kubeadm fast installation k8s cluster (1master+2node)

```This document refers to the document of Mr. a Liang, combined with his own problems, made some modifications, if there is infringement, contact to delete!

kubeadm is one of the official k8s cluster installation methods, and the other is binary installation

Mainly through kubeadm init on the master side and kubeadm join on the node side

1, Environmental preparation

To deploy K8s cluster machine, the following conditions need to be met:
Create three hosts with VMware, as follows:
1. System CentOS7.5
2. Stop swap, turn off firewall and selinux
3. The machines can ping each other and connect to the external network
4. The hardware is expected to require 2G of memory plus 20G of hard disk plus 2 cores of CPU

Turn off firewall:
$ systemctl stop firewalld
$ systemctl disable firewalld

Close selinux:
$ sed -i 's/enforcing/disabled/' /etc/selinux/config 
$ setenforce 0
$ getenforce 

Close swap:
$swapoff -a (temporary)
$vim /etc/fstab ා permanent

Add the corresponding relationship between host name and IP (remember to set the host name):
$ cat /etc/hosts
192.168.31.62 master
192.168.31.64 node1
192.168.31.66 node2

$ hostnamectl set-hostname --static master
$ hostnamectl set-hostname --static node1
 $hostnamectl set hostname -- Static node2 (three machines are set in sequence)

Pass the bridged IPv4 traffic to the iptables chain: (all machines need to execute)
$ cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system

2, Install related software

Kubernetes default CRI (container runtime) is Docker, so install Docker first.

2.1 installing Docker

$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
$ yum -y install docker-ce #You can make the version. I use the latest version by default
$ systemctl enable docker && systemctl start docker
$ docker --version
Docker version 19.03.8, build afacb8b

cat >> /etc/docker/daemon.json   << EOF
{
        "registry-mirrors": ["https://x4lpb8cv.mirror.aliyuncs.com"],
        "exec-opts": ["native.cgroupdriver=systemd"],
        "log-driver": "json-file",
        "log-opts": {
                "max-size": "100m"
        },
        "storage-driver": "overlay2"
}
EOF

2.2 add Alibaba cloud YUM software source

$ cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2.3 installation of kubeadm, kubelet and kubectl

$ yum install -y kubelet kubeadm kubectl  #The version can be made. I use the latest version 1.17.4 by default  
$ systemctl enable kubelet

3, Deploy Kubernetes Master

$ kubeadm init \
  --apiserver-advertise-address=10.1.1.11 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.17.4 \
  --service-cidr=10.2.0.0/16\
  --pod-network-cidr=10.244.0.0/16
    #Note that the two network segments at the back do not overlap with our virtual machine network segments

Because the default pull image address k8s.gcr.io is not accessible in China, here we specify the Alibaba cloud image warehouse address.

Using the kubectl tool:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
$ kubectl get nodes

4, Install Pod network plug in (CNI)

$ wget https://Raw.githubusercontent.com/cores/flannel/master/documentation/kube-flannel.yml
//Modify the following content ා change the warehouse address to a Liang's warehouse address
172         image: lizhenliang/flannel:v0.11.0-amd64
186         image: lizhenliang/flannel:v0.11.0-amd64
$ kubectl apply -f  kube-flannel.yml

5, Join Kubernetes Node

Add a new node to the cluster and execute the kubeadm join command output at kubeadm init (executed by two node nodes):

$  kubeadm join 10.1.1.11:6443 --token 7q4qxh.hn92oxtn1q2jqrbv \
    --discovery-token-ca-cert-hash sha256:e61fb25697a8b99dbfdbb254ef4602c7ffb5e49bee9b9779d9fa1dbdf71cbc2f

6, Test kubernetes cluster

Create a pod in the Kubernetes cluster and verify that it works:

$ kubectl create deployment nginx --image=nginx
$ kubectl expose deployment nginx --port=80 --type=NodePort
$ kubectl get pod,svc
//Waiting for pod running status

//Access address: http://NodeIP:Port (any node can access it)

7, Reset cluster

#If you cannot access it, you can reset the cluster by running the following command on each node
kubeadmin reset  #Input y
rm -rf  ~/.kube/config
systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /etc/cni/
ifconfig cni0 down
ifconfig flannel.1 down
ifconfig docker0 down
ip link delete cni0
ip link delete flannel.1
systemctl start docker

8, Deploy Dashboard

$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
#Ditto, foreign website more than a few times!

By default, Dashboard can only be accessed inside the cluster. Modify the Service to NodePort type and expose it to the outside:

#The node node cannot connect to the API on the master side. To view the container log:
nitializing csrf token from kubernetes-dashboard-csrf secret panic: Get https://10.2.0.1:443/api/v1/namespaces/kubernetes-dashboard/secrets/kubernetes-dashboard-csrf: dial tcp 10.244.0.1:443: i/o timeout
Modify recommended.yaml
 39 spec:
 40 type: nodeport? Add this line
 41   ports:
 42     - port: 443
 43       targetPort: 8443
 44 nodeport: 30001? Add this line
 45   selector:
 46     k8s-app: kubernetes-dashboard
 189     spec:
190 nodeName: Master? Add this line
191       containers:
192         - name: kubernetes-dashboard
193           image: kubernetesui/dashboard:v2.0.0-beta8
 274     spec:
275 nodeName: Master? Add this line
276       containers:
277         - name: dashboard-metrics-scraper
278           image: kubernetesui/metrics-scraper:v1.0.1
$ kubectl apply -f  recommended.yaml
Visit: https://NodeIP:30001 (using Firefox browser)

Create a service account and bind the default cluster admin administrator cluster role:

$ kubectl create serviceaccount dashboard-admin -n kube-system
$ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
$ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

Log in to the Dashboard with the output token.

Tags: Operation & Maintenance Kubernetes Docker yum kubelet

Posted on Mon, 23 Mar 2020 07:35:00 -0400 by jcornett