kubernets cluster built from zero
This paper refers to the kubernetes authoritative guide (5th Edition), refines some places, steps out some pits for everyone, and facilitates everyone's environment construction.
Environmental preparation
Using Vmware workstation in this machine, you can use a 64 bit Centos7 virtual machine as the learning environment. The virtual machine adopts NAT network mode to connect to the external network, and then uses kubedm to quickly install a kubernetes cluster
Minimum configuration:
When the cluster size is 1 ~ 5 nodes, the requirements are as follows.
Master: at least 1coreCPU and 2GB memory. (recommended: 4coreCPU and 16GB memory)
node: at least 1coreCPU and 1GB of memory.
1, Environmental pretreatment
1.1 turn off the firewall
$ systemctl disable firewalld $ systemctl stop firewalld
1.2 disable SELinux (modify the file / etc/sysconfig/selinx, and change SELINUX=enforcing to SELINUX=disabled), so that the container can read the host file system. With Kubernetes' enhanced support for SELinux, the SELinux mechanism can be gradually enabled.
1.3kubeadm also needs to close the swap partition of Linux system, which can be realized by swapoff -a command.
# Temporarily Closed $ swapoff -a # Permanent shutdown # Edit the / etc/fstab file and comment out the swap line
2, Use kubeadm tool to quickly install kubernetes cluster (take CentOS 7 as an example)
2.1 first configure the yum source. Here, use aliyun's Yum source/ The contents of / etc/yum.repo/kubernetes.repo are as follows:
[kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
2.2 then run the yum install command to install kubedm, kubelet, and kubectl
$ yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
2.3 kubelet service will be used by ubeadm to deploy and start the main service of kubernetes in container mode, so kubelet service needs to be started first. Run the systemctl start command to start the kubelet service and set it to start automatically.
$ systemctl start kubelet $ systemctl enable kubelet
2.4 run the kubedm config print init defaults command to obtain the default initialization parameter file:
$ kubeadm config print init-defaults > init.default.yaml
The generated file can be edited and the appropriate configuration can be generated on demand. For example, if you need to customize the warehouse address of the image, the version number of kubernetes to be installed, and the IP address range of the pod.
Save the above contents as init-config.yaml for standby.
2.5 download relevant images of kubernetes
In order to speed up the process of kubedm creating a cluster, you can download the required images in advance. You can view the image list through the kubedm config images list command, for example:
[root@k8s-master ~]# kubeadm config images list k8s.gcr.io/kube-apiserver:v1.22.2 k8s.gcr.io/kube-controller-manager:v1.22.2 k8s.gcr.io/kube-scheduler:v1.22.2 k8s.gcr.io/kube-proxy:v1.22.2 k8s.gcr.io/pause:3.5 k8s.gcr.io/etcd:3.5.0-0 k8s.gcr.io/coredns/coredns:v1.8.4
If you cannot access k8s.gcr.io, you can use the domestic image hosting site for downloading, for example https://a8qh6yqv.mirror.aliyuncs.com , this can be set by modifying the configuration file of Docker service (the default is / etc/docker/daemon.json), for example:
{ "registry-mirrors": [ "https://a8qh6yqv.mirror.aliyuncs.com" ], ............. }
2.6 in addition, Kubernetes sets the cgroup driver to "systemd" by default, while the default value of the cgroup driver of Docker service is "cgroupfs". It is recommended to modify it to "systemd", which is consistent with Kubernetes. Otherwise, kubelet will fail to start. This can be set by modifying the configuration file of Docker service (the default is / etc/docker/daemon.json)
{ "exec-opts": ["native.cgroupdriver=systemd"] ........... }
2.7 then, use the kubedm config images pull command or docker pull command to download the above image, for example:
$ kubeadm config images pull --config=init-config.yaml
After downloading the image, you can install it.
2.7 run the kubedm init command to install the Master node
At this point, the preparations are ready. Run the kubedm init command to install the Master node of Kubernetes, also known as Kuberntes control plane.
If a network timeout is reported, specify the domestic image source when executing kubedm init, for example:
$ kubeadm init --config=init-config.yaml --image-repository=registry.aliyuncs.com/google_containers
# This is the screen display of the previous command ------------------------------------------------------------- # There will be a lot of screen content output, which is omitted here Your Kubernetes control-plane has initialized successfully! -------------------------------------------------------------- kubeadm join 192.168.1.128:6443 --token m4sbu3.xjkly4h9rp66fmxb --discovery-token-ca-cert-hash sha256:8fb55a85059f3eccb126e6613dcb60f98664adac44f2040ef73a9696b7d257eb
2.7.1 if kubedm init runs with an error: [ERROR FileContent – proc sys net bridge NF call iptables]: / proc / sys / net / bridge / bridge NF call iptables contents are not set to 1, the solution is as follows:
$ echo "1" > /proc/sys/net/bridge/bridge-nf-call-ip6tables $ echo "1" > /proc/sys/net/bridge/bridge-nf-call-iptables
2.8 here, a lot of information will be displayed on the screen. If you see the prompt * * "your kubernetes control plane has initialized successfully!" * * it means that the Master node (control plane) has been successfully installed.
Next, you can access the cluster through the kubectl command line tool. Since kubedm uses the CA certificate by default, you need to configure the certificate for kubectl to access the Master.
According to the prompt of successful installation, non root users can copy the admin.conf configuration file to the. kube subdirectory of the HOME directory. The commands are as follows:
$ mkdir -p $HOME/.kube $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config $ sudo chown $(id -u):$(id -g) $HOME/.kube/config
If the user is root, you can also configure kubectl by setting the environment variable KUBECONFIG:
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >>/etc/profile && source /etc/profile
Then you can use the kubectl command-line tool to access and operate the Kubernetes cluster.
For example, to view the ConfigMap list in the namespace Kube system:
[root@k8s-master ~]# kubectl -n kube-system get configmap NAME DATA AGE calico-config 4 5d22h coredns 1 6d17h extension-apiserver-authentication 6 6d17h kube-proxy 2 6d17h kube-root-ca.crt 1 6d17h kubeadm-config 1 6d17h kubelet-config-1.22 1 6d17h
2.9 up to now, the Master node of Kubernetes has been able to work, but there is still no Worker Node in the cluster and there is a lack of container network configuration. Next, to install the Work Node, you need to use the last few lines of prompt information after the kubedm init command is run, including the command to join the node into the cluster (kubedm join) and the required Token.
3, Add the new Node to the cluster
For the addition of new nodes, the system preparation is consistent with the process of installing the Master Node. Carry out the following installation process on each Node host to be installed.
3.1 install kubedm and kubelet (kubectl does not need to be installed on the Node)
$ yum install kubelet kueadm --disableexcludes=kubernetes
Run the systemctl start command to start the kubelet service and set it to start from start:
$ systemctl start kubelet $ systemctl enable kubelet
3.2 join the cluster with the kubedm join command. You can copy the complete command from the successful prompt of installing the Master node, for example:
$ kubeadm join 192.168.1.128:6443 --token m4sbu3.xjkly4h9rp66fmxb --discovery-token-ca-cert-hash sha256:8fb55a85059f3eccb126e6613dcb60f98664adac44f2040ef73a9696b7d257eb
3.3 if you need to adjust other configurations, you can also operate by customizing the configuration file. Obtain the contents of the default configuration through the kubedm configprint join defaults command, and then modify it, for example:
$ kubeadm config print join-defaults >join.config.yaml
3.4 run the kubedm join command to join this Node to the cluster:
$ kubeadm join --config=join.config.yaml
After the Node is successfully added to the cluster, you can confirm that the new Node has been added through the kubectl get nodes command:
[root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master NotReady control-plane,master 67m v1.22.2 k8s-node01 NotReady <none> 2m9s v1.22.2
4, Install CNI network plug-in
4.1 after running kubedm init and join commands, Kubernetes prompts that all nodes are in NotReady state, because CNI network plug-in has not been installed.
[root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master NotReady control-plane,master 67m v1.22.2 k8s-node01 NotReady <none> 2m9s v1.22.2
4.2 there are many choices for CNI network plug-in. For example, select Calico CNI plug-in and run the following command to complete the installation with one click:
$ kubectl apply -f "https://docs.projectcalico.org/manifests/calico.yaml" . created . created . created
4.3 after the CNI network plug-in runs successfully, check the Node again, and its status will be updated to Ready:
[root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master Ready control-plane,master 6d18h v1.22.2 k8s-node01 Ready <none> 6d1h v1.22.2
5, Verify that the Kubernetes cluster is working properly
Run the view Pod command to verify that the Pod of Kubernetes cluster service is created successfully and runs normally:
[root@k8s-master ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE default mysql-5d659d46fd-x2jf6 1/1 Running 2 (4d19h ago) 5d18h default myweb-55f9758ff-6pvn4 1/1 Running 2 (4d19h ago) 4d23h default myweb-55f9758ff-pxgf6 1/1 Running 2 (4d19h ago) 4d23h kube-system calico-kube-controllers-75f8f6cc59-hztxg 1/1 Running 0 131m kube-system calico-node-gwccj 1/1 Running 2 (4d19h ago) 6d kube-system calico-node-pz67g 1/1 Running 2 (4d19h ago) 6d kube-system coredns-7f6cbbb7b8-kwbpq 1/1 Running 0 131m kube-system coredns-7f6cbbb7b8-pbt6v 1/1 Running 0 131m kube-system etcd-k8s-master 1/1 Running 3 (4d19h ago) 6d18h kube-system kube-apiserver-k8s-master 1/1 Running 3 (4d19h ago) 6d18h kube-system kube-controller-manager-k8s-master 1/1 Running 3 (4d19h ago) 6d18h kube-system kube-proxy-2nfw9 1/1 Running 2 (4d19h ago) 6d1h kube-system kube-proxy-w6rxx 1/1 Running 3 (4d19h ago) 6d18h kube-system kube-scheduler-k8s-master 1/1 Running 3 (4d19h ago) 6d18h
If a Pod with a status error is found, you can run the kubectl -- namespace = Kube system describe Pod < Pod_name > command to view the cause of the error. The common cause of the error is that the image download is not completed.
So far, the Kubernetes cluster has been built quickly through kubedm tool.
If the installation fails, you can run the kubedm reset command to restore the host to its original state, and rerun the kubedm init command to install again.
Thanks for watching! River sword from heaven ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha~