kubernetes-k8s basic concept and basic component deployment

1, k8s basic concepts

Official documents
https://kubernetes.io/docs/setup/

1.1 why k8s?

Why is it called k8s? Because the kubernetes word is too long. The last 8 letters of K + the last s is called k8s for short

  • Open Source
  • Perfect ecology
  • Standard, specification, large factory endorsement
  • Mainstream & Trend

1.2 docker VS k8s

  • docker (stand-alone)
    • container (Runtime, process)
    • Image (image, consistency, distribution)
    • Registry (unified image management)
  • K8s (cluster)
    • Orchestration
    • Scheduler
    • Scale
    • Abstract (Abstract)

1.3 K8s core components

  • Database (etcd)
  • scheduler
  • Cluster portal (API Server)
  • Controller is the most important
  • Kube proxy

1.4 a simple architecture understanding of k8s

  • Node role (specific task node, container)
    • proxy (responsible for container network)
    • kubelet (responsible for container management)
    • docker (implementation of container function)
  • master role (cluster task scheduling control)
    • API Server (cluster portal)
    • Control Manager (controller, built-in controller to realize functions)
    • scheduler (scheduling, scheduling in nodes)
  • Database (etcd, k8s all information will be stored in the database)

2, Installation deployment

Official website: https://kubernetes.io/docs/home/

  • One or more machines, operating system
  • CentOS7.x-86_x64
  • Hardware configuration: 2GB or more RAM, 2 CPUs or more CPUs, hard disk 30GB or more
  • Network interworking between all machines in the cluster
  • You can access the Internet. You need to pull the image
  • Disable swap partition

2.1 objectives and environmental preparation

  1. Install Docker and kubedm on all nodes (centos7)
  2. Deploy Kubernetes Master
  3. Deploy container network plug-in
  4. Deploy the Kubernetes Node and add the node to the Kubernetes cluster
  5. Deploy the Dashboard Web page to visually view Kubernetes resources
roleIP
k8s-1(master)192.168.1.252
k8s-2(node1)192.168.1.97
k8s-3(node2)192.168.1.49
Turn off the firewall:
$ systemctl stop firewalld
$ systemctl disable firewalld

close selinux: 
$ sed -i 's/enforcing/disable/' /etc/selinux/config  # permanent
$ setenforce 0  # temporary

close swap: 
$ swapoff -a  # temporary
$ vim /etc/fstab  # permanent
#/dev/mapper/centos-swap swap                    swap    defaults        0 0

Set host name:
$ hostnamectl set-hostname <hostname>

stay master add to hosts: 
$ cat >> /etc/hosts << EOF
192.168.1.252 k8s-1-master
192.168.1.97 k8s-2-node1
192.168.1.49 k8s-3-node2
EOF

To be bridged IPv4 Flow transfer to iptables Chain of:
$ cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system  # take effect

Time synchronization:
$ yum install ntpdate -y
$ ntpdate time.windows.com

$ reboot

Install docker and configure acceleration source

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7
systemctl enable docker
cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
systemctl restart docker

2.2 introduction and installation of kubedm, kubelet and kubectl

kubeadm is a tool launched by the official community for rapid deployment of kubernetes clusters.
kubelet works on the node, and its main function is to monitor the usage status of the container
kubectl is mainly used to control the cluster manager

Install kubedm, kubelet and kubectl through alicloud image

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0
systemctl enable kubelet

2.3 initializing the control plane

  • Initialize the first node of the control plane
  • Configure administrator configuration for kubectl command
  • Deploy network plug-ins

Official documents
https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/

kubeadm init \
  --apiserver-advertise-address=192.168.1.252 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.17.0 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16

Parameter analysis

  • – apiserver advertisement address: the ip address of other components. Generally, it should be the Master node, which is used for internal communication of the cluster. 0.0.0 means all available addresses on the node
  • – image repository: Specifies the image repository to use
  • – kubernetes version: the version number of the k8s component should be the same as the kubelet version number
  • – service CIDR: the network address range of the Server. The network address in CIDR format is 10.96.0.0/12 by default
  • – pod network CIDR = address range of pod network, network address in CIDR format. flannel network plug-in defaults to 10.244.0.0. / 16 and calico plug-in defaults to 192.168.0.0/16

Refer to official documents for other parameters

The installation is successful when you see this


token

kubeadm join 192.168.1.252:6443 --token u3oziq.0bzn0c2vtk54rcr6 \
    --discovery-token-ca-cert-hash sha256:afbb4facdd85627a1c6fc56ca11363f3bf5f96ba1c7de820444ecd352c36783f

After k8s the installation is completed, it does not start completely. You need to install a network plug-in to start completely

Installing the flannel network plug-in

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

In case of inaccessibility, download the image package on github, import, modify the kube-flannel.yml configuration file, and install locally

https://github.com/flannel-io/flannel/releases

Restart docker, and k8s components will start automatically with docker

2.4 join the cluster and test

Run the token just generated on the node machine
If you encounter a slow availability of flannel, wait a little longer. If you really can't, download it and import the image for local installation

Create a pod and verify it

kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc

2.5 Dashboard management

Its namespace is created on it. If you want to see its pods, you need to specify this namespace to see it

Dashboard is not open to the public by default
Modify the yeam configuration file and add two configurations

kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard

Access address: http://NodeIP:30001

Enter thissunsafe

Create a service account and bind the default cluster admin administrator cluster role
Copy this token to the browser

kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

token

eyJhbGciOiJSUzI1NiIsImtpZCI6InZWT0lQVk1XYlBWZVIzMXpIZ2tleE01SEtLbTZ2enRPNzI2aW9JZFpXdWMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tODRtbTciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODRjMzhiNTUtMjI1Yi00MTU5LWI2NGUtOWM4MTcyOGFlZDdhIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.b2dhdCALXIOsOjuHhOBTnYiO40XbRA_GiZ2dW9a7u5ej204slBpW2ipCy4HXvJxHy21y2I84-_elfR9DvoLsNJ0ibyCmca13Dh9PYuL_tZsVHejnBf4eVODb3q7TpsPfXE4AY3CR5cB9oBHCzPrY2VMiXKASCO3aINN6vI3L14mYwQGNba1bWti_E1fJ63TaWyLK5FUjH-yEAcAH7VBofIHdOsZrO51rmaTBTw6b0ev91QZ17eZHq9JSqCcDY35wT4f7Wr-LfEP7jKKRF5Q6W02zlh-_VZcnY1Jg-UiKkpsgOKWX6NqlpJxA1VOYlf9RbCyzY8I_TtIafoDX-Zb_2g

Here you can manage some storage volumes, nodes and simple monitoring at the same time

Some problems I encountered

  1. Memory too small
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR Mem]: the system RAM (972 MB) is less than the minimum 1700 MB
        [ERROR KubeletVersion]: the kubelet version is higher than the control plane version. This is not a supported version skew and may lead to a malfunctional cluster. Kubelet version: "1.22.1" Control plane version: "1.21.0"
  1. Open DNET Bridge
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

solve

echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
  1. Swap swap partition is not closed
 [ERROR Swap]: running with swap on is not supported. Please disable swap
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

solve

$ vim /etc/fstab
#/dev/mapper/centos-swap swap                    swap    defaults        0 0
  1. Alicloud k8s component image component error. Use docker pull to pull the image and then click tag to rename
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/coredns:v1.8.4: output: Error response from daemon: manifest for registry.aliyuncs.com/google_containers/coredns:v1.8.4 not found: manifest unknown: manifest unknown
, error: exit status 1

solve

docker pull registry.aliyuncs.com/google_containers/coredns:1.8.4

docker tag registry.aliyuncs.com/google_containers/coredns:1.8.4 registry.aliyuncs.com/google_containers/coredns:v1.8.4
  1. If there is a problem and you need to reinstall k8s, you need to uninstall the k8s configuration file
kubeadm reset -f
modprobe -r ipip
lsmod
rm -rf ~/.kube/
rm -rf /etc/kubernetes/
rm -rf /etc/systemd/system/kubelet.service.d
rm -rf /etc/systemd/system/kubelet.service
rm -rf /usr/bin/kube*
rm -rf /etc/cni
rm -rf /opt/cni
rm -rf /var/lib/etcd
rm -rf /var/etcd
yum clean all
yum remove kube*
  1. kubelet driver problem
kubelet cgroup driver: "systemd" is different from docker cgroup driver: "cgroupfs"

Try to modify

vim /etc/docker/daemon.json
"exec-opts": ["native.cgroupdriver=systemd"]

reference resources

Alibaba cloud developer community - Kubernetes - Shengdong
A Liang Education - Li Zhenliang
Margo Education
Quick Start to Kubernetes

Tags: Docker Kubernetes

Posted on Sat, 20 Nov 2021 04:11:58 -0500 by ztkirby