612       1 server_linux.go:66] "Using iptables proxy"
I0103 08:12:06.690822       1 server.go:677] "Successfully retrieved node IP(s)" IPs=["192.7.26.12"]
I0103 08:12:06.713928       1 conntrack.go:60] "Setting nf_conntrack_max" nfConntrackMax=1179648
I0103 08:12:06.715274       1 conntrack.go:121] "Set sysctl" entry="net/netfilter/nf_conntrack_tcp_timeout_established" value=86400
E0103 08:12:06.716418       1 server.go:234] "Kube-proxy configuration may be incomplete or incorrect" err="nodePortAddresses is unset; NodePort connections will be accepted on all local IPs. Consider using `--nodeport-addresses primary`"
I0103 08:12:06.736368       1 server.go:243] "kube-proxy running in dual-stack mode" primary ipFamily="IPv4"
I0103 08:12:06.736428       1 server_linux.go:169] "Using iptables Proxier"
I0103 08:12:06.738748       1 proxier.go:255] "Setting route_localnet=1 to allow node-ports on localhost; to change this either disable iptables.localhostNodePorts (--iptables-localhost-nodeports) or set nodePortAddresses (--nodeport-addresses) to filter loopback addresses" ipFamily="IPv4"
I0103 08:12:06.759042       1 server.go:483] "Version info" version="v1.31.0"
I0103 08:12:06.759067       1 server.go:485] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK=""
I0103 08:12:06.761296       1 config.go:326] "Starting node config controller"
I0103 08:12:06.761348       1 shared_informer.go:313] Waiting for caches to sync for node config
I0103 08:12:06.761451       1 config.go:197] "Starting service config controller"
I0103 08:12:06.761496       1 shared_informer.go:313] Waiting for caches to sync for service config
I0103 08:12:06.761533       1 config.go:104] "Starting endpoint slice config controller"
I0103 08:12:06.761545       1 shared_informer.go:313] Waiting for caches to sync for endpoint slice config
I0103 08:12:06.861851       1 shared_informer.go:320] Caches are synced for node config
I0103 08:12:06.861863       1 shared_informer.go:320] Caches are synced for endpoint slice config
I0103 08:12:06.861908       1 shared_informer.go:320] Caches are synced for service config




클러스터에 kube-proxy pod를 배포하기 위해 어떤 방법을 사용하고 있나요?

kubectl edit po [kube-proxy pod name]

kind: DaemonSet 확인


or

controlplane ~ ✖ kubectl get all -A
NAMESPACE     NAME                                       READY   STATUS    RESTARTS      AGE
kube-system   pod/coredns-77d6fd4654-j7kb2               1/1     Running   0             46m
kube-system   pod/coredns-77d6fd4654-z5zx4               1/1     Running   0             46m
kube-system   pod/etcd-controlplane                      1/1     Running   0             46m
kube-system   pod/kube-apiserver-controlplane            1/1     Running   0             46m
kube-system   pod/kube-controller-manager-controlplane   1/1     Running   0             46m
kube-system   pod/kube-proxy-ccnbt                       1/1     Running   0             46m
kube-system   pod/kube-proxy-rbsg7                       1/1     Running   0             45m
kube-system   pod/kube-scheduler-controlplane            1/1     Running   0             46m
kube-system   pod/weave-net-vfwkf                        2/2     Running   1 (46m ago)   46m
kube-system   pod/weave-net-zq27k                        2/2     Running   0             45m

NAMESPACE     NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
default       service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP                  46m
kube-system   service/kube-dns     ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   46m

NAMESPACE     NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
kube-system   daemonset.apps/kube-proxy   2         2         2       2            2           kubernetes.io/os=linux   46m
kube-system   daemonset.apps/weave-net    2         2         2       2            2           <none>                   46m

NAMESPACE     NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   deployment.apps/coredns   2/2     2            2           46m

NAMESPACE     NAME                                 DESIRED   CURRENT   READY   AGE
kube-system   replicaset.apps/coredns-77d6fd4654   2         2         2       46m