https://www.ios-net.co.jp/blog/20230621-1179/
Maybe we can at least try to understand how Kubernetes works first by exploring the mechanism of load-balancing the HTTP traffic. Those clever people who managed to develop Kubernetes should have considered almost every stuff required to healthily manage their resources so that they provide services such as like Google search and so on...Why don't we try to mock some wonderful configuration of a Kubernetes cluster with vmhost-1?いつも Kubernetes の勉強に毎回挫折していたのは明確なゴールがイメージできていなかったからではないか。今回はロードバランサーを挟んで L4 レベルでの振り分けができるようになることを期待して何かをしてみたい。単にできることや実現したくなることを見つめなさすぎたんだと思い、これはプログラミングに漠然とした興味があっても何もかけなかった頃と似ているような気がした。https://thinkit.co.jp/article/18188 やった。
cloud-init で 6 台の VM に静的 IP 降って k8s cluster を作ってみた。Pod 間は Calico によって通信されるらしい。
Ultra-Coins 管理セグメントで VM それぞれのために IP アドレスを割り当てるのは(DHCP でやっているので記帳しなくてもいいのが楽だとしても)おそらく /24 の範囲でしか払い出していない DHCP リースを幾らか食うことになるしトラフィックを若干汚すだろうと思ったので適当な NAT 箱を https://qiita.com/akikito/items/d6f0742ceb6bbc68344e で作った。kubectl delete pod nginx --force しちゃったけど、これは管理対象から強制的に外しているだけで nginx のコンテナ自体は生き残っていそうでダメそう。ubuntu@k8s-master1:~$ kubectl describe pod nginx
Name: nginx
Namespace: default
Priority: 0
Service Account: default
Node: k8s-worker3/10.0.100.112
Start Time: Wed, 06 Mar 2024 19:48:45 +0000
Labels: <none>
Annotations: cni.projectcalico.org/containerID: 9e71c793c98cfa78e8600deb8cd962dc7b16992bbd80311079f54d8d3fcd898b
cni.projectcalico.org/podIP: 192.168.100.194/32
cni.projectcalico.org/podIPs: 192.168.100.194/32
Status: Terminating (lasts 98s)
Termination Grace Period: 30s
IP: 192.168.100.194
IPs:
IP: 192.168.100.194
Containers:
nginx:
Container ID: containerd://7ffe9acbe9044e14032b6d3b8f3b47c9c56d6142535e40eb3050df4e000f5af7
Image: nginx:1.17
Image ID: docker.io/library/nginx@sha256:6fff55753e3b34e36e24e37039ee9eae1fe38a6420d8ae16ef37c92d1eb26699
Port: <none>
Host Port: <none>
State: Running
Started: Wed, 06 Mar 2024 19:48:53 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-gg4lf (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-gg4lf:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m12s default-scheduler Successfully assigned default/nginx to k8s-worker3
Normal Pulling 3m11s kubelet Pulling image "nginx:1.17"
Normal Pulled 3m4s kubelet Successfully pulled image "nginx:1.17" in 7.568s (7.568s including waiting)
Normal Created 3m4s kubelet Created container nginx
Normal Started 3m4s kubelet Started container nginx
Warning FailedKillPod 2m8s kubelet error killing pod: [failed to "KillContainer" for "nginx" with KillContainerError: "rpc error: code = Unknown desc = failed to stop container \"7ffe9acbe9044e14032b6d3b8f3b47c9c56d6142535e40eb3050df4e000f5af7\": unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n: unknown", failed to "KillPodSandbox" for "237c37c3-927b-438a-b428-6bbbae3f3af4" with KillPodSandboxError: "rpc error: code = Unknown desc = failed to stop container \"7ffe9acbe9044e14032b6d3b8f3b47c9c56d6142535e40eb3050df4e000f5af7\": failed to kill container \"7ffe9acbe9044e14032b6d3b8f3b47c9c56d6142535e40eb3050df4e000f5af7\": unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n: unknown"]
Normal Killing 31s (x4 over 2m8s) kubelet Stopping container nginx
Warning FailedKillPod 1s (x3 over 85s) kubelet error killing pod: [failed to "KillContainer" for "nginx" with KillContainerError: "rpc error: code = Unknown desc = failed to kill container \"7ffe9acbe9044e14032b6d3b8f3b47c9c56d6142535e40eb3050df4e000f5af7\": unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n: unknown", failed to "KillPodSandbox" for "237c37c3-927b-438a-b428-6bbbae3f3af4" with KillPodSandboxError: "rpc error: code = Unknown desc = failed to stop container \"7ffe9acbe9044e14032b6d3b8f3b47c9c56d6142535e40eb3050df4e000f5af7\": failed to kill container \"7ffe9acbe9044e14032b6d3b8f3b47c9c56d6142535e40eb3050df4e000f5af7\": unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n: unknown"]
https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd-systemd やったけど terminate 失敗する。
sudo ctr -n k8s.io c ls で残骸が見える。
runc を実行しているユーザが特権を持っていない気がするけど、そんなことあるのか?
茨城県警察運転免許センターに来た。職員の方々の訛り方が中学校のときの厳しかった先生に似ている気がする。
k8s cluster 作り直し中
containerd installation https://github.com/containerd/containerd/blob/main/docs/getting-started.md
https://qiita.com/rokuosan/items/f236164e37a451f9aed8 に沿って作り直したら pod の kill にも成功するようになった。runc の installation が若干おかしかったのかなPods can be deployed with Deployments. LoadBalancer is one of the Services. External IP that can be used to access to the LB from outside the cluster is automatically assigned only if there’s an installation of implementation of LoadBalancer such as like MetalLB.
To install MetalLB, apply the manifest file: https://metallb.universe.tf/installation/#installation-by-manifest
This isn’t still enough to get the External IP assigned. It seems like we need to set up the IP range for those external IP addresses with ConfigMap.
https://qiita.com/prodigy413/items/3a24ff85819dc5eafe25#configmap-%E4%BD%9C%E6%88%90 After applying an ConfigMap, we haven’t still not getting it though...
東京駅に着きそうなので後で再開する。神田から鴬谷まで散歩した。