kubeadm 재설정

k8s

kubeadm 재설정

바리새인 2025. 2. 20. 21:18

reset

sudo kubeadm reset -f

# 오류
containerd.sock: connect: no such file or directory
# 확인
sudo systemctl status containerd
# containerd inactive인 경우
sudo systemctl restart containerd

init

sudo kubeadm init --pod-network-cidr=10.244.0.0/16

# 오류
detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.k8s.io/pause:3.9" as the CRI sandbox image.
# 확인
"sandboxImage": "registry.k8s.io/pause:3.8"
# 조치: 3.9로 업데이트
sudo vi /etc/containerd/config.toml
---------------------------
sandbox_image = "registry.k8s.io/pause:3.9"
---------------------------

sudo systemctl restart containerd
sudo crictl info | grep "sandboxImage"
sudo crictl rmi registry.k8s.io/pause:3.8

# 오류
        [ERROR Port-6443]: Port 6443 is in use
        [ERROR Port-10259]: Port 10259 is in use
# 확인
sudo netstat -tulnp | grep -E "6443|10259"
# 조치
sudo systemctl stop kubelet
sudo systemctl stop containerd

# 에러
        [ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists
        [ERROR FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml]: /etc/kubernetes/manifests/kube-controller-manager.yaml already exists
        [ERROR FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml]: /etc/kubernetes/manifests/kube-scheduler.yaml already exists
        [ERROR FileAvailable--etc-kubernetes-manifests-etcd.yaml]: /etc/kubernetes/manifests/etcd.yaml already exists
#조치
sudo systemctl stop kubelet
sudo kubeadm reset -f
sudo systemctl restart containerd
sudo systemctl restart kubelet

확인

kubectl get nodes

# 오류
couldn't get current server API group list: Get "https://192.168.0.3:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
# 확인
sudo crictl ps | grep kube-apiserver
sudo kubeadm certs check-expiration
ls -l /etc/kubernetes/admin.conf
# 조치
sudo chmod 655 /etc/kubernetes/admin.conf
export KUBECONFIG=/etc/kubernetes/admin.conf

# 오류
Get "https://192.168.0.3:6443/api/v1/nodes?limit=500": dial tcp 192.168.0.3:6443: connect: connection refused - error from a previous attempt: http2: server sent GOAWAY and closed the connection; LastStreamID=1, ErrCode=NO_ERROR, debug=""
# 확인
sudo crictl ps | grep kube-apiserver
ls -l /etc/kubernetes/manifests/kube-apiserver.yaml
# 조치: 디렉토리 조회 권한 부여
sudo chmod +rx /etc/kubernetes/manifests/
sudo systemctl restart kubelet

# 오류
The connection to the server 192.168.0.3:6443 was refused - did you specify the right host or port?
# 확인
sudo crictl ps | grep kube-apiserver
sudo netstat -tulnp | grep 6443
# 조치
sudo systemctl restart kubelet
sudo crictl ps | grep kube-apiserver
ls -l /etc/kubernetes/admin.conf
sudo cp /etc/kubernetes/kubelet.conf /etc/kubernetes/admin.conf
sudo chown root:root /etc/kubernetes/admin.conf
sudo chmod 644 /etc/kubernetes/admin.conf
export KUBECONFIG=/etc/kubernetes/admin.conf

# 오류
Error in configuration:
* unable to read client-cert /var/lib/kubelet/pki/kubelet-client-current.pem for system:node:barisein-thinkpad-x220 due to open /var/lib/kubelet/pki/kubelet-client-current.pem: permission denied
* unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem for system:node:barisein-thinkpad-x220 due to open /var/lib/kubelet/pki/kubelet-client-current.pem: permission denied
# 조치
sudo chmod +rx /var/lib/kubelet/
sudo systemctl restart kubelet

# 오류
kubeConfig file /etc/kubernetes/admin.conf does not have an embedded client certificate
sudo kubeadm init phase kubeconfig all
sudo systemctl restart kubelet
sudo systemctl restart containerd