25๋ ๋ Cilium Study 1๊ธฐ ์ ๋ฆฌ ๊ธ์ ๋๋ค.
kind ํด๋ฌ์คํฐ ๋ฐฐํฌ
# west
kind create cluster --name west --image kindest/node:v1.33.2 --config - <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 30000 # sample apps
hostPort: 30000
- containerPort: 30001 # hubble ui
hostPort: 30001
- role: worker
extraPortMappings:
- containerPort: 30002 # sample apps
hostPort: 30002
networking:
podSubnet: "10.0.0.0/16"
serviceSubnet: "10.2.0.0/16"
disableDefaultCNI: true
kubeProxyMode: none
EOF
docker exec -it west-control-plane sh -c 'apt update && apt install tree psmisc lsof wget net-tools dnsutils tcpdump ngrep iputils-ping git -y'
docker exec -it west-worker sh -c 'apt update && apt install tree psmisc lsof wget net-tools dnsutils tcpdump ngrep iputils-ping git -y'
# East
kind create cluster --name east --image kindest/node:v1.33.2 --config - <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 31000 # sample apps
hostPort: 31000
- containerPort: 31001 # hubble ui
hostPort: 31001
- role: worker
extraPortMappings:
- containerPort: 31002 # sample apps
hostPort: 31002
networking:
podSubnet: "10.1.0.0/16"
serviceSubnet: "10.3.0.0/16"
disableDefaultCNI: true
kubeProxyMode: none
EOF
docker exec -it east-control-plane sh -c 'apt update && apt install tree psmisc lsof wget net-tools dnsutils tcpdump ngrep iputils-ping git -y'
docker exec -it east-worker sh -c 'apt update && apt install tree psmisc lsof wget net-tools dnsutils tcpdump ngrep iputils-ping git -y'k get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-674b8bbfcf-jb744 0/1 Pending 0 3m
kube-system coredns-674b8bbfcf-nkxpb 0/1 Pending 0 3m
kube-system etcd-west-control-plane 1/1 Running 0 3m8s
kube-system kube-apiserver-west-control-plane 1/1 Running 0 3m8s
kube-system kube-controller-manager-west-control-plane 1/1 Running 0 3m8s
kube-system kube-scheduler-west-control-plane 1/1 Running 0 3m8s
local-path-storage local-path-provisioner-7dc846544d-k9klb 0/1 Pending 0 3m
์์ง ๋คํธ์ํฌ cni๊ฐ ์๊น๋ ค์์ผ๋ฏ๋ก ํ๋๊ฐ ์ ์์ ์ผ๋ก ๊ธฐ๋๋์ง ์๊ณ ์๋ค.
cilium ์ค์น
brew install cilium-clicilium install --version 1.17.6 --set ipam.mode=kubernetes \
--set kubeProxyReplacement=true --set bpf.masquerade=true \
--set endpointHealthChecking.enabled=false --set healthChecking=false \
--set operator.replicas=1 --set debug.enabled=true \
--set routingMode=native --set autoDirectNodeRoutes=true --set ipv4NativeRoutingCIDR=10.0.0.0/16 \
--set ipMasqAgent.enabled=true --set ipMasqAgent.config.nonMasqueradeCIDRs='{10.1.0.0/16}' \
--set cluster.name=west --set cluster.id=1 \
--context kind-west
cilium install --version 1.17.6 --set ipam.mode=kubernetes \
--set kubeProxyReplacement=true --set bpf.masquerade=true \
--set endpointHealthChecking.enabled=false --set healthChecking=false \
--set operator.replicas=1 --set debug.enabled=true \
--set routingMode=native --set autoDirectNodeRoutes=true --set ipv4NativeRoutingCIDR=10.1.0.0/16 \
--set ipMasqAgent.enabled=true --set ipMasqAgent.config.nonMasqueradeCIDRs='{10.0.0.0/16}' \
--set cluster.name=east --set cluster.id=2 \
--context kind-east
ํ๋๊ฐ ์ฌ๋ผ์ฌ ๋๊น์ง ์กฐ๊ธ ์๊ฐ์ด ๊ฑธ๋ฆฌ๋๋ฐ(ํ 5๋ถ?) ๋ค ์ฌ๋ผ์ค๊ณ ๋๋ฉด ๋ชจ๋ ํ๋๋ค์ด ๋ฌ๋ ์ํ๋ก ๋ฐ๋๋ค.
์ํ ํ์ธ
kwest get pod -A && keast get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system cilium-envoy-jfnpd 1/1 Running 0 3m23s
kube-system cilium-envoy-v8c45 1/1 Running 0 3m23s
kube-system cilium-gl54x 1/1 Running 0 3m23s
kube-system cilium-operator-65c89f5685-h2kks 1/1 Running 0 3m23s
kube-system cilium-w7vk9 1/1 Running 0 3m23s
kube-system coredns-674b8bbfcf-jb744 1/1 Running 0 37m
kube-system coredns-674b8bbfcf-nkxpb 1/1 Running 0 37m
kube-system etcd-west-control-plane 1/1 Running 0 37m
kube-system kube-apiserver-west-control-plane 1/1 Running 0 37m
kube-system kube-controller-manager-west-control-plane 1/1 Running 0 37m
kube-system kube-scheduler-west-control-plane 1/1 Running 0 37m
local-path-storage local-path-provisioner-7dc846544d-k9klb 1/1 Running 0 37m
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system cilium-envoy-9xrss 1/1 Running 0 2m59s
kube-system cilium-envoy-npq4q 1/1 Running 0 2m59s
kube-system cilium-jmlgt 1/1 Running 0 2m59s
kube-system cilium-operator-86cc56ccbb-zpdvn 1/1 Running 0 2m59s
kube-system cilium-t5mpn 1/1 Running 0 2m59s
kube-system coredns-674b8bbfcf-jcjgg 1/1 Running 0 31m
kube-system coredns-674b8bbfcf-xnx4g 1/1 Running 0 31m
kube-system etcd-east-control-plane 1/1 Running 0 31m
kube-system kube-apiserver-east-control-plane 1/1 Running 0 31m
kube-system kube-controller-manager-east-control-plane 1/1 Running 0 31m
kube-system kube-scheduler-east-control-plane 1/1 Running 0 31m
local-path-storage local-path-provisioner-7dc846544d-fctpp 1/1 Running 0 31m
kwest -n kube-system exec ds/cilium -c cilium-agent -- cilium-dbg bpf ipmasq list
IP PREFIX/ADDRESS
10.1.0.0/16
169.254.0.0/16
keast -n kube-system exec ds/cilium -c cilium-agent -- cilium-dbg bpf ipmasq list
IP PREFIX/ADDRESS
10.0.0.0/16
169.254.0.0/16
kubectl describe cm -n kube-system coredns --context kind-west | grep kubernetes
kubernetes cluster.local in-addr.arpa ip6.arpa {
kubectl describe cm -n kube-system coredns --context kind-west | grep kubernetes
kubernetes cluster.local in-addr.arpa ip6.arpa {
๋ผ์ฐํ ์ ๋ณด ํ์ธ
west-control-plane (docker IP: 192.168.97.3)
default via 192.168.97.1 dev eth0
10.0.0.0/24 via 10.0.0.235 dev cilium_host src 10.0.0.235 # ๋ก์ปฌ PodCIDR
10.0.0.235 dev cilium_host scope link
10.0.1.0/24 via 192.168.97.2 dev eth0 # ์๊ฒฉ(์์ปค) PodCIDR
192.168.97.0/24 dev eth0 src 192.168.97.3
๋ก์ปฌ PodCIDR: 10.0.0.0/24 (๊ฒ์ดํธ์จ์ด = cilium_host 10.0.0.235)
์๊ฒฉ PodCIDR: 10.0.1.0/24 → west-worker(192.168.97.2) ๋ก ์ ๋ฌwest-worker (docker IP: 192.168.97.2)
default via 192.168.97.1 dev eth0
10.0.0.0/24 via 192.168.97.3 dev eth0 # ์๊ฒฉ(์ปจํธ๋กค) PodCIDR
10.0.1.0/24 via 10.0.1.76 dev cilium_host src 10.0.1.76 # ๋ก์ปฌ PodCIDR
10.0.1.76 dev cilium_host scope link
192.168.97.0/24 dev eth0 src 192.168.97.2
๋ก์ปฌ PodCIDR: 10.0.1.0/24 (๊ฒ์ดํธ์จ์ด = cilium_host 10.0.1.76)
์๊ฒฉ PodCIDR: 10.0.0.0/24 → west-control-plane(192.168.97.3) ๋ก ์ ๋ฌeast-control-plane (docker IP: 192.168.97.4)
default via 192.168.97.1 dev eth0
10.1.0.0/24 via 10.1.0.7 dev cilium_host src 10.1.0.7 # ๋ก์ปฌ PodCIDR
10.1.0.7 dev cilium_host scope link
10.1.1.0/24 via 192.168.97.5 dev eth0 # ์๊ฒฉ(์์ปค) PodCIDR
192.168.97.0/24 dev eth0 src 192.168.97.4
๋ก์ปฌ PodCIDR: 10.1.0.0/24 (๊ฒ์ดํธ์จ์ด = cilium_host 10.1.0.7)
์๊ฒฉ PodCIDR: 10.1.1.0/24 → east-worker(192.168.97.5) ๋ก ์ ๋ฌeast-worker (docker IP: 192.168.97.5)
default via 192.168.97.1 dev eth0
10.1.0.0/24 via 192.168.97.4 dev eth0 # ์๊ฒฉ(์ปจํธ๋กค) PodCIDR
10.1.1.0/24 via 10.1.1.73 dev cilium_host src 10.1.1.73 # ๋ก์ปฌ PodCIDR
10.1.1.73 dev cilium_host scope link
192.168.97.0/24 dev eth0 src 192.168.97.5
๋ก์ปฌ PodCIDR: 10.1.1.0/24 (๊ฒ์ดํธ์จ์ด = cilium_host 10.1.1.73)
์๊ฒฉ PodCIDR: 10.1.0.0/24 → east-control-plane(192.168.97.4) ๋ก ์ ๋ฌ
ํ์ฌ๋ east ↔ west ํด๋ฌ์คํฐ ๊ฐ ํต์ ์ ์ ๋๋๋ฐ, ๊ทธ ์ด์ ๋ ๊ฐ๊ฐ์ ๋ ธ๋๋ค์ ๋ผ์ฐํ ์ ์๊ธฐ ํด๋ฌ์คํฐ PodCIDR๋ง ์๊ณ ( west=10.0.0.0/16, east=10.1.0.0/16), ์๋ ํด๋ฌ์คํฐ CIDR๋ก ๊ฐ๋ ๊ฒฝ๋ก๊ฐ ์๋ค.
๋ ํด๋ฌ์คํฐ๊ฐ ๋์ผํ Cilium ๋ฃจํธ CA๋ฅผ ๊ณต์
๎ฐ keast get secret -n kube-system cilium-ca
keast delete secret -n kube-system cilium-ca
NAME TYPE DATA AGE
cilium-ca Opaque 2 46m
secret "cilium-ca" deleted
loopy ๎ฐ ~/cilium-lab๎ฐ
๎ฐ kubectl --context kind-west get secret -n kube-system cilium-ca -o yaml | \
kubectl --context kind-east create -f -
secret/cilium-ca created
๎ฐ keast get secret -n kube-system cilium-ca
NAME TYPE DATA AGE
cilium-ca Opaque 2 3m34s
ํด๋ฌ์คํฐ ๋ฉ์ฌ
cilium clustermesh enable --service-type NodePort --enable-kvstoremesh=false --context kind-west
cilium clustermesh enable --service-type NodePort --enable-kvstoremesh=false --context kind-east
# ๋ชจ๋ํฐ๋ง
cilium clustermesh status --context kind-west --wait
cilium clustermesh status --context kind-east --wait
kwest get svc,ep -n kube-system clustermesh-apiserver --context kind-west
Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/clustermesh-apiserver NodePort 10.2.160.3 <none> 2379:32379/TCP 111s
NAME ENDPOINTS AGE
endpoints/clustermesh-apiserver 10.0.1.127:2379 111s
๎ฐ kwest get pod -n kube-system -owide | grep clustermesh
clustermesh-apiserver-5cf45db9cc-4lpzj 2/2 Running 0 2m13s 10.0.1.127 west-worker <none> <none>
clustermesh-apiserver-generate-certs-mtrrt 0/1 Completed 0 2m13s 192.168.97.2 west-worker <none> <none>
ํด๋ฌ์คํฐ ์ฐ๊ฒฐ
cilium clustermesh connect --context kind-west --destination-context kind-east
# ๋ชจ๋ํฐ๋ง
cilium clustermesh status --context kind-west --wait
cilium clustermesh status --context kind-east --wait
# ํ์ธ
kubectl exec -it -n kube-system ds/cilium -c cilium-agent --context kind-west -- cilium-dbg troubleshoot clustermesh
kubectl exec -it -n kube-system ds/cilium -c cilium-agent --context kind-east -- cilium-dbg troubleshoot clustermesh |
 |
๎ฐ helm get values -n kube-system cilium --kube-context kind-east
USER-SUPPLIED VALUES:
autoDirectNodeRoutes: true
bpf:
masquerade: true
cluster:
id: 2
name: east
clustermesh:
apiserver:
kvstoremesh:
enabled: false
service:
type: NodePort
tls:
auto:
enabled: true
method: cronJob
schedule: 0 0 1 */4 *
config:
clusters:
- ips:
- 192.168.97.3
name: west # ์ค์ ์ถ๊ฐ๋จ
port: 32379
enabled: true
useAPIServer: true
debug:
enabled: true
endpointHealthChecking:
enabled: false
healthChecking: false
ipMasqAgent:
config:
nonMasqueradeCIDRs:
- 10.0.0.0/16
enabled: true
ipam:
mode: kubernetes
ipv4NativeRoutingCIDR: 10.1.0.0/16
k8sServiceHost: 192.168.97.4
k8sServicePort: 6443
kubeProxyReplacement: true
operator:
replicas: 1
routingMode: native๎ฐ helm get values -n kube-system cilium --kube-context kind-west
USER-SUPPLIED VALUES:
autoDirectNodeRoutes: true
bpf:
masquerade: true
cluster:
id: 1
name: west
clustermesh:
apiserver:
kvstoremesh:
enabled: false
service:
type: NodePort
tls:
auto:
enabled: true
method: cronJob
schedule: 0 0 1 */4 *
config:
clusters:
- ips:
- 192.168.97.4
name: east # ์ค์ ์ถ๊ฐ๋จ
port: 32379
enabled: true
useAPIServer: true
debug:
enabled: true
endpointHealthChecking:
enabled: false
healthChecking: false
ipMasqAgent:
config:
nonMasqueradeCIDRs:
- 10.1.0.0/16
enabled: true
ipam:
mode: kubernetes
ipv4NativeRoutingCIDR: 10.0.0.0/16
k8sServiceHost: 192.168.97.3
k8sServicePort: 6443
kubeProxyReplacement: true
operator:
replicas: 1
routingMode: native
์ถ๊ฐ๋ ๋ผ์ฐํ ํ์ธ
docker exec -it west-control-plane ip -c route
default via 192.168.97.1 dev eth0
10.0.0.0/24 via 10.0.0.235 dev cilium_host proto kernel src 10.0.0.235
10.0.0.235 dev cilium_host proto kernel scope link
10.0.1.0/24 via 192.168.97.2 dev eth0 proto kernel
10.1.0.0/24 via 192.168.97.4 dev eth0 proto kernel # ์ถ๊ฐ
10.1.1.0/24 via 192.168.97.5 dev eth0 proto kernel # ์ถ๊ฐ
192.168.97.0/24 dev eth0 proto kernel scope link src 192.168.97.3
docker exec -it east-control-plane ip -c route
default via 192.168.97.1 dev eth0
10.0.0.0/24 via 192.168.97.3 dev eth0 proto kernel
10.0.1.0/24 via 10.0.1.76 dev cilium_host proto kernel src 10.0.1.76
10.0.1.76 dev cilium_host proto kernel scope link
10.1.0.0/24 via 192.168.97.4 dev eth0 proto kernel # ์ถ๊ฐ
10.1.1.0/24 via 192.168.97.5 dev eth0 proto kernel # ์ถ๊ฐ
192.168.97.0/24 dev eth0 proto kernel scope link src 192.168.97.2
docker exec -it west-worker ip -c route
default via 192.168.97.1 dev eth0
10.0.0.0/24 via 192.168.97.3 dev eth0 proto kernel # ์ถ๊ฐ
10.0.1.0/24 via 192.168.97.2 dev eth0 proto kernel # ์ถ๊ฐ
10.1.0.0/24 via 10.1.0.7 dev cilium_host proto kernel src 10.1.0.7
10.1.0.7 dev cilium_host proto kernel scope link
10.1.1.0/24 via 192.168.97.5 dev eth0 proto kernel
192.168.97.0/24 dev eth0 proto kernel scope link src 192.168.97.4
docker exec -it east-worker ip -c route
default via 192.168.97.1 dev eth0
10.0.0.0/24 via 192.168.97.3 dev eth0 proto kernel # ์ถ๊ฐ
10.0.1.0/24 via 192.168.97.2 dev eth0 proto kernel # ์ถ๊ฐ
10.1.0.0/24 via 192.168.97.4 dev eth0 proto kernel
10.1.1.0/24 via 10.1.1.73 dev cilium_host proto kernel src 10.1.1.73
10.1.1.73 dev cilium_host proto kernel scope link
192.168.97.0/24 dev eth0 proto kernel scope link src 192.168.97.5
์๋ก์ PodCIDR ๊ฒฝ๋ก(10.0/16 ↔ 10.1/16) ๊ฐ ๋ ธ๋ ๋ผ์ฐํ ํ ์ด๋ธ์ ์ถ๊ฐ๋์ด ํด๋ฌ์คํฐ ๊ฐ์ ํต์ ์ด ๊ฐ๋ฅํ๊ฒ ๋์๋ค.
ํ๋ธ ์ค์
๎ฐ helm upgrade cilium cilium/cilium --version 1.17.6 --namespace kube-system --reuse-values \
--set hubble.enabled=true --set hubble.relay.enabled=true --set hubble.ui.enabled=true \
--set hubble.ui.service.type=NodePort --set hubble.ui.service.nodePort=30001 --kube-context kind-west
Release "cilium" has been upgraded. Happy Helming!
NAME: cilium
LAST DEPLOYED: Sat Aug 16 23:45:09 2025
NAMESPACE: kube-system
STATUS: deployed
REVISION: 4
TEST SUITE: None
NOTES:
You have successfully installed Cilium with Hubble Relay and Hubble UI.
Your release version is 1.17.6.
For any further help, visit https://docs.cilium.io/en/v1.17/gettinghelp
๎ฐ kwest -n kube-system rollout restart ds/cilium
daemonset.apps/cilium restarted๎ฐ helm upgrade cilium cilium/cilium --version 1.17.6 --namespace kube-system --reuse-values \
--set hubble.enabled=true --set hubble.relay.enabled=true --set hubble.ui.enabled=true \
--set hubble.ui.service.type=NodePort --set hubble.ui.service.nodePort=31001 --kube-context kind-east
kwest -n kube-system rollout restart ds/cilium
Release "cilium" has been upgraded. Happy Helming!
NAME: cilium
LAST DEPLOYED: Sat Aug 16 23:46:02 2025
NAMESPACE: kube-system
STATUS: deployed
REVISION: 4
TEST SUITE: None
NOTES:
You have successfully installed Cilium with Hubble Relay and Hubble UI.
Your release version is 1.17.6.
For any further help, visit https://docs.cilium.io/en/v1.17/gettinghelp
daemonset.apps/cilium restarted
ํ๋ ํต์ ํ ์คํธ
cat << EOF | kubectl apply --context kind-west -f -
apiVersion: v1
kind: Pod
metadata:
name: curl-pod
labels:
app: curl
spec:
containers:
- name: curl
image: nicolaka/netshoot
command: ["tail"]
args: ["-f", "/dev/null"]
terminationGracePeriodSeconds: 0
EOF
cat << EOF | kubectl apply --context kind-east -f -
apiVersion: v1
kind: Pod
metadata:
name: curl-pod
labels:
app: curl
spec:
containers:
- name: curl
image: nicolaka/netshoot
command: ["tail"]
args: ["-f", "/dev/null"]
terminationGracePeriodSeconds: 0
EOF๎ฐ kwest get pod -owide && keast get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
curl-pod 1/1 Running 0 39s 10.0.1.14 west-worker <none> <none>
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
curl-pod 1/1 Running 0 39s 10.1.1.216 east-worker <none> <none>๎ฐ kubectl exec -it curl-pod --context kind-west -- ping -c 1 10.1.1.216
PING 10.1.1.216 (10.1.1.216) 56(84) bytes of data.
64 bytes from 10.1.1.216: icmp_seq=1 ttl=62 time=0.637 ms
--- 10.1.1.216 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.637/0.637/0.637/0.000 ms
๎ฐ kubectl exec -it curl-pod --context kind-east -- ping -c 1 10.0.1.14
PING 10.0.1.14 (10.0.1.14) 56(84) bytes of data.
64 bytes from 10.0.1.14: icmp_seq=1 ttl=62 time=0.845 ms
--- 10.0.1.14 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.845/0.845/0.845/0.000 ms
๋ก๋๋ฐธ๋ฐ์ ๋ฐฐํฌ
cat << EOF | kubectl apply --context kind-west -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: webpod
spec:
replicas: 2
selector:
matchLabels:
app: webpod
template:
metadata:
labels:
app: webpod
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- sample-app
topologyKey: "kubernetes.io/hostname"
containers:
- name: webpod
image: traefik/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: webpod
labels:
app: webpod
annotations:
service.cilium.io/global: "true"
spec:
selector:
app: webpod
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
EOF
cat << EOF | kubectl apply --context kind-east -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: webpod
spec:
replicas: 2
selector:
matchLabels:
app: webpod
template:
metadata:
labels:
app: webpod
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- sample-app
topologyKey: "kubernetes.io/hostname"
containers:
- name: webpod
image: traefik/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: webpod
labels:
app: webpod
annotations:
service.cilium.io/global: "true"
spec:
selector:
app: webpod
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
EOF๎ฐ kwest get svc,ep webpod && keast get svc,ep webpod
Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/webpod ClusterIP 10.2.238.70 <none> 80/TCP 49s
NAME ENDPOINTS AGE
endpoints/webpod 10.0.1.37:80,10.0.1.71:80 49s
Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/webpod ClusterIP 10.3.226.229 <none> 80/TCP 43s
NAME ENDPOINTS AGE
endpoints/webpod 10.1.1.31:80,10.1.1.38:80 43s๎ฐ kwest exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.2.0.1:443/TCP ClusterIP 1 => 192.168.97.3:6443/TCP (active)
2 10.2.118.236:443/TCP ClusterIP 1 => 192.168.97.2:4244/TCP (active)
3 10.2.0.10:53/UDP ClusterIP 1 => 10.0.1.157:53/UDP (active)
2 => 10.0.1.233:53/UDP (active)
4 10.2.0.10:53/TCP ClusterIP 1 => 10.0.1.157:53/TCP (active)
2 => 10.0.1.233:53/TCP (active)
5 10.2.0.10:9153/TCP ClusterIP 1 => 10.0.1.157:9153/TCP (active)
2 => 10.0.1.233:9153/TCP (active)
6 10.2.160.3:2379/TCP ClusterIP 1 => 10.0.1.127:2379/TCP (active)
7 192.168.97.2:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
9 10.2.232.181:80/TCP ClusterIP 1 => 10.0.1.142:4245/TCP (active)
10 10.2.156.98:80/TCP ClusterIP 1 => 10.0.1.254:8081/TCP (active)
11 192.168.97.2:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
12 0.0.0.0:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
###
13 10.2.238.70:80/TCP ClusterIP 1 => 10.0.1.37:80/TCP (active)
2 => 10.0.1.71:80/TCP (active)
3 => 10.1.1.31:80/TCP (active)
4 => 10.1.1.38:80/TCP (active)
loopy ๎ฐ ~/cilium-lab๎ฐ
๎ฐ keast exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.3.0.1:443/TCP ClusterIP 1 => 192.168.97.4:6443/TCP (active)
2 10.3.35.16:443/TCP ClusterIP 1 => 192.168.97.5:4244/TCP (active)
3 10.3.0.10:53/TCP ClusterIP 1 => 10.1.0.53:53/TCP (active)
2 => 10.1.0.132:53/TCP (active)
4 10.3.0.10:9153/TCP ClusterIP 1 => 10.1.0.53:9153/TCP (active)
2 => 10.1.0.132:9153/TCP (active)
5 10.3.0.10:53/UDP ClusterIP 1 => 10.1.0.53:53/UDP (active)
2 => 10.1.0.132:53/UDP (active)
6 10.3.105.94:2379/TCP ClusterIP 1 => 10.1.1.130:2379/TCP (active)
7 192.168.97.5:32379/TCP NodePort 1 => 10.1.1.130:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.1.1.130:2379/TCP (active)
9 10.3.152.190:80/TCP ClusterIP 1 => 10.1.1.147:4245/TCP (active)
10 10.3.76.135:80/TCP ClusterIP 1 => 10.1.1.1:8081/TCP (active)
11 192.168.97.5:31001/TCP NodePort 1 => 10.1.1.1:8081/TCP (active)
12 0.0.0.0:31001/TCP NodePort 1 => 10.1.1.1:8081/TCP (active)
###
13 10.3.226.229:80/TCP ClusterIP 1 => 10.0.1.37:80/TCP (active)
2 => 10.0.1.71:80/TCP (active)
3 => 10.1.1.31:80/TCP (active)
4 => 10.1.1.38:80/TCP (active)
ํ ClusterIP ์๋น์ค์ ๋ฐฑ์๋๊ฐ ๋ ํด๋ฌ์คํฐ์ ๊ฑธ์ณ ์กด์ฌํจ์ผ๋ก์จ kube-proxy ์์ด Cilium์ด VIP → Pod ๋งคํ์ ๊ด๋ฆฌํ๊ณ
๋ก์ปฌ, ์๊ฒฉ ํ๋๋ฅผ ๋์์ ์๋ํฌ์ธํธ๋ก ๊ฐ์ง ๋ก๋๋ฐธ๋ฐ์ฑ์ด ๊ฐ๋ฅํ๊ฒ ๋๋ค.
๊ทธ๋ฆฌ๊ณ ๋ ํ๋ฆฌ์นด๋ฅผ 0์ผ๋ก ์ค์ฌ๋ ํต์ ์ ์ ์์ ์ผ๋ก ์ํ๋๊ฒ ๋๋๋ฐ,
์๋น์ค ์๋ํฌ์ธํธ๋ฅผ ํด๋ฌ์คํฐ ๊ฐ์ ๋๊ธฐํํ๋ ํด๋ฌ์คํฐ ๋ฉ์ฌ ํํ๋ก ๋์ํ๊ธฐ ๋๋ฌธ์ ๋ก์ปฌ ํ๋๊ฐ 0๊ฐ๋ผ๋ ์๊ฒฉ ํด๋ฌ์คํฐ์ ํ๋๊ฐ ์์ผ๋ฉด ์๋น์ค๋ ์ ์์ ์ผ๋ก ๋์ํ ์ ์๊ฒ ๋๋ค.
๋ก์ปฌ ์ฐ์ ๋ผ์ฐํ (Local Affinity) ์ค์
๎ฐ kwest annotate service webpod service.cilium.io/affinity=local --overwrite
service/webpod annotated
loopy ๎ฐ ~/cilium-lab๎ฐ
๎ฐ
keast annotate service webpod service.cilium.io/affinity=local --overwrite
service/webpod annotated๎ฐ kwest exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.2.0.1:443/TCP ClusterIP 1 => 192.168.97.3:6443/TCP (active)
2 10.2.118.236:443/TCP ClusterIP 1 => 192.168.97.2:4244/TCP (active)
3 10.2.0.10:53/UDP ClusterIP 1 => 10.0.1.157:53/UDP (active)
2 => 10.0.1.233:53/UDP (active)
4 10.2.0.10:53/TCP ClusterIP 1 => 10.0.1.157:53/TCP (active)
2 => 10.0.1.233:53/TCP (active)
5 10.2.0.10:9153/TCP ClusterIP 1 => 10.0.1.157:9153/TCP (active)
2 => 10.0.1.233:9153/TCP (active)
6 10.2.160.3:2379/TCP ClusterIP 1 => 10.0.1.127:2379/TCP (active)
7 192.168.97.2:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
9 10.2.232.181:80/TCP ClusterIP 1 => 10.0.1.142:4245/TCP (active)
10 10.2.156.98:80/TCP ClusterIP 1 => 10.0.1.254:8081/TCP (active)
11 192.168.97.2:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
12 0.0.0.0:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
13 10.2.238.70:80/TCP ClusterIP 1 => 10.1.1.31:80/TCP (active)
2 => 10.1.1.38:80/TCP (active)
3 => 10.0.1.239:80/TCP (active) (preferred)
4 => 10.0.1.146:80/TCP (active) (preferred)
๎ฐ keast exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.3.0.1:443/TCP ClusterIP 1 => 192.168.97.4:6443/TCP (active)
2 10.3.35.16:443/TCP ClusterIP 1 => 192.168.97.5:4244/TCP (active)
3 10.3.0.10:53/TCP ClusterIP 1 => 10.1.0.53:53/TCP (active)
2 => 10.1.0.132:53/TCP (active)
4 10.3.0.10:9153/TCP ClusterIP 1 => 10.1.0.53:9153/TCP (active)
2 => 10.1.0.132:9153/TCP (active)
5 10.3.0.10:53/UDP ClusterIP 1 => 10.1.0.53:53/UDP (active)
2 => 10.1.0.132:53/UDP (active)
6 10.3.105.94:2379/TCP ClusterIP 1 => 10.1.1.130:2379/TCP (active)
7 192.168.97.5:32379/TCP NodePort 1 => 10.1.1.130:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.1.1.130:2379/TCP (active)
9 10.3.152.190:80/TCP ClusterIP 1 => 10.1.1.147:4245/TCP (active)
10 10.3.76.135:80/TCP ClusterIP 1 => 10.1.1.1:8081/TCP (active)
11 192.168.97.5:31001/TCP NodePort 1 => 10.1.1.1:8081/TCP (active)
12 0.0.0.0:31001/TCP NodePort 1 => 10.1.1.1:8081/TCP (active)
13 10.3.226.229:80/TCP ClusterIP 1 => 10.1.1.31:80/TCP (active) (preferred)
2 => 10.1.1.38:80/TCP (active) (preferred)
3 => 10.0.1.239:80/TCP (active)
4 => 10.0.1.146:80/TCP (active)
service.cilium.io/affinity=local์ ClusterMesh ์๋น์ค๊ฐ ๋ก์ปฌ ํ๋๋ฅผ ์ฐ์ ์ ์ผ๋ก ์ฌ์ฉํ๋ ๊ฒ์ ๋ณด์ฅํ๋ ์ค์ ์ด๋ค.
๎ฐ kwest scale deployment webpod --replicas 0
deployment.apps/webpod scaled
loopy ๎ฐ ~/cilium-lab๎ฐ
๎ฐ kwest exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.2.0.1:443/TCP ClusterIP 1 => 192.168.97.3:6443/TCP (active)
2 10.2.118.236:443/TCP ClusterIP 1 => 192.168.97.2:4244/TCP (active)
3 10.2.0.10:53/UDP ClusterIP 1 => 10.0.1.157:53/UDP (active)
2 => 10.0.1.233:53/UDP (active)
4 10.2.0.10:53/TCP ClusterIP 1 => 10.0.1.157:53/TCP (active)
2 => 10.0.1.233:53/TCP (active)
5 10.2.0.10:9153/TCP ClusterIP 1 => 10.0.1.157:9153/TCP (active)
2 => 10.0.1.233:9153/TCP (active)
6 10.2.160.3:2379/TCP ClusterIP 1 => 10.0.1.127:2379/TCP (active)
7 192.168.97.2:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
9 10.2.232.181:80/TCP ClusterIP 1 => 10.0.1.142:4245/TCP (active)
10 10.2.156.98:80/TCP ClusterIP 1 => 10.0.1.254:8081/TCP (active)
11 192.168.97.2:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
12 0.0.0.0:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
13 10.2.238.70:80/TCP ClusterIP 1 => 10.1.1.31:80/TCP (active)
2 => 10.1.1.38:80/TCP (active)
replicas=0์ผ๋ก ์ค์ฌ ๋ก์ปฌ ํ๋๊ฐ ์ฌ๋ผ์ง๋ฉด Cilium์ ์๋์ผ๋ก ์๊ฒฉ ํ๋ ์๋ํฌ์ธํธ๋ง ๋จ๊ฒจ ์๋น์ค ํธ๋ํฝ์ ์ฒ๋ฆฌํ๋ค.
์ด ๋๋ถ์ ์๋น์ค๋ ๋ค์ด๋์ง ์๊ณ ํด๋ฌ์คํฐ ๊ฐ ์๋ failover๊ฐ ๋์ํ๋ค.
์๊ฒฉ ์ฐ์ ์ค์
๎ฐ kwest annotate service webpod service.cilium.io/affinity=remote --overwrite
keast annotate service webpod service.cilium.io/affinity=remote --overwrite
service/webpod annotated
service/webpod annotated
loopy ๎ฐ ~/cilium-lab๎ฐ
๎ฐ kwest describe svc webpod | grep Annotations -A3
keast describe svc webpod | grep Annotations -A3
Annotations: service.cilium.io/affinity: remote
service.cilium.io/global: true
Selector: app=webpod
Type: ClusterIP
Annotations: service.cilium.io/affinity: remote
service.cilium.io/global: true
Selector: app=webpod
Type: ClusterIP๎ฐ kwest exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.2.0.1:443/TCP ClusterIP 1 => 192.168.97.3:6443/TCP (active)
2 10.2.118.236:443/TCP ClusterIP 1 => 192.168.97.2:4244/TCP (active)
3 10.2.0.10:53/UDP ClusterIP 1 => 10.0.1.157:53/UDP (active)
2 => 10.0.1.233:53/UDP (active)
4 10.2.0.10:53/TCP ClusterIP 1 => 10.0.1.157:53/TCP (active)
2 => 10.0.1.233:53/TCP (active)
5 10.2.0.10:9153/TCP ClusterIP 1 => 10.0.1.157:9153/TCP (active)
2 => 10.0.1.233:9153/TCP (active)
6 10.2.160.3:2379/TCP ClusterIP 1 => 10.0.1.127:2379/TCP (active)
7 192.168.97.2:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
9 10.2.232.181:80/TCP ClusterIP 1 => 10.0.1.142:4245/TCP (active)
10 10.2.156.98:80/TCP ClusterIP 1 => 10.0.1.254:8081/TCP (active)
11 192.168.97.2:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
12 0.0.0.0:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
13 10.2.238.70:80/TCP ClusterIP 1 => 10.1.1.31:80/TCP (active) (preferred)
2 => 10.1.1.38:80/TCP (active) (preferred)
3 => 10.0.1.253:80/TCP (active)
4 => 10.0.1.106:80/TCP (active)
keast exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.3.0.1:443/TCP ClusterIP 1 => 192.168.97.4:6443/TCP (active)
2 10.3.35.16:443/TCP ClusterIP 1 => 192.168.97.5:4244/TCP (active)
3 10.3.0.10:53/TCP ClusterIP 1 => 10.1.0.53:53/TCP (active)
2 => 10.1.0.132:53/TCP (active)
4 10.3.0.10:9153/TCP ClusterIP 1 => 10.1.0.53:9153/TCP (active)
2 => 10.1.0.132:9153/TCP (active)
5 10.3.0.10:53/UDP ClusterIP 1 => 10.1.0.53:53/UDP (active)
2 => 10.1.0.132:53/UDP (active)
6 10.3.105.94:2379/TCP ClusterIP 1 => 10.1.1.130:2379/TCP (active)
7 192.168.97.5:32379/TCP NodePort 1 => 10.1.1.130:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.1.1.130:2379/TCP (active)
9 10.3.152.190:80/TCP ClusterIP 1 => 10.1.1.147:4245/TCP (active)
10 10.3.76.135:80/TCP ClusterIP 1 => 10.1.1.1:8081/TCP (active)
11 192.168.97.5:31001/TCP NodePort 1 => 10.1.1.1:8081/TCP (active)
12 0.0.0.0:31001/TCP NodePort 1 => 10.1.1.1:8081/TCP (active)
13 10.3.226.229:80/TCP ClusterIP 1 => 10.1.1.31:80/TCP (active)
2 => 10.1.1.38:80/TCP (active)
3 => 10.0.1.253:80/TCP (active) (preferred)
4 => 10.0.1.106:80/TCP (active) (preferred)
๋ฐ๋ ํด๋ฌ์คํฐ์ ํ๋๋ฅผ ์ฐ์ ์ฌ์ฉํ๋๋ก ์ค์ ํ๋ ์ต์ ์ด๋ค.
๋์ผํ ์ด๋ฆ์ ๊ธ๋ก๋ฒ ์๋น์ค๊ฐ ์ฌ๋ฌ ๋ค์์คํ์ด์ค์์ ๊ณต์
๎ฐ kwest annotate service webpod service.cilium.io/affinity=local --overwrite
keast annotate service webpod service.cilium.io/affinity=local --overwrite
service/webpod annotated
service/webpod annotated
loopy ๎ฐ ~/cilium-lab๎ฐ
๎ฐ kwest describe svc webpod | grep Annotations -A3
keast describe svc webpod | grep Annotations -A3
Annotations: service.cilium.io/affinity: local
service.cilium.io/global: true
Selector: app=webpod
Type: ClusterIP
Annotations: service.cilium.io/affinity: local
service.cilium.io/global: true
Selector: app=webpod
Type: ClusterIP๎ฐ kwest exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.2.0.1:443/TCP ClusterIP 1 => 192.168.97.3:6443/TCP (active)
2 10.2.118.236:443/TCP ClusterIP 1 => 192.168.97.2:4244/TCP (active)
3 10.2.0.10:53/UDP ClusterIP 1 => 10.0.1.157:53/UDP (active)
2 => 10.0.1.233:53/UDP (active)
4 10.2.0.10:53/TCP ClusterIP 1 => 10.0.1.157:53/TCP (active)
2 => 10.0.1.233:53/TCP (active)
5 10.2.0.10:9153/TCP ClusterIP 1 => 10.0.1.157:9153/TCP (active)
2 => 10.0.1.233:9153/TCP (active)
6 10.2.160.3:2379/TCP ClusterIP 1 => 10.0.1.127:2379/TCP (active)
7 192.168.97.2:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.0.1.127:2379/TCP (active)
9 10.2.232.181:80/TCP ClusterIP 1 => 10.0.1.142:4245/TCP (active)
10 10.2.156.98:80/TCP ClusterIP 1 => 10.0.1.254:8081/TCP (active)
11 192.168.97.2:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
12 0.0.0.0:30001/TCP NodePort 1 => 10.0.1.254:8081/TCP (active)
13 10.2.238.70:80/TCP ClusterIP 1 => 10.1.1.31:80/TCP (active)
2 => 10.1.1.38:80/TCP (active)
3 => 10.0.1.253:80/TCP (active) (preferred)
4 => 10.0.1.106:80/TCP (active) (preferred)
keast exec -it -n kube-system ds/cilium -c cilium-agent -- cilium service list --clustermesh-affinity
ID Frontend Service Type Backend
1 10.3.0.1:443/TCP ClusterIP 1 => 192.168.97.4:6443/TCP (active)
2 10.3.35.16:443/TCP ClusterIP 1 => 192.168.97.5:4244/TCP (active)
3 10.3.0.10:53/TCP ClusterIP 1 => 10.1.0.53:53/TCP (active)
2 => 10.1.0.132:53/TCP (active)
4 10.3.0.10:9153/TCP ClusterIP 1 => 10.1.0.53:9153/TCP (active)
2 => 10.1.0.132:9153/TCP (active)
5 10.3.0.10:53/UDP ClusterIP 1 => 10.1.0.53:53/UDP (active)
2 => 10.1.0.132:53/UDP (active)
6 10.3.105.94:2379/TCP ClusterIP 1 => 10.1.1.130:2379/TCP (active)
7 192.168.97.5:32379/TCP NodePort 1 => 10.1.1.130:2379/TCP (active)
8 0.0.0.0:32379/TCP NodePort 1 => 10.1.1.130:2379/TCP (active)
9 10.3.152.190:80/TCP ClusterIP 1 => 10.1.1.147:4245/TCP (active)
10 10.3.76.135:80/TCP ClusterIP 1 => 10.1.1.1:8081/TCP (active)
11 192.168.97.5:31001/TCP NodePort 1 => 10.1.1.1:8081/TCP (active)
12 0.0.0.0:31001/TCP NodePort 1 => 10.1.1.1:8081/TCP (active)
13 10.3.226.229:80/TCP ClusterIP 1 => 10.1.1.31:80/TCP (active) (preferred)
2 => 10.1.1.38:80/TCP (active) (preferred)
3 => 10.0.1.253:80/TCP (active)
4 => 10.0.1.106:80/TCP (active)
East์์ ์ ๊ทผํ์ ๋ East์ ํ๋๊ฐ ์์ผ๋ฉด ๊ทธ์ชฝ์ด (preferred), West์์ ์ ๊ทผํ์ ๋ West์ ํ๋๊ฐ ์์ผ๋ฉด ๊ทธ์ชฝ์ด (preferred)
๋ง์ฝ East์ ํ๋๊ฐ ์์ผ๋ฉด (replicas=0) ์๋์ผ๋ก West์ชฝ ํ๋๋ก ํธ๋ํฝ์ ๋ผ์ฐํ ํ๋ค.
clustermesh-apiserver ํ๋ ์ ๋ณด ํ์ธ
๎ฐ kwest exec -it -n kube-system ds/cilium -c cilium-agent -- cilium node list
Name IPv4 Address Endpoint CIDR IPv6 Address Endpoint CIDR Source
east/east-control-plane 192.168.97.4 10.1.0.0/24 clustermesh
east/east-worker 192.168.97.5 10.1.1.0/24 clustermesh
west/west-control-plane 192.168.97.3 10.0.0.0/24 custom-resource
west/west-worker 192.168.97.2 10.0.1.0/24 local
loopy ๎ฐ ~/cilium-lab๎ฐ
๎ฐ keast exec -it -n kube-system ds/cilium -c cilium-agent -- cilium node list
Name IPv4 Address Endpoint CIDR IPv6 Address Endpoint CIDR Source
east/east-control-plane 192.168.97.4 10.1.0.0/24 custom-resource
east/east-worker 192.168.97.5 10.1.1.0/24 local
west/west-control-plane 192.168.97.3 10.0.0.0/24 clustermesh
west/west-worker 192.168.97.2 10.0.1.0/24 clustermesh
๎ฐ kubectl describe pod -n kube-system -l k8s-app=clustermesh-apiserver
Name: clustermesh-apiserver-5cf45db9cc-qx428
Namespace: kube-system
Priority: 2000000000
Priority Class Name: system-cluster-critical
Service Account: clustermesh-apiserver
Node: east-worker/192.168.97.5
Start Time: Sat, 16 Aug 2025 23:30:05 +0900
Labels: app.kubernetes.io/name=clustermesh-apiserver
app.kubernetes.io/part-of=cilium
k8s-app=clustermesh-apiserver
pod-template-hash=5cf45db9cc
Annotations: <none>
Status: Running
IP: 10.1.1.130
IPs:
IP: 10.1.1.130
Controlled By: ReplicaSet/clustermesh-apiserver-5cf45db9cc
Init Containers:
etcd-init:
Container ID: containerd://ddb88891cf41e7ad9c4a838a3ba15de7a3776b2a22e357ce505614cc99d0b004
Image: quay.io/cilium/clustermesh-apiserver:v1.17.6@sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df
Image ID: quay.io/cilium/clustermesh-apiserver@sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df
Port: <none>
Host Port: <none>
Command:
/usr/bin/clustermesh-apiserver
Args:
etcdinit
--debug
--etcd-cluster-name=clustermesh-apiserver
--etcd-initial-cluster-token=$(INITIAL_CLUSTER_TOKEN)
--etcd-data-dir=/var/run/etcd
State: Terminated
Reason: Completed
Exit Code: 0
Started: Sat, 16 Aug 2025 23:30:24 +0900
Finished: Sat, 16 Aug 2025 23:30:25 +0900
Ready: True
Restart Count: 0
Environment:
CILIUM_CLUSTER_NAME: <set to the key 'cluster-name' of config map 'cilium-config'> Optional: false
INITIAL_CLUSTER_TOKEN: (v1:metadata.uid)
Mounts:
/var/run/etcd from etcd-data-dir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-9r75c (ro)
Containers:
etcd:
Container ID: containerd://1204eedca147df5e7a2a0b2285e73a22de0780fba5e2d69395af6702aa8947b5
Image: quay.io/cilium/clustermesh-apiserver:v1.17.6@sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df
Image ID: quay.io/cilium/clustermesh-apiserver@sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df
Ports: 2379/TCP, 9963/TCP
Host Ports: 0/TCP, 0/TCP
Command:
/usr/bin/etcd
Args:
--data-dir=/var/run/etcd
--name=clustermesh-apiserver
--client-cert-auth
--trusted-ca-file=/var/lib/etcd-secrets/ca.crt
--cert-file=/var/lib/etcd-secrets/tls.crt
--key-file=/var/lib/etcd-secrets/tls.key
--listen-client-urls=https://127.0.0.1:2379,https://[$(HOSTNAME_IP)]:2379
--advertise-client-urls=https://[$(HOSTNAME_IP)]:2379
--initial-cluster-token=$(INITIAL_CLUSTER_TOKEN)
--auto-compaction-retention=1
--listen-metrics-urls=http://[$(HOSTNAME_IP)]:9963
--metrics=basic
State: Running
Started: Sat, 16 Aug 2025 23:30:26 +0900
Ready: True
Restart Count: 0
Environment:
ETCDCTL_API: 3
HOSTNAME_IP: (v1:status.podIP)
INITIAL_CLUSTER_TOKEN: (v1:metadata.uid)
Mounts:
/var/lib/etcd-secrets from etcd-server-secrets (ro)
/var/run/etcd from etcd-data-dir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-9r75c (ro)
apiserver:
Container ID: containerd://42ecb21e07a52347ca92fa60185e017ebd9d70c1daf4cce12b81f9feca665e2c
Image: quay.io/cilium/clustermesh-apiserver:v1.17.6@sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df
Image ID: quay.io/cilium/clustermesh-apiserver@sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df
Ports: 9880/TCP, 9962/TCP
Host Ports: 0/TCP, 0/TCP
Command:
/usr/bin/clustermesh-apiserver
Args:
clustermesh
--debug
--cluster-name=$(CLUSTER_NAME)
--cluster-id=$(CLUSTER_ID)
--kvstore-opt=etcd.config=/var/lib/cilium/etcd-config.yaml
--kvstore-opt=etcd.qps=20
--kvstore-opt=etcd.bootstrapQps=10000
--max-connected-clusters=255
--health-port=9880
--enable-external-workloads=false
--prometheus-serve-addr=:9962
--controller-group-metrics=all
State: Running
Started: Sat, 16 Aug 2025 23:30:27 +0900
Ready: True
Restart Count: 0
Readiness: http-get http://:apiserv-health/readyz delay=0s timeout=1s period=10s #success=1 #failure=3
Environment:
CLUSTER_NAME: <set to the key 'cluster-name' of config map 'cilium-config'> Optional: false
CLUSTER_ID: <set to the key 'cluster-id' of config map 'cilium-config'> Optional: true
ENABLE_K8S_ENDPOINT_SLICE: <set to the key 'enable-k8s-endpoint-slice' of config map 'cilium-config'> Optional: true
Mounts:
/var/lib/cilium/etcd-secrets from etcd-admin-client (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-9r75c (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
etcd-server-secrets:
Type: Projected (a volume that contains injected data from multiple sources)
SecretName: clustermesh-apiserver-server-cert
SecretOptionalName: <nil>
etcd-admin-client:
Type: Projected (a volume that contains injected data from multiple sources)
SecretName: clustermesh-apiserver-admin-cert
SecretOptionalName: <nil>
etcd-data-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-9r75c:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: kubernetes.io/os=linux
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>์ค์ต ํ๊ฒฝ ์ญ์
kind delete cluster --name west && kind delete cluster --name east && kind delete cluster --name center