Dockershim
AWS EKS v1.23 부터는 Dockershim 지원이 제거 될 예정입니다. CRI 를 Containerd 나 CRI-O 로 미리 변경 해두기를 권장합니다.
하필 나는 v1.22를 사용하고 있어서 CRI를 Dockershim을 쓰고 있었다..
DDS를 이용하여 사용하고 있는 쿠버네티스가 영향받는지 확인할 수 있다.
Detector for Docker Socket (DDS) : 클러스터 내에 docker.sock 볼륨 사용하는 파드(deployment, job/cron, statefulset, daemonset) 를 검출해주는 툴
kubectl krew로 간편하게 설치할 수 있다.
아래 내용을 터미널에 입력한다. (zsh 기준)
zsh
(
set -x; cd "$(mktemp -d)" &&
OS="$(uname | tr '[:upper:]' '[:lower:]')" &&
ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" &&
KREW="krew-${OS}_${ARCH}" &&
curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" &&
tar zxvf "${KREW}.tar.gz" &&
./"${KREW}" install krew
)output
+-zsh:4> mktemp -d
+-zsh:4> cd /var/folders/ln/0_wkm4ns5qz2w4txqnvptq9r0000gp/T/tmp.Trwp6edN
+-zsh:5> OS=+-zsh:5> uname
+-zsh:5> OS=+-zsh:5> tr '[:upper:]' '[:lower:]'
+-zsh:5> OS=darwin
+-zsh:6> ARCH=+-zsh:6> uname -m
+-zsh:6> ARCH=+-zsh:6> sed -e s/x86_64/amd64/ -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/'
+-zsh:6> ARCH=amd64
+-zsh:7> KREW=krew-darwin_amd64
+-zsh:8> curl -fsSLO https://github.com/kubernetes-sigs/krew/releases/latest/download/krew-darwin_amd64.tar.gz
+-zsh:9> tar zxvf krew-darwin_amd64.tar.gz
x ./LICENSE
x ./krew-darwin_amd64
+-zsh:10> ./krew-darwin_amd64 install krew
Adding "default" plugin index from https://github.com/kubernetes-sigs/krew-index.git.
Updated the local copy of plugin index.
Installing plugin: krew
Installed plugin: krew
\
| Use this plugin:
| kubectl krew
| Documentation:
| https://krew.sigs.k8s.io/
| Caveats:
| \
| | krew is now installed! To start using kubectl plugins, you need to add
| | krew's installation directory to your PATH:
| |
| | * macOS/Linux:
| | - Add the following to your ~/.bashrc or ~/.zshrc:
| | export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
| | - Restart your shell.
| |
| | * Windows: Add %USERPROFILE%\.krew\bin to your PATH environment variable
| |
| | To list krew commands and to get help, run:
| | $ kubectl krew
| | For a full list of available plugins, run:
| | $ kubectl krew search
| |
| | You can find documentation at
| | https://krew.sigs.k8s.io/docs/user-guide/quickstart/.
| /
/Command Path 지정을 위해 아래 파일에 등록해준다.
~/.zshrc
export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"kubectl krew 명령어로 Detector for Docker Socket (DDS) 설치한다.
❯ kubectl krew install dds ⎈ Linkshops-EKS
Updated the local copy of plugin index.
Installing plugin: dds
Installed plugin: dds
\
| Use this plugin:
| kubectl dds
| Documentation:
| https://github.com/aws-containers/kubectl-detector-for-docker-socket
| Caveats:
| \
| | * If your docker socket is mounted at a different path name it will not
| | be checked.
| /
/
WARNING: You installed plugin "dds" from the krew-index plugin repository.
These plugins are not audited for security by the Krew maintainers.
Run them at your own risk.검출 테스트를 위해 샘플 리소스 배포한다.
❯ git clone https://github.com/aws-containers/kubectl-detector-for-docker-socket
❯ kubectl apply -f kubectl-detector-for-docker-socket/test/manifests/kube-system 네임스페이스 내에서 검출
❯ kubectl dds --namespace kube-system
NAMESPACE TYPE NAME STATUS
kube-system pod pod-docker-volume mounted
❯ kubectl describe pod -n kube-system pod-docker-volume | grep Volumes: -A4
Volumes:
dockersock:
Type: HostPath (bare host directory volume)
Path: /var/run/docker.sock
HostPathType:모든 네임스페이스 내에서 검출
❯ kubectl dds
NAMESPACE TYPE NAME STATUS
default deployment deploy-docker-volume mounted
default daemonset ds-docker-volume mounted
default statefulset ss-docker-volume mounted
default job job-docker-volume mounted
default cron cron-docker-volume mounted
kube-system pod pod-docker-volume mounted
test1 deployment deploy-docker-volume mounted테스트 배포삭제
kubectl delete -f kubectl-detector-for-docker-socket/test/manifests/managedNodeGroups 생성 시 CRI 를 Containerd 사용 설정 (예시)
# eks 최적화 AMI 이미지 ID 변수 지정
EKS_VERSION=1.22
AMI_ID=$(aws ssm get-parameter --name /aws/service/eks/optimized-ami/${EKS_VERSION}/amazon-linux-2/recommended/image_id --query "Parameter.Value" --output text)
# 노드그룹 생성을 위한 설정 파일 생성
CLUSTER_NAME=myeks
AWS_DEFAULT_REGION=ap-northeast-2
cat > eksctl-containerd.yaml <<EOF
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: ${CLUSTER_NAME}
region: ${AWS_DEFAULT_REGION}
managedNodeGroups:
- name: containerd
instanceType: t3.medium
ami: ${AMI_ID}
overrideBootstrapCommand: |
#!/bin/bash
/etc/eks/bootstrap.sh ${CLUSTER_NAME} --container-runtime containerd
EOF
# 노드그룹 생성
eksctl create nodegroup --config-file eksctl-containerd.yaml
# 추가된 노드에 CRI 정보 확인 : containerd
kubectl get node -o=custom-columns=NAME:.metadata.name,CONTAINER-RUNTIME:.status.nodeInfo.containerRuntimeVersion
NAME CONTAINER-RUNTIME
ip-192-168-1-143.ap-northeast-2.compute.internal docker://20.10.13
ip-192-168-1-155.ap-northeast-2.compute.internal containerd://1.4.13
ip-192-168-2-166.ap-northeast-2.compute.internal containerd://1.4.13
ip-192-168-2-205.ap-northeast-2.compute.internal docker://20.10.13
# 추가한 노드그룹 삭제
eksctl delete nodegroup --cluster $CLUSTER_NAME --region $AWS_DEFAULT_REGION --name containerd출처 : CloudNet@Blog
https://www.notion.so/AWS-EKS-kubernetes-1-22-Tip-a1cbf1ee96724b2a9ffcc6ed09bb3de4
사용자의 기억법